Homeland Security Watch

News and analysis of critical issues in homeland security

February 17, 2016

Exploring the Dark: “Use an electron microscope to read the encryption key”

Filed under: Cybersecurity,Legal Issues,Technology for HLS — by Christopher Bellavita on February 17, 2016

On February 16th, the United States District Court for the Central District of California issued an order compelling Apple to assist federal agents search an iPhone that belonged to one of the attackers in the San Bernardino shooting.  You can read the court’s three page order here:  https://assets.documentcloud.org/documents/2714005/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf.

Lawfare’s Robert Chesney describes the legal dynamics surrounding the order here:  https://www.lawfareblog.com/apple-vs-fbi-going-dark-dispute-moves-congress-courtroom.

On February 17th, Apple issued a public letter explaining why they will contest the court’s order.  That letter is here:  http://www.apple.com/customer-letter/

Trevor Pott, writing in The Register, explains why Apple’s argument is wrong.  That explanation is here:  http://www.theregister.co.uk/2016/02/17/why_tim_cook_is_wrong_a_privacy_advocates_view/

A comment on Slashdot by someone named adamstew describes some of the technical details involved in doing what the court has ordered:  http://slashdot.org/comments.pl?sid=8756397&cid=51524693

The subsequent comments bring the reader further down into a technology hole. The trip illustrates knowledge required to navigate this rapidly growing branch of homeland security.

For a conceptual end run around the usual cyber “going dark” arguments, see the Berkman Center for Internet and Society’s February 2016 report, “Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” available here: https://cyber.law.harvard.edu/publications/2016/Cybersecurity/Dont_Panic.

From the report:

In this report, we question whether the “going dark” metaphor accurately describes the state of affairs. Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible? We think not. The question we explore is the significance of this lack of access to communications for legitimate government interests. We argue that communications in the future will neither be eclipsed into darkness nor illuminated without shadow…. The report outlines how market forces and commercial interest … point to a future with more opportunities for surveillance, not less.

November 24, 2015

GAO: BioWatch is unreliable

Filed under: Biosecurity,Budgets and Spending,DHS News,Technology for HLS — by Philip J. Palin on November 24, 2015

According to the Government Accountability Office (complete report, 101 pages, available):

The Department of Homeland Security (DHS) lacks reliable information about BioWatch Gen-2’s technical capabilities to detect a biological attack and therefore lacks the basis for informed cost-benefit decisions about upgrades to the system. DHS commissioned several tests of the technical performance characteristics of the current BioWatch Gen-2 system, but has not developed performance requirements that would enable it to interpret the test results and draw conclusions about the system’s ability to detect attacks. Although DHS officials said that the system can detect catastrophic attacks, which they define as attacks large enough to cause 10,000 casualties, they have not specified the performance requirements necessary to reliably meet this operational objective. In the absence of performance requirements, DHS officials said computer modeling and simulation studies support their assertion. However, none of these studies were designed to incorporate test results from the Gen-2 system and comprehensively assess the system against the stated operational objective. Additionally, DHS has not prepared an analysis that combines the modeling and simulation studies with the specific Gen-2 test results to assess the system’s capabilities to detect attacks. Finally, we found limitations and uncertainties in the four key tests of the Gen-2 system’s performance. Because it is not possible to test the BioWatch system directly by releasing live biothreat agents into the air in operational environments, DHS relied on chamber testing and the use of simulated biothreat agents, which limit the applicability of the results. These limitations underscore the need for a full accounting of statistical and other uncertainties, without which decision makers lack a full understanding of the Gen-2 system’s capability to detect attacks of defined types and sizes and cannot make informed decisions about the value of proposed upgrades.

July 21, 2015

HHS emPOWER Map – how many rely on electric powered medical equipment in your community?

HHS has developed an online tool that maps the number of people using electric powered equipment for their health down to the zip code level. This could include things such as ventilators, wheelchairs, and other devices required by some individuals to live independent lives but which also puts them at risk when the electricity goes out.

Kristen Finne, a Senior Policy Analyst with ASPR at HHS, explains in a blog post:

As many of the people who use electricity-dependent equipment are Medicare beneficiaries, the HHS emPOWER Map provides the total number of Medicare beneficiary claims for certain electricity-dependent medical and assistive equipment down to the zip-code level. It also provides National Oceanic and Atmospheric Administration (NOAA) “real-time” severe weather tracking to assist community members in identifying areas that may be at risk for weather-related power outages.

What is this information good for?  Back to Finne:

Beyond the total number of people who rely on electricity-dependent medical equipment, health officials also can collaborate with ASPR to obtain additional de-identified data that provides the totals for each type of equipment in their community. By working with health officials and using this important tool:

  • Emergency managers can determine whether emergency shelters need a larger generator to accommodate an influx of electricity-dependent residents.
  • Community organizations and businesses can plan with emergency managers and health departments and offer a place for some residents to plug in and recharge the batteries.
  • Electric companies could prioritize power restoration based on the concentration of electricity-dependent residents in given areas.
  • Hospitals could better anticipate local medical needs and be better prepared to handle a potential surge of patients in an emergency.

Basically, the Center for Medicare and Medicaid Service (CMS) provides data without any personal identifying stuff about how many people down to the zip code get reimbursed for this equipment. ASPR then took this data and combined it with a zoomable map where one can search for these numbers for any community, and included a weather app as well.  So good work by HHS, in general, and ASPR, in particular.

You can access this tool here: http://www.phe.gov/empowermap/Pages/default.aspx

March 24, 2015

Body Cam Ripples Will Become Waves

Filed under: Technology for HLS — by Max Geron on March 24, 2015

We’ve only begun to see the reality of police work thanks to body cameras.

In March of 1989 the world was given an inside view of the profession that I’ve been fortunate to be a part of for the last 23 years when the television show COPS premiered on the FOX network. That was as close to the reality that thousands of others and I experienced in the ensuing decades than anyone has come to sharing.

Body cameras will do even more.

police lapel-camera-web

Just as body cameras are a disruptive technology, the ripples of the reality that officers face will be disruptive to American society.  We’ve already seen a glimpse of those ripples in the revelation of the Jason Harrison shooting that occurred on June 14, 2014 – the body camera video being released only a few weeks ago.

Many citizens are highly critical and raise doubt about the dangers of a man with a screwdriver. Many officers however, view the video convinced of the dangers that a screwdriver can pose.  Mere days after the Harrison shooting a teenager was attacked and stabbed (nearly to death) in Dallas with a screwdriver.

The point of this post is not to justify the actions of the officers. The purpose is to illustrate the divide in perceptions of threats and reasonableness of actions that appears to exist between many police and the general public, and how body cameras will continue to reveal that divide.

Body cameras will show the ugly realities that officers face. The cameras will fail to answer all of the questions or provide all of the information necessary to form a complete, educated opinion of any situation.  Additionally they will provide an opportunity to replay incidents like the Harrison shooting in frame-by-frame detail, giving opportunities to you and me that were never afforded the officers in the field.  The ability to do so is neither fair nor unfair to the officers, it just is the reality of the technology and world in which we live.  What we do with that ability is critical.

Furthermore, body cameras will continue to provide access to the confusion that comes in the midst of the most stressful situations an officer will likely ever be involved in. There will be seemingly irrational questions by officers about whether or not they should handcuff a dying man, or the yelling for the man to drop a screwdriver after he’s been shot.  To police officers, those commands are natural and make sense because officers are trained to give those orders.  They are not sitting at a screen watching the video, they are living with the adrenaline coursing through their system and working to control their very natural fight or flight responses.

We will see more videos where officers initial statements do not match exactly what the video shows.  In these highly stressful situations we can expect that because of the way the brain processes information – in part, we don’t know exactly on what the individual officers were focusing their attention when the incident occurred.  We already know that witnesses recall things differently and police are humans as well.  That will not stop attorneys from capitalizing when there are differences in officers’ recollections.  That will also not stop some critics from accusing officers of lying when it occurs.  That too is the reality and part of the disruption.

Get ready, because we will see videos of horrific accident scenes where officers arrive and swear a person was just talking to them when the video will reveal they were clearly not and were likely already close to death.   We will see the limits of individuals’ cognitive abilities when exposed to extreme stress.  The hope of the officers lies in the psychologists and medical experts to explain discrepancies in what officers had the availability of seeing and what they actually recall seeing.  So far most of the discussion has been by attorneys, unions, journalists and activists.

