Tag: janet napolitano

Here’s Your Answer, Governor Martinez

New Mexico’s Governor, Susana Martinez (R), wrote a letter to DHS Secretary Janet Napolitano last week asking for assurance that implementation of our national ID law, the REAL ID Act, will not be pushed back again beyond the upcoming January 15, 2013 deadline. Here’s your answer, Governor Martinez.

Congress passed REAL ID in 2005 as an attachment to a military spending bill. The law never had a hearing in the House or Senate.

In 2006, the policy of having a national ID implemented by states was beginning to sink in, and in April of that year, Representative Neal Kurk, a Republican from Weare, New Hampshire, spoke eloquently against REAL ID, saying:

I don’t believe that the people of New Hampshire elected us to help the federal government create a national identification card. We care more for our liberties than to meekly hand over to the federal government the potential to enumerate, track, identify, and eventually control.

Thus began the “REAL ID Rebellion.”

It wasn’t the U.S. Congress that had the first hearing on REAL ID. It was the New Mexico legislature in September 2006.

A year and a half after the law passed, New Mexico legislators heard about the costs and consequences of having a national ID. The Wall Street Journal dubbed the federal policy “Real Bad ID” the next month.

In 2007, states across the country started passing legislation barring themselves from complying with REAL ID and denouncing the law. By 2009, half the states in the country would say “NO” to REAL ID.

The law had a three-year implementation schedule, meaning states were supposed to start issuing national IDs in March 2008. But about a year before the deadline, then-Secretary of Homeland Security Michael Chertoff announced in conjunction with the release of draft implementation rules that the Department would grant extensions to all States requesting them. The final deadline for compliance was now going to be December 31, 2009.

The DHS didn’t come out with standards for REAL ID until January 2008, just months from the original May 2008 statutory deadline. DHS pushed the deadline for extension requests, which hadn’t come in, to March 31, 2008. The December 31, 2009 deadline that DHS had earlier announced became an “initial” deadline, with a later “real” deadline of October 11, 2009 for states that achieved “certain milestones.”

When the March 31, 2008 deadline for extension requests came, the states were not forthcoming with them. Montana notified the DHS that was not going to comply with the REAL ID Act, ever. The DHS saw the writing on the wall and treated that notification as a request for an extension—and granted it.

The Missoulian reported “Montana Wins REAL ID Standoff.” New Hampshire won, too. And so did South Carolina.

By September 2009, several states were declining to ask for a second extension (with a showing of material compliance), so DHS kicked the deadline for extension requests down to December 2009. And in December 2009, with states still refusing compliance with REAL ID, the DHS stayed the compliance deadline “until further notice.”

In March of 2011, the DHS quietly extended the deadline again, this time to the current date of January 2013.

You can see the writing on the wall, Governor Martinez. The states are not going to implement REAL ID—not the ones that respect their place in our constitutional system, anyway. Accordingly, the DHS will—as it must—extend the deadline for REAL ID once again, as Congress continues its failure to do away with the moribund national ID.

Governor Martinez may see this as a way to score some points—a two-fer even. She can suggest that DHS Secretary is soft on security and she can use REAL ID in her push to restrict access to drivers’ licenses in her state.

But when Janet Napolitano extends the REAL ID deadline, she’ll be just as soft on security as her predecessor Michael Chertoff was. New Mexico is one of the few states that still uses drivers’ licenses to administer driving and doesn’t condition licensing on proving one’s citizenship or immigration status. If Governor Martinez wants to change that, investing New Mexicans in the national ID system as a byproduct of Congress’ failure to pass comprehensive immigration reform, that’s between her and her constituents.

Incoherent Politicians Lag Public Opinion on TSA

If you needed proof of politicians’ sensitivity to, and encouragement of, persistent terrorism fears, look no further than today’s hearing in the House Homeland Security Subcommittee on Transportation Security. It’s called “Eleven Years After 9/11 Can TSA Evolve To Meet the Next Terrorist Threat?” and it’s being used to feature—get this—a report arguing for a “smarter, leaner” Transportation Security Administration.

