Homeland Security Watch

News and analysis of critical issues in homeland security

April 20, 2013

Dzhokhar Tsarnaev arrested

Filed under: Investigation & Enforcement,Radicalization,Terrorist Threats & Attacks — by Philip J. Palin on April 20, 2013

According to the Boston Globe between 7PM and 8:30PM on Friday night the following transpired:

Police found Dzhokhar ­Tsarnaev hiding on a boat stored in a backyard on ­Franklin Street. Police ­exchanged gunfire with him before capturing him alive. Spontaneous celebrations erupted across the region, from the ­Boston Common to the Back Bay streets near the bombing.

The boat’s owners, a couple, spent Friday hunkered down under the stay-at-home order. When it was lifted early in the evening, they ventured outside for some fresh air and the man noticed the tarp on his boat blowing in the wind, according to their his son, Robert Duffy.

The cords securing it had been cut and there was blood near the straps. Duffy’s father called police, who swarmed the yard and had the couple evacuated, Duffy said.

Residents, who had barricaded themselves in their homes for nearly 20 hours, were still deeply shaken. “I’m so happy they got these guys,” said Tom Sheridan, 35, an interior painter from Watertown, as he cheered police cruisers and ambulances as they drove by on Mount ­Auburn Street. “But I’m worried there are more people out there like that. It won’t be the same.”

Tsarnaev was wounded and taken to a hospital. In an interview late last night, Patrick said he is “hoping very deeply he survives those wounds, because I’ve got a lot of questions and I know investigators have a lot of questions for him.”

April 19, 2013

One suspect dead, other on the run

Filed under: Investigation & Enforcement,Terrorist Threats & Attacks — by Philip J. Palin on April 19, 2013

Overnight — beginning about 2230 Boston time — the search for the Boston bombers unfolded into a fire-fight and active manhunt.  The individual with a black hat shown in the photos released yesterday afternoon is evidently dead.  As of 0530 Eastern on Friday the individual in the white hat is the object of an extensive search by a range of law enforcement agencies.

One of the best bets for authoritative reports is the Boston Globe website. According to the Globe:

The Associated Press reported this morning that the suspects came from the Russian region near Chechnya, which has been plagued by an Islamic insurgency. A law enforcement intelligence bulletin obtained by the AP identified the surviving bomb suspect as Dzhokhar A. Tsarnaev, a 19-year-old who had been living in Cambridge. The Globe has learned that the dead suspect is Tsarnaev’s brother.

April 18, 2013

FBI photos of “suspects” 1 and 2

Filed under: Investigation & Enforcement,Terrorist Threats & Attacks — by Philip J. Palin on April 18, 2013

Shortly after 5:15 PM Eastern Time on Thursday the FBI released photos of two individuals seen near the location of the Boston Marathon explosions shortly before detonation.  The FBI has requested the assistance of the public in identifying the individuals.  More photos and a videotape are available at the FBI website.

Earlier today Secretary Napolitano cautioned that individuals in the photographs should not at this time be considered “suspects” in the bombing.  This distinction was not especially emphasized during the FBI news conference.

Those of us old enough to remember the 1995 Centennial Park bombing during the Atlanta Olympics may also recall the rush to judgment in treating Richard Jewel as a “suspect”.

August 10, 2012

Brennan defines “bad guys” (NYPD looks for bad guys)

Wednesday, John Brennan, the Assistant to the President for Homeland Security and Counterterrorism, spoke to the  Council on Foreign Relations.  His remarks focus on US operations in Yemen including the use of drones.  This is the latest in a series of extended statements by Mr. Brennan designed to explain and defend US policy regarding the lethal use of drone technology beyond Afghanistan.

Ritika Singh at LAWFARE has posted the first transcript I could find.

There is a Question and Answer session with Mr. Brennan that is considerably longer than his prepared remarks.  During this element of the program he engaged a range of issues, including Syria and cybersecurity… and bad guys.

While looking for the transcript, I stumbled across a very helpful consideration of the NYPD’s new “Domain Awareness System” at the Council on Foreign Relations website.  (If CFR can headline attention to NYPD technology projects,  I think HLSWatch can clearly address Yemen.)  Please see the CFR briefing by Matthew Waxman.

