Russia warned the US that Boston Marathon bomber Tamerlan Tsarnaev was a violent radical Islamist more than a year and a half before the April 2013 bombing, but he slipped past border guards on multiple trips undetected because someone had misspelled his last name in a security database.
US officials had said as much in the days following the bombings, and now it's been confirmed in a House Homeland Security Committee report (PDF) released on Thursday.
The explosions killed 3 spectators and injured 264 others. After their photos had been publicised, the suspects also allegedly shot and killed a police officer from the Massachusetts Institute of Technology during their attempt to escape.
The newly released report confirms and gives context to officials' statements about the misspelled name in the days following the bombings.
US officials at the time had told Associated Press that Tamerlan Tsarnaev, who was killed in a shootout with the police, had been added to a huge classified database of known and suspected terrorists 18 months prior to the bombings.
In fact, the Russian intelligence service FSB - successor to the KGB - twice requested in 2011 that the FBI and the CIA keep an eye on Tsarnaev and let them know if he traveled back to Russia, given possible links to extremists in his ancestral home in Russia's North Caucasus.
The FBI did, in fact, assess Tsarnaev to determine if he posed a terrorist threat, but it didn't find any evidence of terrorist activity. The Boston FBI case agent did, however, set up a record for Tsarnaev indicating that border patrol should notify him if Tsarnaev traveled internationally.
In spite of that, Tsarnaev subsequently traveled internationally multiple times without any warning flags getting through to the FBI agent. Investigative reports have varied on what Tsarnaev did while he was traveling, with some evidence pointing to his being radicalized during his trips.
How did he slip through without being detained and without the FBI agent being notified of his travel? As it is, the report says, there's a lack of documentation regarding who was notified, when or how, or what alerts were shared between agencies.
The House Homeland Security Committee says it doesn't want to point fingers in the wake of the tragic bombings.
It does, however, point out "systemic weaknesses" uncovered in its investigation, including:
- Insufficient cooperation and information sharing between federal law agencies and local law enforcement;
- Limited communications between federal agencies;
- Inadequate resources for screening outbound travelers of interest; and
- Failure to amend inaccurate or incomplete records held by various agencies.
That last item should ring a bell with anybody who deals with databases.
It boils down to the old computer science maxim: garbage in, garbage out, regardless of how sophisticated and gluttonously data-trawling are the databases in question.
In fact, the report says, the alerts that went up regarding Tsarnaev's movements weren't identical. Specifically, the spelling of his name and the date of his birth were inaccurate, resulting in the lack of a match in the Terrorist Identities Datamart Environment (TIDE).
That database is the country's central repository of some 745,000 known or suspected international terrorists.
In records provided to the committee, an alert entered on 20 October 2011 spelled his last name as "Tsarnayev" and knocked a year off his age.
That alert specifically requested that officials who encounter Tsarnaev "escort [him] to CBP [US Customs and Border Patrol] secondary and detain is mandatory whether or not the officer believes there is an exact match."
From the report:
Because the two … alerts on his name were not identical, and because the [Terrorist Screening Database] record for him was incomplete and inaccurate, Tamerlan Tsarnaev did not receive a secondary examination as he returned to the United States from Russia. Given his interest in jihadist materials, it is possible CBP officials might have found something in his possession that would have revealed the threat he posed. This lack of communication represents a failure to proactively share information that could potentially save lives. Indeed, any further scrutiny upon Tamerlan Tsarnaev's return from Russia might have prevented the bombing if it revealed evidence of his radicalization or of ties to terrorism.
One of the committee's recommendations is that agencies comply with the rules that are already set up around data quality, which would have ensured that they include all identifying information when they nominate names for terrorist databases - not just one version of a name, but all versions, for example.
In fact, in August 2013, the CBP and the National Counterterrorism Center agreed to improve data sharing and "record enhancement" efforts related to the terrorist watchlist. Most particularly, the agencies, along with the Terrorist Screening Center, are now able to automatically transmit data.
Hopefully, that should help to reduce the garbage in part of the equation, if not definitively stop a terrorist act.
Robert Mueller, FBI director at the time of the bombings, has testified before Congress that even if the law had known about Tsarnaev's travels, even if agencies had shared information and all the alerts had been triggered correctly, nothing would have changed.
The bombings would still have taken lives and maimed hundreds.
Could the attack have been prevented with better communication and accurate data input?
It's a tough question to answer, the report concludes, but it shouldn't keep us from asking.