Could the signaling be more incoherent? The hearing suggests both that unknown horrors loom and that we should shrink the most visible federal security agency.

Lace up your shoes, America—we’re goin’ swimmin’!

Our federal politicians still can’t bring themselves to acknowledge that terrorism is a far smaller threat than we believed in the aftermath of the September 11, 2001, attacks, and that the threat has waned since then. (The risk of attack will never be zero, but terrorism is far down on the list of dangers Americans face.)

The good news is that the public’s loathing for the TSA is just as persistent as stated terrorism fears. This at least constrains congressional leaders to do make gestures toward controlling the TSA. Perhaps we’ll get a “smarter, leaner” overreaction to fear.

Public opprobrium is a constraint on the growth and intrusiveness of the TSA, so I was delighted to see a new project from the folks at We Won’t Fly. Their new project highlights the fact that the TSA has still failed to begin the process for taking public comments on the policy of using Advanced Imaging Technology (strip-search machines) at U.S. airports, even though the D.C. Circuit Court of Appeals ordered it more than a year ago.

The project is called TSAComment.com, and they’re collecting comments because the TSA won’t.

The purpose of TSAComment.com is to give a voice to everyone the TSA would like to silence. There are many legitimate health, privacy and security-related concerns with the TSA’s adoption of body scanning technology in US airports. The TSA deployed these expensive machines without holding a mandatory public review period. Even now they resist court orders to take public comments.

TSAComment.com has gotten nearly 100 comments since the site went up late yesterday, and they’re going to deliver those comments to TSA administrator John Pistole, Homeland Security secretary Janet Napolitano, and the media.

The D.C. Circuit Court did require TSA to explain why it has not carried out a notice-and-comment rulemaking on the strip-search machine policy, and assumedly it will rule before too long.

Getting the TSA to act within the law is important not only because it is essential to have the rule of law, but because the legal procedures TSA is required to follow will require it to balance the costs and benefits of its security measures articulately and carefully. Which is to say that security policy will be removed somewhat from the political realm and our incoherent politicians and moved more toward the more rational, deliberative worlds of law and risk management.

Hope springs eternal, anyway…

There could be no better tribute to the victims of 9/11 than by continuing to live free in our great country. I won’t shrink from that goal. The people at TSAComment do not shrink from that goal. And hopefully you won’t either.

A Scary Thought: Do We Really Need “If You See Something, Say Something?”

At the National Sheriffs’ Association Conference in Washington last week, Homeland Security Secretary Janet Napolitano noted that riders on the DC Metro system can hear her voice repeatedly promoting her department’s “If You See Something, Say Something” terrorism hotline campaign. “That’s a scary thought,” she suggested.

Even scarier to me is the campaign itself.

It was begun in New York City where it generated 8,999 calls in 2006 and more than 13,473 in 2007. Although the usual approach of the media is to report about such measures uncritically, one New York Times reporter at the time did have the temerity to ask how many of these tips had actually led to a terrorism arrest. The answer, it turned out, was zero.

That continues to be the case, it appears: none of the much-publicized terrorism arrests in New York since that time has been impelled by a “If You See Something, Say Something” tip.

This experience could be taken to suggest that the tipster campaign has been something of a failure. Or perhaps it suggests there isn’t all that much out there to be found. Undeterred by such dark possibilities, however, the campaign continues, and the number of calls in New York skyrocketed to 27,127 in 2008 before settling down a bit to a mere 16,191 in 2009.

For its part, the FBI celebrated the receipt of its 2 millionth tip from the public, up to a third of them concerning terrorism, in August 2008. There seems to be no public information on whether the terrorism tips proved more useful than those supplied to the New York City police. However, an examination of all known terrorism cases since 9/11 that have targeted the United States suggests that the “If You See Something, Say Something” campaign has never been relevant.

It turns out that New York has received a trademark on its snappy slogan, something Napolitano’s DHS dutifully acknowledges on its relevant website when it refers to its public awareness campaign as: “If You See Something, Say Something&™.” (Nowhere on the website, by the way, does the Department bother to tally either the number of calls it receives or the number of terrorism arrests the hotline has led to.)

