Tag: Security

“If He Approve, He Shall Sign It…”

The Patriot Act extension passed by Congress this week did not become the law of the land. It is void and without effect.

So may argue some future defendant whose conviction rests on evidence gotten under Patriot Act powers during the extended period Congress sought to establish in the bill it passed this week.

President Obama is at a meeting in Europe, so he had the bill signed by auto-pen. Representative Tom Graves (R-GA) has written a letter inquiring of the president whether he was presented the bill and truly intended to sign it.

Article I, Section 7 of the Constitution says:

Every Bill which shall have passed the House of Representatives and the Senate, shall, before it become a Law, be presented to the President of the United States; If he approve he shall sign it, but if not he shall return it…

Is presentment and signing a quaint formality? Something to put aside in light of modern technology and time-constraints? Or is it an important step in the law-making process, to be executed quite literally without deviation from past practice?

The answer lies mostly in consideration of what a signature is, and what it does. I looked into signatures, among many other identifiers and security techniques in my book, Identity Crisis.

Wikipedia has a definition of “signature” that’s good enough: “A signature is a handwritten (and sometimes stylized) depiction of someone’s name, nickname, or even a simple ‘X’ that a person writes on documents as a proof of identity and intent.” Key words: identity and intent.

In the world of identification and security, a signature is classed as a “behavioral biometric identifier.” That is, it’s a product of a given person’s bodily action that is distinctive enough to create strong evidence of the person’s presence.

A signature does many things, and inferences spill out from the presence of a mark on paper that is sufficiently similar to other marks made by a particular person. Because it’s left on the paper, a signature indicates that the person was in the presence of the document. This means in most cases that he or she could review it and had the opportunity, barring some exigency, to affirm its accuracy and completeness. By long-standing custom, absent duress or fraud, the signature indicates the giving of one’s assent or the placing of authority behind the content of the document. A signature supplies evidence—imperfect, to be sure—that a given person approved a given document.

Does a signature by auto-pen create the same inferences? Almost none of them. To know that President Obama indeed meant to affirm the bill, one would have to investigate how he was apprised of the bill’s content. Were there security measures in place to ensure that the communication about the document and the giving of assent were not altered or forged in transit from Washington, D.C. to Europe? One would need assurance that the controller of the auto-pen applied its mark to the exact document that the president was apprised of, and that no substitute document was inserted. All these problems are solved by bringing the person with authority into the same room with the document to manually apply the signature.

I haven’t a whiff of doubt that President Obama intended to sign the bill. The authority of the president and the gravity of bill-signing are such that I’m confident security measures were in place to control the security issues noted above.

But the question in a court case dealing with the presentment and signing requirement is not what happened with this particular bill. It is what should happen in all cases to help exclude the risks of fraud and duress in law-making—with much longer bills, for example, or some future circumstance when the president’s whereabouts or capacity might be unknown.

The authority of the president and the gravity of bill-signing actually cuts the other direction: The president should be in the same room as the actual document, applying his genuine signature to the artifact of a United States public law’s creation. It’s that important a function of the presidency.

Until biometrics and encryption are good enough that we can sign our mortgages remotely, it’s not too much to ask, having the president to sign legislation in person. If a criminal or two go free in the future because of the inadequacy of the process here, it will be worth it for the small security against fraudulent passage of legislation in a future full of uncertainties.

The Pentagon Propaganda Machine Rears Its Head

Rolling Stone reporter Michael Hastings—yes, that Michael Hastings—has written another investigative article on U.S. operations in Afghanistan, centered again on a general in the theatre.  The revelations are perhaps more shocking than those that resulted in General Stanley McChrystal’s dismissal last summer.

