Page 45 of 61
Interesting story about a con man who conned the U.S. government, and how the government is trying to hide its dealings with him.
For eight years, government officials turned to Dennis Montgomery, a California computer programmer, for eye-popping technology that he said could catch terrorists. Now, federal officials want nothing to do with him and are going to extraordinary lengths to ensure that his dealings with Washington stay secret.
I wrote an op-ed for CNN.com on the demise of the color-coded terrorist theat level system. It’s nothing I haven’t said before, so I won’t reprint it here.
The best thing about the system was the jokes it inspired late-night comedians, and others, to make. In memoriam, people should post the funniest of those jokes here.
A new report from the OECD says the threat of cyberwar has been grossly exaggerated. (Hey, that’s what I said.)
There are lots of news articles.
Also worth reading is this article on cyberwar hype and how it isn’t serving our national interests, with some good policy guidelines.
This will be nothing new to readers of this blog, but it’s nice to read other people saying it too.
Cyber War: The Next Threat to National Security and What to do About It by Richard Clarke and Robert Knake, HarperCollins, 2010.
Cyber War is a fast and enjoyable read. This means you could give the book to your non-techy friends, and they’d understand most of it, enjoy all of it, and learn a lot from it. Unfortunately, while there’s a lot of smart discussion and good information in the book, there’s also a lot of fear-mongering and hyperbole as well. Since there’s no easy way to tell someone what parts of the book to pay attention to and what parts to take with a grain of salt, I can’t recommend it for that purpose. This is a pity, because parts of the book really need to be widely read and discussed.
The fear-mongering and hyperbole is mostly in the beginning. There, the authors describe the cyberwar of novels. Hackers disable air traffic control, delete money from bank accounts, cause widespread blackouts, release chlorine gas from chemical plants, and—this is my favorite—remotely cause your printer to catch on fire. It’s exciting and scary stuff, but not terribly realistic. Even their discussions of previous “cyber wars”—Estonia, Georgia, attacks against U.S. and South Korea on July 4, 2009—are full of hyperbole. A lot of what they write is unproven speculation, but they don’t say that.
Better is the historical discussion of the formation of the U.S. Cyber Command, but there are important omissions. There’s nothing about the cyberwar fear being stoked that accompanied this: by the NSA’s General Keith Alexander—who became the first head of the command—or by the NSA’s former director, current military contractor, by Mike McConnell, who’s Senior Vice President at Booz Allen Hamilton, and by others. By hyping the threat, the former has amassed a lot of power, and the latter a lot of money. Cyberwar is the new cash cow of the military-industrial complex, and any political discussion of cyberwar should include this as well.
Also interesting is the discussion of the asymmetric nature of the threat. A country like the United States, which is heavily dependent on the Internet and information technology, is much more vulnerable to cyber-attacks than a less-developed country like North Korea. This means that a country like North Korea would benefit from a cyberwar exchange: they’d inflict far more damage than they’d incur. This also means that, in this hypothetical cyberwar, there would be pressure on the U.S. to move the war to another theater: air and ground, for example. Definitely worth thinking about.
Most important is the section on treaties. Clarke and Knake have a lot of experience with nuclear treaties, and have done considerable thinking about how to apply that experience to cyberspace. The parallel isn’t perfect, but there’s a lot to learn about what worked and what didn’t, and—more importantly—how things worked and didn’t. The authors discuss treaties banning cyberwar entirely (unlikely), banning attacks against civilians, limiting what is allowed in peacetime, stipulating no first use of cyber weapons, and so on. They discuss cyberwar inspections, and how these treaties might be enforced. Since cyberwar would be likely to result in a new worldwide arms race, one with a more precarious trigger than the nuclear arms race, this part should be read and discussed far and wide. Sadly, it gets lost in the rest of the book. And, since the book lacks an index, it can be hard to find any particular section after you’re done reading it.
In the last chapter, the authors lay out their agenda for the future, which largely I agree with.
This is great stuff, and a fine starting place for a national policy discussion on cybersecurity, whether it be against a military, espionage, or criminal threat. Unfortunately, for readers to get there, they have to wade through the rest of the book. And unless their bullshit detectors are already well-calibrated on this topic, I don’t want them reading all the hyperbole and fear-mongering that comes before, no matter how readable the book.
Note: I read Cyber War in April, when it first came out. I wanted to write a review then, but found that while my Kindle is great for reading, it’s terrible for flipping back and forth looking for bits and pieces to write about in a review. So I let the review languish. Finally, I borrowed a paper copy from my local library.
