Homeland Security Watch

News and analysis of critical issues in homeland security

July 16, 2013

Kullu am wa antum bi-khair

Filed under: General Homeland Security — by Christopher Bellavita on July 16, 2013

The author of today’s post is a police chief who wishes to remain unnamed.  It was written a few days ago, after dinner.

It is 10:20pm and I have just gotten home after attending a Ramadan Banquet in my official capacity as Chief of Police.

In talking with the FBI ahead of time, I learned they were at this banquet last year.  They told me about the composition of the group, what the event commemorates, what type of food will be served, that I will be expected to speak to the attendees and they warned me that the men and women are separated into two different rooms.

I thought to myself, “Hmmm…. I wonder if they know I’m a girl??”

I arrived as the Imam was just finishing leading the men in prayers.  Some of the men walked by me without saying a word.  Others stared at me, so conspicuous in my police Class A uniform; long sleeve and tie, gunbelt on.

Finally, my contact came out and greeted me.  I was seated at a table marked “reserved,” along with the Imam and other officers for the board of their mosque.

In opening remarks, one Board Officer talked about their small community of 300 families and how they had finally secured a building to serve as their new mosque.  When he called me up to speak, I looked out into the crowd and felt certain that all 300 families were represented there.  Their presence spoke to strength of community; a powerful bond.

Before I left, the Board Officer asked me to go to the other room where the women were waiting for me.  I walked in and was immediately mauled by a group of girls all around the age of 5.  They hugged me, sat on my lap, touched my badge, and asked me if I had super powers.

As I said my goodbyes and walked towards my car, I thought how (with a few modifications, of course) this could have been an Easter dinner at my Church to celebrate Jesus’ resurrection and the end of Lent.

I reflected on the power of community, regardless of the deity one worships.  I remembered that groups of people share similar dynamics, no matter what underlying beliefs drive them.

And, as so many of us in this Homeland Security enterprise are public servants first and foremost, I personally reaffirmed my oath of office to serve and protect those in my community.

Remembering that what drives one group of people is not so different than what drives another, helps to safeguard the good and eradicate the bad.

may you be well throughout the year

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

July 12, 2013

If Thad Allen ran DHS (revisited)

Filed under: General Homeland Security — by Christopher Bellavita on July 12, 2013

This post first appeared on July 31, 2012.

————–

If Thad Allen ran DHS

The homeland security enterprise got a glimpse of what DHS might look like if Thad Allen becomes the Secretary of Homeland Security.

 

He testified a few weeks ago at a senate hearing about “The Evolution of the Homeland Security Department’s Roles and Missions.”

Here’s some of what he had to say in his written statement.

———————————————————–

Allen reminded people how quickly DHS got started 10 years ago. The perception of urgency in 2002 meant “little time was available for deliberate planning and thoughtful consideration of available alternatives” for establishing the Department.

The consequence of “fire before aiming?”

Basic mission support functions of the department such as financial accounting, human resource management, real property management, information resource management, procurement, and logistics were retained largely at the component level in legacy systems that varied widely. Funding for those functions was retained at the component level as well. In those cases where new entities were created (i.e. Departmental level management and operations, the Under Secretary for Science and Technology, the Under Secretary for Intelligence and Analysis, the Domestic Nuclear Detection Office) support systems had to be created rapidly to meet immediate demands of mission execution. Finally, components and departmental offices that did not preexist the legislation were located in available space around the Washington DC area and the Secretary and number of new functions were located at the Nebraska Avenue Complex in Northwest Washington.

The result was an organizational mess.

According to Allen,

Many of these issues persist today, ten years later. Despite several attempts to centralize and consolidate functions …, most support functions remain located in departmental components and the funding to support those functions remains in their appropriations. Because of dissimilarities between appropriations structures of components transferred from legacy departments there is a lack of uniformity, comparability, and transparency in budget presentations across the department. As a result it is difficult to clearly differentiate, for example, between personnel costs, operations and maintenance costs, information technology costs, and capital investment….”

Allen outlines other structural and process problems that have “severely constrained the ability [of] the Department [to] mature as an enterprise.”

What to do about it?

In the May/June issue of Public Administration Review (subscription required), Allen wrote an article called “Confronting Complexity and Leading Unity of Effort.”  The title summarizes the approach he’d take to remedy the structural disarray that is DHS.

I proposed that the major emerging challenge of public administration and governing is the increased level of complexity we confront in mission operations, execution of government programs, and managing non-routine and crisis events. Driving this complexity are rapid changes in technology, the emergence of global community, and the ever-expanding human-built environment that intersects with the natural environment in new more extreme ways.

So far nothing very new here. Just another statement from someone stuck in what Sebastian Gorka, Michael J. Gallagher, and Joshua A. Geltzer call the Complexity Trap [one of the few articles I’ve found that challenges the assumption almost everything interesting is complex.]

Allen moves away in his testimony from the theoretical and suggests what his complexity analysis could mean for DHS: as a unit of analysis, DHS may be too small.

No single department, agency, or bureau has the authorizing legislation, appropriation, capability, competency or capacity to address complexity alone. The result is that most government programs or services are “co-produced” by multiple agencies. Many involve the private/non-governmental sector, and, in some cases, international partners. Collaboration, cooperation, the ability to build networks, and partner are emerging as critical organizational and leadership skills. Homeland Security is a complex “system of systems” that interrelates and interacts with virtually every department of government at all levels and the private sector as well. It is integral to the larger national security system. We need the capabilities, capacities and competency to create unity of effort within the Department and across the homeland security enterprise.

