Ben Friedman helpfully supplies more information to go with my positive reaction to the Department of Homeland Security’s decision to scrap color-coded threat warnings.

Our colloquy leaves somewhat open what should replace color-coding. Because most threat warnings are false alarms, and because exhortations to vigilance will tend toward the vagueness of the color-coding system, Ben hopes “DHS winds up being tighter-lipped.”

His points are good ones, but they don’t dissuade me from my belief that DHS should “begin informing the public fully about threats and risks known to the U.S. government.”

The right answer here centers on who is better at digesting threat information—experts in the national security bureaucracy or the public?

There is a great deal of expertise in the U.S. government focused on turning up threat information and digesting it for policymakers. However, that expertise has limits, often manifested as threat inflation, as Ben notes, and as myopia. Daniel Patrick Moynihan’s Secrecy: The American Experience illustrates the latter well (especially the edition with Richard Gid Powers’ fine introduction).

The public consists of hundreds of millions of subject matter experts in every walk of life. They include owners and operators of all our infrastructure, reporters and commentators in the professional and amateur press, academics, state and local law enforcement personnel, information networks, and social networks of all kinds. We have security-interested folk in the hundreds of millions spread out across the land, all in regular communication with each other. We’re a tremendously powerful information processing machine. I believe this public can do a better job of digesting threat information than “experts,” particularly when it comes to terrorism threats, which can—theoretically, at least—manifest themselves pretty much anywhere.

The public constantly digests risk and threat information from other walks of life. We digest information about ordinary crime, health and disease, finance and investment, driving and walking, etc., etc. There is nothing about terrorism that disables the public from making judgments about threat information and incorporating it into daily life. People can figure out what matters and what does not, and they can apply information in the spheres they know.

When I say “fully inform,” I don’t argue for broadcasting every speck of information the U.S. government collects. There are limited domains in which information sharing will reveal sources and methods, undercutting access to future information. Appropriate caveats are part of ”fully” informing, of course. Natural pressure will cause too speculative threats to be winnowed from public release. But even opening a firehose will get people the water they need to drink.

Tight lips sink ships. The presumption should fall in favor of sharing information with the public. After a period of adjustment lasting from months to a year or more, the American information system would incorporate open threat information into daily life, and the country would be more secure. People made confident by the ability to consume and respond to threat information will feel more secure, which is the other half of what security is all about.

Shades of Warning: What It Means to Inform is a post from Cato @ Liberty - Cato Institute Blog

I’ve fielded some questions today about the WikiLeaks story, and I’m feeling pretty conflicted.

I’m aware of the fact that the leak of classified information could pose a short-term risk to national security, but it is my sense that most of the claims of dire harm are overwrought. There is considerable evidence that much — perhaps most — classified material is improperly classified; governments oftentimes invoke claims of secrecy to shield themselves from embarrassment, not to protect national security. In that sense, some diplomats and government officials might be red in the face today, but I doubt that most Americans are feeling less secure than before the latest revelations from WikiLeaks.

If I thought that the attention on minute and often mundane details that shouldn’t be classified precipitated a closer look at overclassification, WikiLeaks might have a beneficial side effect. As it is, however, it is likely to increase the government’s obsession with secrecy, with policymakers scrambling to close down supposedly dangerous loopholes, some of which were opened up after 9/11 to facilitate information-sharing between agencies. This process of clamping down on interagency collaboration has already begun.

As to the particulars, with respect to diplomatic correspondence, there is a tension between individuals sharing their genuine opinions about another country, or that country’s leaders, and concern that their candid assessments in private conversations be revealed. People do keep secrets from one another, including their friends, spouses and family members. It is basic human nature. And it is basic human nature to clam up the next time you’re talking to a friend who recently blabbed your secrets to a third party. As such, the WikiLeaks episode might have a chilling effect on candor, but I believe that this effect will dissipate over time.

Concern that this will undermine U.S. diplomatic standing, or otherwise lead people to question the U.S. government’s capacity for conducting foreign policy, is misplaced. We don’t (or shouldn’t) question the U.S. Army’s ability to conduct military operations because of the occasional friendly fire incident. Given the volume of documents released in now several Wikileaks’ rounds, some might ask whether this is the equivalent of many thousands of unfortunate incidents, and therefore a sign of a systemic failure. I doubt it. The vast majority of individuals in possession of classified material treat this information with great care. More to the point, I am confident that this will be a minor episode in U.S. diplomatic history when compared to huge blunders such as the war in Iraq and the deepening — and open-ended — war in Afghanistan.

The WikiLeaks case also touches on the law, and of an individual’s responsibility to obey such laws, two of my least favorite subjects. Not all laws are sacrosanct, and I’ve just noted that much classified material shouldn’t be. As such, some might claim that releasing such information is a legitimate form of civil disobedience, because the laws governing release of documents are unjust.

But I don’t think that overclassification and other resorts to secrecy to shield the government from public scrutiny are on par with far more egregious violations of the basic rights and liberties of all citizens. If I could be convinced otherwise, I might change my mind.

