Homeland Security Watch

News and analysis of critical issues in homeland security

August 12, 2013

President’s statement on surveillance policy

Filed under: Intelligence and Info-Sharing — by Philip J. Palin on August 12, 2013

Following is all but one non-substantive paragraph of a statement the President made at the White House on Friday.  He answered some related questions.  I will probably offer some thoughts of my own in this Thursday’s post.

–+–

As I said at the National Defense University back in May, in meeting those threats we have to strike the right balance between protecting our security and preserving our freedoms. And as part of this rebalancing, I called for a review of our surveillance programs. Unfortunately, rather than an orderly and lawful process to debate these issues and come up with appropriate reforms, repeated leaks of classified information have initiated the debate in a very passionate, but not always fully informed way.

Now, keep in mind that as a senator, I expressed a healthy skepticism about these programs, and as President, I’ve taken steps to make sure they have strong oversight by all three branches of government and clear safeguards to prevent abuse and protect the rights of the American people. But given the history of abuse by governments, it’s right to ask questions about surveillance — particularly as technology is reshaping every aspect of our lives.

I’m also mindful of how these issues are viewed overseas, because American leadership around the world depends upon the example of American democracy and American openness — because what makes us different from other countries is not simply our ability to secure our nation, it’s the way we do it — with open debate and democratic process.

In other words, it’s not enough for me, as President, to have confidence in these programs. The American people need to have confidence in them as well. And that’s why, over the last few weeks, I’ve consulted members of Congress who come at this issue from many different perspectives. I’ve asked the Privacy and Civil Liberties Oversight Board to review where our counterterrorism efforts and our values come into tension, and I directed my national security team to be more transparent and to pursue reforms of our laws and practices.

And so, today, I’d like to discuss four specific steps — not all inclusive, but some specific steps that we’re going to be taking very shortly to move the debate forward.

First, I will work with Congress to pursue appropriate reforms to Section 215 of the Patriot Act — the program that collects telephone records. As I’ve said, this program is an important tool in our effort to disrupt terrorist plots. And it does not allow the government to listen to any phone calls without a warrant. But given the scale of this program, I understand the concerns of those who would worry that it could be subject to abuse. So after having a dialogue with members of Congress and civil libertarians, I believe that there are steps we can take to give the American people additional confidence that there are additional safeguards against abuse.

For instance, we can take steps to put in place greater oversight, greater transparency, and constraints on the use of this authority. So I look forward to working with Congress to meet those objectives.

Second, I’ll work with Congress to improve the public’s confidence in the oversight conducted by the Foreign Intelligence Surveillance Court, known as the FISC. The FISC was created by Congress to provide judicial review of certain intelligence activities so that a federal judge must find that our actions are consistent with the Constitution. However, to build greater confidence, I think we should consider some additional changes to the FISC.

One of the concerns that people raise is that a judge reviewing a request from the government to conduct programmatic surveillance only hears one side of the story — may tilt it too far in favor of security, may not pay enough attention to liberty. And while I’ve got confidence in the court and I think they’ve done a fine job, I think we can provide greater assurances that the court is looking at these issues from both perspectives — security and privacy.

So, specifically, we can take steps to make sure civil liberties concerns have an independent voice in appropriate cases by ensuring that the government’s position is challenged by an adversary.

Number three, we can, and must, be more transparent. So I’ve directed the intelligence community to make public as much information about these programs as possible. We’ve already declassified unprecedented information about the NSA, but we can go further. So at my direction, the Department of Justice will make public the legal rationale for the government’s collection activities under Section 215 of the Patriot Act. The NSA is taking steps to put in place a full-time civil liberties and privacy officer, and released information that details its mission, authorities, and oversight. And finally, the intelligence community is creating a website that will serve as a hub for further transparency, and this will give Americans and the world the ability to learn more about what our intelligence community does and what it doesn’t do, how it carries out its mission, and why it does so.

Fourth, we’re forming a high-level group of outside experts to review our entire intelligence and communications technologies. We need new thinking for a new era. We now have to unravel terrorist plots by finding a needle in the haystack of global telecommunications. And meanwhile, technology has given governments — including our own — unprecedented capability to monitor communications.

So I am tasking this independent group to step back and review our capabilities — particularly our surveillance technologies. And they’ll consider how we can maintain the trust of the people, how we can make sure that there absolutely is no abuse in terms of how these surveillance technologies are used, ask how surveillance impacts our foreign policy — particularly in an age when more and more information is becoming public. And they will provide an interim report in 60 days and a final report by the end of this year, so that we can move forward with a better understanding of how these programs impact our security, our privacy, and our foreign policy.

So all these steps are designed to ensure that the American people can trust that our efforts are in line with our interests and our values. And to others around the world, I want to make clear once again that America is not interested in spying on ordinary people. Our intelligence is focused, above all, on finding the information that’s necessary to protect our people, and — in many cases — protect our allies.

It’s true we have significant capabilities. What’s also true is we show a restraint that many governments around the world don’t even think to do, refuse to show — and that includes, by the way, some of America’s most vocal critics. We shouldn’t forget the difference between the ability of our government to collect information online under strict guidelines and for narrow purposes, and the willingness of some other governments to throw their own citizens in prison for what they say online.

And let me close with one additional thought. The men and women of our intelligence community work every single day to keep us safe because they love this country and believe in our values. They’re patriots. And I believe that those who have lawfully raised their voices on behalf of privacy and civil liberties are also patriots who love our country and want it to live up to our highest ideals. So this is how we’re going to resolve our differences in the United States — through vigorous public debate, guided by our Constitution, with reverence for our history as a nation of laws, and with respect for the facts.

August 8, 2013

An abundance of caution

Filed under: Intelligence and Info-Sharing,Risk Assessment,Strategy,Terrorist Threats & Attacks — by Philip J. Palin on August 8, 2013

Diplomatic Posts ClosedOn Monday the State Department’s deputy spokesperson, Marie Harf, explained several U.S. diplomatic posts would remain closed for up to a week out of an “abundance of caution” prompted by a potential terrorist attack.

As the Tsarnaev brothers fled, flinging explosives from their stolen car, residents of Boston and many close-in suburbs were told to stay inside behind locked doors.  The unprecedented, rather amazing, shut-down of a huge urban area was justified by an abundance of caution emerging from a proven murderous capacity and a continued proximate capability demonstrated just hours before.

As Hurricane Sandy churned north, Mayor Bloomberg announced mandatory evacuations and scheduled suspension of the transit system as warranted by an abundance of caution. Soon enough — and well before landfall — he was warning of a clear and present danger.

Congressional leaders who have been briefed on the intelligence “stream” are unified in endorsing the abundance of caution undertaken in recent days.  It is reassuring that our feuding representatives can find anything on which to agree.  Especially when such vociferous political adversaries make common-cause, I am inclined to defer to their assessment of the current context.  The evidence has, apparently, pointed to a fast-approaching threat.

But I will raise an issue of strategy or perhaps policy beyond the current circumstance: With Hurricane Sandy the threat velocity was known and New York was absolutely in the target zone.  In the case of Boston, Watertown, and near-by, bombing, murder and mayhem were undeniably clear and present.

