Tag: dhs

TSA’s Pistole Says ‘Risk-Based,’ Means ‘Privacy Invasive’

There is one thing you can take to the bank from TSA administrator John Pistole’s statement that he wants to shift to “risk-based” screening at airports: it hasn’t been risk-based up to now. That’s a welcome concession because, as I’ve said before, the DHS and its officials routinely mouth risk terminology, but rarely subject themselves to the rigor of actual risk analysis.

What Administrator Pistole envisions is nothing new. It’s the idea of checking the backgrounds of air travelers more deeply, attempting to determine which of them present less of a threat and which prevent more. That opens security holes that the risk-averse TSA is unlikely to actually tolerate, and it has significant privacy and Due Process consequences, including migration toward a national ID system. 

I wrote about one plan for a “trusted traveler”-type system recently. As the details of what Pistole envisions emerge, I’ll look forward to reviewing it.

The DHS Privacy Committee published a document several years ago that can help Pistole with developing an actual risk-based system and with managing its privacy consequences. The Privacy Committee itself exists to review programs like these, but has not been used for this purpose recently despite claims that it has.

If Pistole wants to shift to risk-based screening, he should require a full risk-based study of airport screening and publish it so that the public, commentators, and courts can compare the actual security benefits of the TSA’s policies with their costs in dollars, risk transfer, privacy, and constitutional values.

We’re All Terrorists Now

The Tennessee ACLU sent a letter to public schools warning them not to celebrate Christmas as a religious holiday. The Tennessee Fusion Center (H/T Uncle) put the communication on its map of “terrorism events and other suspicious activity”:

“ACLU cautions Tennessee schools about observing ‘one religious holiday,’” the website’s explanation reads.

Also among the map’s highlights: “McMinn County Teen Brings Gun to School,” and “Turkish National Salih Acarbulut Indicted in Chattanooga for Alleged $12 million Ponzi Scheme.”

Mike Browning, a spokesman for the Fusion Center, said “that was a mistake” to label the ACLU letter as a suspicious activity. He said the Fusion Center meant to use the icon that means merely general information. The icon was changed after the ACLU sent its news release, he said.

“It’s still on the map,” Browning told The City Paper. “It has been reclassified into the general information category.”

But a look at the website shows there is no icon for general information. Instead, the icon for the ACLU letter now signifies “general terrorism news,” according to the website’s legend.

This follows a long line of fusion center and DHS reports labeling broad swaths of the public as a threat to national security. The North Texas Fusion System labeled Muslim lobbyists as a potential threat; a DHS analyst in Wisconsin thought both pro- and anti-abortion activists were worrisome; a Pennsylvania homeland security contractor watched environmental activists, Tea Party groups, and a Second Amendment rally; the Maryland State Police put anti-death penalty and anti-war activists in a federal terrorism database; a fusion center in Missouri thought that all third-party voters and Ron Paul supporters were a threat; and the Department of Homeland Security described half of the American political spectrum as “right wing extremists.”

The ACLU fusion center report and update lay out some good background on these issues, and the Spyfiles report describes how monitoring lawful dissent has become routine for police departments around the nation. Cato hosted Mike German, a former FBI counterterrorism agent and co-author of the ACLU fusion report at a forum on fusion centers, available here.

Shades of Warning: What It Means to Inform

Ben Friedman helpfully supplies more information to go with my positive reaction to the Department of Homeland Security’s decision to scrap color-coded threat warnings.

Our colloquy leaves somewhat open what should replace color-coding. Because most threat warnings are false alarms, and because exhortations to vigilance will tend toward the vagueness of the color-coding system, Ben hopes “DHS winds up being tighter-lipped.”

His points are good ones, but they don’t dissuade me from my belief that DHS should “begin informing the public fully about threats and risks known to the U.S. government.”

The right answer here centers on who is better at digesting threat information—experts in the national security bureaucracy or the public?

There is a great deal of expertise in the U.S. government focused on turning up threat information and digesting it for policymakers. However, that expertise has limits, often manifested as threat inflation, as Ben notes, and as myopia. Daniel Patrick Moynihan’s Secrecy: The American Experience illustrates the latter well (especially the edition with Richard Gid Powers’ fine introduction).

