Schneier on Security
A blog covering security and security technology.
« Loretta Napoleoni on the Economics of Terrorism |
| Prison Escape Artist »
January 16, 2010
Fixing Intelligence Failures
President Obama, in his speech last week, rightly focused on fixing the intelligence failures that resulted in Umar Farouk Abdulmutallab being ignored, rather than on technologies targeted at the details of his underwear-bomb plot. But while Obama's instincts are right, reforming intelligence for this new century and its new threats is a more difficult task than he might like. We don't need new technologies, new laws, new bureaucratic overlords, or -- for heaven's sake -- new agencies. What prevents information sharing among intelligence organizations is the culture of the generation that built those organizations.
The U.S. intelligence system is a sprawling apparatus, spanning the FBI and the State Department, the CIA and the National Security Agency, and the Department of Homeland Security -- itself an amalgamation of two dozen different organizations -- designed and optimized to fight the Cold War. The single, enormous adversary then was the Soviet Union: as bureaucratic as they come, with a huge budget, and capable of very sophisticated espionage operations. We needed to defend against technologically advanced electronic eavesdropping operations, their agents trying to bribe or seduce our agents, and a worldwide intelligence gathering capability that hung on our every word.
In that environment, secrecy was paramount. Information had to be protected by armed guards and double fences, shared only among those with appropriate security clearances and a legitimate "need to know," and it was better not to transmit information at all than to transmit it insecurely.
Today's adversaries are different. There are still governments, like China, who are after our secrets. But the secrets they're after are more often corporate than military, and most of the other organizations of interest are like al Qaeda: decentralized, poorly funded and incapable of the intricate spy versus spy operations the Soviet Union could pull off.
Against these adversaries, sharing is far more important than secrecy. Our intelligence organizations need to trade techniques and expertise with industry, and they need to share information among the different parts of themselves. Today's terrorist plots are loosely organized ad hoc affairs, and those dots that are so important for us to connect beforehand might be on different desks, in different buildings, owned by different organizations.
Critics have pointed to laws that prohibited inter-agency sharing but, as the 9/11 Commission found, the law allows for far more sharing than goes on. It doesn't happen because of inter-agency rivalries, a reliance on outdated information systems, and a culture of secrecy. What we need is an intelligence community that shares ideas and hunches and facts on their versions of Facebook, Twitter and wikis. We need the bottom-up organization that has made the Internet the greatest collection of human knowledge and ideas ever assembled.
The problem is far more social than technological. Teaching your mom to "text" and your dad to Twitter doesn't make them part of the Internet generation, and giving all those cold warriors blogging lessons won't change their mentality -- or the culture. The reason this continues to be a problem, the reason President George W. Bush couldn't change things even after the 9/11 Commission came to much the same conclusions as President Obama's recent review did, is generational. The Internet is the greatest generation gap since rock and roll, and it's just as true inside government as out. We might have to wait for the elders inside these agencies to retire and be replaced by people who grew up with the Internet.
A version of this op-ed previously appeared in the San Francisco Chronicle.
I wrote about this in 2002.
EDITED TO ADD (1/17): Another opinion.
Posted on January 16, 2010 at 7:13 AM
• 37 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"Teaching your mom to 'text' and your dad to Twitter doesn't make them part of the Internet generation."
Yet you and I know people in their 50s and 60s who are very Internet-savvy. I agree that the problem is cultural, but I think it's the same cultural phenomenon that exists in many other areas: "This is the way I learned to do it, so that's the best/only way." It's the same mindset as "what an educated person should know is what I know." And I wouldn't be surprised if the Internet generation turns out to have their own version of it.
Fixing intelligence failures is a very complex subject. Complex subjects require great men, and others working hard on all the little steps to make it happen.
Again, I'll mention a book that raises more points than you will read here, is Running the World, David J. Rothkopf. Subtitled: The Inside Story of the National Security Council and the Architects of American Power.
Sorry, but this article is problematic, and I'd rather not write any more.
You can't age technology-savvy into an organization. Even once the top level of management is taken over by people who were introduced to the Internet relatively young, it's going to be the people who got comfortable with e-mail and Usenet when they went to college, and by then the young people of the world will be growing up with something a couple steps beyond Facebook and the iPhone.
It's even worse than what cakmpls says. You were closest when you said, "It doesn't happen because of inter-agency rivalries, a reliance on outdated information systems, and a culture of secrecy." Two of those three flat-out can't be fixed by any technology. Even the one that can isn't simply a matter of applying a certain technology; it's a problem of design, which can go horribly wrong on any platform.
