The Governor’s Database
Piece by piece, Gov. Rick Perry’s homeland security office is gathering massive amounts of information about Texas residents and merging it to create the most exhaustive centralized database in state history.
Warehoused far from Texas on servers housed at a private company in Louisville, Kentucky, the Texas Data Exchange—TDEx to those in the loop—is designed to be an all-encompassing intelligence database. It is supposed to help catch criminals, ferret out terrorist cells, and allow disparate law enforcement agencies to share information. More than $3.6 million has been spent on the project so far, and it already has tens of millions of records. At least 7,000 users are presently allowed access to this information, and tens of thousands more are anticipated.
What is most striking, and disturbing, about the database is that it is not being run by the state’s highest law enforcement agency—the Texas Department of Public Safety. Instead, control of TDEx, and the power to decide who can use it, resides in the governor’s office.
That gives Perry, his staff, future governors, and their staffs potential access to a trove of sensitive data on everything from ongoing criminal investigations to police incident reports and even traffic stops. In their zeal to assemble TDEx, Perry and his homeland security director, Steve McCraw, have plunged ahead with minimal oversight from law enforcement agencies, and even DPS is skittish about the direction the project has taken.
In researching TDEx, the Observer reviewed more than a thousand pages of documents from the Office of the Governor, DPS, and the Department of Information Management. We interviewed law enforcement officials as well as McCraw. The narrative that emerged from the records—disputed by McCraw—is a headlong pursuit of control through information hoarding for a project in search of a purpose. Along the way, money has been squandered, sensitive data potentially lost, and security warnings unheeded.
If information is power, Perry and his successors are about to become powerful in ways that are scaring civil libertarians, and probably should alarm every Texan.
Texas agencies already have plenty of information on all of us—driver’s licenses, fingerprints, and proofs of address, details we provide every time we renew our licenses, register a car, or vote. Then there’s every brush with the law, all the criminal convictions, prison records, and so forth. Much of that information is now scattered about in different agencies and locations. Never has it been pulled together for the ease of access that TDEx promises.
There’s also a less discernible realm of information that should perhaps concern the citizens of Texas more. In the course of doing their work, police agencies vacuum up enormous piles of tips, rumors, innuendo, guesses, false reports, and other useless material that they sift through to solve crimes and identify criminals.
Access to this massive trove of information—files on cases in progress, notes about “persons of interest” who may prove to be of no interest at all, details involving confidential informants—is closely guarded for good reason. Information worthless for solving a crime might be useful in other contexts. Like politics or personal revenge. The potential for abuse explains why access to existing federal and state crime databases is normally strictly controlled. Over the years—in the wake of scandals like J. Edgar Hoover’s secret FBI files and the increasing privatization of computer databases—federal regulations have evolved to ensure the safety of information and accountability for its use. Keeping a tight rein on who can access raw investigative data, and for what purposes, is supposed to prevent abuses large and small—from high officials who might misuse information for political purposes down to small town deputies who might be willing to sell information, or use it to track down an ex-wife’s new boyfriend.
The federal rules apply to states that accept federal money and ensure the integrity of law enforcement efforts. Under federal rules, a database like TDEx must be run by a criminal justice agency. According to the FBI and DPS, Texas Homeland Security is not a criminal justice agency.
McCraw, who has an extensive criminal justice background, including a stint as an assistant director of the FBI’s Office of Intelligence, has fought a pitched battle with DPS in his zeal to promote TDEx. Repeatedly DPS has raised concerns, chief among them whether the new database is even secure enough to keep unauthorized users from logging on because it lacks “advanced authentication” to ensure that people accessing the database are who they say they are. DPS is also worried that the same user could be logged on to the system multiple times concurrently.
Then there’s the problem of getting rid of bad data or faulty intelligence that finds its way into the system. Each agency that gives data to TDEx is responsible for the accuracy of its own information. But where once the mistake of a single police department was its own, TDEx offers the potential to amplify that error statewide.
To identify weaknesses within TDEx, a database manager with the DPS Criminal Law Enforcement Division, at the direction of his boss, easily defeated the security of the user registration process last summer. He did it by employing an accurate and relatively easily obtained agency identification number, and used one of his son’s e-mail accounts. In retaliation, Jack Colley, the governor’s director of emergency management, revoked the DPS staffer’s access to TDEx. After DPS complained, it was reinstated 11 days later.
