March 31 2008 by The Systemic Analyst.

The CIA chief, Michael Hayden, has reportedly told NBC that terrorists are using “operatives that…wouldn’t attract your attention if they were going through the customs line at Dulles  with you.” In other words, the new terrorist will look as Western as any citizen of North America. This should have been expected, particularly after the U.S. began using racial profiling as a border security measure; the next logical step in facilitating the crossing of potential terrorists at borders would be to use people who would never cause a red flag to be raised.

As with previous statements by CIA representatives regarding the vulnerability of power grids in North America, I’m left wondering at the quality of intelligence that they choose to share with the public. It’s as if the organization has been stockpiling the most obvious vulnerabilities or threat adaptations to security measures for release some 4 to 5  years after the bit of ‘intelligence,’ (if something so elementary can even be called that,) should have been news. Is the CIA trying to give the illusion that it is informing the public? Any thinking person should have been able to surmise this change in tactic for moving operatives across borders years ago.

It all comes back to the fundamental problem of using identity as the basis for security measures. Sure, keeping track of law abiding citizens is facilitated by identity management on a national scale; to such people the idea of abusing the system is outside their realm of contemplation. Preventing threats, such as terrorists, from crossing borders with identity based security measures isn’t so likely. In order to stop such a person from passing through a border check point, one would have to be aware that the target in fact poses a threat. Thus, only if the person is known to have committed a crime and can be firmly linked to the identity under which that crime was committed will such a suspect be apprehended.

Of course, an alert and well-trained border guard could detect slight peculiarities in a subject’s behaviour that might tip the agent off, thus escalating the case in the required 60-seconds or less. Our growing penchant for throwing technology at security problems, however, is making this scenario less and less likely all the time as we opt for automated kiosks to scan passports, manned by travellers far from the prying eyes of such adept officials.

Terrorists, and indeed organized criminals, understand how the system works.  In fact, it is generally accepted that such threats are already steps ahead of the security industry - particularly in the use of technology. Organized crime rings have readily adopted advanced technology, just as any other business has, greatly improving the efficiency of their operations. College ICT students have become prime candidates for working with such criminal organizations, particularly in regions where legitimate jobs  in the field are few or compensation is poor. If there is a way to forge hi-tech identity documents, I’m pretty sure that organized crime rings have already figured it out.

It isn’t the technological nature of enhanced identity-based national security measures which presents terrorists and mobsters with an opportunity to breach the walls of Fortress America, however; it’s the inherent flaws of the traditional system. Knowing that the system is designed to detect identifiable threats, i.e. known criminals or people who fit set profiles - for which there is none available for a terrorist - why would any well-organized crime ring send anyone across a border that would raise alarm? They wouldn’t. As a result, look for middle-class, Caucasian North Americans disgruntled by a lack of options, crumbling economy and perhaps with the scars of some distant war to bear as a far more likely candidate for terrorism in the coming years.

All of this, of course, is to say nothing of the other ways in which identity-based border security measures can be breached, which advanced technological solutions have failed to address. Such tactics include bribing a corrupt official to issue a legitimate albeit false identity, establishing an official identity using supporting documents issued to a target but linked to a deceased citizen, and operating under a legitimate identity issued by another state for the purposes of espionage or terrorism.

It makes me wonder what the point of the Chief’s statement are. On one hand, if reading between the lines, Mr. Hayden has admitted that our current identity-based approaches won’t be sufficient for the changing tactics of terrorists. On the other hand, taking his statements at face value, the fact that we know terrorists understand how the system can be breached easily will likely only result in ever-more enhanced traditional security measures; measures that although already evidently not effective for preventive purposes, will undoubtedly come into more widespread use. Indeed, the middle class Caucasian might just have been given a new reason to be screened and monitored, even more than before. 

Posted in Wiretapping & Surveillance, Identity Management, Security Measures, North America, Middle East, Central Asia | No Comments »

March 25 2008 by The Systemic Analyst.

The RCMP decision to publicly release even less information around the use of tasers should come as no surprise. Just ask the simple question, to whom is the RCMP accountable?

Citing privacy concerns and on-going investigations, the RCMP has chosen to begin omitting the following information in public releases on the use of tasers:

• Whether the target was armed;
• The reason for firing the taser;
• What other tactics were employed before firing;
• The dates of firings;
• Related injuries as a result of the firing, including head traumas; and
• The duration of the shock sustained.

Although none of the above appears to be a real breach of privacy, should there be pending law suits there is an argument for the repression of some of the details as they relate to ongoing investigations only.

