Big Mouth Rightie sociopaths love to talk up 9/11. But they would flay their own mothers to launch an American Lockerbie or Beslan on Obama's watch.
And while we were taking our shoes off, the Bush Leaguers invented a status called "Insufficient Derogatory Information" -- giving FBI-tagged terror suspects a get-on-board-free airline pass.
-- El Al screens 100% of their passengers.
-- Bush left America screening 4% of the suspects on the FBI Terrorist Watch List.
-- NY Times: "the flaws discovered are mind-bogglingly basic."
Interview SELECTEEs get served out of a loose-to-unmanaged system:
-- FBI uses an Oracle database. But the design is 20 years behind commercial technology.
-- Selection criteria for screening look to have been done by a 3rd Grader. There is no recognition of the underlying life-and-death trade-offs.
-- TSA's explosive-detection deployments went out on open Internet, January 2009.
-- The big RAILHEAD PROJECT is busted. It chewed $500-million with no independent quality control.
President Obama needs to see repairs ASAP. Things go south, Obama gets rebranded as another "Mission Accomplished" Bush or "Loosey-Goosey" Dukakis.
Duh..oh.
For an Action Plan -- plus, naming names -- go BTF :::
There's no way around this. George Bush, POTUS 43, screwed up.
Quality control and sanity checks are the responsibility of the top guy. It is not enough to have Cheney going around growling at people. When you are screening/interviewing 14,000-to-16,000 people for access to airliners -- compared to Interpol and our own Intelligence Community tracking upwards of 25,000,000 threats-with-two-legs -- there is something radically wrong.
LIST PROCESSING vs. INFORMATION MANAGEMENT
The FBI manages a central Terrorist Screening Data Base with some 400,000 identities on it. The larger version is called Terrorist Identities Datamart Environment -- TIDE -- and that carries 560,000 identities with duplicates and aliases. The SELECTEE/screening and 'No Fly List' lists are basically 4% and 1% fantasy pick lists, taken off the TIDE database.
There is a new RAILHEAD PROJECT that was planned to replace TIDE. Boeing turned that into a hog trough and ran through $500-million. I will give RAILHEAD its due, in full, below.
The basic trade-off is doing extra interviews (and irritating extra people) versus every so often having an airliner and its passengers blown up. There are other unpleasant terrorist acts that can happen, too.
The cost of doing an interview is next to nothing. The cost of another Lockerbie coming down on an American city has to run into the many billions, plus the element of brain-dead for letting it happen.
For people who do commercial Identity Management (IM) and Customer Relationship Management (CRM) systems, these FBI and NCTC numbers look silly. The 25,000,000-identity figure for threats-with-two-legs at Interpol/CIA/NSA is more like it. There is nothing unusual to see a 1.4-billion person commercial tracking system for EU-Middle_East-Africa ( a.k.a., EMEA.) Want to find somebody, do a survey, offer a deal on a new cell phone ??? -- we got the names, addresses and numbers.
FUNCTIONAL ARCHITECTURE
Mr. Umar Farouk Abdulmutallab, the Northwest Flight 253 "Underwear Bomber" ??? I built a prototype IM system with 1-billion commercially available identities. Mr. Abdulmutallab popped right out, top of the match-candidate list -- even without using his name for the query.
The right answer is to build a system that makes it easy to find almost anybody in an emergency. That supplies drill-across features to find anything that you have on the guy. A system to SCORE a STATUS VALUE in realtime for such as dropping an interview on an individual, or even on an unknown alias. This system should also be able to process every individual on every flight. We have buildings filled with computers -- so why not ?
The Bushies missed recent evolution ???
We have these systems complete, out of the box. The usual combo is an Identity Management (IM) inventory database with a Customer Relationship Management (CRM) function suite. Yeah... the "terrorists" are our customers in this paradigm. The twenty-something kid who has been exposed to al-Qaeda dogma, then gone crazy in the DSM IV Axis I Depression pattern, and then gets twisted to an all-out suicide impulse with airliner-killing for a side -- perfect customer.
What we want him to "buy," dontcha know, is an interview with a TSA Behavior Detection expert and an Interviewer before he plops down in 27C on the aisle. Also, in a more perfect world, the system has committed truthful communication with Department of State via its Informatica PowerCenter frontend system to post a structured message and then do verify&validate follow-up to cancel the kid's visa.
Not rocket science.
Coming out of the Bush efforts, the FBI Terrorist Identities Database Environment (TIDE) system is not set up for realtime access. Transportation Safety Administration (TSA) personnel could not use live information to kick off a simple interview -- prior to letting Mr. Abdulmutallab board the Northwest airliner.
The Bush people did that. For no good reason.
