Homeland Security Watch

News and analysis of critical issues in homeland security

August 10, 2012

Brennan defines “bad guys” (NYPD looks for bad guys)

Wednesday, John Brennan, the Assistant to the President for Homeland Security and Counterterrorism, spoke to the  Council on Foreign Relations.  His remarks focus on US operations in Yemen including the use of drones.  This is the latest in a series of extended statements by Mr. Brennan designed to explain and defend US policy regarding the lethal use of drone technology beyond Afghanistan.

Ritika Singh at LAWFARE has posted the first transcript I could find.

There is a Question and Answer session with Mr. Brennan that is considerably longer than his prepared remarks.  During this element of the program he engaged a range of issues, including Syria and cybersecurity… and bad guys.

While looking for the transcript, I stumbled across a very helpful consideration of the NYPD’s new “Domain Awareness System” at the Council on Foreign Relations website.  (If CFR can headline attention to NYPD technology projects,  I think HLSWatch can clearly address Yemen.)  Please see the CFR briefing by Matthew Waxman.

May 18, 2012

Three issues, thirty posts, can we improve homeland security?

Filed under: Catastrophes,General Homeland Security,Preparedness and Response,Privacy and Security — by Philip J. Palin on May 18, 2012

If you haven’t noticed, Fridays are my responsibility here.

Daily blogging — most blogging — tends toward multiple short pieces.  Whether news or commentary,  unpaid (and many paid) bloggers seldom have enough time to do much more than aggregate, trying to make interesting connections that might otherwise go unnoticed.

With more contributors — one for each weekday — HLSWatch has morphed toward analysis and advocacy.  It will probably seem a strange analogy, but drafting these weekly contributions is for me a bit like attending church.  It is a discipline that I find helpful in focusing attention to aspects of reality I might otherwise neglect.

In this vein, I perceive the need for a bit more continuity between weekly services: a kind of lectionary.   Since beginning to post in 2009 my choice of topics has been opportunistic, even impressionistic.  Over the next few months I intend to give more consistent attention to three issues:

Catastrophes –  I am increasingly persuaded the federal role in homeland security should mostly be focused on preventing, preparing for, mitigating, responding to, and recovering from very high consequence events.  I also perceive the federal government has a key role in encouraging some modest, but consistent attention to catastrophic potential by other levels of government and the private sector.  Catastrophes and potential catastrophes are, I will argue, complex events that unfold in distinct ways, different than emergencies or disasters.  Some of the skills that are essential to managing emergencies and disasters can be profoundly counterproductive in potential catastrophes.   At least these are my current perceptions.  Can these claims hold up to my own analysis and your criticism?

Private Resilience – There’s lots of talk — often empty talk — about private-public partnerships.  I’m all in favor of meaningful and practically focused private-public relationships. I am, though, much more interested in readiness and resilience that does not depend on the public sector.  There is some intriguing evidence that many resilient neighborhoods have emerged in contention with the public sector.  Is resilience a synthesis of a private antithesis engaging a public thesis? My interest in private resilience is related to my focus on potential catastrophes.  In the very worst events private need will exceed public supply by several multiples. What are the characteristics of systemic resilience?  How is such resilience engendered?  Resilience can wither, how and why? My colleague Arnold Bogis has been clear that he perceives “resilience” to be little more than an intellectually sloppy buzz word.  Can I convince him otherwise? Will he convince me?

Civil Liberties – Since 9/11 several legal measures have been undertaken that challenge — even directly assault — freedoms that were previously taken for granted. Other than various indignities at the airport, the narrowing of our liberties has not seemed to elicit sustained citizen concern… and even at the airport the protests have more often been whines than something more substantive. The explosive expansion of digital commerce and sociability provides the government (and others) unprecedented opportunity for intruding into civil and private “space.”  There are reasonable motivations — preventative and protective — for this intrusion.  The long-term consequences for our civil liberties are worth careful consideration and active engagement.  Related, at least for me, is the issue of individual responsibility and the role of citizenship.  Perhaps the government is not so much taking away civil liberties as the citizens are trading them away.

I have other homeland security-related interests — religious conflict and supply chains, to name two — but I have chosen these three topics for some sustained attention because I wonder if these three may, in combination, point us to an overarching reality.

Is there a persistent cascading complexity that we perpetually endeavor to deny?  Do we regularly walk the edge of chaos, one step from catastrophe, but choose not to notice?  What might be the outcome of noticing?  Are the key components of resilience — flexibility, agility, adaptability, what else? — more effective than command-and-control to deal with cascading, unpredictable consequences?  Is the active application of our civil liberties an essential  tool for effectively engaging this complexity?

I will not post next week.  Between the first Friday in June and Christmas there are 30 Fridays.  In thirty posts, no more than 30,000 words — plus our discussions — can these questions be meaningfully answered?  Will you participate?  Argue with me?  Propose your alternatives?  Can we co-create an enhanced understanding of homeland security through our engagement with these three issues?

Claire Rubin has suggested blogs are not the best format for such extended considerations.  Claire is one of the wisest women I know.  But I have often found creative benefits in gentle foolishness.  So, I will try.

March 23, 2012

New NCTC guidelines for non-terrorism information


You can access the unclassified (thank goodness) document at the link embedded in the title.

The details deserve much more attention than I will have time to give until the weekend.  But previous limitations (see here and here) have clearly been softened.  The following paragraph from page 4 seemed to leap from the page:

These Guidelines permit NCTC to access and acquire United States person information for the purpose of determining whether the information is reasonably believed to constitute terrorism information and thus may be permanently retained, used, and disseminated. Any United States person information acquired must be reviewed for such purpose in accordance with the procedures below. Information is ‘1″easonably believed to constitute terrorism information” if, based on the knowledge and experience ofcounterterrorism analysts as well as the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable, articulable suspicion that the information is terrorism information.”

For your reading pleasure.

June 17, 2011

The terrorist threat is real; constitutional guarantees need to be at least as real

Filed under: Privacy and Security,Terrorist Threats & Attacks — by Philip J. Palin on June 17, 2011

UPDATE: The lead editorial in the Sunday New York Times focused on the same issue as set out below on Friday.  Please see: “Backward at the FBI”.

— +–

Just this week: two were indicted for conspiring to bomb New York synagogues,  British police arrested another suspect in what is thought to be a plot against nuclear power plants in the UK,  four were arrested in Austria for terrorist intentions, and sixteen were arrested in Indonesia for planning to use cyanide in a mass police poisoning.  The list could easily be longer.

All the suspected terrorists noted above are alleged to have at least loose links to Al-Qaeda.

Yesterday news reports confirmed the selection of Ayman Al-Zawahiri as Osama bin-Laden’s successor.  In video remarks released on June 8 Zawahiri promised new attacks on the United States.  There are also signals that with bin-Laden out of the way, Al Qaeda may be ready to advocate much more free-lance work or so-called “individual jihad.”   While bin-Laden was focused on another big hit, his successors seem as ready to kill with a thousand cuts.

In April Mark F. Giuliano, Assistant Director, Counterterrorism Division, Federal Bureau of Investigation did a good job summarizing a range of recent terrorist threats.  It is too long to reproduce here and offer any analysis.  Please read what Giuliano said about terrorist threats.

To deal with the constantly evolving threat, revisions are reportedly underway, or by now perhaps completed, on the FBI’s Domestic Investigations and Operations Guide (copy courtesy of the NYT).  According to CBS News:

Under the FBI’s (existing) rules, agents are allowed to retain personal information obtained about a subject even if no evidence turns up of any wrongdoing. Agents were also authorized to “proactively” begin investigations (the lowest level of which is termed an “assessment”) on potential targets, even without specific justification; and restrictions on the use of intrusive techniques (such as infiltrating organizations, use of informants, or photographing subjects) were loosened.

Now the FBI’s revised document will ease rules further. For example, instead of being required to formally open assessments on subjects before conducting searches for information, agents may do so without keeping a record.

