Full body scan - shield or show?

Semi-Originally posted 06/14/2011 on lubbockonline.com

Due to technical problems, this is a repost from January 4, 2010

Full body scans in airports - they're getting a lot of attention again, both for and against. One blog feels that just by agreeing to fly we are consenting to scanning. Another story on Canada.com agrees. It asks the seemingly reasonable question, "Do we need to see hundreds or thousands killed for the privacy objectors to back off?"

Privacy groups are against the full body scanners, saying they are invasive and demeaning. Flyersrights.org and the ACLU are both against the scanners. In a release on its website the ACLU says:

"We should be focusing on evidence-based, targeted and narrowly tailored investigations based on individualized suspicion, which would be both more consistent with our values and more effective than diverting resources to a system of mass suspicion," said Michael German, national security policy counsel with the ACLU Washington Legislative Office and a former FBI agent. "Overbroad policies such as racial profiling and invasive body scanning for all travelers not only violate our rights and values, they also waste valuable resources and divert attention from real threats."

I have to admit, I lean more toward the ACLU position. Yes, I know that a full body scan might have caught the explosive in the bombers undies - although there are claims that the bomb would have made it through a scanner. But that isn't really the issue. The issue is that we don't need to add any new security measures, we need to properly use the ones we have.

I can't say it enough. The system is broken. People are saying, "We need full body scans to keep anyone else from getting through." No, we need to start making full use of the intel we're gathering. Bush dropped the ball when he didn't follow through on his order that the U. S. intelligence agencies, FBI, CIA, NSA, etc. share information, and Obama is following his example.

The point in this is not that a scanner would have stopped this guy before he could turn himself into a eunich. It is that he should never have made it to the point where he would have to go through a scanner. We had more than enough info to forbid this guy to get on a plane. He was on a watch list, then his father notified the U.S. Embassy that he had been radicalized and might do something dangerous. That would have put him in a "watch very closely" list for me. Not for the U.S. government. According to examiner.com:

"On November 20th the embassy sent a "Visas Viper cable" to the State Department which detailed the father's warning.  The information was then given to the Counter-Terrorism Center in Washington D.C. which ruled that their was insufficient information present to revoke Mutallab's visa."

While people are screaming for more measures to limit our freedoms and take away our rights, the real problem is that the information we are gathering has everything we need to stop these terrorists, if we would only use it. Putting scanners in the mix will not make us safer, it will only be one more layer of false security.

No matter what methods we devise to detect explosives at the airport, our first and best line of defense will always be gathering data to stop terrorists before they can get a ticket. And the evidence shows we're doing a good job of gathering it, we just aren't using what we're getting.

Goodbye, Osama bin Laden

Originally posted 05/02/2011 on lubbockonline.com

Osama bin Laden has been killed after almost a decade in hiding. What does that mean? In the end, not much. It is an intelligence coup, one that, in terms of the difficulty of finding Mr. bin Laden is almost the counter-balance to the blunders that allowed 9/11 to happen. In terms of national security we will have higher risks when travelling to the Middle East for a while, our embassies and companies in the Middle East will be at greater risk of attack, and there will likely be more attempts to get a successful suicide bomber on a plane.

Bill Brenner on the CSO blog believes that bin Laden's death won't change much, and that's actually a good thing. Bill recently made a trip to Ground Zero in New York and was offended that people seemed to have forgotten what happened there. But it didn't take him long to realize that they hadn't forgotten, they had paid their greatest tribute to the victims of Osama bin Laden that could be paid (my words). They had refused to let Osama succeed in his primary goal. As much as our government has been affected by fear of terrorists, the people of New York City had moved past the attack and gone on with their lives. As has the rest of the country. We have not allowed terrorist to terrorize us. So in that sense, Osama bin Laden was a failure. Despite his greatest success and the attempts of many to use it to take away the personal liberties U.S. citizens have always enjoyed, we are still a nation of free men, not a police state. As long as we are Americans, that will not change.

I am not saying that President Obama, the intelligence community and our military don't deserve thanks and praise for killing Osama bin Laden. They do. He needed to be taken out. The fact that another will take his place doesn't change that. The fact that 9/11 was as much our ineptitude as it was his planning doesn't change that. Osama bin Laden attacked our country, and we didn't rest until he paid for that. Though administrations changed, though guiding political philosophy changed, we did not forget what Osama bin Laden had done and we did not rest until he paid. That also will not change.

That is a good thing.

Security, like all things, best in moderation

The Washington Post is publishing a series on the state of the United States Security Community, and it's pretty interesting. For example:

* Many security and intelligence agencies do the same work, creating redundancy and waste. For example, 51 federal organizations and military commands, operating in 15 U.S. cities, track the flow of money to and from terrorist networks.

