Homeland Security Watch

News and analysis of critical issues in homeland security

July 11, 2013

DHS Vacancies Watch

Filed under: Congress and HLS,DHS News,General Homeland Security — by Christian Beckner on July 11, 2013

We are now more than halfway through 2013, and the number of vacancies of leadership positions at DHS continues to increase.  Until two weeks ago, the President had not yet nominated a single official to serve at DHS in a Senate-confirmed position, and had only made one senior-level appointment to a position that does not require Senate confirmation – the selection of Julia Pierson to serve as the new director of the Secret Service.

Having a certain level of senior-level vacancies in a Cabinet department is normal, given the typical churn of confirmed and appointed officials.  But if enough positions are open for a long enough period of time, it can lead to significant operational and management risks to that Department, and also diminishes its accountability to the U.S. Congress.

I am afraid that the Department of Homeland Security is now at the point where it is facing these risks.   As I note below, there are currently no less than 14 senior-level vacancies at DHS.  Given this, I think that it is critical that the White House prioritize nominations and appointment for the key positions listed below, and that when nominations are made, that the Senate act quickly on nominations for qualified candidates.

Below is a list of the Senate-confirmed positions that are currently unfilled (or will soon be unfilled) at DHS:

1. Deputy Secretary: Former Deputy Secretary Jane Holl Lute stepped down in May 2013.  Under Secretary for NPPD Rand Beers is currently serving as Acting Deputy Secretary.  On June 27th, the White House nominated current USCIS Director Alejandro Mayorkas to become the new Deputy Secretary, and his nomination is pending with the Senate Homeland Security and Governmental Affairs Committee.  His confirmation would open up a new vacancy at USCIS.

2. Under Secretary for Intelligence and Analysis: Former Under Secretary for I&A Caryn Wagner left DHS in December 2012.  Bill Tarry has been serving as Acting Under Secretary since that date, but his acting role will hit the 210 day limit under the Vacancies Act in the next ten days.  No nomination has been announced yet.

3. General Counsel:  Former GC Ivan Fong left DHS in September 2012.  Former Counselor to Secretary Napolitano John Sandweg was named as Acting General Counsel, but is now listed on the DHS website as Principal Deputy General Counsel, presumably because he had been in the acting position for longer than the 210 days allowed by the Vacancies Act.

4. Inspector General:  Former IG Richard Skinner left DHS in January 2011.  The President nominated Roslyn Mazer to serve in the position in July 2011, and her nomination was withdrawn in June 2012 following opposition by members of the Senate Homeland Security and Governmental Affairs Committee.  It’s now been over a year since her nomination was withdrawn, and no new nominee has been put forward.  Charles Edwards served as Acting IG until hitting the Vacancies Act limit and is currently listed as the Deputy IG on the OIG’s website.  He is currently being accused of a range of abuses of his position in a letter sent last month by Sen. McCaskill and Sen. Ron Johnson.

5. Commissioner, Customs and Border Protection: Alan Bersin was nominated as CBP Commissioner in September 2009, and in March 2010 was put in the position via a recess appointment by the President.  The Senate Finance Committee held a nomination hearing for Bersin in May 2010, but his nomination was never reported out of the Finance Committee, and his recess appointment expired at the end of 2011.   Since that time, former Border Patrol chief David Aguilar and Deputy Commissioner Thomas Winkowski have served as Acting Commissioner, but no new nominee has been put forward.

6. Director, Immigration and Customs Enforcement:  ICE Director John Morton announced his intent to resign in June and is departing at the end of July.

In addition to these six Senate-confirmed position, there are also senior leadership vacancies in at least eight other senior positions that do not require Senate confirmation, including Chief Privacy Officer, Officer for Civil Rights & Civil Liberties, Assistant Secretary for the Office of Health Affairs, Director of the Domestic Nuclear Detection Office, Assistant Secretary for the Office of Cybersecurity and Communications, Chief Information Officer, Assistant Secretary for the Office of Legislative Affairs, and Executive Secretary.

Anticipating reality

Filed under: General Homeland Security — by Philip J. Palin on July 11, 2013

If you live in the flood plain you (should) anticipate flooding.

If you live in beetle-infested pine forest you anticipate fire.

If there’s railroad track nearby, a derailment is unlikely today but eventually very likely.

With a fertilizer warehouse, oil refinery, chemical plant, pipeline or such nearby, anticipate trouble.

