Privacy, Security & Government Surveillance

Bruce Schneier, who I’ve been informed actually invented the phrase “security theater,” has a brilliant op-ed on last week’s foiled terrorist plot:

It’s reasonable to assume that a few lone plotters, knowing their compatriots are in jail and fearing their own arrest, would try to finish the job on their own. The authorities are not being public with the details–much of the “explosive liquid” story doesn’t hang together–but the excessive security measures seem prudent. But only temporarily. Banning box cutters since 9/11, or taking off our shoes since Richard Reid, has not made us any safer. And a long-term prohibition against liquid carry-ons won’t make us safer, either. It’s not just that there are ways around the rules, it’s that focusing on tactics is a losing proposition. It’s easy to defend against what the terrorists planned last time, but it’s shortsighted. If we spend billions fielding liquid-analysis machines in airports and the terrorists use solid explosives, we’ve wasted our money. If they target shopping malls, we’ve wasted our money. Focusing on tactics simply forces the terrorists to make a minor modification in their plans. There are too many targets–stadiums, schools, theaters, churches, the long line of densely packed people before airport security–and too many ways to kill people. Security measures that require us to guess correctly don’t work, because invariably we will guess wrong. It’s not security, it’s security theater: measures designed to make us feel safer but not actually safer.

Continue reading →

SHARE: 12 comments

Matt Yglesias offers some level-headed advice to the TSA:

Call me crazy, but I don’t see what kind of sense a ban on liquid travel on airplanes is. To be sure, letting people carry soda or shampoo onto an airplane could (apparently) allow them to conceal an explosive. And a bomb going off on an airplane would be a very bad thing. But by the same token, a bomb going off on a crowded Metro or Armtrak car would be quite bad. Hell, a bomb going off on a crowded airport security line snaking back and forth as everyone waits to have their bags searched for offending liquids woud be really point. At some point, common sense needs to kick in. Banning firearms on airplanes is an inconvenience that is very effective at halting what could otherwise be a very easy method of hijacking airplanes since guns are pretty easy to obtain. It’s fairly clear, however, that permitting people to carry liquid aboard planes doesn’t necessarily lead to a rash of airplane-bombings. It is, however, a huge inconvenience for travelers. Worst of all, it’s at best a minor inconvenience for terrorists. If you had a cell with some working liquid explosive devices ready to be set off, you could react to the ban by setting them off someplace other than an airplane. As outlined above, I would suggest a crowded rush hour Metro car.

This is what Jim Harper aptly calls security theater. We’ve given the TSA virtually unlimited powers and instructed them to accomplish an impossible task. As a result, they’ve taken to adopting erratic, reactionary, and comically ineffective anti-terrorism tactics. One terrorist tries to put explosives in his shoe? Make hundreds of millions of Americans take their shoes off when they go through security. Some terrorists try to smuggle liquid explosives on the plane? Ban Americans from carrying on liquids. And while you’re at it, require people to show you their IDs, close parking spaces close to the airport, subject people to random pat-down searches, ban tweezers and toenail clippers from carry-on luggage, etc, etc.

Life involves risks. Every form of transportation is dangerous. Even with the terrorist threat, airplanes remain among the safest of transportation modes. Yet thanks to the bizarre incentives of the political process, and the fact that terrorist attacks on airplanes make better news stories than car crashes, we remain obsessed with the miniscule dangers from terrorist attacks, while we think nothing of getting in our car and driving across country, an activity that, statistically speaking, is far more dangerous.

SHARE: 14 comments

Incidentally, Specter’s op-ed demonstrates a shocking level of deference to presidential authority that strikes me as wholly inconsistent with our constitutional tradition:

The negotiations with administration officials and the president himself were fierce. The president understandably rejected a statutory mandate to submit his program to FISC, on the grounds that such a mandate could weaken the presidency institutionally by binding his successors. Indeed, such a mandate might not withstand a future president’s contention that it unconstitutionally limited his Article II powers to conduct surveillance without court approval. The president, however, did personally commit to submitting this program for court review should the bill pass. Even without a legal mandate, his sending this program to the FISC would be a powerful precedent to be considered by future presidents. President Bush’s record of seeking to expand Article II power has been a hallmark of his administration. The president and vice president have vociferously argued that the administration had the authority for the program without any judicial review. Bush’s personal commitment to submit his program to FISC is therefore a major breakthrough.

