Shotgunning or target shooting? This is the first strategic question confronting the next head of the Department of Homeland Security. As outgoing DHS Secretary Michael Chertoff said in his public exit interview in USA Today (http://blogs.usatoday.com/oped/2008/12/as-one-threat-f.html), his successor faces limitless challenges and a new life of being on call 24 hours a day. But doing everything or allocating the same time and effort to every task is the same as doing nothing. Such is the power of diluted effort. So one of the things for any new executive to decide, whether in Homeland Security, or in any other department, is where to make one’s mark. Like aiming for the goal in a team sport, it is all a question of picking your spot and concentrating your play for best effect. What should that be?
The threat of a biological weapons attack. Why?
The two most potentially devastating attacks which would take the highest tolls in American lives at home are nuclear and biological ones. Nuclear attacks, however, are difficult to carry out. As Chertoff says, they would most likely require adversaries to get their hands on nuclear materials that remain difficult to obtain and that also take considerable sophistication and logistical support to weaponize. Besides, there are a number of other aspects of the nuclear threat that require strategic intervention by all the instruments of American diplomacy and might, particularly when it comes to exerting pressure on North Korea and Iran to keep them from developing a flourishing nuclear weapons capability that would then become the most likely source of material for nascent nuclear terrorists. Bottom line: this job is a national security priority that extends far beyond the purview of the Department of Homeland Security, and the greatest work to be done is on the international stage.
A biological weapons attack on the home front is another story, however. Laboratories abound, and with Internet access and online databases, the know-how for developing such a weapon is more within the reach of a lethal malefactor than a nuclear bomb. Patience and steady investment over time is all it takes to get to the point of being able to develop and introduce a biological weapon at home.
What should the new DHS Secretary do? Take this bull by the horns and give it the attention it deserves. America has no single government focal point concentrating on the biological threat. But we have military, Department of Energy, regulatory bodies, and international agencies that focus exclusively on nuclear weapons. So this vacuum cries for the attention of Homeland Security. And the Secretary who takes the time and effort to make the biological weapons threat priority #1 will at least not be plowing ground that has already been trampled or re-solving problems that have already been over studied, over funded, and managed into the ground, like a wall along the U.S.-Mexico border.
– Nick Catrantzos
Friday, December 19, 2008
Sunday, December 14, 2008
Riots as Release – and Capitalist Counterpunch
Last week’s rioting throughout Greece that was ostensibly set off by a police shooting reminds us how fragile our modern sense of order can be and how institutions and political leaders often fall short in ham-handed attempts to deal with crisis. But why look only internationally? The unfolding of this drama recalled lessons not necessarily learned from our own Rodney King riots. Look at the parallels and at the weak, unreported signals, of what may have served as a tipping point to curbing the anarchists’ attacks. There we may find a lesson about what works and what doesn’t in such situations.
Trigger or Pretext?
First, is the triggering event a true motivator of mayhem, or a pretext for opportunists to exploit? I argue the latter. In Athens, by accounts of facts that are starting to emerge, the event that allegedly ignited the recent powder keg of fuming anarchy was supposedly an act of police oppression. Early accounts focused on two policemen confronting stone-hurling youths and shooting a 15-year-old to death in a seedy Athens suburb. There immediately followed official media releases about how the government intended to hold the police officers accountable and was charging the shooter with premeditated murder, while his partner was to be tried as an accomplice. Another story, which may be supported or refuted by forensic examination of bullets, differs dramatically from a hysterical and theatrical account oddly shared by rioters and government alike. It appears the police officer may have fired a warning shot which ricocheted and struck the youth by accident. But the youth himself was no angel. Else, why would a lad from the well-to-do neighborhood of Psychico be marauding at night with 29 peers in the seedy neighborhood of Exarchia known for drug sales and troublemaking? It certainly wasn’t for ministering to the unfortunate, as such action tends to be difficult to accomplish while hurling stones at police cars. To a mature Athenian still living in Greece, the kid was most likely there to buy drugs or get into trouble. Not that this makes him qualify for extermination. But it hardly makes him a noble martyr for some higher cause, either. So now he suddenly becomes the trigger for a week of national rioting throughout his country. What kind of logic explains this?
Answer: None. Any pretext will do. True, Greece is in a political and social tailspin, so no one is happy with present conditions. Does this justify wanton destruction? A lifelong media communications observer who has also lived in Los Angeles for two decades told me he saw an uncanny similarity in the start of the riots that flared at the reading of the verdict of the Rodney King trial. The first people he saw smash windows and damage other property were not minorities inflamed by injustice against their own but relatively young, Caucasian anarchists. You know the kind. The same variety surfaced for the Battle of Seattle riots in ostensible protest of the World Trade Organization’s summit a few years later. Historically the same kind of disaffected, anti-social radicals range the planet and plunge deeply, without restraint, into whatever target of opportunity avails, hence the McKinley assassination and anarchist outbursts of another century. One also envisions them fueling the excesses of the French Revolution with more torches and cries for the guillotine to answer any problem – real or perceived. This kind of phenomenon keeps the word bloodthirsty fresh in our lexicon.
Inept Response
Now for another parallel. As in the politics of the sandlot where a child may first meet a bully knocking smaller children off a see-saw or merry-go-round, appeasement continues to be reflexively tried no matter how ineffective it is at stopping mayhem. Thus the Greek government, in a blatant attempt to pander to the masses, hanged its police out in a political pillory with hasty and public charges of premeditated murder before any facts were in – and when even cursory examination of evidence would suggest the officers at least deserved the benefit of the doubt. Forget the issue of fairness for the moment, as the Greek government certainly did. From a management perspective alone, this move was pure folly. Why? First, it didn’t work. This move did nothing to curb rioting. Perhaps that in itself is ample indication that the riots were not really at all about the youth’s death as a result of police action. Second, and more importantly, it makes no sense at all to openly alienate and marginalize the very force one must then rely on for one’s own protection and for stemming the rising tide of violence as it is whipping itself into a sweeping crescendo. After being hanged out to dry, what police officer would risk life, job, or reputation by standing in the way of a rioter about to fire bomb a business or government office? The best he can hope for is to be ignored. But the worst is that he can be filmed, identified, second-guessed, and transformed into a scapegoat to be tried by his own employer as a jack-booted thug or human sacrifice to the mob. This is hardly a recipe for restoring order in the face of anarchy. Yet this was Greece. It couldn’t happen here.
Or could it? Back we turn to the Los Angeles riots. I recall listening to talk radio on a drive between Woodland Hills and East Los Angeles shortly before the riots. Los Angeles Police Department Chief Darryl Gates was being castigated for requesting $1 million in overtime in order to prepare for the contingency of widespread unrest he was forecasting, depending on what might happen at the flashpoint of a verdict being announced in the trial of LAPD officers accused of abusive treatment of Rodney King during his arrest. The negative media and political scrutiny that followed then extended to all law enforcement right before the riots broke out – hardly the kind of circumstances to encourage officers to put themselves at personal and professional risk when their customer base is villifying them and, to all appearances, arraying all the forces of government to publicly crucify the first officer caught on film doing anything that lends itself to the interpretation of interfering with a protester’s civil rights. Seem familiar?
Under the circumstances, whether in Greece or Los Angeles, why would any sane officer stand in the path of a rioter and a Molotov cocktail lobbed at, say, a small convenience store? Never mind that the store bears no relationship to the rioter’s stated grievance or that it represents the hopes, dreams, and livelihood of some hardworking citizen who is making a living, paying taxes, contributing to society, and playing by the rules. To the rioter, it’s a convenient target. It is a toy for an out-of-control child to smash. To the officer, it may be property that can be replaced, unlike human life. Depending on rules of engagement officially or unofficially imposed by the officer’s political leadership, and depending on the level of hostile media scrutiny present, the officer’s hands may be so thoroughly tied that intervening in such a case is impossible. So, here we have another parallel between Athens and Los Angeles. Yet there is one more left to note.
A Shopkeeper’s Alternative
Somewhere, in a virtual footnote lost in the greater media coverage, the notion of self-defense surfaces. In Greece, shopkeepers started fighting back to defend their own stores and livelihoods. They could no longer wait for a dithering government to decide to do anything for them. Nor could they wait for rioting anarchists to realize that the shopkeepers were unconnected to their stated grievances. They had their livings to defend. So they started physically confronting the rioters to defend their businesses. Perhaps in our society, which is more diverse and modern, such actions would strike us as unseemly. So it appeared to be during the L.A. riots. One group of immigrant Americans stood out from this crowd, however: Korean American shopkeepers. Just like the Greek merchants finding themselves with too much to lose, they mobilized in their own defense. Only the Koreans cranked it up a notch. They formed revetments and foxholes with bags of rice in front of their stores. And they stood guard with rifles on rooftops. Pretty soon, it became clear to social activist rioter and criminal looter alike that if you wanted to visit mayhem in real or stated sympathy for Rodney King, you better stay clear of Korean businesses. And there we see a cost-benefit analysis still taking place and guiding actions, even in times of crisis and unrest.
One wonders how much the basic tools of positive and negative reinforcement could be better applied to such riots than all the hand-wringing and apologizing and political spinning tend to accomplish. There comes a time when actions speak louder than words. Anarchists seem to have figured this out, but are counting on their targets being slow to realize the same.
- Nick Catrantzos
Trigger or Pretext?
First, is the triggering event a true motivator of mayhem, or a pretext for opportunists to exploit? I argue the latter. In Athens, by accounts of facts that are starting to emerge, the event that allegedly ignited the recent powder keg of fuming anarchy was supposedly an act of police oppression. Early accounts focused on two policemen confronting stone-hurling youths and shooting a 15-year-old to death in a seedy Athens suburb. There immediately followed official media releases about how the government intended to hold the police officers accountable and was charging the shooter with premeditated murder, while his partner was to be tried as an accomplice. Another story, which may be supported or refuted by forensic examination of bullets, differs dramatically from a hysterical and theatrical account oddly shared by rioters and government alike. It appears the police officer may have fired a warning shot which ricocheted and struck the youth by accident. But the youth himself was no angel. Else, why would a lad from the well-to-do neighborhood of Psychico be marauding at night with 29 peers in the seedy neighborhood of Exarchia known for drug sales and troublemaking? It certainly wasn’t for ministering to the unfortunate, as such action tends to be difficult to accomplish while hurling stones at police cars. To a mature Athenian still living in Greece, the kid was most likely there to buy drugs or get into trouble. Not that this makes him qualify for extermination. But it hardly makes him a noble martyr for some higher cause, either. So now he suddenly becomes the trigger for a week of national rioting throughout his country. What kind of logic explains this?
Answer: None. Any pretext will do. True, Greece is in a political and social tailspin, so no one is happy with present conditions. Does this justify wanton destruction? A lifelong media communications observer who has also lived in Los Angeles for two decades told me he saw an uncanny similarity in the start of the riots that flared at the reading of the verdict of the Rodney King trial. The first people he saw smash windows and damage other property were not minorities inflamed by injustice against their own but relatively young, Caucasian anarchists. You know the kind. The same variety surfaced for the Battle of Seattle riots in ostensible protest of the World Trade Organization’s summit a few years later. Historically the same kind of disaffected, anti-social radicals range the planet and plunge deeply, without restraint, into whatever target of opportunity avails, hence the McKinley assassination and anarchist outbursts of another century. One also envisions them fueling the excesses of the French Revolution with more torches and cries for the guillotine to answer any problem – real or perceived. This kind of phenomenon keeps the word bloodthirsty fresh in our lexicon.
Inept Response
Now for another parallel. As in the politics of the sandlot where a child may first meet a bully knocking smaller children off a see-saw or merry-go-round, appeasement continues to be reflexively tried no matter how ineffective it is at stopping mayhem. Thus the Greek government, in a blatant attempt to pander to the masses, hanged its police out in a political pillory with hasty and public charges of premeditated murder before any facts were in – and when even cursory examination of evidence would suggest the officers at least deserved the benefit of the doubt. Forget the issue of fairness for the moment, as the Greek government certainly did. From a management perspective alone, this move was pure folly. Why? First, it didn’t work. This move did nothing to curb rioting. Perhaps that in itself is ample indication that the riots were not really at all about the youth’s death as a result of police action. Second, and more importantly, it makes no sense at all to openly alienate and marginalize the very force one must then rely on for one’s own protection and for stemming the rising tide of violence as it is whipping itself into a sweeping crescendo. After being hanged out to dry, what police officer would risk life, job, or reputation by standing in the way of a rioter about to fire bomb a business or government office? The best he can hope for is to be ignored. But the worst is that he can be filmed, identified, second-guessed, and transformed into a scapegoat to be tried by his own employer as a jack-booted thug or human sacrifice to the mob. This is hardly a recipe for restoring order in the face of anarchy. Yet this was Greece. It couldn’t happen here.
