Paul Rosenzweig – Medill National Security Zone http://nationalsecurityzone.medill.northwestern.edu A resource for covering national security issues Tue, 15 Mar 2016 22:20:28 +0000 en-US hourly 1 Weighing in on key issues related to the domestic use of drones http://nationalsecurityzone.medill.northwestern.edu/blog/2012/10/09/the-domestic-use-of-drones/ http://nationalsecurityzone.medill.northwestern.edu/blog/2012/10/09/the-domestic-use-of-drones/#comments Tue, 09 Oct 2012 13:37:06 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=12115 Continue reading ]]>

The expanding use of drones over U.S. airspace has become a fast-growing national security topic and privacy concern. We asked our colleague Paul Rosenzweig, who co-authored a recent Heritage Foundation paper on drones, to weigh in. 


Flying drones—unmanned aerial vehicles—have been made famous by their use in the war on terrorism, notably through lethal strikes on terrorist targets in Iraq and Afghanistan. Such drones are a small fraction of those used by the United States today. There are thousands of drones, used for a wide variety of purposes, from scientific research to military operations.

Drones, mostly without a weapons capability, are employed by the government and the private sector. Because of the drones’ wide-reaching surveillance capabilities, however, even unarmed drones could threaten personal privacy and civil liberties. As the FAA develops regulations for the operation of drones in domestic skies, it must take into account constitutional concerns and privacy rights.

Paul Rosenzweig is an adjunct lecturer at Medill and a was a 2011 Carnegie Fellow for the Medill National Security Journalism Initiative. He is a former deputy assistant secretary at the Department of Homeland Security and is now senior advisor to The Chertoff Group and a legal lecturer at George Washington University.

In a research paper for the Heritage Foundation, (see bottom of story) I and three colleagues gave some thought to what the right set of rules and regulations might look like.  Here, in summary are some thoughts about how drones should be used domestically.

First, we should consider the redlines or limitations:

  • The use of drones in a military capacity (while armed) should be severely restricted to situations of actual invasion or insurrection.
  • The use of drones for domestic surveillance of First Amendment activity is fundamentally at odds with U.S. constitutional principles.
  • Drones equipped with novel sensor arrays ought not to be permitted absent a clearly demonstrated need and a careful consideration of countervailing privacy and civil liberties concerns.
  • Drones should not be used as a platform for the collection of massive unstructured data sets that could form the basis for sophisticated tracking and behavioral analytics.
  • Drones are unsuitable for use as a routine means of surveillance in non-threatening situations.
Border Patrol drone.

One of the unmanned aircraft used by the U.S. Border Patrol.
SOURCE: Inspector general’s report.

On the other hand, there are plenty of situations where domestic drone use is both sensible and practical and where our effort should be to authorize and regulate the use, rather than limit it or restrict it.  For example, consider these uses:

  • Border Patrol Security
    • Long-term surveillance of a specified area or route
  • Emergency Preparation and Disaster Response
    • Planning routes and anticipating vulnerabilities
    • Catastrophic effects and remediation planning
    • Emergency cell coverage restoration
    • Deterrence of criminal behavior in unpatrolled areas
  • Agriculture
    • Crop dusting (pesticides) or infestation eradication
    • Monitoring of crop growth
  • Maritime Domain Awareness
    • Long-term surveillance of a specified area or route
  • Environmental Monitoring
    • Wildlife tracking
    • Monitoring droughts and flooding
    • Monitoring locks, dams, and levees in remote areas

The list can go on.  And of course in any such listing there will be value judgments and choices that need to be made.  So the fundamental  recommendation that the paper makes is for Congressional engagement.  After all, these are interesting, difficult and indeterminate choices we will be making – isn’t that what our elected representatives are for?


Report from the Heritage Foundation

[field name=”drones”]

 

]]>
http://nationalsecurityzone.medill.northwestern.edu/blog/2012/10/09/the-domestic-use-of-drones/feed/ 1
From Worms to Cyberwar http://nationalsecurityzone.medill.northwestern.edu/blog/2011/12/09/from-worms-to-cyberwar/ Fri, 09 Dec 2011 19:21:03 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=9527 From Worms to Cyberwar" is an easy reading introduction. Continue reading ]]> Twenty five years ago, we saw the very first worm.  Today, we find worms are but the first step in a possible cyber war.  For those who want to know a little bit more about the underlying technology and how it works, this piece I did for the Hoover Institution, “From Worms to Cyberwar” is an easy reading introduction.