* Analysts who make sense of documents and conversations obtained by foreign and domestic spying share their judgment by publishing 50,000 intelligence reports each year - a volume so large that many are routinely ignored.

Wow. 51 agencies tracking money. 50,000 intelligence reports a year. I've been saying for a long time that the biggest problems leading up to 9/11 weren't lack of information, but too much information and too little communication. In the 9 years since then we have only added to the problem.  In describing their data gathering, the Post said;

The Post's online database of government organizations and private companies was built entirely on public records. The investigation focused on top-secret work because the amount classified at the secret level is too large to accurately track.

That's scary. The article quotes several sources who say there is no process in place to keep track of all of the inter-agency information, even for the few people who are in a position to try. What's scarier is that means we can't know if all that manpower, information gathering, and money tracking is doing any good. Add to those the fact that we've had recent near miss terrorist attacks in the U.S. and you realize that there is going to be another successful attack. The only question is, how severe will it be?

I recommend checking the Top Secret America website and reading the entire series as it comes out this week, although I admit it will be a bear. The first installment Monday was 17 screens long.

Federal high tech security boondoggles

In an article by Ken Dilanian, swamppolitics.com - the Washingtom Bureau of the Chicago Tribune - reports that a number of high tech security programs initiated by the Bush administration have flopped. The biggest reason for the failure? Failure to properly test the technologies before implementation. A weakness shared by the current technical bandaid, full body scanners.

Technology is an important tool in the war against terror. But according to Brian Jenkins of the Rand Corp the Department of Homeland Security is overly reliant on technology. There is no silver bullet, but new technologies are treated as the final solutions to our national security problems.

From the "virtual fence" aka Project 28, on our southern border to the Real ID Act that Homeland Security Secretary Janet Napolitano has called for Congress to repeal, U.S. high tech anti-terrorism initiatives aren't working as advertised.

In fact, recently the majority, if not all, of the terrorist that have been caught before attempting terrorist acts have, to the best of our knowledge, not been caught through new, high tech gadgetry but through old fashioned investigation and surviellance techniques. Techniques that employ technology, but as a tool, rather than as the lynchpin of the procedure. Maybe it's time we started focusing on the things we know work, and take the time to do proper testing of new technologies before entrusting the lives of our citizens and the security of our nation to them.

Does Arizona have the right idea?

I have to wonder if Arizona’s Jan Brewer doesn’t realize what she’s doing, or if she really believes so strongly in the importance of these racially charged bills that she is willing to sacrifice her political career. Just a few short weeks after passing the controversial immigration law, the Associated Press reports that, “Arizona gov. signs bill targeting ethnic studies". According to the story, “State schools chief Tom Horne, who has pushed the bill for years, said he believes the Tucson school district’s Mexican-American studies program teaches Latino students that they are oppressed by white people.”

Like the immigration bill before it, the purpose of the education bill as described in the story doesn’t seem that objectionable to me. I understand the concerns that the immigration bill could lead to racial profiling. That is a legitimate concern, but doesn’t change the fact that illegal immigrants are here illegally. I'm glad the immigration bill specifically prohibits stopping someone just to ask about their citizenship, but only time will tell if law enforcement abides by that.

I also understand that this education bill could be used as a reason to stop teaching about the contributions minorities have made to this country. It shouldn’t, and there is nothing in the bill to prevent classes on Hispanic (or any other minority) influences on U.S. history. It only prohibits classes intended to only be taught to a specific group. I'm not surprised - if it's illegal to have schools for specific groups, why would it be legal to have classes set up that way?

I do object to the prohibition against teaching “ethnic solidarity." Being proud of your heritage could be considered “ethnic solidarity.” Everyone should be proud of their heritage, and there’s nothing wrong with schools teaching that. But you should be proud of your entire heritage. Whether you are a recent immigrant or your family has lived here for generations (or centuries), whatever continent your ancestors hailed from you should be able to look to your entire history, both your ancestry and your nation, for a sense of pride in your heritage. Schools should promote that. To promote that they should be helping students realize that even though we are all different, we all share many things in common. Apparently the Tucson school districts ethnic studies program doesn’t always do that. According to the AP story:

"Horne, a Republican running for attorney general, said the program promotes "ethnic chauvinism" and racial resentment toward whites while segregating students by race. He's been trying to restrict it ever since he learned that Hispanic civil rights activist Dolores Huerta told students in 2006 that "Republicans hate Latinos."

It’s one thing to promote pride in your heritage. It’s another thing entirely to promote hatred, and that is what you are doing when you tell someone that an entire group of people hates them.

Both of these bills are controversial, although the neither bill should be. Not if they were really written and passed for the stated reasons. Enforcing the law is the duty of law enforcement officers. I believe the oath most of them take is to enforce laws of the community, state and country, not just the laws of whatever level of government (city, state or federal) happens to employ them. Schools are supposed to teach kids and to prepare them for life - and make them productive, loyal citizens. Like it or not, propaganda has always been one purpose of the public school system. It is a legitimate purpose. No modern society can survive if it's children are taught to hate and distrust people who are different - different people are part of our society.