Transparency and open objective discussion along side research and clinical study on cognition under stress will be imperative to our understanding what happens during these critical incidents.  We will be witness to other scenes that, in fairness to all, will require more explanation and critical thought.  The videos will speak for themselves but be assured that what they say will in all likelihood not be the final word.


Major Max Geron works for the Dallas Police Department. He is a security studies scholar who received his master’s degree in Homeland Security from the Center for Homeland Defense and Security at the Naval Postgraduate School. The opinions of the author are his own and do not necessarily reflect those of the Dallas Police Department or the City of Dallas.


July 30, 2014

White House Innovation for Disaster Response and Recovery Demo Day

Filed under: Technology for HLS — by Arnold Bogis on July 30, 2014

Yesterday the White House hosted the Innovation for Disaster Response and Recovery Initiative Demo Day.  What exactly? Elaine Pittman from Emergency Management magazine explains:

Emergency managers converged with the tech community in Washington, D.C., to discuss tools that can create more resilient communities and also positively impact disaster preparedness, response and recovery. The White House Innovation for Disaster Response and Recovery Initiative Demo Day on July 29 showcased new innovations in both government and the private sector that aim to aid the survivors of large-scale emergencies.

The key goal is to “find the most efficient and effective ways to empower survivors to help themselves,” said U.S. Chief Technology Officer Todd Park, adding that there have been many technological advancements since Hurricane Sandy in 2012.

Ms. Pittman provides a list of companies and government agencies that announced their work during the event.

CITY72 TOOLKIT — San Francisco launched an open source tool based off its emergency preparedness portal, SF72 portal. The City72 Toolkit helps emergency managers create their own site, while benefiting from lessons learned by San Francisco. Kristin Hogan Schildwachter, external affairs specialist for the city’s Department of Emergency Management, said current messaging focuses on pushing people to extremes and doesn’t build on current tools that the public is already using to communicate. The customizable Web platform is also in use in Johnson County, Kan., and branded as JoCo72.

AIRBNB — The sharing economy platform used to locate a place to stay now has memorandums of understanding in place with Portland, Ore., and San Francisco to work with the cities before, during and after an emergency. Airbnb’s director of public policy and civic partnerships, Molly Turner, outlined the four parts of the partnership:

  1. to identify hosts who will house emergency workers and survivors;
  2. to provide preparedness materials to hosts;
  3. to provide emergency alerts to hosts and their guests about hazards; and
  4. to provide community response training to hosts, helping them to become community leaders.

POWER OUTAGE DATA — Going forward, a number of electric companies will publish their power outage and restoration data in a standard format so that tools like Google Crisis Map can make the information easily accessible to the public. During Hurricane Sandy, this information wasn’t openly available, leading Google to post links to the different utilities’ sites but not being able to incorporate it into its information, according to Nigel Snoad of the company’s Crisis Response and Civic Innovation arm. He also said another addition is that Google will include crowdsourcing capabilities in the Crisis Map.

LANTERN LIVE — Inspired by lessons learned from Sandy where situational awareness was lacking, particularly around the status of fuel and which gas stations were open, the U.S. Department of Energy is preparing to beta test Lantern Live, a new mobile app. Its features will include: the status of gas stations; the ability to report a power outage and downed power lines with geolocated information; and emergency preparedness tips.

DISASTER ASSISTANCE AND ASSESSMENT DASHBOARD — Appallicious launched a new disaster dashboard that aims to make rebounding after devastation more manageable. Get an in-depth look at the Disaster Assessment and Assistance Dashboard.

GEOQ — The National Geospatial-Intelligence Agency announced its crowdsourcing tool, GeoQ, which allows users to upload geo-tagged photos of an area impacted by an emergency. Raymond Bauer, the agency’s technology lead, said the tool is available for anyone to participate or work with the code via open source.

NOW TRENDING ON TWITTER — Helping emergency managers and public health officials, a new website, nowtrending.hhs.gov, searches Twitter data for health and natural disaster topics and analyzes that data. Karen DeSalvo, national coordinator for health IT, said the tool scours social media and looks for topics that could turn into public health emergencies.

DISASTER DATA — Coming soon, the new site disaster.data.gov aims to become a resource for preparedness and can also be used during and after an emergency. More than 100 tools from the public and private sectors have been submitted for inclusion on the site, and it will also host disaster-related data sets.

I don’t believe this is the entire event, but here is a video that the White House posted on YouTube:

UPDATE: Never mind about that video.  I watched earlier this evening, but apparently the White House has taken it off of YouTube and their own website.  And while the event itself was webcast live, apparently it is too sensitive to let a recording remain on the internet.  Obviously, as it dealt with homeland security issues, it was determined to be FOUO…

UPDATE 2: Obviously, my biting sarcastic comments shamed the Administration to re-post video of the event…or, just perhaps, they experienced some technical difficulties earlier (cough, Obamacare website, cough…) and they have now fixed things and are sharing the presentations from the day. They are rather interesting and worth your time to watch.

March 27, 2014

Dignity in Disaster

Filed under: Catastrophes,Disaster,Preparedness and Response,Risk Assessment,Technology for HLS — by Philip J. Palin on March 27, 2014

Shigeru Ban has been awarded the 2014 Pritzker Architecture Prize.

The Japanese architect’s practice is comprehensive, but he has given particular attention to innovative design, materials, and construction techniques for post-disaster settings.

He was one of the first to use — and creatively adapt — cargo containers for use as human shelter. (See here application in Northeast Japan following 3/11.)

No one else has so beautifully and effectively deployed cardboard.  Originally conceived as a quick and inexpensive means of providing temporary post-disaster housing in Rwanda, Kobe, Haiti and elsewhere, the material is now recognized as a sustainable, resilient, and flexible resource for an extraordinary range of form and function.

Cardboard Cabin_shigeru

Cardboard Cabins (Kobe, Japan) photo found here.

Below is the “Cardboard Cathedral” replacing the much-mourned earthquake pummeled Christchurch Cathedral in New Zealand.   It has been found that with regular maintenance — mostly painting — these temporary structures can be long-living.

In response and recovery we often begin at the base of Maslow’s Hierarchy of Needs: water, food, and basic shelter.  Too often we are inclined to ignore the higher reaches of beauty, inspiration, and hope.  Shigeru Ban’s architecture demonstrates attending to biological fundamentals need not exclude engaging the psychological and spiritual.

Cardbaord Cathedral_Stephen Goodenough Photo

Cardboard Cathedral (Christchurch, New Zealand) photo by Stephen Goodenough

April 11, 2013

Redundant from L. redundantem (nom. redundans), prp. of redundare “come back, contribute,” lit. “overflow,” from re- “again” + undare “rise in waves,” from unda “a wave”

Filed under: Budgets and Spending,Intelligence and Info-Sharing,Technology for HLS — by Philip J. Palin on April 11, 2013

You may have seen the headlines:  Redundant Federal Programs Waste Billions (USA Today).

Or heard something similar:  Latest GAO report reveals 162 areas of redundancy across government (Federal News Radio).

Most of the broadcast news mentioned something about catfish inspectors and each military branch developing its own camouflage  uniform. Conservative or liberal — from inside or outside government — it is the kind of “news” that fails to create any new brain synapses and, probably, calcifies our current neural networks.

This lack of real thinking reflects the way information is headlined and how we typically receive the information, not what GAO is actually reporting.

The Government Accountability Office study released on Tuesday references several Department of Homeland Security practices.  In addition to a list from prior years, two more are highlighted in this most recent report:

Department of Homeland Security Research and Development: Better policies and guidance for defining, overseeing, and coordinating research and development investments and activities would help DHS address fragmentation, overlap, and potential unnecessary duplication.

Field-Based Information Sharing: To help reduce inefficiencies resulting from overlap in analytical and investigative support activities, the Departments of Justice and Homeland Security and the Office of National Drug Control Policy could improve coordination among five types of field-based information sharing entities that may collect, process, analyze, or disseminate information in support of law enforcement and counterterrorism-related efforts—Joint Terrorism Task Forces, Field Intelligence Groups, Regional Information Sharing Systems centers, state and major urban area fusion centers, and High Intensity Drug Trafficking Areas Investigative Support Centers.

