Homeland Security Watch

News and analysis of critical issues in homeland security

December 29, 2010

What I Learned in 2010

The end of one year and the beginning of another gives one pause. New beginnings are a chance to start over. If we’re honest with ourselves, a bit of reflection can help us enter the knew year equipped with insights that help us avoid or at least reduce the impact of new calamities like those that confronted us in the year before. As I look back at 2010 for lessons, here are the top five things I saw that make me wonder what the year ahead holds in store:

We still don’t know security when we see it. Supreme Court Justice Potter Stewart famously quipped in a landmark First Amendment case that he knew hard-core pornography when he saw it. Unfortunately, the naked truth about homeland security is we still know know what it is when we see it. Full body scanners and aggressive pat downs to search airline passengers have, however, hinted at the limits of public support for security theater. That said, we still have few clear hints how we should balance the competing interests of civil liberties like privacy and security.

We may be smarter, more successful and skillful than our adversaries, but that ain’t saying all that much; or, maybe it’s just hard to find good help these days. Most of the homeland security successes we witnessed this year, seem more like lucky strikes than genuinely skillful performances by our security services. Maybe that’s because our adversaries have had less success recruiting skilled operatives than we might have imagined. This makes me wonder: with unemployment still running nearly 10 percent nationally (and much higher in some minority communities) why is it so hard to find skilled help? What’s more, as local and state governments find themselves in the death grip of fiscal austerity, how will they meet public expectations of them for safety and security? Judging by public criticism of the response to severe weather events as we end the year, not well at all.

It’s the economy, stupid. Before we had even managed to stop writing or typing 2009 when we meant 2010, Haiti experienced a devastating earthquake that some estimates suggest killed more than 250,000 people and left millions more homeless. As the year came to a close, the country languished in the grip of a cholera epidemic and a presidential succession crisis. The flow of aid lagged far behind pledges from international donors, leaving the impoverished country barely clinging to life. If we ever had any reason to doubt the fact, Haiti confirmed that poverty is any adversary or calamity’s best friend. The corollary to that observation is equally clear and simple: Resilience is about resources. The fungibility of capital — that is the ability of any individual or group to apply their stores of human, social or political capital to conduct transactions that transform natural, economic or material resources to their own or others’ benefit — depends on both the sufficiency and diversity of those hard assets as much or more than any degree of cleverness or incentive to apply themselves. Necessity is the mother of chaos, not invention. In the absence of resources, don’t expect that to change unless you are willing to watch things get worse not better.

Victory (sometimes) favors the unprepared. The benefits of diverse stores of all forms of hard and soft capital was aptly illustrated by the New Zealand response to September’s earthquake in Christchurch and the numerous and still ongoing aftershocks. People there weren’t all that well prepared (especially for the specific event that occurred), but they knew how to use what they had to take care of what they needed. As such, they fared much better than the Haitians and required no outside assistance. The Chileans too, although better prepared than either the New Zealanders or Haitians, demonstrated that was all the more true when a society’s resources and mindsets are both well-adapted to the environment they inhabit.

Casting oil on the water sometimes makes waves. Rather than calming turbulent seas, the explosive destruction of the Deepwater Horizon drilling platform in the Gulf of Mexico and the resulting release of millions of gallons of crude oil into the sea made waves for months. Rather than crystallizing public opinion on energy policy and the need to invest in alternatives to petroleum, the federal response — both on a regulatory level and an operational level — came under intense criticism for ignoring the needs of local citizens who depended upon the Gulf of Mexico for their livelihood. Never mind that some depended upon industries that posed a risk to these ecosystems while others depended on the ecosystem itself, the debate never fully confronted the difficult policy choices facing the country now or in the future. As the federal government continues its work with Gulf Coast states on a recovery plan we should be looking forward not backward for answers about the future.

Clearly, many more things happened in 2010 than I have covered here. What were your top lessons learned from 2010? And what are your hopes for the year ahead?

September 14, 2010

In Panopticon We Trust

Filed under: Futures,Privacy and Security — by Christopher Bellavita on September 14, 2010

In the late 18th century, Jeremy Bentham (of “greatest good for the greatest number” fame) wrote about the “panopticon”  –

“PANOPTICON; OR THE INSPECTION-HOUSE: CONTAINING THE IDEA OF A NEW PRINCIPLE OF CONSTRUCTION APPLICABLE TO ANY SORT OF ESTABLISHMENT, IN WHICH PERSONS OF ANY DESCRIPTION ARE TO BE KEPT UNDER INSPECTION….”

According to the Bentham scholars at wikipedia:

The concept of the design is to allow an observer to observe (-opticon) all (pan-) prisoners without the incarcerated being able to tell whether they are being watched, thereby conveying what one architect [Silke Berit Lang] has called the “sentiment of an invisible omniscience.” Bentham … described the Panopticon as “a new mode of obtaining power of mind over mind, in a quantity hitherto without example.”

[The panopticon] design was invoked by Michel Foucault [in Discipline and Punish: The Birth of the Prison] as [a] metaphor for modern “disciplinary” societies and their pervasive inclination to observe and [normalize]. Foucault proposes that not only prisons but all hierarchical structures like the army, schools, hospitals and factories have evolved through history to resemble Bentham’s Panopticon.”

The homeland security debate about privacy versus liberty focuses almost exclusively on how government erodes privacy rights.

Less emphasized (at least in my reading) is the role the private sector plays in privacy intrusions.  Maybe because many people voluntarily surrender privacy to the private sector, under the guise of increased efficiency, convenience, and choice — to say nothing of the difficulty determining what privacy you actually surrender if you have an account on Facebook or Google.

What will the future be like in this domain?  Will big brother arrive not with a government ID card, but with a cents-off coupon promise to make life better through interoperable data bases?

——————-

My colleague, Richard Bergin, brought the brief videos (below) to my attention.

The first (about 2 minutes long) is about ordering a pizza in the future.  Most of the information (in the scenario) comes from private sector data bases.

The second video (less than a minute) is a story about how radio frequency ID (RFID) will make life at the grocery store better for all of us.

The last video (around a minute) shows why every right thinking family man or woman would want to have one of these things implanted, as soon as possible.

Ordering pizza in the future

Shopping in the future

Making sure the health information needs of you and your loved ones are taken care of


June 20, 2010

Another small voice in a chorus of complaints

Filed under: Organizational Issues,Privacy and Security — by Philip J. Palin on June 20, 2010

Secretary Napolitano gave a speech on Friday.   According to Lolita Baldor with the Associated Press,

As terrorists increasingly recruit U.S. citizens, the government needs to constantly balance Americans’ civil rights and privacy with the need to keep people safe, said Homeland Security Secretary Janet Napolitano.

But finding that balance has become more complex as homegrown terrorists have used the Internet to reach out to extremists abroad for inspiration and training. Those contacts have spurred a recent rash of U.S.-based terror plots and incidents.

“The First Amendment protects radical opinions, but we need the legal tools to do things like monitor the recruitment of terrorists via the Internet,” Napolitano told a gathering of the American Constitution Society for Law and Policy.

The organization hosting the speech provides access to an audio and video recording of the Secretary’s remarks.  Thank you.

I have been unable to find a transcript of the speech.  April 19 is the last time a speech by the Secretary was uploaded to the DHS “speeches and statements” screen.    The most recent post to the Blog@DHS is ten days old.  There has not been a general press release since June 15.   

As some of you have complained, I hate to complain.  I suppose many staff have been redeployed to support public communications in the Gulf.  But unlike that wonderful Washington figure Chance “I like to watch” Gardner, I much prefer to read. It takes less time and allows for more detailed consideration of what is offered.

Friday, on another topic, I argued for the importance of listening.  When the Secretary of Homeland Security speaks on the topic of balancing security and liberty both she and we should exercise particular care.  I could be more careful in listening if I could read what she said.

