Posted on 11/17/2004 9:17:35 AM PST by knuthom
This is long, so if you are short of time scroll down to the bold section.
If you've been following this series of articles, you might recall that in my last article, I wrote about the Captain of United flight 925 who discovered -- once he was half-way across the Atlantic -- that two passengers he was carrying were on the "no-fly" list. Many of you have written to WomensWallStreet.com wondering how, in the age of information, this could be possible? What exactly is the "no-fly" list anyway, some readers are asking? Who decides what names go on the list? Who checks the list to ensure potential terrorists are not boarding our planes? And most importantly, is the "no-fly" list working?
The "no-fly" list is one of our primary defenses against terrorist acts on airplanes. In the most basic terms, the "no-fly" list is simply a list of names -- nothing more. The "no-fly" list does not include personal information such as birthdates or passport numbers. It is literally just a list of names gleaned from other larger, more comprehensive lists. Collectively, these larger, more comprehensive lists are officially referred to as "Terrorist Watch List Information" and include names as well as such relevant accompanying information as a person's identifying body marks, where they ate lunch on their last trip to Kuala Lumpur (as with one of the 9/11 hijackers), and more. The Terrorist Watch List Information, collected by various intelligence agencies around the world, is under the stewardship of the Department of Homeland Security (DHS). According to the Homeland Security Act of 2002, DHS is in charge of the critically important job of consolidating Terrorist Watch List Information into one list and sharing it with other federal agencies.
Any information from Terrorist Watch Lists is considered highly classified -- so classified that the people with access must go through 14 months of security clearances to get their jobs. In only one instance is any information from the Terrorist Watch Lists ever shared with a private company -- when the private company is an airline. The information given to airlines is a name-only list called the "no-fly" list.
The Transportation Security Administration (TSA), under the guidelines of the DHS, oversees this transfer of information from the government to the airlines. The "no-fly" list is a computer program -- it is highly classified, hence no airline employees actually have access to the list -- which attempts to match names on its list with passengers attempting to board aircraft. For example, when John Doe checks in to board his plane, his name is run through the "no-fly" list. The highly name-sensitive computer program will indicate to the agent if there is a match. If your name is spelled the same way as another person who is on the "no-fly" list, you too have earned a place on this list. Conversely, an incorrect spelling or an extra letter would likely not result in a computer match. This is where the system runs into problems. A single Arabic name, when translated into English, can take on a number of different forms. For example, Nawaf al Hazmi is the same person as Nawaf Alhazmi and Khalid al Mihdhar is the same person Kahlid al-Midhar. But the complex spelling of Arabic names doesn't seem to be the only problem with the system. After reviewing hundreds of pages of government documents, reading news reports and interviewing a few interesting people, here is what else I've learned.
Before 9/11, there was no DHS. There was no TSA. Officially, there wasn't even a "no-fly" list. Instead, the Federal Aviation Administration (FAA) acted as the liaison between intelligence agencies and the airlines, issuing what were called "security directives." Laura Brown, national spokesperson for the FAA (and a FAA employee on 9/11) describes it like this:
"We were consumers of information. We relied on intelligence from the FBI and the CIA. They would send us names of individuals considered flight risks and we'd issue security directives with those names in them. That was the protocol. That was the way we got the word out to airlines that certain people were not supposed to get on an airplane."
The FAA came under fire after 9/11. In his book "After: How America Confronted the September 12 Era," noted author and Newsweek columnist Steven Brill writes that in the months before 9/11, the FAA's Director of Civil Aviation, Lee Longmire, had been sent a list with 300 names on it -- names of persons who posed a direct threat to aviation security. Brill writes that two of the 9/11 hijackers, Nawaf al Hazmi and Khalid al Mihdhar, were on that list but that the FAA failed to send the names to the airlines in time. Brill writes that when the list was finally faxed out the morning after 9/11, the FAA "crossed those two names off to avoid embarrassment."
Brown categorically denies Brill's claim.
"Before 9/11, the FAA had no separate lists lying around... So, this whole issue of the separate lists is false. We'd [the FAA] sent [the airlines] all the names that we were provided. We had no information on the hijackers before 9/11 in terms of those people posing a threat to civil aviation. However, having said that, four of them did have pilot's licenses. But there was nothing we had from any intelligence agency to indicate that they were a threat to aviation."
Regardless of which version of events you choose to believe, one thing is certain: the system of sharing information between agencies wasn't working. Federal agencies each kept their own databases; there was no policy in place to encourage sharing, let alone to enforce it. The CIA knew about Nawaf al Hazmi and Khalid al Mihdhar long before the two terrorists boarded American Airlines flight 77 and flew it into the Pentagon. The CIA knew the two men were in the United States -- they'd been tracking them since January 2000. The CIA knew the men were dangerous al Qaeda operatives. The CIA knew the men had teamed up and were on American soil. And yet the CIA neglected to share this information with the FAA or any other federal agency.