I'll give Obama credit for admitting that the underwear bomber revealed failures in the intelligence and Homeland Security apparatus. That's something his predecessor was never willing or able to do.
OK, so what action is he taking? Who is being called on the carpet to accept responsibility or accountability for the failures? Who is being punished for incompetence?
So far, I see no individuals or even agencies coming forward to accept accountability and provide corrective action plans. I see no heads rolling.
The only action I see is "enhanced airport screening," which presumably means another blank check to the TSA to spend as they please. The only people being punished are millions of air travelers who have to endure the burden of the TSA's new reactive measures (in addition to all the other burdens the TSA imposes).
The security theater gets more script pages and more elaborate scenery. And the bureaucracy continues to evade accountability for its failures, and remains free to fail again and again.
Something is very wrong.
I'd prefer to leave these organisations mired in the digital dark ages. Absolutely the last thing the world needs is more surveillance, control and censorship. For that matter, lets get rid of governments, borders and the other forms of violence that cause terrorism.
I think most of us that are on the outside of the IC (http://www.intelligence.gov/1-members.shtml) and attempt to look in often fail to realize the complexity of what they are tasked with and the many things they do succeed in. When I read the headlines that are plagued with "intelligence failures" I often think of a quote from Al Pacino in the movie The Recruit - "What about fame? Our failures are known. Our successes...are not. That's the company motto." I think that resonates with many IC professionals. One will never know what terrible things they have stopped and the uncleared public will not hear about for the next 25 years, if ever. Is it fair to chastise them for missing the Abdulmutallab incident?...sure it is! It is their job to "connect the dots" and prevent these things from occurring but I think we need to put it in context and also agree that no agency or group of agencies regardless of how open they share information with their counterparts will ever be able to prevent every terrorist attempt. Think about the amount of data these analysts must pour through on a daily basis. I am sure the shear amount of information that is aggregated is beyond comprehension and constantly increasing.
In short I will say it doesn't appear the IC is perfect. Like most government organizations it lacks efficiency and inter-agency cooperation. Most members of the IC seem to have a "if we didn't produce the intel it isn't good enough" and discount or marginalize products created by other agencies, often not giving them the diligence required. 'How to fix this' is a question bigger than any of us. I don't have that answer but I do think the tools are in place, good people are doing the work, and strides are being made but it doesn't appear to be enough. The compartmentalized concept that is at the root of all things intel does not provide the flexibility needed to fight the conflicts of today. Bruce I am a huge fan but I disagree about what you said - "It doesn't happen because of inter-agency rivalries, a reliance on outdated information systems, and a culture of secrecy." I think 2 of these 3 points are WHY intel failures occur. The systems have been updated but rivalries and culture are still most to blame. I would argue this with anyone, anytime. So moving forward what needs to be done? I think that answer is far too large to begin to outline here but I sure hope someone a lot smarter than me is working on it. Someone who actually has some authority to make the needed changes and get the people doing the intel work of a country all on the same page fighting the same fight.
I object to the idea that those who haven't grown up with computers and the Internet are not comfortable using them. I'm 77 and I've been using computers for almost 25 years. I'm comfortable with them and use them all the time. We have 5 working computers at home - 3 are modern, one is older but still useful (it's an Amiga 3000) and one is an 8-bit computer on which we like to play some games. I do my banking and income tax online, use e-mail, research all sorts of things, keep track of my family on Facebook, use a digital camera and make online cards of various kinds, draw in a paint program, keep financial records using a spreadsheet. If I were in the intel business, I would welcome computers with open arms.
It won't change because the CIA's real advisary is the NSA, the Navy's enemy is the airforce and so on - and all of them hate the DHS.
It's been like this for ever and it isn't going to change.
“With unusual self-awareness, a CIA author noted in a newly declassified study that the Agency’s secrecy system for handling highly classified intelligence information could have unintended psychological effects.
The March 1977 study, entitled “Critique of the Codeword Compartment in the CIA,” was formally declassified (with redactions) and accessioned at the National Archives on October 21."
