US-VISIT wants prints collected in Iraq, Afghanistan
On the bucolic grounds of the FBI’s campus in Clarksburg, W.V., stands an architectural marvel sometimes jokingly called the Taj Mahal. Inside is a repository of identity data, mostly fingerprints, on 110 million people – criminals, terrorists and suspected terrorists. It was here, eight years ago, that a heated internal debate took place on the subject of whether and how to share fingerprint records across federal agencies.
Collecting fingerprints in Afghanistan. Credit: U.S. Defense Dept.
Attending were representatives from the Departments of Defense and State and the recently created US-VISIT, an office of the Department of Homeland Security with a mission to use biometrics to keep terrorists from breezing through legal entry points, as they had before the Sept. 11, 2001 attacks.
US-VISIT came to Clarksburg with a demand: Share the fingerprint records of the Iraqis, Afghans and foreign fighters encountered by U.S. troops. Defense officials were reluctant to do that. The records were scattered among numerous databases, some of them highly classified, recalled a participant at the meeting. US-VISIT played its trump card: If there were an attack inside the U.S. and it turned out the Defense Department unwittingly possessed the attackers’ fingerprints, but hadn’t shared them, the Defense Department would be responsible. Voices were raised. Finally, the Army’s intelligence representative slammed his fist on the table. The records would be shared, but the process would turn out to be less than elegant and very incomplete.
The meeting was nevertheless significant because it set a precedent for sharing the troves of prints and names gathered by U.S. troops. Some of the prints came from detainees, but more often they were gathered through incentives or coercion – civilians had to submit to fingerprinting to re-enter Fallujah, Iraq, after the coalition offensive there, for example.
Flash forward, and not much has changed about the sharing process. It's gone from handing off data tapes to manually uploading records via file transfer protocol. The system is kluged together with stop gaps to prevent the wrong people from getting visas or walking through customs. The Clarksburg meeting wasn't the victory it seemed, but since November a group of underdogs at US-VISIT has been pushing to unlock millions of military fingerprint records by establishing an automated connection with the military’s repository.
It won’t be easy. US-VISIT’s parent agency, the Department of Homeland Security, hasn’t embraced the plan, and there's sequestration to deal with. On top of that, even after the Clarksburg meeting, the military continued collecting millions of records in a format incompatible with US-VISIT’s fingerprint repository.
If US-VISIT can overcome those obstacles, consulate and border protection officers would be able to query a set of fingerprints across the military’s records in real time. They would know, for example, if the person submitting his fingerprints for a visa application gave a different name when troops collected his prints. Odds of handing a visa to a dangerous person would be reduced because no one would be waiting for ftp files to be uploaded. Today, those consulate and border officers can query against an 800,000-record watchlist provided by the Defense Department. They can’t search against the balance of the 9.5-million records in the military repository.
The country’s array of biometric databases is complicated, to put it mildly. US-VISIT’s repository, called IDENT, is connected to the FBI's repository but not directly to the military's. Only the FBI repository is fully connected. The FBI’s repository is located in Clarksburg and is called IAFIS for the Integrated Automated Fingerprint Identification System. The military repository is called ABIS for the Automated Biometrics Identification System. It's now co-located with IAFIS.
It’s a triangle with a missing link and ugly workarounds.
“I’ve always said the biometric safety net around our country is really kind of a patchwork quilt,” said David Cuthbertson, assistant director of FBI's Criminal Justice Information Services Division, which runs IAFIS.
Cuthbertson participated in an unusually frank discussion of the problem during the Feb. 26 – 28 Armed Forces Communication and Electronics Homeland Security conference in Washington, D.C.
SEARCH FOR A SOLUTION
One idea was to mash all the records into a giant database. That was ruled out a few years ago because the rules governing the sharing of identity information vary widely among agencies. The database would be too hard to manage.
The three databases should interact “but we do need to keep them separate…so that we can protect privacy, protect civil liberties, and really conduct the missions that we need to,” Cuthbertson said.
In lieu of a giant repository, US-VISIT wants to establish an automated interface with ABIS, the military repository.
