House approves CISPA… WTF?
Published April 26, 2012 | 
The House voted on, and passed CISPA today. I didn’t even know that it was up for vote, nor was there much if any debate on this. CISPA is basically SOPA 2.0 with some changes. I am disappointed in Congress for passing this bill. I appreciate the need to share intelligence data between ISPs and the Government, but a bill isn’t required for that at all. Nothing is preventing the NSA, FBI, or anyone else in the Gov’t to share data. The data itself it owned by the people, and therefore should be shared by default. It does make since to share classified information that would put our intelligence sources and methods at risk. I don’t advocate breaking the law by sharing classified information, but I do believe that there are plenty of legitimate ways for the Gov’t to share threat data with ISP’s without the need for any new laws.
So, they have passed CISPA and now we will have to wait for the Senate to take up the vote. I wonder if there will be an outcry such as we had with SOPA, and if those that run the internet will speak out. Until legislation is written with those that use the internet in mind whatever they write will not work.
What should the future of TSA be?
Published December 9, 2011 | The Transportation Security Administration was created after 9/11 to prevent 9/11. It was the classic knee jerk reaction to events that had already occurred. The proponents of TSA will point out that since there hasn’t been another 9/11 type of event since then, that TSA is working. The opponents of the TSA will point out that terrorist can learn and perhaps they haven’t been trying to highjack airplanes since 9/11. Either way, a lot of money and technology has been thrown at TSA, and it is debatable that it has been a good investment.
The Super Committee failed. Our deficit is beyond reason and growing fast. Our government is struggling with trying to cut expenses and raise income. Perhaps now we can finally look at the TSA with an objective eye, and make some common sense changes. Wired had a good article summarizing TSA’s performance as “Insider: $56 Billion Later, Airport Security is Junk”. It is a good read and they make some excellent arguments. For this discussion, I’m going to limit the discussion to TSA and airports. They really have a responsibility outside of just airports, but that is where most of the easy changes can take place.
First of all, what is the objective of the TSA? It should be to prevent airplanes from being highjacked, blown-up, or shot down. This is good, but the reality is that you can never foresee every possible threat, and there is no way to prevent everything. This is an effort in risk management, and the best we can hope for is to catch and prevent stupid and/or crazy folks that attempt to either highjack or blow-up an aircraft. You may be able to prevent the stupid terrorist/criminals from accomplishing their objectives, and while doing so, you may raise the difficulty level for the more capable terrorists such that they target less defended targets (which exists everywhere).
So, what should we do with the TSA? Here’s my recommendations:
- Reduce passenger screening back to pre-9/11 levels. Stick with the basics, an ID check and a metal detector. Let us keep our shoes on, and allow liquids back on the plane. Let me keep my laptop in the bag. Focus on preventing a bunch-up of passengers which is a more attractive target than blowing up a plane. Keep guns and large knives off the plane and prevent the obvious stupid and/or crazies from acting out on the plane.
- Keep the hardened cockpit doors. This is one of the few things that the TSA did that makes sense. If someone can’t get to the cockpit, then they can’t highjack the airplane.
- Educate travelers that it is still their responsibility to violently suppress anyone trying to highjack the plane. The passengers and flight attendants are the first and last defense against someone acting out on an airplane. After 9/11 this was clear and I even had pilots remind passengers of this… now, so many years later, we may be forgetting this. Just put out some reminders, I think most travelers would understand it.
- Increase the background checks of airport and airline employees. Anyone that has unfettered access to the aircraft should be checked. It is much easier to damage or sabotage an aircraft from anywhere but the passenger cabin. I’d be more worried about a rouge employee than a crazy passenger.
