terrorism

The email dead drop

From the L.A. Times‘ “Cyberspace Gives Al Qaeda Refuge“:

Simplicity seems to work best. One common method of communicating over the Internet is essentially an e-mail version of the classic dead drop.

Members of a cell are all given the same prearranged username and password for an e-mail account on an Internet service provider, or ISP, such as Hotmail or Yahoo, according to the recent joint report by the Treasury and Justice departments.

One member writes a message, but instead of sending it, he puts it in the ‘draft’ file and then logs off. Someone else can then sign onto the account using the same username and password, read the draft and then delete it.

‘Because the draft was never sent, the ISP does not retain a copy of it and there is no record of it traversing the Internet—it never went anywhere, its recipients came to it,’ the report said.

The email dead drop Read More »

Getting past security on planes

From Bruce Schneier’s Crypto-Gram of 15 August 2003:

It’s actually easy to fly on someone else’s ticket. Here’s how: First, have an upstanding citizen buy an e-ticket. (This also works if you steal someone’s identity or credit card.) Second, on the morning of the flight print the boarding pass at home. (Most airlines now offer this convenient feature.) Third, change the name on the e-ticket boarding pass you print out at home to your own. (You can do this with any half-way decent graphics software package.) Fourth, go to the airport, go through security, and get on the airplane.

You can even make a knife on board the plane. Buy some steel epoxy glue at a local hardware store. It comes in two tubes: a base with steel dust and a hardener. Make a knifelike mold by folding a piece of cardboard in half. Then mix equal parts from each tube and form into a knife shape, using a metal fork from your first-class dinner service (or a metal spoon you carry aboard) for the handle. Fifteen minutes later you’ve got a reasonably sharp, very pointy, black steel knife.

Getting past security on planes Read More »

Problems with ID cards

From Bruce Schneier’s Crypto-Gram of 15 April 2004:

My argument may not be obvious, but it’s not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails.

It doesn’t really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.

The first problem is the card itself. No matter how unforgeable we make it, it will be forged. And even worse, people will get legitimate cards in fraudulent names. …

Not that there would ever be such thing as a single ID card. Currently about 20 percent of all identity documents are lost per year. An entirely separate security system would have to be developed for people who lost their card, a system that itself is capable of abuse. …

But the main problem with any ID system is that it requires the existence of a database. In this case it would have to be an immense database of private and sensitive information on every American—one widely and instantaneously accessible from airline check-in stations, police cars, schools, and so on.

The security risks are enormous. Such a database would be a kludge of existing databases; databases that are incompatible, full of erroneous data, and unreliable. …

What good would it have been to know the names of Timothy McVeigh, the Unabomber, or the DC snipers before they were arrested? Palestinian suicide bombers generally have no history of terrorism. The goal is here is to know someone’s intentions, and their identity has very little to do with that.

Problems with ID cards Read More »

Al Qaeda’s use of social networking sites

From Brian Prince’s “How Terrorism Touches the ‘Cloud’ at RSA” (eWeek: 23 April 2009):

When it comes to the war on terrorism, not all battles, intelligence gathering and recruitment happen in the street. Some of it occurs in the more elusive world of the Internet, where supporters of terrorist networks build social networking sites to recruit and spread their message.  
Enter Jeff Bardin of Treadstone 71, a former code breaker, Arabic translator and U.S. military officer who has been keeping track of vBulletin-powered sites run by supporters of al Qaeda. There are between 15 and 20 main sites, he said, which are used by terrorist groups for everything from recruitment to the distribution of violent videos of beheadings.

… “One social networking site has over 200,000 participants. …

The videos on the sites are produced online by a company called “As-Sahab Media” (As-Sahab means “the cloud” in English). Once shot, the videos make their way from hideouts to the rest of the world via a system of couriers. Some of them contain images of violence; others exhortations from terrorist leaders. Also on the sites are tools such as versions of “Mujahideen Secrets,” which is used for encryption.

“It’s a pretty solid tool; it’s not so much that the tool is so much different from the new PGP-type [tool], but the fact is they built it from scratch, which shows a very mature software development lifecycle,” he said.

Al Qaeda’s use of social networking sites Read More »

Crazy anti-terrorism plans that worked

From a Special Operations officer quoted in Tom Ricks’s Inbox (The Washington Post: 5 October 2008):

One of the most interesting operations was the laundry mat [sic]. Having lost many troops and civilians to bombings, the Brits decided they needed to determine who was making the bombs and where they were being manufactured. One bright fellow recommended they operate a laundry and when asked “what the hell he was talking about,” he explained the plan and it was incorporated — to much success.

The plan was simple: Build a laundry and staff it with locals and a few of their own. The laundry would then send out “color coded” special discount tickets, to the effect of “get two loads for the price of one,” etc. The color coding was matched to specific streets and thus when someone brought in their laundry, it was easy to determine the general location from which a city map was coded.

