Monday, March 30, 2009

More efforts to discredit international law

Wasn't that what they said after 9/11? 

"Now we are all Americans.  Or prosecutors of Americans.  Or whatever."

If you wondered whether the Bush Administration was being paranoid when it said that the ICC would be used against Americans, this ought to help with the answer.

Saturday, March 28, 2009

Canadians say Chinese have hacked the Dalai Lama's computers

I guess we shouldn't be surprised.  Researchers: Cyber spies break into government computers.

Good listening

Tired of NPR?

Academic Earth provides a massive selection of college lectures (video and audio).

And crowdsources the best podcasts (with what I suspect is a bias for the sponsors').

But for pure daffy fascination, you can't beat In Our Time (, where Melvyn Bragg cracks the whip to get three academics to cover some random topic in history to his satisfaction.  It's like the New Yorker used to be.  You never know what you'll get when you open it, and you don't need to ask.  Just start listening; Melvyn knows what's good for you.

Friday, March 27, 2009

Is FEMA better today as part of DHS than it was under James Lee Witt?

James Lee Witt has insisted for years that putting FEMA into DHS was a bad idea.  After all, he says, we never had disasters like Katrina when FEMA was an independent agency with cabinet rank -- that is, when he was running it.  Well, the dirty little secret is exactly that.  We never had disasters like Katrina in those years.  In fact, according to Wikipedia, the worst disasters in those years were the 1993 midwest floods and the Northridge earthquake.  Both killed about 50 people.  Not one hurricane caused significant fatalities under President Clinton (Andrew, which did kill two dozen, was in 1992 and may have been the last straw for President Bush's reelection hopes). 

In contrast, FEMA under DHS has faced five hurricanes causing double-digit, triple-digit, and even quadruple-digit fatalities (Charley, Frances, Ivan, Rita, Katrina -- a total of more than 2000 dead).

Of course Witt looked good in comparison.  He was playing in Division III, while DHS  found itself playing the Celtics. 

But now we may have  a chance to see how FEMA and DHS look when they're playing in Witt's division. There is major flooding in the Midwest again.

It may not be quite as bad as 1993, since the water's going north on the Red instead of south on the Mississippi, but it's close enough.  Fargo is likely to go under. 

Witt has a lot to say about what a good job he did in responding to the 1993 floods.  Well, if FEMA does as well in 2009, maybe he'll have less to say about moving it out of the department.

Kindle 2

I had lunch with an actual reader of this blog. (It occurs to me that I could probably have lunch with all of the readers of this blog, maybe at a small table. So if you are reading this and call or send email or post a comment within 24 hours of this posting, we'll have lunch -- Dutch treat, of course, I'm still as cheap as ever.) At any rate, over lunch my reader asked if I really disliked the Kindle. And I realized that it's easy to leave the wrong impression.

So, for the record, the Kindle is a great way to read books. The instant access to Amazon is cool (Duelfer's book is now available), and the ability to read a few pages in odd places or parts of the day also allows me to read more. (It's cutting into my podcast listening a bit, but that's no big deal.) The problems have receded. I figured out how to keep the thing from losing its place, and a very good Amazon service call told me how to reboot/reset the thing to recover my lost subscription. I still worry about dropping it, but I'm planning to buy a cover. Reading the WSJ on it isn't ideal, but in fact I read more on the Kindle than I would on line. Amazon's lame DMCA view is annoying, but most readers won't care because they'll buy their books from Amazon at the fairly cheap price of $10.

In short, if you're thinking of getting something for a parent, I'm guessing that they'll have no problems. But I wouldn't start out by getting them a subscription to a newspaper. Pick some books instead.

DHS's role in securing identity

has a remarkably large role in identity documents.  It inspects more than 2 million a day, and it controls or heavily influences identity document standards across the US and around the world.  For a long riff on this issue, see the Stewart Baker video recorded for Secure Document World.  As an added bonus, Michael Chertoff and Kathy Kraninger videos are at the same site.

