The Northwest Flight 253 attack resulted, directly, from Bushie screw-ups.
Interpol and CIA track 25,000,000 threats-with-legs. Bush's crew restricted FBI to 400,000. TSA's pre-flight Interview list got 14,000.
Why, indeed ???
And while you were taking your shoes off, the Bush Leaguers invented a fantasy category called "Insufficient Derogatory Information" -- an Invisibility Cloak for terror recruits.
Big Mouth Rightie sociopaths love to talk up 9/11. But they would flay their own mothers, today, to launch an American Lockerbie or Breslan.
FBI support for TSA was left busted:
-- FBI's TIDE database is a 2002 quick-and-dirty. 20 years off modern capabilities.
-- The Bushies blew $500-million on RAILHEAD, a vaporware replacement.
-- TSA Interviews match to El Al. Front line defense. Bushies minimized TSA interviews.
-- El Al interviews 100% of their passengers prior to boarding.
-- NY Times: "the flaws discovered are mind-bogglingly basic."
Bush League also Plamed out at keeping secrets:
-- TSA's explosives detector deployments went open Internet, January 2009.
President Obama needs to see repairs ASAP. For details and naming names -- go BTF :::
There's no way around this. George Bush, POTUS 43, screwed up again.
Quality control and sanity checks are the responsibility of the top guy. It is not enough to have Cheney going around growling at people.
When you leave a system that only screening/interviewing 14,000-to-16,000 people for access to airliners -- compared to Interpol and our own Intelligence Community tracking upwards of 25,000,000 threats-with-two-legs -- there is something radically wrong.
Also, the Bushies left FBI with the wrong type of database system for supporting TSA. In 2002 a quick-and-dirty system was coded for FBI, called TIDE. Even today there is no online access to live information, no interfaces to legacy systems or to Workflow systems to post work requests.
The day-to-day products are Once-A-Day manually updated lists.
What-the-Bush-left for the FBI computer system works like 1979. Not with punch cards....
LIST PROCESSING vs. INFORMATION MANAGEMENT
The FBI manages a central Terrorist Screening Data Base with some 400,000 identities on it. The larger version is called Terrorist Identities Datamart Environment -- TIDE -- and that carries 560,000 identities with duplicates and aliases. (I got more than that in one of my DISCARD files off Loader.) The SELECTEE/screening and 'No Fly List' lists are basically 4% and 1% fantasy pick lists, taken off the TIDE database.
The FBI people and NCTC got a replacement started, the new RAILHEAD PROJECT that was planned to replace TIDE. Boeing turned that into a hog trough and ran through $500-million. I will give RAILHEAD its due, below.
The basic trade-off is doing extra interviews (and irritating extra people) versus every so often having an airliner and its passengers blown up. There are other unpleasant terrorist acts that can happen, too.
The cost of doing an interview is next to nothing. The cost of another Lockerbie coming down on an American city has to run into the many billions, plus the element of brain-dead for letting it happen.
For people who do commercial Identity Management (IM) and Customer Relationship Management (CRM) systems, these FBI and NCTC head-count numbers look amateurish. The 25,000,000-identity figure for threats-with-two-legs at Interpol/CIA/NSA is more like it. There is nothing unusual to see a 1.4-billion person commercial tracking system for EU-Middle_East-Africa ( a.k.a., EMEA.) Want to find somebody, do a survey, offer a deal on a new cell phone ??? -- we got the names, addresses and numbers.
FUNCTIONAL ARCHITECTURE
Mr. Umar Farouk Abdulmutallab, the Northwest Flight 253 "Underwear Bomber" ??? I built a prototype IM system with 1-billion commercially available identities. Mr. Abdulmutallab popped right out, top of the match-candidate list -- even without using his name for the query.
The right answer is to build a system that makes it easy to find almost anybody in an emergency. The right system supplies drill-across features to find everything that you have on the guy. The right system should be able to process every individual on every flight. A system to SCORE a STATUS VALUE in realtime for such as dropping an interview on an individual, or even on an unknown alias.
We have buildings filled with computers -- so why not ? The Bushies missed recent evolution ???
We have these systems complete, able to meet simple tests the first day out of the box.
The usual combo is an Identity Management (IM) inventory database with a Customer Relationship Management (CRM) function suite. Yeah... the "terrorists" are our customers in this paradigm. The twenty-something kid who has been exposed to al-Qaeda dogma, then gone crazy in the DSM IV Axis I Depression pattern, and then gets twisted to an all-out suicide impulse with airliner-killing for a side -- perfect customer.
