Tag: Security

Actually We Aren’t Running the World

Bloggers have already noted the most glaring problems with Arthur Brooks, Edwin Feulner and Bill Kristol’s Monday Wall Street Journal op-ed, “Peace Doesn’t Keep Itself,” which worries that conservatives are figuring out that trying to run the world is not conservative.

The op-ed pretends that the fact that defense spending isn’t the largest cause of the deficit means it isn’t a cause of the deficit. It obscures the fact that we spend more on defense than we did in the Cold War by counting the defense budget as a portion of the economy without noting the latter has grown faster than the former.

So I can limit myself to less obvious angles. The first is that neoconservatives like Kristol are for increasing the defense budget no matter what. For them the military is basically an expression of national awesomeness (to use an academic term). Enemies and other details, like what we spend already, come up mainly in the justification phase.

In 2000, when U.S. defense spending was nearly $180 billion lower than today—excluding the wars and adjusting for inflation—Bill Kristol and Robert Kagan wanted to increase defense spending by $60 to $100 billion a year. After September 11, they called for a “large” and “substantial” increase. Having got that and then some, Kristol, at least, wants even more. The neoconservative appetite for military spending is insatiable because their militarism is.

Second, I want to pick on one point the op-ed makes because it is both wrong and widely believed: “Global prosperity requires commerce and trade, and this requires peace. But the peace does not keep itself.”

There are really two theories there. First, commerce requires general peace in supplier nations and military protection of supply lines. Second, only the United States can provide both. There is some evidence for these claims in a long-running correlation. Since World War II, U.S. military hegemony has coincided with explosive growth in global trade. So it’s easy to see how people assume causation. But as Chris Preble and I argue in the Policy Analysis that we just released, “Budgetary Savings from Military Restraint,” the causal logic here is weak. It overstates the U.S. military’s contribution to global stability and trade and the trouble that instability causes us.

The first theory is right in the sense that nations devastated by war ultimately lose purchasing power, which is bad for their trade partners. But in the meantime, warring countries typically need a lot of imports. They also generate capital for armies by selling goods abroad. For that reason, the Iranians and Iraqis kept pumping oil during their war. Wars do not simply shut down trade.

The argument for policing peacetime shipments is even worse, as I explain in a guest post I did yesterday for the Stimson Center’s revamped defense budget blog. As I note there, we do not really protect shipments now. A tiny minority get naval protection. Thus primacists tend to argue that what matters is not defending trade but the ability to do so, which deters malfeasants from harassing it or building capability to do so. But that argument gives the game away. You don’t need to do it in good times to do it in bad times.

What happens the day after we tell our Navy to stop sailing around in the name of protecting commerce? Who interrupts shipments? Would Iran start charging tolls at the Strait of Hormuz or China in the South China Sea? I say no because they know that we can force access and because there are plenty of ways to retaliate, including blockading those countries.

A more plausible claim is that some states would increase naval spending to police their own shipping. That seems like a good thing. Sometimes people say that such burden-sharing could set off a naval arms race that causes a war, say between India and China. I suppose that is possible, but naval arms races have caused few, if any, wars.

Let’s say our ability to buy some good from some area is cut off, either by instability at the source or en route. The likely outcome is supply adjustment, not supply failure. Generally another supplier takes the orders and prices adjust. That is particularly true as globalization links markets and increases supply options. It is when you have only one potential supplier that you really need to police delivery.

If you believe that military hegemony protects peacetime shipments, you could argue that it distorts price signals by shifting a portion of the good’s cost to federal taxes. Because I don’t believe that we are propping up prices in most cases, I say that what primacists are really selling is an attempted but failed subsidy to consumption of goods, including oil.

Oil is a special case because price shocks caused by supply disruption have in the past caused recessions. However, economists argue that the conditions that allowed for this problem have changed. One change is the reduced burden energy costs now impose on U.S. household income. Others disagree, but if they are right, that is why we have public and private reserves.

You can read more of what we think of about the idea that only we can keep the peace among states in the Policy Analysis or in the stuff Cato scholars have been pumping out for years. I will just say here that primacists ignore all the history contradicting the idea that only hegemons create a stable balance of power and the many rivals that formed stable balances of power without an hegemon taking a side.

International stability and world trade would be OK without our nation trying to use our military to provide them. If you don’t believe me, you might read one of these three papers by Eugene Gholz and Daryl Press. I took a lot of this from them.

Are You Substituting Worst-Case Thinking for Reason?