Or could it? Back we turn to the Los Angeles riots. I recall listening to talk radio on a drive between Woodland Hills and East Los Angeles shortly before the riots. Los Angeles Police Department Chief Darryl Gates was being castigated for requesting $1 million in overtime in order to prepare for the contingency of widespread unrest he was forecasting, depending on what might happen at the flashpoint of a verdict being announced in the trial of LAPD officers accused of abusive treatment of Rodney King during his arrest. The negative media and political scrutiny that followed then extended to all law enforcement right before the riots broke out – hardly the kind of circumstances to encourage officers to put themselves at personal and professional risk when their customer base is villifying them and, to all appearances, arraying all the forces of government to publicly crucify the first officer caught on film doing anything that lends itself to the interpretation of interfering with a protester’s civil rights. Seem familiar?
Under the circumstances, whether in Greece or Los Angeles, why would any sane officer stand in the path of a rioter and a Molotov cocktail lobbed at, say, a small convenience store? Never mind that the store bears no relationship to the rioter’s stated grievance or that it represents the hopes, dreams, and livelihood of some hardworking citizen who is making a living, paying taxes, contributing to society, and playing by the rules. To the rioter, it’s a convenient target. It is a toy for an out-of-control child to smash. To the officer, it may be property that can be replaced, unlike human life. Depending on rules of engagement officially or unofficially imposed by the officer’s political leadership, and depending on the level of hostile media scrutiny present, the officer’s hands may be so thoroughly tied that intervening in such a case is impossible. So, here we have another parallel between Athens and Los Angeles. Yet there is one more left to note.
A Shopkeeper’s Alternative
Somewhere, in a virtual footnote lost in the greater media coverage, the notion of self-defense surfaces. In Greece, shopkeepers started fighting back to defend their own stores and livelihoods. They could no longer wait for a dithering government to decide to do anything for them. Nor could they wait for rioting anarchists to realize that the shopkeepers were unconnected to their stated grievances. They had their livings to defend. So they started physically confronting the rioters to defend their businesses. Perhaps in our society, which is more diverse and modern, such actions would strike us as unseemly. So it appeared to be during the L.A. riots. One group of immigrant Americans stood out from this crowd, however: Korean American shopkeepers. Just like the Greek merchants finding themselves with too much to lose, they mobilized in their own defense. Only the Koreans cranked it up a notch. They formed revetments and foxholes with bags of rice in front of their stores. And they stood guard with rifles on rooftops. Pretty soon, it became clear to social activist rioter and criminal looter alike that if you wanted to visit mayhem in real or stated sympathy for Rodney King, you better stay clear of Korean businesses. And there we see a cost-benefit analysis still taking place and guiding actions, even in times of crisis and unrest.
One wonders how much the basic tools of positive and negative reinforcement could be better applied to such riots than all the hand-wringing and apologizing and political spinning tend to accomplish. There comes a time when actions speak louder than words. Anarchists seem to have figured this out, but are counting on their targets being slow to realize the same.
- Nick Catrantzos
Saturday, December 13, 2008
Shopper Stampede: An Avoidable Tragedy
You may believe in the perfectability of human beings, but evidence of our imperfections were everywhere to be found this holiday season. From a Wal-Mart store in Long Island to the streets of Athens we saw humans acting in mobs and the images were not pretty. A stray bullet which killed a young teen set off days of rioting in Greece. The incident at Wal-Mart in on Long Island was much less serious but equally troubling. There, store operators lost control of a Christmas shopping line which did not wait for the official store opening. The crowd broke through the front doors, shattering the glass, rushing the greet staff, and trampling to death a Wal-Mart employee in a stampede rushing to advertised bargains.
In security work we are often more involved in the mundane tasks of monitoring, exposing, and countering individual misconduct and are less experienced in dealing with misconduct en masse. One would think, however, that large retail chains that are astute enough to whipping consumers into a buyer frenzy year after year would also train in-store or hired security forces for crowd control – at least on Black Friday, the wild American shopping spree that takes place each year after Thanksgiving day and is the kick-off event of the Christmas season.
There is very little Christmas spirit to the most profitable day of the year for retailers, but some chains seem to understand it and manage it well. We admire Best Buy most, although we depend principally on personal observation. Several times a year, Best Buy introduces a new computer game or electronic marvel – flat screen televisions seem to be the got-to-have item of year end 2008 – and store managers know that a promotion will draw a mob. First off, the body weight of the door staff at Best Buy probably exceeds that of the retiree greeters at Wal-Mart by a factor of two or three. (They appear to favor smart linemen from the local schools. But they are also more thoughtful in the care and management of the lines these special sale days create. They break the groups of crowds standing in line. They hand out numbers to dissuade the deadly sport of last-minute line jumping that local louts practice when a long line starts moving and everyone is distracted as entering a theatre or store – no number, no entry.
If your organization is one that only occasionally must deal with crowds, whether it is the Christmas pageant at a mega church or, perish the thought, at a bankruptcy sale, give some forethought to which team you deploy to manage the mob, and make sure you have trained and drilled them in ways that keep bad things from happening to good people. It will be up to the authorities in Long Island whether they choose to charge anyone with criminal activity in the rush that took the life of an innocent human being. But we would do better to keep in mind that most of those in the incident were good and law-abiding citizens who got up, as you and I might, in a sudden mob frenzy where your first thought is to save yourself from injury or possible death. We need help when we move in groups if we are to resist the dark corners of everyone’s human psyche.
- Tom Goff
In security work we are often more involved in the mundane tasks of monitoring, exposing, and countering individual misconduct and are less experienced in dealing with misconduct en masse. One would think, however, that large retail chains that are astute enough to whipping consumers into a buyer frenzy year after year would also train in-store or hired security forces for crowd control – at least on Black Friday, the wild American shopping spree that takes place each year after Thanksgiving day and is the kick-off event of the Christmas season.
There is very little Christmas spirit to the most profitable day of the year for retailers, but some chains seem to understand it and manage it well. We admire Best Buy most, although we depend principally on personal observation. Several times a year, Best Buy introduces a new computer game or electronic marvel – flat screen televisions seem to be the got-to-have item of year end 2008 – and store managers know that a promotion will draw a mob. First off, the body weight of the door staff at Best Buy probably exceeds that of the retiree greeters at Wal-Mart by a factor of two or three. (They appear to favor smart linemen from the local schools. But they are also more thoughtful in the care and management of the lines these special sale days create. They break the groups of crowds standing in line. They hand out numbers to dissuade the deadly sport of last-minute line jumping that local louts practice when a long line starts moving and everyone is distracted as entering a theatre or store – no number, no entry.
If your organization is one that only occasionally must deal with crowds, whether it is the Christmas pageant at a mega church or, perish the thought, at a bankruptcy sale, give some forethought to which team you deploy to manage the mob, and make sure you have trained and drilled them in ways that keep bad things from happening to good people. It will be up to the authorities in Long Island whether they choose to charge anyone with criminal activity in the rush that took the life of an innocent human being. But we would do better to keep in mind that most of those in the incident were good and law-abiding citizens who got up, as you and I might, in a sudden mob frenzy where your first thought is to save yourself from injury or possible death. We need help when we move in groups if we are to resist the dark corners of everyone’s human psyche.
- Tom Goff
Friday, October 31, 2008
Rotten Apples in Tough Times
What is one security concern neglected during tough economic times? The resurgence of insider threats. A recent article in Computer World (IT Wary of Insider Attacks) brings this point into sharp focus.
Layoffs and job uncertainty contribute to stress and financial hardship. So it follows that an employee in a position of trust who feels about to be downsized out of work may either slam the door on the way out or take something marketable in lieu of pay – without bothering to gain permission.
Indicators of such betrayals of trust include people who start working long hours for no business reason or seek to gain access to networks, files, or business activities that would not normally fall within the purview of their normal duties.
What to do? Information technology professionals will lean in favor of more monitoring, usually with software or network administration tools – their comfort zone, as the article suggests.
However, there are more arrows in the quiver of the security manager. One of the best techniques for countering such vulnerabilities is to organize the work space to eliminate dark corners. This makes it difficult or impossible for any worker to hide or lurk alone in areas where he or she can take advantage of the employer’s resources. Another old-fashioned, low-tech tactic is to actually talk with employees, treat them decently, and still terminate their access to the employer’s crown jewels once it is necessary to let them go. Give them the severance package without forcing them to go through the motions of working for a final two weeks. Level with them and do your best to let them leave with a little dignity. This reduces ill feelings and gives them less motivation to seek out revenge through sabotage.
- Nick Catrantzos
Layoffs and job uncertainty contribute to stress and financial hardship. So it follows that an employee in a position of trust who feels about to be downsized out of work may either slam the door on the way out or take something marketable in lieu of pay – without bothering to gain permission.
Indicators of such betrayals of trust include people who start working long hours for no business reason or seek to gain access to networks, files, or business activities that would not normally fall within the purview of their normal duties.
What to do? Information technology professionals will lean in favor of more monitoring, usually with software or network administration tools – their comfort zone, as the article suggests.
However, there are more arrows in the quiver of the security manager. One of the best techniques for countering such vulnerabilities is to organize the work space to eliminate dark corners. This makes it difficult or impossible for any worker to hide or lurk alone in areas where he or she can take advantage of the employer’s resources. Another old-fashioned, low-tech tactic is to actually talk with employees, treat them decently, and still terminate their access to the employer’s crown jewels once it is necessary to let them go. Give them the severance package without forcing them to go through the motions of working for a final two weeks. Level with them and do your best to let them leave with a little dignity. This reduces ill feelings and gives them less motivation to seek out revenge through sabotage.
- Nick Catrantzos
Saturday, September 20, 2008
Technology as Chance to Engage
Here is something being touted as the answer to the Virginia Tech problem of how to carry out broadcast notifications of a threat in time to help those under fire.
Mobile alert firm steps outside of comfort zone
Source: SECURITY DIRECTOR NEWS
Vol. 5, No. 9, Sept. 2008
http://www.securitydirectornews.com/article/sd200809plj11f/Mobile
I can't vouch for how good this information is, as it comes from a trade publication that is a thinly veiled cover for advertising vendor wares. Nevertheless, at the root of what makes such a technical solution both viable and marketable is this: helping average people engage in their own protection. Another smart thing about it, presuming it delivers the advertised benefits, is that it allows members of the public to use what they already have -- a cell phone -- instead of requiring them to get special equipment or training. True, they have to sign up with someone who has the software and makes the broadcast notifications, like the campus police or, in the private sector, a facility security office. But how different is this from a savvy society that increasingly signs up for more customized alerts from different sources, just to be actively involved in making one's own decisions about personal security?
In fact, if you want to use your cell phone as an alert device that tells you when a weather emergency or other natural disaster is headed your way, try signing up for free alerts customized by zip code at
www.mystateUSA.com
These things are encouraging, from a security perspective. They keep us engaged and self-reliant.
- Nick Catrantzos
Mobile alert firm steps outside of comfort zone
Source: SECURITY DIRECTOR NEWS
Vol. 5, No. 9, Sept. 2008
http://www.securitydirectornews.com/article/sd200809plj11f/Mobile
I can't vouch for how good this information is, as it comes from a trade publication that is a thinly veiled cover for advertising vendor wares. Nevertheless, at the root of what makes such a technical solution both viable and marketable is this: helping average people engage in their own protection. Another smart thing about it, presuming it delivers the advertised benefits, is that it allows members of the public to use what they already have -- a cell phone -- instead of requiring them to get special equipment or training. True, they have to sign up with someone who has the software and makes the broadcast notifications, like the campus police or, in the private sector, a facility security office. But how different is this from a savvy society that increasingly signs up for more customized alerts from different sources, just to be actively involved in making one's own decisions about personal security?
In fact, if you want to use your cell phone as an alert device that tells you when a weather emergency or other natural disaster is headed your way, try signing up for free alerts customized by zip code at
www.mystateUSA.com
These things are encouraging, from a security perspective. They keep us engaged and self-reliant.
- Nick Catrantzos
Sunday, August 3, 2008
Gas Prices, Supply Chains, and Security Delay Tolerances
Unintended consequences are curious things, and often unpredictable ones as well. As the New York Times reports today ( NY Times: Shipping costs start to crimp globalization ), the rising price of oil is changing the business assumptions inherent in just-in-time deliveries and in offshore manufacturing. The recent model of sending U.S. raw materials to China or other countries for production into finished goods starts to fall apart when cheap oil becomes a memory. Not only is the cost of shipping making it too expensive to produce goods so far away, freighters are also moving up to 20% slower in order to economize on fuel consumption. The net result? Furniture makers who had almost vanished in North Carolina and Virginia are all of a sudden making furniture for American consumers again, instead of idling while the timber goes to China for conversion into tables, sofas, and chairs. Even Ikea opened a furniture manufacturing plant in Virginia in May 2008 in order to offset the challenges of the more costly and now fraying global supply lines. Anti-globalizationists, meanwhile, pop the champagne corks and declare victory.
What does all this have to do with security, you ask? Consider. If manufacturers are passing higher fuel costs to you when shipping your goods (A 40-foot container that cost $3,000 to ship a few years ago is now costing $8,000 thanks to higher fuel prices.), and the shippers themselves are taking as much as 20% longer to bring your goods to market, just how much tolerance will you have left for any added security measures at the port of entry? The sheer business impact of potential loss of market share will increase the attractiveness of any scan-on-the-run technologies that can be implemented to keep from adding delays to the process. This represents an opportunity for security technology companies. On the other hand, labor- and time-intensive delays imposed under the banner of increased security could easily become the straw that breaks the back of the business that has no choice but to keep relying on global supply lines. Never the rose without the thorn.