New York has been willing to grant permission for the slogan to be used by organizations like DHS, but sometimes it has refused permission because, according to a spokesman, “The intent of the slogan is to focus on terrorism activity, not crime, and we felt that use in other spheres would water down its effectiveness.” Since it appears that the slogan has been completely ineffective at dealing with its supposed focus—terrorism—any watering down would appear, not to put too fine a point on it, to be impossible.

Meanwhile, in New York alone $2 million to $3 million each year (much of it coming from grants from the federal government) continues to be paid out to promote and publicize the hotline.

But that’s hardly the full price of the program. As Mark Stewart and I have noted in our Terror, Security, and Money, processing the tips can be costly because, as the FBI’s special counsel puts it, “Any terrorism lead has to be followed up. That means, on a practical level, that things that 10 years ago might just have been ignored now have to be followed up.” Says the assistant section chief for the FBI’s National Threat Center portentously, “It’s the one that you don’t take seriously that becomes the 9/11.”

It might seem obvious that any value of the “If You See Something, Say Something™” campaign needs to be weighted against the rather significant attendant costs of sorting through the haystack of tips it generates. Of course, the campaign might fail a cost-benefit analysis because it is expensive and seems to have generated no benefit (except perhaps for bolstering support for homeland security spending by continually reminding an edgy public that terrorism might still be out there).

This grim possibility may be why, as far as I can see, no one has ever carried out such a study and that the prospect of doing one has probably never crossed the minds of sloganeer Napolitano or of the rapt sheriffs in her audience.

Now that’s a scary thought.

Cross-posted from the Skeptics at the National Interest.

Does Rep. Aderholt Support or Oppose Having a National ID?

Rep. Robert Aderholt (R-AL) is the chairman of the House Appropriations Subcommittee on Homeland Security. That’s the subcommittee that makes spending decisions for the Department of Homeland Security and the programs within it, including the REAL ID Act.

Earlier this month, a constituent of his from Fyffe, Alabama posted a question on Mr. Aderholt’s Facebook page:

Rep. Aderholt, I’ve seen reports that the “REAL ID ACT” will be implemented in May of this year, giving the govt the ability to track every person who has a drivers license via encoded GPS. Is this actually the case and if so, what is the House going to do to stop this Orwellian infringement of our Liberty. Also, HOW could this have happened in the first place!

Mr. Aderholt has not replied.

But Right Side News recently reported on a hearing in which DHS Secretary Janet Napolitano presented her agency’s budget request. The DHS has not requested funds for implementing REAL ID. But according to the report, Chairman Aderholt “pointedly reminded” the committee of the need for funding of REAL ID.

It is good of Representative Aderholt to give his constituents a means to contact him and to invite public discussion of the issues. It’s an open question whether he will listen more closely to the voice of his constituents or to influences in Washington, D.C. who would like to see law-abiding American citizens herded into a national ID system.

Terror Arrest Does Not Justify REAL ID Revival

The zeitgeist on Capitol Hill in Washington, D.C. may be for limited, constitutional government, but that doesn’t mean that big-government conservatives aren’t going to use the reprieve voters gave Republicans in the fall to once again advance big-government goals. On Monday, House Judiciary Committee Chairman Lamar Smith (R-Texas), Homeland Security Committee Chairman Peter King (R-N.Y.) and Crime, Terrorism, and Homeland Security Subcommittee Chairman James Sensenbrenner (R-Wisc.) sent a letter to Department of Homeland Security Secretary Janet Napolitano encouraging her to fully implement our national ID law, the REAL ID Act of 2005.

The deadline for state implementation of the national ID law lapsed nearly three years ago. Half the states in the country have affirmatively barred themselves from implementing REAL ID or they have passed resolutions objecting to the national ID law. But the Department of Homeland Security has repeatedly extended the deadline and reduced the compliance bar to suggest progress on the flagging national ID effort. With another faux implementation deadline looming in May, the DHS is almost certain to issue a blanket extension of the compliance deadline again soon.

Smith, King, and Sensenbrenner don’t want that to happen. They cite the arrest of Khalid Aldawsari in Texas as a reason for “immediate implementation of REAL ID.” 

