Topic: Foreign Policy and National Security

Fake Boarding Pass Generator Underscores ID Woes

By
Jim Harper

Yesterday, the blogosphere crackled with news that ‘net surfers could use a website to generate fake boarding passes that would enable them to slip past airport security and gain access to airport concourses. The news provides a good opportunity to illustrate a credentialing (and identity) system, how it works, and how it fails.

It’s very complicated, so I’m going to try to take it slowly and walk through every step.

The Computer Assisted Passenger Prescreening System (CAPPS) separates commercial air passengers into two categories: those deemed to require additional security scrutiny — termed “selectees” — and those who are not. When a passenger checks in at the airport, the air carrier’s reservation system uses certain information from the passenger’s itinerary for analysis in CAPPS. This analysis checks the passenger’s information against the CAPPS rules and also against a government-supplied “watch list” that contains the names of known or suspected terrorists.

Flaws in the design and theory of the CAPPS system make it relatively easy to defeat. A group with any sophistication and motivation can test the system to see which of its members are flagged, or what behaviors cause them to be flagged, then adjust their plans accordingly.

A variety of flaws and weaknesses inhabit the practice of watch-listing. Simple name-matching causes many false positives, as so many Robert Johnsons will attest. But the foremost weakness is that a person who is not known to be a threat will not be listed. Watch-listing does nothing about people or groups acting for the first time.

In addition, a person who is known and listed can elude the system by using an alias. The use of a false or synthetic identity (and thus an inaccurate boarding card) could assist in this. But the simplest wrongful use of this fake boarding card generator would be to make a boarding card that allows a known bad person to receive no more security scrutiny than all the good people.

When CAPPS finds that a passenger should be given selectee status, this is transmitted to the check-in counter where a code is printed on the passenger’s boarding pass. At the checkpoint, the boarding pass serves as a credential indicating that the person is entitled to enter the concourse, and also indicating what kind of treatment the person should get — selectee or non-selectee. The credential is tied to the person bearing it by also checking a government-issued ID.

In a previous post, I included a schematic showing how identification cards work (from my book Identity Crisis). This might be helpful to review now because credentials like the boarding pass work according to the same three-step process: First, an issuer (the airline) collects information, including what status the traveler has. Next, the issuer puts it onto a credential (the boarding pass). Finally, the verifier or relying party (the checkpoint agent) checks the credential and accords the traveler the treatment that the credential indicates.

Checking the credential bearer’s identification, a repeat of this three-step process, and comparing the names on both documents, ties the boarding pass to the person (and in the process imports all the weaknesses of identification cards).

Each of these steps is a point of weakness. If the information is bad, such as when a malefactor is not known, the first step fails and the system does not work. If the malefactor is using someone else’s ticket and successfully presents a fake ID, the third step has failed and the system does not work.

The simple example we’re using here breaks the second step. A person traveling under his own name may present a boarding pass for the flight for which he has bought a ticket — but the false boarding pass he presents does not indicate selectee status. He has eluded the CAPPS system and the watch list.

The fake boarding pass generator does not create a new security weakness. It reveals an existing one. Though some people may want to, it’s important not to kill the messenger (who, in this case, is a Ph.D. student in security infomatics at Indiana University who created the pass generator to call attention to the problem). As I’ve said before, identity-based security is terribly weak. Its costs — in dollars, inconvenience, economic loss, and lost privacy — are greater than its security benefit.

Hopefully, the revelation that people can use fake boarding passes to elude CAPPS and watch-lists is another step in the long, slow process of moving away from security systems that don’t work well, toward security systems that do. Good security systems address tools and methods of attack directly. They make sure all passengers on an airplane lack the capacity to do significant harm.

Topics: 
Cato Publications, Foreign Policy and National Security, Regulatory Studies, Telecom, Internet & Information Policy

Staying the Course: 2006

By
Gene Healy

At one point, we needed to stay in Iraq to establish a beachhead of liberal democracy in the Arab world. Today, if you listen to some of the war’s strongest supporters, our goals are considerably less inspiring. Here’s Frederick Kagan from today’s Washington Post:

The presence of American troops is vital to restraining Iraqi soldiers – the Iraqis know not to participate in death squad activities when Americans are around. The fact that large numbers of U.S. troops are not embedded with the Iraqi police is a main reason for the participation of those forces in the killings. When the U.S. troops go, the Iraqi army will probably go the same way.

