Managing Watch Lists
March 26, 2007
Anyone who travels probably has a nagging fear (even if it resides in the back of their mind) that their name will mistakenly get placed on a terrorist watch list. It seems that one’s chances of winning the lottery are better than one’s chances of getting off the list once on it. That concern will grow along with the size of the list. Karen DeYoung, writing for the Washington Post, indicates that the primary database used to generate such lists has quadrupled since being started [“Terror Database Has Quadrupled in Four Years,” 25 March 2007]. It continues to grow. DeYoung writes:
“Each day, thousands of pieces of intelligence information from around the world — field reports, captured documents, news from foreign allies and sometimes idle gossip — arrive in a computer-filled office in McLean, [VA] where analysts feed them into the nation’s central list of terrorists and terrorism suspects. Called TIDE, for Terrorist Identities Datamart Environment, the list is a storehouse for data about individuals that the intelligence community believes might harm the United States. It is the wellspring for watch lists distributed to airlines, law enforcement, border posts and U.S. consulates, created to close one of the key intelligence gaps revealed after Sept. 11, 2001: the failure of federal agencies to share what they knew about al-Qaeda operatives.”
DeYoung points out that challenges created by a burgeoning database confront administrators as well as those who names mistakenly end up in it.
“In addressing one problem, TIDE has spawned others. Ballooning from fewer than 100,000 files in 2003 to about 435,000, the growing database threatens to overwhelm the people who manage it. ‘The single biggest worry that I have is long-term quality control,’ said Russ Travers, in charge of TIDE at the National Counterterrorism Center in McLean.”
Clearly, a database filled with mistakenly identified individuals is a problem for security people as well as the poor individual who must needlessly suffer the consequences of being on the list. DeYoung comments on the obvious quality control issues:
“TIDE has … created concerns about secrecy, errors and privacy. The list marks the first time foreigners and U.S. citizens are combined in an intelligence database. The bar for inclusion is low, and once someone is on the list, it is virtually impossible to get off it. At any stage, the process can lead to ‘horror stories’ of mixed-up names and unconfirmed information, Travers acknowledged. The watch lists fed by TIDE, used to monitor everyone entering the country or having even a casual encounter with federal, state and local law enforcement, have a higher bar. But they have become a source of irritation — and potentially more serious consequences — for many U.S. citizens and visitors. In 2004 and 2005, misidentifications accounted for about half of the tens of thousands of times a traveler’s name triggered a watch-list hit, the Government Accountability Office reported in September. Congressional committees have criticized the process, some charging that it collects too much information about Americans, others saying it is ineffective against terrorists. Civil rights and privacy groups have called for increased transparency.”
DeYoung’s most amusing story about mistaken identity (for those of us not directly affected) involves the wife of a U.S. senator:
“Sen. Ted Stevens (R-Alaska) said last year that his wife had been delayed repeatedly while airlines queried whether Catherine Stevens was the watch-listed Cat Stevens. The listing referred to the Britain-based pop singer who converted to Islam and changed his name to Yusuf Islam. The reason Islam is not allowed to fly to the United States is secret.”
This gives a whole new meaning to “Oh, I’m being followed by a moonshadow, moonshadow, moonshadow.” Of course, there is nothing amusing about the purpose of the list or having one’s name on it. Take, for example, Maher Arar. He was jailed and interrogated as a potential terrorist, but, was eventually found completely innocent and released. His nightmare, however, is not over:
“Maher Arar, a Syrian-born Canadian, remains on the State Department’s consular watch list. Detained in New York while en route to Montreal in 2002, Arar was sent by the U.S. government to a year of imprisonment in Syria. Canada, the source of the initial information about Arar, cleared him of all terrorism allegations last September — three years after his release — and has since authorized $9 million in compensation.”
Mistakenly getting on a watch list is equivalent to having one’s identity stolen and it is just as difficult to get the mistake cleared up. One of the problems is how TIDE works.
