A Fort Knox for Data

By Larry Dignan  |  Posted 2004-01-16

A Fort Knox for Data

An international flight en route to the United States is delayed after a five-year-old passengers name matches a name on a terrorism watch list. The Department of Agriculture euthanizes a herd of 450 cattle because it cant track the individual cows that came in contact with one infected with Mad Cow disease. An electronic system to monitor Secure Acute Respiratory Syndrome (SARS) isnt deployed.

These three recent incidents illustrate how important information systems—and the subsequent sharing of data between them—have become to the federal government. Amid terrorism and other threats on the horizon, the federal government will likely have to create one platform for all agencies to share data, experts say. "The more you talk about it, the bigger it gets," says Darwin John, former chief information officer of the Federal Bureau of Investigation (FBI). "Information management could be the largest issue ever undertaken by the government with regards to policy and values."

Indeed, setting a deadline for the government to share data electronically could be a more audacious goal than President Bushs expected proposal for a lunar station and ultimately a manned mission to Mars.

The information-systems conundrum facing the government—lack of data standards, outdated technology and information that cant be readily shared or analyzed—is the same one many companies have tackled. But corporations dont have to deal with public-policy debates or the enormous scale of the federal government.

Darwin says policy often overrides the best technology fix. Think of all the policy issues raised by agencies sharing information: Who owns the data being shared across agencies? Can data held by one agency legally be shared with another? What are the security implications? How do you get all the parts of the U.S. government to agree on anything and then adopt it? How much Congressional input is needed?

"I have a lot of sensitivity to this question," says John. "Its a disservice to suggest theres a quick fix. This is not a simple issue and there are a lot of dynamics to finding a solution."

According to experts interviewed by Baseline, the best solution—even though it makes a few of them squirm—may be to set up a national data warehouse. Just as there is a currency plant in Fort Worth, Texas, to serve the nation, a data repository would suck in information from all the agencies in the government. Watch lists of names overheard in bars could be crosschecked with other information ranging from age and gender to whether the person happened to have access to pathogens that could be slipped into the food supply.

For homeland security, this unified store of data could answer questions law-enforcement officials didnt know to ask. As for the Big Brother-ness of all this information collection, Warren McFarlan, a professor at the Harvard Business School, says hed "be happy to give up some privacy if theres something for me in return." McFarlan says hed like to have all of his health information aggregated in case something were to happen to him while traveling.

Under this scenario, information from a bevy of agencies ranging from the FBI to the Department of Defense to the Department of Agriculture would be consolidated in one data warehouse to present a composite of information. All the agencies would need common data definitions for items such as name, location and biometric information so the composite would be consistent. Business-intelligence software would highlight trends and analyze the data.

Next Page: How close is the U.S. governement to a Federal Enterprise Architecture? Read on.

Federal Enterprise Architecture

Baby Steps Toward Federal Enterprise Architecture
Privacy advocates, however, can rest easy for now. The government is in no position to create such a data warehouse, experts say, either politically or technologically. The government doesnt have common data definitions for items as mundane as the "right" way to enter names in a database.

But baby steps are being taken. An effort dubbed the Federal Enterprise Architecture (FEA) is seen as the foundation for e-government. Started in February 2002 and overseen by the White Houses Office of Management and Budget (OMB), the FEA is an attempt to move agencies to a common architecture that will allow them to share information. At the base of the FEA are technical models designed to clarify business processes—awarding housing grants or turning around a tax return—and establishing performance metrics. But the specifics of what constitutes data, how to standardize it and how to share it electronically have not been addressed. The General Accounting Office (GAO) says such a model is expected early this year.

According to a December 2003 GAO report, only one federal office, the Office of the President, has reached the highest level of maturity under the FEA. To be labeled Stage 1 maturity by the GAO, an agency only has to acknowledge the FEA initiative. Later stages require written policies, systems built using FEA and performance measurements.

Expected to lead the way is the Department of Homeland Security (DHS), a combination of 22 agencies including U.S. Customs, the Federal Emergency Management Agency and five agencies that will analyze information from other agencies. Part of the mission of the 27-month-old DHS is to "coordinate efforts for collection and analysis of information within the United States regarding threats of terrorism."

Several recent federal initiatives revolve around information systems. Earlier this month, for example, the DHS launched a program called US-VISIT, which requires that most foreign visitors traveling to the U.S. on a visa have their two index fingers scanned and a digital photograph taken at a port of entry.

Separately, the U.S. Department of Agriculture finally addressed tracking individual cows via tagging and information sharing after a case of Mad Cow disease was announced in December. But whether these moves represent the beginning of proactive information sharing remains to be seen. Could the yet-to-be-built cattle-tracking system ultimately connect to a federal database that could flag two seemingly unconnected events—a person with terrorist ties working at a cattle ranch and pathogens introduced to the food supply? Not today. And perhaps not ever.

