t4 b2 baker- stewart fdr- entire contents- memo- technology challenges for the near future 158

8/14/2019 T4 B2 Baker- Stewart Fdr- Entire Contents- Memo- Technology Challenges for the Near Future 158

1/7

pn^Technology Challenges for the Near Future //rvtA

Here are a set of capabilities that the federal government can and should develop inthe near term (less than five years) for bringing our data processing capabilities tobear on the problem of terrorism. These capabilities focus principally on the use ofdata currently in private hands to allow civil authorities to identify and pursuesuspected terrorists within our borders. M\f these capabilities are achievablewith resources and technology now available or in development. Indeed, many arecurrently in use by private industry today. Their use in an integrated fashion couldenhance our safety in a fashion consistent with current law while also takingaccount of understandable concerns about privacy and civil liberties Privacyconcerns that go beyond the protections of current law should not be addressed notby denying the government the ability to use technology or by imposing new legalrestrictions on government investigations of terrorism, but by using technology toenforce accountability and to reduce or eliminate access to data unrelated toterrorism. Proposals for the use of technology in this way are being prepared byother task forces.

Challenge 1.a. When a counterterrorism agency learns for the first time the name of asuspected terrorist inside the United States, it should be able to conduct a search to

locate that person in real time, using phone listings (published and unpublished),DMV records, credit and banking records, and travel reservations. Within 30seconds, the counterterrorism agency should also be able to access any U.S. andinternational financial records associated with the suspect.

b. Once the suspect is identified and located, counterterrorism officersshould be able to identify likely associates of the suspect witriin130 seconds, usingshared addresses, records of phone calls to and from the suspect's phone, emails toand from the suspect's accounts, financial transactions, travel reservations, andcommon memberships in organizations, including with appropriate safeguardsreligious and expressive organizations.Rationale:


2/7

On August 26, 2001, two weeks before the hijackings, the FBI receivedunequivocal word that two of the hijackers were in the country and were associatedwith a "major league killer" in al-Qaeda. Despite having two weeks to find themand their associates, the FBI failed. There were two principal reasons for thisfailure. The first was an unwillingness to use law enforcement resources in thesearch due to the demands of the "wall" between law enforcement and intelligence,both inside and outside the Bureau. The second was an inadequate technicalcapability that made tracking the two hijackers difficult, despite the fact that theywere living under their own name, had DMV identity cards, and shared a variety ofphone and travel information with their air carriers. They were, in short, eminentlyfindable. And once found, a search of other private databases would have turnedup links to many of the other hijackers. Done promptly, such searches might havestopped the attacks. It may be inappropriate to blame the government for nothaving in place a system for finding a conspiracy with such an unexpected goal.But al-Qaeda' s goals are no longer unexpected, and next time we will not have twoweeks. The government must implement procedures that will at aminimumprevent the failures of the past. That is not enough. But it is the first thing thatmust be done.The technology to meet these challenges is already in existence. Indeed, versionsof the technology are already in use in some industries, such as gambling. Thetechnical challenge, which cannot be underestimated, is to bring the capabilities ofcounterterrorism agencies up to the capabilities of private industry, so thatAmerican lives receive the same protection as the business interests of the privatesector.The challenge includes a requirement that investigators be able to use informationabout membership in organizations, including religious and expressiveorganizations. Denying investigators access to such information is not the answerto civil liberties concerns. The American commitment to equality is not violatedby observing that many of the 1993 World Trade Center bombers were linkedthrough a common religious leader. Nor is it a violation of civil liberties to noticethat those who belong to an organization advocating "Death to America" are morelikely to be planning the deaths of particular Americans than members of anorganization devoted to highwaybeautification. At the same time, it is possible tomisuse such information. Safeguards should be designed against improper accessto such information - "pretext" searches and the like. Safeguards should also bedesigned to discourage improper use of the information. These safeguards mayinclude careful authentication of users, audits of the data accessed, and scrutiny ofunusual search patterns by users of the system. 4