While the laundry was indeed being washed, pressed and dry cleaned, it had one additional cycle — every garment, sheet, glove, pair of pants, was first sent through an analyzer, located in the basement, that checked for bomb-making residue. The analyzer was disguised as just another piece of the laundry equipment; good OPSEC [operational security]. Within a few weeks, multiple positives had shown up, indicating the ingredients of bomb residue, and intelligence had determined which areas of the city were involved. To narrow their target list, [the laundry] simply sent out more specific coupons [numbered] to all houses in the area, and before long they had good addresses. After confirming addresses, authorities with the SAS teams swooped down on the multiple homes and arrested multiple personnel and confiscated numerous assembled bombs, weapons and ingredients. During the entire operation, no one was injured or killed.
ad_icon

By the way, the gentleman also told the story of how [the British] also bugged every new car going into Northern Ireland, and thus knew everything [Sinn Fein leader] Gerry Adams was discussing. They did this because Adams always conducted mobile meetings and always used new cars.

The Israelis have a term for this type of thinking, “Embracing the Meshugganah,” which literally translated means, embrace the craziness, because the crazier the plan, the less likely the adversary will have thought about it, and thus, not have implemented a counter-measure.

Crazy anti-terrorism plans that worked Read More »

Bush, rhetoric, & the exercise of power

From Mark Danner’s “Words in a Time of War: Taking the Measure of the First Rhetoric-Major President” (Tomgram: 10 May 2007):

[Note: This commencement address was given to graduates of the Department of Rhetoric at Zellerbach Hall, University of California, Berkeley, on May 10, 2007]

I give you my favorite quotation from the Bush administration, put forward by the proverbial “unnamed Administration official” and published in the New York Times Magazine by the fine journalist Ron Suskind in October 2004. Here, in Suskind’s recounting, is what that “unnamed Administration official” told him:

“The aide said that guys like me were ‘in what we call the reality-based community,’ which he defined as people who ‘believe that solutions emerge from your judicious study of discernible reality.’ I nodded and murmured something about enlightenment principles and empiricism. He cut me off. ‘That’s not the way the world really works anymore,’ he continued. ‘We’re an empire now, and when we act, we create our own reality. And while you’re studying that reality — judiciously, as you will — we’ll act again, creating other new realities, which you can study too, and that’s how things will sort out. We’re history’s actors…. and you, all of you, will be left to just study what we do.'”

It was the assumption of this so-called preponderance that lay behind the philosophy of power enunciated by Bush’s Brain [Karl Rove] and that led to an attitude toward international law and alliances that is, in my view, quite unprecedented in American history. That radical attitude is brilliantly encapsulated in a single sentence drawn from the National Security Strategy of the United States of 2003: “Our strength as a nation-state will continue to be challenged by those who employ a strategy of the weak using international fora, judicial processes and terrorism.” Let me repeat that little troika of “weapons of the weak”: international fora (meaning the United Nations and like institutions), judicial processes (meaning courts, domestic and international), and…. terrorism. This strange gathering, put forward by the government of the United States, stems from the idea that power is, in fact, everything. In such a world, courts — indeed, law itself — can only limit the power of the most powerful state. Wielding preponderant power, what need has it for law? The latter must be, by definition, a weapon of the weak. The most powerful state, after all, makes reality.

Bush, rhetoric, & the exercise of power Read More »

The future of security

From Bruce Schneier’s “Security in Ten Years” (Crypto-Gram: 15 December 2007):

Bruce Schneier: … The nature of the attacks will be different: the targets, tactics and results. Security is both a trade-off and an arms race, a balance between attacker and defender, and changes in technology upset that balance. Technology might make one particular tactic more effective, or one particular security technology cheaper and more ubiquitous. Or a new emergent application might become a favored target.

By 2017, people and organizations won’t be buying computers and connectivity the way they are today. The world will be dominated by telcos, large ISPs and systems integration companies, and computing will look a lot like a utility. Companies will be selling services, not products: email services, application services, entertainment services. We’re starting to see this trend today, and it’s going to take off in the next 10 years. Where this affects security is that by 2017, people and organizations won’t have a lot of control over their security. Everything will be handled at the ISPs and in the backbone. The free-wheeling days of general-use PCs will be largely over. Think of the iPhone model: You get what Apple decides to give you, and if you try to hack your phone, they can disable it remotely. We techie geeks won’t like it, but it’s the future. The Internet is all about commerce, and commerce won’t survive any other way.

Marcus Ranum: … Another trend I see getting worse is government IT know-how. At the rate outsourcing has been brain-draining the federal workforce, by 2017 there won’t be a single government employee who knows how to do anything with a computer except run PowerPoint and Web surf. Joking aside, the result is that the government’s critical infrastructure will be almost entirely managed from the outside. The strategic implications of such a shift have scared me for a long time; it amounts to a loss of control over data, resources and communications.

