The Left’s solution is wishful thinking that is willfully obtuse, while the Right’s is more defensible yet reflexively narrow. Strip their arguments of knee-jerk mantras, and both camps reveal that they haven’t thought through the problem to arrive at a workable solution. What is wrong? Both resort to emotive arguments dismissive of the kind of reason that looks at implementation challenges. In the aftermath of last week’s Sandy Hook grade school massacre, mantras and fulminations have clotted debates to dispense nonsense that will hardly make a single school more resistant to the likes of an Adam Lanza bent on murdering defenseless innocents as he did in Newtown, Connecticut. The arguments, in a nutshell, run along two lines:
Left’s Answer: Policy Folly
The Left sees in the carnage a justification to regulate guns out of existence, on the theory that banning weapons does away with the capacity of murderers to kill. Never mind that school carnage of this sort happens elsewhere with edged weapons, bombs, or any object whose weaponization awaits only the initiative of a garden variety mass murderer. The fatal flaw in this argument traces to an absurd hope that regulation will somehow defeat predators and scofflaws without regard to data and history, both of which show that any killer with the means to drive a car and strike at defenseless victims consistently goes to some lengths to choose victims who cannot return fire or are unlikely to fight back. One need look no further than a comparison of venues or a study of recent history to see that, the world over, there are many more fatalities inflicted on children, shoppers, and churchgoers than on soldiers, cops, and outlaw bikers. Coincidence? Hardly. The first group is unequipped or disinclined to return fire, while the second group is certain to strike back. Consequently, attacks against the second group invariably have a lower casualty count.
The Left’s paralogisms do not stop with regulatory maneuvers that only the innocent will follow, thereby turning themselves into sitting ducks. The second popular mantra is to simply put more police in classrooms. The folly here is that the attacker always has the advantage of surprise, and there is no intelligent way to staff and deploy an army of gunslingers whose only real duty is to outdraw a shooter who gets to pick the time, place, and weapons to use in carrying out a massacre. What happens in the real world is that such sanctioned protectors, over time, become complacent, distracted, and even counterproductive. Their management then begins to assign them other duties, ostensibly to get more value from them. This, in turn, diverts them from their primary role. The net result is that when the hour sounds, the sanctioned gunslinger is more likely to become the first victim and a source of supplementary firepower. This is a corollary of well-meaning policy solutions propounded by theorists uninhibited by any real-world experience of protecting people at risk.
Right’s Answer: More Guns but Unforeseen Consequences
The Right starts with sounder data: gun-free zones are precisely where shooters gravitate because they are goal-oriented and risk-averse, no matter how loose their grip may be on traditional measures of sanity. However, when the only answer is to arm all teachers and give them concealed weapons permits, the remedy may easily become worse than the malady. Shooters won’t hesitate to kill because they are untroubled by concerns of hitting innocent passersby. Defenders, on the other hand, cannot afford to empty a gun into a crowd in the desperate hope of stopping a shooter who is firing into the same crowd. The fatal flaw, here, is in assuming that every teacher can or should be trusted with deadly force. Considering that America boasts some of the most expensive outlays in education that correspond to the worst results in any objective measure (literacy, drop-out rate, ability to think and function), is it wise to burden this failed bureaucracy with deadly force in the classroom? In addition to spawning an epidemic of shot feet among pedagogues, such a measure would certainly backfire by drawing would-be armed robbers to classrooms in hopes of overpowering bespectacled school masters to relieve them of their guns. [This is not to say that some teachers, perhaps an important minority, could not be trusted with firearms if they qualify for a concealed weapons permit and demonstrate the wherewithal not only to handle a gun safely but to be capable of retaining it out of reach of both students and opportunistic criminals.]
Real Need: Timely Intervention without Making Things Worse
Between such extreme positions, however, there must exist reasonable middle ground that leads to a practical solution capable of immediate implementation without creating unintended consequences. The principal unintended consequences are neutering defenders by overly restrictive regulations that only constrain law-abiding citizens (since murderers don’t hesitate to violate gun control laws) or posing unanticipated danger to the ones being defended by virtue of inadvertently increasing the odds for collateral casualties or for deadly weapons falling into the wrong hands. What is the solution?
Tasers for Teachers
Equip teachers with nonlethal tasers that can incapacitate without killing. Ideally, make these the taser equivalent of a laser-guided derringer which gives two shots and projects a red dot to guide taser darts to their target. Make this taser small, to enhance concealment and promote keeping it close at hand. Note that this implementation contrasts with the counsel of some right-leaning, pro-gun advocates who champion the idea of keeping a handgun locked in a car or other container – a useful precaution against theft or misuse but a serious security flaw if the effort to retrieve the weapon means giving a killer time to shoot more victims in the meanwhile.
How would this work? In Sandy Hook, consider the teachers and administrators first confronting Lanza, or even the heroic teacher who hid her pupils and told Lanza they were in the gym before he shot her to death. Any or, hopefully, at least two or three would have had a taser to use to stop the shooter from reaching the children. If one teacher managed to tase Lanza, another could have then also tased him again while the rest removed his weapons and summoned authorities. The advantage of a taser is that it can function as a stun gun without having to fire its darts. So the teachers could have stunned Lanza as much as they had to if they had trouble subduing him.
What are the other advantages to this approach? Tasers are not lethal. Sure, there are occasional allegations that they can be abused to the detriment of individuals with unrecognized medical infirmities and the like. Such cases are not only statistically rare, however. They are relatively insignificant in the context of thwarting a school shooter. A taser like this will not travel much more than 15 feet, while a bullet could travel up to a mile. Thus innocent bystanders are unlikely to be struck by a taser fired at a shooter, and if they do get in its path, the damage is insignificant compared to taking a bullet. Teachers who may hesitate to carry firearms and fear carrying them because of their inherent lethality, should find tasers much more user friendly. Moreover, thanks to advances in taggant technology, every taser fired now dispenses identifying, confetti-like traces at the scene. This innovation enables authorities to match the traces to each individual taser, which in turn leads to identifying its owner. The net result is a built-in audit trail that discourages abuse of the device. Tasers, even if used improperly, are much more forgiving than firearms. They just don’t enable the average user to shoot off feet or send people to the hospital or morgue. The taggant characteristic makes them less attractive for criminals to steal, because tasers supply a faster and more precise trace than ballistics do for guns.
The taser option offers anodynes for the Left and Right without playing to extreme agendas. A taser is not a firearm. (Look it up, according to the ATF definition of what constitutes a firearm.) It is designed as a defensive weapon, and its limited range means that innocent people can outrun it while attackers closing in on a target can still be stopped. For the Left, the taser option allows redirecting the policy impulse to find ways to increase the safety of defensive tools without denying them to the people one wants to protect. For the Right, this option allows potential targets to take a hand in their own protection instead of being sitting ducks or victims-in-waiting. There are no guns to argue over, in any case.
Threat denial is no longer an option. Nor is it realistic to wait for more law enforcement or more regulation to somehow throttle the predatory impulses of killers whose psyche awaits post-mortem dissection while body counts keep increasing.
Tasers for teachers? Why not? If we implement today, tomorrow’s only question will be, “What took them so long?”
-- Nick Catrantzos
Thursday, December 20, 2012
Sunday, December 2, 2012
Beware Villains and Varlets
Especially varlets. The rigors of rudimentary upbringing inculcate in most of us a healthy caution against villains, or the kind of uncouth, dangerous adversaries who mean us harm and will not hesitate to incapacitate or kill for no ostensible provocation. Result? Those of us who survive into a relatively successful adulthood learn to spot villains and to avoid them. At least we don't seek them out. When was the last time you ambled drunk into a biker bar and chose that moment to hold forth that, unlike vacuum cleaners, motorcycles position the dirt bag on top of the machine rather than underneath it? If you are reasonably sane and unbedeviled by a death wish, the answer should be never.
Now, villains always pose a danger. For the most part, however, the danger is manageable. We can see it coming and can therefore avoid it. Not so with varlets.
Varlets are the lesser scoundrels raging through every sphere of life like a pestilence. They seldom present the kind of cutthroat, terror-inducing danger reserved for villains. Indeed, varlets tend to appear innocuous or so anemic as to be comical. Does this make them less dangerous? Perhaps or at least initially it does. But there is more to this encounter.
If a varlet may indeed both seem and actually be, to all appearances, harmless, this means that the varlet is all but certain to have an easier time penetrating our defenses. He or she may ingratiate, fawn, amuse, or just weasel into our circle of trust. Often the varlet operates best just outside this circle of trust, making occasional thrusts inward when defenses are down or incentives are up. The varlet achieves by guile what the villain attains by force: personal advantage at your expense. He may even look as cuddly and lovable as a panda that ends up eating all your bamboo (see photo above).
As holidays approach and seasonal celebrations amplify bonhomie, beware the villains and varlets, especially the varlets. This is their high season, and your lowered guard is their invitation to strike. Purloined presents, burgled homes, vanishing company assets, and even more harmful attacks during periods of minimal staffing and maximal distraction are their stock in trade. Leave these varlets unchecked, and soon their impact will be indistinguishable from that of true villains.
Happy holidays.
-- Nick Catrantzos
Now, villains always pose a danger. For the most part, however, the danger is manageable. We can see it coming and can therefore avoid it. Not so with varlets.
Varlets are the lesser scoundrels raging through every sphere of life like a pestilence. They seldom present the kind of cutthroat, terror-inducing danger reserved for villains. Indeed, varlets tend to appear innocuous or so anemic as to be comical. Does this make them less dangerous? Perhaps or at least initially it does. But there is more to this encounter.
If a varlet may indeed both seem and actually be, to all appearances, harmless, this means that the varlet is all but certain to have an easier time penetrating our defenses. He or she may ingratiate, fawn, amuse, or just weasel into our circle of trust. Often the varlet operates best just outside this circle of trust, making occasional thrusts inward when defenses are down or incentives are up. The varlet achieves by guile what the villain attains by force: personal advantage at your expense. He may even look as cuddly and lovable as a panda that ends up eating all your bamboo (see photo above).
As holidays approach and seasonal celebrations amplify bonhomie, beware the villains and varlets, especially the varlets. This is their high season, and your lowered guard is their invitation to strike. Purloined presents, burgled homes, vanishing company assets, and even more harmful attacks during periods of minimal staffing and maximal distraction are their stock in trade. Leave these varlets unchecked, and soon their impact will be indistinguishable from that of true villains.
Happy holidays.
-- Nick Catrantzos
Sunday, November 11, 2012
Saturday, October 13, 2012
Security Technology Never Enough
Security technology alone rarely suffices to defeat every threat, for the same reason that unconsidered infusions of more guards or more money won’t work either. The challenge is too great to dismiss with an easy solution. Besides, the threat usually strikes with some element of surprise. And the more serious the adversary, the greater the attacker’s reliance on surprise to assure victory over defenses.
Like other countermeasures, security technology struggles to keep pace with surprise – no matter how valiant the deployment of its most advanced capabilities. The best defensive technology shares this quality with the worst threat: both are always in beta. They adapt and keep getting better.
Here is a typical sequence. An intrusion alarm reveals itself vulnerable to malfunctioning in wind or rain, so a crafty intruder times strikes to coincide with foul weather or causes so many nuisance alarms attributable to weather that defenders shunt them all and leave a hole in their defenses. Technology vendors look inward to counter this tactic, however, hence the addition of secondary sensors. Now, instead of the same alarm activating upon detecting a windblown tumbleweed, it takes the tripping of an additional sensor – say an infrared detector of body heat – to be triggered in tandem with the original motion sensor before the system annunciates an intrusion alarm. Consequently, an adaptive intruder figures out how to mask heat signature or how to introduce field animals into the protected area to create more nuisance alarms, and the technology contest of thrust and parry goes on and on. Innovation from the defender camp spawns innovation from the aggressor camp, and vice versa.
To the technology aficionado, this soon becomes an ongoing contest where the irresistible temptation leads to the narrow view that defines success in terms of finding and installing the latest security technology faster than adversaries can defeat it. Reality, however, outpaces this approach and reveals it for the illusion that burdens any utopian quest.
One day the sophisticated, costly security system designed to thwart an evil genius ends up compromised by a staggering drunk who stumbles undetected into the protected area to relieve himself. Humiliation ensues. Tempers flare. How could this happen? Next comes a media frenzy accompanied by executive efforts to point the accusing finger of blame. Should the security technology be scrapped and its adherents held to public scorn? Not at all. Why not?
The shortfall is more likely a consequence that is less the fault of the technology than of failures in integrating security devices into a larger security program that the organization’s employees and management actively support. Perhaps a sensor did fail, but it is more common for failure analysis to uncover other, systemic deficiencies.
For example, one vendor may have had a contract to install intrusion alarms while a separate provider – or even in-house staff – had responsibility for supplying surveillance cameras that functioned independently of the intrusion detection system. Result? Rather than working together seamlessly to cause a camera to home in automatically on the area under suspicion at the first activation of an intrusion sensor, the protocol in place calls for a camera operator to manually point the camera in the direction of the suspected penetration. This loses valuable detection time.
Alternatively, the security technology budget ended up paying for so many cameras that no one thought to reserve enough money for a security control room or state-of-the-art monitoring facility. Thus, the image from that alarm point went to a small monitor competing to display images from all the 200 or so other surveillance cameras on site. To make matters worse, an always-beeping alarm panel may have so desensitized the person monitoring this activity that he or she must reflexively shunt alarms before investigating them – just to curb ambient noise and to permit concentration. Worse still, budget economies may have resulted in having this security function performed by a system operator or network administrator as an additional duty that takes lower priority over core business. Thus, if the operator had to make a critical flow change or load shift at the same time as the intrusion alarm went off, the latter would have a lesser claim on attention spans. After all, the operational demands of the core business have to come first. Otherwise, it makes no justifiable sense to give priority to securing an operation whose core needs one may have just neglected to the point of causing more damage than an attack would inflict.
More commonly still, there is often a poor balance between security technology and effective staffing to make the most of the technological dividends. Who is watching the alarms and surveillance cameras? Are they properly trained? Do they have clearly assigned roles? Or do so many people have the capability to view such feeds remotely that no one has responsibility for doing so on a regular basis? Regardless of the training and vigilance of the assigned staff, is the assignment of the job such that one lone individual has to monitor all cameras and alarms for an entire work shift? Such deployments are distressingly common and equally misguided.
A study of control rooms by the Government Accountability Office noted that the most that the average mortal can devote to monitoring such things as surveillance cameras without missing significant activity is not an entire work shift but 20 minutes. The job is at once “boring and mesmerizing” [Source: Keith A. Rhodes, Chief Technologist, National Preparedness: Technologies to Secure Public Buildings, Testimony Before the Subcommittee on Technology and Procurement Policy, Committee on Government Reform, House of Representatives, Washington DC, GAO-020687T, April 25, 2002, p. 65].
Informed security operations address the foregoing vulnerability by rotating monitoring duties between employees several times during a shift. Many aren’t informed.
Systemic security failures are seldom the sole fault of technology. There tend to be contributing factors. Look for flawed integration of technology, staffing, and resources as likely culprits, even if they are unwitting contributors to a debacle. Don't blame technology for implementation failures.
-- Nick Catrantzos
Like other countermeasures, security technology struggles to keep pace with surprise – no matter how valiant the deployment of its most advanced capabilities. The best defensive technology shares this quality with the worst threat: both are always in beta. They adapt and keep getting better.
Here is a typical sequence. An intrusion alarm reveals itself vulnerable to malfunctioning in wind or rain, so a crafty intruder times strikes to coincide with foul weather or causes so many nuisance alarms attributable to weather that defenders shunt them all and leave a hole in their defenses. Technology vendors look inward to counter this tactic, however, hence the addition of secondary sensors. Now, instead of the same alarm activating upon detecting a windblown tumbleweed, it takes the tripping of an additional sensor – say an infrared detector of body heat – to be triggered in tandem with the original motion sensor before the system annunciates an intrusion alarm. Consequently, an adaptive intruder figures out how to mask heat signature or how to introduce field animals into the protected area to create more nuisance alarms, and the technology contest of thrust and parry goes on and on. Innovation from the defender camp spawns innovation from the aggressor camp, and vice versa.
To the technology aficionado, this soon becomes an ongoing contest where the irresistible temptation leads to the narrow view that defines success in terms of finding and installing the latest security technology faster than adversaries can defeat it. Reality, however, outpaces this approach and reveals it for the illusion that burdens any utopian quest.
One day the sophisticated, costly security system designed to thwart an evil genius ends up compromised by a staggering drunk who stumbles undetected into the protected area to relieve himself. Humiliation ensues. Tempers flare. How could this happen? Next comes a media frenzy accompanied by executive efforts to point the accusing finger of blame. Should the security technology be scrapped and its adherents held to public scorn? Not at all. Why not?