- 2 -


3/7

Challenge 2.When the government develops a credible new concern about a possible terroristmethodology ~ the use of existing HazMat trailer loads in suicide attacks, say, orscuba attacks on particularly vulnerable tankers, or learning to fly planes intobuildings ~ it should be able to conduct virtual background checks within less thanan hour on lists of persons associated with the activity. That is, once provided witha list of HazMat driver license holders or scuba divers or flight school students, itshould be possible to promptly scan the backgrounds of that population for otherindicia of concern, such as travel, origin, or cornmunicationsvwjlh foreign countriesthat are sources of terrorism, association with other terrorism suspects, and the like.Rationale:As with the first challenge, this grows out of the circumstances of September 11.A suspicious FBI agent in Phoenix raised the possibility that terrorist suspects weredisproportionately enrolling in flight schools. No search was performedof flightschool records, perhaps for fear of charges of ethnic or religious profiling butlargely because of the difficulty of conducting rapid, efficient searches to testhypotheses about possible terrorist plots. While such a hypothesis is not a basis forassembling files on every scuba diver in the country, a review that located andflagged scuba divers who have overstayed a Yemeni visa and have bank accountsreplenished regularly from foreign sources is an important capability that should beavailable on a decentralized basis so as to allow decentralized hypothesis-testingby agents in the field.The ability to conduct a "virtual background investigation" on individuals - mostof whom will have nothing to do with terrorism - also requires safeguards. Inaddition to accountability safeguards of the sort identified above, it would beprudent to design systems that maintain practical anonymity for the subjects ofsuch reviews. That is, it should be possible to conduct a background investigationof hazmat license holders without maintaining or even allowing human review ofthe information unless the investigation turns up other indicia of concern, such asthe factors described above.Identifying the indicia of concern is not a simple or a one-time matter. Extensivecontacts with Middle Eastern countries, an attachment to Islamic fundamentalism,and unexplained foreign travel are all indicia of concern today and for theforeseeable future, but as al-Qaeda steps up its nontraditional recruiting to avoid

-3-


4/7


5/7

police had several interactions with the September 11 hijackers while they were inthe United States. Assuming that we are doing a better job of identifying suspectsthat have entered the US, local police are the most likely to encounter the suspects.Integrating local police identity checks and federal suspect lists is thus a priority.While providing access to counterterrorism databases is a challenge, it is nottechnically demanding. Here, the more difficult problem will be to build thesafeguards. A single database that can be accessed by every law enforcementagency in the country will not likely be secure and thus will not likely contain themost important and sensitive information. An effective system must, therefore,include strong safeguards to ensure accountability, audits, pattern reviews ofsearches, and similar protections. The good news about this challenge is that thesame technical capabilities that must be developed to meet the challenge can alsobe used to prevent other forms of misuse, including abuses of civil liberties andprivacy.

Challenge 5.The government should have a single list of terrorism suspects, not several listsassembled by different agencies for different purposes, and the list should beupdated in an accountable fashion on a real-time basis.Rationale:

^Once again, the most difficult challenge here may turn out to4>e the problem ofmaintaining a highly sensitive list without having its contents end up on bulletinboards in every Customs back office. The safeguards designed to make sure thelist is not accessed directly or improperly may also serve privacy interests.Other challenges concern the problem of how to avoid being swamped with falsepositives. These can call the system into disrepute while also blowing its security.(It is safe to say that every David Nelson in the country knows that one of them is asuspected terrorist.) Safeguard mechanisms are likely to include an ability to storeadditional information on people who show up regularly as false positives, so thatthe same list of questions and background checks are not needed to conclude thatthe person is not in fact a suspect.

Challenge 6.

c


6/7

The government should be able to identify false identities in real time throughimmediate access to death records for individuals (usually children dying young)whose identities might be used to generate a false identity and "flagging" ofimprobable data patterns such as the opening of a bank account by a 35-year-oldwith no prior record of transactions, credit cards, or employment.Rationale:[We need to check one contributor's memory that this is how they caught the badguy in "Day of the Jackal." If so, it's embarrassing that we still haven't automatedthe capability - or haven't caught upwith theFrench.]

Challenge 7.The government should be able to search in real-time records showing the statusand locations of foreign students, prospective and former students, researchassistants, and teachers in programs raising terrorism concerns.Rationale:Many of the hijackers of September 11 came to the United States on student visas.But many student visa holders do not show up, or soon abandon their studies, oroverstay their visas. Equally of concern may be the students who are here to learnskills that will be used to kill Americans.Challenge 8.The government should be able to respond to reports of a particular mode of attack(e.g., a plan to use chlorine tanker trucks to attack office buildings in several cities)by gaining access within four hours to private sector data relating to the statusofthat mode (e.g., to obtain available information from industry sources about thelocation, status, drivers, and contact information for chlorine tankers).s iRationale: xKThis challenge assumes that counterterrorism agencies will have to guard against aspecific threat without knowingwho will carry out the threat. In many cases, itwill be possible to locate all sources of threat much more quickly than four hours.Presumably, it the government had been aware that a suicide hijacking wasplanned for the immediate future, the FAA would have been able to identify allflights planned for September 11, 2001 in less than four hours. But not all

-6-


7/7

industries are as regulated as the airline industry, and elaborate information sharingmechanisms are not likely to be cost-effective in the absence of a particular threat.Instead, the government needs standby mechanisms for rapidly gaining access tosuch information when a particular threat is identified. This means tools, links,and knowledge about the kinds of data maintained by chemical companies, nuclearplants, truckers, petroleum companies, railroads, and the like. The governmentalso needs a mechanism for keeping these tools, links, and knowledge up to date.

-7-

t4 b2 baker- stewart fdr- entire contents- memo- technology challenges for the near future 158

Documents