And here’s Reuel Marc Gerecht writing in the Weekly Standard:

staying in Iraq ought to be a compelling choice…. We–not the Iraqis–need to lead a major effort to break the Sunni insurgency. We–not the Iraqis–must police the Shiite-dominated security services to ensure they don’t slaughter the Sunnis, especially as we and a Shiite-dominated army with an important Kurdish contingent make a more serious effort to control Baghdad, Ramadi, and the centers of Sunni resistance. We need to keep building up a Shiite-dominated Iraqi army and slowly deploying it in ways that it can handle–with integral American involvement, as at Tal Afar. We should expect a few Iraqi governments to collapse before we start seeing real progress. Yet our presence in Iraq is the key to ensuring that Shiite-led governments don’t collapse into a radical hard core.

This may be too much for the United States now. It certainly appears to be too much for the Democrats. We would have all been better off if President Bush and his team had done what Senator John McCain advised back in 2004, when the insurgency started to rip: Tell everyone that the war would be long and hard, and pour in more troops. If we no longer have the stomach for this fight–and it’s going to be ugly, with few sterling VIP Iraqis who will make us proud–then we should at least be honest with ourselves. Leaving Iraq will not make our world better. We will be a defeated nation. Our holy-warrior and our more mundane enemies will know it. And we can rest assured that they will make us pay. Over and over and over again. (Emphasis added).

We’re no longer fighting to create a democratic Iraq that will be an example to the Muslim world. Now we’re supposed to fight to put down the Sunnis while using the other hand to hold back the Shiites from doing it an overly zealous and gory fashion. In the best-case scenario, what rickety government we keep standing will not be one to make us proud, as Gerecht puts it. These are the war’s supporters. This is the case for staying. Not something I’d want my kid or yours to die for.

But any other course, Frederick Kagan declares, would be “morally contemptible”: “Both honor and our vital national interest require establishing conditions in Iraq that will allow the government to consolidate and maintain civil peace and good governance.” Which is a bit cheeky. One might wish for a little less moral bombast and a little more humility when being lectured on matters of honor and vital national interest from one of the people who helped lead us into the biggest foreign policy disaster in three decades.

But put that aside. We need to stay, Kagan says, to help the nascent Iraqi government “consolidate and maintain civil peace and good governance,” a phrase that comes just three paragraphs after Kagan tells us we need to stay because the Iraqi police forces are carrying out sectarian murders and the Iraqi army would quickly turn to “death-squad activities” but for our supervision.

“Civil peace.” “Good governance.” Through what method of social alchemy are our soldiers going to transform the army and the police force into institutions that even aim at providing those goods, let alone institutions capable of providing them? How long will that transformation take, and can that goal possibly be achieved? If it can’t, how moral is it to ask more Americans to die for it?

Topics: 
Foreign Policy and National Security, General

The End of Fidel Castro?

By
David Boaz

NPR has a report this morning that it’s looking more and more like Fidel Castro is terminally ill and will not return to power. NPR and Reuters both suggest that younger brother Raul Castro may open up the economy and even the political system to some extent.

Meanwhile, after 47 years of tyranny, some leftists still revere the Cuban dictator. A “colossal portrait” depicting Castro as “a champion of civil rights” will be unveiled in Central Park on November 8.

Topics: 
Foreign Policy and National Security, General, International Economics and Development, Law and Civil Liberties

Should Government Identity Documents Use RFID?

By
Jim Harper

Interesting question - and perhaps simpler than many people think. 

Back in June, the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee (on which I serve) published a draft report on the use of RFID for human tracking.  (“RFID” stands for radio frequency identification, a suite of technologies that identify items - and, if put in cards, track people - by radio.)  The report poured cold water on using RFID in government-mandated identity cards and documents.  This met with some consternation among the DHS bureaus that plan to use RFID this way, and among the businesses eager to sell the technology to the government.