Such selective releasing of information will do little to help the beleaguered reputation of the RCMP. At a time when the public seems to be demanding ever more accountability from the boys in red, one would think that now, while the organization is being politically pinned up for reforms, that the RCMP would be disclosing more information, not less. Of course, such thinking relies upon the premise that the RCMP is a highly accountable organization with simple processes by which members of the public can ask questions, be answered and see changes to the system as a result. Naturally, not all public demands or requests can be reasonably accommodated given security, judicial or ‘greater good’ situations. However, in such cases a genuine attempt must be made to consider all matters and a viable explanation provided. Unfortunately, despite the very public announcements surrounding moves to reform the RCMP, the measures introduced so far smack of bureaucratic mumbo-jumbo and, as it has been the case across the board in governmental reforms, will do nothing in the end.

Just try to understand the measures enacted to reform the RCMP and your head will start spinning: A new reform council created as a result of a separate task force, applauded by a new commissioner (who to outsiders appears not to be part of the law enforcement establishment) all announced by, quite likely, an unsuspecting minister. It’s like a Canadian episode of “Yes, Minster!” but without the humour.

Let’s begin with the force’s reporting structure. The RCMP, as per the official website ”is headed by the Commissioner, who, under the direction of the Minister of Public Safety Canada, has the control and management of the Force and all matters connected therewith.” You might recall, that in July of 2007, a new commissioner was appointed; a man hailed as being the first person to take on the role with a background from outside of the RCMP. While that might be true, the image promoted of the career bureaucrat, William Elliott, is slightly misleading to those who don’t understand how Canada’s permanent bureaucracy works.

Mr. Elliott first began working in the government at the Office of the Deputy Prime Minister. Joining the Department of Justice in 1992, he worked there until being appointed as Assistant Deputy Minister, Safety and Security, at Transport Canada in 2000. In 2003, Mr. Elliott was made Assistant Secretary to the Cabinet, Security and Intelligence, in which role he supported the National Security Advisor (NSA) to the Prime Minister, until he was himself appointed as the NSA from 2005-2006.

The NSA, interestingly, is guided by the Advisory Council on National Security (ACNS), which in turn is comprised of a series of experts. For example, the current Council, which is chaired by Norman Inkster a former RCMP commissioner and president of Interpol, includes four former high-ranking police officers, four academics, two career bureaucrats and a few private sector representatives.

Thus, the current RCMP commissioner, who was once closely advised by former top-level law enforcement officers, is responsible for the “control and management of the Force and all matters connected therewith.” Mr. Elliott does report publicly to the Minister of Public Safety, Stockwell Day, who as a result is politically held accountable for the RCMP.

Mr. Day, like most of our representatives, is a career politician. As such, he relies on advice and guidance to make decisions on security measures. First among those advisers is a small group of political staff, which works for the minister. Unlike the ministerial offices of the Liberals, the Conservatives employee considerably fewer staff. Often, such advisors might not have experience in the subject matter they are covering and, as the adjective “political” implies, are focused on communications and public affairs.  As a result, these advisors rely upon information put forward by interested parties (read: interest groups), a smattering of concerned citizens and the permanent bureaucracy.

The only other source of information stems from the analysis put forward by non-profit organizations, such as think tanks, associations and universities, all of which receive considerable funding from the various departments and agencies asking for submissions. Furthermore, the new measures that were implemented to make the government more accountable limit those experts, which can be commissioned to conduct analysis and other studies, eliminating any private-sector individuals or organizations from partaking.

There is a propensity within bureaucracy to simply follow the status-quo. Thus, a culture of doing things in certain ways develops which continues unchallenged as all employed by the system are swept along with the bureaucratic tide. It would  also be interesting to see how many bureaucrats employed by the department of Public Safety are former law enforcement, intelligence or military personnel. Having had dealings with the department there appears to be a high rate of turn over between the security establishment and the bureaucracy, which could account for the often law enforcement-oriented security bills that are pushed forward by the permanent bureaucracy. 

The dominance by the law enforcement and intelligence establishment in all matters relating to security is evident in the appointments for the myriad of reform-focused bodies announced by Mr. Day following a series of RCMP scandals.

The Task Force (so called because a costly group of experts is assigned a task with a somewhat predetermined outcome, and thus host consultations to hear what concerns select, invited members of the public have on issues only to ignore what isn’t complementary to their goals in the final report of recommendations) on Governance and Cultural Change in the RCMP was created in July of 2007. Consisting of several former bureaucrats including Norman Inkster (who also advises the NSA, see above), the “Task Force” recommended the creation of yet another body, the RCMP Reform Implementation Council.

Trusting the recommendations put forward by the “Task Force,” Mr. Day recently announced the creation of the new reform council, which members include two private sector representatives, a career bureaucrat, and two former police officers, one being Beverley Busson, former RCMP commissioner and a member of the Advisory Council to the NSA (again see above).