The shortfall is more likely a consequence that is less the fault of the technology than of failures in integrating security devices into a larger security program that the organization’s employees and management actively support. Perhaps a sensor did fail, but it is more common for failure analysis to uncover other, systemic deficiencies.
For example, one vendor may have had a contract to install intrusion alarms while a separate provider – or even in-house staff – had responsibility for supplying surveillance cameras that functioned independently of the intrusion detection system. Result? Rather than working together seamlessly to cause a camera to home in automatically on the area under suspicion at the first activation of an intrusion sensor, the protocol in place calls for a camera operator to manually point the camera in the direction of the suspected penetration. This loses valuable detection time.
Alternatively, the security technology budget ended up paying for so many cameras that no one thought to reserve enough money for a security control room or state-of-the-art monitoring facility. Thus, the image from that alarm point went to a small monitor competing to display images from all the 200 or so other surveillance cameras on site. To make matters worse, an always-beeping alarm panel may have so desensitized the person monitoring this activity that he or she must reflexively shunt alarms before investigating them – just to curb ambient noise and to permit concentration. Worse still, budget economies may have resulted in having this security function performed by a system operator or network administrator as an additional duty that takes lower priority over core business. Thus, if the operator had to make a critical flow change or load shift at the same time as the intrusion alarm went off, the latter would have a lesser claim on attention spans. After all, the operational demands of the core business have to come first. Otherwise, it makes no justifiable sense to give priority to securing an operation whose core needs one may have just neglected to the point of causing more damage than an attack would inflict.
More commonly still, there is often a poor balance between security technology and effective staffing to make the most of the technological dividends. Who is watching the alarms and surveillance cameras? Are they properly trained? Do they have clearly assigned roles? Or do so many people have the capability to view such feeds remotely that no one has responsibility for doing so on a regular basis? Regardless of the training and vigilance of the assigned staff, is the assignment of the job such that one lone individual has to monitor all cameras and alarms for an entire work shift? Such deployments are distressingly common and equally misguided.
A study of control rooms by the Government Accountability Office noted that the most that the average mortal can devote to monitoring such things as surveillance cameras without missing significant activity is not an entire work shift but 20 minutes. The job is at once “boring and mesmerizing” [Source: Keith A. Rhodes, Chief Technologist, National Preparedness: Technologies to Secure Public Buildings, Testimony Before the Subcommittee on Technology and Procurement Policy, Committee on Government Reform, House of Representatives, Washington DC, GAO-020687T, April 25, 2002, p. 65].
Informed security operations address the foregoing vulnerability by rotating monitoring duties between employees several times during a shift. Many aren’t informed.
Systemic security failures are seldom the sole fault of technology. There tend to be contributing factors. Look for flawed integration of technology, staffing, and resources as likely culprits, even if they are unwitting contributors to a debacle. Don't blame technology for implementation failures.
-- Nick Catrantzos
Thursday, October 4, 2012
Benghazi Consulate Gaps: OPSEC Savvy and Boogie Plans
While American media preoccupies itself with presidential debate discussions, news from Libya goes unremarked of the toll of an ill-prepared diplomatic post. Specifically, as suggests a thoughtful of interpretation of the latest news (available at http://m.washingtonpost.com/world/middle_east/sensitive-documents-left-behind-at-american-mission-in-libya/2012/10/03/11911498-0d7e-11e2-bd1a-b868e65d57eb_story.html ), it is becoming increasingly clear that American consular staff in volatile Benghazi proved unforgivably overmatched in two areas.
One glaring area, as the foregoing news revealed, was in operational security, or OPSEC. Underscored by bushels of exploitable and sensitive records left untended, the consulate in its ruins became as useful to American adversaries as it is worthless to American diplomats. Strewn among the bombed-out rubble are lists and identifying information of Libyan employees and other local nationals who provided useful service to the American mission in this country. Personal details of American staff are or were also unsecured, hence CNN’s ready access to the office calendar of slain Ambassador Stevens. Analytical observers may only speculate on what more revealing documents and records have already found their way into enemy hands that were too full to bother with the ambassador’s calendar as they went scavenging through the ruins in the immediate aftermath of the Benghazi attack of 9/11/12. So, item one is a flagrant breach of basic OPSEC which would instruct diplomatic staff in volatile regions to minimize the quantity of sensitive records on hand and to secure or destroy that bare minimum at the first sign of hostilities.
Even 30 years ago, the takeover of the US Embassy in Teheran found our overseas staff making a better effort to purge sensitive documents in the face of imminent attack. Only given the availability of today’s advances in encryption and digital data storage, it is nothing short of astonishing for paper records such as those compromised in Benghazi not to have been all but virtually eliminated in favor of safeguarding the same data as electronic files whose deletion could be handled instantaneously or even remotely without waiting for another salvo of assault rifle and rocket-propelled grenade.
The second apparent deficiency complements a much touted security shortfall: the apparent absence of a well thought-out and properly executed contingency plan for evading lethal attackers. Some old hands in operations call this a boogie plan. Its purpose is to lay out in advance carefully vetted options for evading and escaping from hostile natives so as to save lives and prevent the compromise of sensitive activities. If there was a boogie plan in Benghazi, it either fell apart because of betrayal to the attackers themselves, or its intended beneficiaries failed to act on it before it was too late.
One need go no further than to re-read Mark Bowden’s 2006 Guests of the Ayatollah to see that such gaps and more came to the surface as a result of the Iranian takeover of the US Embassy in Teheran as the 1970s ended and the 1980s began. Since those tumultuous days, the State Department’s Bureau of Diplomatic Security has grown and evolved considerably, to the point of either employing or having access to a cadre of security professionals who could easily address such gaps. Recent events, however, make one wonder: Is the expertise on OPSEC and boogie plans altogether missing, or is that expertise going unheeded by higher echelons whose panjandrums think themselves above these prosaic details that save lives and safeguard operations?
-- Nick Catrantzos
One glaring area, as the foregoing news revealed, was in operational security, or OPSEC. Underscored by bushels of exploitable and sensitive records left untended, the consulate in its ruins became as useful to American adversaries as it is worthless to American diplomats. Strewn among the bombed-out rubble are lists and identifying information of Libyan employees and other local nationals who provided useful service to the American mission in this country. Personal details of American staff are or were also unsecured, hence CNN’s ready access to the office calendar of slain Ambassador Stevens. Analytical observers may only speculate on what more revealing documents and records have already found their way into enemy hands that were too full to bother with the ambassador’s calendar as they went scavenging through the ruins in the immediate aftermath of the Benghazi attack of 9/11/12. So, item one is a flagrant breach of basic OPSEC which would instruct diplomatic staff in volatile regions to minimize the quantity of sensitive records on hand and to secure or destroy that bare minimum at the first sign of hostilities.
Even 30 years ago, the takeover of the US Embassy in Teheran found our overseas staff making a better effort to purge sensitive documents in the face of imminent attack. Only given the availability of today’s advances in encryption and digital data storage, it is nothing short of astonishing for paper records such as those compromised in Benghazi not to have been all but virtually eliminated in favor of safeguarding the same data as electronic files whose deletion could be handled instantaneously or even remotely without waiting for another salvo of assault rifle and rocket-propelled grenade.
The second apparent deficiency complements a much touted security shortfall: the apparent absence of a well thought-out and properly executed contingency plan for evading lethal attackers. Some old hands in operations call this a boogie plan. Its purpose is to lay out in advance carefully vetted options for evading and escaping from hostile natives so as to save lives and prevent the compromise of sensitive activities. If there was a boogie plan in Benghazi, it either fell apart because of betrayal to the attackers themselves, or its intended beneficiaries failed to act on it before it was too late.
One need go no further than to re-read Mark Bowden’s 2006 Guests of the Ayatollah to see that such gaps and more came to the surface as a result of the Iranian takeover of the US Embassy in Teheran as the 1970s ended and the 1980s began. Since those tumultuous days, the State Department’s Bureau of Diplomatic Security has grown and evolved considerably, to the point of either employing or having access to a cadre of security professionals who could easily address such gaps. Recent events, however, make one wonder: Is the expertise on OPSEC and boogie plans altogether missing, or is that expertise going unheeded by higher echelons whose panjandrums think themselves above these prosaic details that save lives and safeguard operations?
-- Nick Catrantzos
Wednesday, September 12, 2012
Libya and the Line of Death
When we forget that big talk carries little weight outside of American politics, the savage murder of our ambassador in Libya reminds us otherwise. In the world at large, violence and hate don't evaporate at the sound of mellifluous words from politicians urging tolerance and deploring misunderstandings while sympathizing with attacker motivations. Thugs stop barbaric acts when you give them a compelling reason. Period.
Now, there are demonstrations and demonstrations. One kind of demonstration is a protest. It can range from a vocal expression of concern to a mob riot, or a thinly veiled assault on a Goliath whose penchant for restraint and obsession with looking like a nice guy assure he won't raise a hand against a mosquito let alone a David bent on felling him with any weapon at hand. At least, this Goliath, America, can be relied upon to keep his own hands tied when courting public opinion on the world stage. But there is another kind of demonstration, and Libya knows and respects it.
This other demonstration is about drawing lines. Libya proved a fast learner in 1986 -- not so long ago that its current citizenry could have entirely forgotten. America administered the lesson as a demonstration of cause and effect.
The Cause
Qaddafi or his surrogates, Libyans, caused the bombing of a disco American servicemen were known to frequent in Germany. Americans died. Confident they could strike and feel no consequences beyond trite expressions of outrage, the Libyans struck.
Insurance: Line of Death
Just to be sure no physical consequences attended the bombing, Qaddafi took the stage at the sign of a US military presence offshore. He proclaimed a "line of death," and announced that an American crossing of that line would lead to devastating consequences for any American who dared to cross.
What Happened
We dared. President Reagan wasted no breath trading broadcasts with Libya's dictator. America bombed Libya. One of Qaddafi's sons died, and Qaddifi himself had a very close call. Evidently, no one ever explained it to him this way before.
Effect
Libya backed down, and the line of death dissolved into a dotted line of rhetorical spittle. There may have been more other events, but Qaddafi was definitely chastened. Another under-reported and often forgotten demonstration of realpolitik from Libya came when the US invaded Iraq. Guess which traditional adversary was the first to renounce weapons of mass destruction and start currying favor with the West in general and America in particular? That's right, Libya. We saw that even the most ardent foe of doubtful sanity can still figure out when not to make the wrong enemies.
Application
We need to be the wrong enemy -- for Libya, for Eypt, and for any other state-sanctioned savage who presumes to threaten American sovereignty. After all, an embassy is supposed to be sovereign territory, and one of the first obligations of diplomacy is for a host country to make it safe for the embassies of foreign countries. Would America or any other civilized nation stand languidly by while self-styled protestors stormed a foreign embassy or fired on diplomats? Of course not.
Lines to Draw
There are many ways to react, but only a few that show we are serious and that reach the savages whose thirst for American blood embraces any pretext.
One is to immediately withdraw any funding that goes to Libya or Egypt. This communicates to the political leadership of those states that we do not accept their excuses for violating international obligations to defend embassies. Another serious subset of such a measure could be a blockade of Libyan oil tankers, just to get their attention.
Two is to forcefully make perpetrators pay. Exact a clear, visible price that makes it unquestionably too punitive to assassinate Americans the way Libyans did yesterday. Rhetoric not only falls flat. It makes us look weak and irresolute. Wake and unleash the sleeping giant. Involve American warriors and give Libyans an unambiguous demonstration of what Goliath can do. One example would be to establish a visible cordon sanitaire around our embassy, enforcing it with C-130 and helicopter gunships and US Marines and diplomatic security staff authorized to defend themselves by shooting back. It is an international language that even barbarians understand. Translations would be optional.
Any country with the might of the United States can arrange a show of force. But its value becomes inconsequential if the force is only for show. A demonstration is clearly in order.
-- Nick Catrantzos
Now, there are demonstrations and demonstrations. One kind of demonstration is a protest. It can range from a vocal expression of concern to a mob riot, or a thinly veiled assault on a Goliath whose penchant for restraint and obsession with looking like a nice guy assure he won't raise a hand against a mosquito let alone a David bent on felling him with any weapon at hand. At least, this Goliath, America, can be relied upon to keep his own hands tied when courting public opinion on the world stage. But there is another kind of demonstration, and Libya knows and respects it.
This other demonstration is about drawing lines. Libya proved a fast learner in 1986 -- not so long ago that its current citizenry could have entirely forgotten. America administered the lesson as a demonstration of cause and effect.
The Cause
Qaddafi or his surrogates, Libyans, caused the bombing of a disco American servicemen were known to frequent in Germany. Americans died. Confident they could strike and feel no consequences beyond trite expressions of outrage, the Libyans struck.
Insurance: Line of Death
Just to be sure no physical consequences attended the bombing, Qaddafi took the stage at the sign of a US military presence offshore. He proclaimed a "line of death," and announced that an American crossing of that line would lead to devastating consequences for any American who dared to cross.
What Happened
We dared. President Reagan wasted no breath trading broadcasts with Libya's dictator. America bombed Libya. One of Qaddafi's sons died, and Qaddifi himself had a very close call. Evidently, no one ever explained it to him this way before.
Effect
Libya backed down, and the line of death dissolved into a dotted line of rhetorical spittle. There may have been more other events, but Qaddafi was definitely chastened. Another under-reported and often forgotten demonstration of realpolitik from Libya came when the US invaded Iraq. Guess which traditional adversary was the first to renounce weapons of mass destruction and start currying favor with the West in general and America in particular? That's right, Libya. We saw that even the most ardent foe of doubtful sanity can still figure out when not to make the wrong enemies.
Application
We need to be the wrong enemy -- for Libya, for Eypt, and for any other state-sanctioned savage who presumes to threaten American sovereignty. After all, an embassy is supposed to be sovereign territory, and one of the first obligations of diplomacy is for a host country to make it safe for the embassies of foreign countries. Would America or any other civilized nation stand languidly by while self-styled protestors stormed a foreign embassy or fired on diplomats? Of course not.
Lines to Draw
There are many ways to react, but only a few that show we are serious and that reach the savages whose thirst for American blood embraces any pretext.
One is to immediately withdraw any funding that goes to Libya or Egypt. This communicates to the political leadership of those states that we do not accept their excuses for violating international obligations to defend embassies. Another serious subset of such a measure could be a blockade of Libyan oil tankers, just to get their attention.
Two is to forcefully make perpetrators pay. Exact a clear, visible price that makes it unquestionably too punitive to assassinate Americans the way Libyans did yesterday. Rhetoric not only falls flat. It makes us look weak and irresolute. Wake and unleash the sleeping giant. Involve American warriors and give Libyans an unambiguous demonstration of what Goliath can do. One example would be to establish a visible cordon sanitaire around our embassy, enforcing it with C-130 and helicopter gunships and US Marines and diplomatic security staff authorized to defend themselves by shooting back. It is an international language that even barbarians understand. Translations would be optional.
Any country with the might of the United States can arrange a show of force. But its value becomes inconsequential if the force is only for show. A demonstration is clearly in order.
-- Nick Catrantzos
Sunday, September 2, 2012
Cronies Like Barr Threaten ICE Competence
The security threat beneath the resignation of Immigration and Customs Enforcement’s chief of staff Suzanne Barr goes far beyond allegations of her cultivation of a frat-house milieu brimming with salacious humor and sexual harassment of subordinates. Media sound bites, of course, draw attention to the latter. (See for example a popular version of the announcement of Barr’s resignation in the wake of a civil suit brought against DHS Secretary Napolitano in http://www.nydailynews.com/news/politics/suzanne-barr-top-obama-administration-official-quits-post-ice-chief-staff-sex-harassment-allegations-article-1.1149734 )
To uncover the real story that relates to how ICE management went about harming the organization from within, one must examine the civil complaint filed May 21, 2012 in the U.S District Court for the District of Columbia (available in many news stories and often tracing to early online availability via inveterate DHS critic D. Schlussel on her web site, www.DebbieSchlussel.com). The real story is about elevating phonies and cronies while simultaneously driving out ostensibly capable career managers.
Now anyone with modest experience of hierarchies and organizational life knows that there is an accepted way to reward one’s loyal myrmidons without needless bloodshed that enfeebles the organization. Barr’s ouster from ICE flies in the face of such traditions. It points at a fatal flaw in exposing ICE and perhaps DHS to serious reversals in whatever competence the institutions could claim in the past. The less eye-catching but no less deplorable underpinnings of the civil suit trace a pattern of abuse whereby two Napolitano cronies ostensibly ill-prepared for senior leadership positions were elevated into them with blatant disregard for a plaintiff. The latter, one James Hayes, was by all accounts competently discharging an executive role until Crony 1, Dora Schriro, was inserted into the organization as a “Special Advisor” to DHS Secretary Napolitano before gradually supplanting Hayes for no objectively supported justification.
