### Letter: Terrorism database problems don't add up

Regarding "Lawmaker: Terrorism info database troubled": I've been involved in statistics most of my life. I'm 64.

There are mathematical problems in the terrorism database that need to be considered along with the possible administrative ones. Fixing the wrong problem won't help, and fixing one problem when there are more than one problem affecting the result may not help much.

The main mathematical problem I am talking about is the problem of low relative frequency. It makes statistical prediction extremely difficult.

Suppose 200 million people fly in the United States in a year. Suppose further there are 1,000 suicidal terrorists in the country. Suppose you would be satisfied to catch 3/4 of them and you achieve a remarkable 90 percent accurate prediction system. You would still have 250 suicidal terrorists walking past the screeners with only the same inspection that most of the 200 million folks get. Perhaps worse, you would then have 19,999,750 persons "identified" by the system as apparent terrorists who really are innocent like the rest of us.

What would you do with those false positives? I'm not sure you could accomplish much in an hour, but if you spent one hour each on them, you would be spending more than 10,000 staff years a year on them. At \$40,000 a year each, that's \$400 million a year to establish the harmlessness of the harmless folks the system erroneously identified as terrorists.

Worse than all that, there is no guarantee that the system would work even that well. As soon as you push the "start" button, the real terrorists will start work to defeat the system. How hard will it be for them to figure out how to fake an identity, use a constant stream of new recruits, work through innocent dupes, make the guilty look innocent, and so on?

It's easy to point fingers at management problems. Every organization has them; they are human problems. It is inherently difficult to work the kinks out of a system designed to deal with rare events, and these are the rarest of events.

It is likely that the problems being "identified" are not just management problems, but problems that result from errors inherent in the design assumptions. I do not see that they can be solved. So far the approach seems to be to ignore the thing we cannot address. That won't help. For the system to work, all the elements have to work.

Ronald Hietala

What do you think? Paste a comment in the box below (registration required), or send your comment to letters@fcw.com (subject line: Blog comment) and we'll post it.

### The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

• ### Holgate to depart ATF

Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

• ### Are VA techies slacking off on Yammer?

A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

• ### Exclusive: The OPM breach details you haven't seen

An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackersâ€™ calibrated extraction of data, and the government's step-by-step response.

• ### Deputy CIO Warren exits VA

The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

• ### DOD awards massive health records contract

Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

• ### Sweating the stolen data

Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

• ### Let's talk about Alliant 2

The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

• ### OPM: 21.5M impacted by background-check breach

Agency details results of an "interagency forensic investigation," plans for assisting affected individuals.

• ### MSPB suffers IT failure, says hack is not to blame

Merit Systems Protection Board data from as far back as November 2014 could be missing.