Julian Sanchez, with the Libertarian Cato Foundation, explains the possible policy and privacy implications:

Agents can already do quite a bit even without opening an “assessment”: They can consult the government’s own massive (and ever-growing) databases, or search the public Internet for “open source” intelligence. If, however, they want to start digging through state and local law enforcement records, or plumb the vast quantities of information held by commercial data aggregators like LexisNexis or Acxiom, they currently do have to open an assessment. Again, that doesn’t mean they’ve got to have evidence—or even an allegation—that their target is doing anything illegal, but it does mean they’ve got to create a paper trail and identify a legitimate purpose for their inquiries. That’s not much of a limitation, to be sure, but it does provide a strong deterrent to casual misuse of those databases for personal reasons. That paper trail means an agent who might be tempted to use government resources for personal ends—to check up on an ex or a new neighbor—has good reason to think twice.

Removing that check means there will be a lot more digging around in databases without any formal record of why. Even though most of those searches will be legitimate, that makes the abuses more likely to get lost in the crowd. Indeed, a series of reports by the Inspector General’s Office finding “widespread and serious misuse” of National Security Letters, noted that lax recordkeeping made it extremely difficult to accurately gauge the seriousness of the abuses or their true extent—and, of course, to hold the responsible parties accountable. Moreover, the most recent of those reports strongly suggests that agents engaged in illegal use of so-called “exigent letters” resisted the introduction of new records systems preciselybecause they knew (or at least suspected) their methods weren’t quite kosher.

The new rules will also permit agents to rifle through a person’s garbage when conducting an “assessment” of someone they’d like to recruit as an informant or mole. The reason, according to the Times, is that “they want the ability to use information found in a subject’s trash to put pressure on that person to assist the government in the investigation of others.” Not keen into being dragooned into FBI service? Hope you don’t have anything embarrassing in your dumpster! Physical surveillance squads can only be assigned to a target once, for a limited time, in the course of an assessment under the current rules—that limit, too, falls by the wayside in the revised DIOG.

I share concerns regarding invasion of privacy and gradual erosion of Fourth Amendment guarantees. In September 2010 the Justice Department Inspector General completed a multi-year study of FBI domestic operations and reported:

The evidence in our review did not indicate that the FBI targeted any of the groups for investigation on the basis of their First Amendment activities.  However, we also concluded that the factual basis for opening some of the investigations of individuals affiliated with the groups was factually weak. Moreover, in several cases there was little indication of any possible federal crimes as opposed to state crimes.  In some cases, we also found that the FBI extended the duration of investigations involving advocacy groups or their members without adequate basis, and in a few instances the FBI improperly retained information about the groups in its files. In some cases, the FBI classified some investigations relating to nonviolent civil disobedience under its “Acts of Terrorism” classification.

Beyond the Fourth Amendment, I am nearly as concerned over law enforcement distraction and intelligence mission-creep. Did you see the May 28 story on a self-confessed Texas anarchist and his 440 page FBI report?  In this case, there is criminal predicate, but reasonable people may disagree over reasonable suspicion.   The guy is eccentric, maybe even worth a close look… but for how long, with what resources, and at what cost?

Or how about this week’s report on a series of subpoenas and warrants served across the Midwest.  According to the Washington Post:

Investigators, according to search warrants, documents and interviews, are examining possible “material support” for Colombian and Palestinian groups designated by the U.S. government as terrorists.

The apparent targets, all vocal and visible critics of U.S. foreign policy in the Middle East and South America, deny any ties to terrorism. They say the government, using its post-9/11 focus on terrorism as a pretext, is targeting them for their political views.

They are “public non-violent activists with long, distinguished careers in public service, including teachers, union organizers and antiwar and community leaders,” said Michael Deutsch, a Chicago lawyer and part of a legal team defending those who believe they are being targeted by the investigation.

Several activists and their lawyers said they believe indictments could come anytime, so they have turned their organizing skills toward a counteroffensive, decrying the inquiry as a threat to their First Amendment rights.

With warrants issued probable cause was demonstrated to the satisfaction of some magistrate.   I will watch to hear and read more, but political activism — from the right, left, or constantly confused — must not be conflated with criminality.  I owe it to my neighbor, my self, and the constitution to defend the political and free-speech rights of everyone, especially those with whom I disagree.

Even without loosening the standards needed to begin a pre-criminal assessment, the amount of information already available tends to overload the system… and the minds of individual investigators.  Meaningful standards not only protect our privacy and the constitution, they help the law enforcement and intelligence systems focus on suspects worth the investment of time and effort.

May 27, 2011

Patriot Act Extended

Filed under: Congress and HLS,Privacy and Security — by Philip J. Palin on May 27, 2011

Following is a good example of why pay walls are going up all over the web.  I have — contrary to my stated principles — reproduced in full a Dow Jones news story.

When we take action contrary to our principles we usually convince ourselves there is sufficient cause, good cause, even a noble cause.  In this case I am probably being lazy and expedient.

Even when our rationalizations have some validity we almost always pay the consequences sooner or later in ways predictable or not.  I have not been a fan of Senator Rand Paul.  But in regard to the Patriot Act we should at least be giving close attention to his arguments. (Please see video and transcript of the Senator’s comments on two failed amendments to the Patriot Act.)


WASHINGTON (Dow Jones)–The U.S. House of Representatives voted to renew three key provisions of legislation granting law enforcement officials authority to conduct surveillance on suspected terrorists.

The Senate voted earlier Thursday to approve the extension bill, after resolving a week-long impasse over the legislation.

The House vote was 250 in favor, with 153 opposed.

With the House vote, Congress has completed its work on the bill, but it must still be signed by President Barack Obama by midnight EDT Thursday in order to avoid an expiration of the three provisions. Obama is in France for a meeting of the G-8 group of nations. A White House spokesman said the president will use an “automatic pen” to sign the legislation into law.

All week long, the Senate has been in a logjam over attempts, primarily by a single lawmaker, Sen. Rand Paul (R., Ky.), to amend the legislation. Paul, a self-styled libertarian, opposes the legislation and spent the last several days decrying it as an invasion of privacy.

As the deadline approached, top lawmakers and senior Obama administration officials began issuing stark warnings about the impact on the ability of the nation’s intelligence community to continue to do its job if the provisions were allowed to expire. James R. Clapper, the director of national intelligence, said in a letter this week to Senate leaders there could be serious repercussions for law enforcement’s surveillance efforts if the measures expire.

The provisions are contained within the Patriot Act, a law passed in the aftermath of the 9/11 attacks that vastly expanded the abilities of law enforcement officials to conduct surveillance of suspected terrorists both in the U.S. and abroad.

Over the years, the legislation has gradually been more tailored, with some of its provisions allowed to expire and others made permanent.

But some of the authorities granted by the law require Congress to renew them. There are three such provisions in the legislation.

One would enable law enforcement officials to conduct surveillance on suspected individuals who switch communication devices, such as using disposable cellular phones. A second would let officials conduct surveillance on so-called “lone wolf” individuals–suspects not currently linked to any known terrorist organization abroad. The third would enable officials access to suspects’ business transactions–rental cars, hotel bill and other credit card transactions.

All three have been extended until June 1, 2015.

Ultimately, 22 senators joined Paul in opposing the legislation. The majority of those no votes were cast by liberals who are opposed to the continuation of the expanded authorities contained within it. Several of them, led by Sen. Patrick Leahy (D., Vt.), the chairman of the Senate Judiciary Committee, had hoped to add language providing for further oversight and audits of the activities the law permits. This wasn’t allowed as part of the compromise reached Thursday, which sparked some of those no votes.

Leahy pledged to bring up the oversight language as stand-alone legislation soon.

Before they moved to a vote to finalize the legislation, lawmakers first had to deal with a Paul amendment that would have excluded gun sales from law enforcement officials’ ability to monitor business transactions.

Paul said this was a violation of individual rights protected by the second amendment to the U.S. constitution.

“It’s very important that we are eternally vigilant of the powers of government,” Paul said on the Senate floor. “I don’t think the government should be sifting through the records of gun owners.”

