About six months ago, I did an elegant back-of-envelope calculation about the Western Hemisphere Travel Restriction Initiative’s cost in terms of lost freedom and commerce. I came up with an estimate of about half-a-billion dollars (net present value).
If that estimate was a little too airy, here’s a more clear cost of WHTI: $944 million over three years. That’s the direct cost we’re paying through the State Department for the WHTI rules.
So now we’re at around $1.5 billion. Will $1.5 billion+ in damage to the United States’ people, possessions, infrastructure, and interests be averted thanks to WHTI? No. As a security measure, it’s Swiss cheese.
WHTI does more harm than good. It is a self-injurious misstep – precisely what the strategy of terrorism seeks to cause.
Today EFF argues its important case against AT&T for its participation in the NSA wiretapping program before the Ninth Circuit:
As we all learned in school, Congress is also supposed to keep the Executive in line. But so far it has utterly failed to do its job; just two weeks ago, Congress surrendered to the President’s outrageous demands and passed horrible legislation authorizing warrantless eavesdropping on Americans’ international communications with virtually no oversight. Congress has also failed to engage in any serious investigation about the warrantless wiretapping to date. With your support, we’ll be reminding them of their duty in the coming weeks and hopefully will convince them to restore your rights.
We won’t just wait for Congress to come to its senses, though — Americans deserve their day in court right now. Backed by overwhelming evidence, including whistleblower testimony from a former AT&T employee, our lawsuit alleges an unprecedented program of dragnet domestic surveillance. AT&T has given the NSA unchecked backdoor access to its communications network and its record databases, violating the rights of its millions of customers. While we certainly oppose Congress’ recent dramatic expansion of spying powers, even the new law does not authorize such far-reaching, illegal, and unconstitutional dragnet surveillance, and it doesn’t change AT&T’s culpability for helping the government in its illegal activities over the last six years.
But Congress’ capitulation does make our case even more critical. All three branches of government have a duty to protect your rights. If the Administration succeeds in using “state secrets” claims to shut down our litigation after scaring Congress away, we may never be able to hold AT&T and the White House responsible for violating millions of Americans’ constitutional rights. And, more importantly, we may not be able to stop it.
“Instead, the country should have a national debate on security and identification that leads to a thoughtful plan that protects privacy . . . .”
Good idea!
Today, the NY Times reports on a rather shocking surveillance program that China has in the works. The program is starting in the city of Shenzhen, where people will be required to register for residency cards containing a computer chip. According to the Times, “Data on the chip will include not just the citizen’s name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord’s phone number. Even personal reproductive history will be included, for enforcement of China’s controversial “one child” policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card.”
Wow. George Orwell had nothing on these guys.
While I’m on the subject, my favorite TLF reader sends me this “mythbusters” page on the liquids ban from the TSA’s website. Here’s their explanation of why terrorists couldn’t combine multiple bottles of liquid:
We also paid close attention to the idea of terrorists combining multiple small bottles in a larger container or combining many small bottles together after going through the checkpoint. Due to the extreme volatility of liquid explosives, the international consensus was that those scenarios don’t represent a significant threat. Thanks to this unprecedented international cooperation, 67 countries, a great majority of the world’s air travelers are under a common set of security rules for the first time.
Can someone explain what this is supposed to mean? Are they saying that the liquids in question are so volatile that they’ll evaporate/explode the moment they come into contact with the air? I find it hard to believe drug stores would be selling such explosive liquids, so they must mean evaporate. I admittedly haven’t taken chemistry in a while, but I find it hard to believe there exist liquids that evaporate almost instantly from 3-oz containers, but can, in larger quantities, be reliably mixed with other liquids in an airport lavatory, with no equipment, in order to make a bomb powerful enough to take down an airplane.
Oh, and the explosion video is available on that site. It strikes me as pretty useless. No details are given about what was mixed, how it was prepared, or in what quantities, and we have no close-ups of the blast site either before or after. I’m sure that Sandia labs has chemists who know how to blow stuff up, but that hardly proves that a terrorist could do the same thing in an airport lavatory.
Bruce Schneier points to this underwhelming story purporting to explain that the liquid ban is really vital to airline security and not just security theater. Color me unimpressed.
Although I wasn’t smart enough to figure out how to view it, there’s apparently a video showing a large explosion made from the components in question at Sandia Labs. Fine, I’m sure there are some liquids out there that, if mixed together under the right circumstances, can produce a large explosion. The question is whether it’s possible to do that in an in-flight airline restroom, where you have very little space, no stable work surface, no access to lab equipment, not a whole lot of time, and no ventilation.