One logical approach for doing an overall strategy starts with defining a Threat Based Analysis system. Define likely threats and build your systems to work the associated Use_Case actions and messages.
Instead, the stated emphasis on "Actionable Intelligence" from the Bush people sounds like something out of a kid's cartoon. There is a fantasy involved. Specifically, you have to hear the bad guys, the ones wearing capes and black high-heel boots, while they are making their plans. That is a common event on Power Rangers.
At the FBI, not so much. It is 1 in a 1,000,000 to have an informant on site for a criminal or terrorist conspiracy. The adults defend against threats; the amateurs go for mental masturbation.
PERSONNEL ISSUES
Our own Made in America personnel problems keep on going and going and going.
CIA is inept at a bunch, including lying its ass off:
"Abdulmutallab's father didn't say his son was a terrorist" when he visited the U.S. Embassy in Nigeria, "let alone planning an attack. Not at all," one U.S. intelligence official said. "I'm not aware of some magic piece of intelligence that suddenly would have flagged this guy — whose name nobody even had until November — as a killer en route to America, let alone something that anybody withheld."
Read more: http://www.denverpost.com/...
Father came in to the Embassy twice. Told everything about "radicalization," going to Yemen to hook up with al-Qaeda, having a U.S. visa, and disturbed mental state to State and again to CIA. Followed up in writing and with telephone calls. Couldn't have given more warning, if he'd brought in a goodbye suicide-video.
The problem, here, replays a CIA screw-up that let another known al-Qaeda core member sneak into New Zealand in 2006.
The write-up from CIA in Africa failed to tag Mr. Abdulmutallab for likely participation in a Terrorist-Conspiracy and as likely Armed-And-Dangerous. The interview system is not sufficiently structured to force these determinations.
Personnel issues and classic Empire Building lead to behaviors where the organization can look as though it doesn't know what it is doing.
Critical missions go lost.
STANDARDS FOR SELECTION INSIDE THE FBI
Timothy Healy, director of the FBI's Terrorist Screening Center (TSC) says that there must be "enough biographical information attached to the name to allow investigators to make sure they are dealing with the right person" and that "information must establish that there is a reasonable suspicion that the person in question has engaged, or might engage, in terrorist activity."
Healey is missing one obvious excpetion: surveillance and human intel have returned useful tips on aliases, where the actual human names remain a mystery. Dealing with drug gangs, this is the rule. Everyone in these gangs goes by aliases and nicknames.
Hopefully, Healey was lying with deliberation.
In the event, Mr. Abdulmutallab's father provided approximately 10 times the supporting evidence that The Bureau would need to make the determination.
ONGOING QUALITY ISSUES AT FBI HQ
Any sensible automated SCORING algorithm would invoke, at the very least, routines to generated follow-up actions aimed to clarify significant ambiguities. At worst, crop a dime and call the father at his bank.
The current List-Filter-Decision-List system sets these decisions in concrete -- actively discouraging follow-up work. The "Richard Jewell" kinda guy out in the field who wants to get more evidence is in a position of having to challenge a top manager back at headquarters.
Good luck with that.
Ask Coleen Rowley about the role of mindless egotism at HQ with respect to blocking response to an obvious terrorist threat. Coleen is the gal from the Minneapolis Field Office who recognized the significance of Moussaoui's Minnesota flight training, a very likely suicide-hijacking plot in 2001, and the value of getting into his laptop.
HQ blocked access to the Moussaoui laptop. Amazingly, looking at it from New York, no one was charged with treason.
THE CRITICAL SUCCESS FACTOR
Plainly, selecting on indicators related to terrorism, False-Acceptance Error for pre-boarding interviews is a matter of inconvenience for the individual who gets tagged. This cost is not a biggie. Nobody dies. A simple policy could be implemented that compensates wrongly-tagged people for their troubles. There must be some way to acquire a zillion Frequent Flier Miles to hand out.
The False-Rejection Error, however, can keep an active terror recruit in play. An airliner can go down. We could get a replay of the Puerto Rican Nationalists trying to gun Truman at Blair House.
False-Rejection Errors need to be valued at a sharp premium over False-Acceptance Errors. Not the way things work today. This system is more about keeping the paperwork clean.
Replacing this List Processing system was supposed to be underway with the RAILHEAD PROJECT. The Great Boeing Corporation took over that effort as the prime contractor. They got a blank check....
NEW YORK TIMES PROJECTILE BARFS AT BOEING
From the New York Times:
"That Troubled Terrorism List"
Published: August 24, 2008
The new program, known as Railhead, is intended to fix the problems with the current outmoded (TIDE) program. That database — begun as an urgent priority after the Sept. 11 attacks — has been bedeviled by an array of problems, including the inability to do basic searches to find suspects’ names.
