October 18, 2004, 4:00 AM PDT
Is the U.S. investing in the proper technologies to fight terrorism? With the political parties making homeland security an issue in the fall presidential election, CNET News.com asked leading figures from the worlds of business, civil rights and technology for their insights.
One of the best ways for our government to enhance security and gain a competitive edge against terrorism is to take advantage of America's technological expertise.
The threat from terrorism that we now face requires unprecedented speed in the way the government collects, shares and acts on information. To deal with the threat of terrorism, information needs to be tailored to facilitate decision making and action at all levels of government--not only by the president, but also by police officers on the street.
Using currently available technology, the government can set up a network capability that substantially improves our ability to prevent terrorism. And when paired with clear guidelines to govern the system, the use of technology is also the best way to protect privacy and civil liberties.
The Markle Foundation Task Force on National Security in the Information Age, of which I am a co-chair, has recommended the immediate creation of the Systemwide Homeland Analysis and Resource Exchange (SHARE) network. The SHARE network represents a "virtual reorganization" of government by fundamentally altering how information is used to facilitate better, faster decision-making at all levels of government. The National Commission on Terrorist Attacks Upon the United States, also known as the 9-11 Commission, recommended adoption of the Markle Task Force recommendations, and President Bush has issued executive orders that have the potential to create the capability we have urged.
The SHARE network is not a centralized database approach to information sharing. It creates a decentralized, secure and trusted network capability that sends information to and pulls information from all participants in the system.
Such an approach empowers all participants, from local law enforcement officers to senior policy makers. Our approach combines policy and existing technical solutions to create a network that would substantially improve our ability to predict and prevent terrorist attacks.
For example, say a field agent at the Chicago FBI office and a CIA operative in Kabul become aware of separate leads that, if put together, might point to a biowarfare attack in Chicago. Under the current system, reports from these two agents are unlikely to be put together or raise any red flags. However, using the SHARE Network, these reports would be linked through similar key words such as "virus" and "Chicago," or other linking tools. Instead of being housed in classified files, these reports would be distributed electronically to people who should see them. They also would be posted and available to be pulled by network participants with a particular interest. An analyst at the Terrorist Threat Integration Center, for example, might see both reports, contact the CIA and FBI agents and others to discuss their reports, begin to connect the dots and create actionable objectives.
Information sharing itself is not the goal; rather, it is the means by which we can effectively enhance security and protect privacy, by maximizing our ability to make sense of all available information. The technology exists to build such a network, and it is being used in some places in government; what we need now is the leadership and the resources to get all the information flowing.
James Barksdale, CEO of Barksdale Management and former CEO of Netscape, is co-chairman of the Markle Foundation Task Force on National Security in the Information Age.
Technology makes us safer.
Communications technologies ensure that emergency response personnel can communicate with each other in an emergency--whether police, fire or medical. Bomb-sniffing machines now routinely scan airplane baggage. Other technologies may someday detect contaminants in our water supply or our atmosphere.
Throughout law enforcement and intelligence investigation, different technologies are being harnessed for the good of defense. However, technologies designed to secure specific targets have a limited value.
By its very nature, defense against terrorism means we must be prepared for anything. This makes it expensive--if not nearly impossible--to deploy threat-specific technological advances at all the places where they're likely needed. So while it's good to have bomb-detection devices in airports and bioweapon detectors in crowded subways, defensive technology cannot be applied at every conceivable target for every conceivable threat. If we spent billions of dollars securing airports and the terrorists shifted their attacks to shopping malls, we wouldn't gain any security as a society.
It's far more effective to try and mitigate the general threat. For example, technologies that improve intelligence gathering and analysis could help federal agents quickly chase down information about suspected terrorists. The technologies could help agents more rapidly uncover terrorist plots of any type and aimed at any target, from nuclear plants to the food supply. In addition, technologies that foster communication, coordination and emergency response could reduce the effects of a terrorist attack, regardless of what form the attack takes. We get the most value for our security dollar when we can leverage technology to extend the capabilities of humans.
Just as terrorists can use technology more or less wisely, we as defenders can do the same. It is only by keeping in mind the strengths and limitations of technology that we can increase our security without wasting money, freedoms or civil liberties, and without making ourselves more vulnerable to other threats. Security is a trade-off, and it is important that we use technologies that enable us to make better trade-offs and not worse ones.
