Got a tip for Noah?
SEND IT!
(Guaranteed Confidential)
Subscribe

Subscribe via RSS
Archives by Date
February 2007
January 2007
December 2006

See all Archives
Archives by Category
'Canes
Ammo and Munitions
Armor
Axe in Iraq (and Elsewhere)
Bizarro
Blimps
Blog Bidness
Bomb Squad
Cammo Green
Chem-Bio
Cloak and Dagger
Comms
Cops and Robbers
Data Diving
Dissent Tech
Drones
Eat My Dust
Eye on China
FCS Watch
FOS Files
Gadgets and Gear
Ground Vehicles
Guns
Homeland Security
Info War
Iraq Diary
Lasers and Ray Guns
Less-lethal
Logistics
Los Alamos and Labs
Medic!
Mercs
Missiles
Money Money Money
Net-Centric
Nukes
Planes, Copters, Blimps
Politricks
Rapid Fire
Raptor Watch
Red Team
Retro-Futuro
Roll Your Own
Sabra Tech
Ships and Subs
Space
Strategery
Terror Tech
The Deadlies
Those Nutty Norks
Training and Sims
War Update
You can run...

See all Archives
Related Links
News and Intel
Military.com News
Aviation Week
Natl Defense Mag
Strategy Page
Global Security Newswire
Soldiers for the Truth
Security News
Defense Review
Fed Comp Week

Security Sources
GlobalSecurity.Org
Fed Am Sci
CSIS
Ctr for Defense Info
Defense & Natl Interest
Instit for Sci & Intl Secy
Secrecy News
POGO
Cryptome
The Memory Hole
Natl Security Archive

Geeks and Mad Scientists
Slashdot
Wired News
Security Focus
The Register
Gizmodo
Geek Press
Robots.Net
Cosmic Log
Space Daily
New Scientist
TechCentralStation
Engadget
Space.Com
Technology Review
Gyre
Near Near Future
Fed Dev Blog

Bloggers and Buddies
Phil Carter
Global Guerillas
Jeffrey Lewis
Milblogging
OPFOR
Laura Rozen
Larisa Alexandrovna
Juan Cole
Ryan Singel
Josh Marshall
Cursor
Boing Boing
InstaPundit
Winds of Change
Tapped
TalkLeft
Brad DeLong
Mountain Runner
Gene Healy
Clive Thompson
Greg Djerejian
Jeff Quinton
Workbench
Electrolite
Jim Henley
War in Context
Kathryn Cramer
Wash Park Prophet
Blogs of War
Tom Shachtman

Official Dispatches
DARPA
AF Research Lab
Marine War Lab
Soldier Systems Ctr
Naval Research
Army Research Lab
UK Def Sci Lab
NASA News
DoJ Cybercrime

Military Network
Military Benefits
Veteran Employment
GI Bill Express
Personnel Locator
Free ASVAB
The Few
Fred's Place
Army Insider
Navy Insider
Air Force Insider
Marine Corps Insider
Coast Guard Insider

Edited by Noah Shachtman | Contact

Pharma Hearts Big BARDA

And who wouldn't love a seven-foot Amazonian woman leading the Female Furies to save the day? Oh, we're not talking about the DC comics book character "Big BARDA"? It's also the name of a new Department of Health and Human Service's (DHHS) effort? Well, we can talk about that, too.

big_barda2.jpgLast Thursday, the Senate approved legislation within the "Pandemic and All-Hazards Preparedness Act" (S. 3678) to create a Biomedical Advanced Research and Development Agency (BARDA). This particular legislation has been in the works for about two years as Congress has tried to address industry gripes about Project BioShield, the DHHS effort intended to fastrack industry's development and fielding of medical countermeasures used in the response to a terrorist CBRN incident.

The biggest challenge to the U.S. government has been to encourage industry to make drugs that may never be used, and if given out in large quantities during an emergency, may be misused or abused by the general public and/or panicky emergency responders. Big Pharma took a look at the risks, the liability insurance needed, and the profit margin, and said "no thanks, we'll stick to curing male impotence issues." However, little brother Pharma (the small start-up labs struggling to break out) said "give us an indemnification agreement against future liability suits and make it worth our while and we'll talk." In short, that's what BARDA's role will be.

The legislation is much more pretty-sounding. It says the DHHS Secretary will “coordinate the acceleration of countermeasure and product advanced research and development” by:

- facilitating collaboration between DHHS and other agencies, industry, academia, and other persons, with respect to such advanced research and development;
- promoting countermeasure and product advanced research and development;
- facilitating contacts between interested persons and the offices or employees authorized by the Secretary to advise such persons regarding requirements under the Federal Food, Drug, and Cosmetic Act; and
- promoting innovation to reduce the time and cost of countermeasure and product advanced research and development

The legislation also authorizes BARDA to execute a $1 billion budget, and it limits any disclosure of “specific technical data or scientific information that is created or obtained during the countermeasure and product advanced research and development carried out under subsection (c) that reveals significant and not otherwise publicly known vulnerabilities of existing medical or public health defense against biological, chemical, nuclear, or radiological threats.” That means FOIA or FACA requests would not apply to BARDA working groups or the National Biodefense Science Board.

That part is a little controversial, and was one of the main reasons why it's taken Congress two years to actually try to improve Project BioShield. DHHS has awarded a few procurement contracts for anthrax vaccines, a botulinum toxin antiviral, and potassium iodide, but not much else. This legislation will enable BARDA to "help" industry through the long, expensive process of making other vaccines, ones that probably won't have too much use outside of emergency response to the very low probability of bioterrorism incidents. Needless to say, industry loves this idea and can't wait for the House to agree to the words and print this baby into law.

Passage by the U.S. Senate of this bill, which includes critical BARDA provisions and provisions to reauthorize bioterrorism grants, is an important and necessary step toward improving America's defenses against bioterrorism and pandemic diseases.

This legislation recognizes that the 'Valley of Death' remains a barrier to effective countermeasure product development, and authorizes the Biomedical Advanced Research and Development Authority (BARDA) within the Department of Health and Human Services. Through BARDA, contracts and grants for advanced research and development will be made to companies working on products to protect the American people. The bill also contains important contract reforms that improve upon the advances made under Project BioShield, by allowing, for example, milestone payments and surge capacity provisions to improve the viability and sustainability of biodefense product development and manufacture.

Significantly, the Senate-passed bill contains strong funding levels and important provisions to permit competing companies to cooperatively respond to government-declared emergencies without violating antitrust laws.

The "Valley of Death" refers to the time period between industry's drug development and the FDA's approval of the drug. The current BioShield legislation doesn't award any federal funds until the industry firm is producing the actual approved drug, and the small pharma firms just don't have the investments to make it that long. Thus, like a superhero racing to the rescue, comes Big BARDA!

- Jason Sigger

December 11, 2006 10:33 AM | Homeland Security | Discuss


Getting Right with the 9/11 Commish

911com.jpg

Since the elections in November, there's been plenty of talk about Democratic plans to implement the 9/11 Commission recommendations (or not). Advocates of the idea have touted it as a critical and timely response to issues left unaddressed in the last two years, with incoming House Speaker Nancy Pelosi making their implementation "one of the centerpieces of her 'first 100 hours' legislative agenda" according to the Washington Post. Skeptics have scoffed at this notion, with the Heritage Foundation's James Carafano telling the AP in late November that "I don't think there's a lot more to do there" and "I think we're done."