Bruce Schneier: … I’m reminded of the post-9/11 anti-terrorist hysteria — we’ve confused security with control, and instead of building systems for real security, we’re building systems of control. Think of ID checks everywhere, the no-fly list, warrantless eavesdropping, broad surveillance, data mining, and all the systems to check up on scuba divers, private pilots, peace activists and other groups of people. These give us negligible security, but put a whole lot of control in the government’s hands.

That’s the problem with any system that relies on control: Once you figure out how to hack the control system, you’re pretty much golden. So instead of a zillion pesky worms, by 2017 we’re going to see fewer but worse super worms that sail past our defenses.

The future of security Read More »

Problems with airport security

From Jeffrey Goldberg’s “The Things He Carried” (The Atlantic: November 2008):

Because the TSA’s security regimen seems to be mainly thing-based—most of its 44,500 airport officers are assigned to truffle through carry-on bags for things like guns, bombs, three-ounce tubes of anthrax, Crest toothpaste, nail clippers, Snapple, and so on—I focused my efforts on bringing bad things through security in many different airports, primarily my home airport, Washington’s Reagan National, the one situated approximately 17 feet from the Pentagon, but also in Los Angeles, New York, Miami, Chicago, and at the Wilkes-Barre/Scranton International Airport (which is where I came closest to arousing at least a modest level of suspicion, receiving a symbolic pat-down—all frisks that avoid the sensitive regions are by definition symbolic—and one question about the presence of a Leatherman Multi-Tool in my pocket; said Leatherman was confiscated and is now, I hope, living with the loving family of a TSA employee). And because I have a fair amount of experience reporting on terrorists, and because terrorist groups produce large quantities of branded knickknacks, I’ve amassed an inspiring collection of al-Qaeda T-shirts, Islamic Jihad flags, Hezbollah videotapes, and inflatable Yasir Arafat dolls (really). All these things I’ve carried with me through airports across the country. I’ve also carried, at various times: pocketknives, matches from hotels in Beirut and Peshawar, dust masks, lengths of rope, cigarette lighters, nail clippers, eight-ounce tubes of toothpaste (in my front pocket), bottles of Fiji Water (which is foreign), and, of course, box cutters. I was selected for secondary screening four times—out of dozens of passages through security checkpoints—during this extended experiment. At one screening, I was relieved of a pair of nail clippers; during another, a can of shaving cream.

During one secondary inspection, at O’Hare International Airport in Chicago, I was wearing under my shirt a spectacular, only-in-America device called a “Beerbelly,” a neoprene sling that holds a polyurethane bladder and drinking tube. The Beerbelly, designed originally to sneak alcohol—up to 80 ounces—into football games, can quite obviously be used to sneak up to 80 ounces of liquid through airport security. (The company that manufactures the Beerbelly also makes something called a “Winerack,” a bra that holds up to 25 ounces of booze and is recommended, according to the company’s Web site, for PTA meetings.) My Beerbelly, which fit comfortably over my beer belly, contained two cans’ worth of Bud Light at the time of the inspection. It went undetected. The eight-ounce bottle of water in my carry-on bag, however, was seized by the federal government.

Schnei­er and I walked to the security checkpoint. “Counter­terrorism in the airport is a show designed to make people feel better,” he said. “Only two things have made flying safer: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.” This assumes, of course, that al-Qaeda will target airplanes for hijacking, or target aviation at all. “We defend against what the terrorists did last week,” Schnei­er said. He believes that the country would be just as safe as it is today if airport security were rolled back to pre-9/11 levels. “Spend the rest of your money on intelligence, investigations, and emergency response.”

We took our shoes off and placed our laptops in bins. Schnei­er took from his bag a 12-ounce container labeled “saline solution.”

“It’s allowed,” he said. Medical supplies, such as saline solution for contact-lens cleaning, don’t fall under the TSA’s three-ounce rule.

“What’s allowed?” I asked. “Saline solution, or bottles labeled saline solution?”

“Bottles labeled saline solution. They won’t check what’s in it, trust me.”

They did not check. As we gathered our belongings, Schnei­er held up the bottle and said to the nearest security officer, “This is okay, right?” “Yep,” the officer said. “Just have to put it in the tray.”

“Maybe if you lit it on fire, he’d pay attention,” I said, risking arrest for making a joke at airport security. (Later, Schnei­er would carry two bottles labeled saline solution—24 ounces in total—through security. An officer asked him why he needed two bottles. “Two eyes,” he said. He was allowed to keep the bottles.)

We were in the clear. But what did we prove?

“We proved that the ID triangle is hopeless,” Schneier said.

The ID triangle: before a passenger boards a commercial flight, he interacts with his airline or the government three times—when he purchases his ticket; when he passes through airport security; and finally at the gate, when he presents his boarding pass to an airline agent. It is at the first point of contact, when the ticket is purchased, that a passenger’s name is checked against the government’s no-fly list. It is not checked again, and for this reason, Schnei­er argued, the process is merely another form of security theater.

