|
    
    
|
 |
Homeland Security Focus Areas From the "Congressional Quarterly Homeland Security Daily," 21 July: Senate Chokes Funds for Pentagon Data-Mining Project The Senate has voted to eliminate funding for the controversial Pentagon data-mining project known as Terrorism Information Awareness, setting the stage for a dramatic conflict with the House. Formerly called Total Information Awareness, the system would comb thousands of public and private electronic databases looking for patterns suggesting terrorist activity. But the Senate’s version of the fiscal 2004 Defense Appropriations bill, passed unanimously Thursday night, cut off federal funds to the program. The House kept the funding, but warned the Pentagon not to use TIA to spy on U.S citizens. Differences will be worked out in conference. The White House earlier said the Senate version “would deny an important potential tool in the war on terrorism.” - Chris Logan Bush Administration, Senate at Odds over DOD's Terrorism Information Awareness Program A new provision under consideration as part of the Senate defense spending bill for fiscal year 2004 would eliminate funding for the Department of Defense's (DOD) controversial Terrorist Information Awareness program, formerly called the Total Information Awareness program. The provision drew an immediate response from the Bush administration calling for it to be removed, the Washington Times reported. A statement released by the Office of Management and Budget (OMB) said, "This provision would deny an important potential tool in the war on terrorism." Lawmakers are concerned that the surveillance system, which will cull data provided by foreign intelligence and expansive public and private databases to detect terrorist activities or patterns, could potentially infringe on the civil liberties of Americans. DOD maintains that only information "legally obtained" will be used in the search for terrorist activities and that the program will be routinely evaluated by the Secretary of Defense and a panel of outside experts, according to the TIA website. Reflecting the ongoing concerns lawmakers have about the program, the Senate will also re-evaluate the Wyden amendment, set to expire 30 September, that prohibits the use of any funds "to implement the surveillance program domestically against U.S. citizen" without prior Congressional approval. ANALYSIS: Should the Senate pass the provision banning TIA, a House-Senate conference would have to determine whether to defense spending bill would contain the ban, the Wyden amendment or some alternative, CBS News.com reported. James Dempsey of the Center for Democracy and Technology said that the new proposal "reflects deep, deep skepticism in Congress of the Pentagon's assurances about this system." Dempsey also pointed out that the collateral damage of eliminating all funding for TIA would also adversely impact enhanced automated translation of foreign language materials and efforts to share intelligence data across government agencies. From the "Congressional Quarterly Homeland Security Daily," 16 July: Microsoft Snags $90 Million Software Deal from DHS The Department of Homeland Security (DHS) has signed “enterprise agreements,” totaling $210 million, with Microsoft Corp. and Dell Marketing, agency officials said Tuesday. Microsoft, the world’s largest software provider, won a $90 million contract to be DHS’ primary provider for desktop and server software. The agreement provides licensing coverage for approximately 140,000 desktop computers. A companion, six-year contract worth nearly $120 million dollars was awarded to Dell Marketing LP, which will provide day-to-day management of the Microsoft agreement. Dell spokesperson Michelle Mosmeyer said the company beat out several competitors for the support contract. DHS officials said the contracts will reduce the costs of deployment, implementation, and maintenance of the systems while providing a standard desktop environment. - Martin Edwin Andersen Pentagon to dig into marketing data on citizens The type of information that can be legally obtained for a new federal
government computer program ranges from political and religious contributions
to magazine subscriptions, clothing sizes and even data about prostate
problems. Government Prying, the Good Kind By Michelle Delio Story location: http://www.wired.com/news/privacy/0,1848,59495,00.html 02:00 AM Jul. 04, 2003 PT "The whole art of government consists in the art of being honest," according to the architect of the Declaration of Independence and third president of the United States, Thomas Jefferson. Given that sentiment, it's tempting to think Jefferson would have approved of a new Web-based repository intended to close what the site's developers describe as an ever-widening gap between citizens' ability to monitor the government and the government's ability to monitor its citizens. Researchers at the MIT Media Lab unveiled the Government Information Awareness, or GIA, website Friday. Using applications developed at the Media Lab, GIA collects and collates information about government programs, plans and politicians from the general public and numerous online sources. Currently the database contains information on more than 3,000 public figures. The premise of GIA is that if the government has a right to know personal details about citizens, then citizens have a right to similar information about the government. GIA was inspired by the federal government's Terrorist Information Awareness, or TIA, program. Government officials have said that TIA's sole purpose is to identify potential terrorists by comparing information in a broad range of databases that might point to patterns indicative of terrorist activity. But many privacy advocates see TIA as an overly intrusive effort to monitor Americans' lives in minute detail, from credit card purchases to travel plans. "Our goal is develop a technology which empowers citizens to form their own intelligence agency; to gather, sort and act on information they gather about the government," said MIT graduate student Ryan McKinley, who developed GIA under the direction of Christopher Csikszentmihályi, an assistant professor at the MIT Media Lab's Computing Culture group. "Only by employing such technologies can we hope to have a government by the people and for the people," McKinley said. GIA allows people to explore data, track events, find patterns and build profiles related to specific government officials or political issues. Information about campaign finance, corporate ties and even religion and schooling can be accessed easily. Real-time alerts can be generated when news of interest is breaking. "History shows that when information is concentrated in the hands of an elite, democracy suffers," said Csikszentmihályi. "The writers of the Constitution told us that if people mean to be their own governors, they must arm themselves with information. This project brings that American spirit of self-governance into the era of networked information technology." GIA site users can submit information about public figures and