A 15-year employee who worked his way up in the immigration and customs enforcement field, Hayes found himself marginalized and pressured to accept demotion or relocation to make room for Shriro. Approached by the senior in his chain of command, ICE Director John Morton, to negotiate his voluntary departure from the scene, Hayes agreed to take a reassignment back to a field office from which he came, asking for the kind of relocation assistance that would keep him whole, since he had moved to Washington D.C. relatively recently to accept his last promotion. Morton apparently began by agreeing to work with Hayes to this end but ultimately turned on him. What followed were a series of unprofessional actions against Hayes, ranging from pushing him out of business meetings to make way for Shriro to imposing financial hardship by forcing an out-of-town transfer without financial assistance. This caused substantial financial hardship for Hayes, who had to sell his home at a loss. Meanwhile, as he tried to appeal such actions within the system, he evidently encountered threats to be transferred farther still and had several punitive investigations opened or reopened against him, apparently as a way of dissuading him from pursuing his grievances more formally. In the end, all these investigations closed without finding Hayes culpable of any of the alleged misdeeds. Some of the investigations had already been closed out or rejected previously, but they were reopened and reinvestigated again, thus apparently supporting Hayes’ claim that these were retaliatory rather than substantive.
Here is where Suzanne Barr comes into the fray. She was Crony 2. Like Crony 1, Barr’s principal qualification for a senior position in ICE appeared to be previous work for Janet Napolitano when the latter was a politician in Arizona. Crony 2 was junior to Crony 1, so why is Crony 2 resigning under pressure? As it happens, Crony 1 is already gone from ICE and DHS. New York’s current mayor found her a sinecure. So, Crony 2 was still in place to absorb the heat. More importantly, though, acts of blatant professional misconduct trace more indelibly to Crony 2 than to Crony 1. You see, Crony 2 was the one who threatened to transfer Hayes to San Juan, Puerto Rico, from D.C. if he did not stop making a fuss. She was also overheard probing for ways to force him out of the organization. Consequently, in addition to her callow high jinks involving bawdy humor, sexual innuendo, and puerile bully tactics targeting male subordinates, Ms. Barr, Crony 2, is identifiable in taking a hand in a number of ethically challenged maneuvers calculated at forcing an otherwise competent civil servant out of office. Meanwhile another patron, ICE Director Morton created two senior-level positions to fill with his own cronies while denying Hayes such a position for a lateral move. Morton also gave these cronies generous relocation bonuses at the same time that he was denying Hayes’s requests for cost reimbursements to offset the costs of his own forced relocation.
The Security Ramifications
As wasteful as a traditional spoils system may be, at least it generally stops short of stripping the organization of its competence. By keeping credentialed talent whole and on board, even if sidelined, one at least retains the capacity to call such talent to action when the hour sounds. By contrast, ham-handedly forcing out such talent to make room for inexperienced, bullying cronies inflicts double harm. If there is an emergency, the organization will falter because it has neutered itself by gutting its talent pool. At the same time, with the career catapulting of callow crony corporals over credentialed captains, the organization tells its employees that it holds high positions in relative disregard. Otherwise, competence would not count so little when qualifying for high office. Thus, in the long run, patronage becomes the sole path to advancement.
Is this unique to Secretary Napolitano? Hardly. One may argue that Rudy Giuliani succumbed to the same weakness in promoting as a candidate for Napolitano’s job Bernard Kerik, whose main if not only credential traced to having a history of working for America’s mayor. (A colleague who once spent time in a combat zone to assist with teaching American policing to interested Iraqis recalled how Kerik, on a similar assignment, was disinclined to leave his limousine or quarters, and was just going through the motions of foreign assistance for whatever resume value this brought. But perhaps there is more to the story.) Similarly, in the private sector, one need look no further than to Jack Welch to wonder whether his hand-picked successor, Jeffrey Immelt, ever approximated or will even approach the competence of his patron.
All that the Shriro, Kerik, Immelt, and Barr examples repeatedly establish is that hand-picked henchmen and sycophants seldom deliver the same value as their more powerful patrons. Indeed, if there is anything these beneficiaries of patronage do consistently, it is to let down the people and institutions promoting them.
As the French intone, plus ça change plus c'est la même chose.
-- Nick Catrantzos
To uncover the real story that relates to how ICE management went about harming the organization from within, one must examine the civil complaint filed May 21, 2012 in the U.S District Court for the District of Columbia (available in many news stories and often tracing to early online availability via inveterate DHS critic D. Schlussel on her web site, www.DebbieSchlussel.com). The real story is about elevating phonies and cronies while simultaneously driving out ostensibly capable career managers.
Now anyone with modest experience of hierarchies and organizational life knows that there is an accepted way to reward one’s loyal myrmidons without needless bloodshed that enfeebles the organization. Barr’s ouster from ICE flies in the face of such traditions. It points at a fatal flaw in exposing ICE and perhaps DHS to serious reversals in whatever competence the institutions could claim in the past. The less eye-catching but no less deplorable underpinnings of the civil suit trace a pattern of abuse whereby two Napolitano cronies ostensibly ill-prepared for senior leadership positions were elevated into them with blatant disregard for a plaintiff. The latter, one James Hayes, was by all accounts competently discharging an executive role until Crony 1, Dora Schriro, was inserted into the organization as a “Special Advisor” to DHS Secretary Napolitano before gradually supplanting Hayes for no objectively supported justification.
A 15-year employee who worked his way up in the immigration and customs enforcement field, Hayes found himself marginalized and pressured to accept demotion or relocation to make room for Shriro. Approached by the senior in his chain of command, ICE Director John Morton, to negotiate his voluntary departure from the scene, Hayes agreed to take a reassignment back to a field office from which he came, asking for the kind of relocation assistance that would keep him whole, since he had moved to Washington D.C. relatively recently to accept his last promotion. Morton apparently began by agreeing to work with Hayes to this end but ultimately turned on him. What followed were a series of unprofessional actions against Hayes, ranging from pushing him out of business meetings to make way for Shriro to imposing financial hardship by forcing an out-of-town transfer without financial assistance. This caused substantial financial hardship for Hayes, who had to sell his home at a loss. Meanwhile, as he tried to appeal such actions within the system, he evidently encountered threats to be transferred farther still and had several punitive investigations opened or reopened against him, apparently as a way of dissuading him from pursuing his grievances more formally. In the end, all these investigations closed without finding Hayes culpable of any of the alleged misdeeds. Some of the investigations had already been closed out or rejected previously, but they were reopened and reinvestigated again, thus apparently supporting Hayes’ claim that these were retaliatory rather than substantive.
Here is where Suzanne Barr comes into the fray. She was Crony 2. Like Crony 1, Barr’s principal qualification for a senior position in ICE appeared to be previous work for Janet Napolitano when the latter was a politician in Arizona. Crony 2 was junior to Crony 1, so why is Crony 2 resigning under pressure? As it happens, Crony 1 is already gone from ICE and DHS. New York’s current mayor found her a sinecure. So, Crony 2 was still in place to absorb the heat. More importantly, though, acts of blatant professional misconduct trace more indelibly to Crony 2 than to Crony 1. You see, Crony 2 was the one who threatened to transfer Hayes to San Juan, Puerto Rico, from D.C. if he did not stop making a fuss. She was also overheard probing for ways to force him out of the organization. Consequently, in addition to her callow high jinks involving bawdy humor, sexual innuendo, and puerile bully tactics targeting male subordinates, Ms. Barr, Crony 2, is identifiable in taking a hand in a number of ethically challenged maneuvers calculated at forcing an otherwise competent civil servant out of office. Meanwhile another patron, ICE Director Morton created two senior-level positions to fill with his own cronies while denying Hayes such a position for a lateral move. Morton also gave these cronies generous relocation bonuses at the same time that he was denying Hayes’s requests for cost reimbursements to offset the costs of his own forced relocation.
The Security Ramifications
As wasteful as a traditional spoils system may be, at least it generally stops short of stripping the organization of its competence. By keeping credentialed talent whole and on board, even if sidelined, one at least retains the capacity to call such talent to action when the hour sounds. By contrast, ham-handedly forcing out such talent to make room for inexperienced, bullying cronies inflicts double harm. If there is an emergency, the organization will falter because it has neutered itself by gutting its talent pool. At the same time, with the career catapulting of callow crony corporals over credentialed captains, the organization tells its employees that it holds high positions in relative disregard. Otherwise, competence would not count so little when qualifying for high office. Thus, in the long run, patronage becomes the sole path to advancement.
Is this unique to Secretary Napolitano? Hardly. One may argue that Rudy Giuliani succumbed to the same weakness in promoting as a candidate for Napolitano’s job Bernard Kerik, whose main if not only credential traced to having a history of working for America’s mayor. (A colleague who once spent time in a combat zone to assist with teaching American policing to interested Iraqis recalled how Kerik, on a similar assignment, was disinclined to leave his limousine or quarters, and was just going through the motions of foreign assistance for whatever resume value this brought. But perhaps there is more to the story.) Similarly, in the private sector, one need look no further than to Jack Welch to wonder whether his hand-picked successor, Jeffrey Immelt, ever approximated or will even approach the competence of his patron.
All that the Shriro, Kerik, Immelt, and Barr examples repeatedly establish is that hand-picked henchmen and sycophants seldom deliver the same value as their more powerful patrons. Indeed, if there is anything these beneficiaries of patronage do consistently, it is to let down the people and institutions promoting them.
As the French intone, plus ça change plus c'est la même chose.
-- Nick Catrantzos
Thursday, August 23, 2012
The Afghan Assassin as Insider
The only “insider” aspect of Afghan soldiers who ambush Americans attempting to train them is the assassins’ ability to gain entry and enough maneuvering room to get next to Americans and kill them by surprise. Such killers do not resemble a traditional insider threat in the sense that they have not earned a position of trust, only to then betray that trust. However, to the extent that they penetrate American defenses by guile instead of force, they do share one all-important trademark of any serious insider threat and the proper focus on shoring up this vulnerability should go a long way to neutralizing the threat.
“The real issue is access,” as noted on page 87 of Managing the Insider Threat: No Dark Corners (Boca Raton, CRC Press, 2012) in the chapter, “Rethinking Background Investigations.” As this book also notes further down the page, the way to address the problem of unescorted access when one does not have the time or capabilities to carry out the full vetting necessary before giving anyone a position of trust is to “insist that all outsiders be given access to critical areas, assets, or operations only when under knowledgeable escort. This means that the outsiders never receive unhampered freedom of movement …”
One of the idiosyncratically persistent American proclivities that play into increasing our vulnerability in such situations is that we consider escorting and watching people inconvenient. Consequently, our tendency is to find ways to clear them and let them roam unfettered or to assign the most junior, least capable employee to escort duty. This is a mistake which adversaries discern and exploit to our peril. What the situation in Afghanistan calls for is serious attention to access and escort.
In the case of fledgling Afghan trainees entering a U.S. compound in Afghanistan, this means that they are never out of the capable escort of American combatants better trained, equipped, and empowered to take them out of action at the first hint of hostile action. As the book says, “Escorts must be able to recognize inappropriate activity and intervene in time to prevent damage.” In the case under discussion, the damage is to American life and limb, and the intervention ranges from wrestling to the ground to shooting on sight. The situation dictates tactics, and life-or-death situations are no place for second-guessing American combatants risking their lives for their country.
-- Nick Catrantzos
“The real issue is access,” as noted on page 87 of Managing the Insider Threat: No Dark Corners (Boca Raton, CRC Press, 2012) in the chapter, “Rethinking Background Investigations.” As this book also notes further down the page, the way to address the problem of unescorted access when one does not have the time or capabilities to carry out the full vetting necessary before giving anyone a position of trust is to “insist that all outsiders be given access to critical areas, assets, or operations only when under knowledgeable escort. This means that the outsiders never receive unhampered freedom of movement …”
One of the idiosyncratically persistent American proclivities that play into increasing our vulnerability in such situations is that we consider escorting and watching people inconvenient. Consequently, our tendency is to find ways to clear them and let them roam unfettered or to assign the most junior, least capable employee to escort duty. This is a mistake which adversaries discern and exploit to our peril. What the situation in Afghanistan calls for is serious attention to access and escort.
In the case of fledgling Afghan trainees entering a U.S. compound in Afghanistan, this means that they are never out of the capable escort of American combatants better trained, equipped, and empowered to take them out of action at the first hint of hostile action. As the book says, “Escorts must be able to recognize inappropriate activity and intervene in time to prevent damage.” In the case under discussion, the damage is to American life and limb, and the intervention ranges from wrestling to the ground to shooting on sight. The situation dictates tactics, and life-or-death situations are no place for second-guessing American combatants risking their lives for their country.
-- Nick Catrantzos
Monday, August 20, 2012
Oak Ridge Fiasco Part 2: Weathering the Witch-Hunt
Part 1, Understanding Security Witch-Hunt, August 19, offered analysis and inferences concerning the challenging situation of any defender in the wake of a very public fiasco where a near-term need for scapegoats may trump the organization's long-term security interests. Now, in Part 2, we shift our focus to prescription, outlining a three-pronged approach to dealing with a near-impossible situation, including steps to take and actions to avoid.
Rx 1: Take the hit without generating alibis or excuses.
The temptation to soften the blow or redirect the accusing finger of blame will be almost insurmountable. Legal advisers will counsel making no admissions of culpability, for fear of civil and criminal actions that might ensue. Public relations consultants will advise changing the subject by any means in order to deflect negative scrutiny. Governing boards and special interests alike will look for human sacrifices. What is the professional defender to do?
Focus on verifiable facts. A security problem exists when there is a substantial, adverse difference between what is supposed to happen and what actually did happen. It does no good to create convoluted story lines to account for why an octogenarian nun could penetrate a secure area without holding any defenders responsible for the breach. Now is not the time for excuses, but is it the right time to drill down into details that identify situation-specific and systemic points of failure. If a strain-sensitive cable did not detect a cut along a fence-line, for example, capture this information and, for the next section, take charge for fixing this particular problem. If further examination reveals that the reason why such a failure occurred is because the detection device was inoperable at the time owing to an unforeseen budget cut whereby funds that were supposed to be allocated for a backup battery supply and tamper alarms had instead been reallocated to, say, replacing an air conditioning unit for a data center, by all means document this as an underlying or contributing cause. However, do not highlight this particular point at this juncture. To do so gives the unprofessional appearance of trying to dodge accountability.
With the foregoing approach in hand, document all verifiable security failures and take responsibility for instituting corrective action. In parallel, document all contributing factors for later reference in management discussions about correcting systemic problems and allocating resources necessary to meet existing and emerging security requirements.
Rx 2: Having acknowledged specific, verifiable failures with brutal honesty, now develop corrective actions that fully meet all official security standards.
By no means exclude corrective recommendations that you suspect the customer will dismiss out of hand on grounds of cost, feasibility, or historical preference. Resist the temptation to buy into prevailing arguments that some official standards are unattainable, hence historically neglected or moderated by all concerned in joint recognition of resource or other constraints. The temptation may be overpowering in this case, as nuclear security is notoriously infected with very precise standards and just as reputedly overtaken by receptivity to role-playing and scripted performances that mask performance shortfalls by contriving security inspections whose occurrence and successful conclusion are known in advance.
Instead, this is the time to look at officially promulgated and contractually accepted security standards, and to propose to satisfy them in good faith, no matter what the cost. This process will no doubt unearth standards in place that were either unattainable or too resource-prohibitive to be met. In all likelihood, principals from all entities involved, including government customers, arrived at some kind of informal accommodation that permitted deviation from standards to occur. For example, if a given alarm was to officially compel arrival of an armed response within, say, five minutes at the point of an identified breach, perhaps the government customer, contract facility operator, and contract security service all previously acknowledged that distance and terrain would make such a response impossible without a helicopter on standby. Over time, the prohibitive cost of that helicopter, its pilots (for 24-hour coverage), and maintenance may have become too expensive to subsidize in the face of budget pressures. The proper way to address such a situation would have been to bring it out into the open and either revise the standard or provide a signed, written waiver under certain conditions for a given period of time. In all likelihood, however,it is just as likely that all principals found it more expedient and more bureaucratically risk averse to avoid raising the issue this way. Instead, they could, for example, mutually agree to start the countdown on response time once word of the breach has reached the nearest security responder in the field. What such an apparently minor interpretation of convenience neglects is that the time between detection of the breach and alert of the field responder may have already consumed 15-30 minutes, so that the net response to the site of the breach has now become up to 35 minutes. But, for purposes of a collusive inspection, that kind of response could still count as having met a five-minute criterion. [Note: This example is specifically created for purposes of illustration without any reference to a particular standard and is not meant as an indictment of any individual or function involved in the fiasco in question. The illustration is just a way of pointing out how operating entities, security services, and government customer representatives possessed of the best of intentions may nevertheless act in concert to undermine their own defensive posture without realizing it.]