“TIDE is a vacuum cleaner for both proven and unproven information, and its managers disclaim responsibility for how other agencies use the data.”
The challenge faced by those maintaining the lists is that prevention requires intelligence agencies to cast a wide net, which means that it cannot ignore unproven information. It should, however, have a better and faster way of clearing names from the list that don’t belong there. Travers says that if you have a good idea for how to do this, get in touch in with him.
“The electronic journey a piece of terrorism data takes from an intelligence outpost to an airline counter is interrupted at several points for analysis and condensation. … It arrives electronically as names to be added or as additional information about people already in the system. The 80 TIDE analysts get ‘thousands of messages a day,’ Travers said, much of the data ‘fragmentary,’ ‘inconsistent’ and ‘sometimes just flat-out wrong.’ Often the analysts go back to the intelligence agencies for details. ‘Sometimes you’ll get sort of corroborating information,’ he said, ‘but many times you’re not going to get much. What we use here, rightly or wrongly, is a reasonable-suspicion standard.’ Each TIDE listee is given a number, and statistics are kept on nationality and ethnic and religious groups. Some files include aliases and sightings, and others are just a full or partial name, perhaps with a sketchy biography. Sunni and Shiite Muslims are the fastest-growing categories in a database whose entries include Saudi financiers and Colombian revolutionaries. U.S. citizens — who Travers said make up less than 5 percent of listings — are included if an ‘international terrorism nexus’ is established. Every night at 10, TIDE dumps an unclassified version of that day’s harvest — names, dates of birth, countries of origin and passport information — into a database belonging to the FBI’s Terrorist Screening Center. TIDE’s most sensitive information is not included. The FBI adds data about U.S. suspects with no international ties for a combined daily total of 1,000 to 1,500 new names. Between 5 and 6 a.m., a shift of 24 analysts drawn from the agencies that use watch lists begins a new winnowing process at the center’s Crystal City office. The analysts have access to case files at TIDE and the original intelligence sources, said the center’s acting director, Rick Kopel. Decisions on what to add to the Terrorist Screening Center master list are made by midafternoon. The bar is higher than TIDE’s; total listings were about 235,000 names as of last fall, according to Justice Department Inspector General Glenn A. Fine. The bar is then raised again as agencies decide which names to put on their own watch lists: the Transportation Security Administration’s ‘no-fly’ and ‘selectee’ lists for airlines; Consular Lookout and Support System at the State Department; the Interagency Border and Inspection System at the Department of Homeland Security; and the Justice Department’s National Crime Information Center. The criteria each agency use are classified, Kopel said.”
For organizations that receive the list, it’s just that — a list of names. That creates some of the problems.
“With little to go on beyond names, airlines find frequent matches. … TSA receives thousands of complaints each year, such as this one released to the Electronic Privacy Information Center in 2004 under the Freedom of Information Act: ‘Apparently, my name is on some watch list because everytime I fly, I get delayed while the airline personnel call what they say is TSA,’ wrote a passenger whose name was blacked out. Noting that he was a high-level federal worker, he asked what he could do to remove his name from the list. The answer, Kopel said, is little. A unit at the screening center responds to complaints, he said, but will not remove a name if it is shared by a terrorism suspect. Instead, people not on the list who share a name with someone listed can be issued letters instructing airline personnel to check with the TSA to verify their identity. The GAO reported that 31 names were removed in 2005.”
It seems to me that these people could be issued a special “passport,” which would make traveling easier, remove the stigma of having to be checked by TSA every time they travel, and, at least, demonstrate some compassion for those who share a name with someone legitimately on the list. Letters saying check with someone doesn’t demonstrate much concern for those caught in this kind of conundrum. The process is under constant review (and criticism) and I’m sure that any good ideas to make the process would be welcomed. Eventually, I suspect that something like facial recognition or other biometric will be used so that innocent travelers can be immediately cleared. Names can be changed too easily — just ask Cat Stevens.