Dams fail.  Planes crash.  Hurricanes hit.  Tornadoes rip-through towns.

Electricity and telecommunications systems will be disrupted.

Deserts experience drought.

When what’s anticipated arrives we typically count our losses. We mourn.  We move on… usually rebuilding in the same place often in the same way.  A few move away,  exchanging risk of drought (or whatever) for risk of earthquake (or whatever).

We usually discount the worst case, but we take a (very roughly) calculated risk, insuring, even preparing (a bit) for the unwinding of randomness that we associate with natural disasters and accidents.

Another kind of randomness is unwinding.

What’s happening in Egypt, combined with what’s happening in Syria, Lebanon, Iraq, Iran and Sudan (south and north), Somalia, Mali, Nigeria — more would be easy to list — is a social low-pressure system heading this way.  Contending realities are colliding as cold envelops heat across the prairies spawning lighting, hail, wind, and worse.

While mostly a minor player in these struggles, the United States will be blamed for sins of omission and commission, no matter what we do or leave undone.  Good intentions will be ignored.   Ignorance multiplied.  Any conceit or miscalculation condemned.

This is the fate of empire.

The brutal and banal will find sufficient cause to claim revenge.   It will happen with the irregular and mostly unpredictable emergence of a tornado outbreak, California earthquake, or explosion on the Deep Water Horizon.

Given what is happening today, we should anticipate a noticeable increase in “violent extremism” in the years ahead.  As with natural and accidental risks, anticipation can produce practical preparedness and socio-psychological readiness.

In regard to all these risks it makes enormous sense to reduce our self-made vulnerabilities.

For many reasons — most of them having nothing to do with risk — we should increase the quantity, quality, and diversity of our human relationships.  On the worst days, these are what make us most resilient.

Awareness of threats can help, but preoccupation with any threat is seldom helpful.  Otherwise I would never drive in Washington DC (the only place I have ever had a car accident) or fly to Rome or enjoy morel mushrooms.  One of my favorite memories was a week in a city the State Department had just warned against visiting.

When the bad day comes we should use the experience to better understand and reduce our vulnerabilities.  When negligence or intention cause harm, we should hold accountable those involved.

Then we should move on as we are able, just as we do after natural or accidental incidents. Much as I perceive has been done since the Boston Marathon bombings.

I am not advocating denial of risk.  I recognize there is some danger in discounting risk.  But too often I perceive our response to intentional threats has been to unnecessarily amplify our risk.  Given what is happening in the political-religious-economic-meteorological environment the risks are already high enough.

July 10, 2013

Preparedness that worked

Filed under: Preparedness and Response — by Philip J. Palin on July 10, 2013

This morning the Senate Committee on Homeland Security and Governmental Affairs conducted a hearing on lessons learned from the Boston Marathon Bombings.  Media attention has focused instead on this afternoon’s arraignment of the accused surviving bomber.

Besides the morning session was mostly good news: planning and training helped, coordination and collaboration happened.  The horrific outcomes of a very bad day were mitigated by investments made over the last ten years.  The Boston Police Commissioner complained he didn’t know what the FBI knew about one of the accused bombers visiting Chechnya.  But he also admitted that knowing those details might not have changed anything.

Good news is usually not how the most advertising will be sold.  But it is worth recognizing what goes right, especially when so much seems to go wrong.  All of those testifying had good news to tell.  Here are just three paragraphs from prepared testimony by Boston native Richard Serino:

Since 2000, more than 5,500 Boston area responders have received training through FEMA partners including the National Domestic Preparedness Consortium (NDPC) and Continuing Training Grantees. During that same period, FEMA’s Center for Domestic Preparedness (CDP) has provided Chemical/Biological and mass casualty training to more than 500 Boston responders and providers.

FEMA has supported twelve exercises directly involving the City of Boston. These have included topics as diverse as chemical or biological attacks, hurricane preparedness, hazardous materials events, cyber and improvised explosive devices (IEDs). In 2011, DHS – in conjunction with the FBI and the National Counterterrorism Center – hosted a Joint Counterterrorism Awareness Workshop that focused on integrating response operations to a complex attack in the Boston metropolitan area. More than 200 participants from the local, state, and Federal community participated in the workshop.

