The TIA and fighting terrorism

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Marc Hedlund <marc () precipice org>
Date: Tue, 10 Dec 2002 14:13:11 -0800 (PST)
To: Dave Farber <dave () farber net>
Subject: The TIA and fighting terrorism


Dave,

This is for IP if you want.  It is also available at
<http://www.oreillynet.com/pub/wlg/2411>.  It was originally written in
response to a thread on Politech about TIA.

Marc

----

The criticism I would make of Total Information Awareness (TIA) and
the Department of Homeland Security (DHS) in general is that they are
agressively centralized solutions to an agressively decentralized
problem. I would feel better about our government's efforts to fight
terrorism if I heard much more discussion of decentralized solutions,
and an economic and organizational plan that blended centralized and
decentralized approaches to the problems of terrorism. We need to talk
about state and local solutions, not just Federal solutions.

The vast majority of discussion around government response to 9/11 has
framed the question as, "How can we change the Federal government to
prevent terrorist attacks?" The DHS is a Federal entity composed
largely of existing Federal entities. Its efforts, and likewise the
Pentagon's TIA proposal, have (in public discussion at least) been
described as aiming to ensure information is shared between sources,
analyzed at a single desk, and acted upon by a central enforcement
agency. In other words, these efforts aim to centralize information
about potential terrorist acts.

Certainly these are approaches worth using. The INS sending Mohammed
Atta a letter to his Florida address months after 9/11 can only
provoke a wish for a better head on the shoulders of our national
bureaucracy. But do we really believe that terrorists -- who
presumably have heard about the DHS -- will act in the future in any
way that would trigger DHS or TIA attention?

We know these terrorists are determined and willing to spend enormous
time and resources preparing a plan. Terrorist groups, we're told,
plant "sleeper cells" in our country years before an intended attack,
and these cells work strenuously to avoid detection or contact with
other cells. Assume that we go ahead with a TIA-type program, or even
just the DHS as planned, and that we are now able to monitor and
correlate border entries, large cash transfers, anomalous airline
ticket purchases, and whatever other data might alert a central
authority of terror plans. Does this really prevent terrorism? Do we
believe that no terrorist could ever enter the country without
creating a record, bring gold or drugs or something else to convert to
cash on the black market, buy a round-trip ticket rather than a
one-way ticket, and so forth? It seems obvious that even if
centralized data collection, analysis, and response help the problem,
they certainly do not solve the problem. A determined attacker -- as
the 9/11 attackers certainly were -- will do what it takes to avoid
TIA triggers.

Furthermore, is it really the best thing for the country for the FBI,
the CIA, and now the DHS to focus so intently on preventing terrorism
from Washington? I was taken aback to read in the November 21st New
York Times that

  ...the <[FBI]>'s commitment to nonterrorism cases that were once
  staples of the bureau dropped significantly in the months after the
  Sept. 11 attacks. The number of agents working narcotics cases
  dropped 45 percent, bank fraud cases dropped 31 percent and bank
  robbery investigations dropped 25 percent, according to the Justice
  Department figures, even though the number of reported crimes in
  some cases went up.

I can only wonder what has happened to the CIA in parallel. The FBI
existed for good reason prior to 9/11 -- fought serious and difficult
crimes prior to 9/11 -- and yet it is now being criticized roundly for
not dropping its earlier priorities more quickly and
completely. (Senator Charles Grassley of Iowa was quoted in the same
article as saying, "Old habits die hard at the FBI.") We are
debilitating the prevention of crimes that not only still occur, but
are increasing. Who will take up fighting these crimes if not the FBI?
Probably state and local law enforcement.  Let's look at that for a
moment. Prior to the Millenium celebrations, a truck filled with
bomb-making equipment was stopped at a ferry crossing in Port Angeles,
Washington, and this probably prevented a serious attack. While the
person who stopped the truck was a Federal employee (a Customs
Inspector), the reason for the stop was not a centralized database nor
an alert from a centralized agency. Instead, the driver was stopped
because he seemed suspicious. An individual acted on a hunch,
investigated, and stopped an attack. We should learn from this, and
we're not.

Rather than focusing exclusively on centralizing, we also need to
concentrate resources on training local law enforcement officers how
to better spot and combat terrorism; that is, how to be more like the
Port Angeles Customs Inspector. Rather than sucking all possible data
sources into the Pentagon or the DHS, we could distribute knowledge to
the local -- far more numerous -- law enforcement resouces who are far
more likely to be able to prevent terrorism. How do you interview
someone seeking admission to the country, or to a sports arena? What
are the signs of lying that may be visible in facial expressions or
demeanor? What set of purchases might signal an attempt to build a
bomb? What are the little details a carefully-trained eye might be
able to piece into detection of a terrorist? This is what I mean by a
decentralized approach. Move the effort to the more massive, more
distributed, more intuitive body of law enforcement coming into daily
contact with the same terrorist cells trying so hard to look
normal. If sleeper cells lie dormant for years, local police will very
likely encounter at least one member of the cell in that time. Don't
we want those police officers to know what questions to ask that might
detect the cell?

We could be taking this approach, but we're not. We could be improving
the ability of local law enforcement to detect terrorism -- but
instead we're degrading that ability, since we're shifting the FBI's
traditional crime-fighting work onto local resources. The one method
that has actually prevented a terrorist attack on US soil is not being
used, and is instead being inhibited. We are focusing on centralizing
intelligence and resources when instead -- or at least in addition --
we should be decomposing, distributing, decentralizing.

I'm not suggesting, obviously, that the Federal government has no
role, nor a minimal role. Watch lists and signals intelligence and
data warehousing almost certainly are key tools for fighting
terrorism. But before we go too far in creating (or trying to create)
a grand unified database of all electronic transactions, maybe we
should think first about whether this is a problem best solved by
brute force data analysis, or a smart cop on the street.

Marc Hedlund 
e: marc at precipice dot org


------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/