Homeland Security Watch

Earlier this month we asked readers to identify what they considered to be the top homeland security story of 2009.  We asked for something they thought significantly shaped homeland security during the year.

Here (lightly edited) are the top entries.  The winner of the $33.62 Amazon gift certificate will be announced at the end of this post (so you can skip ahead if waiting is too stressful).

H1N1

The top story of 2009 is the H1N1 Flu and the reaction at all levels government to prepare for and combat the spread of the virus.  Lacking a single catastrophic event or a clear cut prevention of the same, my measure for determining the importance of an issue isn’t the immediate impact of the incident but what it tells us about our ability to prevent or respond to a catastrophic event.

The H1NI virus gave us the opportunity this year to examine our capabilities as they relate to biological attacks or pandemics.  On many levels we succeeded, some examples of these successes include:
·         The early identification of the virus in Mexico and the subsequent risk communication about the virus, including messaging to properly name the virus.
·         The actions to increase anti-viral production and the successful use of Tami-Flu.
·         The ability of state and local governments to implement and deliver vaccinations.
·         The ability of local government to develop vaccine prioritization plans and implement the same without significant public push back.

Prior to the outbreak, the status of these capabilities were in question.  Since the outbreak, at the very least, we have now practiced these capabilities and been able to test plans and identify specific gaps.  In a sense – what doesn’t kill us, makes us stronger.

Homegrown Terrorists

I think the top Homeland Security story of 2009 was the continuing concern over homegrown terrorism. It began with the FBI’s revelation, in February 2009, of Shirwa Ahmed as the first USA citizen to carry out a suicide bombing. This revelation led to a series of stories about the radicalization of Somali youth in Minneapolis and Seattle, and finally to the current homeland security concern over the “homegrown” terrorist.

As we look back on 2009 the Amhed story was just the first of many. He was soon followed by Najibullah Zazi, Major Nidal Hasan, David Headley and Tahawwur Hussain Rana from Chicago, and Ehsanul Islam Sadequee and Syed Haris Ahmed, recently sentenced in Atlanta.

The list continues with Brooklyn-born Betim Kaziu who was charged with attempting to join a Pakistani-based Al Qaeda affiliate in hopes of killing U.S. troops; Michael Finton, a 29-year-old Illinois man who idolized American Taliban John Walker Lindh, and was arrested on charges of plotting to bomb a federal courthouse; Long Islander Bryant Neal Vinas who was arrested in July for allegedly training with Al Qaeda in Pakistan, joining rocket attacks on U.S. forces and giving “expert advice” on the subways and Long Island Rail Road. Finally, the recent arrest of five American men in Pakistan on suspicion of trying to join militant Islamist groups triggered significant concern about whether the United States has become complacent about homegrown terrorism.

Help Wanted: U.S. Citizens with Passports Looking for Adventure

Recently the nation received welcome news that the U.S. trade deficit has steadily declined over the past few months. This is due in part to a rise in export of U.S. goods and services. One service that is increasingly being offered is the export of long-standing legal residents and U.S. citizens wishing to undertake terrorism related training and join the global jihad against the west.

A disturbing trend occurred in 2009 that highlights the “fight them over there so we don’t have to fight them here” mentality of the previous eight years. While we were focused on keeping the bad guys away from our shores and out of the country, it appears that a trend was developing internal to the U.S. whereby self or technology-assisted radicalized citizens were venturing overseas to receive terrorism related training and undertake operations. Such activity has the potential to place our desire for a more perfect union at risk. Aside from the direct threat these individuals pose to U.S. global security interests, specifically possessing an ability to travel undetected back to the homeland to do harm, one might wonder what the federal response to this trend might be.

In 2010, will we see further encroachment on U.S. privacy and civil liberty protections by intelligence and law enforcement agencies undertaking increased domestic surveillance in hopes of reducing the exportation of this highly sought after service?

AfPak

The top “international breaking news” in homeland security for 2009: A renewed consensus by powerbrokers in both the US and amongst its principal allies to mitigate the terrorist threat in the Afghanistan/Pakistan region (known as AfPak). Whether this proves to be efficacious or not, the investment of effort, treasures, and lives will frame our counter-terrorist policy for years ahead.

Some Failures

Failure to improve federal efforts on cyber security.

Failure of Congress to assist in improving Executive Branch efforts on Homeland Security by failure to organize itself properly.

Continued failure to produce adequate linguists for the military, State Department, USAID, DOD generally, DHS, the FBI and of course the INTEL community.

Failure to adopt rumor control mechanisms to deal with rumor spread by new social media in various crisis scenarios.

Someone Who Gets It

Having finally heard several presentations by FEMA’s new Administrator Craig Fugate, I think he gets “It” and that is a big success. It perhaps tops my list. Unfortunately, he will have to succeed in spite of the system, not because the system supports his intiatives. Now of course, unfortunately, the real litmus test is can he and FEMA deliver in a castrophic situation with wide-scale geographic impacts.

The Dawn of Authenticity

The top “emerging trend” in homeland security for 2009: The critical and commercial success of Rebecca Solnit’s A Paradise Built in Hell, combined with Elinor Ostrom sharing the Nobel Prize for Economics for her work in polycentrism suggests renewed confidence in the competence of local governance and “informal” mechanisms of governance. Investment in authentic and meaningful local leadership would, overtime, transform homeland security.

And the winner is…

The winning entry –  as determined by an anonymous member of the Foreign Intelligence Surveillance Court — is “H1N1,” submitted by Washington D.C. Fire and EMS Battalion Chief John Donnelly.

(I asked the judge why that entry won, but he/she would only comment that the entry spoke for itself.)

John’s gift certificate is, as they say, in the mail.

Thanks to all who took the time to write something.

And while I’m at it, we (Jessica, Mark and I) know you have the choice of many blogs to look at.  (The best estimate I could find is since 2003 an estimated 150 million blogs have been created; about 175,000 new ones are started every day. Every second somewhere in the world, eighteen people post something to a blog.  And that doesn’t even include William Cummin’s posts.)

So thank you for stopping by and, on occasion, contributing to the conversation.

May you and your loved ones — including the people whose ideas you disagree with — have a safe and secure 2010.

“Politically correct” means constraining the way one behaves or uses language because one is afraid to violate powerful orthodoxies.

President Obama has officially declared that “a systemic failure has occurred,” and he considers it to be “…totally unacceptable.”

Obviously, when a system fails in a technologically advanced society, the only politically correct thing to do is fix it.

One fixes system failures by identifying the offending elements and replacing them with elements that are not going to fail.

It is irrational to do anything other than that.

But what if this was not (except with hindsight) a preventable systemic failure?  What if it is in the nature of complex systems to “self organize” and every now and then  just fail?

On this point, see “Complexity, contingency, and criticality,” by Bak and Pakzuski (originators of the sandpile avalanche metaphor — i.e., “for a wide variety of phenomena, there are no deep underlying causes, just an accumulation of tiny accidents.”).

Less technical treatments of the idea can be found in Charles Perrow’s , “Normal Accidents: Living with High-Risk Technologies;” Mark Buchanan’s “Ubiquity: Why Catastrophes Happen;” or Joshua Cooper Ramo’s, The Age of the Unthinkable: Why the New World Disorder Constantly Surprises Us And What We Can Do About It.”