According to the government’s affidavit, Aldawsari planned to acquire a false birth certificate and multiple false drivers licenses, assumedly to assist in his getaway after executing his formative bombing plans. But if you read the affidavit, you can see just how remote and speculative his use of any false identification is compared to the real acts that go into his plans. You can also see the web of identifiers that law enforcement use to effectively track and surveil their targets, including phone numbers, license plates, physical addresses, immigration records, email addresses, and Internet Protocol addresses. Aldawsari was nowhere near slipping through the net, and having a false driver’s license would have made no difference after a North Carolina chemical supply company reported to the FBI his suspicious attempt to purchase the chemical phenol. Nor would false identification have made a difference had he succeeded in an attack of any significance.

Having a national ID is the fantastical way of addressing the fantastical part of Aldawsari’s alleged plot. Thankfully, the real plot was disrupted using real law enforcement techniques, which include the reporting of suspicious behavior and narrowly targeted, lawful surveillance.

Prediction: DHS Programs Will Create Privacy Concerns in 2011

The holiday travel season this year revealed some of the real defects in the Transportation Security Administration’s new policy of subjecting select travelers to the “option” of going through airport strip-search machines or being subjected to an intrusive pat-down more akin to a groping. Anecdotes continue to come forth, including the recent story of a rape victim who was arrested at an airport in Austin, TX after refusing to let a TSA agent feel her breasts.

Meanwhile, the Department of Homeland Security is working on the “next big thing”: body-scanning everywhere. This “privacy impact assessment” from DHS’s Science and Technology Directorate details a plan to use millimeter wave—a technology in strip-search machines—along with other techniques, to examine people from a distance, not just at the airport but anywhere DHS wants.

With time to observe TSA procedures this holiday season, I’ve noticed that it takes a very long time to get people through strip-search machines. In Milwaukee, the machines were cordoned off and out of use the Monday after Christmas Day because they needed to get people through. Watch for privacy concerns and sheer inefficiency to join up when TSA pushes forward with universal strip/grope requirements.

And the issue looks poised to grow in the new year. Republican ascendancy in the House coincides with their increasing agitation about this government security excess.

I’ll be speaking at an event next Thursday, January 6th, called ”The Stripping of Freedom: A Careful Scan of TSA Security Procedures.” It’s hosted by the Electronic Privacy Information Center (EPIC) at the Carnegie Institute for Science in Washington, DC.

EPIC recently wrote a letter asking Homeland Security Secretary Janet Napolitano to task the DHS Privacy Committee (or “DPIAC,” on which I serve) with studying the impact of the body scanner program on individuals’ constitutional and statutory rights:

The TSA’s deployment of body scanners as the primary screening technique in American airports has raised widespread public concerns about the protection of privacy. It is difficult to imagine that there is a higher priority issue for the DPIAC in 2011 than a comprehensive review of the TSA airport body scanner program.

Will the Secretary ask her expert panel for a thorough documented review? Wait and see.

Whatever happens there, privacy concerns with DHS programs will be big in 2011.

‘Strip-or-Grope’ vs. Risk Management

In a humbly-toned USA Today opinion piece yesterday, Secretary of Homeland Security Janet Napolitano asked for the public’s cooperation with airline security measures the Transportation Security Administration has recently implemented. The TSA has come up with an invasive pairing: ”Advanced Imaging Technology,” also known as “strip-search machines” and, for those refusing, “enhanced” pat-downs which explore areas of the body typically reserved for one’s spouse or doctor.

Anecdotal reports suggest that the machines are being used to ogle women, and we are seeing disturbing images and videos of children being handled by strangers online. The public is increasingly agitated by the TSA’s latest amendment to the air travel ordeal, and a “National Opt-Out Day” is slated for next Wednesday, the biggest travel day of the year.

Twice, Secretary Napolitano notes that these measures are “risk-based” or “driven by … risk.” But has the Department of Homeland Security conducted the necessary risk management studies to validate these programs? A March 2010 Government Accountability Office report says:

[I]t remains unclear whether the AIT would have detected the weapon used in the December 2009 incident based on the preliminary information GAO has received… . In October 2009, GAO also recommended that TSA complete cost-benefit analyses for new passenger screening technologies. While TSA conducted a life-cycle cost estimate and an alternatives analysis for the AIT, it reported that it has not conducted a cost-benefit analysis of the original deployment strategy or the revised AIT deployment strategy, which proposes a more than twofold increase in the number of machines to be procured.

I’ve seen no documentation that the strip-search machines, the invasive pat-downs, or their combination have been subjected to any thorough risk analysis. The DHS has mouthed risk terminology for years now, but evidence is scant that it has ever subjected itself to such rigor.

Risk Management

A formal risk management effort will generally begin with an examination of the thing or process being protected. This is often called “asset characterization.” In airline security, the goal is fairly simple: ensuring that air passengers arrive safely at their destinations. Specifically, ensuring that nobody successfully brings down a plane.

The next step in risk management is to identify and assess risks, often called “risk characterization” or “risk assessment.” The vocabulary of risk assessment is not settled, but there are a few key concepts that go into it:

  • Vulnerability is weakness or exposure that could prevent an objective from being reached. Vulnerabilities are common, and having a vulnerability does not damn an enterprise. The importance of vulnerabilities depend on other factors.
  • Threat is some kind of actor or entity that might prevent an objective from being reached. When the threat is a conscious actor, we say that it “exploits” a vulnerability. When the threat is some environmental or physical force, it is often called a “hazard.” As with vulnerability, the existence of a threat is not significant in and of itself. A threat’s importance and contribution to risk turns on a number of factors.
  • Likelihood is the chance that a vulnerability left open to a threat will materialize as an unwanted event or development that frustrates the safety, soundness, or security objective. Knowing the likelihood that a threat will materialize is part of what allows risk managers to apportion their responses.
  • Consequence is the significance of loss or impediment to objectives should the threat materialize. Consequences can range from very low to very high. As with likelihood, gauging consequence allows risk managers to focus on the most significant risks.

Analyzing vulnerabilities and threats permits risk managers to make rough calculations about likelihood and consequence. This process will float the most significant risks to the surface. Though these factors are often difficult to measure, a simple formula guides risk assessment:

Likelihood x Consequence = Risk

Events with a high likelihood and consequence should be addressed first, and with the most assets. Those are the highest risks.

The most common error I see in risk management is the propensity to attack vulnerabilities rather than risks. A bomber’s attempt to take down a plane by concealing explosives in his undergarments last year exposed a vulnerability. It is possible to sneak a small quantity of explosive through conventional security systems, though not necessarily the needed detonator and not necessarily enough explosive material to take down a plane.

But this says nothing about the likelihood of this happening again—or of being successful. In hundreds of millions of enplanements each year, this attack has manifested itself once. And it failed. The TSA effort is going after a vulnerability—of that there is no doubt—but it is arguable whether or not it is addressing a significant risk.

After risk assessment, the next step in risk management is choosing responses.

Though the concepts and terminology are not settled in this area either, there are four general ways to respond to risk:

  • Acceptance – Acceptance of a threat is a rational alternative that is often chosen when the threat has low probability, low consequence, or both.
  • Prevention – Prevention is the alteration of the target or its circumstances to diminish the risk of the bad thing happening.
  • Interdiction – Interdiction is any confrontation with, or influence exerted on, a threat to eliminate or limit its movement toward causing harm.
  • Mitigation – Mitigation is preparation so that, in the event of the bad thing happening, its consequences are reduced.

In its operation, the strip-search/grope combo is an interdiction against any who may try to carry dangerous articles on planes. As to the air transportation system, it might also be conceived of as a preventive measure.

The next analytical lens to look through is benefit-cost analysis, or trade-offs. The goal is to allay risk in a cost-effective way, spending the least amount of money, and incurring the least costs overall, per unit of benefit.

Security Benefits

Security systems involve difficult and complex balancing among many different interests and values. The easiest, by far, is comparing the dollar costs of security measures against the dollar benefits. This is analysis that GAO says the TSA has not done.

