[ISN] Wanted: A high-tech FBI

From: InfoSec News (isnat_private)
Date: Wed Aug 14 2002 - 02:34:21 PDT

  • Next message: InfoSec News: "Re: [ISN] Bug Finders: Should They Be Paid?"

    Forwarded from: Bob Adams <bobat_private>
    The struggle between security and privacy continues to unfold. 
    My biggest concern is found in the final sentence of this report.
    Bob Adams
    Milwaukee Journal-Sentinal
    Aug. 9, 2002
    Since Sept. 11, the FBI has budgeted tens of millions of dollars to
    turn its massive collection of computerized case files, memos, tips
    and phone intercepts from an investigative black hole into a mother
    lode of predictive intelligence.
    If the effort succeeds, by Sept. 11, 2004, it will have replaced
    today's system - so antiquated and cumbersome that many top FBI
    executives have never learned to use it - with a high-tech brain that
    instantly culls years of records and eventually will simultaneously
    check databanks in other government agencies, public records and the
    And that's just the beginning.
    By Sept. 11, 2011, the FBI hopes to use artificial intelligence
    software to predict acts of terror.
    The goal is to "skate where the puck's going to be, not where the puck
    was," said Robert J. Chiaradio, who until recently oversaw data system
    improvements as a top aide to FBI Director Robert S. Mueller III. "We
    have to get ourselves positioned for Sept. 10th, not Sept. 12th."
    The technology plan reflects a belief that the chief weapon against
    terror will not be bullets or bombs. It will be information.
    But intelligence experts, computer scientists and civil libertarians
    remain skeptical about whether the FBI can - or should - reverse 94
    years of entrenched bias in favor of shoe-leather detective work, and
    turn itself into high-tech domestic CIA. And they caution that using
    databases to foretell acts of terror is still a sci-fi fantasy.
    Before Sept. 11, no one had crashed a hijacked plane into a
    skyscraper. Before Jan. 27, when a blast ripped through Jerusalem's
    commercial district, there had never been a female suicide bomber.
    FBI leaders insist that effective data mining - sifting information
    from voluminous electronic files - will overcome such obstacles.
    They point out that rudimentary data mining has already become
    commonplace. Any Internet user can instantly search more than a
    billion Web pages for, say, "Middle Eastern flight-training students."
    The popular search service Google ranks results by popularity - pages
    that receive the most visits and are most-often referenced by other
    pages are listed first, which is one formula for making sense of more
    information than a person can digest.
    But to get there will require sweeping changes. Today at the FBI, a
    comprehensive electronic search requires separate checks of 42
    databanks of case files, memos, video footage, mug shots and
    fingerprints. It's as different from Google as the Web is from
    government-issue file cabinets, where 1 billion FBI documents still
    That will soon change, FBI leaders promise. In the next fiscal year
    alone, the FBI has requested $76 million to combine and enhance its
    databases, on top of $730 million more previously budgeted for
    "Trilogy" - code name for a general technology upgrade, the third try
    after two failed efforts. The bureau says it will replace paper files
    and inefficient text-only electronic databases with a "virtual case
    file" system that will allow rapid, Web-browser-like views of video,
    photos and sounds.
    But that goal remains distant, given the bureau's primitive
    "When I came in I said I wanted it done in a year," Mueller told a
    Senate committee in June. Now he estimates two to three years.
    Still, within the FBI, Mueller is widely viewed as having a better
    grasp of technology than his predecessor, Louis J. Freeh, and greater
    drive to make changes - especially after Sept. 11.
    "They're on the right track," said Nancy Savage, head of the FBI
    Agents' Association. Unlike earlier failed technology efforts, she
    said, Mueller has involved field agents in the planning and testing.
    As a model, experts point to the Defense Department's Global Command
    and Control System, an immensely complex and far-flung system that
    analyzes intelligence data, satellite imagery, troop movements,
    weapons status and a multitude of other inputs from all over the
    world, yet operates efficiently and effectively. Unlike typical
    government data systems, built from scratch, the Command and Control
    system is built largely from off-the-shelf commercial hardware and
    software and took less than two years to build in the mid-1990s.
    After the FBI gets its data systems operating, it will try to tie them
    to information held in the data banks of other agencies or private
    entities that may prove crucial in rooting out terrorists.
    For example, by combing different agencies' records, the FBI could
    find a person who was denied a visa, took a flying lesson and may be
    moving next door to a suspected terrorist. An automated process would
    connect the information "for an analyst to say, 'Hey look, here's
    three clues,' " Chiaradio said.
    That process is technically challenging because it involves many
    systems that use incompatible software and divergent methods to label
    and organize information.
    But similarly connected databases are becoming commonplace in the
    corporate world and are gradually being adopted in the intelligence
    community, according to private data mining contractors such as