government programs anonymously. In an attempt to ensure the accuracy of submitted data, the system automatically contacts the appropriate government officials and offers them an opportunity to confirm or deny submitted data. But like an FBI file, information is not purged if the subject denies its veracity; the denial is simply added to the file. McKinley wryly added that those government officials who have nothing to hide have nothing to fear from GIA. McKinley enthusiastically encourages participation by "programmers, political activists from all denominations, lawyers and anyone else who is interested in supporting GIA." "Computers alone cannot monitor the government," said McKinley. "While we can aggregate data that already exists, a lot of valuable information is not stored in existing databases, but rather in the collective knowledge of the American citizenry. GIA introduces a way to consolidate and share this knowledge." "The MIT program is a wonderful idea: sunshine disinfects," said political activist Bill Scannell, who has recently been engaged in a battle against the Computer Assisted Passenger Prescreening System, or CAPPS II, which would require background checks on all airline passengers when they book an airline ticket. These background checks would review credit reports, banking and criminal records. "As their employers, we American citizens have more of a right to know about government workers living at public expense than they have to know about us," Scannell said. GIA looks like a standard website, but it is actually a suite of information technologies that actively peruse data, accept contributions and post alerts about government. "We've had to solve the problem of how to build a useful, egalitarian and massively scaleable database of sensitive information collected from diverse and unknown sources," said McKinley. GIA is "open source" -- the databases it utilizes are openly presented for public perusal and use elsewhere. "If we are to maintain a democracy, it's crucial to ensure accountability," said Csikszentmihályi. "At least as much effort should be spent developing technologies that allows citizens to track their government as for government to monitor civilians." Homeland Security Information Sharing Conference Lacks Solutions Current and former political and military leaders, as well as industry officials, spent the first two days of the Second Annual Government Symposium on Information Sharing and Homeland Security offering up more obstacles than solutions to greater information sharing, according to reports by Government Computer News. The conference, being held in Philadelphia from 30 June - July 2, heard retired General Wesley Clark list funding difficulties for new ideas and "turf wars" between federal agencies as two obstacles. He blamed the federal procurement process, especially its procurement officials, for keeping unsolicited industry ideas from getting into the procurement pipeline. Congressman Curt Weldon (R-Pennsylvania), a member of the House Select Committee on Homeland Security, offered realignment of congressional authority for homeland security as "one way to help settle turf disputes and resolve oversight problems," adding that "Congress needs to grant full program authorization powers to the" Select Committee. Lee Holcomb, chief technology officer for the Department of Homeland Security (DHS) told the conference that three policy documents with information technology components must be reconciled before high level domestic defense information can be shared effectively. The documents are the Homeland Security Act of 2002, the administration's national homeland security strategy and a classified Memorandum of Understanding (MOU) between the Director of the CIA and the Attorney General. Holcomb said, "Without the policies, you cannot architect and implement the systems," adding that "sometimes finalizing the policies is often more difficult than resolving technical barriers." ANALYSIS: The Information Sharing and Homeland Security conference is sponsored by the Government Emerging Technology Alliance (GETA), a division of the National Small Business Council created in 2002. While there are technical problems associated with linking disparate information systems across federal agencies, not to mention linking federal systems to state and local agencies, the obstacles to sharing critical homeland security data cited at the conference did not involve technical issues. And despite information sharing being the buzz phrase in the wake of the 11 September attacks, the policies to facilitate it, as DHS' Holcomb said, have not been promulgated. The reason for that may be reflected in a statement made by a senior intelligence community IT official who told Government Computer News that, "It is clear that complacency has definitely set in," noting that things are getting back to "business as usual." That sentiment was echoed by a National Security Agency official who commented, "Last year, it was an attitude of frenetic activity and urgency." That sense of urgency, he said, "has abated." Not only that, a culture of information sharing has yet to be cultivated, as evidenced at the conference by the Pentagon's demonstration of an antiterror system intended for both interagency and intergovernmental use, but is being developed without DHS or Justice Department participation. Secretary Ridge Advocates Centralized Technology Spending for Homeland Security Department of Homeland Security (DHS) Secretary Tom Ridge announced on 26 June that DHS will centrally control all expenditures for information technology in order to improve IT compatibility among the department's various agencies beginning in fiscal year 2005. DHS plans to spend $829 million on upgrading information analysis and computer security in fiscal year 2004. Speaking to a conference of 300 IT contractors, Ridge said, "We need access to quality information that is actionable. We will never be able to address our vulnerabilities with disparate computer systems." Responding to criticism that DHS has been slow to redress incompatible communications amongst federal, fire, law enforcement, and medical entities, Ridge declared that DHS was developing an IT roadmap, to be completed by the fall, that would create a centralized data system accessible by federal, state, and local emergency responders. ANALYSIS: Base on the Ridge's comments, the department appears to be on schedule toward meeting a 1 September timeline for crafting its enterprise architecture that will integrate IT systems for border and transportation security, emergency preparedness and response, weapons of mass destruction (under the Science and Technology Directorate), and information analysis and infrastructure protection. DHS is expected to release a description of the enterprise architecture by August. The IT road map, to be released by September will be a "first release" given the challenges of integrating federal law enforcement databases for the first time as well as the first time integration of state and local homeland security functions into a federal