Friday, May 09, 2008

Law Enforcement Data Mining

This article does have some merit, though personally I think the writer is oversimplifying the reality of such a database. He starts with describing how Mohammed Atta was a bad driver and then attempts to convince the reader that had his missing a court hearing and being placed on a bench warrant would have stopped 9/11.
What ideally should have happened is this: Once Atta failed to appear in Broward court, his bench warrant should have been entered into a statewide database that the Feds could have tapped into. That same database would have been connected into the NCIC and FCIC (for Florida) computer systems. In Palm Beach County, the officer who pulled Atta over a second time would have been made aware of the outstandng bench warrant. Gun drawn and having radioed for backup, the officer would have pulled Atta from the vehicle and brought him to the Palm Beach County Jail. His One Phone Call would have been made, and his car impounded.

At the impound yard, a curious investigator might have seen certain drawings, diagrams, blueprints, and notes. He might have seen flight manuals and textbooks and gotten more curious. A call to the FBI might have produced zip, zilch, nada, since the FBI and CIA were famously not talking regarding which baddie was and was not in the country at the time. So this is all just so much "woulda, shoulda, coulda."

First there is the thought that at that level of minutia it is unlikely that a database system would have pulled Atta out as anything more than a careless foreigner who failed to fix a ticket. Then the assumption that someone in the impound yard would have decided to investigate his car, which would be interesting since that would mean they would have to have some reason to pick that one out of all the other impounded cars, assuming of course that the impound yard is run by the police and not just a storage yard run by a contractor. Should I mention that in many states the police would need a warrant to search that car?

I know I'm not well versed in database technology, but what makes databases effective is knowing what is important. This level of detail isn't going to be very effective in finding a terrorist before the act. It could be helpful in finding and investigating associates after the fact, but it isn't going to be highly effective in prevention. Which gets us to this:
We have spent tens of billions of dollars on reactive antiterrorism gear. I am sure that is important for the residents of Fargo and other towns. Yet we have spent a comparatively paltry sum of cash on solutions that actually might stop terror before it happens. And one of those ingenious things that actually worked, Seisint founder Hank Asher's brilliant MATRIX system, remains mired in controversy and politics. Hank showed me MATRIX just a few short weeks after the 9/11 attacks. Using law enforcement data and commercial data, all of the commercial data available in the public domain, Asher's query produced Atta's photo -- and about 80 others, many of them fellow 9/11 hijackers, many of them associates of the 9/11 hijackers.
I guess I'm very skeptical on that contention. That far to easily strikes me as slight of hand. How much of that data existed before the 9/11 attacks? That just strikes me as a bit fishy. And another concern would have to be related to the false positives. What is done with all of those that get pulled up erroneously? Do we put a star next to their name and proceed to put them on the no fly list with Ted Kennedy? Make their lives further hell because some database of public "knowledge" defines them as suspect?

Then there is the question of how do you maintain all that information. What if Atta had fixed the ticket shortly after the bench warrant was issued? Would he be kept in the database or expunged? Where do you stop with the collection of minutia? What if it's a parking ticket and it gets blown away? Do we kick down that person's door in the middle of the night if they fit even loosely what someone has imagined as a threat?

This could indeed be a useful tool, but I would want to see it heavily vetted before use and then it should only be used as a supplementary tool for the LEO. If we start using it as the primary means of identifying risks, then many real ones will be overlooked.

No comments: