Tag: michael chertoff

Here’s Your Answer, Governor Martinez

New Mexico’s Governor, Susana Martinez (R), wrote a letter to DHS Secretary Janet Napolitano last week asking for assurance that implementation of our national ID law, the REAL ID Act, will not be pushed back again beyond the upcoming January 15, 2013 deadline. Here’s your answer, Governor Martinez.

Congress passed REAL ID in 2005 as an attachment to a military spending bill. The law never had a hearing in the House or Senate.

In 2006, the policy of having a national ID implemented by states was beginning to sink in, and in April of that year, Representative Neal Kurk, a Republican from Weare, New Hampshire, spoke eloquently against REAL ID, saying:

I don’t believe that the people of New Hampshire elected us to help the federal government create a national identification card. We care more for our liberties than to meekly hand over to the federal government the potential to enumerate, track, identify, and eventually control.

Thus began the “REAL ID Rebellion.”

It wasn’t the U.S. Congress that had the first hearing on REAL ID. It was the New Mexico legislature in September 2006.

A year and a half after the law passed, New Mexico legislators heard about the costs and consequences of having a national ID. The Wall Street Journal dubbed the federal policy “Real Bad ID” the next month.

In 2007, states across the country started passing legislation barring themselves from complying with REAL ID and denouncing the law. By 2009, half the states in the country would say “NO” to REAL ID.

The law had a three-year implementation schedule, meaning states were supposed to start issuing national IDs in March 2008. But about a year before the deadline, then-Secretary of Homeland Security Michael Chertoff announced in conjunction with the release of draft implementation rules that the Department would grant extensions to all States requesting them. The final deadline for compliance was now going to be December 31, 2009.

The DHS didn’t come out with standards for REAL ID until January 2008, just months from the original May 2008 statutory deadline. DHS pushed the deadline for extension requests, which hadn’t come in, to March 31, 2008. The December 31, 2009 deadline that DHS had earlier announced became an “initial” deadline, with a later “real” deadline of October 11, 2009 for states that achieved “certain milestones.”

When the March 31, 2008 deadline for extension requests came, the states were not forthcoming with them. Montana notified the DHS that was not going to comply with the REAL ID Act, ever. The DHS saw the writing on the wall and treated that notification as a request for an extension—and granted it.

The Missoulian reported “Montana Wins REAL ID Standoff.” New Hampshire won, too. And so did South Carolina.

By September 2009, several states were declining to ask for a second extension (with a showing of material compliance), so DHS kicked the deadline for extension requests down to December 2009. And in December 2009, with states still refusing compliance with REAL ID, the DHS stayed the compliance deadline “until further notice.”

In March of 2011, the DHS quietly extended the deadline again, this time to the current date of January 2013.

You can see the writing on the wall, Governor Martinez. The states are not going to implement REAL ID—not the ones that respect their place in our constitutional system, anyway. Accordingly, the DHS will—as it must—extend the deadline for REAL ID once again, as Congress continues its failure to do away with the moribund national ID.

Governor Martinez may see this as a way to score some points—a two-fer even. She can suggest that DHS Secretary is soft on security and she can use REAL ID in her push to restrict access to drivers’ licenses in her state.

But when Janet Napolitano extends the REAL ID deadline, she’ll be just as soft on security as her predecessor Michael Chertoff was. New Mexico is one of the few states that still uses drivers’ licenses to administer driving and doesn’t condition licensing on proving one’s citizenship or immigration status. If Governor Martinez wants to change that, investing New Mexicans in the national ID system as a byproduct of Congress’ failure to pass comprehensive immigration reform, that’s between her and her constituents.

Oh, the Uses of the ‘Cyber’ Prefix: Cyberbellicosity, for Example

Senate Majority Leader Harry Reid’s (D-Nev.) announcement yesterday of upcoming Senate action on cybersecurity legislation coincides nicely with reporting that the recently discovered Flame virus has similarities to Stuxnet. You see, the best example of a cyberattack having kinetic effects—causing physical damage—is Stuxnet. It targeted Siemens industrial software and equipment used in Iran’s nuclear program, causing damage to some centrifuges used in that program.

Stuxnet is widely believed to be a product of the U.S. and Israeli governments. Flame’s kinship with Stuxnet adds to the story: Our government is a top producer of cyberattacks.

The methods used in these viruses will be foreclosed as researchers unpack how they work. Our technical systems adapt to new threats the way humans develop antibodies to disease. But in the near term the techniques in Stuxnet and Flame may well be incorporated into attacks on our computing infrastructure.