system. These challenges are behind Ridge's decision to centralize all IT spending beginning in 2005. He said, "We understand how important it is to knock down barriers to information sharing. We can't build a system if units within (DHS) are free to go out and contract on their own." A key component of DHS' integrated system is the Terrorism Threat Integration Center (TTIC), which will integrate intelligence data, such as terrorist watch lists, from CIA, FBI, DOD, and DHS' Bureau of Citizenship and Immigration Services, that will be incorporated into the DHS enterprise architecture. TTIC will allow DHS to push federal antiterror information to local first responders more effectively. DOJ Report: Terrorist Fingerprinting System Two Years Behind Schedule A Department of Justice (DOJ) report released on 20 June found that the failure of the FBI and immigration officials to integrate their fingerprint systems in a timely manner may allow terrorists to slip through U.S. borders undetected. The report indicated that the project, which was originally scheduled to be completed by 2007, is currently two years behind schedule. "Given the proven benefits afforded by an integrated fingerprint system, the slow progress of the integration project represents an unacceptable risk to public safety and national security," DOJ Inspector General Glenn Fine said, according to Reuters. An interim version of the project was expected to be implemented this spring, but has been pushed back until at least December 2003, The Associated Press reported. The project, which was developed in 1999, fell behind schedule when resources and personnel were diverted to strengthen the entry and exit registration program following the 11 September attacks. ANALYSIS: The delays mean that until a system can be established, the FBI and other law enforcement agencies cannot cross check each others' databases, possibly allowing criminals and terrorists to cross into the U.S. without detection. AP reported that as of April 2003 only 331,700 of over 40 million fingerprints were uploaded to the shared database. While DOJ officials cite "major challenges" to integrating the system, the report stated that the agency "must act aggressively to prevent further delays." The report also indicated that the Justice Department could have done more to develop a new schedule and prepare for the assumption of immigrations duties by the Department of Homeland Security (DHS). CQ HOMELAND SECURITY - BORDER SECURITY June 20, 2003 - 6:09 p.m. A project to integrate the automated fingerprint systems of the FBI
and what used to be the Immigration and Naturalization Service is at least
two years behind schedule, a new report by the Office of the Inspector
General of the Justice Department says. Northcom Official Calls Information Sharing Key to Homeland Security Army Lieutenant General Edward Anderson III, the Deputy Commander of Northern Command (Northcom) emphasized the critical need for "streamlined and secure information management" in fulfilling the command's homeland security mission at a conference of military and civilian information security professionals held during the week of 16 June, according to Computerworld. Gen. Anderson remarked, "The intent is to move information out of traditional military stovepipes and to share the information with all that need it." The Information Synchronization Group, which reports directly to the Northcom Commander, Air Force Gen. Ralph Eberhart, has responsibility for maintaining Northcom's information infrastructure; gathering and collating information that can be used by civilian and military disaster-response personnel; conducting network analysis for enhancing the communications system; and disseminating disaster response information via public affairs channels. ANALYSIS: Northcom was created after the terrorist attacks of 11 September and is tasked with the military's homeland security responsibilities. Information sharing will be paramount in its mission to provide support to state, local and federal agency officials. Acknowledging that bureaucratic barriers to sharing information remain, Lt. Gen. Anderson said that the command plans to overcome the barriers by "bringing in all agencies with a stake in the information, such as the FBI and Federal Emergency Management Agency, into the Northern Command's staff." Highlighting a crucial role for industry, Anderson said "the private sector could help in providing new and enhanced information integration solutions to help with streamlining the management of the myriad of information Northcom collects. June 17, 2003 House committee orders study of passenger screening system By Molly M. Peterson, National Journal's Technology Daily The House Appropriations Committee on Tuesday voted to withhold fiscal 2004 funds for controversial plans to update a computer system for screening airline passengers pending a review of the system's potential effectiveness, accuracy and impact on travelers' civil liberties. "This is a very complicated new system," Minnesota Democrat Martin Olav Sabo said of the Computer Assisted Passenger Pre-screening System II (CAPPS II), which would screen airline passengers' data from various sources and check it against a "no fly" list of suspected terrorists. Raising concerns that the system could be overly intrusive and mistakenly "red flag" law-abiding travelers, Sabo offered the new CAPPS II provisions during the panel's consideration of a $29.4 billion spending bill for the Homeland Security Department. The Transportation Security Administration within the department is overseeing the CAPPS II effort. The spending package recommends that TSA spend $1.7 billion on passenger-screening activities, including $35 million for CAPPS II. But Sabo's amendment, which the panel adopted by voice vote, would require the General Accounting Office to extensively review CAPPS II before any of those funds could be spent. For example, GAO would have to study whether CAPPS, drawing information from government and private databases, could mistakenly identify a significant number of passengers as potential terrorists. GAO also would have to determine that there are "no specific privacy concerns" raised by the technology before congressional appropriators could release the fiscal 2004 funds. Kentucky Republican Harold Rogers, chairman of the Homeland Security Appropriations Subcommittee, supported Sabo's amendment but said its privacy language is "overly broad" and might have to be modified as the bill makes its way through Congress. The amendment also would direct the National Academy of Sciences to provide Congress with recommendations, by Dec. 31, 2003, of "practices, procedures, regulations or legislation" that could help ensure that CAPPS II does not adversely affect travelers' privacy and civil liberties. Rogers called the Dec. 31 deadline "unrealistic" and said it probably would have to be modified to give the academy more time to study the CAPPS II system. TSA Modifies Screening Plan By Robert O'Harrow Jr. The Transportation Security Administration has altered plans for a computerized