- Nick Catrantzos
Sunday, July 6, 2008
Update - Security News and Views
A plague of breaches – Can security breaches be blocked with methods used to fight human plagues? Investment banker Andrew Stewart and Microsoft strategist Adam Shostack, writing in Information Week this month, suggest as much in their lengthy joint essay: The Case for Disclosing Security Breach Data … Calling the jury – Think you are anonymous when you sit in judgment on a jury? Think again. Ken Ritter of the Associated Press reports that an employee of a printer in Las Vegas, working on mailing jury summons copied names, social security numbers, and addresses of potential jurors into a personal e-mail file and kept it there until it was discovered by the owner. Still under investigation ...
■ Tom Goff
■ Tom Goff
Saturday, July 5, 2008
Surveillance Cameras - When is a good idea mandatory?
Security management advisers frequently get asked about the relative merits of one protective strategy over another. Some clients even can't resist asking for detailed, technical advice, perhaps seeking validation for money already spent than for actual insight to inform a decision. Now, it seems one ambitious local politician is offering to relieve both security advisers and their retail clients of the burden of making that kind of decision -- at least for Broward County.
Here is the story: Miami Herald: Security Camera Mandate?
The county commissioner proposing this requirement faced an understandable degree of frustration. Had there been protective lighting and surveillance camera coverage of a parking lot where a sheriff's sergeant was shot, the crime could have been deterred. If not, then the camera footage could have assisted with bringing the shooter to justice. But is a mandate the right way to go?
No. Once public officials start dictating intallation of security devices to business owners, it won't be long before they also start telling them how long to keep the video and what kind of coverage to have. Next will follow orders on what to buy and from which vendor. This is a recipe for trading one disaster for another. Why? Apart from the almost inevitable invitation for abuse whereby a politician can't resist steering business to any vendor other than his idiot nephew who can't otherwise find work, there are other problems as well. Who decides what represents enough and proper video coverage? I have seen camera deployments where the sales executives won their Hawaiian vacations by selling a naive customer legions of cameras placed to look at each other more than at site vulnerabilities and operating on a perpetual scan pattern, known as an automated tour. The only purpose of this tour was to wear out the camera motor in 90 days, in order to force the customer to face maintenance charges. But wait, there is more.
Security cameras need a well conceived design to contribute meaningfully to the protection of people and assets. Otherwise, they generate unnecessary liability, giving people within their field of view a false impression of protection. At the very least there has to be an up front decision about whether a camera is there to prevent undesirable activity or only to assist in post-event incident investigations. If prevention is the goal, then there must be some kind of response tied in with it, whether a person monitoring the camera view in a control room or smart technology, including dual sensors and annunciators, that alert a response force or initiate some kind of protective action upon detecting a threat.
Before the good commissioner rushes to compel retail shopkeepers to install cameras in parking lots, he owes it to himself and his constituents to think the matter through a little more. Will he or the county defend the shopkeeper sued by crime victims who claim they never would have been in the area at night but for the security cameras which made them think someone was actively looking out for them? Hardly, or at least nor more than once. Nor will the county want to get in the business of telling the skateboard shop owner that his Radio Shack camera is inferior to the one of the Target Store across the street. (It will be, of course, as Target takes security cameras very seriously. But that is beside the point for this illustration.) Does the county want to subsidize the smaller businessman to bring his security video cameras up to the capability of a larger corporate neighbor? Again, there is only a one-case learning curve for this kind of challenge.
So what makes security cameras viable in the absence of a mandate? The same thing that turned electric lighting and telephones from a luxury into a necessity. They must prove their worth in an old-fashioned business case. When the business owner can clearly see that it costs more to do without them than to incorporate security cameras into part of a larger asset protection program, then and only then is the case made better than in any mandate.
And what can Broward County do in the meanwhile? Tread lightly and avoid any hasty mandates that will deplete county coffers through lawsuits.
- Nick Catrantzos
Here is the story: Miami Herald: Security Camera Mandate?
The county commissioner proposing this requirement faced an understandable degree of frustration. Had there been protective lighting and surveillance camera coverage of a parking lot where a sheriff's sergeant was shot, the crime could have been deterred. If not, then the camera footage could have assisted with bringing the shooter to justice. But is a mandate the right way to go?
No. Once public officials start dictating intallation of security devices to business owners, it won't be long before they also start telling them how long to keep the video and what kind of coverage to have. Next will follow orders on what to buy and from which vendor. This is a recipe for trading one disaster for another. Why? Apart from the almost inevitable invitation for abuse whereby a politician can't resist steering business to any vendor other than his idiot nephew who can't otherwise find work, there are other problems as well. Who decides what represents enough and proper video coverage? I have seen camera deployments where the sales executives won their Hawaiian vacations by selling a naive customer legions of cameras placed to look at each other more than at site vulnerabilities and operating on a perpetual scan pattern, known as an automated tour. The only purpose of this tour was to wear out the camera motor in 90 days, in order to force the customer to face maintenance charges. But wait, there is more.
Security cameras need a well conceived design to contribute meaningfully to the protection of people and assets. Otherwise, they generate unnecessary liability, giving people within their field of view a false impression of protection. At the very least there has to be an up front decision about whether a camera is there to prevent undesirable activity or only to assist in post-event incident investigations. If prevention is the goal, then there must be some kind of response tied in with it, whether a person monitoring the camera view in a control room or smart technology, including dual sensors and annunciators, that alert a response force or initiate some kind of protective action upon detecting a threat.
Before the good commissioner rushes to compel retail shopkeepers to install cameras in parking lots, he owes it to himself and his constituents to think the matter through a little more. Will he or the county defend the shopkeeper sued by crime victims who claim they never would have been in the area at night but for the security cameras which made them think someone was actively looking out for them? Hardly, or at least nor more than once. Nor will the county want to get in the business of telling the skateboard shop owner that his Radio Shack camera is inferior to the one of the Target Store across the street. (It will be, of course, as Target takes security cameras very seriously. But that is beside the point for this illustration.) Does the county want to subsidize the smaller businessman to bring his security video cameras up to the capability of a larger corporate neighbor? Again, there is only a one-case learning curve for this kind of challenge.
So what makes security cameras viable in the absence of a mandate? The same thing that turned electric lighting and telephones from a luxury into a necessity. They must prove their worth in an old-fashioned business case. When the business owner can clearly see that it costs more to do without them than to incorporate security cameras into part of a larger asset protection program, then and only then is the case made better than in any mandate.
And what can Broward County do in the meanwhile? Tread lightly and avoid any hasty mandates that will deplete county coffers through lawsuits.
- Nick Catrantzos
Saturday, June 28, 2008
Auto Sentry
When was the last time you were in an urban setting when some enterprising youth offered, "Hey, buddy, watch your car for you?" Consider the march of progress. Soon, according to this article, your car and its parking lot mates will be watching themselves.
Cars watching each other
What happens when you automate security this way? Invariably, there are vulnerabilities to address along with the perceived benefits. One hurdle is likely to be the perceived or actual capacity that such a protective cordon would give to anyone interested in tracking the vehicle -- and its owner. What about liability? In our litigious society, it might be very likely that if your car is supposed to be linking to others and sending out a distress signal through its parking lot peers, someone somewhere who loses a car to theft will look to sue a car owner who failed to maintain his car's alert system properly, thereby contributing to the loss event. Nuisance alarms will also be a likely barrier to user acceptance. Surely, rejection is ample in this world without having to face a cabal of cars apparently conspiring against a driver by sounding the alarm and failing to recognize him.
The ramifications are endless, at least for the beta site. Yet this technology may well offer promise in a world where neighborhood watches and looking out for each other seem out of fashion.
- Nick Catrantzos
Cars watching each other
What happens when you automate security this way? Invariably, there are vulnerabilities to address along with the perceived benefits. One hurdle is likely to be the perceived or actual capacity that such a protective cordon would give to anyone interested in tracking the vehicle -- and its owner. What about liability? In our litigious society, it might be very likely that if your car is supposed to be linking to others and sending out a distress signal through its parking lot peers, someone somewhere who loses a car to theft will look to sue a car owner who failed to maintain his car's alert system properly, thereby contributing to the loss event. Nuisance alarms will also be a likely barrier to user acceptance. Surely, rejection is ample in this world without having to face a cabal of cars apparently conspiring against a driver by sounding the alarm and failing to recognize him.
The ramifications are endless, at least for the beta site. Yet this technology may well offer promise in a world where neighborhood watches and looking out for each other seem out of fashion.
- Nick Catrantzos
Thursday, June 26, 2008
Whom Do You Trust?
Any security professional with scar tissue from working in a hierarchy soon learns to view overseers of any kind with at least one part suspicion for every two parts of esteem. Corporate investigators reserve some of their best war stories for tales of abuses by people who are supposed to performing a watchdog function, and no business unit is exempt from the archives: audit, human resources, information technology, and security practitioners themselves. All have the propensity to stray.
Here, just recently, is an article from ABC News that ultimately traces to PC World.
The source is important because it represents an industry tattling on itself. Next time you wonder who might be snooping on your e-mail, consider: Do you really want to ask IT for the answer?
- Nick Catrantzos
Here, just recently, is an article from ABC News that ultimately traces to PC World.
The source is important because it represents an industry tattling on itself. Next time you wonder who might be snooping on your e-mail, consider: Do you really want to ask IT for the answer?
- Nick Catrantzos
Wednesday, June 25, 2008
Brave New World of Video Surveillance
Digital video surveillance is beginning to shake up three market sectors where dumb analog cameras have been mounted for years: public spaces like airports and airbases, colleges and schools, and retail – which include banks and those quick service restaurants and stores.
We spoke with research director Stan Schatt at ABI Research about his recent study “Watch this Space” highlighting the coming boom in digital video surveillance software and equipment.
______________________________
Why is ABI looking into video surveillance?
We believe in connectivity. The focus at ABI is everything wireless. Surveillance video is rapidly moving to wireless technologies as are we all, so that is why it is interest to us. It is an emerging technology that will fundamentally change global consumer and business markets.
Surveillance video isn’t exactly new.
Video surveillance systems have existed for many years. But until recently, extracting useful information from them was labor-intensive, time-consuming and tedious.
Now, the quickening transition from analog to digital video has made it possible to use software for detection and analysis. This can free humans from the drudgery of slamming through hours of tape, while improving accuracy and the ways video can be use – ways that were just not possible before.
I am particularly excited by the potential of digital video for analyzing and improving business processes. Once the retail sector sees the potential for business analytics, budgets for video surveillance, which now mostly come from the IT department, will begin to flow from the much more generous pockets of Marketing.
Video surveillance software was the particular focus of your study?
Yes. Because we can effectively massage digital records, the potential for intelligent use of software is enormous. Already the link between current physical security applications and what wireless, digital video and its movie-like rich images can do is dramatic.
There are many small software companies in this market, and some big ones such as IBM, which has released software that is largely platform-agnostic, increasing pressure for others to follow suit. While most systems today are sold to end-users, IBM Global Services sees potential in a managed service model, and it would not be surprising to see HP jump in as well, particularly following its EDS acquisition.
There are a number of smaller players who impress. Object Video, which was founded by some DARPA types, stands out with 800,000 licenses.
Some other small companies are quickly becoming familiar names: Axis Communications on the IP-based camera side. PMSC of South Carolina on large storage.
How about airports?
Airports are an obvious application, but you can set the rules with this stuff if you have digital images and digital storage and let it do much of the work. If a bag is left unattended for a number of minutes, the software can quickly, even automatically pick that fact up and set off an alert. If a passenger in an airport corridor suddenly reverses direction or makes an abrupt approach to an exit when the standard flow of traffic across is in the opposite direction, towards an entrance of gateway, there can be an instant alert and intervention.
Smart software can also trigger mechanical consequences – for example, instantly locking down escape routes in an airport when an individual is behaving erratically or takes off at a run.
Any human monitors needed in that digital future?
There’s always room for human judgment. You will see more large institutions – corporations, college campuses – setting up much more elaborate video monitoring centers that go beyond alarms and observation, allowing a shift leader or incident commander to react to what they see happening … or about to happen. Banks already do that.
The metadata procedurals the software designers are playing around with – there are about 13 different detection directions, by my last count – include any number of different characteristics.
What are the most demanding of these?
The most ambitious are automated face recognition programs that banks can use, say, at an ATM – not just to identify bad guys as criminals but to identify you so no one but you can use your card. Smart cameras can also survey the parking lot and tip the central control room to any break-pattern activity, such as leaving a car too long in a particular space … or moving it to a space where it doesn’t belong.
You said in an earlier interview that it reminded you of the futuristic film, Minority Report.
Yes. All this, of course, raises profound questions of civil liberties – and they play with those issues in the film Minority Report, which has Tom Cruise intercepting criminals before they commit their crimes. We have a pretty conservative court system at the moment, so I don’t think you will find much support there in blocking the initial deployment of these software recognition and tracking systems. And who knows what classified smart video applications are already in use in the skies above Iraq that will be coming our way?
