The Department of Homeland Security’s terrorist watch list is practically useless. Now bulging at 755,000 names, 20,000 new records names are added to the Terrorist Screening Database (TSDB) each month. With the 1,000,000 mark close at hand, the watch list is now unreliable.
The signal-to-noise ratio is enormous, since terrorist organizations are very small. Al Qaeda in 2001 had only 200 members. Larger terrorist organizations, such as Hezbollah, may only have a few thousand “fighters,” many of whom are soldiers and militia, not terrorists. Just so that we don’t forget the threat of domestic terrorism, only a handful of people were responsible for the horrific Oklahoma City bombing, the most lethal act of terrorism in the United States before the 9/11 attacks. Tragically, for every new Mohammed Atta on the list, there are hundreds of people who should not be included at all, and only confuse efforts to deal with any real terrorist threats.
The problems with the list are infuriating on many levels, not least of which is that they are preventable. The challenges of building the watch list are the same “information management” problems that private corporations face every day. Through a combination of widely-available software, technical veterans who have experience solving the problems, and a generous amount of leadership and urgency, corporations clean up their databases of “mission critical” information far more quickly and successfully. Since the terrorist watch list is at least as important as the customer data for AT&T and Cingular, the American public should be demanding an answer to the question, “What the hell happened?”
Making a list
The terrorist watch list is, to use a tired but accurate phrase, “the first line of defense” in counterterrorism. The Atta cell succeeded because its opponent, the US government, failed to put together a complete picture of its activities (or, in some cases, even its existence). Those who did have key pieces of information either did not recognize their significance, or lacked the ability to get the right people to act on it.
To avoid future terrorist attacks, the watch list is the critical product of knowing who are terrorist leaders and operatives, where they are, and what they are doing. To avoid another 9/11, we don’t necessarily need to broaden the federal government’s license to eavesdrop (which can create a different form of information overload), or invade any more countries. We do need key decision-makers to recognize that this person who learned how to fly a plane, but not how to land, has a real connection to that person, who belongs to an organization that tried to crash an airliner into the Eiffel Tower.
Checking it twice
The watch list is, obviously, stuffed with “false positives,” people who should not have been identified as terrorists. They’re on the list for a variety of reasons: they have names similar to real terrorists; they have some glancing social, professional, or familial connection to a suspected terrorist; someone falsely accused them of being a member of a terrorist organization, or “linked” to it in some vague fashion. These errors feed off each other: people connected to a person falsely accused of being a terrorist fall under the same cloud of suspicion.
Tragically, the list has also omitted people who should have been on it. During the tedious review of just 2,686 records, workers from the FBI’s new Terrorist Screening Center found eight people who should have been flagged as high risk. (They also found 2,118 who should never have been on the list in the first place.) Twenty terrorists were missing from a key report generated for the decision-makers who need to act immediately on any possible terrorist threat. The risk of “omission by confusion” is high, since the decision-makers who receive the list are naturally skeptical of it.
Who’s naughty or nice?
So why is the list a mess? One of the main problems is the novelty of having a single list.
The 9/11 attacks demonstrated, in the worst possible way, that the era of data Balkanization, in which every government agency maintained separate information needed to combat terrorism, had to come to an end. The FAA, FBI, NSA, and other agencies might still have their separate databases, which were needed for more than just identifying and tracking suspected terrorists. At a minimum, these agencies needed to contribute their pieces of the counterterrorism puzzle to someone who would assemble it, and make sure that the right people were looking at it.
That responsibility fell to the Justice Department. In 2003, George W. Bush directed Attorney General to “establish an organization to consolidate the Government's approach to terrorism screening and provide for the appropriate and lawful use of Terrorist Information in screening processes.” Confusingly, the Department of Homeland Security also had a role, to “develop guidelines to govern the use of such information to support State, local, territorial, and tribal screening processes, and private sector screening processes that have a substantial bearing on homeland security.”
Something obviously went very, very wrong with this arrangement. Six years after the 9/11 attacks, the US government has not built a single, reliable database of suspected terrorists. While we spend billions of dollars each month in Iraq, the real “first line of defense” has collapsed.
NEXT: How private corporations handle information management challenges faster and better than the US government.
Comments