Friday, June 19, 2009

Stewart Baker moves his blog

If you've been looking here, at Homeland Reading List, for imprudent Baker blogs, please note that I've moved to a new address:

"Skating on Stilts" is the working title of a forthcoming book on DHS and technology.

Sunday, June 14, 2009

A European abuse of human rights that couldn't happen in America, but will happen to Americans

UK libel law has always been a great way for the wealthy to bankrupt their critics.  Now it's not just being used by terror financiers and their friends.  Chiropractors are suing to shut up their critics, and it appears that U.K. judges are enthusiastically stacking the deck against Internet critics of chiropractors' dubious claims.  This kind of human rights violation could not happen in the US, but UK courts are surprisingly willing to impose their values on the rest of the Internet, so it can happen to Americans who have the temerity to use the Internet. 

You might almost think that Europe is the seat of legal imperialism and unilateralism. 

Saturday, June 13, 2009

Do hospitals and governors make money off medical identity theft?

OK, here I'll go out on a limb. I would appreciate some help from any readers, because I'm a little out of my area of expertise, but I've been doing some more thinking about medical identity theft, and there's a scary possibility that hospitals and governors might actually profit from some forms of medical identity theft.

Here's my thinking. Contradictions welcome:

Let's start with something I know for sure. If you're an illegal immigrant in the United States, you're not supposed to work here. With some modest exceptions, though, illegal workers have found that they can beat the system if they steal the name and Social Security Number of an American. And in many industries, such as meat-packing, identity theft by illegal workers is endemic. All of those workers, then, have IDs in the name of an American and they also have that American's social security number, which they used to get their job.

Now suppose you're an illegal worker who's just been laid off from an Iowa meat packing company when you discover you've got a serious disease -- heart problems or cancer or diabetes, say. You can't afford treatment for such a thing. So you go to the local hospital, and they tell you that, under federal law, only legal immigrants can get subsidized nonemergency treatment.

This is a problem for you, and for the hospital. You still want treatment, and the hospital is full of people who would feel pretty bad about themselves if they turned you away. You might die untreated or go home to get what they consider substandard care. Doctors don't like to think they would turn away anyone just because they can't pay, but realistically they can't afford to treat all the poor illegal immigrants in the community. Most of them probably think Congress made a terrible mistake in refusing treatment to anyone in the U.S. But not strongly enough so they want to provide the care without reimbursement.

That tension sends the hospitals back to the rule book. Is there a loophole? Well, maybe. Exactly what, they ask, do you need to do to prove that you are a legal immigrant? In 1996, Congress said you had to produce actual evidence that you were here legally -- a passport or a birth certificate, mainly. But that was a hassle for Americans and for hospitals. Not to mention illegal immigrants. So Congress decided last year to ease the requirement. Now you only have to produce proof of identity, plus a social security number that matches your name.

That's good for deserving poor people who've lost their documents. But it's even better for illegal workers, many of whom have already obtained a driver's license in the name of some poor American, whose SSN they've also borrowed. If the illegal worker presents that license and SSN, everyone's problems are solved. The illegal immigrant gets treatment, the hospital workers feel good about themselves, plus they don't have to pay a price for feeling good about themselves, because Medicaid is picking up the tab. And the State, which is on the hook for reimbursing the hospital, can pass the cost on to the the federal government. Everybody wins, except for the federal budget and the poor schlub whose medical records will be screwed up forever.

In short, the state and the hospital have a powerful economic incentive to look the other way when patients use stolen identities to get medical treatment. If no one looks too closely, the hospital and the state will come out fine. They'll all get paid, and the patient will get treated. But if the state or the hospital cracks down on fraud and stolen identities, they'll end up stuck with patients who can't easily be turned away but whose care will go unreimbursed, costing the hospital or the state a lot of money.

So, what could mess this sweet deal up? Well, better security standards for driver's licenses could. The harder it is to get a license using a fake name, the more likely it is that illegal immigrants will not be able to fake their way into the Medicaid program. And that will put hospitals and state reimbursement authorities back in the moral and economic dilemma of how to handle illegal immigrants with serious diseases.

So getting rid of REAL ID and making sure that driver's license security continues to be bad may save the states money in two ways. First, they won't have to pay for things like validating breeder documents. And second, by making identity theft easier, it will allow states and hospitals to get federal reimbursement after they treat people who aren't actually eligible for Medicaid. As long as they don't look too closely at their patients' actual legal status.

So the complaint by governors that REAL ID will cost them billions might actually be true. Of course, not having REAL ID will cost federal taxpayers those same billions, but that's not the governors' problem.

Oh, and the risk that your medical records will be contaminated by an identity thief's blood type, allergies, and health conditions? Also not the governors' problem. They've got budget problems to worry about, and this is a twofer. What, did you think they were elected to worry about you?


OK, that's harsh. And maybe I've missed something in the way the incentives of the Medicaid and Medicare programs work; that's not my field. I'm happy to correct myself if I've been too cynical about the way all this fits together. Let me know.

Wait! Does that mean the National Governors Association is going to kill us?

The medical identity theft report I cited earlier shows a startling connection between medical identity theft, REAL ID, and the National Governor's Association.

The report contains this charmingly clueless passage about what health care providers are doing to stop medical ID theft.
Some providers at Kaiser Permanente, a health network with 30 medical centers and 431 medical offices, now ask to see a driver’s license in addition to the program’s health card. The University of Connecticut Health Center, concerned after a case of medical identity theft occurred there, began checking patient driver’s licenses.

That would be a great idea if driver's licenses were actually a secure form of identification. But they aren't. They suffer from a variety of bad security practices that make it easy to get a real license issued in a false name. That's something that REAL ID was designed to fix. To take one example, it would have required states to actually perform an electronic validation of "breeder documents," like birth certificates, before the documents could be used to obtain a license.

But the National Governors Association doesn't want states to have to spend money improving driver's license security, and it bridles at the federal government setting standards for license security. NGA is leading the charge to repeal REAL ID and substitute a new driver's license law that would among other things eliminate any need for states to validate breeder documents. The NGA is likely to win that battle.

If they succeed, of course, it will remain easy for people to get driver's licenses in other people's names. And then to get medical treatment in other people's names. And in the process to change the blood types on record for the poor sucker whose identity they've stolen with that driver's license.

(The privacy advocates who neglected identity theft when HIPAA was passed are playing an even worse role here. The ACLU and others are campaigning to repeal REAL ID, and they've laid down covering fire for the NGA's attack. So in the name of protecting privacy, they're making the world safer for what could be deadly forms of privacy invasion.)

So if you're wondering whether your governor is trying to kill you, the fairest answer is "Not exactly." That's just a side effect of the effort to unravel REAL ID.

Identity theft can kill you?

Yep. How so? Well, first, medical ID theft is a growing problem. Here's a fascinating report on this undercovered problem:

It turns out that doctors and nurses with a drug problem make fake entries in patient files to justify prescriptions that they fill for themselves. Medicare and Medicaid fraudsters concoct entire courses of treatment for real people and bill for them. And illegal immigrants who wouldn't be eligible for services on their own use the identities they've already stolen to get jobs as a way of getting treatment.

That's bad, but what's especially troubling for ordinary citizens is the way it screws up their medical records. They may only find out about the fraud when they're told they've used up the lifetime health insurance limits they paid for. Or, worse, they could go in for treatment unconscious and be given a transfusion of the wrong blood type because their records had been altered to match the blood type of the identity thief. That's a pretty heavy price to pay for identity theft. And it's likely to get worse as the Administration's electronic medical record initiative takes hold, and medical records are increasingly consolidated into a single electronic patient history that is accessible by all providers.

HIPAA, perhaps unsurprisingly, is more or less useless in addressing the problem. The privacy advocates who helped draft it were so busy abusing pharmaceutical companies and insurers that they evidently didn't have time to think about privacy violations that might kill us.