July 11, 2011

Mexican Standoff: Justice Announces New Gun Rules for Border States

Filed under: Border Security,Investigation & Enforcement — by Jessica Herrera-Flanigan on July 11, 2011

The Administration announced today that the Justice Department will require firearms dealers in Arizona, California, New Mexico and Texas to report to the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), if an individual purchases -within 5 days – more than one semiautomatic rifle that takes a detachable magazine and uses ammunition greater than .22 caliber.  In a statement, Deputy Attorney General James Cole stated:

The international expansion and increased violence of transnational criminal networks pose a significant threat to the United States.  Federal, state and foreign law enforcement agencies have determined that certain types of semi-automatic rifles – greater than .22 caliber and with the ability to accept a detachable magazine – are highly sought after by dangerous drug trafficking organizations and frequently recovered at violent crime scenes near the Southwest Border.  This new reporting measure — tailored to focus only on multiple sales of these types of rifles to the same person within a five-day period — will improve the ability of the Bureau of Alcohol, Tobacco, Firearms and Explosives to detect and disrupt the illegal weapons trafficking networks responsible for diverting firearms from lawful commerce to criminals and criminal organizations.  These targeted information requests will occur in Arizona, California, New Mexico, and Texas to help confront the problem of illegal gun trafficking into Mexico and along the Southwest Border.

The proposal is not completely a surprise, as the Federal Register published the proposal in December and then in late April, requesting public comment. The announcement comes after Congress has been investigating ATF’s operation “Fast and Furious” in Arizona.  The operation has been criticized as ATF allegedly allowed almost 2000 guns bought by straw purchasers in the U.S. to be sent to Mexico, despite the monitoring of the sales by ATF.  It is believed that two of the weapons linked to the program played a role in the murder of Border Patrol agent Brian Terry last December.

The National Rifle Association has indicated that it plans to file suit against the government for the new rules.  The NRA claims that the Administration does not have the legal authority to enact the rules and that by doing so it is circumventing Congressional action.

What we have now is a Mexican standoff with neither side likely to budge on what it believes is needed to protect the border or protect gun owner rights, respectively.  A few observations:

The ongoing drug wars in Mexico are serious and guns are playing a significant role; that is true. Some population of those guns are originating from the U.S., though the exact percentage is unknown. Those for restricting gun sales have claimed it is up to 90 percent. Those against claim that number is an exaggeration, as not all the guns found in Mexico are sent back for tracing and that the actual number is in the teens.  Whatever the number, the ongoing violence is starting to seep over to the U.S. and all sides should not be quabbling over percentages but trying to find a solution to a problem that is not only in our backyard, but making its way through our backdoor.

That said, it is not clear how effective the new rules will be and whether they really address the larger problems associated with the escalating violence. As written, they only are enforceable for gun dealers within the border states.  Based on reports by GAO and others, while those states may have a higher percentage of guns sold that migrate to Mexico, they don’t represent 100% of guns traced back to the U.S.  Will putting this requirement in place only increase dubious sales at non-border states with “friendly” gun laws? Also, does ATF have the capacity to examine the increased reporting materials in a manner that will allow it to effectively identify which sales are linked to the drug wars and which are merely linked to individuals exercising their 2nd Amendment rights?  If the “Fast and Furious” project is any indication then the agency needs much improvement in this realm to ensure that the rules are an effective tool and not a burdensome requirement.

At the same time, as noted earlier, the violence in Mexico is worsening and seeping over into the U.S. and affecting border cities and U.S. citizens.  The NRA and others who support 2nd Amendment rights while protecting the rights they believe in should help the government come up with effective and systematic ways to keep guns out of the hands of those who would do harm to our citizens and our communities.

If we are truly going to address guns crossing the border- regardless of whether is 90 percent or 17 percent of the problem – we all need to work together.

February 8, 2011

A chew-without-swallowing terrorism defense

Filed under: Intelligence and Info-Sharing,Investigation & Enforcement — by Christopher Bellavita on February 8, 2011

Today’s post was written by Nick Catrantzos.  Nick is the lead author of the All Secure blog and is the security director for a large public organization.


What’s in a lead about suspicious activity, and whence the gulf between how defenders and official lead processors react to it?

The answer says a great deal about how far our homeland security partners have advanced in gearing their efforts for preventing terrorist attacks instead of focusing top priority on prosecuting attackers. The way one answers also reveals instantly whether one is a defender or an official unburdened by direct responsibility for protecting a target of terrorist attack. Take this example and follow its course to appreciate the difference.