Allen is unwilling to wait for complexity and the magic of emergence to produce unity of effort in the system of systems that is the homeland security. He wants to createunity of effort. He’s shifting from a managerial toward a leadership perspective.

What is Allen’s vision for DHS?

As we look forward to the next decade I would propose we consider two basic simple concepts: Mission execution and mission support. Mission execution is deciding what [you do] and how to do it. Mission support enables mission execution.

For the mission execution piece of the vision, Allen wants to take another look (through the next QHSR) at what DHS is responsible for.

[T]here should be a baseline assessment of the current legal authorities, regulatory responsibilities, treaty obligations, and current policy direction (i.e. HSPD/NSPD). I do not believe there has been sufficient visibility provided on the broad spectrum of authorities and responsibilities that moved to the department with the components in 2003….

Once that’s done, he wants to look at how homeland security missions still worth pursuing are carried out, and “without regard to current stove piped component activities.”

Using borders as an example, Allen writes

envision the border as an aggregation of functions across physical and virtual domains instead of the isolated and separate authorities, jurisdictions, capabilities, and competencies of individual components.

Resilience also would get a new, expanded look:

Instead of focusing on “insuring resiliency to disasters” we should focus on the creation and sustainment of national resiliency that is informed by the collective threat/risks presented by both the natural and human built environments. The latter is a more expansive concept than “infrastructure” and the overall concept subsumes the term “disaster” into [the] larger problem set that we will face. This strategic approach would allow integration of activities and synergies between activities that are currently stove piped within FEMA, NPPD, and other components. It also allows cyber security to be seen as activity that touches virtually every player in the homeland security enterprise.”

Allen succinctly illustrates the mission support element of his DHS vision this way:

[W]hen you go to work … every day you [do] one of two things: you either execute the mission or you support the mission…. [If] you cannot explain which one of these jobs you are doing, then we have done one of two things wrong … we haven’t explained your job properly or we don’t need your job.

How to accomplish the vision Allen sets out?

… I see three possible ways forward. The desirable course of action would be build the trust and transparency necessary for the Department and components to [collectively] agree to rationalize the mission support structure and come to agreements on shared services. The existing barriers are considerable but the first principals of mission execution apply here as well … unambiguous, clearly communicated strategic intent and unity of effort supported by transparency and exploitation of information. A less palatable course of action is top down directed action that is enforced through the budget process. The least desirable course of action is externally mandated change.

I think what that paragraph says to the people in DHS is “You’ve been building this agency for a decade. Get your act together internally and fix what you know is not working. If you don’t do it on your own, you will be directed to do it either through the budget or through law.”

I don’t believe the last two options can work. They depend on control, and I think the evidence — including DHS’s first decade — is very clear: deliberate control is not a property of a complex social system, like homeland security.

The first option might work. But it’s up to the men and women inside DHS and the enterprise to make it work. That takes leadership. Not leaders.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

One more vacancy at the Department of Homeland Security

Filed under: General Homeland Security — by Christopher Bellavita on July 12, 2013

Napolitano resigns as Homeland Security secretary

Homeland Security Secretary Janet Napolitano said Friday she is resigning to take a job running the University of California education system.

“I thank President Obama for the chance to serve our nation during this important chapter in our history, and I know the Department of Homeland Security will continue to perform its important duties with the honor and focus that the American public expects,” Napolitano said in a statement.

Napolitano, a former governor of Arizona, is only the third person to lead the Department of Homeland Security. She held the job throughout President Obama’s first term.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

July 11, 2013

Missing Homeland Security PPDs – why not online?

Filed under: General Homeland Security,Port and Maritime Security — by Christian Beckner on July 11, 2013

One of my ongoing frustrations over the past few years, since the merger of the Homeland Security Council into the National Security Council in 2009, has been the decision of the White House not to publicly release – with some exceptions – the Presidential Policy Directives (PPD’s) issued by the President.

This is not an issue of classification or related security concerns – to the best of my knowledge, the relevant homeland security PPD’s discussed below are unclassified and have no control markings.

Steven Aftergood at the Federation for American Scientists has a webpage that is the best online repository of these PPD’s.  As you can see on the list, six of them (2, 7, 8, 17, 18, 21) are on matters that are directly related to homeland security, but only two of these – PPD-8 on national preparedness and PPD-21 on critical infrastructure security and resilience – have been directly released by the Administration. One of them on the FAS site (PPD-2 on biological threats) is a watermarked leaked copy, apparently from DOD, and the other three are not publicly available.

The other three directives are nowhere to be found on the Internet.

PPD-7 is on the National Threat Advisory System, adopted in 2010 to replace the Homeland Security Advisory System.  I received a copy of this one while I was working at the Senate after requesting it, and all it really does is set roles and responsibilities for the rollout of the new system.  There’s no reason why it couldn’t be released publicly.

PPD-17 is on Countering Improvised Explosive Devices, and is apparently linked to this White House strategy on the topic released in February of this year.  The predecessor directive to PPD-17 by the Bush Administration, HSPD-19, was publicly released in February 2007 on the White House website.   Given the renewed attention to this issue in the wake of the Boston Marathon bombing, I would think that state and local law enforcement and emergency management agencies would benefit from a full understanding of current federal policy on this issue.