His newest bombshell alleges that the U.S Army illegally engaged in “psychological operations” with the aim of manipulating various high-level U.S. government officials into believing that the war was progressing in order to gain their continued support.  The list of targets includes members of Congress, diplomats, think tank analysts, and even Adm. Mike Mullen, Chairman of the Join Chiefs of Staff.  Over at The Skeptics, I attempt to put this in context:

While American soldiers and Afghan civilians continue to kill and be killed in Afghanistan, the Pentagon seeks to provide the illusion of progress, systematically misrepresenting realities on the ground to bide more time, gain more troops, and acquire more funding. It’s bad enough that the American media uncritically relays statements from U.S. officials portraying “success” on the ground. Now the Pentagon is using its massive propaganda budget to blur the line between informing the public and spinning it to death. In fact, several years ago the Associated Press found that the Pentagon had spent $4.7 billion on public relations in 2009 alone, and employs 27,000 people for recruitment, advertising and public relations, nearly as many as the 30,000-person State Department. Essentially the Pentagon is trying to influence public policy and lobby civilian officials to shift policies toward their own ends while dispersing the costs onto the American taxpayer.

Luckily, it appears that Americans have come to learn that despite the media’s frequent adulation of their uniformed military, the Pentagon operates just like every other bureaucracy in the federal government. According to a poll released earlier this month by Gallup, 72 percent of Americans want Congress to speed up troop withdrawals from Afghanistan. Much like the McChrystal flap from last summer, there is a very fine line between military officials offering their honest opinion and threatening civilian control of the war.

Click here for the full post.

A Patriot Update

A few developments from a business meeting of the Senate Judiciary Committee held this morning. As I noted last month the new House Intelligence Chair, Rep. Mike Rogers (R-Mich.) has already introduced another one-year straight renewal without modification. Since then, Sen. Pat Leahy (D-Vt.) has introduced a bill that would renew the expiring Patriot Act surveillance provisions through 2013, but with some very basic additional safeguards and oversight requirements—many of which the Justice Department has already agreed to implement voluntarily—including most crucially added constraints and a new sunset for expanded National Security Letter powers, which have already been held at least partly unconstitutional in their current form by federal courts, and which the government’s own watchdogs have already found to be subject to widespread abuse.

Enter Sen. Dianne Feinstein (D-Calif.), chair of the Senate Intelligence Committee, who played a key role in killing the same mild reforms last year. She’s already introduced legislation of her own, which would provide for an extension through the end of 2013, without any modifications, of not only the provisions set to expire this year, but also the highly troubling FISA Amendments Act, which in effect legalized the Bush administration’s illicit programmatic wiretapping with an added sliver of judicial oversight. Even this was not quite enough for Sen. Chuck Grassley (R-Iowa), who announced he would introduce a bill making the expiring provisions permanent—effectively removing an important impetus to continuing oversight.

Feinstein, interestingly, purported to be theoretically supportive of Leahy’s reformist impulses, but argued that the “time crunch” created by the end-of-February sunset deadline makes this the wrong time to consider reforms. (In order to hurry things up, a Hill contact tells me, Feinstein’s bill will be fast-tracked to the floor under Senate Rule 14, circumventing the committee process.) This really makes very little sense. Leahy’s bill is essentially the same proposal reported out favorably by a bipartisan Judiciary Committee majority; the point of doing a one-year reauthorization in 2010 was supposedly to allow Congress to consider reform alternatives in the interim. Moreover, the Justice Department has already effectively agreed to accept the reforms that bill contains. If there’s nevertheless a need for further deliberation, Congress can do exactly what it did last time around and extend the sunset by a few weeks or months to allow for additional debate.

The time constraints here are wholly of Congress’ own making. And while the Leahy bill doesn’t go far enough by any means, there is just no good excuse to delay at least the beginning of needed reforms any further.

Beijing Key in Controlling North Korea’s Recklessness

Shortly after unveiling a new uranium enrichment facility, North Korea has shelled a disputed island held by the Republic of Korea.  A score of South Koreans reportedly were killed or wounded.

These two steps underscore the North’s reputation for recklessness.  Unfortunately, there is no easy solution: serious military retaliation risks full-scale war, while intensified sanctions will have no impact without China’s support.

Instead, the U.S. should join with the ROK in an intensive diplomatic offensive in Beijing.  So far China has assumed that the Korean status quo is to its advantage.  However, Washington and Seoul should point out that Beijing has much to lose if things go badly in North Korea.

