Wanted: A high-tech FBI

[InfoSec News <isn () c4i org>]

Forwarded from: Bob Adams <bob () globaldevelopment org>

The struggle between security and privacy continues to unfold. 
My biggest concern is found in the final sentence of this report.

Bob Adams
http://www.globaldisaster.org
http://globalangst.blogspot.com


-=-


http://www.jsonline.com/news/editorials/aug02/65298.asp

By CHARLES PILLER and ERIC LICHTBLAU
Milwaukee Journal-Sentinal
Aug. 9, 2002

Since Sept. 11, the FBI has budgeted tens of millions of dollars to
turn its massive collection of computerized case files, memos, tips
and phone intercepts from an investigative black hole into a mother
lode of predictive intelligence.

If the effort succeeds, by Sept. 11, 2004, it will have replaced
today's system - so antiquated and cumbersome that many top FBI
executives have never learned to use it - with a high-tech brain that
instantly culls years of records and eventually will simultaneously
check databanks in other government agencies, public records and the
Internet.

And that's just the beginning.

By Sept. 11, 2011, the FBI hopes to use artificial intelligence
software to predict acts of terror.

The goal is to "skate where the puck's going to be, not where the puck
was," said Robert J. Chiaradio, who until recently oversaw data system
improvements as a top aide to FBI Director Robert S. Mueller III. "We
have to get ourselves positioned for Sept. 10th, not Sept. 12th."

The technology plan reflects a belief that the chief weapon against
terror will not be bullets or bombs. It will be information.

But intelligence experts, computer scientists and civil libertarians
remain skeptical about whether the FBI can - or should - reverse 94
years of entrenched bias in favor of shoe-leather detective work, and
turn itself into high-tech domestic CIA. And they caution that using
databases to foretell acts of terror is still a sci-fi fantasy.

Before Sept. 11, no one had crashed a hijacked plane into a
skyscraper. Before Jan. 27, when a blast ripped through Jerusalem's
commercial district, there had never been a female suicide bomber.

FBI leaders insist that effective data mining - sifting information
from voluminous electronic files - will overcome such obstacles.

They point out that rudimentary data mining has already become
commonplace. Any Internet user can instantly search more than a
billion Web pages for, say, "Middle Eastern flight-training students."
The popular search service Google ranks results by popularity - pages
that receive the most visits and are most-often referenced by other
pages are listed first, which is one formula for making sense of more
information than a person can digest.

But to get there will require sweeping changes. Today at the FBI, a
comprehensive electronic search requires separate checks of 42
databanks of case files, memos, video footage, mug shots and
fingerprints. It's as different from Google as the Web is from
government-issue file cabinets, where 1 billion FBI documents still
reside.

That will soon change, FBI leaders promise. In the next fiscal year
alone, the FBI has requested $76 million to combine and enhance its
databases, on top of $730 million more previously budgeted for
"Trilogy" - code name for a general technology upgrade, the third try
after two failed efforts. The bureau says it will replace paper files
and inefficient text-only electronic databases with a "virtual case
file" system that will allow rapid, Web-browser-like views of video,
photos and sounds.

But that goal remains distant, given the bureau's primitive
technology.

"When I came in I said I wanted it done in a year," Mueller told a
Senate committee in June. Now he estimates two to three years.

Still, within the FBI, Mueller is widely viewed as having a better
grasp of technology than his predecessor, Louis J. Freeh, and greater
drive to make changes - especially after Sept. 11.

"They're on the right track," said Nancy Savage, head of the FBI
Agents' Association. Unlike earlier failed technology efforts, she
said, Mueller has involved field agents in the planning and testing.

As a model, experts point to the Defense Department's Global Command
and Control System, an immensely complex and far-flung system that
analyzes intelligence data, satellite imagery, troop movements,
weapons status and a multitude of other inputs from all over the
world, yet operates efficiently and effectively. Unlike typical
government data systems, built from scratch, the Command and Control
system is built largely from off-the-shelf commercial hardware and
software and took less than two years to build in the mid-1990s.

After the FBI gets its data systems operating, it will try to tie them
to information held in the data banks of other agencies or private
entities that may prove crucial in rooting out terrorists.

For example, by combing different agencies' records, the FBI could
find a person who was denied a visa, took a flying lesson and may be
moving next door to a suspected terrorist. An automated process would
connect the information "for an analyst to say, 'Hey look, here's
three clues,' " Chiaradio said.

That process is technically challenging because it involves many
systems that use incompatible software and divergent methods to label
and organize information.

