Terrorist watch lists: Are they working as they should?
Boston bombing suspect Tamerlan Tsarnaev was one of 875,000 names in a database the US uses to produce at least nine watch lists, but the naming didn't prevent the attack. Some security experts worry that data overload may be hindering US counterterrorism efforts.
Tamerlan Tsarnaev landed on America's terrorist watch list in 2011. Tamerlan's younger brother, Dzhokhar, now charged in the Boston Marathon bombing case, seems not to have made the list.
Ultimately, Tamerlan's inclusion on the watch list did not lead investigators to detect the April 15 bomb plot that killed three and wounded at least 260 – prompting inevitable questions about why not, and whether "dots" of intelligence and information that could have been connected were not.
America's terrorist watch list is all about connecting dots – and it is certain to be a focal point for future congressional hearings pegged to the Boston case. A key part of the vast counter-terrorism net cast by the federal government after the 9/11 attacks, the watch list is actually at least nine lists drawn from a single government database. Criteria for determining who gets "nominated" for inclusion in that database – and, then, who actually makes it onto an agency's specific list – are tightly guarded secrets.
What does seem clear, however, is that the spigot opened wide in the past three years, leading to torrential growth in the core terrorism database. Whether those extra mounds of data give investigators a more accurate view of the universe of terrorists, or whether they have the unintended effect of making prospective terrorists harder to find and the dots harder to connect, is a matter of hot debate – and one that the Boston bombing case may well intensify.
"There's absolutely no question that they're just choking on the volume of information, both classified and unclassified, that's going into the system," says Dakota Rudesill, a visiting professor at Georgetown University Law Center who served, during President Obama's first term, as special assistant in the policy, plans, and requirements directorate of the Office of the Director of National Intelligence, which includes the National Counterterrorism Center. "You're taking on this immense challenge with all this data – like finding a particular needle in a haystack of needles."
US officials bridle at inferences that the system is overwhelmed.
"Certainly, the volume has grown, and the list has grown for a number of reasons," says a US counterterrorism official who spoke on background because he is not permitted to speak on the record. "The intelligence is better; the value of sharing information is seen as better by the agencies involved. The watch list is created specifically to be one of the big dot-connectors in the counterterrorism effort – it's among the most sophisticated systems the government has – and it's proven itself to be effective."
The making of the watch lists
Like a giant digital vacuum, the Terrorist Identities Datamart Environment (TIDE), a highly classified database maintained by the National Counterterrorism Center in McLean, Va., each day sweeps up thousands of names, aliases, birth dates, and other potential terrorist tidbits – known as "derogatory information" – and tries to match them with hundreds of thousands of names, faces, and identifying biometric data also sent in by the Central Intelligence Agency, the State Department, the Federal Bureau of Investigation, and other US agencies.
"TIDE is the granddaddy repository – not a watch list itself, but it feeds the lists," says Mark Randol, a specialist on domestic intelligence and counterterrorism formerly with the Congressional Research Service (CRS). "The whole deal with a watch list is that you need a place where the objective is to see if you can identify, and stop, people you think are terrorists from just coming into the US and disappearing into the woodwork to plot attacks."
As of December, TIDE contained the names of 875,000 individuals (not including aliases), the counterterrorism center reports. Each day, TIDE sends a river of new names to the Terrorist Screening Center, run by the FBI. The screening center combines TIDE's names with those on the FBI's own domestic terrorism list to create the Terrorist Screening Database (TSDB) – America's master terrorist watch list.
Both TIDE and the TSDB have been expanding fast. TIDE grew from 740,000 names in 2011 to 875,000 in 2012 – an 18 percent jump. The TSDB, for its part, jumped 23 percent from 423,000 individuals in May 2010 to 520,000 in October 2012, according to the CRS and the Terrorist Screening Center.
What happens to the identifying information about a known or suspected terrorist after it is put onto the master terrorism list? The FBI's screening center sends that information to four US agencies with primary responsibility for straining out would-be terrorists, which then add it to their own unclassified watch lists.
State Department. Its Consular Lookout and Support System (CLASS) screens passport and visa applicants.
Department of Homeland Security (DHS). It uses the Traveler Enforcement Compliance System (TECS), which flows into the Interagency Border Inspection System and the Automated Targeting System – lists used by the US Customs and Border Protection for border and port security.
FBI. Its National Crime Information Center list is disseminated as a tool for police departments across the United States. The bureau also has its own Guardian database (different from the TSDB), and Tamerlan Tsarnaev was reportedly on it.
Transportation Security Administration. The TSA, part of the DHS, keeps three air-passenger screening lists – "no fly," "selectee," and "secure flight." The no-fly list is one of the most exclusive watch lists, winnowed to those tagged as possible terrorists who are to be blocked from getting on a US-bound flight. The selectee list signals that an air traveler requires extra screening but being on that list does not necessarily prevent that person from boarding. Both lists have about 20,000 names, the Terrorist Screening Center reports. The secure flight list allows expedited boarding for passengers whose prescreened personal information is compared with watch list data.
Actions that lead to a person being nominated to TIDE as a "known or suspected" terrorist include engaging in terrorist activity, preparing or planning an attack, gathering information on targets, raising funds for attacks, and soliciting membership in a terrorist organization. Less-obvious criteria remain cloaked in secrecy, including nominations that come from foreign intelligence agencies. In 2009, the FBI's own inspector general noted some dissatisfaction with the process, saying the bureau "failed to nominate known or suspected terrorists in 15 percent of the cases we reviewed."
