Topic: Foreign Policy and National Security

Fusion Centers in Search of a Problem

Via Secrecy News: “There is, more often than not, insufficient purely ‘terrorist’ activity to support a multi-jurisdictional and multi-governmental level fusion center that exclusively processes terrorist activity.” This is from a Naval Postgraduate School master’s thesis entitled: “An Examination of State and Local Fusion Centers and Data Collection Methods.”

Though they arose to counter the terrorism threat, “fusion centers” will seek out other things to do. Programs like these are born of slogans - “connect the dots” - “information sharing” - rather than sound security thinking. In a TechKnowledge piece last year titled, “Fusion Centers: Leave ‘Em to the States,” I juxtaposed the active fusion center in Massachusetts with the hair-on-fire overreaction of the Boston Police to a guerrilla marketing campaign featuring stylized Lite-Brites.

An E-Verify Triple: That’s a De-De-Debunker

Department of Homeland Security Assistant Secretary for Policy Stewart Baker has weighed in with another post on the DHS “Leadership Journal” blog about the E-Verify system for conducting federal immigration background checks on all people hired in the United States. He takes on three supposed myths about E-Verify.

Myth 1: That E-Verify is burdensome for employers.

Baker says that E-Verify is a bit less burdensome than ordering books for the first time on Amazon.com. It would be fun to actually run that test. But just for starters, here’s the 600-word form you have to read and fill out before you even register as an employer. The word count of the Memorandum of Understanding you have to read and sign is well over 3,000 words - eight pages of legalistic instructions. Jeff Bezos! Call your bankruptcy lawyer!

Buying a book from Amazon.com doesn’t require you to check someone else’s documents, doesn’t put you at risk of violating federal law, and so on, and so on. These just aren’t comparables.

Baker’s most interesting evidence? An anonymous commenter on one of his earlier posts who just gushes about E-Verify. In fact, the first two comments on that post - both anonymous - come within nine minutes of each other. One praises E-Verify’s ease of use. The other comes from the “worker” perspective - just like a PR flack would want to have covered. Here’s the actual quote: “This E-verify system will let you know if you have a mistake that you need to correct before it is just too late for you!” So very like an infomercial …

But let’s cut to the chase: Regulators in agencies across the federal government are constantly coming with burdens on employers. Oh, they claim that each one is wafer thin, yes. But the cumulative results are disgusting.

Myth, the second: That E-Verify is discriminatory.

Critics “conjure up evil employers who disfavor certain ethnic groups when they apply government hiring rules,” says Baker. That’s not quite it. Unfortunately, rational employers would disfavor certain ethnic groups. Here’s how I put it in my paper “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration”:

With illegal immigrants today coming predominantly from Spanish-speaking countries south of the U.S. border, identity fraud and corruption attacks on the EEV system would focus largely on Hispanic surnames and given names. Recognizing that Hispanic employees—even native-born citizens—are more often caught up in identity fraud and tentative nonconfirmation hassles, employers would select against Hispanics in their hiring decisions.

But this is against the rules, protests Baker. And it’s true that the program’s rules forbid this behavior. But Baker is thinking quite a bit like the economist in this old joke:

An economist, a physicist, and an engineer are trapped on a desert island and all they have to eat is a can of baked beans. The engineer first tries to open the can by putting at an angle to the sun to try and burn a hole in it. That doesn’t work. So the physicist gets a rock and does some calculations as to how much force he would have to hit the can with to get it open. No luck. Finally, the economist turns to them both and says, “You’re doing it all wrong! What we need to do is assume we have a can opener …”

“If there are rules against it, it won’t happen.” Friends, avoid South Seas adventures with economist Stewart Baker.

Myth 3: That E-Verify does nothing about identity theft.

E-Verify does something about identity theft. You have to have a matching name and Social Security Number pair to get through the system. That makes defrauding employers harder. It will also make identity theft more profitable and more common if E-Verify goes national. Again, from my paper:

Faced with the alternative of living in poverty and failing to remit wealth to their families, illegal immigrants would deepen the modest identity frauds they are involved in today. Their actions would draw American citizens, unfortunately, into a federal bureaucratic identity vortex.