“The goal is to make sure that this ID triangle represents one person,” he explained. “Here’s how you get around it. Let’s assume you’re a terrorist and you believe your name is on the watch list.” It’s easy for a terrorist to check whether the government has cottoned on to his existence, Schnei­er said; he simply has to submit his name online to the new, privately run CLEAR program, which is meant to fast-pass approved travelers through security. If the terrorist is rejected, then he knows he’s on the watch list.

To slip through the only check against the no-fly list, the terrorist uses a stolen credit card to buy a ticket under a fake name. “Then you print a fake boarding pass with your real name on it and go to the airport. You give your real ID, and the fake boarding pass with your real name on it, to security. They’re checking the documents against each other. They’re not checking your name against the no-fly list—that was done on the airline’s computers. Once you’re through security, you rip up the fake boarding pass, and use the real boarding pass that has the name from the stolen credit card. Then you board the plane, because they’re not checking your name against your ID at boarding.”

What if you don’t know how to steal a credit card?

“Then you’re a stupid terrorist and the government will catch you,” he said.

What if you don’t know how to download a PDF of an actual boarding pass and alter it on a home computer?

“Then you’re a stupid terrorist and the government will catch you.”

I couldn’t believe that what Schneier was saying was true—in the national debate over the no-fly list, it is seldom, if ever, mentioned that the no-fly list doesn’t work. “It’s true,” he said. “The gap blows the whole system out of the water.”

Problems with airport security Read More »

Lots of good info about the FBI’s far-reaching wiretapping of US phone systems

From Ryan Singel’s “Point, Click … Eavesdrop: How the FBI Wiretap Net Operates” (Wired News: 29 August 2007):

The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.

The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation’s telecom infrastructure than observers suspected.

It’s a “comprehensive wiretap system that intercepts wire-line phones, cellular phones, SMS and push-to-talk systems,” says Steven Bellovin, a Columbia University computer science professor and longtime surveillance expert.

DCSNet is a suite of software that collects, sifts and stores phone numbers, phone calls and text messages. The system directly connects FBI wiretapping outposts around the country to a far-reaching private communications network.

The $10 million DCS-3000 client, also known as Red Hook, handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information — primarily the numbers dialed from a telephone — but no communications content. (Pen registers record outgoing calls; trap-and-traces record incoming calls.)

DCS-6000, known as Digital Storm, captures and collects the content of phone calls and text messages for full wiretap orders.

A third, classified system, called DCS-5000, is used for wiretaps targeting spies or terrorists.

What DCSNet Can Do

Together, the surveillance systems let FBI agents play back recordings even as they are being captured (like TiVo), create master wiretap files, send digital recordings to translators, track the rough location of targets in real time using cell-tower information, and even stream intercepts outward to mobile surveillance vans.

FBI wiretapping rooms in field offices and undercover locations around the country are connected through a private, encrypted backbone that is separated from the internet. Sprint runs it on the government’s behalf.

The network allows an FBI agent in New York, for example, to remotely set up a wiretap on a cell phone based in Sacramento, California, and immediately learn the phone’s location, then begin receiving conversations, text messages and voicemail pass codes in New York. With a few keystrokes, the agent can route the recordings to language specialists for translation.

The numbers dialed are automatically sent to FBI analysts trained to interpret phone-call patterns, and are transferred nightly, by external storage devices, to the bureau’s Telephone Application Database, where they’re subjected to a type of data mining called link analysis.

The numerical scope of DCSNet surveillance is still guarded. But we do know that as telecoms have become more wiretap-friendly, the number of criminal wiretaps alone has climbed from 1,150 in 1996 to 1,839 in 2006. That’s a 60 percent jump. And in 2005, 92 percent of those criminal wiretaps targeted cell phones, according to a report published last year.

These figures include both state and federal wiretaps, and do not include antiterrorism wiretaps, which dramatically expanded after 9/11. They also don’t count the DCS-3000’s collection of incoming and outgoing phone numbers dialed. Far more common than full-blown wiretaps, this level of surveillance requires only that investigators certify that the phone numbers are relevant to an investigation.

In the 1990s, the Justice Department began complaining to Congress that digital technology, cellular phones and features like call forwarding would make it difficult for investigators to continue to conduct wiretaps. Congress responded by passing the Communications Assistance for Law Enforcement Act, or CALEA, in 1994, mandating backdoors in U.S. telephone switches.

CALEA requires telecommunications companies to install only telephone-switching equipment that meets detailed wiretapping standards. Prior to CALEA, the FBI would get a court order for a wiretap and present it to a phone company, which would then create a physical tap of the phone system.

