White House considers proposals to improve information sharing

The White House is seriously considering proposals by a bipartisan task force to prevent lapses in information sharing among agencies that have allowed some terrorist plots to go undetected, according to members of the nonprofit panel.

A task force assembled by the Markle Foundation, a New York-based think tank that studies health information technology and security issues, recommended on March 24 that the government expand the deployment of technologies that make it easy to probe existing information in agency databases to preempt attacks such as the attempted bombing of a Detroit-bound airplane on Christmas Day.

The proposals, which are based on past reports by the Task Force on National Security in the Information Age, were submitted to the House Judiciary Committee on March 24. The panel held a hearing that day to discuss improving information-sharing to prevent attacks such as the Christmas Day incident and the mass shooting at Fort Hood, Texas, in 2009, which killed 13 people. The bipartisan task force, which was established in 2002, includes information technology executives, policymakers, public interest advocates and specialists in privacy, intelligence and national security. It advises all levels of government on the use of terrorism-related information.

Markle recommended agencies use persistent queries, which remember users' search terms. They work something like cookies, which are common applications on Web sites that companies use to track and remember user preferences. For example, if a user in January typed "John Doe" to review his visa application, and, in June another user types "John Doe" to review the individual's status as a foreign student, the previous user would be alerted that the June inquiry was made. The awareness of a connection allows new information to be put in a context that may warrant action.

In a January memo President Obama ordered the intelligence community to repair systemic weaknesses identified after the failed Christmas Day bombing. He called on the director of national intelligence to immediately clarify the role of analytics in "synchronizing, correlating and analyzing all sources of intelligence related to terrorism" and to speed IT upgrades to improve "knowledge discovery, database integration, cross-database searches and the ability to correlate biographic information with terrorism-related intelligence."

To facilitate piecing together disparate information, the task force recommended data be tagged with standardized information that can be indexed and searched.

Markle also proposed deploying an authorized use standard that would permit users to discover certain data exists without gaining access to its contents. The searcher could ask the appropriate owners of the data to investigate the contents. But a 2008 study that Congress requested determined this solution was not a viable option because it conflicted with privacy laws, regulations and executive orders.

Some privacy advocates argued then, and still maintain, that the authorized use process for sharing intelligence would protect U.S. citizens' rights and plug holes in information sharing. "I think their decision was based not on a technological objection, but on misplaced policy concerns," said Jim Dempsey, a task force member and vice president for public policy at the Center for Democracy and Technology, a civil liberties group.

Under the authorized use standard, if an FBI official investigating terrorism funding lawfully obtains the financial records of an American and discovers those records contain foreign accounts, the bureau should be able to inform the CIA, which would then search for related information in records collected overseas. Conversely, if a CIA official, during the course of a foreign operation, finds information indicating transactions with a U.S. account, the agency should share the information with the FBI, which would then follow up leads in the United States.

The information should be disclosed "as long as there is a reason that relates to the legally defined mission of the receiving entity -- it can't just be, 'We're going to use it for counterterrorism purposes,' " Dempsey said. A valid reason, for example, would be, "We're using it to pursue investigations overseas of monetary flows that potentially relate to terrorism."

The task force does not want the CIA to have the authority to demand banks turn over data on Americans, he said. The Obama administration in general has been receptive to the task force's recommendations, Dempsey added.

Some former federal officials say agencies have been using Markle's technology proposals for years. "These are not new recommendations and, in fact, most of these things are regularly used within organizations," said Dale Meyerrose, who served as the first chief information officer for the Office of the Director of National Intelligence during the George W. Bush administration. "It is the element of going across agencies that is the issue. It's easy to blame technology. Technology is not the culprit here."

The FBI, which is a Justice Department agency, is authorized to collect information on Americans for the purpose of enforcing U.S. criminal laws, whereas the CIA is allowed to collect foreign information in the interest of national security.

Meyerrose, now vice president and general manager for cyberspace solutions at Harris Corp., a technology contractor, agrees that the recommended technologies should be applied more broadly throughout the federal government, but within limits. "It's all got to be done within a framework that makes sure that information is not misused," he said, meaning searches do not violate national security or Justice parameters.