FC: FBI's secret, post-9-11 watch list acquires a life of its own

[Declan McCullagh <declan () well com>]

--

Date: Tue, 19 Nov 2002 10:15:03 -0500 (EST)
From: Guilherme C Roschke <groschke () luminousvoid net>
To: declan () well com
Subject: WSJ: FBI watch list acquires life of its own (fwd)


WALL STREET JOURNAL
November 19, 2002

PAGE ONE

Post-Sept. 11 Watch List
Acquires Life of Its Own

FBI Listed People Wanted for Questioning,
But Out-of-Date Versions Dog the Innocent

By ANN DAVIS
Staff Reporter of THE WALL STREET JOURNAL

LAS VEGAS -- When a patron at the New York-New York casino plugged his
frequent-player card into a slot machine one day this summer, something
strange happened: An alert warned the casino's surveillance officials that
an associate of a suspected terrorist might be on the grounds.

How did a casino's computer make such a connection? Shortly after Sept.
11, the FBI had entrusted a quickly developed watch list to scores of
corporations around the country.

Departing from its usual practice of closely guarding such lists, the FBI
circulated the names of hundreds of people it wanted to question.
Counterterrorism officials gave the list to car-rental companies. Then FBI
field agents and other officials circulated it to big banks,
travel-reservations systems, firms that collect consumer data, as well as
casino operators such as MGM Mirage, the owner of New York-New York.
Additional recipients included businesses thought vulnerable to terrorist
intrusion, including truckers, chemical companies and power-plant
operators. It was the largest intelligence-sharing experiment the bureau
has ever undertaken with the private sector.

A year later, the list has taken on a life of its own, with multiplying --
and error-filled -- versions being passed around like bootleg music. Some
companies fed a version of the list into their own databases and now use
it to screen job applicants and customers. A water-utilities trade
association used the list "in lieu of" standard background checks, says
the New Jersey group's executive director.

The list included many people the FBI didn't suspect but just wanted to
talk to. Yet a version on SeguRed.com (www.segured.com4), a South American
security-oriented Web site that got a copy from a Venezuelan bank's
security officer, is headed: "list of suspected terrorists sent by the FBI
to financial institutions." (The site's editor says he may change the
heading.) Meanwhile, a supermarket trade group used a version of the list
to try to check whether terrorists were raising funds through known
shoplifting rings. The trade group won't disclose results.

The FBI credits the effort, dubbed Project Lookout, with helping it
rapidly find some people with relevant information in the crisis
atmosphere right after the terror attacks. MGM Mirage says it has tipped
off the FBI at least six times since beginning to track hotel and casino
guests against the list.

The FBI and other investigative agencies -- which were criticized after
Sept. 11 for not sharing their information enough -- are exploring new
ways to do so, including mining corporate data to find suspects or spot
suspicious activity. The Pentagon is developing technology it can use to
sweep up personal data from commercial transactions around the world.
"Information sharing" has become a buzzword. But one significant step in
this direction, Project Lookout, is in many ways a study in how not to
share intelligence.

The watch list shared with companies -- one part of the FBI's massive
counterterrorism database -- quickly became obsolete as the bureau worked
its way through the names. The FBI's counterterrorism division quietly
stopped updating the list more than a year ago.  But it never informed
most of the companies that had received a copy. FBI headquarters doesn't
know who is still using the list because officials never kept track of who
got it.

"We have now lost control of that list,'' says Art Cummings, head of the
strategic analysis and warning section of the FBI's counterterrorism
division. "We shouldn't have had those problems."

The bureau tried to cut off distribution after less than six weeks, partly
from worry that suspects could too easily find out they had been tagged.
Another concern has been misidentification, especially as multipart Middle
Eastern names are degraded by typos when faxed and are fed into new
databases.

Then there's the problem of getting off the list. At first the FBI
frequently removed names of people it had cleared. But issuing updated
lists, which the FBI once did as often as four times a day, didn't fix the
older ones already in circulation. Three brothers in Texas named Atta --
long since exonerated, and no relation to the alleged lead hijacker -- are
still trying to chase their names off copies of the list posted on
Internet sites in at least five countries.

People who've asked the FBI for help getting off the bootleg lists say
they've been told the bureau can't do anything to correct outdated lists
still floating around. The FBI's Mr. Cummings says that "the most we can
control is our official dissemination of that list." Once it left the law-
enforcement community, "we have no jurisdiction to say, 'If you
disseminate this further, we will prosecute you.' "

Despite the problems, Mr. Cummings and other proponents of
information-sharing say the process should be improved, not abandoned.
Software companies are rushing to help, trying to make information-sharing
easier and more effective.

....




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
Recent CNET News.com articles: http://news.search.com/search?q=declan
-------------------------------------------------------------------------