Teaching the bad things that happened in the past does not have to be divisive or disruptive - and should not be. Enforcing legitimate laws - for instance, laws requiring visitors to our country to go through the same established legal channels our citizens have to go through to visit their countries - should not be divisive or disruptive. But sensational headlines and soundbites can cause them to be. So can poorly thought out or carelessly worded laws.

So does Arizona have the right idea? Should we be taking steps to enforce immigration laws? Before you answer, maybe you should cross illegaly into Mexico, Canada, or any European nation and see what happens if you get caught. Should we prohibit/monitor what is taught in classes to make sure it is for the common good? Should we make sure that classes that teach about the contributions of non-caucasions to our country are taught to everyone, so all students benefit from them? Better yet, should we make sure that those contributions are part of the standard classes - requiring that they be taught, not just that they appear in the textbooks?

Based on what I know of the two laws, I would say that they do have the right idea. If giving current illegals amnesty and a path to citizenship worked to discourage illegal immigration, we wouldn't be having this discussion. If an activist speaker was allowed to sat that Republicans (widely portrayed as all rich white people) "hate latinos," that's promoting racial tension, and should not be allowed in schools. Would she have said that if it was a class of all ethnicities? Would she have wanted to speak to such a class? I don't know. And I don't have a problem with her being asked to speak to a class. I do have a problem with classes being used to promote a particular political party or cause, and that's why I think Arizona has it right on the education bill, too.

More Homeland (in)Security

In a report on Yahoo News, EILEEN SULLIVAN and MATT APUZZO of the Associated press tell us why Faisal Shahzad was almost able to leave the country by plane after his alleged failed bombing attempt. It's a sad statement that just four months after dumb luck kept the crotchbomber from blowing himself and his fellow passengers out of the sky in a plane he shouldn't have been able to board, dumb luck again prevents a terrorist wannabe from igniting his bomb - and in this instance, escaping by boarding a plane he should never have been able to board.

This sad statement on U.S. security reminded me of an almost 4 year old blog post by Bruce Schneier on the arrests in July, 2006 of terrorists reportedly hoping to set off a so-called "binary explosive" - something apparently extremely difficult to do. Regardless of the likelihood of that scenario, Mr. Schneier makes some very good points:

"None of the airplane security measures implemented because of 9/11 -- no-fly lists, secondary screening, prohibitions against pocket knives and corkscrews -- had anything to do with last week's arrests. And they wouldn't have prevented the planned attacks, had the terrorists not been arrested. A national ID card wouldn't have made a difference, either.

Instead, the arrests are a victory for old-fashioned intelligence and investigation. Details are still secret, but police in at least two countries were watching the terrorists for a long time. They followed leads, figured out who was talking to whom, and slowly pieced together both the network and the plot."

Last Christmas's intelligence fiasco points out the same thing. In 2001 we had a massive intelligence failure - all the pieces were there, but inter-agency, even intra-agency, rivalry prevented the all the pieces being gathered to be put together. In December 2009 all the pieces were there, but were ignored, or not communicated in a timely manner. In the two incidents of the last 6 months the terrorist boarded an international flight despite being on the no-fly list. All of this shows that we don't need more ways for the government to monitor and spy on us. Adding new ways to gather information so it can be misused - or not used at all - is not an answer. We need to make proper use of the methods we already have in place. Then we can know what is working and what needs changing.

Biometric National ID - The big lie

In an article on fiercegovernmentit.com David Perera tells us more of the claims and controversy surrounding the proposed biometric national ID cards. The proposed cards would have some type of biometric data to make them tamperproof (there's no such thing) and are supposed to help stop illegal immigration. If you read this blog regularly you've probably already seen my opinion on that.

He links to an opinion piece by Senators Charles E. Schumer (D-N.Y.) and Lindsey O. Graham (R-S.C), the authors of the bill. This piece shows either the duplicity of the two legislators, or their unforgivable ignorance of just what it is they are proposing. Just a few sentences from one paragraph of their article raises all kinds of alarms with me:

Each card's unique biometric identifier would be stored only on the card; no government database would house everyone's information. The cards would not contain any private information, medical information or tracking devices. The card would be a high-tech version of the Social Security card that citizens already have.

Let's look at the two claims individually:

First, if the biometric data is only on the card, there is nothing to check it against. Without a database to check the data on the card against it will be difficult if not impossible to create a card that's really difficult to forge, let alone one that's anywhere near tamperproof. Once someone figures out how to move the biometric data from one card to another a single lost ID can be turned into as many different ID's as they want. The card is only checked against itself, so it will always report that it's legit. In other words, a national database loaded with U.S. citizens personal data is more than a requirement for an even remotely effective national ID, it's an absolute necessity.