June 4, 2010

A Review: Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism

In 2005, Stewart Baker joined the Department of Homeland Security as Assistant Secretary of Policy for the entire Department of Homeland Security under Secretary Michael Chertoff. The position, which evolved from the Assistant Secretary for Border and Transportation Security Policy and Planning position, has the following responsibilities, according to the DHS website:

  • Leads coordination of Department-wide policies, programs, and planning, which will ensure consistency and integration of missions throughout the entire Department.
  • Provides a central office to develop and communicate policies across multiple components of the homeland security network and strengthens the Department’s ability to maintain policy and operational readiness needed to protect the homeland.
  • Provides the foundation and direction for Department-wide strategic planning and budget priorities.
  • Bridges multiple headquarters’ components and operating agencies to improve communication among departmental entities, eliminate duplication of effort, and translate policies into timely action.
  • Creates a single point of contact for internal and external stakeholders that will allow for streamlined policy management across the Department.

Baker would hold the position for the next four years, tackling a variety of issues from border and travel to cybersecurity and the Committee on Foreign Investment in the United States (CFIUS) to bioterrorism.  In his upcoming book, Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism, Baker offers an intriguing view of our homeland security posture that ties back to the central theme that technology is both our savior and our enemy as it empowers not only us but our foes.  Coming from Baker, who has been described by the Washington Post as “one of the most techno-literate lawyers around,” the analysis of homeland security technology from a policy/legal prism is refreshing.  This is not a Luddite’s view of why technology harms, but an expert’s finely woven story of “how the technologies we love eventually find new ways to kill us, and how to stop them from doing that.”

A subtheme throughout the book is that information sharing, or lack thereof, has hindered our nation’s efforts to fight terrorism, especially when “privacy” has played a role.  In setting up a discussion of what led to his time at DHS, Baker recounts some of the failures leading up to 9/11, including the information sharing wall put up at the Department of Justice between intelligence and law enforcement elements of the agency, as well as challenges at the Foreign Intelligence Surveillance Court. His view is of someone who has spent time in the intelligence world as the General Counsel of the National Security Agency and as General Counsel of the Robb-Silberman Commission investigating intelligence failures before the Iraq War. The account dives into the intricacies of Justice and its overseers, as well as how bureaucracy and personalities can so easily define our government’s most sensitive policies.

The book then looks at his days at DHS and attempts to strengthen border and travel programs and policies for acronym-named programs, including Passenger Name Records (PNR), the Visa Waiver Program (VWP), Electronic System of Travel Authorization (ESTA), Western Hemisphere Travel Initiative (WHTI), and Computer Assisted Passenger Pre-Screening System II (CAPPS II),  among others.  If you have ever doubted Washington’s love of acronyms and initialisms, this read will certainly change your mind.

In evaluating efforts in the aviation space, Baker is critical of a number of groups that he deems to have stood in the way of the Department’s mission during his tenure, including the private sector, European governing bodies, bureaucrats, Congress, and privacy/civil liberties groups, all of whom he argues are all about the status quo and not open to change.  Some of his criticisms are valid while others seem to simplify the views of the various actors.  For example, in dismissing some of the tourism industry’s concerns related to travel policies, he argues that the industry did not want innovation in government security on the border. Having been in the trenches at the U.S. House Homeland Security Committee during many of these debates, I would argue that the balancing of the numerous parties’ interests and concerns was not always that simple or easy to discern, especially when assessing the right security path forward.  Some programs mentioned in the book, such as WHTI, succeeded, in part, because they were implemented once necessary infrastructure had been deployed.

His strongest concerns are reserved for privacy and civil rights advocates and the government policies they either tout or hate.  There is a great deal of skepticism for “hypothetical civil liberties” and “hypothetical privacy concerns,” without evidence of demonstrated abuses by the government. He cites numerous incidents, some of which certainly demonstrate the tension between privacy and security co-existing.  A few of the examples he uses have even been explored here at HLSWatch, including complaints about whole body imaging machines in airports.  See, e.g. The Right to Be Left Alone (October 27, 2009) and “Where are all the white guys?” (November 10, 2009). Reading the book, privacy and civil liberties supporters may find it hard to balance Baker’s call for imagination when tackling homeland security policy and decisionmaking without calling for a similar level of creative thinking when addressing how those policies and decisions will affect privacy and civil liberties.

The book goes on to describe how the Department and Administration tackled (or failed to tackle) cybersecurity and biosecurity and the differences between the approaches. In both sections, privacy and information sharing are undercurrents, though we also see some interesting discussions of such topics as patent protections, self-regulation, and the evolution of security in each of these areas.  The discussions are intriguing and provide both a history and analysis of why we are where we are on those issues.   The cybersecurity and related CFIUS discussion brought back some memories to this self-proclaimed cybergeek, including some of my first interactions with Baker when he was in private practice and I was at the Justice Department.

One last observation: while the focus on the book is obviously on the time that Baker served at the Department under Secretary Chertoff, it leaves much to the imagination of what work Secretary Ridge and his team- from their early days in the White House after 9/11 until the changing of the guard to Secretary Chertoff – undertook and how that may have contributed to some of Secretary Chertoff’s and Baker’s successes, challenges, and mindset.  In addition, despite the focus on privacy and civil liberties, there is little mention of the other DHS offices, including the Privacy, Civil Liberties, and General Counsel’s offices, who may have been engaged in many of the battles noted by Baker. The book is not lacking in detail or intrigue because of these exclusions, though I wonder how they affected the decisions of Baker and his policy team. Perhaps these items are the subject of another book for another time.

Stewart Baker provides insight into a D.C. perspective of homeland security and the struggle of a Department to tackle technology, privacy, and information sharing. The book provides some valuable lessons for those who are on the frontlines of homeland security policy as they attempt to tackle future threats. For an observer of homeland security development, Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism is a must-read. The book will be released on June 15th and is available for pre-order on Amazon.com.  In the meanwhile, excerpts from the book and other missives from Baker can be found at a blog with the same name, http://www.skatingonstilts.com/.

March 15, 2010

Is the Internet Creating Terrorists?

Filed under: International HLS,Privacy and Security,Radicalization,Terrorist Threats & Attacks — by Jessica Herrera-Flanigan on March 15, 2010

Happy birthday today to the Internet as we know it.  It was on March 15, 1985,  that Symbolics Computers of Cambridge, Massachusetts registered Symbolics.com, the first .com domain.   Today, there are more than 84 million addresses and growing as more than 668,000 sites are registered each month.

Interestingly, the Los Angeles Times ran a story late last week entitled “Internet making it easier to become a terrorist,” detailing how the Internet has become a “crucial front” in the battle for and against terrorism, making it easier for potential homegrown terrorists to get and share information.  Potential terrorists no longer have to travel around the world to terror training camps but can become militarized and taught to “wage violent jihad” in their PJs from the comfort of their bedrooms, according to the article.

Much of the article focused on the transformation of Colleen R. LaRose from a bored middle-aged American into her Internet alter-ego, “Jihad Jane.”  The Christian Science Monitor ran a similar story Friday, noting an increase in U.S. terror suspects and how “advances in online communication have made it easier to recruit Americans to radical Islam.”  The publication did a separate story last week about the troubling and possibly increasing ability of Al Qaeda to attract American women to terrorism. The story, however, only noted only two other instances where women have been charged in the U.S. with terror violations:

  • The case of Lynne Stewart who was convicted of helping imprisoned Sheikh Omar Abdel Rahman communication with this followers; and
  • Aafia Siddiqui, a Pakistani scientist found guilty of shooting at U.S. personnel in Afghanistan while yelling, “Death to Americans!”

Neither of these cases, however, involved the Internet or sophisticated plots to communicate with others via email or technology to commit terrorist acts.  Which leads us to the question – should the Jihad Jane case be of concern or is it an anomaly?

Women are increasingly turning to the Internet, according to a number of studies.  According to the Pew Internet & American Life Project, 74% of women use the Internet (as of December 2009).  Other studies show that women are increasingly turning to the technology to conduct many daily activities.  A Burst Media study released in March 2009 found that 69.4% of women cited the Internet as the “primary source for information to keep their household running with information on family activities, recipes, health news, and entertainment listings.”  Just over 62% used Internet to research products or services. Those statistics increased for women in the 35-54 range, with 71.1% an 66.6% using the Internet to help run their households and research products, respectively.