McCraw says the audit and authentication issues raised by DPS have been resolved. He says that an on-again, off-again Texas Intelligence Council of law enforcement officials will eventually supervise TDEx. McCraw blames DPS reluctance to embrace TDEx on its fear of change. “You are going to see a strong resistance institutionally to move to new things,” he says.
Remarkably, in many ways TDEx seems to be an improvement over Texas Homeland Security’s first stab at a database run by a private contractor. On June 27, 2005, the Department of Information Resources, at McCraw’s behest, sent out a “request for offer” to vendors that could provide a “Solution for Local, Intra-State, and Inter-State Sharing of Offender and Other Investigative Data.” DPS was not consulted in the development of the offer request. The resulting contract given to Kentucky-based Appriss Inc. would initially be worth a little more than $759,000.
The information department, which handle’s the state’s computer needs, originally was supposed to monitor how well Appriss did the job, but that arrangement quickly ran into a problem. Under federal law—relevant because federal money was being used—the contract had to be overseen by a criminal justice agency. So McCraw simply designated the department as one. “I am writing to confirm the Texas Department of Information Resources (DIR) is an agency with law enforcement functions for the purpose of TDEx,” he wrote to Larry Olson, the department’s chief technology officer.
While TDEx was getting under way, on August 29, 2005, Hurricane Katrina hit New Orleans. As Texas cities filled with Louisiana refugees, panic over the possible arrival of a criminal element from New Orleans seems to have gripped some Texas authorities. McCraw proposed a separate database that would group traffic law enforcement information, DPS criminal law enforcement reporting, the Texas Rangers database, consumer records amassed by a scandal-ridden private data company called ChoicePoint Inc., prison records from Appriss, and criminal information from the Louisiana State Police. (There are differing accounts of whether polygraph information, the inclusion of which if not redacted could have violated state law, was also provided. McCraw says no.) A private vendor was to create a global search capability for all the unstructured data. This new database would then be made available to analysts at the Texas Fusion Center, a crisis management bunker operated by the governor’s Division of Emergency Management. McCraw rushed through a contract with Northrop Grumman Corp. for a database project to last until October 2006 at a cost of $1.4 million in federal homeland security funds.
“The Louisiana State Police has informed Texas officials that known criminals are among our evacuee population,” reads a statement of work for Northrop. “Moreover, we have been told that many of the individuals who were involved in heinous crimes at the Superdome are now a part of our evacuee population. There is a critical need to immediately collect and analyze criminal data related to evacuees and provide it to local law enforcement officials throughout Texas. This requires the rapid acquisition of information technology tools.”
McCraw says today that the purpose of the project was to help DPS coordinate its criminal justice information. According to several accounts, DPS officials resisted this “help,” and its Criminal Law Enforcement Division only handed over data—including open cases still under investigation—after being ordered to do so.
By the summer of 2006, it was clear that Northrop could not make the project function and that the threat from Katrina evacuees appeared to be overblown. In addition to the fact that it didn’t work, the project had multiple flaws. Chief among DPS’s concerns was that it was not clear who at Northrop had access to the data, or what had become of it.
In an e-mail on August 17, 2006, Kent Mawyer, chief of the enforcement division, wrote to McCraw: “… with the termination of the project, I will be notifying NG to confirm delete of all data from affected servers … to include any backups and closure of the firewall.”
McCraw responded: “Please hold off on any deletions until I have an independent audit conducted to ensure there are no excuses for meeting operational requirements.”
Rather than go through the state auditor’s office, McCraw commissioned an audit of the project by a former colleague from his FBI days. She produced a five-page evaluation. Under a section on security, the audit read:
Operation of the system has been suspended by DPS primarily for security reasons. Other than a firewall, the system had no front-end security (no access control) and it also collected no audit data (nothing to record what users had done). During its brief operation, the data was available theoretically to anyone at the DPS IP address who typed in the web address for the system. NG asserts that security features were eliminated from the proposal to cut costs; this appears to have been an inappropriate solution in the absence of alternative security measures.
McCraw says some of the money for the Katrina project was spent on hardware and software that can still be utilized. He insists that the data DPS gave Northrop Grumman were eventually returned. Extensive public records requests have not revealed any documentation to that effect.
Control and security of data would be an issue with Appriss as well. Some of the difficulty stems from using private vendors to handle sensitive material. For McCraw, this is the future and the only way to operate. “What we are trying to build,” he says, “is an intelligence capability or intelligence-sharing capability. Not do it in the old ways, where it takes four years to roll out, and not do it where the government is going to do it, where it’s cost prohibitive, but to do it in a way that leverages the private sector’s capability and know-how.”
