Topic: Telecom, Internet & Information Policy

Nuclear Smuggling Ring Had Advanced Plans - This Relates to Your Privacy

A year ago, in some jest, I announced a new law (as in “of physics”) on the TechLiberationFront blog. “Harper’s Law” states, “The security and privacy risks increase proportionally to the square of the number of users of the data.” This rule generalizes to all information in digital form, and the suspected release of nuclear plans to the A.Q. Khan nuclear smuggling ring illustrates this well.

It is very difficult to control digital information - on any subject and in any context. It’s like a volatile gas: once it escapes whatever container or capsule you may have enclosed it in, you’re not getting it back. (Well, you’ll still have it but you won’t be able to deprive others from having it.) Nuclear plans, bomb-making plans, and the like will be very hard to contain, and relying on control of this kind of information for national or homeland security will be an unreliable protection.

Likewise, a poor way to protect privacy is to rely on rules about how information is used after it has been collected. If you really want privacy, you must never reveal the information you want to keep private. I’ve written a couple of times where various public officials have sought to redefine privacy so that it is consistent with their having access to personal information. Can’t be done.

In close relation are the large, personal-information-intensive programs that the federal government has been trying to develop. For example, our national ID law, the REAL ID Act, would put sensitive personal information and scanned identity documents into nationally accessible databases. Yet identity security requires keeping much of this information from being public. You can’t have both.

E-Verify would use names paired with Social Security Numbers as identifiers in a national immigration background check system, yet it would rely on the inaccessibility of this information to the public for security against fraud. Can’t happen. (DHS is seeking access to Americans’ driver’s license and passport pictures, hoping to shore up this weakness, but watch for all the new problems that emerge when digital copies of the photographs on our identity documents escape into the wild.)

Harper’s Law extends to other issue areas as well, like copyright. It is very hard for copyrights in popular content to be enforced, and it will get harder. Artists and the entertainment industry are in a real bind trying to control access to information that they must also widely distribute. See Cato Unbound’s “Future of Copyright” discussion, going on now, for more interesting thinking in this area.

There you have it: advanced nuclear plans, databases of personal information, and copyright law are all peas in a pod to me.

What Do You Call the Ring in a Bull’s Nose? Perhaps “KST”?

While the country moves forward with increasing confidence in its ability to meet the security challenges posed by terrorism, the administration seems still utterly, utterly spellbound.

Take, for example, National Security Presidential Directive 59/Homeland Security Presidential Directive 24. Issued June 5th, it (take a breath … wait for it …) “establishes a framework to ensure that Federal executive departments and agencies … use mutually compatible methods and procedures in the collection, storage, use, analysis, and sharing of biometric and associated biographic and contextual information of individuals … .”

That means, roughly, “Let’s get our act together on biometrics and biometric surveillance, people!”

The directive uses a set of initials I hadn’t come across before: “KST.” This stands for “known and suspected terrorists.” As in, we’re going to “collect, store, use, analyze, and share biometrics to identify and screen KSTs and other persons who may pose a threat to national security.”

Now, to be clear, there are terrorists, and there may be some in the country - terrorist precursors, perhaps. But I don’t think there are enough of them, or enough danger from them, to merit awarding them their own initials. Even in acronym- and initial-happy Washington, D.C., these things are reserved for things of greater significance.

This reveals the thrall in which the administration is still held by terrorism. “We’re not up against a few small bands of sociopathic ideologues. No, we’re up against a movement with all the power of our ‘FBI’, ‘CIA’, ‘DoD’, and ‘DoJ’.”

I’ve posted here before about terrorism as a strategy, suggesting certain counter-strategic behaviors. Terrorists gain by drawing attention to themselves, wrapping themselves in the romance of rebellion, and being seen as legitimate rivals to their enemies. By dubbing the threat “KST,” the administration grants terrorists that legitimacy. It tells audiences ideologically and physically near terrorists that we’re still scared, which does terrorists a tremendous favor. (I, for one, am not scared; I’m embarrassed.)

On the merits, biometrics are occasionally necessary, but essentially impotent against the well-known technique of using “clean-skin” terrorists (see, e.g., 9/11, Oklahoma City). The NSPD/HSPD doesn’t appear to have a lot of substance other than to promote more ferment and federal spending on biometric surveillance technology.

Defeating Terrorism Without Terrorizing Ourselves

I recently finished reading Michael Sheehan’s new book Crush the Cell: How to Defeat Terrorism Without Terrorizing Ourselves. It jibes with much of what I think about terrorism and terrorism counterstrategy, but there’s more than that to recommend it.

Sheehan has extensive, on-the-ground experience in counterterrorism operations and policy in the federal government, in the military, at the UN, and in New York City, where he did the work that he is obviously the most proud of. The book overflows with recollections and opinions from someone who has been working on fighting terrorism for many years. This focus almost guarantees differences of opinion with someone like me, whose focus is limited government and protection of liberty, but the differences are profitable to explore.

