BP has had another agonizing failure as it tries to stop the massive oil deep under the Gulf of Mexico.
The President, meanwhile, is taking heat for the disaster and his apparent paralysis in the face of crisis. The consequences of the spill are devastating, and compensation is well beyond the resources of BP, even if the whole company is seized. The crisis deserves to be the proper focus for every resource the President can bring to bear.
The problem is that, while he's got resources, none of them really know enough about BP's business to do anything useful. So all the President can really offer BP is cheerleading, coffee, and veiled threats of indictment.
If that sounds like schadenfreude, that's not my intent. Rather, the BP crisis is giving me a sense of what cyberwar will be like. If it happens, and I think that's likely, it will be pretty ugly. As I say in Skating on Stilts,
Hostile nations are probably already seeding our privately owned infrastructure with logic bombs and malware designed to shut down critical services -- power, telecom, Internet, banks, water and sewage. Each private company has a private, and unique, network design. Each private company has a private, and unique, set of defenses and recovery plans.
"It’s not just that you could lose your life savings. Your country could lose its next war. And not just the way we’re used to losing – where we get tired of being unpopular in some third-world country and go home. I mean losing losing: Attacked at home and forced to give up cherished principles or loyal allies to save ourselves."
So when an attack occurs, if it's successful, some of those defenses will fail. Some citizens will spend days, weeks, maybe months, without power or phones or water or access to their bank. We'll be at war, under attack, hurting.
We'll look to the Commander in Chief. And he'll look pretty much the way President Obama does today.
He won't be able to send troops to protect, say, Verizon's network. His troops mostly don't have the skills, and if they do have the skills, they don't know the network. Even if a company has screwed up badly, failing to adopt basic backup and malware protections, he'll have to defer to the idiots who got us into the mess until they find a way to get us out.
Of course, by the time they do, the war may be more or less over.
So, if we expect a replay of the BP experience in the event of cyberwar, can we learn something from the current experience? Maybe.
Here are a few ideas that occur to me. First, it's often the case that private companies can quite confidently get us into trouble that they then can't fix; when that's true, we ought to be very dubious about their confident assertions that regulation is excessive or unneeded.
Second, the government needs to be much more involved in understanding the problems that companies may face in the event of a surprising crisis -- as well as the solutions. Maybe that means insisting on seeing their crisis response plans -- and evaluating and testing them. Or having a corps of private, public, or half-of-each (think Marine Corps Reserve) experts who actually can supplement company resources capably in a crisis.
Finally, perhaps we should be developing well-protected, cyberstupid government networks that can be used for critical private functions in a crisis. As the BP tragedy plays out, I hope we'll learn more.
Americans will forgive the President for being surprised and helpless this time, I think. But not the next time.
Or we could say what the hell, trust the industry reps, and keep going pretty much the way we're going now.
Then, all we'll need when the war comes is a warehouse full of pom-poms and coffee beans.
The lawyers, at least, we don't need to stockpile.
Before the fuss over Arizona's immigration law, there was a different fuss over a different Arizona immigration law.
Now the first fuss is coming back to haunt the Obama Administration, the professionals in the office of the Solicitor General, and maybe even Elena Kagan.
That first fuss was over the Legal Arizona Workers Act, a 2006 Arizona statute that (1) imposed state penalties on employers who hire illegal workers and (2) required businesses in Arizona to use E-Verify. (E-Verify is a federal database that checks the names and Social Security numbers of new hires to make sure they match and thus makes it harder for illegal immigrants to get hired using made-up names and numbers.)
The 2006 Arizona immigration law was challenged as soon as it was enacted, but it was upheld in both the district and appellate courts. The more recent Arizona immigration law, known as SB 1070, has provoked litigation and a halting boycott of Arizona.
Now the controversy over SB 1070 may affect the fate of the first law, which is in the last stages of litigation. Last year, the groups challenging the first law as preempted filed a certiorari petition. The Supreme Court asked for the views of the federal government at the beginning of the term -- on November 2, 2009. The Solicitor General has finally filed its brief, and it asks the Court to grant certiorari and strike down the Arizona law.
