Tag: Security

Terrorism and Security Systems

Terrorism presents a complex set of security problems. That’s easy to see in the welter of discussion about the recent attempted bombing on a plane flying from Amsterdam into Detroit. The media and blogs are poring over the many different security systems implicated by this story. Unfortunately, many are reviewing them all at once, which is very confusing.

Each security system aimed to protect against terror attacks and other threats involves difficult and complex balancing among many different interests and values. Each system deserves separate consideration, along with analysis of how they interact with one another.

A helpful way to unpack security is by thinking in terms of “layers.” Calling it security “layering” is a way of describing the many different practices and technologies that limit threats to the things we prize. (It’s another lens on security, compatible with the risk management framework I laid out shortly after the Fort Hood shooting.)

Let’s think about some of the security layers deployed to protect people on airplanes against someone like the individual who sought to bomb this flight into Detroit. There are many different security layers. Examining how they worked or failed positions us to tune our security systems better for the future.

It would make sense to start with the security measure that ultimately ceased the attack—human intervention—and move out layer-by-layer from there. But we should actually start by pondering what course events might have followed if the attack hadn’t been thwarted when it was.

The design of airplanes is a security layer that this event did not implicate. Few people are aware that planes are designed to survive damage—even significant damage—and still remain aloft. The seat assignment of this would-be bomber comes into play here, of course. Did he seek out a seat along the wing intending to damage fuel tanks, or was it just a chance assignment? We don’t know yet.

Depending on how events might have unfolded in the event of an actual blast, various other layers may have come into play: pilot training, other design elements of the plane like redundant controls, availability of first aid equipment, flight crew training, and so on.

The good news—worth stating again because much commentary overlooks it—is that this plot failed.

The security layer we credit most for its failure is the direct intervention of other passengers. People who discuss only government programs or policies overlook an important, forceful, and highly adaptive security layer: empowered individuals. We should not prefer to rely on this kind of human intervention, of course—it kicks in far too late for comfort. But it is there, and in this case it worked.

Next, there is weapons detection. The consensus is strong that this layer failed, but this layer did some work, which also shouldn’t be overlooked.

To get it past anticipated security checks, the “bomb” had to be modified in a way that ultimately reduced it to a far less dangerous incendiary device. It wasn’t human intervention alone, but the combination of the weapons detection layer and the human layer that foiled the plot.

Nonetheless, given the consensus that weapons detection failed outright, it is likely that millimeter wave scanning (aka “strip-search machines”) will see broader adoption in air security, trumping privacy concerns that had dealt it some setbacks.

Another layer—more clearly a failure—was the watch list/no-fly list system (or systems). Watch-lists are porous when they’re at their best: They can only catch people already known to be threats, and then only those who are accurately identified at the airport.

Secretary Napolitano originally said that there wasn’t specific derogatory information to justify placing this person on a no-fly list, but unfolding reporting suggests that this was not the case. I agree that watch-listing failed, but I struggle to imagine how it could actually succeed. What general rule, administered on the scale required, could properly deny boarding to genuine attackers without unacceptably denying travel to thousands and thousands of non-attackers every year? Making sense of watch-listing is difficult, and it’s no surprise to me that this security layer failed.

A sibling layer is visa management. Unlike the last-minute decision whether or not to allow a person onto a plane, visa applications can be examined with some leisure, using not only lists of derogatory information but also information gathered from applicants and other sources.

Foreign nationals have no right to enter the United States, and the decision to exclude people seems well placed at this layer compared to last-minute use of watch-lists or no-fly lists.  By comparison to authorities in the UK, who evidently excluded him, it appears to have been error to allow the Detroit bomb plotter to have kept his U.S. visa. This is yet another security issue deserving investigation.

Other security layers, of course, include whatever intelligence  might have been picked up in Yemen and whatever actions might have been taken in light of it.

Are there more layers of security to examine? Undoubtedly there are.

One of interest to me might be called the “strategic layer”—steps to deny terrorists the strategic gains they seek. It is unclear what goal, if any, the Detroit bomb plotter had, but  U.S. National War College professor of strategy Audrey Kurth Cronin identifies a number of “strategies of leverage” terrorism seeks to exploit.

