Goodbye, Osama bin Laden

Originally posted 05/02/2011 on lubbockonline.com

Osama bin Laden has been killed after almost a decade in hiding. What does that mean? In the end, not much. It is an intelligence coup, one that, in terms of the difficulty of finding Mr. bin Laden is almost the counter-balance to the blunders that allowed 9/11 to happen. In terms of national security we will have higher risks when travelling to the Middle East for a while, our embassies and companies in the Middle East will be at greater risk of attack, and there will likely be more attempts to get a successful suicide bomber on a plane.

Bill Brenner on the CSO blog believes that bin Laden's death won't change much, and that's actually a good thing. Bill recently made a trip to Ground Zero in New York and was offended that people seemed to have forgotten what happened there. But it didn't take him long to realize that they hadn't forgotten, they had paid their greatest tribute to the victims of Osama bin Laden that could be paid (my words). They had refused to let Osama succeed in his primary goal. As much as our government has been affected by fear of terrorists, the people of New York City had moved past the attack and gone on with their lives. As has the rest of the country. We have not allowed terrorist to terrorize us. So in that sense, Osama bin Laden was a failure. Despite his greatest success and the attempts of many to use it to take away the personal liberties U.S. citizens have always enjoyed, we are still a nation of free men, not a police state. As long as we are Americans, that will not change.

I am not saying that President Obama, the intelligence community and our military don't deserve thanks and praise for killing Osama bin Laden. They do. He needed to be taken out. The fact that another will take his place doesn't change that. The fact that 9/11 was as much our ineptitude as it was his planning doesn't change that. Osama bin Laden attacked our country, and we didn't rest until he paid for that. Though administrations changed, though guiding political philosophy changed, we did not forget what Osama bin Laden had done and we did not rest until he paid. That also will not change.

That is a good thing.

Tell your representative, "Let the Patriot Act expire"

The new Republican majority in the house outsmarted themselves by pushing the extension of three provisions of the Patriot Act as an emergency vote. That made a 2/3 majority vote necessary to pass the extension. The extension failed to pass today by just 7 votes.

An extension is still possible if a regular vote can be scheduled before February 28th. Hopefully that won't happen. The three expiring provisions are wonderful for a police state, but slow death to a society founded on the ideal that government exists for the governed, not the other way around. They are:

• the provision allowing court approved roving wiretaps - those are taps that do not have to specify one location or device but can be moved as desired. This means that devices only peripherally related to the suspect can be tapped.
• the provision that allows court approved access to "any tangible thing" as long as it's related to a terror investigation. The concern here is that there is no check on this provision. It specifically prohibits using things or activities protected by the First Amendment, but as we learned last week, the FBI is not above violating civil liberties.
• Third is the provision that allows the surveillance of foreign nationals because they are foreign nationals. No connection to known or suspected terrorists or criminals necessary. The ultimate expression of "us vs them" mentality. Why are all the people protesting SB1070 screaming about this one?

The terrorist threat is real. It's not going away. But giving up our civil liberties does less to protect us than it does to provide the government access to our lives that it should not have. The biggest domestic contributor to the success of of the 9/11 attacks was lack of communication between intelligence agencies and even lack of communication within agencies. The Department of Homeland Security was created in part to correct that problem, but two years ago we learned that there has been little or no improvement. Giving government agencies access to more information when they don't even communicate the information they have effectively does nothing to improve security and much to invite abuse. Write your representative and tell him to let these provisions expire.

The terrorists are winning

I got a kick out of this cartoon by Mike Keefe on the Cagle Political Cartoon blog. I thought it was pretty close to right, but amusing.

Then I read about Thomas Sawyer, a survivor of bladder cancer who was humiliated by thoughtless TSA employees. He was chosen for an enhanced pat down after going through the full body scanner. He tried to warn them about his urostomy bag, but they ignored him and broke the seal, leaving him wet and smelling of urine. The TSA employees acted as though nothing had happened despite the wet spot on his clothes. And I realized that the changes we're enduring because of terrorism are no laughing matter.