    Presearch Inc. and Veridian Corp.
    The National Security Agency has linked some 20 disparate databases
    containing human intelligence, electronic eavesdropping files,
    pictures and sounds using software from Webmethods Inc., said Len
    Pomata, a company executive. Pilot projects within NSA and the
    Transportation Security Administration are now linking such data to
    public records, such as real estate ownership, marriage and death
    certificates, he said.
    Systems can even be designed to track missing data, said James H.
    Vaules, a former FBI executive who heads the National Fraud Center, a
    data-mining subsidiary of LexisNexis.
    "A lack of information is probably the (biggest) red flag," he said.
    "If you are 40 years old and there are no public records on you in
    this country, then there's something up - it just doesn't happen."
    The FBI has coveted such abilities since the 1980s - investing
    substantial time and resources without success, according to officials
    familiar with the project.
    But data mining developments are beginning to produce predictive
    abilities - such as banks scanning credit card purchases for anomalies
    that suggest fraudulent transactions.
    The FBI says such techniques will pre-empt terrorists.
    But systems that make sense of highly varied inputs are still in their
    infancy, independent experts say.
    For example, the NSA may be able to find a photo of a cargo plane and
    an intercepted flight plan but not know what the plane carried, even
    if the flight manifest was accessible. Every scanned document, film
    clip and photo must be labeled with multiple codes to allow efficient
    searches - and to compare data, the labels must be consistent. To a
    computer, "occupation" and "employment category" are not necessarily
    The scope of that task will be staggering, given the volume of
    terrorism materials in question. Prosecutors in the case of Zacarias
    Moussaoui, allegedly the 20th Sept. 11 hijacker, declined to print out
    discovery material for the defendant, because the documents "would
    leave no room for Mr. Moussaoui in his cell and might even consume the
    entire jail."
    Yet the bureau proposes to sift through thousands of times as much
    data as a matter of routine.
    Internal spies or inter-agency leaks pose additional security
    "The more people who have access to that information, the surer it is
    to leak," said Michael Vatis, founding director of the FBI's cyber
    crime unit.
    The FBI is seeking pattern-recognition algorithms that can discern
    hints of terror from what Jeffrey D. Ullman, professor of computer
    science at Stanford University, calls "the soup of billions of
    possible coincidences."
    Instead of needing the right question, an analyst would merely say
    "show me something out there that looks odd," and get, say, a report
    about an influx of Middle Eastern men in flight training, he said.
    But anticipating acts of terror by sorting billions of records with
    unknown relevance to unknown future attackers is incomparably more
    difficult than detecting credit card fraud.
    Ullman called predictive data mining "one of the fundamental research
    problems of the age," comparing it to the Manhattan Project that
    produced the atomic bomb during World War II. He said it would require
    an investment of at least $1 billion to accomplish the ultimate goal -
    "preventing a terrorist group from carrying a nuclear bomb into this
    country and setting it off."
    Meanwhile, President Bush has slated the FBI's cybercrime unit to move
    to the new Homeland Security Department.
    "That would be major loss to the FBI," said Vatis, the unit's founder.
    "One of things we were successful doing was building a cadre of
    technical expertise both in headquarters and in the field offices."
    Members of Congress have grown impatient over missteps on far-less
    ambitious projects than today's proposals. Fingerprint computers and
    other law enforcement data systems have cost more than $1.7 billion
    since 1993 - yet still don't operate reliably.
    Testifying before the Senate Judiciary Committee earlier this month,
    Sherry Higgins, the FBI's project management executive, acknowledged
    that "the problems didn't occur overnight and they won't be fixed
    overnight either. That is because it is more important to get it right
    and know that we have the systems and capabilities that precisely fit
    our mission, as well as cure past problems."
    Despite repeated requests from the Times, the FBI was unable or
    unwilling to detail its plans for technology spending, or to clarify
    the relationships between its many technology projects.
    Civil libertarians charge that the FBI faces a crisis of competence
    that sophisticated new technology will only exacerbate, more deeply
    burying the bureau in information.
    "The buck really stops at the FBI for their failure to properly
    analyze the information they had before Sept. 11," said Marc
    Rotenberg, executive director of the Electronic Privacy Information
    Center, the advocacy group that obtained the FBI documents.
    FBI executives agree that there should be some limit on database
    surveillance. But they insist that a national crisis warrants a shift
    in the balance between security and privacy.
    Yet no matter how careful the FBI is, it faces a larger question about
    the accuracy of records.
    "Garbage in, garbage out," the old computer adage goes.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Aug 14 2002 - 05:34:40 PDT