The real divide is between people who are comfortable with technology and those who aren't. The divide is sharper now for several reasons: first, higher technology is harder to understand so fewer are intellectually capable. Second, even formerly high technology requires effort and fewer seem to be making even the effort to understand how basic electricity and automobiles work, how many people now routinely change their own oil or really do any other maintenance on their own cars (which was normal in the 1970s). Finally, the US (and probably other Western countries) have been picking up the aristocratic and Hispanic disdain for people who do manual work (see the chapter on Feynman's visit to Brazil in "Surely You're Joking, Mr Feynman!" for how this attitude can screw up even academic physicists).
Learning to use the technology, more or less by rote, is not the same as understanding it. And I have seen no evidence that people who routinely use the Web and its accretions actually understand it any better than they do cars or electricity.
"first, higher technology is harder to understand so fewer are intellectually capable."
But that's a failure on the part of the technologists. It's possible to create powerful and sophisticated computer tools that don't require a Ph.D. to operate-- it's just not very likely to happen until the process of developing them gets a lot more emphasis on usability and project management.
"it's just not very likely to happen until the process of developing them gets a lot more emphasis on usability and project management."
..and software manufacturers are made accountable for time wasted with faulty and poorly designed systems.
But that has been said 100 times on this blog.
We all make mistakes, but the biggest mistake we can make is to not recognize our errors and fix them. Janet has made many mistakes and as thousands of news articles prove that Homeland Security and Ice is a corrupt system and have been given the authority to act, kill, detain and at there own admission " make anyone disappear" with there secret detention centers and seemingly unlimited budget to do these illegal acts. And we Americans are paying the bill for the corruption. I see the abuse every week and have finally realized the responsibility I have as an American to let as many people as possible know. Here is another story of Janet’s mistakes she and her army of ICE refuse to own and fix.
This comes from Carl McGinnis, a citizen of the United States, who has seen the horrors of immigrant detention after ICE detained his legal immigrant friend. He tells us that it is not just about undocumented immigrants but even people who follow the rules get burned in our archaic and inhumane immigration system].
I am a citizen of the United States and I have a friend that is from Paris, France here on a student visa with a double Masters Degree and working on his PhD in International Finance. He has been here since 2005. His visa is valid until March of 2010, his passport is valid until 2014, and his I-20 is current. He is not what people call an 'illegal immigrant.' In 2007, he fell in love and in Dec. 2008 married a U.S. citizen that just happens to be addicted to prescription medications. He knew nothing about this. But he was arrested due to her mistakes. The reality is that his American wife was taking advantage of him and when his money was gone so was she. Janet Napolitano just wants to deport him rather than correct the problem, and make the American accountable. This is wrong. We should have some sort of protection built into the system. Judge Rex Ford would not listen to reason without the wife in court and all witnesses were not given time to testify. This is not what I thought American Justice was all about. I was wrong. It is all a game our Government plays with our lives.
He was placed in detention and scheduled for deportation. He has been in the detention center in Pompano Beach Florida for 6 months now. This couple has lost all there savings on lawyers, she lost her job, and they are in the process of losing their home. All this was caused because ICE has the wrong person in jail.
I have written many letters to Janet Napolitano, Senator Bill Nelson, Representative Ginny Brown-Waite and even President Obama. But no one will listen. What is illegal in this case is the way DHS is treating this guy, who is 51 and has never had a traffic violation. While in the detention center, He has been beaten by another inmate and suffered cracked ribs and bruised body, denied him food and proper medical treatment. He is diabetic and they will not give him the proper food or medical attention. The phone system is very poor and hardly works. I suspect that they plan it that way so the detainees cannot contact their lawyers and family. I fear he will be next on the long list of persons that have died while in detention. I beg for someone to go and listen to his story. They do not allow any form of media in because they don’t want anyone to know what they are doing.
Until you go to one of these detention centers and see with your own eyes, you will not believe what America is doing. I was shocked, on my first visit and after almost 6 months of seeing what happens and how they have to live, I am still in shock. It is all about the money. My friend has never cost America anything until they locked him up. He is in a private prison owned by a company called GEO based near Miami, Florida. They are paid very well by our tax dollars, but the treatment is unbelievable. I wonder how many politicians have stock in this company. They are doing quite well even in a bad economy.
Six months ago I had no idea that we treated immigrants in this way, especially when they are here legally and have done nothing wrong. I knew nothing about ICE and how they operate illegally. I was under the impression that DHS was here only to protect us from terrorists. And I had no idea of the millions of our tax dollars were being wasted to imprison people that could be out of detention and have their family support them until a decision is made in immigration court. I do not understand why we have to pay our hard earned tax dollars to house and feed persons that are not dangerous.