Here’s the political problem: US-VISIT doesn’t have buy-in from DHS, said current and former DHS officials. DHS hasn't blocked US-VISIT from pursuing the concept -- US-VISIT staff held a big meeting in February with their DoD counterparts -- but DHS has avoided doing anything that could be construed as a public embrace.
For example, DHS declined to provide someone to participate on the AFCEA biometrics panel last month.
In an unusual step, the session moderator, former US-VISIT director Jim Williams, drafted US-VISIT’s Greg Ambrose to come out of the audience and up to a microphone to answer a question from the audience.
Ambrose is the soft-spoken, bespectacled chief information officer for US-VISIT. If the gap is to be closed, Ambrose will be the unlikely hero.
He’ll need to come to terms with Don Salo, a retired Army colonel with a grumbling voice who spent 27 years as a military cop and investigator. Salo, who was on the biometrics panel, came over to the Defense Department from Commerce to direct the Defense Forensics and Biometrics Agency.
When people talk about cultural gaps, they mean Ambrose and Salo.
Ambrose has been laying low since November, when he told an industry audience that the interoperability ball was in the Pentagon’s court: “We’re waiting to see how DoD wants to proceed,” he said.
Williams pressed him for specifics, and Ambrose described a twofold plan:
“We’ve been working with DoD to put an interface in place so that we can query each other’s systems, and that continues to be worked through in terms of requirements, understanding where DoD is headed with their program,” Ambrose said.
In the meantime, US-VISIT is “looking to move all of the files that DoD has into IDENT…so we can query those data files that they have,” Ambrose said.
Why is it hard? Salo put it like this: “It’s the number of files that have to go over and the conversion of formatting the files, the textual. DHS is working on that. They’re coming up with a system where they can read our files. But the type of files we have are in a format that they can’t read.”
Ambrose said US-VISIT and the Defense Department still need to “ensure that we’ve got funding and prioritization between the two organizations to put that interface in place.”
Translation: There’s a long, long way to go.
Williams wanted to know when the gap would be closed -- “Later this year, isn’t it?”
Salo: “We think by ‘14 there will be evolving connections.”
Something that could help coordination, Salo said, is the decision to move the military’s repository from another facility in West Virginia to the FBI’s Clarksburg site.
Beyond that, he and Ambrose painted a portrait of two bureaucracies hard at work on interoperability: “We had a meeting on it yesterday,” Salo said.
STOPPING THE DRIFT
The push to close the gap could be just in time, especially if it brings better overall biometrics coordination. For years, biometrics meant fingerprints, but technologists are working on iris scans and possibly facial recognition as strategies for securing buildings, prisons and borders. The agencies will need to coordinate their approaches and investments, or they could end up where they are today on fingerprints.
Cuthbertson gave a glimpse of an immediate issue. Other agencies are warming to iris scans, but for law enforcement, fingerprints will always be critical, he said. “When you commit a crime you can leave a photograph” -- ie, from an ATM camera – “You can leave a fingerprint. Pretty hard to leave an iris there at a crime scene. If the iris was left there, I think we’ve got the fingers.”
Williams has been around long enough to sense where this is going: “The worry is, as we have all these new applications, now modalities, new things. If you don’t have synchronized funding, then frankly you could have somebody moving in one direction, and the other part of the system -- the federated system -- not speaking up,” he said.
For now, job number one is closing the fingerprint gap.
How technology could help
Imagine you’re the intelligence analyst of the future and you think you’ve just solved a vexing international puzzle for your leaders, when suddenly a gentle voice rises from your computer: “Excuse me Dave, other explanations with more weight are available. Would you like to see them?”
This kind of ghost in the machine is called a software agent. Technologists are almost certain to avoid any similarities in their designs to H.A.L, the all powerful computer in “2001: A Space Odyssey.” But software agents are, in fact, a serious idea for mitigating cognitive biases – the brain’s natural tendency to find shortcuts through complex information.
