N.Y. policeman illegally obtains, uses U.S. terror watch-list information

Published 24 January 2009

NYPD sergeant uses a colleague username and password to access the FBI terrorist watch-list; he then obtains information about an individual on the list — an individual locked in a child custody fight with a friend of the sergeant — and provide the information to the friend’s lawyer

Whether or not the FBI terrorist watch-list is effective in detecting terrorists and preventing them from getting on planes is a question for debate (since there is no way to prove a negative, we will never know what would be the situation without such lists). One thing we know: According the U.S. Department of State, there are 27 organizations around the world defined as terrorist organizations, with a combined membership of about 200,000 (this includes the 120,000-strong Iranian Revolutionary Guard). The lists DHS maintains, however, have about 1,000,000 names on them, according to the American Civil Liberties Union (ACLU). Who are these other people on the lists?

As we debate the efficacy of the list, we note a disturbing story of its abuse. Register’s Dan Goodin reports that a New York City Police Department sergeant has admitted he illegally obtained a name contained in an FBI terrorist watch-list and gave it to an acquaintance to use in a child custody case. Haytham Khalil pleaded guilty to one misdemeanor charge stemming from the unauthorized access and dissemination of information from the FBI’s National Crime Information Center (NCIC). The database contains information from the agency’s terrorist screening center identifying individuals listed on a terrorist watch-list.

According to documents filed in federal court in Manhattan, Khalil lacked the authority to access the information, so he used a fellow cop’s username and password to gain entry. Remarkably, the fellow officer left his credentials on a notepad so his co-workers could access the system when he was not around.

In December 2007 Khalil used his colleague’s login credentials to access the NCIC database so he could obtain information identifying an unnamed person contained on the FBI terrorist watch-list. Khalil then turned the information over to an acquaintance who was locked in a child custody battle with the person. The acquaintance then turned the information over to an attorney to use it in a pending proceeding.

Khalil faces a maximum penalty of one year in prison and a fine of $100,000 or more at sentencing, which is scheduled for 14 April.

Goodin notes that the episode is exactly the kind of story that feeds critics of government watch-lists, who say such databases are rife with potential for abuse. “Law enforcement officials say such databases are carefully restricted, but as Khalil’s guilty plea demonstrates, the measures can often be easily circumvented,” Goodin writes.