As part of FEMA’s Regional Catastrophic Preparedness Grant Program, the Metro Boston Homeland Security Region (MBHSR) in 2012 exercised a Regional Catastrophic Coordination Plan designed to augment existing operations plans by facilitating communication, situational awareness, and functional area coordination across the region in a catastrophic event.

You can read more good news and watch/listen to a video of the testimony at the Committee’s website.

July 9, 2013

How to spy on yourself without really trying.

Filed under: Intelligence and Info-Sharing — by Christopher Bellavita on July 9, 2013

A friend sent me an email this morning with this subject line: “This is Amazing.”

The message said:

Check this metadata app (you can only use it of you use a gmail account): immersion.media.mit.edu 

I wasn’t the only one to learn about this new creation from the MIT Media Lab.  A lot of people wanted to try it out. So it took a long time to get through. But eventually I did.

I gave the Media Lab permission to see the metadata from my gmail account. Yes, you have to surrender your privacy to see what surrendering your privacy could be like. But what the hell. It’s only metadata. Metadata’s innocuous.

If you’d like to try Immersion, but either don’t use gmail or don’t want to share your account with MIT, here’s a link to an Immersion demonstration:  https://immersion.media.mit.edu/demo

And here is a link to a seven minute video explaining Immersion: https://vimeo.com/69464265

Here’s what the Media Lab’s Immersion Project showed me about my gmail metadata, covering 2004 through July 2013 (names removed):

Cb network image one

Interesting, but what could it mean?

I found James Vincent’s description of the Immersion Project in The Independent:

Plugging your Gmail address into MIT’s Immersion allows the system to scrape your email account for its metadata, and produces a complex bubble map showing who you talk to, how much you talk to them, and what your relationships with your contacts are.

Vincent’s article led me to a blog post by Ethan Zuckerman, describing how he used the tool.

Among his observations:

The Obama administration and supporters have responded to criticism of these programs [identified by Snowden] by assuring Americans that the information collected is “metadata”, information on who is talking to whom, not the substance of conversations. As Senator Dianne Feinstein put it, “This is just metadata. There is no content involved.” By analyzing the metadata, officials claim, they can identify potential suspects then seek judicial permission to access the content directly. Nothing to worry about. You’re not being spied on by your government – they’re just monitoring the metadata.

Sociologist Kieran Healy shows another set of applications of these techniques, using a much smaller, historical data set. He looks at a small number of 18th century colonists and the societies in Boston they were members of to identify Paul Revere as a key bridge tie between different organizations. In Healy’s brilliant piece, he writes in the voice of a junior analyst reporting his findings to superiors in the British government, and suggests that his superiors consider investigating Revere as a traitor. He closes with this winning line: “…if a mere scribe such as I — one who knows nearly nothing — can use the very simplest of these methods to pick the name of a traitor like Paul Revere from those of two hundred and fifty four other men, using nothing but a list of memberships and a portable calculating engine, then just think what weapons we might wield in the defense of liberty one or two centuries from now.”

Zuckerman published the Immersion Project’s image of his gmail account, along with an analysis.
Other network example

The largest node in the graph, the person I exchange the most email with, is my wife, Rachel. I find this reassuring, but [two people involved with Immersion] have told me that people’s romantic partners are rarely their largest node. Because I travel a lot, Rachel and I have a heavily email-dependent relationship, but many people’s romantic relationships are conducted mostly face to face and don’t show up clearly in metadata. But the prominence of Rachel in the graph is, for me, a reminder that one of the reasons we might be concerned about metadata is that it shows strong relationships, whether those relationships are widely known or are secret.

The Immersion image of my emails allowed me to identify people who are key in my network. Here’s an image of one of them, again I have removed the names:

One person image

I am also able to see, based on the thickness of the connecting lines, who in my network has the strongest ties to this central person. And that’s just scratching the metadata surface.

Back to Zuckerman’s blog. After describing some additional implications of his Immersion-generated social network image, he writes:

My point here isn’t to elucidate all the peculiarities of my social network (indeed, analyzing these diagrams is a bit like analyzing your dreams – fascinating to you, but off-putting to everyone else). It’s to make the case that this metadata paints a very revealing portrait of oneself. And while there’s currently a waiting list to use Immersion, this is data that’s accessible to NSA analysts and to the marketing teams at Google. [my emphasis] That makes me uncomfortable, and it makes me want to have a public conversation about what’s okay and what’s not okay to track.