If you have time for only one of these, I’d recommend Buchanan’s book, Ubiquity.  Here is an excerpt from Edward Skidelsky’s review of Ubiquity:

Applied to history, this theory suggests that … [significant events] demand no explanation beyond a narration of the precise chain of events that compose them. In the sand pile, it is impossible to specify the cause of a huge avalanche other than by tracing its exact progress right back to the original grain that triggered it all off. There are no “laws of avalanches” distinct from the laws governing the movement of the individual grains. And any grain … can, if it falls at the right time and place, start an avalanche. The only way to understand the history of the sand pile is to recount it; old-fashioned narrative history turns out to be the most scientific of all.

The vision of history that emerges from Ubiquity is tragic. It is the vision of the Iliad. History stands permanently poised on the brink of catastrophe; the abduction of one woman can lead to the destruction of cities. Instability is an inalienable feature of human life. We flatter ourselves that we have overcome it through the development of rules and institutions, not realising that those very rules and institutions are equally subject to its depredations…. [my emphasis]

———————–

From the  perspective of “self organized criticality,” what has been termed “system failure” is not always a problem that can be fixed.  Sometimes it’s a terrain feature one has to adapt to.

It may be politically correct to use the “fix it and move on” language.  But defaulting to such correctness may constrain useful thinking about alternatives.

[Mark Chubb's very thoughtful piece earlier today illustrates such alternative thinking.]

Resilience is premised on the idea that sometimes bad stuff happens.  And when it does, you get back up.

One does not encourage resilience by placing blind faith in the perfectibility of complex systems — particularly systems whose complexity is generated by people and technology.  One’s faith is better placed in the knowledge that complex systems will fail, so what happens when they do?

Questions like that outline a path toward resilience.

———————–

Here’s an image of the TSA system emerging orthodoxy says “failed:”

Maybe political correctness demands there should be more or better pieces, or sub-pieces, or links, or procedures added to the complexity of the 20 layers and the unfathomable environment that surrounds those layers.

But you will note that “Passengers” are part of the current system.

As Mark notes, Flight 253 did land safely. Abdulmutallab failed.

Some element in the homeland security enterprise ought to get credit for the success.  The passengers did not sit quietly and wait for the bomber to try again amidst the smoke and smell.  They acted.

It is trite to say, but homeland security, including aviation security, is not simply the government’s job.  It is everyone’s responsibility — not in theory, but in fact.

It is politically incorrect to think otherwise.

It looks like I spoke too soon by posting my Top 10 for 2009 last week.  Just when you think it’s safe to get back in the skies somebody tries to blow up an airplane with an underwear bomb. (I will avoid the small but obvious temptation to employ sophomoric, prepubescent potty humor here.)

In an effort to underscore the seriousness with which the threat is taken, President Obama yesterday cited “human and systemic failures,” which he termed “totally unacceptable” for allowing Umar Farouk Abdulmutallab to board a Northwest Airlines flight from Amsterdam to Detroit. His failed attempt to initiate an explosive device as the flight approached its destination occurred despite apparent warnings that al Qaeda radicals in Yemen were preparing a Nigerian operative for an attack and a nearly simultaneous warning from the young man’s father that his devout son had fallen off the grid and might be a risk to the United States.

The revelation that the United States government, possibly even two stations in the same intelligence service, had in its possession the information with which to identify and interdict a terrorist target before he could act has been taken as the intelligence equivalent to the binary explosive device that Mr. Abdulmutallab sought unsuccessfully to detonate. Like the alleged terrorist, the intelligence community’s technology failed to operate as intended.

Neither event should come as much of a surprise. Perpetrating a terrorist attack on an airliner remains a very complex undertaking, which has no doubt become more complicated due to the measures taken by the United States and its allies since 9/11. Assembling and actuating an improvised explosive device remains a complex and risky undertaking for those handling it, especially when it must be designed and deployed in a fashion that renders it both difficult to detect and under the deliberate control of an operative. A device of the type employed in this instance is difficult, if not impractical to test beforehand.

Soon after the attack, we learned that Mr. Abdulmutallab had come to the attention of officials at the U.S. embassy in Abuja, Nigeria after his father expressed concern his son had been radicalized. This understandably rare approach from a distressed parent raised appropriate alarm bells, but was not in and of itself sufficient cause to consider Mr. Abdulmutallab a full-fledged terrorist.

This morning we learned more about the information that might have led President Obama to characterize intelligence failures in such stark terms.  News reports indicate that intelligence services monitoring communications in Yemen intercepted an exchange indicating that an unidentified Nigerian operative was prepared for deployment. In hindsight, it seems clear that these two pieces of information are related. But combining them, like actuating the explosives Mr. Abdulmutallab carried, is harder to do than it seems.

In addition to the President’s statement yesterday, we learned a bit more about the alleged bomber himself from what appear to be his own posts to an Islamic chat room on the internet. While these musings help paint a picture of a lonely, troubled young man struggling with his identity, purpose, and relationships, these writings do not suggest anything more serious than the sorts of emotional difficulties that face many young men as they reach adulthood. Taken in the context of his activities at the time, rather than our knowledge of the present circumstances, they seem rather constructive even reasonable attempts to seek stability and direction.

That Mr. Abdulmutallab found stability and purpose, despite education and advantage, in associating with terrorists understandably troubles us. But it also suggests we should not look for easy answers lest we fall prey to the same sort of misfortune Mr. Abdulmutallab himself now faces (or would have, for that matter, had he succeeded in his designs).

By definition, a systemic failure occurs when multiple, independent structural deficiencies conspire to permit the occurrence of an unwanted or unintended consequence, which would otherwise have been avoided had any single deficiency not existed. While we examine the multiple missed opportunities that allowed Mr. Abdulmutallab to come so close to bringing down Northwest flight 253, we should not overlook the fact that his attempt ultimately failed.

In our efforts to outdo ourselves and improve the performance of the aviation security and intelligence processes associated with this incident, we must remain mindful that success has its own perils. Like Mr. Abdulmutallab we may either become entangled in our own plot or have to destroy ourselves to succeed in any meaningful way.

All that we have to do is to send two mujahidin to the furthest point east to raise a piece of cloth on which is written al-Qaida, in order to make the generals race there to cause America to suffer human, economic, and political losses without their achieving for it anything of note other than some benefits for their private companies….

So we are continuing this policy in bleeding America to the point of bankruptcy. Allah willing, and nothing is too great for Allah.

bin Laden spoke those words in 2004.

Now, instead of two mujahidin (literally, “those who struggle”), al Qaeda apparently has cut back to one.  In this instance, Umar Farouk Abdulmutallab.

While it is probably too early to give him his terrorism name, current betting is that he will become the Underwear Bomber.  He will take his place alongside Richard Reed, The Shoe Bomber, and the lesser known Abdullah Hassan Taleh al-Asiri, the anal orifice bomber.

How will the nation react to this latest example of the Brighton Rule – enunciated after the IRA’s failed effort to kill Margaret Thatcher  in 1984:  ”Today we were unlucky, but remember we only have to be lucky once. You will have to be lucky always.”