With new CALEA-compliant digital switches, the FBI now logs directly into the telecom’s network. Once a court order has been sent to a carrier and the carrier turns on the wiretap, the communications data on a surveillance target streams into the FBI’s computers in real time.

The released documents suggest that the FBI’s wiretapping engineers are struggling with peer-to-peer telephony provider Skype, which offers no central location to wiretap, and with innovations like caller-ID spoofing and phone-number portability.

Despite its ease of use, the new technology is proving more expensive than a traditional wiretap. Telecoms charge the government an average of $2,200 for a 30-day CALEA wiretap, while a traditional intercept costs only $250, according to the Justice Department inspector general. A federal wiretap order in 2006 cost taxpayers $67,000 on average, according to the most recent U.S. Court wiretap report.

What’s more, under CALEA, the government had to pay to make pre-1995 phone switches wiretap-friendly. The FBI has spent almost $500 million on that effort, but many traditional wire-line switches still aren’t compliant.

Processing all the phone calls sucked in by DCSNet is also costly. At the backend of the data collection, the conversations and phone numbers are transferred to the FBI’s Electronic Surveillance Data Management System, an Oracle SQL database that’s seen a 62 percent growth in wiretap volume over the last three years — and more than 3,000 percent growth in digital files like e-mail. Through 2007, the FBI has spent $39 million on the system, which indexes and analyzes data for agents, translators and intelligence analysts.

Lots of good info about the FBI’s far-reaching wiretapping of US phone systems Read More »

Abuse of “terrorist” investigative powers

From BBC News’ “Council admits spying on family” (10 April 2008):

A council has admitted spying on a family using laws to track criminals and terrorists to find out if they were really living in a school catchment.

A couple and their three children were put under surveillance without their knowledge by Poole Borough Council for more than two weeks.

The council admitted using powers under the Regulation of Investigatory Powers Act (RIPA) on six occasions in total.

Three of those were for suspected fraudulent school place applications.

RIPA legislation allows councils to carry out surveillance if it suspects criminal activity.

On its website, the Home Office says: “The Regulation of Investigatory Powers Act (RIPA) legislates for using methods of surveillance and information gathering to help the prevention of crime, including terrorism.”

Abuse of “terrorist” investigative powers Read More »

Bush’s Manicheanism destroyed him

From Glenn Greenwald’s “A tragic legacy: How a good vs. evil mentality destroyed the Bush presidency” (Salon: 20 June 2007):

One of the principal dangers of vesting power in a leader who is convinced of his own righteousness — who believes that, by virtue of his ascension to political power, he has been called to a crusade against Evil — is that the moral imperative driving the mission will justify any and all means used to achieve it. Those who have become convinced that they are waging an epic and all-consuming existential war against Evil cannot, by the very premises of their belief system, accept any limitations — moral, pragmatic, or otherwise — on the methods adopted to triumph in this battle.

Efforts to impose limits on waging war against Evil will themselves be seen as impediments to Good, if not as an attempt to aid and abet Evil. In a Manichean worldview, there is no imperative that can compete with the mission of defeating Evil. The primacy of that mandate is unchallengeable. Hence, there are no valid reasons for declaring off-limits any weapons that can be deployed in service of the war against Evil.

Equally operative in the Manichean worldview is the principle that those who are warriors for a universal Good cannot recognize that the particular means they employ in service of their mission may be immoral or even misguided. The very fact that the instruments they embrace are employed in service of their Manichean mission renders any such objections incoherent. How can an act undertaken in order to strengthen the side of Good, and to weaken the forces of Evil, ever be anything other than Good in itself? Thus, any act undertaken by a warrior of Good in service of the war against Evil is inherently moral for that reason alone.

It is from these premises that the most amoral or even most reprehensible outcomes can be — and often are — produced by political movements and political leaders grounded in universal moral certainties. Intoxicated by his own righteousness and therefore immune from doubt, the Manichean warrior becomes capable of acts of moral monstrousness that would be unthinkable in the absence of such unquestionable moral conviction. One who believes himself to be leading a supreme war against Evil on behalf of Good will be incapable of understanding any claims that he himself is acting immorally.

That is the essence of virtually every argument Bush supporters make regarding terrorism. No matter what objection is raised to the never-ending expansions of executive power, no matter what competing values are touted (due process, the rule of law, the principles our country embodies, how we are perceived around the world), the response will always be that The Terrorists are waging war against us and our overarching priority — one that overrides all others — is to protect ourselves, to triumph over Evil. By definition, then, there can never be any good reason to oppose vesting powers in the government to protect us from The Terrorists because that goal outweighs all others.

But our entire system of government, from its inception, has been based upon a very different calculus — that is, that many things matter besides merely protecting ourselves against threats, and consequently, we are willing to accept risks, even potentially fatal ones, in order to secure those other values. From its founding, America has rejected the worldview of prioritizing physical safety above all else, as such a mentality leads to an impoverished and empty civic life. The premise of America is and always has been that imposing limitations on government power is necessary to secure liberty and avoid tyranny even if it means accepting an increased risk of death as a result. That is the foundational American value.