Specter seems to consider it a great favor for the president to permit Congress and the courts to scrutinize his actions. “Weakening the presidency institutionally” is the whole point of the Fourth Amendment. We don’t want a president so “strong” that he gets to invade the privacy of Americans without first submitting to court scrutiny.

That last sentence gets the situation precisely backwards: the president is offering to submit his program to FISC only after Congress concedes that doing so is a matter of presidential discretion. The effect of that would be to ratify the administration’s expansive view of presidential power. Such a concession would weaken Congress and the courts the next time an illegal surveillance program is discovered. And it would further erode the principle that the executive branch needs to get permission from Congress and the courts before it conducts a search, not do as it pleases and then browbeat Congress into ratifying its actions after the fact.

SHARE: 6 comments

The Washington Post has a good editorial on Sen. Specter’s proposal (which he defended here) that would effectively legalize the NSA spying program and others like it:

Under the Supreme Court’s decades-old understanding, presidential power is at its lowest ebb when the president is acting contrary to the will of Congress, and at its zenith when he is using his own powers in concert with legislative authorization. Right now, to conduct warrantless surveillance domestically Mr. Bush must act at the very least in sharp tension with FISA. Under Mr. Specter’s bill, however, the legislature would be explicitly acknowledging an alternative source of authority for snooping. It would thereby legitimize not only whatever the NSA may now be doing but lots of other surveillance it might dream up. The bill would also allow–but not require–the administration to seek warrants for entire surveillance programs, based on the flimsiest evidence against a small subset of the population that would be subject to the surveillance. The result is that consistent with the bill, the administration could either ask or not ask judicial permission to monitor individuals or large groups of people, based on evidence or no evidence. Or it could simply act outside the law entirely.

An optional warrant requirement is a contradiction in terms. If a president is willing to flout the clear warrant requirements of FISA, what reason is there to think he’d pay any attention at all to a warrant requirement that’s so riddled with loopholes?

Hat tip: Derek

SHARE:

Julian points out an analysis by Orin Kerr of Judge Walker’s ruling that the EFF lawsuit against AT&T can go forward despite the government’s attempts to have it dismissed on national security grounds:

It’s a very long opinion, but here’s the gist of it: Judge Walker rejected DOJ’s argument that the suit had to be dismissed outright under the state secrets privilege. Walker ruled that enough of the various programs had been acknowledged by the government and AT&T that the existence of the programs wasn’t a state secret. I assume an appeal will be coming soon, but in the meantime the case will be set to go on to the discovery stage. Notably, the state secrets privilege will continue to play a key role at that stage: the gist of Walker’s opinion is that he’ll scrutinize each discovery request for privilege rather than dismiss the case outright at the beginning.

Kerr also notes this comment from the judge: “AT&T cannot seriously contend that a reasonable entity in its position could have believed that the alleged domestic dragnet was legal.” It’s in a parenthetical “note,” and so it’s just dicta, but that’s still a PR victory for EFF.

SHARE: 2 comments

The Electronic Frontier Foundation is blasting Sen Specter’s “compromise” legislation on the Bush administration’s NSA spying program:

While the final bill is not public, a draft of the bill obtained by the Electronic Frontier Foundation (EFF) is a sham compromise that would cut off meaningful legal review–sweeping current legal challenges out of the traditional court system and failing to require court review or congressional oversight of any future surveillance programs. “This so-called compromise bill is not a concession from the White House–it’s a rubber stamp for any future spying program dreamed up by the executive,” said EFF Staff Attorney Kevin Bankston. “In essence, this bill threatens to make court oversight of electronic surveillance voluntary rather than mandatory.” Although the bill creates a process for the executive branch to seek court review of its secret surveillance programs, it doesn’t actually require the government to do so. The bill would, however, require that any lawsuit challenging the legality of any classified surveillance program–including EFF’s class-action suit against AT&T–be transferred, at the government’s request, to the FISA Court of Review, a secret court with no procedures for hearing argument from anyone but the government.