Even the National Rifle Association didn’t support Paul’s gun amendment. The organization didn’t oppose it outright, but chose to take no position on the issue.

The proposed change was easily defeated by the Senate


December 29, 2010

What I Learned in 2010

The end of one year and the beginning of another gives one pause. New beginnings are a chance to start over. If we’re honest with ourselves, a bit of reflection can help us enter the knew year equipped with insights that help us avoid or at least reduce the impact of new calamities like those that confronted us in the year before. As I look back at 2010 for lessons, here are the top five things I saw that make me wonder what the year ahead holds in store:

We still don’t know security when we see it. Supreme Court Justice Potter Stewart famously quipped in a landmark First Amendment case that he knew hard-core pornography when he saw it. Unfortunately, the naked truth about homeland security is we still know know what it is when we see it. Full body scanners and aggressive pat downs to search airline passengers have, however, hinted at the limits of public support for security theater. That said, we still have few clear hints how we should balance the competing interests of civil liberties like privacy and security.

We may be smarter, more successful and skillful than our adversaries, but that ain’t saying all that much; or, maybe it’s just hard to find good help these days. Most of the homeland security successes we witnessed this year, seem more like lucky strikes than genuinely skillful performances by our security services. Maybe that’s because our adversaries have had less success recruiting skilled operatives than we might have imagined. This makes me wonder: with unemployment still running nearly 10 percent nationally (and much higher in some minority communities) why is it so hard to find skilled help? What’s more, as local and state governments find themselves in the death grip of fiscal austerity, how will they meet public expectations of them for safety and security? Judging by public criticism of the response to severe weather events as we end the year, not well at all.

It’s the economy, stupid. Before we had even managed to stop writing or typing 2009 when we meant 2010, Haiti experienced a devastating earthquake that some estimates suggest killed more than 250,000 people and left millions more homeless. As the year came to a close, the country languished in the grip of a cholera epidemic and a presidential succession crisis. The flow of aid lagged far behind pledges from international donors, leaving the impoverished country barely clinging to life. If we ever had any reason to doubt the fact, Haiti confirmed that poverty is any adversary or calamity’s best friend. The corollary to that observation is equally clear and simple: Resilience is about resources. The fungibility of capital — that is the ability of any individual or group to apply their stores of human, social or political capital to conduct transactions that transform natural, economic or material resources to their own or others’ benefit — depends on both the sufficiency and diversity of those hard assets as much or more than any degree of cleverness or incentive to apply themselves. Necessity is the mother of chaos, not invention. In the absence of resources, don’t expect that to change unless you are willing to watch things get worse not better.

Victory (sometimes) favors the unprepared. The benefits of diverse stores of all forms of hard and soft capital was aptly illustrated by the New Zealand response to September’s earthquake in Christchurch and the numerous and still ongoing aftershocks. People there weren’t all that well prepared (especially for the specific event that occurred), but they knew how to use what they had to take care of what they needed. As such, they fared much better than the Haitians and required no outside assistance. The Chileans too, although better prepared than either the New Zealanders or Haitians, demonstrated that was all the more true when a society’s resources and mindsets are both well-adapted to the environment they inhabit.

Casting oil on the water sometimes makes waves. Rather than calming turbulent seas, the explosive destruction of the Deepwater Horizon drilling platform in the Gulf of Mexico and the resulting release of millions of gallons of crude oil into the sea made waves for months. Rather than crystallizing public opinion on energy policy and the need to invest in alternatives to petroleum, the federal response — both on a regulatory level and an operational level — came under intense criticism for ignoring the needs of local citizens who depended upon the Gulf of Mexico for their livelihood. Never mind that some depended upon industries that posed a risk to these ecosystems while others depended on the ecosystem itself, the debate never fully confronted the difficult policy choices facing the country now or in the future. As the federal government continues its work with Gulf Coast states on a recovery plan we should be looking forward not backward for answers about the future.

Clearly, many more things happened in 2010 than I have covered here. What were your top lessons learned from 2010? And what are your hopes for the year ahead?

September 14, 2010

In Panopticon We Trust

Filed under: Futures,Privacy and Security — by Christopher Bellavita on September 14, 2010

In the late 18th century, Jeremy Bentham (of “greatest good for the greatest number” fame) wrote about the “panopticon”  —


According to the Bentham scholars at wikipedia:

The concept of the design is to allow an observer to observe (-opticon) all (pan-) prisoners without the incarcerated being able to tell whether they are being watched, thereby conveying what one architect [Silke Berit Lang] has called the “sentiment of an invisible omniscience.” Bentham … described the Panopticon as “a new mode of obtaining power of mind over mind, in a quantity hitherto without example.”

[The panopticon] design was invoked by Michel Foucault [in Discipline and Punish: The Birth of the Prison] as [a] metaphor for modern “disciplinary” societies and their pervasive inclination to observe and [normalize]. Foucault proposes that not only prisons but all hierarchical structures like the army, schools, hospitals and factories have evolved through history to resemble Bentham’s Panopticon.”

The homeland security debate about privacy versus liberty focuses almost exclusively on how government erodes privacy rights.

Less emphasized (at least in my reading) is the role the private sector plays in privacy intrusions.  Maybe because many people voluntarily surrender privacy to the private sector, under the guise of increased efficiency, convenience, and choice — to say nothing of the difficulty determining what privacy you actually surrender if you have an account on Facebook or Google.

What will the future be like in this domain?  Will big brother arrive not with a government ID card, but with a cents-off coupon promise to make life better through interoperable data bases?


My colleague, Richard Bergin, brought the brief videos (below) to my attention.

The first (about 2 minutes long) is about ordering a pizza in the future.  Most of the information (in the scenario) comes from private sector data bases.

The second video (less than a minute) is a story about how radio frequency ID (RFID) will make life at the grocery store better for all of us.

The last video (around a minute) shows why every right thinking family man or woman would want to have one of these things implanted, as soon as possible.

Ordering pizza in the future

Shopping in the future

Making sure the health information needs of you and your loved ones are taken care of

June 20, 2010

Another small voice in a chorus of complaints

Filed under: Organizational Issues,Privacy and Security — by Philip J. Palin on June 20, 2010

Secretary Napolitano gave a speech on Friday.   According to Lolita Baldor with the Associated Press,

As terrorists increasingly recruit U.S. citizens, the government needs to constantly balance Americans’ civil rights and privacy with the need to keep people safe, said Homeland Security Secretary Janet Napolitano.

But finding that balance has become more complex as homegrown terrorists have used the Internet to reach out to extremists abroad for inspiration and training. Those contacts have spurred a recent rash of U.S.-based terror plots and incidents.

“The First Amendment protects radical opinions, but we need the legal tools to do things like monitor the recruitment of terrorists via the Internet,” Napolitano told a gathering of the American Constitution Society for Law and Policy.

The organization hosting the speech provides access to an audio and video recording of the Secretary’s remarks.  Thank you.

I have been unable to find a transcript of the speech.  April 19 is the last time a speech by the Secretary was uploaded to the DHS “speeches and statements” screen.    The most recent post to the Blog@DHS is ten days old.  There has not been a general press release since June 15.   

As some of you have complained, I hate to complain.  I suppose many staff have been redeployed to support public communications in the Gulf.  But unlike that wonderful Washington figure Chance “I like to watch” Gardner, I much prefer to read. It takes less time and allows for more detailed consideration of what is offered.

Friday, on another topic, I argued for the importance of listening.  When the Secretary of Homeland Security speaks on the topic of balancing security and liberty both she and we should exercise particular care.  I could be more careful in listening if I could read what she said.

