Entries Tagged "national security policy"

Page 55 of 57

U.S. Port Security and Proxies

My twelfth essay for Wired.com is about U.S. port security, and more generally about trust and proxies:

Pull aside the rhetoric, and this is everyone’s point. There are those who don’t trust the Bush administration and believe its motivations are political. There are those who don’t trust the UAE because of its terrorist ties—two of the 9/11 terrorists and some of the funding for the attack came out of that country—and those who don’t trust it because of racial prejudices. There are those who don’t trust security at our nation’s ports generally and see this as just another example of the problem.

The solution is openness. The Bush administration needs to better explain how port security works, and the decision process by which the sale of P&O was approved. If this deal doesn’t compromise security, voters—at least the particular lawmakers we trust—need to understand that.

Regardless of the outcome of the Dubai deal, we need more transparency in how our government approaches counter-terrorism in general. Secrecy simply isn’t serving our nation well in this case. It’s not making us safer, and it’s properly reducing faith in our government.

Proxies are a natural outgrowth of society, an inevitable byproduct of specialization. But our proxies are not us and they have different motivations—they simply won’t make the same security decisions as we would. Whether a king is hiring mercenaries, an organization is hiring a network security company or a person is asking some guy to watch his bags while he gets a drink of water, successful security proxies are based on trust. And when it comes to government, trust comes through transparency and openness.

Posted on February 23, 2006 at 7:07 AMView Comments

DHS Funding Open Source Security

From eWeek:

The U.S. government’s Department of Homeland Security plans to spend $1.24 million over three years to fund an ambitious software auditing project aimed at beefing up the security and reliability of several widely deployed open-source products.

The grant, called the “Vulnerability Discovery and Remediation Open Source Hardening Project,” is part of a broad federal initiative to perform daily security audits of approximately 40 open-source software packages, including Linux, Apache, MySQL and Sendmail.

The plan is to use source code analysis technology from San Francisco-based Coverity Inc. to pinpoint and correct security vulnerabilities and other potentially dangerous defects in key open-source packages.

Software engineers at Stanford University will manage the project and maintain a publicly available database of bugs and defects.

Anti-virus vendor Symantec Corp. is providing guidance as to where security gaps might be in certain open-source projects.

I think this is a great use of public funds. One of the limitations of open-source development is that it’s hard to fund tools like Coverity. And this kind of thing improves security for a lot of different organizations against a wide variety of threats. And it increases competition with Microsoft, which will force them to improve their OS as well. Everybody wins.

What’s affected?

In addition to Linux, Apache, MySQL and Sendmail, the project will also pore over the code bases for FreeBSD, Mozilla, PostgreSQL and the GTK (GIMP Tool Kit) library.

And from ZDNet:

The list of open-source projects that Stanford and Coverity plan to check for security bugs includes Apache, BIND, Ethereal, KDE, Linux, Firefox, FreeBSD, OpenBSD, OpenSSL and MySQL, Coverity said.

Posted on January 17, 2006 at 1:04 PMView Comments

How Much High Explosive Does Any One Person Need?

Four hundred pounds:

The stolen goods include 150 pounds of C-4 plastic explosive and 250 pounds of thin sheets of explosives that could be used in letter bombs. Also, 2,500 detonators were missing from a storage explosive container, or magazine, in a bunker owned by Cherry Engineering.

The theft was professional:

Thieves apparently used blowtorches to cut through the storage trailers—suggesting they knew what they were after.

Most likely it’s a criminal who will resell the stuff, but it could be a terrorist organization. My guess is criminals, though.

By the way, this is in America…

The material was taken from Cherry Engineering, a company owned by Chris Cherry, a scientist at Sandia National Labs.

…where security is an afterthought:

The site, located outside Albuquerque, had no guards and no surveillance cameras.

Or maybe not even an afterthought:

It was the site’s second theft in the past two years.

If anyone is looking for something to spend national security money on that will actually make us safer, securing high-explosive-filled trailers would be high on my list.

EDITED TO ADD (12/29): The explosives were recovered.

Posted on December 20, 2005 at 2:20 PMView Comments

Limitations on Police Power Shouldn't Be a Partisan Issue

In response to my op ed last week, the Minneapolis Star Tribune published this letter:

THE PATRIOT ACT

Where are the abuses?

The Nov. 22 commentary “The erosion of freedom” is yet another example of how liberal hysteria is conspicuously light on details.

While the Patriot Act may allow for potential abuses of power, flaws undoubtedly to be fine-tuned over time, the “erosion of freedom” it may foster absolutely pales in comparison to the freedom it is designed to protect in the new age of global terrorism.

I have yet to read of one incident of infringement of any private citizen’s rights as a direct result of the Patriot Act—nor does this commentary point out any, either.

While I’m a firm believer in the Fourth Amendment, I also want our law enforcement to have the legal tools necessary, unfettered by restrictions to counter liberals’ paranoid fixation on “fascism,” in order to combat the threat that terrorism has on all our freedoms.

I have enough trust in our free democratic society and the coequal branches of government that we won’t evolve into a sinister “police state,” as ominously predicted by this commentary.

CHRIS GARDNER, MINNEAPOLIS

Two things strike me in this letter. The first is his “I have yet to read of one incident of infringement of any private citizen’s rights as a direct result of the Patriot Act….” line. It’s just odd. A simple Googling of “patriot act abuses” comes up with almost 3 million hits, many of them pretty extensive descriptions of Patriot Act abuses. Now, he could decide that none of them are abuses. He could choose not to believe any of them are true. He could choose to believe, as he seems to, that it’s all in some liberal fantasy. But to simply not even bother reading about them…isn’t he just admitting that he’s not qualified to have an opinion on the matter? (There’s also that “direct result” weaseling, which I’m not sure what to make of either. Are infringements that are an indirect result of the Patriot Act somehow better?)