Despite diligent work to put the report in final form, the Committee took a pass on it at its most recent meeting in September - nominally because new members of the Committee had not had time to consider it.  The Committee is expected to finish this work and finalize the report in December.

But skeptics of the report continue to come out of the woodwork.  Most recently, the Center for Democracy and Technology wrote a letter to the Privacy Committee encouraging more study of the issue, implicitly discouraging the Committee from finding against RFID-embedded government documents.  CDT invited ”a deeper factual inquiry and analysis [that] would foster more thoughtful and constructive public dialog.”

If the correct answer is ”no,” do you have to say “yes” to be constructive? RFID offers no anti-forgery or anti-tampering benefit over other digital technologies that can be used in identification cards - indeed it has greater security weaknesses than alternatives.  And RFID has only negligible benefits in terms of speed and convenience because it does not assist with the comparison between the identifiers on a card and the bearer of the card.  This is what takes up all the time in the process of identifying someone.   (If that’s too much jargon, you need to read my book Identity Crisis: How Identification is Overused and Misunderstood.)

I shared my impression of CDT’s comments in an e-mail back to Jim Dempsey.  Jim and CDT do valuable work, but I think they are late to this discussion and are unwittingly undermining the Privacy Committee’s work to protect Americans’ privacy and civil liberties. My missive helps illustrate the thinking and the urgency of this problem, so after the jump, the contents of that e-mail:

Jim:

I’ve had time now to read your follow-up comments on the Department of Homeland Security Privacy Committee’s draft report on RFID and human tracking, and you and I have spoken about it briefly.  I wanted to offer a response in writing, and make my thinking available to others, because you and CDT are important figures in discussions like this.

First, I think it’s important to put the burden of proof in the right place.  When DHS proposes a change as significant as moving to radio-frequency-based (RF), digital human identification systems, the burden of proof is on the DHS to show why they should be adopted.  The burden is not on the Committee to show why they should not.

The use of digital methods to identify people is a sea change in the process of identification.  You know well, because you have written on these subjects extensively, that digital technologies make it very easy to collect, store, copy, transfer, and re-use personal information.  The leading identification systems being proposed and deployed for use on Americans are not just digital – they go a step further and use radio frequency technology of various stripes. 

Digital identification systems, such as the government-mandated RF systems we discuss generally in the report, have entirely different consequences for privacy from the analog and visual identification methods primarily used in government ID up to this point.  We begin to explore these consequences in the report. 

The report tries to confine itself to the concerns created by the addition of RF because trying to reach all the concerns with government-mandated digital ID systems is such a formidable task and because RF systems are the leading ones under consideration and development. 

Which brings me to a second important point: These systems are being designed, built, and implemented right now

The DHS components that want to use RFID to track people are not awaiting the study or studies you propose.  The Privacy Committee’s role is to call out important privacy issues at relevant times and the draft report on using RFID for human tracking does that. 

If you wish to step back and ponder the issues, you are welcome to, but the inference I draw from your letter – that we should delay or suspend the Committee’s report on use of RFID for human tracking – would make the Committee a full participant in a program planning scenario we see too often in Washington, D.C.:  “Ready … fire … AIM!”

As you point out, the draft report does not reach every concern with every system, nor the detailed differences among them.  But it is not the job of the Committee to perform the in-depth study or studies you suggest. That is the job of the Department of Homeland Security components that seek to deploy these systems.

The members of the drafting subcommittee sought information about these systems and the privacy issues associated with them, and considered everything we were told and given by industry, privacy advocates, members of the public, and DHS components.  The information we have leads us fairly and accurately to conclude that the merits (and, through cost-benefit comparison, the net benefits) of these systems have not been shown.

I won’t belabor the specifics of all you invite the Committee to study in your comments, but I was particularly struck by your challenge to us to substantiate the following statement from the draft report:  “Without formidable safeguards, the use of RFID in identification cards and tokens will tend to enable the tracking of individuals’ movements, profiling of their activities and subsequent, non-security-related use of identification and derived information.”

Jim, we have yet to see an RF human identification system that does not collect and store information about every American subject to it for at least 75 years. You know that data collections this deep, held for periods of time this long, tend to find new, unanticipated, and often undesirable uses.  This is but one of the concerns with these systems.