What about China? Have the Olympics created any technology leaps there?
I expect there to be some advances, using the Olympics as an excuse for upgrades, but nothing dramatic. The China market is attractive, but a continuing concern, particularly on software, is the potential in that nation for software hacking which is right down doing major damage to the mobile phone market.
Most of the video surveillance equipment in China right now is cheap analog stuff. On the other hand, they have no shortage of people in China who can roll the analog tape back and forth to find what they are looking for. Britain, which began aggressively putting up outside analog video monitoring as far back as the IRA bombings twenty or more years ago, is now aggressively going digital. Most of the British equipment is installed and monitored by local municipalities.
Do you expect industry consolidation in the next year or so?
I do. The video surveillance area in general is so busy with new companies and small firms that I do anticipate some mergers and acquisitions. There are any number of products and platforms in the market, but very little interoperability yet.
The camera companies are also trying to get together, but more by establishing common technology standards than on merging. Canon, Samsung, and Panasonic – not sure why there are all Japanese – are in some sort of dialog on tech standards. North American camera manufacturers tend to focus on the high end. Lumenara from Ottawa is one of those with an 11 megapixel camera coming out soon. You could shoot a respectable motion picture or TV show on a camera that advanced. It’s broadcast quality.
A video stream that rich must take up a good deal of storage.
It does. But once all that information in storage, you can do some very smart things with it. Intelligent processing can begin right inside the camera itself. For example, the digital signal processing chips that are essential to advanced video are faster than ever. They are now able to put some fundamental video analytics into the chip itself. An Israeli firm, Mango DSP, seems to be making some remarkable progress to that end.
Where’s the quickest growth?
The steepest growth curves we see are in the government, retail, and educational sectors. Growth in the government sector is still driven by heightened security concerns since 9/11, of course. We are now seeing video installations in transport systems that keep an eye not only on external surroundings of the vehicles, but on the people inside – including trains and buses.
There’s a popular trend to jump on board a bus after it crashes and then claim whiplash – so come cities are trying to add video to fight that. We’ve all seen the popularity of police video cameras that capture not only police responses, but the provocations that precede the response. The ports are another area where very little of consequence has been accomplished.
How about education and retail?
The video market in the education sector has gone from a trot to a gallop since the campus killings at Virginia Tech – and elementary schools are also now adding video when they can find the budget to do so.
Retail will take the lead, however. It just beginning to appreciate the possibilities of business analytics in all this. Retailers have traditionally low margins, so they are reluctant to take on equipment costs. But if some of this smarter software, backed up with smart chips, can tell them how customers respond to a display and what they like, it justifies the cost to elevate video surveillance equipment and systems – and reduce stock shrinkage by the employees and customers who are stealing them blind.
■ Tom Goff
We spoke with research director Stan Schatt at ABI Research about his recent study “Watch this Space” highlighting the coming boom in digital video surveillance software and equipment.
______________________________
Why is ABI looking into video surveillance?
We believe in connectivity. The focus at ABI is everything wireless. Surveillance video is rapidly moving to wireless technologies as are we all, so that is why it is interest to us. It is an emerging technology that will fundamentally change global consumer and business markets.
Surveillance video isn’t exactly new.
Video surveillance systems have existed for many years. But until recently, extracting useful information from them was labor-intensive, time-consuming and tedious.
Now, the quickening transition from analog to digital video has made it possible to use software for detection and analysis. This can free humans from the drudgery of slamming through hours of tape, while improving accuracy and the ways video can be use – ways that were just not possible before.
I am particularly excited by the potential of digital video for analyzing and improving business processes. Once the retail sector sees the potential for business analytics, budgets for video surveillance, which now mostly come from the IT department, will begin to flow from the much more generous pockets of Marketing.
Video surveillance software was the particular focus of your study?
Yes. Because we can effectively massage digital records, the potential for intelligent use of software is enormous. Already the link between current physical security applications and what wireless, digital video and its movie-like rich images can do is dramatic.
There are many small software companies in this market, and some big ones such as IBM, which has released software that is largely platform-agnostic, increasing pressure for others to follow suit. While most systems today are sold to end-users, IBM Global Services sees potential in a managed service model, and it would not be surprising to see HP jump in as well, particularly following its EDS acquisition.
There are a number of smaller players who impress. Object Video, which was founded by some DARPA types, stands out with 800,000 licenses.
Some other small companies are quickly becoming familiar names: Axis Communications on the IP-based camera side. PMSC of South Carolina on large storage.
How about airports?
Airports are an obvious application, but you can set the rules with this stuff if you have digital images and digital storage and let it do much of the work. If a bag is left unattended for a number of minutes, the software can quickly, even automatically pick that fact up and set off an alert. If a passenger in an airport corridor suddenly reverses direction or makes an abrupt approach to an exit when the standard flow of traffic across is in the opposite direction, towards an entrance of gateway, there can be an instant alert and intervention.
Smart software can also trigger mechanical consequences – for example, instantly locking down escape routes in an airport when an individual is behaving erratically or takes off at a run.
Any human monitors needed in that digital future?
There’s always room for human judgment. You will see more large institutions – corporations, college campuses – setting up much more elaborate video monitoring centers that go beyond alarms and observation, allowing a shift leader or incident commander to react to what they see happening … or about to happen. Banks already do that.
The metadata procedurals the software designers are playing around with – there are about 13 different detection directions, by my last count – include any number of different characteristics.
What are the most demanding of these?
The most ambitious are automated face recognition programs that banks can use, say, at an ATM – not just to identify bad guys as criminals but to identify you so no one but you can use your card. Smart cameras can also survey the parking lot and tip the central control room to any break-pattern activity, such as leaving a car too long in a particular space … or moving it to a space where it doesn’t belong.
You said in an earlier interview that it reminded you of the futuristic film, Minority Report.
Yes. All this, of course, raises profound questions of civil liberties – and they play with those issues in the film Minority Report, which has Tom Cruise intercepting criminals before they commit their crimes. We have a pretty conservative court system at the moment, so I don’t think you will find much support there in blocking the initial deployment of these software recognition and tracking systems. And who knows what classified smart video applications are already in use in the skies above Iraq that will be coming our way?
What about China? Have the Olympics created any technology leaps there?
I expect there to be some advances, using the Olympics as an excuse for upgrades, but nothing dramatic. The China market is attractive, but a continuing concern, particularly on software, is the potential in that nation for software hacking which is right down doing major damage to the mobile phone market.
Most of the video surveillance equipment in China right now is cheap analog stuff. On the other hand, they have no shortage of people in China who can roll the analog tape back and forth to find what they are looking for. Britain, which began aggressively putting up outside analog video monitoring as far back as the IRA bombings twenty or more years ago, is now aggressively going digital. Most of the British equipment is installed and monitored by local municipalities.
Do you expect industry consolidation in the next year or so?
I do. The video surveillance area in general is so busy with new companies and small firms that I do anticipate some mergers and acquisitions. There are any number of products and platforms in the market, but very little interoperability yet.
The camera companies are also trying to get together, but more by establishing common technology standards than on merging. Canon, Samsung, and Panasonic – not sure why there are all Japanese – are in some sort of dialog on tech standards. North American camera manufacturers tend to focus on the high end. Lumenara from Ottawa is one of those with an 11 megapixel camera coming out soon. You could shoot a respectable motion picture or TV show on a camera that advanced. It’s broadcast quality.
A video stream that rich must take up a good deal of storage.
It does. But once all that information in storage, you can do some very smart things with it. Intelligent processing can begin right inside the camera itself. For example, the digital signal processing chips that are essential to advanced video are faster than ever. They are now able to put some fundamental video analytics into the chip itself. An Israeli firm, Mango DSP, seems to be making some remarkable progress to that end.
Where’s the quickest growth?
The steepest growth curves we see are in the government, retail, and educational sectors. Growth in the government sector is still driven by heightened security concerns since 9/11, of course. We are now seeing video installations in transport systems that keep an eye not only on external surroundings of the vehicles, but on the people inside – including trains and buses.
There’s a popular trend to jump on board a bus after it crashes and then claim whiplash – so come cities are trying to add video to fight that. We’ve all seen the popularity of police video cameras that capture not only police responses, but the provocations that precede the response. The ports are another area where very little of consequence has been accomplished.
How about education and retail?
The video market in the education sector has gone from a trot to a gallop since the campus killings at Virginia Tech – and elementary schools are also now adding video when they can find the budget to do so.
Retail will take the lead, however. It just beginning to appreciate the possibilities of business analytics in all this. Retailers have traditionally low margins, so they are reluctant to take on equipment costs. But if some of this smarter software, backed up with smart chips, can tell them how customers respond to a display and what they like, it justifies the cost to elevate video surveillance equipment and systems – and reduce stock shrinkage by the employees and customers who are stealing them blind.
■ Tom Goff
Wednesday, June 18, 2008
Social Science and Security?
Social scientists and humanitarians take note: the Pentagon is willing to buy you lunch and a good bit more if you’ll just give Secretary of Defense a bit of help on a few nagging global security problems.
Defense Secretary Bob Gates, himself a former university president, is funding the so-called “Minerva” research initiative (MRI) to explore issues of Chinese military technology, change in the Islamic World, Iraqi public opinion, and, well, global conflict in general. Seems his generals are a bit busy these days with other problems.
(Minerva is the Greek goddess of wisdom – get it?)
DoD is ignoring the conventional RFP (“Request for Proposal”) traditions and simply asking in a Broad Agency Announcement for relatively free-form proposals from the university and think-tank crowd.
The formal notice went out June 12th. White papers are due July 25 and full proposals are due October 3. At least $50 million in Federal funding is at stake. I guess there won't be much of a break for some of the hungrier professors and their grad students this summer.
Says the notice: “The MRI is a DoD-sponsored, university-based social science research program initiated by the Secretary of Defense. It focuses on areas of strategic importance to U.S. national security policy. It seeks to increase the Department's intellectual capital in the social sciences and improve its ability to address future challenges and build bridges between the Department and the social science community. Minerva will bring together universities, research institutions, and individual scholars and support multidisciplinary and cross-institutional projects addressing specific topic areas determined by the Department. MRI competition is open to institutions of higher education (universities).”
Let the games begin.
■ Tom Goff
Defense Secretary Bob Gates, himself a former university president, is funding the so-called “Minerva” research initiative (MRI) to explore issues of Chinese military technology, change in the Islamic World, Iraqi public opinion, and, well, global conflict in general. Seems his generals are a bit busy these days with other problems.
(Minerva is the Greek goddess of wisdom – get it?)
DoD is ignoring the conventional RFP (“Request for Proposal”) traditions and simply asking in a Broad Agency Announcement for relatively free-form proposals from the university and think-tank crowd.
The formal notice went out June 12th. White papers are due July 25 and full proposals are due October 3. At least $50 million in Federal funding is at stake. I guess there won't be much of a break for some of the hungrier professors and their grad students this summer.
Says the notice: “The MRI is a DoD-sponsored, university-based social science research program initiated by the Secretary of Defense. It focuses on areas of strategic importance to U.S. national security policy. It seeks to increase the Department's intellectual capital in the social sciences and improve its ability to address future challenges and build bridges between the Department and the social science community. Minerva will bring together universities, research institutions, and individual scholars and support multidisciplinary and cross-institutional projects addressing specific topic areas determined by the Department. MRI competition is open to institutions of higher education (universities).”
Let the games begin.
■ Tom Goff
Wednesday, June 11, 2008
Terrorists, Cyber Threats, and Innovation
There are times when any single fear or advertised threat can be overstated. Let's take another look at the cyber threat from terrorists. My aim is not to dismiss the cyber threat, but to keep it in context. Otherwise, we will be saying that if the ATMs are down, the terrorists win. In fact, is there any doomsday scenario that would not place us at someone's mercy if the worst case came to pass? It makes for good theatre, but bad business investments. In fact, it is precisely this kind of theatrical dimension that plays into the politics of cyber threats, a theme taken up by Swiss professor Myriam Dunn Caveltyis in her course for the Center for Security Studies, in Zurich, and related book, Cyber-Security and Threat Politics (2007). She points out that cyber threats have been touted despite having many unknowable qualities. But wait, there's more.
The very systems considered critical -- whether for air traffic control or turning valves and power systems on and off remotely -- go down all the time without plunging us wholeheartedly into chaos. As James A. Lewis, of the Center for Strategic and International Studies, pointed out in his 2002 assessment, "Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats," the nature of their targets is such that cyber terrorists "would need to attack multiple targets simultaneously for long periods of time to create terror, achieve strategic goals, or to have any noticeable effect. For most of the critical infrastructure, multiple sustained attacks are not a feasible scenario for hackers, terrorist groups, or nation states." (pp. 3-4)
This brings us to another raising of the eyebrows. Why are today's most vigorous champions of the cyber threat suspiciously identical to the same people who made careers out of Y2K preparations -- until January 2, 2000, that is, when the world as we know it failed to come to an end?