After spelling out how to fix the security deficiencies that really do lend themselves to remedy, establish a timeline and propose to start implementing corrective actions at once. In all inspections, particularly those involving reputational risk, the goal should be to enable inspectors to say as often as possible, "Corrected on the spot."
While working on these corrective actions, concurrently capture alternatives, costs of implementation, and any recommended compromises to or modifications of official security standards. Use these data to formulate a separate impacts and options study to present to the customer at a more appropriate time, after the immediacy of the situation has subsided.
Rx 3: When it comes to addressing intangibles, like culture or mindset, instead of continuing a point-by-point response, offer up a bold program that will institute the kind of sweeping change necessary for addressing systemic and recurring lapses.
Instead of trying to vault this chasm in multiple hops, take a substantial leap. It is the only chance of avoiding ruin. This is where problem solving must give way to predicament unscrambling, where the place for specifics is in the details of designing a program and implementation schedule to support the sea change that will deliver results. What is this change, this program?
It is nothing less than a re-ordering of the workplace along the lines of a No Dark Corners approach, where the co-pilot model of engagement across the board extends not only to the teams responsible for operating the nuclear facility, but also to all the sentinels charged with its security. Everyone becomes deputized to take a hand in protection. Excuses become taboo, hence extinct. And collaboration extends to the point of making security an integral part of the overall operation, of every job, rather than a shopworn and anemically supported applique to be tacked on only when inspectors are watching.
How does one manage all these steps? For a start, one may turn to the chapter, "Consulting for No Dark Corners Implementation," in Managing the Insider Threat: No Dark Corners (Boca Raton: CRC Press, 2012). But this is not the only solution. After all, one can also resolve to accept scapegoat status and change one's company name after serving in a public pillory and being debarred from future government work.
-- Nick Catrantzos
Rx 1: Take the hit without generating alibis or excuses.
The temptation to soften the blow or redirect the accusing finger of blame will be almost insurmountable. Legal advisers will counsel making no admissions of culpability, for fear of civil and criminal actions that might ensue. Public relations consultants will advise changing the subject by any means in order to deflect negative scrutiny. Governing boards and special interests alike will look for human sacrifices. What is the professional defender to do?
Focus on verifiable facts. A security problem exists when there is a substantial, adverse difference between what is supposed to happen and what actually did happen. It does no good to create convoluted story lines to account for why an octogenarian nun could penetrate a secure area without holding any defenders responsible for the breach. Now is not the time for excuses, but is it the right time to drill down into details that identify situation-specific and systemic points of failure. If a strain-sensitive cable did not detect a cut along a fence-line, for example, capture this information and, for the next section, take charge for fixing this particular problem. If further examination reveals that the reason why such a failure occurred is because the detection device was inoperable at the time owing to an unforeseen budget cut whereby funds that were supposed to be allocated for a backup battery supply and tamper alarms had instead been reallocated to, say, replacing an air conditioning unit for a data center, by all means document this as an underlying or contributing cause. However, do not highlight this particular point at this juncture. To do so gives the unprofessional appearance of trying to dodge accountability.
With the foregoing approach in hand, document all verifiable security failures and take responsibility for instituting corrective action. In parallel, document all contributing factors for later reference in management discussions about correcting systemic problems and allocating resources necessary to meet existing and emerging security requirements.
Rx 2: Having acknowledged specific, verifiable failures with brutal honesty, now develop corrective actions that fully meet all official security standards.
By no means exclude corrective recommendations that you suspect the customer will dismiss out of hand on grounds of cost, feasibility, or historical preference. Resist the temptation to buy into prevailing arguments that some official standards are unattainable, hence historically neglected or moderated by all concerned in joint recognition of resource or other constraints. The temptation may be overpowering in this case, as nuclear security is notoriously infected with very precise standards and just as reputedly overtaken by receptivity to role-playing and scripted performances that mask performance shortfalls by contriving security inspections whose occurrence and successful conclusion are known in advance.
Instead, this is the time to look at officially promulgated and contractually accepted security standards, and to propose to satisfy them in good faith, no matter what the cost. This process will no doubt unearth standards in place that were either unattainable or too resource-prohibitive to be met. In all likelihood, principals from all entities involved, including government customers, arrived at some kind of informal accommodation that permitted deviation from standards to occur. For example, if a given alarm was to officially compel arrival of an armed response within, say, five minutes at the point of an identified breach, perhaps the government customer, contract facility operator, and contract security service all previously acknowledged that distance and terrain would make such a response impossible without a helicopter on standby. Over time, the prohibitive cost of that helicopter, its pilots (for 24-hour coverage), and maintenance may have become too expensive to subsidize in the face of budget pressures. The proper way to address such a situation would have been to bring it out into the open and either revise the standard or provide a signed, written waiver under certain conditions for a given period of time. In all likelihood, however,it is just as likely that all principals found it more expedient and more bureaucratically risk averse to avoid raising the issue this way. Instead, they could, for example, mutually agree to start the countdown on response time once word of the breach has reached the nearest security responder in the field. What such an apparently minor interpretation of convenience neglects is that the time between detection of the breach and alert of the field responder may have already consumed 15-30 minutes, so that the net response to the site of the breach has now become up to 35 minutes. But, for purposes of a collusive inspection, that kind of response could still count as having met a five-minute criterion. [Note: This example is specifically created for purposes of illustration without any reference to a particular standard and is not meant as an indictment of any individual or function involved in the fiasco in question. The illustration is just a way of pointing out how operating entities, security services, and government customer representatives possessed of the best of intentions may nevertheless act in concert to undermine their own defensive posture without realizing it.]
After spelling out how to fix the security deficiencies that really do lend themselves to remedy, establish a timeline and propose to start implementing corrective actions at once. In all inspections, particularly those involving reputational risk, the goal should be to enable inspectors to say as often as possible, "Corrected on the spot."
While working on these corrective actions, concurrently capture alternatives, costs of implementation, and any recommended compromises to or modifications of official security standards. Use these data to formulate a separate impacts and options study to present to the customer at a more appropriate time, after the immediacy of the situation has subsided.
Rx 3: When it comes to addressing intangibles, like culture or mindset, instead of continuing a point-by-point response, offer up a bold program that will institute the kind of sweeping change necessary for addressing systemic and recurring lapses.
Instead of trying to vault this chasm in multiple hops, take a substantial leap. It is the only chance of avoiding ruin. This is where problem solving must give way to predicament unscrambling, where the place for specifics is in the details of designing a program and implementation schedule to support the sea change that will deliver results. What is this change, this program?
It is nothing less than a re-ordering of the workplace along the lines of a No Dark Corners approach, where the co-pilot model of engagement across the board extends not only to the teams responsible for operating the nuclear facility, but also to all the sentinels charged with its security. Everyone becomes deputized to take a hand in protection. Excuses become taboo, hence extinct. And collaboration extends to the point of making security an integral part of the overall operation, of every job, rather than a shopworn and anemically supported applique to be tacked on only when inspectors are watching.
How does one manage all these steps? For a start, one may turn to the chapter, "Consulting for No Dark Corners Implementation," in Managing the Insider Threat: No Dark Corners (Boca Raton: CRC Press, 2012). But this is not the only solution. After all, one can also resolve to accept scapegoat status and change one's company name after serving in a public pillory and being debarred from future government work.
-- Nick Catrantzos
Sunday, August 19, 2012
Understanding Security Witch-Hunt Part 1: The Oakridge Fiasco
Fiascoes excite the greatest remark when tied to reputational risk, and the knee-jerk response to the worst case comes with a witch-hunt as surely as a dog comes with fleas. When the fiasco involves a very public security breach, however, attending expressions of outrage reach a firing-squad crescendo. In the frenzy to aim at blame and to give one's audience the drama of an execution as proof of swift action, the players in such proceedings too often make matters worse for defenders. How so? They issue cascading demands which begin reasonably enough with facts on the ground but soon launch beyond terrestrial orbits into the ether of unverifiable conditions and impossible timelines.
Example? Look no further than the security breach at the Y-12 Oak Ridge nuclear facility at the hands of an 83-year-old nun and her hippy-era peacenik cohorts (with details and regulatory reaction noted at http://www.knoxnews.com/news/2012/aug/14/bad-cameras-non-responsive-guards-part-of-y-12s/ ). According to media reports, three slow-moving, unremarkable geriatrics penetrated a secure area protected by state-of-the-art technology and armed-to-the-teeth guard patrols. So what did the government overseer of this site do? Point the accusing finger of blame, create additional insulation between itself and the likely scapegoat, and launch into expressions of outrage, with proclamations of demands for action that appear more calculated to dodge responsibility than to remedy security shortfalls.
Consider: The overseer, the National Nuclear Security Agency (NNSA) issued a very public letter to the engineering company operating the site, Babcock and Wilcox. This letter directed the engineering company to show cause within 30 days of why NNSA should not terminate the lucrative contract to operate the facility because of the foregoing security breach. NNSA's show cause letter cited not only the lapses in security but also an "inappropriate cultural mindset" as the flaws that require immediate attention. Meanwhile, NNSA shut down the plant's operations because of the security breach. NNSA also found fault with the guard force, a Wackenhut operation that was rebranded as G4S Government Solutions and known locally as WSI-Oak Ridge. Most interestingly, this security service was a prime contractor working directly for NNSA at the time of the breach -- just as Babcock and Wilcox was an NNSA prime contractor for operating the facility. However, with a stroke of the pen, NNSA seconded the guard service to the engineering company after-the-fact and is now holding B&W responsible for correcting G4's security performance.
To the trained security and management observer, this NNSA move is an artful dodge not only of immediate responsibility for any contributing role in the security fiasco but of future security misfires as well. Passing the blame to the engineering contractor by making this entity suddenly responsible for security actually undermines whatever original management value that the separation of contracting responsibilities between operations and security was first created to deliver. In theory, the previous state of affairs put security management and operational management on an equal footing with the NNSA customer, since both were prime contractors. Thus, whenever a plant manager might incline to economizing on security in favor of making working conditions better for his or her engineers, the organizational mechanism in place would have allowed senior engineering and security managers to raise the matter to their shared NNSA customer for the customer to resolve such a debate at a higher level. By ending that peer-level relationship, NNSA does two things: 1) Increase the chance of an engineering contractor's override of future security concerns once the immediate attention to site security has gone from the limelight, and 2) Relieve NNSA from any responsibility for making tough calls on future conflicts between the engineering contractor and the security contractor, since the second will now be working under the first. This is as bureaucratically elegant a maneuver as it is bereft of managerial and security accountability. To the astute practitioner, it begs the question, What else is NNSA eager to hide, such as contributory negligence or leadership failure that may have contributed to the "inappropriate mindset" that it now lays at the hands of the engineering company to repair?
So much for setting context. Part 2 will look at a realistic approach to answering the kinds of demands made in NNSA's show cause witch-hunt.
-- Nick Catrantzos
Example? Look no further than the security breach at the Y-12 Oak Ridge nuclear facility at the hands of an 83-year-old nun and her hippy-era peacenik cohorts (with details and regulatory reaction noted at http://www.knoxnews.com/news/2012/aug/14/bad-cameras-non-responsive-guards-part-of-y-12s/ ). According to media reports, three slow-moving, unremarkable geriatrics penetrated a secure area protected by state-of-the-art technology and armed-to-the-teeth guard patrols. So what did the government overseer of this site do? Point the accusing finger of blame, create additional insulation between itself and the likely scapegoat, and launch into expressions of outrage, with proclamations of demands for action that appear more calculated to dodge responsibility than to remedy security shortfalls.
Consider: The overseer, the National Nuclear Security Agency (NNSA) issued a very public letter to the engineering company operating the site, Babcock and Wilcox. This letter directed the engineering company to show cause within 30 days of why NNSA should not terminate the lucrative contract to operate the facility because of the foregoing security breach. NNSA's show cause letter cited not only the lapses in security but also an "inappropriate cultural mindset" as the flaws that require immediate attention. Meanwhile, NNSA shut down the plant's operations because of the security breach. NNSA also found fault with the guard force, a Wackenhut operation that was rebranded as G4S Government Solutions and known locally as WSI-Oak Ridge. Most interestingly, this security service was a prime contractor working directly for NNSA at the time of the breach -- just as Babcock and Wilcox was an NNSA prime contractor for operating the facility. However, with a stroke of the pen, NNSA seconded the guard service to the engineering company after-the-fact and is now holding B&W responsible for correcting G4's security performance.
To the trained security and management observer, this NNSA move is an artful dodge not only of immediate responsibility for any contributing role in the security fiasco but of future security misfires as well. Passing the blame to the engineering contractor by making this entity suddenly responsible for security actually undermines whatever original management value that the separation of contracting responsibilities between operations and security was first created to deliver. In theory, the previous state of affairs put security management and operational management on an equal footing with the NNSA customer, since both were prime contractors. Thus, whenever a plant manager might incline to economizing on security in favor of making working conditions better for his or her engineers, the organizational mechanism in place would have allowed senior engineering and security managers to raise the matter to their shared NNSA customer for the customer to resolve such a debate at a higher level. By ending that peer-level relationship, NNSA does two things: 1) Increase the chance of an engineering contractor's override of future security concerns once the immediate attention to site security has gone from the limelight, and 2) Relieve NNSA from any responsibility for making tough calls on future conflicts between the engineering contractor and the security contractor, since the second will now be working under the first. This is as bureaucratically elegant a maneuver as it is bereft of managerial and security accountability. To the astute practitioner, it begs the question, What else is NNSA eager to hide, such as contributory negligence or leadership failure that may have contributed to the "inappropriate mindset" that it now lays at the hands of the engineering company to repair?
So much for setting context. Part 2 will look at a realistic approach to answering the kinds of demands made in NNSA's show cause witch-hunt.
-- Nick Catrantzos
Thursday, July 26, 2012
What Bank Robberies Can Teach Scared Moviegoers
Beefing up security may placate worried customers, but attaining meaningful results is less a question of cost than of effectiveness. Of course it costs more to instigate new access controls, add guards, and increase physical or video surveillance. So what? Would any such combination of measures have eliminated the carnage of last week’s Aurora, Colorado, massacre during the midnight showing of the latest Batman movie? It is doubtful. Absent an armed defender vigilant enough to avoid being the shooter’s first victim and proficient, calm, and courageous enough to return fire, adding an extra guard or camera would not have delivered meaningful protection. Studies of bank robberies may not have been the first to contend with the same dilemma, but a nervous media and movie-going public would do well to go down the same analytical trail.
Solid references to current studies on bank robbery appear at the end of this essay. Let us begin the discussion, though, with a security professional’s recollection of what banking had to figure out about the armed guard dilemma after a study in the 1960s. The venue was a major urban area in the East Coast, perhaps Philadelphia. The problem? Armed bank robberies were on the rise, and it was not clear whether the presence of an armed guard was helping or hurting. Does this dilemma not sound familiar to motion picture theater owners debating enhancing security in the wake of the recent shooting?
The Usual Opening Questions
1. An armed guard deters an armed attacker, right?
2. If not, does an armed guard’s presence increase the chances of a shoot-out, or of the guard being hurt or killed first, after which more casualties are likely to occur?
3. Does having an armed guard, or any other security measure, ultimately pay for itself both financially and in customer retention?
The Answers
Not necessarily, maybe, and hardly. Specifically, robbers who were intent on striking banks at gunpoint were relatively undeterred by an armed guard. The guard would have to relax, take a restroom break, or otherwise lower his guard at some point, whereas the armed robber or robbers had the luxury of choosing the moment to attack, hence the advantage of surprise. Professional robbers could neutralize a single armed guard with relative ease, without necessarily having to inflict injuries. The guard’s gun would then become one more weapon in the wrong hands. Amateurs, or unprofessional robbers, who continue to be the more frequent bank robbers to this day, might be deterred because more of them act with threats than with firearms. (See Deborah Weisel’s paper and other references below for more details on this point.) However, amateurs also tend to walk away with lesser sums of bank money, because a small score goes hand-in-hand with a quick escape. Some security measures pay for themselves, but others produce unintended consequences, such as alienating legitimate customers or costing far more than they save.
Key Findings
One particular bank found that the average robbery amounted to a loss of X dollars, whereas the annual cost of armed security, at the time, amounted to something like seven or eight times X dollars. The incidence of bank robberies in a year for that bank, meanwhile, ranged between one to four per year. So the bank’s management immediately noted that the armed guard’s presence cost more than the typical loss over a year. What ultimately caused the bank to forego armed security, however, was partly a concern over the liability the bank would face in the event of a shootout between robber and armed guard where customers or bank employees were caught in the crossfire. It also arose partly out of the discovery that other measures were more cost effective and acceptable to customers. Greeting everyone who came into the branch, for instance, turned out to be a big deterrent for amateur robbers because this simple act eroded their sense of anonymity. (Even to this day, most robbers are amateurs who do not disguise themselves and who act alone.) Cash handling procedures which limited the amount of money a teller could lay hands on at any bank window also decreased the average take for the average robber trying to make a quick score and elude capture. Finally, bullet-resistant bandit barriers reassured bank employees more than a guard yet did not alienate customers as much as some more cumbersome security measures such as mantraps, where only one person can enter through a revolving door at a time. (The latter do indeed deter bank robbers by slowing down entry and exit, but also at the expense of annoying legitimate customers.)