Amidst all of this rhetoric, there's an easy way to resolve this dispute: go to the source. That's what I've done over the last two weeks, going one-by-one through the each of the 41 recommendations in the 9/11 Commission Report, looking at what's been done to date, and analyzing what the 110th Congress could potentially do to make progress on each and every one of these recommendations.

You can read the complete analysis in this 25-page paper:

Implementing the 9/11 Commission Recommendations: An Analysis.

Overall, I think the analysis shows that there is a lot that the incoming Congress can do to respond to the 9/11 Commission's recommendations, not only in terms of authorizing legislation, but also in terms of funding, oversight, investigations, public communications, and personal outreach. These recommendations are neither a panacea nor a finish line (there is no finish line against a constantly evolving threat), but they are still a useful set of recommendations that can improve our counterterrorism, homeland security, and intelligence capabilities, and they are part of a credible security agenda for the next Congress.

-- Christian Beckner (cross-posted from Homeland Security Watch)

December 8, 2006 06:55 AM | Homeland Security | Discuss


Free the Wonks!

For those who believe in transparent government and fact-driven legislation, the power shift in the U.S. Congress represents a unique opportunity to open up one important Congressional institution to the Internet and bring back another one twelve years after it was disbanded.

crs1.jpg

The Congressional Research Service publishes first-rate, succinctly-written analyses of policy issues, including hundreds of reports on homeland security issues over the last few years. But you wouldn't know that from looking at the CRS website, which contains none of the entity's content. This has been the situation with CRS reports dating back to the early days of the World Wide Web, largely at the behest of former House Administration Committee Chairman (and recently convicted felon) Bob Ney.

Congressional staffers are often willing to send out CRS reports to constituents, and as a result the reports eventually get out into the public domain, but sometimes after delays of weeks or months. I've made an effort to dig out every homeland security-related report I can over the past 7-8 months, as you can see here, and there are many other groups such as the Federation of American Scientists who have created excellent CRS report sites. But our yeoman's work is a poor substitute for direct, real-time access to new CRS reports at the crs.gov site. The new Democratic leadership in the House and the Congress should set the CRS free on day one of the 110th Congress.

ota1.jpg

A second important Congressional institution, the Office of Technology Assessment, has faded into a distant memory over the past decade, but it once played a critical role in advising Congress to make sense of technology issues. It was disbanded following the Republican takeover of Congress in 1994, a sacrificial pawn with a $20 million/year budget to the budget-cutting rhetoric of that election. But with the federal government today spending $135 billion/year on R&D today, the disbandment of OTA looks penny wise but pound foolish. It's not possible to prove a counterfactual, but I'm confident that there would be a better-informed Congressional allocation of R&D funding and much less waste if the OTA still existed today.

In particular, the homeland security domain has deeply needed the OTA over the past five years. DHS has frequently struggled to articulate an R&D agenda for key mission requirements, and Congress has too often provided only surface-level oversight of the Department's technology challenges.

Take the example of R&D on explosive detection systems for aviation security. After 9/11, Congress moved quickly to invest billions of dollars in new machines, and start R&D efforts for a next generation of technology. Those decisions were made, as best I can tell, without any long-run plan for how TSA would migrate from this first-generation of technology to the next-generation. This is exactly the kind of guidance that the OTA could have helped to provide upfront. In the absence of such strategic advice, the migration path to a new generation of technology continues to be informed too much by reactions to the news of the day (e.g. the UK plot and liquid explosives detection) and competing industry pressures, and not enough by a long-term strategy.

For this reason, and countless others, it would be an excellent investment to bring back the Office of Technology Assessment. It will undoubtedly take some time to bring it back to its prior level of competence, but it's a project worth undertaking.

p.s. For those interested in the work of the OTA as it applies to homeland security, check out its excellent report from 1992 entitled "Technology against Terrorism: Structuring Security" which serves as a prescient guide to many of the challenges still facing DHS today.

-- Christian Beckner (cross-posted from Homeland Security Watch)

November 13, 2006 01:19 PM | Homeland Security | Discuss


Homeland security after the midterms

capitol3.jpg

The final results of the 2006 midterm elections are now all but in, and it's clear that the Democratic party will have a 30 seat majority in the House and a 51-49 majority in the Senate. This will lead to a number of key changes in the Congressional agenda for homeland security. Here are seven that are likely to be near the top:

1. Implementing the 9/11 Commission recommendations. In the aggregate, this idea is an oversimplification, because a number of the recommendations are not amenable to legislative fixes. But many of them can be addressed by legislation, e.g. resolving emergency spectrum issues and making grant allocations completely risk-based. On this latter issue, the barrier to date hasn't been a Dem-Rep divide; it's been a big state vs. small state divide, and nothing in the current realignment changes that. I also think there's a lot of work to be done on the recommendation concerning how the "U.S. border security system should be integrated into a larger network of screening points."

One other important recommendation by the 9/11 Commission concerned the creation of permament homeland security committees. I've written repeatedly about this issue over the last two years, arguing that while the arrangement in the House is more or less sufficient, the Senate did not go far enough in empowering the HSGAC. If the Democratic leadership in the Senate is concerned about implementing the 9/11 Commission recommendations, the first thing that they need to do is give the HSGAC broader authority over transportation security (which is at Commerce now), chemical facility security (which EPW has claims some authority over), and border security (which is now at Judiciary) at a minimum. Perhaps the "government affairs" part of the HSGAC should be spun off to the Senate Budget Committee as part of this realignment, since it's the other Senate committee that has a government-wide focus. For more on this issue, see this post from September.

2. Rail and transit security. According to a story in CQ (subscription req'd), HSC Chairman-elect Bennie Thompson is already planning to bring up rail and transit security language that had been removed from the port security bill during the final conference as a new piece of legislation early in the 110th. While there are limits to what can be done to counter rail and transit threats, I think we are clearly not doing enough today - see this post from July for more on this topic - and movement on such legislation is warranted.

3. Chemical plant security. The language that was attached to FY 2007 DHS appropriations on chemical plant security was a sham, and made a mockery of the comprehensive legislation that had been passed by the HSC and HSGAC on a bipartisan basis earlier in the year. Hopefully one of the first things that the Democratic leadership in the House and the Senate will do is go back to these bills, fix a couple of the small flaws in them, and get this passed and to the President's desk. I'd be surprised if he would veto such a bill.

4. Border security and immigration reform. As the President admitted in his press conference yesterday, the likelihood of passing comprehensive border security and immigration reform legislation has increased with the election of a Democratic Congress. I think there now will be a window of time in 2007 to revisit this issue, and pass a bill along the lines of the Senate's version of the legislation in 2006.

Whatever passes will likely be much less punitive than what would have emerged if the House Republicans had decided to actually negotiate with the Senate this summer rather than playing games with amateurish field hearings and insisting that they needed a "majority of the majority" to move forward. This turned out to be a strategic miscalculation of the first order. And contrary to their notion that demagoguing this issue would help Republicans to protect seats, the opposite was in fact true, as vocal anti-immigration hardliners in the House such as John Hostettler and J.D. Hayworth were booted out of office on Tuesday.

5. Revisiting lost 'party-line' votes. On a number of occasions in 2005 and 2006, there were party-line votes in committees or on the floor on contentious homeland security issues. Examples include votes on 100% scanning of inbound maritime cargo, 100% screening of domestic cargo, and the relationship between C-TPAT validation and risk targeting scores. In some cases, the Democrats lost votes on these issues by 1 or 2 votes in committee. I'd expect each of them to be revisited at some point in the coming year, most likely in the context of the FY 2008 DHS appropriations bill and/or a DHS authorization bill.