Context is the bottom line in all this. I do not pretend there is no cyber threat. I only offer the thought that there is more to this story. Information technology experts need jobs, too, and they, like most specialists, tend to see the world in terms of their specialty. Y2K ended, but they still had bills to pay and mouths to feed. As Abraham Maslow said, "If your only tool is a hammer, you tend to see every problem as a nail." So, to these people, cyber supplies a nail-rich environment of ubiquitous threats.
Let's keep the cyber hammer without making it the only implement in our toolbox. A hammer makes a lousy screwdriver, and a poor drill as well. Our most serious adversaries appear more interested in drawing blood than in perpetrating denial-of-service attacks or spamming enterprise e-mail servers. Is it possible that they will suddenly abandon their spectacular attacks in favor of cyber assaults instead?
Perhaps. Anything is possible. But, as columnist George Will (2000) said in another forecasting context , "Serious people consider serious probabilities, not idle possibilities."
My argument is that the cyber threat has yet to attain the seriousness to displace more conventional attack pathways. Nor does it seem likely to. As Lewis noted in his study, above, criminals and bored teenagers remain the most likely sources of cyber attacks (p. 8).
Connections with Innovation
I do believe that the more sustainable terrorist groups must possess some of the same learning and administrative skills as any business that survives in a competitive world. So, if a cyber tool of terror drops into their hands, they would feel some due diligence obligation to experiment with it, up to a point. But, it is a tool not an end.
My favorite innovation in war was by Philip of Macedon, the father of Alexander the Great (Lamb, H., Alexander of Macedon, date and details not recalled. Book lost from family library.) His innovation to war fighting of the time was to make his soldier's spear three feet longer than his adversary's. As a result, Philip enjoyed great success whenever one of his phalanxes met another in battle. But I suspect neither he nor his son spent a disproportionate amount of time and budget in R&D on spears.
– Nick Catrantzos
The very systems considered critical -- whether for air traffic control or turning valves and power systems on and off remotely -- go down all the time without plunging us wholeheartedly into chaos. As James A. Lewis, of the Center for Strategic and International Studies, pointed out in his 2002 assessment, "Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats," the nature of their targets is such that cyber terrorists "would need to attack multiple targets simultaneously for long periods of time to create terror, achieve strategic goals, or to have any noticeable effect. For most of the critical infrastructure, multiple sustained attacks are not a feasible scenario for hackers, terrorist groups, or nation states." (pp. 3-4)
This brings us to another raising of the eyebrows. Why are today's most vigorous champions of the cyber threat suspiciously identical to the same people who made careers out of Y2K preparations -- until January 2, 2000, that is, when the world as we know it failed to come to an end?
Context is the bottom line in all this. I do not pretend there is no cyber threat. I only offer the thought that there is more to this story. Information technology experts need jobs, too, and they, like most specialists, tend to see the world in terms of their specialty. Y2K ended, but they still had bills to pay and mouths to feed. As Abraham Maslow said, "If your only tool is a hammer, you tend to see every problem as a nail." So, to these people, cyber supplies a nail-rich environment of ubiquitous threats.
Let's keep the cyber hammer without making it the only implement in our toolbox. A hammer makes a lousy screwdriver, and a poor drill as well. Our most serious adversaries appear more interested in drawing blood than in perpetrating denial-of-service attacks or spamming enterprise e-mail servers. Is it possible that they will suddenly abandon their spectacular attacks in favor of cyber assaults instead?
Perhaps. Anything is possible. But, as columnist George Will (2000) said in another forecasting context , "Serious people consider serious probabilities, not idle possibilities."
My argument is that the cyber threat has yet to attain the seriousness to displace more conventional attack pathways. Nor does it seem likely to. As Lewis noted in his study, above, criminals and bored teenagers remain the most likely sources of cyber attacks (p. 8).
Connections with Innovation
I do believe that the more sustainable terrorist groups must possess some of the same learning and administrative skills as any business that survives in a competitive world. So, if a cyber tool of terror drops into their hands, they would feel some due diligence obligation to experiment with it, up to a point. But, it is a tool not an end.
My favorite innovation in war was by Philip of Macedon, the father of Alexander the Great (Lamb, H., Alexander of Macedon, date and details not recalled. Book lost from family library.) His innovation to war fighting of the time was to make his soldier's spear three feet longer than his adversary's. As a result, Philip enjoyed great success whenever one of his phalanxes met another in battle. But I suspect neither he nor his son spent a disproportionate amount of time and budget in R&D on spears.
– Nick Catrantzos
Tuesday, May 20, 2008
What Comes After Jihad?
In a volatile world, only change is a constant. One day, the world may well view the notion of holy war, or jihad, as outdated as the duel or trial by ordeal.
What then? Look for another rally point for expression of violence. Look for xenophobia as trigger.
Xenophobia is the next incubator for nascent terrorist organizations, once the world tires of jihad. A recent article on how this just expressed itself in South Africa presents a grim view of how hackers – the machete-wielding kind – exact revenge for real or perceived injustices suffered at the hands of immigrants who, to the rest of the world, hardly appear to be cavorting in luxury.
The interesting but faint signal to detect here is a phenomenon stretching at least as far back as the sans culottes of France who warmed to the guillotine as instrument of social justice during the French Revolution. There are a number of commentators of the world scene out there who are making their living editorializing about why the world hates America and Americans.
Type in "why they hate us" in Amazon.com's search box and 463 entries materialize. We represent the modern world to people who want to cling to tradition. We are the only remaining super power, hence easy to blame for everything that goes wrong. We are prosperous, so we must be doing something at someone else's expense. We are ostentatious, shifting between the conspicuous consumption that Thorstein Veblen popularized a couple of centuries ago to just making more films and entertainment products that sell throughout the world, inevitably putting an American face into the world's face.
Evidently, the world resents that. But we are not the only bad guys.
What a recent Reuters article on the South African violence brings to mind is another idea. Maybe old-fashioned xenophobia never goes away.
My own theory is that people are tribal, even in America. We all have a certain number of people we can accommodate comfortably into our lives. Say, for example, my upper limit is 30, while yours may be 50. [The exception may be for those of you with giant Rolodexes whom author Malcolm Gladwell defines as mavens in his Tipping Point.]
When we move, change jobs, or just start our own families, the personal total stays about the same, but many of the players change. We lose touch with people who no longer affect our lives, making room this way for others who are now take center stage.
And this takes place in a modern world and country, where the nuclear family has made us much less hidebound with clan, tradition, and feudal patterns or castes that distinguished other societies. But the rest of the world may well be much more clannish.
Recall that, in Saddam Hussein's ascendancy, his clan and tribal relationships meant that preferment went to kinfolk or tribesmen from Tikrit, Saddam's birthplace.
Add this tribal preoccupation, for which Africa is famous, to a natural tendency to find fault with outsiders, and what do you get? The kinds of mob attacks South Africa is seeing.
What do we watch for in all this? The victims.
How long will it be before some enterprising, organized, and martially proficient "defenders" emerge to offer protection to the victimized expatriates or tribal minorities in exchange for money or the kind of unwavering loyalty that is very easy to promise when one's back is to the wall and the only alternative is death or torture by mob violence?
– Nick Catrantzos
What then? Look for another rally point for expression of violence. Look for xenophobia as trigger.
Xenophobia is the next incubator for nascent terrorist organizations, once the world tires of jihad. A recent article on how this just expressed itself in South Africa presents a grim view of how hackers – the machete-wielding kind – exact revenge for real or perceived injustices suffered at the hands of immigrants who, to the rest of the world, hardly appear to be cavorting in luxury.
The interesting but faint signal to detect here is a phenomenon stretching at least as far back as the sans culottes of France who warmed to the guillotine as instrument of social justice during the French Revolution. There are a number of commentators of the world scene out there who are making their living editorializing about why the world hates America and Americans.
Type in "why they hate us" in Amazon.com's search box and 463 entries materialize. We represent the modern world to people who want to cling to tradition. We are the only remaining super power, hence easy to blame for everything that goes wrong. We are prosperous, so we must be doing something at someone else's expense. We are ostentatious, shifting between the conspicuous consumption that Thorstein Veblen popularized a couple of centuries ago to just making more films and entertainment products that sell throughout the world, inevitably putting an American face into the world's face.
Evidently, the world resents that. But we are not the only bad guys.
What a recent Reuters article on the South African violence brings to mind is another idea. Maybe old-fashioned xenophobia never goes away.
My own theory is that people are tribal, even in America. We all have a certain number of people we can accommodate comfortably into our lives. Say, for example, my upper limit is 30, while yours may be 50. [The exception may be for those of you with giant Rolodexes whom author Malcolm Gladwell defines as mavens in his Tipping Point.]
When we move, change jobs, or just start our own families, the personal total stays about the same, but many of the players change. We lose touch with people who no longer affect our lives, making room this way for others who are now take center stage.
And this takes place in a modern world and country, where the nuclear family has made us much less hidebound with clan, tradition, and feudal patterns or castes that distinguished other societies. But the rest of the world may well be much more clannish.
Recall that, in Saddam Hussein's ascendancy, his clan and tribal relationships meant that preferment went to kinfolk or tribesmen from Tikrit, Saddam's birthplace.
Add this tribal preoccupation, for which Africa is famous, to a natural tendency to find fault with outsiders, and what do you get? The kinds of mob attacks South Africa is seeing.
What do we watch for in all this? The victims.
How long will it be before some enterprising, organized, and martially proficient "defenders" emerge to offer protection to the victimized expatriates or tribal minorities in exchange for money or the kind of unwavering loyalty that is very easy to promise when one's back is to the wall and the only alternative is death or torture by mob violence?
– Nick Catrantzos
Tuesday, May 6, 2008
Lapses in the Health Care Industry
Are you are a security professional charged with protecting patient records maintained by your employer such as a hospital or medical insurer?
Then don’t miss Sarah Rubenstein’s April 29th round-up in The Wall Street Journal of the issues and most egregious recent breaches involving poorly protected medical records. (Sarah’s article is also useful if you are simply concerned about your own digitized medical records and issues of personal privacy.)
Most of the media attention in recent weeks about patient records has focused on a few Hollywood stars who allegedly had their records and their privacy invaded in Los Angeles. There has been at least one indictment since Sarah’s article, based on evidence that some of the information may have been sold to the media itself.
But the problem for those who guard those records is only going to get much bigger as hospitals and other health care institutions begin complying with the industry’s determined press to adopt electronic records for patients – making access quicker and easier in a crisis.
The intent of the industry initiative is to give a sharp and final shove to Luddite medical doctors and hospital bureaucrats who keep vital medical records on unprotected scraps of badly filed paper … and who have traditionally refused any and all reasonable attempts to master contemporary data recording and retrieval systems.
But the transition to digits is creating security nightmares of its own.
And the problem, says Sarah in her April 29 article, goes well beyond celebrity records in Hollywood hospitals: “In a spate of recent security lapses at hospitals, health insurers and the federal government, private information on hundreds of thousands of patients, ranging from Social Security numbers to fertility-treatment and cancer records, has been compromised.”
Security professionals in the health care industry need to keep on top of potential vulnerabilities in this field, but they also must be aware of changing privacy rules in the industry, largely driven by the provisions of the Health Insurance Portability and Accountability Act (HIPAA).
Sarah also provides some links that are useful in learning more about the law … and how all of us can better guard the guardians of our records:
Health Care Privacy Project
http://www.healthprivacy.org/
Detailed information on federal health-privacy laws
Patient Privacy Rights
http://www.patientprivacyrights.org/
Privacy toolkit that includes a form to request your medical records
Privacy Rights Clearing House
http://www.privacyrights.org/
Tips on identity theft and dealing with a security breach.
World Privacy Forum
http://www.worldprivacyforum.org/
Tips on medical identity theft
– Tom Goff
Then don’t miss Sarah Rubenstein’s April 29th round-up in The Wall Street Journal of the issues and most egregious recent breaches involving poorly protected medical records. (Sarah’s article is also useful if you are simply concerned about your own digitized medical records and issues of personal privacy.)
Most of the media attention in recent weeks about patient records has focused on a few Hollywood stars who allegedly had their records and their privacy invaded in Los Angeles. There has been at least one indictment since Sarah’s article, based on evidence that some of the information may have been sold to the media itself.
But the problem for those who guard those records is only going to get much bigger as hospitals and other health care institutions begin complying with the industry’s determined press to adopt electronic records for patients – making access quicker and easier in a crisis.
The intent of the industry initiative is to give a sharp and final shove to Luddite medical doctors and hospital bureaucrats who keep vital medical records on unprotected scraps of badly filed paper … and who have traditionally refused any and all reasonable attempts to master contemporary data recording and retrieval systems.
But the transition to digits is creating security nightmares of its own.
And the problem, says Sarah in her April 29 article, goes well beyond celebrity records in Hollywood hospitals: “In a spate of recent security lapses at hospitals, health insurers and the federal government, private information on hundreds of thousands of patients, ranging from Social Security numbers to fertility-treatment and cancer records, has been compromised.”
Security professionals in the health care industry need to keep on top of potential vulnerabilities in this field, but they also must be aware of changing privacy rules in the industry, largely driven by the provisions of the Health Insurance Portability and Accountability Act (HIPAA).