June 4, 2010

A Review: Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism

In 2005, Stewart Baker joined the Department of Homeland Security as Assistant Secretary of Policy for the entire Department of Homeland Security under Secretary Michael Chertoff. The position, which evolved from the Assistant Secretary for Border and Transportation Security Policy and Planning position, has the following responsibilities, according to the DHS website:

  • Leads coordination of Department-wide policies, programs, and planning, which will ensure consistency and integration of missions throughout the entire Department.
  • Provides a central office to develop and communicate policies across multiple components of the homeland security network and strengthens the Department’s ability to maintain policy and operational readiness needed to protect the homeland.
  • Provides the foundation and direction for Department-wide strategic planning and budget priorities.
  • Bridges multiple headquarters’ components and operating agencies to improve communication among departmental entities, eliminate duplication of effort, and translate policies into timely action.
  • Creates a single point of contact for internal and external stakeholders that will allow for streamlined policy management across the Department.

Baker would hold the position for the next four years, tackling a variety of issues from border and travel to cybersecurity and the Committee on Foreign Investment in the United States (CFIUS) to bioterrorism.  In his upcoming book, Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism, Baker offers an intriguing view of our homeland security posture that ties back to the central theme that technology is both our savior and our enemy as it empowers not only us but our foes.  Coming from Baker, who has been described by the Washington Post as “one of the most techno-literate lawyers around,” the analysis of homeland security technology from a policy/legal prism is refreshing.  This is not a Luddite’s view of why technology harms, but an expert’s finely woven story of “how the technologies we love eventually find new ways to kill us, and how to stop them from doing that.”

A subtheme throughout the book is that information sharing, or lack thereof, has hindered our nation’s efforts to fight terrorism, especially when “privacy” has played a role.  In setting up a discussion of what led to his time at DHS, Baker recounts some of the failures leading up to 9/11, including the information sharing wall put up at the Department of Justice between intelligence and law enforcement elements of the agency, as well as challenges at the Foreign Intelligence Surveillance Court. His view is of someone who has spent time in the intelligence world as the General Counsel of the National Security Agency and as General Counsel of the Robb-Silberman Commission investigating intelligence failures before the Iraq War. The account dives into the intricacies of Justice and its overseers, as well as how bureaucracy and personalities can so easily define our government’s most sensitive policies.

The book then looks at his days at DHS and attempts to strengthen border and travel programs and policies for acronym-named programs, including Passenger Name Records (PNR), the Visa Waiver Program (VWP), Electronic System of Travel Authorization (ESTA), Western Hemisphere Travel Initiative (WHTI), and Computer Assisted Passenger Pre-Screening System II (CAPPS II),  among others.  If you have ever doubted Washington’s love of acronyms and initialisms, this read will certainly change your mind.

In evaluating efforts in the aviation space, Baker is critical of a number of groups that he deems to have stood in the way of the Department’s mission during his tenure, including the private sector, European governing bodies, bureaucrats, Congress, and privacy/civil liberties groups, all of whom he argues are all about the status quo and not open to change.  Some of his criticisms are valid while others seem to simplify the views of the various actors.  For example, in dismissing some of the tourism industry’s concerns related to travel policies, he argues that the industry did not want innovation in government security on the border. Having been in the trenches at the U.S. House Homeland Security Committee during many of these debates, I would argue that the balancing of the numerous parties’ interests and concerns was not always that simple or easy to discern, especially when assessing the right security path forward.  Some programs mentioned in the book, such as WHTI, succeeded, in part, because they were implemented once necessary infrastructure had been deployed.

His strongest concerns are reserved for privacy and civil rights advocates and the government policies they either tout or hate.  There is a great deal of skepticism for “hypothetical civil liberties” and “hypothetical privacy concerns,” without evidence of demonstrated abuses by the government. He cites numerous incidents, some of which certainly demonstrate the tension between privacy and security co-existing.  A few of the examples he uses have even been explored here at HLSWatch, including complaints about whole body imaging machines in airports.  See, e.g. The Right to Be Left Alone (October 27, 2009) and “Where are all the white guys?” (November 10, 2009). Reading the book, privacy and civil liberties supporters may find it hard to balance Baker’s call for imagination when tackling homeland security policy and decisionmaking without calling for a similar level of creative thinking when addressing how those policies and decisions will affect privacy and civil liberties.

The book goes on to describe how the Department and Administration tackled (or failed to tackle) cybersecurity and biosecurity and the differences between the approaches. In both sections, privacy and information sharing are undercurrents, though we also see some interesting discussions of such topics as patent protections, self-regulation, and the evolution of security in each of these areas.  The discussions are intriguing and provide both a history and analysis of why we are where we are on those issues.   The cybersecurity and related CFIUS discussion brought back some memories to this self-proclaimed cybergeek, including some of my first interactions with Baker when he was in private practice and I was at the Justice Department.

One last observation: while the focus on the book is obviously on the time that Baker served at the Department under Secretary Chertoff, it leaves much to the imagination of what work Secretary Ridge and his team- from their early days in the White House after 9/11 until the changing of the guard to Secretary Chertoff – undertook and how that may have contributed to some of Secretary Chertoff’s and Baker’s successes, challenges, and mindset.  In addition, despite the focus on privacy and civil liberties, there is little mention of the other DHS offices, including the Privacy, Civil Liberties, and General Counsel’s offices, who may have been engaged in many of the battles noted by Baker. The book is not lacking in detail or intrigue because of these exclusions, though I wonder how they affected the decisions of Baker and his policy team. Perhaps these items are the subject of another book for another time.

Stewart Baker provides insight into a D.C. perspective of homeland security and the struggle of a Department to tackle technology, privacy, and information sharing. The book provides some valuable lessons for those who are on the frontlines of homeland security policy as they attempt to tackle future threats. For an observer of homeland security development, Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism is a must-read. The book will be released on June 15th and is available for pre-order on Amazon.com.  In the meanwhile, excerpts from the book and other missives from Baker can be found at a blog with the same name, http://www.skatingonstilts.com/.

March 15, 2010

Is the Internet Creating Terrorists?

Filed under: International HLS,Privacy and Security,Radicalization,Terrorist Threats & Attacks — by Jessica Herrera-Flanigan on March 15, 2010

Happy birthday today to the Internet as we know it.  It was on March 15, 1985,  that Symbolics Computers of Cambridge, Massachusetts registered Symbolics.com, the first .com domain.   Today, there are more than 84 million addresses and growing as more than 668,000 sites are registered each month.

Interestingly, the Los Angeles Times ran a story late last week entitled “Internet making it easier to become a terrorist,” detailing how the Internet has become a “crucial front” in the battle for and against terrorism, making it easier for potential homegrown terrorists to get and share information.  Potential terrorists no longer have to travel around the world to terror training camps but can become militarized and taught to “wage violent jihad” in their PJs from the comfort of their bedrooms, according to the article.

Much of the article focused on the transformation of Colleen R. LaRose from a bored middle-aged American into her Internet alter-ego, “Jihad Jane.”  The Christian Science Monitor ran a similar story Friday, noting an increase in U.S. terror suspects and how “advances in online communication have made it easier to recruit Americans to radical Islam.”  The publication did a separate story last week about the troubling and possibly increasing ability of Al Qaeda to attract American women to terrorism. The story, however, only noted only two other instances where women have been charged in the U.S. with terror violations:

  • The case of Lynne Stewart who was convicted of helping imprisoned Sheikh Omar Abdel Rahman communication with this followers; and
  • Aafia Siddiqui, a Pakistani scientist found guilty of shooting at U.S. personnel in Afghanistan while yelling, “Death to Americans!”

Neither of these cases, however, involved the Internet or sophisticated plots to communicate with others via email or technology to commit terrorist acts.  Which leads us to the question – should the Jihad Jane case be of concern or is it an anomaly?

Women are increasingly turning to the Internet, according to a number of studies.  According to the Pew Internet & American Life Project, 74% of women use the Internet (as of December 2009).  Other studies show that women are increasingly turning to the technology to conduct many daily activities.  A Burst Media study released in March 2009 found that 69.4% of women cited the Internet as the “primary source for information to keep their household running with information on family activities, recipes, health news, and entertainment listings.”  Just over 62% used Internet to research products or services. Those statistics increased for women in the 35-54 range, with 71.1% an 66.6% using the Internet to help run their households and research products, respectively.