This is one of those times I wish at least one house of Congress were in Democratic hands. These issues need some actual public debate, not a closed-door compromise followed by Congressional white-washing. I bet Sen. Leahy wouldn’t be treating the White House with kid gloves.

SHARE: 2 comments

Something I forgot to mention in my post last week, about Jim Harper’s book is that it’s a quick and engaging read. Chapters are short, and each starts with a quirky, irreverant story designed to illustrate an important concept introduced in the chapter. Now, as promised, my niptick:

Three of the central concepts in the book are identification, authentication, and authorization. Harper presents identification and authentication as essentially synonyms (with the suggestion that authentication connotes a more robust form of identification), while authorization as an alternative to identification in which the identity of the person isn’t disclosed. He gives the example of an ATM card: to withdraw money from an ATM, you don’t have to demonstrate your identity, you just have to have the card and know the pin. You could be the card holder’s spouse, child, or trained monkey, for all the ATM machine knows.

Continue reading →

SHARE:

Waaaaaay back in October 2004, I blogged about the Markle Task Force and the aid it has given to the architects of the surveillance state.

I have complained directly to the members of the Task Force that I know, but I have a persistent sense that most members are unaware, in denial, or indifferent to the role of the group in promoting such things as the U.S. national ID card.

In my opinion, the Markle Task Force dropped the ball completely on privacy and civil liberties. It angers me to hear them pay lip service to these values. They should choke on the words.

This morning, Markle issued its final report. I’ve only skimmed it so far. It’s a lot of gobbledegook, but I know some of it is meant to minimize information sharing among agencies, which is good. The report urges the national security bureaucracy to rationalize information sharing. Well and good.

I’m glad this is their final report. (No link because I don’t want to enhance its search-engine stature – you can find it.) But now it is not just likely – it is guaranteed – that they will abandon their product to the wolves. As before, Markle work will be used to justify what the surveillance-industrial complex wants to do, disregarding countervailing national interests like privacy and civil liberties. On those, we’ll get none of the good stuff and all of the bad.

This morning, I went over to the event at Brookings where members of the Markle Task Force introduced today’s report. I handed out a one-pager that documents the responsibility of the Task Force for our national ID.

I gave one to Jim Barksdale of Netscape fame, a co-chair of the Task Force. He seemed pleased to get something interesting to read. I hope he’s unpleased to read what I think of his little tea-dance with government power.

I hate it when people who are successful in business or singing or acting think they can do public policy. They come to Yosemite and they feed the bears and they think it’s real cute. Then, when the bears are ripping the tops off of cars, they wonder why. I hear Jim Barksdale is a good guy. He should be embarassed.

Annnnyway, my Markle handout (after the jump).

Continue reading →

SHARE:

One of the books I read last week was my co-blogger Jim Harper’s new book, Identity Crisis: How Identification Is Overused and Misunderstood. It’s excellent and if you have any interest in privacy policy you should read it.

Harper’s book does three things. In parts 1 and 2 he presents a theory of identification that classifies identification into four categories (something you are, something you are assigned, something you know, and something you have) and then identifies the relationships among identification, risk, and accountability. He particularly makes the point that the need for identification is intimately connected with the type of transaction being considered: the ID you need to check out a library book is much different than the ID you need to get a mortgage or access to a nuclear reactor. He also stresses the diversity of identification: we use many different forms of identification in our daily lives (library cards, credit cards, passwords, drivers licenses) and that’s a feature, not a bug.

In part 3 he digs into the details of identification cards: how they’re created, how they’re used, and how they can be misused. Finally parts 4 and 5 lays out his vision for an enlightened identification policy of the future: one that protects civil liberties by expanding the diversity of identifiers we use in our day-to-day life.

Continue reading →

SHARE: 4 comments