Schneier on Security
A blog covering security and security technology.
« How to Crash the Oscars |
| Fighting Misuse of the Patriot Act »
March 7, 2006
The Dubai Port Issue
This is a pretty good commentary on the issue.
(I've said in the past that the real security problem here is the transparency of the process.)
Posted on March 7, 2006 at 1:47 PM
• 28 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
He's obviously right regarding the dangers of ownership by a foreign company, but I somewhat dislike his conclusion.
"[...] or we finally get serious about security here at home."
Seems like he actually is in favor of "security checks and special ID cards with fingerprints and other biometrics for workers at all ports and border crossings."
He doesn't seem too concerned on civil liberties or privacy issue, but maybe I misunderstood and he was merely discussing alternatives.
>He doesn't seem too concerned on civil liberties or privacy issue, but
>maybe I misunderstood and he was merely discussing alternatives.
I thought the author was being sarcastic. Or at least ironic. If the Security Theatre performance is no longer convincing to the audience, we might actually have to start doing Real Security, asking the hard questions about cost, both in dollars and in fundamental liberties.
I'm not too concerned that the management of the terminal would be conducted by a foreign-owned company. I am more concerned that this company might be owned by a foreign state, or by a foreign head-of-state (with all the rhetoric about this flying about, I'm not sure exactly who or what owns this company). No amount of transparancy is enough to allow a foreign government to operate such critical infrastructure in mine: it is a question of sovereignty, not security.
I have read a lot online about this Dubai ports issue but have yet to run across an analysis of the roles that the people who will be changing, actually perform for our port security.
Would the new owners choose the managers who write the policies that dictate the terms by which compliance with the port security laws are implemented? Are they also in charge of enforcement? If so how much?
Given the data that has been released, I cannot determine if this deal is an actual reduction of port security or if it is just a political attack based on something that "sounds bad if you don't know the details".
Disclosure is the only answer, however I fear that those who have this data will not release it. For a full disclosure of the system's details would provide additional ammunition for political attacks regardless of whether it showed a smoothly functioning system or a terribly flawed one.
My guess is that it is currently a "good enough" system with reasonable trade-offs and that only "totally secure" systems involving massive and mega-expensive security theater for all ports would be politically defensible.
If I had to guess, I'd say that somebody did the math and found that the cost benefit of the port security equivalence of "nail clipper" searches was simply not there.
Its something like:
"Socialital warm fuzzies about port security" + "actual risk reduction" + "side benefits to the players" is not justified by the cost it would take to provide this service.
it seems to me that if US port security is currently a joke except as enforced by the coast guard/law enforcement then changing the ownership of the stock of a port management company wouldn't make a lot of difference.
My only real concern about the deal, is why the administration is willing to exempt Dubai from normal standards that they apply to other foreign port terminal owners. Things like on-shore records and whatnot.
Consistancy is a good thing, I would think.
@j random: Yeah, maybe i didn't see the wood for the trees.
After the deal the ports don't turn to foreign territory and the author points out quite well, that from a security perspective, there's not gonna be a big change. The coast guard, ..., will still be in charge of security, as they are now, and as there are no security checks now (such as extensive screening), there won't be afterwards.
Somehow it's not about security and it's definitely not about sovereignity.
It's being discussed under these viewpoints nevertheless, of course.
Just my humble opinion.
I worked at Textron/Bell Helicopter.
Foreigners were not allowed to work on the campus.
Canadians were not allowed in the front gate.
That is real security... no exceptions... tall fences, cameras, armed guards, no digital cameras, no phones with digital cameras, no flash cards, one-way turn style exits, etc.
Does anyone understand how anyone can say the entries into our country are secure?
Gotta watch those Canadians closely - never know when they may be smuggling in an attack-beaver.
I'm impressed that Americans are naturally imbued with loyalty to their country, and cannot be turned into traitors, unlike people of other nationality. Clearly, restricting people by their country of birth is, as you put it, "real security".
thats why the beloved president seeks to enforce stricter rules for immigration. so that you have your 100%-patriots-quota :)
@Alun Jones - arent both sides of the Canadian border "American". Maybe there is a real risk profile associated with attack beavers ? (one assumes we're talking the type that build dams in rivers; as everyone knows, both dams and rivers are natural enemies of helicopters ...)
Are you aware that foreign-owned companies already operate many US port facilities? And that some of those companies have significant investments held by their governments? E.g. Singapore.
In short, if one objects to the UAE-owned port operator, then it only makes sense to put all the other port operators under the same degree of scrutiny.
Unless there's something else going on here.
i don't know enough about this to say whether security at ports would be significantly impaired with a dubai company running the terminal.
i find it inexcusable that the president didn't know about the port decision until after it was announced.
there seems to be a double standard for certain muslims, osama bin laden's family was allowed to fly away when all the rest of us were grounded, but ordinary chauffeurs and gofers for al-qaeda figures will rot at gitmo for the rest of their lives. should be the other way around.
i hate this administration so much, anything it's for i'm against. i am an authentic conservative, not a corporate christo-fascist. if you don't understand the difference yet, just wait till our next civil war starts.
