Terrorist watch list IT management feeble, Justice IG says

A new report from the Justice Department's inspector general said the government's center for consolidating information from various terrorist watch lists, known as the Terrorist Screening Center, has suffered from poor IT management.

The TSC's main task is to maintain a centralized terrorist watch list composed of information from the government's diverse collection of terrorist databases. The redacted version of the report released today names the 12 acknowledged terrorist watch lists that the Government Accountability Office described in an April 2003 report. Former Homeland Security Department Secretary Tom Ridge pledged to merge the watch lists last year.

The report reviewed the development of the Terrorist Screening Database through three versions since March 2004.

"While the TSDB is constantly evolving, we found that the TSC's management of its IT, a critical part of the screening process, has been deficient," the report said. "From its inception, the TSC's IT Branch?staffed with numerous contractors?did not have strong, effective and focused leadership over the agency's IT functions. In addition, the TSC has experienced significant difficulty in hiring qualified staff with adequate security clearances to perform IT functions."

According to the report, the screening center did not create a formal technical advisory group until June 2004, eight months after the agency's Sept. 2003 center launch.

By the time the center hired its first CIO in August 2004, officials already had made many key IT decisions.

For example, by August 2004, center officials had already decided to build their database's first two versions, known as TSDB 1A and TSDB 1B, as well as various controls and standards governing the systems.

Center officials launched TSDB 1A March 12, 2004, using proprietary software provided by a contractor, according to the report. Because this first version of the database was populated with data received directly from agencies concerned with terrorism, it included many duplicates from the multiple watch lists. Center workers updated TSDB 1A manually every day using diskettes from the participating agencies.

Each day, center workers would overwrite the data in TSDB 1A with the new data file because that process was the only means to update the terrorism-related information. "However, this process eliminated the ability to retrieve historical information from the system," according to the report.

In addition, TSDB 1A could not automatically export data to other agencies, according to the report. TSC staff members sent manual updates to the other agencies via diskette in a "sneakernet" approach.

Center officials launched TSDB 1B in June 2004, and ran both systems simultaneously at first. In this second phase, officials sought to improve the connectivity between the TSDB and other databases. The center stopped using TSDB 1A in April, and TSDB 1B became the single consolidated watch list.

In contrast to TSDB 1A, the system used now can communicate with participating agencies' systems and exchange data electronically. Also, unlike the first version of the database, TSDB 1B is updated only with additions, deletions and modifications to existing records, so the system retains a history of all changes made.

TSC officials now plan to launch a third version of the watch list, known as Advent TSDB, to provide automatic, real-time connectivity with participating agency databases. However, according to the report, this third stage could take years because it will require upgrades to the other agencies' systems. TSC expects to establish real-time connectivity to the FBI's National Crime Information Center by the end of fiscal 2005.

"The TSC CIO acknowledged that the TSC has been operating in an immature IT environment since its inception," according to the report. The need to create a consolidated database quickly had combined with staffing problems to hamper the establishment of controls to ensure data integrity, according to the CIO, who is not named in the report.

The report detailed the center's $27 million fiscal 2004 budget, which drew $1.6 million from the State Department, $7.8 million from the Homeland Security Department, $3.4 million from the intelligence community's Terrorist Threat Information Center, and $14.1 million from Justice and the FBI.

The center's staff numbered 177 in November 2004, composed of 61 percent contractors, 25 percent Justice and FBI personnel, 11 percent DHS staff, and 1 percent each from State, Defense and the Postal Service.

In fiscal 2005, the $29 million budget became part of the FBI's overall appropriation.

The report included 40 recommendations for upgrading TSC operations.

The TSC issued an extensive response to the IG's recommendations. According to the response, the center is adopting 38 of the recommendations in a process that will be complete by the end of September, but did not agree with two others.

Wilson S. Dizard III is a staff writer for Washington Technology's sister publication, Government Computer News.