6. DHS authorization legislation. As mentioned in the last sentence, I think we're likely to see more progress on DHS authorization legislation than we've seen in the last two years. This has been a secondary priority in the House to date, and not even on the agenda in the Senate.

Any authorization bill would and should likely focus on the management and governance of DHS, focused on ways to strengthen its core capabilities. For example, an authorization bill should have a section on DHS workforce issues, focusing perhaps on the creation of a new multi-agency career track of 'Homeland Security Officers' who could be the robust core of the DHS workforce. (See this post from March for more on this). And it should have a section on the education and professional development of that workforce. (See this post for more).

I'd also expect an authorization bill to revisit some of the issues concerning the way that DHS handles classification; for example, modifying the rules concerning 'Sensitive But Unclassified' (SBU) information.

7. Increased oversight. One consequence of the congressional power shift is that we're likely to see increased congressional oversight of the executive branch, including DHS. I actually think that DHS has been subject to a fairly solid amount of oversight to date; I often can barely keep up with all of the GAO reports, DHS IG reports, congressional investigations (e.g. the post-Katrina reports), and media investigations of DHS. But there has been something missing from these multiple streams of investigations - the willingness to use subpoena power to compel answers when there has been truculence at DHS and elsewhere in the federal government, as was the case during the Senate's investigation of the response to Hurricane Katrina.

This list is only a starting point; there are a number of other homeland security issues that might also pop up on the Congressional radar screen in the 110th Congress. I hope (and feel initially confident) that this work will be driven by a responsible assessment of threat and vulnerability, weighed against broader societal and economic impacts, and be constantly focused on improving our protection and preparedness of the nation against the serious threats that we still face.

-- Christian Beckner (cross-posted from Homeland Security Watch)

November 9, 2006 11:13 PM | Homeland Security | Discuss


The Fake Boarding Pass Saga

boardingpass_veganstraight.jpgLast week Christopher Soghoian, a 24 year-old Ph.D. student in information security at Indiana University, whipped together a website that allowed anyone to create a fake Northwest Airlines boarding pass. He hoped to bring attention to a security hole that allows anyone, including someone on the No-Fly list, to enter the security line with a fake document. Instead he got another kind of attention.

For those unfamiliar with the story, it's one I've been following in my blog and in a proper news story for Wired News since Soghoian told me about his site Wednesday night.

Soghoian, a security researcher who has done work at Google, Apple and IBM, told me the site's purpose was to demonstrate the futility of the No-Fly list:

I want Congress to see how stupid the TSA's watch lists are. Now even the most technically incompetent user can click and generate a boarding pass. By doing this, I'm hoping [Congress] will see how silly the security rules are. I don't want bad guys to board airplanes but I don't think the system we have right now works and I think it is giving us a false sense of security.

Even without his generator, the No-Fly list can be avoided:

If you can purchase a ticket over the internet with a pre-paid debit card and can fly without I.D., then for domestic flights the No-Fly list doesn't work.

On Friday, Congressman Ed Markey (D-Mass) called for the site to be shut down and arrested, and later that day, the FBI shuttered the site and met with Soghoian. Whatever he said must not have been convincing, since the FBI raided his house with a search warrant signed by a judge at 2 a.m. Saturday morning and seized his computers, though they didn't arrest him. Markey then retracted his call for Soghoian's arrest on Sunday and in fact, suggested the government hire him instead (though Markey called the site a 'lousy way' of publicizing the problem).

Since Sunday, the story has slowed considerably. Soghoian has lawyers now and isn't talking to reporters, though is occasionally updating his blog.

Soghoian's site exploited a well-known security hole, one first publicized by security expert Bruce Schneier in 2003, given the full-on Slate treatment in 2005, and, according to security blogger Adam Shostack, was explained to high-level Homeland Security officials in 2004.

That doesn't mean all security researchers applaud Soghoian's method. Indeed, Avi Rubin, who's best known for his voting security work, told Xeni Jardin that his former teaching assistant should have shown this to the government privately.

So what's the upshot? Will the government ban boarding passes ticketed at home? Will they prosecute Soghoian for building this site? Won't other hackers put their own version online? Will this prompt reconsideration of the use of notoriously ineffective watch lists for domestic travel?

The short anwsers, in my opinion, are No, No, Maybe but not as many as you'd expect, Definitely Not.

The long answers are here at 27BStroke6, which despite Noah's dig, is a great name for a blog. (Think Brazil).

- Ryan Singel
Photo: VeganStraightEdge

October 31, 2006 06:40 PM | Homeland Security | Discuss


Los Alamos Getting Sloppy (Updated)

Why should we bother putting radiological detectors in the ports when it's easier to get the stuff within the United States? The AP has this article on a drug raid at a New Mexico trailer park, which turned up classified documents from the Los Alamos National Laboratory (LANL).
DirtyBomb.jpg

Local police found the documents while arresting a man suspected of domestic violence and dealing methamphetamine from his mobile home, said Sgt. Chuck Ney of the Los Alamos, N.M., Municipal Police Department. The documents were discovered during a search of the man's records for evidence of his drug business, Ney said.

Police alerted the FBI to the secret documents, which agents traced back to a woman linked to the drug dealer, officials said. The woman is a contract employee at Los Alamos National Laboratory, according to an FBI official who spoke on condition of anonymity because of the sensitive nature of the case.

The official would not describe the documents except to say that they appeared to contain classified material and were stored on a computer file.

While the FBI won't comment, the Project on Government Oversight (POGO) has some insights.

According to unconfirmed sources, the information was classified as Secret Restricted Data which means it would involve nuclear weapons data and may have concerned detection of underground nuclear weapons testing. Also unconfirmed, the person in possession of the information worked either in Technical Area 55 where all of the Lab’s plutonium is stored or in the X Division which handles nuclear weapons design data for a maintenance subcontractor of the Lab.

POGO also notes six previous security incidents at LANL since 9/11. No wonder that many of the DHS exercises feature dirty bomb scenarios - they must be worried about domestic terrorists getting too much National Lab material...

-- Jason Sigger, crossposted at Armchair Generalist

UPDATED 10:20 AM: It should be noted that this isn't Los Alamos' first drug-related incident. Back in 2004, local authorities evicted a man who had lived for years in a cave on lab property. from a cave on Los Alamos National Laboratory land where they say he apparently lived for years with the comforts of home — a wood-burning stove, solar panels connected to car batteries for electricity and a satellite radio. Ten marijuana plants were found outside the cave, and the fellow inside was charged with possession of a controlled substance and possession of drug paraphernalia.

UPDATED 4:15 PM: Whatever you do, be sure to check in regularly at the POGO blog, where they've got all kinds of fun rumors floating in. Police docs, too.

UPDATED 10-26: J. here - let me clarify that I believe the combination of classified LANL documents and potential theft of radioactive isotopes from domestic sources (universities, medical labs) is what ought to get people excited about this incident. Obviously we don't know what's in the documents that makes them classified, and I am not suggesting that LANL might be the source of loose plutonium material. But unless LANL tightens up their security procedures and trains/screens its employees and contract support better, its leadership ought to be on notice.