The public consists of hundreds of millions of subject matter experts in every walk of life. They include owners and operators of all our infrastructure, reporters and commentators in the professional and amateur press, academics, state and local law enforcement personnel, information networks, and social networks of all kinds. We have security-interested folk in the hundreds of millions spread out across the land, all in regular communication with each other. We’re a tremendously powerful information processing machine. I believe this public can do a better job of digesting threat information than “experts,” particularly when it comes to terrorism threats, which can—theoretically, at least—manifest themselves pretty much anywhere.

The public constantly digests risk and threat information from other walks of life. We digest information about ordinary crime, health and disease, finance and investment, driving and walking, etc., etc. There is nothing about terrorism that disables the public from making judgments about threat information and incorporating it into daily life. People can figure out what matters and what does not, and they can apply information in the spheres they know.

When I say “fully inform,” I don’t argue for broadcasting every speck of information the U.S. government collects. There are limited domains in which information sharing will reveal sources and methods, undercutting access to future information. Appropriate caveats are part of ”fully” informing, of course. Natural pressure will cause too speculative threats to be winnowed from public release. But even opening a firehose will get people the water they need to drink.

Tight lips sink ships. The presumption should fall in favor of sharing information with the public. After a period of adjustment lasting from months to a year or more, the American information system would incorporate open threat information into daily life, and the country would be more secure. People made confident by the ability to consume and respond to threat information will feel more secure, which is the other half of what security is all about.

And Good Riddance…

The Department of Homeland Security is scrapping the color-coded terror alert system. The color-code system meant to serve as a way of keeping the public informed, but because it signaled some ambiguous sense of “threat” without providing a scintilla of information the public could use, it merely kept Americans ignorant and addled.

Scrapping the color-coded threat system is only the beginning. The next step is to begin informing the public fully about threats and risks known to the U.S. government. We’re adults. We can handle it. In fact, we can help.

Showdown on Homeland Security

If you haven’t seen it already, I recommend the Frontline report Are We Safer? Since September 11, 2001, the government has gone on a spending spree without any regard for fiscal federalism, dumping $31 billion into grant programs. The program is based on The Washington PostsTop Secret America article, “Monitoring America.” Watch it below:

Much of this spending has gone to local pork projects or allowed state and local governments to avoid the realities of budgeting – spend federal counterterrorism dollars on normal law enforcement requirements while spending the local tax base on unsustainable pensions for public employees. For a tally of this excess, check out the Price of Peril, an interactive map showing homeland security spending by state, courtesy of the Center for Investigative Reporting.

All of this spending isn’t without cost to our civil liberties. The recipients of the money have to show something, hence the rise of fusion centers across the nation and the scaremongering reports they produce. There simply aren’t enough terrorists to go around.

Two of the people featured in the Frontline report, Mike German of the ACLU (and former FBI agent) and Harvey Eisenberg, Chief, National Security Section, Office of United States Attorney, District of Maryland, squared off at a Cato Institute event in 2009. Check it out here. Pay special attention to Eisenberg’s remarks at 53:35, where he misstates the threshold for starting a domestic counterterrorism investigation under the Attorney General Guidelines.

Mike German corrects him – the 2008 guidelines loosened the standard such that agents don’t even need a reasonable suspicion of criminal activity to investigate someone. Eisenberg responds that he requires it for all of his investigations. That’s admirable, if true, but a bit unnerving that the policy change is news to him.

REAL ID Is Still Dead, But It Is Walking Dead

The cost and ease of implementing REAL ID are not shown by a new report from the anti-immigrant Center for Immigration Studies.

Nor does it establish why law-abiding American citizens should be required to carry a national ID. But the report is a good signal that the national ID effort continues. A coterie of national ID advocates are working with state motor vehicle bureaucrats to build a national ID. This is why repeal and defunding of REAL ID is so needed.

It’s been a while, so let’s review: REAL ID is the national ID law Congress passed in May of 2005. It gave states a three-year deadline to produce IDs meeting national standards and to network their databases of driver information together into a national ID system. In regulations it proposed in March 2007, the Department of Homeland Security extended that draconian deadline. States would have five years, starting in May 2008, to move all driver’s license and ID card holders into REAL ID-compliant cards.