A survey by BlogHer, a woman’s blog network, in May 2009 found that approximately 53% of adult U.S. women participate in social media.  The survey found that more than 31.5 million participate weekly in social networks such as Facebook and MySpace, 23 million blog, 16.8 million participate in message boards/forum; and 6.7 million conduct status update (e.g. Twitter).  Given the high rate in which social networking has increased over the past year, especially with more wireless devices now able to allow users to use social media interfaces, these numbers surely have increased as well.

Of course, a mere increase in women online does not necessarily translate into women turning to terrorism.  We do know, however, that marketers and online behavioral advertising experts are increasingly exploring how to market and tailor material to women online.  Why wouldn’t terrorist groups looking for new recruits do the same?  According to expert Gabriel Weimann in his 2006 book “Terror on the Internet: The New Arena, the new Challenges” – they already have.  Terrorist groups can narrow their message to a particular audience, appealing to specific sympathies and touch points.

We know that terrorist organizations are also increasingly turning to the Internet to recruit and communicate.   According to a Council on Foreign Relations backgrounder on “Terrorists and the Internet,” prepared by Eben Kaplan in January 2009, “terrorists increasingly are using the Internet as a means of communication both with each other and the rest of the world.” Indeed, the number of terrorist organizations using the Internet has increased from 12 in 1998 to more than 4,800 this year.

Kaplan notes that the “most effective way in which terrorists use the Internet is” for spreading propaganda and promoting sympathetic views of terrorist organizations.  As Weimann has noted, the Internet is a perfect tool for a new breed of terrorist. It is anonymous and uncontrollable.

In general, the trends and studies show that terrorist groups are going online and that the use of the Internet by those groups to spread propaganda and recruit potential terrorists is of concern.  The increase in the number of women online and the ease by which information can be tailored to specific demographics should be not be overlooked, especially with the access to populations of potential recruits who may not otherwise be allowed or recruited to attend terrorist training camps abroad.  Jihad Jane is likely not an anomaly but a troubling preview of the future of terrorism.

(Look to Friday’s post to explore how the government can counteract these efforts and the challenges with fighting terrorism and propaganda online).

December 16, 2009

Integrity, Validity or Security: Pick Any Two

Someone once said of the choice among quality, price, and timely delivery, “Pick any two.”  In recent years, Americans have operated under the illusion that such tradeoffs do not apply to us, at least with respect to information.  The pace of technological progress has fueled this illusion.

As individuals’ access to information has improved through the seemingly relentless convergence of information technologies, people have actually started wondering when, not if, a singularity will emerge.   Until this happens, we have to cope with the tradeoffs and their effects on democracy and trust.

As this blog’s other distinguished contributors and discussants has demonstrated on many occasions, homeland security professionals wrestle continuously with information management and technology policy issues that call upon us to balance information integrity, validity, and security.  Inevitably, these values find themselves expressed as tensions, and tradeoffs become inevitable as we seek to meet the expectations of politicians and citizens’ insatiable ‘needs to know.’

In addition to the need to know, we must now confront the ability to know.  Information and knowledge are not the same thing. Turning information into knowledge is a complex, time-consuming, and often costly process.  People in general have a poor capacity for interpreting large amounts of complex information and thus acquiring appreciable knowledge of risks, especially those far removed from their everyday experience.

This became abundantly clear to me recently, as the community where I work responded to a positive test for e. coli contamination in our drinking water supply.  Initial tests, like the one conducted here the day before Thanksgiving, had produced positive results on more than a dozen prior occasions without resulting in confirmation during subsequent testing.  This time was different though.

By the time the positive results were confirmed and the potential extent of contamination became clear, officials had to work out who needed to know what and then worried about the best way to communicate the information without provoking undue fear.  After all, they reckoned, the boil water notice issued in response to the finding in compliance with federal drinking water regulations was not itself a risk-free proposition: In other communities, more people suffered burns preparing water for consumption than suffered illness from the such contamination itself.

As word of the required actions and the city’s response to it was released to the news media and the public, feedback came in hot and fast.  Why had this notice not been issued sooner?  Why had officials relied so heavily on traditional media to get the word out?  Why had city officials not contacted water customers directly?

Those in the community asking these questions assumed they were the first to do so.  Moreover, they assumed that the answers were influenced primarily by money, technology, and administrative inertia, if not apathy or incompetence.  While cost, technical capability, and bureaucratic issues all play a role in delaying or preventing action, they are not the primary cause of officials’ concerns.  Those responsible for deciding when and how to act, including when and how to notify the public, tend to be consumed with concern for getting it right.  Herein lies the problem: A “right” response lies in the eyes of the beholder, and the public has taken a particularly jaundiced view of official actions to manage risks, especially those that involve an intersection between complex technologies and human health.

As I was digesting the very real implications of the dilemma occurring in my own community, I became aware of a report released at the beginning of October by the Knight Commission on the Information Needs of Communities in a Democracy.  The report prepared by a commission of policy and technology experts co-chaired by former United States Solicitor General Theodore Olson and Google vice president Marisa Mayer was presented to federal Chief Technology Officer Aneesh Chopra and Federal Communications Commission Chairman Julius Genachowski upon its release.

In short, the report warns of a growing information divide that threatens to undermine the foundations of American democracy. Addressing the divide, the report argues, will require coordinated effort on many fronts, and cannot be accomplished by either the government or the market acting alone.

Although improved access to technology, expanded transparency of government information, and increased commitment to engagement are all required, so too is increased literacy and numeracy – the capacity of people to appreciate information and turn it into useful knowledge.

So far, efforts to produce engagement even in some of the most creative, educated, and engaged communities through technology innovation have produced spotty results.  Open data and application development contests intended to engage private sector partners to leverage insights from public data have produced applications that do little to advance the public good.  In many cases, these applications simply make it easier for well-equipped citizens with smartphones to tell government officials they are doing a poor job responding to citizen concerns, while increasing the volume of complaints they have to deal with before they can get on with the work needed to remedy the underlying causes of what might otherwise be legitimate problems.

In other cases, applications that improve the efficiency of individual competition for consumption of public goods like parking spaces pass for innovation.  In still others, externalities clearly outweigh efficiencies by making undigested or unconfirmed information available in forms that further erode confidence in government.

In the early days of the republic, a learned man or woman of modest means could acquire a decent command of all available knowledge by applying him or herself with rigor and discipline.  Indeed, the signers of our own Declaration of Independence distinguished themselves as knowledgeable in a diverse array of subjects ranging from philosophy to law to agriculture to military strategy to engineering to commerce to religion.

Today, not one of us has any hope of achieving comparable mastery of extant knowledge.  The volume of information already in existence and the pace of new discoveries have simply become too vast, too specialized, too detailed, and too isolated from everyday experience for anyone to master regardless of mettle or means.  This does not seem to have lowered public expectations though.

In a world where people share information in real-time with one another over distances of thousands of miles and have instant access to hundreds of television channels, dozens of radio stations, and zettabytes (one zettabyte equals one billion terabytes) of data how do we overcome the illusion that information access equals knowledge?  With all of this information floating around us all the time, how do we decide what to tell people, when to tell them, and what method to use?

In the online discussion that emerged following the recent water contamination scare here, one participant in noted, “People do not trust institutions, they trust people.”  For him, at least, it was important not so much that someone had the answers to his questions, as it was that someone took responsibility for responding to his concerns.  In the absence of an official somebody, it seems anybody will do.  He, and many others, argued that the absence of official pronouncements only encouraged others to fill the void.

Not long ago, we relied upon media to do this for us.  That has changed, and media no longer have the capacity they once did to hold government accountable or to lower public expectations.  To the extent that media play an influential role in public debates these days, they are more likely to reinforce our biases than clarify positions or encourage dialogue.