Does hacking fund terrorism? Maybe so

I'm still waiting to see evidence that music and move piracy has been used to fund terrorism, but the Post has a remarkable story about hacking that may have funded terrorism.

The story also shows how hard it will be to deal with this problem. The scam featured a Jordanian and a bunch of Pakistanis and Filipinos operating out of the Philippines and Italy; they hacked into PBXes with weak security and then charged calls around the world to the unsuspecting companies that owned the PBXs. The calls were made from Italian call centers and generated profits that the authorities suspect went to terrorist groups in the Philippines.

But after a three-year FBI investigation, the Bureau arrested exactly zero suspects, and the indictment filed by Justice will sit in the NJ district court while the authorities in Italy and the Philippines decide what to do with the people they arrested. For a law enforcement culture that values busts and convictions, this can't be an entirely satisfying conclusion to a heavy investment in resources. But without that investment, our infrastructure will be increasingly at the mercy of organized crime and perhaps even terrorists.

Missing the point on cyber security

The Washington Post decides that the new cyber-command is mainly interesting because it is an opportunity to raise privacy concerns. Here's the lead:

The Pentagon's development of a "cyber-command" is prompting questions
about its role in the larger national strategy to protect government
and private-sector computer networks and whether privacy can be
protected. And the command is fueling debate over the proper rules to
govern a new kind of warfare in which unannounced adversaries using
bits of computer code can launch transnational attacks.

We're actually closer to 1984 than most people realize. Antidemocratic forces have the ability to turn on cameras in our homes and offices -- to monitor our every action and every keystroke. That's the lesson of the ghostnet report.

But you won't find any sign of that problem in today's story.

That's because the 1984ish powers aren't being exercised by the US government or NSA. And apparently there's no room in the Post for a story that doesn't make the US and NSA the chief privacy villains.

Monday, June 8, 2009

Downgrading Biological Weapons Funding?

If H1N1 gets bad, the Obama administration plans to fund its response effort by pulling billions out of the fund devoted to bioweapons defense.  The bipartisan WMD commission thinks that's irresponsible.  The commission is right.

Saturday, May 30, 2009

Girl Talk

Most of my workout picks were pretty obvious, but Girl Talk deserves a bit of context. Girl Talk is really Greg Gillis, a Pittsburgh biomedical researcher (if he worked with Tara O'Toole, it's time to queue the Twilight Zone theme).

Girl Talk's been doing mashups and concerts for years, and he's got a brilliantly exacting sense of timing and a knack for finding unlikely cuts to mash up. I hear the sixties in there; you'll hear whatever music was popular when you were seventeen. Remarkably, he's sampled dozens of popular artists without being subjected to the large licensing demands that usually come with sampling. It turns out to be easier to make music these days if you're judgment-proof; he just stopped worrying about legal rights and released his music. But the music industry deserves some credit for letting him continue to sample unmolested. (He's apparently offered some small fees that reflect his returns to sampled artists.)

Girl Talk isn't for everyone. You'll like it if you like M.I.A. and have to have a high tolerance for bad language, of both the old school (the seven dirty words) and the new school (ethnic and racial slurs). Even then, some of the material is too hip-hop for me.

I wanted to post a clip or two here, but Blogger only allows the posting of videos, not mp3s -- I assume that's the result of music industry antipiracy scrutiny. But the good news is that you can sample the music free. Girl Talk's album is available (in a Creative Commons license) on a "pay what you want" basis here. So you can pay nothing, download the album, and decide whether it's worth anything to you. Then you can go back and pay -- and they'll throw in bonuses if you pay more than $10. Of course, you'll have to explain to your spouse why there's a charge for "Illegal Art" on your credit card. That's Girl Talk's label.

Evolution of the Cyber "Czar" in Four Easy Steps

Remember the original proposal for a cyber "czar" who would bring coherence to all network security activities across the government? The lines of authority would be crisp and clear. The cyber czar would report directly to the President as a sign of his or her authority. He or she could just walk into the Oval Office all alone and tell it like it is.

Need an organization chart? Piece of cake:Well, on second hand, that may not quite work. Cyber security is a matter of national security, and the departments need to weigh in on cyber issues through existing channels.

But, really, that's no problem. We'll put the cyber czar into the National Security Council. There will still be one voice and one chain of command for all cyber security issues. It will just go up through the National Security Adviser. And, of course, the National Security Adviser will escort the czar into the Oval Office.

Guess we'll have to change the title, though:

Wait! We reckoned without Larry Summers and the National Economic Council. We don't want national security types running amok and wrecking the most innovative sector of the economy with incautious regulation in the name of security.

Anything the cyber czar does really needs to be subject to the full discipline of an economic review. Make the position part of the NEC process too. The czar can report up through both the National Security Adviser and the National Economic Adviser. Once the czar has found a position that both advisers can agree on, well, they'll both go into the Oval Office with him, just to keep him honest.

Okay, with two bosses, perhaps another description of the position is in order:

Hold the presses! NEC isn't the only White House office that wants to assert its prerogatives. What about OMB, which traditionally sets budget standards and measures departmental compliance with White House priorities? What about the CIO and CTO positions that the President just filled with such fanfare? They aren't chopped liver. Cyber security is all about information and technology. Oh, and the Office of Science and Technology Policy -- what is cyber security policy if it isn't science and technology policy?

Better give them a veto over what the cyber czar says to the President, too. We'll have to move the meetings out of the Oval Office, of course, but there's bound to be an auditorium nearby.

With these changes, we'll need a new org chart and a new title, but surely there's a czar who could serve as a role model for the position. ... Um ... hang on ... it'll come to us ...

Yes! We've got it:

Friday, May 29, 2009

Messing with Moblin

Last week, I downloaded the Moblin 2 beta and installed it on an Asus Eee. It's a pretty quick boot, the boot manager is slick, and the beta is reasonably bug free.

But I don't get it.

The interface is willfully different. Navigation requires clicking on utterly uncommunicative icons whose labels only show up with a mouseover. Here's one: oOo. That says it all, eh? Even the mouseover just tells you it is the icon for "zones". Whuh? In fact, it's where active applications are displayed.

I feel the same way about Chrome, the Google browser. Using it, I miss my Firefox tabs and addons, and I sort of resent being told that I have to learn a whole bunch of new conventions with no promise that the system will actually work better. Of course, the interface is more austere and Applish and aesthetically satisfying, so I guess we're supposed to sit down and shut up. It's Design, and Design has only a limited interest in the hoi polloi.

I'm also having trouble figuring out where the repository is for apps like open office. (Contacts and calendar programs come with the install, but not a word processor.)

Oh, and somehow it doesn't seem possible to display websites on the whole screen. There's always a good half-inch of black space at the top of the screen that I can't get rid of. Not sure whether to blame Moblin or Chrome, but it's a good 10% of the screen on a netbook, and I can't afford to lose it.

Ok, I suppose there are some advantages to Linux here, but frankly, I'm using the XP partition on the same machine a lot more than I'm using the Moblin partition. XP is almost as fast to boot, and Firefox over XP is as speedy as Chrome. It finds my Wifi connection automatically as soon as the netbook is turned on. Moblin in contrast just sits there and waits for me to remember to go turn wireless on, usually after I've said, "Hey, how come none of my websites are coming up?" I bet all this is fixable if I tweaked a few settings. But Moblin is too new to have a bunch of support sites to mine for advice.

All in all, an argument for being conservative about computer interfaces. (Of course, for a 20% discount off the price, lots of people would learn a new interface, so the real question is whether netbook makers will pass on Linux's low initial cost to buyers, who will then see a reason to try new interfaces.

New workout music

Current favorites:

Jazmine Sullivan's "Bust the windows out your car" -- Soaring strings. Great beat. Vindictive woman. Hard to resist.

BoA -- K-pop: where Britney's music team went when Britney lost it

Daddy Yankee -- reggaeton with swagger

Mark Ronson's love affair with horns pays off again in "God Put A Smile Upon Your Face"

Maybe best of all: Girl Talk -- mashes and remixes the sixties into a sweet puree

He didn't even have to hear the announcement or read the report

To ask "Who Would Want to Be the Cyber-security Czar?"