- Monitor the area around the airport better. Here’s a hard one. If someone was going to try to shoot down a commercial aircraft, they aren’t necessarily going to be on the airport. They could be next to the airport, or even a few miles away. They just need to be in the path of the aircraft when the aircraft is low enough to be hit by whatever they are shooting at it. Accomplishing this effectively will be nearly impossible, so the best you could hope is to have some cameras monitor the likely areas and to dispatch folks to investigate if something suspicious happens. So, when that van suddenly stops at the end of the runway and folks jump out, you send someone out to see what is going on. The best you can hope for is to increase the terrorist risk so they don’t try it. I wouldn’t put too much into this area, but you might be able to catch the obvious if you are lucky.
- Most importantly, educate travelers that there is a risk and that TSA can’t prevent everything and that it isn’t going to try. Just admit to the public that something bad may happen and that that sucks, but it is a fact of life. If they understand that every dime spent on the TSA is a dime not spent on education, or another dime added to our deficit, they would understand. The TSA doesn’t produce anything. They do not contribute at all to our Gross National Product. If people are treated like adults and they understand the risk and costs associated with minimizing every risk, I don’t think you’d get a huge backlash from folks when the TSA backs off from their very expensive tactics.
So, there are some of my ideas. They pretty much match up with what others are saying. I don’t know if the politicians have the willpower to dramatically reduce the scale and cost of the TSA without giving their political opponents the “they are soft on terrorism” stick to beat them up with. It is simple common sense that addresses the reality of the situation. It may be an uphill battle to apply some common sense here, but given our financial situation, it is worth making the effort.
How the Government Goes About Creating a Crappy App
Published November 23, 2011 | Rich Jones posted a wonderful piece on gun.io on this horrible mobile application that the Occupational Safety and Health Administration (OSHA) created. He estimated that he could have done it for about $600, so he submitted a Freedom of Information Act (FOIA) request to find out how much this piece of crap cost for the Taxpayers. In total, the Android App, IOS App, and the Blackberry App (which was never released) cost slightly over $200,000. That’s right, a $600 app for $200, 000. On top of the $200,000 for the applications, the source code isn’t publicly available as it is considered a trade secret by the contractor Eastern Research Group.
Rich goes on asking how this could happen. Well, I don’t have any inside information on how OSHA did this application but I can hypothesize how this happened. Rich goes on how he’d like the system to work, and I applaud him for that vision. Now, let me work through the likely steps that resulted in this piece of crap.
- Somewhere near the top of OSHA a Senior Executive Service (SES) manager decided that OSHA “needed an App”. Everyone in Government is doing Apps, and OSHA is not going to let everyone have one but themselves.
- The poor manager assigned to this task has no technical or coding background. He or She is a mid-level manager, just trying to put food on the table. When he asks the Boss “What do you want the App to do?”, the answer is something like “I don’t care, just make an App and leave me alone about it.” Here’s the first major problem… there is no actual reason for the App, and no one has thought this through.
- The manager must now write a Request for Proposal (RFP) for the development of the App. This process takes about six months if you are lucky, and you must go through multiple legal and contracting reviews. Any creativity or vision will be stripped out of the RFP as too risky or unusual. The RFP will have language such as “The Contractor shall produce an App that provides users information about OSHA”. There won’t be any mock-ups, diagrams, or use-cases… it is all just words.
- The RFP will be a Firm Fixed Price (FFP) contract which allows the Government from taking any risk, or requiring constant management of the contract to ensure that everything is going according to plan. A FFP contract means that the Government provides the contractor (ERG in this case) a flat fee for the App. If it costs ERG $600 to make the App, then the rest is profit.
- The RFP “goes out on the street” for proposal. The Government waits for about thirty or sixty days for responses. Contractors will write a proposal and the proposal that is “technically acceptable, lowest costs” wins. Now, there are two poison pills for new and smaller companies. The first is that they are judged on “past performance”. So, if you don’t have any, it counts against you. In reality no past performance equals a neutral score, but you can’t take biases out of the people reviewing the proposals. Secondly, the RFP contains a lot of boiler-plate requirements which are very costly to satisfy. Only companies that have made it their business to get Government contracts get Government contracts. It is just too difficult for others to break into the business, but occasionally it does happen. Most often a company will leverage one type of contract for another. So, if a company runs an IT Help Desk, they will suddenly consider them a software development house, with the often predicted bad results.
