At the National Sheriffs’ Association Conference in Washington last week, Homeland Security Secretary Janet Napolitano noted that riders on the DC Metro system can hear her voice repeatedly promoting her department’s “If You See Something, Say Something” terrorism hotline campaign. “That’s a scary thought,” she suggested.

Even scarier to me is the campaign itself.

It was begun in New York City where it generated 8,999 calls in 2006 and more than 13,473 in 2007. Although the usual approach of the media is to report about such measures uncritically, one New York Times reporter at the time did have the temerity to ask how many of these tips had actually led to a terrorism arrest. The answer, it turned out, was zero.

That continues to be the case, it appears: none of the much-publicized terrorism arrests in New York since that time has been impelled by a “If You See Something, Say Something” tip.

This experience could be taken to suggest that the tipster campaign has been something of a failure. Or perhaps it suggests there isn’t all that much out there to be found. Undeterred by such dark possibilities, however, the campaign continues, and the number of calls in New York skyrocketed to 27,127 in 2008 before settling down a bit to a mere 16,191 in 2009.

For its part, the FBI celebrated the receipt of its 2 millionth tip from the public, up to a third of them concerning terrorism, in August 2008. There seems to be no public information on whether the terrorism tips proved more useful than those supplied to the New York City police. However, an examination of all known terrorism cases since 9/11 that have targeted the United States suggests that the “If You See Something, Say Something” campaign has never been relevant.

It turns out that New York has received a trademark on its snappy slogan, something Napolitano’s DHS dutifully acknowledges on its relevant website when it refers to its public awareness campaign as: “If You See Something, Say Something&™.” (Nowhere on the website, by the way, does the Department bother to tally either the number of calls it receives or the number of terrorism arrests the hotline has led to.)

New York has been willing to grant permission for the slogan to be used by organizations like DHS, but sometimes it has refused permission because, according to a spokesman, “The intent of the slogan is to focus on terrorism activity, not crime, and we felt that use in other spheres would water down its effectiveness.” Since it appears that the slogan has been completely ineffective at dealing with its supposed focus—terrorism—any watering down would appear, not to put too fine a point on it, to be impossible.

Meanwhile, in New York alone $2 million to $3 million each year (much of it coming from grants from the federal government) continues to be paid out to promote and publicize the hotline.

But that’s hardly the full price of the program. As Mark Stewart and I have noted in our Terror, Security, and Money, processing the tips can be costly because, as the FBI’s special counsel puts it, “Any terrorism lead has to be followed up. That means, on a practical level, that things that 10 years ago might just have been ignored now have to be followed up.” Says the assistant section chief for the FBI’s National Threat Center portentously, “It’s the one that you don’t take seriously that becomes the 9/11.”

It might seem obvious that any value of the “If You See Something, Say Something™” campaign needs to be weighted against the rather significant attendant costs of sorting through the haystack of tips it generates. Of course, the campaign might fail a cost-benefit analysis because it is expensive and seems to have generated no benefit (except perhaps for bolstering support for homeland security spending by continually reminding an edgy public that terrorism might still be out there).

This grim possibility may be why, as far as I can see, no one has ever carried out such a study and that the prospect of doing one has probably never crossed the minds of sloganeer Napolitano or of the rapt sheriffs in her audience.

Now that’s a scary thought.

Cross-posted from the Skeptics at the National Interest.

A Scary Thought: Do We Really Need “If You See Something, Say Something?” is a post from Cato @ Liberty - Cato Institute Blog

Rep. Robert Aderholt (R-AL) is the chairman of the House Appropriations Subcommittee on Homeland Security. That’s the subcommittee that makes spending decisions for the Department of Homeland Security and the programs within it, including the REAL ID Act.

Earlier this month, a constituent of his from Fyffe, Alabama posted a question on Mr. Aderholt’s Facebook page:

Rep. Aderholt, I’ve seen reports that the “REAL ID ACT” will be implemented in May of this year, giving the govt the ability to track every person who has a drivers license via encoded GPS. Is this actually the case and if so, what is the House going to do to stop this Orwellian infringement of our Liberty. Also, HOW could this have happened in the first place!

Mr. Aderholt has not replied.

But Right Side News recently reported on a hearing in which DHS Secretary Janet Napolitano presented her agency’s budget request. The DHS has not requested funds for implementing REAL ID. But according to the report, Chairman Aderholt “pointedly reminded” the committee of the need for funding of REAL ID.

It is good of Representative Aderholt to give his constituents a means to contact him and to invite public discussion of the issues. It’s an open question whether he will listen more closely to the voice of his constituents or to influences in Washington, D.C. who would like to see law-abiding American citizens herded into a national ID system.

Does Rep. Aderholt Support or Oppose Having a National ID? is a post from Cato @ Liberty - Cato Institute Blog

The zeitgeist on Capitol Hill in Washington, D.C. may be for limited, constitutional government, but that doesn’t mean that big-government conservatives aren’t going to use the reprieve voters gave Republicans in the fall to once again advance big-government goals. On Monday, House Judiciary Committee Chairman Lamar Smith (R-Texas), Homeland Security Committee Chairman Peter King (R-N.Y.) and Crime, Terrorism, and Homeland Security Subcommittee Chairman James Sensenbrenner (R-Wisc.) sent a letter to Department of Homeland Security Secretary Janet Napolitano encouraging her to fully implement our national ID law, the REAL ID Act of 2005.