Your letter is awfully sanguine for an organization that advocates for civil liberties and democratic values.  If CDT plans to do a “full and objective” assessment of RFID’s use in human tracking, I would be happy to help bring you up to speed.

 

Jim Harper
Director of Information Policy Studies
The Cato Institute

Topics: 
Cato Publications, Foreign Policy and National Security, Law and Civil Liberties, Telecom, Internet & Information Policy

Learning the Right Lessons from Iraq

By
Gene Healy

Like “Who Lost China?” in 1949-50, “How Did We Lose Iraq?” may dominate foreign policy debates in the years to come.  The consensus answer that seems to be emerging, in books like Woodward’s State of Denial and Rajiv Chandrasekaran’s Imperial Life in the Emerald City, is “through the Bush administration’s incompetence.”

And there’s certainly something there.  My lord, is there ever.  The Woodward book is an appalling chronicle of bureaucratic flight from responsibility.  It’s Halberstam’s Best and the Brightest repeating itself as farce.  It’s Dilbert plus guns, bombs, and death–and minus the laughs.

In Woodward’s telling, in the run-up to the war, those few officials who understand what an enormous task the U.S. government was contemplating aren’t listened to.  The question “what is to be done?” vanishes in a flurry of powerpoint presentations, interminable and directionless meetings, and interbranch squabbling. The month before the invasion General Jay Garner, tasked with heading up the postwar occupation authority, gathered some 200 people for a weekend-long planning and rehearsal session.  One participant analyzed the conference in a 20-page report, concluding that “the conference did not take up the most basic issue: What sort of future government of Iraq do we have in mind and how do we plan to get there?”    

And if you read the excerpts from Chandrasekaran’s book that ran in the Post, you’ll come away with the impression that the Bush administration decided to staff the Coalition Provisional Authority with back-benchers from a Grover Norquist meeting.  Applicants for positions in the interim occupation authority in Iraq had to pass muster with Pentagon political appointee Jim O’Beirne, husband of the National Review’s Kate O’Beirne, and according to Chandrasekaran:

O’Beirne’s staff posed blunt questions to some candidates about domestic politics: Did you vote for George W. Bush in 2000? Do you support the way the president is fighting the war on terror? Two people who sought jobs with the U.S. occupation authority said they were even asked their views on Roe v. Wade

A 24-year-old Yalie/former White House intern ends up in charge of Baghdad’s stock market; Michael Ledeen’s 28-year-old daughter ends up as one of the people in charge of a $13 billion budget… and on and on.    

If you don’t have the stamina for either book, then the Frontline documentary Jerry Taylor mentions below is well worth watching.  Streaming video available here.

Both the Woodward book and the Frontline documentary blast CPA administrator Jerry Bremer for giving the orders to cashier the army and purge even low-level Baathists from government employment (orders that apparently came from Rumsfeld, in any event). A top CIA official and Bremer’s predecessor, Jay Garner, warned Bremer that the orders could cause up to 50,000 people, many of them heavily armed, to become enemies of the occupation authority.  Bremer gave the order anyway, and shortly thereafter the insurgency greatly intensified. 

A few months after leaving Iraq, Bremer, who appears to lack a sense of irony, agreed to a profile in the Washington Post Food Section touting his skills as a chef.  Apparently Bremer makes a heck of a “Fontainebleau with Pomegranate molasses.”   As Francie Bremer, his wife, notes in the article, “When Jerry goes at something 100 percent, you just have to stand back.”  Indeed.

But is it fair to place so much of the blame for our current predicament on Bremer?  Disbanding the army sure seems like a bad idea.  But would the Shiites, who, but for the Sadr uprising in 2004, have not been in open rebellion against the occupation, have been so cooperative if the U.S. left the Sunni-dominated army and Baath party intact? I don’t know.  I haven’t even had the two-week crash course in Iraqi politics that Bremer apparently put himself through after getting the nod.  But here’s a paper [.pdf] from the U.S. Army War College’s Strategic Studies Institute raising the question.  The authors write that

measures friendly to the Sunni would have caused serious trouble within the Shia communities whose cooperation was indispensable for the success of the American effort. … Indeed, if more conciliatory gestures toward the Sunni had been paired with aggressive moves to disarm the Shia militias, the dangers of a Shia insurgency would have been very considerably enhanced. Splitting the difference between rival groups is a logical strategy in polities accustomed to resolving conflicts through tolerance, negotiation, compromise, and restraint, but where irreconcilable demands exist, the result of this method may simply be to alienate both sides.