Intelligence managers took on the bias problem after the Sept. 11 terror attacks, and redoubled their efforts after the wildly wrong 2002 national intelligence estimate about Iraq’s weapons of mass destruction. For the most part, agencies addressed bias by training analysts to use new structured analytic techniques – software is now used to chart and visualize evidence, arguments and logic.
It’s hard to train away all cognitive biases, though, because the human mind innately applies mental shortcuts when faced with big data dumps. The mind falls back easily on previous experiences, for example, which can lead to confirmation bias. Cognitive biases should not be confused with stereotypes or prejudices. They’re much more subtle, cognitive experts say.
Scientists such as those at Raytheon think the time is right for science and technology to play a larger role in combating bias – but with limits. If software agents were to be deployed – one researcher says their use in the community is “incipient” at this point – analysts would have to retain the power to take or leave the computer’s advice.
“The analyst’s reaction to a tool like that would depend on how intrusive it is -- whether it’s Big Brother,” says former intelligence analyst James Steiner, who retired from the CIA in 2005 and teaches at Rockefeller College, an arm of the State University of New York at Albany.
This article is based on interviews with cognitive researchers, former analysts and industry experts. It shows that the community has options it has yet to exercise. Software agents are just one. Experts applaud the structured analytics trend but they decry the lack of quantitative evidence about their effectiveness in different scenarios. What if information technology could be applied to monitor analytical strategies and outcomes over time? Some of the structured techniques have yet to be institutionalized out of concern that they could overburden time-pressed analysts who find old-fashioned intuition to be a lot faster.
Raytheon is emerging as the most outspoken advocate of applying information technology and experimentation to the cognitive bias problem. The company wants to monitor the decisions of analysts in lab exercises, during training, and eventually in real time while they’re working. The monitoring could help the community assess which techniques work best, and give analysts instant feedback so they can avoid mistakes, rather than simply leaving an audit trail for investigators.
“Awareness alone isn’t enough to overcome (bias) – this is what research has shown. You have to have some way to intervene when the bias is emerging,” says Raytheon researcher and PhD student Don Kretz, who studies cognitive bias in complex problem solving scenarios.
Kretz’s words echo those in a prepared statement from IARPA, the Intelligence Advanced Research Projects Activity: “Research to date has found that simply knowing about the bias is not sufficient to help the individual avoid the bias.”
IARPA wants to see if specialized video games can improve training.
Raytheon wants to do even more. Installation of software agents is one idea.
Rand’s Gregory Treverton, who oversaw the drafting of national intelligence estimates from 1993 to 19995, says software agents might actually empower analysts if they are implemented in a non-heavy handed way.
“One of the things that people learn best from, the psychologists tell us, is feedback. And the closer it is to the event the better,” he says.
Last June, 27 Raytheon employees, mostly from the engineering ranks, volunteered to participate in a one-day intelligence analysis exercise. The purpose was to show how elaborate games might be used to compare different structured analytic techniques for effectiveness. Raytheon plans to release the paper Nov. 15 at the IEEE Homeland Security Technologies conference in Waltham, Mass.
The company hopes the exercise and a similar one in August will prompt its mission partners – meaning intelligence agencies – to assign working analysts to participate in one or more exercises late this year or early next. Talks are underway, Kretz says.
In the June pilot, the volunteers were given fictional intelligence reports, cell call transcripts, and embassy reports describing three bombings near the Green Zone in Baghdad. The information was drawn from a library of synthetic counterinsurgency, or SYNCOIN, scenarios developed by Penn State University with funds from the Army Research Office. Participants had to figure out who planted the bombs and who the intended targets were.
The game designers made things difficult for the participants by including facts intended to draw out anchoring biases – the tendency of human minds to glom onto evidence supporting an initial hypothesis – and confirmation biases, the tendency to put more weight on evidence that confirms an underlying belief.
The participants were briefed on three techniques for "debiasing" their analysis and given simple software tools. Raytheon calls these techniques analytic multipliers.
Some participants used link analysis software to chart the relationships among people, organizations, objects and events.
