Feeds

Too many Watch Lists – Congress

How many does a country need?

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

While errors in the Transportation Security Administration's "no-fly" list have famously raised the ire of innocent air travelers misidentified as terrorists, it's far from the only government watch list in use.

In a report released last week, the General Accounting Office, Congress' investigative arm, counted no less than 12 different government databases cataloging purportedly dangerous people, maintained by nine different federal agencies and accessed by 50 others -- a tangled web of largely incompatible systems that the GAO would like to see merged into one.

"[A]gencies have developed their respective watch lists, and have managed their use, in isolation from each other, and in recognition of each agency's unique legal, cultural, and technological environments," wrote investigators. "The result is inconsistent and limited sharing."

All of those lists contain names and birth dates; others -- like the INS's "Automated Biometric Identification System" and the State Department's "TIPOFF" database -- also hold fingerprints and photographs. Some include information on large financial transactions and travel history.

The problem, says the GAO, is that the systems use different software, run on three different operating systems, and store data in incompatible formats. All but four use closed proprietary standards. Seven aren't on interagency networks, so when sharing does occur, it's handled the old fashioned way -- by hand.

"According to several of these agencies, the manual workarounds are labor-intensive and time-consuming, and they limit the timeliness of the data provided," the report notes. "For example, data from the TIPOFF system are shared directly with the National Automated Immigration Lookout System through a regular update on diskette."

Consolidating the watch lists would benefit national security, investigators conclude.

Some of the government agencies involved agreed with the GAO that more sharing of data should occur, but seem less eager to create a single Super Watch List.

In a written response to the report, the Justice Department, which manages six of the lists, even cited civil liberties concerns over the idea of combining watch lists that include people suspected of criminal or terrorist involvement with lists of convicted offenders. But the bulk of Justice's response is devoted to the need to keep its lists secret from the public.

"There is no discussion of classified information in your report and the affect it will have on a consolidation effort due to the protection requirements such as clearances, 'need to know,' protection against improper disclosure, and handling of data," the department wrote.

The secrecy surrounding the watch lists is one of the things that peeves civil libertarians. Last month, the ACLU filed a lawsuit against the FBI, the Justice Department and the Transportation Security Administration in an effort to find out how two San Francisco peace activist wound up on the "no-fly" list, and were consequently detained and questioned at an airport.

© SecurityFocus logo

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.