Comment: Christmas Day Plot, Part I

“Failure to connect the dots” became a catch-phrase paraphrasing the mistakes within the intelligence community that permitted the 9/11 attacks despite the presence of intelligence within the possession of various US agencies that pointed toward the development of the underlying plot. This phrase has cropped up again in connection with the Christmas Day plot involving Northwestern Flight 253, leading to the question as to whether the lessons learned from the 9/11 review have been implemented.

As news of the attempted attack began to unfold, reports began to roll in that the individual behind the attempt, Umar Farouk Abdulmutallab, had raised a number of red flags which should have resulted in enhanced screening, potentially his detention for further investigation, or--as some have suggested--the denial of an entry visa for the US. First it was revealed that Abdulmutallab had been included in the National Counterterrorism Center’s TIDE (Terrorist Identitites Datamart Environment) database (more on TIDE in Part II) (See this story from CBS). Then, it came to light that Abdulmutallab’s father had approached US State Department officials in Nigeria with concerns that his son had “fallen under the influence of ‘religious extremists’ in Yemen” (See this story from CBS). According to a report from CBS News, this information was forwarded to officials in Washington (In fact, it may have been the basis for Abdulmutallab being entered in TIDE). Apparently, however, no flags were attached to Abdulmutallab’s US visa, and the CBS report suggests that US officials who had received information relating the father’s concerns did not realize that the individual in question had been issued a multiple-entry visa by the US Embassy in London that was valid from June 16, 2008 to June 12, 2010. Lastly, it has been reported that the NSA had identified communications among Al Qaeda members in Yemen concerning a plot involving a Nigerian (See articles here and here).

The Obama administration called for two reviews: one quick review of flight screening procedures and technologies, the other a more in-depth review of the terrorist watch list system in use in the US. President Obama has promised that the results of the reviews will be revealed in public reports in the near future. It will be interesting to see to what extent the details of what happened at each stage of Abdulmutallab’s journey will be released. For me, the following questions come up: 1) Were any personal data pertaining to Abdulmutallab submitted to the TSA before he boarded the flight from Nigeria? 2) What security procedures did Abdulmutallab undergo in Lagos (or Ghana)? 3) Was Abdulmutallab subjected to security procedures at Schiphol? It would be particularly interesting to know whether he underwent a full-body scan (such scanners are evidently in common use at Schiphol) (more on full-body scanning below)?

In this case, it isn’t clear to what extent fault can be found with US authorities. Clearly mistakes were made, but even if all the information on Abdulmutallab had come together and resulted in an operational decision, measures stemming from that decision would have to have been taken in Nigeria or the Netherlands in order to have been effective. The incident may primarily reflect the lack of uniform and coordinated procedures at the international level. The US has expressed the desire to receive passenger name records for all passengers who have booked flights to the US. Yet, the question arises as to how many airlines indulge that desire and with what level of accuracy. This requirement has been particularly contentious within the EU. However, given the fact that Abdulmutallab had booked passage with a US-based air carrier for the final leg of his journey, it seems likely that the US carrier submitted passenger record data on Abdulmutallab to the TSA. But again, even if the TSA had singled out Abdulmutallab for enhanced screening or identified him as being on the no-fly list, how does it ensure that Dutch or Nigerian airport security take appropriate action? If a Dutch or Nigerian equivalent of the TSA have special requests with respect to a particular passenger departing from the US en route to the Netherlands or Nigeria, would the TSA automatically comply in reciprocal fashion? Note that according to an editorial in the New York Times, the TSA can still request a US-bound flight to return to its point of departure if there is a suspicious passenger on board, but for long distance flights, this option may become unfeasible if the request is not received until later stages of the flight.

Suggestions for changes already began to be voiced soon after the incident. Among the calls for improvements to security that have emerged in public discourse, the notion of making more use of body scanners, such as millimeter wave scanners, has been particularly prominent--notably former US Department of Homeland Security Secretary, Michael Chertoff, has been among those advocating this move (see here) (although it later came to light that Chertoff’s company, the Chertoff Group, has a manufacturer of such machines as a client). Some commentators, however, have argued that such full-body scanners would have failed to detect the explosive device in this case. The Telegraph has cited two former US officials from counter-terrorism agencies for having long argued that swabbing for explosive substances and other chemicals is “cheaper, easier and more effective” than full-body scanners. In that article, Larry Johnson, former deputy director of Counter Terrorism at the US State Department was quoted as saying “[s]wabbing everyone is not hard and it’s just about the only way, short of making passengers fly naked and without luggage, of being reasonably sure they aren’t carrying a bomb.” Although swabbing would entail making bodily contact with the swabs, for some--if not most--it may raise fewer privacy concerns than the full-body scanners. The Telegraph article suggests that the swab tests would not need to be taken from the same part of the body or baggage where explosives were located. That means that contact with sensitive areas of the body could be avoided.

In Part II, I’ll discuss databases and watch lists.