Chapter 7 Managing Data Resources 257

CASE STUDYDatabase Woes Plague Homeland Security and Law Enforcement

The World Trade Center and Pentagonterrorist attacks on September 11,2001, have focused attention on theneed for accurate information aboutterrorist activities to prevent similarcatastrophes in the future. Much ofthe information necessary to combatfuture terrorist attacks, as well as tofight domestic crime, is stored in data-bases of literally thousands of federal,state, and local organizations. Bringingtogether these data to make themuseful for fighting terrorism and crimeis proving to be an immense task.

To begin with, the new U.S.Department of Homeland Security(DHS) comprises 22 agencies, eachwith its own computer systems andhardware. One major reason for cre-ating this new department was tobring together the data stored inagency systems to collect, analyze,and distribute information about sus-pected terrorist activities. But the taskis actually much larger than thatbecause these 22 agencies representonly a few of the federal govern-ment’s 146 agencies with lawenforcement responsibilities.

Each of these agencies in turn hasnumerous databases, most of whichare incompatible and technicallyarchaic. They have different comput-ing platforms, data names, data defini-tions, data sizes, and data files. Theydo not share their data with state andlocal agencies, which are vital fortracking potential terrorists and theiractivities. Ben Gianni, the vice presi-dent for homeland security ofComputer Sciences Corporation, esti-mates that a project to connect thedata from all of these agencies wouldtake at least five years and cost aminimum of $15 billion.

When the FBI tried to create thehuge Integrated Automated FingerprintIdentification System (IAFIS) in thelate 1990s, for example, it had to inte-grate two already-existing but dissimi-lar systems, the FBI’s IAFIS and theImmigration and NaturalizationService’s Automated Biometric

Identification (IDENT) System.Whereas the IAFIS stored 10 rolledprints for each person, IDENT storedonly two flat prints. For an interimsolution, the FBI had to develop cus-tom software to exchange fingerprint-ing data from the two systems. Twofingerprints from IAFIS were added toIDENT, while workstations for using10 rolled prints were also beingdesigned. Second, a study had to beundertaken to determine how tocapture the 10 prints more rapidly.Ultimately, the FBI developed a fasttransaction type that retrieves anindividual’s criminal history withoutdisplaying the fingerprints. Fingerprintmatching could be done later ifneeded.

The same data in different systems,even within the same organization,usually have different names, codes,and formats. So, for example, over theyears the FBI had created five criticalbut independent investigative applica-tion systems, each storing its data dif-ferently. These databases are consid-ered the backbone of the FBI systems.The FBI was not made part of theDHS, remaining part of theDepartment of Justice (DOJ), but itneeds to collect and analyze accurateand timely criminal information to dealwith terrorism and criminal activity.

The FBI is buried under animmense amount of paperwork andcontinues to rely on paper as its chiefinformation management tool. Itscomputer systems are antiquated. Forexample, the FBI has five investigativeapplication systems, but these sys-tems could be viewed only using veryold-fashioned green IBM 3270 termi-nals. Many agents could not accessthe Internet from their desks becauseof security concerns. Moreover,although the agents need to searchthese data, the technology allowedonly single-word searches. So, forexample, after the terrorist attacks ofSeptember 11, agents could searchon such words as flight or school butcould not search for phrases such as

flight school. In fact, the FBI has noenterprise-wide architecture butrather has separate databases formore than 50 applications, which arewritten in various languages and run-ning on disparate systems.

Agents required security clearancesto access much of the data, but secu-rity clearance often took up to eightmonths to obtain. Because of thesecretive FBI culture, it has had amind-set to keep information to itself,a problem highlighted by and afterSeptember 11. In the past, when theFBI had to store its own information,it often overlooked key areas. Forexample, after September 11, the FBIneeded data on foreign students,including obvious information such astheir current schools and locations,but it had not collected it. So, itturned to the Immigration andNaturalization Service (INS), but this agency did not even have a com-puter system to collect such data.Ultimately, the FBI had to contact allU.S. colleges and universities to askthem for the required information.