PPD-18 is on Maritime Security, and is referenced in a few places online, including a Coast Guard notice in the Federal Register, a US Navy document,  a LinkedIn profile, and a (now deleted) job posting at SAIC, but the directive itself is nowhere to be found on the Internet.  This directive replaces NSPD-41/HSPD-13, which was released publicly on the White House website in 2004, and DHS at the time released many of its supporting implementation plans (e.g. this one).

Given that the maritime domain is dominated by non-federal stakeholders – state and local governments, private sector entities, international partners – I do not understand why this directive has not been publicly released.  Without its public release, key stakeholders are likely still assuming that NSPD-41/HSPD-13 is the top-level federal policy directive on maritime security issues, when in reality it was rescinded nearly a year ago.

Why this lack of transparency for a category of documents that had been publicly released in the previous administration? I suspect a primary cause of this is the integration of the Homeland Security Council (HSC) into the National Security Council (NSC) in 2009.  The parts of the HSC that were absorbed into the new structure seem to have taken on the internal processes of the NSC, which has traditionally operated in the classified domain and worked on issues where federal agencies and international governments are the primary (if not sole) actors.  However, for nearly all homeland security issues, the participation of non-federal stakeholders is essential.

It’s not serving anyone’s interests for these directives to be kept so close hold.  Given the issues covered in these directives as well as the President’s stated commitment to government transparency, it’s overdue for these three PPD’s to be publicly released, and for the National Security Staff to become more transparent and forward-leaning in terms of releasing future PPD’s on homeland security-related issues.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

DHS Vacancies Watch

Filed under: Congress and HLS,DHS News,General Homeland Security — by Christian Beckner on July 11, 2013

We are now more than halfway through 2013, and the number of vacancies of leadership positions at DHS continues to increase.  Until two weeks ago, the President had not yet nominated a single official to serve at DHS in a Senate-confirmed position, and had only made one senior-level appointment to a position that does not require Senate confirmation – the selection of Julia Pierson to serve as the new director of the Secret Service.

Having a certain level of senior-level vacancies in a Cabinet department is normal, given the typical churn of confirmed and appointed officials.  But if enough positions are open for a long enough period of time, it can lead to significant operational and management risks to that Department, and also diminishes its accountability to the U.S. Congress.

I am afraid that the Department of Homeland Security is now at the point where it is facing these risks.   As I note below, there are currently no less than 14 senior-level vacancies at DHS.  Given this, I think that it is critical that the White House prioritize nominations and appointment for the key positions listed below, and that when nominations are made, that the Senate act quickly on nominations for qualified candidates.

Below is a list of the Senate-confirmed positions that are currently unfilled (or will soon be unfilled) at DHS:

1. Deputy Secretary: Former Deputy Secretary Jane Holl Lute stepped down in May 2013.  Under Secretary for NPPD Rand Beers is currently serving as Acting Deputy Secretary.  On June 27th, the White House nominated current USCIS Director Alejandro Mayorkas to become the new Deputy Secretary, and his nomination is pending with the Senate Homeland Security and Governmental Affairs Committee.  His confirmation would open up a new vacancy at USCIS.

2. Under Secretary for Intelligence and Analysis: Former Under Secretary for I&A Caryn Wagner left DHS in December 2012.  Bill Tarry has been serving as Acting Under Secretary since that date, but his acting role will hit the 210 day limit under the Vacancies Act in the next ten days.  No nomination has been announced yet.

3. General Counsel:  Former GC Ivan Fong left DHS in September 2012.  Former Counselor to Secretary Napolitano John Sandweg was named as Acting General Counsel, but is now listed on the DHS website as Principal Deputy General Counsel, presumably because he had been in the acting position for longer than the 210 days allowed by the Vacancies Act.

4. Inspector General:  Former IG Richard Skinner left DHS in January 2011.  The President nominated Roslyn Mazer to serve in the position in July 2011, and her nomination was withdrawn in June 2012 following opposition by members of the Senate Homeland Security and Governmental Affairs Committee.  It’s now been over a year since her nomination was withdrawn, and no new nominee has been put forward.  Charles Edwards served as Acting IG until hitting the Vacancies Act limit and is currently listed as the Deputy IG on the OIG’s website.  He is currently being accused of a range of abuses of his position in a letter sent last month by Sen. McCaskill and Sen. Ron Johnson.

5. Commissioner, Customs and Border Protection: Alan Bersin was nominated as CBP Commissioner in September 2009, and in March 2010 was put in the position via a recess appointment by the President.  The Senate Finance Committee held a nomination hearing for Bersin in May 2010, but his nomination was never reported out of the Finance Committee, and his recess appointment expired at the end of 2011.   Since that time, former Border Patrol chief David Aguilar and Deputy Commissioner Thomas Winkowski have served as Acting Commissioner, but no new nominee has been put forward.

6. Director, Immigration and Customs Enforcement:  ICE Director John Morton announced his intent to resign in June and is departing at the end of July.

In addition to these six Senate-confirmed position, there are also senior leadership vacancies in at least eight other senior positions that do not require Senate confirmation, including Chief Privacy Officer, Officer for Civil Rights & Civil Liberties, Assistant Secretary for the Office of Health Affairs, Director of the Domestic Nuclear Detection Office, Assistant Secretary for the Office of Cybersecurity and Communications, Chief Information Officer, Assistant Secretary for the Office of Legislative Affairs, and Executive Secretary.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

Anticipating reality

Filed under: General Homeland Security — by Philip J. Palin on July 11, 2013

If you live in the flood plain you (should) anticipate flooding.

