In April, the government determined it had failed to prevent the Boston Marathon attack, in part, because Customs and Border Patrol agents determined other travelers were more important to interview one day in January 2012 than the Russian-bound Tamerlan Tsarnaev, whom the Russians believed wanted to become a terrorist. The government missed a key opportunity to question Tsarnaev about his goals -- which happened to include traveling to Chechnya in search of Islamic extremists -- because he wasn't a priority on their terrorism watch list.
As with the Underwear Bomb attack on Christmas Day in 2009, the watch-list system designed to identify and catch terrorists failed to do so before Tsarnaev and his brother allegedly exploded bombs at the Boston Marathon in April 2013.
But whereas the watch list may have failed in 2009 because it wasn't inclusive enough, the list may have subsequently gotten too big. Since 2009, the list has doubled in size. And as the Intercept revealed this week, 40 percent of those on a higher priority list than Tsarnaev was on, the Terrorist Screening Database, have no recognized terrorist group affiliation.
The sheer volume of names on both the TSDB and TIDE (Terrorist Identity Datamart Environment), the database where Tsarnaev's name had been entered, doesn't necessarily explain why Tsarnaev didn't get stopped; after all, he too had no known terrorist affiliation. But -- particularly given earlier disclosures from the Intercept on how many loopholes exist to place someone on a watch list -- it raises questions about the efficacy of the watch-list program.
Back in 2010, a Senate Intelligence Committee review of the Underwear Bomb attack found that the terrorist watch lists failed to "connect the dots" and prevent the attempt. Its culprit, Umar Farouk Abdulmutallab, "was not placed in the 'Terrorist Screening Database' (TSDB), on the Selectee list, or on the No Fly list," the report listed as the second of 14 failures, though Abdulmutallab was on the more general TIDE list. It recommended "the Administration, in consultation with Congress, should simplify, strengthen, and add flexibility to watchlisting procedures to better protect the U.S. homeland."
In response, the government created a Directorate of Terrorist Identities in December 2010, a group dedicated to cleaning up and expanding the list. Its analysts have created 430,000 terrorism-related person records since. In June of 2013, the more expansive TIDE database -- the one Tsarnaev was on -- added its millionth person.
But it's not clear how useful the database is. The standard for being added -- particularly to the more lenient TIDE -- is quite low, as revealed by watch-list guidelines the Intercept released last month. Showing up on documents in a terrorist's possession can get you watch-listed. Traveling to an area where terrorists train for no known reason counts. Activities that took place 20 years ago can get you added (indeed, some TIDE entries are apparently 20 years old). The evidence against you doesn't need to be all that reliable and can be based on inferences. Perhaps most troubling, the White House Homeland Security czar (a post currently held by Lisa Monaco) can unilaterally decide entire populations need to be temporarily watch-listed to respond to a temporary threat.
The documents released by the Intercept show the National Counterterrorism Center is working to address known problems with the watch lists. In 2013, the NCTC introduced a better way to cross-check visa applications with the list, which should make it easier to screen out dangerous foreigners. Also in 2013, the FBI developed a better way to identify the people in the TSDB for further investigation, which may lead to real assessments of the people on the list, and may even lead to people being removed. The government has been cleaning up people whose identities got merged (resulting in innocent people being mistaken for suspects). NCTC is doing more work to check identities of people who haven't been updated in years. All of that should make the databases more accurate, and potentially more useful in identifying threats.
In other ways the document's description of watch-listing activity most closely resembles 6-year olds on a soccer field. Ethnic Chechens from Dagestan attacked Boston, so DTI quickly scoured those names (even though some of their close friends came instead from former Soviet Republics). The Tsarnaevs attacked the marathon, so DTI obtained information from driver's licenses of those in the database in states close to Chicago in advance of their marathon. The DTI has been dedicating tremendous effort adding biometric data -- even non-traditional biometrics like tattoos and handwriting, which can't yet be screened in bulk. Yet the several photos of the Tsarnaev brothers in government hands reportedly proved useless in matching them to surveillance video from the bombing. To some degree, NCTC seems to be chasing the ball, rather than assessing whether the choices already made in the list will really trigger attention to real threats.
And some of the numbers just reek of profiling. Dearborn, Michigan -- the city with the country's highest percentage of Arabs in the country (many of whom are Christian) -- has the second highest number of people watch-listed. Given training on watch listing being done in much larger cities like Los Angeles and Miami, that may be only because watch listing Dearborn's populace has been a local priority. But any time any of those watch-listed get stopped by the cops, they may be treated as a terrorist.
We don't know whether all this watch listing is all that effective -- though we know a number of Americans have sued the government, claiming they've had their lives ruined because they got put on the watch lists.
Here's the more remarkable thing about watch lists. We know they've failed, at least twice. We know they're big, perhaps too big.
But up until these leaks, the closest glimpse we've gotten of the process was a heavily redacted guide released to
the New York Times' Charlie Savage the Electronic Privacy Information Center in 2011 in response to a FOIA. The secrecy surrounding the watch lists has not only prevented people who might be wrongly affected from challenging their inclusion on the lists, from getting some kind of due process before the watch lists begin to affect their lives. But it has prevented the country from having a real discussion about their efficacy and constitutionality.
Ultimately, there may simply be terrorist attacks that the government can't prevent; the Boston attack may well have been one of those.
But acknowledging that's the case, we should at the same time discuss the tradeoffs of this mushrooming watch-listing process. From what we can see, NCTC has gotten very good at moving data between various databases, even "ingesting" it more efficiently, as one document notes. But it's not clear whether that has made us safer.