Federal Bureau of InvestigationPosted 2002-09-10 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
A year after Sept. 11, law enforcement far too often finds itself left alone on the front line of defense.: A World Apart">
Federal Bureau of Investigation: A World Apart
Gerard Leone spends many hours running from meeting to meeting, persuading the FBI, the Massachusetts State Police and numerous other agencies to work together to fight terrorism. The First Assistant U.S. Attorney in Boston, Leone is the coordinator of the Massachusetts' Anti-Terrorism Task Force (ATTF), part of a network of regional organizations mandated in a series of directives from Attorney General John Ashcroft following an executive order from President Bush.
Leone is the ATTF's chief information officer. He is a conduit for both classified and unclassified informationmonitoring ongoing investigations, sifting new information from sources ranging from criminal investigators to the military, and weighing who needs to see what. When the FBI in August sent a bulletin that al-Qaeda was training terrorists to create exploding light bulbs, Leone notified investigators to watch for suspicious activity relating to light bulb purchases.
"In our district, the ATTF is like the board of directors," Leone says. "I coordinate the implementation of ideas, which is programmatic, and coordinate the case-making, which is operational [and includes the investigative aspect of terrorism]."
The operations arm of the ATTF is the FBI's Joint Terrorism Task Force, which began in New York City in 1980 and which FBI Director Robert Mueller is now expanding to serve all regions of the country. In Boston, the JTTF is a select group of key federal and regional agenciessuch as the Boston policewho require FBI security clearances to handle classified information. But since Sept. 11, public health inspectors, firefighters, the National Guard and other government employees who have roles in fighting terrorism are included in the ATTF, if not in the JTTF itself.
Those JTTF aspirants who qualify for a security clearancea process that North Miami Police Chief Bill Berger says can take eight monthsare assigned a seat in front of an FBI terminal and can access cases filed in the FBI's investigative databases, which ex-FBI agent Robert Chiaradio calls "the backbone" of the FBI. Currently, an FBI case file is viewed via an IBM 3270 green-screen terminal, a process the FBI is working to modernize under a project called Trilogy.
Even the space allotted for JTTFs is isolated to protect the security of the FBI field offices, Chiaradio says. The FBI is in the difficult position of having to speed up security clearances for members of outside agencies while bolstering internal security systems that were torn to shreds by convicted spy (and former FBI agent) Robert Hanssen, among others.
The Webster Commission reported in March that New York City field agents feel vindicated in their refusal to enter documents into the FBI's Automated Case Support (ACS), which Hanssen raided. As a result, New York lost only two agents to Hanssen's treachery out of more than 50 lost when other field offices entered paper documents into ACS that had been shipped from New York as leads.
On the other hand, two detectives from the Massachusetts State Police, who helped the Boston terrorism task force catch would-be shoe bomber Richard Reid, had no FBI security clearances at first.
They simply left the room when the JTTF discussed classified information. "You don't even share information among yourselves," Chiaradio says. "Information [such as who is working on what case] is compartmentalized in the bureau, and you're not even supposed to be going into other areas. Information is strictly on a need-to-know basis."
Before Chiaradio left the bureau in June to work at KPMG Consulting, he was the executive assistant director for administration, one of several new positions that Mueller created in the wake of the Sept. 11 attacks. Chiaradio is one of several agents to depart over the last few months. In mid-August, Mueller's counterterrorism chief, Dale L. Watson, left to assume a post with Booz Allen Hamilton, another big-name private consulting firm.
Mueller, a former U.S. attorney, began a sweeping reorganization of the bureau in December, just a few months after becoming FBI director. Chiaradio's assignment was to oversee the FBI's handling of records and knowledge management in the wake of the Oklahoma City bombing. In that case, the FBI misplaced more than a thousand documents that were supposed to be turned over to attorneys trying Timothy McVeigh. McVeigh's execution was delayed for a month while the FBI sorted out the mess.
When he first met Mueller last October, Chiaradio says, the director was extremely frustrated with how "paper-driven" the bureau was.
"It is no secret that our information infrastructure is behind current technology," Mueller told a House Appropriations subcommittee in March. "Without question, we all believe that this is the number one problem confronting the FBI today."
The FBI is now scrambling to get PCs on agents' desks and shore up FBI networks by July 2003 and modernize its software by June 2004, to allow agents to handle case files easily and electronically.
Until May 30, when Attorney General John Ashcroft revised the FBI's more than 20-year-old investigative guidelines, agents were not allowed to surf the Web or use commercial data services. FBI press officer Jim Margolin, stationed in the FBI's New York City field office, says that until this summer he was unable to receive e-mail electronicallymessages would be printed and hand-delivered to him one to two days after they arrived.
Chiaradio thinks the FBI is unfairly criticized for not sharing information, although he acknowledges he may be seen as biased since he spent 18 years at the bureau. "Whenever I was on the ground level with people, talking to police chiefs and sheriffs, I did not hear that [criticism]," he says. "The rumor is bigger than the fact. And if you listen to Mueller testify on the state of the FBI IT system, you can appreciate that the FBI may not be sharing information because they don't have it to share."
The electronic walls around the FBI reflect the rigid division between intelligence and criminal investigations and between federal and state agencies that existed before Sept. 11, notes Leone, who says he has been "very patient" in working with the FBI.
The mind-set has been to hold information close to the vest. "These people are taught and trained how to deal with information and intelligence, and now they're told they have to alter that approach and mind-set," Leone says.