Second, it's not supposed to contain any private information. Excuse me, but biometric data is extremely private. Social Security numbers are supposed to be private. By it's nature, an ID card has to have some type of personal data or it can't prove your identity. And don't believe there won't be medical data on it. It won't be there at first, but unless the health care reform bill is repealed, the most logical place for portable health info to go is a chip on an ID card. And don't trust the promises that none of this will happen. "It will not be used as an ID number" was one of the promises used to pass Social Security.

The ACLU and about 45 other organizations sent a letter to President Obama outlining their concerns over a national ID. Along with the concerns I've already noted, they included concerns over cost and enforceability, among others. Regarding cost, they point out that providing biometric ID cards for 1 million transportations workers is expected to cost the Department of Homeland Security 1.9 billion dollars. In other words, it will cost almost $300,000,000,000 dollars to ID the entire U.S. work force. Perhaps more important, they don't believe the plan has a snowballs chance of working:

"Adding insult to injury, this unaffordable scheme will probably never work. Even ignoring the enormous difficulties of creating a system to fingerprint everyone and distributing readers to employers across the country, the truth is that some employers prefer the ambiguity of the current process. Unless significantly greater resources are dedicated to enforcing the law, employers will continue to have a strong incentive to circumvent a broken system. Such enforcement could be accomplished just as easily without a National ID."

If greater resources were dedicated to enforcing the law, there would be less perceived need for a national ID. In other words, this national ID thing is smoke and mirrors to gain more control over law abiding citizens while having minimal impact on the criminals.

Full body scans can't be abused. Right.

Michael Holden reports in Reuters "Oddly Enough" news that a security worker at London's Heathrow airport is in hot water for looking at a coworker who "mistakenly strayed into the scanner."

The 25 year old man is not in deep trouble yet because the incident is still being investigated, but if the investigators conclude he actually did see things he shouldn't have it will put a whole new spin on full body scans. Citizens around the world have been assured repeatedly that security workers wouldn't be able to see their "naughty bits" on the scans. If the investigation proves they can, there could be a massive public outcry.

Of course, the investigation is being carried out by government employees, and the government has a vested interest in finding that nothing actually happened.

Is answering the census safe?

NOTE: Checking Census law reveals that it is illegal to refuse to answer the census questions.

In an opinion piece on csmonitor.com James Bovard examines the possibility that our census answers may not be as private as we're promised they'll be. He looks at the historical record the census bureau has built regarding privacy of census data. It doesn't look too good. The first mar on the bureaus record was the production of a list of Japanese Americans on the East coast within days of Pearl Harbor. Although they are now remembered (when mentioned at all) as "internment camps," or "War Relocation Camps," Japanese Americans were rounded up and put into concentration camps. The Census Bureau denied any such activity until 2000, and denied giving specific names and addresses until it was proved in 2007 that exactly that information had been provided.

The Department of Homeland Security was given similar information by the Census Bureau in 2003-2004 regarding people of Middle Eastern ancestry in the U.S. No roundups occurred, but they would have been much easier with that information.

Mr. Bovard talks about the abuses to citizen privacy in the last 10 years, and points out that all the census is really required to gather by the constitution is a count of citizens, and the number of people living at each address is all that anyone should provide. Especially since the government obviously is more concerned with gathering as much information as it can about citizens than protecting their rights. It was true of the Bush administration, and by all the evidence nothing has changed with the Obama administration. I have no doubt that census data will be used in whatever fashion the government feels the need to use it, no matter what the law says.

Obama supports DNA sampling when arrested

Politico's Josh Gerstein tells us that, "President Obama backs DNA test in arrests." In an interview with John Walsh on America's most wanted the President professed his strong support of gathering DNA of everyone arrested for a felony crime:

"It's the right thing to do, and then, as you well know, John, this is where the national registry becomes so important, making sure that, not only are we getting these DNA tests done state by state, but then, nationally, everybody's talking to each other. That's how we make sure that we continue to tighten the grip around folks who have perpetrated these crimes."

It's a great sentiment. The problem is, that when it comes to DNA testing upon arrest, it's wrong. In the interview John Walsh says that it's no different that taking fingerprints or an arrest photo. But that is not true.

DNA samples, unlike fingerprints, don't just identify you. They have the potential to reveal health issues, genetic relationships (siblings, parents), and possibly potential behaviors. You may give up the right to protect this information if you are convicted, but to take it upon arrest flies in the face of "guilty until proven innocent." Requiring DNA sample of people who have been arrested, but not indicted, let alone convicted, says the exact opposite. It assumes you are guilty until the DNA sample proves you innocent. That is not the way justice is served in the U.S.

See the portion of the interview that talks about DNA (about halfway through on Youtube.

