### Letter: Terrorism database problems don't add up

Regarding "Lawmaker: Terrorism info database troubled": I've been involved in statistics most of my life. I'm 64.

There are mathematical problems in the terrorism database that need to be considered along with the possible administrative ones. Fixing the wrong problem won't help, and fixing one problem when there are more than one problem affecting the result may not help much.

The main mathematical problem I am talking about is the problem of low relative frequency. It makes statistical prediction extremely difficult.

Suppose 200 million people fly in the United States in a year. Suppose further there are 1,000 suicidal terrorists in the country. Suppose you would be satisfied to catch 3/4 of them and you achieve a remarkable 90 percent accurate prediction system. You would still have 250 suicidal terrorists walking past the screeners with only the same inspection that most of the 200 million folks get. Perhaps worse, you would then have 19,999,750 persons "identified" by the system as apparent terrorists who really are innocent like the rest of us.

What would you do with those false positives? I'm not sure you could accomplish much in an hour, but if you spent one hour each on them, you would be spending more than 10,000 staff years a year on them. At \$40,000 a year each, that's \$400 million a year to establish the harmlessness of the harmless folks the system erroneously identified as terrorists.

Worse than all that, there is no guarantee that the system would work even that well. As soon as you push the "start" button, the real terrorists will start work to defeat the system. How hard will it be for them to figure out how to fake an identity, use a constant stream of new recruits, work through innocent dupes, make the guilty look innocent, and so on?

It's easy to point fingers at management problems. Every organization has them; they are human problems. It is inherently difficult to work the kinks out of a system designed to deal with rare events, and these are the rarest of events.

It is likely that the problems being "identified" are not just management problems, but problems that result from errors inherent in the design assumptions. I do not see that they can be solved. So far the approach seems to be to ignore the thing we cannot address. That won't help. For the system to work, all the elements have to work.

Ronald Hietala

What do you think? Paste a comment in the box below (registration required), or send your comment to letters@fcw.com (subject line: Blog comment) and we'll post it.

### FCW in Print

In the latest issue: grid security, agile development, BYOD and more!

• ### DOD updates enterprise services framework

The latest version of the Defense Department-wide Enterprise Service Management Framework places more emphasis on managing IT risk.

• ### FedRAMP Ready or FedRAMP Irrelevant?

Despite GSA’s efforts to accelerate the FedRAMP approval process, the lack of agency reciprocity puts the program’s central goals at risk.

• ### Deadline extended for Rising Star nominations

Got some early-career colleagues who are doing great things in federal IT? Nominate them for FCW's 2016 Rising Star awards.

• ### Knowledge is power in software purchasing

The agency software inventories required under the draft category management policy will be treasure maps that lead to efficient, effective, streamlined buying and unprecedented savings.

• ### House panel weighs the risks of legacy IT

As experts warned of the "dire" threats posed by outdated federal technology, lawmakers grilled top feds, debated workforce issues and inched closer to backing a \$3.1 billion fix-it fund.

• ### CBP working on border tech acquisition processes

The agency is making strides in developing and deploying border technologies but still has some weaknesses.

• ### CIO Scott pushes \$3.1B IT fund as Congress probes legacy tech

Agencies have spent almost \$23 billion on legacy IT over the past three years, according to reports to Congress. Is a revolving fund the answer?

• ### Britain takes digital ID out of beta as U.S. lags

The United Kingdom will go live with its governmentwide digital identity platform, GOV.UK Verify, in the coming days. The U.S. government will need a little more time.

• ### A pivot to post-award

What contracting officer representatives really think is needed to fix contract management.