Bruce Schneier has a typically good essay on the use of “worst-cases” as a substitute for real analysis. I noticed conspicuous use of “worst-case” in early reporting on the oil spill in the Gulf. It conveniently gins up attention for media outlets keen on getting audience.

There’s a certain blindness that comes from worst-case thinking. An extension of the precautionary principle, it involves imagining the worst possible outcome and then acting as if it were a certainty. It substitutes imagination for thinking, speculation for risk analysis and fear for reason. It fosters powerlessness and vulnerability and magnifies social paralysis. And it makes us more vulnerable to the effects of terrorism.

Worst-case thinking—the failure to manage risk through analysis of costs and benefits—is what makes airline security such an expensive nightmare, for example. Schneier concludes:

When someone is proposing a change, the onus should be on them to justify it over the status quo. But worst case thinking is a way of looking at the world that exaggerates the rare and unusual and gives the rare much more credence than it deserves. It isn’t really a principle; it’s a cheap trick to justify what you already believe. It lets lazy or biased people make what seem to be cogent arguments without understanding the whole issue.

It’s not too long for you to read the whole thing.

Restrictive Immigration Policies Confound Security

CEI’s Alex Nowrasteh has a commentary on Townhall.com illustrating how restrictive immigration policies confound security. Twenty-three Somalis with suspected ties to an Islamist group were mistakenly released from a Mexican prison last January, and their whereabouts now are unknown. He continues:

Forcing immigrants underground creates an enormous black market where terrorist activities and serious crimes can continue undetected. If legal immigration were much easier, the American government would know who was entering the country and do a better job in screening out criminals and suspected terrorists.

I’m leery of touting terror threats for any reason beyond alerting the public to information they can use for national and self-protection. A small group of possible terrorists in Mexico is far from doing any significant harm and not particularly worrisome.

But this story illustrates how the border security that matters gets harder—and how much tax money gets wasted—when our policies make legal immigration difficult or impossible. The government is preoccupies with workers made minor criminals by their extraordinary efforts to improve their and their families’ circumstances.

How to Prevent a Fort Hood Shooting

I wrote some posts a few months ago (1, 2, 3) about the difficulty of discovering and preventing essentially random events like the Fort Hood shooting. I was pleased by the compliment security guru Bruce Schneier paid them in his recent post, “Small Planes and Lone Terrorist Nutcases.” (Such happy subject matter we get to write about!)

Now comes Radley Balko with a great column illustrating what you get when authorities try to “get ahead” of this problem. “Pre-Crime Policing” tells the story of a gun buyer who had been tagged with the adjective “disgruntled.” A SWAT team appeared on his property, police tricked him into surrendering for a mental evaluation, they illegally entered his home, and they seized his guns.

Says the victim of these invasions, “South Oregon is big gun country. If something like this can happen here, where just about everyone owns a gun, it can happen anywhere.”

Especially if we ask law enforcement to prevent random violence.

Symbols, Security, and Collectivism

The state of Nevada is one of few that is tripping over itself to comply with the REAL ID Act, the U.S. national ID law.

It’s worth taking a look at the sample license displayed in this news report, especially the gold star used on the license to indicate that it is federally approved.

The reasons for “improving” drivers’ licenses this way are complex. The nominal reason for REAL ID was to secure the country against terrorism. The presence of a gold star signals that this the card bears a correct identity and that watch-list checking has ensured the person is not a threat.

Don’t be too thrilled, though. The weakness of watch-listing was demonstrated again by the Christmas-day attempt on a Northwest airlines flight. The underpants bomber wasn’t listed, so checking his name against a watch-list didn’t do anything.

The real reason for REAL ID, though, was anti-immigrant fervor. If the driver licensing system distinguished between citizens and non-citizens, the theory goes, possession of a driver’s license can be used to regulate access not just to driving, but to working, financial services, health care, and anything else the government wants. Illegal presence in the country could be made unpleasant enough that illegal immigrants would leave.

Alas, human behavior isn’t that simple. If ‘driven’ to it—(I had to…)—people will get behind the wheel without licenses—and without the training that comes with licensing. Then they’ll crash. When the governor of New York briefly de-linked driver licensing and immigration status in 2007, he cited public safety and the likelihood that insurance rates would fall, to the benefit of New Yorkers. (When the state of New Mexico de-linked driver licensing and immigration status, uninsured vehicle rates in the state dropped from 33 percent to 17 percent.) But the governor suffered withering criticism from anti-immigrant groups and quickly reversed course.

Like linking immigration status and driving, linking immigration status and work through an ID system imposes costs on the law-abiding citizen. Complications and counterattacks raise costs on workers and employers while reducing the already small benefits of such programs. I articulated those in my paper on employment eligibility verification.