It remains unclear whether social media or other technologies will bridge the gap between knowledge haves and have-nots.  If time is running out on our information illusions and our nation’s capacity to maintain trust in government and its democratic legitimacy are threatened by this growing divide, what will we make of the choice between integrity, validity, and security in the future and how will cost, quality, and timeliness influence our decisions?

November 20, 2009

Creators, Peepers & Security

Filed under: Privacy and Security — by Jessica Herrera-Flanigan on November 20, 2009

“We’ve moved from an era of privacy keepers to one of privacy peepers and data-mining reapers who want to turn our information into products…The product is our records, our privacy, our family’s history. We wouldn’t let the government do this, so we have to protect against companies that want to do this.”

Congressman Ed Markey (D-Massachusetts), House Energy and Commerce Subcommittees on Commerce, Trade, and Commerce Protection and Communications, Technology, and the Internet Hearing on “Exploring the Offline and Online Collection and Use of Consumer Information.

In the past month or so, there have been a number of hearings in Congress exploring privacy issues relating to the collection, distribution and use of consumer information online and the emergence of new technologies (such as Web 2.0 and social media sites). While not “homeland security issues” in the strictest sense, the increasing synergies between the two that HLSWatch has explored this week make them relevant to the larger security efforts of our nation.

Rep. Markey’s quote above is not only poetic it raises a deeper problem. In his rhyme, he has focused on the keepers, peepers, and reapers – assumingly the companies that are collecting and marketing consumer information.  The various “eepers,” however, have little to do if creators are not creating. (Unfortunately, I could not come up with a synonym for “creator” that ends in “eeper” though I welcome suggestions.)

It seems in today’s increasingly online society, the new generations just are not as concerned about privacy as their parents and grandparents.   Chris Bellavita’s post on Tuesday on security clearances and facebook/twitter is a testament to that growing phenomenon.   In some ways, social networks have become our public diaries where we record our thoughts, dislikes, likes, indiscretions, and, in some cases, our every action.

As a society we have created a market for peepers and reapers.   So what does it mean for privacy as we have traditionally thought of it when the expectation is distorted with the emergence of new technologies? Will those who grew up on facebook and twitter even care in twenty years? Those are certainly topics worth exploring in future postings.  Getting back to Rep. Markey’s quote – what does it mean for homeland and national security that so much information is out there for gathering?  Putting aside the debate over what the U.S. government and the corporate world should be doing, should we be worried about what potential foreign and intelligence operatives are doing with that information (assuming it can be accessed through open source culling or, in more sinister cases, through social engineering or hacking)?

For example, should we be doing more to educate government employees, especially those with sensitive but not necessarily classified, responsibilities on what they should be saying about themselves and their work online?  Something as innocuous as someone broadcasting their travel itinerary or favorite restaurant could set someone up for becoming an unknowing source of information from a  friendly stranger.  Likewise, in the corporate realm,  should companies be thinking about economic espionage and how to keep their employees protected in today’s open society? We know that some agencies and companies have banned the use of social media while on the job but will we see others go as far to try to ban their employees from even participating in the social media phenomenon, putting aside the obvious 1st Amendment issues?

At the same time,  can an argument be made that we have strengthened some aspects of our national security  by making people less susceptible t0 blackmail and compromise by becoming a society that advertises our flaws and weaknesses?   In today’s reality tv environment, we are so much likely to post our embarrassing moments or, at the very least, have friends who will do it for us.

We started the week at HLSWatch wondering if the U.S. government should be using social media and emerging technologies more to prepare and protect its citizens.   We end asking whether our citizens social media participation is providing adequate protections to U.S.  security.


November 18, 2009

Big Lessons from a Little Country: The Entrance Exam

Filed under: Privacy and Security,Terrorist Threats & Attacks — by Mark Chubb on November 18, 2009

This is the first in a short but indefinite series of posts in which I intend to explore, among other things, the lessons I learned while living in New Zealand. Living in a foreign land – even a friendly one – as the events of 9/11 unfolded and the nation went to war (twice), gave me an opportunity to gauge how others see our country and its leaders. It also forced me to consider my relationship to American values I once took entirely for granted. As I was asked to defend my nation’s policies to overseas friends and colleagues, I gained a greater appreciation of our aspirations and their expectations of American leadership. The insights I gained during this period are as much about the place I was living and my experience of it as they are about the country of my birth. I think we can learn a lot from the experiences of others, and, after reading the posts in this series, I hope you will agree.

The invitation to contribute to this blog on a regular basis and the information emerging in the aftermath of the shooting at Fort Hood got me thinking about what it takes to fit in. How do we discern our role in a community and how does that process affect our relationships with others, particularly when we find those others or ourselves in new circumstances?

As I pondered this question, I recalled what happened when I moved to Alabama from the DC metropolitan area in the early 1990s. Within 15 minutes of meeting almost anyone for the first-time I was asked the same three questions, in essentially the same order:

  1. “You’re not from around here are you, boy?”
  2. “What church do y’all go to?” and
  3. “Who y’all gonna root for boy, Auburn or Alabama?”

At first, these questions caught me by surprise, and left me feeling uncomfortable. In time, I came to refer to this inquisition as the Alabama entrance exam.

As a Yankee, I stood out like a sore thumb, so the first question was more or less redundant. The second question struck me as very personal, but after awhile I realized it wasn’t aimed so much at discerning my faith (or potential lack thereof) as seeking to understand where I fit socially, since a good part of Southern life is organized around faith-based communities. The real religion question, as it turned out, was the last one. As the only college graduate in my family who did not attend The Ohio State University, I thought I knew a little bit about football addiction. I was wrong. Utterly and completely wrong.

Alabama was not a closed society, but people were a bit skeptical when it came to outsiders. If you withstood the inquisition without getting upset or defensive about the entrance exam questions, you were off to a good start. In exceptional cases, you might even get to the bonus round where you faced questions like, “Y’all like grits?” and “You got a pocket knife on you boy?” If you got these answers right, you might never be a Southerner, but you would get on just fine with folks.

After about six years in Alabama, I accepted a new job in New Zealand. By then, people had got used to me and I to them, and they responded with surprise when they learned I was leaving Alabama and wondered why I was heading overseas without joining the military and receiving orders to go abroad. New Zealand struck them as obscure and even a bit mysterious, especially when they learned I could not take guns with me (not that I owned any). “Haven’t they heard of the Second Amendment?!” people asked. I responded patiently, “Why, yes, they have. That’s why I can’t take guns with me.”

When people asked about my reasons for leaving for New Zealand, I responded with the same good nature with which I had greeted the entrance exam, “Well, I found I liked it in the south so much that I decided to just keep heading farther south. You know, you can’t get much farther south than New Zealand unless you’re on an icebreaker.” Folks did not appreciate the irony or enjoy the humor in this observation, so they decided that it was probably a good thing after all that I was leaving.

When I got to New Zealand, I discovered that they too had an entrance exam. Now, as you know, it is not unusual for border officials to ask people a few questions when someone seeks entry to a country. These questions seek to establish the purpose of travel, the means of support, and one’s intentions with respect to eventual departure.

That other citizens, in general, might have questions about us (as opposed to for us), may strike us as a bit odd. Since Alabama had been my first experience of this, I took it as a bit strange when New Zealanders too led with questions after an initial introduction.

What really struck me as odd though was that their questions seemed to have more to do with them than with me. Alabamians wanted to know where I fit. New Zealanders wanted to know where they fit. “Why did you decide to move here? How do you like it here?” and “Do you think you might decide to stay?” were usually among the most prominent questions I heard.

Americans have no firm historical ties with New Zealand, at least not in the same way the British, Dutch, Australians, and many Pacific Islanders do. In discussions with my New Zealand acquaintances, it became clear that many considered it odd to many that someone from a distant and prosperous free state would seek to live in such a geographically isolated nation.

Of all the places I have lived, Alabama and New Zealand are the only two where I can recall having been subject to the entrance exam ritual. Over the years, this has caused me to wonder what gave rise to this custom in these places, and why it took such a different form in each instance.