When they have to lock up a man who has done nothing wrong, make him spend thousands in fees, ICE is giving way too much importance to them selves. How can we turn such educated people away simply to boost the ego of ICE officers and add another number to the Janet Napolitano deportation list, so that the Obama Administration can look like it is doing its job of 'cracking down on criminals?'
Something has to change soon. I feel it is my duty as an American to let as many people as possible know the truth. I visit the detention center every Saturday and spend the rest of the week writing letters. This New Year, lets do something worthwhile. Let’s go back to protecting the country rather than making up stories to justify the expansion of a national security complex. Let’s end businesses profiting from immigrant detention and restore our image as a nation of immigrants.
"Learning to use the technology, more or less by rote, is not the same as understanding it."
This is a point I have raised on this blog before (ad nausium some would say ;)
There is a spectrum of people involved with any given technology. From design engineers down to casual users.
Originaly the man that drove the car had usually built it or knew how to take it apart to the nuts and bolts and rebuild it from such. As the utility of the tool (car) became higher then the people required to design, build, maintain and use became more stratified.
For instance the majority of cars (not SUV's and other tax dogers ;) are actualy designed from components that where usually designed in the UK.
However the people that build cars on an asembly line in Detroit (if there are any now) have no need to know this as the "skill element" of building cars has been "designed out" to piece work.
Likewise those that maintain cars are now little more than button pushers, they plug a diagnostic tool in under the dash board, turn the car on and the engine managment software etc tells the operator what is wrong with the vehical and the operator simply replaces the part the software says needs replacing...
Then of course there are the users (drivers) now I don't know that much about the drivers you get in the US but many of those in the UK apear congenitaly unable to do anything for them selves (And although Paris Hillton is not prototypical of people in the US her televison series "The Simple Life" worked because "fluffy" is starting to be endemic world wide).
The simple fact is that technology in the auto industry has changed the way things work.
The early automotive managment systems where basicaly fully working systems with sensors and microcontrolers "built on" to enable the operators to have "fast fault finding".
However now the engine managment system and it's sensors microcontrolers and software are integral to the engines functionality. So much so that the performance of a car can be radicaly changed with just a software upgrade. And some engines cannot run without the engine managment software, like military jet fighter aircraft the engine is designed to be unstable and the 200 times a second adjustment by the microcontrolers keeps it all functioning.
Thus we should consider if pouring scorne on the user is not only unfair, it is a sign that the design process has got to the point where it is beyond mechanical constraint in functionality?
Rather than comparing the computer technology to cars we should compare it to telephones.
Few people have any idear what so ever about how a modern telephone system works.
Importantly though the phone has a fairly uniform user interface. This allows it to be just a simple Plain Old Telephone System (POTS) or as is now more commanly called a "land line" through sophisticated radio systems and sophisticated computer network systems such as Skype.
Before a technology can become ubiquitous it needs this "uniform user interface" and we are now at the usability cusp with such things as "productivity tools".
Howevere it is not the "user end" that is the real problem these days, it is the fundemental de-skilling of those from the users upwards.
In the UK thrity years ago degrees (City&Guilds certs, HND's etc) where taught with a great deal of emphasis on the fundementals.
However with the likes of the Post Office (as was now BT) needing skills in only a subset some courses where being taylored to companies specific needs.
We now see degree courses where the students are "taught specific tools" and the fundementals (including mathmatics) is being shuffled out of courses faster than a begger at a banquit.
Although this provides "broken in" engineers for large employers they have no resiliance. If the tool they have been taught goes out of fashion then they don't have the skill base to pick up another radicaly different tool. Thus the skills they are learning are effectivly non transferable (which is not good).
There are other issues along the same lines with "technicians". However one thing appears to have been lost. When I was very young thermionic valves where common. As a young teenager it was possible to fix peoples radios etc just by looking. Thus you could get into the "trade" and work your way up. Prior to WWII this was how most engineers came to be.
Software design is still just on the edge of this especially with open source, the question is for how much longer.
Here is one manifestation of that lack of understanding:
(Newser) – A British traveler miffed when snow scuttled his vacation plans was busted after joking to pals on Twitter that he was going to "blow the airport sky high." Paul Chambers, 26, was arrested under the Terrorism Act and interrogated for 7 hours last week. He was finally released on bail, suspended from work and banned from the local Doncaster airport for life. "I would never have thought in a thousand years that this would happen because of a Twitter post," he told the Independent.