The likelihood of attacks having extraordinary consequences is low. This talk of “cyberwar” and “cyberterror” is the ugly poetry of budget-building in Washington, D.C. But watch out for U.S. cyberbellicosity coming home to roost. The threat environment is developing in response to U.S. aggression.

This parallels the United States’ use of nuclear weapons, which made “the bomb” (Dmitri) an essential tool of world power. Rightly or wrongly, the United States’ use of the bomb spurred the nuclear arms race and triggered nuclear proliferation challenges that continue today. (To repeat: Cyberattacks can have nothing like the consequence of nuclear weapons.)

Senator Reid has gone hook, line, and sinker for the “cyber-9/11” idea, of course. Like all politicians, his primary job is not to set appropriate cybersecurity policies but to re-elect himself and members of his party. The tiniest risk of a cyberattack making headlines to use against his party justifies expending taxpayer dollars, privacy, and digital liberties. This it not to prevent cyberattack. It is to prevent political attack.

Politics is well understood by the authors of the letter Senator Reid cited in his statement about bringing cybersecurity legislation to the Senate floor. They are mostly from the party opposite his. Several of them participated at some level in developing our nation’s cyberbellicose world posture. And several now make their living in consulting and contracting firms that respond to the danger they helped create.

They are:

  • Michael Chertoff, Homeland Security secretary under President Bush, is now co-founder and Managing Principal of The Chertoff Group, which “provides business and government leaders with the same kind of high-level, strategic thinking and diligent execution that have kept the American homeland and its people safe since 9/11.”
  • Mike McConnell, former director of the National Security Agency and National Intelligence under President Bush, is now Vice Chairman of Booz Allen Hamilton.
  • Paul Wolfowitz was a deputy defense secretary under President Bush, now a visiting scholar at AEI.
  • General Michael Hayden, former director of the NSA and the CIA under President Bush, is now a principal at the Chertoff Group, and in January 2011 was elected to the Board of Directors of Motorola Solutions, which “provides business- and mission-critical communication products and services to enterprises and governments.”
  • Gen. James Cartwright, former vice chairman of the Joint Chiefs of Staff, is on the board of advisors of TASC, Inc. TASC “provides advanced systems engineering, integration and decision–support services to the Intelligence Community, Departments of Defense and Homeland Security and civilian agencies of the federal government. We deliver honest counsel, forward–thinking engineering and advanced technologies that help our customers protect Americans at home, in the air, on the battlefield and in cyberspace.”
  • Hon. William J. Lynn III, former deputy defense secretary, is now Chairman & CEO of DRS Technologies, a Defense and Security Electronics Division of Italian industrial group Finmeccanica. DRS Technologies is “leading supplier of integrated products, services and support to military forces, intelligence agencies and prime contractors worldwide.”

State Officials Needn’t Heed Feds’ Threats

Federal officials blitzed Texas this week to fight a bill pending in Austin that would control TSA groping of air travelers in that state, reports Forbes’ “Not-So-Private Parts” blogger Kashmir Hill.

Federal government officials descended on the Capitol to hand out a letter … from the Texas U.S. Attorney letting senators know that if they passed the bill, the TSA would probably have to cancel all flights out of Texas. As much as they love their state, the idea of shutting down airports and trapping people in Texas was scary enough to get legislators to reconsider their support for the groping bill…

The federal government’s threat to shut down air travel is serious, but empty. As we’ve seen time and again with the REAL ID Act, the federal government does not have the political will to attack passenger air travel in the name of increasing surveillance and intrusion.

In fact, earlier this year, the Department of Homeland Security didn’t even bother to threaten any repurcussions for states before it once again pushed back a May 2011 (false) deadline for REAL ID compliance. (Previous instances noted here and here.) The REAL ID Act allows the federal government to refuse licenses and ID cards from non-complying states at airport checkpoints, but it’s just not going to happen.

The DHS announcement notes $175 million in spending on REAL ID so far. That waste continues to accrue so long as Congress appropriates money for the national ID program, which will never be implemented.

While we’re on the subject of empty threats from federal officials—and do see Julian Sanchez’s post hitting the same subject—it has been more than four years since then-Secretary of Homeland Security Michael Chertoff said about the REAL ID Act:

If we don’t get it done now, someone is going to be sitting around in three or four years explaining to the next 9/11 Commission why we didn’t do it.

Secretary Chertoff was wrong—factually wrong on the imminence and nature of the terror threat, and ethically wrong to tout terror threats in an attempt to defeat the will of our free people.

With our stubborn insistence on freedom, the American people and state leaders have done a better job of assessing the threat environment than the Secretary of Homeland Security. As I said when I testified on this topic to the Pennsylvania legislature, state leaders should continue to recognize that they are as equipped, if not better equipped, than federal officials to judge what is right for their people. Counterterrorism and airport security are not an exception to that, though federal imperiousness in these areas remains at a high.