It is this courageous demand for core liberties even if such liberties provide less than maximum protection from physical risks that has made America bold, brave, and free. Societies driven exclusively or primarily by a fear of avoiding Evil, minimizing risks, and seeking above all else that our government “protects” us are not free. That is a path that inevitably leads to authoritarianism — an increasingly strong and empowered leader in whom the citizens vest ever-increasing faith and power in exchange for promises of safety. That is most assuredly not the historical ethos of the United States.

The Bill of Rights contains numerous limitations on government power, and many of them render us more vulnerable to threats. If there is a serial killer on the loose in a community, the police would be able to find and apprehend him much more easily if they could simply invade and search everyone’s homes at will and without warning. Nonetheless, the Fourth Amendment expressly prohibits the police from undertaking such searches. It requires both probable cause and a judicial warrant before police may do so, even though such limitations on state power will enable dangerous killers to elude capture.

The scare tactic of telling Americans that every desired expansion of government power is justified by the Evil Terrorist Threat — and that there is no need to worry because the president is Good and will use these powers only to protect us — is effective because it has immediate rhetorical appeal. Most people, especially when placed in fear of potentially fatal threats, are receptive to the argument that maximizing protection is the only thing that matters, and that no abstract concept (such as liberty, or freedom, or due process, or adhering to civilized norms) is worth risking one’s life by accepting heightened levels of vulnerability.

But nothing in life is perfectly safe. Perfect safety is an illusion. When pursued by an individual to the exclusion of all else, it creates a tragically worthless, paralyzed way of life. On the political level, safety as the paramount goal produces tyranny, causing people to vest as much power as possible in the government, without limits, in exchange for the promise of maximum protection.

Bush’s Manicheanism destroyed him Read More »

Politics as pathology

From Charles Platt’s “The Profits of Fear” (August 2005):

It seems to me axiomatic that most primary actors on the global stage are disturbed people, because an obsessive lust for power is itself a pathology, and in a competition among thousands or millions of power seekers, only the most pathological are likely to win. …

I think Bush understood very clearly a fundamental fact of politics: Our leaders are less valuable to us at times when we feel more secure.

Politics as pathology Read More »

The CIA’s ‘black sites’ hide terror suspects around the world

From Dana Priest’s “CIA Holds Terror Suspects in Secret Prisons” (The Washington Post: 2 November 2005):

The CIA has been hiding and interrogating some of its most important al Qaeda captives at a Soviet-era compound in Eastern Europe, according to U.S. and foreign officials familiar with the arrangement.

The secret facility is part of a covert prison system set up by the CIA nearly four years ago that at various times has included sites in eight countries, including Thailand, Afghanistan and several democracies in Eastern Europe, as well as a small center at the Guantanamo Bay prison in Cuba, according to current and former intelligence officials and diplomats from three continents.

The hidden global internment network is a central element in the CIA’s unconventional war on terrorism. It depends on the cooperation of foreign intelligence services, and on keeping even basic information about the system secret from the public, foreign officials and nearly all members of Congress charged with overseeing the CIA’s covert actions.

The existence and locations of the facilities — referred to as “black sites” in classified White House, CIA, Justice Department and congressional documents — are known to only a handful of officials in the United States and, usually, only to the president and a few top intelligence officers in each host country. …

Virtually nothing is known about who is kept in the facilities, what interrogation methods are employed with them, or how decisions are made about whether they should be detained or for how long.

While the Defense Department has produced volumes of public reports and testimony about its detention practices and rules after the abuse scandals at Iraq’s Abu Ghraib prison and at Guantanamo Bay, the CIA has not even acknowledged the existence of its black sites. To do so, say officials familiar with the program, could open the U.S. government to legal challenges, particularly in foreign courts, and increase the risk of political condemnation at home and abroad. …

Although the CIA will not acknowledge details of its system, intelligence officials defend the agency’s approach, arguing that the successful defense of the country requires that the agency be empowered to hold and interrogate suspected terrorists for as long as necessary and without restrictions imposed by the U.S. legal system or even by the military tribunals established for prisoners held at Guantanamo Bay. …

It is illegal for the government to hold prisoners in such isolation in secret prisons in the United States, which is why the CIA placed them overseas, according to several former and current intelligence officials and other U.S. government officials. Legal experts and intelligence officials said that the CIA’s internment practices also would be considered illegal under the laws of several host countries, where detainees have rights to have a lawyer or to mount a defense against allegations of wrongdoing. …

More than 100 suspected terrorists have been sent by the CIA into the covert system, according to current and former U.S. intelligence officials and foreign sources. This figure, a rough estimate based on information from sources who said their knowledge of the numbers was incomplete, does not include prisoners picked up in Iraq.

