Feeds

Too many Watch Lists – Congress

How many does a country need?

  • alert
  • submit to reddit

Using blade systems to cut costs and sharpen efficiencies

While errors in the Transportation Security Administration's "no-fly" list have famously raised the ire of innocent air travelers misidentified as terrorists, it's far from the only government watch list in use.

In a report released last week, the General Accounting Office, Congress' investigative arm, counted no less than 12 different government databases cataloging purportedly dangerous people, maintained by nine different federal agencies and accessed by 50 others -- a tangled web of largely incompatible systems that the GAO would like to see merged into one.

"[A]gencies have developed their respective watch lists, and have managed their use, in isolation from each other, and in recognition of each agency's unique legal, cultural, and technological environments," wrote investigators. "The result is inconsistent and limited sharing."

All of those lists contain names and birth dates; others -- like the INS's "Automated Biometric Identification System" and the State Department's "TIPOFF" database -- also hold fingerprints and photographs. Some include information on large financial transactions and travel history.

The problem, says the GAO, is that the systems use different software, run on three different operating systems, and store data in incompatible formats. All but four use closed proprietary standards. Seven aren't on interagency networks, so when sharing does occur, it's handled the old fashioned way -- by hand.

"According to several of these agencies, the manual workarounds are labor-intensive and time-consuming, and they limit the timeliness of the data provided," the report notes. "For example, data from the TIPOFF system are shared directly with the National Automated Immigration Lookout System through a regular update on diskette."

Consolidating the watch lists would benefit national security, investigators conclude.

Some of the government agencies involved agreed with the GAO that more sharing of data should occur, but seem less eager to create a single Super Watch List.

In a written response to the report, the Justice Department, which manages six of the lists, even cited civil liberties concerns over the idea of combining watch lists that include people suspected of criminal or terrorist involvement with lists of convicted offenders. But the bulk of Justice's response is devoted to the need to keep its lists secret from the public.

"There is no discussion of classified information in your report and the affect it will have on a consolidation effort due to the protection requirements such as clearances, 'need to know,' protection against improper disclosure, and handling of data," the department wrote.

The secrecy surrounding the watch lists is one of the things that peeves civil libertarians. Last month, the ACLU filed a lawsuit against the FBI, the Justice Department and the Transportation Security Administration in an effort to find out how two San Francisco peace activist wound up on the "no-fly" list, and were consequently detained and questioned at an airport.

© SecurityFocus logo

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.