January 13, 2004
Warbaby says:
The Christmas season yo-yo of the Homeland Security threat level from Yellow (elevated) to Orange (high) has blown over. The flurry of increased security measures did not result in any publicly acknowledged terrorism prevention actions.
So what actually took place?
Scanning the news reports, we see that there were two phases to the heightened alert. The initial phase consisted of a substantial increase in communications intercepts. No specifics were released, but the National Security Agency and other communications monitoring services indicated Al Qaida (or possibly other affiliated terrorist groups) were discussing a wave of attacks involving passenger and cargo jets targetting the United States. Some reports claimed this wave of attacks would exceed the 9/11 attacks in the anticipated level of destruction.
The second phase kicked in after the threat level was raised to Orange. The vast majority of these reports were based on the appearance of "suspicious" names appearing on passenger manifests. Several passenger and a few cargo flights were cancelled or delayed in response to the discovery of these "suspicious" names. In none of these cancellations were any of the people whose names triggered the flight cancellations or delays identified as terrorists. In one instance, a person who was identified as "suspicious" did not show up for a cancelled flight and a search was instituted to locate him. What was going on here?
Data mining for bad guys
Shortly after the alert was lowered to Yellow, news articles appeared about Computer Assisted Passsenger PreScreening program (CAPPS II). This is a massive collection of interlinked databases tying airline booking systems into public records and commercial databases holding consumer information. There are similar programs under other names also being tested.
The general principle behind these gigantic interlinked databases is known a "data mining." The general idea is that by selectively filtering and cross-indexing large quantities of data, it becomes possible to extract new information not findable in any of the individual databases. Data mining techniques are behind things like the registration of shoppers with identification cards at grocery stores so that the stores can anticipate shoppers' habits.
There are very real problems with data mining techniques, particularly when multiple and independent databases are linked together. One very obvious problem is that data integrity issues are multiplied geometrically. For example, if several databases each contain data that is 99.9% reliable are tied together, the result is the combined data is far less reliable than any of the individual databases. Another notorious problem in name-matching Arabic or non-Western names is the difficulty of accurate transliteration from one alphabet to another. This is particularly difficult in Arabic, which does not use written vowels in any way that reliably maps to the Roman alphabet. And then there is the issue of the reliability of the data mining software itself, particularly in programs that only just being developed and tested.
It seems very likely that the jump to the higher level of terrorism alert was related to the recent testing or introduction of data mining programs linked to airline passenger manifests. It is also very probable that flaws in these programs produced bogus identifications of innocent people as terrorists.
Yellow to Orange and back again
Based on the news reports, the initial decision to raise the terrorism threat level was influence by at least two factors. There appear to have been increased levels of communications intercepts. There is also a widespread feeling among some (but by no means all) terrorism experts that Al Qaida has a recognizable patter of repeatedly attacking the same targets or attacking on the same dates. Due to the success of terrorist preventions during the Christmas through New Year holidays in 2000, some sources stated there was believed to be a higher risk of these earlier aborted attacks being repeated.
Once the threat level was raised, the flight cancellations and delays began. In almost all instances, the identification of "suspicious" names on passenger manifests was cited as the proximate cause. Yet none of the "suspicious" individuals turned out to be worthy of suspicion.
There are also reports of increased detentions (again not resulting in arrests) by Customs and Immigration. I know of one instance of a US citizen with a valid passport being taken into custody upon returning to the US from Turkey merely on the basis of his "name sounding like a terrorist." After a lengthy period, he was released without explanation or apology. His sister, also a US citizen, is now considering legally changing her name to avoid this sort of harassment.
The Warbaby scenario
For what it's worth, here's my take on this situation. I'll admit up front that the following secenario is inferred and not proven. But it certainly looks like the story is something like this:
The initial communication intercepts triggered the initial level of concern. The pre-existing fears of repeating dates or locations of previous attempted attacks were already present. The available information convinced the Homeland Security apparatus to increase the threat level. Then, the higher threat level caused new and insufficiently tested data mining software to be activated. (It is possible that this could have happened earlier and contributed to the initial alert, but the sequence of the news reports suggests it happened later.)
The data mining software contained flaws which produced false positive identifications of terrorists. These were then accepted as more indications of the increasing threat level, a form of noise acting as positive feedback. And so, the higher threat level actually generated bad information making the threat level appear higher. And so on unto SNAFU. It was only after a series of flight cancellations and delays were shown to be caused by misidentification that things started to get back under control again.
Once the holiday period of assumed higher threat had passed -- and it should be noted that the assumption of the holiday period being more dangerous because of previous events existed independently of any current evidence -- the combination of communication intercepts, assumed higher vulnerability during the holidays and the misidentification of names were successively devalued to justify lowering the threat level to Yellow. Or "Yellow and a half" in some areas because of the retention of higher levels in some areas.
Making things better instead of worse
As I've noted earlier, the Terrorism Awareness system used by the Department of Homeland Security does not seem to be working very well. The "one size fits all" aspect of national alerts is unwieldy and confusing. The inevitable secrecy surrounding the reasons for why the threat level bounces up and down like a rubber ball is not reassuring. Likewise, the mixed messages about "it's safe to fly" combined with the flight cancellations based on FUBAR misidentifications doesn't make anyone feel safer and clearly is not directly affecting terrorists.
The biggest problem with the whole Homeland Security concept is the utter lack of transparency. Hiding behind a wall of secrecy does not increase public trust or engender public cooperation. Instead, people can become blase or cynical because of doubts about the integrity of the system. Instead of the paranoid cone of silence that surrounds the Homeland Security high command, a policy of "guarded openess" that maximizes the amount of public information -- without compromising security -- would be far more effective.
Tom Ridge should level with the public and tell people why and what dangers are being confronted. Most importantly, the secrecy associated with security issues should not become a cloak for concealing mistakes, problems or failures. If Homeland Security doesn't trust the American people, the people have no reason to trust Homeland Security.
=============================================
Update 1/17/04: Atrios points out that The Rittenhouse Review has a better solution to the Terror Alert Status. Heh.
![[Image]](../images/bunny.gif){kind=small}