- The contractor will take as much time to do the work as possible, even if they aren’t really working on it. For a FFP contract, you don’t want to deliver too early. That would give the Government the chance to complain and force changes. But if you wait until just before the end of the “period of performance”, there isn’t enough time for the Government to react, so they just accept what was delivered.
- Finally, but the time the App is actually delivered the SES has moved on to another job, and the new SES’s response is “we have an App, why?, okay… might as well publish it”.
There you go, from poorly defined requirements to a somewhat functional App. This is not how it can happen, but this is how the system is designed to work. It could be redesigned and changed, but that requires an act of congress, and they haven’t really demonstrated their capabilities to pass well thought out and written laws lately.
Rich also goes into the inability to gain the source code. The default data rights for such a contract are Government Purpose Rights (GPR). GPR is kind of like open source, but only within Government channels. This assumes there the mid-level manager understands something about data rights. If not, the contractors will likely try to slip in even more restrictive data rights in their proposals. If the manager is a rebel, they could push for “unlimited rights” which would all OSHA to release the code, but that really takes a lot of effort, and assumes that one of these companies is even willing to accept that contract clause.
Rich makes some good points in his rant. Unfortunately, the established government contracting process has been established to maximize profit while minimizing productivity. In many ways it is a works program. Now, I’m sure that isn’t the true stated purpose of it, but is how it ends up. I would like to see the system change, but I’m not sure writing my congressman will help in this case.
Posted in Computers, Politics | 
Android, ERG, Government Contracting, iPhone, OSHA | 
Leave a commentIs Privacy Dead?
Published November 17, 2011 | I was in a class today with a bunch of engineers. We were taking a class on how to migrate legacy computer systems into a services based architecture. Okay, so not that exciting. One of the engineers stated that we should go to a single national ID in order to avoid having to make the different state systems work together. I countered with the fact that the Constitution doesn’t give the Federal government that power, and that it is a State right. He countered that “they” know everything about us anyway and there is no privacy, so why not give up State issued IDs for Federal ones?
Now, this guy isn’t stupid.. thick headed at times yes, but not stupid. If smart people not only feel that privacy is dead, but then don’t blink an eye about giving up more privacy or more rights, then I think we have a big problem. My reaction was to ask him to think about what we should do to restore our rights instead of being happy with giving them up.
I’m reminded of the ongoing debate about GPS trackers and the Government having the authority to request your phone records to include location information without a court order. I was happy to see at least one judge today declare that such requests are unconstitutional and require a warrant.
When our Founding Fathers … uh… founded this Country we didn’t live in an electronic jungle. Privacy was easy as closing the door. Today, we have mobile tracking devices in our pockets, and we send all of our communications over the internet where it is easily accessible. IF the Founding Fathers were writing the Constitution today I would have to believe that they would place strict limits on the Federal Governments ability to wiretap, request ISP records, place GPS trackers and so on. I’d find it hard that they would just prevent the Government from searching your “papers” as it is currently written. The Colonists left England to escape a heavy handed Government.
But instead, we have a Government that is constantly trying to push the boundaries of what is Constitutional. They want more and more powers to avoid requesting warrants and there is even speculation on a secret interpretation of the Patriot Act. Shouldn’t these folks fall on the side of the Constitution and placing limits on Government? Why does the Government want so much power? With all of the abuses that we know of, do we really want the Government (or business for that matter) to know where we have been moment to moment, everything we’ve done online, every email we’ve sent, and so on? I would like to think not.