Sarah also provides some links that are useful in learning more about the law … and how all of us can better guard the guardians of our records:
Health Care Privacy Project
http://www.healthprivacy.org/
Detailed information on federal health-privacy laws
Patient Privacy Rights
http://www.patientprivacyrights.org/
Privacy toolkit that includes a form to request your medical records
Privacy Rights Clearing House
http://www.privacyrights.org/
Tips on identity theft and dealing with a security breach.
World Privacy Forum
http://www.worldprivacyforum.org/
Tips on medical identity theft
– Tom Goff
Sunday, April 20, 2008
Everyone (Else) Fortifies
The world is a dangerous place, and most people who have accumulated wealth or other assets in uncertain or risky environments have one thing in common: defending them. This is why the equivalent of city hall in Shanghai looks like a veritable fortress, why the well-to-do in nations from the poorest to the most wealthy, from Seoul to London, Rio to Tokyo, are unabashed to erect high walls, strong gates, and the kind of electronic and physical barriers intended not just to thwart the paparazzi. They are also intended to stop acquisitive and destructive aggressors from attacking, inflicting harm, or otherwise causing damage or mayhem. Everywhere, that is, except in the United States.
Instead, we find such defenses unseemly. They strike us as aesthetically unsavory, as, well, overbearing and contrary to the American tradition of openness and accessibility to the everyday fellow human. Look no further than a book written by a relatively modern historian, The Architecture of Diplomacy, and you will see the same philosophy applied to the design of American embassies at the height of the Cold War. At the time, it was always the Communist and other totalitarian regimes, particularly the Soviet Union, that seemed bent on erecting the most forbidding and dungeon-like structures as ambassadorial representations of might and invincibility. So, in the best contrarian American tradition, what did we do? The opposite. Thus our embassies came to be emblematic of our society: open, friendly, transparent. In order for this to happen, all but the structurally indispensable walls gave way to glass, opening the embassies up to light and airiness. At the time, this seemed desirable. Events like the Oklahoma City Bombing and other attacks showed us a new reality: how easily standard glazing and unhardened buildings fall victim to progressive collapse.
So the century turns and the world changes. Today, we see that openness as a strategy is no more supportable than leaving one’s front door wide open at home. The rest of the world understands the need to fortify. But it seems that only in the West, and in America in particular, do we agonize over the obvious. “What might it say about our manifest distrust of our neighbors if we lock our doors too securely?” we seem to wonder. It’s not that we cannot learn the lessons of self-protection. We just tend to forget them sooner and act on them later than others. We have had embassies in Syria, Iran, Tanzania, and Kenya attacked. There will be others. But if we wait for the attack before we fortify, it is like getting a good deadbolt and reinforced door frame for the front door only after the burglary or home invasion. Some lessons are not nearly so valuable when absorbed only after the loss has occurred. So, maybe it is time to get smarter.
Good security must be a habit in order to deliver value. This means locking all your doors and using all the protective measures at hand before the loss occurs, not after. Doing this not only strengthens defenses and contributes to peace of mind. It also provides a visible and meaningful deterrent. After all, life’s worst adversaries tend to be focused and businesslike. They base their decision to attack or pass us by depending on how soft or hard a target we are or appear to be. Is there really any reason to call on aesthetic or emotional arguments to institutionalize weakness and design vulnerabilities into security posture in the post-9/11 world? Not if you value your assets.
– Nick Catrantzos
Instead, we find such defenses unseemly. They strike us as aesthetically unsavory, as, well, overbearing and contrary to the American tradition of openness and accessibility to the everyday fellow human. Look no further than a book written by a relatively modern historian, The Architecture of Diplomacy, and you will see the same philosophy applied to the design of American embassies at the height of the Cold War. At the time, it was always the Communist and other totalitarian regimes, particularly the Soviet Union, that seemed bent on erecting the most forbidding and dungeon-like structures as ambassadorial representations of might and invincibility. So, in the best contrarian American tradition, what did we do? The opposite. Thus our embassies came to be emblematic of our society: open, friendly, transparent. In order for this to happen, all but the structurally indispensable walls gave way to glass, opening the embassies up to light and airiness. At the time, this seemed desirable. Events like the Oklahoma City Bombing and other attacks showed us a new reality: how easily standard glazing and unhardened buildings fall victim to progressive collapse.
So the century turns and the world changes. Today, we see that openness as a strategy is no more supportable than leaving one’s front door wide open at home. The rest of the world understands the need to fortify. But it seems that only in the West, and in America in particular, do we agonize over the obvious. “What might it say about our manifest distrust of our neighbors if we lock our doors too securely?” we seem to wonder. It’s not that we cannot learn the lessons of self-protection. We just tend to forget them sooner and act on them later than others. We have had embassies in Syria, Iran, Tanzania, and Kenya attacked. There will be others. But if we wait for the attack before we fortify, it is like getting a good deadbolt and reinforced door frame for the front door only after the burglary or home invasion. Some lessons are not nearly so valuable when absorbed only after the loss has occurred. So, maybe it is time to get smarter.
Good security must be a habit in order to deliver value. This means locking all your doors and using all the protective measures at hand before the loss occurs, not after. Doing this not only strengthens defenses and contributes to peace of mind. It also provides a visible and meaningful deterrent. After all, life’s worst adversaries tend to be focused and businesslike. They base their decision to attack or pass us by depending on how soft or hard a target we are or appear to be. Is there really any reason to call on aesthetic or emotional arguments to institutionalize weakness and design vulnerabilities into security posture in the post-9/11 world? Not if you value your assets.
– Nick Catrantzos
Friday, April 11, 2008
Securing a Symbol: The Olympic Torch
The Olympic torch, taken objectively, is a marvelously expensive frivolity whose parade through a chain of metropolitan venues hardly offers novelty in the modern age. Until recently, that is, when anti-Chinese fervor made it a target. Whether it is a legitimate protest target is mildly interesting to the security professional. If it is an asset, it needs to be protected. How?
The answer differs little from the steps one would take to defend other assets on the move from hijacking or foul play. The answer is a layered defense. And the chief component is unpredictability. Security measures in such an environment typically include decoys, unannounced schedule changes, and keeping out of the way of where both crowds and antagonists are most likely to appear. Related measures include introducing obstacles and disrupting patterns.
Say what you will about San Francisco's current reputation for extremes. When it came to preventing a nasty scene with the Olympic torch at its only U.S. appearance, this week, San Francisco got it right. Organizers kept the torch in motion, deviated from known and vulnerable routes of travel, and altered all predictable stops well enough to get the Olympic flame in and out of town without missing a beat. That was a vivid demonstration of good security.
– Nick Catrantzos
The answer differs little from the steps one would take to defend other assets on the move from hijacking or foul play. The answer is a layered defense. And the chief component is unpredictability. Security measures in such an environment typically include decoys, unannounced schedule changes, and keeping out of the way of where both crowds and antagonists are most likely to appear. Related measures include introducing obstacles and disrupting patterns.
Say what you will about San Francisco's current reputation for extremes. When it came to preventing a nasty scene with the Olympic torch at its only U.S. appearance, this week, San Francisco got it right. Organizers kept the torch in motion, deviated from known and vulnerable routes of travel, and altered all predictable stops well enough to get the Olympic flame in and out of town without missing a beat. That was a vivid demonstration of good security.
– Nick Catrantzos
Saturday, April 5, 2008
Finally: A Voice for Realistic Homeland Defense
Favorite teachers are seldom easy and undemanding. They impress their students by challenging them, introducing bold ideas, and making them think. So, in this process, does the great teacher attain immortality in student eyes. So, too, by following this process has former combat pilot and National War College department head Randall Larsen probed the folly and substance of homeland security in Our Own Worst Enemy (New York: Grand Central Publishing, 2007) to present compelling and radical ideas on the realities of homeland defense.
Larsen first arouses reader attention by showing how ill conceived, reflexive responses to real and perceived homeland threats have created more problems than they solved. According to Larsen, over-investment and deficient analysis risk jeopardizing the homeland through irresponsible spending in areas ranging from detection technology at ports to building of walls at America’s undefended borders. Absent a reversal of this trend, Larsen argues cogently that it is precisely such actions on our own part that will realize our adversaries' objectives, bankrupt our economy, and make of all Americans our own worst enemy.
He flatly asserts the folly of succumbing to the rhetoric that America can “win the war against all those who would threaten our homeland,” arguing that the best we can do about attacks is to limit their frequency and severity (pp 84-85). Yet, in Larsen’s view, only a unifying strategy – containment – will prevent the wasteful spending and overreactions by political leaders while offering a degree of focus that will lend credibility to homeland defenses that are otherwise effective only in inflicting greater eventual damage to the economy than terror attacks themselves. Reviewing and cataloging the key threats presenting catastrophic risk, Larsen rates them by a scale (p. 73) that ultimately ranks biological and nuclear weapons as the most severe.
The author then makes the case for focusing on these top two that would potentially drive any nation to its knees. He uses the discussion of nuclear weapons to illustrate how otherwise brilliant scientists, enraptured by the allure of technology solutions often advocated by contractors who stand to profit from selling their devices, can fall prey to impractical solutions. Two such scientists with Homeland Security responsibilities seriously proposed equipping every motor vehicle in America large enough to carry a nuclear bomb with radiological detectors, leaving Larsen to challenge them with analytical questions. As Larson explains, the nuclear devices of greatest concern use highly enriched uranium which is a lower radiation emitter than that of the materials used in nuclear power plants. Why, argues Larsen, would a terrorist smart enough to lay hands on weapons-grade uranium not invest in lead shielding that would make the device capable of eluding the detectors? Moreover, why bankrupt taxpayers with the burden of wasting billions on such a flawed implementation of technology?
Biological weapons, though, strike Larsen as a greater danger. In the Internet age and with the proliferation of information on bioengineering, they are increasingly falling within the capacity of any terrorist to produce in the space of a garage without giving away any telltale signs or signatures necessary for rapid detection and pre-emption. Thus Larsen concludes that biological attacks are inevitable and must be approached as something to be mitigated rather than prevented.
On the one hand, Larsen's unvarnished prose and bulldozing style at times oscillate between the facile and the theatrical. Repeatedly, he holds forth before senior political executives, reporters, and congressional representative at length, challenging their assumptions and parrying their sound-bite-suited questions with his curmudgeon's refrain, "Wrong question." The refrain, which permeates the opening chapters or fusillade of the book, becomes old by page 30. Yet Larsen the pragmatist compensates for the limitations of Larsen the evangelist. And he makes a good case for bringing astronomical excesses under the banner of homeland security back down to Earth.
– Nick Catrantzos
Larsen first arouses reader attention by showing how ill conceived, reflexive responses to real and perceived homeland threats have created more problems than they solved. According to Larsen, over-investment and deficient analysis risk jeopardizing the homeland through irresponsible spending in areas ranging from detection technology at ports to building of walls at America’s undefended borders. Absent a reversal of this trend, Larsen argues cogently that it is precisely such actions on our own part that will realize our adversaries' objectives, bankrupt our economy, and make of all Americans our own worst enemy.
He flatly asserts the folly of succumbing to the rhetoric that America can “win the war against all those who would threaten our homeland,” arguing that the best we can do about attacks is to limit their frequency and severity (pp 84-85). Yet, in Larsen’s view, only a unifying strategy – containment – will prevent the wasteful spending and overreactions by political leaders while offering a degree of focus that will lend credibility to homeland defenses that are otherwise effective only in inflicting greater eventual damage to the economy than terror attacks themselves. Reviewing and cataloging the key threats presenting catastrophic risk, Larsen rates them by a scale (p. 73) that ultimately ranks biological and nuclear weapons as the most severe.
The author then makes the case for focusing on these top two that would potentially drive any nation to its knees. He uses the discussion of nuclear weapons to illustrate how otherwise brilliant scientists, enraptured by the allure of technology solutions often advocated by contractors who stand to profit from selling their devices, can fall prey to impractical solutions. Two such scientists with Homeland Security responsibilities seriously proposed equipping every motor vehicle in America large enough to carry a nuclear bomb with radiological detectors, leaving Larsen to challenge them with analytical questions. As Larson explains, the nuclear devices of greatest concern use highly enriched uranium which is a lower radiation emitter than that of the materials used in nuclear power plants. Why, argues Larsen, would a terrorist smart enough to lay hands on weapons-grade uranium not invest in lead shielding that would make the device capable of eluding the detectors? Moreover, why bankrupt taxpayers with the burden of wasting billions on such a flawed implementation of technology?
Biological weapons, though, strike Larsen as a greater danger. In the Internet age and with the proliferation of information on bioengineering, they are increasingly falling within the capacity of any terrorist to produce in the space of a garage without giving away any telltale signs or signatures necessary for rapid detection and pre-emption. Thus Larsen concludes that biological attacks are inevitable and must be approached as something to be mitigated rather than prevented.