Today’s lessons, as noted by Professor Weisel and by studies such as those by the National Institute of Justice or by FBI statistical analyses, leave the consistent impression that not every site needs all the same security measures. Certainly the basics apply, such as securing emergency exits to prohibit clandestine entry by villains. But as the studies showed for banks, some locations are more prone to attack than others. For banks, determining factors can be urban vs. rural venue and ready access to major escape routes. Similarly, movie houses that attract very large crowds and times when such crowds tend to be most unruly – typically at night – may deserve more security enhancements according to their exposures.
Professional bank robbers attack early, before the bank is too busy and when they are in the best position to control the people in it. Amateurs aim for later in the day, when the bank is crowded and when they can slip into the crowd with less of a chance of drawing attention. Studying such particulars helps bank defenders make the right decisions about what losses they want most to avoid. The one class of individual most likely to get hurt if a bank robbery turns violent is, as one may suspect, bank employee. This is why employees are trained to offer minimal resistance, and why both amateur and professional bank robbers have reason to expect some return on their criminal efforts.
The bottom line is that the absolutely worst and least effective security to deploy in the wake of an emotionally charged tragedy is to launch complicated, costly, and questionable security programs that soon take on the trappings of permanence. This is why visible and much touted beefing up of security at movie theaters is more likely to be a display of security theater than effective protection for the long term.
References for Further Reading:
D. L. Weisel, The Problem of Bank Robbery, 2007, Center for Problem-Oriented Policing. Retrieved July 26, 2012 from http://www.popcenter.org/problems/robbery_banks/print/
T. L. Baumer and M. O. Carrington, The Robbery of Financial Institutions, January 1986, National Institute of Justice
R. J. Ericson and K.M. Balzer, Summary and Interpretation of Bank Crime Statistics, February 7, 2003, FBI.
-- Nick Catrantzos
Solid references to current studies on bank robbery appear at the end of this essay. Let us begin the discussion, though, with a security professional’s recollection of what banking had to figure out about the armed guard dilemma after a study in the 1960s. The venue was a major urban area in the East Coast, perhaps Philadelphia. The problem? Armed bank robberies were on the rise, and it was not clear whether the presence of an armed guard was helping or hurting. Does this dilemma not sound familiar to motion picture theater owners debating enhancing security in the wake of the recent shooting?
The Usual Opening Questions
1. An armed guard deters an armed attacker, right?
2. If not, does an armed guard’s presence increase the chances of a shoot-out, or of the guard being hurt or killed first, after which more casualties are likely to occur?
3. Does having an armed guard, or any other security measure, ultimately pay for itself both financially and in customer retention?
The Answers
Not necessarily, maybe, and hardly. Specifically, robbers who were intent on striking banks at gunpoint were relatively undeterred by an armed guard. The guard would have to relax, take a restroom break, or otherwise lower his guard at some point, whereas the armed robber or robbers had the luxury of choosing the moment to attack, hence the advantage of surprise. Professional robbers could neutralize a single armed guard with relative ease, without necessarily having to inflict injuries. The guard’s gun would then become one more weapon in the wrong hands. Amateurs, or unprofessional robbers, who continue to be the more frequent bank robbers to this day, might be deterred because more of them act with threats than with firearms. (See Deborah Weisel’s paper and other references below for more details on this point.) However, amateurs also tend to walk away with lesser sums of bank money, because a small score goes hand-in-hand with a quick escape. Some security measures pay for themselves, but others produce unintended consequences, such as alienating legitimate customers or costing far more than they save.
Key Findings
One particular bank found that the average robbery amounted to a loss of X dollars, whereas the annual cost of armed security, at the time, amounted to something like seven or eight times X dollars. The incidence of bank robberies in a year for that bank, meanwhile, ranged between one to four per year. So the bank’s management immediately noted that the armed guard’s presence cost more than the typical loss over a year. What ultimately caused the bank to forego armed security, however, was partly a concern over the liability the bank would face in the event of a shootout between robber and armed guard where customers or bank employees were caught in the crossfire. It also arose partly out of the discovery that other measures were more cost effective and acceptable to customers. Greeting everyone who came into the branch, for instance, turned out to be a big deterrent for amateur robbers because this simple act eroded their sense of anonymity. (Even to this day, most robbers are amateurs who do not disguise themselves and who act alone.) Cash handling procedures which limited the amount of money a teller could lay hands on at any bank window also decreased the average take for the average robber trying to make a quick score and elude capture. Finally, bullet-resistant bandit barriers reassured bank employees more than a guard yet did not alienate customers as much as some more cumbersome security measures such as mantraps, where only one person can enter through a revolving door at a time. (The latter do indeed deter bank robbers by slowing down entry and exit, but also at the expense of annoying legitimate customers.)
Today’s lessons, as noted by Professor Weisel and by studies such as those by the National Institute of Justice or by FBI statistical analyses, leave the consistent impression that not every site needs all the same security measures. Certainly the basics apply, such as securing emergency exits to prohibit clandestine entry by villains. But as the studies showed for banks, some locations are more prone to attack than others. For banks, determining factors can be urban vs. rural venue and ready access to major escape routes. Similarly, movie houses that attract very large crowds and times when such crowds tend to be most unruly – typically at night – may deserve more security enhancements according to their exposures.
Professional bank robbers attack early, before the bank is too busy and when they are in the best position to control the people in it. Amateurs aim for later in the day, when the bank is crowded and when they can slip into the crowd with less of a chance of drawing attention. Studying such particulars helps bank defenders make the right decisions about what losses they want most to avoid. The one class of individual most likely to get hurt if a bank robbery turns violent is, as one may suspect, bank employee. This is why employees are trained to offer minimal resistance, and why both amateur and professional bank robbers have reason to expect some return on their criminal efforts.
The bottom line is that the absolutely worst and least effective security to deploy in the wake of an emotionally charged tragedy is to launch complicated, costly, and questionable security programs that soon take on the trappings of permanence. This is why visible and much touted beefing up of security at movie theaters is more likely to be a display of security theater than effective protection for the long term.
References for Further Reading:
D. L. Weisel, The Problem of Bank Robbery, 2007, Center for Problem-Oriented Policing. Retrieved July 26, 2012 from http://www.popcenter.org/problems/robbery_banks/print/
T. L. Baumer and M. O. Carrington, The Robbery of Financial Institutions, January 1986, National Institute of Justice
R. J. Ericson and K.M. Balzer, Summary and Interpretation of Bank Crime Statistics, February 7, 2003, FBI.
-- Nick Catrantzos
Sunday, July 22, 2012
The Good Don’t Hide
At least, they do not disassociate themselves from their work. On the contrary, they sign their names, taking pride in the quality of their output. This is why true virtuosi seldom shy away from having their full names indelibly linked to their paintings, symphonies, novels, legislation, or scientific discoveries. Even the most introverted who guard their privacy and slink away from crowd or limelight will not hesitate to lay claim to their own work.
Contrast this tendency, now, with the institutionalized tendency to distance employees from their work product. What passes for today’s customer service may well epitomize this modern tendency. The person answering your call, perhaps from an offshore hotline or just as easily from across town, is increasingly unlikely to self-identify. At best, you may be able to cadge an employee number and first name out of the individual. What about an identifiable first and last name, however? Slim chance. If the customer service is particulary substandard, even minimal identifiers may be absent, with calls disconnected midstream as you get to the point of demanding identification in your effort to escalate to some form of higher authority. What is behind such anonymizing tendencies?
There are official, unofficial, and underlying motives, if one cares to explore them.
Officially, employers proclaim their concern for employee safety as a reason for insulating their minions from their customers. After all, the argument goes, there is no shortage of crazed, disgruntled masses out there, and it would appear uncaring to grant the latter the means of readily identifying employees whom they might target in a fit of rage.
Unofficially, particularly when outsourcing hotlines and customer service functions to India, China, the Philippines, or elsewhere, employers attempting to affect a local, down-home persona in marketing their wares cannot allow employees to fully identify themselves with foreign-sounding names that give the lie to such marketing deceptions. Thus, they assign American-sounding first names to their customer service employees, and so Suresh now becomes Steve when answering the phone.
Underlying motives may be harder to establish with certainty, but they may be inferred. If, unlike an artist who is proud of the painting, the customer service employees are under trained and mediocre or perfunctory in the discharge of their duties, can it be that their management knows that no one in the company is all the way dedicated to customer service? If so, then is it not easier to dodge accountability and diffuse blame in direct proportion to how hard it is to pin down exactly which employee said what to the dissatisfied customer?
Quality counts and magnetizes signatures to its canvas. Inferiority, however, craves anonymity and makes orphans of its output. This is also why the best and even the second best are easy to identify. In Olympic season, it is no challenge to note that gold and silver medals are awarded to specific contenders and proudly counted by the countries spawning their respective athletes. Who goes to any length to claim last place, however? Oh yes, that would be what’s-his-name from…wherever it was. The same kind of thinking and identification applies to assessing the quality of goods and services everywhere. The fully identified and identifiable may not always be the best, but the ones hiding under many veils of anonymity will invariably be racing for the bottom.
Per corollary, what may one infer when the good appear to be going to inordinate lengths to hide despite their superior output? Then they are hiding from something else altogether, whether from old sins, predators, or something that is haunting them from some sphere that is distinct from the competence in which we are observing them at their best. Everybody has lapses and something not to be proud of, even if they are the only ones who can still remember it.
-- Nick Catrantzos
Contrast this tendency, now, with the institutionalized tendency to distance employees from their work product. What passes for today’s customer service may well epitomize this modern tendency. The person answering your call, perhaps from an offshore hotline or just as easily from across town, is increasingly unlikely to self-identify. At best, you may be able to cadge an employee number and first name out of the individual. What about an identifiable first and last name, however? Slim chance. If the customer service is particulary substandard, even minimal identifiers may be absent, with calls disconnected midstream as you get to the point of demanding identification in your effort to escalate to some form of higher authority. What is behind such anonymizing tendencies?
There are official, unofficial, and underlying motives, if one cares to explore them.
Officially, employers proclaim their concern for employee safety as a reason for insulating their minions from their customers. After all, the argument goes, there is no shortage of crazed, disgruntled masses out there, and it would appear uncaring to grant the latter the means of readily identifying employees whom they might target in a fit of rage.
Unofficially, particularly when outsourcing hotlines and customer service functions to India, China, the Philippines, or elsewhere, employers attempting to affect a local, down-home persona in marketing their wares cannot allow employees to fully identify themselves with foreign-sounding names that give the lie to such marketing deceptions. Thus, they assign American-sounding first names to their customer service employees, and so Suresh now becomes Steve when answering the phone.
Underlying motives may be harder to establish with certainty, but they may be inferred. If, unlike an artist who is proud of the painting, the customer service employees are under trained and mediocre or perfunctory in the discharge of their duties, can it be that their management knows that no one in the company is all the way dedicated to customer service? If so, then is it not easier to dodge accountability and diffuse blame in direct proportion to how hard it is to pin down exactly which employee said what to the dissatisfied customer?
Quality counts and magnetizes signatures to its canvas. Inferiority, however, craves anonymity and makes orphans of its output. This is also why the best and even the second best are easy to identify. In Olympic season, it is no challenge to note that gold and silver medals are awarded to specific contenders and proudly counted by the countries spawning their respective athletes. Who goes to any length to claim last place, however? Oh yes, that would be what’s-his-name from…wherever it was. The same kind of thinking and identification applies to assessing the quality of goods and services everywhere. The fully identified and identifiable may not always be the best, but the ones hiding under many veils of anonymity will invariably be racing for the bottom.
Per corollary, what may one infer when the good appear to be going to inordinate lengths to hide despite their superior output? Then they are hiding from something else altogether, whether from old sins, predators, or something that is haunting them from some sphere that is distinct from the competence in which we are observing them at their best. Everybody has lapses and something not to be proud of, even if they are the only ones who can still remember it.
-- Nick Catrantzos
Thursday, July 19, 2012
What's Next after Al-Qaeda
There is no shortage of opinions about whether Al-Qaeda is dead, impotent, or about to mutate into new levels of lethality. What is in short supply, however, is clear reasoning backed by credible citations that take the discussion away from casual editorializing and into the realm of useful analysis.
In the essay below by Clint Watts of the Foreign Policy Research Institute, such analysis brings several interesting and well supported ideas to the fore. Who knew that bin Laden was at work to rebrand his organization before his demise? What role did financing play in the ascendancy of Al-Qaeda and does it continue to play in the role of its emerging successors? What has worked in countering Al-Qaeda, and what indicators are worth monitoring to neutralize the next major terrorist organizations?
Watts takes all these matters on in a short, clearly written paper that has just come out. Here is the link to the thoughtful analysis:
http://www.fpri.org/enotes/2012/201207.watts.al-qaeda.html
-- Nick Catrantzos
In the essay below by Clint Watts of the Foreign Policy Research Institute, such analysis brings several interesting and well supported ideas to the fore. Who knew that bin Laden was at work to rebrand his organization before his demise? What role did financing play in the ascendancy of Al-Qaeda and does it continue to play in the role of its emerging successors? What has worked in countering Al-Qaeda, and what indicators are worth monitoring to neutralize the next major terrorist organizations?
Watts takes all these matters on in a short, clearly written paper that has just come out. Here is the link to the thoughtful analysis:
http://www.fpri.org/enotes/2012/201207.watts.al-qaeda.html
-- Nick Catrantzos
Monday, June 25, 2012
Leaks and Deceptive Denials
Truthful statements come with straightforward denials. Thus, we tend to hear, "No, I did not do it," or just "No" from a truthful person who has been wrongfully accused.
Deceptive statements, by contrast, tend to take a more winding path. Often, they sidestep accusations with what sound like denials but, on closer scrutiny, turn out to be evasions Thus, the response that takes the form, "I would NEVER do that," is not denying a specific allegation but instead issuing a statement about habitual practices. In other words, the recovering alcoholic who witnessed a liquor store robbery late at night but had gotten into the habit of avoiding bars and old haunts by "never" going out at night may well say, "I NEVER go out at night" in reply to a question about being anywhere near the liquor store last Tuesday at the time of the midnight holdup. To the untrained ear, this statement may be taken as a denial. He must not have been there, so let's look for another witness.
What does such a deceptive denial accomplish? It spares the person making it from issuing an outright lie. Unless challenged and pressed for a more specific denial ("Yes, sir, I understand that you don't usually go out at night. I am asking specifically, were you at or near this specific location on Tuesday night, specifically any time between 11:00 pm Tuesday and 1:00 am Wednesday morning?"), the person gets away without telling an actual lie. After all, it is true that he normally does not go out at night. Last Tuesday was the one night he deviated from his normal pattern. This irregularity may so bother the individual, that his desire to conceal it overrides his fidelity to the truth. And so he deceives with his quasi-denial, even though he has no complicity in the liquor store robbery, and even though he did not take a drink from that bottle of bourbon he bought, after all. He was nonetheless deceptive in his response.
What does this have to do with deception from the view of deceivers and detectors of deception? Both recognize the same tactic. Consequently, they pay closer attention to word selection in the context of denials. Scientific content analysis and the Reid and Wicklander-Zulawski techniques of uncovering deception make entire disciplines and careers out of spotting such telltale nuances.
Deniability relies on arranging of conditions to insulate an executive or organization, to keep either from being placed into the position of having to tell an outright lie in order to get out of trouble. This is why the top executive's fingerprints seldom appear on anything volatile or controversial. Instead, the executive uses go-betweens who double as expendable flak-catchers. They do the dirty work behind the scenes and absorb the blame if the situation explodes in controversy, leaving their executive masters maneuvering room to make straightforward denials and to distance themselves from renegade underlings. If the executives cannot make straightforward denials in such circumstances, then either they are themselves too involved in directing the activity in question, or their deniability mechanisms have failed.
Consider now a more topical case on the public stage: President Obama's response to the accusatory question of whether he had leaked national security information in furtherance of his re-election campaign. Did he make an outright denial? No. He said the suggestion was "offensive" and “that’s not how we operate.” (Quotes and context are at http://news.yahoo.com/obama-hits-back-offensive-leak-allegations-170532289.html)
Isn't that interesting?
-- Nick Catrantzos
Deceptive statements, by contrast, tend to take a more winding path. Often, they sidestep accusations with what sound like denials but, on closer scrutiny, turn out to be evasions Thus, the response that takes the form, "I would NEVER do that," is not denying a specific allegation but instead issuing a statement about habitual practices. In other words, the recovering alcoholic who witnessed a liquor store robbery late at night but had gotten into the habit of avoiding bars and old haunts by "never" going out at night may well say, "I NEVER go out at night" in reply to a question about being anywhere near the liquor store last Tuesday at the time of the midnight holdup. To the untrained ear, this statement may be taken as a denial. He must not have been there, so let's look for another witness.