Are we going to run to and fro with hair a blazing, holding hearings, making charges and counter charges, creating more rules about events that are demonstrably unlikely to happen?

As Bruce Schneier told Wired’s Noah Shachtman, we think if we focus “… on what the terrorists happened to do last time, … [magically] we’ll all be safe. As if they won’t think of something else.” [Thanks for the lead, Mark]

Or can we use Abdulmutallab’s inept attack on Northwest Flight Flight 253 as an opportunity to give the lie to bin Laden’s claim that all he has to do is have someone whisper “Boo,” and then watch us spend our way to defeat?

Terrorism prevention is not just about preventing incidents from happening.  It is also about preventing our people and our government from overreacting to terrorist incidents.

How are we doing so far?

Obama Ends Silence With Stern Warning, reads the Wall Street Journal’s passive aggressive headline:

President Barack Obama, under fire from Republicans for keeping too silent on the attempted Christmas bombing of a U.S. jetliner, took a break from his Hawaiian vacation Monday to assure Americans that he was working to keep them safe….

Safety Gaps Revealed, a New Surge in Security, sniffs the New York Times

WASHINGTON — Airline passengers are now increasingly being patted down, and carry-ons are being double-checked since a self-proclaimed terrorist tried to bring down a passenger jet headed to Detroit on Christmas Day. Canine teams are out in force, sniffing for explosives…

These terrorist jerks are not going away. Some analysts even see Al Qaeda as a minor league version of what’s to come.  Phillip Bobbitt, in the difficult — but worth reading —  Terror and Consent, believes that “Time will bring forth new and more lethal terrorist groups long after al Qaeda is defeated.”

Reed, al-Asiri, and Abdulmutallab’s R&D efforts have each come a little closer to getting it “right.”  There is little reason to believe the attempts will stop with them.

Some future attacks in the US are going to succeed in killing Americans.  When that happens, it ought not automatically mean the homeland security enterprise has failed.  Not unless the criterion for success is Zero Attacks, Zero injuries, or Zero deaths.  Our nation is resilient enough to accept tens of thousands of traffic deaths and homicides each year.  Surely resilience in homeland security ought also to incorporate an ability to be attacked without surrendering our willingness to take risks.

Winston Churchill wrote, “War is very cruel.  It goes on for so long.”

There is no end point to homeland security and the terrorism wars.  We are not building a machine to produce security.  We are growing a continuously evolving understanding of how to be American in the uncertainties of the 21st Century.

This week, that evolution is highlighting the prevention of terrorism.  Terms like response, recovery, mitigation, preparedness and the other vocabulary that has shaped much homeland security conversations since Katrina are strangely absent. Almost as if their referents – as substantial and significant as they are — rest elsewhere.

People who lead this country and who shape opinions have a choice.  They can act unthinkingly, like the smirking man in the cave expects. Or they can remember why we started this homeland security enterprise in the first place: to prevent terrorism, including choosing not to act like children frightened by a loud noise.

Going through airport security on Christmas afternoon, I noticed signs of additional security. Whispering among Transportation Security Administration (TSA) officials  regarding increased random pat-downs of travelers.  More carry-on baggage being re-screened and searched by hand.  I had not yet heard the news out of Detroit but knew enough from experience that something was up. Upon boarding the plane, individual television screens at each seat were carrying DIRECTV and CNN.  One woman a few rows behind me decided she did not want to fly to D.C. after all and de-boarded the plane.

Throughout the flight, I was glued to the screen, watching CNN and other news channels beaming in experts via telephone and video feed talking about the attack. Few facts were clear though everyone who appeared or spoke seemed to have some thought on whether there was blame to be had, whether the event was preventable, and what this meant for security. Two days later, facts are still being compiled and the blame game appears to be escalating as, unfortunately, politics rears its ugly head in DC.

As we continue to hear more about the incident and the response, here are a few observations:

This Should Not Be A Democrat or Republican Issue:  Post-incident, there appears to be an increase in rhetoric in the politicians and talking heads blaming the Obama Administration for “downplaying” terrorism.  Others have pointed that the failures, if any, of watchlists and no-fly lists date back to the Bush Administration.  It is safe to say that the brave passengers on Northwest Flight 253 on Christmas were likely of various political stripes and probably counted among themselves supporters and detractors of both Administrations.  It has been said time and time again – homeland security is not a Democrat or Republican issue.  With regards to the current incident,  tragedy was averted because of the diligence of the passengers and crew of 253 and they were part of the homeland security system that was built over the past eight years. Whether other parts of the system need reinforcement, improvement, or revamping should be reviewed but should be done so in a constructive manner designed to strengthen security and not place blame.

The Investigation is Ongoing and the Facts As Reported, Even By “Authorities,” May Not Be Right: One thing I have noticed over the last several days – the facts keep evolving as the news evolves.  This is, in part, due to the “breaking news” nature of our news cycles that rely on “authorities,” “eyewitnesses,” and “experts” to dissect situations.  One thing is clear – the investigation into the incident is ongoing and some facts will not and should not be made public to allow the investigators and prosecutors to do their jobs.  Also, the reasoning for some increased security efforts may be classified and should be kept so to protect both the sources and methods by which the intelligence agencies gather information.  For the public, this means we need an increased awareness as we sift through the available information and a dose of reality to recognize that talking heads are not necessarily in the know on the most sensitive facts.

The Watchlist System Needs Improvement: During my time on the House Homeland Security Committee, we held numerous hearings and briefings on the terrorist watchlist system  and its databases.  What has come to light in the past few days is the complexity of the system.  A parent reporting that his son is becoming radicalized may result in an open file and an entry into the 550,000 + Terrorist Identities Datamart Environment  but what elevates that person to the next level so he is on a “no fly” or “selectee” list or otherwise identified to international, federal, state and local officials as a threat?  At the same time, how can the list be designed so that the innocent are not wrongly flagged and kept from travelling? (We’ve all heard the horror stories of neighbors, politicians, and even children being wrongly flagged because their names are similar to individuals on the list).  President Obama’s order this past weekend to review the databases is the right move.  The solution, however, will not be an easy one.

Technology Improvement and Implementation: It was reported that international flights into the U.S. were delayed by at least an hour due to increased security after Friday’s incident.  In addition to noting the problems with the watchlist system, a number of commentators have discussed the need to use detection equipment at checkpoints and the privacy concerns that accompany their use.  In particular, body-scanning machines – x-ray backscatter and millimeter wave screening – are being pointed to as technologies that could assist in efforts to quickly, efficiently, and accurately screen passengers.  The technologies have met resistance due to privacy concerns.  Back in October, I wrote The Right to Be Left Alone, which noted that the technology had undergone a Privacy Impact Assessment by the DHS Privacy Office and had been found to have sufficient privacy protections in place.  If we are to meet evolving terrorism threats, we need evolving technologies that have proven privacy benefits and protections.