But if it were done, on the benefit side of the equation, you have that it reveals most articles a person might try to sneak onto a plane. There are at least two important limitations on the benefit. First, there is an open question as to whether the strip-search machine would successfully detect lower-density material like the explosive PETN. If it doesn’t, it’s utility against underpants bombing relies on potential attackers’ ignorance of that to deter their attempts. Second, the benefit of the strip-search/grope is not what it achieves from a basline of zero, but the marginal security improvement in provides over alternatives like the status quo magnetometer and random pat-downs.

How do you reduce security benefit to something measurable? It’s difficult, but I’ve been mulling a methodology for valuing security against rare attacks in which you assume a motivated attacker that would eventually succeed. By approximating the amount of damage the attack might do and how long it would take to defeat the security measure, one can roughly estimate its value.

Say, for example, that a particular attack might cause one million dollars in damage. Delaying it for a year is worth $50,000 at a 5% interest rate. Delaying for a month an attack that would cause $10 billion in damage is worth about $42 million. It is best to assume that any major attack will happen only once, as it will produce responses that prevent it happening twice. (The 9/11 “commandeering” attack on air travel is an instructive example. By late morning on September 11, 2001, passengers and crew recognized that cooperation with hijackers contributed to the deadliness of attacks rather than saving their lives. They spontaneously changed the security practice to meet the new threat, and the 9/11 attacks permanently changed the posture of air passengers toward hijackers, along with hardened cockpit doors bringing the chance of another commandeering attack on air travel very close to nil.)

Of course, one must consider “risk transfer.” That’s the shifting of risks from one target to another—say, from planes to buildings. (An organization like the Department of Homeland Security would regard this as lowering the benefit of a security measure, while an airline would be indifferent to it—unless it owned the building…) There is also the creation of new risks, such as the possible health effects of the strip-search machines. Which brings us to the cost side of the ledger….

Costs

On the cost side of the ledger, the easy stuff to measure includes the hundreds of millions or billions of dollars that must be spent on strip-search machines themselves. As much or more money will be spent on an ongoing basis to operate the machines. My observation is that it takes three people to operate one strip-search machine: a guide, an analyst to review the image, and a person to do the secondary pat-down which occurs regularly (though it would occur less over time). On a nationwide scale, this is hundreds of millions of dollars per year spent on TSA employees.

The value of travelers’ time is also important. This hasn’t received much discussion, but as more and more strip-search machines come into use, there will be more discussion of how much time they consume compared to magnetometers.

Reviewing tape of TSA checkpoints reveals that passing through the machines takes at least seven seconds per passenger. Variations in the time it takes to traverse the security checkpoint require all travelers to increase the amount of time they spend at the airport as a cushion against the risk of missing flights, which can cost many hours per incident. If each of 350 million trips in a year results in an additional minute at the airport to accommodate the vagaries of the strip/grope, five to six million person hours at the airport will be wasted, a cost of $145 million per year if we value travelers’ time at  $25 per hour.

It is more difficult is to balance interests like privacy and dignity against security benefits. A CBS News poll released yesterday says that four out of five Americans support the use of “ ‘full-body’ digital x-ray machines to electronically screen passengers.”

It’s an antiseptic description that strangely emphasizes computing. (X-rays are neither digital nor electronic, though the data the x-ray machines collect is digital and its processing is done with electronics.) The question doesn’t capture people’s feelings about images of their own denuded bodies being observed by a government official as a condition of travel. And, of course, it doesn’t capture feelings about the intimate pat-down alternative.

The amount of public reporting and discussion suggests that public opinion is not solidly on the side of the strip/grope. A hearing in the Senate tomorrow is also evidence that the security procedures do not comport with the American people’s rough judgment that the costs of these security measures are justified by their benefits.

My own view is that the strip/grope is security excess. If I had my way, I would choose the airlines and airports that do not go to this extreme. I do not get to have my way, and neither do you if you prefer a different security/privacy mix, because we all must use the same security system. That’s why I wrote five years ago that the TSA should be abolished and responsibility for security restored to airlines and airports. Their experimentation could blend security with privacy, convenience, and comfort, improving the travel experience overall while restoring liberty to American travelers.