What seems to be the situation with Al-Qaeda in the Arabian Peninsula (AQAP) and AQ-Core is a communications intercept involving a vague instruction to do something big.  I will admit this strikes me — so early in the post-Snowden period — as a suspicious choice by Messrs. Zawahiri and Wuhayshi. (Or… in our Kafkaesque counterterrorism context is the intercept report a false-flag to distract AQ et al from the actual tradecraft involved?) When or where or precisely who might carry out the attack is not known.  So… we evacuate or shelter-in-place across roughly the same expansive space as the Umayyad Caliphate.

But… taking the reported intercept on face value, AQAP has a significant capacity in Yemen.  Given demonstrated AQAP capabilities, the shuttering of our Sana’a facility and evacuation of most personnel is probably a prudent measure.  (The government of Yemen disagrees and claims to have foiled a local plot.)

We have seen that other AQ franchises across North Africa, Iraq, Syria and elsewhere also have existing capacity.  I don’t have the resources to assess threat capabilities in each nation where our official outpost has closed its doors.  No doubt if the decision-criterion is an “abundance of caution” a sufficient argument can be made for each.

–+–

Last week I was given a boilerplate contract to sign.  It included a clause that could have been used by the other party to claim 125 percent of any revenue I generated from a set of long-time clients.  This was not the original intent of the clause, but was a possible application.  Such action by the other party is very unlikely, but out of an abundance of caution I arranged for an amendment to the agreement.

This is an example of the origins of the phrase.  In Latin it is “ex abundanti cautela”.  In Roman law the tendency to explicitly engage and counter very unlikely possibilities is prompted by an an abundance of caution.  Such action is certainly prudent. It is also — at least in the context of ancient Roman law — tedious, pedantic, and often so ridiculous as to become absurd.

Today the phrase is usually unveiled with a kind of magisterial flourish that suggests no reasonable person could possibly contest the good sense of behaving with an abundance of caution.

Is over-abundance possible?

New York could — out of an abundance of caution — announce voluntary evacuations every time one of those individual tracks in the hurricane cone-of-probability crosses between Atlantic City and the Hamptons.

The Boston area shelter-in-place order was lifted about 6:15 PM.  After nearly eleven hours behind locked doors, caution seemed a bit over-ripe. The surviving suspect was located in the boat about a half-hour later.  What would have been our assessment of the Boston shut-down if the second suspect had not been located that evening?

 –+–

Most of our risks are no-notice. But with hurricanes — and to a lesser extent tornadoes and blizzards — there is an emerging ability to take action to avert harm.  The reason we spend billions on  the intelligence community and offer the first fruits of liberty on the altar of security is to give us similar warning for evil intention.

What we have learned from weather-related warning is that preventive action not followed by a confirming event increases the tendency of the population to take unnecessary risks next time.  Over-zealous — or unlucky — efforts to prevent harm can perversely cause greater harm.

While we are certainly dealing with probabilities, this is not — yet — a matter of contending mathematical models.  We are left with concepts… judgments… words.  Always fallible, but fully worth our careful thought.

An abundance of caution is an ancient legal principle supportive of taking preventive action. So is the common law’s “bad tendency” which was succeeded by “clear and present danger” which has evolved into justifying preventive action by the State only where the threat of violence is both imminent and likely.

Is the threat proximate in time and space and probable?  We will still disagree, but these are the right questions to ask.  These are the right questions to answer in justifying dramatic preventive or preemptive action.

July 26, 2013

Congressional prospects for NSA operations

Filed under: Congress and HLS,Intelligence and Info-Sharing,Terrorist Threats & Attacks — by Philip J. Palin on July 26, 2013

As I explained in an early June post, I have mostly been reassured by the controversy over NSA domestic intelligence gathering.  So far the evidence I have seen indicates operations have been undertaken consistent with the law, with judicial authorization, and with Congressional oversight.

The close vote on Wednesday night to continue funding NSA operations is another example of the system working as it ought.  It is helpful and appropriate that policy of this sort be actively and critically examined by the people’s representatives.  Our security mavens have been forcefully reminded of their obligation to consult with Congress on policy and strategy.  (And I even hope against hope that those in Congress may have learned to listen more carefully.  I know I’m a glutton for disappointment.)

If some are tempted to “learn” from this experience that they need to be even more secretive, they are idiots.  If they instead recognize the benefit of proactive and principled engagement at the policy level, we will all be better off: both in terms of our tactical security and the preservation of liberty.

I am glad the funding was continued.  I am glad the vote was close.  I am glad that other efforts are underway to ensure legal constraints on domestic intelligence operations.  Yesterday reporting by ProPublica identified six proposals still under consideration by Congress:

1) Raise the standard for what records are considered “relevant”

2) Require NSA analysts to obtain court approval before searching metadata

3) Declassify Foreign Intelligence Surveillance Court opinions

4) Change the way Foreign Intelligence Surveillance Court judges are appointed

5) Appoint a public advocate to argue before the Foreign Intelligence Surveillance Court

6) End phone metadata collection on constitutional grounds

Read more on each proposal by Kara Brandeisky at ProPublica

July 9, 2013

How to spy on yourself without really trying.

Filed under: Intelligence and Info-Sharing — by Christopher Bellavita on July 9, 2013

A friend sent me an email this morning with this subject line: “This is Amazing.”

The message said:

Check this metadata app (you can only use it of you use a gmail account): immersion.media.mit.edu 

I wasn’t the only one to learn about this new creation from the MIT Media Lab.  A lot of people wanted to try it out. So it took a long time to get through. But eventually I did.

I gave the Media Lab permission to see the metadata from my gmail account. Yes, you have to surrender your privacy to see what surrendering your privacy could be like. But what the hell. It’s only metadata. Metadata’s innocuous.

If you’d like to try Immersion, but either don’t use gmail or don’t want to share your account with MIT, here’s a link to an Immersion demonstration:  https://immersion.media.mit.edu/demo

And here is a link to a seven minute video explaining Immersion: https://vimeo.com/69464265

Here’s what the Media Lab’s Immersion Project showed me about my gmail metadata, covering 2004 through July 2013 (names removed):

Cb network image one

Interesting, but what could it mean?

I found James Vincent’s description of the Immersion Project in The Independent:

Plugging your Gmail address into MIT’s Immersion allows the system to scrape your email account for its metadata, and produces a complex bubble map showing who you talk to, how much you talk to them, and what your relationships with your contacts are.

Vincent’s article led me to a blog post by Ethan Zuckerman, describing how he used the tool.

Among his observations:

The Obama administration and supporters have responded to criticism of these programs [identified by Snowden] by assuring Americans that the information collected is “metadata”, information on who is talking to whom, not the substance of conversations. As Senator Dianne Feinstein put it, “This is just metadata. There is no content involved.” By analyzing the metadata, officials claim, they can identify potential suspects then seek judicial permission to access the content directly. Nothing to worry about. You’re not being spied on by your government – they’re just monitoring the metadata.

Sociologist Kieran Healy shows another set of applications of these techniques, using a much smaller, historical data set. He looks at a small number of 18th century colonists and the societies in Boston they were members of to identify Paul Revere as a key bridge tie between different organizations. In Healy’s brilliant piece, he writes in the voice of a junior analyst reporting his findings to superiors in the British government, and suggests that his superiors consider investigating Revere as a traitor. He closes with this winning line: “…if a mere scribe such as I — one who knows nearly nothing — can use the very simplest of these methods to pick the name of a traitor like Paul Revere from those of two hundred and fifty four other men, using nothing but a list of memberships and a portable calculating engine, then just think what weapons we might wield in the defense of liberty one or two centuries from now.”