The North is about to embark on a potentially uncertain leadership transition.  North Koreans remain impoverished; indeed, malnutrition reportedly is spreading.  With the regime apparently determined to press ahead with its nuclear program while committing regular acts of war against the South, the entire peninsula could go up in flames.  China would be burned, along with the rest of North Korea’s neighbors.

The U.S. also should inform Beijing that Washington might choose not to remain in the middle if the North continues its nuclear program.  Given the choice of forever guaranteeing South Korean and Japanese security against an irresponsible North Korea, or allowing those nations to decide on their own defense, including possible acquisition of nuclear weapons, the U.S. would seriously consider the latter.  Then China would have to deal with the consequences.

Beijing’s best option would be to join with the U.S. and South Korea in offering a package deal for denuclearization, backed by effective sanctions, meaning the cut-off of Chinese food and energy assistance.  Otherwise, Beijing might find itself sharing in a future North Korean nightmare.

The Security Logic Clarifies the Question

A new post on the TSA blog gets the logic behind the strip/grope combination correct.

[I]f you’re selected for AIT and choose to opt-out, we still need to check you for non-metallic threats. That’s why a pat-down is required. If you refuse both, you can’t fly.

Any alternative allows someone concealing something to decline the strip-search machine, decline the intimate pat-down, and leave the airport, returning another day in hopes of not being selected for the strip-search machine. The TSA reserves the right to fine you $11,000 for declining these searches.

So the question is joined: Should the TSA be able to condition air travel on you permitting someone to look at or touch your genitals?

I’ve argued that the strip/grope is security excess not validated by risk management. It’s akin to a regulation that fails the “arbitrary and capricious” standard in adminstrative law. But the TSA is not so constrained.

Unclear on Internet Security and Surveillance

The Washington Post has a poorly thought through editorial today on the Justice Department’s “CALEA for the Cloud” initiative. That’s the formative proposal to require all Internet services to open back doors to their systems for court-ordered government surveillance.

“Some privacy advocates and technology experts have sounded alarms,” says the Post, “arguing that such changes would make programs more vulnerable to hackers.”

Those advocates—of privacy and security both—are right. Julian Sanchez recently described here how unknown hackers exploited surveillance software to eavesdrop on high government officials in Greece.

“Some argue that because the vast majority of users are law-abiding citizens, the government must accept the risk that a few criminals or terrorists may rely on the same secure networks.”

That view is also correct. The many benefits of giving the vast majority of law-abiding people secure communications outstrips the cost of allowing law-breakers also to have secure communications.

But the Post editorial goes on, sounding in certainty but exhibiting befuddlement.

The policy question is not difficult: The FBI should be able to quickly obtain court-approved information, particularly data related to a national security probe. Companies should work with the FBI to determine whether there are safe ways to provide access without inviting unwanted intrusions. In the end, there may not be a way to perfectly protect both interests — and the current state of technology may prove an impenetrable obstacle.

The policy question, which the Post piece begs, is actually very difficult. Would we be better off overall if most or all of the information that traverses the Internet were partially insecure so that the FBI could obtain court-approved information? What about protocols and communications that aren’t owned or controlled by the business sector—indeed, not controlled by anyone?

The Tahoe-LAFS secure online storage project, for example—an open-source project, not controlled by anyone—recently announced its intention not to compromise the security of the system by opening back doors.

The government could require the signatories to the statement to change the code they’re working on, but thousands of others would continue to work with versions of the code that are secure. As long as people are free to write their own code—and that will not change—there is no way to achieve selective government access that is also secure.

The current state of technology, thankfully, is an impenetrable obstacle to compromised security in the interest of government surveillance. The only conclusion here, which happily increases our security and liberty overall, is that everyone should have access to fully secure communications.

Actually We Aren’t Running the World

Bloggers have already noted the most glaring problems with Arthur Brooks, Edwin Feulner and Bill Kristol’s Monday Wall Street Journal op-ed, “Peace Doesn’t Keep Itself,” which worries that conservatives are figuring out that trying to run the world is not conservative.