While privacy may be dead in practice, I like it. Instead of bemoaning the loss of privacy, why aren’t we working to restore privacy in America? Privacy is not a human, not a living thing that once dead can’t be brought back to life (zombies excluded). It is a concept and principal, and if loss, can be found again and restored. We can make changes to our existing laws and social norms to bring back privacy, we just have to make the decision to do so. We can start by erring on the side of privacy and the 4th Amendment.
Maybe it is a pipe dream, but America was built on dreams.
Government Lying Bad, FOIA Lying Even Worse
Published November 4, 2011 | The Department of Justice just dropped a proposed change to the FOIA rules that would have allowed the Government to lie in response to a legal FOIA request. It is shameful that the DoJ even thought such a rule was necessary. Last time I checked, the DoJ suppose to work for the people, not any specific Government agency or service. If you can’t tell us due to national secrets, then tell us that, but don’t claim that you “don’t have it”, when you do.
I suspect there is a fair amount of lying or “reinterpretation of the request” that already happens, but it should never be sanctioned. I’m glad to see the rule dropped and while it won’t guarantee protections from lying, it will at least be better than with sanctioned lying. The Government is disliked by many of the folks it suppose to protect because of the cloak of secrecy that has risen over the past ten or twenty years. Even with all of the campaign promises of transparency, there is more secrecy than ever. But we should never give anyone the right to lie. If you can’t or won’t tell us, be honest about it.
Electronics and the Fourth Amendment
Published September 24, 2011 | I don’t believe that the Founding Fathers of our country could have ever imagined today’s electronics. There is no doubt that if you showed up with an iPhone back then you’d be declared a witch or wizard, and probably strung up by your neck. When they wrote the Forth Amendment, the notion of a search was limited to physically going through one man’s physical possessions. Even letters were possessions, and there was nothing stored on a a network accessible outside of one man’s house.
The Fourth Amendment reads:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The word in question today is “unreasonable”. Today, law enforcement has the ability to intercept your phone calls, read your emails, see your online files, and otherwise invade your online life. At what point does law enforcement need to obtain a Warrant for such action? What is unreasonable? I would think that back when the Consititution was being drafted, barging into someone’s house without cause would be “unreasonable”. But, is maintaining a computer program that inspects every email sent for terrorist keywords unreasonable? It isn’t like there is necessarily a person reviewing every email, and unless your email gets flagged, no one is the wiser… right? Or, is law enforcement using something like Harris’s Stingray cellphone tracker unreasonable? It allows law enforcement to track you even if your not talking on your cellphone.
To me, any searching technique that is completely unnoticeable by the target should be considered unreasonable, and subject to getting a Warrant. Unless you have some level of probable cause, you shouldn’t be tracking my online life, period. That is the difference in our countries ideals and those of Iran or China. Yes, there are possible consequences if criminal actions are missed, but casting a wide net in an unjustified fishing expedition isn’t the American way, unless you think McCarthy was right. I don’t, and I don’t think that America is full of criminals and terrorist… there are certainly a small number of bad actors, but that doesn’t justify putting every American into a surveillance society.
If you are being searched, and within search I include surveillance techniques such as GPS tracking and cellphone tracking, the target should have a chance of catching you which doesn’t involved tearing apart your own car. I have no problems with the police going up and down my road, and if they see someone walking in my yard late at night, I don’t think it is unreasonable for them to stop the person (even if it is me). If I am in public and I’m talking on my cellphone, and someone overhears me planning a crime, again… fair game. I just draw the line at law enforcement using techniques that should require a Warrant without getting one. If they can’t do the legwork necessary to get a Warrant, then maybe there is no cause for them to conduct a search in the first place.
I am sure that there will be cases where someone does something horrible that could have been stopped under the ideal surveillance society, and there will be pressure to pull another Patriot Act out of the hat, giving even more power to law enforcement. I hope that we can all realize at that point that sometimes bad things happen, and there is nothing, anyone can do about it. It is better to tear our Constitution apart in an effort to prevent the unpreventable, or should we improve our ability to respond to such crisis better.