Next I read a headline, "Qaeda Branch Aimed for Broad Damage at Low Cost," referring to the failed (or not) parcel bomb last month. The terrorists claim the operation may not have blown up a plane, but it had the desired effect of causing the U.S. to revamp security again, a time consuming and expensive prospect. In fact they've shifted emphasis from flashy attacks to simple, low grade attacks that cause maximum return in things like expanded security procedures.

The terrorists have won. They control our airport security. We need to turn things around and come up with reasonable procedures for airport security that respect human dignity and treat airline passengers like customers, not suspects.

Federal high tech security boondoggles

In an article by Ken Dilanian, swamppolitics.com - the Washingtom Bureau of the Chicago Tribune - reports that a number of high tech security programs initiated by the Bush administration have flopped. The biggest reason for the failure? Failure to properly test the technologies before implementation. A weakness shared by the current technical bandaid, full body scanners.

Technology is an important tool in the war against terror. But according to Brian Jenkins of the Rand Corp the Department of Homeland Security is overly reliant on technology. There is no silver bullet, but new technologies are treated as the final solutions to our national security problems.

From the "virtual fence" aka Project 28, on our southern border to the Real ID Act that Homeland Security Secretary Janet Napolitano has called for Congress to repeal, U.S. high tech anti-terrorism initiatives aren't working as advertised.

In fact, recently the majority, if not all, of the terrorist that have been caught before attempting terrorist acts have, to the best of our knowledge, not been caught through new, high tech gadgetry but through old fashioned investigation and surviellance techniques. Techniques that employ technology, but as a tool, rather than as the lynchpin of the procedure. Maybe it's time we started focusing on the things we know work, and take the time to do proper testing of new technologies before entrusting the lives of our citizens and the security of our nation to them.

More Homeland (in)Security

In a report on Yahoo News, EILEEN SULLIVAN and MATT APUZZO of the Associated press tell us why Faisal Shahzad was almost able to leave the country by plane after his alleged failed bombing attempt. It's a sad statement that just four months after dumb luck kept the crotchbomber from blowing himself and his fellow passengers out of the sky in a plane he shouldn't have been able to board, dumb luck again prevents a terrorist wannabe from igniting his bomb - and in this instance, escaping by boarding a plane he should never have been able to board.

This sad statement on U.S. security reminded me of an almost 4 year old blog post by Bruce Schneier on the arrests in July, 2006 of terrorists reportedly hoping to set off a so-called "binary explosive" - something apparently extremely difficult to do. Regardless of the likelihood of that scenario, Mr. Schneier makes some very good points:

"None of the airplane security measures implemented because of 9/11 -- no-fly lists, secondary screening, prohibitions against pocket knives and corkscrews -- had anything to do with last week's arrests. And they wouldn't have prevented the planned attacks, had the terrorists not been arrested. A national ID card wouldn't have made a difference, either.

Instead, the arrests are a victory for old-fashioned intelligence and investigation. Details are still secret, but police in at least two countries were watching the terrorists for a long time. They followed leads, figured out who was talking to whom, and slowly pieced together both the network and the plot."

Last Christmas's intelligence fiasco points out the same thing. In 2001 we had a massive intelligence failure - all the pieces were there, but inter-agency, even intra-agency, rivalry prevented the all the pieces being gathered to be put together. In December 2009 all the pieces were there, but were ignored, or not communicated in a timely manner. In the two incidents of the last 6 months the terrorist boarded an international flight despite being on the no-fly list. All of this shows that we don't need more ways for the government to monitor and spy on us. Adding new ways to gather information so it can be misused - or not used at all - is not an answer. We need to make proper use of the methods we already have in place. Then we can know what is working and what needs changing.

Is answering the census safe?

NOTE: Checking Census law reveals that it is illegal to refuse to answer the census questions.

In an opinion piece on csmonitor.com James Bovard examines the possibility that our census answers may not be as private as we're promised they'll be. He looks at the historical record the census bureau has built regarding privacy of census data. It doesn't look too good. The first mar on the bureaus record was the production of a list of Japanese Americans on the East coast within days of Pearl Harbor. Although they are now remembered (when mentioned at all) as "internment camps," or "War Relocation Camps," Japanese Americans were rounded up and put into concentration camps. The Census Bureau denied any such activity until 2000, and denied giving specific names and addresses until it was proved in 2007 that exactly that information had been provided.