Zuckerman published the Immersion Project’s image of his gmail account, along with an analysis.
Other network example

The largest node in the graph, the person I exchange the most email with, is my wife, Rachel. I find this reassuring, but [two people involved with Immersion] have told me that people’s romantic partners are rarely their largest node. Because I travel a lot, Rachel and I have a heavily email-dependent relationship, but many people’s romantic relationships are conducted mostly face to face and don’t show up clearly in metadata. But the prominence of Rachel in the graph is, for me, a reminder that one of the reasons we might be concerned about metadata is that it shows strong relationships, whether those relationships are widely known or are secret.

The Immersion image of my emails allowed me to identify people who are key in my network. Here’s an image of one of them, again I have removed the names:

One person image

I am also able to see, based on the thickness of the connecting lines, who in my network has the strongest ties to this central person. And that’s just scratching the metadata surface.

Back to Zuckerman’s blog. After describing some additional implications of his Immersion-generated social network image, he writes:

My point here isn’t to elucidate all the peculiarities of my social network (indeed, analyzing these diagrams is a bit like analyzing your dreams – fascinating to you, but off-putting to everyone else). It’s to make the case that this metadata paints a very revealing portrait of oneself. And while there’s currently a waiting list to use Immersion, this is data that’s accessible to NSA analysts and to the marketing teams at Google. [my emphasis] That makes me uncomfortable, and it makes me want to have a public conversation about what’s okay and what’s not okay to track.

Jonathan O’Donnell commented on Zuckerman’s post with a brief literature review about the consequences of data tracking (see the original posting for links to the cited research):

For me, the classic paper in this area is Paul Ohm’s analysis of why anonymization doesn’t work. He shows that small amounts of metadata, and a modicum of known facts, will reveal big amounts of private information (Ohm, 2010).

For example:
In 1997, two students at Massachusetts Institute of Technology (MIT) analyzed the Facebook profiles of 6,000 past and present MIT students. They demonstrated that they were able to predict, with a very high degree of certainty, whether someone was gay or not, based on their friendship group (Jernigan & Mistree, 2009).

In 2009, Acquisti and Gross demonstrated that they could ‘guess’ a large number of American social security numbers using just the birth date and place of a person (Acquisti and Gross, 2009).

In 2009, Zheleva and Getoor demonstrated that friendship and group affiliation on social networks could be used to recover the information of private-profile users. They found that they could predict (with reasonable degrees of success) country of residence (Flickr), gender (Facebook), breed of dog (Dogster) and whether someone was a spammer (BibSonomy), even when 50% of the sample group were private-profile users (Zheleva and Getoor, 2009).

In 2011, Calandrino and others demonstrated that you could use the “You might also like” feature on Hunch, Last.fm, LibraryThing, and Amazon to predict individual purchasing, listening and reading habits of users of these systems. As long as you knew a small number of items that were true about a person, you could use the system to investigate their private behaviour on these sites (Calandrino et al, 2011).

…I’m pretty sure that these techniques can be chained, so that if you are a prolific user of social networks, people can tell your gender, sexual orientation, country of residence, breed of dog, purchasing, listening, reading and spamming activities, your social security number and your name, even if you were anonymous.

But so what, if you’ve done nothing wrong? Why be concerned?

Some of my colleagues ask me that.

I know of at least one major police department that is concerned the ease of social network tracking is making life more dangerous for its undercover officers. The officers practice safe social networking. But they have little control over the social network practices of other people in their professional and social networks — let alone control over the people in the friends of their friends networks.  It gets megacomplex really quickly.


A few months ago, Bruce Schneier wrote that it’s too late to talk about control.  The Internet won, he says.  Privacy lost.

The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we’re being tracked all the time. … [It] is ubiquitous surveillance: All of us being watched, all the time, and that data being stored forever. This is what a surveillance state looks like, and it’s efficient beyond the wildest dreams of George Orwell.

Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters.

There are simply too many ways to be tracked. The Internet, e-mail, cell phones, web browsers, social networking sites, search engines: these have become necessities, and it’s fanciful to expect people to simply refuse to use them just because they don’t like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don’t spy.

So, we’re done. Welcome to a world where Google knows exactly what sort of porn you all like, and more about your interests than your spouse does. Welcome to a world where your cell phone company knows exactly where you are all the time. Welcome to the end of private conversations, because increasingly your conversations are conducted by e-mail, text, or social networking sites.

And welcome to a world where all of this, and everything else that you do or is done on a computer, is saved, correlated, studied, passed around from company to company without your knowledge or consent; and where the government accesses it at will without a warrant.

Welcome to an Internet without privacy, and we’ve ended up here with hardly a fight.

Oh well, there’s always Pong.  Pong’s innocuous.

April 11, 2013

Redundant from L. redundantem (nom. redundans), prp. of redundare “come back, contribute,” lit. “overflow,” from re- “again” + undare “rise in waves,” from unda “a wave”

Filed under: Budgets and Spending,Intelligence and Info-Sharing,Technology for HLS — by Philip J. Palin on April 11, 2013

You may have seen the headlines:  Redundant Federal Programs Waste Billions (USA Today).

Or heard something similar:  Latest GAO report reveals 162 areas of redundancy across government (Federal News Radio).

Most of the broadcast news mentioned something about catfish inspectors and each military branch developing its own camouflage  uniform. Conservative or liberal — from inside or outside government — it is the kind of “news” that fails to create any new brain synapses and, probably, calcifies our current neural networks.

This lack of real thinking reflects the way information is headlined and how we typically receive the information, not what GAO is actually reporting.

The Government Accountability Office study released on Tuesday references several Department of Homeland Security practices.  In addition to a list from prior years, two more are highlighted in this most recent report:

Department of Homeland Security Research and Development: Better policies and guidance for defining, overseeing, and coordinating research and development investments and activities would help DHS address fragmentation, overlap, and potential unnecessary duplication.

Field-Based Information Sharing: To help reduce inefficiencies resulting from overlap in analytical and investigative support activities, the Departments of Justice and Homeland Security and the Office of National Drug Control Policy could improve coordination among five types of field-based information sharing entities that may collect, process, analyze, or disseminate information in support of law enforcement and counterterrorism-related efforts—Joint Terrorism Task Forces, Field Intelligence Groups, Regional Information Sharing Systems centers, state and major urban area fusion centers, and High Intensity Drug Trafficking Areas Investigative Support Centers.

I am sure any post-hoc study of  research-and-development or intelligence-gathering (even more-so intelligence creating) activities will always find a wide range of decisions and actions  hard to defend.   Any careful audit should find hundreds or thousands of hours obviously lost on following bad leads, interminable meetings, unnecessary travel, dysfunctional turf protection, and much, much more (or actually less and less).  A thorough analysis could authoritatively map how one failure led to another and another.

R&D and the intelligence process share a concern with anticipating, even creating the future.  Once we arrive at the future we can usually look back and bemoan (or self-justify) the dead-ends and circuitous paths chosen.   We may even be able to recognize how alternate — preferable? — futures were very close-at-hand, but have now receded in our wake.

Malcolm Gladwell argues that ten years and 10,000 hours are — along with other crucial inputs — prerequisites to “outlier” success.  What  would an audit at five years and 5000 hours find? What does a half-made success look like? Thomas Edison famously said, “I failed my way to success.”