A survey by BlogHer, a woman’s blog network, in May 2009 found that approximately 53% of adult U.S. women participate in social media.  The survey found that more than 31.5 million participate weekly in social networks such as Facebook and MySpace, 23 million blog, 16.8 million participate in message boards/forum; and 6.7 million conduct status update (e.g. Twitter).  Given the high rate in which social networking has increased over the past year, especially with more wireless devices now able to allow users to use social media interfaces, these numbers surely have increased as well.

Of course, a mere increase in women online does not necessarily translate into women turning to terrorism.  We do know, however, that marketers and online behavioral advertising experts are increasingly exploring how to market and tailor material to women online.  Why wouldn’t terrorist groups looking for new recruits do the same?  According to expert Gabriel Weimann in his 2006 book “Terror on the Internet: The New Arena, the new Challenges” – they already have.  Terrorist groups can narrow their message to a particular audience, appealing to specific sympathies and touch points.

We know that terrorist organizations are also increasingly turning to the Internet to recruit and communicate.   According to a Council on Foreign Relations backgrounder on “Terrorists and the Internet,” prepared by Eben Kaplan in January 2009, “terrorists increasingly are using the Internet as a means of communication both with each other and the rest of the world.” Indeed, the number of terrorist organizations using the Internet has increased from 12 in 1998 to more than 4,800 this year.

Kaplan notes that the “most effective way in which terrorists use the Internet is” for spreading propaganda and promoting sympathetic views of terrorist organizations.  As Weimann has noted, the Internet is a perfect tool for a new breed of terrorist. It is anonymous and uncontrollable.

In general, the trends and studies show that terrorist groups are going online and that the use of the Internet by those groups to spread propaganda and recruit potential terrorists is of concern.  The increase in the number of women online and the ease by which information can be tailored to specific demographics should be not be overlooked, especially with the access to populations of potential recruits who may not otherwise be allowed or recruited to attend terrorist training camps abroad.  Jihad Jane is likely not an anomaly but a troubling preview of the future of terrorism.

(Look to Friday’s post to explore how the government can counteract these efforts and the challenges with fighting terrorism and propaganda online).

December 16, 2009

Integrity, Validity or Security: Pick Any Two

Someone once said of the choice among quality, price, and timely delivery, “Pick any two.”  In recent years, Americans have operated under the illusion that such tradeoffs do not apply to us, at least with respect to information.  The pace of technological progress has fueled this illusion.

As individuals’ access to information has improved through the seemingly relentless convergence of information technologies, people have actually started wondering when, not if, a singularity will emerge.   Until this happens, we have to cope with the tradeoffs and their effects on democracy and trust.

As this blog’s other distinguished contributors and discussants has demonstrated on many occasions, homeland security professionals wrestle continuously with information management and technology policy issues that call upon us to balance information integrity, validity, and security.  Inevitably, these values find themselves expressed as tensions, and tradeoffs become inevitable as we seek to meet the expectations of politicians and citizens’ insatiable ‘needs to know.’

In addition to the need to know, we must now confront the ability to know.  Information and knowledge are not the same thing. Turning information into knowledge is a complex, time-consuming, and often costly process.  People in general have a poor capacity for interpreting large amounts of complex information and thus acquiring appreciable knowledge of risks, especially those far removed from their everyday experience.

This became abundantly clear to me recently, as the community where I work responded to a positive test for e. coli contamination in our drinking water supply.  Initial tests, like the one conducted here the day before Thanksgiving, had produced positive results on more than a dozen prior occasions without resulting in confirmation during subsequent testing.  This time was different though.

By the time the positive results were confirmed and the potential extent of contamination became clear, officials had to work out who needed to know what and then worried about the best way to communicate the information without provoking undue fear.  After all, they reckoned, the boil water notice issued in response to the finding in compliance with federal drinking water regulations was not itself a risk-free proposition: In other communities, more people suffered burns preparing water for consumption than suffered illness from the such contamination itself.

As word of the required actions and the city’s response to it was released to the news media and the public, feedback came in hot and fast.  Why had this notice not been issued sooner?  Why had officials relied so heavily on traditional media to get the word out?  Why had city officials not contacted water customers directly?

Those in the community asking these questions assumed they were the first to do so.  Moreover, they assumed that the answers were influenced primarily by money, technology, and administrative inertia, if not apathy or incompetence.  While cost, technical capability, and bureaucratic issues all play a role in delaying or preventing action, they are not the primary cause of officials’ concerns.  Those responsible for deciding when and how to act, including when and how to notify the public, tend to be consumed with concern for getting it right.  Herein lies the problem: A “right” response lies in the eyes of the beholder, and the public has taken a particularly jaundiced view of official actions to manage risks, especially those that involve an intersection between complex technologies and human health.

As I was digesting the very real implications of the dilemma occurring in my own community, I became aware of a report released at the beginning of October by the Knight Commission on the Information Needs of Communities in a Democracy.  The report prepared by a commission of policy and technology experts co-chaired by former United States Solicitor General Theodore Olson and Google vice president Marisa Mayer was presented to federal Chief Technology Officer Aneesh Chopra and Federal Communications Commission Chairman Julius Genachowski upon its release.

In short, the report warns of a growing information divide that threatens to undermine the foundations of American democracy. Addressing the divide, the report argues, will require coordinated effort on many fronts, and cannot be accomplished by either the government or the market acting alone.

Although improved access to technology, expanded transparency of government information, and increased commitment to engagement are all required, so too is increased literacy and numeracy – the capacity of people to appreciate information and turn it into useful knowledge.

So far, efforts to produce engagement even in some of the most creative, educated, and engaged communities through technology innovation have produced spotty results.  Open data and application development contests intended to engage private sector partners to leverage insights from public data have produced applications that do little to advance the public good.  In many cases, these applications simply make it easier for well-equipped citizens with smartphones to tell government officials they are doing a poor job responding to citizen concerns, while increasing the volume of complaints they have to deal with before they can get on with the work needed to remedy the underlying causes of what might otherwise be legitimate problems.

In other cases, applications that improve the efficiency of individual competition for consumption of public goods like parking spaces pass for innovation.  In still others, externalities clearly outweigh efficiencies by making undigested or unconfirmed information available in forms that further erode confidence in government.

In the early days of the republic, a learned man or woman of modest means could acquire a decent command of all available knowledge by applying him or herself with rigor and discipline.  Indeed, the signers of our own Declaration of Independence distinguished themselves as knowledgeable in a diverse array of subjects ranging from philosophy to law to agriculture to military strategy to engineering to commerce to religion.

Today, not one of us has any hope of achieving comparable mastery of extant knowledge.  The volume of information already in existence and the pace of new discoveries have simply become too vast, too specialized, too detailed, and too isolated from everyday experience for anyone to master regardless of mettle or means.  This does not seem to have lowered public expectations though.

In a world where people share information in real-time with one another over distances of thousands of miles and have instant access to hundreds of television channels, dozens of radio stations, and zettabytes (one zettabyte equals one billion terabytes) of data how do we overcome the illusion that information access equals knowledge?  With all of this information floating around us all the time, how do we decide what to tell people, when to tell them, and what method to use?

In the online discussion that emerged following the recent water contamination scare here, one participant in noted, “People do not trust institutions, they trust people.”  For him, at least, it was important not so much that someone had the answers to his questions, as it was that someone took responsibility for responding to his concerns.  In the absence of an official somebody, it seems anybody will do.  He, and many others, argued that the absence of official pronouncements only encouraged others to fill the void.

Not long ago, we relied upon media to do this for us.  That has changed, and media no longer have the capacity they once did to hold government accountable or to lower public expectations.  To the extent that media play an influential role in public debates these days, they are more likely to reinforce our biases than clarify positions or encourage dialogue.

It remains unclear whether social media or other technologies will bridge the gap between knowledge haves and have-nots.  If time is running out on our information illusions and our nation’s capacity to maintain trust in government and its democratic legitimacy are threatened by this growing divide, what will we make of the choice between integrity, validity, and security in the future and how will cost, quality, and timeliness influence our decisions?

