March 13, 2014
TSG IntelBrief: False Security: Data Collected but Unexamined
• Big Data is the means to solutions, not ends. Collecting data without proper examination is more than wasteful; it provides a dangerous false sense of security
• Two passengers’ traveling with stolen passports aboard Malaysia Air Flight 370 highlights this sense, with people at every stage assuming someone in some security organ was checking databases for the sole reason they were created
• Databases such as INTERPOL’s Stolen and Lost Travel Documents need to be indexed and crosschecked as a matter of strict procedure and not happenstance.
We are indeed in the Age of Big Data. But what the headlines miss when they proclaim we are in the “Age of Big Data” is that while we are indeed collecting big data, in most cases we still aren’t using it properly.
The news that two of the passengers on the still-missing Malaysia Air flight 370 used two previously-reported-as-stolen passports to book and board their flights, without detection, is a disturbing example of data collected for self-evidently critical reasons but then left unexamined for reasons somewhat more prosaic. It’s also a reminder that in an increasingly complicated and globalized world, sometimes the best solutions are the most straightforward.
There are over 40 million individual data entries in INTERPOL’s Stolen and Lost Travel Documents Database (SLTD), among them the two aforementioned stolen passports used by two passengers of MH370. With so many countries reporting stolen or lost documents such as passports, one would hope that just as many might actually look at the collected data to cross check aviation (or any means of transportation) traveler documents. However, INTERPOL reports that only 20 or so countries use the extensive database on a regular basis, and only the US, UK, and United Arab Emirates routinely query the database as a matter of travel security screening.
Thirteen years after the 9/11 terrorist attacks profoundly demonstrated the catastrophic costs of collecting but not analyzing data, we find ourselves even more overwhelmed with data but somehow lacking information. Given the exponential increase in data collection and storage, this is understandable but unfortunate, in that the very act of collecting and reporting data generates a logical assumption that someone is actually effectively using the information. This bears repeating: Implicit in the collecting or reporting of information, such as the details of a stolen passport, is the understanding that authorities (whoever they are) are using it to address the very problem that necessitated its collection—in this case traveling on a stolen passport.
So it’s come to pass that we’ve fashioned an unbalanced equation of a security system; one side of which is heavy in reporting—with everyone encouraged or mandated to do so—but without equal or greater analysis or indexing on the other side, leading to inevitable error. We see this again and again. In terms of providing solutions, unused data is really just an after-the-fact tool.
There are, to be sure, valid reasons for unexamined data, but perhaps not so much for pressing security concerns such as stolen passports. Many countries and airlines might have issues affording terminals that could support real-time crosschecking with databases such as SLTD. But cost concerns have been addressed with other post-9/11 security measures, through financial assistance and training. If the risks of travelers using fraudulent documents—ranging from terrorism to illegal immigration to identity theft and so on—is assessed as significant, then it stands to reason we take steps to balance the equation, and add more cross-checking and analysis while still encouraging more reporting.
This unbalanced equation is not restricted to SLTD, of course, but with many of our self-described vital databases—from no-fly lists to hazardous material storage. We are awash in data without context. Algorithms to narrow meaningful results are improving but aren't helpful if no one looks at the results. Again and again, the assumption of analysis blinds us to our blindness. The economics and technological advances of data collection and storage versus human analysis and manipulation are such that they encourage further imbalance; that is, the equation is oriented toward the odd hope that we strike a balance through additional reporting and collecting of information. It’s as though we can collect so much information it doesn’t matter if we don’t look at it. Collecting such vast amounts of data invariably compromises individual privacy. Implicit in data collection is the responsibility to make sure that the the resulting information is harnessed properly and that the intrustion is not needless.
While the limited information concerning flight MH370 suggests the two passengers using stolen passports are not associated with terrorism (with the two reportedly seeking asylum on stolen travel documents—an all-too frequent occurrence in Asia), the risk remains valid until as many people access and use the SLTD as who provide data into it. Had it been the case that the two individuals—with passports known to have been stolen by anyone who actually checked—were involved in the presumed crash of MH370, the database would have simply proved to be a tragic hindsight tool.
For tailored research and analysis, please contact: email@example.com