"I'm the most mild-mannered guy you could imagine," he added. Cops were tipped off by a member of the public, and they arrived at Chambers' workplace with a print-out of his Twitter post. Chambers said officers had never before heard of Twitter, and insisted they were arresting him because of security fears in "the world we live in." Police deleted Chambers' post, confiscated his iPhone and computers. He returns to court next month. Similar arrests have occurred in the US, but this was a first for the UK.
It's surely well-known by now in the UK that airport security take all mention of bomb and hijack threats seriously, whether made in jest or not. At 26 the guy should have known this. Learning may prove expensive for him.
It's like the police regarding all guns as real, even if they later turn out to be replicas. The criminal wanted people to think he had a real gun. They did.
President Obama in his speech last week rightly focused on fixing the intelligence failures that resulted in Umar Farouk Abdulmutallab being ignored, rather than on technologies targeted at the details of his...
@George " I see no heads rolling. "
Rules about security: When everyone is responsible no is to blame.
The accountability tango is alive and well in the beltway. When DHS was formed it was not from newly recruited high performers (with the possible exception of the CIO but he didn't last out the year) or experienced intel folks (they remained carefully segregated within DoD.) So what was left? The people who have survived for decades within a bureaucracy.
It isn't, and we shouldn't be, surprised at their performance. Give them the same 30 years DoD had and they might end up the world class organization they want to be.
@Frances "those who haven't grown up with computers and the Internet are not comfortable using them."
I think it's less an issue of technology than the ability to engage in systems thinking. Also, the Bush Administration gutted the civil service. The conservative cant that governmennt is worthless, can't do anything, could profitably be outsourced was a) insulting, b) a morale killer, c) axiomatically untrue.
The predictable consequence has been that there has been a brain drain from the civil service roles to contractors. What's left behind? Contracting Officers and COTRs (of whom I've know many worthies) who are supposed to ensure the Federal gov't get's what they pay for. As a rule they understand the FAR, deliverables and What's the end result? The system owners get sold whatever the new buzz words are (right now that's SOA and Cloud) The Project Managers, contract employees, end up running the IT programs, they understand the technology and the implementation and the CO and COTRs have to take the contractors word for it.
Note: You could replace the word technology with the word security and change the meaning of the article or the root causes not a whit.
@Frances you are the exception rather than the rule. Very frequently I find older co-workers in higher-paid positions than myself who have troubles with the nuances of e-mail. These people are not the CFO or middle-management, but people whose job responsibilities should include understanding basic office technologies, yet they don't. I'm twice as productive because I don't have to spend half of my time figuring out why my e-mail attachment won't send (for example, rules preventing attaching a .exe).
I've come more and more to the conclusion that age being a protected status in this country is seriously holding us back. Replace these people with those who can understand what is going on and don't let them hide behind their age. Just because they didn't "grow up with it" is no longer a valid excuse - learn or get out.
I've serious issues with this whole discussion (and by that I mean both the post and conversation here and that in the media at large) simply because there was, to my mind, no failure.
Let us recap the facts of the case:
Casualties? Zero. Damage to property (not counting underwear)? Zero. It was a non-event! Anyone who tries to tell you different is writing a security drama he wants you to act in.
As to your assertion that "What we need is an intelligence community that shares ideas and hunches and facts on their versions of Facebook, Twitter and wikis.", well, it pays to remember that the USA does not enjoy the luxury of being able to choose enemies.
Gearing the whole intelligence establishment towards the kind of fast, promiscuous, police-style information sharing needed to play whack-a-mole with Al Qaeda and their ilk would ultimately leave it exposed to other kinds of adversaries who are even just marginally more competent.
"I've serious issues with this whole discussion (and by that I mean both the post and conversation here and that in the media at large) simply because there was, to my mind, no failure."
I pretty much agree. Although it DID demonstrate that we STILL cannot detect that explosive.
To me, the real failure that was demonstrated is that we've spent so much time and money on "security theatre" and not enough on the basics such as being able to detect explosives.
Will a wiki improve the situation? Probably not.
Definitely not if it devolves into a list of "suspicious" names. At that point we're back at the "no fly list".
Some posts here have made me feel better about this subject, enough to respond again.
Fact is, the system is the problem. Our methods, ways, thinking, and culture. Pluralism of power FAILS, it does not work well even with tech designs.