I am sure any post-hoc study of  research-and-development or intelligence-gathering (even more-so intelligence creating) activities will always find a wide range of decisions and actions  hard to defend.   Any careful audit should find hundreds or thousands of hours obviously lost on following bad leads, interminable meetings, unnecessary travel, dysfunctional turf protection, and much, much more (or actually less and less).  A thorough analysis could authoritatively map how one failure led to another and another.

R&D and the intelligence process share a concern with anticipating, even creating the future.  Once we arrive at the future we can usually look back and bemoan (or self-justify) the dead-ends and circuitous paths chosen.   We may even be able to recognize how alternate — preferable? — futures were very close-at-hand, but have now receded in our wake.

Malcolm Gladwell argues that ten years and 10,000 hours are — along with other crucial inputs — prerequisites to “outlier” success.  What  would an audit at five years and 5000 hours find? What does a half-made success look like? Thomas Edison famously said, “I failed my way to success.”

In the commercial world “redundancy” is often called competition.  In biology redundancy is very closely related to diversity.  In engineering and other design applications redundancy is sometimes valued rather than maligned.

This is not to discourage DHS from looking hard at its research-and-development policies.  The improved coordination of field-based information-sharing sounds like a win-win.  But fragmentation, overlap, and duplication are not always net negatives.  Elinor Ostrom and her colleagues found that polycentric governance — featuring considerable fragmentation, overlap, and duplication — is often more effective at achieving policy goals than more centralized and “efficient” structures.

[Redundancy = Bad] is a dangerous heuristic.  Stop using it.

November 2, 2012

Portrait of a family

Filed under: General Homeland Security,Technology for HLS — by Christopher Bellavita on November 2, 2012

One of the many stories emerging from the Sandy experience. This one comes from a friend back east.

I had a very interesting technology experience over the past 24 hours. I know we have heard and discussed this many times but it was surreal to actually observe it in real-time.

Monday Afternoon

– Hurricane winds and rain begin.

– I monitor the storm on cable news and weather channel.

– My wife uses the internet.

– My 17 and 12 year olds monitor by texting with friends.

– My 15 year old monitors through Facebook.

Tuesday Early Morning

– Power is out, house telephone is out and cable and internet are out. Generator gets water and some lights going but not cable and internet because of downed wires.

– I find out from my smart phone that a message was left on the house phone voicemail service (I get house phone messages emailed to my smart phone) that school begins two hours late.

– My son’s I-touch does not connect to the internet because the internet service around town is out. He exclaims that he has been cut off from the outside world.

– The cell phone batteries begin to die and texting ceases.

– While the rest of the family’s electronics either don’t work or have run out of batteries including dimming flashlights, I am good. I have my combination radio, flashlight and phone charger that operates by hand crank and solar – no batteries (thank you annual NPR fund drive gift). I have plenty of light and can listen to news about the damage and closings and can charge my smart phone.

Tuesday Late Morning

– Power is still out.

– Kids are at school which has power.

– My wife drives to work only to discover the college where she works is closed. Because of the outages, the college was unable to update their website with closing information and something happened to the automated texting service.

– My wife returns home and announces that she can’t do anything at the house because the internet is down. I remind her that just 13 years ago, we did not even have internet service at our house and that she would have killed back then for a day off to get caught up on life. Apparently, life ceases to exist now without the internet.

– I go to main street to the local coffee shop in search of internet. On one side of the shop are the old–timers who are sharing stories of what streets, homes and stores are damaged or closed. Every newcomer through the front door gets a personal briefing. In the back of the shop are younger folks trying desperately to share the single electric outlet to charge a table full of smart phones, tablets and laptops. They are frantic and stressed that they can’t get on Facebook or text. Meanwhile, the old-timers are laughing and sharing information word of mouth and organizing groups to go to help friends around town. The coffee shop becomes the town’s information center.

– I came into the coffee shop feeling kind of depressed and lethargic. I left 4 hours later feeling energetic and with a sense of camaraderie with the rest of the community. Friends had either seen me at the coffee shop or heard I was there and I received text messages offering up houses with power for me to work at.

Tuesday Night

– Power is still out.

– The kids announce that they can’ do any homework or prepare for next day debates or quizzes because they do not have internet access.

– We head out to McDonalds with two laptops thinking we can have a quick dinner and use their wireless to do homework. As we eat, two customers with laptops in hand are running around the restaurant with the manager trying to get the wireless to work. No luck, the whole internet service to the area is down.

– We head back home. It is raining again and we can’t run the generator in the rain. So my sons construct a lean-to out of tarps, ladders, bungee cords and other miscellaneous things found in the garage. They now have a direct interest in the generator which for the past year I could not get them to take time to learn about. We talk about how it works. We head into the basement and continue the conversation at the fuse box as we switch over circuits from the electric grid to the generator. I have them do all the work. When the house lights up and toilets are flushing, both boys are feeling pretty proud of themselves.

– We sit at the kitchen table and my 15 year old is panicking because he can’t get on the internet to prepare for his school debate. So I ask, what is the topic? He says, “We have to defend whether modern day text books should refer to the abolitionist John Brown as a freedom fighter or terrorist.” This led to a great debate amongst the family around the kitchen table. What is a freedom fighter? What is a terrorist? Was Osama Ben Laden a freedom fighter during the 1980s? At what point did his actions make him a terrorist? After 45 minutes, my son had all the talking points he needed and the rest of the family had fun helping.

– I did not have as much luck helping my other son with his calculus homework.

– I announce that at 10pm I am going to shut the generator off for the night and will restart it at 6:30am. Everyone was looking forward to a good night’s sleep. They were done with their work and in bed by 10pm. At 10:15pm, the power came back on. Everyone got out of bed retreated to their own separate spaces and fired up computers and I-touches. The internet was streaming from every room and no one went to bed until 11:30pm and of course, I couldn’t get anyone out of bed at 6:30am the next morning because they were tired.

October 2, 2012

“It is well that war is so terrible, or we should grow too fond of it.”

Filed under: Technology for HLS — by Dan OConnor on October 2, 2012

Recently I received a notice in my mail box about a new documentary. I get them from time to time and I scan them to see if any catch my interests. This one, called Robot Wars, immediately caught my attention.

This is interesting on a couple of fronts. First, it was put together by Al Jazeera and the narrator, Josh Rushing, is the former Marine Corps public affairs officer who was character assassinated endlessly for taking a job with them. Second, some of the interviewees discuss how Americans have become less tolerant of their youth coming home in body bags.

Also prominently featured is Peter Warren (PW) Singer, a noted political scientist and author of Wired for War. In his book, Singer discusses the rapidity of technological change and how wars are fought and the impact on politics, economics, laws, and the ethics that surround war itself.

So we use robots more; a lot more. This may be the continuation of creating stand off distance for warfare. But this technology is changing warfare.

Today there are more than 7,000 drones and 12,000 ground robots in use by all branches of the military. These systems mean fewer American deaths and also less political risk for the US when it takes acts of lethal force – perhaps even outside of official war zones.

Some people see the growth of drones and robots as acceptable because the provide tactical advantage and decreases vulnerability of U.S. assets. Others criticize the growth because it suggests that drone or UAV warfare has devolved into a video game where the operator can enjoy a Starbucks and still make it home on time to catch their child’s ball game. The outcome is we now have killing from 8000 miles away in a box in Nevada or wherever, never smelling the cordite, acrid smoke, burnt and rotting flesh nor sensing the destruction they have caused.

As he observed the carnage during the Battle of Fredericksburg, General Robert E. Lee said, “It is well that war is so terrible, or we should grow too fond of it.”

Sometimes I wonder if by making war too easy and not seeing the carnage we are growing “too fond of it.”

Has our fondness for technology and a growing risk aversion for loss made one of these arguments of UAV warfare correct?

Do the UAV or robot operators at far off distances have an understanding of war and death? They may say they feel the sense of urgency and fear but their argument cannot possibly be compared to the Marine or Soldier in harms’ way. They do not deal with the consequence, the smell, the after effects, the detritus of war. It is an extension of the pilot leaving the battle space.

Another issue and one that I have discussed at length with Marines returning from extended combat in Sangin and Fallujah are the dehumanizing aspects of UAV combat and death from afar. When a sniper engages an enemy he does so with a magnified animation of the individual. There is some degree of interaction or, better described, transfer of humanity.