What we want him to "buy," dontcha know, is an interview with a TSA Behavior Detection expert and an Interviewer before he plops down in 27C on the aisle. Also, in this more perfect world, the right system has committed truthful communication with Department of State via its Informatica PowerCenter frontend tool. The FBI system can post a structured message and then do verify&validate follow-up to ensure that we cancel the kid's visa.
Not rocket science.
Coming out of the Bush efforts, the FBI Terrorist Identities Database Environment (TIDE) system is not set up for realtime access. Transportation Safety Administration (TSA) personnel could not use live information to kick off a simple interview -- prior to letting Mr. Abdulmutallab board the Northwest airliner.
The Bush people did that. Left TIDE half-done. For no recognizable having anything to do with technology.
INTERPOL TERRORISM REQUESTS CANNOT BE MET
Interpol Secretary General Ronald Noble requests two procedural actions:
First, airlines should forward passenger data on international flights to Interpol; and second, nations that arrest foreign visitors should share those fingerprints with the international police agency as well.
Noble said linking databases can help detect people flying on passports reported as lost or stolen. Ramzi Yousef, who was convicted of the 1993 World Trade Center bombing, entered the United States carrying a stolen Iraqi passport.
Organizing to meet these requests should not be difficult with an IM/CRM system. Going with TIDE or the RAILHEAD mess will not get there.
One logical approach for doing the FBI's overall strategy starts with defining a Threat Based Analysis system. Define likely threats and build your systems from the ground-up, to work the associated Use_Case actions and messages.
Instead, the Bush Leaguers emphasized "Actionable Intelligence," which sounds like something out of a kid's cartoon. There has to be a wack-job fantasy involved. Specifically, your intel source has to be in the room to hear the bad guys, the ones wearing capes and black high-heel boots. Your source had to listen to the bad guys, while they are making their plans. That is indeed a common event on Power Rangers. The scene switches over and the bad guys tell us what they are going to do.
At the FBI, not so much. It is 1 in a 1,000,000 to have an informant on site for a criminal or terrorist conspiracy.
Adults defend against threats; wack-jobs go for mental masturbation.
PERSONNEL ISSUES
Our own Made in America personnel problems keep going and going and going.
CIA is inept at a bunch, including lying its ass off:
"Abdulmutallab's father didn't say his son was a terrorist" when he visited the U.S. Embassy in Nigeria, "let alone planning an attack. Not at all," one U.S. intelligence official said. "I'm not aware of some magic piece of intelligence that suddenly would have flagged this guy — whose name nobody even had until November — as a killer en route to America, let alone something that anybody withheld."
Read more: http://www.denverpost.com/...
Father came in to the Embassy twice. Told everything about "radicalization," going to Yemen to hook up with al-Qaeda, having a U.S. visa, and disturbed mental state. Spilled his guts to State and again to CIA. Followed up in writing and with telephone calls. Couldn't have given more warning, if he'd brought in a goodbye suicide-video.
The problem, here, replays a CIA screw-up that let another known al-Qaeda core member sneak into New Zealand in 2006.
The write-up from CIA in Africa failed to tag Mr. Abdulmutallab for likely participation in a Terrorist-Conspiracy and as likely Armed-And-Dangerous. The interview system is not sufficiently structured to force these determinations.
Personnel issues and classic Empire Building lead to behaviors that defeat fundamental process design. Critical missions go lost.
STANDARDS FOR FBI IDENTITY SELECTION
Timothy Healy, director of the FBI's Terrorist Screening Center (TSC) says that there must be "enough biographical information attached to the name to allow investigators to make sure they are dealing with the right person" and that "information must establish that there is a reasonable suspicion that the person in question has engaged, or might engage, in terrorist activity."
Healey is missing a obvious exception: surveillance and human intel frequently return useful tips related to aliases. The actual human names remain a mystery. Dealing with drug gangs, this is the rule. Every member in several of these gangs goes by aliases and nicknames.
Hopefully, Healey was lying with deliberation.
The worst of Identity Selection is that this is done on a Once-A-Day basis. The few daily additions to the SELECTEE and No Fly lists are controlled by a few high-level managers, apparently sitting around a table. There is no apparent recognition that False-Acceptance errors have a very tiny cost, compared to doing a False-Rejection where the individual is a wannabe suicide-bomber.