The deadline for state implementation of the national ID law lapsed nearly three years ago. Half the states in the country have affirmatively barred themselves from implementing REAL ID or they have passed resolutions objecting to the national ID law. But the Department of Homeland Security has repeatedly extended the deadline and reduced the compliance bar to suggest progress on the flagging national ID effort. With another faux implementation deadline looming in May, the DHS is almost certain to issue a blanket extension of the compliance deadline again soon.

Smith, King, and Sensenbrenner don’t want that to happen. They cite the arrest of Khalid Aldawsari in Texas as a reason for “immediate implementation of REAL ID.” 

According to the government’s affidavit, Aldawsari planned to acquire a false birth certificate and multiple false drivers licenses, assumedly to assist in his getaway after executing his formative bombing plans. But if you read the affidavit, you can see just how remote and speculative his use of any false identification is compared to the real acts that go into his plans. You can also see the web of identifiers that law enforcement use to effectively track and surveil their targets, including phone numbers, license plates, physical addresses, immigration records, email addresses, and Internet Protocol addresses. Aldawsari was nowhere near slipping through the net, and having a false driver’s license would have made no difference after a North Carolina chemical supply company reported to the FBI his suspicious attempt to purchase the chemical phenol. Nor would false identification have made a difference had he succeeded in an attack of any significance.

Having a national ID is the fantastical way of addressing the fantastical part of Aldawsari’s alleged plot. Thankfully, the real plot was disrupted using real law enforcement techniques, which include the reporting of suspicious behavior and narrowly targeted, lawful surveillance.

Terror Arrest Does Not Justify REAL ID Revival is a post from Cato @ Liberty - Cato Institute Blog

The holiday travel season this year revealed some of the real defects in the Transportation Security Administration’s new policy of subjecting select travelers to the “option” of going through airport strip-search machines or being subjected to an intrusive pat-down more akin to a groping. Anecdotes continue to come forth, including the recent story of a rape victim who was arrested at an airport in Austin, TX after refusing to let a TSA agent feel her breasts.

Meanwhile, the Department of Homeland Security is working on the “next big thing”: body-scanning everywhere. This “privacy impact assessment” from DHS’s Science and Technology Directorate details a plan to use millimeter wave—a technology in strip-search machines—along with other techniques, to examine people from a distance, not just at the airport but anywhere DHS wants.

With time to observe TSA procedures this holiday season, I’ve noticed that it takes a very long time to get people through strip-search machines. In Milwaukee, the machines were cordoned off and out of use the Monday after Christmas Day because they needed to get people through. Watch for privacy concerns and sheer inefficiency to join up when TSA pushes forward with universal strip/grope requirements.

And the issue looks poised to grow in the new year. Republican ascendancy in the House coincides with their increasing agitation about this government security excess.

I’ll be speaking at an event next Thursday, January 6th, called ”The Stripping of Freedom: A Careful Scan of TSA Security Procedures.” It’s hosted by the Electronic Privacy Information Center (EPIC) at the Carnegie Institute for Science in Washington, DC.

EPIC recently wrote a letter asking Homeland Security Secretary Janet Napolitano to task the DHS Privacy Committee (or “DPIAC,” on which I serve) with studying the impact of the body scanner program on individuals’ constitutional and statutory rights:

The TSA’s deployment of body scanners as the primary screening technique in American airports has raised widespread public concerns about the protection of privacy. It is difficult to imagine that there is a higher priority issue for the DPIAC in 2011 than a comprehensive review of the TSA airport body scanner program.

Will the Secretary ask her expert panel for a thorough documented review? Wait and see.

Whatever happens there, privacy concerns with DHS programs will be big in 2011.

Prediction: DHS Programs Will Create Privacy Concerns in 2011 is a post from Cato @ Liberty - Cato Institute Blog

In a humbly-toned USA Today opinion piece yesterday, Secretary of Homeland Security Janet Napolitano asked for the public’s cooperation with airline security measures the Transportation Security Administration has recently implemented. The TSA has come up with an invasive pairing: ”Advanced Imaging Technology,” also known as “strip-search machines” and, for those refusing, “enhanced” pat-downs which explore areas of the body typically reserved for one’s spouse or doctor.

Anecdotal reports suggest that the machines are being used to ogle women, and we are seeing disturbing images and videos of children being handled by strangers online. The public is increasingly agitated by the TSA’s latest amendment to the air travel ordeal, and a “National Opt-Out Day” is slated for next Wednesday, the biggest travel day of the year.

Twice, Secretary Napolitano notes that these measures are “risk-based” or “driven by . . . risk.” But has the Department of Homeland Security conducted the necessary risk management studies to validate these programs? A March 2010 Government Accountability Office report says:

[I]t remains unclear whether the AIT would have detected the weapon used in the December 2009 incident based on the preliminary information GAO has received. . . . In October 2009, GAO also recommended that TSA complete cost-benefit analyses for new passenger screening technologies. While TSA conducted a life-cycle cost estimate and an alternatives analysis for the AIT, it reported that it has not conducted a cost-benefit analysis of the original deployment strategy or the revised AIT deployment strategy, which proposes a more than twofold increase in the number of machines to be procured.

I’ve seen no documentation that the strip-search machines, the invasive pat-downs, or their combination have been subjected to any thorough risk analysis. The DHS has mouthed risk terminology for years now, but evidence is scant that it has ever subjected itself to such rigor.

Risk Management

A formal risk management effort will generally begin with an examination of the thing or process being protected. This is often called “asset characterization.” In airline security, the goal is fairly simple: ensuring that air passengers arrive safely at their destinations. Specifically, ensuring that nobody successfully brings down a plane.

