On the bucolic grounds of the FBI’s campus in Clarksburg, W.V., stands an architectural marvel sometimes jokingly called the Taj Mahal. Inside is a repository of identity data, mostly fingerprints, on 110 million people – criminals, terrorists and suspected terrorists. It was here, eight years ago, that a heated internal debate took place on the subject of whether and how to share fingerprint records across federal agencies.
Collecting fingerprints in Afghanistan. Credit: U.S. Defense Dept.
Attending were representatives from the Departments of Defense and State and the recently created US-VISIT, an office of the Department of Homeland Security with a mission to use biometrics to keep terrorists from breezing through legal entry points, as they had before the Sept. 11, 2001 attacks.
US-VISIT came to Clarksburg with a demand: Share the fingerprint records of the Iraqis, Afghans and foreign fighters encountered by U.S. troops. Defense officials were reluctant to do that. The records were scattered among numerous databases, some of them highly classified, recalled a participant at the meeting. US-VISIT played its trump card: If there were an attack inside the U.S. and it turned out the Defense Department unwittingly possessed the attackers’ fingerprints, but hadn’t shared them, the Defense Department would be responsible. Voices were raised. Finally, the Army’s intelligence representative slammed his fist on the table. The records would be shared, but the process would turn out to be less than elegant and very incomplete.
The meeting was nevertheless significant because it set a precedent for sharing the troves of prints and names gathered by U.S. troops. Some of the prints came from detainees, but more often they were gathered through incentives or coercion – civilians had to submit to fingerprinting to re-enter Fallujah, Iraq, after the coalition offensive there, for example.
Flash forward, and not much has changed about the sharing process. It's gone from handing off data tapes to manually uploading records via file transfer protocol. The system is kluged together with stop gaps to prevent the wrong people from getting visas or walking through customs. The Clarksburg meeting wasn't the victory it seemed, but since November a group of underdogs at US-VISIT has been pushing to unlock millions of military fingerprint records by establishing an automated connection with the military’s repository.
It won’t be easy. US-VISIT’s parent agency, the Department of Homeland Security, hasn’t embraced the plan, and there's sequestration to deal with. On top of that, even after the Clarksburg meeting, the military continued collecting millions of records in a format incompatible with US-VISIT’s fingerprint repository.
If US-VISIT can overcome those obstacles, consulate and border protection officers would be able to query a set of fingerprints across the military’s records in real time. They would know, for example, if the person submitting his fingerprints for a visa application gave a different name when troops collected his prints. Odds of handing a visa to a dangerous person would be reduced because no one would be waiting for ftp files to be uploaded. Today, those consulate and border officers can query against an 800,000-record watchlist provided by the Defense Department. They can’t search against the balance of the 9.5-million records in the military repository.
The country’s array of biometric databases is complicated, to put it mildly. US-VISIT’s repository, called IDENT, is connected to the FBI's repository but not directly to the military's. Only the FBI repository is fully connected. The FBI’s repository is located in Clarksburg and is called IAFIS for the Integrated Automated Fingerprint Identification System. The military repository is called ABIS for the Automated Biometrics Identification System. It's now co-located with IAFIS.
It’s a triangle with a missing link and ugly workarounds.
“I’ve always said the biometric safety net around our country is really kind of a patchwork quilt,” said David Cuthbertson, assistant director of FBI's Criminal Justice Information Services Division, which runs IAFIS.
Cuthbertson participated in an unusually frank discussion of the problem during the Feb. 26 – 28 Armed Forces Communication and Electronics Homeland Security conference in Washington, D.C.
SEARCH FOR A SOLUTION
One idea was to mash all the records into a giant database. That was ruled out a few years ago because the rules governing the sharing of identity information vary widely among agencies. The database would be too hard to manage.
The three databases should interact “but we do need to keep them separate…so that we can protect privacy, protect civil liberties, and really conduct the missions that we need to,” Cuthbertson said.
In lieu of a giant repository, US-VISIT wants to establish an automated interface with ABIS, the military repository.
Here’s the political problem: US-VISIT doesn’t have buy-in from DHS, said current and former DHS officials. DHS hasn't blocked US-VISIT from pursuing the concept -- US-VISIT staff held a big meeting in February with their DoD counterparts -- but DHS has avoided doing anything that could be construed as a public embrace.
For example, DHS declined to provide someone to participate on the AFCEA biometrics panel last month.
In an unusual step, the session moderator, former US-VISIT director Jim Williams, drafted US-VISIT’s Greg Ambrose to come out of the audience and up to a microphone to answer a question from the audience.
Ambrose is the soft-spoken, bespectacled chief information officer for US-VISIT. If the gap is to be closed, Ambrose will be the unlikely hero.
He’ll need to come to terms with Don Salo, a retired Army colonel with a grumbling voice who spent 27 years as a military cop and investigator. Salo, who was on the biometrics panel, came over to the Defense Department from Commerce to direct the Defense Forensics and Biometrics Agency.
When people talk about cultural gaps, they mean Ambrose and Salo.
Ambrose has been laying low since November, when he told an industry audience that the interoperability ball was in the Pentagon’s court: “We’re waiting to see how DoD wants to proceed,” he said.
Williams pressed him for specifics, and Ambrose described a twofold plan:
“We’ve been working with DoD to put an interface in place so that we can query each other’s systems, and that continues to be worked through in terms of requirements, understanding where DoD is headed with their program,” Ambrose said.
In the meantime, US-VISIT is “looking to move all of the files that DoD has into IDENT…so we can query those data files that they have,” Ambrose said.
Why is it hard? Salo put it like this: “It’s the number of files that have to go over and the conversion of formatting the files, the textual. DHS is working on that. They’re coming up with a system where they can read our files. But the type of files we have are in a format that they can’t read.”
Ambrose said US-VISIT and the Defense Department still need to “ensure that we’ve got funding and prioritization between the two organizations to put that interface in place.”
Translation: There’s a long, long way to go.
Williams wanted to know when the gap would be closed -- “Later this year, isn’t it?”
Salo: “We think by ‘14 there will be evolving connections.”
Something that could help coordination, Salo said, is the decision to move the military’s repository from another facility in West Virginia to the FBI’s Clarksburg site.
Beyond that, he and Ambrose painted a portrait of two bureaucracies hard at work on interoperability: “We had a meeting on it yesterday,” Salo said.
STOPPING THE DRIFT
The push to close the gap could be just in time, especially if it brings better overall biometrics coordination. For years, biometrics meant fingerprints, but technologists are working on iris scans and possibly facial recognition as strategies for securing buildings, prisons and borders. The agencies will need to coordinate their approaches and investments, or they could end up where they are today on fingerprints.
Cuthbertson gave a glimpse of an immediate issue. Other agencies are warming to iris scans, but for law enforcement, fingerprints will always be critical, he said. “When you commit a crime you can leave a photograph” -- ie, from an ATM camera – “You can leave a fingerprint. Pretty hard to leave an iris there at a crime scene. If the iris was left there, I think we’ve got the fingers.”
Williams has been around long enough to sense where this is going: “The worry is, as we have all these new applications, now modalities, new things. If you don’t have synchronized funding, then frankly you could have somebody moving in one direction, and the other part of the system -- the federated system -- not speaking up,” he said.
For now, job number one is closing the fingerprint gap.