Ian Millhiser of the Center for American Progress [disclosure: I used to work there, but do not know Millhiser] writes that a tagging system in an intelligence database that should have identified the Dec. 25 airline attacker failed—because it hasn’t been built yet.

The backbone of this web of obligations to discover, request, and share information is an automated database that ICD 501 requires the Intelligence Community to create. Part Google, part Facebook, part Microsoft Excel, such a database allows intelligence officials to comprehensively catalog their knowledge, tagging each data-field according to how it is connected to other information, and what level of security clearance is required to read it. The entry on Abdulmutallab should have been tagged to indicate that he is possibly connected to violent religious extremists, that he is a Nigerian citizen, and that he is located in Yemen. Had an NSA official, aware that Al-Qaeda in Yemen was planning to use a Nigerian citizen to commit an attack, searched the database for a Nigerian who fit the profile of a potential attacker, it is almost certain that Abdulmutallab would have been discovered sooner and flagged for additional screening before he could board a plane to the United States.

But there is a very simple reason why such a search was never conducted. According to multiple software designers involved in creating ICD 501-compliant platforms, the Intelligence Community has not yet built the IT infrastructure required to support this database. ICD 501 was issued almost a year ago, but crucial infrastructure that is essential to the directive’s functioning simply doesn’t exist.

This puts details on top of a hunch I had that a fairly simple information system could have collated intelligence about a threat by a Nigerian and about this particular Nigerian.

As an addendum to my post about information systems and the politics of the failed attack on Dec. 25, here’s a nice paragraph from Dan Ryan at Sociology of Information.

The president was furious about the failure of the system to see “the red flags” and intelligence agencies are reported to have said that the information they had was “vague but available.”  The problem is that flags are not, in general, a priori red.  Presumably, some smart people are thinking about how systems see and things like that; hopefully, they don’t just think of it as “connect the dots.”

Ryan points out that many of the new measures we know about are designed to create more information.

In the framework from my previous post, the problem here is that the machinery built to process information failed. I would not want to fall into the trap Ryan decries of complaining that “dots” went unconnected. I do think however that a process that better collated the available information might have brought this threat to wider attention. So it’s not “connect the dots,” but rather “collate and evaluate” information.

Then again, a radio report last night (BBC interviewed someone clearly from a conservative organization in D.C.) pointed out that gate personnel were working from the wrong no-fly lists. This person seemed motivated by some anti-Obama talking points, but if part of the statement was factual, both the information and response systems were broken.