On the one hand, Larsen's unvarnished prose and bulldozing style at times oscillate between the facile and the theatrical. Repeatedly, he holds forth before senior political executives, reporters, and congressional representative at length, challenging their assumptions and parrying their sound-bite-suited questions with his curmudgeon's refrain, "Wrong question." The refrain, which permeates the opening chapters or fusillade of the book, becomes old by page 30. Yet Larsen the pragmatist compensates for the limitations of Larsen the evangelist. And he makes a good case for bringing astronomical excesses under the banner of homeland security back down to Earth.
– Nick Catrantzos
Wednesday, March 12, 2008
Why Cheaters, Traitors Slip
The New York governor's exposure as a client of an upscale prostitution ring this week affords editorial license to hold forth against the sins of hubris and hypocrisy. Then psychologists may capture the story to illustrate the contradictory sides of human nature. But to the security professional, Governor Spitzer's folly in creating audit trails when sending a coin-operated bed mate across state lines and making arrangements via communications susceptible to federal wiretap illustrates a phenomenon also seen among spies and traitors: indiscretion borne of overconfidence.
Whence the association between an extra-marital affair and treason? The requirement for deception is the same. As a tradecraft instructor once told my class of aspiring case officers many years ago, "Maintaining your cover takes the same talent you would use if cheating on your spouse." Thanks to Governor Spitzer, we can see that carrying out such illicit rendezvous indiscreetly is equally susceptible to breakdowns in basic tradecraft which, fundamentally, means breaches of security. After all, tradecraft amounts to nothing more than precautions taken to assure personal security and to safeguard a given operation.
So, setting aside the admittedly unsavory betrayals and hypocrisy permeating Spitzer's actions, let us examine his basic security failure. Here is a trained prosecutor with considerable expertise in the use of wiretaps and surveillance and forensic document examination. He should be an expert in conducting illicit activities without leaving traces, yet he leaves a trail for any rookie investigator to trip over while investigating the prostitution ring. What is the fundamental failure? Tradecraft or, in other words, failure to follow routine, mundane, and elementary security precautions.
While psychologists and pundits may speculate at the root cause and use this failure in operational security to underscore the governor's arrogance, there is another fundamental truth at the heart of the matter. It would have come into play even if Governor Spitzer were the most modest of men without any grandstanding proclivities. In reality, it comes equally into play in espionage cases and in cases where the most sophisticated traitors and case officers make the one fatal flaw which gives them away and compromises their operations or even their lives. What is the fundamental truth behind all these catastrophes?
Security is never convenient. And the corollary to this truth is that even the brightest participants in questionable activities will eventually surrender caution to convenience – hence their exposure. And it does not matter how smart they are, or how powerful, or how adroit in all other matters. All it takes is the calculated or chance exploitation of one fatal flaw in security, and exposure will result, with the attending ramifications of whatever represents catastrophe to those concerned. Ask the governor, who just added security malpractice to his growing list of fatal flaws.
– Nick Catrantzos
Whence the association between an extra-marital affair and treason? The requirement for deception is the same. As a tradecraft instructor once told my class of aspiring case officers many years ago, "Maintaining your cover takes the same talent you would use if cheating on your spouse." Thanks to Governor Spitzer, we can see that carrying out such illicit rendezvous indiscreetly is equally susceptible to breakdowns in basic tradecraft which, fundamentally, means breaches of security. After all, tradecraft amounts to nothing more than precautions taken to assure personal security and to safeguard a given operation.
So, setting aside the admittedly unsavory betrayals and hypocrisy permeating Spitzer's actions, let us examine his basic security failure. Here is a trained prosecutor with considerable expertise in the use of wiretaps and surveillance and forensic document examination. He should be an expert in conducting illicit activities without leaving traces, yet he leaves a trail for any rookie investigator to trip over while investigating the prostitution ring. What is the fundamental failure? Tradecraft or, in other words, failure to follow routine, mundane, and elementary security precautions.
While psychologists and pundits may speculate at the root cause and use this failure in operational security to underscore the governor's arrogance, there is another fundamental truth at the heart of the matter. It would have come into play even if Governor Spitzer were the most modest of men without any grandstanding proclivities. In reality, it comes equally into play in espionage cases and in cases where the most sophisticated traitors and case officers make the one fatal flaw which gives them away and compromises their operations or even their lives. What is the fundamental truth behind all these catastrophes?
Security is never convenient. And the corollary to this truth is that even the brightest participants in questionable activities will eventually surrender caution to convenience – hence their exposure. And it does not matter how smart they are, or how powerful, or how adroit in all other matters. All it takes is the calculated or chance exploitation of one fatal flaw in security, and exposure will result, with the attending ramifications of whatever represents catastrophe to those concerned. Ask the governor, who just added security malpractice to his growing list of fatal flaws.
– Nick Catrantzos
Friday, March 7, 2008
Rethinking School Shooter Defense
This week, a radical Palestinian opened fire on Israeli seminary students with an assault rifle, killing 8 and wounding 11. Last month, a graduate of an Illinois university with a shotgun and at least one handgun terrorized students in an auditorium by taking the stage and shooting as many as he could before taking his own life. Taken together, these cases illustrate the real and not-so-real merits of relying on ready access to firearms on campus.
The American case produced debate to the effect that allowing weapons in the hands of responsible teachers or students could have limited the body count. One radio talk show caller opined that Reserve Officer Training Cadets should be so authorized on US campuses. The pro-firearm argument further stated that the firearm prohibition at schools only affects victims. Shooters bent on more serious crimes, hardly balk at adding weapons charges to murder. Does this position make sense?
The Israeli case may seem to say it does. Early reports claimed an armed citizen first stopped the shooter by returning fire with a handgun. Then security forces finished off the shooter. However, the Israeli casualty count was higher -- and this in a toughened society where armed security is much more prevalent than here, in the US. So, what is the answer?
Simply passing out guns to young adults isn't the answer. Why should we entrust deadly force to people who do not yet qualify for lower driving insurance rates because they are under 25? If, statistically, this group produces more injuries and fatalities, then surely it makes little sense to place into its hands even greater capacity to wield deadly force. But insisting on total weapons bans in the vicinity of any educational institution is equally unsupportable. After all, such bans carry weight with everyone but the shooter. Is there a middle ground?
Of course there is. First, let us not blindly cripple the ability for responsible persons to intervene. If Americans qualify for the authorization to carry a firearm anywhere else in the same jurisdiction, then let them do the same on campus. If they still want response options beyond just hunkering down and waiting for a bullet, allow and encourage the use of purely defensive weapons.
One such defensive weapon now comes with certain deterrent values: the commercially available taser. The first deterrent aims at limiting abuse of the device to commit crime. The modern taser comes with taggants that spit out like confetti when the user fires at a target. The taggants, tiny pieces of paper with unique registration markings, trace to the user and leave an audit trail for law enforcement to use in collaboration with the vendor. Tracking down the taser user becomes fairly straightforward. But an even better deterrent is bundled in.
Commercial grade tasers now come with a laser sight, just like target pistols. Not only does this improve the chance that the user will hit the target, it also gives the target pause. If you are a school shooter who suddenly sees a red dot on your torso, what is your first thought? That's right: the SWAT team has arrived. Under the circumstances, the dot alone may slow a school shooter down long enough to allow at least one potential victim to get out of the line of fire. Interestingly, if the manufacturer's claims are valid, a taser is not classified as a firearm, according to the Bureau of Alcohol, Tobacco, and Firearms. If so, then this is a way to introduce some kind of response capability into the equation without crossing the existing line against firearms proliferation.
And what to do until this debate advances to a point of action? Let me see, where did I store my old laser pointer?
– Nick Catrantzos
The American case produced debate to the effect that allowing weapons in the hands of responsible teachers or students could have limited the body count. One radio talk show caller opined that Reserve Officer Training Cadets should be so authorized on US campuses. The pro-firearm argument further stated that the firearm prohibition at schools only affects victims. Shooters bent on more serious crimes, hardly balk at adding weapons charges to murder. Does this position make sense?
The Israeli case may seem to say it does. Early reports claimed an armed citizen first stopped the shooter by returning fire with a handgun. Then security forces finished off the shooter. However, the Israeli casualty count was higher -- and this in a toughened society where armed security is much more prevalent than here, in the US. So, what is the answer?
Simply passing out guns to young adults isn't the answer. Why should we entrust deadly force to people who do not yet qualify for lower driving insurance rates because they are under 25? If, statistically, this group produces more injuries and fatalities, then surely it makes little sense to place into its hands even greater capacity to wield deadly force. But insisting on total weapons bans in the vicinity of any educational institution is equally unsupportable. After all, such bans carry weight with everyone but the shooter. Is there a middle ground?
Of course there is. First, let us not blindly cripple the ability for responsible persons to intervene. If Americans qualify for the authorization to carry a firearm anywhere else in the same jurisdiction, then let them do the same on campus. If they still want response options beyond just hunkering down and waiting for a bullet, allow and encourage the use of purely defensive weapons.
One such defensive weapon now comes with certain deterrent values: the commercially available taser. The first deterrent aims at limiting abuse of the device to commit crime. The modern taser comes with taggants that spit out like confetti when the user fires at a target. The taggants, tiny pieces of paper with unique registration markings, trace to the user and leave an audit trail for law enforcement to use in collaboration with the vendor. Tracking down the taser user becomes fairly straightforward. But an even better deterrent is bundled in.
Commercial grade tasers now come with a laser sight, just like target pistols. Not only does this improve the chance that the user will hit the target, it also gives the target pause. If you are a school shooter who suddenly sees a red dot on your torso, what is your first thought? That's right: the SWAT team has arrived. Under the circumstances, the dot alone may slow a school shooter down long enough to allow at least one potential victim to get out of the line of fire. Interestingly, if the manufacturer's claims are valid, a taser is not classified as a firearm, according to the Bureau of Alcohol, Tobacco, and Firearms. If so, then this is a way to introduce some kind of response capability into the equation without crossing the existing line against firearms proliferation.
And what to do until this debate advances to a point of action? Let me see, where did I store my old laser pointer?
– Nick Catrantzos
Monday, February 18, 2008
Why this Blog, Why Now
Security professionals saw 9/11/01 as a tragedy and a wake-up call. My own security practice within a global investigative and security consultancy at the time experienced a huge, unprecedented spike in business and in publicity. From relative obscurity, I found myself having back-to-back appointments scheduled with the media by my president’s secretary because no one else in the office could speak to the larger issues of enterprise security. Yet, just getting more security business was not enough. By the end of the year, I had decided to give notice and began a migration back to the public sector by first joining a contractor for the State Department which was working exclusively on anti-terrorism and Homeland Security projects. On facing my resignation, my company president told me, “If it’s just about money, that’s easy to solve.” It wasn’t, however.
Nor, almost seven years later, is it now. September 11, 2001 fired the irreversible salvo in the Long War of throw-back barbarism against what passes for civilization and modern life. At the time, it was not only professional guardians who heard the call to action. American flags sold out of every store and waved jauntily on what looked like every other car. Military recruiters saw unprecedented lines of volunteers. A wounded population seemed mobilized and missionized, ready to take on any adversary with the kind of resolve and courage unseen since the Minutemen of the Revolutionary War. Security was also about to come into its own, with the Wall Street Journal predicting the advent of the CSO: the Chief Security Officer, who was predicted to become to every institution what the Chief Financial Officer or Chief Technology Officer had become – key executives with a place at the decision-making table of the enterprise.
Things never work out quite as predicted. Americans lose interest or even lose heart in any war lasting more than three or four years. We then begin to question not only our leaders, but also ourselves. We stop digging foxholes and lean back on our couches to psychoanalyze. And when our adversaries refuse to accommodate our proclivity for professional fault finding and apologizing and hand wringing, we look closer to home to blame more convenient, more cooperative villains: ourselves. We look for root causes, convinced that if we can understand it all, the sheer force of a good heart and open mind will wash away the hatred and end hostile action without more needless bloodshed. But we are wrong.
Security is a basic need we must address long before we arrive at the point of comfortable speculation about ultimate causes and motives. In Maslow’s hierarchy of needs, I would say security comes between love and hunger. It is easy to give it top priority when taking enemy fire. But when further removed from direct attack, we all have a tendency to lower our guard – a tendency any shrewd adversary will count on and exploit. Now, more than ever, security is a matter of survival – for individual, for organization, for institution, for enterprise, for nation, even for way of life. We need to pay attention to safeguarding our people and assets, our operations and interests. We are now in a world where security may not always seem necessary, but where it is sometimes indispensable. And it is precisely in this context that we must ask ourselves:
“All secure?”
– Nick Catrantzos
Nor, almost seven years later, is it now. September 11, 2001 fired the irreversible salvo in the Long War of throw-back barbarism against what passes for civilization and modern life. At the time, it was not only professional guardians who heard the call to action. American flags sold out of every store and waved jauntily on what looked like every other car. Military recruiters saw unprecedented lines of volunteers. A wounded population seemed mobilized and missionized, ready to take on any adversary with the kind of resolve and courage unseen since the Minutemen of the Revolutionary War. Security was also about to come into its own, with the Wall Street Journal predicting the advent of the CSO: the Chief Security Officer, who was predicted to become to every institution what the Chief Financial Officer or Chief Technology Officer had become – key executives with a place at the decision-making table of the enterprise.