Some see the UAV attacks as much less so. While “surgical” they do leave one with the idea that surgical is relative and a 500 lbs explosion is not as discriminate as we say it is. Is our moral imperative, the one we profess to have, compromised by the way we value our enemies’ life and how we kill them?

From a purely spiritual perspective and from someone who has trained to do this for a long time, I always felt it necessary to realize that taking another’s life should never be an easy task, politics and nationalism aside. Many of those engaged in war are conscripts, pushed out in front of their Nation by others and given choices that are none too selective. So in that light, it must cross one’s mind that killing another son, father, brother, daughter, mother, sister etc. is not trivial. That process makes at least defining and identifying what the Nation asks its military to do a reasonable humanity test.

The irony here is that in order to do something very well you kind of have to like it, which is in direct conflict with the previous thought. To be really good at fighting you have to like it. To like fighting is to like killing. Is that the bridge? Is that accurate? Talk to combat veterans and they will tell you there is no rush like fighting. War is intoxicating. Or is it? A topic for another debate.

I think we are getting too good at rationalizing away why we fight and how difficult it is to kill.

Most people will tell you they don’t fight the enemy as much they fight for their mates left and right. That’s probably accurate. That is also an argument against having an all-volunteer force vice a conscription force.   The all-volunteer forces are more apt to comply because of career decisions. This is not my argument. It is one I have heard from both former Vietnam draftees and others not enamored with the “military industrial complex.” And we have figured out how to make our fighters adept at killing, something they may not have been good at 50 or so years ago.  (For more on that, read On Killing: The Psychological Cost of Learning to Kill in War and Society, by David Grossman.)

With regard to hunting high value targets, terrorists and their leaders are probably worthy targets, and there is a good argument to be made. I’m not being flippant here. But when lawyers spend great amounts of time trying to justify activities, it makes me a little squirrely. This is the slope I see us on.

So using robots, UAVs, drones and their ilk is an extension of protecting our fighters — something that borders on risk aversion in lieu of answering policy questions. But it also devalues our enemies and life in general. This therefore amplifies the terrorists desire to strike us, because 99+% of the population has little understanding of what we ask the military to do and how they do it. They just watch war porn on Youtube and play it on Xbox.

Madeline Albright infamously said, “What’s the point of having this superb military that you’re always talking about if we can’t use it?” That is wildly cavalier and demonstrates how little we value our lives and the lives of others.

It’s getting too easy. It becomes too easy to roll out the troops, and then they get stuck in tough situations because of all the constraints and all the politics. If we do not respect the lives we take and the collateral damage we cause is that a problem? Is caring more about Snooky and her baby and Honey Boo Boo more newsworthy than the 2000th death in Afghanistan? It’s a far cry from the number of deaths in Viet Nam and World War 2, but you know it hurts the families who lost them the same.

Do we have to respect our enemy’s lives to better understand what it is we are asking our military to do? If we do not should anybody be surprised that they do not respect ours either?

Here are two recent essays about the use of drones:

1. A dangerous new world of drones, by Peter Bergen, CNN National Security analyst, and Jennifer Rowland.

2. Drones Will Soon Be Able To Kill During War Without Human Assistance

September 26, 2012

Government and the cyber-domain; or command-and-control encounters complexity

Filed under: Congress and HLS,Cybersecurity,Strategy,Technology for HLS — by Philip J. Palin on September 26, 2012

There is considerable expectation that an Executive Order will soon try to pick up the pieces from a failed effort at cybersecurity legislation.  You can read more at CNET, Wall Street Journal, or The Hill (for three very different angles on reality).

Technical challenges, political problems, and real philosophical differences complicated the legislative process.  I already gave attention to many of these issues in a February post.  Whatever the text of the Executive  Order these complications will persist.

Many of the most vexing problems are not particular to cyber.  Similar issues are encountered in regard to strategy, policy, regulation, innovation, security, resilience, and competition in domains seemingly as diverse as eCommerce, supply chains, and the global financial system.

Sunday there was a brief two-page essay in the New York Times Magazine that focuses on how the Internet was created.  Following are a few key paragraphs.  As you read cut-and-paste your preferred networked-entity over the word Internet.  When I do that,  the author’s explanation still holds.

Like many of the bedrock technologies that have come to define the digital age, the Internet was created by — and continues to be shaped by — decentralized groups of scientists and programmers and hobbyists (and more than a few entrepreneurs) freely sharing the fruits of their intellectual labor with the entire world. Yes, government financing supported much of the early research, and private corporations enhanced and commercialized the platforms. But the institutions responsible for the technology itself were neither governments nor private start-ups. They were much closer to the loose, collaborative organizations of academic research. They were networks of peers.

Peer networks break from the conventions of states and corporations in several crucial respects. They lack the traditional economic incentives of the private sector: almost all of the key technology standards are not owned by any one individual or organization, and a vast majority of contributors to open-source projects do not receive direct compensation for their work. (The Harvard legal scholar Yochai Benkler has called this phenomenon “commons-based peer production.”) And yet because peer networks are decentralized, they don’t suffer from the sclerosis of government bureaucracies. Peer networks are great innovators, not because they’re driven by the promise of commercial reward but rather because their open architecture allows others to build more easily on top of existing ideas, just as Berners-Lee built the Web on top of the Internet, and a host of subsequent contributors improved on Berners-Lee’s vision of the Web…

It’s not enough to say that peer networks are an interesting alternative to states and markets. The state and the market are now fundamentally dependent on peer networks in ways that would have been unthinkable just 20 years ago…

When we talk about change being driven by mass collaboration, it’s often in the form of protest movements: civil rights or marriage equality. That’s a tradition worth celebrating, but it’s only part of the story. The Internet (and all the other achievements of peer networks) is not a story about changing people’s attitudes or widening the range of human tolerance. It’s a story, instead, about a different kind of organization, neither state nor market, that actually builds things, creating new tools that in turn enhance the way states and markets work.

Legislation, regulation, many theories of management and the practice of most managers assume someone is in charge of something.  Someone is accountable for discreet action that leads to reasonably foreseeable consequences.  There are intentional practices to regulate, systematize, and evaluate.   Certainly this is part of reality, but only part and its proportion of the whole seems to be decreasing.  In homeland security I expect most of our reality cannot be accurately described in these traditional “Newtonian” terms.

When I have most seriously failed it has been because I have very reasonably, diligently, and intelligently applied the lessons learned in one corner of reality to another corner of reality without recognizing the two realities are almost totally different.


May 23, 2012

Standards of Cover(-up)

Filed under: State and Local HLS,Technology for HLS — by Mark Chubb on May 23, 2012

For weeks now, the Los Angeles Fire Department has been under intense scrutiny for errors in its reporting of response time data. Previously reported figures suggested the department was doing pretty well meeting its response-time targets despite budget cutbacks that affected service levels. However, it later came to light that the methodology for calculating response-time data presented to elected officials was flawed. These flaws included a failure to present the results of models as predictions rather than actual response data and errors in the way response times were measured and performance against targets reported.

When it became clear that the fire department’s responses had been affected by changes in staffing and service levels, the media and elected officials began asking some difficult questions. Unfortunately, most of these questions were precisely the wrong ones.

It’s one thing to ask whether the department is meeting response time targets. It’s another thing entirely to ask whether these targets are meaningful indicators of service performance. Errors in reporting could affect the answer in either case, but the effects would be very different.

In Los Angeles, it’s now clear that the fire department does not meet its stated targets. It should be equally clear that these targets are arbitrary and all but meaningless in the vast majority of cases. (In other words, the Los Angeles Fire Department remains a world-class outfit despite the cuts.) Unfortunately, the latter fact has dawned on very few people despite abundant evidence that the unwelcome answer to the first question is due in large measure to the growing dependence of the community on fire department responses to many low-priority and even non-emergency events where time matters very little if at all.

The expectation that fire departments are there to deal with anything unwelcome or untoward that people encounter when no one else is there to help them has not come about by accident. Firefighters love to be loved (and needed) and have been all too willing to answer these calls without regard to the costs. The controversy in Los Angeles suggests these costs are not just fiscal. The opportunity cost of attending so many low-priority and non-emergency calls is clear: The system cannot meet the performance expected when genuine emergencies arise.

For firefighters the answer is simple: expand capacity. For administrators, that’s simply not an option in these austere times. Sadly, elected officials too rarely take responsibility for the fact that you cannot please all of the people all of the time.