Here are my thoughts on the SG's filing:
But the statutory language contains no
indication that Congress intended to permit States to
undermine its own decision not to impose a blanket
mandate on all employers by allowing States to impose
just such a mandate.But the statutory language contains no indication that Congress intended to permit States to undermine its own decision not to impose a blanket mandate on all employers by allowing States to impose just such a mandate.
Maruta, or “logs,” as the Japanese scientists dubbed their victims, would be registered, given numbers, and later dragged from their cells through underground tunnels into the testing labs at the compound’s center. Here, Sheldon Harris reported, they would have to eat food laced with one of 31 germs—anthrax-filled chocolate, plague-treated cookies, typhus-infected beer—or be injected directly with deadly pathogens to determine the minimal dose required to sicken or kill them. The “logs” usually lasted only a few weeks. Some were “sacrificed” after unit officials deemed them no longer fit for scientific study. ... I recalled interviewing an elderly Japanese soldier several years earlier who told me that he had performed vivisections, without anesthetic, on naked prisoners. Describing in almost a whisper his revulsion the first time he picked up his scalpel when ordered to do so, he said that he eventually grew accustomed to the “procedure.” But his anguish suggested otherwise.Equally striking has been the reluctance of Japanese institutions to discuss the evils of biological warfare.
Franzblau has tried for years to introduce a resolution at World Medical Association meetings calling upon doctors to ask Japan to “officially repudiate Unit 731” and to explain “why physicians employed in Unit 731 have never been prosecuted for murder and crimes against humanity.” Each year, his resolution has gone nowhere. “There has never even been a debate,” he complains. The Japanese Medical Association has also remained silent, perhaps because one former president of the JMA was a Unit 731 staff member, as were former officials in many prestigious Japanese organizations.Japanese politicians and even Japanese courts have called the use of nuclear weapons on Hiroshima and Nagasaki a war crime, and the issue has provoked an intense debate in the United States. If Miller's article is correct, though, the death toll caused by Unit 731 in China may be double the number killed by atomic weapons in Japan. As I explain in Skating on Stilts, it's likely that terrorists will use biological weapons to cause mass casualties long before they acquire nukes. So we can't really afford silence and amnesia about just how loathsome biological weapons can be.
European negotiators have struck three deals on travel reservation data with the United States, and each negotiation has turned out worse for Europe than the last. So now the European Commission has proposed a fourth negotiation. Its opening position for the fourth set of talks is even less realistic than its proposals for the first three.
My personal favorite is the insistence that the US amend the Privacy Act to cover foreigners. There is little or no evidence that Americans can sue European police agencies for their handling of, say, the information they harvest whenever we check into a European hotel. Yet somehow the right to sue over data protection becomes a matter of fierce European moral urgency when it can be used to bash the United States.
According to the BBC and US researchers, we'd get more out of computer chips if we let them make more mistakes, then cleaned up the mistakes with "stochastic" software: "Silicon chips that are allowed to make mistakes could help ensure computers continue to get more powerful, say US researchers. As components shrink, chip makers struggle to get more performance out of them while meeting power needs. Research suggests relaxing the rules governing how they work and when they work correctly could mean they use less power but get a performance boost." I feel the same way about blogging.
According to the BBC and US researchers, we'd get more out of computer chips if we let them make more mistakes, then cleaned up the mistakes with "stochastic" software:
"Silicon chips that are allowed to make mistakes could help ensure computers continue to get more powerful, say US researchers.
As components shrink, chip makers struggle to get more performance out of them while meeting power needs.
Research suggests relaxing the rules governing how they work and when they work correctly could mean they use less power but get a performance boost."
I feel the same way about blogging.
Like I said, she was good, and relentlessly on message.