Things never work out quite as predicted. Americans lose interest or even lose heart in any war lasting more than three or four years. We then begin to question not only our leaders, but also ourselves. We stop digging foxholes and lean back on our couches to psychoanalyze. And when our adversaries refuse to accommodate our proclivity for professional fault finding and apologizing and hand wringing, we look closer to home to blame more convenient, more cooperative villains: ourselves. We look for root causes, convinced that if we can understand it all, the sheer force of a good heart and open mind will wash away the hatred and end hostile action without more needless bloodshed. But we are wrong.
Security is a basic need we must address long before we arrive at the point of comfortable speculation about ultimate causes and motives. In Maslow’s hierarchy of needs, I would say security comes between love and hunger. It is easy to give it top priority when taking enemy fire. But when further removed from direct attack, we all have a tendency to lower our guard – a tendency any shrewd adversary will count on and exploit. Now, more than ever, security is a matter of survival – for individual, for organization, for institution, for enterprise, for nation, even for way of life. We need to pay attention to safeguarding our people and assets, our operations and interests. We are now in a world where security may not always seem necessary, but where it is sometimes indispensable. And it is precisely in this context that we must ask ourselves:
“All secure?”
– Nick Catrantzos
Sunday, February 3, 2008
Security Lessons from Banks and Bishops
During a single week in January, three avoidable security breaches showed what role people play in facing catastrophic security breaches. The board of a major French bank was debating whether to fire its chief executive whose rogue trader cost the enterprise $7.2 billion and set up the business for a hostile takeover (Reuters’s January 30 article, Soc Gen board ponders chairman fate, http://news.yahoo.com/s/nm/20080130/bs_nm/socgen_dc). Lesson: The time for executive involvement in security is before the catastrophic loss, not after.
Across the Atlantic, in Texas, a personal catastrophe. A Greek Orthodox bishop’s car was burglarized while he was out to dinner. The victim, himself a former US Marine, lamented the irreplaceable losses not only of a jeweled ceremonial crown valued up to $10,000 but also of a black bag given to him by the widow of a fellow Marine. The bishop felt lost without the bag, a sentimental attachment of 22 years. (Dallas/Ft. Worth NBC News of January 27, http://www.nbc5i.com/newsbycounty/15149212/detail.html) Lesson: If something is invaluable, treat it that way – all the time.
Finally, a security success story emerges, relatively unheralded. An alert Swedish bank employee managed to thwart a Mission Impossible-style digital bank heist in progress. Thieves had managed to place a device or devices under the employee’s desk. At the appointed hour, when the thieves were poised to seize control of a computer and electronically transfer millions out of the bank, the employee recognized something amiss and literally pulled the plug on a device. This action stopped the transaction at the last second. (AP article of January 30, Swedish bank stops digital theft, http://ap.google.com/article/ALeqM5jAz3WqAdnaAcvzcllNpnJbyArdvgD8UG7LIG2) Lesson: There is no more effective security measure than an alert employee who acts on suspicions.
Defending assets is quiet work, taking more diligence than dash. Only security failures make headlines.
– Nick Catrantzos
Across the Atlantic, in Texas, a personal catastrophe. A Greek Orthodox bishop’s car was burglarized while he was out to dinner. The victim, himself a former US Marine, lamented the irreplaceable losses not only of a jeweled ceremonial crown valued up to $10,000 but also of a black bag given to him by the widow of a fellow Marine. The bishop felt lost without the bag, a sentimental attachment of 22 years. (Dallas/Ft. Worth NBC News of January 27, http://www.nbc5i.com/newsbycounty/15149212/detail.html) Lesson: If something is invaluable, treat it that way – all the time.
Finally, a security success story emerges, relatively unheralded. An alert Swedish bank employee managed to thwart a Mission Impossible-style digital bank heist in progress. Thieves had managed to place a device or devices under the employee’s desk. At the appointed hour, when the thieves were poised to seize control of a computer and electronically transfer millions out of the bank, the employee recognized something amiss and literally pulled the plug on a device. This action stopped the transaction at the last second. (AP article of January 30, Swedish bank stops digital theft, http://ap.google.com/article/ALeqM5jAz3WqAdnaAcvzcllNpnJbyArdvgD8UG7LIG2) Lesson: There is no more effective security measure than an alert employee who acts on suspicions.
Defending assets is quiet work, taking more diligence than dash. Only security failures make headlines.
– Nick Catrantzos
Monday, January 21, 2008
Privacy vs. Terrorist Surveillance
Privacy. Video surveillance. Intelligence sharing. Prevention of terrorist attacks. Take any of these terms, sufficiently controversial on its own, blend it with the others, and you will invariably generate a swirl of emotions that end up polarizing security and lay observers into opposing camps. Yet all connect reasonably and, taken together without extremes, can yield a useful, coherent approach to the anti-terrorism challenge facing today's democracies and their security practitioners.
Out of deference to my colleagues of Special Forces pedigree, I should note that what follows relates to anti-terrorism, that is, defending against terrorists -- not counter-terrorism, or taking the fight directly to the terrorists themselves. My friends who have suffered brutal selection and induction processes for the privilege of traveling to danger zones to chase those who slaughter innocents -- these people rightly claim counter-terrorism as their preserve.
Let's begin with privacy. Is it a right, a luxury, a cloak to mask petty crime, a tool for international terrorists to use against those whom they have sworn to annihilate? Answer: Yes, depending whom you ask. In countries with a Western tradition, privacy is a value tied to the presumed sanctity of the home and natural territoriality. In such societies, we generally act as if people have a right to do as they please, in private. But how far is our society willing to support this value? Is it inviolate? Is this an absolute whose violation would spell the end of our society? One need only consider a few modern scenarios to see that even the staunchest supporters of such a position would struggle to offer a 100% defense.
Medical information merits a good deal of protection and is generally treated as among the most deserving of privacy. Yet our own laws governing health care professionals compel them to reveal the most imtimate confidences. In the face of any evidence of a violent crime or of child abuse, for example, they must alert authorities or themselves face sanctions. Which privacy advocate would reverse what our society accepts as a higher obligation? Yet the same citizens willing or eager to endorse the bowing of privacy to the thwarting of child abuse often close their eyes to this: terrorist targeting for acts resulting in massive fatalities makes the same claim on privacy as child abuse and spousal beating. The natural, security argument would be that anyone deeply involved in anti-terrorism, let alone counter-terrorism, should not be hamstrung by privacy protections that are abused by ruthless adversaries plotting against us. Reasonable people, particularly if themselves threatened or victimized in the past, will sympathize with this view. What gives reasonable people pause, though, is any skeptic's experience with giving too much license to authorities who are, after all, fallible, human, and just as likely to overstep as anyone given too much power without enough checks and balances. So, let us postulate some middle ground on the privacy debate that will answer valid conserns of skeptics without neutering legitimate efforts to thwart terrorist plots before they are realized.
Postulate 1: Suppose we agree that privacy is an important value, but not a shield behind which to carry out great harm. We then say that any governmental breach of privacy must be subject to checks and balances, and that absent those checks and balances, what surfaces as the result of a privacy breach may not be used against the individual. Period. At the same time, though, while such information may not be used for prosecution, we apply no such restraint on interdiction. In other words, if you plot to assassinate the president, blow up a school, or release sarin gas in a subway and I as a federal officer learn about it through a means that violates due process and your privacy, I may not be able to use that against you in legal proceedings. But I should definitely be able -- even obligated -- to use that information to stop the attack from taking place. After all, as George Will observed,
"Public safety is the public's business. Public authorities take the lead and some of them work at it full time. However, at all times, and especially in times like these, it is every citizen's business."
Sunday 11-4-01
Washington Post
Next we look at video surveillance, a proliferation in our industry, and a growing part of modern life. Britain, arguably the most well known employer of video surveillance in an urban setting, London, proved the societal value of exploiting CCTV to round up transit bombers in 2005 before they could turn bus and subway terrorist attacks into a campaign. A camera watching over activities that occur in public places is, according to most courts, no violation of privacy. But it is always possible that even publicly available information could be misused for personal gain. If a surveillance technician uses public cameras to stalk a former spouse or to track a future robbery victim on the way to the bank, such action would be wrong and should be punished. This brings us to,
Postulate 2: Any activity taking place in public space is by definition not private, hence subject to video surveillance. But there should be some form of check and balance, as well as an appeal and review process, to keep such surveillance from being misused.
In the final analysis, privacy can be cherished and respected without being sanctified. The same applies to surveillance for the public good. Too much of either, unchecked, creates exploitable opportunity for foul play. But a reasonable balance is possible. It takes work. Calibration in social enterprise requires an infinite capacity for monitoring the dials and making adjustments, normally small adjustments. And when a crisis occasions a major adjustment, that change should come with the safeguards of a built-in sunset provision and unbiased oversight to defend against abuse. Otherwise, as James Thurber once observed, you may as well fall flat on your face as lean over too far backwards.
– Nick Catrantzos
Out of deference to my colleagues of Special Forces pedigree, I should note that what follows relates to anti-terrorism, that is, defending against terrorists -- not counter-terrorism, or taking the fight directly to the terrorists themselves. My friends who have suffered brutal selection and induction processes for the privilege of traveling to danger zones to chase those who slaughter innocents -- these people rightly claim counter-terrorism as their preserve.
Let's begin with privacy. Is it a right, a luxury, a cloak to mask petty crime, a tool for international terrorists to use against those whom they have sworn to annihilate? Answer: Yes, depending whom you ask. In countries with a Western tradition, privacy is a value tied to the presumed sanctity of the home and natural territoriality. In such societies, we generally act as if people have a right to do as they please, in private. But how far is our society willing to support this value? Is it inviolate? Is this an absolute whose violation would spell the end of our society? One need only consider a few modern scenarios to see that even the staunchest supporters of such a position would struggle to offer a 100% defense.
Medical information merits a good deal of protection and is generally treated as among the most deserving of privacy. Yet our own laws governing health care professionals compel them to reveal the most imtimate confidences. In the face of any evidence of a violent crime or of child abuse, for example, they must alert authorities or themselves face sanctions. Which privacy advocate would reverse what our society accepts as a higher obligation? Yet the same citizens willing or eager to endorse the bowing of privacy to the thwarting of child abuse often close their eyes to this: terrorist targeting for acts resulting in massive fatalities makes the same claim on privacy as child abuse and spousal beating. The natural, security argument would be that anyone deeply involved in anti-terrorism, let alone counter-terrorism, should not be hamstrung by privacy protections that are abused by ruthless adversaries plotting against us. Reasonable people, particularly if themselves threatened or victimized in the past, will sympathize with this view. What gives reasonable people pause, though, is any skeptic's experience with giving too much license to authorities who are, after all, fallible, human, and just as likely to overstep as anyone given too much power without enough checks and balances. So, let us postulate some middle ground on the privacy debate that will answer valid conserns of skeptics without neutering legitimate efforts to thwart terrorist plots before they are realized.
Postulate 1: Suppose we agree that privacy is an important value, but not a shield behind which to carry out great harm. We then say that any governmental breach of privacy must be subject to checks and balances, and that absent those checks and balances, what surfaces as the result of a privacy breach may not be used against the individual. Period. At the same time, though, while such information may not be used for prosecution, we apply no such restraint on interdiction. In other words, if you plot to assassinate the president, blow up a school, or release sarin gas in a subway and I as a federal officer learn about it through a means that violates due process and your privacy, I may not be able to use that against you in legal proceedings. But I should definitely be able -- even obligated -- to use that information to stop the attack from taking place. After all, as George Will observed,
"Public safety is the public's business. Public authorities take the lead and some of them work at it full time. However, at all times, and especially in times like these, it is every citizen's business."
Sunday 11-4-01
Washington Post
Next we look at video surveillance, a proliferation in our industry, and a growing part of modern life. Britain, arguably the most well known employer of video surveillance in an urban setting, London, proved the societal value of exploiting CCTV to round up transit bombers in 2005 before they could turn bus and subway terrorist attacks into a campaign. A camera watching over activities that occur in public places is, according to most courts, no violation of privacy. But it is always possible that even publicly available information could be misused for personal gain. If a surveillance technician uses public cameras to stalk a former spouse or to track a future robbery victim on the way to the bank, such action would be wrong and should be punished. This brings us to,
Postulate 2: Any activity taking place in public space is by definition not private, hence subject to video surveillance. But there should be some form of check and balance, as well as an appeal and review process, to keep such surveillance from being misused.
In the final analysis, privacy can be cherished and respected without being sanctified. The same applies to surveillance for the public good. Too much of either, unchecked, creates exploitable opportunity for foul play. But a reasonable balance is possible. It takes work. Calibration in social enterprise requires an infinite capacity for monitoring the dials and making adjustments, normally small adjustments. And when a crisis occasions a major adjustment, that change should come with the safeguards of a built-in sunset provision and unbiased oversight to defend against abuse. Otherwise, as James Thurber once observed, you may as well fall flat on your face as lean over too far backwards.
– Nick Catrantzos
Subscribe to:
Posts (Atom)