Thursday, March 26, 2009

The Obama Administration's worst mistake

I can't believe the new team is seriously thinking about releasing Gitmo detainees inside the US.  Actually that's not the worst of it; they're apparently also thinking about giving the detainees welfare: "some sort of assistance for them to start a new life," according to DNI Blair.  Well, that will make the days of Ronald Reagan campaigning against "welfare queens" seem quaint.

No good deed ...

Every day, thousands of fliers are delayed because they have the same name  as a suspected terrorist.  That wouldn't happen if Congress and privacy advocates hadn't stalled Secure Flight, which would give DHS direct access to passengers' names and (gasp!) birthdates, so DHS could tell the difference between people on the list and people with similar names.  As a stopgap, TSA has cleared 80,000 fliers.

Now, the people who made the mess -- Congress and the ACLU -- are complaining  about it and acting as though TSA's action proves that the government's watchlists are out of control.  They aren't.  Congress is.

Sec. Chertoff breaks free from billable hours

Michael Chertoff is a superb lawyer, but DHS gave him a chance to spread his management wings, so it's no surprise that, while he'll be practicing law (at Covington), he's also forming a consulting firm to work with companies and governments.

Napolitano will fight over passports on Canadian border

This has been foreshadowed, but DHS and the Obama Administration are now publicly taking a difficult political stand for homeland security, essentially telling Louise Slaughter and other northern state reps that the deadline for passports on the Canadian land border will be enforced.

If you're looking for signs that the  Administration is willing to support homeland security even when inconvenient, this is it.  It was an early test, but the Administration didn't blink.

Monday, March 23, 2009

More on ACTA and laptop searches

Michael Geist responds to my last post by quoting from an EU submission to the ACTA talks: "Where a traveller's personal baggage contains goods of a non-commercial nature within the limits of the duty-free allowance and there are no material indications to suggest the goods are part of commercial traffic, each Party may consider to leave such goods, or part of such goods outside the scope of this section."

I read this as allowing parties to decide not to apply the terms of ACTA to personal baggage. Such an exemption seems fine from a national security point of view, since the Parties remain free to conduct electronic searches in accordance with their existing policy. They are also free to change that policy if they wish.

That's what ACTA should do. In fact, if the US negotiators are smart, they'll adopt something like the EU proposal just to make sure that people can't campaign against ACTA by suggesting it will mean a dragnet for downloaded music at the border.

And full props to Michael, who is not only well informed, he's got the texts to prove it. So why is EFF filing a FOIA claim with the US government to get ACTA docs? They can just ask Michael for them.

Sunday, March 22, 2009

ACTA negotiations and homeland security

A fierce critic of the Anti Counterfeiting Trade Agreement, Michael Geist, is blogging about the negotiations.  I nearly spit out my coffee when I read this passage:

The Border Measures proposals are also still subject to considerable disagreement. Some countries are seeking de minimum rules, the removal of certain clauses, and a specific provision to put to rest fears of iPod searching customs officials by excluding personal baggage that contains goods of a non-commercial nature.

(My emphasis.)  If this is so, USTR did a remarkably poor job of coordinating with DHS on the negotiation of the border measures sections of ACTA.  As far as I know, USTR never suggested that it was putting into play DHS's authority to conduct searches of electronic equipment. 

DHS doesn't bust people for carrying downloaded music or movies on a searched laptop.  It has more important things to worry about.  But  electronic searches have turned up plenty of child porn and jihadi snuff films, and DHS has kept dangerous people out of the country (or sent them to jail) as a result.  The ability to do those searches is a key to securing our borders.  We shouldn't be considering the surrender of effective counterterrorism measures in trade negotiations, for crying out loud (if that's really what's happening; Michael Geist is pretty far removed from what's actually being negotiated).

Friday, March 20, 2009

"How about starting our diet tomorrow?"

Rep. Louise Slaughter and other border state representatives really want to implement the passport requirement on the Canadian border, just like most of us want to go on a diet -- tomorrow.  Having postponed this 9/11 Commission recommendation until June 2009, they now want to postpone it until after the 2010 Olympics.

Because of all the people who will drive to Vancouver  for the Olympics by way of Detroit, Buffalo, and Vermont, I guess.