In Washington, DC and Portland, Oregon, where I live now, a sizable proportion of the population comes from someplace else, although these “imports” find themselves attracted to each place for entirely different reasons. Communities with a large number of highly mobile, well-educated residents seem to have a more atomistic culture. Individuals in such places belong simultaneously to many smaller communities, many of which do not identify themselves or their members based on place of residence. As such, many residents of these places often identify with the larger community in name only or possess only a vague or temporary sense of affiliation with the civic life of the wider community.

The complexity and interdependence of the social and economic orders in such places often imbues them with a self-confident character that often seems dismissive of the views of newcomers even when their inhabitants do not disdain such feedback entirely. People in such places have no questions for newcomers because they are either pretty sure they already have all the answers or see no need to pause and ask the questions that might yield them. If and when it turns out they do not know all the answers, these communities often delay their recovery by seeking to establish responsibility even before they have repaired the damage. Smaller, poorer, or more isolated communities do not often have this luxury.

In Alabama and New Zealand, people knew who they were, but wondered anxiously whether they could sustain their identities in the face of globalization. Buffeted by the winds of social and technological change, their questions revealed a latent and barely acknowledged sense of wonder as to whether their cultural and political ties were strong enough to hold their economies and societies together. Despite their past tragedies and their triumphs over them, people in these places confronted their uncertainty about their ability to shape the future and their roles in it in the ways they greeted newcomers.

The uncertainties underlying these questions have profound implications for any culture or society. The fact that such questions have not come to the fore in our homeland security discussions may suggest misplaced confidence in our ability to stand up against the threats we face, which is reflected in our haste to lay blame rather than repair the damage.

In the face of the tragic killings of 13 people at Fort Hood on November 5, I have wondered anew whether we are, in fact, asking the right questions of one another and ourselves. As communities, the military and the medical profession have cultures that are as strong and distinctive as any we could observe, imagine, or define. Both communities embrace and indeed embody the cultural, ethnic, and religious diversity that makes the United States unique among nations. Yet, despite ample evidence that someone in their midst was not fitting in, the members of these communities did not seem to ask themselves the most important questions of all: “Why doesn’t Major Hasan seem to be fitting into our community, and what can we do to help him feel more at home (or at ease) among us.”

These questions and Major Hasan’s answers to them would have given us a clear opportunity to mitigate the threat he allegedly posed without ever requiring us to stretch our imaginations to consider his potential ties to terrorist organizations or to wonder openly about his soundness of mind. Taking care of our community would not have required anything like the investments in surveillance technology and effort underlying his alleged communications with suspected terrorists.

Instead of asking these questions, efforts to address the seemingly abundant evidence of his problems fitting in with military and medical colleagues seem to have taken two decidedly unproductive turns: 1) On one hand, it seems as if his supervisors and peers sought to address issues with his performance as if they were purely technical rather than adaptive problems, and 2) They seem to have decided that his eventual transfer to Fort Hood and deployment to a war zone might make him someone else’s problem, focus him on the mission, or give him a chance to start over. These approaches seem almost as cynical as they are shortsighted and misguided.

Evidence of Major Hasan’s apparent detachment and unsociability should trouble us not because we know the toll his alleged actions took on his comrades at Fort Hood, but because an all-volunteer force relies upon a strong sense of community that reflects a shared sense of sacrifice and commitment to certain values. If anyone is responsible for the failure to prevent Major Hasan’s alleged attack, we all are. As a community, we have an obligation not only to ourselves, but also to one another to help each other figure out how to fit in.

Asking questions of newcomers may make some sense. But we better be sure too that we understand what our questions say about us. The questions being asked about this incident suggest we have a lot to learn about what it takes to make our communities and our society safer and more inclusive places to live. How we answer them will tell us a lot about how well we are adapting to the realities we first acknowledged following the attacks on 9/11.

October 27, 2009

The Right to Be Left Alone…

Filed under: General Homeland Security,Privacy and Security — by Jessica Herrera-Flanigan on October 27, 2009

“That the individual shall have full protection in person and in property is a principle as old as the common law; but it has been necessary from time to time to define anew the exact nature and extent of such protection…

Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right… “to be let alone…

– Samuel D. Warren and Louis D. Brandeis, THE RIGHT TO PRIVACY, 4 Harvard Law Review 193 (1890)

Spencer Hsu of the Washington Post reports today that 28 groups and individuals belonging to the Privacy Coalition are calling for Congress to investigate the Department of Homeland Security’s Privacy Office. The Coalition, in a letter to House Homeland Security Committee, questioned the adequacy of the Office’s work, especially as it relates to the following technologies:

  • Fusion Centers and the Information Sharing Environment
  • Whole Body Imaging
  • Closed-Circuit Television (CCTV) Surveillance
  • Suspicionless Electronic Border Searches

The group seems to be most concerned with the Privacy Officer’s first responsibility, under Sec. 222(a) of the Homeland Security Act, to assure that “the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information.”   The group also finds fault with the Office’s certifications for exemptions to its obligations under the Privacy Act.

The letter’s premise is interesting in that it furthers the privacy versus security rhetoric that has permeated homeland security.  Rather than noting how the two can co-exist, the letter places each against other, with little room for mitigation or reinforcement — which is at odds at how the Homeland Security Act – rightly or wrongly- put together the Privacy Office’s responsibilities.

The Coalition notes that the Department’s Privacy Compliance Group “manages statutory and policy-based responsibilities by working with each component and program throughout the Department to ensure that privacy considerations are addressed when implementing a program, technology, or policy.”  The letter discusses the Compliance process and then criticizes the Department for focusing its efforts on Privacy Impact Assessments to assure that implementing programs build in privacy protections.   That said, it admits that the assessment process is a possible avenue for the Department to protect privacy and then proceeds to criticize the agency for not providing enough examples in an annual report, even though every PIA is listed.

If the Privacy Office is doing all of the above-  it is doing its job.  The Coalition, it would seem, is requesting, in part, that programs be dismantled.  For example,the letter’s section on whole body imaging  suggests that the technology itself is the problem, not the assessment of what privacy measures should be in place.  According to TSA and the Privacy Office’s assessments, TSA has put in place privacy protections regarding the use, collection and disclosure of personal information in the case of whole body imaging.  According to TSA’s website, the following procedures are in place:

  • The officer who assists the passenger never sees the image the technology produces.
  • The officer who views the image is remotely located, in a secure resolution room and never sees the passenger.
  • To further protect passenger privacy, millimeter wave technology blurs all facial features and backscatter has an algorithm applied to the entire image.
  • The two officers communicate via wireless headset. Once the remotely located officer determines threat items are not present, that officer communicates wirelessly to the officer assisting the passenger. The passenger may then to continue through the security process.
  • This state-of-the-art technology cannot store, print, transmit or save the image. In fact, all machines are delivered to airports with these functions disabled.
  • Officers evaluating images are not permitted to take cameras, cell phones or photo-enabled devices into the resolution room.
  • Each image is automatically deleted from the system after it is cleared by the remotely located security officer

If the Privacy Office evaluated the program during its implementation and worked with TSA to require these protections, hasn’t its statutory duty been met?  The Coalition suggestions on the Privacy Office’s responsibilities would require a reinterpretation of the statutory language so as to delete the “protections relating to the use, collection, and disclosure of personal information.”  The Coalition, it seems, would have  the Privacy Office be both judge and jury in deciding whether technologies in and of themselves “erode” privacy in the broadest sense.  That, however, is not the Privacy Office’s mandate.

Don’t get me wrong, the letter does raise some legitimate issues that the Privacy Office does need to address.  For example, in the section relating to Fusion Centers and Closed-Circuit Television (CCTV) Surveillance, it suggests that the Privacy Office should have pushed harder for mandatory privacy protections, rather than guidelines and voluntary efforts.   To the degree DHS has procurement, grant, and partnering decisions over such programs, then  stronger protections should be pursued.