Host: "There has been a lot of fingerpointing about the source of attacks. Can you defend this fingerpointing now that you're out of government?"
Baker: "Well, it's unfortunate but inevitable given the massive scope of the attacks in the last decade. We are used to fingerpointing at the US, but it is striking that China is being accused so widely in places like India and Brazil. There will be an impact on the Chinese economy from these concerns."
Host: "But it's hard to present concrete evidence. Isn't this all subjective perception? Maybe the perceptions aren't right. What kind of evidence should governments provide as a matter of fairness when they make such provocative claims?"
Baker: Well, it's very hard to get perfect evidence by tracking attackers from one machine to the next. But sometimes you can look at the kinds of information that is being stolen, and ask what governments want that information; that provides a clue about who is stealing the data."
Host: "But couldn't the hackers just pretend to steal certain kinds of information to make it look like someone else had done it?"
Several people have told me that their preorders were cancelled by Amazon. That's not because of delays in delivering the book, which is likely to come out at the end of June. Instead, it appears that Amazon put up two pages for Skating on Stilts and took preorders from both of them. I'd like to think that this was the result of a frenzy of interest in the book; a single page just didn't seem like enough.
Unfortunately, to cure the problem, Amazon seems to have simply deleted one page and cancelled all orders made from that page. Works for them, but not for those who ordered early.
If that happened to you, don't worry. You can simply pre-order from the right page . And, as compensation for the hassle, you'll save 11 cents over the price you would otherwise have paid.
UPDATE: I corrected this snakebitten link. Thanks, Frank.
“Stewart Baker's provocative book draws on his experience as a top homeland security official to raise important questions about the balance between security considerations and privacy concerns. This is a 'must read' for all concerned with striking the right balance."
- US Senator Susan M. Collins, Ranking Member of the Homeland Security and Governmental Affairs Committee
“If you have time to read only one book on the sorry state of our homeland security—make it this one. Free from political correctness, extremely well-informed, and written with great flare—by a high-ranking former government official, who has seen it all.”
—Amitai Etzioni, author of Security First
Matt Drudge wants us to blame "Big Sis" because "SECURITY LET SUSPECT ON PLANE."
And the AP has a similar take, leading with, " The no-fly list failed to keep the Times Square suspect off the plane."
Is there a fail here? And if so, whose fault is it?
To catch everyone up, judging from AP reports, my initial guess was probably right: The government put Shahzad on its terror watchlists, including the no-fly list, and DHS recognized his name when Emirates airline gave its passenger manifest to DHS. This of course was just before takeoff, so the plane had already pulled back the jetway when Customs and Border Protection stopped the flight: "By the time [DHS/CBP] officials spotted Shahzad's name on the passenger list and recognized him as the bombing suspect they were looking for," AP says, " he was in his seat and the plane was preparing to leave the gate."
I thought that was impressively fast work -- roughly 8 hours from identification through designation, population to the computer system, and identification before takeoff. But not so fast that it can't be secondguessed, apparently.
The implicit criticism in Drudge and AP is that the no-fly list didn't work, that Shahzad should not have been able to buy a ticket at all. Well, if the system had worked perfectly, that's true. Shahzad would have been stopped at the gate.
So why didn't it work perfectly? It appears that Emirates was running the no-fly list -- that is, the airline itself was checking passenger names against the no-fly list that it got from TSA. But Emirates apparently didn't update its version of the no-fly list between the time TSA added Shahzad and the time of its JFK flight.
Maybe it's not a complete surprise that an airline take eight hours or more to update its list. But if that was a failure, it seems as though the blame should fall on Emirates, not TSA.
Now, you might ask (unless you're Ron Paul) why we would choose to rely on under-incentivized and under-financed private companies to run a major national security program? This looks like a job that government can and does do better than the private sector.
After all, CBP, which is a government agency, managed to update its list in that 8 hours, and then to catch Shahzad with what was probably as little as half an hour of review time. Why were we relying on dozens of airlines and computer systems to run the no-fly list instead of a single government computer system?