Thursday, March 19, 2009

The Great Travel Reservation Data Battle

Nathan Sales and I tell the story of the battle over travel reservation data between DHS and the European Union.

Yes it's a law review article, with footnotes, but it's also a good read.  Here's the start:

It’s June 14, 2003 at Chicago’s O’Hare international airport. The U.S.-led war to topple Saddam Hussein’s Ba’athist regime in Iraq was launched a little less than three months ago. Resurgent fears of terrorism have kept some would-be passengers from the skies, but O’Hare is still operating at a fairly brisk pace.

A Jordanian man named Ra’ed al-Banna is among the throng of passengers who have just arrived on KLM flight 611 from Amsterdam. After waiting in line, al-Banna presents his passport to U.S. Customs and Border Protection officers.

The CBP officers consult the computerized targeting system used to screen passengers who seek to enter the U.S. The information about al-Banna – drawn from his airline reservations and past travel – triggers a closer look. The officers examine al-Banna’s documents, and they begin asking him questions.

Something doesn’t add up. Al-Banna has a legitimate Jordanian passport; he holds a valid visa that allows him to work in the United States; and he had visited the U.S. before for a lengthy stay. But the officers aren’t satisfied that he’s being completely truthful with his answers, so they decide to refuse him admission. Al-Banna’s fingerprints are taken, and he is put on a plane back to Jordan. 

So far it sounds like a fairly routine day at the border. And it was, until events in Iraq nearly two years later gave it a new, and sinister, significance. 

On February 28, 2005, at about 8:30 in the morning, several hundred police recruits were lined up outside a clinic in Hilla, a city in the south of Iraq. With no warning, a car drove into the crowd and detonated a massive bomb. 132 people were killed, and about as many were wounded. At the time, it was the deadliest suicide bombing Iraq had seen.

The driver was Ra’ed al-Banna. We know that because when authorities found the steering wheel of his car, his forearm was still chained to it.

No one knows why al-Banna wanted to be in the U.S. in 2003, or what he would have done if he had gotten in. But we do know what kept him out – the government’s ability to quickly marshal the data that first triggered a closer look, and that the CBP officer later used to question al-Banna closely and to conclude that his answers weren’t satisfactory.

At the center of that system was airline reservation data, known as Passenger Name Records or “PNR.”

Wednesday, March 18, 2009

Cat:pigeons, haggis:fire

Obama:comprehensive immigration reform

You've got to admire the man's cojones, if not his political judgment.

Napolitano hangs tough on TPS for Haiti

A much faster way to provide relief would be for Department of Homeland Security Secretary Janet Napolitano to exercise her power under the law and approve such status by executive order. But she has no such intention, said her spokesman, Sean Smith.

"There is no change in our policy on temporary protected status, and deportations to Haiti are continuing," he said Tuesday. "And let me be clear: No one living in Haiti right now should be attempting to come to the United States in hopes that they will be granted TPS."

Washington Times - Protected status sought for Haitians

First EU talks with US raise new barriers to closing Gitmo

US wants to send some Gitmo detainees to European nations, and they are willing to take them.  What's the problem?  The EU has stepped into the process and is imposing what look like new preconditions. The EU says they're not conditions, but reading the press, I think that can be translated as "They're not preconditions, but we want answers to our questions, assurances that you'll reject the legal basis for Gitmo detentions and agreement on a framework for talking to European governments before there'll be any progress."  Here's the excerpt -- see if you can read it differently:

The officials declined to enumerate the questions but said they went to the case against each detainee that Europe might be asked to accept. They also sought assurances that the policies underlying the system of detention in Guantanamo are a thing of the past.

"We have a list of questions, not conditions," said Ivan Langer, the Czech interior minister whose country currently holds the presidency of the European Union. He added at a news conference Monday in Washington, "There is one condition: maximum information."

Accompanying Langer was Jacques Barrot, a vice president of the European Commission. The visit was the first formal senior contact between the European Union and the Obama administration.

Langer said the decision of whether to accept detainees is one for individual states within the union, but because of open borders in continental Europe, officials there would like an agreed framework among the member states in advance of any transfers from Guantanamo.