It could be argued that in order to truly understand the issues at hand, these various bodies, boards and departments should have representatives from the law enforcement, intelligence and military communities. Such close ties between those communities and the people responsible for oversight should raise concerns as to how accountable organizations, such as the RCMP, actually are. Is it reasonable to assume that former law enforcement officers are the best source for creating, driving and overseeing security measures?

Of course, many on the inside will point to the oversight bodies that exist to ensure accountability of law enforcement and intelligence agencies. Indeed, as Insp. Troy Lightfoot, who helps oversee RCMP Taser use, said to the press recently “I can tell you that there are many accountability systems in place with regards to police actions. You have the courts, you have coroners’ inquests, you have a multitude of oversight bodies. There is a complaints process that can be followed.”

This oversight process, however, isn’t all it’s cracked up to be. A 2006 report entitled “Civilian Oversight of the RCMP’s National Security Functions” notes that most complaints must first be filed through the RCMP before reaching the Commission. Furthermore, the commission does not have the power to review the RCMP’s duties and functions or put forward binding recommendations that the RCMP would have to follow. In fact, none of the bodies, which provide oversight to our intelligence agencies, the RCMP, CSIS and CSE, have the power to present binding recommendations.

As with the appointed councils and advisors, there is also the question of who is tasked with the responsibility of oversight and review; what sort of background do they have? The current head of the Commission for Public Complaints Against the RCMP is Paul E. Kennedy. His 25-year bureaucratic career includes “roles as General Counsel for the Canadian Security Intelligence Service” or CSIS, after which he provided “expert advice and support to the Minister in relation to law enforcement and national security matters…In May of 2004, following the creation of Public Safety and Emergency Preparedness Canada, Mr. Kennedy was appointed as Senior Assistant Deputy Minister with responsibility for national security and emergency preparedness.” Undoubtedly, Mr. Kennedy has enjoyed the same sources of advice and insight as other high-ranking officials. That being said, Mr. Kennedy is considered to be somewhat a “thorn in the side” of the RCMP as he has been quite vocal on speaking up against the approaches of the organization.

Mr. Kennedy’s predecessor, Shirley Heafey,  hasn’t had much nice to say about her days as head of the Commission. As the Ottawa Citizen reported

“She had a “dreadful” time due to what she called “direct interference” by the Martin government with her independent role.

In allegations denied by former government officials, Ms. Heafey said she and her office were audited “to death” and there was an effort to forestall a public hearing by her commission into allegations that the Mounties covered up sexual abuse by an RCMP staff sergeant at the now-defunct Kingsclear youth training centre in New Brunswick.”

The political climate, and the high-level executives in the public service, really made my life extremely difficult,” she says in an exclusive interview with The Lawyers Weekly.”

The deputy prime minister’s office and the people in the Privy Council Office were quite concerned about the fact that I had to say what I had to say.”

Ms. Heafey contended “they made a lot of requests to me about the work I was doing (and) you know you don’t challenge the RCMP without accepting that you may have to pay a price. They are a national icon … and the government, in the last two years under Mr. (then-prime minister Paul) Martin, was very touchy about some of the things I did. They were trying to remind me to shut up.”

The Executive Director of the Security and Intelligence Review committee or SIRC leads all review of CSIS activities. The current Executive Director,Susan Pollak, began her career with another intelligence agency, CSE, moving to the Privy Council in 1984 and becoming the Principal advisor to the Deputy Clerk on Security and Intelligence in 1987.

The only current Commissioner responsible for any oversight of our intelligence and security agencies who doesn’t appear to have any direct background with the law enforcement or intelligence communities is Charles D. Gonthier. The current CSE Commissioner is an 80-year old lawyer from Quebec.

I suppose that at least some review is better than none. The Canada Border Services Agency, which will be increasingly collecting information on Canadian citizens as we move towards hi-tech identity documents, has no review mechanism according to the report.

And so there it is. The RCMP decides to release less information at the very time they are supposedly being pressed to be more transparent. Only, the people appointed to the unending layers of bureaucracy that are the commissions, task forces, councils, boards, departments and offices responsible for such reforms are often experts with a distinguished career inside law enforcement or intelligence agencies or are informed and advised by such people. Thus, instead of acting the part and appearing to be a changing organization coping with its issues, the RCMP behaves as it increasingly has – we are the law, if you’re not with us, you’re against us.

This isn’t a RCMP-specific problem, either. It’s more an endemic problem we are facing with a growing bureaucracy in this country. Until we begin to look at issues in security from a systemic perspective, which must include an assessment of the role of bureaucracy in developing, implementing and overseeing security measures, we will continue to have serious issues.  