And then there's this:
President Obama has made document and information security a priority,
and we’re nearing the end of a 60-day review period. That’s just a
fancy way for the government to say they’ve studied a problem to the
point where they can announce more work needs to be done.

Why you shouldn't get your US domestic news from Australian papers

Instapundit and Slashdot (and probably others) are featuring a story about Homeland Security scanning the fingerprints of travellers leaving the US.

Unfortunately, the story, from an Australian IT outlet, made serious errors. It claimed incorrectly that US citizens would be fingerscanned. It also succumbed to the assumption that any idea that can be made to sound like creepy and dumb security must have been the brainchild of the Bush Administration, accepted only reluctantly by the new administration.

In fact, the requirement for fingerprints on exit was first put in law in 1996, was recommended again by the 9/11 Commission, and was also included in the 9/11 implementation act. Despite this, the Bush administration was always a little ambivalent about the requirement -- mainly because the requirement is not a security measure.

Departing travelers are, well, departing. If they're terrorists, they've had their chance to attack us already.

Plus we already get passport data on departing passengers. Getting fingerprints too just makes the identification a little more certain, so the error rate goes down two or three percent. Since fingerprints are a hassle for everyone, and expensive, the Bush administration was pushed by Congress into gathering prints on exit. Congress has in essence said that Poland and other candidate countries will not be eligible for visa-free travel unless the Administration implements prints-on-exit.

Congress wants the prints because some in Congress believe visa-free travelers overstay their 90-day travel permission and become illegal immigrants. If people must check in and then check out, Congress believes, we could track down the ones who don't check out and deport them. Even if overstays from this group were a big problem, and in the scheme of things it probably isn't (these are travelers from developed countries, after all), it isn't particularly cost-effective to create a big program just so we'll have marginally more accurate check-out records. What exactly will we do with the newly improved list of people who didn't leave on time? It wasn't likely that the Bush administration would find the resources to track down every overstaying backpacker from Japan, and it's even less likely that the Obama administration would treat that as a priority. So we're perfecting a bookkeeping system that probably will never be used in the fashion that Congress envisions.

My guess is that the Obama administration is setting up fingerscan pilots for the same reason that the Bush administration probably would have -- to preserve the option of bringing new countries into the visa-free travel program. But the idea that this is some Bush administration plot foisted on the new guys is a figment of Aussie media imagination.

Tuesday, May 12, 2009

O'Toole hit job, part 2

Milton Leitenberg, the author of the "Army War College report," has asked me to put up a few points that he'd like to make about my Tara O'Toole post. Leitenberg's points are below, followed by my comments.

1. Leitenberg says that, in fact, the Army War College did not pay for the study:

There was NO "contract", neither to the University of Maryland, to the institute at which I sit, the Center for International and Security Studies , nor to me. Nor, as is implied by the word "contract", was there any payment for the work, which took about six months to complete. Instead, the editor of the publication series produced by the Strategic Studies Institute at the US AWC solicited the study from me after seeing an earlier conference paper that was published in another book.... In fact the University does not provide me with a salary either. I have been working that way for some years now. (I am 75.5 years in age ....) But I have been working on CBW issues since the mid-1960's. Some of my recent and current work is funded by Foundation grants ( a book about the history of the Soviet BW program) , but some is not , and this was not. In this case, it didn't even occur to me to ask the AWC/SSI if they could provide any funds because I simply assumed that they didn't do that."
2. Leitenberg says it's not unusual for an AWC study to include a disclaimer that it doesn't reflect the views of the Army:
"[T]hat statement and the rest of that page appears in precisely the same format in every AWC publication, even ones written by members of the Army War College faculty, which is the great majority of the cases, and even if those AWC faculty have been there 10 and 20 years. The statement therefore denoted no specific disengagement by the AWC/SSI from my text in any way different from that of any other author whose work they publish . "
3. Leitenberg also feels that I did not do justice to the length and heft of his work:

"Finally, other reviewers have referred to that study as a "book" , but in any case, 115 pages is most certainly not an "op-ed"."
My responses:

1. Leitenberg is correct but off point. The point of my original post was that the Leitenberg report was not "an Army War College report" because it was not written or endorsed by the Army War College. That's true. It was written by Milton Leitenberg, and it reflects his views, not those of the Army War College. Does it matter that Leitenberg was not paid, which is the error Leitenberg is complaining about? I don't see how. It's still a personal opinion piece; indeed, not being paid for the report separates it even further from the Army War College. (Usually, research you pay for is likely to be something you value; getting a research paper for free doesn't imply the same level of interest or commitment.)

2. This is not really a correction but an objection to something I didn't say. I didn't say that the AWC has repudiated Leitenberg, simply that they haven't endorsed him, and thus that it's misleading to call his very strong views, as Wired does, an "Army War College report." Leitenberg's point isn't wrong; it's just not relevant to my post.

3. Again, he's right but off point. The report is long; I'd be happy to call it a short book. A short and highly opinionated book. Which was my point. This is not a careful, even-handed government report, it's the work of a man with a very definite point of view.

And a very particular style of argument. Remember Leitenberg's complaint that the 2002 exercise was unrealistic because one of al-Qaeda's main bioterror researcher's had already been arrested? It was correct but irrelevant to the purpose of the exercise, which was to focus on things al-Qaeda might be able to do, not things it had a verified capability to do on a particular day.

His notes to me are very similar in style. You can't say the criticisms are wrong, exactly; they just sort of miss the point, or bury it in an avalanche of literalism. And they're accompanied by much the same misplaced passion. At one point he calls my original post "completely concocted disinformation," which seems a little overwrought given the irrelevance of the correction.

Now that I've corresponded with Milton Leitenberg, I have more sympathy than ever for Tara O'Toole.

Monday, May 11, 2009

RIM: hopeless

I thought I might download a few apps from the BlackBerry apps store.  Bad idea.  RIM seems determined to discourage customers.  You can't use its apps shop if you run Firefox; IE is required.  You also have to run ActiveX, a remarkably unsafe product to enable.  And you have to open a PayPal account.  All just to browse the store. 

Good luck with that, RIM.

Saturday, May 9, 2009

Ka-boom! Can't get enough

Just because, really, you can't get enough pix of exploding buses, here's the best story yet on the "black box camera" that DHS Policy drove through the bureaucracy. CNN Tech - Big boom economics

A hit job on Tara O'Toole

Wired Magazine has smeared the new DHS nominee for Science and Technology, Tara O'Toole, as a “bioterror disaster.” I may have met O'Toole, and I certainly know her work, which left me impressed, so the attack on her seemed unfair. Even the first piece recognized that O'Toole is “a doctor, the CEO of the University of Pittburgh’s Center for Biosecurity, the former chairwoman of the Federation of American Scientists, and the brains behind a series of influential disaster response exercises that woke Washington up to the threat of terrorists with weapons of massive destruction.” In a remarkable display of support, the comment section of the article was immediately flooded by signed statements from prestigious scientists rebutting the claim, forcing the publication of a second, slightly more balanced article. (I apologize the lack of hyperlinks to this and other web accessible documents, but Scribefire, which is very convenient for some things, such as linking to a single article, is pretty much unbearably clunky for others, such as inserting new links or removing doublespacing from quotes.)

Even taken together, though, the Wired articles add up to a hit job designed to slow her confirmation. They are not even-handed journalism.

Why do I think that? Well, to take one example, Wired claims in both articles that O'Toole's war game scenarios in 2002 and 2005 were criticized in “an Army War College report” for “grossly misleading assumptions.”

The problem with that claim is that the reporter doesn't seem to have actually read the front pages of the report. The report was, it's true, paid for by the U.S. Army. But it says at the start that The views expressed in this report are those of the author and do not necessarily reflect the official policy or position of the Department of the Army, the Department of Defense, or the U.S. Government.”

