Finally: One List

UPI: U.S. has one terror watchlist, at last

More than two and a half years after gaps between the nation’s systems for monitoring terror suspects allowed 19 suicide hijackers to kill 3,000 people in the Sept. 11 attacks, the United States finally has a single database to which are being added the names of all those authorities know or suspect to be terrorists.

FBI official Donna Bucella told lawmakers Thursday that the Terrorist Screening Database went live on March 12, three months after the center that houses it opened its doors last December.

“The (Terrorist Screening Database) allows the consolidation of disparate information, currently held by multiple agencies and used in different ways, to be brought together for a single purpose — to help identify and detain potential terrorists,” Bucella, the director of the Terrorist Screening Center, told a congressional hearing.

She acknowledged that the database is still a “work in progress” and that it would be the end of the year before it was fully functional, when other federal agencies like the Transportation Security Administration and Customs would be able to access it online in real time, and when the system would be expanded to make it capable of storing biometric information like fingerprints.

Lawmakers, who have been vociferous in their criticism of the way responsibility for the task was moved among various government agencies and the deadline for completion repeatedly pushed back, said they remained concerned.

“There are serious questions we must ask,” said Rep. Christopher Cox, R-Calif., chairman of the House Select Committee on Homeland Security. “Are civil liberties and privacy interests scrupulously safeguarded? Could a name get on the … list erroneously? If so, how would that be discovered and how corrected, quickly and certainly?”

One would think that, in the Internet age, it would be easy to consolidate all the lists given the urgency created by 9/11. Apparently not. And it was entirely predictable that Congress would simultaneously complain that the list was taking too long to create and that creating the list was violating people’s privacy.

FILED UNDER: Terrorism, , , , , , ,
James Joyner
About James Joyner
James Joyner is Professor and Department Head of Security Studies at Marine Corps University's Command and Staff College and a nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council. He's a former Army officer and Desert Storm vet. Views expressed here are his own. Follow James on Twitter @DrJJoyner.


  1. Teresa says:

    Having worked with data bases for years, I can tell you that it’s not only difficult and time consuming, but there are many obstacles to setting things up correctly. Problems could fill an entire book.

    And my experience has been in the private sector, where no government secrecy levels are involved and no governmental regulation of the sort they are dealing with. Also I am working with companies whose best interest is served by getting things up and running as soon as possible.

    So, am I shocked and surprised… Yep, by the fact that they got it up and going at all. Not by how long it took them.

  2. Brian J. says:

    Having worked not only with databases but with integration technologies, I concur with Teresa.

    You’ve got a couple approaches to use when dealing with the myriad tangle of data the government undoubtedly has spread among its organizations.

    Extract-Transform-Load (ETL) builds giant databases from the individual databases used by the departments, but it’s not real-time–as the name implies, somewhere along the line, a separate process has to extract the information from the disparate data sources, transform it to match the master database, and then load the master database. Typically, it’s on a nightly or weekly basis. Still, to build an ETL program and its “data warehouse”, you’ve got to do some months of analysiz, design, coding, and testing–and even then, it’s not real-time. And after you have the data warehouse (the big database you have at the end which contains all the information from all the sources), you have to build (and test) the applications and queries that will extract the (old) information from within it.

    Enterprise Application Integration (EAI) works from a different approach–it massages the information from disparate sources so that existing applications and queries can use it. For example, the EAI approach would make it easy if you have an application that draws information from an existing source, the EAI middleware would handle communications with the different applications and make it seamless, but the government would have to do create different middleware for each application accessing the data.

    Enterprise Information Integration (EII) is a newer technology that sits between any application and any number of data sources and abstracts information so it can take any databases and present them any way the applications want. Although it’s probably the best approach, it’s the newest and the technologies aren’t mature or easy to use.

    So your idea, James, is conceptually easy, but difficult to implement. Within a couple of years, though, it will be automatic.

  3. Will someone please reassure me that we’ve at least settled on one system for spelling people’s names (the old “Osama” vs. “Usama” problem)?