Technology Clarifies Debate About Whole-Body Imaging Technology

I was dismayed today to listen to a recorded radio program in which James Carafano of the Heritage Foundation debated Michael German of the ACLU about the whole-body imaging systems being considered for airports after the Christmas attempt to light a bomb on a flight into Detroit.

Carafano, who I like personally, is a careless debater. He misstated the law, insulted a caller to the radio program, and misstated people’s names as he mischaracterized their views—in particular, my name and my views.

The segment was recorded, so we can capture exactly what Carafano said:

When the Transportation Security Administration rolled out this technology, they went through a very long and detailed consultation period with privacy and civil liberties groups including Jim Lindsey at Cato. I remember Jim Lindsey, when we had a session on privacy and civil liberties, stood up and complimented Secretary Chertoff, and said, “Look, this is something that you’ve actually done right. You’ve gone out to the stakeholder community, and you’ve gone over the procedures with us and we’ve come up with procedures that we’re very, very comfortable with.” So I think the privacy issue is really a non-issue.

At a Heritage event in June, 2008, I rose to rebut how Secretary Chertoff dismissed privacy advocates. He said privacy advocates prefer “no-security” airlines and that they want people to use fraudulent documents. As I gently chastised him for that, I did compliment the work of one TSA official to minimize privacy consequences of millimeter wave, which does provide a margin of security.

The event was recorded, so we can capture exactly what I said: “Frankly, I think millimeter wave is not a bad technology. Peter Pietra at TSA has done a good job, I think, of getting the agency to design the system well.”

That’s it. I made no reference to a ”long and detailed consultation period,” and I don’t know of any such thing happening. I didn’t compliment Secretary Chertoff, but a deputy who—despite Chertoff, most likely—managed to instill some privacy protections in TSA’s use of whole-body imaging systems. As to my comfort, I’ll take “less uncomfortable than I would have been” over “very, very comfortable,” which is inaccurate.

As I’ve written elsewhere, ”I think [TSA privacy officer Peter Pietra has] done a creditable job of trying to build privacy protections into this system… . But maybe it’s not enough. We’re talking about trying to maintain privacy with a technology that’s fundamentally intrusive.”

Perhaps I’ve taken too subtle a position on millimeter wave: It provides a small margin of security at a high cost to privacy. With that, I’ll let the country make its decision, while I seek to moot this as a public policy issue: Airline security should be provided by airlines and airports, not the government.

I don’t think it’s appropriate to speak of me—by any name—as an endorser of this technology or the process of its adoption. Thanks to sound and video recording technology, the record can be clear.

Questions for Heritage: REAL ID

The Heritage Foundation’s “The Foundry” blog has a post up called “Questions for Secretary Napolitano: Real ID.”

Honest advocates on two sides of an issue can come to almost perfectly opposite views, and this provides an example, because I find the post confused, wrong, or misleading in nearly every respect.

Let’s give it a brief fisking. Below, the language from the post is in italics, and my comments are in roman text:

Does the Obama Administration support the implementation of the Real ID Act?

(Hope not … .)

Congress has passed two bills that set Real ID standards for driver’s licenses in all U.S. jurisdictions.

REAL ID was a federal law that Congress passed in haste as an attachment to a military spending bill in early 2005. To me, “REAL ID standards” are the standards in the REAL ID Act. I’m not sure what other bill the post refers to.

Given the legitimate fear of REAL ID creating a federal national ID database, section 547 of the Consolidated Security, Disaster Assistance, and Continuing Appropriations Act, 2009 barred the creation of a new federal database or federal access to state databases with the funds in that bill. (Thus, these things will be done with other funds later.)

The Court Security Improvement Act allowed federal judges and Supreme Court Justices to withhold their addresses from the REAL ID database system, evidently because the courts don’t believe the databases would be secure.

And in the last Congress, bills were introduced to repeal REAL ID in both the House and Senate. Congress has been backing away from REAL ID since it was rammed through, with Senators like Joe Lieberman (I-CT) calling REAL ID unworkable.

It’s unclear what the import of the sentence is, but if it’s trying to convey that there is a settled consensus around the REAL ID law, that is not supported by its treatment in Congress.

The Real ID legislation does not create a federal identification card, but it does set minimum security standards for driver’s licenses.

This sentence is correct, but deceptive.

REAL ID sets federal standards for state identification cards and drivers’ licenses, refusing them federal acceptance if they don’t meet these standards. Among those standards is uniformity in the data elements and a nationally standardized machine readable technology. Interoperable databases and easily scanned cards mean that state-issued cards would be the functional equivalent of a federally issued card.