Tuesday, March 17, 2009

Canada recycles old "preclearance" proposals

Canada's Public Safety minister is playing down the DHS border security review. 

And offering a shopworn proposal to customs preclearance in Canada:

As an example, Van Loan said Canada is interested on reopening talks with the Obama administration about opening U.S. customs pre-clearance facilities at Canadian land border crossings. The aim would be to allow trucks carrying goods to the U.S. to clear American customs before they arrive at the border, "the same way we pre-clear passengers at airports" in several Canadian cities. The idea went nowhere under the Bush administration.

It went nowhere because the US would have to give up its search authorities, be subject to Canadian court supervision, and generally submit to very different Canadian notions of what can and can't be done at a border. How is that improving security as well as facilitating commerce? 

Napolitano handles Der Spiegel

Cybersecurity hearing roundup

Here's a good roundup of cybersecurity hearings.

Most ironic criticism was the claim that the initiative was flawed because it only dealt with government infrastructure.

Several witnesses at Tuesday's hearing echoed James Lewis of the Center for Strategic and International Studies, who argued that the "greatest failing" of the CNCI was that the initiative "despite its name, was not comprehensive." In part because it was launched under a veil of secrecy and without statutory support, the CNCI focused primarily on securing the dot-gov domain. But as a report sent to Congress last month by the Institute for Information Infrastructure Protection stressed, 85 percent of the nation's critical infrastructure is privately owned and operated.

We've had twenty years of industry telling government to butt out; suddenly the real problem is its unwillingness to butt in?  Well, critics have to criticize, and they had a choice of (a) "We're shocked at the government's failure to address security problems in the private sector" or (b) "We're shocked at the government's sneaky attempt to address security in the private sector while pretending not to.  The economy and your privacy are at risk!" 

All in all, I prefer (a)

Quick, call the European data protection police!

PNR and travel reservation data are being used to make long flights more enjoyable.

No guns for commercial pilots?

there are plenty of ways to get stupid with guns in the cockpit, and pilots found a lot of them, but I'm still uneasy at the idea of ending the program, which is where the Washington Times says the administration is heading.

Travel reservation data is key to arrest of Iranian weapons smuggler

CBP brings down an Iranian weapons smuggler.

Travel reservation data is what allowed CBP to catch the smuggler:

The arrest of Khoshnevisrad was an unexpected bonus in those efforts, U.S. officials said. After tracking the businessman and his import company, Ariasa, for months, investigators with U.S. Customs and Border Protection discovered that the entrepreneur was traveling from Iran to the United States for what was believed to be his first visit to this country.

Monday, March 16, 2009


Filed under "the outcrowd":  DHS Official Returns To Steptoe & Johnson

EU unites to help US resettle Gitmo prisoners

it sounds like the EU is planning to help us, doesn't it?

“We understand, you have a big problem,” said one European official.

DHS-German "special relationship" bears fruit

Canadians hope Obama and Napolitano will be less demanding about border security

That's the gist of this "hope springs eternal" article from the Globe and Mail. According to Public Safety Minister Van Loan,

There's a concerted Canadian effort to raise and revisit border issues while the new Homeland Security secretary is settling into her job.

“I think we are doing a good job on our side of the border,” Mr. Van Loan said.

It's a message that successive Canadian governments don't believe was well heard by the Bush administration.

He's right about that last point.  The last administration thought the Canadians wanted two inconsistent things:  full authority to adopt less stringent security measures on Canadian soil and full rights for people in Canada to cross the border without careful scrutiny. 

Congress: Leaving your gun home when you fly is for little people

If you fly in a private jet, no matter how big, you should be able to bring all the hijacking equipment you want, say House lawmakers.

Makes sense; they know the people who fly on private jets, and their friends wouldn't do anything bad with a jet.  According to the article, Bennie Thompson:
also questioned the proposed requirements for affected aircraft operators to prevent passengers from carrying prohibited items onto the aircraft. "While unauthorized weapons, explosives, incendiaries and other destructive substances must be excluded from general aviation aircraft, this rule appears to apply a commercial passenger security checkpoint standard to general aviation."