I’m proud to be an American and I do think that our Constitution and the protections it provides us is what makes this country great. I also believe that we have destroyed much of the meaning behind the Constitution for our “own protection” with very little benefit. Maybe someday we will have the courage to rollback many of the laws that impend on our rights, but I don’t know. As for the Fourth Amendment, it is perhaps the most abused Amendment we have, and it sorely needs protection. Let’s hope that those fighting to make the courts come down on the legal protections or lack of protections that American’s have succeed. If nothing else, let’s get it on the record that the Fourth Amendment is no longer valid, and if that is the case… let’s see how a repeal of the Fourth Amendment would be welcomed by the American public. For some reason I don’t think the average American would take to kind the idea of repealing the Forth Amendment, but for right now what they don’t know, doesn’t hurt them… right?
Posted in Intelligence, Politics, Technology | Fourth Amendment, Law Enforcement, Search | Leave a commentI Hate Agreeing with the ACLU
Published September 11, 2011 | I hate agreeing with the ACLU. However, I just finished reading A Call to Courage, a report published by the ACLU. It has been ten years since 9/11, that horrible and life changing day for America. The ACLU’s report goes into how the Government has used 9/11 to tear apart our freedoms and Constitutional protections. I hate agreeing with the ACLU. While I admit to being liberal, I do not subscribe to the ACLU in general, and I’ve dedicated my life to the defense of this nation.
What our Government has done to our liberties, the liberties I’ve taken an oath to defend, is shameful. I had hoped that under a new administration we would see the reversal of a long trend of bad decisions, but no such luck. I believe in defending this nation, and having a strong defense. But, you can not measure if your defense is strong enough unless you have an idea as to what you are defending against. We have jumped to the conclusion that everyone, American or not, is a potential terrorist, and therefore must be watched 24/7. Does this not remind you of what the KGB did prior to the fall of Russia? Is that the kind of State we are headed towards, or are we already there, but don’t know it? If we assume that everyone is a potential enemy, then there is no way to deal with it without eliminating rights and becoming a surveillance society.
But, is that a good assumption? I don’t think so. I don’t know how anyone could presume so, but that is the only rational justification for what we have done. I agree with maintaining alertness, but would our money be better spent preparing first responders than spying on Americans? At least then there is an immediate benefit for society, even if there is no terrorist act. I hope that someday we will find the courage to say “enough”, and to take back our Constitution and our rights. I hope that we never find ourselves in a society that would make that dream impossible.
I hate the ACLU for writing this. I hate worse that we, the people of the United States, and it’s elected Government gave them reason to.
You know you crossed the line when Chuck Norris weighs in
Published September 6, 2011 | Life after 9/11 is definitely different than before 9/11. We now live in a surveillance state that should scare most citizens, but for which most take as a necessary evil to combat terrorism. But, when Chuck Norris weighs in on the state of homeland security, you know… maybe you have gone too far. Just a thought… maybe it is time to rethink what freedoms we cherish.
Rethinking Our National Security Strategy Given Our Fiscal Constraints
Published August 19, 2011 | Foreign Policy had an excellent article titled “Think Before You Cut“, which describes P.W. Singer’s view on how best to approach cutting our defense budget, and doing so smartly. I have been thinking about this for some time, and while I agree with Mr. Singer’s arguments are well thought out and sound, they do not address the fundamental question as to what changes we need to our National Security Strategy in order to accomplish these cuts.
Rule 1: The DoD spends what is required to satisfy the National Security Strategy.
So, if we rethink our strategy given our economic realities, we can satisfy our national security needs and reduce our budget. It means putting our economic security ahead of some of the current military objectives. I believe that our current National Security Strategy is unsustainable. It is beyond time for us to rethink our priorities, and to put our economic security ahead of trying to protect the entire world from every possible threat.