As I mentioned in an article last week, the tradition of keeping the security profession a closed-in, insular looking field will negatively impact our state of security long-term. A stale bureaucratic outlook will only further complicate the matter. Furthermore, the reform of any single security organization cannot occur without a simultaneous revision of how both government and average Canadians approach the issue of Canada’s national security. It’s time to stop blinding ourselves with individual security issues and tools (such as wiretapping and tasers) and move onto a wider assessment of the state of security in Canada.

Considering the RCMP reforms, and indeed any reforms around security in this country, is a bit like peeling back the layers of an onion. On the surface, especially to an uninformed observer, the reforms and the bodies created to oversee them appear solid, devoid of any funny smell. Ask a few questions, peel back the layers and soon enough your eyes are watering from a slight burning sensation and something starts to stink…

Posted in Wiretapping & Surveillance, Identity Management, Biometrics, Security Measures, North America, Politics | 1 Comment »

March 19 2008 by The Systemic Analyst.

Many Canadian news outlets are reporting on a U.S. study that suggests that red light cameras installed in some Toronto intersections are having an effect. The cameras, which take pictures of drivers going through red lights, are accredited with a decrease in fatalities. As a result of the cameras, the study also suggests, intersections under surveillance are also experiencing an upshot in collisions as drivers brake suddenly to avoid garnering a ticket. I think all of this is actually good news.

The decrease in fatalities and the increase in smaller collisions are part and parcel. It’s simply a matter of humans growing accustomed to a new approach, a new mode of conduct. It proves that cameras at intersections are a great deterrent for unlawful and dangerous driving (which is also the reason why many CCTV cameras in Britain, while proving wholly ineffectual at preventing other types of crime, are being redirected to catch bad drivers.)

The reason why collisions rates are so high, I would suspect, is due to the limited implementation of such cameras across the city. With only some 40 cameras being rotated about the city, many drivers are only reacting to the cameras as they are spotted. Given this effect, it wouldn’t be unreasonable to assume that should cameras be implemented on a permanent basis at every intersection in the city that the driving habits of Torontonian motorists could be altered for the better in the long-term.

CCTV cameras won’t necessarily increase security, but changing people’s habits through the use of cameras will.

Posted in Wiretapping & Surveillance, Security Measures, North America | No Comments »

March 18 2008 by The Systemic Analyst.

The Toronto Star has published an article that shows yet another facet of wiretapping - the impact the use of the tool has on the Ontario judicial system. It’s very encouraging that topics in security are finally receiving analysis from a variety of angles as opposed to the most prevalent ”security versus privacy” arguments which leave little room for solid assessment of measures. Of course, we still have a long way to go in, what should only be viewed as a necessary, rethinking of national security. 

For far too long national security has been a very hush-hush topic. Security was regarded as an area the law abiding public need not concern itself with, or so they were encouraged, and thus they left it to a handful of specialists chiefly from the law enforcement, intelligence and military communities. Questioning approaches to security was strongly discouraged among the ranks of those who were responsible for security and at times was utterly ignored when such concern arose from the public. This does not make for the best environment to encourage innovation that can take the concept of security into a new era.

We are, however, now at a potential national security crossroads. We could choose to stop the rush on a number of national security measures that only seek to enhance traditional approaches, thoroughly assess the usefulness of those approaches and take from them what we can in the development of new measures. Or, we could choose to continue down this path of stringing up cameras, issuing expensive hi-tech identity documents and opening up the gates to ever more wiretapping. The long-term implications of the latter are very grave.

Although few seem to realize it yet our current approaches to national security, far from having the intended effect of increasing stability, will actually lead to growing insecurity long-term. Taking a step back to consider the situation from a broader perspective this conclusion becomes apparent.

The closed in nature of the security community has not only stifled innovation, but it has also led to an “us versus them” perspective. This is a mindset that has caused a segment of the industry to feel that they are the law and are somehow separate and apart from the masses. Fortunately, the majority in the field do still have the best interest of the public at heart and work tirelessly to keep us safe. However, this brotherhood which develops as a result of the burden to protect also fosters a “we know what’s best” mentality that causes a sort of blindness in the leadership of the security industry. Thus, there is a tendency to push ahead almost bullishly measures that the security community believes appropriate, indeed, the only answer.

The public, on the other hand, readily accepts that those people who opt to put their lives on the line for the sake of the greater whole deserve respect. And rightly so. As a result, the public is happy to let the security industry decide for itself, quietly in back rooms, the future of security measures. Thus, with no questions asked enhancements to existing measures such as wiretapping or passports are accepted by the public. If the specialists tell us we need it, then we must. 

