Directnrate ufTerrnrist Identities (DTI) Strategic Accomplishments 2013 I I Page 1 lishments ortin NC CGoal 1:Leade Ono Millionth TIDE Person Record: On 28 June 2013, the Terrorist identities Datamart Environment passed a milestone ofone million persons in TIDE. While Directorate ofTerrorist identities seelts to create only as many person records as are necessary for our nation?s counterterrorism mission, this number is a testament to i'J'l?l's hard worlt and dedication over the past 2.5 years. Since DTI stood up as an independent NCTC Directorate in December 201d, have created more than 4910,0138 terrorisnrrelated person records and deleted subjects whose nexus to terrorism was refuted or did not meet current watchlisting criteria. In addition, DTI has added over 3'3 {Wilt} biometric files to TIDE. On a daiiybasis, DTI process more than 25 [1 nomination cables and Bill] encounter reports, visa applications and other data sources to support the US. Government's screening and terrorism analysis missions. [UffF?llti] Processing Nominations into TIDE: Nominations A I insomnia sans: $55333 -- agin?iaie? ?5 stones or. 1.351swarpmasi Van-.1 .m a I?r . 31': . Kingfisher Expanding its Role: NCTC deployed the Kingfisher Expansion visa support program on 15 lune, 2013. KFE is a recently developed terrorist screening tool that correlates large datasets to help enhance existing terrorist identity information to support missions. The KFE tool reviews Dos visa applications for connections to terrorism information and then uses the to enhance existing records maintained in TIDE. KFE performs a near real~time checlt against TIDE for all worldwide visa applicants prior to Department of State approval. KFE is processing nearly applicants each day, has processed over 4.6 million visas since its "go-live? date in June, and is projected to save the Des over $50 million in security check fees. I I PageZ DTI Support to Boston Bombing Investigation: In the wake ofthe Boston Marathon bombings, NC'i?C?l'l?l was deeply involved with all facets ofthe response. immediately following the incident, contributed to FBI deep dives, identified potential suspects, and delivered information to national leadership as well as coordinated with the FBI on biometric holdings in TIDE. Longer~term, DTI responded to the US Senate a nd House Congressional Intelligence Oversight Committees and prepared formal testimony that aided the Director Principal Deputy Direction of NCTC, and Director for appearances on Capitol Hill. From this incident, DTI identified several lessons learned that were incorporated into the Directorate?s policies and processes. Terrorist identities Datamart Environment Classi?cation Guide Working with community partners, D'l?l finalized the ?rst copy ofthe TIDE CG. This guide will serve as the official document for general classification guidance and classi?cation policy controls and procedures for the dissemination and use of TIDE information, ensuring it will be adequately protected. Biometric Enhancement Scrub for Watchlisted US Persons: Th rough a comprehensive review of TIDE holdings relevant to the Boston Marathon bombing, NCTC recognized the need to ensure that watchlisted US persons included available facial images and fingerprints. This project includes record by record research ofeach person in relevant Department oiState and IC databases, as well as built data requests for information. The built requests were sent to our partners at FBI and for any related biometric data, including driver?s license images. When the project started there were 814- US Persons without any biometric information in TIDE, equating to less than 20% of the total watchlisted US persons. Upon completion of this project, NCTC has added BED facial images and 24-9 fingerprints for 163 US persons. Mali and ChechnanDagestan Enhancement Scrubs: In FY13, DTI completed a targeted scrub of TIDE subjects with connections to [riali or terrorist groups known to operate in Mali based on the recent conflict and ongoing threat to US and Western interests there. Separately. TIDE subjects with a nexus to Chechnya or Dagestan were reviewed in the walte ofthe Boston Marathon bombing. reviewed more than 1,?00 TIDE records on subjects associated with these threats, resulting in some 3,5Ilil enhancements to over 600 TIDE records. The scrub also resulted in watchlist status upgrades for 55 TIDE subjects. Biometric Analysis Reports: The Biometric Analysis Branch continues to provide support to a broad customer base through their unique sltill of facial identification support. In 2013, BAB produced 291 Biometric Analysis Reports which provide facial identification support to customers from NCTC, DOD DDS, CIA, NMEC, DHS FBI DIA, NBA and sscasrysoronn Pa 3 DTI Threat Team Threat Team Increases new has .- i. I.