passenger screening system, in part because of criticism that earlier proposals would have been overly intrusive, according to documents and interviews with government officials. Under the new approach, the system known as CAPPS II would draw less personal information about passengers into the government computers, the documents show. Instead, the system will rely on commercial data services that will authenticate passenger identities using mathematical models developed by the TSA and a wealth of personal details collected for marketing and business purposes. The data services will provide a coded response that the agency will then factor into a risk score that indicates whether passengers are who they claim to be and have verifiable roots in the community. An earlier version of the system would have used a more intensive mix of government computers and artificial intelligence to analyze passenger records. Previous plans also suggested that officials wanted far wider latitude in how they used records about passengers' lives. The government and business officials behind those efforts are no longer involved in the project. New details about the system are expected to be included in a Privacy Act notice to be published in the Federal Register next week. The notice comes after more than 200 people and organizations wrote letters to complain about earlier plans that would have allowed officials to keep information about some individuals for up to 50 years and share it broadly with law enforcement and other agencies. According to a draft of the document, the notice will sharply narrow how officials intend to collect and share personal information about passengers. It also probably will describe plans for a "passenger advocate" for handling complaints about inaccurate scores or other problems. The new notice is intended as a signal that officials are committed to finding the right balance between security and privacy. "We care about those issues, and we're addressing them," one senior government official said. Persistent doubts about the earlier proposals' effectiveness and impact on civil liberties have knocked the program significantly behind schedule. Officials now leading the initiative -- a group in the new Office of National Risk Assessment who took over late last fall -- believe they have made headway in improving the technology and limiting how it will be used. These officials, who describe themselves as "privacy-centric," have met with an array of privacy activists in recent months to discuss CAPPS II, which is short for the second-generation Computer Assisted Passenger Prescreening System. A draft of the privacy notice due out next week says the system under development will be influenced by "issues raised in the comments received, particularly the accuracy, efficiency, and privacy impact of the proposed CAPPS II system." Even with the new approach CAPPS II may be the largest domestic surveillance system the government has ever created, and some privacy specialists remain skeptical, saying much about the program remains clouded in secrecy. The Electronic Privacy Information Center in the District filed a federal Freedom of Information Act lawsuit on Wednesday, alleging that the TSA has not complied with recent requests for details about the program's impact on civil liberties. Among the unanswered questions is how the government will deal with inaccurate passenger scores, particularly in light of the fact that information services have a long history of maintaining flawed data, said David L. Sobel, the group's general counsel. "Millions of air passengers may soon have vast amounts of their personal data scrutinized by CAPPS II," Sobel said in a prepared statement. "It is time for the government to be more forthcoming about this system and its likely impact on privacy rights." Lara Flint, staff counsel at the Center for Democracy and Technology, also in the District, said she welcomes the announcement but wants to "see proof they're standing by the commitments they have made." "It's important that TSA go forward with an open process in order to gain trust," Flint said. The latest model for CAPPS II would require every passenger to share a name, address, birth date and home telephone number. The TSA also would obtain the PNR, or passenger name record, containing travel details. Selected details about every passenger would be fed to commercial services, including Lexis-Nexis and Acxiom, a few days before a passenger's scheduled flight. After delivering the authentication score, the commercial providers would not be allowed to retain any of the result in a "commercially usable form," the draft privacy notice says. "This will enable TSA to have a reasonable degree of confidence that each passenger is who he or she claims to be. TSA recognizes that inaccuracies in the commercial data may exist and that the CAPPS II system must allow for and compensate for such inaccuracies," according to the draft privacy notice. The TSA-developed computer models aim to determine whether someone is "rooted in the community" by examining such details as where they live, how long they have owned a car, whether they own a house and how their personal details match up against similar individuals. Passengers might show up as a potential threat -- someone who merits extra screening at an airport -- if for example they were born decades ago but do not show up in commercial systems until recently. All passengers also will be screened by a classified "black box" system containing intelligence about would-be terrorists. Officials expect that fewer than 100 cases would be referred to law enforcement and counterterrorism authorities each year. Department of Defense to Develop Information Sharing Prototype for Homeland Defense The Department of Defense has launched a project to develop "a multi-agency information-sharing prototype that will provide a seamless, integrated homeland defense capability to facilitate critical infrastructure protection as well as enable consequence management from the federal to the state level," according to FSI. The project, "Protect America," is being developed as "a web-based...system that will utilize XML for data management," and "will have a standardized system architecture" that "is expected to enable joint information sharing among all components of the Department of Homeland Security [DHS], Department of Defense [DOD] components, Intelligence community and other law enforcement organizations." ANALYSIS: Protect America could provide for the level of information sharing and interoperability required by the relevant agencies across all levels of government since the terrorist attacks of 11 September 2001. The project, which will receive $5 million from the DOD defense budget, will be developed and tested by U.S. Northern Command (NORTHCOM). Maj. Gen. Dale Meyerrose, the NORTHCOM director in charge of the operation, said, "Everybody has got to have the same architecture," according to Inside the Air Force. The system will initially contain only unclassified information, but once the participating agencies become