If you live in beetle-infested pine forest you anticipate fire.

If there’s railroad track nearby, a derailment is unlikely today but eventually very likely.

With a fertilizer warehouse, oil refinery, chemical plant, pipeline or such nearby, anticipate trouble.

Dams fail.  Planes crash.  Hurricanes hit.  Tornadoes rip-through towns.

Electricity and telecommunications systems will be disrupted.

Deserts experience drought.

When what’s anticipated arrives we typically count our losses. We mourn.  We move on… usually rebuilding in the same place often in the same way.  A few move away,  exchanging risk of drought (or whatever) for risk of earthquake (or whatever).

We usually discount the worst case, but we take a (very roughly) calculated risk, insuring, even preparing (a bit) for the unwinding of randomness that we associate with natural disasters and accidents.

Another kind of randomness is unwinding.

What’s happening in Egypt, combined with what’s happening in Syria, Lebanon, Iraq, Iran and Sudan (south and north), Somalia, Mali, Nigeria — more would be easy to list — is a social low-pressure system heading this way.  Contending realities are colliding as cold envelops heat across the prairies spawning lighting, hail, wind, and worse.

While mostly a minor player in these struggles, the United States will be blamed for sins of omission and commission, no matter what we do or leave undone.  Good intentions will be ignored.   Ignorance multiplied.  Any conceit or miscalculation condemned.

This is the fate of empire.

The brutal and banal will find sufficient cause to claim revenge.   It will happen with the irregular and mostly unpredictable emergence of a tornado outbreak, California earthquake, or explosion on the Deep Water Horizon.

Given what is happening today, we should anticipate a noticeable increase in “violent extremism” in the years ahead.  As with natural and accidental risks, anticipation can produce practical preparedness and socio-psychological readiness.

In regard to all these risks it makes enormous sense to reduce our self-made vulnerabilities.

For many reasons — most of them having nothing to do with risk — we should increase the quantity, quality, and diversity of our human relationships.  On the worst days, these are what make us most resilient.

Awareness of threats can help, but preoccupation with any threat is seldom helpful.  Otherwise I would never drive in Washington DC (the only place I have ever had a car accident) or fly to Rome or enjoy morel mushrooms.  One of my favorite memories was a week in a city the State Department had just warned against visiting.

When the bad day comes we should use the experience to better understand and reduce our vulnerabilities.  When negligence or intention cause harm, we should hold accountable those involved.

Then we should move on as we are able, just as we do after natural or accidental incidents. Much as I perceive has been done since the Boston Marathon bombings.

I am not advocating denial of risk.  I recognize there is some danger in discounting risk.  But too often I perceive our response to intentional threats has been to unnecessarily amplify our risk.  Given what is happening in the political-religious-economic-meteorological environment the risks are already high enough.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

July 10, 2013

Preparedness that worked

Filed under: Preparedness and Response — by Philip J. Palin on July 10, 2013

This morning the Senate Committee on Homeland Security and Governmental Affairs conducted a hearing on lessons learned from the Boston Marathon Bombings.  Media attention has focused instead on this afternoon’s arraignment of the accused surviving bomber.

Besides the morning session was mostly good news: planning and training helped, coordination and collaboration happened.  The horrific outcomes of a very bad day were mitigated by investments made over the last ten years.  The Boston Police Commissioner complained he didn’t know what the FBI knew about one of the accused bombers visiting Chechnya.  But he also admitted that knowing those details might not have changed anything.

Good news is usually not how the most advertising will be sold.  But it is worth recognizing what goes right, especially when so much seems to go wrong.  All of those testifying had good news to tell.  Here are just three paragraphs from prepared testimony by Boston native Richard Serino:

Since 2000, more than 5,500 Boston area responders have received training through FEMA partners including the National Domestic Preparedness Consortium (NDPC) and Continuing Training Grantees. During that same period, FEMA’s Center for Domestic Preparedness (CDP) has provided Chemical/Biological and mass casualty training to more than 500 Boston responders and providers.

FEMA has supported twelve exercises directly involving the City of Boston. These have included topics as diverse as chemical or biological attacks, hurricane preparedness, hazardous materials events, cyber and improvised explosive devices (IEDs). In 2011, DHS – in conjunction with the FBI and the National Counterterrorism Center – hosted a Joint Counterterrorism Awareness Workshop that focused on integrating response operations to a complex attack in the Boston metropolitan area. More than 200 participants from the local, state, and Federal community participated in the workshop.

As part of FEMA’s Regional Catastrophic Preparedness Grant Program, the Metro Boston Homeland Security Region (MBHSR) in 2012 exercised a Regional Catastrophic Coordination Plan designed to augment existing operations plans by facilitating communication, situational awareness, and functional area coordination across the region in a catastrophic event.

You can read more good news and watch/listen to a video of the testimony at the Committee’s website.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

July 9, 2013

How to spy on yourself without really trying.

Filed under: Intelligence and Info-Sharing — by Christopher Bellavita on July 9, 2013

A friend sent me an email this morning with this subject line: “This is Amazing.”

The message said:

Check this metadata app (you can only use it of you use a gmail account): immersion.media.mit.edu 

I wasn’t the only one to learn about this new creation from the MIT Media Lab.  A lot of people wanted to try it out. So it took a long time to get through. But eventually I did.