The next step in risk management is to identify and assess risks, often called “risk characterization” or “risk assessment.” The vocabulary of risk assessment is not settled, but there are a few key concepts that go into it:

• Vulnerability is weakness or exposure that could prevent an objective from being reached. Vulnerabilities are common, and having a vulnerability does not damn an enterprise. The importance of vulnerabilities depend on other factors.
• Threat is some kind of actor or entity that might prevent an objective from being reached. When the threat is a conscious actor, we say that it “exploits” a vulnerability. When the threat is some environmental or physical force, it is often called a “hazard.” As with vulnerability, the existence of a threat is not significant in and of itself. A threat’s importance and contribution to risk turns on a number of factors.
• Likelihood is the chance that a vulnerability left open to a threat will materialize as an unwanted event or development that frustrates the safety, soundness, or security objective. Knowing the likelihood that a threat will materialize is part of what allows risk managers to apportion their responses.
• Consequence is the significance of loss or impediment to objectives should the threat materialize. Consequences can range from very low to very high. As with likelihood, gauging consequence allows risk managers to focus on the most significant risks.

Analyzing vulnerabilities and threats permits risk managers to make rough calculations about likelihood and consequence. This process will float the most significant risks to the surface. Though these factors are often difficult to measure, a simple formula guides risk assessment:

Likelihood x Consequence = Risk

Events with a high likelihood and consequence should be addressed first, and with the most assets. Those are the highest risks.

The most common error I see in risk management is the propensity to attack vulnerabilities rather than risks. A bomber’s attempt to take down a plane by concealing explosives in his undergarments last year exposed a vulnerability. It is possible to sneak a small quantity of explosive through conventional security systems, though not necessarily the needed detonator and not necessarily enough explosive material to take down a plane.

But this says nothing about the likelihood of this happening again—or of being successful. In hundreds of millions of enplanements each year, this attack has manifested itself once. And it failed. The TSA effort is going after a vulnerability—of that there is no doubt—but it is arguable whether or not it is addressing a significant risk.

After risk assessment, the next step in risk management is choosing responses.

Though the concepts and terminology are not settled in this area either, there are four general ways to respond to risk:

• Acceptance – Acceptance of a threat is a rational alternative that is often chosen when the threat has low probability, low consequence, or both.
• Prevention – Prevention is the alteration of the target or its circumstances to diminish the risk of the bad thing happening.
• Interdiction – Interdiction is any confrontation with, or influence exerted on, a threat to eliminate or limit its movement toward causing harm.
• Mitigation – Mitigation is preparation so that, in the event of the bad thing happening, its consequences are reduced.

In its operation, the strip-search/grope combo is an interdiction against any who may try to carry dangerous articles on planes. As to the air transportation system, it might also be conceived of as a preventive measure.

The next analytical lens to look through is benefit-cost analysis, or trade-offs. The goal is to allay risk in a cost-effective way, spending the least amount of money, and incurring the least costs overall, per unit of benefit.

Security Benefits

Security systems involve difficult and complex balancing among many different interests and values. The easiest, by far, is comparing the dollar costs of security measures against the dollar benefits. This is analysis that GAO says the TSA has not done.

But if it were done, on the benefit side of the equation, you have that it reveals most articles a person might try to sneak onto a plane. There are at least two important limitations on the benefit. First, there is an open question as to whether the strip-search machine would successfully detect lower-density material like the explosive PETN. If it doesn’t, it’s utility against underpants bombing relies on potential attackers’ ignorance of that to deter their attempts. Second, the benefit of the strip-search/grope is not what it achieves from a basline of zero, but the marginal security improvement in provides over alternatives like the status quo magnetometer and random pat-downs.

How do you reduce security benefit to something measurable? It’s difficult, but I’ve been mulling a methodology for valuing security against rare attacks in which you assume a motivated attacker that would eventually succeed. By approximating the amount of damage the attack might do and how long it would take to defeat the security measure, one can roughly estimate its value.

Say, for example, that a particular attack might cause one million dollars in damage. Delaying it for a year is worth $50,000 at a 5% interest rate. Delaying for a month an attack that would cause $10 billion in damage is worth about $42 million. It is best to assume that any major attack will happen only once, as it will produce responses that prevent it happening twice. (The 9/11 “commandeering” attack on air travel is an instructive example. By late morning on September 11, 2001, passengers and crew recognized that cooperation with hijackers contributed to the deadliness of attacks rather than saving their lives. They spontaneously changed the security practice to meet the new threat, and the 9/11 attacks permanently changed the posture of air passengers toward hijackers, along with hardened cockpit doors bringing the chance of another commandeering attack on air travel very close to nil.)

Of course, one must consider “risk transfer.” That’s the shifting of risks from one target to another—say, from planes to buildings. (An organization like the Department of Homeland Security would regard this as lowering the benefit of a security measure, while an airline would be indifferent to it—unless it owned the building…) There is also the creation of new risks, such as the possible health effects of the strip-search machines. Which brings us to the cost side of the ledger….

Costs

On the cost side of the ledger, the easy stuff to measure includes the hundreds of millions or billions of dollars that must be spent on strip-search machines themselves. As much or more money will be spent on an ongoing basis to operate the machines. My observation is that it takes three people to operate one strip-search machine: a guide, an analyst to review the image, and a person to do the secondary pat-down which occurs regularly (though it would occur less over time). On a nationwide scale, this is hundreds of millions of dollars per year spent on TSA employees.

