Violence... The story so far

Updated 12 Dec 2007

National Security http://www.ready.gov/

A new department, Homeland Security, is now given the charge its name implies. For an update (Dec 2007) See: http://www.homelandsecurityforsale.org/

This new bureaucracy was widely expected to focus our efforts on terrorism. It was politically expedient. It is also against conservative principles the call for small government. However, the enabling legislation was packed with provisions that benefit special interests more than the public. This legislation, first proposed by Joseph Lieberman (an erstwhile Democrat), became a vehicle favoring only the plutocrats among us.

Think about it. The bill's writers and sponsors were not concerned just with safety. Special interest provisions were tacked on--at the expense of American taxpayers. Thanks to people who actually read legislation, this sleight of hand, became public knowledge.

With these events apparent for all to see, one must ask: What about homeland security? Is a new layer of government a proper answer? Others considered this issue, early on.

Bruce Schneier in his Crypto-Gram Newsletter, June 15, 2002, had some thought-provoking things to say about security. We quote in part:

1. It's not about data collection; it's about data analysis. Again from the 30 September 2001 issue of Crypto-Gram: "Demands for even more surveillance miss the point. The problem is not obtaining data, it's deciding which data is worth analyzing and then interpreting it. Everyone already leaves a wide audit trail as we go through life, and law enforcement can already access those records with search warrants [and subpoenas]. The FBI quickly pieced together the terrorists' identities and the last few months of their lives, once they knew where to look. If they had thrown up their hands and said that they couldn't figure out who did it or how, they might have a case for needing more surveillance data. But they didn't, and they don't."

2. Security decisions need to be made as close to the source as possible. This has all sorts of implications: airport X-ray machines should be right next to the departure gates, like they are in some European airports; bomb target decisions should be made by the generals on the ground in the war zone, not by some bureaucrat in Washington; and investigation approvals should be granted the FBI office that's closest to the investigation. [See Guardians] This mode of operation has more opportunities for abuse, so oversight is vital. But it is also more robust, and the best way to make things work. (The US Marine Corps understands this principle; it's the heart of their chain of command rules.)

3. Data correlation needs to happen as far away from the sources as possible. Good intelligence involves finding meaning amongst enormous reams of irrelevant data, and then organizing all those disparate pieces of information into coherent predictions about what will happen next. It requires smart people who can see connections, and access to information from many different branches of government. It can't be by the various individual pieces of bureaucracy, whether it be the CIA, FBI, NSA, INS, Coast Guard, etc. The whole picture is larger than any of them, and each one only has access to a small piece.

4. Intelligence and law enforcement have fundamentally different missions. The FBI's model of operation investigation of past crimes does not lend itself to an intelligence paradigm: prediction of future events. On the other hand, the CIA is prohibited by law from spying on citizens. Expecting the FBI to become a domestic CIA is a terrible idea; the missions are just too different and that's too much power to consolidate under one roof. Turning the CIA into a domestic intelligence agency is an equally terrible idea; the tactics that they regularly use abroad are unconstitutional here.

5. Don't forget old-fashioned intelligence gathering. Enough with the echelon-like NSA programs where everything and anything gets sucked into an enormous electronic maw, never to be looked at again. Lots of Americans managed to become part of Al Qa'ida (a 20-year-old Californian did it, for crying out loud); why weren't any of them feeding intelligence to the CIA? Get out in the field and do your jobs. [This is just one way in which our society has gone astray. We alienate our own citizens and the Neocon approach only alienates further.]

6. Organizations with investigative powers require constant oversight. If we want to formalize a domestic intelligence agency, we are going to need to be very careful about how we do it. Many of the checks and balances that Ashcroft is discarding were put in place to prevent abuse. And abuse is rampant at the federal, state, and local levels. Just because everyone is feeling good about the police today doesn't mean that things won't change in the future. They always do.