Others used an information extraction and weighting technique to assign numbers from 1 to 10 to specific pieces of evidence based on how critical they saw them – 10 being the most critical. The evidence and numbers were typed into spread sheets.
Others used software to draw up matrices documenting the competing explanations and the evidence supporting them. That technique is called Analysis of Competing Hypotheses or ACH.
How did the comparison turn out? The first thing Raytheon wants you to know is that picking a winner was not the main point. The purpose was to develop an experimental protocol to show how the community could, over time, assemble quantitative information to document the effectiveness of different techniques.
For CIA-funded researcher Richards Heuer, it’s about time someone gathered performance data about the structured techniques he advocates: “This is exactly what we need more of -- empirical testing and documentation of the effectiveness or the ineffectiveness of various analytic tools and a better understanding of which tools are best used for which type of problem assembled over time,” he said by email.
Raytheon has discussed its research with Heuer, but he is not affiliated with the Raytheon team.
To the degree we should care about the result, it was good news for advocates of ACH, a 30-year old structured technique developed by Heuer.
“The Analysis of Competing Hypotheses technique did in fact improve judgment the most,” says Kretz who is one of the paper’s authors and is scheduled to speak at the IEEE conference.
Heuer came up with ACH in the 1980s after retiring from the CIA and continuing his research as a contractor to the agency. His goal was to improve analysis of the Soviet Union:
“When analysts were asked if they thought the Soviets were deliberately trying to deceive us on a specific point, they would almost invariably say ‘No’, because they didn’t see any evidence of it,” Heuer recalls. “What they didn’t recognize was that if the deception was being done well, they shouldn’t expect to see evidence of it.”
ACH helped the CIA sort deception from reality. For about 15 years, that’s the only reason it was taught and used, says Heuer.
Then came the Sept. 11 attacks and the Iraq weapons fiasco. The agencies took a fresh look at ACH and other structured techniques. In 2010, Heuer and Randolph Pherson authored an unclassified book, “Structured Analytic Techniques for Intelligence Analysis,” which explained how the techniques could help analysts in intelligence, law enforcement and even the business world.
Heuer cautions that ACH is not a “cure-all” for all analysis problems even though it shined in the Raytheon exercise.
Some researchers suspect ACH has the most impact for novice or new analysts, which could explain why it came out on top among engineers pretending to be analysts.
If Raytheon convinces intelligence agencies to play, the June exercise could go down as one of the turning points in the fight against bias. The company insists its advocacy is not about winning the next big contract or selling the agencies more software.
“They’ve got shelves and shelves full of tools that they’ve bought and paid for that they don’t use,” Kretz says. “We’re not trying to develop more stuff like that. We want them to be partners in this.”
Proposed combo gets anti-trust scrutiny
"They saw blood in the water and struck," said an industry executive.
The confidential email that landed at GeoEye’s Herndon, Va., headquarters in June looked like checkmate in the company’s unexpected competition for survival against DigitalGlobe, its rival in the U.S. satellite imaging market.
Earthquake damage to the Port au Prince National Cathedral. Credit: GeoEye
Opponents seize renewal as chance to reel in surveillance
The FISA debate is part of a larger debate over the appropriateness of big data, which is as much a corporate trend as an intelligence trend.
The coming months look rich with potential turning points in the debate over whether the U.S. has gone too far in the expanded eavesdropping allowed by amendments to the Foreign Intelligence Surveillance Act.
The FISA collection strategy is a top contributor to the intelligence community's big data storage dilemma and inevitably sweeps up emails, texts and telephone calls to and from people on U.S. soil. For critics, the collections amount to trampling American privacy rights. For supporters, there are plenty of safeguards in place to protect privacy and keep Americans safe.
About the only consensus is that if Congress doesn't act, the sun will set Dec. 31 on the FISA amendments and their expanded eavesdropping.
Rep. Mike Rogers, R-Mich., supports renewing the amendments in his role as chairman of the House Permanent Select Committee on intelligence, and he predicts at most a political "scuffle" over a bill introduced in June that would extend the eavesdropping through 2017.