The value of travelers’ time is also important. This hasn’t received much discussion, but as more and more strip-search machines come into use, there will be more discussion of how much time they consume compared to magnetometers.

Reviewing tape of TSA checkpoints reveals that passing through the machines takes at least seven seconds per passenger. Variations in the time it takes to traverse the security checkpoint require all travelers to increase the amount of time they spend at the airport as a cushion against the risk of missing flights, which can cost many hours per incident. If each of 350 million trips in a year results in an additional minute at the airport to accommodate the vagaries of the strip/grope, five to six million person hours at the airport will be wasted, a cost of $145 million per year if we value travelers’ time at  $25 per hour.

It is more difficult is to balance interests like privacy and dignity against security benefits. A CBS News poll released yesterday says that four out of five Americans support the use of “‘full-body’ digital x-ray machines to electronically screen passengers.”

It’s an antiseptic description that strangely emphasizes computing. (X-rays are neither digital nor electronic, though the data the x-ray machines collect is digital and its processing is done with electronics.) The question doesn’t capture people’s feelings about images of their own denuded bodies being observed by a government official as a condition of travel. And, of course, it doesn’t capture feelings about the intimate pat-down alternative.

The amount of public reporting and discussion suggests that public opinion is not solidly on the side of the strip/grope. A hearing in the Senate tomorrow is also evidence that the security procedures do not comport with the American people’s rough judgment that the costs of these security measures are justified by their benefits.

My own view is that the strip/grope is security excess. If I had my way, I would choose the airlines and airports that do not go to this extreme. I do not get to have my way, and neither do you if you prefer a different security/privacy mix, because we all must use the same security system. That’s why I wrote five years ago that the TSA should be abolished and responsibility for security restored to airlines and airports. Their experimentation could blend security with privacy, convenience, and comfort, improving the travel experience overall while restoring liberty to American travelers.

‘Strip-or-Grope’ vs. Risk Management is a post from Cato @ Liberty - Cato Institute Blog

This week, Secretary of Homeland Security Janet Napolitano is pressing countries around the world to use “strip-search machines,” low-power x-ray and radio wave scanning devices that reveal what is underneath travelers’ clothes. The machines provide a small margin of security at a high risk to privacy.

And those privacy risks are manifesting themselves overseas. On AllAfrica.com, news service This Day reports on how strip-search machines have been used to peep at travelers as nudes in Lagos, Nigeria:

[D]uring off-peak periods, the aviation security officials, who are trained on the use of the scanners, usually stroll from the cubicle located in a hidden corner on the right side of the screening area where the 3D full-body scanner monitors are located. They do so to catch a glimpse of some of the passengers entering the machine and immediately go back to view the naked images, in order to match the faces with the images since the faces are blurred on the monitors while passengers are inside the machine.

The report notes that one of the “conventional scanners”—a magnetometer, most likely—was put out of service to corral people into the strip-search machine.

Italy has abandoned strip-search machines after a six-month test, due both to privacy issues and “because they are slow.” This is the sleeper issue that may soon wake as more machines show up in our airports: Strip-search machines take a very long time compared to magnetometers.

There are more than half a billion enplanements in the United States each year. If each traveler is delayed by 10 seconds, strip-search machines would waste nearly 1.4 million hours of Americans’ time directly—much more if you include the schedule-padding that all fliers would have to practice to avert strip-search machine delays.

The margin of security provided by these machines is small. In an interview on Fox’s local affiliate in D.C. last night, I said, “If we go down the strip-search machine route, there’s going to be more methods of concealment, and we certainly don’t want the TSA looking there.”

Hopefully, my poor grammar distracts you from the full import of that line.

Strip-Search Machines on the International Scene is a post from Cato @ Liberty - Cato Institute Blog

President Obama spoke this morning at American University on the need for comprehensive immigration reform. The president deserves credit for turning his attention to a thorny problem that desperately needs action from Congress, but the speech failed to hit at least one important note.

While the president called for comprehensive reform, he neglected to advocate the expansion of legal immigration in the future through a temporary or guest worker program for low-skilled immigrants. Even his own Secretary of Homeland Security, Janet Napolitano, has said such a program is the necessary “third leg” of immigration reform, the other two being legalization of undocumented workers already here and vigorous enforcement against those still operating outside the system.

As I’ve pointed out plenty of times, without accommodation for the ongoing labor needs of our country, any reform would repeat the failures of the past. In 1986, Congress passed the Immigration Reform and Control Act, which legalized 2.7 million workers already here illegally, while beefing up enforcement. But without a new visa program to allow more low-skilled workers to enter legally in future years, illegal immigration just began to climb again to where, two decades later, we are trying once again to solve the same problem.

On the plus side, President Obama reminded his audience of the important role immigrants play in our open and dynamic country. And he rightly linked immigration reform to securing our borders:

“[T]here are those who argue that we should not move forward with any other elements of reform until we have fully sealed our borders. But our borders are just too vast for us to be able to solve the problem only with fences and border patrols. It won’t work. Our borders will not be secure as long as our limited resources are devoted to not only stopping gangs and potential terrorists, but also the hundreds of thousands who attempt to cross each year simply to find work.

Unfortunately, given the political climate in Washington, an election looming only four months away, and the president’s unwillingness to press for an essential element of successful reform, the illegal immigration problem will still be on the agenda when a new Congress comes to town in 2011.