The detainees break down roughly into two classes, the sources said.

About 30 are considered major terrorism suspects and have been held under the highest level of secrecy at black sites financed by the CIA and managed by agency personnel, including those in Eastern Europe and elsewhere, according to current and former intelligence officers and two other U.S. government officials. Two locations in this category — in Thailand and on the grounds of the military prison at Guantanamo Bay — were closed in 2003 and 2004, respectively.

A second tier — which these sources believe includes more than 70 detainees — is a group considered less important, with less direct involvement in terrorism and having limited intelligence value. These prisoners, some of whom were originally taken to black sites, are delivered to intelligence services in Egypt, Jordan, Morocco, Afghanistan and other countries, a process sometimes known as “rendition.” While the first-tier black sites are run by CIA officers, the jails in these countries are operated by the host nations, with CIA financial assistance and, sometimes, direction. …

The top 30 al Qaeda prisoners exist in complete isolation from the outside world. Kept in dark, sometimes underground cells, they have no recognized legal rights, and no one outside the CIA is allowed to talk with or even see them, or to otherwise verify their well-being, said current and former and U.S. and foreign government and intelligence officials. …

Among the first steps was to figure out where the CIA could secretly hold the captives. One early idea was to keep them on ships in international waters, but that was discarded for security and logistics reasons.

CIA officers also searched for a setting like Alcatraz Island. They considered the virtually unvisited islands in Lake Kariba in Zambia, which were edged with craggy cliffs and covered in woods. But poor sanitary conditions could easily lead to fatal diseases, they decided, and besides, they wondered, could the Zambians be trusted with such a secret? …

The largest CIA prison in Afghanistan was code-named the Salt Pit. It was also the CIA’s substation and was first housed in an old brick factory outside Kabul. In November 2002, an inexperienced CIA case officer allegedly ordered guards to strip naked an uncooperative young detainee, chain him to the concrete floor and leave him there overnight without blankets. He froze to death, according to four U.S. government officials. The CIA officer has not been charged in the death. …

The CIA program’s original scope was to hide and interrogate the two dozen or so al Qaeda leaders believed to be directly responsible for the Sept. 11 attacks, or who posed an imminent threat, or had knowledge of the larger al Qaeda network. But as the volume of leads pouring into the CTC from abroad increased, and the capacity of its paramilitary group to seize suspects grew, the CIA began apprehending more people whose intelligence value and links to terrorism were less certain, according to four current and former officials.

The original standard for consigning suspects to the invisible universe was lowered or ignored, they said. “They’ve got many, many more who don’t reach any threshold,” one intelligence official said.

The CIA’s ‘black sites’ hide terror suspects around the world Read More »

Why the color-coded threat alert system fails

From Bruce Schneier’s “Color-Coded Terrorist Threat Levels” (Crypto-Gram Newsletter: 15 January 2004):

The color-coded threat alerts issued by the Department of Homeland Security are useless today, but may become useful in the future. The U.S. military has a similar system; DEFCON 1-5 corresponds to the five threat alerts levels: Green, Blue, Yellow, Orange, and Red. The difference is that the DEFCON system is tied to particular procedures; military units have specific actions they need to perform every time the DEFCON level goes up or down. The color-alert system, on the other hand, is not tied to any specific actions. People are left to worry, or are given nonsensical instructions to buy plastic sheeting and duct tape. Even local police departments and government organizations largely have no idea what to do when the threat level changes. The threat levels actually do more harm than good, by needlessly creating fear and confusion (which is an objective of terrorists) and anesthetizing people to future alerts and warnings. If the color-alert system became something better defined, so that people know exactly what caused the levels to change, what the change means, and what actions they need to take in the event of a change, then it could be useful. But even then, the real measure of effectiveness is in the implementation. Terrorist attacks are rare, and if the color-threat level changes willy-nilly with no obvious cause or effect, then people will simply stop paying attention. And the threat levels are publicly known, so any terrorist with a lick of sense will simply wait until the threat level goes down.”

Living under Orange reinforces this. It didn’t mean anything. Tom Ridge’s admonition that Americans “be alert, but go about their business” reinforces this; it’s nonsensical advice. I saw little that could be considered a good security trade-off, and a lot of draconian security measures and security theater.

Why the color-coded threat alert system fails Read More »

PATRIOT Act greatly expands what a ‘financial institution’ is

From Bruce Schneier’s “News” (Crypto-Gram Newsletter: 15 January 2004):

Last month Bush snuck into law one of the provisions of the failed PATRIOT ACT 2. The FBI can now obtain records from financial institutions without requiring permission from a judge. The institution can’t tell the target person that his records were taken by the FBI. And the term “financial institution” has been expanded to include insurance companies, travel agencies, real estate agents, stockbrokers, the U.S. Postal Service, jewelry stores, casinos, and car dealerships.