In "Why America Slept, the Failure to Prevent 9/11," best-selling author and investigative journalist Gerald Posner writes:
"The CIA's failure to share its information on al-Midhar and Alhazmi blinded other government agencies when they encountered the pair. When, for instance, al-Midhar was in Saudi Arabia in June, his visa expired. Since he was not on any watch list, the State Department's consular office in Saudi Arabia routinely issued a new one. When Alhazmi was pulled over for speeding in April 2001 by an Oklahoma state trooper, the policeman ran his driver's license through the database and checked the registration to make sure that there was no arrest warrant and that the car was not stolen. A listing by the FBI on their terror watch list would have ended Alhazmi's journey then, but without any sharing from the CIA, Alhazmi left with just two tickets totaling $138."
The 9/11 Commission Report illustrates what happens -- or rather what doesn't happen -- when information isn't shared among federal agencies. On August 23, 2001, two-and-one-half weeks before 9/11 and 20 months after al Mihdhar and al Hazmi had been in the United States, the CIA finally notified another federal agency, the Immigration and Naturalization Service (INS), about the two terrorists. The INS ran the two men through their databases and discovered they were in the United States (which of course the CIA already knew). The FBI was made aware of the two and initiated a search but did not succeed in finding the men in time. But according to Posner, this was not because the two terrorists were especially clever or covert. In his book, Posner writes "no one in the Bureau evidently checked to see if the men were listed in the phone book. Alhazmi was in the San Diego white pages: ALHAZMI, Nawaf M, 6401 Mount Ada Road, 858-279-5919."
Why am I harping on what happened pre-9/11? To illustrate the importance of information consolidation and sharing. The information was there, it just wasn't effectively collected or shared. Information sharing, which includes an effective, up-to-date "no-fly" list, is meant to be a large part of the solution in a post 9/11 world. And yet it still isn't happening.
Sharing Terrorist Watch List Information After 9/11 In 2002, The Homeland Security Act established the DHS. Among other things, it required DHS to take a leading role in coordinating and sharing Terrorist Watch List Information. The government had mandated that a single Terrorist Watch List (consolidated from the multiple existing sources) was paramount to national security. And yet a year later, in April of 2003, the government's main watchdog agency, the GAO (Government Accounting Office) found many of the pre-9/11 problems still existed. There were still nine different government agencies working from more than a dozen different lists. Any given federal agency still didn't have a clue what other federal agencies were doing. The GAO put the need "to consolidate and share Terrorist Watch List Information" as a top priority for DHS -- which is what the Homeland Security Act had originally mandated.
That was a year and a half ago. Cut to last month. DHS Inspector General Clark Kent Ervin (the DHS's own watchdog) released a report citing major problems with the Terrorist Watch List consolidation and sharing effort. This list, says Ervin, is still not working. Simply stated by Ervin, "DHS is not fulfilling its responsibility as stated by the Homeland Security Act."
Michael Greenberger is the Director of the Center for Health and Homeland Security at the University of Maryland. In the report, he sees the lack of a single, unified list as a fundamental flaw in the system. "You have people sitting at a desk [at DHS] running names through six different servers. You're not getting accurate information. You can't be sure each name is being run against the right list."
Ervin says a lack of resources is to blame for the misinformation -- not money, but people. DHS has more than 180,000 employees but apparently there aren't enough qualified people to consolidate the multiple watch lists into a single source. The report says experienced intelligence analysts are in short order these days with five or six positions available for every potential applicant. And when a qualified applicant turns up, it takes 14 months to establish proper security clearance for that person.
The report also reveals that, in the absence of a new, consolidated working list, the old system of identifying people who were threats to aviation safety -- CAPPS II (Computer Assisted Passenger Prescreening System) -- has been suspended. The pre-9/11 system flagged passengers who fit certain profiles and subjected them to additional screening measures. (CAPPS II flagged several of the 9/11 hijackers and subjected those men to additional screening procedures, none of which located the weapons the men were carrying or prevented them from boarding the planes.) Granted, CAPPS II was far from flawless, but wasn't suspending it without having a new, working system securely in place a bit like throwing the baby out with the bathwater?
As an interesting side note and further adding to the problems, according to the report, the American Civil Liberties Union (ACLU) has filed a class action lawsuit against the DHS, claiming the "no-fly list" violates passengers' constitutional rights including freedom from unreasonable search and seizure as well as due process of law. Recently, there have been dozens of stories in the news about people who have every right to fly but can't because they're on the "no-fly" list. They include one of Washington D.C.'s most recognized legislators, Senator Ted Kennedy; a 74-year old nun; and anyone named David Nelson, Mary Smith or Kevin Johnson. (By the way, air travelers with these names have apparently been advised by TSA officials to make slight alterations to their names. TSA spokesman Mark Hatfield was recently quoted by MSNBC as saying that "using middle initials, middle names or suffixes such as "Jr." could cut down the number of "false positives" when it comes to being identified by the "no-fly" list.)