TSA Needs its Administrator ASAP: TSA’s nominated Administrator, Erroll Southers, is in limbo in the Senate, his nomination held up by Sen. Jim DeMint (R-SC) over whether or not Southers plans to support the unionization of TSA screeners.  Few questions, if any, have been raised about Southers’ qualifications or the merit of his nomination.   He would join TSA from the Los Angeles World Airports Police Department, where he served as the Assistant Chief for Homeland Security and Intelligence.  He also has held positions as the Deputy Director of the State of California, a local police officer, and a Special Agent of the Federal Bureau of Investigation.  Friday’s incident makes it very clear that TSA needs permanent leadership now to ensure that the agency is doing all it can for passenger security. Now is not the time for holding Southers’ nomination up over an administrative policy issue.  One of the first actions that the Senate should take up upon its return is to move on Southers’ nomination.

As more information comes to light in the next few days, there may be additional observations to be made.  As a closing note, is heartening to note DHS and TSA, along with federal agencies, responded quickly to the Christmas day incident.  New security measures and procedures were implemented with little disruption (other than expected delays).   Secretary Napolitano and TSA encouraged Americans to “continue their planned holiday travel.”  We were encouraged to be diligent but not fearful.   That, in and of itself, shows how homeland security has evolved and how segments of the system are working.   Expect other parts to undergo extensive review in the coming weeks and months.

188 law enforcement officers have been killed in 2009.

87 fire fighters lost their lives in 2009

At least 17 emergency medical service personnel were also killed in the line of duty this year.

I don’t know how many other people who provide the public’s safety died during 2009.

Any are too many.

————————————————————————————–

Twenty years ago,  Mrs. Dolly Craig of Philadelphia, PA, wrote a letter to an organization called Concerns of Police Survivors.

According to the Washington D.C. chapter of Concerns of Police Survivors, Mrs Craig wrote that she’d

… be putting blue lights in her window that holiday season to remember her son-in-law, Danny Gleason, who was killed in the line of duty in 1986, and her daughter Pam, Danny’s widow, who was killed in an auto accident earlier that year. She thought others might like to share her idea. Dolly’s idea is now her legacy. We shared it with others, and nationwide thousands of blue lights shine in support of law enforcement during the holidays.

————————————————————————————–

The color blue is a symbol of peace. Put blue lights in your window, decorate your tree in blue, trim the outside of your home or the police station in blue lights. Let our blue lights shine in support of law enforcement this season.You will be sending a dual message that you support America’s peacekeepers and that you hope the coming year will be a year of peace.

I am sure you have noticed a decided departure from the usual gloom and doom in this week’s contributions to HLSwatch.com. Even when they seem otherwise inappropriate in the circumstances, laughter and humor serve as powerful analgesics. If only they could inoculate us from pain altogether!

As we prepare to close the books on a spectacularly dour year, it’s worth noting that plenty of things have happened, which in retrospect, should have made us laugh if only to keep us from crying. Here’s my Top 10 list, with apologies to David Letterman:

10. Tareq and Michaele Salahi tested the White House policy of openness by inviting themselves to a state dinner in honor of Indian Prime Minister Manmohan Singh, which once again proved it’s not what you know that’s important, it’s how desperate you are to get your own reality television show.

9.  In a spectacular demonstration of democracy-in-action, the Afghan people held an election the likes of which made people in Chicago and Florida proud of our country’s efforts there. Meanwhile, in a display of grassroots activism reminiscent of Tiananmen Square, the people of the Islamic Republic of Iran displayed the kind of technological savvy usually reserved for voting for American Idol finalists or regaling friends with news about what you’re having for dinner to muster a succession of impressive flashmobs that displayed their general displeasure with the outcome of the election that returned Mahmoud Ahmadinejad to power there.

8.  Delegates from more than 190 nations met in Copenhagen to forge a global agreement curbing human activities that contribute to climate change; in the end, their success was marked by a communiqué outlining their commitments to offset the carbon emissions from their lengthy discussions by producing a succinct and largely unimpressive agreement the printing of which will produce virtually no impact on the world’s forests.

7.  In an act of irony (absent the taint of cynicism, but nevertheless displaying a deep sense of humility), the likes of which would have made Gen. Curtis “Peace Is Our Profession” LeMay either immensely proud or insanely jealous, Commander-in-Chief Barack Obama accepted the Nobel Peace Prize in Oslo, Norway just days after committing tens of thousands more American troops to the war in Afghanistan.

6.  American forces, largely through the successful deployment of Predator and Reaper drones, managed to kill several top al Qaeda and Afghan Taliban operatives despite a startling security deficiency that broadcast unencrypted footage of their surveillance and targeting activities along with hundreds of Three’s Company, Baywatch, and Knight Rider reruns to anyone on the ground with a YouTube or Hulu account.

5.  Amidst speculation about a potential succession crisis and rising tensions surrounding his hermitic country’s nuclear ambitions, North Korea’s Dear Leader Kim Jong-il dispelled any lingering concern that poor health would keep him from rattling nuclear sabers and unsettling western nerves for another year by engaging in frenetic whirlwind of activity that led some observers to wonder aloud whether he was maneuvering to replace Paula Abdul as the third judge on American Idol.

4.  As the world looked on with a mixture of apprehension and apathy, the World Health Organization declared the outbreak of H1N1 influenza first detected in Mexico in March a worldwide pandemic; as millions fell ill and thousands died, the United Nations demonstrated once again its profound ability to reflect a sense of urgency by drawing attention to a problem without really solving it, which called to mind both its past efforts to stop the spread of other deadly illnesses such as malaria and polio and seemed to indicate the sort of success its sister UN agencies would produce during the Copenhagen climate summit.

3.  The arrests of three people in Denver, Colorado and New York on charges of plotting attacks against targets in New York City; seven men in North Carolina said to have sought training at terrorist camps in Pakistan and Afghanistan; the unsealing of indictments against eight people in Minneapolis, Minnesota linked to the disappearances of Somali youth thought to have been recruited to fight in the civil war there and the attack at Fort Hood’s soldier readiness center attributed to Major Malik Nadal Hasan that left 13 soldiers dead stoked fears of homegrown terrorism. However, with the Obama Administration working feverishly to close the detention facility at the Guantanamo Bay naval station, it’s more likely that these budding reality show superstars will play feature roles in a new television drama just entering pre-production called Survivor: Thomson, Illinois (aka Guantanamo North).

2.  President Obama with the help of Congress and the Federal Reserve mounted a seemingly successful last-ditch effort to stave off a Chernobyl-like meltdown of the world economy by pumping more $1.6 trillion dollars into the economy; the $787 billion American Recovery and Reinvestment Act of 2009 saved or added an estimated 600-700,000 jobs to the economy this year alone while leaving more than 15 million Americans unemployed, another 9 million underemployed, and upwards of 2 million marginally employed.  As the official unemployment rate leveled off at 10 percent and the economy started growing again at a rate of 2.2 percent per annum, people opened their wallets and handed over what little cash or credit they had; what had in other years had been described as an orgy of spending ended up looking more like a sordid ménage à trois in some seedy motel that rents rooms by the hour.