Terrorists are weak actors, unable to muster conventional forces that threaten a state directly. So they try to use the power of the states they attack to achieve their aims. Provocation is an example—getting a state to overreact and undercut its own legitimacy. Polarization is another: Most often in domestic contexts, terror attacks can drive wedges among different ethnic, religious, or cultural groups, destabilizing the state and society.

Mobilization is the strategy of leverage most likely at play here—seeking to recruit and rally the masses to a cause. There’s no argument that this alienated loner is an articulate strategist, of course, but his attack could signal the importance of terrorism to a worldwide audience, making terrorism more attractive to opponents of U.S. power.

Even a failed attack could send such a signal if U.S. government authorities allow it. I wrote in an earlier post how their reactions will dictate the “success” or “failure” of this attack as terrorism.

As to the strategic layer, I believe that, amid programmatic and policy failures, President Obama is due credit for his handling of communications. It was very pleasing to see a Washington Post story Monday headlined: “Obama Addresses Airline Security in Low-Key Fashion.” He is obligated to respond to domestic demands for communication, of course, but declining to exalt terrorism and this incident should not earn him demerits. It should earn him applause.

The alternative—hustling the president of the United States in front of cameras to make incautious statements—would send an unfortunate signal to the world: Any young man, from anywhere across the globe, can poke the president of the United States in the eye, even if his attack on a U.S. target fails. Such a message would invite more terrorist acts.

Attacks not mounted aren’t measured, of course, but attacks would likely increase if it appeared that attacking the U.S. and its interests could visibly fluster the U.S. president. The discipline shown by the White House during this event is an important contribution to our security from the next attack. Politicians beneath President Obama’s grade should take a lesson and control their reactions as well.

Next, I hope to see communications that subtly and appropriately portray the underwear bomb plotter as the loser that he is. I have declined to use his name, because this wretch should go namelessly to oblivion. And I am pleased to see that U.S. authorities have released an image of his underwear, half-suspecting that this was done to help make his legacy the indignity of being beaten by Americans and having his underwear displayed to the world. 

I am also pleased to see him called the “underwear bomber” in some news reports. I would call him the “underwear bomb plotter” because he only managed to light a fire. This is not to trivialize the attack, but to diminish the standing of the person who committed it. People around the world who might consider terrorism are watching how we react to this event, and I want no one to believe that following in the footsteps of the underwear bomb plotter is a good idea.

Let’s also observe that the plane he would have brought down bore innocent women and children. Among them likely were many good Muslim people. Had he succeeded, he would have added to the count of orphaned children in the world. This is not someone to emulate, and official communications should be sounding these themes if they aren’t already.

Given how difficult it is to physically foreclose all vectors of attack while maintaining our society as open and free, strategic communications like this—to deny terrorists the rhetorical gains they seek from us—are very important. Portraying this person as a wrongheaded failure is part of the strategic layer in our security, far preferable to treating him as a diabolical anti-hero.

This incomplete discussion is intended only to illustrate the many different security layers at issue in the underwear bomb plot. Thoughtful readers will undoubtedly find gaps and misstatements in this discussion based on more precise facts and better technical or programmatic knowledge than I have.

Thankfully, we have an opportunity to learn about our security from this failed attack. Had it succeeded, it appears that our society remains ill-equipped to maintain an even keel. The intensity of commentary and analysis on this event shows that a successful terrorist would likely knock us off our game. The impulse to do something—anything—would overwhelm us, and we would likely overreact by retaliating imprecisely, by pouring our energy into security measures that don’t actually work, and so on. Such missteps are congenial to terrorism, and we should try to avoid them.

Talking about Terrorism

Terrorists are named after an emotion for a reason. They use violence to produce widespread fear for a political purpose. The number of those they kill or injure will always be a small fraction of those they frighten. This creates problems for leaders, and even analysts, when they talk publicly about terrorism. On one hand, leaders need to convince the public that they are on the case in protecting them, or else they won’t be leaders for long. On the other hand, good leaders try to minimize unwarranted fear.