comfortable with the new system, project officials may broach the controversial subject of incorporating classified information. After the project becomes fully operational, it is "expected to be transferred to [DHS]." DHS looks to combine agency biz cases In one of the first steps to consolidate the nearly two dozen agencies that were brought together to create the Homeland Security Department, agency officials are considering combining fiscal 2005 budget requests to fund common missions instead of investing in separate and often disparate systems. Steve Cooper, DHS' chief information officer, last week asked industry officials what they thought about consolidating the requests of the 22 agencies that make up DHS when he spoke via videoconference to a California gathering sponsored by the Information Technology Association of America (ITAA) and FCW Media Group. He said consolidating the business case for information technology expenditures would create a single integrated environment and likely would significantly affect those supplying and supporting services. The IT business case, more technically known as Exhibit 300 of an agency's overall budget request, is a key element in the push toward performance-based budgeting, which links a program's funding to how well it meets identified goals and supports the agency's mission. Exhibit 300s must be submitted to the Office of Management and Budget in September as part of OMB's development of President Bush's fiscal 2005 budget. For the first time, DHS will seek money this year as a department as it attempts to eliminate redundancies caused by the biggest government reorganization in history. Scott Hastings, CIO at DHS' Bureau of Immigration and Customs Enforcement, said the department is identifying investments that might be related. "We're looking for broad portfolios where components may be reused or leveraged to prevent multiple investments in the same components," he said. Hastings said DHS is looking at case management, alerts and warnings, and credentialing and identity as some common portfolios that could be shared. "I don't think it necessarily means that all individual agency investments will stop," he said. "There may be redirection, reorientation and realignment." Patrick Schambach, CIO at the Transportation Security Administration, said the agency is participating in identifying redundancies within its boundaries as well. Although it may seem that the intent is to spend less money, the consolidation move may simply mean "better organization and better responsiveness," said Larry Allen, executive vice president of the Coalition for Government Procurement, an industry group. Harris Miller, ITAA president, said consolidating Exhibit 300s would create opportunities for industry. "It sounds like an innovative approach to try to solve a major challenge, which is to combine a lot of different agency departments in relatively quick order," he said. May 30, 2003 SANTA CLARA, Calif.-The Homeland Security Department's chief information
officer on Friday outlined the department's new procurement needs for
information technology. Remarks by Secretary of Homeland Security Tom Ridge To the Media
Security and Reliability Council May 20, 2003 - 8:45 p.m. The Pentagon conceded Tuesday its controversial Total Information Awareness
computer project could "raise significant and novel privacy and civil
liberties issues," but insisted no new legislation was needed to
protect the rights of American citizens. From the "Congressional Quarterly Homeland Security Daily," 20 May: Time’s Up for Pentagon Report on Computer Snooping Project Congress is scheduled to receive a report Tuesday from the Bush administration on the merits and risks of the Pentagon’s Total Information Awareness (TIA) datamining research program. Three months ago, Congress passed an omnibus spending bill that said funding for the TIA project would be cut unless the Department of Defense submitted a report in 90 days answering questions about the project’s impact. Critics of the project claim the technology will infringe on civil liberties and not be effective in preventing terrorist attacks. On May 8, however, the Senate Select Committee on Intelligence approved a new authorization bill that backed work on the technology saying it is “emerging as potentially one of the most valuable tools for Intelligence Community analysts.” This prompted Sen. Ron Wyden, D-Ore., to counter five days later that “The TIA technology will give the Federal Government the capability to operate the most massive domestic surveillance program in the history of our country.” -Jim McGee U.S. to rely more on private satellites By ERIC LICHTBLAU WASHINGTON - President George W. Bush is ordering federal agencies to rely much more heavily on private satellite companies to provide images from space, a significant shift from current policy, administration officials said this week. The new policy seeks to limit the government's own network of satellites to the most sensitive, high-priority assignments and use private vendors to meet relatively routine tasks "to the maximum practical extent," officials said. The shift is seen as an effort both to bolster the position of U.S. satellite companies in the global marketplace and, in the long term, to save money. The policy will replace a 9-year-old presidential directive signed in 1994 by President Clinton, which Bush administration officials said had become largely outdated because of advances in private satellite technology. "This is a very significant change," a senior administration official said. "We're essentially saying that where the commercial industry can provide what we need, have at it." But the shift carries security risks. "The potential bad news," the senior official said, is that the images collected by private vendors "are also available to our adversaries." The government will reserve the right to restrict the sale of commercial data by American companies to anyone deemed to pose a national security risk, the official said. The government currently has more than a half-dozen high-resolution satellites in orbit to provide imagery and photos for uses as varied as military and intelligence operations, map making and climate control, officials said. Two private U.S. companies, Space Imaging and DigitalGlobe, operate high-resolution satellites, and a third, Orbital Imaging, is expected to launch one next month, competing with other companies overseas. Boeing Co.'s El Segundo-based Boeing Satellite Systems division didn't make any of the existing U.S.