October 25, 2006 06:55 AM | Homeland Security | Discuss


Homeland Security Blues

When I scan the papers for how the feds, state and locals are dealing with terrorist CBRN [Chemical Biological Radiological Nuclear] incidents, I cringe. We seem to swing from pandering to our worst fears to get a few more bucks to blind rote repetition in hazard response that doesn't match logic to the threat. Here's a few examples that I hope are not typical, but I wonder...
hazmat suit.jpg

In Denver, there was a "white powder" scare on Sunday - actually, it wasn't even a powder scare, it was a number of capsules holding a yellow powder which were delivered to a bank. It tested positive for a biological organism (protein) but not anthrax. There was no threat in the envelope, no return address, no visible signs of ill effects on the employees handling the mail. So of course the locals did the routine thing - quarantine the seven bank employees and the police officer who answered the 911 call, call the feds, let the WMD Civil Support Team confirm it's not anthrax, and strip and wash the employees in the bank's parking lot. Yep - routine.

But as a precaution, the employees were scrubbed in a puffy orange tent and sent home in a hazardous- materials suit because the substance was still unknown Sunday evening. One of the female employees cried on her way out of the decontamination tent, where she was required to strip naked and get scrubbed down by a hazardous-materials team.

The police officer also was decontaminated because he came in contact with the employees when he answered the 911 call.

Okay, is it asking too much for someone - between FEMA, the FBI, the Army (assuming the 20th SUPCOM), the WMD CST, and the Denver firefighters and hazmat team - to think, hmmm, doesn't test out as a BW agent or any typical white/yellow powder, no weird messages in the envelope, maybe we don't have to recreate the decon scene from "Silkwood" for what is probably a false alarm and obviously not a chemical or radiological hazard that might cause an acute lethal reaction. Idiots.

Let's flash over to Kansas City, where Kansas State University is planning to open up a Bio-Security Research Institute, which will study food safety. About $54 million is being invested in the facility. The university has a program called "Making America Safer" which includes several projects funded by DHS. They're looking forward to helping...

Now, under the center’s purview, hundreds of researchers and students are engaged in projects aimed at keeping America safe. The center works with the departments of Agriculture, Defense and Justice and other federal, state and local agencies “to facilitate an effective strategy for rapid response to emerging agricultural threats,” Vanier said.

The center is even developing plans for training police and firefighters who would be early responders in the event of a bioterrorist attack.

No, it's not the scientists' job to limit or halt bioterrorism attacks, contrary to the article's cheery tone. Intelligence professionals find out where the terrorists are and counterterrorism units grab the bad guys. All the scientists do is preach how deadly the bugs are and why they need more money to research the hazards. Although I should take it easy on K-State's associate vice provost for research and compliance, Jerry Jaax - he paid his dues as an Army MRIID doc working at the Reston Ebola breakout in 1989 - he's still a typical medic: "a bioterrorism attack could cripple the agricultural-based economy of the [Kansas] region. Jaax said a 'significant risk' of such an attack does exist." Yadda yadda. Where's the intel assessment?

Last, let's jump up to the Fed level. ABC News gets Richard Clarke (its paid consultant) and the FBI's WMD Division to hype up the spinach E. coli incident into a potential agro-terrorism incident.

Government investigators say there's no evidence linking the current E. coli outbreak — in which tainted spinach has caused at least 171 known cases in 25 states, according to the FDA — to terrorism. But those same investigators are keenly aware that America's food supply is vulnerable to attack. An international meeting on how to fight agro-terrorism starts Monday in Kansas City.

Government agencies have held mock exercises to see what would happen if the food supply was compromised. The results were catastrophic.

"What happened was utter chaos," said Sen. Patrick Roberts, R-Kan. "We lost almost the entire livestock herd of the United States, all export stock. We had panic at the grocery stores."

What a shock. A national exercise which went for the "worst case scenario" route to test the leadership responses, despite all lack of any evidence of a current terrorist threat and the complete lack of any past history of agro-terrorism. But it justifies the USDA's research bills.

Is it too much to ask for some sanity? Some logic and common sense? Natural disasters, accidents and indigenous diseases are still the major killers out there, people. I'm not against some funds for countering CBRN terrorism - it pays my bills - but certainly we could be spending it smarter, and more importantly, talking about the topic more intelligently.

UPDATE: Offices in Denver got four "anthrax" envelopes Monday - some copycat with a sick sense of humor. We need FEMA or the state EOCs to develop procedures that will minimize panic and not automatically go to four-alarm mode, assuming that every white powder is anthrax unless otherwise proven. These hoaxes and false alarms are going to continue - better figure out a sane way to face that fact.

-- Jason Sigger, crossposted at Armchair Generalist

September 27, 2006 04:26 PM | Homeland Security | Discuss


Drones, Blimps Lose Out in Border War

For those of you hoping for hordes of drones and blimps to start patrolling the Mexican and Canadian borders, there's bad news this morning. "After a face-off among large military contractors, the Boeing Company was picked by the Homeland Security Department to lead a high-tech effort to secure borders," the Times reports. And unlike proposals from Lockheed Martin, Northrop Grumman, and others, Boeing's plan for the Secure Border Initiative, or SBInet, doesn't rely that much on unmanned aerial vehicles (UAVs) or airships.

aerostat_tcom.jpg"Boeing's proposal relied heavily on a network of 1,800 towers, most of which would need to be erected along the borders with Mexico and Canada. Each tower would be equipped with a variety of sensors, including cameras and heat and motion detectors," the Washington Post notes. Boeing teamed up for the project with an Israeli company that built a bunch of the imaging equipment used in Israel's controversial fence along the West Bank. That gear, Boeing said, would be less risky and expensive than UAVs or airships -- even though both have been used to watch over southern Arizona for illegals.

But, not to worry: the Times says that there are still a few drones in the Boeing plan -- "small, relatively inexpensive unmanned aerial vehicles that can be launched from a pickup truck by an agent in the field and then fly for, perhaps, 90 minutes." I'm guessing the paper means these drones here.

"Homeland Security has been criticized harshly in recent years for initiatives that have either failed or far exceeded their budgets. In one case, cameras that the department installed on the borders broke down in bad weather," the Post observes.

"The administration has spent $429 million of the taxpayer's money to try and secure our borders with two already-abandoned border security programs," said Rep. Bennie Thompson (D-Miss). He expressed concern that the same thing will happen to SBInet.

Mindful of that record, Boeing emphasized that all its technology has been proven to work. "The low-risk approach is probably going to carry weight here."

"The contract will at least initially be much more limited than some industry officials had expected, valued at $80 million instead of the $2 billion estimate given for the six-year deal," the Times writes.

September 20, 2006 07:17 AM | Homeland Security | Discuss


Don't You Dare Forget

fdny_shadow.jpg

September 11, 2006 07:54 AM | Homeland Security | Discuss


How We Let Osama Get Away

"We will prosecute these men and send a clear message to those who kill Americans: No matter how long it takes, we will find you and bring you to justice."

-- George W. Bush, 9/9/06

Five years ago tomorrow, three thousand people were killed in my home town. And the bastards who masterminded this mass murder have gotten away with it, thanks in part to the actions of our government and its allies. Sure, hunting for a single, clever man in a vast world is an extremely difficult task. It gets even harder, when there's anything less than 100% commitment and focus to catching him.

osama_dead_or_alive.jpgBy now, you probably know that Pakistan has signed a "truce" with the militants who many believe are harboring bin Laden. You know that the CIA has shut down its Osama-hunting shop. But what you may not know -- and what the Washington Post reveals today -- is that there hasn't been a "credible lead" on the Al-Qaeda chieftain's whereabouts in "more than two years. Nothing from the vast U.S. intelligence world -- no tips from informants, no snippets from electronic intercepts, no points on any satellite image -- has led them anywhere near the al-Qaeda leader."