More Kindle 2 troubles

Woke up this morning. Today's Wall Street Journal had not arrived by Whispernet. Still hasn't. Seems like there are still some kinks to work out. Maybe it's the DRM ...

Sunday, March 15, 2009

Naming Gen. Alexander the nation's cybersecurity czar

That's something only a Democratic President could do, but that's what Bill Gertz (and plenty of others) think the Administration will do.

Will US check travelers going both ways at the Mexican border

The emerging border security plan will likely increase resources for efforts to keep US firearms out of Mexico.  That's a good idea, but a plan that includes checking outbound travelers may be less valuable than building better cooperation on gun investigations.  At a minimum, we should get strong guarantees that Mexico will conduct its own border checks.  Right now, Mexico doesn't always inspect people entering the country from the US, and it's surely a lot cheaper for them to do that than for us to do so. 

One more Kindle 2 complaint

Amazon has invoked the DMCA in an effort to suppress a program that allows people to read e-books from other online stores on their Kindles. I've got some books that I bought from Mobipocket stores to run on a different ebook reader (the iRex, which handles pdf way better than Kindle 2). It would be convenient to transfer them to the Kindle 2. So I was struck by the claim that this would be a DMCA violation. Frankly, I'm having trouble seeing why it's illegal to distribute this code.

First, the code doesn't break any copyright protections, as far as I can see. It just allows other booksellers to enforce their copyright using their favorite DRM scheme. What it does break is Amazon's effort to tie Kindle 2 users to Amazon. Since Amazon is bundling a permanent wireless contract with the Kindle 2, I understand why they want to keep customers coming back to their online store instead of buying elsewhere. But is Amazon's understandable preference enforced by federal law, including a ban on otherwise legal speech?

The DMCA prohibits distribution of code that "is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title." As far as I can tell, the code gives the Kindle 2 a Mobipocket ID that conforms to the Mobipocket DRM system, which allows Kindle owners to read Mobipocket-DRM-protected books on the Kindle.

Is that circumvention? You bet. By allowing access to nonAmazon online bookstores and books, the code circumvents Amazon's bundling system. But is it illegal circumvention of a technological measure that is "controlling access to a work protected under this title"? It's hard to see how.

You can't get access to any more Amazon-protected content with the code than you could get without it. Nothing about Amazon's system that protects copyright has been circumvented. I suppose that the other Mobipocket sites might be able to complain under the DMCA if they were using DRM to keep you from reading their content on Kindles, but they haven't said that, and surely Amazon cannot raise that claim on their behalf.

Maybe the argument is that Amazon is "controlling access to a work protected under this title" because it's saying "there is some copyrighted content that we refuse to let you read on our device." Under that theory, anyone could invoke the DMCA on behalf of technologies that "control" access to content by, well, prohibiting access to that content. That argument would turn the DMCA into the Product Bundling Enforcement Act. Congress can choose to enforce product bundling practices if it wants to, I suppose, but it's hard to believe that the courts would willingly incorporate such a reading into the law and then use that reading to prohibit otherwise legal speech. In fact, as I think about it, this is really a First Amendment two-fer: Amazon is invoking the DMCA to prohibit you from reading certain books, and, to make sure that its prohibition sticks, it is sending its lawyers after anyone who tells you how to circumvent the prohibition. What judge is going to want that reading of an ambiguous law on his CV?

Ok, this is Sunday lawyering without a library, but I really don't get the DMCA claim. What am I missing? Really, if this is the argument that Amazon is making, couldn't the same argument be made by the producers of software designed to child-proof the Internet, allowing them to shut down the sites that encourage kids to circumvent the controls? Come to think of it, wouldn't it also give the Chinese government a DMCA claim against the human rights groups that are trying to beat the Great Firewall? Surely Amazon can't be arguing for such a remarkable reading of the DMCA.

Kindle 2 update

I'm reading The Tourist by Olen Steinhauer on it.  It works, but the Kindle has lost my place twice already.  Which is a particular pain because there aren't page numbers.  You kind of have to guess about where you were on the progress bar, then pick a few numbers at random to see how far they get you down the bar (e.g., "1100" was maybe 25% of the way through The Tourist).  Flipping physical pages to find your place is definitely faster than grinding through the stop-blink-display that e-Ink requires for each page.