I gave the Media Lab permission to see the metadata from my gmail account. Yes, you have to surrender your privacy to see what surrendering your privacy could be like. But what the hell. It’s only metadata. Metadata’s innocuous.

If you’d like to try Immersion, but either don’t use gmail or don’t want to share your account with MIT, here’s a link to an Immersion demonstration:  https://immersion.media.mit.edu/demo

And here is a link to a seven minute video explaining Immersion: https://vimeo.com/69464265

Here’s what the Media Lab’s Immersion Project showed me about my gmail metadata, covering 2004 through July 2013 (names removed):

Cb network image one

Interesting, but what could it mean?

I found James Vincent’s description of the Immersion Project in The Independent:

Plugging your Gmail address into MIT’s Immersion allows the system to scrape your email account for its metadata, and produces a complex bubble map showing who you talk to, how much you talk to them, and what your relationships with your contacts are.

Vincent’s article led me to a blog post by Ethan Zuckerman, describing how he used the tool.

Among his observations:

The Obama administration and supporters have responded to criticism of these programs [identified by Snowden] by assuring Americans that the information collected is “metadata”, information on who is talking to whom, not the substance of conversations. As Senator Dianne Feinstein put it, “This is just metadata. There is no content involved.” By analyzing the metadata, officials claim, they can identify potential suspects then seek judicial permission to access the content directly. Nothing to worry about. You’re not being spied on by your government – they’re just monitoring the metadata.

Sociologist Kieran Healy shows another set of applications of these techniques, using a much smaller, historical data set. He looks at a small number of 18th century colonists and the societies in Boston they were members of to identify Paul Revere as a key bridge tie between different organizations. In Healy’s brilliant piece, he writes in the voice of a junior analyst reporting his findings to superiors in the British government, and suggests that his superiors consider investigating Revere as a traitor. He closes with this winning line: “…if a mere scribe such as I — one who knows nearly nothing — can use the very simplest of these methods to pick the name of a traitor like Paul Revere from those of two hundred and fifty four other men, using nothing but a list of memberships and a portable calculating engine, then just think what weapons we might wield in the defense of liberty one or two centuries from now.”

Zuckerman published the Immersion Project’s image of his gmail account, along with an analysis.
Other network example

The largest node in the graph, the person I exchange the most email with, is my wife, Rachel. I find this reassuring, but [two people involved with Immersion] have told me that people’s romantic partners are rarely their largest node. Because I travel a lot, Rachel and I have a heavily email-dependent relationship, but many people’s romantic relationships are conducted mostly face to face and don’t show up clearly in metadata. But the prominence of Rachel in the graph is, for me, a reminder that one of the reasons we might be concerned about metadata is that it shows strong relationships, whether those relationships are widely known or are secret.

The Immersion image of my emails allowed me to identify people who are key in my network. Here’s an image of one of them, again I have removed the names:

One person image

I am also able to see, based on the thickness of the connecting lines, who in my network has the strongest ties to this central person. And that’s just scratching the metadata surface.

Back to Zuckerman’s blog. After describing some additional implications of his Immersion-generated social network image, he writes:

My point here isn’t to elucidate all the peculiarities of my social network (indeed, analyzing these diagrams is a bit like analyzing your dreams – fascinating to you, but off-putting to everyone else). It’s to make the case that this metadata paints a very revealing portrait of oneself. And while there’s currently a waiting list to use Immersion, this is data that’s accessible to NSA analysts and to the marketing teams at Google. [my emphasis] That makes me uncomfortable, and it makes me want to have a public conversation about what’s okay and what’s not okay to track.

Jonathan O’Donnell commented on Zuckerman’s post with a brief literature review about the consequences of data tracking (see the original posting for links to the cited research):

For me, the classic paper in this area is Paul Ohm’s analysis of why anonymization doesn’t work. He shows that small amounts of metadata, and a modicum of known facts, will reveal big amounts of private information (Ohm, 2010).

For example:
In 1997, two students at Massachusetts Institute of Technology (MIT) analyzed the Facebook profiles of 6,000 past and present MIT students. They demonstrated that they were able to predict, with a very high degree of certainty, whether someone was gay or not, based on their friendship group (Jernigan & Mistree, 2009).

In 2009, Acquisti and Gross demonstrated that they could ‘guess’ a large number of American social security numbers using just the birth date and place of a person (Acquisti and Gross, 2009).

In 2009, Zheleva and Getoor demonstrated that friendship and group affiliation on social networks could be used to recover the information of private-profile users. They found that they could predict (with reasonable degrees of success) country of residence (Flickr), gender (Facebook), breed of dog (Dogster) and whether someone was a spammer (BibSonomy), even when 50% of the sample group were private-profile users (Zheleva and Getoor, 2009).

In 2011, Calandrino and others demonstrated that you could use the “You might also like” feature on Hunch, Last.fm, LibraryThing, and Amazon to predict individual purchasing, listening and reading habits of users of these systems. As long as you knew a small number of items that were true about a person, you could use the system to investigate their private behaviour on these sites (Calandrino et al, 2011).

…I’m pretty sure that these techniques can be chained, so that if you are a prolific user of social networks, people can tell your gender, sexual orientation, country of residence, breed of dog, purchasing, listening, reading and spamming activities, your social security number and your name, even if you were anonymous.

But so what, if you’ve done nothing wrong? Why be concerned?

Some of my colleagues ask me that.