In the commercial world “redundancy” is often called competition.  In biology redundancy is very closely related to diversity.  In engineering and other design applications redundancy is sometimes valued rather than maligned.

This is not to discourage DHS from looking hard at its research-and-development policies.  The improved coordination of field-based information-sharing sounds like a win-win.  But fragmentation, overlap, and duplication are not always net negatives.  Elinor Ostrom and her colleagues found that polycentric governance — featuring considerable fragmentation, overlap, and duplication — is often more effective at achieving policy goals than more centralized and “efficient” structures.

[Redundancy = Bad] is a dangerous heuristic.  Stop using it.

January 3, 2013

Due process: Collect, keep, and kill

No free man shall be seized or imprisoned, or stripped of his rights or possessions, or outlawed or exiled, or deprived of his standing in any other way, nor will we proceed with force against him, or send others to do so, except by the lawful judgment of his equals or by the law of the land. (Clause 39, Magna Carta)

No person shall… be deprived of life, liberty, or property, without due process of law… (Fifth Amendment to the Constitution of the United States)

–+–

Recent months have seen one-time expediencies dressed-up as new principles to frame the relationship between citizen and State.  Three examples:

On the Friday after Christmas the Senate reauthorized broad executive authority for  electronic surveillance and collection. The vote was 73-to-23 and extended for five years the Foreign Intelligence Surveillance Act. The House adopted the legislation earlier in the year.  On Sunday the President the signed the extension into law. Proposed amendments, including those offered by Senator Wyden,  that would have enhanced Congressional oversight of FISA were defeated.  FISA was originally intended to provide due process for the gathering of intelligence on non-citizens and so protect the privacy of citizens.  There has been increasing concern regarding how FISA methods now unintentionally — but perhaps quite widely — sweep up citizen communications as well.

According to a December 13, 2012 Wall Street Journal report, there may be good cause for concern.   In an exclusive investigative report, Julia Angwin found that new Department of Justice guidelines, “now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure from past practice, which barred the agency from storing information about ordinary Americans unless a person was a terror suspect or related to an investigation. Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited.”

Meanwhile the White House is, according to several sources including Presidential adviser John Brennan, developing a legal and procedural framework for the deadly use of drones. Addressing the use of drones during an October 18 appearance on “The Daily Show,” President Obama said,  “One of the things we’ve got to do is put a legal architecture in place, and we need Congressional help in order to do that, to make sure that not only am I reined in but any president’s reined in terms of some of the decisions that we’re making.”  According to a May report in the New York Times, “Mr. Obama has placed himself at the helm of a top secret “nominations” process to designate terrorists for kill or capture, of which the capture part has become largely theoretical. He had vowed to align the fight against Al Qaeda with American values; the chart, introducing people whose deaths he might soon be asked to order, underscored just what a moral and legal conundrum this could be.”   Among the President’s decisions, presumably, was the targeted killing of Anwar al-Awlaki, a US citizen who was killed by drone-delivered Hellfire missiles on September 30, 2011 and his sixteen year-old son, also born in the US, who was killed in another drone attack two weeks later.  Both citizens were killed in Yemen.

The predominant motivation in each instance above — and others — is the protection of the American people and nation.  There is no imminent threat of Orwellian intention or intervention.

In each of these examples legislators and the executive are attempting to develop due process that is appropriate to their understanding of the present challenge.   (The judicial branch is poised to soon rejoin consideration of the issue.)

Nonetheless while it is, I suspect, the specific intention of no one, the space where individual liberty adjoins civil authority is being incrementally reshaped.  In the Anglo-American tradition there has long been in both theory and practice the presumptive primacy of individual initiative, what Blackstone termed “the absolute rights of man.”  The balance is shifting toward a presumed ability by the government to maintain order.

Perhaps this is the inevitable outcome of more and more diverse individuals living in dense proximity to each other.  Perhaps it is a prudent response to demonstrated risk.  Perhaps it reflects an emerging social consensus that liberty is less valued than previously.  Or we might be in the process of  redefining liberty.  These shifts might even be the accidental consequence of what Nassim Taleb has termed “naive interventionism”.  The preference, even obligation, to “do something” over doing nothing, even when the doing is non-productive or counter-productive.

Whatever the cause, the pattern can be perceived and seems to be persisting.

December 13, 2012

WSJ: National Counterterrorism Center given access to full-spectrum of Federal databases

Filed under: Intelligence and Info-Sharing,Privacy and Security — by Philip J. Palin on December 13, 2012

If you’re a Wall Street Journal subscriber, you  read the story late Wednesday night or earlier today.   If not it’s behind the Journal’s pay-wall.   I carried today’s (paper) Wall Street Journal to my morning meetings and didn’t see it until lunchtime.

But here’s how Wired magazine is summarizing the WSJ’s investigative journalism:

In a secret government agreement granted without approval or debate from lawmakers, the U.S. attorney general recently gave the National Counterterrorism Center sweeping new powers to store dossiers on U.S. citizens, even if they are not suspected of a crime, according to a news report.

Earlier this year, Attorney General Eric Holder granted the center the ability to copy entire government databases holding information on flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and other data, and to store it for up to five years, even without suspicion that someone in the database has committed a crime, according to the Wall Street Journal, which broke the story.

Whereas previously the law prohibited the center from storing data compilations on U.S. citizens unless they were suspected of terrorist activity or were relevant to an ongoing terrorism investigation, the new powers give the center the ability to not only collect and store vast databases of information but also to trawl through and analyze it for suspicious patterns of behavior in order to uncover activity that could launch an investigation.

The changes granted by Holder would also allow databases containing information about U.S. citizens to be shared with foreign governments for their own analysis.

A former senior White House official told the Journal that the new changes were “breathtaking in scope.”

MORE FROM WIRED

November 4, 2012

The new normal: watching gas, coffee and intense storms

Filed under: Intelligence and Info-Sharing — by Christopher Bellavita on November 4, 2012

Watchline is a weekly information sharing newsletter produced by the Fire Department of New York (FDNY). It primarily covers homeland security topics related to emergency response. The Watchline reaches more than 100 agencies from all levels of government and more than 1000 direct subscribers outside the FDNY. Here’s a copy of  Watchline’s “Hurrican Sandy Special Edition.” (You can see an easier to read version here.)

 

 

October 3, 2012

Committee duel over fusion center report

Filed under: Intelligence and Info-Sharing,Privacy and Security — by Philip J. Palin on October 3, 2012

As noted in several media, the Permanent Subcommittee on Investigations of the Senate Committee on Homeland Security and Governmental Affairs has released a report highly critical of state fusion centers.  (Access has been a bit difficult on Wednesday.) Here are a few paragraphs from the Subcommittee’s news release:

A two-year bipartisan investigation by the U. S. Senate Permanent Subcommittee on Investigations has found that Department of Homeland Security efforts to engage state and local intelligence “fusion centers” has not yielded significant useful information to support federal counterterrorism intelligence efforts.

“It’s troubling that the very ‘fusion’ centers that were designed to share information in a post-9/11 world have become part of the problem. Instead of strengthening our counterterrorism efforts, they have too often wasted money and stepped on Americans’ civil liberties,” said Senator Tom Coburn, the Subcommittee’s ranking member who initiated the investigation.