For example, Ben Friedman and I both credited the recent Rolling Stone article arguing that domestic terrorism threats are overblown. Much derision has been poured on domestic terror threats like the “Lackawanna Six” and their obvious incompetence. But Sheehan has a different take:

The case of the Lackawanna Six is an interesting one. To some, these were just some suburban boys who were wanna-be jihadists—certainly not terrorists. But let’s take a closer look. Six young men who grew up in Lackawanna, New York, a small town outside of Buffalo, were inspired to form an al Qaeda cell by a man named Kamal Derwish in the spring of 2001… . All six went to Afghanistan and attended the al Qaeda camps, where they met bin Laden and were very much aware of his responsibility for the East African bombings and that of the USS Cole.

Derwish, a proven fighter and recruiter, was meanwhile sent on to advanced training. While he was gone, it appears that the others’ enthusiasm waned. They returned to the United States, while Derwish, upon completion of his higher training, went back to Yemen. In Yemen, Derwish found himself in the wrong place at the wrong time… . No one knows what that cell might have become if Derwish had returned to the United States to organize them. But these were not the innocent travelers that they’ve been portrayed by some to be.

A good point, and the foundation of Sheehan’s theme: crush the cell. Relative incompetents like the Lackawanna Six and the “muscle hijackers” of 9/11 can be pretty dangerous when activated by a well-trained leader like Mohammed Atta. An essential part of counterterrorism is to crush the cell before they reach that stage.

How do you do that? Sheehan has lots to say about how not to:

Soon after 9/11, the National Counterterrorism Center (NCTC) was created, and a new building was constructed a few miles down the road from the CIA to house its staff. But that wasn’t enough. Later, Congress created the position of Director of National Intelligence (DNI), whose staff was charged with supervising and integrating all other intelligence-gathering agencies: more bureaucracy to manage the swollen intelligence monolith. It was a classic Washington solution to a problem: create a new agency, hire more bureaucrats, and increasingly outsource the work to contractors.

The cost of these new organizations is absolutely staggering, but I’ve yet to see how they’ve appreciably helped the so-called war on terror.

Instead of all this bureaucracy, Sheehan argues for focused intelligence work, about which he has a lot of stories and information to share. There are gems (and a few lumps of coal) throughout the book.

Insight into the economics of security shines through, for example, when he tells the story of the intense inspection his rental car gets at the entrance to the Marine Annex near the Pentagon, comparing it to the Sheraton across the street:

[S]ince 9/11, the military has had an almost unlimited budget … . The Pentagon cites the targeting of U.S. military facilities as the reason for tight security. But hotels have been attacked by terrorists around the world as well, and at least as often as U.S. military bases. But because the hotel has to pay for its own protection, security there is almost nil.

From the coal department, Sheehan casually endorses a national ID card, saying it would “go a long way in controlling who we allow in our midst.” His is not the only good, insightful book on counterterrorism I’ve read that throws in a pro-national ID sentiment at the back end. I think that, given time to do it, folks who recognize the futility of inspecting every shipping container or patrolling every inch of our land and sea borders would recognize the same dynamics at play in trying to use a national ID system for security against terrorism.

But that difference and differences on signals intelligence and eavesdropping are things to work on and discuss as we join in defeating a key product of the terrorism strategy: self-injurious overreaction. Time and again in his book Sheehan emphasizes the importance of avoiding fear and overreaction while crushing terror cells. This is a notion about which lifelong security people and advocates for limited government can speak in unison.

North Carolina: REAL ID Implementation on Hold

North Carolina is not one of the states that has joined the REAL ID Rebellion. By all accounts, it was plodding along, getting ready to implement the federal government’s national ID mandate.

But now comes news that the changes North Carolina had planned are on hold. “ ‘The Real ID Act is pretty much at a standstill nationwide,’ said Marge Howell, a spokeswoman for the Division of Motor Vehicles,” according to one report:

As a means of complying with the federal Real ID Act, the state DMV had planned on implementing a requirement that people who apply for a new or renewed driver’s license start producing documentation showing the motorist’s proof of identity and legal address beginning Dec. 1. That has now been delayed.

Another change, set to begin on July 1, requires the DMV to mail a motorist’s license to a residential address instead of instantly issuing a license. Howell said that program won’t go into effect statewide at the beginning of July. Instead, the DMV plans to phase that program in.

Even the compliant states are getting the message that REAL ID is a non-starter.

I recently queried whether one of the largest companies producing driver’s licenses would continue to agitate for the national ID law or embrace a diverse, competitive identification and credentialing marketplace.

ID Checks are About Control, Not Security

If there was ever any doubt that ID checks at airports are about control and not security, the Transportation Security Administration is clearing that up. Starting June 21, it says, “passengers that willfully refuse to provide identification at security checkpoint [sic] will be denied access to the secure area of airports.”

The claim is that this initiative is “the latest in a series designed to facilitate travel for legitimate passengers while enhancing the agency’s risk-based focus - on people, not things.” So let’s take a moment to look at how refusing airport access to the willful enhances security.

… OK! We’re done!

No terrorist or criminal would draw attention to him or herself by obstinately refusing an ID check. This is only done by the small coterie of civil libertarians and security experts who can’t stand the security pantomime that is airport identification checking. The rest of the people traveling without ID have lost theirs - and TSA officials at airports have no way of knowing which is which.

This new rule will do nothing to improve airport security, but watch for the incident when a TSA agent “doesn’t believe” someone who has truly lost his or her driver’s license and tries to strand a traveler in a faraway city.