November 20, 2009

Creators, Peepers & Security

Filed under: Privacy and Security — by Jessica Herrera-Flanigan on November 20, 2009

“We’ve moved from an era of privacy keepers to one of privacy peepers and data-mining reapers who want to turn our information into products…The product is our records, our privacy, our family’s history. We wouldn’t let the government do this, so we have to protect against companies that want to do this.”

Congressman Ed Markey (D-Massachusetts), House Energy and Commerce Subcommittees on Commerce, Trade, and Commerce Protection and Communications, Technology, and the Internet Hearing on “Exploring the Offline and Online Collection and Use of Consumer Information.

In the past month or so, there have been a number of hearings in Congress exploring privacy issues relating to the collection, distribution and use of consumer information online and the emergence of new technologies (such as Web 2.0 and social media sites). While not “homeland security issues” in the strictest sense, the increasing synergies between the two that HLSWatch has explored this week make them relevant to the larger security efforts of our nation.

Rep. Markey’s quote above is not only poetic it raises a deeper problem. In his rhyme, he has focused on the keepers, peepers, and reapers – assumingly the companies that are collecting and marketing consumer information.  The various “eepers,” however, have little to do if creators are not creating. (Unfortunately, I could not come up with a synonym for “creator” that ends in “eeper” though I welcome suggestions.)

It seems in today’s increasingly online society, the new generations just are not as concerned about privacy as their parents and grandparents.   Chris Bellavita’s post on Tuesday on security clearances and facebook/twitter is a testament to that growing phenomenon.   In some ways, social networks have become our public diaries where we record our thoughts, dislikes, likes, indiscretions, and, in some cases, our every action.

As a society we have created a market for peepers and reapers.   So what does it mean for privacy as we have traditionally thought of it when the expectation is distorted with the emergence of new technologies? Will those who grew up on facebook and twitter even care in twenty years? Those are certainly topics worth exploring in future postings.  Getting back to Rep. Markey’s quote – what does it mean for homeland and national security that so much information is out there for gathering?  Putting aside the debate over what the U.S. government and the corporate world should be doing, should we be worried about what potential foreign and intelligence operatives are doing with that information (assuming it can be accessed through open source culling or, in more sinister cases, through social engineering or hacking)?

For example, should we be doing more to educate government employees, especially those with sensitive but not necessarily classified, responsibilities on what they should be saying about themselves and their work online?  Something as innocuous as someone broadcasting their travel itinerary or favorite restaurant could set someone up for becoming an unknowing source of information from a  friendly stranger.  Likewise, in the corporate realm,  should companies be thinking about economic espionage and how to keep their employees protected in today’s open society? We know that some agencies and companies have banned the use of social media while on the job but will we see others go as far to try to ban their employees from even participating in the social media phenomenon, putting aside the obvious 1st Amendment issues?

At the same time,  can an argument be made that we have strengthened some aspects of our national security  by making people less susceptible t0 blackmail and compromise by becoming a society that advertises our flaws and weaknesses?   In today’s reality tv environment, we are so much likely to post our embarrassing moments or, at the very least, have friends who will do it for us.

We started the week at HLSWatch wondering if the U.S. government should be using social media and emerging technologies more to prepare and protect its citizens.   We end asking whether our citizens social media participation is providing adequate protections to U.S.  security.

November 18, 2009

Big Lessons from a Little Country: The Entrance Exam

Filed under: Privacy and Security,Terrorist Threats & Attacks — by Mark Chubb on November 18, 2009

This is the first in a short but indefinite series of posts in which I intend to explore, among other things, the lessons I learned while living in New Zealand. Living in a foreign land – even a friendly one – as the events of 9/11 unfolded and the nation went to war (twice), gave me an opportunity to gauge how others see our country and its leaders. It also forced me to consider my relationship to American values I once took entirely for granted. As I was asked to defend my nation’s policies to overseas friends and colleagues, I gained a greater appreciation of our aspirations and their expectations of American leadership. The insights I gained during this period are as much about the place I was living and my experience of it as they are about the country of my birth. I think we can learn a lot from the experiences of others, and, after reading the posts in this series, I hope you will agree.

The invitation to contribute to this blog on a regular basis and the information emerging in the aftermath of the shooting at Fort Hood got me thinking about what it takes to fit in. How do we discern our role in a community and how does that process affect our relationships with others, particularly when we find those others or ourselves in new circumstances?

As I pondered this question, I recalled what happened when I moved to Alabama from the DC metropolitan area in the early 1990s. Within 15 minutes of meeting almost anyone for the first-time I was asked the same three questions, in essentially the same order:

  1. “You’re not from around here are you, boy?”
  2. “What church do y’all go to?” and
  3. “Who y’all gonna root for boy, Auburn or Alabama?”

At first, these questions caught me by surprise, and left me feeling uncomfortable. In time, I came to refer to this inquisition as the Alabama entrance exam.

As a Yankee, I stood out like a sore thumb, so the first question was more or less redundant. The second question struck me as very personal, but after awhile I realized it wasn’t aimed so much at discerning my faith (or potential lack thereof) as seeking to understand where I fit socially, since a good part of Southern life is organized around faith-based communities. The real religion question, as it turned out, was the last one. As the only college graduate in my family who did not attend The Ohio State University, I thought I knew a little bit about football addiction. I was wrong. Utterly and completely wrong.

Alabama was not a closed society, but people were a bit skeptical when it came to outsiders. If you withstood the inquisition without getting upset or defensive about the entrance exam questions, you were off to a good start. In exceptional cases, you might even get to the bonus round where you faced questions like, “Y’all like grits?” and “You got a pocket knife on you boy?” If you got these answers right, you might never be a Southerner, but you would get on just fine with folks.

After about six years in Alabama, I accepted a new job in New Zealand. By then, people had got used to me and I to them, and they responded with surprise when they learned I was leaving Alabama and wondered why I was heading overseas without joining the military and receiving orders to go abroad. New Zealand struck them as obscure and even a bit mysterious, especially when they learned I could not take guns with me (not that I owned any). “Haven’t they heard of the Second Amendment?!” people asked. I responded patiently, “Why, yes, they have. That’s why I can’t take guns with me.”

When people asked about my reasons for leaving for New Zealand, I responded with the same good nature with which I had greeted the entrance exam, “Well, I found I liked it in the south so much that I decided to just keep heading farther south. You know, you can’t get much farther south than New Zealand unless you’re on an icebreaker.” Folks did not appreciate the irony or enjoy the humor in this observation, so they decided that it was probably a good thing after all that I was leaving.

When I got to New Zealand, I discovered that they too had an entrance exam. Now, as you know, it is not unusual for border officials to ask people a few questions when someone seeks entry to a country. These questions seek to establish the purpose of travel, the means of support, and one’s intentions with respect to eventual departure.

That other citizens, in general, might have questions about us (as opposed to for us), may strike us as a bit odd. Since Alabama had been my first experience of this, I took it as a bit strange when New Zealanders too led with questions after an initial introduction.

What really struck me as odd though was that their questions seemed to have more to do with them than with me. Alabamians wanted to know where I fit. New Zealanders wanted to know where they fit. “Why did you decide to move here? How do you like it here?” and “Do you think you might decide to stay?” were usually among the most prominent questions I heard.

Americans have no firm historical ties with New Zealand, at least not in the same way the British, Dutch, Australians, and many Pacific Islanders do. In discussions with my New Zealand acquaintances, it became clear that many considered it odd to many that someone from a distant and prosperous free state would seek to live in such a geographically isolated nation.

Of all the places I have lived, Alabama and New Zealand are the only two where I can recall having been subject to the entrance exam ritual. Over the years, this has caused me to wonder what gave rise to this custom in these places, and why it took such a different form in each instance.

In Washington, DC and Portland, Oregon, where I live now, a sizable proportion of the population comes from someplace else, although these “imports” find themselves attracted to each place for entirely different reasons. Communities with a large number of highly mobile, well-educated residents seem to have a more atomistic culture. Individuals in such places belong simultaneously to many smaller communities, many of which do not identify themselves or their members based on place of residence. As such, many residents of these places often identify with the larger community in name only or possess only a vague or temporary sense of affiliation with the civic life of the wider community.