7. Fundamental changes in how the United States copes with domestic terrorism requires, um, fundamental changes. Much as the Bush Administration would like to ignore the constitutional issues surrounding some of their proposals, those issues are real. Much of what the Israeli government does to combat terrorism in its country, even some of what the British government does, is unconstitutional in the United States. Security is never absolute; it always involved tradeoffs. If we're going to institute domestic passports, arrest people in secret and deny them any rights, place people with Arab last names under continuous harassment, or methodically track everyone's financial dealings, we're going to have to rewrite the Constitution. At the very least, we need to have a frank and candid debate about what we're getting for what we're giving up. People might want to live in a police state, but let them at least decide willingly to live in a police state. My opinion has been that it is largely unnecessary to trade civil liberties for security, and that the best security measures reinforcing the airplane cockpit door, putting barricades and guards around important buildings, improving authentication for telephone and Internet banking have no effect on civil liberties. Broad surveillance is a mark of bad security.

Charles C Mann wrote an insightful essay in The Atlantic Monthly, Sept 2002, p81-102. Mann's essay was the basis for most of the material that follows. He amplifies on what Bruce Schneier wrote above.

Secrecy is a trap and Bush is the most secretive president ever. Secrecy is a trap because "...the more secrets that are necessary to a security system, the more vulnerable the system becomes." For example, the American desire for an all-in-one high-tech solution requires huge data bases on each and every one of us. Hackers have shown us already how vulnerable each can be. Add these vulnerabilities together and the barriers to hacking are proportionately lower.

And what of those in charge of the data bases? Will they all be free of malice and venality? The political answer will be yes, trust me, and you are not patriotic if you don't agree with me. The facts are otherwise, people have flaws. And so do leaders.

"Security measures are characterized less by their success than by the manner of their failure." This is exactly what happened in the Minnesota and Arizona field offices of the FBI. The failure was not in the data gathering; nor was it in the local analysis. The intelligence failure was a system failure. Abu Ghraib was also a system failure on a different plane.

SYSTEMS is an Achilles Heel in American culture.

People in Washington earned their stripes by their loyalty to the organization and their superiors. Catching bad guys was secondary--not so much by professed belief of any individual as by their actual collective behavior. This is a first-order culture issue. Colleen Rowley had it right. The FBI culture is a legacy of J Edgar Hoover. He demanded loyalty above all else. Mr. Bush puts Mr. Hoover to shame. Systems that fail the people are now the order of the day.

System failures that continue become people failures, that become system failures that become cultural failures... ad infinitum

The WTC bombing intelligence failure highlights another problem with systems. They are vulnerable when a single failure can compromise the entire organization. When a hacker gets through your firewall, he has your computer in his hands. This is exactly analogous to a terrorist slipping through security; he can then do as he pleases. The airport, and all flights are vulnerable. What Rowley saw and interpreted accurately was a man taking flight training without much talent. It made no sense. The flight instructor was another strong link in the chain. Not so the home office.

Suicidal pilots found the weak link, the FBI chain of command. The detection and analytical elements of the system were fully operable. It was the FBI culture of loyalty first, that ensured the terrorist's success. It is true, that full recognition in Washington might not have prevented the actual event. It is also true that law enforcement agencies can be very efficient once given some clues (two in this case) after a period of high alert. The fact that the terrorists took flight training and traveled under their own names could have made it easy to sense a pattern and alert the FBI and airlines. Guessing what they were really up to, of course, would have been a major difficulty in prevention. Even with a history of prior WTC bombing and suicidal terrorism in the Middle East, and a warning from the French, not many people could have put the actual event together--a major staffing problem in itself. Political appointees cannot be expected to rise to such challenges--the political approach failed utterly in this case.

The point is that robust systems bend before they break, and they minimize subsequent damage. The FBI culture of loyalty before what is right is not robust in any sense. It is worse than that. At this update in Dec 2007, FBI agents must still use the local libraries if they have a need to track Islamic bloggers!! Homeland Security is failing miserably.

The issue of robustness is crucial. Take airport security. Many airports require cars to park 300 feet from the terminal while allowing passengers to be dropped off at the terminal from cars and even buses. This is an example of an ineffective and "brittle" system. Reinforcing the cockpit door and getting the passengers to fight back are proven and effective. Neither one abridges civil liberties! Cockpit door reinforcement eliminates the surprise factor and has been proven to be effective. It also gives the cockpit crew time to set the autopilot to land at the nearest airport--come what may in the cockpit. And of course, an armed crew would have time to face an intruder.