In this case, that's not boilerplate. The contract was apparently given to a Maryland research institute, which in turn subcontracted it to Milton Leitenberg, who is listed as the sole author. That's as it should be, because the report is clearly a personal op-ed in support of the proposition that, as he says, “Bioterrorism may or may not develop into a serious concern in the future, but it is not 'one of the most pressing problems that we have on the planet today.'” (Emphasis in original.) Leitenberg's candidate for the planet's “most pressing problem” seems to be getting ready for pandemic flu, which he (a bit anomalously) seems to think is not related to preparing for biological terrorism.

So the whole point of the Leitenberg study is to debunk bioterrorism as a risk. In that cause, he attacks the 2002 and 2005 bioterrorism exercises for what he thinks are unrealistic assumptions. That criticism boils down to the assertion that al-Qaeda is not (quite) ready to launch (exactly) the attack set forth in the exercises. Below, I quote a sample of the criticism; see how persuasive you find it.

First, Leitenberg explains the scenario's backstory:

The scenario posits that the al-Qaida group’s scientists received microbiological training at Indian and U.S. universities. These scientists received additional training when the group hired a scientist who was part of the former Soviet Union’s offensive biological weapons program. ... Then, with their own microbiology training, the terrorist group was able to acquire all the required laboratory equipment to grow and process the Variola major seed stock they had acquired into a relatively high-quality dry powder that was then used in the attacks.

Then he explains why this backstory is unrealistic:

In the real world, Al-Qaida had one single individual who had received a BS degree in Biology “with a clinical concentration” at a U.S. college. He could in no way be described as a “scientist.” Furthermore, he was arrested in December 2001. The individual with more advanced training who supplied al-Qaida with its microbiological literature was unwilling to himself do any laboratory work for them. The few pieces of standard equipment obtained by the group in Afghanistan were rudimentary in the extreme.

I find this utterly unpersuasive. Does Leitenberg really believe that we should only prepare for attacks that al Qaeda could carry out with exactly the personnel they had in 2001? Since the only real proof of al Qaeda's capability is likely to be an attack, that's not a recipe for being prepared. That's also not a lesson you'd expect government to learn from 9/11, which featured tactics and capabilities al Qaeda hadn't used before. And finally, that's not the usual basis for exercises, which ought to stretch the participants to respond to a range of possible disasters.

Leitenberg's criticisms of the exercise scenarios are such a stretch that they suggest he has a pretty big policy axe to grind. And Wired's credulous citation of his personal views as an “Army War College report” suggests that Wired is holding the grindstone.

That's not the only time Wired slants its coverage. Wired gives loving attention to this quote from Rutgers researcher Richard Ebright:

“O’Toole is as out of touch with reality, and as paranoiac, as former Vice President Cheney. It would be hard to think of a person less well suited for the position. ... She was the single most extreme person, either in or out of government, advocating for a massive biodefense expansion and relaxation of provisions for safety and security. She makes Dr. Strangelove look sane.”

OK, we're all aware of the Hitler rule -- the first debater to compare his opponent to Hitler has already admitted he's losing on the merits. I think we can update it a bit; in academic debate, it should be prima facie evidence that you've lost your sense of balance if you invoke both Richard Cheney and Dr. Strangelove in talking about a colleague.

Does Wired ask whether Ebright might also have his own axe to grind, something that would account for this peculiar passion? Nope.

But you don't have to dig far into Google before you discover that Dr. Ebright is a biological researcher who has received NIH funding – and who has argued passionately that research projects like O'Toole's have improperly shifted NIH funding away from traditional biological projects and toward the kind of research Ebright doesn't do.

Here's an excerpt from an undated Ebright slide show criticizing NIH for foolishly funding bioterror research in heavily secured labs. It's a heartfelt point of view; Ebright even puts it in red font so no one will miss it:

“[S]ub-par research has been funded. As a further result, an incentive structure has been created that has diverted scientists out of highly promising, biodefense-relevant, model-microorganisms and non-bioweapons-agents-pathogens research (where funding is tight and competitive) into less promising bioweapons-agents research (where funding is loose and easy).”

Now I'm not competent to judge whether Ebright himself has asked for funding to do “highly promising, biodefense-relevant, model-microorganisms and non-bioweapons-agents-pathogens research (where funding is tight and competitive).” But I think any reader of the Wired article would want to know just how personally Ebright thinks he's been affected by O'Toole's success in attracting funds.

At a minimum, even without a personal interest on Ebright's part, it seems clear that Wired has wandered into a medical researchers' food fight of epic proportions, with billions in funding at stake. Ebright is probably right to worry that O'Toole's appointment makes it less likely we'll see a return to the good old days of lavish funding for the “highly promising, biodefense-relevant, model-microorganisms and non-bioweapons-agents-pathogens research” that Ebright likes.

But descending to personal smears to shift NIH funding priorities is unworthy of him and of Wired.

Wednesday, May 6, 2009

Hey, this is good news

Tara O’Toole for Science and Technology.  Tara O'Toole is smart and has a clear focus on biological weapons risks.  Can't do better than that.

Tuesday, May 5, 2009

"The standards we had in this country"

The list of people banned from the UK tells us something we may not want to hear. The Home Secretary released 16 names precisely to send a public message: "I wanted to make the names of those people we had excluded public so that others understood the standards we had in this country."

If you think the Home Office wasn't counting the origins of these folks, you don't know much about politics, especially for something as symbolic as this list. So let's take a look at the numbers:

8 Islamic extremists (a couple of actual terrorists and lots of preachers)
5 Americans (a neo-Nazi, two "God hates fags" crusaders, a KKK grand wizard, and ... a right-wing talk show host)
2 Russian gangsters (2 racially motivated killers)
1 Israeli settler

So let's see if we can "understand the standards" the UK government is applying. It's actually pretty clear.

First, there's the balanced ticket. Muslim extremists are bad; nearly as bad are those right-wing Americans. Oh, and their Israeli sidekicks.

Here's another way to slice the list: killers v. talkers. The Americans and the Israelis are the only groups that don't include actual killers. The six Western talkers are treated as equivalent to a mix of ten killers and talkers from the East.

And one more cut: politics. Unless, like some on American campuses, you think that Islamic extremism must be leftist because it hates America, everyone on the list would be characterized as "right wing" or "fundamentalist," certainly by The Guardian. Environmental, anti-genetic-modification and animal rights extremists may have caused more damage in Britain recently than rightists, but they don't make the list. Neither do apologists for leftist violence on a mass scale. Raul Castro? Cambodian mass murderers? Don't be so twentieth century. There just wasn't room for them, given the threat posed by American talk show hosts.

So, from the European government that is closest in viewpoint to ours, internal politics requires treating the U.S. (and Israel) as morally equivalent to people who justify the 9/11 attacks, and ignoring the difference between talk and murder -- all in pursuit of "balance."

OK, thanks. That's what we needed. Now we understand the standards the UK government is applying.

Sunday, May 3, 2009

Border closure or border enforcement?

Sec. Napolitano is right, of course, that there's no point in closing the border to reduce swine flu risk.  It would be more effective to impose distancing and disinfecting requirements on planes and buses, domestic as well as international. 

I'm more concerned about the first U.S. cases.  They're described as having been in the border community.  Does that mean illegal immigrants?  Because if the earliest US cases were illegal immigrants, CDC should have notified CBP about the risk of exposure arising from border enforcement measures. 

So, was there a border enforcement risk of infection, and if so, did CDC properly warn CBP?

Jack Kemp

Jack Kemp Dies.  Right to the end, he was a 'bleeding heart conservative,' pushing DHS and me in particular to grant humanitarian parole to several surviving relatives of 9/11 victims who had been in the US illegally.  We did, but only for a year.  Surprisingly, Congress has done little or nothing to make that legalization permanent, and the one-year parole will soon expire.

Friday, May 1, 2009

Cyber security testimony

For those who want to read the whole thing, it is here.