Nearly everybody these days accepts the adage that when it comes to performance, speed, quality and cost matter, but you can only have two of these. This is especially true when it comes to emergency services. The problem is that our expectation of which two we are willing to accept varies a lot depending upon the circumstances.

When it comes to situations that clearly are not time critical, time should not matter. But it does when you confuse it with an indicator of quality. And almost every fire department does just that because they have no idea how to measure quality but they can measure time.

Fire departments are inherently inefficient operations. They operate on two basic premises: 1) no one should ever have to wait for a response and 2) every response should be treated as an emergency until proven otherwise. These two assumptions combine with pernicious effect when it comes to the way we handle 911 calls. And let’s be clear about this 911 is no longer shorthand for “emergency.” These days, about 40 percent of all calls coming into public safety answering points are misdials and many more involve queries that have nothing whatsoever to do with police, fire or emergency medical services.

Rather than take a few seconds to find out what’s really going on, most agencies insist that dispatching decisions get made within 60 seconds of call receipt regardless of circumstances. This was once a relatively simple affair because it relied on the intuition and judgment of experienced call-takers and dispatchers who made the call based on relatively simple heuristics. When they were equipped with little more than a telephone and a radio console, the required action took little time or effort. Not so today. These days we have two, three or even more layers of technology between call-takers and dispatching decisions. Even after a dispatch is initiated, we have even more layers of technology through which signals alerting stations and conveying information about the call must pass before responders get the message.

These interventions have made it possible to track the most minute details about each and every incident. But they have not made the process of delivering emergency service faster or more efficient. In fact, it’s just the opposite. In many instances we have become unwitting slaves to the planned obsolescence of the technologies themselves and helpless victims of the technological hurdles involved in marrying up diverse platforms supplied by competing vendors procured by different agencies.

When fire departments talk about standards of cover – the five dollar phrase for these response targets – they rarely acknowledge the fatal flaws in the logic (or lack thereof) they apply to deciding what matters. These standards, often derived from flawed analogies to fire growth curves and the onset of brain death following cardiac arrest, were easy to meet using legacy technologies that were far simpler and more efficient. But now we must contend with the expanded and often unrealistic performance expectations arising from our inability or unwillingness to make the simplest distinctions about the services we provide.

Adopting arbitrary standards of cover, like 60 second call processing times and five minute travel times, may allow us to direct the blame at others when we miss the mark overall, but it does almost nothing to solve the problem when performance falls short.

When time matters, it matters a lot and cost is not much of an issue. The good news is that getting these decisions right involves little more than giving people permission and encouragement to treat very different situations differently. The quality of the outcome always depends on how well the people perform, and when the way they use the technology becomes an impediment to what they are trying to accomplish we have the tail wagging the dog.

The single biggest factor affecting our success may well our willingness to recognize that what people experiencing or witnessing an event do before we arrive matters much more than how long it takes us to get there. Sure, response time and the quality of care help, but not if people wait too long to seek help or take no action to mitigate the consequences before we get there.

The best case in point may very well be right in my back yard: King County and Seattle, Washington have managed to achieve a 50 percent survival rate from witnessed cardiac arrest involving shockable arrhythmias (ventricular fibrillation and ventricular tachycardia). Sure, we were among the first communities to establish a fire-based advanced life support paramedic program. Yes, we send first-response EMTs on fire-based units to every call, and often as many as 10 responders to confirmed cardiac arrest calls. But the factor that has probably made the most difference has been the frequency and quality of bystander CPR.

Other programs send paramedics on the first due fire engines whenever possible. We do not. Some use dispatchers to give CPR instructions over the phone. We do too. But we do something even more important: We get out in the community and teach everyone willing to give us a few minutes of their time how to save a life.

Don’t get me wrong. People here still worry about response times. But they have a lot less reason to do so because we have nothing to hide: We rely on the public as much as they rely on us, and we’re proud of it.

January 31, 2012

FEMA’s Think Tank

Filed under: General Homeland Security,Technology for HLS — by Christopher Bellavita on January 31, 2012

Last week a friend told me about a FEMA “think tank” website (thanks, Sam).

The site, located at http://fema.ideascale.com, looks to be an open-to-the-world (once you register) version of TSA’s “idea factory.”

According to FEMA, the agency is

…reaching out to state, local, and tribal governments, and to all members of the public, including the private sector, the disability community, and volunteer community, to seek their input on how to improve the emergency management system.

No doubt you’ve heard that language before.  But this effort looks like a significant improvement over initial DHS efforts (e.g., Quadrennial Homeland  Security Review) to incorporate stakeholder ideas through wisdom-of-the-crowd-like social networking.

After you register for the FEMA think tank site, you can submit an idea, or comment and vote for or against other ideas.  According to the website, “The best ideas bubble up to the top.” The voting (agree/disagree) option helps moderate entries from the good idea fairy.

It looks as if the site has been operating since mid-November.  Starting last Thursday, FEMA hosts a monthly conference call, open to the public, to discuss some of the ideas and what to do about them.

The site is hosted by a private sector web-based product called IdeaScale. The Comments and Privacy Policy contain quasi-draconian cautions, augmented by FEMA’s reminder that IdeaScale is “a private entity whose server is not under the control of FEMA and whose collection of information is not protected by the Privacy Act of 1974” and so on.

IdeaScale claims it can use Think Tank ideas almost anyway it wants to.

For this and several other reasons, perhaps FEMA’s Think Tank can be criticised for not being perfect. Using IdeaScale’s off the shelf (or technically off the web) product is a public/private partnership for a cyber world. And there is a lot we have not discovered about those partnerships.

FEMA is taking a risk here. But increasingly the world’s complexity demands intelligent trial and error initiatives, like FEMA’s Think Tank.  It seems like a good example of what David Snowden has written about as a safe fail probe.

Reading through the ideas and the comments, it looks like FEMA may be on to something with the Think Tank.

As of January 30th, there were over 1300 registered users, 296 ideas, 1371 comments, and 5515 votes helping ideas “bubble to the top.”

The ideas and comments were almost always thoughtful and improvement oriented.  I did not see one “let’s flood the border with land mines” suggestion.  The extended discussion about PPD 8 is especially worthwhile.


Here are the top 20 ideas — and partial descriptions taken from the website — discussed on the FEMA Think Tank (as of last night):