Ah, here it gets interesting. TSA has been trying to take over administration of the no-fly list since 2003. It's in the process of doing that, finally, this year. Why the delay? Simple: Privacy campaigners, left and right. Privacy groups claimed that TSA could not be trusted with data about who was checking in and what their reservations said.
They in turn persuaded Sen. Ron Wyden (D-OR) to put a provision in the DHS appropriations bill that stalled the transfer of responsibility for the no-fly list from airlines to TSA for years. (I tell the story in Skating on Stilts.)
In fact, it looks as though the transfer still hasn't happened in the case of Emirates. So if you want to blame someone for the design of the no-fly system, you might want to point the finger at the privacy lobby and their supporters in Congress and media.
Which, by the way, certainly seem to have included one Matt Drudge (See, for example, this heart-pounding headline from March 18, 2004: "TSA To Require Airlines To Divulge Passenger Records ..." Or this from November 29, 2007: "TSA wants to require birthdate, gender to purchase airline tickets; background checks... ")
So, Matt Drudge, if you're looking for someone to blame the "No-Fly Fail" on, well, you just might want to glance in the mirror.
“Stewart Baker offers the perspective of a warrior in the trenches and frames the world of exploding information and data as that terrible intersection between perseverant, cunning bad guys and vulnerable, fatigued good guys. His mix of wrenching personal life stories and policy debates challenges us to recognize the complexity of the post 9/11 security challenges.”
– Admiral James Loy, Deputy Secretary of Homeland Security (2003-2005)
“I don't agree with all, or even most, of the perspective Stewart Baker brings to the modern security debate. But I am very glad to have read what he has to say, both for the inside details on how security policy evolved after 9/11 and to engage with the argument he makes. The book is trenchant and well-written, and anyone who cares about the balance between privacy and public safety should be familiar with it.”
-James Fallows, national correspondent for the Atlantic
Although it's early still, this bombing doesn't look especially well-organized, and I expect that we'll catch the perp soon. That said, I can't help wondering why New York City, the best-funded and most terror-focused police department in the country, doesn't have video of the would-be terrorist getting out of the car.
New York has been spending tens of millions, perhaps hundreds of millions, of dollars on street cameras. The lower Manhattan camera project was expected to cost $90 million and to network 3,000 cameras. That's $30,000 per camera. The project is being expanded to midtown at a similar cost. Despite all this funding, though, we don't have pictures of the wannabe bomber. That's probably because NYC hasn't finished installing the midtown system.
But there's another problem; 3,000 cameras aren't really enough to take pictures all across lower Manhattan, if what you want is a record of everything that happens for later investigation. Inevitably, there are lots of blind spots in the system, at the same time that it costs an arm and a leg for each camera, which creates an incentive to leave blind spots in low-risk areas.
I think New York has made a mistake in doing this. It is trying to use cameras for real-time detection of terrorists. That massively raises the cost. The cameras have to be networked back to a central office, they probably have to have real-time pan and zoom capability. And even then, it's hard to see how cameras would help prevent attacks in a scenario like Times Square. The SUV wouldn't look any more suspicious to police watching on video than to observers on the scene.
Long-time readers of the blog, both of them, know what's coming next. I'm going to point out that the best use of cameras is likely to be after the fact -- to identify the perp once the crime has been committed or attempted. If so, we don't need to waste time on networks or pan and zoom capability.
All we need is a bunch of cheap standalone cameras that provide blanket coverage and keep taking pictures, overwriting their memory every week or two. That would cost maybe $200 per camera. For the cost of a single pan and zoom camera, you could put a couple of dozen standalone cameras on every block. And privacy would be better protected because retrieving the video would be expensive and overt, making it unlikely that the police would do so unless a crime had been committed.
As loyal readers know, one of my projects at DHS was to move this idea forward, so we challenged industry to design a cheap, standalone camera for use on mass transit vehicles that could withstand even a massive terrorist blast without losing data.