The Department of Homeland Security was given similar information by the Census Bureau in 2003-2004 regarding people of Middle Eastern ancestry in the U.S. No roundups occurred, but they would have been much easier with that information.

Mr. Bovard talks about the abuses to citizen privacy in the last 10 years, and points out that all the census is really required to gather by the constitution is a count of citizens, and the number of people living at each address is all that anyone should provide. Especially since the government obviously is more concerned with gathering as much information as it can about citizens than protecting their rights. It was true of the Bush administration, and by all the evidence nothing has changed with the Obama administration. I have no doubt that census data will be used in whatever fashion the government feels the need to use it, no matter what the law says.

Privacy vs Security at RSA conference

Brian Prince of eWeek Europe reports that U.S. Cyber Defense experts agreed on two things: U.S. cyber security needs beefing up, and doing that while protecting privacy won't be easy. Former head of U.S. Homeland Security Michael Chertoff saw the situation as a balancing act:

“You don’t want necessarily to have the government literally sitting there and operating the internet and opening and closing doors because it’s not hard to imagine a situation like you have in other countries where someone makes a decision that the threat isn’t just an attack by a botnet but an attack on ideas the government doesn’t like. So the key is to build a system that allows a sharing of information that does put on critical infrastructure a responsibility to maintain itself…but preserves a certain gate between them and a certain amount of accountability so that the government can’t simply just roughshod over the privacy.”

That's an important statement - and one that very neatly sums up the difficulty of providing security while maintaining privacy. The rest of the panel discussion showed a real concern and understanding of the importance - and complexity - of maintaining privacy while ensuring security.

Chertoff was one of a three member panel. The other two members were Marc Rotenberg, executive director of the Electronic Privacy Information Center ( EPIC ), and former special advisor on Cyber Security for George W. Bush, Richard Clarke. Richard Clarke is now chairman of Good Harbor Consulting. To be honest, I was a little surprised at the attitude shown by Mr. Chertoff and Mr. Clark. Hearing Mr. Chertoff, co-author of the Patriot Act, talk about the importance of limiting governments ability to invade citizens online privacy was unexptected.

Of course, not everything they said was so pretty. Clark wants a system that is flexible enough that it isn't compromised when some companies don't keep up with the latest patches and malware protections. His idea? Have Tier 1 ISP's do deep packet inspection to detect illicit activity. This is just a liiiiiittle bit contradictory to Mr. Chertoffs statement above. Deep packet inspection would mean they see everything everybody does that goes through a Tier 1 ISP. A lot of traffic will never hit a Tier 1 ISP, but the fact that US citizens would be being treated as criminals with no evidence that they are would be a major constitutional problem. Of course, it should be a major constitutional problem with the nationwide phone tapping that's still going on, and we know how that went. Not surprising at all that Rotenberg saw a slippery slope, "If we go down this road you really have to be very careful because one rationale easily collapses into another."

It was encouraging that Clarke felt the U.S. government had discredited itself over the past ten years where privacy is concerned. He also felt that the agency best equipped to protect the country, both military and civilian, is the NSA. But in an amazing twist, he feels that the NSA is not the agency that should be protecting the private sector. The problem is, there isn't anyone looking out for the private sector:

“The problem is right now no one is defending the private sector,” he continued. “The theory of the Obama administration seems to be cyber-command defends the military, DHS (Department of Homeland Security) – which can’t do it yet – defends the .gov community, and the rest of us are on our own.”

As scary as that is, it's better than being watched by the NSA. And I'm happy that all three panel members seem to agree with that sentiment.

.

GAO to TSA: Test those scanners first!

In a report by Jaikumar Vijayan on pcworld.com we learn that the Government Accountability Office (GAO) has told the TSA to make sure they properly test the full body scanners they are trying to deploy. The GAO reminds the TSA that another technology, Explosive Trace Portals, was rushed to deployment, and performed so abysmally that only about 1/2 the units purchased were installed, and by the end of 2009 all but 9 were out of service. Those 9 will be gone by the end of the year.