-. is . "171:. a, Reduction oleDE Enhancement Backlog: This year, automation, policy modifications, and resource realignments helped reduce a historic backlog of Department oi?State Consular Consolidated Database records consisting ofvisa information on that are already in TIDE and/or watchlisted in the TSDB. had experienced a historical backlog that numbered in excess of 153,000 records. This number was reduced by 88% in FY13 to around and that should he completely eliminated by Q1 2014. This reduction will allow for all newly identified ltS'l? TIDE records to be enhanced with CCD information within 48 hours ofnomination. NCTC Meets Requirements for Biometric Export: in March 2013, in accordance with the full implementation of the biometric export occurred. This culminates a five year effort, which included significant changes such as moving from TIDE 1 to TIDEB, in order to provide storing and matching capabilities for facial images, fingerprints and iris scene. As part of this effort, NCTC delivered biometric data for more than 12?,000 known or suspected terrorists to the Terrorist Screening Center to date. Due to the hard work by NCTC, writ large, these itSTs will have their biometric data properly placed into the hiom etric screening systems. This means when one of these known or suspected terrorists attempts to enter the United States either by applying for a visa or through a Dl-lS point ofentry screening, regardless of falsified documentation, the subject will likely he denied entry. Growth for Non-Traditional Biometric Data: DTI has continued to enhance several "non-traditional" biometric data fields in TIDE, for FY13 TIDE has shown the following growth: Handwriting Signatures [ruse]; DNA strands Beginning collection on this data helps to ensure that when the biometric and forensic community is ready to actively screen this data, that NCTC will be readily able to provide the appropriate data on all known or suspected terrorists. I TIDE Records Enhanced with Biometrics data: increased, TIDE Biometric Holdings in 2013 . .4 .i 1 I t. tees -- mm- eLJx sees sea insane-a 3. Etitlit a ititlit WE Fania: Photos Fingerprints iris Scans Biometrics [53/le3] Biometric Data Sources: has seen a large increase ofbiometric data in 2H1 3, both activer received from the nominating partners as well as proactively sought by the Identity Intelligence Group. The top five agency,r contributors of data are as follows: Department of Defense DHS ca, FBI and State Department FBI Platinum ProjectSupnort: Since 17 lune 2013, reviewed 1,6?8 TIDE nomination cables in support of the FEl?s Platinum Project. The Platinum Project was initiated by the TSC Nominations and Data Integrityr Unit as aproactive means to identify FBI subjects of interest and US Persons who are nominated by Other Government Agencies and are currently watchlisted in the TSDB. conducted research in the Sentinel and Guardian databases to determine if the subjects identified in nomination cable traf?c had an open or closed case or Guardian lead. This year,1,142 Platinum leads were submitted to the FBI resulting in 42 new threat assessments, 5 preliminary investigations, one full field investigation, and four individuals being removed from the watchlist. Qualityr Assurance Requests: More than 1,000 de?inerge requests were reviewed to ensure that records which had incorrectlv identified multiple subjects as one person, we re appropriately divided in to separate records. Co nve rsely, over person merges, nearly 13,000 location merges, and merges of other entities was done, this removed duplicate data from TIDE and ensured the accuracy oithese records. 5% ECRETKIND FD RN Page 5 TSE Requested TIDE Quality Assurance Reviews: TIDE Quality Assurance Reviews issaoiz llaais ?i E34 290 Handrails: not Retirees requests reaching aiiniaairn criteria for watches;an canoes TIDE Quality Assurance Reviews: The Quality Assurance Branch reviewed e500 legacy records as part of a proactive scrub of 60,000 single-source TIDE records where no update has occurred since JanuaryF 2011. reviewed records for 2,550 KSTs from visa waiver countries and 3,800 of the qualifying records that were created between 1994- and 1996. This work resulted in: 61 individuals removed from watchlisting [including 30 deletions from three upgrades to TSA nine records merged with other entries; and 39 records with added biographic data. Additional enhancement work by the Identity Enhancement Team on 500 of the visa waiver records resulted in 10 watchlistiog upgrades, and the addition oft}? first?time dates ofbirth, and 14 biometric files. 2013 Analytic Products: Terroris nalysis Production . .. man NCTC a ?Ui?kL??k? - -- .. I m?mm . .. tsaiinents, .- . F0 Restarts. memos Page 6 TIDE Special Projects: Moreen-"1. W335 from mete than 21 o'itteteni scrubs 1.1335: Mites unrelenting" I [Fanny Ina-photo. Eta Fir. so sine Posee?iojaapms tone. Faeroe. Home. Liaiseeshae. {sensation -. fines-esinimizoi?eairmisnrn. . 