Fortunately, there are federal guidelines laid out by the FBI’s Criminal Justice Information Services Advisory Policy Board. As part of the CJIS guidelines, before a private vendor can handle sensitive material, its staff must undergo background and fingerprint checks. CJIS also contains policies governing the operation of computers, access devices, circuits, hubs, routers, firewalls, and other components that comprise and support a network.
According to DPS, as of April 11, Appriss is still not CJIS compliant. McCraw disputes this. “DPS is wrong,” he says. “We’re more in compliance with CJIS security requirements than CJIS.”
McCraw knows from experience that larger Texas police departments will not give their files to a system that is not CJIS compliant for fear of compromising their data. DPS has heard from the McAllen and Plano police departments, which have voiced concern over TDEx for this very reason. And it’s not unfounded.
As late as October 2006, more than a year after Appriss signed its contract and after receiving sensitive data from the Texas Rangers and the state Highway Patrol, Appriss had not given Texas authorities fingerprints or background checks of all its employees handling the data, according to e-mails obtained by the Observer. There were also questions about the security of the company hired to shred documents for Appriss. (McCraw says all background checks have since been completed.)
In hope of providing some form of monitoring over the Appriss facilities, Texas DPS authorities began discussions with the Kentucky State Police to make them a “supervisory” criminal justice agency for site security. No agreement was formalized. In a recent interview, McCraw insists that there are sufficient safeguards and it’s no longer necessary. “In today’s world, where the warehouse is doesn’t matter, as long as it’s in complete compliance with all the security protocol and … you have the ability to audit at any time,” he says.
Others disagree. “Once that data leaves, you’ve lost control,” says one law enforcement official knowledgeable about TDEx who requested anonymity.
One sticking point for DPS was how Appriss would provide a statewide network to deliver the information that would be sufficiently secure. There was one available: the FBI’s Law Enforcement Online network. DPS urged Appriss to use it. McCraw nixed the idea. “… my concerns with LEO is simply this: If it is not funded or there are other FBI priorities as in the past we lose,” McCraw e-mailed a DPS supervisor from his Blackberry.
Because of these and other issues, the DPS’s Criminal Law Enforcement Division decided that despite McCraw’s objections, it would only provide TDEx with information on closed cases.
In some ways, TDEx’s goals are not necessarily bad. The need for law enforcement agencies to better communicate and share information with each other has been widely recognized by the 9/11 Commission, among others. But even if the TDEx system could solve its significant security hurdles and manage to function as intended, there would still be the issue of its control by the governor’s office.
Asked about the dangers involved in allowing a political office to control such a database, McCraw replies, “I’m the only one [from the governor’s office] that has access to TDEx, and the reason I have access to it now is not because I need it, but because I’m just testing its capability.”
When it was pointed out that Jack Colley, director of the governor’s emergency management division, also had access, McCraw backtracked and took refuge in the idea that no matter who the user, there would be an audit trail of their searches.
Civil libertarians are not assuaged by this kind of answer. “Criminal intelligence data should be in the hands of a professional law enforcement agency that has distance from the political
pressures on elected officials,” says Rebecca Bernhardt, immigration, border and national sec
rity policy director for the Texas ACLU. “How can we be sure that we will never have a governor who will misuse this power?”
Rather than take a serious look at these issues, the Texas Legislature seems intent on giving Perry even more power. The governor is pushing an appropriation of $100 million for border and homeland security. Presumably, some of that money would be used for TDEx. House State Affairs Chairman David Swinford, a Dumas Republican, is offering House Bill 13, “relating to homeland security issues.” The bill is scheduled for hearing on Friday, April 13. Leading up to the hearing, the bill’s content was a bit of a moving target. Two days before the hearing, there already had been two committee substitutes, with the possibility of a third on the way. The most recent version had a provision that reads: “The Department of Public Safety of the State of Texas shall provide to the State Office of Homeland Security any criminal intelligence information that the director of the State Office of Homeland Security determines is relevant to Homeland Security operations.”
Asked about this provision, McCraw vowed that it would not be in the final version. “I’m sure there are some that think I was conspiring to take over criminal intelligence,” he says. “I got enough problems tying my shoelaces; it’s not about one agency, it’s about multiple agencies working as a team.”
Meanwhile, the Perry Alliance Network paid for by Texans for Rick Perry has been sending out e-mails in support of Swinford’s bill.