In its closing the letter notes that if DHS’s internal privacy office cannot “protect the privacy of American citizens, through investigation and oversight” then “the situation calls for an independent office that can truly evaluate these programs and make recommendations in the best interests of the American public.” The Privacy Office’s mission, as envisioned by the Homeland Security Act, is not that of an independent voice. That voice was created in the 2004 Intelligence Reform Act with the creation of the Privacy and Civil Liberties Oversight Board, which is neither staffed nor active.  That is where the Privacy Coalition should be focusing its attention.

Indeed, in a letter today, Rep.  Jane Harman and Sen. Susan Collins rightly raised concerns with President Obama re the delayed status of nominations to that board.  That independent board is the watchdog for evaluating the privacy in the programs that the Privacy Coalition has raised.  Its mission includes

in providing advice on proposals to retain or enhance a particular governmental power, consider whether the department, agency, or element of the executive branch concerned has explained—

(iii) that the need for the power, including the risk presented to the national security if the Federal Government does not take certain actions, is balanced with the need to protect privacy and civil liberties.

Notably this responsibility is not included in DHS’ Privacy Office job description. Rather than re-interpreting the DHS Privacy Office’s role or creating ANOTHER independent body – the focus should be on getting the Privacy and Civil Liberties Oversight Board in place so that a voice exists to help the government  to determine when security and our “right to be left alone” clash and what steps need to be taken to assure that our nation is secure and our fundamental values and rights are protected.

August 24, 2009

And clean behind your ears too!

Filed under: Intelligence and Info-Sharing,Privacy and Security — by Philip J. Palin on August 24, 2009

The last couple of weeks I’ve been trying to assess what really happened at Ft. Lewis, Washington. 

Maybe you’ve already heard about John Towery (aka John Jacob), an Army employee, who has been accused of spending two or three years undercover to gather intelligence on Seattle-Tacoma area anti-war organizations.  Mr. Towery is a civilian member of the Ft. Lewis “Force Protection Division” or base security team.  Whether he was free-lancing or operating under orders is an important — and as yet unanswered — question.  (See news stories listed at end of this post.)

Jeff Stein at Congressional Quarterly writes that  Mr. Towery’s, “reports on antiwar groups were going to the Washington Joint Analytical Center, a partnership of local and state police, the FBI and the federal Department of Homeland Security.”

Anjali Kamat with Democracy Now! (see below) broke the story on July 28.  According to the original report, “The activists claim Towery has admitted to them he shared information with an intelligence network that stretches from local and state police to several federal agencies, to the US military.”

–+–

Evidence-based policing is really common sense policing.  You pay attention to what is happening — you give particular attention to known precursors — and you intervene early to prevent or mitigate outbreaks.

This is essentially the application of  epidemiology to law enforcement.  Malcolm Gladwell makes this connection especially clear in The Tipping Point.

Intelligence-led policing is — or can be – the application of active surveillance and early intervention to prevent catastrophic events.  With clear protocols, effective training, and principled supervision such proactive practices can protect and serve communities… and the Constitution.

But we can forget — or more often, neglect — the self-restraint, discipline, external checks and structural balances needed to avoid  the risk of caretakers becoming carriers of the disease they seek to prevent… or something even worse.

Before 1867 most surgeons did not wash their hands.  As they moved from one patient to another the germs they spread probably killed more than their surgery saved.  Their intentions were noble and pure.  Their hands were bloody, both literally and figuratively.

We don’t know — yet — what happened at Ft. Lewis.  But if anyone associated with the military was involved in any aspect of domestic intelligence-gathering, there should have been the strictest of antiseptic – actually prophylactic – protocols. 

Instead it sounds like someone wasn’t even using soap and singing happy birthday.

News Coverage:

Declassified docs reveal military operative spied on WA peace groups (Democracy Now!)

Olympia anti-war group says Fort Lewis employee a spy (The News-Tribune)

Army looking into monitoring of protest groups (New York Times)

Turning the US army against Americans (The Guardian)

June 11, 2009

James von Brunn: criminal predicate, but reasonable suspicion?

Filed under: Intelligence and Info-Sharing,Legal Issues,Privacy and Security — by Philip J. Palin on June 11, 2009

James von Brunn, the alleged assailant in yesterday’s  fatal shooting of Stephen Johns at the Holocaust museum, has a long history of racist, anti-semitic, anti-government speech and action.  Would he have been a proper target for law enforcement intelligence gathering?

Mr. von Brunn is an 88 year-old,  military veteran with a prolific and, until today,  easy-to-access collection of writings attesting to his hatred of certain groups.  Many of these writings and rambling threats have been available at www.holywesternempire.org.  This morning the URL  announces: “HTTP 403 Forbidden.”  He is the author of a 1999 book entitled, Kill the Best Gentiles.

The Southern Poverty Law Center has listed Mr. von Brunn’s website among its large collection of “hate sites.”  The Anti-Defamation League has also monitored Mr. von Brunn. (See more from USA Today.) Would it be appropriate for local, State, or federal law enforcement agencies to collect and store similar information? Or does such information fall within the constitutional provisions of protected speech?

Arguably the most common legal standard for answering the question is 28 CFR, part 23 (or Title 28 of the Code of Federal Regulations, part 23).  This regulation was established, in part, to counter abuse of protected speech by law enforcement agencies in the 1960s and 1970s.

The core legal standard for gathering, collecting, and sharing information (or not) is set out as follows.

§ 23.20 Operating principles. (a) A project shall collect and maintain criminal intelligence information concerning an individual only if there is reasonable suspicion that the individual is involved in criminal conduct or activity and the information is relevant to that criminal conduct or activity. (b) A project shall not collect or maintain criminal intelligence information about the political, religious or social views, associations, or activities of any individual or any group, association, corporation, business, partnership, or other organization unless such information directly relates to criminal conduct or activity and there is reasonable suspicion that the subject of the information is or may be involved in criminal conduct or activity. (c) Reasonable Suspicion or Criminal Predicate is established when information exists which establishes sufficient facts to give a trained law enforcement or criminal investigative agency officer, investigator, or employee a basis to believe that there is a reasonable possibility that an individual or organization is involved in a definable criminal activity or enterprise. In an interjurisdictional intelligence system, the project is responsible for establishing the existence of reasonable suspicion of criminal activity either through examination of supporting information submitted by a participating agency or by delegation of this responsibility to a properly trained participating agency which is subject to routine inspection and audit procedures established by the project.

 In the case of Mr. von Brunn was there reasonable suspicion?  How about criminal predicate?  Were there a sufficient number of “trained law enforcement or investigative agency” personnel assigned to establish reasonable possibility?

I am not a trained law enforcement officer.  But I sometimes train such officers.  If I had, before yesterday’s attack, read Mr. von Brunn’s writings, I would not have perceived strong grounds for ”reasonable suspicion.”  I would have had difficulty reading much of the hate-filled, often turgid prose and would have quickly moved on to other targets of concern. (Even last evening, with the day’s events underlining the potential importance, it was a slog to read.)

If for some reason I was motivated to do additional research, I might have established “criminal predicate.”  In 1983 von Brunn was convicted of several charges and imprisoned for an armed attempt to “arrest” Paul Volcker and other members of the Federal Reserve Board.  But even with criminal predicate in hand, given the quarter-century elapsed and the age of the suspect, it is unlikely I would have established  “reasonable possibility.”

Which would have done nothing to save the life of Stephen Johns and — if not for the response of Mr. Johns and other security guards — my inaction could have led to the death and injury of many others at the museum.

I am not arguing for an easy answer.  I am suggesting the need to wrestle with a very tough question.  We can invest so much in defending pre-established positions that, too often, there is little energy left for crafting an imperfect, but principled solution.

Related background:

Russell Porter testimony: Report Card on Homeland Security Information Sharing

Practical Guide to Intelligence Led Policing

Intelligence Led Policing: New Intelligence Architecture

The Constitution Project: Liberty and Security

America’s growing surveillance state

Intelligence Agency Does Not Distinguish Between Terrorism and Peace Activism

(This event’s connection with the withdrawn DHS report on right-wing extremism is covered by Ed O’Keefe in this morning’s Eye Opener. And if you are looking for evidence of the energy invested in defending pre-established positions, check out the comments on O’Keefe’s report.)