1.  In a test of our ability to look closely and deeply at ourselves, warts and all, the nation’s gaze remained firmly focused as the year came to a close on the actions of an infidel and his self-professed but as yet unconfirmed infidel-ities. In what some reports have described as an impressive use of long irons, Mr. Woods’ estranged wife Elin Nordegren made short work of Tiger as he beat a hasty retreat from the family home in a gated Florida community after being confronted about his alleged nocturnal wanderings while on tour. After witnessing her impressive use of both soft and (mostly) hard power, administration officials have started making discrete inquiries into whether Ms. Nordegren is available to advise special forces operators hunting Osama bin Laden and his compatriots in the lawless Af-Pak border region.

Here’s hoping 2010 gives us more to laugh at. If not, we have no one to blame but ourselves. While we’re waiting, please take a moment to share something that made you laugh this past year or tell us what would make you particularly happy in the year ahead.

A colleague brought HR 8791 (The Homeland Terrorism Preparedness Bill) to my attention last week.

Although the legislation was in play last year, much of the proposal still remains classified so as not to tip off state, local, tribal, private sector, or other stakeholders about the proposed federal response to [redacted].

However, thanks to America’s finest news source – The Onion – additional details about the proposed legislation are available.

You can watch the video of Representative John Haller, from Pennsylvania’s 12th District, outlining the bill to Congress by clicking on the picture below.  If you have trouble viewing the video, you can read Congressman Haller’s remarks, reprinted at the end of this post.

———————————

Preliminary transcript of Representative Haller’s occasionally redacted remarks:

———————————

[By the way, Happy Day-After-the-Winter-Solstice, if that's one of the holidays you celebrate.]

On December 16th, Department of Homeland Security Secretary Janet Napolitano gave remarks highlighting DHS’ Major Accomplishments in 2009.  Below is a very liberal summary/interpretation of the speech.  Have a great holiday. = JRHF

‘Twas the week before Christmas, when all through the House
Not a person was stirring, not even a spouse.
The recess was called by Pelosi with care,
In hopes that Denmark would be quick by the air.

The Senate was huddled and focused on meds
As visions of health care danced in their heads.
“Yes” Nelson was voting, the bill was a wrap
As the Hill buckled down for a cold winter snap.

When away from the Floor there arose such a clatter,
All sprang to their desks to see what was the matter.
As they got on the Net, they just could not wait,
Flipped over to Facebook to see the updates.

YouTube showed the mall with tourists all aglow
They were walking and talking of sites to forego
When, what to their wondering eyes should appear,
But some Secret agents, with a piece in each ear,

With a new Secretary, so smart and intent.
I knew in a moment it must be Janet.
She was not by herself, her deputies came,
And she laughed and smiled as she called them by name:

Here’s Heyman! Here’s O’Toole, Here’s Fugate, and Morton!
See Allen, See Wiggins, see Rand Beers and Bersin!
Here we come from the NAC! To the top of St. E’s!
Now what a year! What a year! Don’t you agree?

As spring led to summer and hurricane season
DHS met obstacles with toughness and reason,
So up to the White House, the change has been coming
And homeland security is one thing that’s humming.”

She started explaining, for all the viewers
“The letters and hearings of our reviewers
Kept us all on our toes, on the Hill at all hours
We were wishing one Committee had all the powers.”

She was dressed all in pink, from her head to her foot,
And to her side was her second, Jane Hall Lute.
A binder of notes sat in front of the two
And we all just kept watching, until they were through.

The speech – how we twittered! Keeping up was a fright…
As she noted and quoted each thing DHS did right
She spoke of the year, and how things turned around,
“With “one DHS” we did build something sound…

We are strong and focused, from FEMA to border,
All in our efforts to keep civil order.”
She spoke of the progress, and what lies ahead,
Not a program’s merits was left unsaid.

“Progress- what success! Confront and defeat!
Securing the border is not a small feat!
Fusion centers improve information flow
Keeping states and localities in the know!

H1N1 we tackled with rapid response;
In the Gulf, I saw rebirth and a renaissance;
We started WHTI at ports of entry,
And of course, lets not forget Global Entry.

We took on the Drug Cartels down in Mexico,
Seized up the guns, the cash and the blow!”
A wink of her eye as she spoke of how hard
CIS has been working to distribute green cards.

Her words let me know I had nothing to dread;
As she spoke a little more about how DHS had led.
“The Coast Guard excelled at their missions,
But I must say – what to do with acquisitions?”

Her speech ended with the note “success belongs to us,
And I promise you that there will soon be more to assess.”
And I heard her exclaim, as she walked out of sight,
“Happy Christmas to all, and to all a good-night.”

Deirdre Walker — who has posted before (here and here), is today’s guest author:

———————————————————

I recently offered a pair of blog articles that documented my travels through TSA security checkpoints.   In those articles, I attempted to first provide a reasonably accurate recitation of events.  I then outlined the concerns I have as a result of those events, and provided some historical, professional and social context for those concerns.  I have been amazed at the quality, thoughtfulness and substance of many of the replies that have been posted in response.

Unfortunately, all of this pales when compared to the recent posting on the Internet of the TSA Operations Manual.

Today, I googled the term ‘TSA Operations Manual’ and got  74,900 hits in .11 seconds.   The secret SOP genie is finally out of the bottle and is merrily flying around the Internet while curious folks like me are pointing, waving and effectively taking pictures.  I completed a cursory review of the manual in an attempt to ascertain whether answers to questions asked by me and by other travelers were accurate.  I have come, begrudgingly,  to the short-term conclusion that many TSA screeners are prolific prevaricators or, more likely, have a highly compromised command of TSA Operations Policy.   This leads me to overlapping areas of even greater concern: accountability and opportunity.

In my first post on Homeland Security Watch, I suggested that we, the traveling public, are responsible for the screening processes that we subject ourselves to whenever we choose to fly.  These processes, I argued, unfold in both an inconsistent and haphazard manner, as opposed to an “unpredictable in order to be hard to defeat” manner.  I wrote that by sleep walking through security check points with blind trust in the TSA’s ability to keep us safe, we have reaped what we have sown with our passivity.  I indicated that I intend to challenge TSA when opportunity presents, which in my experience has been most frequently represented by my tendency to get selected for “random” (which it is not) secondary screening (which is flawed and inconsistent).

Now, I find myself having to roust myself from the temporary comfort of knowing that “someone,” (or five someones, in this case) is being held accountable for the failed redaction and ultimate Internet release of the TSA Ops Manual.  In my past experience as a police officer, I have both observed and been accused of engaging in an organizational response that is presented as accountability, but is more readily refered to as ‘scapegoating’.

Since we now know that five employees of TSA have been placed on administrative leave pending an investigation into the release of this supposed “secret” document, perhaps the time is right to challenge ourselves, TSA officials and those with oversight responsibility to be wary of the difference between accountability and scapegoating.  I offer a five point sketch of those differences, especially as they regard leadership, consistency, fairness, clarity and justice.

1-  Is agency leadership being held to the same degree of accountability as the individuals who are currently on leave, pending investigation? Currently, there is no way to know the answer to that question due to necessary protections being provided to the affected personnel.  While it is easy to succumb to the appeal of the voices singing for heads on platters, it is important to keep in mind that the affected employees may be innocent of any transgression (indeed, maybe not) and their privacy must be protected in order that a fair determination can be made.   Eventually, we will need to know the outcome and consequences of this review to first, rest assured that manure can and will roll up the chain of command as effectively as it rolls down.   Second, we need to be certain that when it comes to the potential dismissal of employees, other, less altruistic agendas are not at work.