Jonathan O’Donnell commented on Zuckerman’s post with a brief literature review about the consequences of data tracking (see the original posting for links to the cited research):

For me, the classic paper in this area is Paul Ohm’s analysis of why anonymization doesn’t work. He shows that small amounts of metadata, and a modicum of known facts, will reveal big amounts of private information (Ohm, 2010).

For example:
In 1997, two students at Massachusetts Institute of Technology (MIT) analyzed the Facebook profiles of 6,000 past and present MIT students. They demonstrated that they were able to predict, with a very high degree of certainty, whether someone was gay or not, based on their friendship group (Jernigan & Mistree, 2009).

In 2009, Acquisti and Gross demonstrated that they could ‘guess’ a large number of American social security numbers using just the birth date and place of a person (Acquisti and Gross, 2009).

In 2009, Zheleva and Getoor demonstrated that friendship and group affiliation on social networks could be used to recover the information of private-profile users. They found that they could predict (with reasonable degrees of success) country of residence (Flickr), gender (Facebook), breed of dog (Dogster) and whether someone was a spammer (BibSonomy), even when 50% of the sample group were private-profile users (Zheleva and Getoor, 2009).

In 2011, Calandrino and others demonstrated that you could use the “You might also like” feature on Hunch, Last.fm, LibraryThing, and Amazon to predict individual purchasing, listening and reading habits of users of these systems. As long as you knew a small number of items that were true about a person, you could use the system to investigate their private behaviour on these sites (Calandrino et al, 2011).

…I’m pretty sure that these techniques can be chained, so that if you are a prolific user of social networks, people can tell your gender, sexual orientation, country of residence, breed of dog, purchasing, listening, reading and spamming activities, your social security number and your name, even if you were anonymous.

But so what, if you’ve done nothing wrong? Why be concerned?

Some of my colleagues ask me that.

I know of at least one major police department that is concerned the ease of social network tracking is making life more dangerous for its undercover officers. The officers practice safe social networking. But they have little control over the social network practices of other people in their professional and social networks — let alone control over the people in the friends of their friends networks.  It gets megacomplex really quickly.

A few months ago, Bruce Schneier wrote that it’s too late to talk about control.  The Internet won, he says.  Privacy lost.

The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we’re being tracked all the time. … [It] is ubiquitous surveillance: All of us being watched, all the time, and that data being stored forever. This is what a surveillance state looks like, and it’s efficient beyond the wildest dreams of George Orwell.

Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters.

There are simply too many ways to be tracked. The Internet, e-mail, cell phones, web browsers, social networking sites, search engines: these have become necessities, and it’s fanciful to expect people to simply refuse to use them just because they don’t like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don’t spy.

So, we’re done. Welcome to a world where Google knows exactly what sort of porn you all like, and more about your interests than your spouse does. Welcome to a world where your cell phone company knows exactly where you are all the time. Welcome to the end of private conversations, because increasingly your conversations are conducted by e-mail, text, or social networking sites.

And welcome to a world where all of this, and everything else that you do or is done on a computer, is saved, correlated, studied, passed around from company to company without your knowledge or consent; and where the government accesses it at will without a warrant.

Welcome to an Internet without privacy, and we’ve ended up here with hardly a fight.

Oh well, there’s always Pong.  Pong’s innocuous.

July 8, 2013

Upcoming Senate hearing on lessons learned from the Boston Marathon bombings

Filed under: General Homeland Security — by Arnold Bogis on July 8, 2013

Thanks to Eric Holdeman at the Disaster Zone blog for pointing out this upcoming Senate Committee on Homeland Security and Governmental Affairs hearing on “Lessons Learned from the Boston Marathon Bombings: Preparing for and Responding to the Attack.”

The hearing will take place this Wednesday, July 10 at 10am and will be broadcast on the Committee’s website.

Hearing information (via Eric):

U.S. Senate Committee on Homeland Security and Governmental Affairs Chairman Tom Carper (D-Del.) and Ranking Member Tom Coburn (R-Okla.) will hold a hearing titled “Lessons Learned from the Boston Marathon Bombings: Preparing for and Responding to the Attack” on Wednesday July 10, 2013 at 10:00 a.m. in room 342 of the Dirksen Senate Office Building in Washington, D.C.