UPDATE:

Museum Suspect’s Writings Had Not Triggered a Probe (Washington Post)

Shootings show threat of ‘lone wolf’ terrorists (Associated Press)

May 19, 2009

Intelligence, of all kinds, benefits from education

Filed under: Intelligence and Info-Sharing,Privacy and Security — by Philip J. Palin on May 19, 2009

UPDATE: The House Homeland Security Committee adopted an amended Resolution 404.  An archived webcast of about 40 minutes and related correspondence is available at: http://homeland.house.gov/Hearings/index.asp?ID=193

I am not certain, but I perceive the amendment as adopted undertakes to achieve the same functional results as the original proposal — accessing source documentation — but without utilizing a Resolution of Inquiry, what is sometimes called a legislative “nuclear option.”  (Please see the House Rules regarding a Resolution of Inquiry.)

Since this quick update on Tuesday several authorities on the rules and rituals of the House of Representatives have confirmed my interpretation of what happened in the Committee.  Making sense of liver and gallbladder entrails can sometimes be a challenge even when fully displayed. (Please see haruspices)

- + -

This morning the House Homeland Security Committee will consider a proposed Resolution of Inquiry (pdf).  If adopted this would require the Department of Homeland Security to release internal documents related to a DHS intelligence product entitled: Rightwing Extremism: Current Economic and Political Climate Fueling Resurgence in Radicalization and Recruitment.

(A copy of the report and the context for it’s original release is available by accessing a prior HLSwatch post.)

A Resolution of Inquiry is a rarely used procedure that requires prompt Committee consideration.  In this instance the proposed resolution is unlikely to be adopted.  Committee Chairman Bennie Thompson has characterized the action as a “GOP stunt.” News reports suggest the Chairman will offer an alternative approach.

The DHS intelligence product, since withdrawn, often indulges in over-broad generalization and fails to support its claims with much evidence.  Criticism of the DHS intelligence product often indulges in over-broad generalization and prefers to ignore evidence that might support the report’s claims.

Last week Secretary Napolitano, responding to questions on the matter during her budget testimony, explained, “It was not authorized to be distributed. It had not even completed its vetting process within the department. It has been taken off of the intel web sites and the lexicon that went along with it was similarly withdrawn. Neither were authorized products, and we have now put in place processes. And it turned out there were really no procedures to govern what went out and what didn’t before, and now there are.”

Vetting outputs is different than ensuring rigorous inputs. In the heated response to the mediocre or worse intelligence product, not much light has been shed on the processes that led to its compilation.  I have heard the following explanations or speculation:

  • The language and treatment was selected to match what the product’s consumers — mostly State and local law enforcement — would find helpful. (The phrase “dumbed-down” has unfortunately been used.)
  • The language and treatment was chosen to highlight a threat some DHS analysts perceive has been given too little attention. (Well, if so,  lack of attention is no longer the biggest problem.)
  • The language and treatment resulted from a rather thoughtless cut-and-paste job from various public sources of information. (For example, compare the contents of the report to Wikipedia’s entry on domestic terrorism.)

An important factor in the analytic anemia demonstrated by the rightwing extremism report is an over-dependence on foreign and military intelligence paradigms when doing domestic risk analysis.

Foreign and military intelligence operations usually have very different purposes than criminal intelligence or all-hazards risk analysis.  Foreign and military intelligence gathering is often covert; domestic analysis should usually be overt and open.  Moreover, inside the United States Constitutional  protections — especially those of the first and fourth amendments — apply in a way that foreign and military intelligence analysts do not need to consider.

From a policy perspective these important differences are widely recognized.  But in terms of education, training, information gathering  processes, analytical procedures, and information sharing the differences are much less well-defined.  Many domestic analysts — especially with classified clearances – have come to their positions from military intelligence operations.  Their extensive military training and experience tends to trump the very modest orientation they receive for their new domestic role.

The need for education and training is especially acute among State and regional fusion centers.  A 2008 GAO survey of fusion center leadership found, “challenges obtaining guidance and training. In particular, they (fusion center officials) cited the need for clearer and more specific guidance in a variety of areas, including standards for analyst training and information-sharing policies and procedures, to help address operational challenges.”

I have never encountered a public safety official who purposefully set-out to abuse the Constitution (I expect such individuals exist, but I have not met them).  I have, however, met plenty of public safety officials — and others — who have received almost no education or training related to Constitutional protections and equally modest preparation in critical assessment of information.

I don’t know — and don’t care — who is to blame for the DHS  report.  We should all care about improving the professional development of those charged with developing such reports.

——————————————–

More background:

A couple of “ancient texts” that may support the argument:

Intelligence Essentials for Everyone  (Joint Military Intelligence College) is an excellent primer on military intelligence, but consider what is missing if the same skills are applied to domestic targets and purposes.

Intelligence Led Policing: The New Intelligence Architecture (Department of Justice, Bureau of Justice Assistance) helps distinguish between foreign and military intelligence and criminal intelligence.  Expansion of these principles to an all-hazards — or all-risks — context is attempted by Catastrophe Preparation and Prevention for Law Enforcement Professionals  (self-promotion alert).

May 17, 2009

DHS National Applications Office (NAO) Update

Filed under: Intelligence and Info-Sharing,Privacy and Security,Technology for HLS — by Philip J. Palin on May 17, 2009

(The following is a guest feature. More information on the NAO and Peter J. Brown is available in a post immediately below)

Prodded by members of the House Homeland Security Committee in particular, Secretary of Homeland Security Janet Napolitano initiated a review of the National Applications Office (NAO) on April 1. Among other things, NAO is designated as the chief source of satellite imagery in support of homeland security, and, state, local, and tribal law enforcement operations.

NAO is overseen by the Under Secretary for Intelligence and Analysis / Chief Intelligence Officer at DHS. President Obama has nominated Philip Mudd to succeed Mr. Allen in this position.

“The NAO charter, signed by the Secretaries of Homeland Security, Defense, Interior, as well as the Director of National Intelligence and the Attorney General, certifies that the NAO complies with all existing laws, including all applicable privacy and civil liberties standards. The NAO is prepared to begin operations to support civil and Homeland security domains. This program is another step in the right direction to leverage geospatial intelligence as we work to secure the Homeland,” stated Mr. Allen last fall.

Last November, a report issued by the Government Accountability Office (GAO) — “National Applications Office: Certification of Compliance With Legal, Privacy, and Civil Liberties Standards Needs to Be More Fully Justified” — challenged that assertion and raised questions about unresolved legal and policy issues. Many members of Congress on both sides of the aisle, government watchdog and civil rights organizations remain unconvinced that a suitable set of checks and balances are in place so that the NAO can go about effectively processing requests for satellite imagery, and then either approving and rejecting them in turn in support of law enforcement operations — engaging in satellite surveillance while upholding an individual’s civil rights, right to privacy, and other legal rights under existing law.

DHS responded late last week to a number of questions, we posed in order to help determine where things stand now. Here are the unedited responses to our questions.

– What is the status of NAO Operations today?

The National Applications Office (NAO) has not yet initiated operations. Secretary Napolitano is reviewing all aspects of the NAO program. The NAO will not begin operations until the Secretary and the other four signatories (Secretaries of Defense and Interior, AG, DNI) to the NAO Charter have approved the NAO to do so.

– Questions have been raised about “DHS Earth” and how this
project overlaps with NAO. Has DHS examined this and what is the recommendation from DHS concerning this situation?

DHS Earth provides a “Google Earth” based platform for the provision of some general layers of information that are relevant to DHS agency use.

DHS Earth is solely a dissemination method and analytic tool for some uses and users. To the extent DHS Earth has controls in place to protect individual privacy, civil rights and civil liberties, it could provide a good dissemination means for some unclassified NAO products in the future, consistent with all other proper use requirements under law and policy.