In an exhaustive article, the paper shows how the trail for bin Laden grew so cold. The story starts not long after the President promised that the terrorist would be caught "dead or alive."

[In a December, 2001] videotape obtained by the CIA, bin Laden is seen confidently instructing his party how to dig holes in the ground to lie in undetected at night. A bomb dropped by a U.S. aircraft can be seen exploding in the distance. "We were there last night," bin Laden says without much concern in his voice...

Only two months later, Bush decided to pull out most of the special operations troops and their CIA counterparts in the paramilitary division that were leading the hunt for bin Laden in Afghanistan to prepare for war in Iraq...

Although the hunt for bin Laden has depended to a large extent on technology, until recently unmanned aerial vehicles (UAVs) were in short supply, especially when the war in Iraq became a priority in 2003...

Bureaucratic battles slowed down the hunt for bin Laden for the first two or three years... In early November 2002, for example, a CIA drone armed with a Hellfire missile killed a top al-Qaeda leader traveling through the Yemeni desert. About a week later, Rumsfeld expressed anger that it was the CIA, not the Defense Department, that had carried out the successful strike.

"How did they get the intel?" he demanded of the intelligence and other military personnel in a high-level meeting, recalled one person knowledgeable about the meeting.

Gen. Michael V. Hayden, then director of the National Security Agency and technically part of the Defense Department, said he had given it to them.

"Why aren't you giving it to us?" Rumsfeld wanted to know.

Hayden, according to this source, told Rumsfeld that the information-sharing mechanism with the CIA was working well. Rumsfeld said it would have to stop...

In 2004, Rumsfeld finally won the president's approval to put SOCOM [the Defense Department's Special Operations Command] in charge of the "Global War on Terrorism..."

Today, however, no one person is in charge of the overall hunt for bin Laden with the authority to direct covert CIA operations to collect intelligence and to dispatch JSOC [Joint Special Operations Command] units. Some counterterrorism officials find this absurd. "There's nobody in the United States government whose job it is to find Osama bin Laden!" one frustrated counterterrorism official shouted. "Nobody!"

The President and his team rightly deserve credit for deflecting any attacks on the homeland since 9/11. They deserve credit for catching Al-Qaeda bigwigs like Khalid Sheikh Mohammed. But to let their hard-ons for Iraq and their petty infighting distract them from nailing America's number one enemy is more than frustrating. It's dangerous. They've shown would-be Osamas all over the world that you can attack America, and get off scot-free. And I'm afraid that more of my neighbors will one day pay the price for sending that awful message.

September 10, 2006 05:10 PM | Homeland Security | Discuss


Could it Happen Again?

Could 9/11 happen another time? I'm not talking in general about another surprise terrorist attack in the States. Literally, could a group of jihadists "board four airplanes, subdue their passengers, and fly the planes right over the heads of the nation's leaders, right past the ferocious firepower of the U.S. military, just as they did five years ago?"

221-wtc.jpgThat's the provacative question Defense Tech contributor Shane Harris asks in the current National Journal. He examines the 9/11 plot, step-by-step, and looks at which ones could -- and couldn't -- still be pulled off today. Bottom line: There have been improvements. But it just could happen, all over again.

Then: Months before he piloted American Airlines Flight 11 into the north tower of the World Trade Center, Mohamed Atta had come to the attention of U.S. authorities. In January 2001, he persuaded an inspector with the Immigration and Naturalization Service to let him into the country so that he could continue pilot training at a U.S. school, even though he presented no student visa.

Now: ...stricter regulations for issuing student visas are in place. Any foreigner entering the United States on a student visa must be registered in a government computer system. However, the schools themselves have generally been responsible for entering the data, and have borne the burden of alerting federal officials when students don't show up for classes. In that case, federal officials are supposed to track them down. In August, several Egyptian students who were granted visas to attend a summer program in Montana never showed up at their assigned school, and the FBI launched a nationwide manhunt to apprehend them...

Then: Early on the morning of September 11, Mohamed Atta and a fellow hijacker flew from Portland, Maine, to Boston's Logan Airport, where the two men were to board American Airlines Flight 11 bound for Los Angeles. When Atta checked in at Portland, the government's Computer Assisted Passenger Prescreening System flagged him for additional inspection, which consisted of holding Atta's checked bags off the aircraft until it was confirmed that he was aboard...

Now: CAPPS has undergone at least three iterations. The Transportation Security Administration is trying to launch the Secure Flight System to screen airline passengers. But deployment has been beset by delays, management problems, and unresolved concerns about how the system would protect passenger privacy. The current screening system, which relies on antiquated technologies, has kept some suspicious passengers off planes, officials say, but not all of them. The system has also flagged individuals who were clearly not terrorists, calling into question its efficacy...

Then: All of [the Boston-based hijackers] walked through metal detectors set up to react to items with at least the metallic content of a .22-caliber handgun.

Now: Metal detectors have been recalibrated to react to smaller metal objects.

Then: If any one of them had set off the detector, he would have been screened by hand using a more sensitive, metal-detecting wand.

Now: Passengers who trip the metal detectors are patted down by a TSA screener.

Then: Also, the hijackers' bags were run through an X-ray machine to examine their contents; nothing suspicious was found.

Now: TSA screeners have color monitors that help them distinguish objects of different density, which can help the screeners find explosives. But the machines do not detect explosives. Screeners can search for trace explosives using separate equipment...

Surely, would-be terrorists could enter the country legally, and presumably they have done so. When actually boarding flights, however, they would face increased scrutiny... Any attempted hijacking would be met with potentially lethal resistance from passengers. This may be the single best insurance that another 9/11 couldn't happen -- at least, not the same way.

September 7, 2006 12:08 AM | Homeland Security | Discuss


Disaster Tech Pushes Ahead

So many things went wrong in the government's sucktastic response to Hurricane Katrina, it's hard to know where to begin to make fixes. One place might be the basics -- communicating, and getting a sense of the scene.

saIII_up.jpgIn the days after the storm, while the feds and local officials floundered, ham radio operators and teams of guerrilla geeks took it upon themselves to keep Katrina survivors informed. Drone-makers sent unmanned spotters into the skies above New Orleans, to get a look at the devastation.

The efforts -- and so many others like them -- were beyond inspirational. But the impact of these self-starters was muted, because they couldn't share information or resources all that well. The infrastructure (both hardware and soft) just wasn't in place.

That's the problem a disaster response drill, conducted last week in San Diego, aimed to correct. Everyone from IBM to Sprint to Google to U.S. Joint Forces Command participated in the test, called Strong Angel III. And everything from inflatable antennas to high-speed wireless networks to text-message news feeds to games for humanitarian aid was tried out.

It didn't all work perfectly, as the New York Times notes.

Last Monday, the group began to assemble a makeshift command center at an abandoned building near the San Diego airport. But a state-of-the-art wireless network, intended to route video images, satellite map coordinates and other data — from an impressive array of mobile computers, software analysis tools and command programs — failed to come to life.

"Finally I said, 'Lights out! Everyone turn everything off and let’s start over,'" said Brian D. Steckler, a computer scientist at the Naval Postgraduate School in Monterey, Calif., who was in charge of more than a dozen interlocking networks at the heart of the command center.

Hundreds of computers and even cellphones were shut down, and then the network was slowly turned back on, segment by segment. Too many high-bandwidth applications had clogged the network, including a powerful video camera and "rogue" transmitters set up by participants intent on creating their own mini-networks.