If the powers that be really wanted to convince us that this was a real threat, they should release details about what the ingredients are, so other labs can reproduce the results. The “national security” excuse doesn’t make any sense here: the terrorists obviously already know what ingredients they were using, so there’s no point in keeping the secret away from them. Moreover, if there
were a real threat, public disclosure might have real benefits: labs around the country could work on developing new equipment to detect the ingredients in question, and passengers could be on the lookout for telltale signs that a liquid bomb was being mixed.
Finally, as Schneier points out, the really ridiculous part is that the TSA’s Byzantine liquids rules just don’t stop terrorists from getting a significant amount of liquid through the checkpoint. Schneier says that he was able to smuggle in 12 ounces of non-saline-solution liquid in a saline solution bottle. If it takes more than 12 ounces to make the plane go boom, you can have multiple terrorists go through the checkpoint, or make multiple trips.
The bottom line is that if every container of liquid is a potential bomb, then no liquids should be allowed through security at all. The TSA obviously isn’t
that concerned, so it makes me skeptical that there’s anything more to the story than bureaucratic ass-covering.
Susan Landau, an engineer at Sun Microsystems and the author of Privacy on the Line: The Politics of Wiretapping and Encryption, has an op-ed in today’s Washington Post that builds on the FISA issues we discussed in our Tech Policy Weekly podcast yesterday. Her editorial is entitled, “A Gateway for Hackers: The Security Threat in the New Wiretapping Law.” In it she argues that:
Grant the NSA what it wants, and within 10 years the United States will be vulnerable to attacks from hackers across the globe, as well as the militaries of China, Russia and other nations.
Such threats are not theoretical. For almost a year beginning in April 2004, more than 100 phones belonging to members of the Greek government, including the prime minister and ministers of defense, foreign affairs, justice and public order, were spied on with wiretapping software that was misused. Exactly who placed the software and who did the listening remain unknown. But they were able to use software that was supposed to be used only with legal permission.
The United States itself has been attacked. … [and] U.S. communications technology is fragile and easily penetrated. While advanced, it is not decades ahead of that of our friends or our rivals. Compounding the issue is a key facet of modern systems design: Intercept capabilities are likely to be managed remotely, and vulnerabilities are as likely to be global as local. In simplifying wiretapping for U.S. intelligence, we provide a target for foreign intelligence agencies and possibly rogue hackers. Break into one service, and you get broad access to U.S. communications.
I have no idea if she is right, but this is scary stuff. I’d be interested in hearing what others think.
One of this week’s podcast guests, Derek Slater, has a fantastic post over at the EFF blog on AT&T’s flip-flopping position on domestic surveillance. In 1928, in an amicus brief in the famous Olmstead wiretapping case, Ma Bell made the same comparison I made earlier this week:
The telephone has become part and parcel of the social and business intercourse of the people of the United States, and this telephone system offers a means of espionage to which general warrants and writs of assistance were the puniest instruments of tyranny and oppression.
And of course, the voice recognition and data mining technologies the feds have today makes the wiretapping at issue in
Olmstead look puny.
Apropos of my post earlier today on Google’s good privacy citizenship, the Center for Democracy and Technology has a report out reviewing progress in the search privacy area.
“Despite the progress that has been made,” Ars reports, “the CDT still feels that there is a need for stronger privacy legislation. ‘No amount of self-regulation in the search privacy space can replace the need for a comprehensive federal privacy law to protect consumers from bad actors,’ the report says.”
The computers at CDT have a macro on them (Alt+CDT) that writes an argument for comprehensive privacy legislation into any document. I heard that one time an intern at CDT printed a Chinese food menu, and it came out of the printer with a special on Comprehensive Privacy Legislation Foo Yung.
Update: I like snark, obviously, but don’t want to put snark ahead of substance. This is a good report and reports like this are a good thing to do. Do ISPs next, CDT!
There are no two ways about it: Google is doing good things on privacy.
The video below provides ordinary people very important information that will empower them with the awareness they need to protect their privacy. To those of us who are technically aware, the information presented here is a little obvious, but the average Internet user doesn’t know it. They need to.
http://www.youtube.com/v/kLgJYBRzUXY
Over the long haul, this kind of education will be
much more effective protection for consumers than privacy regulation – and it will have none of the costs of regulation: in wasted tax dollars, market-distorting rent-seeking and regulatory capture, etc.
The video raises some important new points and questions, of course:
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.