It is up to the President and Congress to define our National Security Strategy as well as our budget priorities. I think that there are some obvious questions to ask:
- Do we really need to be in Afghanistan and Iraq? I struggle to come us with excuses for us to be in either Afghanistan or Iraq. We are fooling ourselves if we think that we can rehabilitate these countries and export democracy to them. If you think that, you have not studied the history of of the region or of the people.
- Do we really need to be in England, Germany, or Japan? World War II is over. We have been in these countries for decades. We are no longer an occupying force. While there are threats everywhere, it doesn’t look like these countries are under any immediate or near-term threats. Given today’s warfare, the threat, and so on… do we really need to have such a large footprint overseas?
- How much force projection do we really need? Our military spending is larger than the combined defense budgets for most of the world. While some nations have one or two aircraft carriers, we have a dozen. Do we really need to have the combined military strength of most of the world, or does something smaller still provide us adequate security?
I’m sure that there are many other questions that need answers, or at least a strategy. I do not like the idea of just cutting the defense budget without thinking through the strategy first. What is our military for? What are the threats that we want to protect against? What are we going to stop doing? What constitutes a threat to our national security?
Let’s do something rare in Washington, let’s have an open discussion and debate on what our National Security Strategy should be. Let’s not hide this from the public, let’s avoid bumper sticker philosophy, and let’s put some real thought into this. This is one of the areas that both Democrats and Republicans can agree with. They both want to be “tough on defense”, and if we can agree on a strategy, then we can cut the defense budget and still meet our defense requirements.
We can do this. We must do this. I wish I could have some confidence in this, but recently our political leadership have made it a priority to make political points through disagreement instead of political points by solving America’s problems. I do hope that they can grow up and be the leaders that we need them to be.
Did NK buy Nuke Tech from Pak?
Published July 9, 2011 | I don’t know. I guess that about sums up the argument. There are reports now that Pakistan nuclear scientist (AK in particular) are claiming that North Korea paid Pakistan for nuclear weapons technology. This is not surprising and has been openly speculated on for years. This is simply a possible (and un-collaborated) confirmation of that concern.
The scariest part about this is that any nation would be willing to sell nuclear weapons technologies at any price. How much is world peace worth? Once the technology spreads, there is no way to prevent the use of the weapons. I have to wonder if the officials in Pakistan through this through…. was the money worth having a nuclear armed North Korea? I bet South Korea doesn’t think so.
Nuclear weapons technology is spreading, and the cat is out of the bag, the genie out of the bottle, and so on. While it makes sense to continue to try to keep the nuclear club membership to a minimum, it should be expected that the membership will grow. North Korea, given enough time was bound to have nuclear weapons. The physics are just too understandable, and if we did it in WWII, there is no reason to think that smart people around the world are suddenly more stupid that we were in the 1940’s. Our politics will have to accept that, and adopt to alternative strategies (as much as I’d rather North Korea to not have nuclear weapons).
But why Pakistan? Why would you sell your soul and potentially put millions of people at risk for a quick buck? Did you think you could keep this a secret forever? Was the individuals that made the deal completely focused on the here and now, and not looking out for Pakistan’s future? I can understand the US giving Stinger missiles to the Afghanistan for use against the Russians. The worse possible case is that several hundren airlines get shot down at the cost of several thousands of lives (assumes that every Stinger given is used on a civilian airliner, and that they work). Now, they are built with a special battery that dies over time, which is the closest thing to a way of remotely disabling them. Nuclear bombs don’t have such features, and now we live with a nuclear armed crazy leader Dearest Kim.
I don’t know what if any fallout this will have for Pakistan. Our reliance on them in our “Global War on Terror” will make it hard to punish them in any meaningful way. However, my solution to that is to quickly pull out of Afghanistan and Pakistan, and let the cards fall were they may. Without Afghanistan, there is no reason to continue to prop up Pakistan.
While I doubt the Whitehouse will take foreign policy cues from me, I have to hope that somewhere deep in Pakistan, they are now wondering what the fall out may be when the next nuclear customer’s name gets out.