Instead, Healey says that the decisions are made on the basis of a Probable Cause standard, which surely came down from incompetents, above, in the Bush Department of Justice. Dangerous people are moved to the SELECTEE/interview list by the half-dozen or dozen a day.
In the event, Mr. Abdulmutallab's father provided approximately 10 times the supporting evidence to State and CIA, that The Bureau would need to make the appropriate determinations for warnings.
ONGOING QUALITY ISSUES AT FBI HQ
Any sensible automated SCORING algorithm would invoke, at the very least, routines to generated follow-up actions aimed to clarify significant ambiguities.
At worst, drop a dime and call Mr. Abdulmutallab's father at his bank.
The current Once-A-Day system sets these decisions in concrete -- actively discouraging follow-up work. The "Richard Jewell" kinda guy out in the field who wants to get more evidence and rapid response is in the position of having to challenge a top manager back at headquarters.
Good luck with that.
Ask Coleen Rowley about the role of mindless egotism at HQ with respect to blocking a field-generated response to an obvious terrorist threat. Coleen is the gal from the Minneapolis Field Office who recognized the significance of Moussaoui's Minnesota flight training, a very likely suicide-hijacking plot in 2001, and the value of getting into Moussaoui's laptop.
HQ blocked access to that Moussaoui laptop. Amazingly, looking at it from New York, no one was charged with treason.
CRITICAL SUCCESS FACTORS
Plainly, selecting on indicators related to terrorism, False-Acceptance Error for pre-boarding interviews is a matter of inconvenience for the individual who gets tagged. This cost is not a biggie. Nobody dies. A simple policy could be implemented that compensates wrongly-tagged people for their troubles. There must be some way to acquire a zillion Frequent Flier Miles to hand out.
The False-Rejection Error, however, can keep an active terror recruit in play. An airliner can go down. We could get a replay of the Puerto Rican Nationalists trying to gun Truman at Blair House.
False-Rejection Errors need to be valued at a sharp premium over False-Acceptance Errors. Not the way things work today. This system is more about keeping the paperwork clean.
Replacing this List Processing system was supposed to be underway with the RAILHEAD PROJECT. The Great Boeing Corporation took over that effort as the prime contractor. They also got a blank check....
NEW YORK TIMES PROJECTILE BARFS AT BOEING
From the New York Times:
"That Troubled Terrorism List"
Published: August 24, 2008
The new program, known as Railhead, is intended to fix the problems with the current outmoded (TIDE) program. That database — begun as an urgent priority after the Sept. 11 attacks — has been bedeviled by an array of problems, including the inability to do basic searches to find suspects’ names.
Bush administration officials have been pronouncing Railhead a success. But the investigation by a House Science and Technology subcommittee found it crippled by serious design flaws, management blunders and runaway contractors. Hundreds of private contractors from dozens of companies involved were recently laid off as government managers finally ordered a fresh overhaul in the face of "insurmountable" problems.
Some of the flaws discovered are mind-bogglingly basic. The Railhead database, it seems, also has fundamental problems with its search function. It failed, for example, to handle multiple word searches connected by "and" and "or," and it could not offer matches for slight misspellings of suspects’ names.
As bad, parts of RAILHEAD have been trashing inputs for two years.
BOEING FAILS AT LARGE WORKFLOW SYSTEMS
RAILHEAD is not the first major software failure by Boeing.
Boeing that couldn't do its own corporate Sarbanes-Oxley financial compliance system. Boeing makes nice sharp realtime systems for its airliners, but apparently they have trouble consolidating accounting events and Workflow processes.
Boeing never could get clear the distinctions between Financial Accounting and Managerial Accounting.
Despite four tries at reading the Sarbanes-Oxley requirements -- stated in S.E.C. Implementation Directives and translated to English in 2002 by F.I.E.C.C. for their own financial examiners -- Boeing failed miserably.
Boeing's software culture refuses to read/understand/apply specific elements. Here are typical omissions:
-- Well-defined Workflow controls;
-- Check List hierarchies; and as well the need to test
-- Corporate systems for degraded data,
-- Response to Known Error test events, and
-- Escalating-for-special-handling every problem that goes bad in the workplace.
Boeing is in love with ROI (Return on Investment) analysis -- trying to apply ROI to micromanage system design.