Fingerprint readers have a brittle element. With $10 worth of household supplies, one can make a mold and plastic finger complete with prints that will fool such detectors about 80% of the time. Blowing in graphite dust to activate the previous print worked 100% of the time against some systems. Moist air was enough in other cases. Moreover, fingerprints can be lifted or stolen in a variety of ways. With huge centralized data bases, a thief could tap your credit, obtain your medical records, start your car or do anything supposedly protected by your fingerprint. Your bank can replace stolen credit cards; you can't replace your thumb.

Face recognition provides an example that is similar. Here you have an instrument that is 99.32% accurate. [The number implies more than 10,000 trials were made.] That is actually quite accurate but what is the downside? Consider Logan Airport in Boston. This nearly perfect instrument would create nearly 500 false alarms daily! (Logan serves some 25 million passengers annually; from those, 170,000 false alarms would be generated.) This is just one example of very real technical problems attending security.

Like fingerprints, one's iris is unique. "Iris readers" suffer the same weakness that fingerprint readers do. High resolution photographs of your irises have been shown to defeat this technique. But your iris is harder to steal without your knowledge.

There is no substitute for the human equation in security. The fingerprint reader suddenly becomes more formidable when someone is watching to prevent the use of molds or other tricks that defeat the instrument. The same is true of the iris scanner. So, also, for monitoring students going to flying schools or truck driving schools. Colleen Rowley presented vivid proof of this need. There is no substitute for a human being. All one needs is a sensitive and responsive organization to react to and act in real time on multiple clues that point to something.

Responsiveness, however, is not something that can be affected much by organization. Responsiveness is a culture. Responsiveness on the front line allows proactive decision making and preventive actions. Nothing less will due. Hardly anything more is needed.

In signing the Homeland Security Bill, President Bush announced:

"Many terrorists are now being interrogated. Many terrorists have been killed. We've liberated a country. This act takes the next critical steps in defending our country against the continuing threat of terrorism. The threat of mass murder on our own soil will be met with a united, effective response."

Sixty months into this "war" on terror, we have done acceptably well [as far as we know in this age of secrecy,] The cultural problem that made the system vulnerable in the first place, is still with us. If culture is intrinsic to the guard, which it may only partially be, it will not be addressed until there is a regime change.

Bruce Schneier uses three techniques that, when used together, raise identification to the next level.

1. PIN. ID and password are one example.

2. TOKEN. This is a physical object with data that defines who you are, your passport, driver's license, or national ID for example. It could even be unreadable by ordinary means.

3. BIO. This is biometric data that can be measured. Finger-prints, facial features, and iris patterns are examples.

Remember systems are defined by their failures, never mind their successes. Smart cards would not have stopped 9/11; the hijackers were who they said they were. It is this type of downside that can kill us.

Of course, there is a counteraction available; infiltration of the terror networks. In the Islamic case, Anglo-Saxon Christians will be turned away at the door, except, perhaps, on line. Al Qa'ida's inner circle has many ways of recognizing its own, just as the Thugs of India did. The Thugs were rooted out by the local authorities. So it can be in our times.

Why do we prefer war instead?
Because we are violent by nature.

You can measure anything you want,
anything physical at all,
except intentions.

Broad surveillance is a mark of bad security. Bruce Schneier

Unfortunately, trying to stop a terrorist plan is really too little too late if your goal is to stop terrorism entirely. Military action is not enough. Coordinated police action everywhere on the globe is better. Better still are culture and economic changes that preclude Alienation and Humiliation everywhere. Most especially, human governance must everywhere erase despotism and corruption in all their many forms. Democracy is one of the better approaches, but the Bush/Blair "axis" gives us pause there.

Effectively countering terrorism requires internationalism and statesmanship not evident in Washington at the present time. Nevertheless, if 20th Century trends merely continue, there are reasons for hope.

Unfortunately, a new day has dawned. The earth is once again plagued by an empire that knows not what it is about--other than to dominate--whatever the cost.

Meanwhile: We endorse the proposals made by Bruce Schneier.

---

How is it working out? See:
Scandals and Scoundrels for part of the answer.

Bruce Schneier's fears have come to pass.