But Baker is talking about in-system fraud, and the idea of accumulating more biometric information into a national identity system. Currently, a “photo screening tool” in E-Verify shows employers the picture that was printed on DHS-issued permanent resident cards and employment authorization documents. This suppresses forgery of cards, while it may lull employers into checking the card against the computer screen - not against the worker. Whatever the case, DHS is seeking access to passport photos from the State Department and driver license photos from state governments across the country so that it can knit together a national biometric database. (Pictures are biometrics - relatively crude ones, of course. When having a picture database fails to secure against illegal immigration, they’ll move to stronger ones.)

Baker is exaggerating to say that the photo screening tool is a significant step in countering identity fraud. It’s only in very limited use, the system itself would promote identity fraud, and countering identity fraud this way requires a national biometric database, with all the privacy ills that entails. This is why we wouldn’t want E-Verify even if it was ready for prime-time.

Three myths debunked? Or three debunkings de-debunked? Secretary Baker’s commentaries are welcome because they illustrate key points of disagreement, allowing you, the American public, a fuller view into the issues at stake.

No End In Sight

According to this site, the Iraq correspondent Richard Engel’s book has some pretty startling words from the Commander-in-Chief in it. Try a few of these on for size:

  • “This is the great war of our times. It is going to take forty years,’” [Bush told Engel]. Bush said in forty years the world would know if the war on terrorism, and conflicts in Iraq and Afghanistan, had reduced extremism, helped moderates, and promoted democracy.
  • Bush admits to Engel that going to war was a decision based on his personal instinct and not on any long-range strategy for the Mideast: “I know people are saying we should have left things the way they were, but I changed after 9/11. I had to act. I don’t care if it created more enemies. I had to act.”
  • Bush tells Engel that the election of Hamas was actually a positive development because it pressured Palestinian Authority chairman Mahmoud Abbas to make reforms: “I think the election of Hamas was a good thing. It proved to Abbas he was failing. I told Abbas, ‘You lost the election because you aren’t providing for your people, jobs, education, what people want.’ Now they know they have to compete.”

Looks like there will be lots to chew on in there. And we’ve got at least 35 or so more years to chew on it.

Cyber-Alarm!

Shane Harris’ National Journal cover story on the Chinese “cyber-invasion” is meant to alarm us. The story claims that Chinese hackers doing their government’s bidding are stealing our secrets and maybe felling our power grids. It quotes US officials comparing the consequences of cyber-attacks to those of nuclear weapons. The cover depicts a red dragon crawling on to an American shore. A subtitle sees “a growing threat.”

Don’t burn your wireless card yet though. There may be a US cyber-panic, but the Chinese cyber-threat is overblown.*

The most shocking and least plausible claim in the article is that Chinese hackers caused the massive blackout in 2003 and a recent power outage in Florida. I’m not an expert on cyber-security, so I’ll leave it to Bruce Schneier and Wired blogger Kevin Poulsen to attack this theory.

But anyone can see dodgy sourcing. Harris’ blackout scoop comes from the former president of something called the Cyber Security Industry Alliance who claims that he heard it from intelligence sources. In support of this contractor’s claim, the article quotes a bunch of federal officials paid to combat cyber-threats. They say, essentially, “Yes, it’s possible the Chinese did this, but we can’t say more.” Technical details aren’t included. It’s a secret, we’re told. The article only briefly discusses the very plausible explanations for both blackouts that don’t involve Chinese hackers. In the 2003 case, at least, that multi-causal story is backed by extensive investigations on the public record.

Another problem is the article’s uncritical acceptance of the claim that the Chinese government employs a hacker militia to attack US websites. No evidence is offered beyond the assertions of an intelligence official employed to combat cyber-threats, a security contractor who works for such officials, and one consultant / analyst. No doubt there are lots of Chinese hackers breaking into US networks. After all, there are lots of Chinese. But why should we believe that these hackers are agents of the Chinese state rather than bored teenagers in internet cafés? However malicious its intent, why would the Chinese government want to outsource its espionage to a bunch of underemployed programmers?

The story also reports on several Chinese efforts to steal information from US corporate executives and government officials. These stories are plausible – but two caveats could have been highlighted. First, our military and intelligence agencies almost certainly hack into Chinese networks and steal information. Second, there is no official claim in this story or elsewhere, despite all the sound and fury, that Chinese hackers have broken into classified US networks and gathered useful information.

