Tag: dhs

Prediction: DHS Programs Will Create Privacy Concerns in 2011

The holiday travel season this year revealed some of the real defects in the Transportation Security Administration’s new policy of subjecting select travelers to the “option” of going through airport strip-search machines or being subjected to an intrusive pat-down more akin to a groping. Anecdotes continue to come forth, including the recent story of a rape victim who was arrested at an airport in Austin, TX after refusing to let a TSA agent feel her breasts.

Meanwhile, the Department of Homeland Security is working on the “next big thing”: body-scanning everywhere. This “privacy impact assessment” from DHS’s Science and Technology Directorate details a plan to use millimeter wave—a technology in strip-search machines—along with other techniques, to examine people from a distance, not just at the airport but anywhere DHS wants.

With time to observe TSA procedures this holiday season, I’ve noticed that it takes a very long time to get people through strip-search machines. In Milwaukee, the machines were cordoned off and out of use the Monday after Christmas Day because they needed to get people through. Watch for privacy concerns and sheer inefficiency to join up when TSA pushes forward with universal strip/grope requirements.

And the issue looks poised to grow in the new year. Republican ascendancy in the House coincides with their increasing agitation about this government security excess.

I’ll be speaking at an event next Thursday, January 6th, called ”The Stripping of Freedom: A Careful Scan of TSA Security Procedures.” It’s hosted by the Electronic Privacy Information Center (EPIC) at the Carnegie Institute for Science in Washington, DC.

EPIC recently wrote a letter asking Homeland Security Secretary Janet Napolitano to task the DHS Privacy Committee (or “DPIAC,” on which I serve) with studying the impact of the body scanner program on individuals’ constitutional and statutory rights:

The TSA’s deployment of body scanners as the primary screening technique in American airports has raised widespread public concerns about the protection of privacy. It is difficult to imagine that there is a higher priority issue for the DPIAC in 2011 than a comprehensive review of the TSA airport body scanner program.

Will the Secretary ask her expert panel for a thorough documented review? Wait and see.

Whatever happens there, privacy concerns with DHS programs will be big in 2011.

And You Look to Government for Cybersecurity?

Washington Times reporter Shaun Waterman has a characteristically excellent article out today about U.S. cybersecurity authorities failing to secure their own systems.

According to a new report by government auditors, systems at the U.S. Computer Emergency Readiness Team (US-CERT), part of the Department of Homeland Security, were not maintained with updates and security patches in a timely fashion and as a result were riddled with vulnerabilities that hackers could exploit.

Time and again, people look to government intervention based on what they imagine government might do under ideal conditions. Real conditions produce far weaker results.

We’re better off distributing the problem of data, network, and computer security among all the self-interested actors in the country—fallible as they are. We should not abandon the problem to a central authority whose failure fails us all.

We Fail More—So Put Us in Charge

The Washington Post reports today on an article coming out in Foreign Affairs in which Deputy Defense Secretary William J. Lynn III reveals a successful 2008 intrusion into military computer systems. Malicious code placed on a thumb drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military’s Central Command and propagated itself across a number of domains.

The Post article says that Lynn “puts the Homeland Security Department on notice that although it has the ‘lead’ in protecting the dot.gov and dot.com domains, the Pentagon — which includes the ultra-secret National Security Agency — should support efforts to protect critical industry networks.”

The failure of the military to protect its own systems creates an argument for it to have preeminence in protecting private computer infrastructure? Perhaps the Department of Homeland Security will reveal how badly it has been hacked in order to regain the upper hand in the battle to protect us.

DHS FOIbles

The Associated Press is reporting that persons filing requests under the Freedom of Information Act (FOIA) with the Department of Homeland Security during the last year faced scrutiny beyond what the law requires.

Career employees were ordered to provide Secretary Janet Napolitano’s political staff with information about the people who asked for records — such as where they lived, whether they were private citizens or reporters — and about the organizations where they worked.

If a member of Congress sought such documents, employees were told to specify Democrat or Republican.

This, despite President Barack Obama’s statement that federal workers should “act promptly and in a spirit of cooperation” under FOIA, and Attorney General Eric Holder’s assertion: “Unnecessary bureaucratic hurdles have no place in the new era of open government.”

The White House separately reviewed FOIA requests to see documents about spending under the $862 billion stimulus law. Read the whole thing.

Souder’s Departure

In case you haven’t heard, Rep. Mark Souder (R-Ind.) is departing Congress because of an extramarital affair with one of his staffers. His replacement can only improve Indiana’s Third District on drug policy and limited government (and here).

During the initial hearings on the creation of the Department of Homeland Security, Souder was one of two representatives (the other being former Rep. Benjamin Gilman (R-N.Y.)) stressing the need for DHS to get into the drug war business. Souder went so far as to compare drug use to chemical warfare: “more than 4,000 Americans die each year from drug abuse – at least the equivalent of a major terrorist attack.” Rep. Gilman went so far as to propose that the DEA fall under the DHS since, as anyone can see, its supervision of nearly two-dozen subordinate agencies isn’t enough. And drug dealer = terrorist. Clearly.

While it would be preferable for voters of his district to reject pork-barrel spending and the nonsensical drug war, this resignation is not lamentable.

DHS to States: Pleeease Spend This Money!

Here’s a window onto the upside-down way government spending works. The Department of Homeland Security has sent a letter to states begging them to spend federally provided money on implementing REAL ID, the national ID law.

“DHS is regularly asked by members of Congress, as well as the Office of Management and Budget, if these funds are needed by the states, and whether these funds should be reallocated to other efforts,” writes Juliette Kayyam of DHS’ Office of Intergovernmental Affairs. “As both the states and the Federal government face increasingly tough budgeting decisions, it is more important than ever that these available funds be utilized.”

That’s right: Tough budget times make it imperative to spend more money.

States don’t want to implement REAL ID, and the American people don’t want a national ID, but the DHS bureaucracy is rattling cages to try to get money spent purely for the sake of spending. It’s flabbergasting.

EPIC: Suspend Airport Body Scanners

Last week, the Electronic Privacy Information Center released a petition from a group it spearheaded, asking the Department of Homeland Security to suspend deployment of whole-body imaging (aka “strip-search machines”) at airports.

The petition is a thorough attack on the utility of the machines, the process (or lack of process) by which DHS has moved forward on deployment, and the suitability of the privacy protections the agency has claimed for the machines and computers that display denuded images of air travelers.

The petition sets up a variety of legal challenges to the use of the machines and the process DHS has used in deploying them.

Whole-body imaging was in retreat in the latter part of last year when an amendment to severely limit their use passed the House of Representatives. The December 25 terror attempt, in which a quantity of explosives was smuggled aboard a U.S.-bound airplane in a passenger’s underpants, gave the upper hand to the strip-search machines. But the DHS has moved forward precipitously with detection technology before, wasting millions of dollars. It may be doing so again.

My current assessment remains that strip-search machines provide a small margin of security at a very high risk to privacy. TSA efforts to control privacy risks have been welcome, though they may not be enough. The public may rationally judge that the security gained is not worth the privacy lost.

Wouldn’t it be nice if decisions about security were handled in a voluntary rather than a coercive environment? With airlines providing choice to consumers about security and privacy trade-offs? As it is, with government-run airline security, all will have to abide by the choices of the group that “wins” the debate.