See the entire interview on amw.com

United States national worker ID card

From Laura Meckler at the Wall Street Journal:

"Lawmakers working to craft a new comprehensive immigration bill have settled on a way to prevent employers from hiring illegal immigrants: a national biometric identification card all American workers would eventually be required to obtain."

Really neat idea, except that it won't work. It won't even be an improvement on the current method. People paying illegals cash under the table will continue to do so. This ID card won't do anything to change that. It will give the government increasing ability to monitor law-abiding citizens without doing anything to affect the problem it's supposed to solve.

While this should be self evident, Senator Chuck Schumer (D., N.Y.) obviously thinks that biometrics are magically going to force all employers to check employees eligibility and pay by traceable means that make it necessary for all employees to be legal. He actually believes that requiring a biometric card is more effective than requiring a Social Security Card. Talking about illegal immigration he says,  "If you say they can't get a job when they come here, you'll stop it."  The only problem is, we say that now, and it's patently a lie.

Of course, not everyone thinks a national employee ID is a bad thing. The Christian Science Monitor is very much a believer in a national employee ID. In an editorial entitled "Immigration reform rests on a national worker ID" the CSM editorial board states:

"Obama could quickly reduce the nation’s high jobless rate with passage of a law requiring legal residents and Americans, even teenagers, to obtain a federal ID as legal workers. Migrants working outside the law would then be forced to come clean on their illegal activity, leave the country, and perhaps properly apply for a US visa – as millions of law-abiding people do around the world who wait years to enter the US.

To reach full employment, Obama needs to create about 8 million jobs – or nearly the number of illegal immigrants in the US."

I have two problems with that quote. The first regards illegal workers having to come clean. Why? What is this ID going to do that will force illegal workers (or their employers) to suddenly 'fess up? Even assuming most illegals bother with forged or stolen Social Security numbers, what's to keep employers from paying in cash and misreporting their number of employees anyway? Admittedly, if you're paying more than two or three employee’s cash can be problematic.

The other is the figure of 8 million illegals. That may be the suspected or deduced number, but it is impossible to prove. Even if it's correct, to say that all 8 million are working is a stretch.

On Foxnews.com, Alex Nowrasteh's article, "5 Reasons Why America Should Steer Clear of a National ID Card" gives a very clear, thought out explanation of the problems inherent in a national ID card. Briefly, they are:

1. Workers would have to ask the Federal Government before getting a job.

2. National ID's are perfect for controlling citizens movements: "Your papers, please."

3. The system will accidentally exclude millions of legal workers and fail to catch the majority of illegal ones.

4. The scanners are up to $800 - or employers can make a trip down to the local DMV to check their workers ID.

5. Law abiding citizens are treated like criminals - we will have to divulge information that the government cannot require of us now because we are not criminals. (That's the biometric data, in case you're wondering).

There is one way the national employee ID card would work. It would require a fundamental change in the way we live, not to mention being a harbinger of the end times. If we move to an entirely electronic economy we get rid of all but an insignificant amount of illegal alien employees. If we go to an entirely electronic economy and make your biometric employee ID your bankcard, too, then the only way to buy anything is with your employee ID card. It can be tied to your credit cards, debit cards, and all of your accounts. Utilities, insurance, gym memberships, all pulled from your national employee ID card. It would solve so many problems. It would be much harder for illegal aliens to find employment, it would encourage employers to hire U.S. citizens or legal aliens, and it would give the government what it wants - a way to track all citizens at all times. All you have to do is surrender your privacy and freedom.

Privacy vs Security at RSA conference

Brian Prince of eWeek Europe reports that U.S. Cyber Defense experts agreed on two things: U.S. cyber security needs beefing up, and doing that while protecting privacy won't be easy. Former head of U.S. Homeland Security Michael Chertoff saw the situation as a balancing act:

“You don’t want necessarily to have the government literally sitting there and operating the internet and opening and closing doors because it’s not hard to imagine a situation like you have in other countries where someone makes a decision that the threat isn’t just an attack by a botnet but an attack on ideas the government doesn’t like. So the key is to build a system that allows a sharing of information that does put on critical infrastructure a responsibility to maintain itself…but preserves a certain gate between them and a certain amount of accountability so that the government can’t simply just roughshod over the privacy.”

That's an important statement - and one that very neatly sums up the difficulty of providing security while maintaining privacy. The rest of the panel discussion showed a real concern and understanding of the importance - and complexity - of maintaining privacy while ensuring security.

Chertoff was one of a three member panel. The other two members were Marc Rotenberg, executive director of the Electronic Privacy Information Center ( EPIC ), and former special advisor on Cyber Security for George W. Bush, Richard Clarke. Richard Clarke is now chairman of Good Harbor Consulting. To be honest, I was a little surprised at the attitude shown by Mr. Chertoff and Mr. Clark. Hearing Mr. Chertoff, co-author of the Patriot Act, talk about the importance of limiting governments ability to invade citizens online privacy was unexptected.