One reason is that we shouldn’t give terrorists what they want. Another is that fear is a real social harm, particularly when it is exaggerated. Stress from fear harms health. It causes bad decisions. For example, if people avoid flying and drive instead the number of added fatalities on the road will quickly surpass the dead from a typical terrorist attack. Most important, excessive fear causes policy responses that often damage the economy without much added safety. Measured in lives on dollars, reactions to terrorism often cost more than the attack themselves.

If leaders talk only about the danger of terrorism and everything they are doing to fight it, without putting danger in context, they may be on safe political ground, but they risk causing or prolonging groundless fear and encouraging all sorts of harmful overreactions. That is the Bush Administration’s counterterrorism record, in a nutshell. If leaders just say “calm down and worry about something more likely to harm you,” they will be butchered politically.

So a reasonable approach is to sound concerned but reassuring. You want to convince people that they are mostly safe without appearing complacent. I don’t like many of this administration’s counterterrorism policies, starting with Afghanistan, but thus far its communication about terrorism is far more sensible than the last administration’s. That includes the aftermath of this attempted Christmas Day attack.

The administration made it clear that it is unacceptable that a guy we just got warned about got onto a plane wearing explosives. But the President also said Americans should be generally confident in their safety from terrorism. He didn’t act as if this incident was the most important thing on his schedule this year or compare the Al Qaeda affiliate in Yemen to the Third Reich or what have you, exaggerating their capability and power. I wish he had gone further and said that detonating explosives smuggled on to a plane is tricky and that flying remains incredibly safe. (Jim Harper will soon have more to say here on the security failures and how to talk about them.)

In a different political universe, the President could describe the terrorist threat honestly. He would say that recent attempted terrorist attacks in the United States show more amateurism and failure than skill and success. He could add that we are fortunate that our greatest enemy, al Qaeda and its fellow-travelers, are scattered and weak compared the sorts of enemies we historically faced. He would sound more like Michael Bloomberg, who told New Yorkers that they had a better chance of being struck by lightening than killed by terrorists, after a particularly inept terrorist plot on JFK airport was uncovered. He could even quote Nate Silver, who calculates that in the last decade of US flights, there was one terrorist incident per 11,569,297,667 miles flown. It’s true, as Kip Viscusi demonstrates, that people don’t think like actuaries. They rightly value different sorts of deaths in different ways, and want more protection against terrorism than other dangers. But knowing the odds is still important in weighing the appropriate amount of concern and forming policy preferences. The president could also have treated voters like grown-ups and pointed out that whatever flaws in airline security that this attempted attack reveals, there is no such thing as perfect safety, and sooner or later even the finest security systems fail.

I also disagree with the argument that the trouble with our airline security or national security policy-making in general is insufficient presidential attention. Overall, we could do with a little more masterly inactivity in security policy, to use an old British phrase. Aviation security is another matter, but I struggle to see how presidential involvement would have fixed this problem. The 9-11 Commission did claim that September 11 occurred because leaders failed to pay sufficient attention to al Qaeda, but there, as in other matters, the Commission is wrong. At least in the executive branch, the attention paid to the threat in the 1990s was quite substantial, as you can see in this essay by Josh Rovner or in my contribution to this book. The historical record shows that the threat was well understood by security officials and the reading public. Time, for example, called Osama bin Laden the most wanted man in the world when they interviewed him in 1998. The trouble, in my opinion, was not misperception but our policies and the difficult and unprecedented nature of problem–a terrorist group ensconced in hostile country that refused to do anything about it.

Getting the line between confidence and vigilance right is not easy, but it starts with acknowledgment that there is such a thing as overreaction. That subject will be the on the agenda for our January 13 counterterrorism forum with James Fallows, State Department Counterterrorism Coordinator Daniel Benjamin, Paul Pillar and others.

*My attempts to explain this stuff to Politico yesterday resulted in some confused and inaccurate uses of my quotes in this story by Carol E. Lee, which unconvincingly compares the Obama’s response to this terrorist attempt to his silly involvement in the Henry Louis Gates arrest fiasco. First, Lee absurdly uses me as example of “predictable” attacks from the right on Obama, when I said I was glad that the President said Americans should feel confident but that I’d have preferred if he’d done it more forcefully by saying flying remains safe and al Qaeda weak. That is more or less the opposite of the predictable take on the right. Then, she says that my views on the President’s response to the attacks referred to his post-press conference golf outing. I was talking about his overall response, or lack thereof, over the last several days. I can’t decipher the meaning of presidential golf.