Microsoft style systems also contribute to our appeasement of insecurity and poor design. Litigation lawyers, are an endless drain of why bother?
Government is just a game. Deregulation was dangerous.
Until some serious people publish on globalization, power, and the new world order, we will continue to commercialize problems. I got some reading to do, any others know of any great books/articles on these subjects? Running The World, is a good Primer on parts of these, but until Securing The World, comes out, I'm frusterated by what I read, and what I know to be driving the problems.
Brandioch: "Will a wiki improve the situation? Probably not."
Wasn't this the same agency that tried to use the ARPANet to improve communication, and built the foundation for the Internet in the process? Perhaps my understanding of that network is incomplete or flawed, but from what I can glean, that's what it was designed for.
How can we expect more communication over a medium that wasn't designed by these agencies?
"How can we expect more communication over a medium that wasn't designed by these agencies?"
The medium isn't the issue.
The issue is the amount of raw data that is being accumulated that overwhelms their ability to process it into actionable data.
Putting it into a wiki does nothing except change the formatting of the data.
"I've come more and more to the conclusion that age being a protected status in this country is seriously holding us back. Replace these people with those who can understand what is going on and don't let them hide behind their age. Just because they didn't "grow up with it" is no longer a valid excuse - learn or get out."
Oh dear oh dear oh dear.
Lets look at your points in reverse order,
"Just because they didn't "grow up with it" is no longer a valid excuse - learn or get out."
Being able to understand a piece of newish support technology does not make you better at your job unless your job is very menial.
"Replace these people with those who can understand what is going on and don't let them hide behind their age"
Very often the people who don't take to new technology actualy are doing their job better than most. They actually know how the system works unlike a bunch of out of touch managment, the consoultants they bring in and the techno geeks brought in by them know.
"I've come more and more to the conclusion that age being a protected status in this country is seriously holding us back"
Saddly your view point is shared by many "vacuous personalities" who make such inane statments as "why do employers take on ugly people".
Some employers are finding out that older people are more reliable, they get jobs done without having to have their hands held, they tend to be self motivated, not distracted by office social/politics and are way more trustworthy than their younger workers.
Importantly as other employers are finding out they know how things work in the real world. They have a lifetime of experiance that keeps them and their employers out of trouble...
There is an organisation in London on who peoples lives criticaly depend every day. The managers decided that the system in use was antiquated and decided to replace it with computers. They got a firm of consultants to do a requirments analysis for them and low and behold the consultants said "IT Solution". A system was got in and it failed from day one, the consultants and managment said it was the fault of the older operators for not switching over to the new system. They imposed a "typing speed limit" on operators. The older operators where made redundant and the figures got worse people where quite literaly dying because of it.
It turns out that the older operators new the system was not working and why. They went back to the old ways to try and keep people alive. Their reward was to be ignored by managment and pushed out the door. Managment of course got bonuses for bring in the new system even though the death rate was rising.
The reseilance went out of the system and when it was struck by one of those not so rare technical glitches and failed the operators with fast typing skills and know real knowledge where left stranded like fish above the tide line...
The organisation concerned had absolutely no execuse for the failure. Their system was implemented a considerable period of time after the gloss had come off of BPR and the inherent failings of replacing "organisational knowledge" with "inapropriate IT systems" was glaringly obvious to all. I dread to think how many people died needlessly over an expensive bondongle, that still has lasting deficiencies to this day.
As a side note various studies have shown that even with ICT systems efficiency in the office environment has been on the decline since 1973...
@ Brandioch Conner,
"To me, the real failure that was demonstrated is that we've spent so much time and money on "security theatre" and not enough on the basics such as being able to detect explosives."
Whilst I agree whole hartedly with the first part of the statment it is the second half that is actually the problematic part (but true nether the less).
First off we know that there are quite powerfull explosives out there that cannot be directly detected by the likes of gas chromatagraphs etc.
Further we know that many of the component parts of explosives (nitrates for instance) occure more frequently in the natural environment than explosives do by many orders of magnitude.
This gives rise to a real problem in that you have to "sniff" not just for common component parts but a very very large variety of chemicals many of which have a volatility that makes them dificult if not impossible to detect.
So chemical sniffing on it's own either has to many false positives (due to it's broad base) or missess many explosives because it is to specific.
Likewise nearly all the technologies in use suffer from the broad-v-specific issue.
If it is broad it produces a lot of positives that are not from explosives. If to specific it misses out on a lot of explosives that are not in the database.