But Strong Angel did meet its #1 goal -- to "mapping and developing" relationships for disaster response. Programmers from Microsoft and Google, for example, teamed up "to allow sharing [of] a single set of digital satellite maps seamlessly and to overlay event data relayed from emergency workers throughout the San Diego area," the Times said.

Most observers, like Defense Tech pal John Scott, agreed if these projects take the main lessons of the drill to the heart -- by keeping collaboration tools simple, low-bandwidth, and platform-agnostic -- they should be "hugely helpful for the next disaster."

August 28, 2006 12:41 PM | Homeland Security | Discuss


UK reduces terror threat level

The British government reduced their threat level from Critical to Severe on Sunday, an indication that the UK officials no longer think that "an attack is expected imminently." The Department of Homeland Security matched this change shortly thereafter by reducing the threat level on flights bound from the UK to the US from Red to Orange. The rest of the aviation sector remained at Orange.

thameshouse.jpg

Other news from the last 24 hours related to the UK aviation plot:

1. British Home Secretary John Reid said on Sunday that the UK had disrupted four major terror plots in Britain since the July 7, 2005 transit attacks, and said that police were investigating two dozen current plots.

2. This Sunday Times story takes a close look at the events that triggered the UK's response on Thursday morning, telling how MI5 and Scotland Yard sprung into action following the arrest of plot mastermind Rashid Rauf in Pakistan. And it provides new biographical information on the plotters.

3. The Guardian reports on Monday that the suspected ringleader of the aviation plot, Rashid Rauf, is providing details "that directly link the conspiracy to al-Qaida in Afghanistan."

4. Sec. Chertoff made the rounds of the Sunday morning talk shows, clarifying that no U.S. links to the plotters have been found. In related news, this story in the New York Times describes how Sec. Chertoff and a small cadre of DHS officials prepared for the response prior to Thursday's arrests.

5. TSA amended its travel rules slightly on Sunday, clarifying that baby formula and medications would be allowed on flights, and that shoe removal would now be mandatory for all passengers at all airports. The transport authorities in Britain also relaxed their carry-on rules today, now allowing passengers to take on one small bag (but no liquids or gels).

6. This AP story describes different types of explosives detection equipment that are relevant for the liquid/gel explosives threat.

7. Interpol's Ron Noble criticizes British officials in a NY Times op-ed for not using Interpol's international information-sharing mechanism's in the aftermath of the arrests, and makes the case for the value of this type of information-sharing.

-- Christian Beckner, cross-posted from Homeland Security Watch

August 13, 2006 10:44 PM | Homeland Security | Discuss


UK terror plot: links to 7/7?

heathrow2.jpg

The pace of reporting on the UK terror plot has slowed down somewhat in the last 24 hours, but there have been a number of interesting developments today:

1. The Times of London reports today on potential links between this plot and the July 7, 2005 transit attacks in London:

....Scotland Yard is investigating possible links between the men arrested on Thursday and other British terrorists, including the July 7 bombers. They are concerned that some of those now in custody visited Pakistan last year at the same time as two of the London bombers. Pakistani intelligence sources are examining whether any of those arrested on Thursday attended the same madrassa, or religious school, as the 7/7 bombers.

2. MSNBC is reporting this afternoon on a disagreement between US and UK officials earlier this week on the timing of efforts to roll up the plot. According to MSNBC, the UK officials wanted to wait, and see where the threads of the plot led; the US officials wanted to act, fearing that an attack could take place. The report asserted that US officials threatened to act on their own against the Pakistani suspects, prompting the British officials to move faster to arrest the individuals in the UK. No word yet from official sources on this report.

3. Fox News was reporting earlier that the terrorist group Lashkar-e-Jhangvi is potentially connected to the plot. A story in The Hindu looks at a broader net of Pakistan-based terror groups that might be connected to the plot.

4. The situation is improving but still problematic at airports in the UK, with many cancellations and extensive delays. Insurance companies in the UK refuse to insure valuables checked in the cargo hold, raising a new set of concerns about the UK's emergency measures. The aviation system in the United States returned to a state of relative normalcy yesterday, as travellers were prepared for the new policies. NPR reports here on Sec. Chertoff's press conference at National Airport on Friday afternoon.

5. New questions are being raised about the Department of Homeland Security's efforts to develop explosive detection technology over the past several years. See my detailed post here.

-- Christian Beckner (cross-posted from Homeland Security Watch)

Image source: Flickr

August 12, 2006 04:03 PM | Homeland Security | Discuss | TrackBack


UK Terror Plot: American Connections?

ABC News is reporting this morning that the FBI is looking into potential connections between the plotters in the UK and people in the United States:

U.S. law enforcement sources tell ABC News the FBI is investigating new leads that involve a possible connection between people in the United States, in major east coast cities, and the London bomb plotters.

In an interview with ABC News this morning, White House Homeland Security Advisor Fran Townsend said while there is currently no indication of any plotting in the United States, she confirmed, "There are leads that the FBI is running."

There's also new information today on the depth of the connections to al-Qaeda and Pakistani militant groups to this plot, at the link above and in this Times of London piece.

Other developing news over the last few hours:

1. The US Embassy in India released an advisory warning American citizens of a pending al-Qaeda attack in Delhi and/or Mumbai. No evidence so far of a direct connection to this plot.

2. The NSA was apparently involved with intercepting the group's communications. (Note to those who think this has anything to do with recent NSA controversies: it doesn't. This is what the NSA has always done. The NSA does surveillance on British subjects with the British government's consent, and the UK's GCHQ returns the favor when necessary. The new NSA terrorist surveillance program is controversial primarily because it is the NSA directly conducting domestic surveillance on U.S. persons.)

3. British transport authorities are debating about how to transition the emergency aviation security measures into sustainable policies.

4. DHS gets good marks for its initial response yesterday in a WaPo story.

For more updates, check my usual site, Homeland Security Watch. And keep tabs on ABC News, the Times of London, TIME, and the Guardian, which have provided the best media coverage of the story so far.

UPDATE 3:37 PM EST 8/11: This ABC News piece updates their earlier post, and suggests that there are actually no real U.S.-based leads:

In the last several weeks, the FBI dispatched over 200 agents from FBI Headquarters and had agents in every FBI field office running down leads and looking for any angle or connection to the U.K. plot and suspects, according to FBI and Justice Department officials.

As part of this effort, MI-5 and British security services provided a list of the suspects' names to U.S. officials. The FBI, ICE (Immigration and Customs Enforcement) and other agencies spread around the intelligence community ran the names through all of their various databases looking for any information drawing a nexus between the U.K. suspects and any U.S. individuals or other U.S. connections. There were some hits for phone calls made to relatives who live in the U.S., but so far none of these leads has developed any evidence of terrorism or plotting inside the United States.

According to one Justice source, as the FBI looked for leads, there was a spike in the number of FISA applications submitted to the Foreign Intelligence Surveillance Court to establish court-approved secret wiretaps and surveillance on potential terrorism suspects.

As noted yesterday, at this time, counter-terrorism officials have not been able to find any links inside the U.S. associated with this plot.

-- Christian Beckner

August 11, 2006 11:09 AM | Homeland Security | Discuss


Countering Liquid Bombs

Screening for liquid bombs isn't possible with existing scanners, The New York Times reports:

Since September 2001, the federal government has hired tens of thousands of government screeners and upgraded its metal detectors and X-ray machines. But most of the equipment is still oriented toward preventing a metallic gun or other easily identifiable weapon from being carried aboard; it cannot distinguish shampoo from an explosive.