Some other reviews of the book Cyber War. See also the reviews on the Amazon page.
This seems not to be a joke:
The American Civil Liberties Union has filed a lawsuit against the state after it refused to release the construction plans for a barn used to store road salt, on the basis that doing so would be a security risk.
[…]
Chiaffarano filed an OPRA request for the state’s building plans, but was denied her request as the state cited a 2002 executive order by Gov. James McGreevey.
The order, issued in the wake of the Sept. 11 terrorist attacks on the World Trade Center and the Pentagon, allows the state to decline the release of public records that would compromise the state’s ability to “protect and defend the state and its citizens against acts of sabotage or terrorism.”
Lisa Ryan, spokeswoman for the Department of Community Affairs, declined to comment on the pending lawsuit.
From Michael Leiter, the director of the National Counterterrorism Center:
Ultimately, Leiter said, it’ll be the “quiet, confident resilience” of Americans after a terrorist attack that will “illustrate ultimately the futility of terrorism.” That doesn’t mean not to hit back: Leiter quickly added that “we will hold those accountable [and] we will be ready to respond to those attacks.” But it does mean recognizing, he said, that “we help define the success of an attack by our reaction to that attack.”
Sure, I’ve been saying this since forever. But I think this is the most senior government person who has said this.
EDITED TO ADD (12/8): There are enough essays with this sentiment that I’m going to stop blogging about it. Here’s what I have saved up.
Roger Cohen, “The Real Threat to America“:
So I give thanks this week for the Fourth Amendment: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
I give thanks for Benjamin Franklin’s words after the 1787 Constitutional Convention describing the results of its deliberations: “A Republic, if you can keep it.”
To keep it, push back against enhanced patting, Chertoff’s naked-screening and the sinister drumbeat of fear.
Christopher Hitchens, Don’t Be an Ass About Airport Security.”
Tom Engelhardt, “The National Security State Cops a Feel.”
Evan DeFilippis, “A Nude Awakening—TSA and Privacy“:
If we have both the right to privacy and the right to travel, then TSA´s newest procedures cannot conceivably be considered legal. The TSA´s regulations blatantly compromise the former at the expense of the latter, and as time goes on we will soon forget what it meant to have those rights.
EDITED TO ADD (12/8): Also, this great comic.
The U.S. Federal Trade Commission released its privacy report: “Protecting Consumer Privacy in an Era of Rapid Change.”
From the press release:
One method of simplified choice the FTC staff recommends is a “Do Not Track” mechanism governing the collection of information about consumer’s Internet activity to deliver targeted advertisements and for other purposes. Consumers and industry both support increased transparency and choice for this largely invisible practice. The Commission recommends a simple, easy to use choice mechanism for consumers to opt out of the collection of information about their Internet behavior for targeted ads. The most practical method would probably involve the placement of a persistent setting, similar to a cookie, on the consumer’s browser signaling the consumer’s choices about being tracked and receiving targeted ads.
Securing the Washington Monument from terrorism has turned out to be a surprisingly difficult job. The concrete fence around the building protects it from attacking vehicles, but there’s no visually appealing way to house the airport-level security mechanisms the National Park Service has decided are a must for visitors. It is considering several options, but I think we should close the monument entirely. Let it stand, empty and inaccessible, as a monument to our fears.
An empty Washington Monument would serve as a constant reminder to those on Capitol Hill that they are afraid of the terrorists and what they could do. They’re afraid that by speaking honestly about the impossibility of attaining absolute security or the inevitability of terrorism—or that some American ideals are worth maintaining even in the face of adversity—they will be branded as “soft on terror.” And they’re afraid that Americans would vote them out of office if another attack occurred. Perhaps they’re right, but what has happened to leaders who aren’t afraid? What has happened to “the only thing we have to fear is fear itself”?
An empty Washington Monument would symbolize our lawmakers’ inability to take that kind of stand—and their inability to truly lead.
Some of them call terrorism an “existential threat” against our nation. It’s not. Even the events of 9/11, as horrific as they were, didn’t make an existential dent in our nation. Automobile-related fatalities—at 42,000 per year, more deaths each month, on average, than 9/11—aren’t, either. It’s our reaction to terrorism that threatens our nation, not terrorism itself. The empty monument would symbolize the empty rhetoric of those leaders who preach fear and then use that fear for their own political ends.