  1. U.S. National Grid as the Response Language of Location: Through NIMS and ICS, the leadership of DHS and FEMA have directed the phased introduction of numerous operational standards designed to promote and facilitate interoperability for the Emergency Services Sector. Yet, to date, they are without voice when it comes to the single most important element of response – the ability to communicate “where”…. Long ago, the U.S. Armed Forces realized that effective delivery of mission required every part of a “response force” in an operational realm (air, land, sea) had to use the same language of location…. It’s now long past due that the executive leadership of DHS and FEMA do the same thing through a national policy directive.
  2. Incorporate Preparedness in School Curriculums: Disaster preparedness should be taught as part of the school curriculum for children of all ages.
  3. EM [Emergency Management] Coffee Break Training: … The EM Coffee Break Training could provide this platform through weekly dessimination of one page lectures that would roughly take 5-10 minutes (long enough to finish a cup of coffee) to read. Each lesson could be reviewed individually or as a group and could provide supplemental information for further research or suggestions.
  4. School issues: In an emergency everyone turns to the schools, unfortunately most are not prepared, not trained, and emergency responders run up against rules that are frustrating at the least and life threatening at the worse. It would be nice if some how FEMA could offer the training because it won’t be done at the school level, not because it isn’t needed, but because of drastic budget cuts in education.
  5. Let the locals do the thinking: I have been involved with Emer. Mgt. for 20 years. I have managed 7 Presidential disasters and many more local emergencies. My biggest problem is FEMA/Homeland Security and the State. The federal and state government has placed a mountain of paperwork on my desk that restricts my ability to complete the real work within my community. A 10 minute piece of paperwork to report an exercise 20 years ago has escalated into the HSEEP monster with days of work and for what?…. I think if FEMA would really like to know what is best for the country and the local programs they first need to consider what would help the locals by asking for our input before they issued another mandate. We know what is best for our community because we live here.
  6. Mobile Apps For FEMA Employees And The Public Utilizing GPS: An app that utilizes GPS coordinates to aid in disaster response, send relevant emergency alerts to the user, and ability to locate loved ones by last known location.
  7. EAS [Emergency Alert System: The EAS should include all cell phones.
  8. “Be Prepared” campaign: One of the things I heard from the leaders of FEMA was: the citizens need to be ready to help themselves. Not just that, but specifically stated: the federal government is not going to be there for you right away. Unfortunately, I only heard this for about a week before it was abandoned. You can spend all you want on CERTs, exercises, equipment, etc, etc. You can spend fractions of that money on an information campaign and have the citizenry help themselves.
  9. Bring Back Project Impact: Former FEMA Director James Lee Witt created Project Impact in 1997 with the goal to create “disaster resilient communities”. Overall the program was considered a resounding success; not only did it help communities become more disaster resilient, but it also was a success at “bringing people from diverse sectors of the community together to address mitigation issues”.
  10. Utilize resources already in disaster zone: During Hurricane Katrina, Wal-Mart gave their employees approval days in advance to do “whatever they had to help the citizens”. I think to help with disaster relief at any level, the government should partner up with larger community based retailers that are already in the areas.
  11. Utilizing 2-1-1 in Disasters: I work for an NGO in Columbus, Ohio. One of the greatest skills we can bring to a disaster is assistance in Emergency Public Informaiton via our 24/7/365 Information and Referral line, 2-1-1. 2-1-1 is an easy, three digit number for citizens to call to get assistance with rent, utilities, food, etc. (during normal operations).
  12. Corporate America Planning: As the Emergency Manager for a fortune 25 company with over 400 active facilities to manage. It’s difficult to find any formal Emergency Management training that includes office buildings, clinics, data centers, etc.
  13. Community Mapping to implement the Whole Community Concept: In addition to mapping of risk and protective factors, [community mapping] makes the whole community more resilient by…Bringing the community together to collectively plan, which increases the sense of ownership and responsibility on the disaster response and recovery activities….
  14. Preparedness and Sustainability Linkage: Many sustainable practices pay dividends in a disaster. Bicycle transportation, gardening, water catchment, canning, solar power etc are all examples of activities which make communities better places to live AND make communities more self-relient when infrastructure and critical supplies are halted.
  15. Federal Disaster Management Externship program: … a large percentage of the existing Emergency Management leaders [will] be retiring beginning in the next 5 years. The question, we the students, no matter the level of education [asked] is “How are we to gain experience in the field in the next five years while we wait our turn at the few existing emergency management positions?”
  16. Preliminary Damage Assessments by Smartphone: FEMA should produce a smart phone application that allows the capture and upload of georeferenced text and photo’s during a disaster.
  17. 24/7 Field Triage Preparedness: The recognition & adoption of a standardized national illuminated color coded system for triaging MCI patients 24/7. Today different States & organizations use different triage cards and tapes for triaging patients.
  18. Alert Systems: Many cities have or belong to an Emergency Alert system. I did not see any alerts during your testing. … Nor did I see anything on facebook or twitter until the test was over and everyone was asking if it worked.
  19. ICS / NIMS Training: Whether by DHS or FEMA or the CDP, I think all involved need to re-think the limited training opportunities for ICS and NIMS training.
  20. Hazard Reporting – All-Hazards Feedback: USGS has a website for “Did you feel it” to allow people to report on earthquakes that were felt – http://earthquake.usgs.gov/earthquakes/dyfi/. A similar type of approach from other hazard partners would be helpful (NWS, USGS, NOAA, etc).


TL; DR: FEMA is soliciting ideas online about how to improve emergency management. Some of the ideas are intriguing.

December 28, 2011

Accountability in the Information Age

Filed under: Intelligence and Info-Sharing,Media,Technology for HLS — by Mark Chubb on December 28, 2011

Yesterday, our friends and fellow bloggers at Wired magazine’s Threat Level recapped the debate between New Yorker writer and prolific author Malcolm Gladwell and NYU academic and social media evangelist Clay Shirky regarding the role of social media in mobilizing and promoting street protests in support of democratic movements around the world. Shirky, predictably, suggests the movements would not have achieved critical mass without social media. Gladwell takes a far more skeptical view, preferring to see in these movements evidence of the democratic impulse as the message of freedom rather than just another medium for it.

Bill Wasik argues that both perspectives have considerable merit. It’s hard to argue that social media had no influence over the scope or scale of the protests, especially their rapid extension across international borders. At the same time, suggesting that social media should receive at least some of the credit for inspiring democratic uprisings overstates their capacity to encourage virtuous behavior. In the end, Wasik seems to side with Gladwell, arguing that social media enable rather than inspire mass movements.

Given the growing zeal among emergency managers to adopt social media this argument is worth noting. Social media have changed the way emergency managers do their jobs. But the way the public responds to disasters has not changed nearly as much despite social media’s widespread use.

Too many emergency managers think of the public as apathetic and uniformed about disasters. This assumption about the public extends to nearly every aspect of their behavior before, during and after disasters. Social media have helped put paid to such notions largely because they make much more readily apparent the actions of people before, during and after disasters.

For starters, social media have made it clear that people in general crave attention and attraction. We need to be known for what we know and what we can do, and we want to share our time and talents with others whose interests affirm or complement our own. We all possess an atavistic, if not innate, need to connect with others that only becomes more acute as the ways we define ourselves becomes ever more specialized and atomized.

Ambiguity makes us anxious. Seeking and sharing information even with those we do not know helps us alleviate stress. This is true even when such sharing does little to improve our circumstances or clarify a desired course of action.

In the absence of altruism, the introduction of social media into this mix should be expected to do little more than provide people with a platform for talking about disasters. But that’s not what we have seen happening. People inevitably do things when confronted with disaster. Being right takes a backseat to doing right.

Social media have changed the emergency management landscape in large part because they enable people far removed from the direct effects of the disaster to affect its outcome. They do this by giving people immersed in an event the instant ability to connect with the resources of a global audience and share more than just their stories.

Social media have made this process easier and faster. But they are not alone responsible for its emergence.

The one thing that may have changed most with the emergence of social media is the balance between the three competing priorities in emergency management: speed, relevance and accuracy.

In the past, emergency managers carefully parsed the flow of information out of fear that incorrect or conflicting information would undermine their credibility, which in turn would compromise efforts to advance response and recovery. Social media have made it much more apparent that people require very little direction from us when it comes to helping each other cope with the after-effects of disaster. Similarly, they are much more forgiving of errors and helpful about correcting them than we tend to imagine in advance.

People clearly see an important place for emergency managers and government officials as honest brokers, which demands of them an authentic voice characterized by empathy, ethics and equity. These three attributes define accountability in the Information Age, and highlight the importance of social media in emergency management.

Waiting to get the message right is no longer an option. Responding quickly is about riding the wave not generating its momentum. And errors of commission are less likely to be judged harshly than errors of omission, especially when they display relevance, which is to say they reflect a reasonable effort to mobilize or manage collective action to make things better.

Like the street protests and insurgent democracy movements around the world, the past year’s disasters and emergencies have demonstrated the important but not central role of social media in enabling humane action. This impulse arises not from the media but rather from the message. Any fears that social media would combine with Americans’ couch-potato culture to render public responses ever more passive have proven unfounded.

December 6, 2011

“The future is a communist chocolate hellhole and I’m here to stop it ever happening”

Filed under: General Homeland Security,Technology for HLS — by Christopher Bellavita on December 6, 2011

When I tried to visit Homeland Security Watch on December 3rd, I saw a colorful but impersonal web page from the largest ICANN (Internet Corporation for Assigned Names and Numbers) accredited registrar in the world yelling, like a Depression-era sheriff’s deputy at the front door of the farmhouse,

“NOTICE: This domain name expired on 12/02/2011 and is pending renewal or deletion.”

I do not pretend to understand how this whole domain name registration business works, or why one company can be worth 2 billion dollars registering domain names. I think I could find out. There’s lots of information on the internet, so the explanation is there somewhere. But I’m resigned to just letting that bit of knowledge go.

Turns out the credit card used to pay for this domain expired. Once that oversight was corrected, something or someone somewhere did something “technical” and Homeland Security Watch got out of  internet purgatory to be given yet another opportunity to provide “News and analysis of critical issues in homeland security.”