Three Keys to Surveillance Success: Location, Location, Location

The invaluable Chris Soghoian has posted some illuminating—and sobering—information on the scope of surveillance being carried out with the assistance of telecommunications providers.  The entire panel discussion from this year’s ISS World surveillance conference is well worth listening to in full, but surely the most striking item is a direct quotation from Sprint’s head of electronic surveillance:

[M]y major concern is the volume of requests. We have a lot of things that are automated but that’s just scratching the surface. One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy, so, just the sheer volume of requests they anticipate us automating other features, and I just don’t know how we’ll handle the millions and millions of requests that are going to come in.

To be clear, that doesn’t mean they are giving law enforcement geolocation data on 8 million people. He’s talking about the wonderful automated backend Sprint runs for law enforcement, LSite, which allows investigators to rapidly retrieve information directly, without the burden of having to get a human being to respond to every specific request for data.  Rather, says Sprint, each of those 8 million requests represents a time when an FBI computer or agent pulled up a target’s location data using their portal or API. (I don’t think you can Tweet subpoenas yet.)  For an investigation whose targets are under ongoing realtime surveillance over a period of weeks or months, that could very well add up to hundreds or thousands of requests for a few individuals. So those 8 million data requests, according to a Sprint representative in the comments, actually “only” represent “several thousand” discrete cases.

As Kevin Bankston argues, that’s not entirely comforting. The Justice Department, Soghoian points out, is badly delinquent in reporting on its use of pen/trap orders, which are generally used to track communications routing information like phone numbers and IP addresses, but are likely to be increasingly used for location tracking. And recent changes in the law may have made it easier for intelligence agencies to turn cell phones into tracking devices.  In the criminal context, the legal process for getting geolocation information depends on a variety of things—different districts have come up with different standards, and it matters whether investigators want historical records about a subject or ongoing access to location info in real time. Some courts have ruled that a full-blown warrant is required in some circumstances, in other cases a “hybrid” order consisting of a pen/trap order and a 2703(d) order. But a passage from an Inspector General’s report suggests that the 2005 PATRIOT reauthorization may have made it easier to obtain location data:

After passage of the Reauthorization Act on March 9, 2006, combination orders became unnecessary for subscriber information and [REDACTED PHRASE]. Section 128 of the Reauthorization Act amended the FISA statute to authorize subscriber information to be provided in response to a pen register/trap and trace order. Therefore, combination orders for subscriber information were no longer necessary. In addition, OIPR determined that substantive amendments to the statute undermined the legal basis for which OIPR had received authorization [REDACTED PHRASE] from the FISA Court. Therefore, OIPR decided not to request [REDACTED PHRASE] pursuant to Section 215 until it re-briefed the issue for the FISA Court. As a result, in 2006 combination orders were submitted to the FISA Court only from January 1, 2006, through March 8, 2006.

The new statutory language permits FISA pen/traps to get more information than is allowed under a traditional criminal pen/trap, with a lower standard of review, including “any temporarily assigned network address or associated routing or transmission information.” Bear in mind that it would have made sense to rely on a 215 order only if the information sought was more extensive than what could be obtained using a National Security Letter, which requires no judicial approval. That makes it quite likely that it’s become legally easier to transform a cell phone into a tracking device even as providers are making it point-and-click simple to log into their servers and submit automated location queries.  So it’s become much more  urgent that the Justice Department start living up to its obligation to start telling us how often they’re using these souped-up pen/traps, and how many people are affected.  In congressional debates, pen/trap orders are invariably mischaracterized as minimally intrusive, providing little more than the list of times and phone numbers they produced 30 years ago.  If they’re turning into a plug-and-play solution for lojacking the population, Americans ought to know about it.