The GAO says that the TSA had not tested the full body scanners by October 2009, but claims to have finished testing by the end of that year. The problem, according to the GAO, is there is no verification that real world tests, ie tests trying to fool or bypass the scanners, were done.

Without such tests - carried out with a sincere desire to get past the scanners - there is no guarantee that the scanners are effective. It's easy to find something carelessly hidden. It's another thing to catch something carefully hidden by someone with a good idea of how to hide it.

If some of the things I've read are correct, as little as a millimeter of skin will keep  these scanners from finding something. Having the amount of skin necessary for a bomb pulled up and sewn down over high explosives doesn't seem very attractive, but we're talking about people who are not expecting to be in one piece for much longer when this is done. Of course, there are less violent ways to hide a bomb inside the body. People smuggle drugs that way all the time.

This really comes down to a cost benefit analysis. The cost of the methods required to get around full body scanners - apparently very low. The cost of the scanners? A very high $130,000 to $170,000 each. Unless the TSA can show the scanners can effectively reduce terrorist attempts, the cost outweighs the benefit. From the information available now, that seems unlikely.

Airport romance never pays

Of course, it would help if a little common sense went with it. Friends describe Haisong Jiang as a hopeless romantic. They say he just wanted to say goodbye to his girlfriend one more time. They also say that he didn't realize what a flap he would cause. He's a doctoral student in molecular biology, which would indicate a certain amount of intelligence. But sometimes people do fit stereotypes. I knew a chemical engineering Ph.D. candidate who was incredibly book smart, but was the poster child for the uncommonness of common sense. So I'll give Haisong Jiang the benefit of the doubt on not realizing how much trouble he would cause by crossing that rope to go into the secure area with his girlfriend in Newark Airport January 3rd.

But I watched the video of the his transgression (well, I watched the 6 minute unedited video), and it is obvious that he did know what he was doing was wrong. He waited around for several minutes, even after the guard asked him to move on. And I would think his girlfriend should be held responsible as well. She waited until the security guard was gone and came back for her boyfriend, then walked with him to the 'secure area.'

The guard is also culpable in this fiasco. He should not have left his post unattended. If he had some serious business he needed to attend to he should have called for relief.

How much trouble should they be in? I'm not sure. Unless he's been an exemplary employee for a long time, I would strongly recommend firing the guard. There is too much relying on his vigilance to let a slip like that slide. The lovebirds? I'm a little torn. I think they need more severe penalties than the crime he is being charged with carries (she isn't being held responsible, AFAIK), but I don't really want to ruin to lives over what might have gone entirely unnoticed a few short weeks ago.

That's the kicker, of course. And perhaps the damning bit that's missing. These two have been carrying on a long distance relationship for a year or so. How many times have they played exactly this scenario when she visits? Or when he visits? As I said earlier, he was obviously waiting, and it appears that she was, too. It looked like they had either done this many times, or planned it very carefully.

His reaction when he found out the police were at his house is also interesting. Almost like he was expecting it eventually. According to a story in the NY Daily News, he said, "You got me." It doesn't sound like there was any surprise at all. That just leaves the question, why is he the only one being charged?

Why does the girl go free when she went to get him - knowing he wasn't supposed to cross the secure barrier? The guard is facing disciplinary action, the boyfriend is being charged, however lightly, and the girlfriend walks. Doesn't sound right to me.

Full body scans: Trading privacy for illusion of security?

Hebba Aref has been a privacy advocate for some time. And she experienced anti-muslim prejudice first-hand when she was told that she couldn't be in a picture with Candidate Obama because of her head scarf. That was an overzealous volunteer, and Mr. Obama called her personally to apologize when he found out. I can imagine that was a defining moment in her life.

In the past she has been against full body scanners and profiling in airports. Then she sat six seats in front of a young Nigerian man on Christmas day, 2009, and she remembers the sound of the detonator, the flash, and the terrorist being led down the aisle with no clothes on below the waste.

Her experience that day changed her view of how airport security should be handled. In an article in the Detroit Free Press she says: "I'm always standing up for rights and privacy concerns, but now I hope that body scans will be mandatory," Aref, 27, said Wednesday. "Balanced against national security, it's worth the invasion of privacy. And I acknowledge the fact that there has to be attention paid to Muslims."