Unfortunately, we forget that those in the security profession are still humans. Despite the professional role assumed, humans (whether they be police officers, intelligence agents, soldiers or bureaucrats) are still susceptible to the same vices and sins as the average person. So, in the absence of demand from outside of the security sector, little to no proper analysis has been done on measures such as wiretapping or hi-tech identity documents that can prove that enhancements to existing approaches will, in fact, increase security. This, of course, will not stop the measure from being implemented.

Once something goes wrong, however, the public will suddenly be enraged. Demanding that the agency responsible be held accountable. Given the closed-mentality so characteristic of the security industry,  the response will be typical - cold and offended - how can you even ask, we slave to protect you! (If you think this exaggerated, consider the recent responses by some Canadian law enforcement agencies to taser incidents.) Rates of such response-reaction between the public and the security profession will only increase as the ineffectiveness of enhanced traditional approaches is revealed. Over time, the public will turn away from the security establishment with mistrust.

The impact on the state of security will be catastrophic. Despite the closed-in mentality of the security profession, success in the field is dependent on the symbiosis between law enforcement and a co-operative public.  It’s a relationship built on trust and respect - lose it and suddenly the security establishment will find itself wondering just who is it trying to protect? After all, humans are still animals with survival instincts. Should they feel that the system is not protecting them from real threats they will take matters into their own hands - and have done so very recently.

This isn’t our only option. As I mentioned earlier, we now sit at a crossroads where there is another direction open to us. We could open national security up to a wider debate, bringing in thinkers and experts from a variety of backgrounds to conduct assessments of individual existing measures as well as systemic analysis around security on which we can build strategic plans and measures. What better way to secure a society, than to have the society secure itself?

The choice is ours. 

Posted in Identity Management, Wiretapping & Surveillance, Biometrics, Security Measures, North America | 1 Comment »

March 18 2008 by The Systemic Analyst.

The following article by Julian Sanchez published in the LA Times is a wonderful piece documenting the many instance throughout U.S. history that wiretaps have been abused. The fact of the matter is so long as humans are behind security measures expect abuses. Human beings (or at least a good percentage of them) have weaknesses and are often tempted to act in less than proper ways. We have to begin to accept this as a fundamental truth (indeed, haven’t most religions been teaching people this?) and take a more realistic approach to how we understand security measures and view the people behind them.

As the battle over reforms to the Foreign Intelligence Surveillance Act rages in Congress, civil libertarians warn that legislation sought by the White House could enable spying on “ordinary Americans.” Others, like Sen. Orrin Hatch (R-Utah), counter that only those with an “irrational fear of government” believe that “our country’s intelligence analysts are more concerned with random innocent Americans than foreign terrorists overseas.”

But focusing on the privacy of the average Joe in this way obscures the deeper threat that warrantless wiretaps pose to a democratic society. Without meaningful oversight, presidents and intelligence agencies can — and repeatedly have — abused their surveillance authority to spy on political enemies and dissenters.

The original FISA law was passed in 1978 after a thorough congressional investigation headed by Sen. Frank Church (D-Idaho) revealed that for decades, intelligence analysts — and the presidents they served — had spied on the letters and phone conversations of union chiefs, civil rights leaders, journalists, antiwar activists, lobbyists, members of Congress, Supreme Court justices — even Eleanor Roosevelt and the Rev. Martin Luther King Jr. The Church Committee reports painstakingly documented how the information obtained was often “collected and disseminated in order to serve the purely political interests of an intelligence agency or the administration, and to influence social policy and political action.”

Political abuse of electronic surveillance goes back at least as far as the Teapot Dome scandal that roiled the Warren G. Harding administration in the early 1920s. When Atty. Gen. Harry Daugherty stood accused of shielding corrupt Cabinet officials, his friend FBI Director William Burns went after Sen. Burton Wheeler, the fiery Montana progressive who helped spearhead the investigation of the scandal. FBI agents tapped Wheeler’s phone, read his mail and broke into his office. Wheeler was indicted on trumped-up charges by a Montana grand jury, and though he was ultimately cleared, the FBI became more adept in later years at exploiting private information to blackmail or ruin troublesome public figures. (As New York Gov. Eliot Spitzer can attest, a single wiretap is all it takes to torpedo a political career.)

In 1945, Harry Truman had the FBI wiretap Thomas Corcoran, a member of Franklin D. Roosevelt’s “brain trust” whom Truman despised and whose influence he resented. Following the death of Chief Justice Harlan Stone the next year, the taps picked up Corcoran’s conversations about succession with Justice William O. Douglas. Six weeks later, having reviewed the FBI’s transcripts, Truman passed over Douglas and the other sitting justices to select Secretary of the Treasury (and poker buddy) Fred Vinson for the court’s top spot.