For now, because I don’t trust individual leakers to be able to discern which material is legitimately classified, and which is not, I believe that individuals who possess classified material and knowingly release it to people not cleared for such information should be prosecuted to the full extent of the law.

Finally, as a practical matter, I am particularly leery of individuals passing judgment on when to follow the rules, and when to ignore them, in cases involving national security. We rightly condemn military officers who defy civilian authority over the conduct of war. We should be equally critical of people who choose to go their own way in the conduct of information warfare. People with access to classified material have chosen to work in the government. They therefore choose to abide by the government’s rules, and should expect to pay a penalty if they violate them.

Random Thoughts on WikiLeaks is a post from Cato @ Liberty - Cato Institute Blog

Writing in the Washington Post, George Washington University law professor Jeffrey Rosen carefully concludes, “there’s a strong argument that the TSA’s measures violate the Fourth Amendment, which prohibits unreasonable searches and seizures.” The strip/grope policy doesn’t carefully escalate through levels of intrusion the way a better designed program using more privacy protective technology could.

It’s a good constutional technician’s analysis. But Professor Rosen doesn’t broach one of the most important likely determinants of Fourth Amendment reasonableness: the risk to air travel these searches are meant to reduce.

Writing in Politico last week, I pointed out that there have been 99 million domestic flights in the last decade, transporting seven billion passengers. Not one of these passengers snuck a bomb onto a plane and detonated it. Given that this period coincides with the zenith of Al Qaeda terrorism, this suggests a very low risk.

Proponents of the TSA’s regime point out that threats are very high, according to information they have. But that trump card—secret threat information—is beginning to fail with the public. It would take longer, but would eventually fail with courts, too.

But rather than relying on courts to untie these knots, Congress should subject TSA and the Department of Homeland Security to measures that will ultimately answer the open risk questions: Require any lasting security measures to be justified on the public record with documented risk management and cost-benefit analysis. Subject such analyses to a standard of review such as the Adminstrative Procedure Act’s “arbitrary and capricious” standard. Indeed, Congress might make TSA security measures APA notice-and-comment rules, with appropriate accomodation for (truly) temporary measures required by security exigency.

Claims to secrecy are claims to power. Congress should withdraw the power of secrecy from the TSA and DHS, subjecting these agencies to the rule of law.

TSA’s Strip/Grope: Unconstitutional? is a post from Cato @ Liberty - Cato Institute Blog

My friend Kelly Young notes (on Facebook) this Washington Post article on guns used in crimes:

I am awed again by the power of language. The Washingt0n Post today claims that government protection of the identity of lawful purchasers of legal weapons is “secrecy” to be “penetrated” for the sake of the paper’s reporting. It is not “privacy” that is “violated,” as with release of airport scans of travelers, gathering names of minors seeking abortions, and warrantless searches of homes. And how about those secret journalistic sources?

(Language cleaned up slightly, as the original was typed Blackberry-style.) He’s right. The word “privacy” doesn’t appear in the article. Maybe a cynics’ dictionary would read, “Privacy is the ability to keep facts about myself hidden from you. Secrecy is your keeping facts about yourself hidden from me.”

Secrecy or Privacy? The Power of Language is a post from Cato @ Liberty - Cato Institute Blog

Reliable national security reporter Siobhan Gorman at the Wall Street Journal has broken a story about an Internet surveillance program called “Perfect Citizen” to be managed by the National Security Agency.

Reading about it is frustrating, and for me blame quickly settles on Congress. Our legislature is utterly supine before the national security bureaucracy, which exaggerates cybersecurity threats and consistently uses the secrecy trump card to defy oversight.

If there is to be a federal government role in securing the Internet from cyberattacks, there is no good reason why its main components should not be publicly known and openly debated. Small parts, like threat signatures and such—the unique characteristics of new attacks—might be appropriately kept secret, but no favor is done to any potential attackers by revealing that there is a system for detecting their activities.

A cybersecurity effort that is not tested by public oversight will be weaker than ones that are scrutinized by private-sector experts, academics, security vendors, and watchdog groups.

Benign intentions do not control future results, and governmental surveillance of the Internet for “cybersecurity” purposes may warp over time to surveillance for ideological and political purposes.

These abstract criticisms of “Project Citizen” are all that publicly available information allows. Far better would come from me and others more qualified if Congress were to do its job.

Congress owes it to us, the United States’ true citizens, to have public hearings on “Perfect Citizen.” Congress should reject broad assertions of secrecy so that the whole body politic can participate in securing our country from all threats.

Congressional and public oversight—searching oversight that tests assumptions and asks hard questions—would strengthen any government cybersecurity effort we find warranted. It would also ameliorate the threat of such programs to our civil liberties, democratic processes, and privacy.

‘Perfect Citizen’: Congress’ Perfect Failure is a post from Cato @ Liberty - Cato Institute Blog

National Journal‘s “Expert Blog” on National Security asked me late last week to comment on the question, “How Can Cyberspace Be Defended?” My comment and others went up yesterday.