]]>
ADAMS Is Such A Friendly Name http://nationalsecurityzone.medill.northwestern.edu/blog/2011/11/18/adams-is-such-a-friendly-name/ Fri, 18 Nov 2011 15:34:47 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=9328 Homeland Security Newswire, "Researchers in a 2-year, $9 million project will create a suite of algorithms that can detect multiple types of insider threats by analyzing massive amounts of data -- including email, text messages and file transfers -- for unusual activity." Continue reading ]]> John Adams.  Adam’s Apple.   In the US the Adams name is as American as apple pie.

Good thing then that a new DARPA project has the same name!

DARPA (the Defense Advanced Research Project Administration) recently announced that it would be funding a project known as ADAMS (Anomaly Detection at Multiple Scales).  According the Homeland Security Newswire, “Researchers in a 2-year, $9 million project will create a suite of algorithms that can detect multiple types of insider threats by analyzing massive amounts of data — including email, text messages and file transfers — for unusual activity.”

That sounds a lot like the old Total Information Awareness program, a controversial data analysis program shelved by DARPA at Congressional insistence in 2004.

ADAMS seems like a new form government data mining, that may also be subject to Congressional scrutiny.  To learn more about data mining, visit “The Data Minefield,” Medill’s web-based resource bank for journalists and citizens who want a practical understanding of the issues.

]]>
US v. Jones http://nationalsecurityzone.medill.northwestern.edu/blog/2011/11/08/us-v-jones/ Tue, 08 Nov 2011 18:18:57 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=9248 United States v. Antoine Jones.  Jones was convicted of drug offenses based, in large part, on the evidence derived from a Global Positioning System (GPS) tracking device that law enforcement had put on his car.  The GPS tracker was live for 28 days, tracking Jones' car 24/7.  When they put the GPS on the car, the police did not have a valid warrant. The government says that it didn't need one.  They argue that a person has no reasonable expectation of privacy in his travel on public roads.  After all, they argue, the police could have tailed Jones in an unmarked vehicle and they wouldn't have needed a warrant.  Jones argues, however, that GPS tracking devices are uniquely intrusive -- that they allow the government to collect a large volume of geo-location tracking data and use it to build a "mosaic" picture of a person, learning, for example, what church he goes to; what bar he drinks at; and whether or not he is a regular gym attendee. Continue reading ]]> The Supreme Court today heard oral argument in the case of United States v. Antoine Jones.  Jones was convicted of drug offenses based, in large part, on the evidence derived from a Global Positioning System (GPS) tracking device that law enforcement had put on his car.  The GPS tracker was live for 28 days, tracking Jones’ car 24/7.  When they put the GPS on the car, the police did not have a valid warrant.

The government says that it didn’t need one.  They argue that a person has no reasonable expectation of privacy in his travel on public roads.  After all, they argue, the police could have tailed Jones in an unmarked vehicle and they wouldn’t have needed a warrant.  Jones argues, however, that GPS tracking devices are uniquely intrusive — that they allow the government to collect a large volume of geo-location tracking data and use it to build a “mosaic” picture of a person, learning, for example, what church he goes to; what bar he drinks at; and whether or not he is a regular gym attendee.

The arguments before the Court reflected the challenge that the Justices will face in drawing lines.  They were concerned, for example, by the government’s acknowledgement that the logic of its argument would place no Constitutional limits on the ability to put a GPS in literally every car in America — including even the cars driven by the Justices.

On the other hand, Jones’ attorney had difficulty in drawing a firm line between visual surveillance and GPS surveillance.  Did the Fourth Amendment require the government to use an inefficient method?, the Justices asked.  Repeatedly the Court returned to the idea that the resolution for the problem might lie in legislation, rather than a constitutional rule.

The government lost the case in the appellate court and the Supreme Court will issue its opinion before June of next year.  Observers in the Court (including me) are deeply uncertain as to the ultimate result.

The Medill National Security Journalism Initiative has recently completed a project to develop resources for journalists on all sorts of issues related to the phenomenon of data mining — we call it “The Data Minefield.”  At the Minefield, reporters can learn the science of data mining; review new technologies; hear from the experts on how to find stories; and browse through a collection of resources about government data  mining projects.  The Jones case is just one example.  If you are interested in the topic, or just curious, The Data Minefield is for you.