I know of at least one major police department that is concerned the ease of social network tracking is making life more dangerous for its undercover officers. The officers practice safe social networking. But they have little control over the social network practices of other people in their professional and social networks — let alone control over the people in the friends of their friends networks.  It gets megacomplex really quickly.


A few months ago, Bruce Schneier wrote that it’s too late to talk about control.  The Internet won, he says.  Privacy lost.

The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we’re being tracked all the time. … [It] is ubiquitous surveillance: All of us being watched, all the time, and that data being stored forever. This is what a surveillance state looks like, and it’s efficient beyond the wildest dreams of George Orwell.

Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters.

There are simply too many ways to be tracked. The Internet, e-mail, cell phones, web browsers, social networking sites, search engines: these have become necessities, and it’s fanciful to expect people to simply refuse to use them just because they don’t like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don’t spy.

So, we’re done. Welcome to a world where Google knows exactly what sort of porn you all like, and more about your interests than your spouse does. Welcome to a world where your cell phone company knows exactly where you are all the time. Welcome to the end of private conversations, because increasingly your conversations are conducted by e-mail, text, or social networking sites.

And welcome to a world where all of this, and everything else that you do or is done on a computer, is saved, correlated, studied, passed around from company to company without your knowledge or consent; and where the government accesses it at will without a warrant.

Welcome to an Internet without privacy, and we’ve ended up here with hardly a fight.

Oh well, there’s always Pong.  Pong’s innocuous.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

July 8, 2013

Upcoming Senate hearing on lessons learned from the Boston Marathon bombings

Filed under: General Homeland Security — by Arnold Bogis on July 8, 2013

Thanks to Eric Holdeman at the Disaster Zone blog for pointing out this upcoming Senate Committee on Homeland Security and Governmental Affairs hearing on “Lessons Learned from the Boston Marathon Bombings: Preparing for and Responding to the Attack.”

The hearing will take place this Wednesday, July 10 at 10am and will be broadcast on the Committee’s website.

Hearing information (via Eric):

U.S. Senate Committee on Homeland Security and Governmental Affairs Chairman Tom Carper (D-Del.) and Ranking Member Tom Coburn (R-Okla.) will hold a hearing titled “Lessons Learned from the Boston Marathon Bombings: Preparing for and Responding to the Attack” on Wednesday July 10, 2013 at 10:00 a.m. in room 342 of the Dirksen Senate Office Building in Washington, D.C.

The terrorist attack that occurred during the 117thBoston Marathon serves as a reminder that while the U.S. has made great progress in combating terrorism, terrorists at home and abroad still seek to carry out brutal attacks against Americans. While the first priority is to stop these before they occur, it is also important to ensure that when prevention fails, federal, state and local entities are well prepared to immediately respond to the attacks and mitigate their effects.

This hearing is intended to examine the steps that were taken to prepare Boston for threats such as these and the response that followed. In particular, witnesses will discuss the specific steps Boston had taken to prepare for incidents such as these; how these affected the response to the attack; and any significant challenges or lessons-learned that they have identified from the response. They will also share their perspective on whether federal support contributed to the city’s preparedness and the effectiveness of federal support during and after the attack.

For more information or to watch a live stream of the hearing, please click HERE(Note: Please refresh the hearing webpage at the scheduled start time. Streaming will start once the hearing begins.)

WHAT

The U.S. Senate Committee on Homeland Security and Governmental Affairs will hold the hearing, “Lessons Learned from the Boston Marathon Bombings: Preparing for and Responding to the Attack.”

Witnesses

The Honorable Richard Serino

Deputy Administrator

Federal Emergency Management Agency

U.S. Department of Homeland Security

 

Kurt N. Schwartz

Undersecretary for Homeland Security and Emergency Management

Executive Office of Public Safety and Security

The Commonwealth of Massachusetts

 

Edward F. Davis III

Commissioner

Boston Police Department

City of Boston

 

Arthur L. Kellermann, M.D.

Paul O’Neill Alcoa Chair in Policy Analysis

RAND Corporation

 

WHEN

Wednesday, July 10, 2013

10:00 a.m.

 

WHERE

342 Dirksen Senate Office Building

Washington, D.C.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

July 5, 2013

Friday Free Forum

Filed under: General Homeland Security — by Philip J. Palin on July 5, 2013

On July 5, 1987 the Liberation Tigers of Tamil Eelam (LTTE) launched a suicide attack on the Sri Lankan army.  This is seen by many as the beginning of modern suicide terrorism. According to LTTE, 378 suicide attacks were carried out by their specialized “Black Tigers” unit between 1987 and November 2008.

What’s on your mind related to homeland security?

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

July 4, 2013

Securing this homeland

Filed under: General Homeland Security — by Philip J. Palin on July 4, 2013

After two decades trying to be heard by London, the Continental Congress declared the independence of these United States on July 2, 1776.  On July 4 they adopted a document explaining their decision.

The document includes,

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.

While self-evident to some, such truths are seldom self-asserting.

On July 4, 1863 the Army of Northern Virginia began its retreat from Gettysburg.  The grand-children and great-grandchildren of those who adopted the Declaration gave their lives deciding what equality, liberty, and happiness might mean in practice.

Meaning remains contentious.

All men?  Men as in humankind or otherwise?  All? Is that what you really mean?

Created?  When?  At conception, birth, majority?  Where? NYC or OKC?  Yucatan or Utah?  Shenzhen or Seattle?

Equal?  Before the law?  In opportunity? In political responsibilities? In basic conditions?