Is the Obama Administration's honeymoon over?

David Broder says it is.

I disagree.  According to Baker's Law for New Administration Honeymoons, "The honeymoon isn't over until the last good assistant secretary job has been promised." 

That's the moment when all the Washington insiders who've been expecting a call from the White House realize that they aren't going to get one.  At which point, the first half of Louis XIV's aphorism kicks in: "Every time I bestow a vacant office I make a hundred discontented persons and one ingrate."

Saturday, March 14, 2009

See video of cheap blast proof camera test

This is cool.
Most terrorists groups would think that all this explosive, plus the ball bearings, was overkill for one bus.  Cameras that survive this blast should survive any real world test.

Cheap blast-proof cameras survive test

Three years ago, I challenged DHS scientists to find a way to produce cheap ($150) forensic cameras that would survive a terrorist blast.  It took way longer than I expected, but tests at Aberdeen recently show that the cameras do work.  This means that standalone (and therefore privacy protective, since the film is only inspected after an incident) cameras can be cheap and nearly blast proof.  This could change things for mass transit security in a big way.
"There wasn't much left of the bus except the wheels and chassis. But the cameras survived, and that was the point."

Did the cameras' memory chips survive the blast intact? Fourteen out of 16 did.

Passport security broken?

It's always wise to take GAO reports with a grain of salt, especially since this one seems to have been leaked, not published. But it doesn't sound good. GAO managed to get four blatantly (and checkably) false passport applications approved by the State Department.

If we can't rely on the State Department to perform good fraud checks, then the rest of our system for keeping terrorists out of the country and preventing identity theft collapses. Yet the political and bureaucratice incentives are for the Passport Office are to crank the passports out, not to spend extra money on security that will slow down passport issuance. The State Department's less than encouraging response:

State Department spokesman Richard Aker said the agency regrets that it issued these four passports, adding that "the truth is that this was human error."

Aker did also point to plans to use facial recognition software and to get access to state drivers license data, both of which are helpful but not completely responsive to the GAO report (again, as leaked, so caution is appropriate).

Thursday, March 12, 2009

So moving cyberdefense to NSA from DHS is a live option

That's how I interpret this cautious statement by Secretary Napolitano.

In her visit to address law enforcement officials gathered from across the country in Kansas City, Homeland Security Secretary Janet Napolitano said shifting the responsibility to the National Security Agency is under review but hardly a settled matter.

I still think it is the less likely of the options.

Boy, that fence is looking better every day ...

Unless you think that deploying troops with live ammunition on the Mexican border is a better solution
We're going to examine whether and if National Guard deployments would make sense and under what circumstances they would make sense," Obama said, according to an account by McClatchy Newspapers. "I don't have a particular tipping point in mind. ... I think it's unacceptable if you've got drug gangs crossing our borders and killing U.S. citizens."

A real cybersecurity expert for DHS

DHS has announced that Phil Reitinger will be Deputy Under Secretary at NPPD. NPPD's biggest near-term challenge is rolling out the DHS portion of the cyber initiative (whatever that may be after the 60-day review). Phil's background makes him a natural for taking on this challenge:

Phil Reitinger, currently "chief trustworthy infrastructure strategist" at
Microsoft, will become deputy undersecretary of DHS's National Protections
Program division.

I worked with Phil when he was last in government. He's very able and has stayed with computer security issues his entire career. He's better than anyone DHS has ever assigned to this problem before, and we should be glad he was willing to take on the responsibility.

Wednesday, March 11, 2009

Hand to Mouth for E-Verify

The omnibus approps bill evidently extends E-Verify's authorization until September 30 of this year (I haven't seen the language myself). At least now all the deadlines are aligned. It looks as though some of the immigration reform advocates want to hold E-Verify hostage to comprehensive reform.

DHS ready to grant Temporary Protected Status to Haitians?