]]>
Aviation Secuirity in New Zealand http://nationalsecurityzone.medill.northwestern.edu/blog/2011/09/25/aviation-secuirity-in-new-zealand/ Sun, 25 Sep 2011 06:06:55 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=8668 Continue reading ]]> There isn’t any.  Honest.

My wife and I are on holiday in New Zealand and earlier today we took a domestic flight from Wellington to Nelson.  It was a short commuter hop — 30 minutes, across the strait separating the North and South Islands.  On the whole an utterly unremarkable experience, just like any number of flights we’ve taken before.

Save for one thing — no security.  We arrived for the flights with our e-tickets in hand, scanned them at a kiosk, dropped our bags off on the conveyor and walked to the gate.  No ID check; no metal detector; no X-ray of our carry on bags.  Probably no X-ray of the checked luggage but we couldn’t tell for sure.  We scanned our boarding passes again at the gate, but no ID check.  Nothing. In short, it felt like something from before 9/11 — and possibly even before the 1980s and the advent of hijacking.

It was so remarkable precisely because it was so unusual.  But as I sat thinking about it, I realized that it really was the reflection of a wise policy.  Had we been boarding for an international flight, we’d have gotten the whole 9 yards — ID, bag check, metal detector etc.  But New Zealand has made the risk assessment that their inter-island domestic flights are not realistic targets.  Though in theory just as vulnerable as any other flight, there simply isn’t a real threat of attack on that particular target.

And so they don’t waste time and money protecting something that doesn’t need protecting.  It’s comforting to see that kind of rationality in the world — even if we had to come all the way to New Zealand to see it.

]]>
The Authoritarian Cloud http://nationalsecurityzone.medill.northwestern.edu/blog/2011/09/05/the-authoritarian-cloud/ Tue, 06 Sep 2011 01:05:37 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=8572 Continue reading ]]> Cloud Computing is the “new thing.”  Everyone is rushing to it — the new Federal Cloud Computing Strategy isn’t called “Cloud First” for no reason.  Indeed, the reasons to like the cloud are obvious With economies of scale it is often cheaper and more efficient at the same time — what’s not to like?

In the end, maybe more than we realize.  Today’s cloud system uses “thin clients” — simple interfaces like Google’s Chrome system — with minimal independent computing power.  All of the data, software, and operating systems, software, and processing resources are stored in the cloud, managed by a cloud system administrator.

If that sounds familiar, it should.  We are, quickly, recapturing the system configuration of the early 1980s, when dumb terminals (little more than a screen and a keyboard) connected to a mainframe maintained by a systems administrator.  The administrator made the resource allocation decisions, prioritized work and controlled access to the processing systems.  So the translation is clear:  thin client = dumb terminal; cloud = mainframe.

That centralized system of control if fundamentally authoritarian.  Today’s internet structure empowers individuals.  On my laptop I have more processing power and data storage capacity than imaginable.  From here I can link to the web and communicate with anyone.  I choose my own software, save my own data, and innovate as and when I please.

In a cloud system or the old mainframe system, I make none of those decisions — my software is provided by the system administrator; who stores my data and controls what new innovations are made available. That’s a fundamentally authoritarian model where I lose much of the independence that has made the web a fountain of innovation and invention.

In a liberal western democracy, perhaps that is not a problem — after all, I don’t have to choose Google as my cloud provider if I don’t want to.  But in more authoritarian states, the trend toward the cloud will make citizens even less able to control their own destiny.  The internet empowered the liberty of dissent; we should be concerned that the cloud may take it away.

]]>
The best and worst cybersecurity headlines http://nationalsecurityzone.medill.northwestern.edu/blog/2011/07/27/the-best-and-worst-cybersecurity-headlines/ Wed, 27 Jul 2011 14:52:27 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=8067 isn't too impressed with how the press covers cyber issues.  The challenge, of course, is common to many national security stories -- how to tackle a complex topic with nuance while making it readily understandable for the reader.  Headline writers sometimes don't help in that process.  Healey's nominee for worst headline (and I agree): Obama Reserves Right to Nuke Hackers. Continue reading ]]> Jason Healey, a cyber-expert at the Atlantic Council, isn’t too impressed with how the press covers cyber issues.  The challenge, of course, is common to many national security stories — how to tackle a complex topic with nuance while making it readily understandable for the reader.  Headline writers sometimes don’t help in that process.  Healey’s nominee for worst headline (and I agree): Obama Reserves Right to Nuke Hackers.