In 2010 the the United Kingdom version of CNET reported

“A would-be saboteur [who was] arrested … at the Large Hadron Collider in Switzerland made the bizarre claim that he was from the future. Eloi Cole, a strangely dressed young man, said that he had travelled back in time to prevent the [Large Hadron Collider] from destroying the world.

The future “is a communist chocolate hellhole and I’m here to stop it ever happening,” the obviously deluded man told police.

I do not pretend to understand how the Large Hadron Collider works or how, even in theory, its efforts to demonstrate the reality of the Higgs boson particle have any chance of succeeding.  I could learn. But I have to leave this to someone else to figure out.


Trevor Eckhart is someone who took it upon himself to figure out something that bothered him.

A few days ago, this Eagle Scout, rock/roller, system administrator from Connecticut posted a video about something called Carrier IQ.

Carrier IQ — depending on who and what you read — is either a way for phone companies to help you get better cell phone service, or a way for a third party to monitor just about anything you do on a smart phone.

Trevor Eckhart wanted to know what the Carrier IQ software – “installed by default on many mobile devices, unbeknownst to most consumers” – did. He conducted some research and published his results on a website called Android Security Test .

The Carrier IQ company sent him a nasty letter, threatening that lots of very bad and expensive things would happen to him if he didn’t immediately get rid of his research, acknowledge it was all lies, and basically just go away. Here’s a copy of that letter:  eckhart_cease_desist_demand_redacted.

Trevor contacted the Electronic Frontier Foundation who sent a scholarly WTF letter back to Carrier IQ. Here’s a copy of that letter: eckhart_c&d_response.

Carrier IQ read the letter then hit the delete button on their threat.  They “withdrew” the cease and desist order and have been doing damage control ever since.

I do not pretend to understand how rootkit software works, whether Carrier IQ is rootkit, whether their software simply helps improve performance or eavesdrops on smart phones; whether it’s the phone companies snooping, the smart phone manufacturers, or — “the gov’ment.” Or maybe it’s just the technologically paranoid or illiterate overblowing the threat. I could learn, I suppose. But I’m just going to have to leave that to someone else — like Trevor — to figure out.


In his book “The Demon-Haunted World: Science as a Candle in the Dark” Carl Sagan wrote something I’ve used before on this website:

“We’ve arranged a global civilization in which the most crucial elements … profoundly depend on science and technology. We have also arranged things so that almost no one understands science and technology. This is a prescription for disaster. We might get away with it for a while, but sooner or later this combustible mixture of ignorance and power is going to blow up in our faces.”

I think Sagan is correct.  Absent a maoist reeducation initiative, I wonder what can be done to improve national understanding of science and technology.

Some people believe it’s too late for us to do much of anything about it.

Ignorance generated by the complexity of everything is a ground truth growing like kudzu.


One morning last [May], to the surprise of many denizens of the Internet, when they rose from their beds and padded to their PCs in their pajamas many of their favorite online haunts simply weren’t there. From Reddit to patient-monitoring systems, every website running on one section of Amazon’s Cloud Services had vanished.”

Amazon responded with its message 65648:

We now understand the amount of capacity needed for large recovery events and will be modifying our capacity planning and alarming so that we carry the additional safety capacity that is needed for large scale failures.

Peter Bright at Arstechnica puts his explanation of the outage — essentially Amazon initiated a denial of service attack against itself — under the headline “Amazon’s lengthy cloud outage shows the danger of complexity.”

He also noted the larger problem with complex phenomena:

“[The] company won’t know for certain if the problem is solved unless it suffers a similar failure in the future, and even if this particular problem is solved there may well be similar issues lying latent.”

Or, as someone named Petrarch summarizes,

“…not only does Amazon not know if they’ve properly fixed things, they cannot know it. Their cloud is just too complex.”

Petrarch could also have been describing the complexity of homeland security – writ in its globalized majesty:

Even in the early technological era, the reach of any one disaster wasn’t too great. A railway bridge collapse could cut off a town for a few weeks, or a failed telegraph cable disconnect Europe and America from instant communications, but there were other ways around. Famines were purely local and were made less severe with improved transportation and better farming technology.

Today, however, “the world is flat” and everything is interconnected. The American housing bubble spread economic havoc over the entire world. Nobody knows why it happened, so there’s no guarantee that the recent changes in laws and regulations will do any good at all.

… when food runs short due to bad weather in Russia or Americans turning too much corn into gasoline, food prices rise everywhere. All the world’s poor are priced out of eating at the same time.

… New England stood still for days in the Northeast Blackout of 2003; a century ago this wouldn’t have been possible since the various city grids weren’t connected. Good news: plans are in place to tie the national grid closer together, so we can take down the whole country all at once.

Grids and interconnected networks appear all over the place where you’d never expect them. The recent Japanese earthquake disasters wreaked havoc on Toyota and Honda’s manufacturing supply chain. No surprise there; they’re Japanese companies.

Time for American car makers to rake in the dough, right? Nope: GM had to shut down American plants because they buy parts from Japan, and GM can’t make American cars without Japanese parts.

As the world ties closer and closer together, we become more vulnerable to failures on the other side of the globe that we can’t control or even see.

In past times, there were potential disasters that could destroy an individual, town, or country, but at least people knew what they were and could pray to their God for protection from famine, pestilence, or whatever. Now, totally unimagined technological failures can foul up or, conceivably, take down our entire global society. Our technology is so complicated, so interconnected, and so hidden that we don’t even know what to pray for protection from.

We’ll have to upgrade the traditional Scottish prayer:

From ghoulies and ghosties
And long-leggedy beasties
And things that go glitch in the night,
Good Lord, deliver us!

And, Lord, while you’re at it, please help Homeland Security Watch remember when its credit card expires.


November 23, 2011

Accessibility, Authenticity and Anything but Anarchy

Filed under: State and Local HLS,Technology for HLS — by Mark Chubb on November 23, 2011

Lately, I’ve been working on a quick turnaround project for a federal agency to develop a course on social media. The intended audience includes state, local, tribal and territorial officials that need to make good decisions quickly to maintain community confidence and avoid or mitigate crises. As I’ve interviewed local experts, I’ve learned that many public officials see social media as a major threat rather than a great opportunity.

As I’ve reflected on these concerns, I’ve come to the conclusion that officials have good cause for concern. Likewise, the public has even better cause to keep pressing its case for more and better engagement by public officials through social media.

Despite the persistent decline of public trust and confidence, or perhaps because of it, the public has increasingly come to expect access. Access to government information. Access to government services. And access to government officials.

In an era when the Supreme Court of the United States equates campaign contributions with free speech and concludes that corporations have the same rights as individuals, its easy to see why people feel so strongly that access should not be restricted to the few who can afford it.

Traditionally, the legitimacy of government officials’ actions have rested on three pillars:

  • Authority
  • Accuracy
  • Accountability

Authority typically takes the form of legal mandates and budgets. Accuracy reflects the presumed rightness of actions judged according to their conformity with the strict limits of statutory authorizations and appropriation limits. Accountability is something largely exercised by political and judicial authorities over executive officials, and too often reflects popular will rather than the public weal.

The ability of social media to democratize civil discourse provokes anxiety among  public officials who fear that accountability to everybody means accountability to anybody. (Oddly enough, no one has expressed a fear that this could lead to accountability to nobody, which I still reckon is one of the possibilites.) These fears may be justified. Complaints that could once be dismissed as narrow interest group politics are no longer restricted to the usual suspects with enough time or money to attend public meetings.

Cops can now expect every action they conduct in public to be recorded by somebody and shared with everybody in minutes. Transportation officials can expect on-the-spot traffic reports from anybody annoyed by delays clearing snow. Building code officials can expect complaints about surly or incompetent inspectors to be communicated to other contractors instantly. Transit operators can expect riders to report rude operators and late-running trains. And health officials can hear about the fly in somebody’s soup while the diner’s still seated at the table and telling the server about it.

With few exceptions, these observations and antipathies are nothing new. What’s new and different is the ability to attract an audience. And more often than not this audience extends well beyond the few people a message might be aimed at influencing.

So far, fears that such open access would lead to something approaching anarchy have proven anything but realistic. To be sure, social media has proven itself a powerful organizing force among protestors aligned with the Occupy Wall Street movement. But it has also proven equally adept at affording the movement’s antagonists and opponents a platform too. (Isn’t this what the framers expected?)