President Obama’s Incomplete Speech on Immigration is a post from Cato @ Liberty - Cato Institute Blog

The Drudge Report’s provocative banner this afternoon combines with other news to suggest a homeland security trend: sneakin’ a peek.

The other story is the question whether the nominee to head the Transportation Security Admnistration violated federal privacy laws as an FBI agent, then omitted key information in reporting it to Congress. Robert O’Harrow of the Washington Post (returning to the privacy beat!) reports that Erroll Southers, a former FBI agent, made inconsistent statements to Congress about wrongly accessing confidential criminal records about his estranged wife’s new boyfriend. (More here.)

That was 20 years ago. Being fully transparent about it today would almost certainly have prevented it from being disqualifying. But over the last 20 years, data collection has grown massively, and federal access to personal data has grown — including access by the TSA. Data about the appearance of your naked body may be on the very near horizon.

Southers’ problem with sneaking a peek at confidential records — and whatever cover-up or oversight in his reporting of it to Congress — signal precisely the wrong thing at a time when people rightly want their security not to be the undoing of privacy.

The Department of Sneak-a-Peek is a post from Cato @ Liberty - Cato Institute Blog

In a speech this morning in Washington, Homeland Security Secretary Janet Napolitano said the Obama administration remains committed to enacting real immigration reform. In a key passage in her remarks, she said reform must contain three essential components:

Let me be clear: when I talk about “immigration reform,” I’m referring to what I call the “three-legged stool” that includes a commitment to serious and effective enforcement, improved legal flows for families and workers, and a firm but fair way to deal with those who are already here. That’s the way that this problem has to be solved, because we need all three aspects to build a successful system.

The phrase “improved legal flows” is rather vague, but it points toward some kind of expanded visa program to allow future workers to enter the country legally. Our current immigration system offers no legal channel for anywhere near a sufficient number of foreign-born workers to enter the country legally to fill the lower-skilled jobs our economy creates in times of normal growth.

I’ve made the argument for expanded legal immigration in a recent op-ed, and in a Free Trade Bulletin when the Senate last debated reform in 2007.

After a promising start, Secretary Napolitano spent most of the rest of her speech touting how much has been done on the enforcement side, and almost nothing about how we can expand opportunities in the future for legal immigration as an alternative to illegal immigration.

Without that crucial third leg, Congress will just be repeating the two-legged failure of the 1986 Immigration Reform and Control Act.

The Missing Leg of Immigration Reform is a post from Cato @ Liberty - Cato Institute Blog

The Senate Homeland Security and Governmental Affairs Committee held a hearing yesterday on the REAL ID Act and the REAL ID revival bill, known as PASS ID. I attended and want to share with you some highlights.

Good News!

Little good came from the hearing, as it was primarily focused on how to get the states and people to accept a national ID. But there is some good news.

First, Department of Homeland Security Secretary Janet Napolitano declared REAL ID dead (much as I did in my testimony two-plus years ago). “DOA” is how she referred to it.

She also said that no state will be in compliance with REAL ID by the current December 31, 2009 deadline. This is important because a lot of people think that states doing anything about the security of drivers’ licenses and ID cards are complying with REAL ID.

Another highlight was the commentary of Senator Roland Burris (D-IL). He is a beleaguered outsider to the Senate and evidently wasn’t coached on the talking points around REAL ID and PASS ID. So he flat out asked why we shouldn’t just have “a national ID.”

Senator Susan Collins’ (R-ME) nervous smile was particularly noticeable when Burris asked why the emperor had no clothes. No one was supposed to talk about national IDs at this hearing! But that’s what PASS ID is.

REAL ID and PASS ID are two versions of the same national ID system, and nobody is denying it. That’s good news because the effort to rebrand REAL ID through PASS ID has failed.

A Fake Crisis

Some other issue-framing is worth pointing out. Chairman Lieberman and Secretary Napolitano took pains to point out the importance of acting on PASS ID soon, claiming that the TSA would have to seriously inconvenience travelers with secondary searches at the end of the year if nothing was done.

But this is the same “crisis” that the DHS navigated a little over a year ago. States across the country were refusing to implement REAL ID. The DHS Secretary rattled his saber about inconveniencing travelers. And the DHS Secretary ended up giving all states a deadline extension. Secretary Napolitano will do the same thing if PASS ID fails – saber-rattling included. There is no crisis.

Vermont Governor Jim Douglas Supports a National ID

As I noted above, PASS ID is a national ID, just like REAL ID.

By testifying in support of PASS ID, Vermont governor Jim Douglas (R) put himself on record as supporting a U.S. national ID. He can pretend it’s not a national ID, of course, and he did his best to paper over the issue when Senator Burris asked about it. But Governor Douglas supports a national ID.

There was a time when Republicans stood for resisting federal incursions on state power. In the 104th Congress, the Senate Judiciary Committee had a subcommittee that focused on federalism and the preservation of state power (the Subcommittee on the Constitution, Federalism, and Property Rights). But the National Governors Association, with Douglas at the helm, is now in the process of negotiating the sale of state power over driver licensing and identification policy to the federal government.

Rampant Security Ignorance

The reason why he supports this national ID law, Governor Douglas said, is that he, like every governor, “is a security governor.”

With so many Senators and panelists conjuring security and the 9/11 Commission report, it would be a delight if someone actually examined the security benefits of a national ID. The information is there for them. Again, my testimony to the committee two years ago supplied at least some. Then, I said, “Implementation of REAL ID would impose more costs on our society than it would provide in security or other benefits,” and I articulated how and why a national ID fails to secure.