3 - . {restraint-es . '3 . -gmoeo?en .. . Enhancements Using CBP Data: in seas, more too 6k CBP Encounter Packages Exploited 7191;?; 3'3333 lillui'll $2.231] i :t I if}. I 1,354 HiL?l 1 :13 *1 i i DTI Accomplishments supporting NCTC Goal 2: Partnership Internal to NCTC: Threat Case Management and Syrian Foreign Fighters: In 2013, created and maintains 12 threat cases, which link all known actorsuancl their biographic and biometric identifiers?to a particular threat stream, providing across the community one centralized resource. The cases were collaborative efforts with and DSOP, CBP, and TSA. RN The Syria Foreign Fighter Threat Case in TIDE provides the lC?s common record for the activities of more than KS'i?s associated with Syria. This case contains a total of 3,258 individuals, to include T15 Europeans and Canadians and 41 US Persons, ofwhich are watchiisted in TSDB. External to NCTC: Chicago Marathon supported by DTI lit] and ACE TIDE FBI: Based on the les5ons learned from the Boston Marathon, li'l'i in ABC and [If] worlted alongside the FBI and the NCTC Midwestern Representative to suppose the Chicago Marathon. performed deep dives in Tide for biometrics, and located all ofthe entries that had no photo or fingerprints. also pulled all of the records in TIDE of people who held a drivers license in illinois, Indiana, and Wisconsin. Doing their due diligence with those TIDE lists, ensured no one warranted further scrutiny by the FBI before the race. Biometric Support to NCDC: In FY13, DTI began assisting the National Collaboration Development Center with their Targeting Collaboration Course The TCC is an interactive scenario-based training in which students learn to enhance existing source identification skills by providing tactical analysis intended to spur an operational action against a human target. Driver?s License initiative: To fulfill the biometric enhancement mission within DTl?s Identity intelligence Group the Biometric Analysis Branch began an outreach/?partnership effort with the iarger law enforcement. community to collect facial images associated with driver's license data. With support from FBI partners and Domestic Representatives, this enhancement mission toolt on significant growth in FY13. DAB new coordinates directly with the following states: Arizona, Texas, New York, Maryland, Delaware, Washington DC, Florida, California, Virginia, Oregon, Massachusetts, Nevada, tleorgia, Colorado, Washington, and Rhode island. This effort has resulted in 2,400 Driver?s License facial images added to TIDE in W1 3. [Sf/Till] International Travel Data DTI identified information gaps between TIDE and Cin's rm and worlted with CIA to add the missing data to TIDE from clandestinely collected travel data. This effort resulted in the inclusion of892 fingerprint flies and an additional 1253 data points added to TIDE. DTI used the data to enhance a total ofiiQZ identities in TIDE. [ll/filClUCI] CMU lClutreach Initiative: To increase the biometric and biographic information on detained worldwide, DTI began working with the Collection Management officers. As a result, over 15s requests have been sent to the field and nine new national HUMINT collection requirements have been written. Additionally, DTI is now sending collection requirements directly to the field using the CIA Information Needs Management database This will allow DTI to obtain information that has not been collector] and use it to enhance TIDE. i DTI Outreach Efforts officers, together with representatives from the Terrorist Screen'ng Cenzer's T552. training team, traveled to F31 Miami and FBI Los Angles, visiting Field and fusion centers to educate and agents about D'fl, TSC, TIDE, and the business process to aid in their role ofreviewing case information and Guardian leads. and participation in the Encounter process. 2013 is the first year that DH and TEE have partnered to provide outreach and training outside of the metro DC area. Training Expanded for External Partners: DTI officers traveled to GA to provide a brief to approximately ED Counterterrorism Division instructors and leads at the Federal Law Enforcement Training Center The goal was to establish a partnership with FLETC ant] to educate the instructors about DTI, TIDE, and the watchlisting business process. in the has also expanded its training offerings, holding a quarterly training session in the auditorium for all If: members. In FY13, provided advanced TIDE training to 95 representing nine partneragencies TSA, NGA, DHS, FBI, CPB, US Arm},r Special Forces, and Bureau ofDipiomatic Security]. (SHNF) Biometric Training Program Offered to Additional Partners: DTI new offe rs a half?dagr Biometrics Training Program once a month that is open to all It?. partners holding a clearance. The course provides a basic familiarization of classified and unclassified biometrics repositories; an overview of the watchlisting process as it pertains to biometrics and identity intelligence; and an introduction to targeted