One reason for his optimism could be the rare election-year accord among Obama administration officials and Republicans about the need to renew the FISA amendments. Director of National Intelligence James Clapper and Attorney General Eric Holder told Congress earlier this year that the reauthorization is their number one legislative priority for intelligence.
Critics, however, are seizing the FISA renewal as a chance to re-examine the post-9/11 relationship between privacy, intelligence and security. They hope to turn Roger's scuffle into a fight by pointing out that the private communications of U.S. citizens are being swept up and no one knows or will say how many Americans have been affected.
Sens. Ron Wyden of Oregon and Mark Udall of Colo., two Democrats on the Senate Select Committee on Intelligence, have been asking pointed questions in writing and during hearings about the FISA reauthorization. The CATO Institute and the American Civil Liberties Union are lining up to oppose the reauthorization, and now the Supreme Court is getting into the act too. When the court reconvenes in October, it's scheduled to consider whether the ACLU can challenge the constitutionality of the FISA amendments.
"This debate in the Fall is going to be one of the most important in years,” Wyden said in July at a CATO Institute symposium, according to a webcast. “Before the law is reauthorized the public ought to be able to learn more about its impact on the privacy rights of law-abiding Americans…I continue to believe after 11 years on the intelligence committee that protecting this country at a dangerous time and protecting people’s individual liberties are not mutually exclusive.”
BIG DATA, BIG DEBATE
The intelligence community shows no desire to back away from the FISA collections, despite the costs of storing and parsing them. The Senate Select Committee on Intelligence took the unusual step in June of publicly releasing a statement by Clapper and Holder explaining why they see the collections as so important:
Section 702 “provides information about the plans and identities of terrorists, allowing us to glimpse inside terrorist organizations and obtain information about how those groups function and receive support,” Clapper and Holder said in a statement to the committee. The committee's report underscored that the FISA Amendments have become more than a tool against terrorism: “In addition, [FISA] lets us collect information about the intentions and capabilities of weapons proliferators and other foreign adversaries who threaten the United States. Failure to reauthorize section 702 would result in a loss of significant intelligence and impede the ability of the Intelligence Community to respond quickly to new threats and intelligence opportunities."
Privacy advocates aren't buying it. "The idea of moving to a default practice of retaining international communications without a court order seems like a dangerous shift away from our traditional approach to civil liberties,” said Julian Sanchez, a CATO research fellow.
Sanchez doubts the effectiveness of FISA, but he said the government makes it hard to assess the law's impact. If FISA were a tool that led to an arrest or conviction, the government would probably leave that evidence out of the public case for fear of revealing the FISA search methods, he said. In Sanchez's view, the numbers of cases don't suggest a lot of success though: "Do we find a string of plots foiled thanks to sophisticated surveillance methods that would have been unavailable under pre-2001 laws? We do not. Mostly we find human intelligence and tips from alert members of the community playing the critical role," he wrote in his blog.
It is that lack of public information about how the law has been implemented that concerns many critics.
“There is simply too little known about the operation of the FISA today to determine whether it is effective and whether the privacy interests of Americans are adequately protected,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, in testimony to the House Judiciary crime, terrorism and homeland security subcommittee.
If government officials won't talk publicly about the scale of the collections, civil libertarians are filling in the blanks. They estimate that the phone calls, text messages and emails of thousands or perhaps millions of law-abiding Americans traveling overseas or communicating with people outside U.S. borders are being collected by intelligence agencies and stored in government databases where they can be searched later, if names, keywords or locations become suspect.
In July, Wyden and Udall asked Clapper for unclassified information on the number of U.S. citizens whose communications were reviewed by government agents using the powers granted by the FISA amendments. They were told that intelligence agencies could not provide that information without jeopardizing other missions. When Wyden and Udall said they'd settle for a ballpark estimate, they were told that gathering that estimate would itself violate the privacy rights of Americans. “That is too far-fetched even by Washington standards,” Wyden told the CATO audience.