2-Are the affected employees being treated in a manner that is consistent with similar past transgressions and that considers their overall work record? Some will argue that heads must roll, and quickly,  for this screw-up.  Ordinarily, I might agree.  But there are two problem with this swift response mode.  First, I have observed that pressure to demonstrate to the public that swift action is being taken frequently leads to flawed decisions.  There is often an incongruent relationship between swift and accurate.  Second, consider that TSA is an agency that has been oozing hubris for a number of years now.  I believe that sufficient evidence is available to indicate that the operations manual release is symptomatic of a far larger problem, or series of problems, which have been continuing fodder for many a critical blog entry and media article.

3- Are the affected employees enjoying the protections that can and must be offered to federal employees subject to administrative investigations? Keep in mind that there has been no mention of a criminal investigation into this matter.  This is an administrative matter, but the potential consequences to the affected employees are significant.  Tossing a few GS -14 or 15 heads to Congress may satiate the dogs and render them sluggish.  We need to be keenly aware of the potential exercise of diversionary discipline and stay hungry for information and evidence of commitment to organizational improvement.

4-Were the processes governing the handling of the TSA Operations manual clear and consistent? Section I.4.B of the manual indicates that the released document is identified SSI, or sensitive security information, in accordance with 49 CFR 1520.  This section of the law indicates that SSI regulations only apply to “covered persons,” to wit:

Covered person means any organization, entity, individual, or other person described in §1520.7. In the case of an individual, covered person includes any individual applying for employment in a position that would be a covered person, or in training for such a position, regardless of whether that individual is receiving a wage, salary, or other form of payment. Covered person includes a person applying for certification or other form of approval that, if granted, would make the person a covered person described in §1520.7.

In short, if you are neither cleared or employed by the government, you are exempt from this regulation and cannot be held accountable for the release of SSI that comes to your attention.  Additionally, Section 1.4.D offers a list of “covered” persons authorized to possess the document.  The list is lengthy.  Section 1.4.E provides the process to report lost or stolen copies.  Since people’s jobs are on the line for this release, I believe it is fair to ask how many times the document has been previously reported lost or stolen, and what, if anything, the outcome of the investigations into these reports revealed.   Those answers are critical to defining the true damage that this release has caused.  Until that definition is clarified, it will be impossible to determine an appropriate “punishment” for this transgression.

5- What is the point? Collectively, we seem to have quickly concluded that the release of this SOP has provided potential terrorists with a readily available “how-to-defeat TSA guide”.  Maybe so.  What this release really caused is a further erosion of public trust in and support for a deeply troubled agency.  Perhaps, that is not at all a bad thing.

The attacks of September 11, 2001 demonstrated to all of us that terrorists do not need a SOP to be successful. Terrorists will almost always make their plans based upon what we do, not on what our SOPs say we do.

We know from the release of this document that what TSA has been doing and what its SOP says it was supposed to be doing are not always the same thing (I was particularly drawn to procedures regarding opposite sex searches and selections for secondary screening).  If we now fully sucumb to our lingering fear of openly questioning these policies and those that are developed to replace them, then we have missed a very important point regarding the nature of democracy.  More disturbing, we are effectively doing more damage to that entity than the terrorists could ever hope to inflict.

We know that the SOP genie ain’t going back in that bottle.  Accordingly, we need to demand that the TSA seize this event as an opportunity to engage us, the American Traveling Public, in a meaningful effort to revamp the nonsensical processes and inconsistent procedures that have stoked a growing conflagaration of public anger for years.

If we, as the consumers of these publcily funded and vital safety services, take the easy and inviting path by merely waiting for the GS heads to be placed on spikes in front of the palace, then shame on us all.   We will have missed our chance at meaningful reform and possibly, truly enhanced safety.  Then, the fault lies at our own feet, every time we take off our shoes at a checkpoint.   That would be true justice.

Someone once said of the choice among quality, price, and timely delivery, “Pick any two.”  In recent years, Americans have operated under the illusion that such tradeoffs do not apply to us, at least with respect to information.  The pace of technological progress has fueled this illusion.

As individuals’ access to information has improved through the seemingly relentless convergence of information technologies, people have actually started wondering when, not if, a singularity will emerge.   Until this happens, we have to cope with the tradeoffs and their effects on democracy and trust.

As this blog’s other distinguished contributors and discussants has demonstrated on many occasions, homeland security professionals wrestle continuously with information management and technology policy issues that call upon us to balance information integrity, validity, and security.  Inevitably, these values find themselves expressed as tensions, and tradeoffs become inevitable as we seek to meet the expectations of politicians and citizens’ insatiable ‘needs to know.’

In addition to the need to know, we must now confront the ability to know.  Information and knowledge are not the same thing. Turning information into knowledge is a complex, time-consuming, and often costly process.  People in general have a poor capacity for interpreting large amounts of complex information and thus acquiring appreciable knowledge of risks, especially those far removed from their everyday experience.

This became abundantly clear to me recently, as the community where I work responded to a positive test for e. coli contamination in our drinking water supply.  Initial tests, like the one conducted here the day before Thanksgiving, had produced positive results on more than a dozen prior occasions without resulting in confirmation during subsequent testing.  This time was different though.

By the time the positive results were confirmed and the potential extent of contamination became clear, officials had to work out who needed to know what and then worried about the best way to communicate the information without provoking undue fear.  After all, they reckoned, the boil water notice issued in response to the finding in compliance with federal drinking water regulations was not itself a risk-free proposition: In other communities, more people suffered burns preparing water for consumption than suffered illness from the such contamination itself.

As word of the required actions and the city’s response to it was released to the news media and the public, feedback came in hot and fast.  Why had this notice not been issued sooner?  Why had officials relied so heavily on traditional media to get the word out?  Why had city officials not contacted water customers directly?

Those in the community asking these questions assumed they were the first to do so.  Moreover, they assumed that the answers were influenced primarily by money, technology, and administrative inertia, if not apathy or incompetence.  While cost, technical capability, and bureaucratic issues all play a role in delaying or preventing action, they are not the primary cause of officials’ concerns.  Those responsible for deciding when and how to act, including when and how to notify the public, tend to be consumed with concern for getting it right.  Herein lies the problem: A “right” response lies in the eyes of the beholder, and the public has taken a particularly jaundiced view of official actions to manage risks, especially those that involve an intersection between complex technologies and human health.

As I was digesting the very real implications of the dilemma occurring in my own community, I became aware of a report released at the beginning of October by the Knight Commission on the Information Needs of Communities in a Democracy.  The report prepared by a commission of policy and technology experts co-chaired by former United States Solicitor General Theodore Olson and Google vice president Marisa Mayer was presented to federal Chief Technology Officer Aneesh Chopra and Federal Communications Commission Chairman Julius Genachowski upon its release.

In short, the report warns of a growing information divide that threatens to undermine the foundations of American democracy. Addressing the divide, the report argues, will require coordinated effort on many fronts, and cannot be accomplished by either the government or the market acting alone.