The complexity and interdependence of the social and economic orders in such places often imbues them with a self-confident character that often seems dismissive of the views of newcomers even when their inhabitants do not disdain such feedback entirely. People in such places have no questions for newcomers because they are either pretty sure they already have all the answers or see no need to pause and ask the questions that might yield them. If and when it turns out they do not know all the answers, these communities often delay their recovery by seeking to establish responsibility even before they have repaired the damage. Smaller, poorer, or more isolated communities do not often have this luxury.

In Alabama and New Zealand, people knew who they were, but wondered anxiously whether they could sustain their identities in the face of globalization. Buffeted by the winds of social and technological change, their questions revealed a latent and barely acknowledged sense of wonder as to whether their cultural and political ties were strong enough to hold their economies and societies together. Despite their past tragedies and their triumphs over them, people in these places confronted their uncertainty about their ability to shape the future and their roles in it in the ways they greeted newcomers.

The uncertainties underlying these questions have profound implications for any culture or society. The fact that such questions have not come to the fore in our homeland security discussions may suggest misplaced confidence in our ability to stand up against the threats we face, which is reflected in our haste to lay blame rather than repair the damage.

In the face of the tragic killings of 13 people at Fort Hood on November 5, I have wondered anew whether we are, in fact, asking the right questions of one another and ourselves. As communities, the military and the medical profession have cultures that are as strong and distinctive as any we could observe, imagine, or define. Both communities embrace and indeed embody the cultural, ethnic, and religious diversity that makes the United States unique among nations. Yet, despite ample evidence that someone in their midst was not fitting in, the members of these communities did not seem to ask themselves the most important questions of all: “Why doesn’t Major Hasan seem to be fitting into our community, and what can we do to help him feel more at home (or at ease) among us.”

These questions and Major Hasan’s answers to them would have given us a clear opportunity to mitigate the threat he allegedly posed without ever requiring us to stretch our imaginations to consider his potential ties to terrorist organizations or to wonder openly about his soundness of mind. Taking care of our community would not have required anything like the investments in surveillance technology and effort underlying his alleged communications with suspected terrorists.

Instead of asking these questions, efforts to address the seemingly abundant evidence of his problems fitting in with military and medical colleagues seem to have taken two decidedly unproductive turns: 1) On one hand, it seems as if his supervisors and peers sought to address issues with his performance as if they were purely technical rather than adaptive problems, and 2) They seem to have decided that his eventual transfer to Fort Hood and deployment to a war zone might make him someone else’s problem, focus him on the mission, or give him a chance to start over. These approaches seem almost as cynical as they are shortsighted and misguided.

Evidence of Major Hasan’s apparent detachment and unsociability should trouble us not because we know the toll his alleged actions took on his comrades at Fort Hood, but because an all-volunteer force relies upon a strong sense of community that reflects a shared sense of sacrifice and commitment to certain values. If anyone is responsible for the failure to prevent Major Hasan’s alleged attack, we all are. As a community, we have an obligation not only to ourselves, but also to one another to help each other figure out how to fit in.

Asking questions of newcomers may make some sense. But we better be sure too that we understand what our questions say about us. The questions being asked about this incident suggest we have a lot to learn about what it takes to make our communities and our society safer and more inclusive places to live. How we answer them will tell us a lot about how well we are adapting to the realities we first acknowledged following the attacks on 9/11.

October 27, 2009

The Right to Be Left Alone…

Filed under: General Homeland Security,Privacy and Security — by Jessica Herrera-Flanigan on October 27, 2009

“That the individual shall have full protection in person and in property is a principle as old as the common law; but it has been necessary from time to time to define anew the exact nature and extent of such protection…

Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right… “to be let alone…

— Samuel D. Warren and Louis D. Brandeis, THE RIGHT TO PRIVACY, 4 Harvard Law Review 193 (1890)

Spencer Hsu of the Washington Post reports today that 28 groups and individuals belonging to the Privacy Coalition are calling for Congress to investigate the Department of Homeland Security’s Privacy Office. The Coalition, in a letter to House Homeland Security Committee, questioned the adequacy of the Office’s work, especially as it relates to the following technologies:

  • Fusion Centers and the Information Sharing Environment
  • Whole Body Imaging
  • Closed-Circuit Television (CCTV) Surveillance
  • Suspicionless Electronic Border Searches

The group seems to be most concerned with the Privacy Officer’s first responsibility, under Sec. 222(a) of the Homeland Security Act, to assure that “the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information.”   The group also finds fault with the Office’s certifications for exemptions to its obligations under the Privacy Act.

The letter’s premise is interesting in that it furthers the privacy versus security rhetoric that has permeated homeland security.  Rather than noting how the two can co-exist, the letter places each against other, with little room for mitigation or reinforcement — which is at odds at how the Homeland Security Act – rightly or wrongly- put together the Privacy Office’s responsibilities.

The Coalition notes that the Department’s Privacy Compliance Group “manages statutory and policy-based responsibilities by working with each component and program throughout the Department to ensure that privacy considerations are addressed when implementing a program, technology, or policy.”  The letter discusses the Compliance process and then criticizes the Department for focusing its efforts on Privacy Impact Assessments to assure that implementing programs build in privacy protections.   That said, it admits that the assessment process is a possible avenue for the Department to protect privacy and then proceeds to criticize the agency for not providing enough examples in an annual report, even though every PIA is listed.

If the Privacy Office is doing all of the above-  it is doing its job.  The Coalition, it would seem, is requesting, in part, that programs be dismantled.  For example,the letter’s section on whole body imaging  suggests that the technology itself is the problem, not the assessment of what privacy measures should be in place.  According to TSA and the Privacy Office’s assessments, TSA has put in place privacy protections regarding the use, collection and disclosure of personal information in the case of whole body imaging.  According to TSA’s website, the following procedures are in place:

  • The officer who assists the passenger never sees the image the technology produces.
  • The officer who views the image is remotely located, in a secure resolution room and never sees the passenger.
  • To further protect passenger privacy, millimeter wave technology blurs all facial features and backscatter has an algorithm applied to the entire image.
  • The two officers communicate via wireless headset. Once the remotely located officer determines threat items are not present, that officer communicates wirelessly to the officer assisting the passenger. The passenger may then to continue through the security process.
  • This state-of-the-art technology cannot store, print, transmit or save the image. In fact, all machines are delivered to airports with these functions disabled.
  • Officers evaluating images are not permitted to take cameras, cell phones or photo-enabled devices into the resolution room.
  • Each image is automatically deleted from the system after it is cleared by the remotely located security officer

If the Privacy Office evaluated the program during its implementation and worked with TSA to require these protections, hasn’t its statutory duty been met?  The Coalition suggestions on the Privacy Office’s responsibilities would require a reinterpretation of the statutory language so as to delete the “protections relating to the use, collection, and disclosure of personal information.”  The Coalition, it seems, would have  the Privacy Office be both judge and jury in deciding whether technologies in and of themselves “erode” privacy in the broadest sense.  That, however, is not the Privacy Office’s mandate.

Don’t get me wrong, the letter does raise some legitimate issues that the Privacy Office does need to address.  For example, in the section relating to Fusion Centers and Closed-Circuit Television (CCTV) Surveillance, it suggests that the Privacy Office should have pushed harder for mandatory privacy protections, rather than guidelines and voluntary efforts.   To the degree DHS has procurement, grant, and partnering decisions over such programs, then  stronger protections should be pursued.

In its closing the letter notes that if DHS’s internal privacy office cannot “protect the privacy of American citizens, through investigation and oversight” then “the situation calls for an independent office that can truly evaluate these programs and make recommendations in the best interests of the American public.” The Privacy Office’s mission, as envisioned by the Homeland Security Act, is not that of an independent voice. That voice was created in the 2004 Intelligence Reform Act with the creation of the Privacy and Civil Liberties Oversight Board, which is neither staffed nor active.  That is where the Privacy Coalition should be focusing its attention.