But similarly connected databases are becoming commonplace in the
corporate world and are gradually being adopted in the intelligence
community, according to private data mining contractors such as
Presearch Inc. and Veridian Corp.

The National Security Agency has linked some 20 disparate databases
containing human intelligence, electronic eavesdropping files,
pictures and sounds using software from Webmethods Inc., said Len
Pomata, a company executive. Pilot projects within NSA and the
Transportation Security Administration are now linking such data to
public records, such as real estate ownership, marriage and death
certificates, he said.

Systems can even be designed to track missing data, said James H.
Vaules, a former FBI executive who heads the National Fraud Center, a
data-mining subsidiary of LexisNexis.

"A lack of information is probably the (biggest) red flag," he said.
"If you are 40 years old and there are no public records on you in
this country, then there's something up - it just doesn't happen."

The FBI has coveted such abilities since the 1980s - investing
substantial time and resources without success, according to officials
familiar with the project.

But data mining developments are beginning to produce predictive
abilities - such as banks scanning credit card purchases for anomalies
that suggest fraudulent transactions.

The FBI says such techniques will pre-empt terrorists.

But systems that make sense of highly varied inputs are still in their
infancy, independent experts say.

For example, the NSA may be able to find a photo of a cargo plane and
an intercepted flight plan but not know what the plane carried, even
if the flight manifest was accessible. Every scanned document, film
clip and photo must be labeled with multiple codes to allow efficient
searches - and to compare data, the labels must be consistent. To a
computer, "occupation" and "employment category" are not necessarily
equivalent.

The scope of that task will be staggering, given the volume of
terrorism materials in question. Prosecutors in the case of Zacarias
Moussaoui, allegedly the 20th Sept. 11 hijacker, declined to print out
discovery material for the defendant, because the documents "would
leave no room for Mr. Moussaoui in his cell and might even consume the
entire jail."

Yet the bureau proposes to sift through thousands of times as much
data as a matter of routine.

Internal spies or inter-agency leaks pose additional security
problems.

"The more people who have access to that information, the surer it is
to leak," said Michael Vatis, founding director of the FBI's cyber
crime unit.

The FBI is seeking pattern-recognition algorithms that can discern
hints of terror from what Jeffrey D. Ullman, professor of computer
science at Stanford University, calls "the soup of billions of
possible coincidences."

Instead of needing the right question, an analyst would merely say
"show me something out there that looks odd," and get, say, a report
about an influx of Middle Eastern men in flight training, he said.

But anticipating acts of terror by sorting billions of records with
unknown relevance to unknown future attackers is incomparably more
difficult than detecting credit card fraud.

Ullman called predictive data mining "one of the fundamental research
problems of the age," comparing it to the Manhattan Project that
produced the atomic bomb during World War II. He said it would require
an investment of at least $1 billion to accomplish the ultimate goal -
"preventing a terrorist group from carrying a nuclear bomb into this
country and setting it off."

Meanwhile, President Bush has slated the FBI's cybercrime unit to move
to the new Homeland Security Department.

"That would be major loss to the FBI," said Vatis, the unit's founder.
"One of things we were successful doing was building a cadre of
technical expertise both in headquarters and in the field offices."

Members of Congress have grown impatient over missteps on far-less
ambitious projects than today's proposals. Fingerprint computers and
other law enforcement data systems have cost more than $1.7 billion
since 1993 - yet still don't operate reliably.

Testifying before the Senate Judiciary Committee earlier this month,
Sherry Higgins, the FBI's project management executive, acknowledged
that "the problems didn't occur overnight and they won't be fixed
overnight either. That is because it is more important to get it right
and know that we have the systems and capabilities that precisely fit
our mission, as well as cure past problems."

Despite repeated requests from the Times, the FBI was unable or
unwilling to detail its plans for technology spending, or to clarify
the relationships between its many technology projects.

Civil libertarians charge that the FBI faces a crisis of competence
that sophisticated new technology will only exacerbate, more deeply
burying the bureau in information.

"The buck really stops at the FBI for their failure to properly
analyze the information they had before Sept. 11," said Marc
Rotenberg, executive director of the Electronic Privacy Information
Center, the advocacy group that obtained the FBI documents.

FBI executives agree that there should be some limit on database
surveillance. But they insist that a national crisis warrants a shift
in the balance between security and privacy.

Yet no matter how careful the FBI is, it faces a larger question about
the accuracy of records.

"Garbage in, garbage out," the old computer adage goes.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.