And, as a reward for reading this plug again, here's the ever-popular video of an exploding bus. Most of the cameras and data did indeed survive even this ball-bearing-enhanced explosion.
I thought that providing government health care and welfare payments to al Qaeda's favorite Canadians, the Khadr family, was just misplaced Canadian generosity: "Family members have spoken scornfully of Canadian society, as they receive medical care and welfare payments that keep them in a pleasant apartment in Toronto," the Washington Post once noted.
Turns out, Canada was just in the forefront of international human rights.
But they'll never stay ahead of European Court of Justice, which has now declared that the live-in wives of UN-designated terrorists are entitled to receive family assistance payments. The UN asset freeze is irrelevant, you see, because welfare payments made to the terrorists' wives aren't supposed to be misused. According to the Counterterrorism Blog,
"The court indicated that the essential purpose and object of the asset freeze was to combat international terrorism, and to cut off terrorists from financial resources that would be used for terrorist activities. Yet, it should be presumed, the court reasoned, that the social payments involved here would be used only for household expenses. If and when such payments were turned over to the designated spouse for terrorist purposes, the court reasoned, the UK authorities could then hold the spouse accountable other UK laws and penalties."Well, that settles that. No self-respecting terrorist would cheat a Western government, and terror investigators have nothing better to do than audit the household accounts of families like the Khadrs.
Considering that they sit in Northern Europe, it's remarkable what a sunny world the judges of the ECJ inhabit.
Omar Khadr turned to terror early in life. He was only fifteen years old in the months after 9/11, but he spent them laying mines for al Qaeda in Afghanistan -- and allegedly throwing the grenade that killed Sgt. Christopher Speer, a Special Forces medic. Khadr was pulled from the rubble, patched up, and sent to Gitmo.
Now the question is whether Khadr will escape trial because he was a juvenile at the time of his crimes.
"This is not what you would choose to open with," said a senior administration official, speaking of a planned July trial for Khadr, who is accused of throwing a grenade that killed a U.S. Special Forces medic. "Khadr has become a cause, and this is not a case that will demonstrate the strength and validity of military commissions."
To avoid trying Khadr, the Justice Department has apparently offered the accused killer a plea bargain in which he would serve only five years in prison.
Other media reports confirm that the administration has cold feet on this case. Canada's National Post recently quoted an authority "in a position to know" as saying that the Obama administration has been pressing the Canadian government to request that Khadr be returned to Canada.
Why? Because some US officials "don't have the stomach to try a child for war crimes" the National Post reports, and a Canadian repatriation request would put a diplomatic cover on an outcome they badly want to engineer for other reasons:
Mr. Khadr's age of 15 at the time of the alleged offences is playing on the minds of certain administration officials -- especially those with backgrounds in the type of activism that has clashed with some of the more controversial U.S. anti-terror efforts, the [National Post] source said.
The National Post has no firsthand information on who is driving this stance, but it fingers Samantha Power, Michael Posner and Harold Koh as the officials most likely to fit its source's description.
You'd think from the administration's gunshy approach that there must be a big legal problem with trying someone for crimes committed at fifteen. If so, I can't find it. Practically every state in the union allows juveniles to be tried as adults at the discretion of juvenile court judges, which often use a standard that combines the best interests of the child and of society. Many states create a presumption that the juvenile will be treated as an adult in the case of serious crimes; the presumption kicks in at 15 or less in most of these states.Even the international law argument that juveniles can't be tried for war crimes is remarkably thin.
So what's the problem with the case? It is widely believed to have a stronger evidentiary basis than any other likely military prosecution. Despite this, the administration is apparently so spooked by emanations and penumbras of international law that it is ready to send the killer of an American soldier back to his loathsome family after a few years -- and perhaps immediately, if he gets credit for eight years already served.
At that point, Omar Khadr will be in his twenties and living just a three-hour drive from the world's longest undefended border.
Gee, what could go wrong with that?