Essays in the Category "National Security Policy"
Page 11 of 14
The Anti-ID-Theft Bill That Isn't
California was the first state to pass a law requiring companies that keep personal data to disclose when that data is lost or stolen. Since then, many states have followed suit. Now Congress is debating federal legislation that would do the same thing nationwide.
Except that it won’t do the same thing: The federal bill has become so watered down that it won’t be very effective. I would still be in favor of it—a poor federal law is better than none—if it didn’t also pre-empt more-effective state laws, which makes it a net loss.
Identity theft is the fastest-growing area of crime. It’s badly named—your identity is the one thing that cannot be stolen—and is better thought of as fraud by impersonation. A criminal collects enough personal information about you to be able to impersonate you to banks, credit card companies, brokerage houses, etc. Posing as you, he steals your money, or takes a destructive joyride on your good credit…
U.S. Ports Raise Proxy Problem
Does it make sense to surrender management, including security, of six U.S. ports to a Dubai-based company? This question has set off a heated debate between the administration and Congress, as members of both parties condemned the deal.
Most of the rhetoric is political posturing, but there’s an interesting security issue embedded in the controversy. It’s about proxies, trust, and transparency.
A proxy is a concept I discussed in my book Beyond Fear. It’s a person or organization that acts on your behalf in some way. It’s how complex societies work—it’s impossible for us all to do everything or make every decision, so we cede some authority to proxies…
Uncle Sam is Listening
Bush may have bypassed federal wiretap law to deploy more high-tech methods of surveillance.
When President Bush directed the National Security Agency to secretly eavesdrop on American citizens, he transferred an authority previously under the purview of the Justice Department to the Defense Department and bypassed the very laws put in place to protect Americans against widespread government eavesdropping. The reason may have been to tap the NSA’s capability for data mining and widespread surveillance.
Illegal wiretapping of Americans is nothing new. In the 1950s and ’60s, in a program called “Project Shamrock,” the NSA intercepted every single telegram coming in or going out of the United States. It conducted eavesdropping without a warrant on behalf of the CIA and other agencies. Much of this became public during the 1975 Church Committee hearings and resulted in the now famous Foreign Intelligence Surveillance Act …
Unchecked Presidential Power
In the weeks after 9/11, while America and the world were grieving, President Bush built a legal rationale for a dictatorship. Then he started using it to avoid the law.
This past Thursday, the New York Times exposed the most significant violation of federal surveillance law in the post-Watergate era. President Bush secretly authorized the National Security Agency to engage in domestic spying, wiretapping thousands of Americans and bypassing the legal procedures regulating this activity.
This isn’t about the spying, although that’s a major issue in itself. This is about the Fourth Amendment protections against illegal search. This is about circumventing a teeny tiny check by the judicial branch, placed there by the legislative branch, placed there 27 years ago—on the last occasion that the executive branch abused its power so broadly…
The Erosion of Freedom
Spying tools are now routinely used against ordinary, law-abiding Americans who have no connection to terrorism.
Christmas 2003, Las Vegas. Intelligence hinted at a terrorist attack on New Year’s Eve. In the absence of any real evidence, the FBI tried to compile a real-time database of everyone who was visiting the city. It collected customer data from airlines, hotels, casinos, rental car companies, even storage locker rental companies. All this information went into a massive database—probably close to a million people overall—that the FBI’s computers analyzed, looking for links to known terrorists. Of course, no terrorist attack occurred and no plot was discovered: The intelligence was wrong…
Fatal Flaw Weakens RFID Passports
In 2004, when the U.S. State Department first started talking about embedding RFID chips in passports, the outcry from privacy advocates was huge. When the State Department issued its draft regulation in February, it got 2,335 comments, 98.5 percent negative. In response, the final State Department regulations, issued last week, contain two features that attempt to address security and privacy concerns. But one serious problem remains.
Before I describe the problem, some context on the surrounding controversy may be helpful. RFID chips are passive, and broadcast information to any reader that queries the chip. So critics, myself …
A Sci-Fi Future Awaits the Court
At John Roberts’ confirmation hearings last week, there weren’t enough discussions about science fiction. Technologies that are science fiction today will become constitutional questions before Roberts retires from the bench. The same goes for technologies that cannot even be conceived of now. And many of these questions involve privacy.
According to Roberts, there is a “right to privacy” in the Constitution. At least, that’s what he said during his Senate hearings last week. It’s a politically charged question, because the two decisions that established the right to contraceptives and abortion—Griswold v. Connecticut (1965) and Roe v. Wade (1973)—are based in part on a right to privacy. “Where do you stand on privacy?” can be code for “Where do you stand on abortion?”…
Toward a Truly Safer Nation
Leaving aside the political posturing and the finger-pointing, how did our nation mishandle Katrina so badly? After spending tens of billions of dollars on homeland security (hundreds of billions, if you include the war in Iraq) in the four years after 9/11, what did we do wrong? Why were there so many failures at the local, state and federal levels?
These are reasonable questions. Katrina was a natural disaster and not a terrorist attack, but that only matters before the event. Large-scale terrorist attacks and natural disasters differ in cause, but they’re very similar in aftermath. And one can easily imagine a Katrina-like aftermath to a terrorist attack, especially one involving nuclear, biological or chemical weapons…
Risks of Third-Party Data
Reports are coming in torrents. Criminals are known to have downloaded personal credit information of over 145,000 Americans from ChoicePoint’s network. Hackers took over one of Lexis Nexis’ databases, gaining access to personal files of 32,000 people. Bank of America Corp. lost computer data tapes that contained personal information on 1.2 million federal employees, including members of the U.S. Senate. A hacker downloaded the names, Social Security numbers, voicemail and SMS messages, and photos of 400 T-Mobile customers, and probably had access to all of their 16.3 million U.S. customers. In a separate incident, Paris Hilton’s phone book and SMS messages were hacked and distributed on the Internet…
Digital Information Rights Need Tech-Savvy Courts
Opinion: The courts need to recognize that in the information age, virtual privacy and physical privacy don’t have the same boundaries.
For at least seven months last year, a hacker had access to T-Mobile’s customer network. He is known to have accessed information belonging to 400 customers—names, Social Security numbers, voice mail messages, SMS messages, photos—and probably had the ability to access data belonging to any of T-Mobile’s 16.3 million U.S. customers. But in its fervor to report on the security of cell phones, and T-Mobile in particular, the media missed the most important point of the story: The security of much of our data is not under our control…
Sidebar photo of Bruce Schneier by Joe MacInnis.