Spooks, Sleuths, and Data Sharing
Cats and dogs living together? Yeah, fat chance. That's what Washington insiders would have said five years ago if anyone had suggested agents from the FBI and the CIA would one day sit in a room and freely trade secrets. Then September 11 happened, and it appeared that an unwillingness to share data across the federal government was a key factor in the ultimate intelligence failure. So in May, 2003, the Bush Administration launched the Terrorism Threat Integration Center (TTIC).
The idea was simple: Take people from a number of key intelligence agencies, place them in a room together, and give them a common computer network. Ideally, their proximity would trigger information-sharing. But no one expected that to happen overnight. For the TTIC to be anything more than window dressing, the new team would need access to the most current data from across a wide swath of government computer systems. The task of making that possible fell to William F. Spalding, a career CIA officer and one of the agency's alpha-geeks, who became the TTIC's chief information officer.
"ON OUR WAY."
Spalding's efforts have yielded real fruit. TTIC members can now access in real time 14 separate government information networks, including those of the CIA and the FBI. Spalding hopes to add a handful of other government networks later this summer when the unit moves into its new digs in Virginia. He's also developing a top-secret portal, dubbed TTIC Online, to serve as an entry point and clearinghouse for the G-men and spooks now sitting nose-to-nose.
"We have leveraged existing government initiatives as well as the best minds in industry to enable unprecedented access to information," says Spalding. "And we're well on our way toward building the capability to run federated searches across the many terabytes of terrorism-related information."
That's not to say the TTIC has no detractors. FBI agents have grumbled that the CIA continues to withhold key information. The conservative Heritage Foundation criticized the Homeland Security Dept. for awarding control of the TTIC to the CIA, a potential sore point for other participating agencies. The foundation also claims there's overlap between the TTIC and several other government bodies charged with integrated threat assessment.
THE EASY PART.
Still, the TTIC appears to be headed in the right direction, in no small part due to technology upgrades that bring the two agencies into the 21st century. "Many people believe that collaboration hasn't improved everywhere. But at the operations level, people feel there's better communications between the CIA and the FBI," says Jack Riley, director of the public safety and justice program at Rand Corp.
Unfortunately, getting the federal top dogs to start swapping case files and data was actually the easy part. Moving that cooperation down the chain to local and state law-enforcement agencies will be far trickier. For starters, many of those bodies don't have sufficient security clearance to view secret federal files. And few have the type of secure transmission and data-storage systems that the FBI and CIA have begun to insist upon as a precondition to handing out truly sensitive information. The FBI has tried to tackle this by setting up over 100 regional joint task forces on terrorism.
"We're struggling to get the information down to local players," says Steven Flynn, a security expert and fellow at the Council on Foreign Relations. The FBI insists it's doing its part. "We've put out intelligence bulletins that we share with local and state enforcement on a routine basis," says FBI spokesperson Paul Bresson.
Even more problematic is moving ticklish information from government hands to private ones. This is crucial since most of America's infrastructure, from chemical plants to nuclear power generators to the electrical grid, is owned and operated by the private sector. Some industries, such as telecommunications, are working well with the government while others, such as chemical makers, have lobbied to water down government inspection regimes and oversight.
Beyond the difficulties in sharing sensitive information is a bigger problem, however. Outside of a few key areas such as health care and banking, government policies on swapping data remain unclear. That can put a chill on efforts as government entities choose not to share rather than risk a lawsuit. Data collected by the IRS, for example, might not be legally accessible to the TTIC under some circumstances.
"It's not really a technology issue. It's the rules around the technology," says Jim Lewis, director of technology policy at the Center for Strategic & International Studies. "Who owns the information? What can they release? Each agency has different rules."
These issues are particularly pressing when information-sharing involves sensitive biometric data or personal info -- such as personal credit ratings -- lifted from private-sector databases. Privacy advocates say individuals must have control over their personal data and must be informed as to how it's used. They point to the thousands of travelers who have been designated "high risk" by the Federal Aviation Administration's Computer Assisted Passenger Prescreening System (CAPPS II) but have yet to receive an explanation on what they did to deserve this status, which often results in frequent airport searches and other hassles.
U.S. law-enforcement and Homeland Security officials balk at the roadblocks that privacy concerns throw up. They say such rigorous privacy requirements would slow down investigations and additional privacy protections are unnecessary. They point out that Homeland Security has its own privacy czar, former online advertising executive Nuola O'Connor. No matter if their claims are true or not, the lack of more explicit privacy requirements in any form certainly has proven a hinderance to greater data-sharing between federal and nonfederal entities.
Nevertheless, the TTIC is working, and its daily intelligence assessments going to the Oval Office are providing a much-needed top-down view of all the available information. That's a significant improvement over the old days when agents from the FBI and the CIA wouldn't even share a cab, let alone top-secret information.
By Alex Salkever, Technology editor for BusinessWeek Online