If you’re interested enough in this stuff to have made it through that discussion, incidentally, come check out our debate at Cato this afternoon, either in the flesh or via webcast. There will be a simultaneous “tweetchat” hosted by the folks at Get FISA Right.

President Obama to Announce Troop Increase in Afghanistan

afghanistan mapThere are two things that President Obama’s plan won’t do: win the war, or end the war.

While all Americans hope that the mission in Afghanistan will turn out well, the U.S. military’s counterinsurgency doctrine says that stabilizing a country the size of Afghanistan would require far more troops than the most wild-eyed hawk has proposed: about 600,000 troops. An additional 30 to 40,000 troops isn’t just a case of too little, too late; it holds almost no prospect of winning the war. Accordingly, this likely won’t be the last prime-time address in which the president proposes sending many more troops to Afghanistan; my greatest fear is that this is only the first of many.

But we shouldn’t just commit still more troops. President Obama should have recognized that the goals he set forth in March went too far. A better strategic review would have revisited our core objectives and assumptions. It would have focused on a narrower set of achievable objectives that are directly connected to vital U.S. security interests—chiefly disrupting al Qaeda’s ability to do harm—and that would have left the rebuilding of Afghanistan to Afghans, not Americans. President Obama’s national security team seems not to have even considered this course. Instead, the administration focused on repackaging the same grandiose strategy.

Secretary of Defense Gates fixed on the dilemma several weeks ago when he pondered aloud: “How do we signal resolve and at the same time signal to the Afghans and the American people that this is not open-ended?”

It turns out you can’t. The president’s decision to deepen our commitment to Afghanistan while simultaneously promising an exit is ultimately absurd on its face.

I’d be surprised if any foreign policy analyst would bet his or her next paycheck that this is going to work. I wouldn’t.

Who Reads the Readers?

This is a reminder, citizen: Only cranks worry about vastly increased governmental power to gather transactional data about Americans’ online behavior. Why, just last week, Rep. Lamar Smith (R-TX) informed us that there has not been any “demonstrated or recent abuse” of such authority by means of National Security Letters, which permit the FBI to obtain many telecommunications records without court order. I mean, the last Inspector General report finding widespread and systemic abuse of those came out, like, over a year ago! And as defenders of expanded NSL powers often remind us, similar records can often be obtained by grand jury subpoena.

Subpoenas like, for instance, the one issued last year seeking the complete traffic logs of the left-wing site Indymedia for a particular day. According to tech journo Declan McCullah:

It instructed [System administrator Kristina] Clair to “include IP addresses, times, and any other identifying information,” including e-mail addresses, physical addresses, registered accounts, and Indymedia readers’ Social Security Numbers, bank account numbers, credit card numbers, and so on.

The sweeping request came with a gag order prohibiting Clair from talking about it. (As a constitutional matter, courts have found that recipients of such orders must at least be allowed to discuss them with attorneys in order to seek advise about their legality, but the subpoena contained no notice of that fact.) Justice Department officials tell McCullagh that the request was never reviewed directly by the Attorney General, as is normally required when information is sought from a press organization. Clair did tell attorneys at the Electronic Frontier Foundation, and  when they wrote to U.S. Attorney Timothy Morrison questioning the propriety of the request, it was promptly withdrawn. EFF’s Kevin Bankston explains the legal problems with the subpoena at length.

Perhaps ironically, the targeting of Indymedia, which is about as far left as news sites get, may finally hep the populist right to the perils of the burgeoning surveillance state. It seems to have piqued Glenn Beck’s interest, and McCullagh went on Lou Dobbs’ show to talk about the story. Thus far, the approved conservative position appears to have been that Barack Obama is some kind of ruthless Stalinist with a secret plan to turn the United States into a massive gulag—but under no circumstances should there be any additional checks on his administration’s domestic spying powers.  This always struck me as both incoherent and a tragic waste of paranoia. Now that we’ve had a rather public reminder that such powers can be used to compile databases of people with politically unorthodox browsing habits, perhaps Beck—who seems to be something of an amateur historian—will take some time to delve into the story of COINTELPRO and other related projects our intelligence community busied itself with before we established an architecture of surveillance oversight in the late ’70s.

You know, the one we’ve spent the past eight years dismantling.