Indeed, in a letter today, Rep.  Jane Harman and Sen. Susan Collins rightly raised concerns with President Obama re the delayed status of nominations to that board.  That independent board is the watchdog for evaluating the privacy in the programs that the Privacy Coalition has raised.  Its mission includes

in providing advice on proposals to retain or enhance a particular governmental power, consider whether the department, agency, or element of the executive branch concerned has explained—

(iii) that the need for the power, including the risk presented to the national security if the Federal Government does not take certain actions, is balanced with the need to protect privacy and civil liberties.

Notably this responsibility is not included in DHS’ Privacy Office job description. Rather than re-interpreting the DHS Privacy Office’s role or creating ANOTHER independent body – the focus should be on getting the Privacy and Civil Liberties Oversight Board in place so that a voice exists to help the government  to determine when security and our “right to be left alone” clash and what steps need to be taken to assure that our nation is secure and our fundamental values and rights are protected.

August 24, 2009

And clean behind your ears too!

Filed under: Intelligence and Info-Sharing,Privacy and Security — by Philip J. Palin on August 24, 2009

The last couple of weeks I’ve been trying to assess what really happened at Ft. Lewis, Washington. 

Maybe you’ve already heard about John Towery (aka John Jacob), an Army employee, who has been accused of spending two or three years undercover to gather intelligence on Seattle-Tacoma area anti-war organizations.  Mr. Towery is a civilian member of the Ft. Lewis “Force Protection Division” or base security team.  Whether he was free-lancing or operating under orders is an important — and as yet unanswered — question.  (See news stories listed at end of this post.)

Jeff Stein at Congressional Quarterly writes that  Mr. Towery’s, “reports on antiwar groups were going to the Washington Joint Analytical Center, a partnership of local and state police, the FBI and the federal Department of Homeland Security.”

Anjali Kamat with Democracy Now! (see below) broke the story on July 28.  According to the original report, “The activists claim Towery has admitted to them he shared information with an intelligence network that stretches from local and state police to several federal agencies, to the US military.”


Evidence-based policing is really common sense policing.  You pay attention to what is happening — you give particular attention to known precursors — and you intervene early to prevent or mitigate outbreaks.

This is essentially the application of  epidemiology to law enforcement.  Malcolm Gladwell makes this connection especially clear in The Tipping Point.

Intelligence-led policing is — or can be — the application of active surveillance and early intervention to prevent catastrophic events.  With clear protocols, effective training, and principled supervision such proactive practices can protect and serve communities… and the Constitution.

But we can forget — or more often, neglect — the self-restraint, discipline, external checks and structural balances needed to avoid  the risk of caretakers becoming carriers of the disease they seek to prevent… or something even worse.

Before 1867 most surgeons did not wash their hands.  As they moved from one patient to another the germs they spread probably killed more than their surgery saved.  Their intentions were noble and pure.  Their hands were bloody, both literally and figuratively.

We don’t know — yet — what happened at Ft. Lewis.  But if anyone associated with the military was involved in any aspect of domestic intelligence-gathering, there should have been the strictest of antiseptic — actually prophylactic — protocols. 

Instead it sounds like someone wasn’t even using soap and singing happy birthday.

News Coverage:

Declassified docs reveal military operative spied on WA peace groups (Democracy Now!)

Olympia anti-war group says Fort Lewis employee a spy (The News-Tribune)

Army looking into monitoring of protest groups (New York Times)

Turning the US army against Americans (The Guardian)

June 11, 2009

James von Brunn: criminal predicate, but reasonable suspicion?

Filed under: Intelligence and Info-Sharing,Legal Issues,Privacy and Security — by Philip J. Palin on June 11, 2009

James von Brunn, the alleged assailant in yesterday’s  fatal shooting of Stephen Johns at the Holocaust museum, has a long history of racist, anti-semitic, anti-government speech and action.  Would he have been a proper target for law enforcement intelligence gathering?

Mr. von Brunn is an 88 year-old,  military veteran with a prolific and, until today,  easy-to-access collection of writings attesting to his hatred of certain groups.  Many of these writings and rambling threats have been available at www.holywesternempire.org.  This morning the URL  announces: “HTTP 403 Forbidden.”  He is the author of a 1999 book entitled, Kill the Best Gentiles.

The Southern Poverty Law Center has listed Mr. von Brunn’s website among its large collection of “hate sites.”  The Anti-Defamation League has also monitored Mr. von Brunn. (See more from USA Today.) Would it be appropriate for local, State, or federal law enforcement agencies to collect and store similar information? Or does such information fall within the constitutional provisions of protected speech?

Arguably the most common legal standard for answering the question is 28 CFR, part 23 (or Title 28 of the Code of Federal Regulations, part 23).  This regulation was established, in part, to counter abuse of protected speech by law enforcement agencies in the 1960s and 1970s.

The core legal standard for gathering, collecting, and sharing information (or not) is set out as follows.

§ 23.20 Operating principles. (a) A project shall collect and maintain criminal intelligence information concerning an individual only if there is reasonable suspicion that the individual is involved in criminal conduct or activity and the information is relevant to that criminal conduct or activity. (b) A project shall not collect or maintain criminal intelligence information about the political, religious or social views, associations, or activities of any individual or any group, association, corporation, business, partnership, or other organization unless such information directly relates to criminal conduct or activity and there is reasonable suspicion that the subject of the information is or may be involved in criminal conduct or activity. (c) Reasonable Suspicion or Criminal Predicate is established when information exists which establishes sufficient facts to give a trained law enforcement or criminal investigative agency officer, investigator, or employee a basis to believe that there is a reasonable possibility that an individual or organization is involved in a definable criminal activity or enterprise. In an interjurisdictional intelligence system, the project is responsible for establishing the existence of reasonable suspicion of criminal activity either through examination of supporting information submitted by a participating agency or by delegation of this responsibility to a properly trained participating agency which is subject to routine inspection and audit procedures established by the project.

 In the case of Mr. von Brunn was there reasonable suspicion?  How about criminal predicate?  Were there a sufficient number of “trained law enforcement or investigative agency” personnel assigned to establish reasonable possibility?

I am not a trained law enforcement officer.  But I sometimes train such officers.  If I had, before yesterday’s attack, read Mr. von Brunn’s writings, I would not have perceived strong grounds for “reasonable suspicion.”  I would have had difficulty reading much of the hate-filled, often turgid prose and would have quickly moved on to other targets of concern. (Even last evening, with the day’s events underlining the potential importance, it was a slog to read.)

If for some reason I was motivated to do additional research, I might have established “criminal predicate.”  In 1983 von Brunn was convicted of several charges and imprisoned for an armed attempt to “arrest” Paul Volcker and other members of the Federal Reserve Board.  But even with criminal predicate in hand, given the quarter-century elapsed and the age of the suspect, it is unlikely I would have established  “reasonable possibility.”

Which would have done nothing to save the life of Stephen Johns and — if not for the response of Mr. Johns and other security guards — my inaction could have led to the death and injury of many others at the museum.

I am not arguing for an easy answer.  I am suggesting the need to wrestle with a very tough question.  We can invest so much in defending pre-established positions that, too often, there is little energy left for crafting an imperfect, but principled solution.

Related background:

Russell Porter testimony: Report Card on Homeland Security Information Sharing

Practical Guide to Intelligence Led Policing

Intelligence Led Policing: New Intelligence Architecture

The Constitution Project: Liberty and Security

America’s growing surveillance state

Intelligence Agency Does Not Distinguish Between Terrorism and Peace Activism

(This event’s connection with the withdrawn DHS report on right-wing extremism is covered by Ed O’Keefe in this morning’s Eye Opener. And if you are looking for evidence of the energy invested in defending pre-established positions, check out the comments on O’Keefe’s report.)


Museum Suspect’s Writings Had Not Triggered a Probe (Washington Post)

Shootings show threat of ‘lone wolf’ terrorists (Associated Press)

« Previous PageNext Page »