Although improved access to technology, expanded transparency of government information, and increased commitment to engagement are all required, so too is increased literacy and numeracy – the capacity of people to appreciate information and turn it into useful knowledge.

So far, efforts to produce engagement even in some of the most creative, educated, and engaged communities through technology innovation have produced spotty results.  Open data and application development contests intended to engage private sector partners to leverage insights from public data have produced applications that do little to advance the public good.  In many cases, these applications simply make it easier for well-equipped citizens with smartphones to tell government officials they are doing a poor job responding to citizen concerns, while increasing the volume of complaints they have to deal with before they can get on with the work needed to remedy the underlying causes of what might otherwise be legitimate problems.

In other cases, applications that improve the efficiency of individual competition for consumption of public goods like parking spaces pass for innovation.  In still others, externalities clearly outweigh efficiencies by making undigested or unconfirmed information available in forms that further erode confidence in government.

In the early days of the republic, a learned man or woman of modest means could acquire a decent command of all available knowledge by applying him or herself with rigor and discipline.  Indeed, the signers of our own Declaration of Independence distinguished themselves as knowledgeable in a diverse array of subjects ranging from philosophy to law to agriculture to military strategy to engineering to commerce to religion.

Today, not one of us has any hope of achieving comparable mastery of extant knowledge.  The volume of information already in existence and the pace of new discoveries have simply become too vast, too specialized, too detailed, and too isolated from everyday experience for anyone to master regardless of mettle or means.  This does not seem to have lowered public expectations though.

In a world where people share information in real-time with one another over distances of thousands of miles and have instant access to hundreds of television channels, dozens of radio stations, and zettabytes (one zettabyte equals one billion terabytes) of data how do we overcome the illusion that information access equals knowledge?  With all of this information floating around us all the time, how do we decide what to tell people, when to tell them, and what method to use?

In the online discussion that emerged following the recent water contamination scare here, one participant in noted, “People do not trust institutions, they trust people.”  For him, at least, it was important not so much that someone had the answers to his questions, as it was that someone took responsibility for responding to his concerns.  In the absence of an official somebody, it seems anybody will do.  He, and many others, argued that the absence of official pronouncements only encouraged others to fill the void.

Not long ago, we relied upon media to do this for us.  That has changed, and media no longer have the capacity they once did to hold government accountable or to lower public expectations.  To the extent that media play an influential role in public debates these days, they are more likely to reinforce our biases than clarify positions or encourage dialogue.

It remains unclear whether social media or other technologies will bridge the gap between knowledge haves and have-nots.  If time is running out on our information illusions and our nation’s capacity to maintain trust in government and its democratic legitimacy are threatened by this growing divide, what will we make of the choice between integrity, validity, and security in the future and how will cost, quality, and timeliness influence our decisions?

I killed my Facebook account yesterday. Or at least disabled it.

I’d like to delete my account completely, but I can’t figure out how. Maybe that means I only redacted it.  Sort of.

Yesterday Jessica and Collin wrote about “redaction” as a metaphor for security.  I think Facebook could be another security metaphor.

As PDFs symbolize paper, Facebook suggests relationships. Homeland security folks are supposed to create relationships instead of building stovepipes.  Agencies are supposed to be be socially transparent and share with partners, stakeholders and a greatful public.   Social networks are poised to replace hierarchy.  Facebook — done correctly — could be the answer the homeland security enterprise is looking for.

It’s just not too clear what the question is.

———————————————–

PDFS are not paper, although with a printer they can pretend to be.  In a similar fashion, Facebook “friends” can not be “the masterpiece of nature” Emerson sought in a friend.  Perhaps as metaphor they come closer to being the “friends” Camus described who just “want … to be maintained in the good opinion they have of themselves.”

A social network does not help prevent terrorism by displaying pictures of a new decontamination truck.

(Social networks — at least the internet version — may even play a smaller role in creating terrorists than the current Nidal Hasan fueled analysis suggests.  But more about that in a few weeks.)

———————————————–

I’d been on Facebook for a few years.  I’ve been moderately serious about it for a year.  I joined because I believed (and still do) that social networks represent the next evolution of collaborative consciousness.  And I think that kind of lived awareness can benefit homeland security.  It’s a hypothesis that makes sense to me.

I wanted to learn what a virtual network space could mean in practice.   I tried MySpace and Facebook, and without a lot of thought, Facebook became my default application.  I still believe in social networks, but Facebook doesn’t cut it for me any more.  I think relying on a “service” like Facebook just because it is available may ultimately do more to harm the growth of effective social networks in homeland security than it does to help.

I have no web-based alternative.  Maybe Microsoft’s Vine.  Maybe Google’s Wave.  Maybe something that is slowly emerging from the semi-transparent mind of a 13 year old.  Or, God forbid, maybe the alternative is talking to people face-to-face.

———————————————–

Facebook’s ever changing privacy policy was the tipping point for me.  I thought I used to know what the policy was.  Then a news article a few weeks ago demonstrated to me that I did not know what the policy was.  Then there was (what turned out to be erroneous) concern about potential impact of Facebook on security clearances.

Facebook’s new policy is supposed to allow one to set up privacy levels for each message.  It is supposed to be intuitive.  I found Facebook’s explanation about their new privacy policy slightly to the dense side of obscure.

And apparently Facebook owns everything that anyone puts on their account and has eternal rights to make T-Shirts out of any message you send.  Or something like that.

In Sunday’s New York Times, Brad Stone (or at least someone who calls himself that)  described how Facebook accounts are being hacked to send messages “telling [your] co-workers and loved ones how to raise their I.Q.’s or make money instantly, or urging them to watch an awesome new video in which they star.”

So enough for me.  For awhile anyway.  I am content to wait for the Millennials to work out the bugs in Facebook or whatever it evolves into. [For one recent study describing how this is going, see "Use of Social Networking by Undergraduate Psychology Majors."]

———————————————–

When I finally struck the dagger into the inner sanctum of my Facebook account, Facebook asked me — like a pop up version of Kubrick’s HAL in 2001 Space Odyssey,

“Why are you leaving?”

“It’s just not working out,” I lied.

“Is it our privacy policy?” Facebook asked.

“No,” I answered.

“Am I too difficult to use?”

“No.”

“Then why are you leaving?  I need to know.”

“It’s other” I said, checking off the Other box.

“Other’s not good enough,” Facebook persisted.  ”I need to know the specific reason.”

I’d been in relationships like this before.  I knew what to do.

“It’s not you.  It’s me,” I explained

“Ok,” Facebook said.  ”But are you sure you want to leave?  Your 348 friends will miss you.”

“Yes,” I said, “I’m sure.”

“I’ll deactivate you,” Facebook said with a watery-eyed reluctance in its by now quivering bytes. “But I’ll leave your account here.  And you can comeback whenever you want.  It will be like you never left.”

I signed out of my Facebook account for the last time.  Free of it.

A few hours later I got an email from an old Air Force buddy who found me last spring after 40 years:

“Hey Chris,” he wrote, “I’m really hurt, man.  You de-friended me on Facebook.”

“OMG!”  I thought.  ”Do I now have to write emails to the other 347 people on my friends list telling them it’s not about them; it’s me?”