I am not well informed about this one, but I do think the peak of silliness is the American Government objecting to Check Point buying Sourcefire, because a lot of the military is using Snort.
Forget for a second the fact that Check Point is an Israeli company (presumeably a more US friendly country than China).
Forget for a second the fact that Check Point is not owned or managed, in any way, by the Israeli Government.
Forget for a second that the US military buys air to ground missiles from Rafael, which is an Israeli company wholly owned by the Israeli government.
Let's focus on one universal fact - Snort is open source. If the US military feels, in any way, that Check Point is not to be trusted, they are more than free to fork it and continue development on their own. They can assume that Sourcefire stopped producing reliable releases and hold on to the latest Sourcefire released version. They can simply audit the code.
In short - this is utter paranoia. It has nothing to do with anything logical.
Full disclosure - the writer of this comment is a former Check Point employee.
I'm not sure if people are arguing about the real issue...
IMPORTANT POINT 1 : The US ports are currently run by a non US company (P&O which is British and based in London)...
IMPORTANT POINT 2 : The US Coast Guard is responsible for port security at these ports currently and will remain so in the future.
Dubai Port World is as many have observed is not a US company, However it is not buying a US company but the British Company P&O. The UK Government has done it's usuall "National Interests" bit and does not have any objections that I am aware of (otherwise the sale would have been blocked).
I suspect the real issue is not "A foriegn company" but "which country" they are pecevied as comming from. After all most US ports are not run by US companies, and atleast one is run by a Chinese company....
You can read a little more at,
The question the US has to ask it's self is "do we want to invest in foriegn countries". I am assuming that the answer is yes. Therefore the US has to ask the next question "do we want foriegn investment in our country" Likewise I am assuming the answer is yes. Otherwise why did the US government sign up to the WTO and other agrements?
If the US wants to play the "National Security" card they will first have to answer why the majority of their ports are already run by foriegn companies some of which are almost certainly run by a foriegn government...
The way you have that (the second line) worded I thought you were saying that transparency is a bad thing. Perhaps a "lack thereof" or something else would help clarify?
It’s not an issue of what country the company is from. Nor is it an issue of who manages the security of the ports. Nor is it an issue of what people are actually working at the ports....
Keep this in mind: The Dubai Port World Company is not owned by a private company in the UAE. It is owned by the UAE government. P&O isn’t owned by the British government. It is owned by a private company that happens to be based out of the UK.
Yet, this is not the point, either. If the UK govt could do a better job of securing our ports than us, then by all means, let them do it. However, the UK is a strong ally and that’s crystal clear. Our security is closely tied to theirs, especially financially.
One of the real points is the context of all things people are focusing on. The vulnerability of the port operator is tied to the vulnerability of the port itself.
In a compromised letter from a group of Jihadist (intercepted by US intelligence in April 2002 and made public recently) to Dubai officials, it is clear that such groups (supposedly Al Qaeda) have compromised the security of the UAE financial systems. Here is a translation of the letter:
The UAE government has a track record of corruption. The banking system owned by the UAE was used to finance terrorist operations. Money was laundered using the most perfect laundering technique through the UAE's government owned banks. As someone who works with bank security regularly, let me tell you this kind of laundering stands out like a sore thumb and is only unchecked if heads are intentionally turned the other way.
If you look at the Indictment of Zacarias Moussaoui (published by the DOJ here: http://www.usdoj.gov/ag/moussaouiindictment.htm), it shows that all the money used to fund the 9/11 hijackers and Moussaoui came for the Bank of the UAE, but was not tracable due to said laundering.
A Indian former financial auditor for the Bank of the UAE named Iqbal Ismail Hakim has authored a book on the UAE bank laundering money to finance the 9/11 attacks. It’s a great read. Check it out here: http://uaecentralbankand911.com/
The bottom line is that this is a bad deal. Then again, this country has had nothing but bad deals for the past 6 years. I'm getting kind of used to it, to tell the truth.....
While I'm on the subject, let me say that I agree with Shachar and CIFUS's decicision to block the CheckPoint/SourceFire deal. That’s just stupid and it shows a huge double standard. The FBI went OUT OF ITS WAY to force CIFUS to block this deal. Did they not consider the fact that SouceFire does not technically own snort? did they consider the fact that many foreigners are snort developers? even if snort somehow went closed-source, there is no doubt that the current would be spun off into something open again. The only thing sourcefire really owns is distribution control of the VRT ruleset and some influence over what changes are merged into the production product. Oh, and can you tell me that the federal government doesn’t use ANY checkpoint firewalls? I've audited some myself.....
So if the FBI can block sourcefire, where were the DHS and other security departments when the ports deal came out? Asleep at the switch again? Told to keep quiet? To me, this shows more than inconsistency and incompetence. It shows that the US govt agencies in charge of security are more concerned about security their information than security lives of Americans.