“Foreign intelligence” was often used as a pretext for gathering political intelligence. John F. Kennedy’s attorney general, brother Bobby, authorized wiretaps on lobbyists, Agriculture Department officials and even a congressman’s secretary in hopes of discovering whether the Dominican Republic was paying bribes to influence U.S. sugar policy. The nine-week investigation didn’t turn up evidence of money changing hands, but it did turn up plenty of useful information about the wrangling over the sugar quota in Congress — information that an FBI memo concluded “contributed heavily to the administration’s success” in passing its own preferred legislation.

In the FISA debate, Bush administration officials oppose any explicit rules against “reverse targeting” Americans in conversations with noncitizens, though they say they’d never do it.

But Lyndon Johnson found the tactic useful when he wanted to know what promises then-candidate Richard Nixon might be making to our allies in South Vietnam through confidant Anna Chenault. FBI officials worried that directly tapping Chenault would put the bureau “in a most untenable and embarrassing position,” so they recorded her conversations with her Vietnamese contacts.

Johnson famously heard recordings of King’s conversations and personal liaisons with various women. Less well known is that he received wiretap reports on King’s strategy conferences with other civil rights leaders, hoping to use the information to block their efforts to seat several Mississippi delegates at the 1964 Democratic National Convention. Johnson even complained that it was taking him “hours each night” to read the reports.

Few presidents were quite as brazen as Nixon, whom the Church Committee found had “authorized a program of wiretaps which produced for the White House purely political or personal information unrelated to national security.” They didn’t need to be, perhaps. Through programs such as the National Security Agency’s Operation Shamrock (1947 to 1975), which swept up international telegrams en masse, the government already had a vast store of data, and presidents could easily run “name checks” on opponents using these existing databases.

It’s probably true that ordinary citizens uninvolved in political activism have little reason to fear being spied on, just as most Americans seldom need to invoke their 1st Amendment right to freedom of speech. But we understand that the 1st Amendment serves a dual role: It protects the private right to speak your mind, but it serves an even more important structural function, ensuring open debate about matters of public importance. You might not care about that first function if you don’t plan to say anything controversial. But anyone who lives in a democracy, who is subject to its laws and affected by its policies, ought to care about the second.

Harvard University legal scholar William Stuntz has argued that the framers of the Constitution viewed the 4th Amendment as a mechanism for protecting political dissent. In England, agents of the crown had ransacked the homes of pamphleteers critical of the king — something the founders resolved that the American system would not countenance.

In that light, the security-versus-privacy framing of the contemporary FISA debate seems oddly incomplete. Your personal phone calls and e-mails may be of limited interest to the spymasters of Langley and Ft. Meade. But if you think an executive branch unchecked by courts won’t turn its “national security” surveillance powers to political ends — well, it would be a first.

Julian Sanchez is a Washington writer who studies privacy and surveillance.

Posted in Wiretapping & Surveillance, North America, Politics | No Comments »

March 17 2008 by The Systemic Analyst.

Social Technologies issued a news release last week offering its vision of the future of security involving the use of emerging technologies. While the analysis provided a clear and realistic picture of the direction in which the western world is headed in terms of national security, it (like most coverage on the subject matter) failed to dig deeper asking why we find ourselves in such a state of insecurity in the first place?

If an uniformed observer were to suddenly take up the topic of national security they might be surprised to find a limited discussion on something so important it could soon impact our every movement. He or she would undoubtedly find an extremely polarized argument with security buffs shouting “if only we could convince the masses that increased hi-tech surveillance is the only answer” on one side and the privacy advocates on the other screaming “Big Brother”. Thus, would the now confused observer be left with but two options - accept a future of ever-more minute surveillance in the name of stability or vehemently oppose the tightening grasp of a government that has already proved itself untrustworthy. Neither approach is very conducive in the long-term to maintaining whatever degree of security possible -  in fact, both will probably only make our fragile Western world more unstable.

The problem is this, although most Westerners seem complacent today and eagerly give up civil liberties in the name of security, they aren’t as unobservant as some would think. Should authorities continue to press for increased surveillance of the masses and not actually provide the heightened state of security promised, not only will those segments of society that are already criminal increase their unlawful activity, but prepare for those law abiding segments to take matters into their own hands, turning ever-more away from the law enforcement and government that seems now so desperate to secure its hold over the people. It’s a risky game the security profession now plays with stable society, failing to address the root causes of insecurity while layering on intrusive “security” measures that aren’t well thought out.