-owned commercial imaging satellites, Boeing spokesman Dan Beck said. The company is developing advanced satellite-imaging technology for the government under a classified program called Future Imaging Architecture. While some observers suggest the government's backing could spur more companies to launch and operate imaging satellites, Beck said it's too early to speculate whether the Bush policy could spawn new work for Boeing's satellite-making and launch-services businesses, which have suffered in recent years as demand for telecommunications satellites has dropped. As the quality of private satellite resolution has improved in recent years, the government has come to rely more heavily on them, but with that trend has come bureaucratic resistance and occasional in-fighting. Last year, the director of central intelligence, George J. Tenet, ordered American intelligence agencies to expand their use of private satellites after Air Force officials complained that bureaucratic tangles prevented them from using commercial images of Afghanistan to aid in bombing missions in the war against the Taliban. As a result, Air Force pilots had to use outdated Russian maps during the early stages of the war. More than a dozen departments and agencies, including the Pentagon, the State Department, the Department of Homeland Security, the Transportation Department and the CIA fall under the new order, officials said. From the "Congressional Quarterly Homeland Security Daily," 14 May: Instant Arabic Soon Coming from Syracuse University Computer-Translation System A computer at Syracuse University that can instantly translate foreign-language documents into English is about to get a national security mission. The Cross-Language Information Retrieval system, or CLIRS, allows users to search documents in French, Spanish, Japanese, and Chinese using key-words entered in English. The system can instantly translate documents. In the weeks following the Sept. 11 attacks, intelligence agencies admitted they had intercepted a flurry of communications in Arabic suggesting an imminent attack but had not translated them in time to act. With $500,000 from the fiscal 2003 Commerce-State-Justice appropriations bill, Syracuse University researchers will teach the system Arabic and other Middle Eastern languages. That will in turn permit agencies such as the FBI, CIA, NSA and Department of Homeland Security to comb through foreign language documents and Web sites in order to identify threatening terrorist messages. "If Iraq or bin Laden or God knows who else has a plan to cause harm to us, Syracuse University may well be the place to help us figure that out," Sen. Charles E. Schumer, D-N.Y., said in a release. - Kent Vander Wal Security officials surveyed on information sharing More than two-fifths of chief security officers and senior security executives do not believe the Department of Homeland Security (DHS) is "providing timely and accurate information regarding terrorist threats," while 27 percent believe the opposite view, according to a survey conducted in late April 2003 by CSO Magazine. In the survey, 33 percent of the 559 security officials said the U.S. Government provided their organization with "security-related warnings that are not available to the general public." Fifty-six percent said the government provided no such warnings to their organization. Eleven percent said they anticipate a "major cyber attack by a terrorist organization," within six months, while 46 percent expect a major cyber attack will not occur within six months. Another 11 percent do not believe one will ever occur. Fourteen percent expect a major physical attack within six months, 56 percent expect one beyond six months, and 3 percent do not believe one will ever occur. ANALYSIS: The Editor-in-Chief of CSO Magazine said that while CSOs "can identify with the government's daunting task of determining...how to balance a nation's security needs with the privacy of its citizens," the results of the survey indicate that "the federal government still has some adjustments to make if it wants to deliver security measures that will best serve the national interest." May 8, 2003 Roadmap for Homeland Security Department takes shape By Maureen Sirhal, National Journal's Technology Daily The Homeland Security Department's top technology leader said Thursday that a "roadmap" outlining the new department's business process and corollary technology support should be released by the end of September. Steven Cooper told the House Government Reform Committee that his department is making progress in the Herculean task of integrating the operations of the 22 federal agencies that were transferred under Homeland Security's umbrella. The department's directorates are tasked with everything from border and immigration control and intelligence sharing to coordinating nationwide disaster response. Since the department was created, Cooper explained, his tech team has established basic computing and communications services, including the creation of desktop computer access among the department's component agencies, a Web site and coordinated e-mail system. "Once we accomplished that, our focus reshifted to our enterprise architecture," Cooper said. That initiative involves mapping the business strategy and processes for the agency and the information technology systems that will support them. He told lawmakers that the architecture development plans will be disclosed in phases beginning in June, with the release of the current architecture. By August, the department aims to release a "to be" architecture that will detail business strategies and "mission elements" of the department and its directorates. The roadmap designed to get the department to that point will be released by September, Cooper said. "We've already begun to identify some opportunities" to consolidate redundant business and technology systems. "We certainly don't need the 20-plus human-resource applications that exist" within component agencies. The department then will seek input from state, local and private-sector groups to continue to refine that roadmap, he said. While Homeland Security and other administration officials continue to map the enterprise functions and IT systems, they also are working to remedy immediate problems, including the information-sharing gaps often partly blamed for the Sept. 11, 2001, terrorist attacks. The department is leveraging existing systems to increase the capabilities for sharing information with state and local officials, he said. The department, for example, is working with the Emergency Response Network of Dallas to provide security information to "first responders." But some lawmakers questioned whether Homeland Security is successfully tackling cultural barriers to sharing information among federal agencies, such as the FBI. The department is working with stakeholders in the intelligence community to agree on a vision for how information should be shared, Cooper said. "There are documents that are being circulated for signature that do contain some very specific examples and requirements around the sharing of information," he said. "To find out now that two years later this isn't done is almost staggering," Massachusetts Democrat John Tierney said. Former Internal Revenue Service Commissioner Charles Rossetti, who oversaw an integration effort similar to Homeland Security's, agreed that it is appropriate to reengineer business processes before trying to integrate tech systems. "That's what controls the money, incentives and people and the way that they work," he said. He urged lawmakers to maintain realistic expectations for