I can't judge its credibility, but a Caribbean diaspora news site is reporting that DHS is inclined to grant Temporary Protected Status to Haitians:

An email obtained by CWNN Tuesday indicates that while Department of Homeland Security Secretary, Janet Napolitano, seems open to the idea of Temporary Protected Status for Haitians, she is adamant that the issue will have to go through a review with President Obama’s political staff.

This is a tough problem  for the new Administraton, sort of like workplace enforcement.  All the groups and politics seems to favor TPS, but it is in effect an amnesty for all illegal Haitian immigrants in the country, and now it's clear that TPS is never really temporary.  (If the Bush Administration wouldn't end TPS for El Salvador after nearly 10 years, it's hard to see this administration ending it for anyone.)  So this will be treated as amnesty on the installment plan when  it reaches the broader public. 

Tuesday, March 10, 2009

Did E-Verify Expire on March 6?

E-Verify is a critically important program for reducing illegal employment without workplace raids.  It works, and it has continued to reduce its already low error rate, including as recently as last week, when it  added a passport record check to its capabilities.  Many in Congress have been fighting to make the program permanent, make it mandatory for any jobs created by the stimulus, or at least make sure that the program doesn't expire prematurely, since it's never been permanently authorized.

The program arguably expired on March 6, when its authorization ran out, but there's also a very good argument that it will continue until October 1 based on the appropriation it received until that date.  According to the SF Chronicle, E-Verify really did expire on March 6.  I'm betting that they're wrong, which is embarrassing for them. 

Ordinarily, though, you'd expect DHS to comment on that question, both because of the program's importance and because there are alternative theories about when the program expires.  But I've seen nothing official from DHS on this critical question.  Weird.

Saturday, March 7, 2009

Juliette Kayyem to DHS as intergovernmental assistant secretary

Juliette is Deval Patrick's homeland security chief.

Governor Deval Patrick's homeland security undersecretary has been tapped to serve as a top official at the US Department of Homeland Security. The department announced Thursday that Juliette Kayyem, the first Arab-American appointed to serve as a homeland security adviser at the state level, will be an assistant secretary for intergovernmental programs under Homeland Security Secretary Janet Napolitano. Patrick appointed Kayyem in January 2007 and charged her with developing a statewide policy on homeland security.

Plus she's smart and thoughtful, as demonstrated in the ABA panel she and I did with Clark Ervin a week ago. 

Napolitano's first trips: Germany, Canada, Mexico

The trip to Germany will be next week.

The North American trips will be next month.

US Homeland Security chief Janet Napolitano will visit Germany next week in her first foreign trip, followed by visits to neighboring Canada and Mexico in April, her spokeswoman said Friday.

This is a good choice.  Interior Minister Schaeuble has been DHS's most courageous friend in Europe.

Using SMS to enable wiretaps

This exploit is apparently so common in Asia that companies are selling the software that enables taps.

The CIB said that bugs in the Symbian operating system were exploited by the software, which was first invented in China in 2007, replacing more traditional methods of phone tapping where a chip had to be physically inserted into a phone.

My Kindle 2 arrived

I'm reading the WSJ on it. Basics are great. You can read it anywhere, and the lightness and improved controls are a big part of the experience. So now to the gripes:

1. It's too easy to miss stories by mistake with the Kindle/WSJ interface; not a big deal but distracting.
2. How come the Kindle store won't show me my regular Amazon Wish List? That's where I put the books I think I might want some day, and I use it to browse when I'm in the market for another book. This thing makes me start all over, or only read it with my web page open in front of me.
3. The first book I tried to buy (Charlie Duelfer's book on Iraq) is in print but not available on Kindle.
4. The wireless service should shut down automatically unless I ask for the store, or Amazon sends a message that there's a subscription to download. Kindle could wake up every few hours to check. Why burn battery unnecessarily?
4. Would it have killed them to make Wifi available? That would allow the machine to operate outside the US.
5. I worry I'll drop it. Amazon should have included some sort of protection, especially if the screen is as fragile as I've heard.