EVENT: A person drives up to a fenced facility whose purpose is to control electricity, water, or telecommunications serving millions of citizens. This person then takes several photographs of that facility and of the entrance to it before driving away. Staff or security cameras at the facility capture the photographer’s description and license plate number. An employee from that facility then reports these details through channels that ultimately reach the local fusion center. This center is where homeland security partners take in and presumably do something with all the information generated by their bosses’ “See something? Say something!” campaigns. What should happen next? It depends.


An analyst or duty officer calls up the license plate number and hands the details to a law enforcement officer on duty. This officer immediately calls the registered owner of the vehicle driven by the photographer, communicates official interest and concern over the actions of the photographer, and ascertains the photographer’s intent while clearly signaling that such activity is monitored, acted upon, and taken very seriously. Result? Deterrence. Even if the photographer’s actions trace to some innocent, plausible explanation, a clear message goes out that somebody is watching and that suspicious actions trigger real time response. If a terrorist was taking pictures as part of a target selection or pre-strike surveillance operation, the dividend is greater. The same message goes out disrupting the attack and in effect causing the would-be attacker to pick a softer target.

But there is an alternative reaction which misses this deterrent effect while consuming much more time and resources.


You see the situation differently. You see your job not as deterring attack but as launching investigations that take attackers down and put them behind bars. So, what happens? Well, you evaluate the lead. Let’s see, there’s not too much there to justify an investigation. There are more of these leads than investigators to handle them. Besides, you probably need a supervisor to authorize an investigation. This means more processing delay. Net result? Note and file. Thank the defender for the lead. Not enough to go on, though. Maybe next time …

What signal does the latter approach transmit? To the photographer — innocent or nefarious — it says no one will stop or question you or stand in your way. To the defender, it communicates indifference and bureaucracy that disincentivizes future participation in passive or one-sided homeland security “partnerships.”

To the public at large, the handling of such events reveals just how much our organs of homeland security have in reality taken to heart the message of the Attorney General in November 2001 when he announced that, henceforth the new priority would be prevention, not prosecution. If the second approach is crowding out the first, this is not necessarily the fault of fusion centers and lead processors. It is a failure of leadership to incentivize timely responsiveness for deterrence that is hard to measure over traditional investigative case handling that lends itself better to metrics but not to the object sought. And so we chew and chew on the very leads that a quick bite and swallow would handle better, leaving our vaunted partnerships infused with a bovine incapacity to deliver the value they were created to produce.

March 19, 2010

Combating the Terrorists Online

Earlier this week, I wrote – Is the Internet Creating Terrorists? – in recognition of the modern Internet’s 25th birthday.  In that piece, I asked whether the Internet has enabled terrorists to increase their recruiting efforts and what does it mean for law enforcement.  Yesterday, Christopher Bellavita wrote an interesting related piece, Could terrorists on the internet be the next dot com bubble?, exploring Marc Sageman’s book Leaderless Jihad, and its analysis of potential Internet radicalization.  Chris’ conclusion, if I may simplify,is that there may be less of a link between the Internet and radicalization than expected.  He approached the issue from a different angle than I did – reviewing, in part, the lack of a correlation between countries that access extreme websites and countries that produce foreign fighters.   He does caution that without a critical analysis of claims and evidence demonstrating that the Internet is creating terrorists, we may end up wasting resources on the wrong problem.

So, what is the federal government doing to analyze the use of the Internet as a potential terrorist recruitment, dissemination, and tool for terrorism? Obviously, with proper procedures and legal process, the government can monitor non-public sites promoting criminal behavior.  We will leave out of the discussion scenarios of what our cloak and dagger friends may be doing.

Also not discussed here are the legislative and legal procedures at the federal level for tracking an individual’s use of the Internet if criminal or security implications exist.  The intricacies of surveillance policy – bother criminal and intel-related – is a topic that alone fills many a blog.

Instead, this post focuses on what potential government action exists to address the potentially offending websites that are disseminating terrorist information and/or inciting terrorist activity.  In doing so, I admittedly am taking a simplified approach to a complicated subject but hope to at least start a dialogue on the issue.

As far as I am aware, there is no public analysis that explores the degree to which the U.S. is generally monitoring public websites and communications on open blogs, social networks, and the like, though we know such efforts are underway in some form or fashion.  Just last month, the Department of Homeland Security undertook a Privacy Impact Assessment for the “Office of Operations Coordination and Planning, 2010 Winter Olympics Social Media, Event Monitoring Initiative.” The PIA assessed a number of DHS activities in preparation for the Vancouver Olympics, including the monitoring of social media websites (including this site) to “provide situational awareness and establish a common operating picture.”