In November 2000, Congress allo-cated $379 million to update the FBI’ssystems. The FBI has already installed21,000 desktop computers, morethan 3,000 printers, and nearly 1,500scanners. In addition, it has linked622 FBI offices with high-speed dataconnections. Perhaps the single mostimportant software project involvescreating the Virtual Case File (VCF)system linking 31 FBI databasesthrough a single Web portal. “We arenow focused on implementing a datawarehousing capability that can bringtogether our information into data-bases that can be accessed by agentsthroughout the world,” observes FBIdirector Robert Mueller. FBI fieldagents can access the VCF systemusing a standard Web browser tosearch the entire FBI data warehouse.Instead of faxing or mailing pertinentinformation about a suspected terror-ist from one office to another, FBIagents have electronic access to the

LAUDMC07_0131538411.QXD 2/2/05 8:19 AM Page 257

258 Part Two Information Technology Infrastructure

files, which could also be shared withthe CIA, the National Security Agency,and local police departments. A sys-tem is being built to automate andscan all paper-based information intoa relational database that can bemined.

In May 2002, the FBI’s investi-gative guidelines were updated toallow agents to surf the Web and touse commercial data services ande-mail. (Formerly, agents could notreceive e-mails directly; the e-mailmessages were received elsewhereand were printed out then handed tothe agents, creating serious delays.)

The FBI is also working to commu-nicate more openly with state andlocal law enforcement agencies. It isopening its National Law EnforcementOnline (LEO) system to other lawenforcement agencies to distributeinformation on terrorism. The FBI isalso now improving its National CrimeInformation Center (NCIC), its reposi-tory of 17 criminal records databasesthat contains mug shots andthumbprints.

The INS is another federal organi-zation with serious database prob-lems. The INS estimates that thereare about 500 million people enter-ing the United States each year, animmense volume that requires ahuge system to track. However,aside from its lack of information onforeign students, after September11, the INS could not even locate 45percent of the aliens the FBI wantedto question about terrorism, accord-ing to a General Accounting Office(GAO) assessment report ofNovember 2002. The report said theINS had even lost track of 4,334aliens from countries where al-Qaeda is known to operate.

The primary reason for the prob-lems is the failure of the INS to main-tain a database system that is bothintegrated and current. It has morethan 16 separate database systemsto capture data on aliens, including aNon-Immigrant Information System,an Asylum Prescreening System, aStudent Exchange Visitor InformationSystem, an Arrival DepartureInformation System, a Student andSchools System, a Deportable AlienControl System, and a Refugees,

Asylum and Parole System. Accordingto the GAO report, “INS does notupdate all databases that containalien address information [recordedwhen they entered the country] anddoes not have the ability to updateaddress information in NIIS [the Non-Immigrant Information System].” Itsdatabases do not even distinguishbetween aliens with the samenames. Late in 2002, the INS formeda task force to find ways to centralizeand improve its alien addresssystems.

The United States still lacks anaccurate, up-to-date watch list ofsuspected terrorists and their sup-porters that is the most essentialtool for combating international ter-rorism. In September 2003, theWhite House, Central IntelligenceAgency, FBI, and Department ofHomeland Security agreed to set upa Terrorist Screening Center (TSC) asan interagency body to create, main-tain, and control a master terroristdatabase. The TSC would be run bythe FBI using the State Department’swatch list, known as TIPOFF, as thebackbone of a new database thatwould integrate all other existingdatabases on terrorism into a newstate-of-the-art system.

To create the master watch list,TSC staff members would cleansethe data, weeding out duplications,obsolete records, and people who inthe past had been wrongfully identi-fied as terrorists or who shared thesame last name as suspected terror-ists. Data on fingerprints, distin-guishing scars, birthmarks, creditcard accounts, and other detailswould be employed to help distin-guish harmless namesakes fromserious suspects.