The investigation determined that senior DHS officials were aware of the problems hampering effective counterterrorism work with the fusion centers, but did not always inform Congress of the issues, nor ensure the problems were fixed in a timely manner. MORE

Chairman of the full-committee Joe Lieberman has taken exception to the subcommittee report.  From a Wednesday statement:

“I strongly disagree with the report’s core assertion that ‘fusion centers have been unable to meaningfully contribute to federal counterterrorism efforts,’” Lieberman said. “This statement is not supported by the examples presented in the report and is contrary to the public record, which shows fusion centers have played a significant role in many recent terrorism cases and have helped generate hundreds of tips and leads that have led to current FBI investigations.

“The report does include valuable findings in some areas. It cites examples of inappropriate use of homeland security grant funds and accurately notes that FEMA has struggled to account for how homeland security grant funds are allocated and used, a longstanding concern of mine.

“But the report also contradicts public statements by the Director of National Intelligence and the Director of the FBI, who have acknowledged the value fusion centers provide to the intelligence community. MORE

This is a case when I expect the same data could support two very different understandings of reality.

August 10, 2012

Brennan defines “bad guys” (NYPD looks for bad guys)

Wednesday, John Brennan, the Assistant to the President for Homeland Security and Counterterrorism, spoke to the  Council on Foreign Relations.  His remarks focus on US operations in Yemen including the use of drones.  This is the latest in a series of extended statements by Mr. Brennan designed to explain and defend US policy regarding the lethal use of drone technology beyond Afghanistan.

Ritika Singh at LAWFARE has posted the first transcript I could find.

There is a Question and Answer session with Mr. Brennan that is considerably longer than his prepared remarks.  During this element of the program he engaged a range of issues, including Syria and cybersecurity… and bad guys.

While looking for the transcript, I stumbled across a very helpful consideration of the NYPD’s new “Domain Awareness System” at the Council on Foreign Relations website.  (If CFR can headline attention to NYPD technology projects,  I think HLSWatch can clearly address Yemen.)  Please see the CFR briefing by Matthew Waxman.

March 23, 2012

New NCTC guidelines for non-terrorism information

Thursday the Attorney-General signed out a 32 page document entitled: GUIDELINES FOR ACCESS, RETENTION, USE, AND DISSEMINATION BY THE NATIONAL COUNTERTERRORISM CENTER AND OTHER AGENCIES OF INFORMATION IN DATASETS CONTAINING NON-TERRORISM INFORMATION.

You can access the unclassified (thank goodness) document at the link embedded in the title.

The details deserve much more attention than I will have time to give until the weekend.  But previous limitations (see here and here) have clearly been softened.  The following paragraph from page 4 seemed to leap from the page:

These Guidelines permit NCTC to access and acquire United States person information for the purpose of determining whether the information is reasonably believed to constitute terrorism information and thus may be permanently retained, used, and disseminated. Any United States person information acquired must be reviewed for such purpose in accordance with the procedures below. Information is ’1″easonably believed to constitute terrorism information” if, based on the knowledge and experience ofcounterterrorism analysts as well as the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable, articulable suspicion that the information is terrorism information.”

For your reading pleasure.

March 2, 2012

366 Homeland Security Words

Filed under: Intelligence and Info-Sharing — by Christopher Bellavita on March 2, 2012

The Electronic Privacy Information Center posted a copy of a document titled “Department of Homeland Security, National Operations Center, Media Monitoring Capablity, Desktop Reference  Binder” (or MMCDRB for short).

The headline of the EPIC story: EPIC Obtains New Documents on DHS Media Monitoring, Urges Congress to Suspend Program

The reaction to the “desktop reference binder”  included such monochromatic headlines as:

Words to get your website on a government watch list – Social media monitoring!

Homeland Security has its eye on your Metro tweets, D.C. riders

The Department of Homeland Security Is Spying On Your Social Media Updates

Why is the government monitoring social media networks?

The DHS surveillance of OccupyWallStreet (Ok, different, but related.)

DHS Monitoring Of Social Media Under Scrutiny By Lawmakers

The Department Of Homeland Security Is Searching Your Facebook And Twitter For These Words

There is a lot that can be written about this manual and the complex issues illustrated by almost every section of the 40 page document.  But that’s not what I want to write about. I want to write briefly about the search terms in the manual.

———————

One can always get a good 50 minute discussion going in a graduate seminar by asking “What is Homeland Security?”

The question can be addressed through a variety of inquiring systems (meaning ways of gathering and processing information about a question):

- Deductively –  by starting from general principles

- Dialectically — focusing on the conflicts  in homeland security

- Abductively — basically hunches and guesses

- Idealistically – Including ideas from as many perspectives as possible

- Pragmatically — an open systems, do-whatever-works approach

- or Detour and Access — beating around the bush, gaining access to homeland security by detouring around messy issues

No doubt there are other inquiring systems.  Let me mention one more.

One unintended, albeit minor, consequence of the MMCDRB is to assist with an inductive answer to the what is homeland security question.

———————

Induction is about generating abstractions by aggregating specific instances.  If deductive inquiry starts with principles and moves to data. Inductive inquiry starts with data and moves to principles, or at least propositions.

Without getting into the many (serious) problems of inductive inquiry, one can take the current list of “key words and search terms” in the MMCDRB, mix up the pieces — in this case alphabetically — and get a snapshot of how broad homeland security has become in the last decade.

Try it for yourself. There’s a story, a controversy, a fear, a mission or a budget in every word.