Endowed by their Creator?  As a matter of natural law, biological inheritance, ethical precondition?  If there is no Creator does the endowment lapse?

Life? Including clean water and food?  Health care?  Death with dignity? Sexual identity? Eccentric expression? Angry and threatening?

Liberty? Prejudice? Religious belief? Gun ownership? Yelling fire in a crowded theater (metaphorically or not)?  Building in the flood zone, on the beach, in the Colorado pine forest? Is the essential liberty the right to be left alone?  A zone of privacy?

Pursuit of happiness?  Property?  Choice?  Hedonism? Epicureanism? Religious fanaticism? Is this 18th Century slang for eudaimonia?  Hot pursuit?  Along for the ride?  Brought along?  Unrestrained?

The homeland I seek to secure is a place where these questions are vigorously asked and different answers can flourish in freedom.

It is meaningful (at least to me) that we do not celebrate the day freedom was declared, but instead the articulation of our case for freedom.  Motivation matters.  Purpose matters.  A decent respect for the opinion of others matters.  Among a free people why is at least as important as what.  In the American context, freedom presumes reason and depends on listening: carefully listening to one another.

July 4, 1776 is our model.  July 4, 1863 demonstrates the consequences of departing from the model.  Where are we today?

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

July 2, 2013

Where The Heck’s My Dec?

Filed under: Congress and HLS,Disaster,Legal Issues — by Christopher Bellavita on July 2, 2013

The post for Tuesday, July 2, 2013 was removed at the author’s request.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

June 30, 2013

19 firefighters reported dead in Yarnell wildfire

Filed under: Disaster — by Christopher Bellavita on June 30, 2013

http://www.kpho.com/story/22724064/19-firefighters-dead-in-yarnell-wildfire

NETC

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

June 28, 2013

Friday Free Forum

Filed under: General Homeland Security — by Philip J. Palin on June 28, 2013

Just in case you missed it, earlier this week a guilty plea by 18-year-old Justin Kaliebe was unsealed at the US Federal Court in Islip, New York.  Court documents detail how Mr. Kaliebe intended to join the forces of Al Qaeda in the Arabian Peninsula (AQAP).  Federal authorities found evidence that the high school student had been accessing online English-language resources from AQAP.  More information from the FBI.

What’s on your mind related to homeland security?

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

June 27, 2013

Private and Public Cultures: Action

Filed under: Preparedness and Response,Private Sector,Strategy — by Philip J. Palin on June 27, 2013

This is — depending on your responses — probably the last in a short series of posts on perceived tensions between private and public sectors in homeland security.  Prior posts have considered context, concepts, and communications.

–+–

In the June Harvard Business Review a three-piece collection focuses on “strategy for turbulent times”.  HBR authors aspire to be evidence-based and action-oriented.  This usually results in story-supported assertions with to-do or not-to-do lists.

In “Transient Advantage” Rita Gunther McGrath argues we now live “in a world where a competitive advantage often evaporates in less than a year [and] companies can’t afford spending months at a time crafting a single long-term strategy”.  After a couple of stories she lists seven dangerous misconceptions and offers paragraph-long explanations for “eight major shifts” in the ways companies need to operate.

If you are a public servant can you translate any four of these into near-term action in your agency… without risking jail-time or, at least, very stern comments by the Comptroller General?

1.  Think about arenas, not industries.  “An arena is a combination of a customer segment, an offer, and place in which that offer is delivered.”

2. Set broad themes, and then let people experiment.  Is that what happened in the Cincinnati IRS office?

3.  Adopt metrics that support entrepreneurial growth.  The author quotes a business executive who advocates, “fall in love with the problem you are trying to solve.”  I have not seen that metric referenced in any GAO publication.

4.  Focus on experiences and solutions to problems.  Okay, that’s a gimme.

5.  Build strong relationships and networks.  Two gimmes.  But accepting is different than adopting which is entirely different from practicing.

6.  Avoid brutal restructuring: learn healthy disengagement.  And how do you explain this to the oversight committee(s)?

7.  Get systematic about early-stage innovation.   When Poindexter et al attempted to do this publicly with Total Information Awareness the NSA learned (see number 8) to do essentially the same thing behind closed doors.  See where that got us.

8. Experiment, iterate, learn.  What do you suppose TSA has learned from its experiment in changing the rules related to onboard knives and related?  It might have learned something about number 5.  But instead I expect it mostly learned that number 7 involves pain.

The private sector organizations I know have been talking about these shifts for the last quarter-century or more.  Some are making the shifts.  A few live in fifth-gear.  Almost everyone dreams of the two-door top-down wind-in-the-hair shift-into-fifth.

Most public sector organizations I have encountered dream about a Prius (or more politically-and-patriotically correct, a Ford Fusion Hybrid SE) or a very large truck of some sort. All go… but the destination, route, and experience tend to be dissimilar.

The private sector celebrates, mythologizes — essentially worships — action.  What can we do?  Now?  Just do it.  As is often the case believers fall short, sin, and are hypocritical.  But almost everyone can also tell a powerful story of redemption.

My private sector patron saint has been Peter Drucker who claimed innovation and sales are the only sources of value.  Everything else is a cost… and costs, like sin, are to be minimized.

Innovation and sales emerge from the crucible of creativity and customers.  The entrepreneur perceives a need that becomes an opportunity.  The entrepreneurial enterprise probes the desires and deficiencies of the market through which a compelling experience and a persuasive solution emerge (see number 4).  Rapid, continuing, and (if successful) increasingly crowded customer feedback informs creative adaptation and an idea becomes reality. Hallelujah.