I’ll ask my Twitter followers.  They’ll know what I should do.

Co-authored by Colin Bortner

The House Homeland Security Committee Subcommittee on Transportation Security and Infrastructure Protection  will be holding a hearing Wednesday, following the revelation last week that the Transportation Security Administration (TSA) posted the agency’s Screening Management Standard Operating Procedure manual as an amendment to a contract notice on the Federal Business Opportunities website.  A blogger discovered the pdf document, as well as the ability to undo the redaction of sensitive information. Users of Adobe Acrobat publishing software were able to remove the blacked-out paragraphs and read the text beneath.

At the hearing this week, Gail Rossides, the acting TSA administrator will testify about the incident, including discussing actions taken and what the administration is doing to prevent future disclosures.  It has been widely reported that five employees have been put on leave.  TSA also has indicated that the document was outdated and not the one currently being used at airport checkpoints.

Putting aside the details of the document’s release or the findings from the hearing this week, the ease with which the redacted text was recovered from the redacted document is a simple illustration one of the peculiar challenges of information security: metaphors.

The linguist George Lakoff has argued the metaphors are the foundation of human thinking. For him, the development of thought has been the process of developing better metaphors. The application of one domain of knowledge to another domain of knowledge offers new perceptions and understandings. In a naïve sense, we understand new things in terms of old things. In this case, we understand PDFs in terms of paper.

Portable Document Format (PDF) files encapsulate a collection of elements–including text, fonts, and images–into a fixed composition. Adding a new element (such as a black rectangle) to the composition doesn’t remove the material the element may obscure. In the redacted document, behind the inserted black rectangles, all the sensitive text remained.

That this happened is not hugely surprising. PDFs are a very, very good metaphor for paper, and that is not by accident. They come in paper sizes, they’re broken into pages, and we rarely edit them. Adobe and other developers have capitalized on the strength of that metaphor and delivered on users’ expectations that PDFs should behave like paper in many ways.  Most people, including probably those at TSA responsible for the document, applied the paper metaphor, saw the black rectangles, and expected that they effectively destroyed whatever text was underneath them-as though it were a photocopy.

This is just one illustrative case. We use metaphors in information security all the time. Some examples are very familiar:

* locks and keys (physical),

* viruses and infection (medical),

* victims and theft (crime),

* externalities and costs (economic), and

* fronts and response (warfare).

At the 2007 Workshop on the Economics of Information Security (WEIS), a group of researchers from Indiana University’s School of Informatics presented a paper on “Mental Models of Computer Security Risks” showing empirically that security experts and non-experts have different mental models relating to metaphors like those above.

As one of the authors of the WEIS paper wrote in an earlier article:

“The different examples and metaphors suggest difference responses. Crime suggests investigation of every virus and worm. Crime also suggests minimal citizen responsibility with the possibility of neighborhood watch. The public health or metaphor implication requires coordinated public action with a fundamental requirement for retaining individual autonomy and civil rights. The criminal metaphor requires tracking and prosecution. The concept of warfare requires tight constraints on the network, with limited autonomy and top-down controls. Non-technical individuals will take all the implications of the metaphors.”

The author continues:

“Therefore when communicating with policy makers, media, and non-technical users the computer security expert should consider which metaphor correctly communicates user expectations.”

The differing expectations between experts and non-experts in information security are the foundation for events like the leaked TSA manual last week.

How would you like to win a $33.62 gift certificate from Amazon.com?

Coincidentally, that happens to be the amount Amazon charges to buy Tom Ridge’s “The Test of Our Times: America Under Siege…And How We Can Be Safe Again,” and Michael Chertoff’s “Homeland Security: Assessing the First Five Years” .

Both books are ideal holiday gifts for that hard-to-please homeland security professional.

Here are the details:

Please let us know what you consider to be the top homeland security story, issue, event, theme, idea, etc. of 2009.   And let us know – briefly – why you selected what you did. The topic should be something you think significantly shaped homeland security in 2009.

You can post your entries in the comments section of this post.  Or you can email them directly to us at homelandsecuritywatch[at]gmail.com (replacing the [at] with the @ sign).

You may enter as often as you’d like. Judges will decide the winning entry (and nine runners up — if we get that many entries) using the same epistemologically suspect criteria employed to create such other top ten lists as:

GAO’s Top 10 List for November 2009

The Top Ten Technology Failures of 2009

2009′s Top 10 Dirtiest Hotels in the United States

2009 Top 10 Great Graphic Novels for Teens

The Top 10 Forecasts for 2009 and Beyond

The contest closes on Monday, December 28th.  The winning entry will be announced here on Thursday, December 31, 2009.

So take a few minutes and let us know what you think happened in 2009 that is important to the homeland security enterprise.

The Bush  administration was criticized frequently for neglecting the part of the National Strategy for Homeland Security that said:

To best protect the American people, homeland security must be a responsibility shared across our entire Nation.  As we further develop a national culture of preparedness, our local, Tribal, State, and Federal governments, faith-based and community organizations, and businesses must be partners in securing the Homeland.

Fast forward to the new administration.  Here are some words — with my emphasis –  from the Obama White House homeland security issue page.

“We will help ensure that the Federal Government works with states and local governments, and the private sector as close partners in a national approach to prevention, mitigation, and response.”

Here are some more words  — with my emphasis –  from Secretary Napolitano’s testimony a few months ago to the Senate Committee on Homeland Security and Governmental Affairs.

“As a critical part of our efforts, DHS is reinvigorating its coordination and collaboration with our state, local, and tribal partners—the Nation’s first preventers and first responders.”

An uncritical reading of those two quotes would suggest the Obama administration wants to work with, coordinate with, and collaborate with state, local and other non-federal stakeholders in the homeland security enterprise.

Considering what seems to be obvious, I was surprised last week to learn from a group of honorable state and local homeland security leaders the promised coordination may not be happening. At least not when it comes to revising Homeland Security Presidential Directive 8.

Apparently, as a part of a revised HSPD 8, the National Security Staff is developing a list of things state and local agencies will have to do to demonstrate how prepared and resilient they are.  I am told it is a list that will make stakeholders yearn for the succinctness of the 37 (or so) Target Capabilities and 1600 (or so) items on the Universal Task list.  And — as was the case with the  previous administration — grants will be tied to performance, or what can be presented convincingly as performance.

It was difficult enough to demonstrate “preparedness.”  (I’m not sure anyone ever did demonstrate it objectively.)  Now agencies will have to get ready to demonstrate preparedness and  “resilience.”

OK.  But  if there is one thing to be learned from the previous administration’s efforts to create standards in a vacuum, it is the importance of consulting with representatives from the state and local agencies that will be on the receiving end of new federal “guidance.”  Apparently, efforts by legitimate stakeholders to participate in the HSPD 8 revision process are being ignored.

As one leader told me, paraphrasing the 1971 Fram oil filter commercial, “They can take the time to consult with us now, or they can pay later when they have to deal with the push back.”

I wonder if what I heard from those honorable homeland security leaders is correct.  Is the National Security Staff drafting a revision of HSPD 8 without involving other homeland security partners?

Assuming there are at least two sides to a story like this, I’d be interested in learning another way to perceive what I’m told is going on.