However another reason for it's failure is it cannot show quantity. X-Ray and other scanning techniques give an indication of an objects size shape etc and thus it's volume, but not in general what the "volume" is.
What is required is a series of orthagonal detectors that can give further information.
For instance nitrates and an unacounted for object with a density you would expect from certain explosive types based on nitrates, pull the person asside for a more vigourous check.
Either warning on their own you could (possibly) let the person pass.
Thus if you had three or four orthagonal tests you would make the systems more appropriate at the basic level.
But the choice of overly selective sensors is just going to lift the noise floor of positives without achiving much....
There is also a secondary issue of "no penalties" for "enumeraing the system".
A terrorist organisation just by distant observation can tell what is and is not happening in any security check up over time. They can draw conclusions from this, and then they can go on and test their conclusions.
Because there are no real penalties other than object conviscation they can go around and around testing the sensitivity of the systems ad nausium.
Thus the lack of penalties alows an organisation to enumerate the system and work out what the weak points are that can be exploited. This is very much what the 9/11 terrorists did with the box cutters.
There are solutions to these two problems (observation/test) which will severly limit what a terrorist organisation can achieve whilst adding very little to the woes of the traverling public and in most cases improve their lot considerably.
So yes the basics very much need addressing but it needs to be done in a worth while way. And presently I don't see even a very remote mirage of this in the DHS and others efforts.
"sharing is far more important than secrecy", those are certainly words of wisdom, however there are two more aspects that need to be paid to the quality of the content that is being shared.
The information that is being collected can be skewed by two factors to the point of distortion.
The first one is that the linguistic or cultural context of that information may be lost or misinterpreted, it is very important that the source that adds content be knowledgeable not just in language but also culture of the source and can interpret it correctly with all its correct nuances.
The second aspect is a distortion due to beliefs or feelings about another country or regime (the war against Iraq being a prime example).
Until these aspects are dealt with seriously the information that we gather or share will be either watered down or undermined by these factors.
Bad information also needs to be weeded out of the system while corroborated information needs to be highlighted more prominently.
I can't help thinking that a well oiled security organization would be an even more dangerous weapon against a country's own citizens. Even as "broken" as you describe the current state of affairs, they manage to work "outside" the laws, somehow getting permission from the White House to violate citizens freedoms & rights more and more.
This kind of far reaching capability is too tempting for those in power to use against their political enemies.
Look how effective Cheney and co were at shutting down any debate over the plan to "punish" Iraq for 9/11.
As you have mentioned elsewhere, the system IS working - the latest terrorist had to resort to an ineffective underwear bomb, or at least he believed he had to..
@anon at January 19, 2010 8:36 AM
Well, whenever I criticize our current administration, I'll be sure to call them Biden and Co. And if the NY Times runs articles and editorials blasting them 365 days a year, I'll be sure to point out how good they were and silencing critics.
Thanks for the intellectual guidance. I'm sure my references to Biden and Co won't paint me as a partisan from the start.
@anon: I don't remember debate being shut down, I remember it being pointless. The Bush administration was, as far as I could tell, determined to go ahead with the invasion, and Congress went along. There were people denouncing dissension as unpatriotic (and people denouncing those people as unpatriotic), but I never had any problem expressing my opinion.
There have been abuses by security organizations in the US, but I haven't seen suppressing freedom of speech or expression as one of them. Nor does it look to me like abuse is proportional to competence.
For some pretty compelling evidence of a coordinated effort by the Whitehouse to suppress contrary opinions post 9/11, have a look at Bill Moyer's show "Buying the War"
And in case you haven't heard about systematic abuses in the US of A, here's a link (found in Bruce's article on China vs Google by the way)
All this with the bureaucratic mess that is your current intelligence system. Without restoring checks and balances on these kind of abuses of power, do you really want to streamline it?
The thread is about intelligence failures. It's relevant to consider what the other effects of improving intelligence to reduce failures might be. How the Bush administration dealt with the press during the run-up to 9/11 is not at all relevant, and you are derailing the thread by dragging it in. Please stop.
The intel capabilities were squandered in the 80's by politicians that promoted based on nepotism while ignoring qualifications. Net result? Everyone with a brain got a 4 times increase in pay by quitting and moving to the civilian sector.
If anyone wants to fix this problem they first have to disconnect the intel business from politics completely including denying access to classified info unless the politicians have qualified for the required clearance level and are subject to the same criminal prosecution for leaking classified information.