In 2008, the Senate Committee on Homeland Security and Governmental Affairs released a report, Violent Islamist Extremism, The Internet, and the Homegrown Terrorist Threat,  which touched upon the government’s response capability.  The report stated:

Despite recognition in the [National Implementation Plan] that a comprehensive response is needed, the U.S. government has not developed nor implemented a coordinated outreach and communications strategy to address the homegrown terrorist threat, especially as that threat is amplified by the use of the Internet. According to testimony received by the Committee, no federal agency has been tasked with developing or implementing a domestic communications strategy.

Shortly after the report was released, Committee Chairman Joe Lieberman sent a letter to Google Chairman and CEO Eric Schmidt saying that the company needed to take extensive steps to remove videos from YouTube that promoted terrorism.  While YouTube is hardly a terrorist-sponsored site in and of itself,  Lieberman found that some videos posted on the sharing site “provide weapons training, speeches by Al-Qaeda leadership, and general material intended to radicalize potential recruits.”  While Google removed a number of videos that violated its own guidelines,  Lieberman continued to raise concerns with additional videos that remained on the site.

Lieberman’s actions were met with criticism from civil rights and First Amendment advocacy groups, who saw it as an attack on the First Amendment and the Constitution. Others balked at the potential for censorship of content on the Internet.

The First Amendment, at least with regards to acting on and removing materials from sites, is one of the biggest challenges facing the federal government.  Those hosting websites may loathe removing or censoring sites without some legal process served by authorities,  a process that requires a determination of a specific illegal act, or without a clear violation of their contractual agreements with site owners.   In looking at the offending act for terrorist sites, part of the challenge goes back to an issue that Homeland Security Watch discussed in great detail several weeks ago – what is terrorism and what constitutes a criminal (or national security) act?  Do lone wolf sites suffice?  Does it have to be linked to a terrorist group?  How does the government meet the threshold of a terrorist act when it involves online speech?

Of course, there may be ways to avoid the “what is terrorism” definition for potential acts by looking at other laws, especially if criminal activity is evident.  For example,  in 1996, Senator Diane Feinstein included in the Omnibus Anti-Terrorism Act a provision that required the Justice Department to produce a report analyzing the extent to which bomb-making instructions are available in the U.S. via various forms of media.  The Justice Department issued a report in April 1997 stating that laws restricting the dissemination of the media could be constitutional if narrowly-crafted.    Senators Feinstein and Orrin Hatch included an amendment on the Violent and Repeat Juvenile Offender Accountability and Rehabilitation Act that prohibited teaching or showing how to make explosives with the intent that the information will be used to  commit a federal crime.   Consequently, if a potential terrorist site shows how to make explosives and IF intent can be shown that the site’s owners planned for individuals to use that information to commit a violent crime, then legal process could be attainable.  Likewise, if specific links to fraud, money laundering, or inciting specific incidents of violence are evident, there potentially could be legal action in those cases.

Even then, however, if the sites are hosted outside the U.S., the issues become murkier and require international cooperation, perhaps with nations with different norms, standards, and definitions of criminal and national security acts than the U.S.

Complicating the situation even more — if  a site is successfully knocked off a hosting company’s server,  it is very easy to migrate and move a site to a new location.  Indeed, in testimony before Lieberman’s Committee in May 1997, Lt. Col. Joseph H. Felter, U.S. Army director of the Combating Terrorism Center at the U.S. Military Academy, testified that “[a]ttempts to shut down websites have proven as fruitless as a game of whack-a-mole.”

The government actions above, however, assume that law enforcement or security officials want a site to be removed. There may be instances where the preferred action is to leave something up as it may be valuable for intelligence or evidence gathering reasons.

Tackling terrorism online is not one that the U.S. alone is facing.  Just last month, the United Kingdom’s Association of Chief Police Officers created a unit for fighting online terrorism activity, complete with a portal for citizens to report suspected sites.  Other nations that do not provide the same free speech protections have taken similar actions for a variety of criminal security activities, including those related to hate speech.

In short, the challenges for government action against terrorist sites “generally” are many and raise serious constitutional and legal hurdles, both here and abroad.  Of course, we still most determine the extent to which terrorism-promoting sites are a problem – and that, in and of itself, may be our biggest challenge.