Video summary can be found here.

If you're a glutton for punishment, the whole hearing can be found here.

Cyber security and the story of my life

In preparing for testimony about how the government should be organized for protecting Internet communications, I suddenly realized how foolhardy I had been to join the launch of two out the three most recently created Cabinet departments. At this excerpt from the testimony shows, new government startups are nearly always doomed to years of disappointment before even partial success is likely. Since joining new government startups is pretty much the story of my life, it's fair to question my judgment.

Without intending it, I’ve become something of an expert in the process of creating new government organizations, having worked to establish two of the three most recent Cabinet departments. I helped Shirley Hustedler start the Education Department in the late 1970s, and at DHS, I started the DHS Office of Policy. That was a startup within a startup. The more I’ve seen of government reorganizations, the more skeptical I’ve become about their value, and I’m especially skeptical about the recommendation to create a NOC.

Let me explain why. There is a kind of lifecycle to proposals for new governmental organizations. In the first stage, proposals for organizational change begin to gain momentum -- almost always because the existing organization of government is flawed. After all, no one suggests changes when things are going well. Sometimes there’s been a shocking failure, such as the 9/11 attacks that led to the creation of DHS. Sometimes the flaw is a lack of governmental focus on a mission that seems more important than before, as with the Education Department. But we always begin with an existing organization whose flaws have suddenly become especially prominent.

The second stage, when proposals for organizational change become concrete, requires an exercise of imagination. The new organization has to be envisioned. Since the whole point of the new organization is to cure the failings of the old organization, I think it’s fair to say that the proponents of change never imagine an understaffed, overworked agency that drops balls. No. More or less by definition, an organization that does not exist does not have any flaws. So there’s a great temptation to give this new organization great responsibility. After all, the old agencies have sometimes failed, and the new agency has not.

Unfortunately, that’s only the second stage. In the third stage, the new organization actually begins work. In the glare of publicity it takes up its new responsibilities. But as a brand-new agency, it has to hire staff, find space, let contracts, arrange for IT support, and lease copiers, all before it can begin to carry out the missions that it has been assigned. Meanwhile, the agencies that lost ground in the reorganization snipe from the sidelines or make a bid to recapture their old turf. Six months after it’s been created, the new agency is still struggling to put in place the basic capabilities that any agency needs to function. Instead of the ideal organization imagined by lawmakers and commission members, the new agency is all too flawed. Only after years of effort does the reorganization begin to produce improvements that the outside world can see.

I’ve lived that cycle. I’ve helped write reports that called for the creation of new organizations to respond to existing agencies’ flaws. I’ve joined new organizations full of enthusiasm for the newly imagined perfection that they will embody. And I’ve labored to deliver perfection in offices that had no light bulbs, no staff, and no way to move paper around the office. It’s that experience that makes me dubious about creating a National Office for Cyberspace.

Wednesday, April 29, 2009

More on cameras that survive terrorist attacks

Ka-Boom! The sequel.

Pix from 14 out of 16 cameras were recovered.  Pretty cool for dirt-cheap cameras.

Tuesday, April 28, 2009

I testified today on cybersecurity

It was a pleasure to be back in front of such a thoughtful, bipartisan committee.  Here's the gist:

"DHS's execution of its responsibilities has certainly not been perfect, but it has spent much of the last year improving on its record. It has able new leadership and a head start on creating the capabilities it needs. I would be inclined to build on that foundation rather than starting over," he said.

Isn't there good news about swine flu?

I haven't seen anything to this effect in the press, but it seems to me we're very lucky in the timing of this outbreak. Flu has trouble spreading in the summer; flu viruses don't usually survive as long in high-humidity conditions. So this variant will probably spread slowly until next autumn. Which is about how long it will take to develop a vaccine. So we'll get targeted protection just when we need it.

Why hasn't someone in the media mentioned this? Maybe they're smarter than I am. Or maybe it cuts down on media hype and frenzy and sells fewer papers.

Sunday, April 26, 2009

Why Don't We Cut Sec. Napolitano Some Slack?

Most of the blogs I read, and some House Republicans, are trashing Janet Napolitano and demanding her resignation. These are my peeps, but I think they're wrong to be doing this. Here's why.

Her sins are said to be three: refusing to talk about terrorism and instead referring to "man-caused disasters;" issuing an intel report that focuses on right-wing extremism and says that veterans are the subjects of right wing terror recruiting; and falsely saying that the 9/11 hijackers came through Canada. I don't think any of these things are the basis of a demand that she step down.

1. The man-caused disaster quote isn't easy to defend (although at least she didn't talk about "person-caused disasters"). The attention-getting awkwardness of the language could have been the result of translation issues, I suppose (she gave the quote to a German paper in Germany). But there's no doubt that she is avoiding any language that could be called fear-mongering. In so doing, she's feeding the public's reluctance to face the very real threat that's out there. The risk today is not fear and panic but self-satisfaction and torpor in the face of risk. So she deserves the criticism she's getting on this point.

At the same time, I suspect that she's constrained here by a President and a White House suffering from George Costanza syndrome ("just do the opposite of whatever the last team would have done"). She just can't sound like the last administration. Putting the best face on it, I think the serious people in the new administration are hoping to be just as effective as the last team but without the drama -- sort of the Gary Coopers of counterterrorism. Personally, I think they're kidding themselves. If elected leaders aren't candid about the threat and willing to talk about it, then people get insouciant; voters start demanding that any antiterrorism measure that's inconvenient be rolled back. And then the quiet tough Gary Coopers who thought they could do the job without the drama end up trying to do the job without any of the tools they were counting on.

So: bad idea, but not exactly a firing offense.

2. The intel report. Watch what you wish for here. The worst you can say about the report is that it wasn't written so as to avoid the possibility of giving offense. But if you believe that intelligence about possible terror threats should be sent in a timely way to local cops, who outnumber federal agents about 10 to 1 and are out on the street a lot more than federal agents, this is pretty much the kind of thing that is going to be sent.

Do you really want the intel reports sent to local cops to be written to avoid even the possibility of offense by any group that gets hold of the report, or do you want them issued quickly and written by people who are better at counterterrorism than political correctness? Frankly, the report as a whole is already so full of hedging and backfilling that its value was limited. Should it have said even less? Pretended that Timothy McVeigh wasn't a terrorist or ignored his background? By making a political issue out of an admittedly clumsy effort to survey the risk of right wing terrorism, the critics on the right have almost guaranteed that future intelligence reporting will be slower, less informative, and more politicized. And how long do you think it will be before the new PC standards are applied to other groups? Maybe the American Gangster Antidefamation League will object to the next MS-13 report, or CAIR will want to be sure that al-Qaeda is not linked to any particular religion in future reports. Like I said, be careful what you wish for.

But wait, wasn't the report the opening salvo in a Democratic war on the right? I'm sorry, I just don't see it. In fact, I'm more afraid the current flap is the beginning of an effort to galvanize conservative paranoia about antiterrorism measures: "We're out of power and now we're being disrespected and oppressed by Big Government." Talk about letting the left colonize your mind. Isn't that the netroot model -- paranoid delusions of oppression while sipping chardonnay at the Bel Air Country Club? Seriously, if the right falls into this trap, antiterrorism measures will turn into permanent partisan footballs -- necessary protections in the view whoever's in the current administration and instruments of oppression in the view of whoever's out of power. Shirts v. skins; paranoids v. authoritarians. And everyone gets to change sides every four to eight years. That's just wrong. Maybe this administration will misuse their authorities, though I'm more worried that they'll fail to use them out of political correctness, see 1. above. If DHS misuses its authority, we should call the Secretary on it, but this humdrum report is not a sign of looming oppression.

3. It's true that none of the 9/11 hijackers came through Canada, but the Secretary didn't exactly give a speech saying they did. She was misled, probably deliberately, by a Canadian reporter with an agenda and a trick question. She tried, a bit awkwardly, to turn the conversation to what she knows -- that Canada is the source of most of the border threats she sees or that we saw in the years after 9/11. That is true. So she was right directionally if not in her literal response to the gotcha question.