What does such a deceptive denial accomplish? It spares the person making it from issuing an outright lie. Unless challenged and pressed for a more specific denial ("Yes, sir, I understand that you don't usually go out at night. I am asking specifically, were you at or near this specific location on Tuesday night, specifically any time between 11:00 pm Tuesday and 1:00 am Wednesday morning?"), the person gets away without telling an actual lie. After all, it is true that he normally does not go out at night. Last Tuesday was the one night he deviated from his normal pattern. This irregularity may so bother the individual, that his desire to conceal it overrides his fidelity to the truth. And so he deceives with his quasi-denial, even though he has no complicity in the liquor store robbery, and even though he did not take a drink from that bottle of bourbon he bought, after all. He was nonetheless deceptive in his response.
What does this have to do with deception from the view of deceivers and detectors of deception? Both recognize the same tactic. Consequently, they pay closer attention to word selection in the context of denials. Scientific content analysis and the Reid and Wicklander-Zulawski techniques of uncovering deception make entire disciplines and careers out of spotting such telltale nuances.
Deniability relies on arranging of conditions to insulate an executive or organization, to keep either from being placed into the position of having to tell an outright lie in order to get out of trouble. This is why the top executive's fingerprints seldom appear on anything volatile or controversial. Instead, the executive uses go-betweens who double as expendable flak-catchers. They do the dirty work behind the scenes and absorb the blame if the situation explodes in controversy, leaving their executive masters maneuvering room to make straightforward denials and to distance themselves from renegade underlings. If the executives cannot make straightforward denials in such circumstances, then either they are themselves too involved in directing the activity in question, or their deniability mechanisms have failed.
Consider now a more topical case on the public stage: President Obama's response to the accusatory question of whether he had leaked national security information in furtherance of his re-election campaign. Did he make an outright denial? No. He said the suggestion was "offensive" and “that’s not how we operate.” (Quotes and context are at http://news.yahoo.com/obama-hits-back-offensive-leak-allegations-170532289.html)
Isn't that interesting?
-- Nick Catrantzos
Wednesday, June 13, 2012
Secret Service, Meet KGB
Few things generate overreaction as much as the applied forces of media and political attention during an election year. Although the focus on this situation has now shifted off the front page, there are signs that one institutional reaction to the Secret Service faux pas in Columbia may be setting a bad example for security and management in general.
What form is that reaction taking that is so objectionable? According to one report that apparently raised no public eyebrows, the solution to keeping Secret Service jump teams from distracting themselves indiscreetly with coin-operated consorts when on advance travel in preparation for presidential visits abroad is to commission a new set of government employees to watch them. (Details at http://www.cnn.com/2012/05/02/politics/secret-service/) Secret Service team, meet your new zampolit, a KGB-assigned political officer there to watch and report. (For history on this position, which even pre-dated the KGB when introduced into the Soviet military, see http://www.mvep.org/zampolit.htm )
In other words, rather than address a management problem through proper training and supervision, political panjandrums prefer to saddle Secret Service agents with a hated sentinel whose only ultimate effect will be to carry out painstaking and pain-giving witch hunts over real or embroidered distractions. The hated sentinel only has two achievable alternatives. Either become a permanent, traveling hemorrhoid, or go through the motions and feed the new bureaucracy with satisfying but innocuous reports, thereby ingratiating oneself with the people one is supposed to watch. Regardless of which alternative the watcher ultimately selects, the net result is to create an environment of deception.
If the newly embedded zampolit becomes a conscientious chronicler of Secret Service movements, the watched start hiding even innocuous activities from the watcher – particularly if they have reason to fear being maligned. If, instead, the watcher goes native and merely goes through the motions of reporting, then watcher turns deceiver. Either way, at least some energy that should be focused on protecting the president ultimately gets diverted into pro forma exercises that recall the kind of reports that KGB political officers would routinely turn in on everything from submarine commanders to research scientists that they were assigned to monitor. And for every report, there must also exist an audience, someone to read it, assess it, file it, and make judgments on it that will affect careers. In time, this means that advancement of Secret Service agents will come to depend, in some measure, on image management. Some of this may be appropriate for any position of responsibility. If, however, this criterion becomes dispositive or unduly magnified to an inordinate extent, protective details of the future will be chosen for how innocuous their members appear to the assigned watcher instead of how effective they are at keeping a traveling president alive.
With any luck, the introduction of the KGB zampolit into a traveling Secret Service team will vanish as quietly as it was conceived, escaping notice as media attention turns to another act in the political circus of this election year. Otherwise, a permanently embedded distraction will likely undermine Secret Service jump teams much more than under controlled libidos. As Hippocrates observed long ago, there are some remedies that are worse than the disease.
-- Nick Catrantzos
What form is that reaction taking that is so objectionable? According to one report that apparently raised no public eyebrows, the solution to keeping Secret Service jump teams from distracting themselves indiscreetly with coin-operated consorts when on advance travel in preparation for presidential visits abroad is to commission a new set of government employees to watch them. (Details at http://www.cnn.com/2012/05/02/politics/secret-service/) Secret Service team, meet your new zampolit, a KGB-assigned political officer there to watch and report. (For history on this position, which even pre-dated the KGB when introduced into the Soviet military, see http://www.mvep.org/zampolit.htm )
In other words, rather than address a management problem through proper training and supervision, political panjandrums prefer to saddle Secret Service agents with a hated sentinel whose only ultimate effect will be to carry out painstaking and pain-giving witch hunts over real or embroidered distractions. The hated sentinel only has two achievable alternatives. Either become a permanent, traveling hemorrhoid, or go through the motions and feed the new bureaucracy with satisfying but innocuous reports, thereby ingratiating oneself with the people one is supposed to watch. Regardless of which alternative the watcher ultimately selects, the net result is to create an environment of deception.
If the newly embedded zampolit becomes a conscientious chronicler of Secret Service movements, the watched start hiding even innocuous activities from the watcher – particularly if they have reason to fear being maligned. If, instead, the watcher goes native and merely goes through the motions of reporting, then watcher turns deceiver. Either way, at least some energy that should be focused on protecting the president ultimately gets diverted into pro forma exercises that recall the kind of reports that KGB political officers would routinely turn in on everything from submarine commanders to research scientists that they were assigned to monitor. And for every report, there must also exist an audience, someone to read it, assess it, file it, and make judgments on it that will affect careers. In time, this means that advancement of Secret Service agents will come to depend, in some measure, on image management. Some of this may be appropriate for any position of responsibility. If, however, this criterion becomes dispositive or unduly magnified to an inordinate extent, protective details of the future will be chosen for how innocuous their members appear to the assigned watcher instead of how effective they are at keeping a traveling president alive.
With any luck, the introduction of the KGB zampolit into a traveling Secret Service team will vanish as quietly as it was conceived, escaping notice as media attention turns to another act in the political circus of this election year. Otherwise, a permanently embedded distraction will likely undermine Secret Service jump teams much more than under controlled libidos. As Hippocrates observed long ago, there are some remedies that are worse than the disease.
-- Nick Catrantzos
Sunday, June 3, 2012
Understand Cover, Understand Infiltrators
Whence this quote? "To learn how to find, one must first know how to hide." (Answer at the end.)
In the same vein, to expose infiltrators, one must first understand what they do to conceal their hostile intent and how they penetrate one's defenses to make themselves into insiders. One of their best tools is something well-conceived and meticulously inculcated: cover.
What is cover, and how well do defenders understand it? It is much more than the puerile conception of dressing and acting like one's targets. Nothing better gives away the amateur's grasp of cover than the image of a fledgling cop or case officer applying for an undercover assignment by dressing like a scruffy vagrant whose guiding objective is to look outlandishly different from a professional wearing a service uniform or the uniform of convention (a business suit). Such amateurs may eventually be schooled. But they may equally harden their yokel's belief that cover is just a game of dress-up for people who never managed to take acting classes in school.
Cover is multi-layered and can be very sophisticated. There is official cover and non-official cover. There is cover for status and cover for action. There is natural cover and cover within a cover. Cover can be part of a carefully prepared and fully backstopped legend. Good cover takes time to develop, internalize, and put to use. Sound application includes setting traps to detect when one's cover is being questioned, doubted, or blown by the target or by the opposition. Cover and plausibility are eternally conjoined.
Mastering cover means demonstrating the capacity to lead a double life, to take on a purposefully structured identity, and to arrange all one's actions to comport with that identity in the service of a mission. It is no undertaking for the impetuous, or the undisciplined, or the slow-witted.
A serious adversary bent on penetrating a target from the inside pays much more attention to developing the cover of his or her chosen infiltrator than most defenders ever pay to this subject. Superficial grasp of cover by attackers and defenders alike looks no further than appearances. Deep understanding of cover looks at appearances only as a preliminary move to a much bigger end game. An infiltrator with first-rate training and support lives the cover, defying casual exposure. This is why betting the institution’s survival on piercing the cover and spotting the malicious insider makes an inadequate defense. The better the cover, the more important it is to add multiple protective layers which have the effect of reducing the opportunity to strike – even if the adversary’s cover proves flawless. Such tactics are often called opportunity denial measures. This is where a No Dark Corners approach helps defenders offset their adversary's advantage in mastery of cover. (For details on the No Dark Corners approach, see Managing the Insider Threat: No Dark Corners, CRC Press, May 2012. Now available directly via CRC or Amazon.com.)
As for the answer to the first paragraph's question: The quote comes from the 1966 motion picture, Fahrenheit 451, based on Ray Bradbury's science fiction novel about a future where firemen ignite books as part of a larger regimentation of society and suppression of individual freedoms. The context? Training such enforcers to find banned books includes an experienced instructor advising rookies that they will improve their results if they learn to think like their opponents. So, too, is it with cover. The best – if not only – way to even begin to pierce through the cover of an able infiltrator is to start thinking like the opposition.
-- Nick Catrantzos
In the same vein, to expose infiltrators, one must first understand what they do to conceal their hostile intent and how they penetrate one's defenses to make themselves into insiders. One of their best tools is something well-conceived and meticulously inculcated: cover.
What is cover, and how well do defenders understand it? It is much more than the puerile conception of dressing and acting like one's targets. Nothing better gives away the amateur's grasp of cover than the image of a fledgling cop or case officer applying for an undercover assignment by dressing like a scruffy vagrant whose guiding objective is to look outlandishly different from a professional wearing a service uniform or the uniform of convention (a business suit). Such amateurs may eventually be schooled. But they may equally harden their yokel's belief that cover is just a game of dress-up for people who never managed to take acting classes in school.
Cover is multi-layered and can be very sophisticated. There is official cover and non-official cover. There is cover for status and cover for action. There is natural cover and cover within a cover. Cover can be part of a carefully prepared and fully backstopped legend. Good cover takes time to develop, internalize, and put to use. Sound application includes setting traps to detect when one's cover is being questioned, doubted, or blown by the target or by the opposition. Cover and plausibility are eternally conjoined.
Mastering cover means demonstrating the capacity to lead a double life, to take on a purposefully structured identity, and to arrange all one's actions to comport with that identity in the service of a mission. It is no undertaking for the impetuous, or the undisciplined, or the slow-witted.
A serious adversary bent on penetrating a target from the inside pays much more attention to developing the cover of his or her chosen infiltrator than most defenders ever pay to this subject. Superficial grasp of cover by attackers and defenders alike looks no further than appearances. Deep understanding of cover looks at appearances only as a preliminary move to a much bigger end game. An infiltrator with first-rate training and support lives the cover, defying casual exposure. This is why betting the institution’s survival on piercing the cover and spotting the malicious insider makes an inadequate defense. The better the cover, the more important it is to add multiple protective layers which have the effect of reducing the opportunity to strike – even if the adversary’s cover proves flawless. Such tactics are often called opportunity denial measures. This is where a No Dark Corners approach helps defenders offset their adversary's advantage in mastery of cover. (For details on the No Dark Corners approach, see Managing the Insider Threat: No Dark Corners, CRC Press, May 2012. Now available directly via CRC or Amazon.com.)
As for the answer to the first paragraph's question: The quote comes from the 1966 motion picture, Fahrenheit 451, based on Ray Bradbury's science fiction novel about a future where firemen ignite books as part of a larger regimentation of society and suppression of individual freedoms. The context? Training such enforcers to find banned books includes an experienced instructor advising rookies that they will improve their results if they learn to think like their opponents. So, too, is it with cover. The best – if not only – way to even begin to pierce through the cover of an able infiltrator is to start thinking like the opposition.
-- Nick Catrantzos
Saturday, May 12, 2012
When Recovery Cost Exceeds Loss
The aftermath of a library bid-rigging scam illustrates how a success in the eyes of prosecutors may yet result in an extended loss for the victimized organization. As the most recent coverage of this local story by the Sacramento Bee indicates, “Prosecutors want a receiver to look into two houses, two rental properties, seven cars and more than 20 bank accounts in search of $815,000 they say was looted from the Sacramento Public Library Authority by three people, including two former library officials, who were convicted last year in a kickback scheme.” (Details available at http://www.sacbee.com/2012/05/12/4484789/sacramento-library-attempts-recoup.html)
The story of the event is an old, if unremarkable, tribute to avarice. Two public servants abused their respective positions of facilities director and security director to operate a scheme where they rigged bids for contracted work to pad prices in exchange for kickbacks. A third crony, the security director’s wife, operated the billing service which generated padded invoices. The case itself took five years to wind its way through the legal system, resulting in criminal convictions for all three crooks. Meanwhile, at the first hint of being exposed, one of the crooks, the facilities director, did his best to transfer his assets into a trust that would provide at least some insulation from legitimate efforts of the victimized library system to recover its stolen funds.
So far, so good. Authorities who followed up on the whistle-blower information that led to the arrest and conviction of the crooks in question may declare victory and administer well-deserved pats on the back for their public service. This service contributed to the larger public security objective of proving that crime does not pay and of criminal convictions that are sending all three embezzlers to jail for several years. Why, then, would the taste of victory elude the victimized library system? The answer lurks towards the end of the article in a little note about the cost of hiring a receiver to facilitate asset recovery.
At $300 an hour, the receiver’s billings may easily eclipse the library’s losses – regardless of whether this effort ends up yielding all or even a portion of the original $815,000. Calculate it this way. Receivers exercise significant authority in administering the affairs of the entity or interests assigned to their care. Their work can and does frequently extend over years, not hours or days. If a receiver is an attorney or judge, $300 looks like a good deal, as billing rates go. However, what has to happen for this work to bear fruit? Someone has to track down assets, which often begins with the more mundane kind of search in which certain investigators and court-records experts specialize. In this particular case, there may well be enough work to employ two people at half-time for a year. This works out to 20 hours per person, times 2, for at least 50 weeks. And this is a conservative projection, amounting to 2,000 hours. Such talent may normally charge $75 an hour, but expect the billing rate to remain $300, which brings the working total to $600,000 in billable fees for just the first year. But wait, there is more. The attorney or other senior individual overseeing this work must also bill to this effort – legitimately so – for things like case management and directing of searches, interpretation of results, and ongoing reporting to the court that appointed the receiver in the first place. Conservatively, then, this means at least another 20 hours per month for case management at $300 an hour. This makes up another 240 hours (or $72,000) to add to the working total. Result? The first year ends up costing at least $672,000 – regardless of how much of the original $815,000 has been recovered. The more complicated the sheltering of assets by the crooks, the more difficult and time-consuming it will be for the receiver to lay hands on them. Consequently, this process is likely to extend well past one year. Look at how long it took to get to this point from the initial legal action in 2007. At this rate of work and expenditure, by the end of Year 2, the recovery process may well have cost $1,344,000 (which is $672,000 times 2) for an unguaranteed recovery of $815,000.
Alternatively, one can argue that it would have been much more cost effective for all individuals involved in library facility contracting to have done their jobs properly, including paying close attention to contracting and independent periodic audits to detect early signs of foul play. If the people who should have done this did not perform this function, then they were stealing their paychecks. And one could argue that they owe the library system recompense. Perhaps it would be too impractical or too difficult to seek this form of restitution. How about garnishing the retirement checks of the two library officials while they are serving time? If they have comfortable public pensions (since both are now at least 65), then the incarcerated facilities director and security director could well be receiving annual payouts of $100,000 or more. Given their prison sentences of 5 and 14 years, garnishing these pensions while the two directors serve just 10 years between them as guests of the state would average $500,000 from each, with a total of $1,000,000. This sum represents almost $200,000 more than the amount of the loss they inflicted. Under the circumstances, it would appear more beneficial to the victimized library to go after the pensions this way than to take on the uncertain return of receivership.