To ensure that Congress can keep digging for answers, Wyden in June placed a hold on the bill, which means the Senate will have to debate and vote on the legislation, not simply pass it by unanimous consent. The bill was approved in June by the Senate Select Committee on Intelligence and then by the House Judiciary Committee.
Wyden appears to face an uphill battle because many members of Congress are eager to give the intelligence community whatever it says it needs to protect Americans – including expanded FISA surveillance. “Because we respect the Fourth Amendment [which bars unreasonable searches] and there is judiciary, third-party review of the collection of this information, Americans don't mind,” Rogers said in an interview. “It happens thousands and thousands of times a day across America with subpoenas and warrants. That's the same thing we're implementing here."
The domestic warrants Rogers alludes to, however, are aimed at individuals, whereas the FISA amendments provide annual warrants against categories of people.
WANT TO SEE SOMETHING REALLY SCARY?
Rogers and Wyden are among the few in Congress with high enough clearances to evaluate the merits of the new, improved FISA, and they have strikingly different views of its adherence to Fourth Amendment protections. Wyden points to a July 20 letter in which Clapper acknowledged that “on at least one occasion” the FISA Court determined that a collection violated Fourth Amendment protections and that the government implementation of section 702 sometimes “circumvented the spirit of the law.” The letter adds, however, that the government has fixed the problems and the FISA Court has found current collections to be “consistent with the statute and reasonable under the Fourth Amendment.”
The FISA debate is part of a larger argument over the appropriateness of big data, which is as much a corporate trend as an intelligence trend. Consumers who use credit cards or who conduct searches on Google or other search engines are contributing their preferences to vast, privately held databases that businesses use in marketing campaigns.
In fact, the commercial world was first to face the challenge of coping with big data, and the intelligence community is applying the open source technology developed there to its own databases. The technology has its roots in the late 1990s when Google software engineers devised new ways to index data on the Internet and search it. Doug Cutting, a search engine developer, used Google’s techniques to create an open source software framework called Apache Hadoop, which was adopted by companies and now also by NSA to organize unprecedented amounts of data.
Some intelligence experts argue that those who fear government big data are looking for villains in the wrong place. “The biggest threat to privacy doesn’t come from the intelligence community and the government, but from credit card companies and large retailers,” said Bob Gourley, a former chief technology officer for the Defense Intelligence Agency who now serves as chief technology officer for Crucial Point LLC. “By compiling all that data, they can learn everything about you. That’s scarier than having the National Security Agency on the Internet. I know those guys they are not spying on Americans.”
The goal of the government's embrace of big data is not to sell products but to address one of the problems cited in the 9/11 Commission Report, which was that analysts had trouble finding information about specific people and connecting those people with places and events. “You have to be able to connect the dots and it’s hard to do that,” said Gourley. “The only way to do that was to have human beings read every single report and think about the problem. Computers can help, but until Hadoop came along, computers were very limited in the help they could give you.”
The big data revolution shows no signs of slowing. A few years ago, only the largest commercial businesses were compiling databases larger than 100 terabytes – once thought of as the threshold for big data. Now, the threshold has shifted outward and thousands rely on enormous troves of data to assist in sales, service and marketing. In 2012, the market for hardware, software and services to help businesses manage big data was valued at $5 billion.
In the view of FISA critics, the amended law makes the data problem bigger than it would be if constitutional limits were followed. This fall, the Supreme Court will weigh in on whether critics have the right to make their case in court. The saga started a few years ago when the ACLU filed a lawsuit on behalf of a labor, media and human rights groups challenging the FISA Amendments Act for allowing the government to collect Americans’ international communications without specifying the people or places monitored. A lower court threw out the case in 2009, but a U.S. Court of Appeals reinstated it in 2010. The government filed suit in Clapper's name, arguing that the plaintiffs don't have legal standing to challenge the law because they can't show their communications were acquired under FISA. That's the case the Supreme Court will consider.
A decision against Clapper would give critics an opportunity to make their legal case and possibly begin to scale FISA if Congress does not.
“It would be the first step in challenging the underlying program," said Michelle Richardson, the ACLU council.
It's the ingredients for a scuffle, maybe more.