I suppose that’s just being petty, though.

The more important thing that strikes me is how partisan he is. He writes about “liberal hysteria” and “liberals’ paranoid fixation on ‘fascism.'” In his last paragraph, he writes about his trust in government.

Most laws don’t matter when we all trust each other. Contracts are rarely if ever looked at if the parties trust each other. The whole point of laws and contracts is to protect us when the parties don’t trust each other. It’s not enough that this guy, and everyone else with this opinion, trusts the Bush government to judiciously balance his rights with the need to fight global terrorism. This guy has to believe that when the Democrats are in power that his rights are just as protected: that he is just as secure against police and government abuse.

Because that’s how you should think about laws, contracts, and government power. When reading through a contract, don’t think about how much you like the other person who’s signing it; imagine how the contract will protect you if you become enemies. When thinking about a law, imagine how it will protect you when your worst nightmare—Hillary Clinton as President, Janet Reno as Attorney General, Howard Dean as something-or-other, and a Democratic Senate and House—is in power.

Laws and contracts are not written for one political party, or for one side. They’re written for everybody. History teaches us this lesson again and again. In the United States, the Bill of Rights was opposed on the grounds that it wasn’t necessary; the Alien and Sedition Act of 1798 proved that it was, only nine years later.

It makes no sense to me that this is a partisan issue.

Posted on December 2, 2005 at 6:11 AMView Comments

Giving the U.S. Military the Power to Conduct Domestic Surveillance

More nonsense in the name of defending ourselves from terrorism:

The Defense Department has expanded its programs aimed at gathering and analyzing intelligence within the United States, creating new agencies, adding personnel and seeking additional legal authority for domestic security activities in the post-9/11 world.

The moves have taken place on several fronts. The White House is considering expanding the power of a little-known Pentagon agency called the Counterintelligence Field Activity, or CIFA, which was created three years ago. The proposal, made by a presidential commission, would transform CIFA from an office that coordinates Pentagon security efforts—including protecting military facilities from attack—to one that also has authority to investigate crimes within the United States such as treason, foreign or terrorist sabotage or even economic espionage.

The Pentagon has pushed legislation on Capitol Hill that would create an intelligence exception to the Privacy Act, allowing the FBI and others to share information gathered about U.S. citizens with the Pentagon, CIA and other intelligence agencies, as long as the data is deemed to be related to foreign intelligence. Backers say the measure is needed to strengthen investigations into terrorism or weapons of mass destruction.

The police and the military have fundamentally different missions. The police protect citizens. The military attacks the enemy. When you start giving police powers to the military, citizens start looking like the enemy.

We gain a lot of security because we separate the functions of the police and the military, and we will all be much less safer if we allow those functions to blur. This kind of thing worries me far more than terrorist threats.

Posted on November 28, 2005 at 2:11 PMView Comments

FBI Abuses of the USA Patriot Act

Since the Patriot Act was passed, administration officials have repeatedly assured the public and Congress that there have not been improper uses of that law. As recently as April 27, 2005, Attorney General Alberto Gonzales testified that “there has not been one verified case of civil liberties abuse.”

However:

Documents obtained by EPIC from the FBI describe thirteen cases of possible misconduct in intelligence investigations. The case numbering suggests that there were at least 153 investigations of misconduct at the FBI in 2003 alone.

These documents reveal that the Intelligence Oversight Board has investigated many instances of alleged abuse, and perhaps most critically, may not have disclosed these facts to the Congressional oversight committees charged with evaluating the Patriot Act.

According to The Washington Post

In one case, FBI agents kept an unidentified target under surveillance for at least five years—including more than 15 months without notifying Justice Department lawyers after the subject had moved from New York to Detroit. An FBI investigation concluded that the delay was a violation of Justice guidelines and prevented the department “from exercising its responsibility for oversight and approval of an ongoing foreign counterintelligence investigation of a U.S. person.”

In other cases, agents obtained e-mails after a warrant expired, seized bank records without proper authority and conducted an improper “unconsented physical search,” according to the documents.

Although heavily censored, the documents provide a rare glimpse into the world of domestic spying, which is governed by a secret court and overseen by a presidential board that does not publicize its deliberations. The records are also emerging as the House and Senate battle over whether to put new restrictions on the controversial USA Patriot Act, which made it easier for the government to conduct secret searches and surveillance but has come under attack from civil liberties groups.

EPIC received these documents under FOIA, and has written to the Senate Judiciary Committee to urge hearings on the matter, and has recommended that the Attorney General be required to report to Congress when the Intelligence Oversight Board receives allegations of unlawful intelligence investigations.

This week marks the four-year anniversary of the enactment of the Patriot Act. Does anyone feel safer because of it?

EDITED TO ADD: There’s a New York Times article on the topic.

Posted on October 25, 2005 at 7:09 AMView Comments

A U.S. National Firewall

This seems like a really bad idea:

Government has the right—even the responsibility—to see that its laws and regulations are enforced. The Internet is no exception. When the Internet is being used on American soil, it should comply with American law. And if it doesn’t, then the government should be able to step in and filter the illegal sites and activities.

Posted on September 7, 2005 at 3:53 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.