It may feel better to undergo the travail of retrieving ill-gotten gains of these crooks, but the effort may be out of all proportion to the expense. Alternatively, the more unspectacular option of finding a way to garnish their pensions – even if only for the time that they spend behind bars – would yield better and more certain returns. Either way, the societal message remains transmitted that this crime did not pay after all.
-- Nick Catrantzos
The story of the event is an old, if unremarkable, tribute to avarice. Two public servants abused their respective positions of facilities director and security director to operate a scheme where they rigged bids for contracted work to pad prices in exchange for kickbacks. A third crony, the security director’s wife, operated the billing service which generated padded invoices. The case itself took five years to wind its way through the legal system, resulting in criminal convictions for all three crooks. Meanwhile, at the first hint of being exposed, one of the crooks, the facilities director, did his best to transfer his assets into a trust that would provide at least some insulation from legitimate efforts of the victimized library system to recover its stolen funds.
So far, so good. Authorities who followed up on the whistle-blower information that led to the arrest and conviction of the crooks in question may declare victory and administer well-deserved pats on the back for their public service. This service contributed to the larger public security objective of proving that crime does not pay and of criminal convictions that are sending all three embezzlers to jail for several years. Why, then, would the taste of victory elude the victimized library system? The answer lurks towards the end of the article in a little note about the cost of hiring a receiver to facilitate asset recovery.
At $300 an hour, the receiver’s billings may easily eclipse the library’s losses – regardless of whether this effort ends up yielding all or even a portion of the original $815,000. Calculate it this way. Receivers exercise significant authority in administering the affairs of the entity or interests assigned to their care. Their work can and does frequently extend over years, not hours or days. If a receiver is an attorney or judge, $300 looks like a good deal, as billing rates go. However, what has to happen for this work to bear fruit? Someone has to track down assets, which often begins with the more mundane kind of search in which certain investigators and court-records experts specialize. In this particular case, there may well be enough work to employ two people at half-time for a year. This works out to 20 hours per person, times 2, for at least 50 weeks. And this is a conservative projection, amounting to 2,000 hours. Such talent may normally charge $75 an hour, but expect the billing rate to remain $300, which brings the working total to $600,000 in billable fees for just the first year. But wait, there is more. The attorney or other senior individual overseeing this work must also bill to this effort – legitimately so – for things like case management and directing of searches, interpretation of results, and ongoing reporting to the court that appointed the receiver in the first place. Conservatively, then, this means at least another 20 hours per month for case management at $300 an hour. This makes up another 240 hours (or $72,000) to add to the working total. Result? The first year ends up costing at least $672,000 – regardless of how much of the original $815,000 has been recovered. The more complicated the sheltering of assets by the crooks, the more difficult and time-consuming it will be for the receiver to lay hands on them. Consequently, this process is likely to extend well past one year. Look at how long it took to get to this point from the initial legal action in 2007. At this rate of work and expenditure, by the end of Year 2, the recovery process may well have cost $1,344,000 (which is $672,000 times 2) for an unguaranteed recovery of $815,000.
Alternatively, one can argue that it would have been much more cost effective for all individuals involved in library facility contracting to have done their jobs properly, including paying close attention to contracting and independent periodic audits to detect early signs of foul play. If the people who should have done this did not perform this function, then they were stealing their paychecks. And one could argue that they owe the library system recompense. Perhaps it would be too impractical or too difficult to seek this form of restitution. How about garnishing the retirement checks of the two library officials while they are serving time? If they have comfortable public pensions (since both are now at least 65), then the incarcerated facilities director and security director could well be receiving annual payouts of $100,000 or more. Given their prison sentences of 5 and 14 years, garnishing these pensions while the two directors serve just 10 years between them as guests of the state would average $500,000 from each, with a total of $1,000,000. This sum represents almost $200,000 more than the amount of the loss they inflicted. Under the circumstances, it would appear more beneficial to the victimized library to go after the pensions this way than to take on the uncertain return of receivership.
It may feel better to undergo the travail of retrieving ill-gotten gains of these crooks, but the effort may be out of all proportion to the expense. Alternatively, the more unspectacular option of finding a way to garnish their pensions – even if only for the time that they spend behind bars – would yield better and more certain returns. Either way, the societal message remains transmitted that this crime did not pay after all.
-- Nick Catrantzos
Wednesday, May 2, 2012
Calibrating Military Force between Nation-Building and Whack-a-Mole
Effective national security demands reasoning out how and when to use the military, which also requires knowing one's enemy.
In the Wall Street Journal’s “Al Qaeda Is Far From Defeated” (retrieved April 30, 2012 from http://online.wsj.com/article/SB10001424052702304723304577369780858510366.html?KEYWORDS=seth+jones), Seth Jones stakes out the position that Al Qaeda is not only not dead but hardly even resting. He makes a compelling argument. But where the essay contrasts Director of National Intelligence James Clapper when citing the latter’s claim that Al Qaeda is largely a symbolic threat at this point, there is less support for Jones’ position than a casual reading suggests. Why? Clapper and Jones are both right.
To frame Clapper’s comment in a larger context, just because a terrorist organization is thwarted in directly carrying out its previously notorious strikes, this does not automatically eliminate its threat potential. Indeed national, even global, movements thrive on the symbolic as a unifying force and spur to action in the face of shifting odds. Were Christians in the Roman arena not sustained by their symbolic and otherwise futile opposition to an apparently indomitable, ruling adversary? History is full of instances where saints and rogues were once dismissed as inconsequential underdogs sustained only by a threadbare, symbolic remonstrance. And yet, some of them prevailed. Witness Gandhi and Walesa to epitomize civilized sabotage, or Castro and Khomeini to exemplify more cutthroat regime change. Before ascending to positions of consequence, any of these figures could have just as easily been dismissed as a fringe character offering only symbolic menace to the prevailing order.
America leads the world in advertising, social media creation, and sensory image manipulation – that is, in most of the instruments of hype that rage through the world like a pestilence. Unsurprisingly, we Americans exaggerate for effect. It heightens contrast and makes our choices easier. Small wonder then that, in political campaigns, nuance takes a backseat to demonizing the opposition while lionizing our own team and camp. So, in a nation that favors bold contrasts, the overpowering tendency is to cast every major decision and, soon, major policy options in extremes that define the endpoints of a pendulum’s arc as it swings from one position to its opposite.
How does this weakness for extremes apply when employing our military as instrument of diplomacy or weapon to fight terrorism? It manifests itself in endless oscillation between the kind of nation-building that our Iraq war represented and the whack-a-mole approach we used when initially subduing the Taliban and Al Qaeda when first taking the fight to Afghanistan.
Relative success of either option, in the long term, is something for future historians to gauge and analyze and dissect for microscopic examination or debate. Meanwhile, what do we do with the military under such circumstances, before all the results of this examination are in? We either try one option or the other. Over time, the American pattern is to try one option, then the other. And it seems to make little difference which we try first.
The more satisfying, at least on its surface, is the whack-a-mole alternative. Thanks to mature, competent special forces (e.g. Navy SEALs) backed by superior military technology (e.g. Predator drones and precision munitions), the U.S. commands an impressive capacity for obliterating identifiable villains. Thus, once riled, we like to strike back and to make it count.
Now there’s the rub: making it count. First, in today’s battle space, not all adversaries make themselves identifiable as state-supported actors operating within a precise geographical footprint for us to target. When they do oblige, to be sure, SEALs and drones alter enemy life expectancies and freedom of maneuver.
There is a second frustration with the whack-a-mole approach. Part of it traces to this “symbolic” residue. We invariably agonize over the possibility that whacking even our sworn adversaries may only treat the symptom while aggravating the disease. And this worry, in turn, paves the way for the urge to engage in nation-building.
Nation-building is broad in scope, hence less achievable than traditional military objectives like taking high ground or defending a castle from frontal attack. Nation-building takes colossal investments of people, time, and resources. It is no simple task to bring popular elections to a downtrodden population whose tribal history has only taught subjugation to one warlord until a stronger one takes his place. Such nation-building goals require foundational steps along the way, most of which lack a traditional military stamp, such as promotion of literacy, formulation of political coalitions, fostering of public communications, and development of infrastructure to support connectivity with the larger world that transcends the boundaries of tribe and village, feud and tradition. Meanwhile, this effort also requires active, ongoing thug suppression to keep gradual processes from being negated by rascals, profiteers, and whatever armed brutes and predators rage otherwise unchecked throughout the landscape in native guise.
The frustrations of nation-building are many, but two of the most chronically insoluble must surely be metrics and sustainability.
The metrics dilemma bedevils a military leader no less than it would any business executive. It is one thing to capture enemy ground or defeat an enemy brigade, quite another to safely declare that democratic institutions have finally taken root. So, how much nation-building is enough? How do we tell we are winning, let alone when we are done?
The sustainability dilemma is equally enervating. If the only apparent progress in nation-building remains indelibly linked to the presence of American troops, then how long do we stay to perform duties ranging from infrastructure support to thug suppression? Moreover, what kind of victory can we claim if conditions revert to Darwinian tribal hegemony as soon as our troops withdraw? To make matters worse, at what point in a long engagement do we create our own diminishing returns by overstaying our welcome? At some point, as Iraq and, to a lesser and more gradual extent, Okinawa have shown, any foreign military force grows unpopular over time. In Iraq, Americans went from welcome liberators to unwanted foreign occupiers. Invariably, if conditions deteriorate, few scapegoats rival a foreign occupying force to blame for everything that goes wrong. And it makes little difference whether our military acts with the same discipline and focus today as it did yesterday, at the outbreak of hostilities. Meanwhile, nation-building draws troops more and more into unfamiliar territory that most workers would regard as laboring outside of their skill, purview, or competence. Nor is it possible to reformat troops like hard drives, because they cannot forsake traditional military duties without risking their lives. On the one hand, nation-building requires them to extend fraternal assistance to strangers and the disadvantaged. On the other hand, survival requires them to dodge traps, improvised explosives, and gunfire directed at them by adversaries indistinguishable from the people the troops are trying to help.
All of this brings us back to the situation now confronting Mr. Jones, General Clapper, and American policy for military deployments. Jones argues the folly of running out of the Middle East prematurely, which may be interpreted as a call for ongoing nation-building. America’s fatigue with the cost and uncertain return on investment for nation-building would appear to signal an unyielding swing of the pendulum into what has now become its unmistakable arc and endpoint. Back we go to whack-a-mole mode, where what magnifies the allure is a visible saving of resources as long as no actual whacking is in progress. So we wait, as needed, although Jones is right to raise an eyebrow at how transplanting expeditionary forces from Afghanistan or Iraq to Australia makes sense if, as seems to be the case, the moles most likely to qualify for whacking are more likely to emerge from the Near East than the Far East.
These pendulum-friendly strategies no longer constitute a problem so much as a predicament. They are institutionalized options almost capable of operating on autopilot. What distinguishes them from problems, as Richard Farson once proposed in his nonfiction Management of the Absurd, is that they are situations that demand a larger frame to appreciate deeper, predictable causes that require more than analytic thinking to handle. Indeed predicaments require interpretive thinking, of the kind that would discern this cyclical pattern of swinging from one military role to the next. Absent such interpretive thinking, one may only wonder if America’s use of the military in efforts to counter terrorism is destined to get worse before it gets better.
-- Nick Catrantzos
In the Wall Street Journal’s “Al Qaeda Is Far From Defeated” (retrieved April 30, 2012 from http://online.wsj.com/article/SB10001424052702304723304577369780858510366.html?KEYWORDS=seth+jones), Seth Jones stakes out the position that Al Qaeda is not only not dead but hardly even resting. He makes a compelling argument. But where the essay contrasts Director of National Intelligence James Clapper when citing the latter’s claim that Al Qaeda is largely a symbolic threat at this point, there is less support for Jones’ position than a casual reading suggests. Why? Clapper and Jones are both right.
To frame Clapper’s comment in a larger context, just because a terrorist organization is thwarted in directly carrying out its previously notorious strikes, this does not automatically eliminate its threat potential. Indeed national, even global, movements thrive on the symbolic as a unifying force and spur to action in the face of shifting odds. Were Christians in the Roman arena not sustained by their symbolic and otherwise futile opposition to an apparently indomitable, ruling adversary? History is full of instances where saints and rogues were once dismissed as inconsequential underdogs sustained only by a threadbare, symbolic remonstrance. And yet, some of them prevailed. Witness Gandhi and Walesa to epitomize civilized sabotage, or Castro and Khomeini to exemplify more cutthroat regime change. Before ascending to positions of consequence, any of these figures could have just as easily been dismissed as a fringe character offering only symbolic menace to the prevailing order.
America leads the world in advertising, social media creation, and sensory image manipulation – that is, in most of the instruments of hype that rage through the world like a pestilence. Unsurprisingly, we Americans exaggerate for effect. It heightens contrast and makes our choices easier. Small wonder then that, in political campaigns, nuance takes a backseat to demonizing the opposition while lionizing our own team and camp. So, in a nation that favors bold contrasts, the overpowering tendency is to cast every major decision and, soon, major policy options in extremes that define the endpoints of a pendulum’s arc as it swings from one position to its opposite.
How does this weakness for extremes apply when employing our military as instrument of diplomacy or weapon to fight terrorism? It manifests itself in endless oscillation between the kind of nation-building that our Iraq war represented and the whack-a-mole approach we used when initially subduing the Taliban and Al Qaeda when first taking the fight to Afghanistan.
Relative success of either option, in the long term, is something for future historians to gauge and analyze and dissect for microscopic examination or debate. Meanwhile, what do we do with the military under such circumstances, before all the results of this examination are in? We either try one option or the other. Over time, the American pattern is to try one option, then the other. And it seems to make little difference which we try first.
The more satisfying, at least on its surface, is the whack-a-mole alternative. Thanks to mature, competent special forces (e.g. Navy SEALs) backed by superior military technology (e.g. Predator drones and precision munitions), the U.S. commands an impressive capacity for obliterating identifiable villains. Thus, once riled, we like to strike back and to make it count.
Now there’s the rub: making it count. First, in today’s battle space, not all adversaries make themselves identifiable as state-supported actors operating within a precise geographical footprint for us to target. When they do oblige, to be sure, SEALs and drones alter enemy life expectancies and freedom of maneuver.
There is a second frustration with the whack-a-mole approach. Part of it traces to this “symbolic” residue. We invariably agonize over the possibility that whacking even our sworn adversaries may only treat the symptom while aggravating the disease. And this worry, in turn, paves the way for the urge to engage in nation-building.
Nation-building is broad in scope, hence less achievable than traditional military objectives like taking high ground or defending a castle from frontal attack. Nation-building takes colossal investments of people, time, and resources. It is no simple task to bring popular elections to a downtrodden population whose tribal history has only taught subjugation to one warlord until a stronger one takes his place. Such nation-building goals require foundational steps along the way, most of which lack a traditional military stamp, such as promotion of literacy, formulation of political coalitions, fostering of public communications, and development of infrastructure to support connectivity with the larger world that transcends the boundaries of tribe and village, feud and tradition. Meanwhile, this effort also requires active, ongoing thug suppression to keep gradual processes from being negated by rascals, profiteers, and whatever armed brutes and predators rage otherwise unchecked throughout the landscape in native guise.
The frustrations of nation-building are many, but two of the most chronically insoluble must surely be metrics and sustainability.
The metrics dilemma bedevils a military leader no less than it would any business executive. It is one thing to capture enemy ground or defeat an enemy brigade, quite another to safely declare that democratic institutions have finally taken root. So, how much nation-building is enough? How do we tell we are winning, let alone when we are done?
The sustainability dilemma is equally enervating. If the only apparent progress in nation-building remains indelibly linked to the presence of American troops, then how long do we stay to perform duties ranging from infrastructure support to thug suppression? Moreover, what kind of victory can we claim if conditions revert to Darwinian tribal hegemony as soon as our troops withdraw? To make matters worse, at what point in a long engagement do we create our own diminishing returns by overstaying our welcome? At some point, as Iraq and, to a lesser and more gradual extent, Okinawa have shown, any foreign military force grows unpopular over time. In Iraq, Americans went from welcome liberators to unwanted foreign occupiers. Invariably, if conditions deteriorate, few scapegoats rival a foreign occupying force to blame for everything that goes wrong. And it makes little difference whether our military acts with the same discipline and focus today as it did yesterday, at the outbreak of hostilities. Meanwhile, nation-building draws troops more and more into unfamiliar territory that most workers would regard as laboring outside of their skill, purview, or competence. Nor is it possible to reformat troops like hard drives, because they cannot forsake traditional military duties without risking their lives. On the one hand, nation-building requires them to extend fraternal assistance to strangers and the disadvantaged. On the other hand, survival requires them to dodge traps, improvised explosives, and gunfire directed at them by adversaries indistinguishable from the people the troops are trying to help.