The op-ed pretends that the fact that defense spending isn’t the largest cause of the deficit means it isn’t a cause of the deficit. It obscures the fact that we spend more on defense than we did in the Cold War by counting the defense budget as a portion of the economy without noting the latter has grown faster than the former.

So I can limit myself to less obvious angles. The first is that neoconservatives like Kristol are for increasing the defense budget no matter what. For them the military is basically an expression of national awesomeness (to use an academic term). Enemies and other details, like what we spend already, come up mainly in the justification phase.

In 2000, when U.S. defense spending was nearly $180 billion lower than today—excluding the wars and adjusting for inflation—Bill Kristol and Robert Kagan wanted to increase defense spending by $60 to $100 billion a year. After September 11, they called for a “large” and “substantial” increase. Having got that and then some, Kristol, at least, wants even more. The neoconservative appetite for military spending is insatiable because their militarism is.

Second, I want to pick on one point the op-ed makes because it is both wrong and widely believed: “Global prosperity requires commerce and trade, and this requires peace. But the peace does not keep itself.”

There are really two theories there. First, commerce requires general peace in supplier nations and military protection of supply lines. Second, only the United States can provide both. There is some evidence for these claims in a long-running correlation. Since World War II, U.S. military hegemony has coincided with explosive growth in global trade. So it’s easy to see how people assume causation. But as Chris Preble and I argue in the Policy Analysis that we just released, “Budgetary Savings from Military Restraint,” the causal logic here is weak. It overstates the U.S. military’s contribution to global stability and trade and the trouble that instability causes us.

The first theory is right in the sense that nations devastated by war ultimately lose purchasing power, which is bad for their trade partners. But in the meantime, warring countries typically need a lot of imports. They also generate capital for armies by selling goods abroad. For that reason, the Iranians and Iraqis kept pumping oil during their war. Wars do not simply shut down trade.

The argument for policing peacetime shipments is even worse, as I explain in a guest post I did yesterday for the Stimson Center’s revamped defense budget blog. As I note there, we do not really protect shipments now. A tiny minority get naval protection. Thus primacists tend to argue that what matters is not defending trade but the ability to do so, which deters malfeasants from harassing it or building capability to do so. But that argument gives the game away. You don’t need to do it in good times to do it in bad times.

What happens the day after we tell our Navy to stop sailing around in the name of protecting commerce? Who interrupts shipments? Would Iran start charging tolls at the Strait of Hormuz or China in the South China Sea? I say no because they know that we can force access and because there are plenty of ways to retaliate, including blockading those countries.

A more plausible claim is that some states would increase naval spending to police their own shipping. That seems like a good thing. Sometimes people say that such burden-sharing could set off a naval arms race that causes a war, say between India and China. I suppose that is possible, but naval arms races have caused few, if any, wars.

Let’s say our ability to buy some good from some area is cut off, either by instability at the source or en route. The likely outcome is supply adjustment, not supply failure. Generally another supplier takes the orders and prices adjust. That is particularly true as globalization links markets and increases supply options. It is when you have only one potential supplier that you really need to police delivery.

If you believe that military hegemony protects peacetime shipments, you could argue that it distorts price signals by shifting a portion of the good’s cost to federal taxes. Because I don’t believe that we are propping up prices in most cases, I say that what primacists are really selling is an attempted but failed subsidy to consumption of goods, including oil.

Oil is a special case because price shocks caused by supply disruption have in the past caused recessions. However, economists argue that the conditions that allowed for this problem have changed. One change is the reduced burden energy costs now impose on U.S. household income. Others disagree, but if they are right, that is why we have public and private reserves.

You can read more of what we think of about the idea that only we can keep the peace among states in the Policy Analysis or in the stuff Cato scholars have been pumping out for years. I will just say here that primacists ignore all the history contradicting the idea that only hegemons create a stable balance of power and the many rivals that formed stable balances of power without an hegemon taking a side.

International stability and world trade would be OK without our nation trying to use our military to provide them. If you don’t believe me, you might read one of these three papers by Eugene Gholz and Daryl Press. I took a lot of this from them.