Getting off the list has been problematic, too. The inspector general criticized the FBI for being "untimely in its removal of the subjects" from the watch list in 72 percent of cases reviewed. Travelers who are often delayed at airports are not usually on a watch list; rather, their names and personal information are similar to that of someone who is. In 2012, at least 14,000 records were deleted from TIDE or terrorist watch lists after it was determined that the people no longer met the criteria for inclusion, the counterterrorism center says. US residents make up about 1 percent of TSDB listings.
But civil liberties experts are not satisfied.
"We still don't have access to the information we need to allow us to evaluate how well it's working or how many [who should not be on the list] have been able to get off," says Sharon Bradford Franklin, senior counsel at The Constitution Project, a Washington-based civil liberties group.
How Tsarnaev made the watch list
In March 2011, the FBI interviewed Tsarnaev after Russian intelligence services warned that he had become radicalized. By June, the FBI concluded a basic "assessment" without adding derogatory data to his file, The Washington Post reported. His name, however, did remain in the FBI's Guardian database – an internal watch list.
In September, the Russians again sent up a flare about Tsarnaev's radicalization, this time to the CIA. By year's end, his name had been added to TIDE and the TSDB watch list, the Post reported.
Three days before Tsarnaev left for southern Russia, his name popped up in the TECS system. It is not clear why the rising number of red flags – including his travel to a part of Russia where Islamic radicals are active and his online postings of jihadist videos – did not set off alarm bells. Some analysts say they believe that some important details simply didn't make it into the database.
"If they get the Russian tip, and they were also aware of [the] fact he was visiting Russia and jihadist websites, then I'm not altogether convinced the FBI would have said they found nothing on him," Mr. Randol says. "The fact they didn't see a problem means to me they were not aware of these details."
The near miss that changed watch-listing
Connecting dots so that clues are not left floating in a sea of data was a top goal after the near-miss Christmas Day bombing attempt in 2009. Nigerian national Umar Farouk Abdulmutallab famously tried to blow up a Detroit-bound airplane using plastic explosives hidden in his underwear.
On Nov. 18, 2009, Mr. Abdulmutallab's own father reported his son's radicalization to US Embassy officials in Nigeria. A week later, the son's name was added to TIDE, but not to the watch list – in part because the source of the derogatory information was not included, weakening it. Five weeks later, Abdulmutallab tried to blow up the plane.
Afterward, President Obama ordered a review to determine why Abdulmutallab's name had not appeared on the master watch list. Later in 2010, the nominating criteria changed, with the result that more names and data flowed into TIDE and the TSDB. One measure of the increase: The number of US citizens and lawful permanent residents on the no-fly list more than doubled, the Government Accountability Office (GAO) found in a 2012 study of watch list changes.
Even before the changes, concern was evident within the intelligence community about the huge amount of data being funneled into TIDE. Back in March 2010, Russell Travers, then deputy director of information sharing and knowledge development at the National Counterterrorism Center, told a Senate panel that the inflow of 10,000 names a day to TIDE had required some adjustments. Among them was the advent of special "pursuit teams" of analysts to explore threads, threats, and loose ends that would help "connect the dots," he said, acknowledging that the step was "an experiment."
The 2012 GAO report likewise noted concern among "nominating agencies" about their abilities to process so much information – especially after the changes that followed the underwear bombing attempt. It noted that "agencies are ... pursuing staffing, technology, and other solutions to address challenges in processing the volumes of information."
A notable watch list success
Despite the fire hose of incoming information, the US saw some success in apprehending terrorism suspects. After someone tried to set off a car bomb in New York's Times Square on May 1, 2010, investigators traced the crime to Pakistani-American Faisal Shahzad – and added his name to the no-fly list at 12:30 p.m. on May 3. Later that evening, Mr. Shahzad was indeed attempting to make his getaway to Pakistan. Minutes before his flight was to depart, authorities spotted his name during a final check.
"What used to happen in days now happens in minutes or seconds," the US counterterrorism official says of recent watch list updating and technology upgrades. "The Times Square bomber actually got on the plane thinking he was getting away. But we have a real-time transactional interface with the Customs and Border Patrol. They screened the passenger manifest, arrested him, and took him off the plane."
Today, says the US counterterrorism official, the backlog of information has been eliminated and analytical resources are adequate. The number of names on the TSDB fluctuates, but during the past year appears to have "leveled off" at about a half million, he says.
Unconnected 'dots' in Tsarnaev case?
Questions remain, however, about the government's handling of Tsarnaev during the year leading up to the Boston bombings. Some wonder why he was not a candidate for extra scrutiny by a pursuit team or by the FBI. Others ask why federal authorities did not inform local police of the warnings about Tsarnaev's possible radicalization, so they could possibly keep an eye out.
Were there dots that, if connected, would have led to closer FBI scrutiny and prevention of the Boston Marathon bombings? If so, did data overload play a role?
"No, actually more data makes it more effective," insists the counterterrorism official. "The more derogatory information in there, the better able the system is to screen, and the better the whole system works."
But data overload is likely to be raised in future hearings on Capitol Hill, some say.
"I hope the Boston case will lead to a new revision of the watch list, to see whether we are adding just too much information on people so that it leads to a needle-in-the-haystack problem," Randol says.
"Right now, it isn't clear that there are plans in place to review the effectiveness of the watch list or whether the level of misidentification is growing because the haystacks are getting too big."