But the feds knew this as far back as 1995, when the Manila bomb plot was thwarted:

James Jay Carafano, senior fellow at Heritage Foundation in Washington and an expert on domestic security, said that in the last year, officials at the highest levels of the department recognized the seriousness of the threat posed by liquid explosives and had been pushing aggressively to introduce equipment that could help.

But no such devices are ready to be rolled out.

“This is not a case of them being caught like a deer in the headlights and saying, ‘Oh my God we never expected this,’ ” Mr. Carafano said. “In fact they expected this threat.”

--David Axe

August 11, 2006 09:30 AM | Homeland Security | Discuss


Mining for Terrorists

The difficulty of scanning for liquid bombs makes detection and early intervention of terrorist networks even more urgent. Lucky for us, British intel agency MI5 was on top of its game, The Scotsman reports:

Based on the information from Pakistan, MI5 began its watching operation last year. The BBC last night reported the operation began in July, but The Scotsman understands it started several months earlier.

In the initial stages, counter-terrorism officers watched from a distance. By sifting telephone records, e-mails and bank records, the MI5 officers built up what insiders call "concentric circles" of information, gradually connecting each suspect to others and building up a detailed picture of the conspiracy.

step_1.jpgScore one for Big Brother.

In an excellent piece in the August Popular Science, Defense Tech daddy Noah Shachtman shines a light on the kinds of data-mining MI5 and U.S. agencies use to bust terrorists ... and to keep tabs on us:

Who’s the most important player in a group? Who’s merely peripheral? Data crunchers find out by plotting people as “nodes” on computerized graphs, forming web-like networks. The links between nodes are then weighed and analyzed using matrix algebra and other tools.

Valdis Krebs digs into a legal alternative to data-mining -- so-called "Social Network Analysis" -- in an excellent piece at orgnet.com. His case study is 9/11:

Early in 2000, the CIA was informed of two terrorist suspects linked to al-Qaeda. Nawaf Alhazmi and Khalid Almihdhar were photographed attending a meeting of known terrorists in Malaysia. After the meeting they returned to Los Angeles, where they had already set up residence in late 1999.

What do you do with these suspects? Arrest or deport them immediately? No, we need to use them to discover more of the al-Qaeda network. Once suspects have been discovered, we can use their daily activities to uncloak their network. Just like they used our technology against us, we can use their planning process against them. Watch them, and listen to their conversations to see...

--David Axe

August 11, 2006 09:09 AM | Homeland Security | Discuss


Terror Plot Deja Vu

The just-foiled airline bomb plot has precedents, The New York Times reminds us:

The plot to blow up several airliners flying between Britain and the United States bears a striking resemblance to a plot hatched by al Qaeda operatives 12 years ago to simultaneously blow up airliners over the Pacific.

That plot was hatched in Manila by Khalid Sheikh Mohammed, who was starting his climb to be a top lieutenant to Osama bin Laden, and by Ramzi Yousef, who was the mastermind of the first bomb attack on the World Trade Center in 1993. It was financed by bin Laden.

Which is perhaps why U.S. officials are saying the current plot bears Al Qaeda's fingerprints. But remember, it's open-source terrorism we face. That this plot looks like the Manila plot means only that the terrorists are drawing from the same well of tactics and philosophy, not that there's any formal Al Qaeda command and control in place.

Does it even mean anything any more to invoke Al Qaeda?

--David Axe

UPDATE 8/11/06: Sure enough, officials have told Time that there is no evidence of Al Qaeda command and control:

Though the plot has all the hallmarks of an al Qaeda operation, U.S. officials cautioned that there isn't yet evidence of a direct link between the plotters and the organization's top leaders. "We're not convinced this particular operation is connected to the al Qaeda chain of command," Charles Allen, Chief of Intelligence for the Department of Homeland Security, told reporters on Thursday afternoon. As for whether the attack was being timed for the fifth anniversary of Sept. 11, Allen said he thought the attack would simply be launched when it was ready. "I am a long standing believer that terrorist plotters or planners execute when they have all of the plot together," said Allen. "We have no evidence this was timed to any particular holiday or special event."

August 10, 2006 12:08 PM | Homeland Security | Discuss


UK aviation terror plot disrupted

A major terrorism plot was disrupted overnight in the United Kingdom, involving plans to blow up multiple flights from the UK to the United States. At least 21 people arrested by UK counterterror agencies. The plot appears to involve a device assembled onboard, using otherwise benign liquids and equipment - comparable to the mid-1990s Bojinka plot hatched by Khalid Sheikh Mohammed. The UK immediately imposed a ban on carry-on luggage on all flights leaving the United States and went to CRITICAL (the highest level, equivalent to 'Code Red') in their threat advisory system. The United States government has gone to 'Code Red' for all flights departing the UK (the first time Red has been used by the Homeland Security Advisory System), and 'Code Orange' for the rest of the aviation sector. The commercial aviation system is in chaos all over the world today.

Check my regular site, Homeland Security Watch, for more detailed analysis and frequent updates throughout the day as the facts emerge. And the Counterterrorism Blog is naturally on top of the story with commentary and analysis.

-- Christian Beckner

August 10, 2006 07:37 AM | Homeland Security | Discuss


AOL Leak: Toward Searchcrime?

aolsheet.jpg

A research site at America Online posted three months of search records for 500,000 people (over 20 million searches) on the Internet recently. The data was discovered over the weekend and news of it has quickly spread across the blogosphere and into the mainstream media. AOL rapidly removed the data from its site, but the cat's already out of the bag - the files were copied, and have been replicated all over the Internet.

Anyone can download the 439mb file, just like I did last night. People are already poring through the data, finding some very disturbing search patterns among a number of AOL's users. In theory, there is no personally-identifiable information on the database, but if people ran searches that identify things about themselves, it often becomes easy to figure out who they are. In many ways, this is a worse privacy loss than the laptop stolen from the Veterans Administration employee earlier this spring, if it had been compromised.

This inadvertent disclosure of data forces the need for a public debate on the retention and use of search data by private companies, and the propriety of its use by government agencies. In January we learned that Google refused a DOJ subpoena to supply the government with exactly this kind of data - a request with which Yahoo!, AOL and MSN complied. These companies are compiling petabytes of search data on their servers, effectively archiving the collective subconscious of hundreds of millions of people.

This information clearly has value from a marketing and business intelligence perspective, which is why the search companies are retaining it. But this data then becomes an overly tempting target for homeland security and counterterrorism officials. Should they able to access it? Under what conditions? By whom? And what is the actual value of the search information? We need to answer these questions, and in doing so develop a clear framework to guide how and when such information should be available to government officials, rather than continuing along in the legal and policy vacuum that the United States is in today.

We need a framework that allows narrow access to this search data in cases where a person or group is under investigation for activities related to terrorism, counterintelligence, and/or WMD proliferation. But I would forbid access to this search data for the purpose of conducting wide-ranging analysis of search data - looking for needles in the haystack - because the benefits would not be nearly commensurate with the massive privacy hit. And the search companies need to be more responsible in their utilization of this data, and develop policies and systems for destroying data after a finite period of time (1-2 years), and give users the ability to clear and remove personally-identifiable search histories from company servers.

This assessment is based in part on some cursory analysis of the AOL data last night. In cases where I found "suspicious" searches, I could never be certain about the actual intent of the search. This inability to divine intent from searches will naturally lead to high percentages of false positives. For example, anyone who works in the homeland security field, as I do, is likely to run searches related to terrorist tactics, infrastructure protection, etc. These searches are all false positives, and likely will drown out any "real" terrorist search activity. Efforts to investigate these searches would therefore be expensive, and less productive than traditional means of intelligence and investigation.