Bush administration officials have been pronouncing Railhead a success. But the investigation by a House Science and Technology subcommittee found it crippled by serious design flaws, management blunders and runaway contractors. Hundreds of private contractors from dozens of companies involved were recently laid off as government managers finally ordered a fresh overhaul in the face of "insurmountable" problems.
Some of the flaws discovered are mind-bogglingly basic. The Railhead database, it seems, also has fundamental problems with its search function. It failed, for example, to handle multiple word searches connected by "and" and "or," and it could not offer matches for slight misspellings of suspects’ names.
As bad, parts of RAILHEAD have been trashing inputs for two years.
BOEING FAILS AT LARGE WORKFLOW SYSTEMS
RAILHEAD is not the first major software failure by Boeing.
Boeing that couldn't do its own corporate Sarbanes-Oxley financial compliance system. Boeing makes nice sharp realtime systems for its airliners, but apparently they have trouble consolidating accounting events and Workflow processes.
Boeing never could get clear the distinctions between Financial Accounting and Managerial Accounting.
Despite four tries at reading the Sarbanes-Oxley requirements -- stated in S.E.C. Implementation Directives and translated to English in 2002 by F.I.E.C.C. for their own financial examiners -- Boeing failed miserably.
Boeing's software culture refuses to read/understand/apply specific elements. This also came due with RAILHEAD:
-- Well-defined Workflow controls;
-- Check List hierarchies; and as well the need to test
-- Corporate systems for degraded data,
-- Response to Known Error test events, and
-- Escalating-for-special-handling every problem that goes bad in the workplace.
Boeing is in love with ROI (Return on Investment) analysis -- trying to apply ROI to micromanage system design.
Boeing's failure at building a corporate Sarbanes-Oxley compliance system reflects point-by-point the failure and the eventual damage that Boeing inflicted on RAILHEAD. Ultimately, Boeing also failed at building a linguistic search engine to do names and locations -- a tool on the order of Oracle Text.
WHO DID WHAT AND WHY NOT DO IT RIGHT
Michael Leiter, Director at National Counterterrorism Center (NCTC) and Boeing took the RAILHEAD PROJECT and ballooned it into a $500,000,000 boondoggle. Simple upgrades have not been applied to TIDE. The commercial Identity Management approach -- which works at millions of companies -- was not considered.
Boeing went mad with greed. 814 contractors at a recent head count. $100,000,000 blown for Gold Plate security at one Boeing office building. No sense of integrity. No quality control.
Upgrades for TIDE -- without making the big changes to run an IM/CMR system -- should have run to simple goals and mileposts:
-- Migrate the core application to the new generation of Oracle database
-- Expand functionality to utilize new features
-- Devote resources to specialty software: the Oracle Text linguistic search engine for names and locations; new Application Server technology to support web pages; and the Built-In Packages that Oracle shops use to save man-hours for common development tasks.
-- Integrate with new releases of software such as the Informatica PowerCenter message and file transfer software. Consider new performance and security features.
-- At least take a look at IM/CRM commercial resources. (Pssst... wanna find somebody ???)
Instead, Boeing went all vaporware. $500,000,000 for fraud:
-- Swap out Oracle, moving over to RAILHEAD, for a non-existent fantasy system
-- Fake the original list of legacy system transfers. They still don't know what fields have what values in the dumps from the legacy systems. And too arrogant to ask for help.
-- Produce multiply redundant subtasks, and
-- Fake both formal tests and informal demonstrations for NCTC and TSC training
Of course, these actions went broadly criminal. The Bush Administration took their campaign contributions and jobs-for-wives and structured bribes and never investigated a damn thing.
John Michael McConnell was the Director of National Intelligence during the period where this RAILHEAD PROJECT software went through implementation and user-acceptance testing.
This Mike McConnell and his ODNI crew were responsible for quality control.
A SIMPLE PROTOTYPING DEMONSTRATION
How hard is it to fix TIDE to do the RAILHEAD expansions ???
I took the RAILHEAD/TIDE/No Fly List problem and prototyped it using Oracle 11g and the Oracle Text linguistic search engine.
Get a 1-terabyte, 1-billion row system built using real data on people in Africa-EU-Middle-East. Lots of text fields, indexed with Oracle Text CONTEXT indexes.
First test query: find Mr. Umar Farouk Abdulmutallab without using his name. His father had gone in the the Embassy in Nigeria and told our people what he knew about his son. He also identified himself.