The report also reveals what I see as the fatal flaw: lack of leadership. After reading through 40 disheartening pages (click here to read full report) that explain why things at DHS are such a mess, I came across a memo from the man supposedly in charge of consolidating and sharing Terrorist Watch List Information. His name is Frank Libutti and he's the Under Secretary of Information Analysis and Infrastructure Protection (IAIP). IAIP is the division within DHS specifically cited in the Homeland Security Act of 2002 as being in charge of making this part of the system work. According to the report, Under Secretary Libutti doesn't believe he's in charge of consolidating the lists of information. In a memo included in the Inspector General's report Libutti writes:
"This report fails to recognize the legal authority of Homeland Security Presidential Directive - signed by the President of the United States, [who] assigns the lead role for consolidating terrorism screening data to the Department of Justice."
Confused? So was I. Is Libutti in charge or isn't he? Does he want to be in charge or doesn't he? I decided to call Inspector General Ervin directly. Here's a bit of what was said.
AJ: At the end of your report, Under Secretary Frank Libutti says he's not in charge of consolidating and sharing Terrorist Watch List Information.
CKE: Yes.
AJ: So, the man given this incredibly important job says it's not his job...I'm wondering what kind of message this sends to the average American person trying to understand this, there is no one in charge?
CKE: It's very clear from the Homeland Security Act. The DHS in general, and IAIP specifically, has overall coordination responsibility [of the Terrorist Watch Lists].
AJ: So you feel the Under Secretary should be in charge, but he feels the Department of Justice [an entirely different federal agency] should be in charge?
CKE: That's right. There's a difference of opinion.
AJ: Your report also says Libutti takes this position [that it's not his job] "without any legal assessments" to support his claim. On what authority, then, is Under Secretary Libutti acting?
CKE: We never received any legal analysis to support IAIP's claim.
AJ: Is Libutti simply not interested in the job?
CKE: It is our understanding, based on conversations with him - that his position is firm and unaltered. He maintains it is not a DHS responsibility.
AJ: Do you find this disheartening, or is there some forward thinking here that I'm missing?
CKE: The Terrorist Watch List Consolidation effort is a critically important issue. We acknowledge some progress in the report, but there are still problems... We maintain as a matter of law and as a matter of common sense that the responsibility should be that of the Department [of Homeland Security].
AJ: So, where do we go from here?
CKE: For now, we agree to disagree.
Where Does This Leave Aviation Security?
After three years and several oversight reports, the DHS has still failed to create a single, comprehensive Terrorist Watch List. Without a properly informed "parent" list (the Terrorist Watch List Information) the junior version (the "no-fly" list) seems doomed to fail. And, not only do we not have a new system in place, but we have jettisoned the old system and are now faced with a leadership dispute within the DHS that leaves no one in charge.
The 9/11 Commission report makes one thing crystal clear: leadership is imperative to winning the war of terror. The Inspector General's report could point out 1,000 problems and suggest 1,000 solutions, but what good does it do if no one is in charge? In the final pages of the report, Inspector General Ervin asks Under Secretary Libutti the same question:
"Coordinating terrorist information sharing is a major part of achieving DHS' broad mission to prevent and reduce the vulnerability of the United States to terrorist attack. 'Connecting the dots' and ensuring better communications and information exchange among disparate federal, state and local governments entities for counter terrorism was a large part of why DHS was created. If DHS or specifically IAIP does not assume this interagency coordination responsibility, the question remains, who will?"
It's a good question to which I will add another: and when? The sooner it happens, the sooner we'll stop hearing officials say the information did not match up.
Frank Libutti's office did not respond to repeated requests for an interview.
"DHS has more than 180,000 employees but apparently there aren't enough qualified people to consolidate the multiple watch lists into a single source. "
thanks goodness we made these Federalized union jobs.
Hi, this is Bob over at the TSA. Just to let you know, I'm the guy actually in charge of the "no-fly" list. I don't have any intelligence reports, CIA data, or anything to work from. Just a list of arabic-kinda syllables, like "ak", "mar", "el" "mohm", "bar", that kind of thing. I put them into a big bowl, then pull out at least three at a time, and then string them together into "names". If they happen to match up with anyone's actual name, we kick them off the plane. Pretty cool gig for a GS-14! Well, I'd better get back to work making you safe, America! Later!
Captain Frank Libutti was my company comander at Marine Corps OCS in Quantico, VA, 1970. Served with him again in the First Marine Division in the late 80's when he was a Colonel. He eventually made Lieutenant General.
There is no finer individual that I have met in or out of the service. If Frank Libutti says something is just so, you'd better believe it.
Semper Fi,
I believe that he is not doing the job, since he thinks it is not his responsibility. But the problem isn't one of who is telling the truth. If they disagree on whose job it is, they had better get that straightened out or nobody will be doing it. That is simply unacceptable.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.