Then go about trying to fix the brain drain issue. Without analysts that have the innate genetic sense to accurately extrapolate and make sound predictions based on available data this is a moot topic. And since the mundanes in control of and destroying the nation don't believe in that sort of thing it isn't going to be fixed.
Consider China has more resources to apply to their WWIII against the west than the west has people. Duh. Hard decisions have to be made my friends. What is necessary is ugly. You can't stay in a position of strength by dropping your pants on the ground and bowing with your hind quarters to those who want you put down. Diplomacy only goes so far. The loose bolts and leaks have to be closed off. Sharing is a fact of life but you are going to have to take the Stanford cartel out of the mix.
And exactly why is it that the Stanford cartel (silicone valley mindset tech companies like facebook, google, microsoft) literally have more power than our government and president and these tech companies are making decisions about our personal data as in deciding we have no rights to privacy? Why isn't our government dealing with that? Who owns most of those companies anyway? China perhaps? Another duh.
We are BLIND.
Have a nice day and enjoy your comfortable home and nice car and your cell phone gadgets (that can be remotely activated and used to listen to your "sekret projekt" meetings). Have a few drinks to get that buzz on at lunch. Then wonder why things got the way they are.
Shoulda stayed hungry.
"most of the other organizations of interest are like al Qaeda: decentralized, poorly funded and incapable of the intricate spy versus spy operations the Soviet Union could pull off."
Mad mullahs, like certain other intelligence-oriented groups, play American intelligence like a piano. When a state's "intelligence" function is split among many mutually-exclusive minds, each surveying a finite set of data sources and processing the raw intelligence on the basis of their compartmented interest set, this provides opportunities for a single-minded opponent to plant calculated data in selected compartments that points all "coordinating" agencies into blind alleys and wild goose chases diverting resources and attention wherever the opponent may choose for whatever purposes.
The problem is on the order of "Who watches the watchers." Commitment to a career in intelligence ~ a necessary function of any social group ~ means absolute transparency of every aspect of one's life and work. Transparent, that is, to the hierarchy of the intelligence organization, whose first work, underpinning and superseding all other work, is thoroughly comprehensive and utterly ruthless counterintelligence, without which all analysis of chaotic data is a vain exercise riddled with potential failures.
False patterns *will* be sewn into the kaleidoscopic tapestry of hostile operations. "Verification" *will* be planted where analysts will look for it. "Forward observers" *will* be dispatched or recruited within the targeted agency array. All it takes is one enemy who knows the holographic content of a recognizable disinformation, and the single-mindedness of the intelligence organ is thrown into disarray.
Utter opacity to all other viewers, especially allies. Nothing of intelligence value fails to disclose that it *has* value when given into the safekeeping of another intelligence, even when that "value" is a disinformation potential. Nothing given "gratuitously," or as a quid pro quo or as "verification," lacks other intents and purposes, one to be discovered and one to yield effect.
The al-Qaeda phantom doesn't need funding to spend ours. All it needs is split-minded compartmentalization and variable focii among our intelligence organs. No one was fooled by America's recruitment of mujahideen for Afghanistan's fight against the Soviet occupation, except Americans who conveniently provided training, materiel, intelligence, funding methodologies and manpower for today's anticolonial struggle against the American occupation.
American hubris leads to assessment of capacities based on externals, not intelligence, which for America is hopelessly fragmented, misdirected, and led by a nose that can't smell a rat when he absconds with the cheese.
Some people other than Obama need to do some serious rethinking.
"The Internet is the greatest generation gap since rock and roll, and it's just as true inside government as out. We might have to wait for the elders inside these agencies to retire and be replaced by people who grew up with the Internet."
As Frances says, the assertion that old dogs can't learn new tricks is as wrong as it is conventional. The intelligence community has used the web for inter-agency information sharing for about as long as the web has existed: http://en.wikipedia.org/wiki/Intelink was established in 1994, the year after NCSA Mosaic was released. That would not have happened if those who approve the development of such tools, and those who use them, were akin to the proverbial dad struggling to understand YouTwitFace.
As someone who as a child fixed the neighbor's TVs by testing thermionic valves down at the corner chemist (we call them "vacuum tubes" and "drug stores" on this side of the pond), and who currently uses wikis and real-time collaboration tools daily to do the Government's business, I can say with assurance that failures to connect the dots have nothing to do with either the availability of current technology or the boomers' ability to use it.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.