In the meantime, experts suggest a three-step plan for taking control of federal data and increasing the effectiveness of wars on terror, disease, drugs, and other social ills:


    "One of the reasons for the struggle is there is no federal CIO in the way we think of one in the corporate world," says Allen Shay, president of NCR Government Systems Corp.s Teradata division. The closest thing the federal government has to a chief information officer is Karen Evans, administrator for e-government and information technology at the OMB. Evans and the OMB are responsible for tracking agencies progress toward implementing the FEA and can reject budgets that dont comply with enterprise architectures, but the OMB cant penalize for non-compliance. A new cabinet-level office would be empowered to force compliance. The Secretary of Information Management would also be responsible for standardizing technology across agencies.

    For example, each agency has its own system for human resources, grant management and accounts payable and receivable. This CIO could standardize processes or even consolidate systems to save taxpayer money. Under this executive, criteria would be set for systems, but it would be up to the agency to figure out how to meet those criteria.

    John, however, sees challenges. For starters, a federal CIO would encounter fierce turf wars. John also questioned whether this executive might have too much power. Another issue is figuring out where to put this executive in the government hierarchy.

    "I dont think you could house it in any one agency," says John. "I would argue [that] over time, information is a more critical resource for the welfare of the country."

    In any case, the success or failure of this executive would depend more on management skill than technology savvy. "Ultimately, you have to influence people," says John. "Im not sure how many people can get their minds around the whole."

    Next Page: Building a Fort Knox for data sharing?

    Share Mandates


    Next up on the path to information sharing may be changed charters. Aside from the DHS, no agency has information sharing as a mission. In addition to its latest foreign visitor database, the DHS also has created the Terrorism Screening Center, which became operational in December. "I see the DHS as largely a startup," says Ron Dick, a 25-year FBI veteran now managing Computer Sciences Corp.s homeland-security business unit.

    Without an information-management mission, the best way to entice other agencies to swap information is to mandate data-sharing rules. The most telling example of the lack of common data-sharing rules is terrorism watch lists. The FBI may use first, middle and last names, while the CIA may use given and surname. Once other lists are compared and cultural naming differences are introduced its easy to understand how mix-ups happen.

    "The FEA is a step in the right direction because it will ultimately help collaboration within each agency, which will make it easier to provide information to other agencies," says Dick. "I havent met anyone at any agency that doesnt think the FEA is the way to go, but it takes time."


    Once agencies have the connections to share information, the Big Brother database that privacy advocates fear could become possible. Technically, such a database, pulling in massive amounts of information from various agencies, could offer the business intelligence to find patterns in the food-supply, homeland-security and health-care systems. Like a business that can track all of its units in real-time on a dashboard, the government could aggregate data to spot trends.

    The information feeding this master database would still be controlled by regulations such as the Health Insurance Portability and Accountability Act of 1996, which keeps personal health-care information private.

    Nevertheless, experts say that privacy concerns make such a database highly unlikely. Although the DHSs fingerprinting of foreign visitors could be viewed as a start to such a database, its more problematic to require similar information from U.S. citizens. The biggest issue would be deciding who would own the data in the interagency database and who would have clearance to use the information. Also, individual agency heads likely would be reluctant to give up control of their data.

    Accuracy is a challenge, too. Would each agency clean and verify its own data or would that be left to the new cabinet-level office? Despite the hurdles, pursuing such a data warehouse would make sense, says Shay. "To truly analyze data you need to have one common repository," he says. "If the data isnt in one place you dont know what questions to ask."

    An operational data store—essentially a warehouse where data expires in 3 to 6 months—would be a compromise effort, but couldnt allow the analysis of longer-term trends such as the pattern of behavior of a suspected terrorist who entered the country five years ago.

    What will remain for the foreseeable future is a "federated database" approach in which a series of self-selected agencies such as Health and Human Services and the Food and Drug Administration share information on a limited basis. This model is essentially a series of networking and data links crisscrossing between agencies. Today, if the DHS wants information from a federal agency, it can simply make a request. While this approach is more politically palatable, it does limit the DHS ability to readily piece together disparate data nuggets.

    So what would make an über-database acceptable to U.S. citizens? John says some sort of opt-in system for citizens—and incentives such as easier passage through customs—would make sense. To be sure, a lot of lawsuits and legislation will dictate the boundaries of information sharing before citizens swap a slice of their privacy for the countrys information needs.

    In the meantime, something dramatic may reshape the debate, says Harvards McFarlan. "The sad reality is that it would take another World Trade Center to sharpen the minds on this issue," he says. "Its the great American tradition dating back to Pearl Harbor—you need a massive incident to mobilize."

  • Rocket Fuel