The TSC opened in Crystal City,Virginia, on December 1, 2003. TheFBI Counterintelligence Division hadannounced to law enforcement agen-cies across the United States that theTSC was open for business as the sin-gle point of contact for assistance inidentifying people with possible ter-rorist connections. The FBI cautioned,however, that TSC’s initial capabilitieswere “limited.”

On December 22, 2003, The FBIattaché to the American embassy

in Paris informed French policethat al-Qaeda planned to hijack anAir France jet and crash it some-where in the United States. TheFrench government groundedthree flights and detained six pas-sengers whose names matchedthe FBI watch list. All were mis-taken identities, including a childwhose name matched that of aTunisian terrorist leader. The TSCwas never consulted when U.S.intelligence picked up the informa-tion about the potential Air Francehijacking, including the names ofthe suspected terrorists.

An October 1, 2004 report byClark Kent Ervin, inspector generalfor the Department of HomelandSecurity (DHS), pointed out that theU.S. government had failed to con-solidate all of its terrorist watch listsas of that date, partly because theDHS did not play a sufficientlystrong leadership role in the project.The report further noted thatalthough TSC had started integratingthe various watch lists, it had troublehiring enough analysts with highsecurity clearances. The integratedterrorist database that was envi-sioned is still months and possiblyyears away.

Sources: John Mintz, “DHS Blamed for

Failure to Combine Watch Lists,” TheWashington Post, October 2, 2004;

Robert Black, Gary Fields, and Jo

Wrighton, “U.S. ‘Terror’ List Still Lacking,”

Wall Street Journal, January 2, 2004; Ted

Bridis, “Review: FBI Computer Upgrades

Inadequate,” Associated Press, May 10,

2004; Christopher Whitcomb, “The

Needle in the Database,” New York Times,May 14, 2004; Larry Dignan, “A Fort Knox

for Data,” Baseline, January 16, 2004;

Alex Salkever, “Spooks, Sleuths, and Data

Sharing,” Business Week, May 25, 2004;

Larry Barrett, “FBI: Under the Gun,”

Baseline, September 10, 2003; Dan

Verton, “FBI Has Made Major Progress,

Former IT Chief Says,” Computerworld,

April 21, 2003, “FBI Begins Knowledge

Management Face-Lift,” Computerworld,

April 21, 2003, and “Database Woes

Thwart Counterterrorism Work,”

Computerworld, December 2, 2002;

Judith Lamont, “Law Enforcement Gains

Ground in Data Integration and Analysis,”

KMWorld, March 2003; Jennifer 8. Lee,

“Threats and Responses: Law

Enforcement; State Department Link Will

LAUDMC07_0131538411.QXD 2/2/05 8:19 AM Page 258

Chapter 7 Managing Data Resources 259

Open Visa Database to Police Officers,”

New York Times, January 31, 2003; Debbie

Gage, “FBI Bureaucracy Hobbies Tech

Adoption,” Baseline, September 11, 2002;

Debbie Gage and John McCormick, “The

Disconnected Cop,” Baseline, September

10, 2002; “NYPD Base Case,” Baseline,

September 10, 2002; Sean Gallagher,

“Gotcha! Extending Existing Systems,”

Baseline, September 10, 2002; Doug

Brown, “How Homeland Security Budgets

Technology,” Baseline, September 9, 2002.

CASE STUDY QUESTIONS

1. Briefly summarize the problemsand major issues in this case.

2. Describe the major data manage-ment problems involved in bring-ing together the data needed tocombat terrorism.

3. What management, organization,and technology issues need to beaddressed to solve this problem?

4. Suppose you are a consultant tothe U.S. federal government. Basedon what you have read in thischapter, suggest and describe sev-eral approaches you might recom-mend for solving this problem.

LAUDMC07_0131538411.QXD 2/2/05 8:19 AM Page 259