But let's go beyond the question to the broader agenda the question was meant to serve. The fact is that the US and Canada have different national interests at the border. That journalist's question was part of a concerted Canadian effort to roll back American border security measures by suggesting they were imposed by ignoramuses who don't even know where the 9/11 hijackers came from. That's wrong, but the fuss being raised by the right over this remark will feed the Canadian sense that they're being victimized unfairly by DHS security measures. Again, I'm surprised to see the right taking sides against their own government and in favor of Canada's media and its political class in this dispute.

4. Finally, for my fellow conservatives, who are you hoping to get at DHS if Janet Napolitano steps down? I gather there still are a few law professors who haven't been appointed to high office in this administration; want one of them? The fact is that she has delivered quietly on the substance of counterterrorism -- facing down people in her party and in Canada who tried to get her to drop the border passport requirement that will go into effect in June, keeping Secure Flight (an improved no-fly approach with privacy critics) on track, and resisting European Union efforts to undercut our existing passenger screening measures. From a substantive security point of view, you aren't going to do better, and you definitely could do worse.

I suppose it's possible to argue that nailing a scalp to the wall this early will weaken the administration and that that will slow the administration down across the board. But in my view that's not a good reason to go after the leadership at DHS -- or DOD, or the FBI, or any of the agencies that keep us safe. We worked hard in the last administration to keep DHS out of partisan games like that; it's bad for the country and it could cost lives. We shouldn't play them now that we're out of power.

Tuesday, April 21, 2009

Gotcha, part 2

You can't say that Canadian media doesn't know how to do its job.  Immediately after a journalist misleads the Secretary into suggesting that maybe the 9/11 hijackers came from Canada, Canadian politicians get to express outrage at the suggestion.

A diplomatic skirmish has broken out over suggestions by the U.S. homeland security chief that terrorists routinely enter the country through Canada - including the perpetrators of 9-11.

Janet Napolitano's remarks in a recent Canadian television interview have angered MPs who are in Washington to participate in a border conference.

The comments have also frustrated Ambassador Michael Wilson, who is once again trying to dispel the 9-11 border myth nearly eight years after the 2001 attacks.

Canadian broadcaster plays gotcha with Secretary Napolitano

The CBC interview with Secretary Napolitano gives a good feel for the continuing demonization of DHS in media north of the border.  The passport/passcard requirement is attacked as unnecessary right out of the box:

"[A] lot of people in Canada, and I suspect a lot of people in the northern part of the United States, are wondering why, why tamper with something that has clearly worked so well for so many years?

Then, when the Secretary defends the initiative by saying that "to the extent that terrorists have come into our country or suspected or known terrorists have entered our country across a border, it's been across the Canadian border," the journalist leads her into an error:

NM: Are you talking about the 9/11 perpetrators?

JN: Not just those but others as well. So again, every country is entitled to have a border. It's part of sovereignty. It's part of knowing who's in the country.

Having set her up, the journalist pounces:

NM: You know you mention terrorism, and there have been a lot of prominent American officials, including Secretary of State [Hillary] Clinton when she was a senator and a number of other congressmen and senators, that have said that there has to be tighter security because a lot of the 9/11 perpetrators came in through Canada.

The fact, of course, is that they didn't. They all came directly into the States, sometimes with U.S. visas. Senator [Charles] Schumer cited terrorists crossing at Buffalo, and then had to concede that that hadn't happened. I think there's kind of a popular misconception in this country that Canadians have been battling for a long time that we're somehow a nest of terrorism. But in reality it's not the case. And why is that view so common here?

Arguably, the Secretary should have known where all of the 19 came from, but that is history, and she's got a lot to worry about in the present.  I don't see any sign that she actually believed the hijackers came from Canada or that this impression was driving policy.  What's driving policy is the other terrorist threats that she cites.  It looks to me as though she was simply going along with what seemed to be the journalist's statement of fact.

But if the journalist wanted to know why Americans worry about Canadians' commitment to the fight against terrorism, he provides it himself by grousing that the US hasn't taken Maher Arar off our no-fly list, making the dubious claim that Arar was found "not guilty" by a Canadian judge.  When the Secretary says that Arar's case was reviewed and we concluded that his status shouldn't change, he insists on treating this as hostility to Canada:  "So Canada was wrong."

That's it.  On terrorism policy, the Canadian media's two main concerns are getting the US to defer border security measures and getting us to take Arar off our no-fly list.

Monday, April 20, 2009

Lawyers run amok

Federal lawsuit filed against Homeland Security Secretary Napolitano

Here's the theory, if you can call it that:

Richard Thompson, President and Chief Counsel of the Law Center stated, "Janet Napolitano is lying to the American people when she says the Report is not based on ideology or political beliefs. In fact, her report would have the admiration of the Gestapo and any current or past dictator in the way it targets political opponents.  This incompetently written intelligence assessment, which directs law enforcement officials across the country to target and report on American citizens who have the political beliefs mentioned in the report, will be used as a tool to stifle political opposition and opinions.

Lawyering up the border

Only a lawyer would think that our border officials should  treat travelers who spend three months in Waziristan exactly the same as travelers from Iceland.  But that's apparently what the Asian Law Caucus and the Stanford Law School Immigrant Rights Clinic are proposing.  Anything else would be a "proxy" for ethnic profiling:

CBP officers have also indicated
that they consider travel to high-risk
destinations as a factor warranting greater
scrutiny.40 In theory, this basis for scrutiny
looks to behavior – where people go rather
than who they are ....
Depending on how this factor is applied,
however, use of travel histories could serve as
a proxy for more invidious profiling, since
most travelers to particular countries are
people who have ethnic ties to those

Tuesday, April 14, 2009

DHS makes headlines in both Drudge and Huffington Post

The notorious DHS report looking at possible right-wing extremism has managed to hit the top of both left and right blogs, with HuffPo hyperventilating at the prospect of actual proof that right-wingers are coming to get them and the conservative blogosphere shouting that they've been smeared in a Obama administration hit job.

Everybody take a deep breath.

Sorry, HuffPo, but DHS's intel office doesn't really justify the scary headline, and BelAir is still safe. DHS's intel office seems to be writing a spec piece; it doesn't want to look stupid if there is a series of violent acts in the near future. So it assembles the conventional wisdom, sprinkles its limited factual matter over the result, and sends it out. The theory is that this assemblage of clues and stories and guesses might be useful to some Montana trooper or Virginia patrol officer who stumbles upon a right-wing extremist group in the course of his duties. And it might be, I suppose.

Sorry, Michelle Malkin, Powerline, etc. but I doubt that this is politically motivated in any partisan sense. It takes a few months to produce something like this, especially without a deadline, and there's no partisan political leadership at the intel office. The report does have a whiff of someone toward the top of the bureaucracy saying, "Shouldn't we do a report on the risk of right wing violence, now that we've got a black President and all? Might get us some attention higher up, and I'd like to know how worried we should be." So some poor shlub gets assigned to see what he can pull together. You can find anticonservative bias in that if you want to, but the author clearly was working to avoid it, which is why the piece noted that lots of people who, say, oppose wider or illegal immigration are just exercising their rights.

I've read a fair amount of intel analysis over the years, and you really have to read it with some care. This report is pretty typical of product that DHS intel turns out by the dozen -- for better or worse. The right way to read the report is to say, "This analyst was assigned to pull all the evidence of growing rightwing extremist violence into one place so decisionmakers could evaluate the risk. This is all he could find." Read that way, it's a lot more favorable to the right than either the right or left blogosphere seems to think.

Thursday, April 9, 2009


The NYT says that a series on television (FX) plans to include a character, played by a guy named Daniel Sunjata, who will claim in an episode that "9/11 was “an inside job, 'the result of “a massive neoconservative government conspiracy' that was designed to increase American power by creating a pretext for seizing control of the world’s oil supplies — a view Mr. Sunjata himself happens to share."