Of course, not everything they said was so pretty. Clark wants a system that is flexible enough that it isn't compromised when some companies don't keep up with the latest patches and malware protections. His idea? Have Tier 1 ISP's do deep packet inspection to detect illicit activity. This is just a liiiiiittle bit contradictory to Mr. Chertoffs statement above. Deep packet inspection would mean they see everything everybody does that goes through a Tier 1 ISP. A lot of traffic will never hit a Tier 1 ISP, but the fact that US citizens would be being treated as criminals with no evidence that they are would be a major constitutional problem. Of course, it should be a major constitutional problem with the nationwide phone tapping that's still going on, and we know how that went. Not surprising at all that Rotenberg saw a slippery slope, "If we go down this road you really have to be very careful because one rationale easily collapses into another."

It was encouraging that Clarke felt the U.S. government had discredited itself over the past ten years where privacy is concerned. He also felt that the agency best equipped to protect the country, both military and civilian, is the NSA. But in an amazing twist, he feels that the NSA is not the agency that should be protecting the private sector. The problem is, there isn't anyone looking out for the private sector:

“The problem is right now no one is defending the private sector,” he continued. “The theory of the Obama administration seems to be cyber-command defends the military, DHS (Department of Homeland Security) – which can’t do it yet – defends the .gov community, and the rest of us are on our own.”

As scary as that is, it's better than being watched by the NSA. And I'm happy that all three panel members seem to agree with that sentiment.

.

TMI - some info shouldn't be realtime

February 2009 - "Just landed in Baghdad" tweeted Peter Hoekstra while on a 'secret' trip to Iraq. The media was aware of the trip, but agreed to embargo the information until after they arrived back in the U.S. for the safety of the congressmen. Since the congressman started tweeting before they left, the newspapers needn't have bothered.

March 3, 2010 - "On Wednesday we clean up Qatanah, and on Thursday, god willing, we come home," the soldier wrote on his Facebook page, refering to a West Bank village near Ramallah. That's from a story on Haaretz.com regarding a Facebook security breach. The mission the young man (he may not be a soldier, now) mentioned has been scrapped. According to Robert Mackey on the The Lede such details as the units name and the time of the raid were also revealed.

In the first case, Senator Hoekstra was former head, and senior member of the House intelligence committee. You would think a man with that kind of background would have more sense than to tweet details of his Baghdad itinerary. In the second, you would think a young soldier would be aware that posting details of an upcoming mission on Facebook would be a severe security breach - and could even be considered treason. But I wonder. How many of us actually realize how available things we put on Facebook and twitter really are? Do we really understand that what we put on Twitter and Facebook can be seen by just about anyone? With all the foolish things being put up on Facebook and Twitter, the real surprise isn't that two people posted national security breaking info on social networking sites, it's that we don't see a lot more of this happening.

I'm sure that most of my readers aren't in a position to spill national secrets, but spilling your own secrets can be bad enough. Think before you post on any site, and avoid the embarrassment of foot in mouth.

Obama = Bush

Now that I've got your attention, yes, I mean that. When it comes to citizens privacy rights, I can see no discernable difference between their administrations. Obama is continuing the national phone monitoring that was started by the Bush Adminstration. A program that is unconstitutional and does little if anything to benefit national security.

If that wasn't bad enough, last night I saw two articles talking about a case being argued today in Philidelphia. The first was at Cato-at-liberty.org and was pretty short. The headline says it all:

The Government Can Monitor Your Location All Day Every Day Without Implicating Your Fourth Amendment Rights

The second was an opinion piece by Catherine Crump at the Philadelphia Enquirer. It began with,

"If you own a cell phone, you should care about the outcome of a case scheduled to be argued in federal appeals court in Philadelphia tomorrow. It could well decide whether the government can use your cell phone to track you - even if it hasn't shown probable cause to believe it will turn up evidence of a crime."

The Obama administration is asserting that U.S. citizens have no reasonable expectation of privacy when it comes to their cell phones. This premise comes from the "third party doctrine." The third party doctrine is controversial to say the least, and in the modern age the equivalent of completely removing all Fourth Amendment protections without the pesky need to actually repeal it.

The third party doctrine says that once you knowingly give information to a third party you lose the right to the Fourth Amendment protections. Just to help keep things clear, the Fourth Amendment says:

Fourth Amendment – Protection from unreasonable search and seizure.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The third party doctrine is based on the premise that, since the phone company, your ISP, and any other company you may give data to is not within the four walls of your home or on your person, that data is no longer protected by the Fourth Amendments clause against unreasonable searches and seizures.