Finally, the story should have quoted someone pointing out the absurdity of the claim made by Vice Chairman of Joint of Staff Gen. James Cartwright that cyber-attacks are comparable to weapons of mass destruction attacks, which means nuclear explosions, among other things. By most definitions, cyber-attacks have been going on a long time. They have killed either no one or almost no one. Yes, one can imagine scenarios where hackers trigger mass casualties. But equating these outlandish what-ifs to a nuclear weapon is either an assault on the meaning of “mass destruction” or threat inflation of first order. (I say this despite an article/ heroic epic in the same magazine depicting General Cartwright as a kind of cross between Napoleon and Jack Welch.)

I keep reading about the cyber-war we’re supposed to be fighting with China. Reading this story, I don’t see it. There are evidently a lot of Chinese hackers (not necessarily government-sponsored), and a bunch of Chinese electronic espionage (not necessarily successful). That’s a problem, not a war.

For a sober take on these matters, read James Lewis of the Center for Strategic and International Studies.

*I’m usually a fan of the National Journal and Shane Harris’ writing in it, so I chalk this up to an off-week.

Moral Responsibilities

The editors of the New Republic say we have a “moral responsibility” to invade Burma in order to distribute disaster relief. The editors observe that no one taken seriously is seriously advocating doing this and lament:

This is, put simply, an unacceptable abdication of our moral responsibilities. Even though our standing in the world has been severely diminished by Iraq, we should at least be debating intervention in Burma. There are, no doubt, many logistical complications and unintended consequences that would follow from such a policy. But there are also reasons why it should be a live option. The goal of such an intervention need not be regime change; it should simply be to make sure that a vulnerable population receives the supplies it desperately needs. Of course, if violating the sovereignty of a murderous regime happens to undermine that regime’s legitimacy, then that would not be such a terrible result. But this does not necessarily have to be our goal.

One should not, I suppose, be too surprised that this sort of slipshod advocacy still emanates from the epicenter of liberal imperialism, a publication that was as influential as any in urging the Iraq war on the American people. (Neither should the fact that its leadership attempted to make their non-apology apology for Iraq look magnanimous.) The piece’s curtsy at post-Iraq reality is even sort of endearing, in a child-like way.

Note also the focus not on the particular policy of invading and taking responsibility for disaster relief in Burma, but rather on the importance of “debating” such a policy. After all, the New Republic’s writers aren’t going to be the ones to invade the country and deliver the aid. Rather, the important question is whether the political climate will allow for TNR’s writers to churn out tough-minded and uncompromising articles that allow them to stretch their rhetorical legs yet still keep them within the beloved Broderian mainstream of American politics.

But maybe the most disappointing point of that paragraph is that instead of the rote “to be sure” formulation, the editors chose to dodge completely the substance of the policy they’re advocating for by using the more indirect “there are, no doubt, many logistical complications…” phrasing. Write what you know, guys.

In Memory of William Odom, An Appreciation

I was saddened to learn over the weekend that Lt. Gen. William E. Odom, USA (Ret.) – a military assistant to President Carter’s National Security Adviser Zbigniew Brzezinski, head of the National Security Agency under President Reagan, and an outspoken critic of the war in Iraq – had passed away from an apparent heart attack. He was 75 years old. His obituary reveals the extent of this man’s service to his country, and hints at his intellect and independence that I had grown to admire.

I did not know Gen. Odom very well, but I valued his wisdom and insight. Whenever I encountered him at meetings or informal receptions around town, I would gravitate toward him. He graciously shared his deep knowledge of defense and foreign policy issues, accumulated over many years in the military and in Washington. He was a terrific storyteller, and always generous with his time.

In recent years, especially, I respected his enormous courage in resisting mainstream opinion with respect to Iraq. He was one of a very few individuals who spoke out against the invasion before it occurred. After Saddam’s government fell, Gen. Odom made a strong case for why an expeditious military withdrawal from the country would serve U.S. interests, while a long-term occupation would undermine them. He made such arguments well before they were politically popular. (Read or listen to his comments at a Cato policy forum last year).

I have a strong suspicion that his outspokenness did not sit him in good stead with many of his one-time friends and benefactors, but he never seemed to care. Indeed, I sensed that he took some pleasure in it. For Bill Odom, being loyal to the truth was more important than being loyal to particular persons or groups.

In that respect, at least, Gen. Odom was a rare breed in Washington. He will be sorely missed.