October 20, 2009

Secret Service -Its Mission, Its Future

Filed under: General Homeland Security,Investigation & Enforcement,State and Local HLS — by Jessica Herrera-Flanigan on October 20, 2009

Bryan Bender from the Boston Globe reports this morning on “new questions” about the 144-year-old Secret Service’s “mission.”  Specifically, he notes that the agency, which has dual missions of protection and financial crimes investigations, may be overwhelmed by the protection mission and need, according to some critics, to abdicate its investigative mission.  Bender cites  “the unprecedented number of death threats against President Obama, a rise in racist hate crimes, and a new wave of antigovernment fervor” as reasons for the Secret Service’s strain.  He cites a Congressional Research Service internal report that found that the two mission approach may be “ineffective” and recommends evaluating whether to transfer some of the service back to the Treasury Department.

Splitting the Secret Service by its mission would be devastating.  Currently, the agency has more than 6,500 employees, including 3,200 Special Agents, 1,300 Uniformed Division Officers, and 2000 administrative employees. The Special Agents fulfill the investigative mission, as well as sensitive protective details and investigations. The Uniformed Division provides the “physical” protection to the White House and foreign diplomatic missions in the Washington D.C. area.

The financial and technology crimes investigative authorities of the agency allow it to operate on an ongoing basis in communities throughout the nation. Its 20+ Electronic Crime Task Forces (ECTF), created after 9/11, allow the Secret Service to build a strong local federal, state, and local law enforcement partnerships, that also include industry and academia.  The value of these local connections help reinforce the Secret Service’s protection mission as it allows the agency to build ongoing trusted relationships with local law enforcement officials.   The relationship between federal and state/local law enforcement can be tenuous – even more so when “outsiders” come into a locality and tell state and locals what to do.   Strong relationships are critical as protected officials travel and National Special Security Events (NSSEs) happen throughout the nation.  Isolating the Secret Service by focusing its mission only on protection would not help the protection mission.

In addition, the investigative mission allows the Secret Service to recruit and hire the best and brightest investigators. Specific protection missions such as protecting the President, Vice President and other dignitaries are opportunities given to the best and brightest of the best and brightest.  After completing a grueling and exhausting protective detail, Special Agents often return to their communities in investigative roles, thereby building stronger connections with their communities.

The investigate responsibilities also contribute to the Secret Service’s ability to fulfill its protection mission by allowing it to develop expertise to assist in its efforts to pursue protection missions.  For example, in today’s increased network world, the Internet and technologies are increasingly being used to perpetrate threats (think of the recent Facebook poll on where the President should be killed).  As an agency tasked with computer crime authorities, the Secret Service has the internal capability of pursuing these types of incidents.

There is little question that the Secret Service is overwhelmed but that is because it needs more resources and personnel.  As NSSEs are increasingly declared and more officials are deemed needing protection, the Secret Service’s funding has to be increased accordingly.  In addition, there needs to be more flexibility in getting resources to the Secret Service quickly and effectively, especially when NSSEs and related special events are identified.

The recommendation that part of the Secret Service go back to the Treasury Department is troubling for another reason — it continues the drumbeat of dismantling the Department of Homeland Security piece by piece to return the nation to pre-9/11 days.  FEMA and the Animal and Plant Health Inspection Service (APHIS), among other agencies, have both been proposed to be moved out of DHS back to their previous status.   Perhaps this is a consequence of what this blog discussed last week – the waning of homeland security.  It may be just continued jurisdictional wrestling.

While the Secret Service’s dual-mission should be strengthened, not dismantled, there could be some reorganization worth exploring.  The Uniformed Services Division, for example, could be made a separate entity or combined with the Federal Protective Services to strengthen its ability to protect across government buildings.  That is a blog topic in and of itself…

September 4, 2009

Arson and Homicide: LA Fires

Filed under: Investigation & Enforcement,Preparedness and Response — by Philip J. Palin on September 4, 2009

This morning Ari B. Bloomekatz, Andrew Blankstein and Cara Mia DiMassa report in the Los Angeles Times, “A mammoth forest fire that killed two firefighters and has burned more than 147,000 acres was an act of arson, authorities said Thursday as they launched a homicide investigation into the deaths. Officials said they determined that the largest brush fire in the history of Los Angeles County was the result of arson after investigators examined forensic evidence from scorched landscape off Angeles Crest Highway, north of La Cañada Flintridge. The spot is believed to be the source of origin of the Station fire.”  (Please read the entire report.)