Forget whether or not you are doing anything illegal. Under the third party doctrine the government can subpoena your browsing history from your ISP without having to prove probable cause. Anything you put on Facebook (not that Facebook is private), and possibly even anything you backup to Carbonite or other online backup service.  I say possibly to the backup services because they are usually encrypted, so a "reasonable expectation of privacy" can be argued. The same can't be said for email, cell phones, text messages or almost anything sent over the internet.

I don't know about you, but almost everything I do that doesn't involve direct, face to face communication goes through a third party before reaching it's destination. There is almost nothing I do that the government can't look into for no other reason than curiosity using the third party doctrine. Knowing the history of the American colonies and the revolution, I know the founding fathers never intended the government to have that kind of power.

GAO to TSA: Test those scanners first!

In a report by Jaikumar Vijayan on pcworld.com we learn that the Government Accountability Office (GAO) has told the TSA to make sure they properly test the full body scanners they are trying to deploy. The GAO reminds the TSA that another technology, Explosive Trace Portals, was rushed to deployment, and performed so abysmally that only about 1/2 the units purchased were installed, and by the end of 2009 all but 9 were out of service. Those 9 will be gone by the end of the year.

The GAO says that the TSA had not tested the full body scanners by October 2009, but claims to have finished testing by the end of that year. The problem, according to the GAO, is there is no verification that real world tests, ie tests trying to fool or bypass the scanners, were done.

Without such tests - carried out with a sincere desire to get past the scanners - there is no guarantee that the scanners are effective. It's easy to find something carelessly hidden. It's another thing to catch something carefully hidden by someone with a good idea of how to hide it.

If some of the things I've read are correct, as little as a millimeter of skin will keep  these scanners from finding something. Having the amount of skin necessary for a bomb pulled up and sewn down over high explosives doesn't seem very attractive, but we're talking about people who are not expecting to be in one piece for much longer when this is done. Of course, there are less violent ways to hide a bomb inside the body. People smuggle drugs that way all the time.

This really comes down to a cost benefit analysis. The cost of the methods required to get around full body scanners - apparently very low. The cost of the scanners? A very high $130,000 to $170,000 each. Unless the TSA can show the scanners can effectively reduce terrorist attempts, the cost outweighs the benefit. From the information available now, that seems unlikely.

Full body scans: Trading privacy for illusion of security?

Hebba Aref has been a privacy advocate for some time. And she experienced anti-muslim prejudice first-hand when she was told that she couldn't be in a picture with Candidate Obama because of her head scarf. That was an overzealous volunteer, and Mr. Obama called her personally to apologize when he found out. I can imagine that was a defining moment in her life.

In the past she has been against full body scanners and profiling in airports. Then she sat six seats in front of a young Nigerian man on Christmas day, 2009, and she remembers the sound of the detonator, the flash, and the terrorist being led down the aisle with no clothes on below the waste.

Her experience that day changed her view of how airport security should be handled. In an article in the Detroit Free Press she says: "I'm always standing up for rights and privacy concerns, but now I hope that body scans will be mandatory," Aref, 27, said Wednesday. "Balanced against national security, it's worth the invasion of privacy. And I acknowledge the fact that there has to be attention paid to Muslims."

Coming close to death is a life changing experience, but often after some time has passed and the fear moves further away people revert to their previous opinions and attitudes. Only time will tell us if Miss Aref will continue to favor body scanners and profiling. But her story, moving as it may be, is just another emotional appeal, and emotional appeals are poor things to build policy on. Granted emotional appeals are the stuff that shapes public opinion, but they're still bad for building policy.

One of the more interesting quotes on full body scanning and privacy  came from an article in the Washington Post on January 4, 2009. It was about the images generated. It said,

"They're virtual. Passengers walk through the machines fully clothed; the resulting image appears on a monitor in a separate room and conceals passengers' faces and sensitive areas."

Correct me if I'm wrong, but I believe "sensitive areas" refers to the breasts and groin on women and the groin on men. If the groin area is concealed, how are we protected from an underwear bomb?

Here are a few other quotes from the same article:

"It covers up the dirty bits," said James Carafano, a homeland security expert at the conservative Heritage Foundation.

"I don't think it's any different than if you go to the beach and put on a bikini," said Brandon Macsata, who started the Association for Airline Passenger Rights.

"It covers up the dirty bits," and it's the same as a bikini ... that sounds to me like the primary area of concealment - the crotch, will be concealed by software in the scanner. That makes it kind of hard for the human viewing the image to see if anythings been added to the area.

I've read that the full body scanners are not designed to detect the types of explosives used in most terrorist attacks. According to an article at newsdaily.com, Dutch Interior Minister Guusje ter Horst said that there is no 100% gaurantee that the new detectors would have caught the underwear bomber.