Look at what we have coming Out-of-Africa from Department of State or CIA:
-- (a name string that we are discarding as unusable, possibly bogus)
-- Father's name and identifying document
-- Father's residence, date of birth, general descriptors
-- The indication that the individual had a prior U.S. Visa (has_a U.S. visa application)
-- Date of Birth
-- Place of Birth
-- Dates related to earlier presence in a NATO country
This Out-of-Africa descriptive data proved overwhelming. Any four items get Mr. Abdulmutallab to the top of my match system. # 1 in the list of match-candidates.
BTW: Run the query as "Umar Farouk" and a CONTAINS linguistic search argument and the real Mr. Abdulmutallab popped up as my # 3 match-candidate. Drill-across tags him to a practical certainty.
The queries worked first try.
KICK ASS AND TAKE NAMES
The main perp has to be Michael Leiter, Esq. Director of the National Counterterrorism Center (NCTC.) Magna cum laude in 2000, President of Harvard Law Review following in the tracks of Barack Obama.
Brilliant man. Still, today, Leiter is the leading denier for thousands of processing errors.
Plainly a coward for not squaring up, sinking teeth into Boeing.
Then there is Boeing, itself. The prime contractor. The $10,838,231,984-a-year Boeing. The #2 Federal contracting company overall.
The "connected" Boeing.
Boeing took on the FBI's TIDE (Terrorist Identities Datamart Environment) system, written using the Oracle database. Boeing "upgraded" the TIDE database design, reportedly, by quadrupling the overall size. Also by replacing the Oracle commercial off-the-shelf (COTS) search engines with a vaporware piece of dysfunctional fraud.
Boeing's vaporware search engine for RAILHEAD never worked. The TIDE system works sensibly enough. Upgrade is straightforward. Adding IM and CRM functionality can be done without a whole lot of risk.
Consider what little effort it took me to grind a working prototype with broader features.
POWERCENTER AND THE UPGRADE PROBLEMS
Most all of the main organizations involved with NCTC have Informatica's PowerCenter tool installed. This tool specifically handles transfers of messages and data files. That list of PowerCenter users includes Department of Justice, Department of State, Department of Transportation, and many others.
The original specification for the TIDE upgrade focused on augmenting information feeds from older legacy systems in the intelligence community -- exactly the data migrations where PowerCenter is a default federal standard.
Boeing did none of this.
One simple project plan for input upgrades is to run a dozen stages to arrange PowerCenter-to-PowerCenter message and file transfers. The Mid-Atlantic Region area has roughly ten-thousand experienced PowerCenter developers.
The other major problem goes back to Workflow. A lot of intel and routine information comes together at NCTC and TSC. Where there are conflicts or omissions, a mature Workflow system would be able to work through PowerCenter to return messages with structured work requests. These actions can take place with or without human intervention; it doesn't take much in the way of artificial intelligence to respond to copy-editing scores.
This pattern is worked every day with the Sales Automation modules of CRM systems. Where the contact person needs information to close a deal, he can reach out through the company without having to know the specific person who is going to carry out the research task. Same for automated Bill-of-Materials modules. Inventory refreshes automatically.
Workflow picks up the task and decisions involved and provides the associated form(s) with already-available information included. Workflow can use PowerCenter the way you would use email -- plus putting useful boilerplate in the remote libraries.
BARACK OBAMA NEEDS TO GO MO' BETTAH
RAILHEAD is a failure. Another NORAD. Another FBI-meets-IBM/Documentum ultraSNAFU. The one-liner for RAILHEAD is that Boeing blew $500-million for a throw-out.
K.I.S.S. Give TIDE-for-expansion back to FBI and the Office of Intelligence shop for the legacy data migration features.
Budget $25-million and allow no more than 50 people to work on the project. Have legacy sources do their own publishing projects, writing to Interface Tables on servers at their own shops.
The one piece of new technology I recommend has to do with building indexes at the legacy servers.
Remote Index building.... that is the neat trick that Triple Hop perfected. Oracle bought Triple Hop. So you gotta get this technology out of Oracle. Any and all of the input Departments and Agencies will be happier not exporting whole copies of their data. What they will have to do is to put up mirror servers inside their own network DMZ's. Then give access to the PowerCenter net.
Minimum intrusion. Minimum security risk. Minimum cost. Minimum performance impact. Easy to maintain.
Once the TIDE system gets better at using Oracle Text, you can increase the number of people meeting SELECTEE Status to something like 50,000 or 100,000 individuals. Whatever you think it takes, realistically, to control the risks from terrorism.
Avoid getting labeled as the next George Bush or Michael Dukakis -- priceless.
There's probably fifty commercial shops that can also do this project with a first-rate final product. Shops that do not screw over their clients.
Now... let's see if the Obama White House can knock off a mini-Katrina. Get in there fast. Take charge. Fix the mess.
Mo' bettah !!