progress at the department. May 7, 2003 Officials weigh 'unique challenges' of information sharing By William New, National Journal's Technology Daily Officials from the Defense and Homeland Security departments on Wednesday described their ongoing efforts to achieve federal, state and local unity on data needed in the event of national disasters or terrorist attacks. "The flow of information is getting better, but we've got some unique challenges," said Col. Charles Lewis, intelligence director at the Northern Command's joint task force for civil support. He called getting information from domestic intelligence agencies in a timely manner the military's biggest challenge in fulfilling its role in domestic affairs. Lewis spoke as part of a panel discussion at an Armed Forces Communications and Electronic Association event. The other participants were Susan Kalweit, chief of an interagency preparedness team at the Federal Emergency Management Agency, and Mary Ann Elliott, president and CEO of Arrowhead Global Solutions, a company that makes a cyber-warning information network being adopted by government. When there is an attack, Lewis said, his office needs a characterization of threats and the location of the attack. Defense has been a signatory to the federal disaster-response plan for several years, he said, but efforts to obtain information about domestic-response capabilities have increased since the Sept. 11, 2001, terrorist attacks. Lewis said his group plans and integrates Defense support to the lead federal agencies for managing the consequences of chemical, biological, radiological, nuclear and explosives events. His office is part of an interagency working group on data issues that he said needs leadership from the Homeland Security Department. Lewis said he wants access to the thousands of existing databases held by the private sector, states and localities, including geographic information systems, so he can know what the local "first responders" to emergencies and state authorities know, as well as what capabilities exist in the area of the incident, such as emergency services, transportation and utilities. Lewis' group is trying to work with states and localities before disasters strike, but he said the situational analyses his office is doing on localities make urban leaders "nervous." A Defense coordinating officer would determine whether a disaster is large enough to warrant military involvement. If so, Lewis' office would take control for the military and likely would establish a command center at the location. Lewis said the biggest threat his group has identified is biological because the incubation period between an agent's release and its detection can be weeks. Kalweit discussed her initiative to bring government and industry together to improve the ability of information systems to communicate with each other, to respond to emergencies and to save money. Standards are needed both for technologies and for data, she said. Elliott said her company's cyber-warning technology, called CWIN, is being implemented at about 250 locations in the United States and overseas, and is being adopted by several federal agencies and large communications companies such as AT&T. It uses a multiple-protocol backbone, not the Internet, to allow secure, immediate communications from a central network. April 30, 2003 Two new reports, one from government investigators and another by a police executive association, spotlight the challenges and potential pitfalls that the federal authorities face in developing workable systems to share intelligence on terrorist threats. Officials said they believed they had made clear progress to prevent the types of communication breakdowns that preceded the Sept. 11 attacks. But in a report to be released Wednesday, the General Accounting Office, the investigative arm of Congress, concludes that the goals set by the Bush administration and Congress last year to promote the sharing of terrorist information remain largely unmet. The G.A.O. report examined the terrorist "watch lists" that nine federal agencies maintain to spot terrorist suspects trying to get a visa, board a plane, cross a border or engage in similar activities. The F.B.I., the Immigration and Naturalization Service, the Department of Homeland Security, the Pentagon, the State Department and other agencies all keep such lists and share information from them with other federal officials as well as local and state police officials as needed. But the Congressional study found that some agencies did not even have policies for sharing watch-list information with other agencies, and that those that did often required complex, labor-intensive methods to cull information. Most agencies share terrorist information only with those from their own agencies, while others give intelligence to the local police and in some cases even to private groups. Agencies often have different types of databases and software that make sharing information next to impossible, researchers found. As a result, sharing of information is often fractured, "inconsistent and limited," the study reported. "Cultural and technological barriers stand in the way of a more integrated, normalized set of watch lists," the report said. It recommended the creation of a centralized terrorist watch list. Senator Charles E. Grassley, Republican of Iowa, who requested the study along with Senator Carl Levin, Democrat of Michigan, said he was dismayed to learn that so long after the Sept. 11 attacks, "the gap in watch lists has not been fixed." Mr. Grassley said: "Federal bureaucracies have an institutional disease where they think they own their information. Our state and local police can't watch out for anybody if they're kept in the dark." The federal agencies criticized in the Congressional report generally agreed with the findings, but officials at several departments pointed out that security and civil rights concerns could make it difficult for them to share some information on suspects. They also said that a "one size fits all" approach to sharing terrorist intelligence might fail to recognize the different roles and responsibilities of various federal agencies. An F.B.I. agent investigating a crime, for instance, is more limited in what he can say about a case to another federal agency than is a border crossing guard who is checking the identification of a suspicious tourist, officials said. The attacks in 2001 revealed fractured communications between federal agencies prior to the hijackings. The most heavily scrutinized episode came when the C.I.A. and the F.B.I. failed to share information quickly enough about two terrorist suspects who were living in the San Diego area in 2001 and who went on to take part in the Sept. 11 hijackings. Bush administration officials have pledged to improve federal communications as a first line of defense, and one of the administration's main initiatives is the creation of a new terrorism center to coordinate the flow of intelligence. It is being run by the Central Intelligence Agency. The Department of Homeland Security is also