Adding fuel to the fire - or not, since there's been almost no mention of it anywhere else, the Independent ran an article, Are planned airport scanners just a scam? on January 3rd reporting that British research into full body scanners showed that they would not detect an explosive of the type used by the crotchbomber. According the to article,

"But Ben Wallace, the Conservative MP, who was formerly involved in a project by a leading British defence research firm to develop the scanners for airport use, said trials had shown that such low-density materials went undetected.
Tests by scientists in the team at Qinetiq, which Mr Wallace advised before he became an MP in 2005, showed the millimetre-wave scanners picked up shrapnel and heavy wax and metal, but plastic, chemicals and liquids were missed. "

Other interesting claims are made. Supposedly American experts have stated that traditional airport pat downs wouldn't have stopped Mr. Abdulmutallab from getting on the plane. There's a really simple reason for it. In the U.S. the security people aren't allowed to frisk sensitive areas. Not that frisking those areas will stop everyone. I was with a friend going into "The Who's Last" concert in Dallas in 1983...I think that was the concert...anyway, they were frisking everyone. My friend had a recorder with the mike in his pants. The officer hit the mike,

"What's that!"
"My d**k."

The officer got a surprised look on his face and waved him through. I still wonder if anyone managed to get something more dangerous in that way?

For me the scanner issue isn't really about privacy, although that is important. It's really about using unproven technology without making sure the measures we already have in place are working. To be honest they usually do work, but we need a lot of improvement. And before we spend $165 million on scanners we should spend a few hundred thousand making sure they do what is claimed.

Does anyone remember the bomb sniffing machines they spent millions on after 911? The machines that are mostly decommissioned because they didn't work as claimed, and spent more time broken than working? We don't want that to happen again - but it's probably already to late, because they've already ordered them. And they may not even detect the explosive they're being bought to protect us from.

The more things change the more they stay the same.

[Edited at 12:21 to improve headline by Bert]

Obama shoulders responsibility

Whatever you may think about President Obama's handling of the economy, foreign relations, or the war on terror, yesterday he stepped up to the plate and acted like a leader. He gave a broad outline (which was all he should have given) of what went wrong and what will be done to fix the problems. And that's where it gets sticky. I've been doing a little research on those handy-dandy full-body scanners that everyone's talking about, and I like the idea of using them less now than I did before. In a couple of days I'll go into some of the problems with them. But aside from the full body scanners, it looks like President Obama is taking this threat to our security seriously now and taking real steps to keep us safe from external threats.  That is his primary job as President.

Full body scan - shield or show?

Full body scans in airports - they're getting a lot of attention again, both for and against. One blog feels that just by agreeing to fly we are consenting to scanning. Another story on Canada.com agrees. It asks the seemingly reasonable question, "Do we need to see hundreds or thousands killed for the privacy objectors to back off?"

Privacy groups are against the full body scanners, saying they are invasive and demeaning. Flyersrights.org and the ACLU are both against the scanners. In a release on its website the ACLU says:

"We should be focusing on evidence-based, targeted and narrowly tailored investigations based on individualized suspicion, which would be both more consistent with our values and more effective than diverting resources to a system of mass suspicion," said Michael German, national security policy counsel with the ACLU Washington Legislative Office and a former FBI agent. "Overbroad policies such as racial profiling and invasive body scanning for all travelers not only violate our rights and values, they also waste valuable resources and divert attention from real threats."

I have to admit, I lean more toward the ACLU position. Yes, I know that a full body scan might have caught the explosive in the bombers undies - although there are claims that the bomb would have made it through a scanner. But that isn't really the issue. The issue is that we don't need to add any new security measures, we need to properly use the ones we have.

I can't say it enough. The system is broken. People are saying, "We need full body scans to keep anyone else from getting through." No, we need to start making full use of the intel we're gathering. Bush dropped the ball when he didn't follow through on his order that the U. S. intelligence agencies, FBI, CIA, NSA, etc. share information, and Obama is following his example.

The point in this is not that a scanner would have stopped this guy before he could turn himself into a eunich. It is that he should never have made it to the point where he would have to go through a scanner. We had more than enough info to forbid this guy to get on a plane. He was on a watch list, then his father notified the U.S. Embassy that he had been radicalized and might do something dangerous. That would have put him in a "watch very closely" list for me. Not for the U.S. government. According to examiner.com:

"On November 20th the embassy sent a "Visas Viper cable" to the State Department which detailed the father's warning.  The information was then given to the Counter-Terrorism Center in Washington D.C. which ruled that their was insufficient information present to revoke Mutallab's visa."

While people are screaming for more measures to limit our freedoms and take away our rights, the real problem is that the information we are gathering has everything we need to stop these terrorists, if we would only use it. Putting scanners in the mix will not make us safer, it will only be one more layer of false security.

No matter what methods we devise to detect explosives at the airport, our first and best line of defense will always be gathering data to stop terrorists before they can get a ticket. And the evidence shows we're doing a good job of gathering it, we just aren't using what we're getting.