My response was a fun jaunt through issues on which there are no experts. But the highlight is the response I drew out of Michael Jackson, the former #2 man at the Department of Homeland Security.

It does little to promote serious discourse about the truly grave topic of cyber security threats to begin by ridiculing DHS and DOD as “grasping for power” or to suggest that President Obama has somehow been duped into basing his sensible cyber strategy on “a lame and corny threat model called ‘weapons of mass disruption.’” It shows ignorance of the facts to deny that cyber vulnerabilities do indeed present the possibility of “paralyzing results.”

Jackson neglects to link to a source proving the factual existence of “paralyzing” threats to the Internet — he’d have to defeat the Internet’s basic resilient design to do it. (Or he has collapsed the Internet, the specific way of networking I was talking about, with “cyber” — a meaningless referent to everything.) But the need for tight argument or proof is almost always forgiven in homeland security and cyber security, where the Washington, D.C. echo-chamber relentlessly conjures problems that only an elite bureaucracy can solve.

In another comment — not taking umbrage at mine, but culturally similar to Jackson’s — Ron Marks, Senior Vice President for Government Relations at Oxford-Analytica, says, “Cyberterrorism is here to stay and will grow bigger.” The same can be said of the bogeyman, but the bogeyman isn’t real either.

(To all interlocutors: Claiming secrecy will be taken as confessing you have no evidence.)

Jackson’s close is the tour de force though: “Good people are working hard on these matters, and they deserve our unwavering financial and personal support. For now and for the long-term.”

A permanent tap on America’s wallets, and respect on command? Sounds like “grasping for power” to me.

Cyber Security “Facts” is a post from Cato @ Liberty - Cato Institute Blog

President Obama’s decision to release Bush-era memos discussing “enhanced interrogation techniques” is the right decision. Critics, such as the one featured in this Politico article, fail to comprehend terrorism as a strategy. Thus, they are locked into counterproductive policies like secrecy and torture.

Let’s start with the strategic logic of terrorism: By goading strong powers into overreaction and error, terrorism weakens those powers and strengthens itself. Among other things, overreaction and misdirection on the part of the strong power draw sympathy and support to terrorists as it confirms the terrorist narrative that they are in a struggle against evil powers.

Torture or credible accounts of torture provide confirmation of a suspicion among relatively unsophisticated observers in the Middle East (once known as the “street“) that the United States is a colonist and an oppressor of Muslims and Arabs. Secrecy is a way in which such stories grow and multiply. The results of torture and secrecy are millions of people who believe, suspect, or worry that they and their culture are on the losing end of a battle for supremacy in the world. (We have some of those on the American street, too.)

From these millions emerge individuals and groups — eventually perhaps networks — who devote their creativity to developing and eventually mounting attacks on the United States and the West. (The path to terrorism is not simple or well-understood. Several panels in our January counterterrorism conference explored dimensions of this question.)

Just as important, non-participants in terrorism who are ideologically or physically nearby to inchoate terrorists decline opportunities to undermine the terrorism brewing around them. Terrorists are bad people with ugly ideologies, and their neighbors know it, but these neighbors will overlook all that if they see the United States as a wrongdoer. Because of secrecy and torture, the United States loses these natural allies and the security they would otherwise provide.

But what about the loss of enhanced interrogation techniques? “Publicizing the techniques does grave damage to our national security by ensuring they can never be used again,” says a critic, “even in a ticking-time-bomb scenario where thousands or even millions of American lives are at stake.”

The ticking-time-bomb scenario is a movie plot that evidently thrills some in the counter-terrorism community. But the chance of a significant weapon being acquired and used by terrorists is very small. The chance that U.S. authorities will know about it and know who to interrogate at just the right moment: pure fantasy. Such a moment would only arrive as the result of many, many failures on the part of U.S. intelligence and security organizations to protect our interests.

Even assuming that torture actually works, which is very much in dispute, the security given by having the sympathy of millions of people in the Muslim and Arab worlds is much, much greater than the security of having legal authorization to torture. The security of having world goodwill helps ensure that we never arrive at the ticking time-bomb moment.

If that’s frustrating to torture hawks, there are video games where they can avenge the 9/11 attacks over and over again. The rest of us will rue the failings that allowed 9/11 to happen while we work on sophisticated, strategic counter-terrorism that actually secures the country. Many in the intelligence and security communities have sophisticated views on counter-terrorism and are eager to get on with policies that aren’t counterproductive.

President Obama has made the right decision in releasing the memos — and not just right in some abstract legal or moral sense. It is the correct strategic decision for countering terrorism.

His critics’ focus on one or two trees — saplings like the “ticking time-bomb” fantasy — obscures the forest that would grow higher still should the United States persist in being a secretive torturer.

Obama and the Interrogation Memos: The Right Decision is a post from Cato @ Liberty - Cato Institute Blog