The terrorist attack that occurred during the 117thBoston Marathon serves as a reminder that while the U.S. has made great progress in combating terrorism, terrorists at home and abroad still seek to carry out brutal attacks against Americans. While the first priority is to stop these before they occur, it is also important to ensure that when prevention fails, federal, state and local entities are well prepared to immediately respond to the attacks and mitigate their effects.

This hearing is intended to examine the steps that were taken to prepare Boston for threats such as these and the response that followed. In particular, witnesses will discuss the specific steps Boston had taken to prepare for incidents such as these; how these affected the response to the attack; and any significant challenges or lessons-learned that they have identified from the response. They will also share their perspective on whether federal support contributed to the city’s preparedness and the effectiveness of federal support during and after the attack.

For more information or to watch a live stream of the hearing, please click HERE(Note: Please refresh the hearing webpage at the scheduled start time. Streaming will start once the hearing begins.)


The U.S. Senate Committee on Homeland Security and Governmental Affairs will hold the hearing, “Lessons Learned from the Boston Marathon Bombings: Preparing for and Responding to the Attack.”


The Honorable Richard Serino

Deputy Administrator

Federal Emergency Management Agency

U.S. Department of Homeland Security


Kurt N. Schwartz

Undersecretary for Homeland Security and Emergency Management

Executive Office of Public Safety and Security

The Commonwealth of Massachusetts


Edward F. Davis III


Boston Police Department

City of Boston


Arthur L. Kellermann, M.D.

Paul O’Neill Alcoa Chair in Policy Analysis

RAND Corporation



Wednesday, July 10, 2013

10:00 a.m.



342 Dirksen Senate Office Building

Washington, D.C.

July 5, 2013

Friday Free Forum

Filed under: General Homeland Security — by Philip J. Palin on July 5, 2013

On July 5, 1987 the Liberation Tigers of Tamil Eelam (LTTE) launched a suicide attack on the Sri Lankan army.  This is seen by many as the beginning of modern suicide terrorism. According to LTTE, 378 suicide attacks were carried out by their specialized “Black Tigers” unit between 1987 and November 2008.

What’s on your mind related to homeland security?

July 4, 2013

Securing this homeland

Filed under: General Homeland Security — by Philip J. Palin on July 4, 2013

After two decades trying to be heard by London, the Continental Congress declared the independence of these United States on July 2, 1776.  On July 4 they adopted a document explaining their decision.

The document includes,

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.

While self-evident to some, such truths are seldom self-asserting.

On July 4, 1863 the Army of Northern Virginia began its retreat from Gettysburg.  The grand-children and great-grandchildren of those who adopted the Declaration gave their lives deciding what equality, liberty, and happiness might mean in practice.

Meaning remains contentious.

All men?  Men as in humankind or otherwise?  All? Is that what you really mean?

Created?  When?  At conception, birth, majority?  Where? NYC or OKC?  Yucatan or Utah?  Shenzhen or Seattle?

Equal?  Before the law?  In opportunity? In political responsibilities? In basic conditions?

Endowed by their Creator?  As a matter of natural law, biological inheritance, ethical precondition?  If there is no Creator does the endowment lapse?

Life? Including clean water and food?  Health care?  Death with dignity? Sexual identity? Eccentric expression? Angry and threatening?

Liberty? Prejudice? Religious belief? Gun ownership? Yelling fire in a crowded theater (metaphorically or not)?  Building in the flood zone, on the beach, in the Colorado pine forest? Is the essential liberty the right to be left alone?  A zone of privacy?

Pursuit of happiness?  Property?  Choice?  Hedonism? Epicureanism? Religious fanaticism? Is this 18th Century slang for eudaimonia?  Hot pursuit?  Along for the ride?  Brought along?  Unrestrained?

The homeland I seek to secure is a place where these questions are vigorously asked and different answers can flourish in freedom.

It is meaningful (at least to me) that we do not celebrate the day freedom was declared, but instead the articulation of our case for freedom.  Motivation matters.  Purpose matters.  A decent respect for the opinion of others matters.  Among a free people why is at least as important as what.  In the American context, freedom presumes reason and depends on listening: carefully listening to one another.

July 4, 1776 is our model.  July 4, 1863 demonstrates the consequences of departing from the model.  Where are we today?

July 2, 2013

Where The Heck’s My Dec?

Filed under: Congress and HLS,Disaster,Legal Issues — by Christopher Bellavita on July 2, 2013

The post for Tuesday, July 2, 2013 was removed at the author’s request.

« Previous Page