By contrast, NAO was established to meet the needs of non-traditional intelligence users by facilitating access to national intelligence capabilities by such users. NAO will also provide analytical capabilities for the many non-traditional users who do not have such specialized capabilities themselves. As a component of the federal government, NAO is necessarily bound by applicable laws, regulations, policies and procedures as it performs its mission. These multiple layers of safeguards are designed to ensure that all NAO operations respect and preserve the privacy, civil rights and civil liberties of the American public.

– Regarding the NGA Support Team (NST) embedded within DHS which facilitates NGA’s collaboration with DHS, what role does – or will – the NAO play with the NST in developing an effective and elastic common operational picture (COP) for local law enforcement as part of the Homeland Security Information Network?

Through the NST, NGA will partner closely with NAO to support the information requirements of NAO customers. In addition, NGA has a long-standing history of providing geospatial intelligence to both federal government and non-federal government customers. It has well-established, time-tested procedures in place for ensuring that it meets its customer needs in the best way possible, within all legal and policy boundaries. Through the NST, NGA is sharing its corporate knowledge and experience with NAO to ensure that NAO also acts efficiently, legally, and properly in all its operations.

Under current law, NAO is precluded from working on law enforcement issues until the Secretary has certified that NAO meets all applicable privacy and civil liberties standards, and that certification has been reviewed by GAO, with results communicated to the Congress. NAO future plans are premised on handling customer requests and providing requested information through the mechanisms that customers use, and not creating new delivery methods. NGA, through the NST, will be a key partner in meeting that objective.

– And how does this COP-related activity relate or tie into broader efforts at DHS to ensure that layered geospatial visualization supports critical infrastructure protection at the local level via an open architecture-based and enterprise-based approach accessed across all components of DHS?

The National Operations Center (NOC) is in charge of the DHS COP. If the NOC requests geospatial support from the NAO, those requests will be handled consistent with all legal, privacy, and civil rights/civil liberties concerns and guidelines.

– Is the current satellite imagery analysis capability of the FEMA Mapping and Analysis Center deemed adequate? If not, what is being done to address this situation? How is the uncertainty surrounding NAO impacting FEMA in this regard?

NAO’s current status has not had a direct impact on FEMA’s capabilities because FEMA is directly serviced by NGA and others for current imagery needs.

– Can you comment on the status of the proposed shift of the Civil Applications Committee from Interior to DHS?

The Civil Applications Committee (CAC) itself will not shift from
Interior to DHS. The functions of the CAC will transition to the NAO, per the requirements of the NAO Charter. The NAO charter spells out that when these functions shift, the CAC and its Charter will sunset and the former CAC functions would be fully integrated into the NAO.

– Customs and Border Protection (CBP) issued an RFI for Multi-role Enforcement Aircraft (MEA) last year. Is there a mechanism in place whereby the imagery and other sensor data gathered by DHS aircraft or Unmanned Aerial System (UAS) is shared with local law enforcement?

The MEA and UAS programs fall under CBP – please contact the CBP Public Affairs office at 202-344-1780. (Update: In early May, CBP issued a Request for Proposal (RFP) for up to 40 MEA’s for use by CBP’s Air and Marine Office. The goal is to procure commercially-available turboprop aircraft primarily for maritime and ground surveillance missions as well as for tracking other aircraft. The RFP requests MEA support for other missions as well.)

– Is the growing conflict along the US – Mexico border changing the debate over NAO or triggering any discussion of possible changes to NAO or the (potential for) imagery-sharing raised in Question #8?

The Secretary has made no decision regarding NAO missions at this time.

Guest feature on the National Applications Office

Filed under: Intelligence and Info-Sharing,Privacy and Security,Technology for HLS — by Philip J. Palin on May 17, 2009

Immediately following is a guest post by Peter J. Brown, a close observer of emergency communications and satellite operations at DHS and FEMA.   The post consists of questions Mr. Brown posed to the Department of Homeland Security about five weeks ago and the answers he received last  Friday. 

According to the official DHS backgrounder the National Applications Office, “is the executive agent to facilitate the use of intelligence community technological assets for civil, homeland security and law enforcement purposes within the United States.”  For more detailed background see the NAO Charter.

NAO has attracted scrutiny, skepticism, and more for the alleged use of satellites to spy on the American people.  Last July, Charlie Allen, former Director of the Office of Intelligence and Analysis, made a case for continuation of the NAO.

Peter J. Brown’s most recent published commentary on emergency communications and related matters appears in the October 2008 issue of  “Disaster Medicine & Public Health Preparedness“, a journal of the American Medical Association (subscription required).  He has also previously addressed the NAO and the National Emergency Communications Plan here at HLSwatch.

March 20, 2009

Learning Intelligence and Protecting Privacy

Filed under: Congress and HLS,Intelligence and Info-Sharing,Privacy and Security — by Philip J. Palin on March 20, 2009

On Wednesday the House Homeland Security Committee, Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment held a hearing entitled, Homeland Security Intelligence and Limitations.   Access the link for prepared statements and a video of the hearing itself.

Local law enforcement pressed for a more proactive counterterrorism stance, especially in the use of Suspicious Activity Reports. Local law enforcement also asked for more and better federal cooperation in sharing intelligence.  This is hardly a headline. 

The director of the ACLU’s Washington legislative office offered,  “… an unfocused all crimes, all hazards approach to intelligence collection poses significant risks to our individual liberties, our democratic principles and, ironically, even our security.”  Once again, not exactly a surprise.

Unfolding before us in the Cannon House Office Building  was empirical evidence for quantum theory’s notion of parallel universes existing in shared space.  Each side was complete unto itself and detached from the alternative experience with which it was sharing space.  You could perceive subcommittee members playing political cosmologists and working to link the two. But – so far – this apparently exceeds human wisdom.

Other than space, those testifying seemed to share very  little interest in training and education.  Laws, regulations, internal controls, standards, guidelines, strategies, principles, and priorities were all discussed at some length.  Helping law enforcement  professionals learn how to practice intelligence functions effectively and constitutionally… not so much.

For many years the International Association of Law Enforcement Intelligence Analysts has facilitated helpful training.  The DHS Office of Intelligence and Analysis offers training to its state and local partners.  Last year DHS awarded a grant to the National Consortium for Intelligence-Led Policing.  It received $2.48 million to, in part, develop and deliver training and education.  More is being done.  More could undoubtedly be done.

But sometimes we become so preoccupied by “what” we neglect the “how.”  I have never talked to a cop who wanted to undermine the constitution.  I am sure they exist, but I have not talked to one.  I have talked to plenty of cops and other public safety professionals who do not receive any regular training beyond the absolute minimum to keep their badge.  That’s a problem for all sorts of reasons.

March 10, 2009

Fusion Center Focus

Filed under: General Homeland Security,Intelligence and Info-Sharing,Privacy and Security — by Philip J. Palin on March 10, 2009

The National Fusion Center Conference opens today in Kansas City.  In her recent testimony before the House Homeland Security Committee Secretary Napolitano signaled that her remarks to the conference should be of particular interest.  She is scheduled to keynote at 3PM Central Time on Wednesday.

The President’s budget proposal to Congress has increased federal support for state-operated fusion centers.  This sustained support is consistent with recommendations of  an April 2008 GAO study .

The fusion centers are an essential element in anticipating and preventing terrorist activity.  In some jurisdictions the counterterrorism mission is combined with an “all-crimes” mission.  This is consistent with the practice of intelligence-led policing. In a few jurisdictions the fusion centers are assuming an “all-hazards” mission that begins to build a regional capacity for real risk analysis.

This week’s Time magazine opens and closes a story on fusion centers by highlighting concerns about privacy rights.   The potential for abuse is present.   Widely criticized covert investigations by the Maryland State Police did not involve the Maryland Fusion Center, but illustrate the cause for concern.   The American Civil Liberties Union is giving fusion centers ongoing critical attention.

Federal guidelines for fusion centers are explicit and detailed in protection of privacy rights.  Federal statutes, in particular 28 CFR, Part 23, establish rigorous standards for intelligence collection, almost always requiring reasonable suspicion or criminal predicate.  Ongoing training and enforcement is needed to preserve the operational benefits of the fusion centers.

« Previous PageNext Page »