Coming close to death is a life changing experience, but often after some time has passed and the fear moves further away people revert to their previous opinions and attitudes. Only time will tell us if Miss Aref will continue to favor body scanners and profiling. But her story, moving as it may be, is just another emotional appeal, and emotional appeals are poor things to build policy on. Granted emotional appeals are the stuff that shapes public opinion, but they're still bad for building policy.

One of the more interesting quotes on full body scanning and privacy  came from an article in the Washington Post on January 4, 2009. It was about the images generated. It said,

"They're virtual. Passengers walk through the machines fully clothed; the resulting image appears on a monitor in a separate room and conceals passengers' faces and sensitive areas."

Correct me if I'm wrong, but I believe "sensitive areas" refers to the breasts and groin on women and the groin on men. If the groin area is concealed, how are we protected from an underwear bomb?

Here are a few other quotes from the same article:

"It covers up the dirty bits," said James Carafano, a homeland security expert at the conservative Heritage Foundation.

"I don't think it's any different than if you go to the beach and put on a bikini," said Brandon Macsata, who started the Association for Airline Passenger Rights.

"It covers up the dirty bits," and it's the same as a bikini ... that sounds to me like the primary area of concealment - the crotch, will be concealed by software in the scanner. That makes it kind of hard for the human viewing the image to see if anythings been added to the area.

I've read that the full body scanners are not designed to detect the types of explosives used in most terrorist attacks. According to an article at newsdaily.com, Dutch Interior Minister Guusje ter Horst said that there is no 100% gaurantee that the new detectors would have caught the underwear bomber.

Adding fuel to the fire - or not, since there's been almost no mention of it anywhere else, the Independent ran an article, Are planned airport scanners just a scam? on January 3rd reporting that British research into full body scanners showed that they would not detect an explosive of the type used by the crotchbomber. According the to article,

"But Ben Wallace, the Conservative MP, who was formerly involved in a project by a leading British defence research firm to develop the scanners for airport use, said trials had shown that such low-density materials went undetected.
Tests by scientists in the team at Qinetiq, which Mr Wallace advised before he became an MP in 2005, showed the millimetre-wave scanners picked up shrapnel and heavy wax and metal, but plastic, chemicals and liquids were missed. "

Other interesting claims are made. Supposedly American experts have stated that traditional airport pat downs wouldn't have stopped Mr. Abdulmutallab from getting on the plane. There's a really simple reason for it. In the U.S. the security people aren't allowed to frisk sensitive areas. Not that frisking those areas will stop everyone. I was with a friend going into "The Who's Last" concert in Dallas in 1983...I think that was the concert...anyway, they were frisking everyone. My friend had a recorder with the mike in his pants. The officer hit the mike,

"What's that!"
"My d**k."

The officer got a surprised look on his face and waved him through. I still wonder if anyone managed to get something more dangerous in that way?

For me the scanner issue isn't really about privacy, although that is important. It's really about using unproven technology without making sure the measures we already have in place are working. To be honest they usually do work, but we need a lot of improvement. And before we spend $165 million on scanners we should spend a few hundred thousand making sure they do what is claimed.

Does anyone remember the bomb sniffing machines they spent millions on after 911? The machines that are mostly decommissioned because they didn't work as claimed, and spent more time broken than working? We don't want that to happen again - but it's probably already to late, because they've already ordered them. And they may not even detect the explosive they're being bought to protect us from.

The more things change the more they stay the same.

[Edited at 12:21 to improve headline by Bert]

Obama shoulders responsibility

Whatever you may think about President Obama's handling of the economy, foreign relations, or the war on terror, yesterday he stepped up to the plate and acted like a leader. He gave a broad outline (which was all he should have given) of what went wrong and what will be done to fix the problems. And that's where it gets sticky. I've been doing a little research on those handy-dandy full-body scanners that everyone's talking about, and I like the idea of using them less now than I did before. In a couple of days I'll go into some of the problems with them. But aside from the full body scanners, it looks like President Obama is taking this threat to our security seriously now and taking real steps to keep us safe from external threats.  That is his primary job as President.