PATRIOT Act greatly expands what a ‘financial institution’ is Read More »

Media-induced fear & its effects

From John Twelve Hawks’s “ How We Live Now” (2005):

In his insightful book “The Culture of Fear,” Barry Glassner shows how many of our specific fears are created and sustained by media manipulation. There can be an enormous discrepancy between what we fear and the reality of what could happen to us. Glassner analyzes several “threats” such as airplane disasters, youth homicide, and road rage, and proves that the chance of any of these dangers harming an individual is virtually nonexistent.

Although Glassner accurately describes the falseness of a variety of threats, he refrains from embracing any wide-reaching explanation. It can be argued that the constant message of impending destruction is simply a way for the media to keep us watching television – “Are cyber predators targeting your children?” is a tagline that is going to get the audience’s attention. What interests me is not the reality of these threats, but the effect they have on our view of the world. Fear encourages intolerance, racism and xenophobia. Fear creates the need for a constant series of symbolic actions manufactured by the authorities to show that – yes, they are protecting us from all possible dangers.

Media-induced fear & its effects Read More »

What RFID passports really mean

From John Twelve Hawks’s “ How We Live Now” (2005):

The passports contain a radio frequency identification chip (RFID) so that all our personal information can be instantly read by a machine at the airport. However, the State Department has refused to encrypt the information embedded in the chip, because it requires more complicated technology that is difficult to coordinate with other countries. This means that our personal information could be read by a machine called a “skimmer” that can be placed in a doorway or a bus stop, perhaps as far as 30 feet away.

The U.S. government isn’t concerned by this, but the contents of Paris Hilton’s cell phone, which uses the same kind of RFID chip, were skimmed and made public last year. It may not seem like a problem when a semi-celebrity’s phone numbers and emails are stolen, but it is quite possible that an American tourist walking down a street in a foreign country will be “skimmed” by a machine that reads the passport in his or her pocket. A terrorist group will be able to decide if the name on the passport indicates a possible target before the tourist reaches the end of the street.

The new RFID passports are a clear indication that protection is not as important to the authorities as the need to acquire easily accessible personal information.

What RFID passports really mean Read More »

Fouche proud of terror, expanded

From Napoleonic Literature’s “The Court and Camp of Buonaparte: The Ministers: Fouche“:

But whatever might be the merit of his services at Nantes, it was far eclipsed by those he had soon afterwards the happiness to perform at Lyons. On his arrival there with Collot d’Herbois, he announced to the terrified citizens the reward they were to expect for having dared to resist the majesty of the people, and especially for having put to death some revolutionary agents. “The representatives of the people will be impassive in the execution of their mission. They have been intrusted with the thunderbolt of public vengeance, which they will not cease to hurl until the public enemies are crushed. They will have the courage to march over countless tombs of the conspirators, to traverse boundless ruins, that they may arrive at the happiness of nations,–at the regeneration of the world!” He wrote in like terms to his employers at Paris: “Nothing can disarm our severity: indulgence, we must say, is a dangerous weakness. We never cease to strike the enemies of the people; we annihilate them in a manner at once signal, terrible, and prompt. Their bloody corses, thrown into the Rhone, must appear both on the banks and at the mouth of that river, a spectacle of fear, and of the omnipotence of the people! Terror, salutary terror, is here in truth the order of the day; it represses all the efforts of the wicked; it divests crime of all covering and tinsel!

Fouche proud of terror, expanded Read More »

Fouche proud of terror

From Central Missouri State University’s “Joseph Fouche“:

As chief police officer of the revolutionary government, Fouché was given the power to impose the government’s policies quickly and mercilessly. He demonstrated his willingness to accomplish this feat when, after the population of Lyons revolted against the government, he personally presided over the mass executions in that unhappy city (Forssell, 1970, pp. 71-78).

As the guillotine blade dropped and the massed canon fire dispatched the condemned by the hundreds, Fouché proudly wrote to Paris of his accomplishments, “Terror, salutary terror is now the order of the day (Schom, 1992, p. 112).”

Fouche proud of terror Read More »

Why no terrorist attacks since 9/11?

From Bruce Schneier’s “Movie Plot Threat Contest: Status Report” (Crypto-Gram Newsletter: 15 May 2006):

… you have to wonder why there have been no terrorist attacks in the U.S. since 9/11. I don’t believe the “flypaper theory” that the terrorists are all in Iraq instead of in the U.S. And despite all the ineffectual security we’ve put in place since 9/11, I’m sure we have had some successes in intelligence and investigation — and have made it harder for terrorists to operate both in the U.S. and abroad.

But mostly, I think terrorist attacks are much harder than most of us think. It’s harder to find willing recruits than we think. It’s harder to coordinate plans. It’s harder to execute those plans. Terrorism is rare, and for all we’ve heard about 9/11 changing the world, it’s still rare.

Why no terrorist attacks since 9/11? Read More »