REAL ID transfers well-being and wealth from individuals to the state.

But let’s return to this gold star…

The article says that the Nevada ID is becoming one of the hardest in the country to forge. But it’s hard to be sure. The gold star may undermine the anti-forgery goal.

Forgery is the making or altering of a document with the intent to defraud or deceive. The question is not whether the whole document can be made—I’m sure the new Nevada license is bristling with security doodads—it’s whether a document can be made to deceive.

Watch for the people who check licenses to fall into the habit of checking the gold star and taking that as evidence that the document is “good.” By a small but relevant margin, ID checkers will forget to compare the picture on the license to the face of the person presenting it. (Gold star? Go.) Putting a gold star on the license may make forgery easier. It’s not about the technical feasibility of creating the card; it’s how to fool people.

But this gold star. It will be taken as a shorthand for “citizen.” There are examples from the past in which governments used symbols to assign status to populations. It’s easy to go overboard with such comparisons, but the Nevada license, with this gold star, takes a dramatic step toward carving the population into groups—groups that can be divided. Maybe soon two stars will be for military veterans, or people licensed to own firearms. Three stars could be for elected officials.

With this gold star system, a Nevada license-holder is a little less of a free, independent person with rights and privileges based on individual merit. A Nevadan becomes an undifferentiated status-holding subject. We’re a long way from the day when the “gold star” people are assigned to better rail cars, but the idea is that it should never happen. We should reject entirely the tools that could allow the government to do that.

I Told You So?

The story that images of a film star produced by whole-body imaging were copied and circulated among airport personnel in London are a little too good to be true for critics of the technology. It may yet be proven a joke or hoax, and airport officials are denying that it happened, saying that it “simply could not be true.”

But if Bollywood star Shah Rukh Khan was exposed by the technology, it validates more quickly than I expected the concern that controls on body scanning images would ultimately fail.

Here’s how I wrote about the fate of domestic U.S. proscriptions on copying images from whole-body imaging machines in an earlier post:

Rules, of course, were made to be broken, and it’s only a matter of time — federal law or not — before TSA agents without proper supervision find a way to capture images contrary to policy. (Agent in secure area guides Hollywood starlet to strip search machine, sends SMS message to image reviewer, who takes camera-phone snap. TMZ devotes a week to the story, and the ensuing investigation reveals that this has been happening at airports throughout the country to hundreds of women travelers.)

I have my doubts that this incident actually happened as reported, but it is not impossible, and over time misuse of the technology is likely. That’s a cost of whole-body imaging that should be balanced against its security benefits.

Surveillance, Security, and the Google Breach

Yesterday’s bombshell announcement that Google is prepared to pull out of China rather than continuing to cooperate with government Web censorship was precipitated by a series of attacks on Google servers seeking information about the accounts of Chinese dissidents.  One thing that leaped out at me from the announcement was the claim that the breach “was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.” That piqued my interest because it’s precisely the kind of information that law enforcement is able to obtain via court order, and I was hard-pressed to think of other reasons they’d have segregated access to user account and header information.  And as Macworld reports, that’s precisely where the attackers got in:

That’s because they apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press.

This is hardly the first time telecom surveillance architecture designed for law enforcement use has been exploited by hackers. In 2005, it was discovered that Greece’s largest cellular network had been compromised by an outside adversary. Software intended to facilitate legal wiretaps had been switched on and hijacked by an unknown attacker, who used it to spy on the conversations of over 100 Greek VIPs, including the prime minister.

As an eminent group of security experts argued in 2008, the trend toward building surveillance capability into telecommunications architecture amounts to a breach-by-design, and a serious security risk. As the volume of requests from law enforcement at all levels grows, the compliance burdens on telcoms grow also—making it increasingly tempting to create automated portals to permit access to user information with minimal human intervention.

The problem of volume is front and center in a leaked recording released last month, in which Sprint’s head of legal compliance revealed that their automated system had processed 8 million requests for GPS location data in the span of a year, noting that it would have been impossible to manually serve that level of law enforcement traffic.  Less remarked on, though, was Taylor’s speculation that someone who downloaded a phony warrant form and submitted it to a random telecom would have a good chance of getting a response—and one assumes he’d know if anyone would.

The irony here is that, while we’re accustomed to talking about the tension between privacy and security—to the point where it sometimes seems like people think greater invasion of privacy ipso facto yields greater security—one of the most serious and least discussed problems with built-in surveillance is the security risk it creates.