(hat tip: Chris Preble.)

And is it fair to suggest, as the emerging conventional wisdom seems to, that the administration’s failure to appoint qualified people has led to the current humanitarian disaster in Iraq?  For what it’s worth, CPA official Dan Senor argues that the Chandrasekaran book is a biased account that ignores the many highly qualified officials that CPA had on staff.

And maybe he’s right.  The point is, this stuff is hard.  If you can’t be talked out of it, then it’s best to appoint the most qualified people.  But would a CPA led by the finest Arabists at State have successfully navigated us toward a functioning democracy?  They would still have faced a country that’s the creation of the British Empire’s arbitrary mapmakers, a state with three nations and little common ground.  They’d still have been faced with the task, as alien outsiders, of forging a national reconciliation between groups that do not appear to be ready for it.  Is there any reason to suppose that the United States government is going to be good at that sort of thing?

That’s why I’m leery of the emerging conventional wisdom.  It smacks of John Kerry’s confused position during the 2004 campaign: “I was (sort of) for the Iraq War.  But I’m firmly against screwing it up.”  Well who isn’t?  But if the lesson we learn about this shameful mess is simply that we ought to appoint better people to run the occupation in our next “war of choice”, then we won’t have learned much at all. 

Topics: 
Foreign Policy and National Security

Criminal Negligence in Iraq

By
Jerry Taylor

OK, keeping up with energy and enviro related insanity is so difficult that sometimes, it’s easy to fall behind on the newspapers.  So over the weekend, I tried mightily to catch up on unread issues from the past week of The New York Times.  That explains why I’m so late to catch this amazing review of PBS’s Frontline “The Lost Years in Iraq,” which was published last Tuesday.

Unfortunately, I missed the show, which likewise aired on Tuesday.  But here’s a quote from the New York Times review:

Certainly some of the [Iraq Reconstruction Group] staff members seemed a bit underqualified.  Colonel Hammes recalls that the person given the job of planning for [Iraqi] prisons and police was 25 and that this was his first job after college.  He didn’t worry about having a staff of only four, the young appointee said, because they were all his fraternity brothers.

This is jaw dropping stuff.  If I were a Congressman and this information had crossed my desk back in 2003, I would have submitted articles of impeachment of President Bush right then and there.  This is criminal negligence and incompetence so amazing that words can’t do the matter justice.

Gotta go back and catch that show. 

Topics: 
Foreign Policy and National Security, General, Government and Politics

O’Reilly Interviews Bush

By
Tim Lynch

Bill O’Reilly got an exclusive interview with President Bush recently. The second and third segments were the most interesting to me.

In the second segment, O’Reilly asks some pretty good questions about torture, such as: How can anyone make a judgment about your policy when it’s all kept secret? Bush repeats his point that the terrorists can’t be told. O’Reilly could have followed up with: “But it’s out there already, isn’t it?”

During the same segment, Bush says when his agents pick up people from the battlefield, he wants to know what they know. O’Reilly should have followed up with: “But to be clear, sir, when you say “battlefield,” you mean any person picked up anywhere, right? So if an American citizen is arrested in Chicago, you are saying that you can employ “tough tactics” against him just on your own say-so, right?

The third segment of the interview is about Iraq. Here Bush restates his case, as you would expect. Still interesting. He seems to believe that having a clearly stated goal is the key to victory. He has established the objective and he believes the finest military in the world can find a way to achieve it. But later Bush says something like ”ultimately, it is up the Iraqi people.” O’Reilly could have followed that up by saying something like: ”Yeah, but that means the Iraqi people might opt for an endless civil war instead of a peaceful political process, right? If they go that route, we get out, right?”

Topics: 
Foreign Policy and National Security, Law and Civil Liberties

Pages