But Senator Lieberman said he “assumes” REAL ID provides national security benefits. Assumes? He and his staff apparently haven’t familiarized themselves with the level of national security that a national ID would create, taking into account the counterattacks and complications of such a system.

Five years after the vaunted 9/11 Commission report – and the three-quarters of a page it devoted to identity security – Senator Lieberman, the chairman of a committee dealing with domestic security, has yet to look into the merits.

In case Senator Lieberman needs some help . . .

I’m So Sick of the 9/11 Commission Report!

Speaking of the 9/11 Commission, it has been five years since that report came out, and people continue to parrot the line that REAL ID was a “key 9/11 Commission recommendation.”

The 9/11 Commission dedicated three-quarters of a page to the question of identity security, out of 400+ substantive pages. Its entire treatment of the subject is on page 390.

The 9/11 Commission did not articulate how a national ID system would defeat future terror attacks. It did not even articulate how a national ID would have defeated the 9/11 attacks had it been in place. A minor shift in behavior by the 9/11 attackers, such as using their passports to board planes, would have defeated REAL ID and PASS ID, were we somehow allowed “do-overs.”

We are not allowed “do-overs,” and the problem we face is not 9/11, but securing against current and future threats – including people who might shift their behavior in light of security measures we take.

These shifts in behavior might include taking a few extra steps to get the documentation they need, for access to the country or targets. These shifts in behavior might include attacking targets that do not require documentation. Identity-based security is a Maginot Line.

The 9/11 Commission report was written at a time when little research on identity-based security had been done. It was written by fallible humans who knew little about identity-based security, and who got it wrong. The report is not a religious text.

The report did say something important, though: “For terrorists, travel documents are as important as weapons”! (page 384) It’s a terrific turn of phrase because it shuts down the logic centers in the brain – eek, terrorists! – and ends the discussion.

The “travel documents” the report was talking about, though, were passports and visas, not drivers’ licenses and birth certificates – the things foreign terrorists use to get into the country. If we’re going to turn the driver’s license into an internal passport – and TSA checkpoints are the beginning of such a policy – then perhaps these are travel documents. Just, please, Secretary Napolitano, train your TSA agents to not say, “Your papers, please.”

Even as to international travel documents, though, the 9/11 Commission got it wrong. Weapons are the only things as important as weapons. And the 9/11 terrorists didn’t actually use weapons any more substantial than box cutters. They “weaponized” a non-weapon. (Security is complicated, you see.)

Denying terrorists travel documents, drivers’ licenses, and IDs simply presents them some inconveniences – such as using people with no record of terrorism. Seventeen of nineteen 9/11 attackers were unknown to U.S. officials as threats, so it’s obviously not that much of an inconvenience.

Evading identity-based security is so easy. People do it all the time. And it won’t stop under anyone’s version of a national ID. But the 9/11 Commission said . . . !

Something New to Worry About

Much of the national ID battle happens at the federal level with these national ID laws, of course, but it’s important to realize that federal officials, state officials, companies, and non-profit groups are working to knit together a cradle-to-grave national ID system no matter what happens with REAL ID and PASS ID.

Here’s one worth highlighting: Thirteen states apparently are already scanning, or have scanned, their birth certificates into databases for use in the national ID system. The effort is being led by the National Association for Public Health Statistics and Information Systems in Silver Spring, Maryland. This group will undoubtedly have access to your private health information should federal e-health records be implemented, so you might want to familiarize yourself with them.

Is your state one of them? How many copies of your birth certificate can be found in how many places around the country? You might want to ask your state legislators about that. The future of this effort is to collect biometrics at birth, of course. This is a privacy problem.

But maybe all the privacy concerns have been taken care of. The proponents of REAL/PASS ID found themselves a fig leaf on that score.

Token Cover on Privacy Issues

Ari Schwartz from the Center for Democracy and Technology testified in favor of PASS ID. (Senator Akaka noted in his opening statement that CDT endorses PASS ID.)

He characterized opponents of REAL/PASS ID as wanting to “do nothing.” It’s a classic ploy – but cheaper than we’re used to seeing from Ari and CDT – to mischaracterize opponents as wanting to “do nothing.” As Ari knows well, I have advocated endlessly for a diverse and competitive identification and credentialing system that would provide all the security ID systems can, without government surveillance.

But Ari testified imaginatively about how PASS ID makes a national ID okay. He has concerns with it, of course, yadda yadda yadda – the privacy fig leaf obliged to wear a fig leaf himself.

And this is the unexpected bad news from the hearing. The Center for Democracy and Technology supports having a national ID in the United States.

Many would find this inexplicable, but it’s not. Though the people who work at CDT personally want very much to do the right thing, there are no principles to the organization beside compromise and having a seat at the table (neither of which are actually principles, of course).

CDT plays a wonderful convening role on many issues, and the name of the organization implies that it reconciles technology programs with fundamental societal values. But here it has given political cover to the push for a national ID in the United States. One can’t help wondering if there is anything that would cause CDT to push back from the table and say No.

Review of the Big REAL ID Hearing is a post from Cato @ Liberty - Cato Institute Blog

In a recent post, I noted how Department of Homeland Security secretary Janet Napolitano was “taking the national ID tar baby in a loving embrace.” Now the administration seems to be similarly embracing the E-Verify government background check system.

Starting September 8th, it will go forward with a Bush administration plan to require federal contractors to check their employees against federal databases. The E-Verify program is riddled with problems, and it will send many American workers and legal immigrants into Kafkaesque ordeals when they find they aren’t approved by the federal government to earn a living. Ultimately, “internal enforcement” of immigration law, which is what E-Verify is about, requires a biometric national identity system.