All of this brings us back to the situation now confronting Mr. Jones, General Clapper, and American policy for military deployments. Jones argues the folly of running out of the Middle East prematurely, which may be interpreted as a call for ongoing nation-building. America’s fatigue with the cost and uncertain return on investment for nation-building would appear to signal an unyielding swing of the pendulum into what has now become its unmistakable arc and endpoint. Back we go to whack-a-mole mode, where what magnifies the allure is a visible saving of resources as long as no actual whacking is in progress. So we wait, as needed, although Jones is right to raise an eyebrow at how transplanting expeditionary forces from Afghanistan or Iraq to Australia makes sense if, as seems to be the case, the moles most likely to qualify for whacking are more likely to emerge from the Near East than the Far East.
These pendulum-friendly strategies no longer constitute a problem so much as a predicament. They are institutionalized options almost capable of operating on autopilot. What distinguishes them from problems, as Richard Farson once proposed in his nonfiction Management of the Absurd, is that they are situations that demand a larger frame to appreciate deeper, predictable causes that require more than analytic thinking to handle. Indeed predicaments require interpretive thinking, of the kind that would discern this cyclical pattern of swinging from one military role to the next. Absent such interpretive thinking, one may only wonder if America’s use of the military in efforts to counter terrorism is destined to get worse before it gets better.
-- Nick Catrantzos
Wednesday, April 18, 2012
Harebrained Analysis and Expert Folly
The real problem with the scientific limits of analytical technique is not imperfection. Reputable analysts and proficient investigators acknowledge their limits. It is why mature professionals look for corroboration and prefer aggregating evidence from multiple sources instead of depending exclusively on a single, smoking-gun bit of proof. The latter is much too elusive in the real world, no matter how recurrent and dramatic its appearance in fictional crime drama.
No, the real problem is a system that inclines expert analysts to exaggerate certainty under oath, lending an air of infallibility to what should remain open to question in the absence of supporting evidence.
It does not help that this flaw may result from the best of motives. As Spencer Hsu’s Washington Post article points out (available at
http://www.washingtonpost.com/local/crime/convicted-defendants-left-uninformed-of-forensic-flaws-found-by-justice-dept/2012/04/16/gIQAWTcgMT_story.html), microscopic hair analysis from an FBI laboratory was chronically, scientifically suspect yet decisive in leading to convictions of individuals subsequently exonerated by better DNA evidence. These cases involving hair analysis preceded today’s DNA matching techniques.
Hsu’s article strikes enough balance to arm FBI bashers and supporters alike. On the one hand, it cites deficient lab protocols and limited scientific reliability of microscopic hair analysis to conclusively put a given suspect at a crime scene. On the other hand, Hsu includes context and a reasoned explanation from an FBI source who averred that the Bureau was doing the best it could with the tools available at the time.
A larger question, also posed in the article, reflects more negatively on the legal profession than on law enforcement. Specifically, it appears that the FBI came forward with unflattering discoveries about flawed evidence, delivering this information to prosecuting attorneys who had won associated convictions. Some prosecutors acted on this information to initiate reviews of tainted convictions, or at least to advise defense attorneys involved in those cases of this recent turn of events. Others, however, kept the embarrassing information on closer hold, with the inevitable result that some people who appeared to be wrongfully convicted continued to serve prison time past a point where they could have been set free.
Lab protocols and questionable science will no doubt merit painstaking scrutiny in this aftermath. The more systemic folly in the eye of a security practitioner, however, is what appears to be an almost irresistible tendency for experts to magnify the infallibility of their expertise. Consider this example:
• An FBI expert testifying on a hair match that ultimately proved erroneous claimed that his hair matching had been unsuccessful only 8-10 times in thousands of cases that he had worked on over the course of 10 years.
• Another FBI scientist whose case ultimately proved flawed told jurors that he routinely relied on 15 characteristics in matching hair samples to an individual when, in reality, his lab notes revealed he had only measured 3 characteristics of the hair in this particular case.
The problem is two-fold. First, under a full head of steam, the expert exaggerates the validity of his or her expertise by offering dogmatic, convincing opinions in the guise of fact. Second, exaggerated claims of expert infallibility meet with insufficient challenge. Here it is the defense attorney and judge who must share responsibility for resulting injustice in convictions.
Under the circumstances, here follows a prescription for corrective actions on the part of the various principals.
EXPERT: Stick to the facts, and render them into plain language without argot or embroidery to suggest that your analytical tools yield infallible proof.
INVESTIGATOR: Resist the twin forces of confirmation bias and indolence. Corroborate. Investigate fully. Do your entire job, instead of relying solely on the expert to do it for you.
PROSECUTOR: Honor the ethics of your office and profession by not concealing exculpatory evidence. Do not manipulate juries with arcane but scientifically questionable data and testimony that should be open to fair scrutiny rather than presented as incontestable fact.
DEFENSE ATTORNEY: Do your homework in probing validity of evidence and in uncovering fallacies of one-sided pronouncements of experts. Do not let experts get away with inflated claims of success or validity. Probe behind the percentages and success rates. Ask for evidence backing such claims.
JUDGE: Keep the playing field level, compelling prosecution, defense, and expert witnesses to communicate in plain language. Do not let them slide into impenetrable jargon calculated to overwhelm juries and suggest infallibility that does not exist. Keep the burden for making evidence on the advocates, without allowing either side to offer up tomes of incomprehensible data that no mortal should have to decipher.
JURY: Beware the CSI effect, of the increasingly popular trend to make a case exclusively on impressive-looking or impressive-sounding techniques that are not explained to your satisfaction.
FOR ALL: Whether the analytical tool is hair, DNA evidence, or any other forensic advance, remember that a tool has its value and also its limitations. It should be a part of a complete investigation, not a substitute for a full body of evidence. Beware of any claim that over relies on a single tool.
-- Nick Catrantzos
No, the real problem is a system that inclines expert analysts to exaggerate certainty under oath, lending an air of infallibility to what should remain open to question in the absence of supporting evidence.
It does not help that this flaw may result from the best of motives. As Spencer Hsu’s Washington Post article points out (available at
http://www.washingtonpost.com/local/crime/convicted-defendants-left-uninformed-of-forensic-flaws-found-by-justice-dept/2012/04/16/gIQAWTcgMT_story.html), microscopic hair analysis from an FBI laboratory was chronically, scientifically suspect yet decisive in leading to convictions of individuals subsequently exonerated by better DNA evidence. These cases involving hair analysis preceded today’s DNA matching techniques.
Hsu’s article strikes enough balance to arm FBI bashers and supporters alike. On the one hand, it cites deficient lab protocols and limited scientific reliability of microscopic hair analysis to conclusively put a given suspect at a crime scene. On the other hand, Hsu includes context and a reasoned explanation from an FBI source who averred that the Bureau was doing the best it could with the tools available at the time.
A larger question, also posed in the article, reflects more negatively on the legal profession than on law enforcement. Specifically, it appears that the FBI came forward with unflattering discoveries about flawed evidence, delivering this information to prosecuting attorneys who had won associated convictions. Some prosecutors acted on this information to initiate reviews of tainted convictions, or at least to advise defense attorneys involved in those cases of this recent turn of events. Others, however, kept the embarrassing information on closer hold, with the inevitable result that some people who appeared to be wrongfully convicted continued to serve prison time past a point where they could have been set free.
Lab protocols and questionable science will no doubt merit painstaking scrutiny in this aftermath. The more systemic folly in the eye of a security practitioner, however, is what appears to be an almost irresistible tendency for experts to magnify the infallibility of their expertise. Consider this example:
• An FBI expert testifying on a hair match that ultimately proved erroneous claimed that his hair matching had been unsuccessful only 8-10 times in thousands of cases that he had worked on over the course of 10 years.
• Another FBI scientist whose case ultimately proved flawed told jurors that he routinely relied on 15 characteristics in matching hair samples to an individual when, in reality, his lab notes revealed he had only measured 3 characteristics of the hair in this particular case.
The problem is two-fold. First, under a full head of steam, the expert exaggerates the validity of his or her expertise by offering dogmatic, convincing opinions in the guise of fact. Second, exaggerated claims of expert infallibility meet with insufficient challenge. Here it is the defense attorney and judge who must share responsibility for resulting injustice in convictions.
Under the circumstances, here follows a prescription for corrective actions on the part of the various principals.
EXPERT: Stick to the facts, and render them into plain language without argot or embroidery to suggest that your analytical tools yield infallible proof.
INVESTIGATOR: Resist the twin forces of confirmation bias and indolence. Corroborate. Investigate fully. Do your entire job, instead of relying solely on the expert to do it for you.
PROSECUTOR: Honor the ethics of your office and profession by not concealing exculpatory evidence. Do not manipulate juries with arcane but scientifically questionable data and testimony that should be open to fair scrutiny rather than presented as incontestable fact.
DEFENSE ATTORNEY: Do your homework in probing validity of evidence and in uncovering fallacies of one-sided pronouncements of experts. Do not let experts get away with inflated claims of success or validity. Probe behind the percentages and success rates. Ask for evidence backing such claims.
JUDGE: Keep the playing field level, compelling prosecution, defense, and expert witnesses to communicate in plain language. Do not let them slide into impenetrable jargon calculated to overwhelm juries and suggest infallibility that does not exist. Keep the burden for making evidence on the advocates, without allowing either side to offer up tomes of incomprehensible data that no mortal should have to decipher.
JURY: Beware the CSI effect, of the increasingly popular trend to make a case exclusively on impressive-looking or impressive-sounding techniques that are not explained to your satisfaction.
FOR ALL: Whether the analytical tool is hair, DNA evidence, or any other forensic advance, remember that a tool has its value and also its limitations. It should be a part of a complete investigation, not a substitute for a full body of evidence. Beware of any claim that over relies on a single tool.
-- Nick Catrantzos
Wednesday, April 11, 2012
Even Crooks Link Timeliness to Intelligence
This is a vivid example of how to apply intelligence usefully, but only if reacting in time. The application is criminal. It is predatory. It is even carried out by villains unlikely to have had the benefit of federal grants or seminars promoting fusion centers and hire of intelligence analysts. Even so, at least the crooks exploiting this intelligence recognize that, unlike brandy, intelligence cheapens with age. Consider the story and the unstated contrast with how bureaucracy would approach the same situation.
What is Happening: Crooks Exploit a Novel Indicator
Burglars who focus on loot with minimal risk know that striking an occupied residence is a bad idea. Risks of apprehension and confrontation skyrocket. Then, if the burglar breaks in armed, the event can easily escalate into a violent crime that spells stiffer penalties and a greater chance of someone getting hurt. Unsurprisingly, proficient burglars prefer to strike when the home or business is unoccupied. To improve their odds, though, Seattle burglars have struck on the tactic of breaking into cars parked at movie theaters, breaking into those cars to grab vehicle registrations, and then burglarizing the homes at addresses reflected on the vehicle registrations. According to the related press report (available at
abcnews.go.com/US/stolen-car-registrations-lead-thieves-empty-homes-owners/story?id=16108396 ), these burglars calculate that they have a good two-hour window to strike unoccupied homes before the victims return from a night out. This tactic gives burglars the advantage of striking during the hours of darkness, when it is easier to remain undetected, while also targeting an unoccupied residence.
What If Tables Turned?
What if a government bureaucracy were contending with trying to take in and act on intelligence like this within two hours? That's right. The time elapsed from obtaining the intelligence that a homeowner is away from home and occupied elsewhere, then acting on that intelligence to go to the unoccupied home and clean it out -- all this has to take place within two hours. Would the bureaucratic organization be able to act so quickly? Let's see. First, there would have to be a special squad with training, equipment, and overtime to set up surveillance on movie theater parking lots. Next, there would have to be special funding to underwrite acquisition of license plate cameras and software, along with connectivity to a special database and a related crime analyst to process that data in order to harvest those residential addresses. Then there would need to be a separate, mobile team specialized in clandestine entry. Naturally, to coordinate the efforts of the surveillance and entry teams, there would need to be a management element, operating out of a specially designed command center. That center would need electronic pin maps to display vehicles and residences, as well as video feeds and wall-sized monitors to show street views of relevant information in real time. Soon, the squad balloons into a platoon, and the platoon into a regiment. With all those people participating in the effort, conditions call for setting up a task force which, owing to the specialization required for optimum performance, ends up becoming one of those temporary activities that turns permanent -- at least as long as funding is available. Unfortunately, though, the abundance of resources and specialists and managerial overseers now makes it impossible to act on any intelligence in only two hours. Consequently, the bureaucracy now needs to deploy a specially trained stall team to engage the targeted movie-goers by staging an accident or contriving some kind of distraction that will delay their return to the unoccupied residence.
Results-Focused Contrast
By contrast, the crooks can do it all with lower staffing, or even just one person. More realistically, the practical skeleton crew would probably involve no fewer than two people: one behind the wheel to serve at lookout and getaway driver, and the other to smash into cars and grab registrations. Then the two drive to the target residence or residences and speed through the burglary. Both probably operate without a budget for exotic electronics and tie-ins to command centers to assist with target selection. Instead, they concentrate on hitting expensive-looking cars that were driven to the movie-theater by people wearing expensive clothes. The more they strike, the more they refine their target-selection protocols. These energetic Davids make up in alacrity and boldness what their more cumbersome Goliaths in bureaucracy only approximate through big budgets, over specialization, and lack of imagination.
Is this comparison exaggerated? Perhaps. Far-fetched? Not necessarily. Sometimes a tighter focus on results trumps the bureaucracy's inherent tendencies to magnify, complicate, and embellish.
- Nick Catrantzos
What is Happening: Crooks Exploit a Novel Indicator
Burglars who focus on loot with minimal risk know that striking an occupied residence is a bad idea. Risks of apprehension and confrontation skyrocket. Then, if the burglar breaks in armed, the event can easily escalate into a violent crime that spells stiffer penalties and a greater chance of someone getting hurt. Unsurprisingly, proficient burglars prefer to strike when the home or business is unoccupied. To improve their odds, though, Seattle burglars have struck on the tactic of breaking into cars parked at movie theaters, breaking into those cars to grab vehicle registrations, and then burglarizing the homes at addresses reflected on the vehicle registrations. According to the related press report (available at
abcnews.go.com/US/stolen-car-registrations-lead-thieves-empty-homes-owners/story?id=16108396 ), these burglars calculate that they have a good two-hour window to strike unoccupied homes before the victims return from a night out. This tactic gives burglars the advantage of striking during the hours of darkness, when it is easier to remain undetected, while also targeting an unoccupied residence.
What If Tables Turned?
What if a government bureaucracy were contending with trying to take in and act on intelligence like this within two hours? That's right. The time elapsed from obtaining the intelligence that a homeowner is away from home and occupied elsewhere, then acting on that intelligence to go to the unoccupied home and clean it out -- all this has to take place within two hours. Would the bureaucratic organization be able to act so quickly? Let's see. First, there would have to be a special squad with training, equipment, and overtime to set up surveillance on movie theater parking lots. Next, there would have to be special funding to underwrite acquisition of license plate cameras and software, along with connectivity to a special database and a related crime analyst to process that data in order to harvest those residential addresses. Then there would need to be a separate, mobile team specialized in clandestine entry. Naturally, to coordinate the efforts of the surveillance and entry teams, there would need to be a management element, operating out of a specially designed command center. That center would need electronic pin maps to display vehicles and residences, as well as video feeds and wall-sized monitors to show street views of relevant information in real time. Soon, the squad balloons into a platoon, and the platoon into a regiment. With all those people participating in the effort, conditions call for setting up a task force which, owing to the specialization required for optimum performance, ends up becoming one of those temporary activities that turns permanent -- at least as long as funding is available. Unfortunately, though, the abundance of resources and specialists and managerial overseers now makes it impossible to act on any intelligence in only two hours. Consequently, the bureaucracy now needs to deploy a specially trained stall team to engage the targeted movie-goers by staging an accident or contriving some kind of distraction that will delay their return to the unoccupied residence.
Results-Focused Contrast
By contrast, the crooks can do it all with lower staffing, or even just one person. More realistically, the practical skeleton crew would probably involve no fewer than two people: one behind the wheel to serve at lookout and getaway driver, and the other to smash into cars and grab registrations. Then the two drive to the target residence or residences and speed through the burglary. Both probably operate without a budget for exotic electronics and tie-ins to command centers to assist with target selection. Instead, they concentrate on hitting expensive-looking cars that were driven to the movie-theater by people wearing expensive clothes. The more they strike, the more they refine their target-selection protocols. These energetic Davids make up in alacrity and boldness what their more cumbersome Goliaths in bureaucracy only approximate through big budgets, over specialization, and lack of imagination.
Is this comparison exaggerated? Perhaps. Far-fetched? Not necessarily. Sometimes a tighter focus on results trumps the bureaucracy's inherent tendencies to magnify, complicate, and embellish.
- Nick Catrantzos
Subscribe to:
Posts (Atom)