Well, it isn't just that he "happens" to share those views. He got them into the script. Sunjata was peddling this loathsome line of malarkey on the set; the understandable offense taken by the firefighters who advise the series seems to have inspired the writers to include the shtick. (Anyone else might have said, "Wow, that's both wacked and offensive, let's show this guy the door." In Hollywood, though, offensive and wacked are pretty much the business model.)

Pretending that al Qaeda didn't carry out the 9/11 attacks is a blood libel against the United States; it will be used to justify the murder of Americans and to dishonor the sacrifices our troops have made since 9/11.

Here's my favorite line from the article: "Mr. Sunjata admits to some trepidation about how the show’s audience will react to the story line. “I won’t say that my opinions were warmly received on the set,” he said. “At one point I thought, ‘Maybe I’ll get fired if I keep opening my mouth.’"

From his lips to God's ear.

He really means it -- immigration reform effort to begin this year

Monday, April 6, 2009

Drumbeat of alarm over EU-US law enforcement relationship

Well, maybe two articles don't make a drumbeat, but Mark Richard's article with Leslie Lebl parallels many of the concerns I've expressed here and in print.  Mark is a legendary DAAG in the criminal division at Justice, and a long-time Justice rep in Brussels.  He thinks the US hasn't faced up to the threat that is posed to US law enforcement by the peculiar dynamics of Brussels.  I agree.  (Nice sidenote:  Mark praises the DHS agreement with the EU on PNR as favorable, particularly in contrast to concessions given up by Treasury in a similar negotiation.)

Monday, March 30, 2009

More efforts to discredit international law

Wasn't that what they said after 9/11? 

"Now we are all Americans.  Or prosecutors of Americans.  Or whatever."

If you wondered whether the Bush Administration was being paranoid when it said that the ICC would be used against Americans, this ought to help with the answer.

Saturday, March 28, 2009

Canadians say Chinese have hacked the Dalai Lama's computers

I guess we shouldn't be surprised.  Researchers: Cyber spies break into government computers.

Good listening

Tired of NPR?

Academic Earth provides a massive selection of college lectures (video and audio).

And crowdsources the best podcasts (with what I suspect is a bias for the sponsors').

But for pure daffy fascination, you can't beat In Our Time (, where Melvyn Bragg cracks the whip to get three academics to cover some random topic in history to his satisfaction.  It's like the New Yorker used to be.  You never know what you'll get when you open it, and you don't need to ask.  Just start listening; Melvyn knows what's good for you.

Friday, March 27, 2009

Is FEMA better today as part of DHS than it was under James Lee Witt?

James Lee Witt has insisted for years that putting FEMA into DHS was a bad idea.  After all, he says, we never had disasters like Katrina when FEMA was an independent agency with cabinet rank -- that is, when he was running it.  Well, the dirty little secret is exactly that.  We never had disasters like Katrina in those years.  In fact, according to Wikipedia, the worst disasters in those years were the 1993 midwest floods and the Northridge earthquake.  Both killed about 50 people.  Not one hurricane caused significant fatalities under President Clinton (Andrew, which did kill two dozen, was in 1992 and may have been the last straw for President Bush's reelection hopes). 

In contrast, FEMA under DHS has faced five hurricanes causing double-digit, triple-digit, and even quadruple-digit fatalities (Charley, Frances, Ivan, Rita, Katrina -- a total of more than 2000 dead).

Of course Witt looked good in comparison.  He was playing in Division III, while DHS  found itself playing the Celtics. 

But now we may have  a chance to see how FEMA and DHS look when they're playing in Witt's division. There is major flooding in the Midwest again.

It may not be quite as bad as 1993, since the water's going north on the Red instead of south on the Mississippi, but it's close enough.  Fargo is likely to go under. 

Witt has a lot to say about what a good job he did in responding to the 1993 floods.  Well, if FEMA does as well in 2009, maybe he'll have less to say about moving it out of the department.

Kindle 2

I had lunch with an actual reader of this blog. (It occurs to me that I could probably have lunch with all of the readers of this blog, maybe at a small table. So if you are reading this and call or send email or post a comment within 24 hours of this posting, we'll have lunch -- Dutch treat, of course, I'm still as cheap as ever.) At any rate, over lunch my reader asked if I really disliked the Kindle. And I realized that it's easy to leave the wrong impression.

So, for the record, the Kindle is a great way to read books. The instant access to Amazon is cool (Duelfer's book is now available), and the ability to read a few pages in odd places or parts of the day also allows me to read more. (It's cutting into my podcast listening a bit, but that's no big deal.) The problems have receded. I figured out how to keep the thing from losing its place, and a very good Amazon service call told me how to reboot/reset the thing to recover my lost subscription. I still worry about dropping it, but I'm planning to buy a cover. Reading the WSJ on it isn't ideal, but in fact I read more on the Kindle than I would on line. Amazon's lame DMCA view is annoying, but most readers won't care because they'll buy their books from Amazon at the fairly cheap price of $10.

In short, if you're thinking of getting something for a parent, I'm guessing that they'll have no problems. But I wouldn't start out by getting them a subscription to a newspaper. Pick some books instead.

DHS's role in securing identity

has a remarkably large role in identity documents.  It inspects more than 2 million a day, and it controls or heavily influences identity document standards across the US and around the world.  For a long riff on this issue, see the Stewart Baker video recorded for Secure Document World.  As an added bonus, Michael Chertoff and Kathy Kraninger videos are at the same site.

Thursday, March 26, 2009

The Obama Administration's worst mistake

I can't believe the new team is seriously thinking about releasing Gitmo detainees inside the US.  Actually that's not the worst of it; they're apparently also thinking about giving the detainees welfare: "some sort of assistance for them to start a new life," according to DNI Blair.  Well, that will make the days of Ronald Reagan campaigning against "welfare queens" seem quaint.

No good deed ...

Every day, thousands of fliers are delayed because they have the same name  as a suspected terrorist.  That wouldn't happen if Congress and privacy advocates hadn't stalled Secure Flight, which would give DHS direct access to passengers' names and (gasp!) birthdates, so DHS could tell the difference between people on the list and people with similar names.  As a stopgap, TSA has cleared 80,000 fliers.

Now, the people who made the mess -- Congress and the ACLU -- are complaining  about it and acting as though TSA's action proves that the government's watchlists are out of control.  They aren't.  Congress is.

Sec. Chertoff breaks free from billable hours

Michael Chertoff is a superb lawyer, but DHS gave him a chance to spread his management wings, so it's no surprise that, while he'll be practicing law (at Covington), he's also forming a consulting firm to work with companies and governments.

Napolitano will fight over passports on Canadian border

This has been foreshadowed, but DHS and the Obama Administration are now publicly taking a difficult political stand for homeland security, essentially telling Louise Slaughter and other northern state reps that the deadline for passports on the Canadian land border will be enforced.

If you're looking for signs that the  Administration is willing to support homeland security even when inconvenient, this is it.  It was an early test, but the Administration didn't blink.

Monday, March 23, 2009

More on ACTA and laptop searches

Michael Geist responds to my last post by quoting from an EU submission to the ACTA talks: "Where a traveller's personal baggage contains goods of a non-commercial nature within the limits of the duty-free allowance and there are no material indications to suggest the goods are part of commercial traffic, each Party may consider to leave such goods, or part of such goods outside the scope of this section."

I read this as allowing parties to decide not to apply the terms of ACTA to personal baggage. Such an exemption seems fine from a national security point of view, since the Parties remain free to conduct electronic searches in accordance with their existing policy. They are also free to change that policy if they wish.

That's what ACTA should do. In fact, if the US negotiators are smart, they'll adopt something like the EU proposal just to make sure that people can't campaign against ACTA by suggesting it will mean a dragnet for downloaded music at the border.