working to centralize and consolidate its watch lists. A spokesman, Brian Roehrkasse, said the department planned an eightfold increase in the number of terrorist suspects it provides to local law enforcement within two months. Federal officials held a conference with local law enforcement officials in November to discuss obstacles local police forces face in getting accurate, timely information. A report growing out of that meeting was released today by the Police Executive Research Forum, a police association that organized the event. The report revealed deep frustration among some local police officials who said the F.B.I. had kept them uninformed in terrorism developments and had made it difficult for them to get security clearances to make them privy to more information. But the report also emphasized a common ground of cooperation between federal and local officials. "Local and federal law enforcement must build on positive relationships and address any remaining impediments to full cooperation if they are to truly succeed in carrying out their new mandates," it said. Jane Perlov, chief of police in Raleigh, N.C., an author of the report, said in an interview that many local police would become frustrated by what they saw as the F.B.I.'s unwillingness to share its vast resources and expertise with them. But she said: "We're understanding each other's culture better." May 1, 2003 April 17, 2003 - 8:13 p.m. Rescue Officials Slowly Gaining Access to Federal Terrorist Threat Information By David Clarke, CQ Staff Writer Every police and fire chief and emergency manager in America soon could have access to specific information about looming terrorist attacks in their home towns. Currently there is no single system to get federal warnings quickly into the hands of all state and local agencies that might have to react to an attack. "It's still pretty much e-mail, phone calls and a network of networks," said Tim Daniel, director of Missouri's Office of Homeland Security. But help is on the way. At the end of the month the Homeland Security and Justice departments will begin a pilot project in a handful of states that will enable their first responders to communicate with federal officials and each other via a secure intranet system. Arizona, California, Colorado, Florida, Massachusetts, Missouri and Pennsylvania were chosen for the project because they already have secure systems. The base of operations will be set in the Justice Department's (DOJ) Regional Information Sharing System, or RISS, a national-local intelligence database network that is being expanded to serve as the technical backbone. The project, known as the Anti-Terrorism Information Exchange (ATIX), will give certain local officials, nominated by state officials, access to a secure e-mail system and message boards which they can use for access to non-classified information on terrorist activity. "This is intended to bring the first responder community into the mix," said Richard Ward a deputy director in Justice's Bureau of Justice Assistance, which funds RIIS. The first phase of the pilot project will assist local law enforcement agencies currently on the RISS network in funneling information up through their state police departments and then on to the Homeland Security Department, where it can be analyzed, said Gregory Stieber, a Secret Service agent who is heading the project. Homeland officials, in turn, will be able to send threat information back down through the system, for example, to advise local police departments to ramp up patrols around dams or power plants. After testing the system for a few months, Stieber said he hopes to expand the program to include health departments, public works agencies, emergency managers and any other agencies with homeland security responsibilities. "That is the vision of the future," Stieber said. The administration wants to have all 50 states using ATIX within two years, Ward said. In the Dark The new program is a response to repeated criticisms from emergency responders, state officials, and politicians that the police officers, firefighters and emergency workers who would be called to the scene of a terrorist incident are being kept in the dark about potential attacks. The law (PL 107-296) creating the Homeland Security Department requires new information-sharing procedures to be developed by November, and RISS proved an attractive vehicle for a number of reasons. First was the speed with which it can be expanded. DOJ identified the technical changes needed for the pilot project after only about three months work. "Is it the end-all architecture? I don't know," Ward said. "Is it the fastest way to get information out there? Yes." Price also was a factor. "It's really inexpensive because the backbone is already there," he said. Growing Budgets RISS, in fact, has been around since 1975. Essentially a secure intranet system, it allows more than 6,300 local police departments and federal law enforcement agencies to search an index of criminal intelligence information collected by other jurisdictions on such things as gang activity, drug dealing and terrorism. "The need is apparent and [expanding RISS] is a concept that gets us a bit up the road," said David Wray, a Homeland Security spokesman. Including all first responders in the RISS system is one of several steps DOJ has taken over the past year to expand the program. After the Sept. 11 terrorist attacks, members of Congress pushed for its expansion. "The Regional Information Sharing System is a proven success that we need to expand," Vermont Democrat Sen. Patrick J. Leahy said in October 2001. Lawmakers have backed up their rhetoric with funding. The program has a budget of $29 million for fiscal 2003 and the president has requested more than $36 million for fiscal 2004. Ward said DOJ's goal is to get the budget up to $50 million by fiscal 2005. Security Concerns The desired reach of the program, however, raises a number of questions. With so many officials sharing the information, some of it might make its way to into the public realm. But Ward says the data will be sanitized - stripped of any information relating to the methods and sources used to collect it. States also may be asked to require participants to sign non-disclosure agreements, as Florida already requires of police handling sensitive information. Last year, DOJ married RISS with LEO, short for Law Enforcement Online, an internet-based data-sharing program. "What's really developing is a national intelligence network that local law enforcement will have access to," said Phil Ramer of Florida's Department of Law Enforcement. He should know. Florida, in addition to participating in the ATIX pilot, is one of 13 states taking part in a RISS program that will allow police departments to search each others' criminal files, not just index them. The program began in late 2001 but is still in the planning and design phase. Source: CQ Homeland Security April 8, 2003 - 8:01 p.m. In July 1967, Lt. Frank Libutti was commanding a Marine platoon in heavy
combat near the Demilitarized Zone in South Vietnam. |