In the defence of my profession, which given the nature of many of the solutions now hyped (biometrics, new and improved CCTV systems, dragnet wiretapping etc) has been widely seen as the key conspiratorial implementer of George Orwell’s prophecies, national security is a new field full of wrinkles needing ironed out. The industry is full of stale thinking, and no wonder, the field is mostly comprised of former law enforcement and intelligence officers, defence-turned-security analysts and increasingly high-tech specialists. Those who profess some fundamental understanding of security were schooled exclusively in how to manage a situation or crime only after it has occurred. Those who were schooled in preventative measures tend to have tactics involving brute force, surveillance and psychological warfare applied mainly to enemy populations. And finally, those who develop the technology are driven by the market, producing tools that fit the needs of their clients not necessarily making solutions designed to actually increase security, but facilitate existing approaches. Given these limitations, the industry shouldn’t really be expected to come up with the proactive solutions we need that won’t threaten our way of life, which was once thought to be freedom.

The government, which had been widely believed to have the interest of the people at heart, fails to provide the objective analysis needed to prevent the implementation of poorly thought out national security measures. It’s difficult to take on such a role when those employed by the various departments responsible include the above security experts and a smattering of career-bureaucrats who are notoriously under-informed on core subject matter. Furthermore, as is the case with almost every government file, from foreign affairs to education to health care, there is a total lack of strategic and systemic analysis, meaning issues are only individually addressed without ever fully understanding how that problem fits into the greatly whole.

As a result, we have rapid uptake of hi-tech national identity documents without any solid analysis of how such an undertaking will effectively increase security. The security industry develops and endorses the idea, the government readily agrees and the people are told it’s a good thing, it will be more difficult for official documents to be forged. Meanwhile, it isn’t the forgery rate that truly threatens our security, it’s the possibility of terrorists crossing our borders (or so we are told). If terrorists are really as well organized as it is claimed, then certainly they will not risk entering a country with cheap, forged documents. Indeed, there are better ways to breach border security legitimately:

1. Find a domestic citizen who has no criminal background to carry out the attack;
2. Assume a deceased citizen’s identity, acquire the necessary supporting documents and apply for the official documents thereby living under an official identity illegitimately; or
3. Acquire a legitimate identity from a country sponsoring terrorism.

How fancy micro-chipped identity documents will answer any of the above threats, I don’t know. Do expect, however, increased wait times at border crossings as agents and travellers struggle to adopt the technology and suffer slow database verification speeds (that is to say, if the traveller is being checked against a wider system and not just against the document in hand). Be aware that automated kiosks that allow travellers to verify their own documents just made it that much easier for a nervous suspect to cross the border. And, perhaps 5 to 10 years down the road, anticipate a very angry public that after having bought into the costly national security measures now being implemented found themselves even more vulnerable to the threat of terrorism and other crime. Moreover, those angry mobs will have lost their faith in a system that continuously sold them empty promises.

Wouldn’t it just have been better to begin asking why we find ourselves with increasing stability in the first place? Why we are the target of terrorism? Or how the break down of families and communities might be contributing to increasing rates of crime? Or perhaps how our “correctional system” fails to correct criminal tendencies? Answering these, and many more, questions objectively (meaning outside of the government and beyond the reach of market influence) are far more likely the key to increasing security than cameras and biometrics.

Posted in Identity Management, Wiretapping & Surveillance, Biometrics, Security Measures, North America | No Comments »

March 10 2008 by The Systemic Analyst.

Is there a day that goes by where yet another useless “security” measure isn’t announced somewhere in the world? National biometric ID card schemes, unlimited dragnet wiretapping, CCTV cameras everywhere and anywhere - and to what avail? None of these measures will actually increase security. Traditional reactionary approaches can barely keep up with apprehending criminals after the fact, how can they be expected to prevent crime and terrorism simply because the measure is expanded or put into more widespread use? Whatever happened to the idea of quality over quantity, anyway? There must be some global department whose sole responsibilities it is to develop useless measures and brand them as “security”.

Clearly, the TTC has access to its recommendation as the commission recently announced its plans to implement 10,000 cameras in trains, streetcars and buses across the city in addition to the existing 1,500 at a cost of $21 million. Apparently, the system will not be monitored and, assures TTC chairman Adam Giambrone, only the police will have access to the footage. 

So, what’s the point of the system?

If the system is to act as a deterrent, as in the little signs posted near the camera telling people “you’re on camera” cause would-be criminals to rethink their actions, then expect only rebellious suburban teens to be deterred. As a result, the drop in crime rate due to the use of these cameras will be negligible, at best. Psychopaths, pathological criminals, drunks and terrorists won’t care about the cameras, only “normal” people who carefully consider odds and consequences will find themselves unnerved by the constant watch.

Besides, with no one there to actually apprehend criminals (and apparently no one manning the cameras), how useful is the system even after the fact? In terms of solving crimes, CCTV cameras have proven to be very ineffective as upwards of 80% of the images are of such poor quality that accurate identification cannot be made. Rendering the system considerably ineffective.