People won’t be fooled if their national ID cards have the flags of their home states on them. When I testified to the Michigan legislature in 2007, I parodied the argument that a state-issued card is not a national ID card: “My car didn’t hit you — the bumper did!”

All states have either agreed to comply with these standards or have applied for an extension of the deadline.

It’s true that all states have either moved toward complying or not, but that’s not very informative. What matters is that a dozen states have passed legislation barring their own participation in the national ID plan. A couple of states received deadline extensions from the Department of Homeland Security despite refusing to ask for them. Things are not going well for REAL ID.

Secure identification cards will make fraudulent documents more difficult to obtain and will also simplify employers’ efforts to check documents when verifying employer eligibility.

It’s true that REAL ID would make it a little bit harder to get - or actually to use - fraudulent documents, because it would add some very expensive checks into the processes states use when they issue cards.

It’s not secure identification cards that make fraudulent documents harder to obtain - the author of this post has the security problems jumbled. But, worse, he or she excludes mentioning that a national ID makes it more valuable to use fraudulent documents. When a thing is made harder to do, but proportionally more valuable to do, you’ll see more of it. REAL ID is not a recipe for a secure identity system; it’s a recipe for a more expensive and invasive, but less secure identity system.

Speaking of invasive, this sentence is a confession that REAL ID is meant to facilitate background checks on American workers before they can work. This is a process I wrote about in a paper subtitled “Franz Kafka’s Solution to Illegal Immigration.” The dream of easy federal background checks on all American workers will never materialize, and we wouldn’t want that power in the hands of the federal government even if we could have it.

Real ID is a sensible protection against identify fraud.

The Department of Homeland Security’s own economic analysis of REAL ID noted that only 28% of all reported incidents of identity theft in 2005 required the presentation of an identification document like a driver’s license. And it said REAL ID would reduce those frauds “only to the extent that the [REAL ID] rulemaking leads to incidental and required use of REAL ID documents in everyday transactions, which is an impact that also depends on decisions made by State and local governments and the private sector.”

Translation: REAL ID would have a small, but speculative effect on identity fraud.

Congress is set to introduce legislation next week that could largely repeal the Real ID.

The bill I’ve seen is structured just like REAL ID was, and it requires states to create a national ID just like REAL ID did. REAL ID is dying, but the bill would revive REAL ID, trying to give it a different name.

Some groups oppose this version of REAL ID because it takes longer to drive all Americans into a national ID system and frustrates their plans to do background checks on all American workers. But it’s still the REAL ID Act’s basic plan for a national ID.

The Administration should put pressure on Congress to ensure that this legislation does not effectively eliminate the Real ID standards.

Why the administration would pressure Congress to maintain the national ID law in place - by any name - is beyond me. REAL ID is unworkable, unwanted, and unfixable.

Homeland Security Secretary Janet Napolitano signed legislation as Arizona’s governor to reject the REAL ID Act. Her predecessor at DHS, Michael Chertoff, talked tough about implementing the law but came up just shy of lighting the paper bag in which he left it on Napolitano’s doorstep.

The REAL ID revival bill that is being so widely discussed is likely to be both the national ID plan that so many states have already rejected and deeply unsatisfying to the anti-immigrant crowd. Congress rarely fails to grasp a lose-lose opportunity like this, so I expect it will be introduced and to see it’s sponsors award themselves a great deal of self-congratulations for their courageous work. You can expect that to receive a fisking here too.

NYCLU: Repeal REAL ID

The New York Civil Liberties Union has issued an impressive report calling for the repeal of the REAL ID Act.

No Freedom Without Privacy: The REAL ID Act’s Assault on Americans’ Everyday Life” is a thorough look at the federal government’s national ID law, which states have refused to implement.

Less than a year ago, when it was clear that no state would be in compliance with the national ID law by the May 2008 deadline, then-DHS secretary Michael Chertoff granted waivers until December of this year, even to states that have statutorily barred themselves from complying. One of those states was South Carolina, whose governor Mark Sanford (R) has been a leading REAL ID opponent. The report cites him favorably for that.

Last year, bills to repeal the national ID law were introduced in both the Senate and House. With President Bush sure to veto, and Secretary Chertoff sure to demagogue a REAL ID repeal, the bills did not move. The political dynamics have changed since then, of course.

“Though the Real ID Act is not a household name,” the report says, “it is a central component of the Bush Administration’s assault on Americans’ liberty and privacy rights, and one that if not repealed now would forever change the fabric of American life.”

In its finite wisdom, the federal government often doubles down on bad policies, but the REAL ID Act is ripe for repeal. The law can’t be fixed, and there is no such thing as an acceptable national ID card.