Dishonor among thieves

Turns out that Russian cybercriminals spend a lot of their time attacking ...Russian computers.  How come?  As Willie Sutton might caution, "that's not where the money is."  But if you're a Russian hacker, Russian computers are a target of opportunity, plus the social engineering is easier.

Which raises an interesting question.  In terrorism, Pakistan used to (at least) tolerate terrorist groups that seemed to be harming Pakistan's enemies, only to wake up and discover that it has become the victim of those same groups. Will the Russian government follow the same path in network attack?  There'd be some justice in that, of course, but cold comfort, considering that for cyberattackers, as for al Qaeda, the best target remains the United States. 

Rod Beckstrom's letter

Read it for yourself:

Rod Beckstrom quits, criticizes OMB, DHS, and NSA

Rod Beckstrom has resigned.
His resignation letter cites problems with OMB, DHS (presumably NPPD), and NSA. The press seems to be covering the NSA criticism most closely, though I suspect his frustration was driven as much by the funding and organizational issues as by NSA:
Former Silicon Valley entrepreneur Rod Beckstrom said in a resignation letter published by the Wall Street Journal it was a "bad strategy" to have the National Security Agency, which is part of the Department of Defense, play a major role in cybersecurity.
Rod is a friend and a remarkable talent. He understood Washington much better than most in Silicon Valley. His inability to move the bureaucracy shows how deep is the divide between government and the tech community.

Thursday, March 5, 2009

Early immigration test for Obama administration -- and DHS

A gang-related workplace investigation and raid in Bellingham, Washington, is shaping up as the first test of how the Obama administration will handle immigration enforcement. Anti-enforcement groups are determined to stop the raids entirely, the Washington Times reports.

It looks from a distance as though ICE followed up a potential criminal case in the usual way, assuming that, while policy changes might be made gradually, there would be no political interference in whether to pursue criminal investigations. But the advocacy groups decided to make the raid a litmus test for the administration's commitment to change by demanding a moratorium on all raids. This is not a good choice for DHS, which is after all in the business of enforcing the law but which is surely being pressed hard by the White House to get the anti-enforcement groups off its back.

Wednesday, March 4, 2009

It's the thought that counts

When a foundation funds research showing that US visa policy is causing skilled immigrants to go home, what happens if the research doesn't actually show that?  No worries.  Just act as though it did.  The press won't notice.  At least that is what happened to the Kauffman Foundation study of why skilled immigrants go home.

The study looks at a population that contains up to one-third student visa holders -- many of whom never intended to stay in the US -- and asks why they went home.  This plays on American assumptions that no one wants to leave the US, ever.  In fact that's not true.  Illegal immigrants came here in recent years at the rate of one million a year, but the illegal population only grew by about five or six hundred thousand, because four hundred thousand went home each year. 

So it's no surprise that legal immigrants go home, either.  The only interesting question is whether our visa policy is somehow driving away the best and the brightest. 

Answer:  no.  Though you wouldn't know it from the press coverage (or the foundation's PR campaign). Three quarters of those polled said that visa issues didn't cause them to leave the US.  But the foundation and the press were determined, notwithstanding the recession and the lack of data, to treat the study as a reason to liberalize visa policy. 

There may be  reasons to do that.  This study ain't one of them.

Tuesday, March 3, 2009

Brazil is number one

Number one in online banking trojans.

Here’s why: Back in the 1970s and 1980s, hyperinflation and economic chaos led Brazil to streamline its basic system for completing financial transactions. The new system, called Sistema de Pagamentos Brasileiro, or SPB, helped the South American nation restore its transactions infrastructure. But it also accelerated its citizenry’s dependence on online banking. Today 60% of Internet users in Brazil are online banking patrons, versus 23% in the United States, according to Colin Groudin, CEO of Grail Research. What’s more, Brazilians use their debit cards and file electronic tax returns much more than we do, Groudin says.

Quite naturally, the best-and-brightest malicious software coders and thieving cyber gangs swarmed Brazil like flies to honey. Brazil has emerged as one of the most hostile online environment in the world; in particular, it has become a hotbed for innovation in banking trojans, says Gunter Ollmann, of IBM Internet Security Systems.

Changing of the guard at CBP