Of course, if the headlines are any indication CCTV does offer something - unlimited fulfillment of human fascinations with brutality, murder and sex. Just think, Toronto too will now be able to offer headlines of the latest act of public sex or murder caught on camera with its 72 million hours of CCTV footage taped a year! Seen in that light, it’s no wonder why Giambrone told the Toronto Star ”It would be unusual if only Toronto were segregated when every major city with a transit authority has a surveillance system.” Who wants to miss out on that blockbuster opportunity?

As a security analyst, however, I’d appreciate it if those implementing systems like CCTV would start labelling them more appropriately, as sensationalist measures, for example. All of these attempts to push measures through under the very serious guise of security is giving our profession a bad name.  

Posted in Identity Management, Wiretapping & Surveillance, Biometrics, North America | No Comments »

March 4 2008 by The Systemic Analyst.

The Jerusalem Post has reported that Israel is considering new legislation to restrict the use of wiretapping as an investigative tool.  Among some of the ideas currently being considered by the Parliamentary Inquiry Committee on Wiretapping are compelling ”the police to report to the court that approved a wiretapping at the end of its investigation,” restricting surveillance to only those conversations of a target relevant to the investigation and appointing a commissioner to oversee the entire practice of wiretapping.

Israel, like every other country tackling the issue of wiretapping, should consider implementing some sort of mechanism that would ensure long-term oversight and review of the measure. It’s always remarkable to find out how little analysis there is of data surrounding the use and success rates of wiretapping that could indicate the effectiveness of the tool. We certainly don’t have such statistics in Canada.

According to the article “Israeli courts approve about 1,200 wiretaps a year, compared to 1,800 in all of the United States. The authorities made 1,255 requests for wiretapping permits to the courts in 2006. The courts turned down seven.” 

Posted in Wiretapping & Surveillance, Middle East | No Comments »

January 11 2008 by The Systemic Analyst.

Yikes! The supposed world champion of democracy and freedoms has been given Code Black status by Privacy International, meaning, the U.S. is now an ‘endemic’ surveillance society.

The status of the U.S. is marked as deteriorating worsening from last year’s Code Pink status as an extensive surveillance society to a Code Black. The U.S. can now count itself among a list of seasoned Code Black nations such as China, Malaysia, Singapore, Russia and the U.K. Other countries in a state of deterioration into endemic surveillance societies are Taiwan and Thailand.

Of the reasons why the U.S. has been designated such status, Privacy International sites the following:

• No right to privacy in constitution, though search and seizure protections exist in 4th Amendment; case law on government searches has considered new technology

• No comprehensive privacy law, many sectoral laws; though tort of privacy

• FTC continues to give inadequate attention to privacy issues, though issued self-regulating privacy guidelines on advertising in 2007

• State-level data breach legislation has proven to be useful in identifying faults in security

• REAL-ID and biometric identification programs continue to spread without adequate oversight, research, and funding structures

• Extensive data-sharing programs across federal government and with private sector

• Spreading use of CCTV

• Congress approved presidential program of spying on foreign communications over U.S. networks, e.g. Gmail, Hotmail, etc.; and now considering immunity for telephone companies, while government claims secrecy, thus barring any legal action

• No data retention law as yet, but equally no data protection law

• World leader in border surveillance, mandating trans-border data flows

• Weak protections of financial and medical privacy; plans spread for ‘rings of steel’ around cities to monitor movements of individuals

• Democratic safeguards tend to be strong but new Congress and political dynamics show that immigration and terrorism continue to leave politicians scared and without principle

• Lack of action on data breach legislation on the federal level while REAL-ID is still compelled upon states has shown that states can make informed decisions

• Recent news regarding FBI biometric database raises particular concerns as this could lead to the largest database of biometrics around the world that is not protected by strong privacy law

Posted in Wiretapping & Surveillance, Security Measures, North America | No Comments »

January 10 2008 by The Systemic Analyst.

Here is a mildly entertaining piece of news from AP: “

“Telephone companies have cut off FBI wiretaps used to eavesdrop on suspected criminals because of the bureau’s repeated failures to pay phone bills on time.

A Justice Department audit released Thursday blamed the lost connections on the FBI’s lax oversight of money used in undercover investigations.In one office alone, unpaid costs for wiretaps from one phone company totaled $66,000.

In at least one case, a wiretap used in a Foreign Intelligence Surveillance Act investigation “was halted due to untimely payment,” the audit found. FISA wiretaps are used in the government’s most sensitive and secretive criminal and intelligence investigations, and allow eavesdropping on suspected terrorists or spies.” Click here for more.

Posted in Wiretapping & Surveillance, North America | No Comments »