biometrics research at NCTC. DTI, TIDE and Watchlisting Review: This review brought together experienced members ofthe watchlisting community to take a genuine Ioolt at how the community is doing. Participants were asked to put the views of their home agencies aside and take an objective loolt at the watchlisting process, TIDE, and DTl's support of TIDE and the watch] isting process. The exercise culminated in an assessmenL paper providing five key findings, seven recommendations for improvements, and acknowledging those areas that excel. CIA Hydra: DTI has partnered with CIA to enhance select populations in TIDE with clandestinely acquired foreign govern ment information from CIA's ra program. in this Inulti?phased project, provides CIA with TIDE data and itis correlated with Hydra information to uncover additional Terrorism Information on KSTs that is then used conduct Quality Assurance reviews on existing TIDE records. As proofof concept, provided CIA a list of 555 Pakistan based subjects identified as in TIDE. The Hydra program vetted these names against Pakistani Passports and provided TIDE record enhancement information {biographic and biometric identifiers] baclt to li'l?l. The next step will be to provide with a list of'l?liJE subjects with National ID Numbers [an 1,?00] for vetting on dates of birth. Future initiatives will include additional targeted countries, as well as a targeted effort to locate first-time Dill-ls for subjects with Passports and National 1D Numbers. Watchlisting Guidance Review IPC: In 2013 the Watchlisting Guidance Review IPC completed a Ii?vear et view and update the iuljvr 201 Page a RN Watchlisting uidance. participated in multiple detailed reviews providing comments and inputs and provided suggestions for improving the Guidance. The effort culminated in an approval by the Deputies Committee in March 2013. [ll/{F000} INTERPOL Information-Sharing Agreement: INTERPDL Red Notices contain derogatory information, biographies, and biometrics which can serve to both create new TIDE records and enhance currently existing records. Through coordinated efforts, processes were developed whereby the FBI's National served to nominate subjects of Red Notices to TIDE for watchiisti ng and EAB is enhancing existing TIDE records with active Red Notices. Foreign Collected Terrorist Biometrics: in 2012, the Biometric Analysis Branch partnered with 1031?s Global initiatives Unit to nominate biometric data captured on terrorists from foreign partners into TIDE. This process has continued to evolve and grow. In FY13, this process has enhanced over 1,000 terrorist records enabling effective biometric screening. - National Media Exploitation Center The Biometric Analysis Branch continued to support a DTI liaison within NMEC which proved beneficial to both organisations. The arrangement enables NCTC to obtain additional data fusion points by accessing and exploiting data holdings and, in return, DTI provides NMEC with a classi?ed biometric search capability against TIDE through automated and manual facial identification support To date one has enhanced 33 TIDE records and provided over 1000 search to NMEC. From this effort, in December 2012, the Encounter Analysis Branch established a CBP Encounter Package foreign document translation process with the National Media Exploitation Renter and has completed 119 requests fortransiation and addendums to TIDE. DTI Accomplishments suppogtiug MILE Goal 3: Workforce DTI In te rnal Training: Standard DTI Internal Training: In 2013, DTI provided training for a total of124 new hires, a 100% increase over 2012. Over 30 ofthese new hires were trained during a two month period during the contract transition, an B0 0% increase over the previous two months. The training team was able to matte considerable adjustments to accommodate this extremely high influx of personnel. In addition, DTI has developed and implemented a refresher course that provides the opportunity to reinforce the fundamentals of'l?lDE production. The course highlights general policy and process updates of which may not be aware given the different focus areas of the various branches within DTI. Finally, DTI developed a familiarization course for those in DTI who are interested in gaining a perspective on DTI operations. Topics include overviews of external IC policies, watchlisting, Kingfisher, TIDE, Biometrics, and DTI overview. a pilot and a full session ran in 2013. Moclt EBB: DTl?s Professional Development We riting Group sponsored moclt Career Advisoly Boards wich Were design provide employee nsight to the Page 10 documentation and process involved in CAB decisions. 