As the flow of information accompanying the clearance of Occupy encampments has illustrated, efforts to spread disinformation have been widespread. But the truth has come through clearly enough to anybody willing to pay attention and apply a healthy dose of skepticism to their analysis of who’s saying what.

If those outside government see in social media the promise of access, and with that the democratization of accountability, then public officials should see in social media the promise of awareness that can expand the legitimacy of their authority by safeguarding the accuracy of their actions.

Time and again, interviews I’ve conducted with local officials have demonstrated that the real value of social media to those who have already adopted it comes from acquiring a broader and deeper understanding of what’s going on in their communities. The voices of real people speaking in real-time may not be any louder than those of lobbyists and the other monied interests who have typically monopolized the public discourse. But they do have an unmistakable authenticity that resonates with any official who still believes it’s their job to serve the public interest.


November 15, 2011

Shooting little girls for fun

Filed under: Technology for HLS — by Christopher Bellavita on November 15, 2011

She looked maybe 8 or 9 years old.  Her brown hair reached her shoulders.  She wore a frilly blue dress and a white pinafore.  She looked like John Tenniel’s Alice in Wonderland, on her way to a tea party.

But she wasn’t in Wonderland.

A man in his thirties jumped out from behind a twisted thick rubber pole and with no warning fired three shot’s at Alice’s small chest.

“Good hit!” praised the mechanical voice from the man’s shoulder pads.

The man moved on to find his next victim.  Alice looked uncertain, not sure what to do next.

Welcome to laser tag.


Last Saturday a friend and his fifth grade son invited me and my fifth grader to have pizza and play laser tag at a local entertainment center.  I’d heard the words “laser tag” before but I hadn’t paid much attention to what they signified.  If I thought of it at all, I would have thought tag is tag.  No biggie.

I was not socialized in a gun culture so I default to a mild “that’s a bit weird” internal reaction when I hear about people and their affinity for shooting guns.  I respect, however, that people who grew up with guns have a different response than I do.  Some of my best friends, as the old saying goes, have dozens of guns.

I live in a rural part of western Oregon, and guns have a different meaning to people here than they do to people in urban areas. At least I think so.  In my part of the rural west, firing guns is a hobby. I believe in cities some people still call the police when they hear gunshots.

While we were eating pizza, my friend explained what laser tag involved. That’s when I realized we would be shooting people.

All the “players” would receive a gun and a vest.  The gun fired a beam of light called, for game purposes, a laser.  The vest was the target. Hit someone’s vest and you’d hear “Good hit!” from shoulder speakers. Get hit, and you’d hear small explosion sounds.

There’s a little more to laser tag, but that’s basically it.  Oh, and ear draining overdrive guitar music fills the room during the laser battles.


Before the game started, 31 players – men, women, boys, girls brought together by randomness – selected code names.  No point telling people who you really are.

Then we went into the briefing room to learn the rules of engagement: no running, no cursing, no physical contact with another player, and some other rules I do not remember.

“No running,” emphasized our briefer.  “I won’t say it again, but any running and out you go.”

Next an unseen master computer divided us into the Red Team and the Blue Team.  Then we each received a gun and vest.

The object of the game was to score as many points as possible by shooting the enemy and blasting the enemy’s base camp. The team with the most points wins.

“Any questions?” asked our briefer?

Hearing none, the digital guitars started blaring, and the battles began.


Social identity theory hypothesizes that — as a largely unreflective part of normal cognition — we tend to divide various parts of our world into “them” vs. “us”: Yankee fans vs. Red Sox fans, liberals vs. conservatives, democrats vs. republicans, feds vs. locals, middle class vs. working class, the 99% vs. the 1%, Hutus vs. Tutsis, Bosnians vs. Serbs, Israelis vs. Palestinians, Christians vs. Muslims.

Social identity is created by putting people into categories (the red team vs. blue team in laser tag), adopting the identity of one’s group (red team wears the red vests, blue team has the blue equipment), and then comparing one’s group with the “other.”

The in-group (that would be “us”) is superior in important ways to the out-group (“them”).  Those in the in-group seek — and easily find — the negative aspects of the out-group, and by doing that, further build their superiority.


About halfway thorough the first laser tag battle, Alice came around a corner near my position.  Without thinking, I pointed my “gun” toward the ground.  Like me, Alice was on the Red Team.  She was one of us.

A few seconds later, I saw Alice get shot by the Blue Team man.

“How could you shoot a little girl?” I immediately asked him in my imagination. “Are you really that slimy?”

Suddenly the game got serious.  I started hunting Blue Team.

I was surprised how quickly and automatically I adopted a shared social identity with 15 strangers, and how easy it was to consider 15 other strangers as the “them” who needed to be “tagged” with my laser gun.

Unlike the laser tag fantasy, us vs. them became reality.


“Perhaps it’s impossible to wear an identity without becoming what you pretend to be,” says one of the characters in a book I’d read years ago, called “Ender’s Game.”

In the novel, the government trains a new generation to defend Earth from attack. Ender, the hero, is sent to a military training facility. He believes he is playing training games. Unknowingly and unwittingly he is actually fighting and destroying Earth’s enemy.  If I recall correctly, the enemy is a race of insects.

Unlike laser tag, Ender’s Game is fiction


I have another friend who lives in a south western state. He is a gentle man devoted to protecting the nation. I haven’t talked with him for a while.  I remember one of our last conversations. He told me what a normal day was like for him:

“I’m up by 6 and get ready for work.  My wife and two daughters get up around 7 and get ready for school.  I kiss them goodbye and go to the office.  I fly a couple of missions, and on a good day I’m home by 4 or 5. The family has dinner together.  We do homework; maybe watch a little television. I usually read my girls a bedtime story or two before they go to sleep. I’m in bed by 10, ready to do it all again tomorrow.”

My friend flies drones — unmanned aerial vehicles — for one of the military services.  The drone takes off from one country.  He controls it from this country. It kills people in a third country.

Unlike laser tag, the drone attack is real.


Phil Palin posted Pratap Chatterjee’s story last week about how 16 year old Tariq Aziz and his 12 year old cousin Waheed Khanwas were killed, apparently by a Hellfire missile launched by a drone.

Ethicists have spoken and written about the morality of drone warfare that cannot distinguish with precision combatants and innocents living among “the other.”   Scholars have described the expanding moral pitfalls created by technologies that promise precision, security, and user anonymity.

But technology does not wait for debates to be resolved.

The Air Force is developing drones that look to the naked eye like small birds. The Navy is planning to add refuelling capabilities to its X-47B drone, intended to be the first drone to take off and land from an aircraft carrier.  The Navy is also studying what fish can teach us about creating more effective drones.

In a moderately disturbing precursor to Ender’s Game, DARPA (the Defense Advanced Research Projects Agency) is exploring the use of insect as weapons.  Mary Shelley anyone?

That’s the world of homeland defense.  What about homeland security?


DHS presently has seven drones, used primarily to monitor the US borders.  According to Danger Room’s Katie Drummond, however, the DHS drone program is running into budget problems.

“Officials acknowledge that [DHS is] short on pilots and maintenance — right now, they can only pay to fly the drones five days a week.”

Drummond’s story notes that Congress appropriated 32 million dollars this summer to buy 3 additional Predator drones for DHS, drones no one at DHS asked for.  According to Drummond,

The appropriation was the result of ongoing lobbying from the so-called “Unmanned Aerial Vehicle Caucus,” a group of several dozen congressmen, many of whom hail from Southern California — a hot-bed of drone development and home to General Atomics Aeronautical Systems, the company that makes the Predator drone in question.

“This is a symptom of how surveillance technology is spreading around the U.S.,” Jay Stanley, a senior privacy and technology analyst with the American Civil Liberties Union, said [in the story]. “A lot of times it is not being pulled by people on the ground. It is being pushed from above by people who want to sell it.”


A recent military test demonstrated that maybe drones don’t need people to be effective.  They can locate targets without human “interference.”  The test suggests a future time “when drones hunt, identify and kill the enemy based on calculations made by software, not decisions made by humans.”

The tests were preliminary.  I don’t know how fast this particular technology will develop, but as machines get “smarter” in the sense that word is used in the technium, I hope smart does not include a cognition that considers machines the in-group, and humans as dangerous as a little girl in a party dress, carrying a gun.

If it’s anything like laser tag, the insight can happen very quickly.



Next Page »