March 26, 2009

Mueller: National security is FBI focus

Filed under: Intelligence and Info-Sharing,Investigation & Enforcement,Terrorist Threats & Attacks — by Philip J. Palin on March 26, 2009

In testimony yesterday before the Senate Judiciary Committee, FBI Director, Robert Mueller, emphasized, “In the aftermath of the September 11, 2001, attacks, counterterrorism became our top priority, and it remains our top priority today. Indeed, our top three priorities – counterterrorism, counterintelligence, and cyber security – are national security related.”

These are not the only priorities pushed by every Senator.  As reported in this morning’s New York Times,  “At issue is whether the country is well served by assigning nearly half of the F.B.I.’s 12,000 agents to terrorism and intelligence work, as has been the case since shortly after the Sept. 11 attacks. That debate has gained steam since the economic crisis, with lawmakers and others criticizing the F.B.I. as not putting enough resources into bank, mortgage and securities fraud, and pointing out that some of the most significant actions have been taken by state prosecutors, rather than federal ones.”

Mueller agreed that the FBI has a role to play in investigation of  financial and securities fraud. “While the FBI is surging to mortgage fraud investigations, our expectation is that economic crimes will continue to skyrocket.”   (Read more from ABC News.)

But the FBI Director tried to redirect most of his answers back to the terrorist threat and the need to renew the Patriot Act. According to the Washington Post,  “Mueller told members of the Senate Judiciary Committee he hopes that the reauthorization of two provisions would be far less controversial than in previous years. One of those provisions, which helps authorities secure access to business records, ‘has been exceptionally helpful in our national security investigations,’  he said. In response to a question from  Sen. Benjamin L. Cardin (D-Md.), Mueller said that his agents had used the provision about 220 times between 2004 and 2007. Data for last year were not yet available, he said. The measure allows investigators probing terrorism to seek a suspect’s records from third parties such as financial services and travel and telephone companies without notifying the suspect.”

August 11, 2008

Case Not Closed: The Government Must Provide Answers to Lingering Questions from Ivins Case

Filed under: Biosecurity,Investigation & Enforcement,Terrorist Threats & Attacks — by PJCrowley on August 11, 2008

~Guest Blog~

Last week the FBI outlined its new “theory of the case” regarding the 2001 anthrax attack. So far, almost all of the focus has remained on the whodunit, a scientist named Dr. Bruce E. Ivins, who committed suicide late last month as the FBI was closing in on him. Far less attention has been given to whatdunit, the United States Army Research Institute of Infectious Diseases or USAMRIID, and whether sufficient institutional security measures have been developed within government laboratories and government-sponsored research programs to ensure that we can detect the next bio-bomber.

Lingering questions from the Ivins case, particularly the reaction of his co-workers at Fort Detrick, suggest that we have a lot of work to do to build an effective security system to monitor the potential misuse of the world’s most deadly substances. And it is possible that our actions since 2001 have expanded the danger.

Based on new scientific tools used in the investigation, the FBI is certain that the agent used in the attack came from a specific flask used in research at the Army lab. That flask was “effectively the murder weapon” according to U.S. Attorney Jeffrey Taylor. So, whether or not Dr. Ivins did it, the FBI is convinced that someone at USAMRIID did. At least one government scientist weaponized an agent, removed it from the facility and used it to kill five people without being detected. The combination of background checks, peer observation and physical security at Fort Detrick in place in 2001 was inadequate.

Even now, many of Dr. Ivins’ co-workers are not convinced he did it because they believe they would have seen him do it. These doubts should sound an alarm about the state of bio-security today. Seven years after the incident, no one associated with Fort Detrick has yet explained what has been done to make a repeat incident less likely.

Let’s compare aviation and bio-security. Aviation security is far from perfect, but we have responded aggressively and systematically to the 9/11 failure. We know a lot more about passengers before they arrive at the airport. We inspect them and their baggage thoroughly before they are allowed to board an airplane. Once on board, a potential hijacker faces a locked cockpit door, an air marshal, a better trained crew and a plane-full of inquisitive eyes. There remains a residual threat to aviation, most likely from air cargo, but at least we have done as much as we can to prevent another suicide hijacking.

Unfortunately, it is possible our response to the other 2001 terror attack has been backwards. We have spent many billions of dollars developing vaccines and deploying detection equipment based on the belief that the threat was external – a terrorist organization would develop and deploy a biological weapon against the United States.