If the federal government is allowed unfettered access to this data, we run the risk of creating a new Orwellism - Searchcrime - that is an inefficient response to the war on terror.

-- Christian Beckner, cross-posted from Homeland Security Watch.

August 8, 2006 02:20 PM | Homeland Security | Discuss


DHS "Critical Infrastructure": Amish Popcorn, Trees of Mystery

As the New York Times notes, the Department of Homeland Security inspector general released an important and timely report on Tuesday, entitled "Progress in Developing the National Asset Database." The report chronicles the difficulties that DHS has faced in developing a usable national inventory of critical infrastructure. It also helps explain some of the shortcomings in the recent homeland security grant allocation decisions -- remember New York's big cut? -- which were based to a certain degree on the information in this database.

The report provides a detailed breakdown of the 77,069 assets in the database by type, as shown in this chart. It then discusses some of the limitations of the current database, noting that it does not assign criticality rankings to the assets in the database; in other words, the Brooklyn Bridge or Hoover Dam have the same value to the nation as the least significant asset included in the database. And what are some of those low-caliber assets? The report provides a sampling, and oh what a list it is. Some highlights:

infra.jpg

Old MacDonald’s petting zoo
Bean Fest
Nix’s Check Cashing
Amer. Society of Young Musicians
Trees of Mystery
Kennel Club and Poker Room
Historical Bok Sanctuary
4 Cs Fuel and Lube
Kangaroo Conservation Center
Bourbon Festival
Jay’s Sporting Goods
Groundhog Zoo
Sweetwater Flea Market
High Stakes Bingo
Frontier Fun Park
Mule Day Parade
Beach at End of [a] Street
Amish Country Popcorn
[a] Pepper and Herb Company
Order of Elks National Memorial
Donut Shop
Casket Company
Muzzle Shoot Enterprise
Several Wal-Marts
Apple and Pork Festival
Yacht Repair Business
Anti-Cruelty Society

These were assets which were submitted by states as lists of their critical infrastructure in 2004 and 2005, with little quality control to date. And they aren't anomalies. The report notes that the state of Indiana has 8,591 assets on the list - 50% more than New York (5,867) and nearly triple the number of assets that California submitted (3,457). The state of New Mexico apparently contains 73% of the critical assets in IT sector nationwide, according to the database. New York has only 2% of the nation's banking and finance assets - trailing North Dakota & Missouri. Indiana has more tall buildings than Illinois, home to skyscraper city Chicago. And so on. The chart on page 51 of the report provides the complete state-by-state breakdown.

The report also notes an equally serious problem: the fact that the database does not adequate account for distributed, system-level assets (e.g. food supply systems, energy & telco grids, etc.), which creates the risk of a bias in favor of protecting fixed assets in the nation's infrastructure protection activities.

It mentions that efforts are underway to improve the database and prioritize assets within it, but these efforts are incomplete. And it concludes with a set of recommendations about how to improve the database.

I've described the DHS grant system as being at risk to the "garbage-in, garbage-out" problem in its allocation processes since the beginning of the year. This report provides another point of confirmation that the quality of the data used to make DHS grant decisions is subpar, and perhaps explains some of the oddities in the funding decisions for the State Homeland Security Grant Program in 2006. Some of the states who were apparently "asset inflators" made out very well in the discretionary segment of the State Homeland Security Grant Program (money left over after the allocation of state minimums) this year, notably Nebraska, North Dakota, and Missouri. Perhaps this is a coincidence; but given the black box nature of this allocation process, and the well-documented flaws in the UASI allocations, I'm inclined to think that it's not until shown otherwise.

-- Christian Beckner, cross-posted from Homeland Security Watch.

July 12, 2006 02:53 PM | Homeland Security | Discuss


London, Post-7/7: Business As Usual

A year ago today, as I walked into London’s Liverpool Street Station, I saw dozens of police officers converging on it. I expected just another security alert. A bomb had just exploded on an underground train leaving the station, instead. That bomb killed seven people. A few days later, I snapped these floral tributes at the station’s entrance. If they seem low-key, perhaps it’s because Londoners are no longer shocked by such attacks.

Liverpool st1.jpgIn 1993, the Liverpool Street underground station was damaged – along with many of the surrounding buildings – by a huge IRA truck bomb. Only person was killed as a warning had been given and the area was being evacuated, but forty were injured.

In 1940, the station’s roof was shattered by bombing during the Luftwaffe’s Blitz on London. It escaped lightly, given that over 18,000 tons of bombs were dropped with 29,000 killed in London alone.

But the station’s most infamous bombing was in 1917. On June 13, 1917, twenty German Gotha bombers evaded defending fighters and attacked London. They hit Liverpool Street Station, killing sixteen and injuring thirteen. The raids killed over a hundred people around London, including many children, and the nation was horrified. For the first time, the capital of a powerful Empire had been attacked from the air, and civilians had not been spared. The Great War had arrived on the home front.

With ninety years experience, it’s not surprising that Londoners seem hardened to the bombing. Few would expect this to be the last attack either. A docu-drama called Dirty War released in April 2005 used Liverpool Street Station as the site of a dirty bomb attack by terrorists.

While the media may try to play up fears of further terrorism, sites like the wonderful We're Not Afraid capture the public mood. For most people, the signs put up on bomb-damaged shops in the Blitz really do sum it up: "Business As Usual."

-- David Hambling

July 7, 2006 08:25 AM | Homeland Security | Discuss


Damn It! '24' Stars Meet Homeland Security Bigs

The Heritage Foundation hosted an event this morning on "'24' and America's Image in Fighting Terrorism" that was probably as close as the homeland security policy community will ever get to the world of the glitterati, bringing together think tankers with the producers and cast members of '24.' The auditorium at the Reagan Building was packed with an overflow crowd (which included Justice Clarence Thomas) for the event. Homeland Security Watch was there.

tony_jack_ext_600. 4p-5p.jpgSec. Chertoff kicked things off with a few remarks before heading off to the DOJ press conference on the Miami terror plot (and adding a non-subtle jab at NYC and DC leaders that this plot proves that terrorism is a "national problem"). Turning to the show, he noted that it reflected real life in its portrayal of the decisions that leaders must make, constantly forced to choose "a best choice among a series of bad options" in an environment of imperfect information that always seems more orderly in hindsight. But he added that in real life, you can't resolve problems in 24 hours, and that perseverance is the real key to winning the war on terror. And he noted that in reality successed depended not on the extraordinary feats of a Jack Bauer, but on the quiet, resolute work of thousands of "real heroes," doing their jobs behind the scenes each day, at DHS, other agencies, and at the state & local level.

When asked how '24' compared to reality, he noted that "DHS doesn't have an operations center like the CTU," (although later it was pointed out that the set designer for '24' also helped design the operations center at the National Counterterrorism Center) and that unlike in '24', "we don't get information using measures that violate the law." And he wistfully noted that the governments' technologies often paled in comparison to '24', commenting that he had never seen a computer crash on the TV show.

The event then shifted to a panel session moderated by Rush Limbaugh, featuring think tankers Jim Carafano from Heritage and my former boss David Heyman from CSIS (described by Limbaugh as the "token moderate" on the panel), along with producers Howard Gordon, Joel Surnow, and Robert Cochran, and actors Mary Lynn Rajskub (Chloe), Carlos Bernard (Tony), and Gregory Itzin (President Logan). (Click here for a group pic.)

The session was weighed down at times by Limbaugh's tendentious and leading questions; he was constantl