And full props to Michael, who is not only well informed, he's got the texts to prove it. So why is EFF filing a FOIA claim with the US government to get ACTA docs? They can just ask Michael for them.

Sunday, March 22, 2009

ACTA negotiations and homeland security

A fierce critic of the Anti Counterfeiting Trade Agreement, Michael Geist, is blogging about the negotiations.  I nearly spit out my coffee when I read this passage:

The Border Measures proposals are also still subject to considerable disagreement. Some countries are seeking de minimum rules, the removal of certain clauses, and a specific provision to put to rest fears of iPod searching customs officials by excluding personal baggage that contains goods of a non-commercial nature.

(My emphasis.)  If this is so, USTR did a remarkably poor job of coordinating with DHS on the negotiation of the border measures sections of ACTA.  As far as I know, USTR never suggested that it was putting into play DHS's authority to conduct searches of electronic equipment. 

DHS doesn't bust people for carrying downloaded music or movies on a searched laptop.  It has more important things to worry about.  But  electronic searches have turned up plenty of child porn and jihadi snuff films, and DHS has kept dangerous people out of the country (or sent them to jail) as a result.  The ability to do those searches is a key to securing our borders.  We shouldn't be considering the surrender of effective counterterrorism measures in trade negotiations, for crying out loud (if that's really what's happening; Michael Geist is pretty far removed from what's actually being negotiated).

Friday, March 20, 2009

"How about starting our diet tomorrow?"

Rep. Louise Slaughter and other border state representatives really want to implement the passport requirement on the Canadian border, just like most of us want to go on a diet -- tomorrow.  Having postponed this 9/11 Commission recommendation until June 2009, they now want to postpone it until after the 2010 Olympics.

Because of all the people who will drive to Vancouver  for the Olympics by way of Detroit, Buffalo, and Vermont, I guess.

Thursday, March 19, 2009

The Great Travel Reservation Data Battle

Nathan Sales and I tell the story of the battle over travel reservation data between DHS and the European Union.

Yes it's a law review article, with footnotes, but it's also a good read.  Here's the start:

It’s June 14, 2003 at Chicago’s O’Hare international airport. The U.S.-led war to topple Saddam Hussein’s Ba’athist regime in Iraq was launched a little less than three months ago. Resurgent fears of terrorism have kept some would-be passengers from the skies, but O’Hare is still operating at a fairly brisk pace.

A Jordanian man named Ra’ed al-Banna is among the throng of passengers who have just arrived on KLM flight 611 from Amsterdam. After waiting in line, al-Banna presents his passport to U.S. Customs and Border Protection officers.

The CBP officers consult the computerized targeting system used to screen passengers who seek to enter the U.S. The information about al-Banna – drawn from his airline reservations and past travel – triggers a closer look. The officers examine al-Banna’s documents, and they begin asking him questions.

Something doesn’t add up. Al-Banna has a legitimate Jordanian passport; he holds a valid visa that allows him to work in the United States; and he had visited the U.S. before for a lengthy stay. But the officers aren’t satisfied that he’s being completely truthful with his answers, so they decide to refuse him admission. Al-Banna’s fingerprints are taken, and he is put on a plane back to Jordan. 

So far it sounds like a fairly routine day at the border. And it was, until events in Iraq nearly two years later gave it a new, and sinister, significance. 

On February 28, 2005, at about 8:30 in the morning, several hundred police recruits were lined up outside a clinic in Hilla, a city in the south of Iraq. With no warning, a car drove into the crowd and detonated a massive bomb. 132 people were killed, and about as many were wounded. At the time, it was the deadliest suicide bombing Iraq had seen.

The driver was Ra’ed al-Banna. We know that because when authorities found the steering wheel of his car, his forearm was still chained to it.

No one knows why al-Banna wanted to be in the U.S. in 2003, or what he would have done if he had gotten in. But we do know what kept him out – the government’s ability to quickly marshal the data that first triggered a closer look, and that the CBP officer later used to question al-Banna closely and to conclude that his answers weren’t satisfactory.

At the center of that system was airline reservation data, known as Passenger Name Records or “PNR.”

Wednesday, March 18, 2009

Cat:pigeons, haggis:fire

Obama:comprehensive immigration reform

You've got to admire the man's cojones, if not his political judgment.

Napolitano hangs tough on TPS for Haiti

A much faster way to provide relief would be for Department of Homeland Security Secretary Janet Napolitano to exercise her power under the law and approve such status by executive order. But she has no such intention, said her spokesman, Sean Smith.

"There is no change in our policy on temporary protected status, and deportations to Haiti are continuing," he said Tuesday. "And let me be clear: No one living in Haiti right now should be attempting to come to the United States in hopes that they will be granted TPS."

Washington Times - Protected status sought for Haitians

First EU talks with US raise new barriers to closing Gitmo

US wants to send some Gitmo detainees to European nations, and they are willing to take them.  What's the problem?  The EU has stepped into the process and is imposing what look like new preconditions. The EU says they're not conditions, but reading the press, I think that can be translated as "They're not preconditions, but we want answers to our questions, assurances that you'll reject the legal basis for Gitmo detentions and agreement on a framework for talking to European governments before there'll be any progress."  Here's the excerpt -- see if you can read it differently:

The officials declined to enumerate the questions but said they went to the case against each detainee that Europe might be asked to accept. They also sought assurances that the policies underlying the system of detention in Guantanamo are a thing of the past.

"We have a list of questions, not conditions," said Ivan Langer, the Czech interior minister whose country currently holds the presidency of the European Union. He added at a news conference Monday in Washington, "There is one condition: maximum information."

Accompanying Langer was Jacques Barrot, a vice president of the European Commission. The visit was the first formal senior contact between the European Union and the Obama administration.

Langer said the decision of whether to accept detainees is one for individual states within the union, but because of open borders in continental Europe, officials there would like an agreed framework among the member states in advance of any transfers from Guantanamo.

Tuesday, March 17, 2009

Canada recycles old "preclearance" proposals

Canada's Public Safety minister is playing down the DHS border security review. 

And offering a shopworn proposal to customs preclearance in Canada:

As an example, Van Loan said Canada is interested on reopening talks with the Obama administration about opening U.S. customs pre-clearance facilities at Canadian land border crossings. The aim would be to allow trucks carrying goods to the U.S. to clear American customs before they arrive at the border, "the same way we pre-clear passengers at airports" in several Canadian cities. The idea went nowhere under the Bush administration.

It went nowhere because the US would have to give up its search authorities, be subject to Canadian court supervision, and generally submit to very different Canadian notions of what can and can't be done at a border. How is that improving security as well as facilitating commerce? 

Napolitano handles Der Spiegel

Cybersecurity hearing roundup

Here's a good roundup of cybersecurity hearings.

Most ironic criticism was the claim that the initiative was flawed because it only dealt with government infrastructure.

Several witnesses at Tuesday's hearing echoed James Lewis of the Center for Strategic and International Studies, who argued that the "greatest failing" of the CNCI was that the initiative "despite its name, was not comprehensive." In part because it was launched under a veil of secrecy and without statutory support, the CNCI focused primarily on securing the dot-gov domain. But as a report sent to Congress last month by the Institute for Information Infrastructure Protection stressed, 85 percent of the nation's critical infrastructure is privately owned and operated.

We've had twenty years of industry telling government to butt out; suddenly the real problem is its unwillingness to butt in?  Well, critics have to criticize, and they had a choice of (a) "We're shocked at the government's failure to address security problems in the private sector" or (b) "We're shocked at the government's sneaky attempt to address security in the private sector while pretending not to.  The economy and your privacy are at risk!" 

All in all, I prefer (a)

Quick, call the European data protection police!

PNR and travel reservation data are being used to make long flights more enjoyable.

No guns for commercial pilots?

there are plenty of ways to get stupid with guns in the cockpit, and pilots found a lot of them, but I'm still uneasy at the idea of ending the program, which is where the Washington Times says the administration is heading.