That danger certainly exists, but we now know that this was an insider job. Someone working for a secretive agency and in control of the most dangerous technologies that exist used them against the society they were charged to protect. And, because the scope of research on bio-defenses has expanded exponentially since 2001, the insider threat now could be even greater.

In the coming days, it will be imperative for the Departments of Defense, Homeland Security and Health and Human Services to come forward and tell us what has been done at government labs across the country and within government-sponsored research programs in light of the USAMRIID case to strengthen bio-security. What new research protocols have been established? What kind of peer review system is now in place? What kind of detection equipment has been installed as workers exit labs? How have background checks been strengthened? If Dr. Ivins was suffering from declining mental health, to what extent are labs monitoring scientists and looking for danger signs?

We now know that in 2001 we were attacked not just by al Qaeda but also by a government agency. Significant questions linger as to whether the government’s biological security is keeping pace with biological research. The government cannot retreat behind a veil of secrecy. The American people deserve to know that government bio-defense programs now have more effective security measures in place so that we are sufficiently protected from both internal and external threats.

The case should be far from closed.

P.J. Crowley is a Senior Fellow and Director of Homeland Security at the Center for American Progress in Washington, D.C. He served as Principal Deputy Assistant Secretary of Defense for Public Affairs and then as Special Assistant to the President of the United States for National Security Affairs, serving as Senior Director of Public Affairs for the National Security Council.

December 13, 2006

Worksite enforcement shock and awe

Filed under: Investigation & Enforcement — by Christian Beckner on December 13, 2006

Immigration and Customs Enforcement’s mass roundup of 1,282 illegal alien workers at six Swift & Co. meatpacking plans around the country yesterday has been a headline story today around the country. The Des Moines Register and the Salt Lake Tribune provide local perspective on the story, and DHS issued a press release and held a press conference with Sec. Chertoff and ICE Asst. Secretary Julie Myers to explain the Department’s actions. The latter documents focus on the ‘identity theft’ dimension of these raids, noting that 65 of the people arrested for immigration violations were also charged with identity theft-related infractions. And in his remarks, Sec. Chertoff focused on the administration’s continued desire to create a Temporary Worker Program, something which could potentially mitigate the need for such raids.

Overall, I think these arrests were warranted; without aggressive worksite enforcement, companies will face undue temptations to employ illegal workers, creating a race to the bottom in certain sectors of the economy. The tactics used were exceedingly dramatic – the law enforcement of “shock and awe” – but if that has a deterrent effect on similar scofflaws, then it’s perhaps warranted. However, I am concerned about the way in which some American citizens of Hispanic origin were treated during these raids, as recounted in the aforementioned Salt Lake Tribune story. And it’s undoubtedly true that the need for these types of raids would decrease with the creation of a Temporary Worker Program.

November 15, 2006

ICE removes detention and removal strategy from website

Filed under: Border Security,Investigation & Enforcement — by Christian Beckner on November 15, 2006

The kooky website Cryptogon had a post a few days ago (hat tip: CQ) where they linked to an Immigration and Customs Enforcement strategic plan for detention and removal from 2004 codenamed Endgame. That report had previously been available online at ice.gov, but shortly after the Cryptogon post revealed its existence, it was removed from the website. The proprietors of this Cryptogon site therefore put it up on their own server, and you can download it here:

ENDGAME: Detention and Removal Strategic Plan, 2003 – 2012

The document is unclassified and fairly banal, so I have a hard time believing that this was removed for security reasons. A likelier explanation is that it was removed because it was outdated, a lot of the content in it having been superceded by strategic work under the auspices of the Secure Border Initiative over the last 1+ years.

Shell companies and security vulnerabilities

Filed under: Investigation & Enforcement — by Christian Beckner on November 15, 2006

The Investigations Subcommittee of the HSGAC held a hearing today entitled “Failure to Identify Company Owners Impedes Law Enforcement,” which looks at the ease with which anonymous shell companies can be established in states and the national security consequences of this reality, as Sen. Coleman notes in his opening statement:

This lack of transparency not only creates obvious vulnerabilities in our financial system, it also threatens our homeland security. GAO reports that the FBI has 103 open investigations involving financial market manipulation, and most of these cases involve U.S. shell companies. A Department of Justice report revealed that Russian officials used shell companies in Pennsylvania and Delaware to unlawfully divert $15 million in international aid intended to upgrade the safety of former Soviet nuclear power plants.