The day after Umar Farouk Abdulmutallab failed to blow up a Northwest jet with a bomb hidden in his underwear, Homeland Security Secretary Janet Napolitano said “The system worked.” I agreed. Plane lands safely, terrorist in custody, nobody injured except the terrorist. Seems like a working system to me. The empty monument would represent the politicians and press who pilloried her for her comment, and Napolitano herself, for backing down.
The empty monument would symbolize our war on the unexpected,—our overreaction to anything different or unusual—our harassment of photographers, and our probing of airline passengers. It would symbolize our “show me your papers” society, rife with ID checks and security cameras. As long as we’re willing to sacrifice essential liberties for a little temporary safety, we should keep the Washington Monument empty.
Terrorism isn’t a crime against people or property. It’s a crime against our minds, using the death of innocents and destruction of property to make us fearful. Terrorists use the media to magnify their actions and further spread fear. And when we react out of fear, when we change our policy to make our country less open, the terrorists succeed—even if their attacks fail. But when we refuse to be terrorized, when we’re indomitable in the face of terror, the terrorists fail—even if their attacks succeed.
We can reopen the monument when every foiled or failed terrorist plot causes us to praise our security, instead of redoubling it. When the occasional terrorist attack succeeds, as it inevitably will, we accept it, as we accept the murder rate and automobile-related death rate; and redouble our efforts to remain a free and open society.
The grand reopening of the Washington Monument will not occur when we’ve won the war on terror, because that will never happen. It won’t even occur when we’ve defeated al Qaeda. Militant Islamic terrorism has fractured into small, elusive groups. We can reopen the Washington Monument when we’ve defeated our fears, when we’ve come to accept that placing safety above all other virtues cedes too much power to government and that liberty is worth the risks, and that the price of freedom is accepting the possibility of crime.
I would proudly climb to the top of a monument to those ideals.
A version of this essay—there were a lot of changes and edits—originally appeared in the New York Daily News.
I wish I’d come up with the idea of closing the Washington Monument, but I didn’t. It was the Washington Post’s Philip Kennicott’s idea, although he didn’t say it with as much fervor.
Total cost for the Yemeni printer cartridge bomb plot: $4200.
“Two Nokia mobiles, $150 each, two HP printers, $300 each, plus shipping, transportation and other miscellaneous expenses add up to a total bill of $4,200. That is all what Operation Hemorrhage cost us,” the magazine said.
Even if you add in costs for training, recruiting, logistics, and everything else, that’s still remarkably cheap. And think of how many times that we spent in security in the aftermath.
As it turns out, this is bin Laden’s plan:
In his October 2004 address to the American people, bin Laden noted that the 9/11 attacks cost al Qaeda only a fraction of the damage inflicted upon the United States. “Al Qaeda spent $500,000 on the event,” he said, “while America in the incident and its aftermath lost—according to the lowest estimates—more than $500 billion, meaning that every dollar of al Qaeda defeated a million dollars.”
The economic strategy of jihad would go through refinement. Its initial phase linked terrorist attacks broadly to economic harm. A second identifiable phase, which al Qaeda pursued even as it continued to attack economic targets, is what you might call its “bleed-until-bankruptcy plan.” Bin Laden announced this plan in October 2004, in the same video in which he boasted of the economic harm inflicted by 9/11. Terrorist attacks are often designed to provoke an overreaction from the opponent and this phase seeks to embroil the United States and its allies in draining wars in the Muslim world. The mujahideen “bled Russia for 10 years, until it went bankrupt,” bin Laden said, and they would now do the same to the United States.
[…]
The point is clear: Security is expensive, and driving up costs is one way jihadists can wear down Western economies. The writer encourages the United States “not to spare millions of dollars to protect these targets” by increasing the number of guards, searching all who enter those places, and even preventing flying objects from approaching the targets. “Tell them that the life of the American citizen is in danger and that his life is more significant than billions of dollars,” he wrote. “Hand in hand, we will be with you until you are bankrupt and your economy collapses.”
None of this would work if we don’t help them by terrorizing ourselves. I wrote this after the Underwear Bomber failed:
Finally, we need to be indomitable. The real security failure on Christmas Day was in our reaction. We’re reacting out of fear, wasting money on the story rather than securing ourselves against the threat. Abdulmutallab succeeded in causing terror even though his attack failed.
If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed.
Sidebar photo of Bruce Schneier by Joe MacInnis.