Key Words and Search Terms

1.         2600
2.         Abu Sayyaf
3.         Afghanistan
4.         Agent
5.         Agriculture
6.         Agro
7.         Agro Terror
8.         Aid
9.         Air Marshal
10.       Airplane (and derivatives)
11.       Airport
12.       Al Queda (all spellings)
13.       Al-Shabaab
14.       Alcohol Tobacco and Firearms (ATF)
15.       Ammonium nitrate
16.       AMTRAK
17.       Anthrax
18.       Antiviral
19.       AQAP (Al Qaeda Arabian Peninsula)
20.       AQIM (Al Qaeda in the Islamic Maghreb)
21.       Arellano-Felix
22.       Artistics Assassins
23.       Assassination
24.       Attack
25.       Authorities
26.       Avalanche
27.       Avian
28.       Bacteria
29.       Barrio Azteca
30.       BART
31.       Basque Separatists
32.       Beltran-Leyva
33.       Biological
34.       Biological infection (or event)
35.       Biological weapon
36.       Black out
37.       Blister agent
38.       Blizzard
39.       Body scanner
40.       Bomb (squad or threat)
41.       Border
42.       Border Patrol
43.       Botnet
44.       Breach
45.       Bridge
46.       Brown out
47.       Brush fire
48.       Brute forcing
49.       Burn
50.       Burst
51.       Bust
52.       Cain and abel
53.       Calderon
54.       Canceled
55.       Car bomb
56.       Cartel
57.       Cartel de Golfo
58.       Center for Disease Control (CDC)
59.       Central Intelligence Agency (CIA)
60.       Chemical
61.       Chemical burn
62.       Chemical fire
63.       Chemical Spill
64.       Chemical weapon
65.       China
66.       CIKR (Critical Infrastructure & Key Resources)
67.       Ciudad Juarez
68.       Closure
69.       Cloud
70.       Coast Guard (USCG)
71.       Cocaine
72.       Collapse
73.       Colombia
74.       Communications infrastructure
75.       Computer infrastructure
76.       Conficker
77.       Consular
78.       Contamination
79.       Conventional weapon
80.       Cops
81.       Crash
82.       Crest
83.       Critical infrastructure
84.       Customs and Border Protection (CBP)
85.       Cyber attack
86.       Cyber Command
87.       Cyber security
88.       Cyber terror
89.       DDOS (dedicated denial of service)
90.       Deaths
91.       Decapitated
92.       Delays
93.       Denial of service
94.       Department of Homeland Security (DHS)
95.       Dirty bomb
96.       Disaster
97.       Disaster assistance
98.       Disaster management
99.       Disaster medical assistance team (DMAT)
100.    DNDO (Domestic Nuclear Detection Office)
101.    Dock
102.    Domestic nuclear detection
103.    Domestic security
104.    Drill
105.    Drug
106.    Drug Administration (FDA)
107.    Drug cartel
108.    Drug Enforcement Agency (DEA)
109.    Drug trade
110.    Drug war
111.    E. Coli
112.    Earthquake
113.    Ebola
114.    Eco terrorism
115.    El Paso
116.    Electric
117.    Emergency
118.    Emergency Broadcast System
119.    Emergency Landing
120.    Emergency management
121.    Emergency response
122.    Enriched
123.    Environmental terrorist
124.    Epidemic
125.    Erosion
126.    ETA (Euskadi ta Askatasuna)
127.    Evacuation
128.    Execution
129.    Exercise
130.    Explosion (explosive)
131.    Exposure
132.    Extreme weather
133.    Extremism
134.    Facility
135.    Failure or outage
136.    FARC (Armed Revolutionary Forces Colombia)
137.    Federal Air Marshal Service (FAMS)
138.    Federal Aviation Administration (FAA)
139.    Federal Bureau of Investigation (FBI)
140.    Federal Emergency Management Agency (FEMA)
141.    First responder
142.    Flood
143.    Flu
144.    Food Poisoning
145.    Foot and Mouth (FMD)
146.    Forest fire
147.    Fort Hancock
148.    Fundamentalism
149.    Fusion Center
150.    Gang
151.    Gangs
152.    Gas
153.    Grid
154.    Gulf Cartel
155.    Gunfight
156.    Guzman
157.    H1N1
158.    H5N1
159.    Hacker
160.    Hail
161.    Hamas
162.    Hazardous
163.    Hazardous material incident
164.    Hazmat
165.    Help
166.    Heroin
167.    Hezbollah
168.    Home grown
169.    Homeland Defense
170.    Homeland security
171.    Hostage
172.    Human to ANIMAL
173.    Human to human
174.    Hurricane
175.    Ice
176.    IED (Improvised Explosive Device)
177.    Illegal immigrants
178.    Immigration Customs Enforcement (ICE)
179.    Improvised explosive device
180.    Incident
181.    Industrial spill
182.    Infection
183.    Influenza
184.    Infrastructure security
185.    Interstate
186.    IRA (Irish Republican Army)
187.    Iran
188.    Iraq
189.    Islamist
190.    Jihad
191.    Juarez
192.    Keylogger
193.    Kidnap
194.    La Familia
195.    Law enforcement
196.    Leak
197.    Lightening
198.    Listeria
199.    Lockdown
200.    Looting
201.    Los Zetas
202.    Magnitude
203.    Malware
204.    Mara salvatrucha
205.    Marijuana
206.    Maritime domain awareness (MDA)
207.    MARTA
208.    Matamoros
209.    Meth Lab
210.    Methamphetamine
211.    Metro
212.    Mexican army
213.    Mexicles
214.    Mexico
215.    Michoacana
216.    Militia
217.    Mitigation
218.    MS13 or MS-13
219.    Mud slide or Mudslide
220.    Mutation
221.    Mysql injection
222.    Narco banners (Spanish equivalents)
223.    Narcos
224.    Narcotics
225.    National Guard
226.    National infrastructure
227.    National laboratory
228.    National Operations Center (NOC)
229.    National preparedness
230.    National preparedness initiative
231.    National security
232.    Nationalist
233.    NBIC (National Biosurveillance Integration Center)
234.    Nerve agent
235.    New Federation
236.    Nigeria
237.    Nogales
238.    North Korea
239.    Norvo Virus
240.    Nuclear
241.    Nuclear facility
242.    Nuclear threat
243.    Nuevo Leon
244.    Organized crime
245.    Outbreak
246.    Pakistan
247.    Pandemic
248.    Phishing
249.    Phreaking
250.    Pipe bomb
251.    Pirates
252.    Plague
253.    PLF (Palestine Liberation Front)
254.    PLO (Palestine Libration Organization)
255.    Plot
256.    Plume
257.    Police
258.    Pork
259.    Port
260.    Port Authority
261.    Powder (white)
262.    Power
263.    Power lines
264.    Power outage
265.    Prevention
266.    Public Health
267.    Quarantine
268.    Radiation
269.    Radicals
270.    Radioactive
271.    Recall
272.    Recovery
273.    Recruitment
274.    Red Cross
275.    Relief
276.    Resistant
277.    Response
278.    Reynose
279.    Reyosa
280.    Ricin
281.    Riot
282.    Rootkit
283.    Salmonella
284.    San Diego
285.    Sarin
286.    Scammers
287.    Screening
288.    Secret Service (USSS)
289.    Secure Border Initiative (SBI)
290.    Security
291.    Service disruption
292.    Shelter-in-place
293.    Shootout
294.    Shots fired
295.    Sick
296.    Sinaloa
297.    Sleet
298.    Small Pox
299.    Smart
300.    Smuggling (smugglers)
301.    Snow
302.    Social media
303.    Somalia
304.    Sonora
305.    Southwest
306.    Spammer
307.    Spillover
308.    Standoff
309.    State of emergency
310.    Storm
311.    Strain
312.    Stranded/Stuck
313.    Subway
314.    Suicide attack
315.    Suicide bomber
316.    Suspicious package/device
317.    Suspicious substance
318.    SWAT
319.    Swine
320.    Symptoms
321.    Taliban
322.    Tamaulipas
323.    Tamiflu
324.    Tamil Tiger
325.    Target
326.    Task Force
327.    Telecommunications
328.    Temblor
329.    Terror
330.    Terrorism
331.    Threat
332.    Tijuana
333.    Tornado
334.    Torreon
335.    Toxic
336.    Trafficking
337.    Transportation security
338.    Transportation Security Administration (TSA)
339.    Tremor
340.    Trojan
341.    Tsunami
342.    Tsunami Warning Center
343.    TTP (Tehrik-i-Taliban Pakistan)
344.    Tuberculosis (TB)
345.    Tucson
346.    Twister
347.    Typhoon
348.    U.S. Citizenship and Immigration Services (CIS)
349.    U.S. Consulate
350.    United Nations (UN)
351.    Vaccine
352.    Violence
353.    Viral Hemorrhagic Fever
354.    Virus
355.    Warning
356.    Watch
357.    Water/air borne
358.    Wave
359.    Weapons cache
360.    Weapons grade
361.    Wildfire
362.    WMATA
363.    World Health Organization (WHO and components)
364.    Worm
365.    Yemen
366.    Yuma

The list is not final.  The manual notes, “As natural and manmade disasters occur, new search terms may be added.”