I have known public sector enterprises that share similar beliefs and behavior.  Hospitals and water systems are among the most action-oriented.

There is also an — obvious — action-bias among police and firefighters.  But in my experience there is an important distinction with broad implications.

In the private sector, and a segment of the public sector, action is targeted to stimulate or facilitate specific actions by others.  Among enforcement agencies action is (mostly) aimed at stopping or controlling specific actions by others.   Many public sector agencies — especially homeland security agencies — are organized to stop undesirable behavior rather than start or serve desirable behavior.  Feedback comes much more slowly, more hierarchically, and is often reported as a reduction — as opposed to growth — in key indicators.

A stop-it culture is not much like a start-up culture.

I spent most of my career in a series of start-ups.  I soon learned to keep lawyers, accountants, and most academics away from the creative process until the enterprise was generating some sort of market-based results.  The critical-thinkers — as opposed to creative-thinkers — were important contributors to refining promising products; but they very seldom saw the need for anything beyond fourth gear and third was fine most of the time.  Government lawyers and accountants seem especially talented in this regard (apologies Bill).

None of this is meant to suggest one culture is innately superior to the other.  Personally I feel more comfortable in the private sector.  But that is an aesthetic rather than an ethical or existential judgment.  Each culture, at its best, is well-adapted to its particular context and purposes.  The two cultures need each other if those who depend on both are to be well-served and if each is to flourish.  In the homeland security domain both cultures are in any case persistently present.

If a stop-it guy and a start-up gal were tagged for a blind date would opposites attract or deflect?  It depends on the self-awareness and sense of humor of each.  If either or both tend toward self-righteousness, watch out for yelling or someone walking out in a huff or no real conversation and no second date.

But we often reserve our greatest affection for that which is mysterious to us (see number 3).  Engineers call this tension, poets may prefer frisson.  It keeps opposites positively engaged. Whatever we call it, homeland security needs to cultivate it in our private-public relationships.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

June 26, 2013

BioWatch and Perceptions of Risk

Filed under: General Homeland Security — by Arnold Bogis on June 26, 2013

Continuing their coverage of the Biowatch program, the LA Times recently reported on a House oversight committee hearing on “Continuing Concerns Over BioWatch and the Surveillance of Bioterrorism.”  A surprising admission, at least to me, that emerged concerns the Department of Homeland Security’s change in their risk assessment of bioterrorism:

Although BioWatch was designed with the belief that hostile foreign governments could sponsor large-scale germ attacks on American cities, the Homeland Security planners said they no longer saw this as the primary threat. They instead believe that small-scale releases of anthrax or other pathogens are the most plausible type of attack — but that these events would be least likely to be detected by BioWatch. 

A couple of points here:

  • Considering when the program was developed, the “hostile foreign governments” in question are likely Iraq, North Korea, and Iran.  We now know that no biological weapon program was found in Iraq.  And I have a hard time believing that North Korea and Iran wouldn’t be deterred by the threat of nuclear annihilation if they were found to have attacked the U.S. with biological weapons.
  • However, I also remember that at the time there existed a high level of concern that terrorists could produce or obtain and disperse a biological agent over a city or in a large building.  This was in the aftermath of the anthrax letters.
  • So what’s changed in the risk equation?  Perception or an updated assessment of a terrorist group’s potential operational capabilities?  Fears of Iraqi weapons proved unfounded and maybe analysts came to believe there is some level of protection from hostile states afforded by having thousands of nuclear missiles and a fearsome conventional military?  Is the degradation of “Al Qaeda Core” seen as removing the primary terrorist source of a large scale bio-attack? All along was the primary concern that terrorists could only get a lot of anthrax from a state sponsor, but this was kept secret to duck questions about deterrence? Or have they just stopped listening to Richard Danzig?

The technical problem:

Two Homeland Security scientists, Segaran Pillai and Douglas Drabkowski, have “cited a number of limitations” with BioWatch’s detection ability, called sensitivity, according to an investigative summary prepared by the Energy and Commerce Committee’s staff.

Pathogens released at low, yet infectious doses are “least likely” to be detected by BioWatch because of “the system’s lack of sensitivity,” the summary said.

One Congressman’s solution:

As for Generation 3, Murphy suggested that spending billions for it would be inconsistent with the Homeland Security Department’s revised assumptions regarding a large-scale bioattack. The assumptions are outlined in the department’s bioterrorism risk assessments, conducted every two years.

“This costly approach is unbalanced and misdirected,” Murphy said. “It makes no sense to expand outdoor monitoring for a less likely large-scale attack, while not addressing the declining number of public health responders who are needed in any kind of attack.”

I absolutely agree with the last statement.  The recession hit the public health workforce hard, and these are the very men and women who will be on the front lines of a response to a bioterrorist attack or a naturally occurring pandemic. If the federal government could provide funds to increase the number of local cops during the 1990s, how about doing the same for public health today?

In terms of this latest turn in the BioWatch program, I am both happy and a little dismayed.  Happy that this seems to be an indication that some real risk analysis is taking place, albeit behind closed doors.  Dismayed that I harbor concerns that before all this money was spent, the system was conceived to detect any aerosolized attack and this new focus on “small-scale releases” is  due to the realization that planners wrote checks that technology can not yet cash.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn
« Previous PageNext Page »