recommended reading

White House considers proposals to improve information sharing

The White House is seriously considering proposals by a bipartisan task force to prevent lapses in information sharing among agencies that have allowed some terrorist plots to go undetected, according to members of the nonprofit panel.

A task force assembled by the Markle Foundation, a New York-based think tank that studies health information technology and security issues, recommended on March 24 that the government expand the deployment of technologies that make it easy to probe existing information in agency databases to preempt attacks such as the attempted bombing of a Detroit-bound airplane on Christmas Day.

The proposals, which are based on past reports by the Task Force on National Security in the Information Age, were submitted to the House Judiciary Committee on March 24. The panel held a hearing that day to discuss improving information-sharing to prevent attacks such as the Christmas Day incident and the mass shooting at Fort Hood, Texas, in 2009, which killed 13 people. The bipartisan task force, which was established in 2002, includes information technology executives, policymakers, public interest advocates and specialists in privacy, intelligence and national security. It advises all levels of government on the use of terrorism-related information.

Markle recommended agencies use persistent queries, which remember users' search terms. They work something like cookies, which are common applications on Web sites that companies use to track and remember user preferences. For example, if a user in January typed "John Doe" to review his visa application, and, in June another user types "John Doe" to review the individual's status as a foreign student, the previous user would be alerted that the June inquiry was made. The awareness of a connection allows new information to be put in a context that may warrant action.

In a January memo President Obama ordered the intelligence community to repair systemic weaknesses identified after the failed Christmas Day bombing. He called on the director of national intelligence to immediately clarify the role of analytics in "synchronizing, correlating and analyzing all sources of intelligence related to terrorism" and to speed IT upgrades to improve "knowledge discovery, database integration, cross-database searches and the ability to correlate biographic information with terrorism-related intelligence."

To facilitate piecing together disparate information, the task force recommended data be tagged with standardized information that can be indexed and searched.

Markle also proposed deploying an authorized use standard that would permit users to discover certain data exists without gaining access to its contents. The searcher could ask the appropriate owners of the data to investigate the contents. But a 2008 study that Congress requested determined this solution was not a viable option because it conflicted with privacy laws, regulations and executive orders.

Some privacy advocates argued then, and still maintain, that the authorized use process for sharing intelligence would protect U.S. citizens' rights and plug holes in information sharing. "I think their decision was based not on a technological objection, but on misplaced policy concerns," said Jim Dempsey, a task force member and vice president for public policy at the Center for Democracy and Technology, a civil liberties group.

Under the authorized use standard, if an FBI official investigating terrorism funding lawfully obtains the financial records of an American and discovers those records contain foreign accounts, the bureau should be able to inform the CIA, which would then search for related information in records collected overseas. Conversely, if a CIA official, during the course of a foreign operation, finds information indicating transactions with a U.S. account, the agency should share the information with the FBI, which would then follow up leads in the United States.

The information should be disclosed "as long as there is a reason that relates to the legally defined mission of the receiving entity -- it can't just be, 'We're going to use it for counterterrorism purposes,' " Dempsey said. A valid reason, for example, would be, "We're using it to pursue investigations overseas of monetary flows that potentially relate to terrorism."

The task force does not want the CIA to have the authority to demand banks turn over data on Americans, he said. The Obama administration in general has been receptive to the task force's recommendations, Dempsey added.

Some former federal officials say agencies have been using Markle's technology proposals for years. "These are not new recommendations and, in fact, most of these things are regularly used within organizations," said Dale Meyerrose, who served as the first chief information officer for the Office of the Director of National Intelligence during the George W. Bush administration. "It is the element of going across agencies that is the issue. It's easy to blame technology. Technology is not the culprit here."

The FBI, which is a Justice Department agency, is authorized to collect information on Americans for the purpose of enforcing U.S. criminal laws, whereas the CIA is allowed to collect foreign information in the interest of national security.

Meyerrose, now vice president and general manager for cyberspace solutions at Harris Corp., a technology contractor, agrees that the recommended technologies should be applied more broadly throughout the federal government, but within limits. "It's all got to be done within a framework that makes sure that information is not misused," he said, meaning searches do not violate national security or Justice parameters.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.