Boeing's failure at building its own corporate Sarbanes-Oxley compliance system reflects point-by-point the failure and the eventual damage that Boeing inflicted on RAILHEAD.
Boeing also failed at building a linguistic search engine to do names and locations -- a tool on the order of Oracle Text.
WHO DID WHAT AND KEYS FOR DIGGING OUT
Michael Leiter, Director at National Counterterrorism Center (NCTC) and Boeing took the RAILHEAD PROJECT and ballooned it into a $500,000,000 boondoggle. Simple upgrades have not been applied to TIDE. The commercial Identity Management approach -- which works at millions of companies -- was not considered.
Boeing went mad with greed. 814 contractors at a recent head count. $100,000,000 blown for Gold Plate security at one Boeing office building. No sense of integrity. No quality control.
Upgrades for TIDE -- without making the big changes to run an IM/CMR system -- should have run to simple goals and mileposts:
-- Migrate the core application to the new generation of Oracle database
-- Expand functionality to utilize new features
-- Devote resources to specialty software: the Oracle Text linguistic search engine for names and locations; new Application Server technology to support web pages; and the Built-In Packages that Oracle shops use to save man-hours for common development tasks.
-- Integrate with new releases of software such as the Informatica PowerCenter message and file transfer software. Consider new performance and security features.
-- At least take a look at IM/CRM commercial resources. (Pssst... wanna find somebody ???)
Instead, Boeing went all vaporware. $500,000,000 for fraud:
-- Swap out Oracle, moving over to the fantasy RAILHEAD linguistic search engine.
-- Fake the original list of legacy system transfers. They still don't know what fields have what values in the dumps from the legacy systems. And too arrogant to ask for help.
-- Produce redundant subtasks, and
-- Fake both formal tests and informal demonstrations for NCTC and TSC training
Of course, these actions went broadly criminal. The Bush Administration took their campaign contributions and jobs-for-wives and structured bribes and never investigated a damn thing.
John Michael McConnell was the Director of National Intelligence during the period where this RAILHEAD PROJECT software went through implementation and user-acceptance testing.
This Mike McConnell and his ODNI crew were responsible for quality control.
A SIMPLE PROTOTYPE FOR PROOF OF CONCEPT
How hard is it to enahnce TIDE to do the functional enhancements called for with RAILHEAD ???
I took the RAILHEAD/TIDE/No Fly List problem and prototyped it using Oracle 11g and the Oracle Text linguistic search engine.
Get a 1-terabyte, 1-billion row system built using real data on people in Africa-EU-Middle-East. Lots of text fields, indexed with Oracle Text CONTEXT indexes.
First test query: find Mr. Umar Farouk Abdulmutallab without using his name.
His father had gone in the the Embassy in Nigeria and told our people what he knew about his son. He also identified himself. Look at what we have coming Out-of-Africa from Department of State or CIA:
-- (a name string that we are discarding as unusable, possibly bogus)
-- Father's name and identifying document
-- Father's residence, date of birth, general descriptors
-- The indication that the individual had a prior U.S. Visa (has_a U.S. visa application)
-- Date of Birth
-- Place of Birth
-- Dates related to earlier presence in a NATO country
This Out-of-Africa descriptive data proved overwhelming. Any four items get Mr. Abdulmutallab to the top of my match system. # 1 in the list of match-candidates.
BTW: Run the query as "Umar Farouk" and a CONTAINS linguistic search argument and the real Mr. Abdulmutallab popped up as my # 3 match-candidate. Drill-across tags him to a practical certainty.
The queries worked first try.
KICK ASS AND TAKE NAMES
The main perp has to be Michael Leiter, Esq. Director of the National Counterterrorism Center (NCTC.) Magna cum laude in 2000, President of Harvard Law Review following in the tracks of Barack Obama.
Brilliant man. Still, today, Leiter is the leading denier for thousands of processing errors. Leiter speaks against the logic of considering False-Acceptance and False-Rejection trade-offs. He presents a case defending his position that the RAILHEAD SNAFU has a near-perfect functional specification and good quality.
Plainly a coward for not squaring up, sinking teeth into Boeing.
Then there is Boeing, itself. The prime contractor. The $10,838,231,984-a-year Boeing. The #2 Federal contracting company overall.
The "connected" Boeing.