1iJolunteertil?ti] panelists reviewed ?ctitious persons' PERs and bios and drafted Employee Assessment Forms for the "employee" they represented on the panel. and acted as panel chairs to guide the process and facilitated an open discussion after the panels completed their employee evaluations. Participants gleaned insight into the importance and complexities of documentation and the process. Expansion of identity Intelligence [12] Training Module: The training is taught once a month and has been well received across the community. This external course consists ofa half day version of the DTl's Biometric?l'raining Program. in addition, as an effort to ensure that ever},F analyst within DTI has a basic understanding of biometric data and a shortened version oftlie training was incorporated into the MID Training and Outreach Team portfolio. The additional course consists ofa one hour block which has been incorporated into both the DTI New Hire Training as well as the DTI ManagerTraining as of lune DTIAccom lishmentssu ortin NCTC Goal4 Process DTI Policy Response Tea rn: if: implemented a heyprocess for addressing, coordinating, and responding to sirloist 'actions such as the responses to the Boston Marathon bombing, fir the record, White House requests for information and polit'j.? cost-sire: issi-i'rgs. end NCTC directed actions. The team ensures tasltin gs are res earchei re set: out across the Directorate, coordinated appropriater within ETT. a: the: are ::r.solidated and accurate. Since January the team has successl'u'ild': reseerf's: ?53::It?ej to over 110 actions. Governance Stratcture: I esietizsitei an internal governance structure to encourage the exploration :f ofactivities, and enable informed decision melting. The to: gr: 1.13 Chiefs Forum and the Futures Forum provide a process for ideas er i: be Tested and pushed up for decision. [UffFOlin Applied Correlation to TIDE Tee initiative enables to correlate TIDE data 3125.1- - _g 'ge: :e :mmanity and Law Enforcement databases. Using the _a are able to qtiicld}r conduct a search across severe: i is existing data that can he used to enhance a TIDE rec- . .. .s .s 2:2: .33' being piloted within the and IJI began executing?EL 3'25. _5 grass :2 ins current strategic plan 1e: initiatives in the NCTC strategic revise a venue to focus [Liffl?titltiji Facilitatio: of Pia-1:323, Across DTI: Starting in lune 2013,1311 1 1 ll I ii 11 [published in far. plan [published 1; Directorate .l ll i I .t - til Pagell SECRETHNU Development of Metrics to Minimize individual Requirements to Track Work Completion: DTI developed a TIDE-based metrics template in May 2013 and began [retroactively] tracking several datasets effective 1 Jan 2013. Information collected includes data on nominations, nomination backlog, special ingest, new entities created, encounters, and on audits. [tl?lit?i thl] Standard Nomination Tool: along with Watchlisting Community partners, upgraded the standard nomination tool used to send data for entry into TIDE. Significant improvemen Ls were made to the user interface to streamline the process of submitting data and the inclusion of the TIDE Restricted capability provided nominating agencies the ability to ensure thatdata too sensitive for export to unclassified systems could be appropriately marked and handled by TIDE. This allows nominating agencies to provide more data than previously disseminated as appropriate controls are new in place to ensure the sensitivity of the data is accounted for. Bulk Ingest capability: developed an internal self?service program to ingestlarge datasets for automated exploitation and enhancement ofTiDF. records. The self-service capability allows D'l?l to quickly ingest large datasets into TIDE in a ?exible environment where those providing the technical support are fully trained on DTl's policies and work closely with those who will process the data. The result is fewer policy errors and the ability to quicldy make modi?cations and set priorities based on DTI's needs. The program?s ef?ciency has enabled to ingest multiple datasets in the time that the previous process would have taken to prioritise the datasets. Database Development llG's Data Exploitation Team developed a database which has created multiple efficiencies for internal processes. The database allows for automated tracking, metrics reporting, increased accuracy in de?duplication, and allows for tracking and identi?cation of KSTs for further research. The database also allows for tracking oflilsa classified cables. This database has saved at least 10 hours of work per week and has streamlined processes for RFls, metrics, and identity management. Based on this success, this database has been duplicated for other internal DTI sections. EFT Packages to TIDE: After 2?plus years of development, the early i-?ebroary 2013 approval of the interconnection Security Agreement between 1:2th and NCTC resulted in the successful electronic file transfer of CBP Encounter Packages to TJDE. Previously, the Encounter Packages were retrieved from CBP via a Compact Disc. Since the '7 March 2013 start up, more than 5,3278 Encounter Packages have been received and processed into TIDE by __1321Ee 12