Communications of the ACM

• entered the U.S. by a variety of means and through various ports of entry;
• who lived in different states;
• came from different countries;
• had different backgrounds;
• may or may not have known each other; and
• may or may not have had similar living and work habits.

These people were going to hijack airplanes and crash them into the World Trade Center and the Pentagon. However, I doubt we could have foreseen these events.

While finding and tracking suspicious patterns of behavior may appear attractive at the outset, it is unlikely unexpected behavior (patterns not previously seen) can be predicted through preexisting knowledge management techniques—AI, data mining, and information sharing. In past instances, unexpected behavior—particularly in wartime—has virtually always surprised the defending side. Take our previous best-worst example—Pearl Harbor. Since it didn't fit any prior strategic or tactical patterns, we didn't connect the dots and see it coming. Armchair quarterbacks have spent half a century castigating and blaming everyone from the President down to military personnel on duty that day. But the fact remains no one saw it coming. Likewise, after the fact, analysts have had a field day asking why the people in charge didn't connect the dots beforehand and prevent 9/11 from happening. I'm not sure any amount of abrogation of "their" right to privacy would have enabled "us" to do so.

But there are some things that do make sense, and perhaps could reduce threats to U.S. security. These things would at least permit us to control the flow of visitors to and from a country's society. Let's take the scenario: Suppose all persons in the U.S., other than its citizens, are tracked in terms of the reason they are here. For example:

• If a person enters on a student visa, it is reasonable to know that person is enrolled and attending classes at their stated institution.
• If a person enters on a business visa, it is reasonable to determine if that person visits or is a member of the business they say they are visiting.
• If a person enters on a work permit, it is reasonable to determine that person works for the company they stated.

This kind of information can and should be part of a national security knowledge management strategy. Suppose we put in place mechanisms to make these kinds of knowledge management strategies possible. Some examples:

• Suppose a variety of biometric data was gathered from all noncitizens who enter the U.S.
• Suppose these peoples' biometric data was compared with international and national records online at the point of entry.
• Suppose all noncitizens, on entry, were issued an ID card or had their passport imprinted with the biometric information about their entry and period of stay.
• Suppose all these persons had to provide specific lodging information on entry.
• Suppose we tracked not only arrivals but also departures in this same fashion.
• Suppose we checked biometric data on leaving with those on arrival.

Some of these suppositions are already in law but not implemented, or have been deferred. Some would have to be codified and implemented—such as fingerprinting. Some would have to be implemented through integration of existing databases—such as fingerprint records held nationally, in states, and internationally.

In the end, it will become a balancing act between the presumptive rights to privacy of each individual and the rights of a nation to protect itself. Starting with Pieter Dengler in Nieuw Amsterdam, the debate has been going on in the U.S for 400 years. But in the debate over the balance between public and private rights, we mustn't forget that as a nation, the U.S. and essentially all societies, have at one time or another been under heavy attack from external and internal forces. And through it all, in the long run, keeping society open and free has always been the most effective and wisest course of action. I hope we will continue to be so wise. Our knowledge management systems, therefore, must provide us with increased security without compromising the rights we all share as citizens of the world.