 

January 23, 2012

The problem with defining “something”

Filed under: General Homeland Security,Intelligence and Info-Sharing — by Arnold Bogis on January 23, 2012

In a post last week, Phil brought to our attention a White House meeting where local law enforcement officials were presented with a framework for identifying “Homegrown Violent Extremists” that included four major mobilizing patterns:

Contact with individuals tied to terrorist organizations

Indicators of ideological commitment

Travel or attempted travel in pursuit of a violent agenda

Seeking weapons or weapons related training

All very sensible, though perhaps seemingly so after the fact. Perhaps at the briefing methodology was shared for determining in advance when these or similar indicators might lead to violence.  Hopefully it was more than what Phil’s brief contained:

According to my sources the law enforcement officials were, “cautioned against adopting a checklist-like mentality incountering the HVE threat. Simplistically interpreting any single indicator as a confirmation of mobilization probably will lead to ineffective and counterproductive efforts to identify and defeat Homegrown Violent Extremists.”

That quote reminded me of the following quote from a not-so-recent blog post at Security Debrief:

Ask yourself, would an artist draw what you see them sketching? Are the photos a person is taking something you would place in your vacation or family photo album? Give yourself the “reasonableness” test. Is it reasonable that the activity is likely tourist or terrorist in nature? Trust your intuition.

The author is Erroll Southers, according to his Security Debrief Blog bio a former FBI Special Agent, President Barack Obama’s first nominee for Assistant Secretary of the Transportation Security Administration, and Assistant Chief of Homeland Security and Intelligence at the Los Angeles World Airports Police Department.

Reasonable advice from a homeland security professional, right?

Perhaps only after the fact.  Not to pick on Mr. Southers, but I’m guessing he rarely if ever visits small art galleries or has participated in “open studios” (these are usually weekends when a number of artists in particular neighborhoods open up their studios–often their homes–to the public to view and perhaps purchase their work) in any of the cities in which he has lived.  I enjoy these events and could not count on my hands the number of photographers I’ve encountered who take pictures of what is considered critical infrastructure.  Dams, electrical grids, nuclear power stations, public transportation, etc.  Not something you might place in your vacation (Hoover Dam anyone?) or family photo albums perhaps, but absolutely striking physical objects that can be rendered quite beautifully by any number of artists.

I have noticed this general extension of “see something, say something” in other venues, numerous papers, and by many a speaker. The unoriginal thinking and lack of imagination is disheartening.  How will the public become true partners in homeland security if the level of engagement largely remains at this level?  Does the whole of community only count those who have the same aesthetic views as homeland security professionals?  And will JIC (just in case) be the enduring legacy of 9/11?

Maybe not, at least if noted baseball writer George Will and others have anything to say about it:

Quentin, who finds aesthetic — and occasional monetary — value in photographs of industrial scenery at night, was equally persistent when deputies ordered him to stop taking pictures, lest they put his name on a troublesome FBI list. He was on a public sidewalk, using a large camera on a tripod, photographing an oil refinery at 1 a.m. He has a master’s degree in fine arts from the University of California at Irvine, so there.

January 19, 2012

Behavioral indicators of terrorism

Filed under: Intelligence and Info-Sharing,Radicalization,State and Local HLS,Terrorist Threats & Attacks — by Philip J. Palin on January 19, 2012

Wednesday the White House hosted a meeting of 46 senior federal, state and local law enforcement officials.

According to the Associated Press, “The Obama administration is providing senior state and local police officials with its analysis of homegrown terrorism incidents, including common signs law enforcement can use to identify violent extremists… The analysis was conducted by the Homeland Security Department, the FBI and the National Counterterrorism Center.”

I was not at the meeting.  But following is an overview of what I am told was briefed.

An interagency team and process examined several cases of Homegrown Violent Extremists (HVEs) that emerged between 2008-2010.  I was not given the precise number of cases, but I have seen reports of  sixty-two cases being considered.  Based on this sample four major “mobilizing patterns” were identified:

Contact with individuals tied to terrorist organizations is one of two indicators that appeared most often in the case studies. This finding is consistent with earlier assessments—based on past cases of domestic and transnational terrorism—that exposure to an extremist with established ties to a terrorist group can be a useful indicator of a radicalized person moving toward violence. More than 90 percent of the subjects examined either communicated directly or had some type of contact with connected extremists as part of their mobilization to violence.

Indicators of ideological commitment also appear frequently in HVE reporting. One of these behaviors—”watching or sharing jihadist videos”—was the second of the two most prevalent indicators noted in the study. Ideological commitment behaviors were observable but at times only in a virtual environment. More than 90 percent of the cases involved HVEs who either watched or shared extremist videos or other propaganda. Just under 90 percent involved HVEs pursuing religious instruction from a person or institution associated with extremist causes.Roughly 80 percent of the cases reflected an individual’s acceptance or approval of violence or martyrdom operations or an intent to engage in them.

Travel or attempted travel in pursuit of a violent agenda was a recurring factor in the HVE cases, also supporting earlier assessments of the importance of foreign travel for violent extremists. Almost 90 percent of  subjects traveled to places with a significant extremist population or to a foreign location explicitly to pursue violence.

Seeking weapons or weapons related training was a common behavior. This more tactically focused aspect of attack planning also entailed online research to acquire technical capabilities, select targets, and plan logistics. Almost 80 percent of subjects pursued weapons training, paramilitary exercises, or the acquisition of related equipment as partof their mobilization. More than half also conducted Internet research to plan their attacks.

According to my sources the law enforcement officials were, “cautioned against adopting a checklist-like mentality incountering the HVE threat. Simplistically interpreting any single indicator as a confirmation of mobilization probably will lead to ineffective and counterproductive efforts to identify and defeat Homegrown Violent Extremists.”

About 5PM Eastern on Wednesday Eileen Sullivan filed an AP story after talking with participants: SEE IT HERE.

While the law enforcement leaders were at the White House, a House Intelligence subcommittee was hearing testimony suggesting big changes in the purpose and role of the DHS intelligence function. According to prepared testimony to me delivered by Philip Mudd,

The growth of our expectations of domestic security, and the evolution of threats away from traditional state actors toward non-state entities — drug cartels, organized crime, and terrorism are prominent examples — suggest that the DHS intelligence mission should be threat agnostic. Though the impetus for creating this new agency, in the wake of the 9/11 attacks, was clearly terrorism based, the kinds of tools now deployed, from border security to cyber protection, are equally critical in fights against emerging adversaries. The DHS enterprise is more complex than other agencies responsible for America’s security, and itsintelligence mission is correspondingly multifaceted. Its intelligence missions range from providing homeland security-specific intelligence at the federal level; integrating intelligence vertically through DHS elements; and working with state/local/private sector partners to draw their intelligence capabilities into a national picture and provide them with information.

The testimony, based largely on a recently completed study and set of recommendations from the Aspen Homeland Security Group , especially emphasizes the DHS comparative advantage in working with state, local, and private sector entities in the non-classified domain.

In contrast to intelligence agencies that have responsibilities for more traditional areas of national security, DHS’s mandate should allow for collection, dissemination, and analytic work that is focused on more specific homeward-focused areas. First, the intelligence mission could be directed toward areas where DHS has inherent strengths and unique value (e.g., where its personnel and data are centered) that overlap with its legislative mandate. Second, this mission direction should emphasize areas that are not served by other agencies, particularly state/local partners whose needs are not a primary focus for any other federal agency. In all these domains, public and private, DHS customers will require information with limited classification; in contrast to most other federal intelligence entities, DHS should focus on products that start at lower classification levels, especially unclassified and FOUO, and that can be disseminated by means almost unknown in the federal intelligence community (phone trees, Blackberries, etc.).