At the time, DHS estimated the costs for this project at $17.2 billion dollars (net present value, 7% discount). Costs to individuals came it at nearly $6 billion—mostly in wasted time. The bulk of the costs fell on state governments, though: nearly $11 billion dollars.

To drive down the cost estimate, DHS pushed the implementation schedule way back. In its final rule of January 2008, it allowed states a deadline extension to December 31, 2009 just for the asking, and a second extension to May 2011 for meeting eighteen “benchmarks”—many of them things states were already doing or would have done anyway: taking pictures of license applicants, having them sign their applications, documenting their dates of birth, maintaining fraudulent document training programs, and so on.

Then states would have until the end of 2017 to replace all cards with the national ID card—just under ten years. DHS assumed that only 75% of people would actually get the national ID to drive the cost estimate down even further.

The Center for Immigration Studies report, authored by national ID lobbyist Janice Kephart, ratchets back even further on what ”implementation” means to argue that REAL ID is a cost-effective success.

States like Maryland and Delaware, once committed, have completed implementation of the 18 benchmarks within a year for only twice the grant monies provided by the federal government. Extrapolated out, that puts total costs for implementing the 18 REAL ID benchmarks in a range from $350 million to $750 million, an order of magnitude less than estimated previously.

Again, these benchmarks are not the substance of REAL ID, which is uniform collection and sharing of driver information, and uniform display of driver information in the “machine-readable zone” of a national ID card. But meeting some of the benchmarks only costs twice as much money as the states don’t have to spare!

The report is an important signal, though. The national ID builders haven’t gone away, and Congress continues to fund the national ID project. DHS has allocated $176 million to building a national ID so far, and it has gaudily rattled states’ cages trying to get them to spend.

During the debate about spending for the current (2011) fiscal year, the House-passed “Full-Year Continuing Appropriations Act” defunded the network for driver information sharing known as the “REAL ID hub,” and it also rescinded $16,500,000 in previously spent funds. That rescission should be included when the current Congress takes up FY 2011 spending again in March. And Congress should put a stake through the heart of the REAL ID law. The liberty-crushing national ID plan should be repealed, eliminated once and for all.

Prediction: DHS Programs Will Create Privacy Concerns in 2011

The holiday travel season this year revealed some of the real defects in the Transportation Security Administration’s new policy of subjecting select travelers to the “option” of going through airport strip-search machines or being subjected to an intrusive pat-down more akin to a groping. Anecdotes continue to come forth, including the recent story of a rape victim who was arrested at an airport in Austin, TX after refusing to let a TSA agent feel her breasts.

Meanwhile, the Department of Homeland Security is working on the “next big thing”: body-scanning everywhere. This “privacy impact assessment” from DHS’s Science and Technology Directorate details a plan to use millimeter wave—a technology in strip-search machines—along with other techniques, to examine people from a distance, not just at the airport but anywhere DHS wants.

With time to observe TSA procedures this holiday season, I’ve noticed that it takes a very long time to get people through strip-search machines. In Milwaukee, the machines were cordoned off and out of use the Monday after Christmas Day because they needed to get people through. Watch for privacy concerns and sheer inefficiency to join up when TSA pushes forward with universal strip/grope requirements.

And the issue looks poised to grow in the new year. Republican ascendancy in the House coincides with their increasing agitation about this government security excess.

I’ll be speaking at an event next Thursday, January 6th, called ”The Stripping of Freedom: A Careful Scan of TSA Security Procedures.” It’s hosted by the Electronic Privacy Information Center (EPIC) at the Carnegie Institute for Science in Washington, DC.

EPIC recently wrote a letter asking Homeland Security Secretary Janet Napolitano to task the DHS Privacy Committee (or “DPIAC,” on which I serve) with studying the impact of the body scanner program on individuals’ constitutional and statutory rights:

The TSA’s deployment of body scanners as the primary screening technique in American airports has raised widespread public concerns about the protection of privacy. It is difficult to imagine that there is a higher priority issue for the DPIAC in 2011 than a comprehensive review of the TSA airport body scanner program.

Will the Secretary ask her expert panel for a thorough documented review? Wait and see.

Whatever happens there, privacy concerns with DHS programs will be big in 2011.