Wasn’t a Democratic administration going to be the antidote to the aggressive security-statism of the Bush administration? Well, no. Once in power, either political party will see merit in national ID systems. After all, a national ID gives the government direct regulatory control over individuals – and that’s a sweet sound to the powerful, regardless of political affiliation. This is why it was so interesting to see the left begin to embrace a national ID as it anticipated an Obama victory in November.

Parties in power like national ID systems.

Parties in Power Like National ID Systems is a post from Cato @ Liberty - Cato Institute Blog

Department of Homeland Security Secretary Janet Napolitano has been all over the map on national ID issues. As governor of Arizona, she signed a memorandum of understanding with the Bush DHS to implement “enhanced driver’s licenses” in her state. These are licenses with long-range RFID chips built into them. But then she turned around and signed legislation barring implementation of the REAL ID Act in Arizona.

Now, having taken federal office, she again favors REAL ID — or at least under its new name: PASS ID. (Her efforts to put distance between REAL ID and PASS ID have not borne fruit.)

In some respects, PASS ID is worse than REAL ID. It would give congressional approval to the “enhanced driver’s license” program — invented by DHS and State Department bureaucrats to do long-range (and potentially surreptitious) identification of people holding this type of card. Back home, the Arizona legislature has just passed a bill to prohibit the state from implementing EDLs.

So the former governor of Arizona, who has both supported and rejected national ID programs, now supports a bill to approve the national ID program her home state rejects. Napolitano seems to be taking the national ID tar baby in a loving embrace.

Calling Secretary Napolitano: Arizona to Reject EDLs is a post from Cato @ Liberty - Cato Institute Blog

Back on March 29th, Campaign for Liberty employee Steven Bierfeldt was leaving the Campaign’s regional conference in St. Louis, Missouri. He was carrying $4700 in cash donations and Campaign for Liberty and Ron Paul literature. TSA personnel at the St. Louis airport felt that carrying this amount of cash was “suspicious” and detained him for interrogation. The TSA personnel intended to take Bierfeldt to the local police station for further questioning after he refused to answer the questions associated with their fishing expedition. Luckily, a plainclothes officer arrived and spoke briefly with one of the TSA officers, who told Bierfeldt that he was free to go.

Bierfeldt is now filing suit against Secretary of the Department of Homeland Security Janet Napolitano. The ACLU Blog of Rights has more on the suit, including a digital copy of the complaint. Filing suit to prove that “[c]arrying $4700 in cash poses no conceivable threat to flight safety” is a sign that airport screening is going too far.

Bierfeldt was right to be wary of airport screening while carrying Ron Paul and Campaign for Liberty literature. The Missouri Information Analysis Center, one of 70+ “fusion centers” in the nation, had just released its report on domestic terrorism and the militia movement. Libertarians are expressly targeted as potential domestic terrorists:

Political Paraphernalia: Militia members most commonly associate with 3rd party political groups. It is not uncommon for militia members to display Constitutional Party, Campaign for Liberty, or Libertarian material. These members are usually supporters of former Presidential Candidate: Ron Paul, Chuck Baldwin, and Bob Barr.

Cato recently held a forum on this phenomenon, Fusion Centers: Domestic Spying or Sensible Surveillance? My colleague Tim Lynch hosted, and panelists included Bruce Fein, Constitutional Attorney, The Lichfield Group; Harvey Eisenberg, Chief, National Security Section, Office of United States Attorney, District of Maryland; and Michael German, Policy Counsel, American Civil Liberties Union. Audio and video are available at the link.

Mike German has written extensively on this topic. Read his November 2007 report, What’s Wrong with Fusion Centers and July 2008 update. Mike is a former FBI agent and author of the excellent book, Thinking Like a Terrorist.

You can watch Mr. Bierfeldt giving his side of the story to Judge Andrew Napolitano (no relation to Homeland Secretary Janet Napolitano) on Fox’s Freedom Watch.

Judge Napolitano recently spoke at the Cato book forum, Dred Scott’s Revenge: A Legal History of Race and Freedom in America. Co-panelists included my colleague Jason Kuznicki and Reason‘s Damon Root.

Bierfeldt v. Napolitano Roundup is a post from Cato @ Liberty - Cato Institute Blog

The Heritage Foundation’s “The Foundry” blog has a post up called “Questions for Secretary Napolitano: Real ID.”

Honest advocates on two sides of an issue can come to almost perfectly opposite views, and this provides an example, because I find the post confused, wrong, or misleading in nearly every respect.

Let’s give it a brief fisking. Below, the language from the post is in italics, and my comments are in roman text:

Does the Obama Administration support the implementation of the Real ID Act?

(Hope not . . . .)

Congress has passed two bills that set Real ID standards for driver’s licenses in all U.S. jurisdictions.

REAL ID was a federal law that Congress passed in haste as an attachment to a military spending bill in early 2005. To me, “REAL ID standards” are the standards in the REAL ID Act. I’m not sure what other bill the post refers to.

Given the legitimate fear of REAL ID creating a federal national ID database, section 547 of the Consolidated Security, Disaster Assistance, and Continuing Appropriations Act, 2009 barred the creation of a new federal database or federal access to state databases with the funds in that bill. (Thus, these things will be done with other funds later.)

The Court Security Improvement Act allowed federal judges and Supreme Court Justices to withhold their addresses from the REAL ID database system, evidently because the courts don’t believe the databases would be secure.