There is an obvious tension between an intelligence function that is “threat-agnostic” and one that emerges from “where its personnel and data are centered.”  This could, however, be a very healthy tension if a threat-agnostic — capabilities-based — approach to engaging the risk environment can be effectively used to decide where personnel are focused and data is gathered.

December 28, 2011

Accountability in the Information Age

Filed under: Intelligence and Info-Sharing,Media,Technology for HLS — by Mark Chubb on December 28, 2011

Yesterday, our friends and fellow bloggers at Wired magazine’s Threat Level recapped the debate between New Yorker writer and prolific author Malcolm Gladwell and NYU academic and social media evangelist Clay Shirky regarding the role of social media in mobilizing and promoting street protests in support of democratic movements around the world. Shirky, predictably, suggests the movements would not have achieved critical mass without social media. Gladwell takes a far more skeptical view, preferring to see in these movements evidence of the democratic impulse as the message of freedom rather than just another medium for it.

Bill Wasik argues that both perspectives have considerable merit. It’s hard to argue that social media had no influence over the scope or scale of the protests, especially their rapid extension across international borders. At the same time, suggesting that social media should receive at least some of the credit for inspiring democratic uprisings overstates their capacity to encourage virtuous behavior. In the end, Wasik seems to side with Gladwell, arguing that social media enable rather than inspire mass movements.

Given the growing zeal among emergency managers to adopt social media this argument is worth noting. Social media have changed the way emergency managers do their jobs. But the way the public responds to disasters has not changed nearly as much despite social media’s widespread use.

Too many emergency managers think of the public as apathetic and uniformed about disasters. This assumption about the public extends to nearly every aspect of their behavior before, during and after disasters. Social media have helped put paid to such notions largely because they make much more readily apparent the actions of people before, during and after disasters.

For starters, social media have made it clear that people in general crave attention and attraction. We need to be known for what we know and what we can do, and we want to share our time and talents with others whose interests affirm or complement our own. We all possess an atavistic, if not innate, need to connect with others that only becomes more acute as the ways we define ourselves becomes ever more specialized and atomized.

Ambiguity makes us anxious. Seeking and sharing information even with those we do not know helps us alleviate stress. This is true even when such sharing does little to improve our circumstances or clarify a desired course of action.

In the absence of altruism, the introduction of social media into this mix should be expected to do little more than provide people with a platform for talking about disasters. But that’s not what we have seen happening. People inevitably do things when confronted with disaster. Being right takes a backseat to doing right.

Social media have changed the emergency management landscape in large part because they enable people far removed from the direct effects of the disaster to affect its outcome. They do this by giving people immersed in an event the instant ability to connect with the resources of a global audience and share more than just their stories.

Social media have made this process easier and faster. But they are not alone responsible for its emergence.

The one thing that may have changed most with the emergence of social media is the balance between the three competing priorities in emergency management: speed, relevance and accuracy.

In the past, emergency managers carefully parsed the flow of information out of fear that incorrect or conflicting information would undermine their credibility, which in turn would compromise efforts to advance response and recovery. Social media have made it much more apparent that people require very little direction from us when it comes to helping each other cope with the after-effects of disaster. Similarly, they are much more forgiving of errors and helpful about correcting them than we tend to imagine in advance.

People clearly see an important place for emergency managers and government officials as honest brokers, which demands of them an authentic voice characterized by empathy, ethics and equity. These three attributes define accountability in the Information Age, and highlight the importance of social media in emergency management.

Waiting to get the message right is no longer an option. Responding quickly is about riding the wave not generating its momentum. And errors of commission are less likely to be judged harshly than errors of omission, especially when they display relevance, which is to say they reflect a reasonable effort to mobilize or manage collective action to make things better.

Like the street protests and insurgent democracy movements around the world, the past year’s disasters and emergencies have demonstrated the important but not central role of social media in enabling humane action. This impulse arises not from the media but rather from the message. Any fears that social media would combine with Americans’ couch-potato culture to render public responses ever more passive have proven unfounded.

December 9, 2011

Summary of the Strategic National Risk Assessment

Filed under: Intelligence and Info-Sharing,Preparedness and Response — by Christopher Bellavita on December 9, 2011

The Strategic National Risk Assessment was written to support the National Preparedness Goal.  You can download an unclassified summary of the National Risk Assessment at this link. (Thank you to the person who sent me the link.)

The seven page summary includes these sections:

  1. Overview
  2. Strategic National Risk Assessment Scope
  3. Overarching Themes to an All-Hazards Approach
  4. Analytic Approach
  5. Limitations
  6. Impacts and Future Uses
  7. Conclusion

Here is an excerpt from the Overview:

The Strategic National Risk Assessment (SNRA) was executed in support of Presidential Policy Directive 8 (PPD-8), which calls for creation of a National Preparedness Goal, a National Preparedness System, and a National Preparedness Report.

Specifically, national preparedness is to be based on core capabilities that support “strengthening the security and resilience of the United States through systematic preparation for the threats that pose the greatest risk to the security of the Nation, including acts of terrorism, cyber attacks, pandemics, and catastrophic natural disasters.”

… The assessment was used:

  • To identify high risk factors that supported development of the core capabilities and capability targets in the National Preparedness Goal;
  • To support the development of collaborative thinking about strategic needs across prevention, protection, mitigation, response, and recovery requirements, and;
  • To promote the ability for all levels of Government to share common understanding and awareness of National threats and hazards and resulting risks so that they are ready to act and can do so independently but collaboratively.

The subsequent pages provide an overview of the unclassified findings and the analytic approach used to conduct the SNRA. It should be emphasized, however, that although the initial version of the SNRA is a significant step toward the establishment of a new homeland security risk baseline, it contains data limitations and assumptions that will require additional study, review, and revision as the National Preparedness System is developed. These limitations are discussed below, and future iterations of the assessment are expected to reflect an enhanced methodology and improved data sets.

Below is a chart (taken from the Assessment) that summarizes:

… a series of national-level events with the potential to test the Nation’s preparedness….

For the purposes of the assessment, DHS identified thresholds of consequence necessary to create a national-level event. These thresholds were informed by subject matter expertise and available data. For some events, economic consequences were used as thresholds, while for others, fatalities or injuries/illnesses were deemed more appropriate as the threshold to determine a national-level incident.  In no case, however, were economic and casualty thresholds treated as equivalent to one another (i.e., dollar values were not assigned to fatalities). Event descriptions in [the table below] that do not explicitly identify a threshold signify that no minimum consequence threshold was employed. This allows the assessment to include events for which the psychological impact of an event could cause it to become a national-level event even though it may result in a low number of casualties or a small economic loss. Only events that have a distinct beginning and end and those with an explicit nexus to homeland security missions were included.

This approach excluded:

  • Chronic societal concerns, such as immigration and border violations, and those that are generally not related to homeland security national preparedness, such as cancer or car accidents, and;
  • Political, economic, environmental, and societal trends that may contribute to a changing risk environment but are not explicitly homeland security national-level events (e.g., demographic shifts, economic trends).

These trends will be important to include in future iterations of a national risk assessment, however.

If you have questions or comments about this initial effort to share the results of the national risk assessments, please let me know (in the comments section of this post) and I will ask around for answers.

« Previous PageNext Page »