Schemes like these are not uncommon, but without sufficient company ownership information, it is often difficult for law enforcement to identify and prosecute the criminals behind them. For example, Immigration and Customs Enforcement (ICE) officials reported that over a two year period one Nevada-based corporation received more than 3,700 suspicious wire transfers totaling $81 million. This case has not prosecuted, however, because ICE was unable to identify the corporation’s owners.

Clearly, our failure to identify the owners of U.S. shell companies is a significant deficiency in our anti-money laundering and terrorist financing efforts. And I am concerned that the competition among the states to attract company filing revenue and franchise taxes has in some instances resulted in a race to the bottom.

Sen. Levin’s opening statement suggests a couple of potential approaches to address this legislatively:

FinCEN is considering issuing new regulations requiring company formation agents to establish risk-based anti-money laundering programs which would require careful evaluations of requests for new companies made by high-risk persons. Another approach would be for Congress to set minimum standards, so that no state would be placed at a competitive disadvantage when asking for the name of a company’s true owners. This nationwide approach would also ensure U.S. compliance with international anti-money laundering standards. Still another approach would be to expand on the work of a few states which already identify some ownership information, and ask the National Conference Committee on Uniform State Laws to strengthen existing model state incorporation laws by including requirements for beneficial ownership information, monetary penalties for false information, and annual information updates.

These proposals seem relatively benign in terms of their impact on the financial system, and seem like a solid starting point for new legislation in the 110th Congress.

You can read other testimony from the hearing at this link.

October 31, 2006

Airline document-creation site shut down by FBI

Filed under: Aviation Security,Investigation & Enforcement — by Christian Beckner on October 31, 2006

Note to self: don’t create script to allow anyone to print out fake airline boarding passes:

A website that let anyone with an Internet connection and a printer create fake airline boarding passes has been shut down after federal agents visited the creator.

FBI agents raided Christopher Soghoian’s home over the weekend, seizing computers and other equipment, Soghoian wrote on his blog. They first visited him Friday afternoon with a request to take the site down, but when he got online, he found that the site had already been removed, he wrote.

….Soghoian’s “Northwest Airlines Boarding Pass Generator” let people create boarding passes that look virtually identical to the ones printed from the Northwest Airlines website. They could be used to get past airport security, but not to get on an airplane, because the airline would have no record of the reservation, Soghoian said.

Here’s Soghoian’s blog. While it probably wasn’t the wisest move to create this script and put it online, I think that making a criminal case out of this is an unfortunate response. Instead, the FBI and/or the airlines should be focusing on strengthening the security of commercial aviation documents – perhaps by working with Soghoian and offering him a job.

October 11, 2006

Frontline on ‘The Enemy Within’

Filed under: Investigation & Enforcement,Terrorist Threats & Attacks — by Christian Beckner on October 11, 2006

The PBS show Frontline had an excellent episode tonight looking at the threat of homegrown terrorism in the United States since 9/11, analyzing the extent of this threat, how the FBI has evolved to respond to it, and the particulars of several notable cases over the past few years, most notably the investigation and trial of a potential terrorist cell in Lodi, California.

The episode raised a number of serious questions about the nation’s efforts to detect and investigate homegrown terrorism in the United States:

  • At what point in an investigation should the FBI wrap up and arrest a potential cell, instead of continuing to monitor it? (This issue has been discussed frequently in recent months as it concerns the Miami “Seas of David” plot and the UK aviation plot)
  • If the FBI continues to make arrests that lead to little or no evidence of terrorist activity, at what point does that become “crying wolf” – such that the public no longer trusts serious government efforts to prevent terrorist activities?
  • At what point do the FBI’s efforts to develop informants and penetrate the U.S. Muslim community become overly aggressive and backfire, leading to distrust and resentment that create a more permissive environment for terrorist activity?

These are not easy questions to answer, and the government officials who are interviewed for this piece seem to generally grasp the complexities of the environment in which they operate, and struggle from day-to-day to strike the right balances in addressing these questions. There have been clearly been examples of overzealous arrests, as the report points out – the Miami plot is probably the best example of this in recent years. And there are clearly gaps in the FBI’s abilities to carry out this mission, as the Washington Post points out in a story today that notes that only 33 out of 12,000 FBI agents have even basic Arabic language skills. But I think it would be false to say that the homegrown terror threat does not exist or can be dismissed, as some might incorrectly take away from the Frontline report.

If you want to view the full Frontline episode, it will be available at this link later today. And also check out this New York Times story which provides an overview of the episode.

Next Page »