Boeing took on the FBI's TIDE (Terrorist Identities Datamart Environment) system, written using the Oracle database. Boeing "upgraded" the TIDE database design, reportedly, by quadrupling the overall size. Also by replacing the Oracle commercial off-the-shelf (COTS) search engines with a vaporware piece of dysfunctional fraud.
Boeing's vaporware search engine for RAILHEAD never worked. The TIDE system works sensibly enough. Upgrade is straightforward. Adding IM and CRM functionality can be done without a whole lot of risk.
Consider what little effort it took me to grind a working prototype with broader features than what they had wanted, initially, upgrading TIDE.
POWERCENTER AND INPUTS AND THE WORKFLOW PROBLEMS
Most all of the main organizations involved with NCTC have Informatica's PowerCenter tool installed. This tool specifically handles transfers of messages and data files. That list of PowerCenter users includes Department of Justice, Department of State, Department of Transportation, and many others.
The original specification for the TIDE upgrade focused on augmenting information feeds from older legacy systems in the intelligence community -- exactly the data migrations where PowerCenter is a default federal standard.
One simple project plan for input upgrades is to run a dozen stages to arrange PowerCenter-to-PowerCenter message and file transfers. The Mid-Atlantic Region area has roughly ten-thousand experienced PowerCenter developers.
The other major problem goes back to Workflow. A lot of intel and routine information comes together at NCTC and TSC. Where there are conflicts or omissions, a mature Workflow system would be able to work through PowerCenter to return messages with structured work requests. These actions can take place with or without human intervention; it doesn't take much in the way of artificial intelligence to respond to copy-editing scores.
Boeing did none of this.
The pattern is worked every day with the Sales Automation modules of CRM systems. Where the contact person needs information to close a deal, he can reach out through the company without having to know the specific person who is going to carry out the research task. Same for automated Bill-of-Materials modules. Inventory refreshes automatically.
Workflow picks up the task and decisions involved and provides the associated form(s) with already-available information included. Workflow can use PowerCenter the way you would use email -- plus putting useful boilerplate in the remote libraries.
BARACK OBAMA NEEDS TO GO MO' BETTAH
RAILHEAD is a failure. Another NORAD. Another FBI-meets-IBM/Documentum ultraSNAFU. The one-liner for RAILHEAD is that Boeing blew $500-million for a throw-out. Maybe you could salvage $10-million in software.
K.I.S.S. Give TIDE-for-expansion back to FBI and the Office of Intelligence shop for the legacy data migration features.
Budget $25-million and allow no more than 50 people to work on the project. Have legacy sources do their own publishing projects, writing to Interface Tables on servers at their own shops.
The one piece of new technology I recommend has to do with building indexes at the legacy servers.
Remote Index building.... that is the neat trick that Triple Hop perfected. Oracle bought Triple Hop. So you gotta get this technology out of Oracle. Any and all of the input Departments and Agencies will be happier not exporting whole copies of their data. What they will have to do is to put up mirror servers inside their own network DMZ's. Then give access to the PowerCenter net.
Minimum intrusion. Minimum security risk. Minimum cost. Minimum performance impact. Easy to maintain.
Once the TIDE system gets better at using Oracle Text, you can increase the number of people meeting SELECTEE Status to something like 50,000 or 100,000 individuals. Whatever you think it takes, realistically, to control the risks from terrorism.
Avoid getting labeled as the next George Bush or Michael Dukakis -- priceless.
There's probably fifty commercial shops that can also do this project with a first-rate final product. Shops that do not screw over their clients.
Now... let's see if the Obama White House can knock off a mini-Katrina. Get in there fast. Take charge. Fix the mess.
Mo' bettah !!
BAD NEWS FROM JANUARY 2009
This was mentioned in the Intro:
-- TSA's explosive-detection deployments went open Internet, January 2009.
Here it is:
The Terrorist Threat to Inbound U.S. Passenger Flights: Inadequate Government Response
Pretend you're an al-Qaeda sympathizer back a year ago. Use Google to check out [ TSA PETN explosives detector ]. Then consider your al-Qaeda guy reading this piece when it came out January 2009.
The piece complains about TSA not using enough explosives detectors overseas, telling al-Qaeda all about it at the same time.
Publishing defensive equipment deployments ??? Matches perfectly with outing Valerie Plame, a CIA agent specializing in WMD problems, along with everyone else who had worked out of the same front-company she had used.
But that was Cheney and Libby.... They didn't get over to FBI and TSA.
Or did they ?