Bruce Schneier is chief technology officer of Counterpane Internet Security. His latest book is "Beyond Fear: Thinking Sensibly About Security in an Uncertain World," and he publishes the monthly Crypto-Gram newsletter. He can be reached at http://www.schneier.com.
No one can deny that law enforcement and intelligence agencies need to do a better job of information sharing and "connecting the dots" to prevent further terrorist attacks.
But the lesson of efforts like the now-discredited Total Information Awareness program is that neither national security nor civil liberties are served by collecting too much data about too many people or by disseminating inaccurate or incomplete information. Better information sharing can be achieved only if privacy safeguards are built in from the outset.
A framework of coordination, oversight and privacy standards for information sharing has been recommended by a task force that has been working for three years under the auspices of the Markle Foundation. The task force has brought together technologists, national security experts and civil liberties advocates. Together, they have developed a concept that explicitly ties information sharing to privacy protection, transparency and accountability.
The task force's proposal for a "SHARE" network has been written into the intelligence reform legislation sponsored by Sens. Susan Collins, R-Maine, and Joe Lieberman, D-Conn. Their bill calls not for centralization of data but rather for:
A set of pointers and directories to information that can be shared only with appropriate authorization.
Adoption of policy and privacy guidance before any system is built.
A requirement on the front end of a system-design plan weighing costs and impacts.
A strong civil liberties board.
The Bush administration is urging deletion of the detailed restrictions in the bill. However, striking the SHARE concept from the legislation would let federal officials expand ongoing, ad hoc information-sharing efforts without privacy guidelines, congressional input, or civil liberties oversight.
The Senate bill calls for the administration to submit its plan and the privacy guidelines to Congress. To make it crystal clear that civil liberties will be addressed, the bill should be amended to state that the system will be used only for counter-terrorism purposes and that the plan and privacy guidelines will be made public before major implementation goes forward.
After the plan and guidelines are submitted, Congress should hold hearings. Congress should be able to rewrite the guidelines if they are inadequate. And the normal appropriations process should be followed.
In all these ways, the Senate SHARE proposal is based on accountability: plan first, adopt robust privacy guidelines, and then implement with congressional oversight.
Jerry Berman is president of the Center for Democracy and Technology. He has also participated in the Markle Foundation Task Force on National Security in the Information Age.
Since the attacks on the World Trade Center of Sept. 11, 2001, most Americans have patiently borne long lines at scanners and quizzing in airports. We are dimly aware of a frenzy of activity in the nation's capital that diverts resources to new agencies, databases and technology. But our unease remains.
Privacy and security are supposed to be trade-offs--many people think that one has to be sacrificed for the other. But we don't seem to have as much of either as we would like. For its efforts to improve security (with or without trampling our liberties), the government gets a solid "C-".
Is this unfair? Some of the reports castigating the government's national security efforts have set the bar pretty high. The federal government is a behemoth, and the United States is a free country--and a big one. The parade of plausible security vulnerabilities is nearly infinite, and it is unrealistic to suppose that every cornfield can be secured.
There are problems with passenger screening, among other safeguards, even though one would think it would be a priority area where we would have seen substantial improvement by now. This general lack of progress is not a result of obstacles thrown up to protect civil liberties. Although court decisions have marginally trimmed back expanded law enforcement powers, most of the new powers stand untouched.
How to address this problem? Some call for more money, more personnel, more technology, more federal control over private-sector ventures that secure premises and networks. But until the big-picture problem is fixed, it will be more of the same--efforts that are likely to be misdirected.
The big-picture problem is a lack of accountability. Air travel security was turned over to a federal agency because of concerns with private-sector lapses; but if a private company fails, it can be fired. There's no firing the Transportation Security Administration. Meanwhile, the Patriot Act reduced judicial oversight of law enforcement agencies, and legislative oversight has no teeth. Formerly separate executive functions--intelligence, police and military--have been blended, yielding a dangerous mix of power and secrecy, and a confused mission.
The bottom line: We should meet failure with something other than funding increases. Ironically, more accountability would strengthen civil liberties, as well as security. If the Feds have the wrong name on a watch list, they aren't just creating a hazard to freedom, they are wasting their time.
Solveig Singleton is senior adjunct fellow at the Progress & Freedom Foundation, and a frequent commentator on privacy and technology issues.