Indeed, Leone says, the entire network of relationships that constitutes the ATTF is based on trust. The Massachusetts ATTF is deciding on a password-protected, Web-based mechanism for posting classified information for members. Included in Leone's group of advisers on how to set up a computer system and determine access rights is a member of the FBI's technology department, who will ensure that the system communicates with the FBI's through a dedicated FBI server.
The JTTF and the Massachusetts State Police now fax each other tips on a common report form developed by the ATTF and enter the information into their respective databases.
Those databases can't communicate today, but soon the information will dump into a common database accessible by browser, says Maj. Robert Smith of the Massachusetts State Police. Leone today sends out nonclassified information via secure e-mail; classified information is sent by secure fax. If he can't meet members of the JTTF face-to-face, he talks to them on a secure telephone that scrambles his conversations.
The FBI is taking other rapid, if somewhat uncoordinated, steps to improve its ability to communicate critical information with the outside world. Smith says the FBI is sending more alerts lately to ensure that local agencies know what's going on in their districts, even if the information is sometimes vague. "I don't need to know their sources," Smith says.
FBI Director Mueller has vowed to make the National Law Enforcement Telecommunications Systemused for sending messages similar to an all-points bulletinless slow and cumbersome. In April, law enforcement agents, for instance, heard on broadcast news that Attorney General Ashcroft said al-Qaeda was considering physical attacks against banks in the Northeast.
The FBI has begun to open LEO, its Law Enforcement Online Network, to other law-enforcement agencies. But Leone notes that LEO, which includes e-mail capabilities and nonclassified newsgroups, is not widely used in Massachusetts.
Sheriff John Cary Bittick of Monroe County, Ga., says he has been working with the Department of Justice on a plan to merge LEO and the DOJ's Regional Information Sharing System (RISS). "The attorney general has got to make up his mind which system to use to put out terrorism info. They need to do something quickly," Bittick says.
The FBI also is shoring up its National Crime Information Centera repository of 17 criminal records databases housed on IBM System 390 mainframes in Clarksburg, W.Va.with a terrorist watchlist.
Many NYPD cops say they have neither heard about the terrorist watchlist nor possess the equipment to get information out of the NCIC, if they wanted to.
For instance, the FBI's vision of a cop holding a suspect's thumb to a fingerprint scanner inside his patrol car and matching it with a mug shot generated by NCIC databases requires equipment and high-bandwidth connections that have not been available to police forces or anyone else.
"The FBI is best equipped to deliver information to local governmentsthey do this now with criminal histories, and it could be expanded greatly with the right kind of money," says Paul Wormeli, chairman of the Integrated Justice Information Systems Industry Working Group, a partnership between industry and the Justice Department. "A cop in Albuquerque could search more databases than they do now and get a window into the world of police databases. But the FBI is hamstrung keeping their production systems in place while they're looking for answers."
Police forces, meanwhile, are already stretched thin. The National League of Cities (NLC), which wrote a letter of complaint to Mueller in June, claims that as the FBI pours resources into fighting terrorism, it is asking local law enforcement agencies to take on too much responsibility for more mundane crimes such as bank robbery. As a result of that letter, NLC board members received a visit in July from FBI Assistant Director Louis Quijas, a former police chief whom Mueller hired to coordinate the FBI with state and local law enforcement. But Quijas told the NLC that first responders are also first defenders.
"There are proposals in the 2003 [federal] budget to cut the COPS (community policing) program, [and] also cuts in local law enforcement grants that we rely on so heavily for public safety," says Karen Anderson, president of the NLC, and also the mayor of Minnetonka, Minn. "They're robbing Peter to pay Paul."
Adds Maj. Smith, "We're finding that the life span of a lot of our expensive equipment is being shortened. Our dive team is doing hull and pier inspections on ships coming into the Boston Harborthat's increased 300%. We provide escorts with patrol boats and helicopters for tankers coming into Boston to unloadwe need surveillance gear to help us with that. I'm not complaining, but I'm hoping that when [head of Homeland Security] Gov. Ridge releases money, we can start replenishing equipment and give our people some time off."'
State officials agree that law enforcement agencies are dangerously ill-equipped to fight crime. In February, the Connecticut state capitol in Hartford was locked down for several hours after two women reported a man with a gun on top of a parking ramp as Gov. John Rowland was delivering his State of the State speech. Rowland was calling for an expansion in state anti-terrorism laws.
"We had the capitol police and the state police and the Hartford police, and they had serious communication issues in terms of interoperability among radio systems. One police force around the corner could not talk to anotherthey have different frequencies and different spectrums," says Rock Regan, Connecticut's CIO. Fortunately, Regan says, the suspect turned out to be a cameraman carrying a long microphone. No one was hurt.
Connecticut is upgrading its systems with help from federal grants. Regan says better wireless infrastructure is a top priority. So he has been meeting with Department of Homeland Security CIO Steve Cooper and other federal officials to define exactly how information will flow from local to state to federal agencies and back, how code can be reused, and how existing communication networks can be preserved.
Regan describes the entire federal government as a black hole, where much information flows into federal databases from state and local governments but little comes back. Connecticut officials aren't even sure which data resides in which federal agency, an urgent question since Sept. 11.
"It crosses the whole realm, from criminal justice information to social services to health benefits to background checks to environmental information," Regan says. "We need to improve the flow of information to our repositories and make our repositories available to the feds. The ultimate goal is to integrate databases and exchange information in real timealthough I'm not sure we'll ever truly get there."
In the end, the ongoing debate about cooperation between federal intelligence agencies and law enforcement organizations boils down to this: How much and what kind of data will be shared?