Cause for Alarm in Iraq, or Just a Ripple?

Najim Abed al-Jabouri, former mayor of Tal Afar, has a piece in the Times that seems like cause for alarm:

Both the military and the police remain heavily politicized. The police and border officials, for example, are largely answerable to the Interior Ministry, which has been seen (often correctly) as a pawn of Shiite political movements. Members of the security forces are often loyal not to the state but to the person or political party that gave them their jobs.

The same is true of many parts of the Iraqi Army. For example, the Fifth Iraqi Army Division, in Diyala Province northeast of Baghdad, has been under the sway of the Islamic Supreme Council of Iraq, the Shiite party that has the largest bloc in Parliament; the Eighth Division, in Diwaniya and Kut to the southeast of the capital, has answered largely to Dawa, the Shiite party of Prime Minister Nuri Kamal al-Maliki; the Fourth Division, in Salahuddin Province in northern Iraq, has been allied with one of the two major Kurdish parties, the Patriotic Union of Kurdistan.

More recently, the Iraqi Awakening Conference, a tribal-centric political party based in Anbar Province (where Sunni tribesmen, the so-called Sons of Iraq, turned against the insurgency during the surge) has gained influence over the Seventh Iraq Army Division, which was heavily involved in recruiting Sunnis to maintain security in 2006.

Hadi Mizban/Associated PressHadi Mizban/Associated Press

Now, via Spencer Ackerman, we find out that there may be support for al-Jabouri’s fear that “these political schisms are partly responsible for coordinated terrorist attacks like those on Sunday or the so-called Bloody Wednesday bombings of Aug. 19, which killed more than 100.”  61 Iraqi army and police officers were just arrested in connection with Sunday’s blasts, part of the effects of which you see over there on the side of the post.

Al-Jabouri writes ominously that

in a little more than two years, the United States drawdown of forces will be complete.  In that time, the Iraqi security forces can go further in the direction of ethno-sectarianism, or they can find a new nationalism.  True, the status quo offers a temporary balance of power between the incumbent parties, likely providing relative peace for the American exit. But deep down, ethno-sectarianism creates fault lines that terrorist groups and other states in the Mideast will exploit to keep Iraq weak and vulnerable. The better alternative is to reform and gain the confidence of Iraqis. The people will trust the security forces if they are seen as impartial on divisive political issues, loyal to the state rather than to parties, and if they embody the diversity and tolerance that we Iraqis have long claimed to be a defining characteristic.

President Bush was making a good point in 2005 when he said on al Arabiya that “the future of Iraq depends upon Iraqi nationalism and the Iraq character – the character of Iraq and Iraqi people emerging.” I think this overall point is right and fundamentally unanswered, at least according to al-Jabouri.  Barbara Walter, one of the leading academics studying civil wars, wrote in August that Iraq would likely melt down if U.S. troops left, worrying about what she called “the settlement dilemma”:

Combatants who end their civil war in a compromise settlement – such as the agreement to share power in Iraq – almost always return to war unless a third party is there to help them enforce the terms. That’s because agreements leave combatants, especially weaker combatants, vulnerable to exploitation once they disarm, demobilize and prepare for peace. In the absence of third-party enforcement, the weaker side is better off trying to fight for full control of the state now, rather than accepting an agreement that would leave it open to abuse in the future.

Finally, al-Jabouri’s “better alternative” seems to amount to praying for a miracle.  It’s not clear what can make Iraqis come to perceive sectarian security forces as “impartial on divisive political issues, loyal to the state rather than to parties,” and fundamentally national rather than sub-national.  (Perhaps I was suckered once again by Bill Kristol when he told me in January of this year that George W. Bush’s greatest achievement was “winning the war in Iraq.”)

Given the enduring sectarianism and the relative weakness of Iraqi nationalism al-Jabouri describes, it could be interesting or even scary to see what hatches out of the egg we’ve been perched atop for the last six and a half years.

Update: I neglected to include a link to Nir Rosen’s detailed Boston Review piece on the changing nature of inter- and intra-sectarian political allegiances in Iraq.  It’s definitely worth reading, for people interested in the issue.