@Wha?: "My only real concern about the deal, is why the administration is willing to exempt Dubai from normal standards that they apply to other foreign port terminal owners."
You ask why the Bush regime may be giving "Special treatment" to an Arab government?
I question your patriotism.
"Are you aware that foreign-owned companies already operate many US port facilities? And that some of those companies have significant investments held by their governments? E.g. Singapore."
No, I was not. Just how large is significant? I wouldn't be too concerned about a company having a foreign government as a minority shareholder.
"In short, if one objects to the UAE-owned port operator, then it only makes sense to put all the other port operators under the same degree of scrutiny."
I agree, and do object to any other foreign-state-owned port operators as well.
No matter who operates, manages, controls the ports eventually they are people. You should implement security measures that work on all nationalities.
With all the talk about this issue I can only conclude that the main security countermeasure implemented at these ports is to hire americans.
I believe this more a political issue then a security issue.
Keep this in mind: The Dubai Port World Company is not owned by a private company in the UAE. It is owned by the UAE government.
If it's owned 49,99% UAE Government and an 50.01 private, would that make US ports more secure? How about 100% private by Afghan and Saudi investors?
100% Venezuelan investors?
Is any of these scenarios any more secure than 100% british private owned?
IMO The Dubai Port World Company owned by 50% private and 50% UAE government is most stable , because private sector cares about profits and goverment should check if anything goes well in security area and there is no fraudment ,
unless u don't trust UAE government .
Is this right to block DPW takeover of P&O only because bank of UAE is suspected of laundering.
Are these companies connected in any way except of country they come from ?
Meereq: I believe they are both fully owned and operated by the UAE Government.
One major point here Gentlemen. The ports in question are ALREADY operated by a foreign company. That would be Peninsular & Oriental Steamship, located in the U.K. The bottom line is DO NOT want China to operate these ports (as they do the Panama Canal). We need to wake up to the fact that China is not our friend. Dubai may prove to be a resonable ally.
Hi, I would like to ask some question about '' Dubai Ports world's'' case.
1. How does globalization apply to this case?
2.In what sense is Dubai Ports world a direct foreign investor?
3.How domestic politics in the United States and foreign direct investment interact in this case?
Thank you for your cooperation.
20 Jun 2006
Dear Sir or Madam,
Thank you for your time. As requested by you, please find below information on the product range that Al-Barayeh is able to support your Marketing function with.
We would like to take this opportunity to introduce Al Barayeh Trading. (Also operates as T-Shirt Plus). Established in the year 1996, Al Barayeh has been supporting the needs of a range of corporate clients across various industries.
We are in particular, proud to have had long-term partnership agreements with prestigious service organizations such as Planet Hollywood, Abu Dhabi Duty Free and Gulf Greetings. Our client base covers both the local as well as regional needs.
The mission of Al Barayeh (T- Shirt Plus) is to be able to support its partners with its requirements in corporate gifts, promotion items and advertising needs. The business is founded on two basic principles: Quality of Product (value for money) and Client Service. Our team of dedicated media concept professionals will enhance and present your brand only in the best light in full agreement with you. In addition to a wide range of T-Shirts (including designer labels) we are able to supply you with a diverse range of customized Gift and Promotional items designed exclusively for best brand representation.
Our dedicated Creative Department specializes in designing, conceptionalization and logo enhancements to support our clients. Alongside our own manufacturing unit for T-Shirts, Polo Shirts and caps and with a retail outlet in Sahara Center, we are able to provide a ‘one-stop shop’ for not only all your promotional/gift requirements, but also various kinds of print jobs, which include screen-printing, transfers and embroidery.
The Al Barayeh team believes in a collective sense of responsibility and ownership between all departments, which allows us to develop truly unique answers to the marketing requirements of our clients.
I would be pleased to meet with you to share some of our successes in the region and will call you over the next couple of days to set up- an appointment. We would indeed be honored and humbled to have as a client.
Mob.No:050 – 7165576
Just for some supporting facts, of the top 100 terminal operators in the US (The companies that largely run the ports) over 30% of them are foreign owned. In fact, one of the largest ones is Hutchison Whampoa which is owned by China. Why the flurry of mock outrage at the Dubai company? It seems to be purely political since there is so much other foreign ownership which should also be addressed, if it were the real issue.
Opening the gates to Dubai is very very dangerous. All the Sep 11 terorists were motivated and came from UAE ( United Arab Emirates) and Dubai is one among them.
There is a strong Anti American Sentiment in all of UAE. In some areas there is still Militants strongholds and lot of people donated from this area to carry out the sep 11 attack.
These people are very clever, they don't do anything in thier country, instead divert to some other countries.
Iran is just 25 miles from these coasts. In fact if Iran makes a nuclear bomb, they can ship through these ports directly to American ports red hot.
Many ignorant Americans who believe everything poses danger and so the ports should be in American Hands only.
You may not know in the lease period how many tons of Nuclear material will be brought and exploded in the years to come by..
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.