And in the last Congress, bills were introduced to repeal REAL ID in both the House and Senate. Congress has been backing away from REAL ID since it was rammed through, with Senators like Joe Lieberman (I-CT) calling REAL ID unworkable.

It’s unclear what the import of the sentence is, but if it’s trying to convey that there is a settled consensus around the REAL ID law, that is not supported by its treatment in Congress.

The Real ID legislation does not create a federal identification card, but it does set minimum security standards for driver’s licenses.

This sentence is correct, but deceptive.

REAL ID sets federal standards for state identification cards and drivers’ licenses, refusing them federal acceptance if they don’t meet these standards. Among those standards is uniformity in the data elements and a nationally standardized machine readable technology. Interoperable databases and easily scanned cards mean that state-issued cards would be the functional equivalent of a federally issued card.

People won’t be fooled if their national ID cards have the flags of their home states on them. When I testified to the Michigan legislature in 2007, I parodied the argument that a state-issued card is not a national ID card: “My car didn’t hit you — the bumper did!”

All states have either agreed to comply with these standards or have applied for an extension of the deadline.

It’s true that all states have either moved toward complying or not, but that’s not very informative. What matters is that a dozen states have passed legislation barring their own participation in the national ID plan. A couple of states received deadline extensions from the Department of Homeland Security despite refusing to ask for them. Things are not going well for REAL ID.

Secure identification cards will make fraudulent documents more difficult to obtain and will also simplify employers’ efforts to check documents when verifying employer eligibility.

It’s true that REAL ID would make it a little bit harder to get – or actually to use – fraudulent documents, because it would add some very expensive checks into the processes states use when they issue cards.

It’s not secure identification cards that make fraudulent documents harder to obtain – the author of this post has the security problems jumbled. But, worse, he or she excludes mentioning that a national ID makes it more valuable to use fraudulent documents. When a thing is made harder to do, but proportionally more valuable to do, you’ll see more of it. REAL ID is not a recipe for a secure identity system; it’s a recipe for a more expensive and invasive, but less secure identity system.

Speaking of invasive, this sentence is a confession that REAL ID is meant to facilitate background checks on American workers before they can work. This is a process I wrote about in a paper subtitled “Franz Kafka’s Solution to Illegal Immigration.” The dream of easy federal background checks on all American workers will never materialize, and we wouldn’t want that power in the hands of the federal government even if we could have it.

Real ID is a sensible protection against identify fraud.

The Department of Homeland Security’s own economic analysis of REAL ID noted that only 28% of all reported incidents of identity theft in 2005 required the presentation of an identification document like a driver’s license. And it said REAL ID would reduce those frauds “only to the extent that the [REAL ID] rulemaking leads to incidental and required use of REAL ID documents in everyday transactions, which is an impact that also depends on decisions made by State and local governments and the private sector.”

Translation: REAL ID would have a small, but speculative effect on identity fraud.

Congress is set to introduce legislation next week that could largely repeal the Real ID.

The bill I’ve seen is structured just like REAL ID was, and it requires states to create a national ID just like REAL ID did. REAL ID is dying, but the bill would revive REAL ID, trying to give it a different name.

Some groups oppose this version of REAL ID because it takes longer to drive all Americans into a national ID system and frustrates their plans to do background checks on all American workers. But it’s still the REAL ID Act’s basic plan for a national ID.

The Administration should put pressure on Congress to ensure that this legislation does not effectively eliminate the Real ID standards.

Why the administration would pressure Congress to maintain the national ID law in place – by any name – is beyond me. REAL ID is unworkable, unwanted, and unfixable.

Homeland Security Secretary Janet Napolitano signed legislation as Arizona’s governor to reject the REAL ID Act. Her predecessor at DHS, Michael Chertoff, talked tough about implementing the law but came up just shy of lighting the paper bag in which he left it on Napolitano’s doorstep.

The REAL ID revival bill that is being so widely discussed is likely to be both the national ID plan that so many states have already rejected and deeply unsatisfying to the anti-immigrant crowd. Congress rarely fails to grasp a lose-lose opportunity like this, so I expect it will be introduced and to see it’s sponsors award themselves a great deal of self-congratulations for their courageous work. You can expect that to receive a fisking here too.

Questions for Heritage: REAL ID is a post from Cato @ Liberty - Cato Institute Blog

CNN wrote an exciting headline on Wednesday: “Homeland Security Chief Seeks to Repeal Real ID Act.” What they left out was that the replacement would be . . . the REAL ID Act.

Intentionally or not, Secretary of Homeland Security Janet Napolitano has created the impression that the national ID law might go away. But simply renaming the Department of Homeland Security’s national ID program is not a repeal of REAL ID.

The REAL ID revival bill that has been circulating is the same national identification and tracking system with a few of the sharpest corners taken off and the hope of federal money held out to up-to-now recalcitrant states. The REAL ID revival bill would corral every American citizen into the national ID system to try and attack illegal immigrants.

Bills to repeal REAL ID were introduced in the previous Congress, but they did not move because the Bush administration and Chertoff DHS would have eagerly demagogued the issue. Those political conditions no longer hold. And just 10 months ago, Secretary Chertoff delayed the implementation of REAL ID without bringing any political repercussions to the Bush administration whatsoever. Secretary Napolitano can do the same if Congress fails to truly repeal REAL ID, as it should.

“. . . and Replace It with REAL ID” is a post from Cato @ Liberty - Cato Institute Blog