]]>
The law of large numbers http://nationalsecurityzone.medill.northwestern.edu/blog/2011/07/17/the-law-of-large-numbers/ Sun, 17 Jul 2011 20:25:22 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=7996 25,000 security breaches since 2001, or roughly 2,500 breaches every year.  Representative Jason Chaffetz (R-UT) thinks its a scandal that proves that airport security is "a mess."  (And, now, apparently, Congressman Chaffetz and TSA are in a tussle about whether or not he was authorized to release these numbers). But what's really a mess is how our Representatives (and, sometimes, the press) report these sorts of numbers.  They are always portrayed as absolute values and in that abstract context they seem immense.  Who, after all, could approve of 2,500 mistakes per year? But the abstract context is just that -- abstract.  Numbers have meaning only in a concrete context.  So how about this for context:  Domestically, there are approximately 2 million enplanements (passengers boarding aircraft) every day.   That's roughly 700 million passengers a year, or 7 billion passengers in the 10 years for which the security breach data are reported (and bear in mind that this is every security breach however minor).  That's an error rate of less than 0.0001%.  In what human endeavor is that considered a poor performance? Continue reading ]]> It is shocking, apparently, to hear that the Transportation Security Administration has had more than 25,000 security breaches since 2001, or roughly 2,500 breaches every year.  Representative Jason Chaffetz (R-UT) thinks its a scandal that proves that airport security is “a mess.”  (And, now, apparently, Congressman Chaffetz and TSA are in a tussle about whether or not he was authorized to release these numbers).

But what’s really a mess is how our Representatives (and, sometimes, the press) report these sorts of numbers.  They are always portrayed as absolute values and in that abstract context they seem immense.  Who, after all, could approve of 2,500 mistakes per year?

But the abstract context is just that — abstract.  Numbers have meaning only in a concrete context.  So how about this for context:  Domestically, there are approximately 2 million enplanements (passengers boarding aircraft) every day.   That’s roughly 700 million passengers a year, or 7 billion passengers in the 10 years for which the security breach data are reported (and bear in mind that this is every security breach however minor).  That’s an error rate of less than 0.0001%.  In what human endeavor is that considered a poor performance?

So … absolute numbers mislead.  What we really need to know is what the types of breaches are, how systematic the vulnerabilities are and what, if anything, TSA is doing to fix the issues identified?  Those are interesting questions.  Talking about numbers out of context is not.

]]>
Disaster Planning and Exercises Meet Disaster Reality http://nationalsecurityzone.medill.northwestern.edu/blog/2011/05/16/disaster-planning-and-exercises-meet-disaster-reality/ Mon, 16 May 2011 21:06:17 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=6903 Continue reading ]]> The old saying goes “prior planning prevents poor performance.”  And what is true of music recitals is true (and even more so) of preparing for the response to a natural or man-made disaster.

When disaster strikes, a large number of resources need to be mobilized.  The larger the disaster, the more resources are needed, and the greater the need for coordination.  But given how infrequent large-scale disasters are (thankfully!) we don’t have a lot of practice with that sort of coordination.

The Federal government runs a robust training and exercise program that models disaster response by having all the players respond to a hypothetical disaster.  They run both small regional programs and, annually, a National Level Exercise that models a major catastrophe.  This year, NLE 2011 is an exercise that asks “what would happen if we had a major earthquake along the New Madrid fault line in the Midwest?”  The three-day exercise is scheduled to begin today.

The exercise is designed to test a range of government and private sector functions including: Communications, Logistics, Mass Care, Medical Surge Capacity, Evacuation, Emergency Public Information and Warning, and the activation of an Emergency Operations Center.  Participants will include the Federal government, eight states, dozens of local governments and the private sector.  When exercises like this are done right, they identify gaps and overlaps, produce operational familiarity and develop useful relationships.

As useful as planning and exercises are, sometimes reality intrudes.   Many States in the Midwest are in the middle of dealing with an historic flood of the Mississippi.  Others are still recovering from recent devastating tornadoes.  So even though “the show must go on” it will have to go on without them.

Instead of joining the national exercise with first responders simulating their activities, Tennessee, Alabama, and Mississippi will have to play the game virtually, sitting around a table making decisions;  they’re busy dealing with real life.

The rest of the states will play the game, responding to a simulated disaster, as if an earthquake had actually occurred.

Meanwhile their colleagues in the South will go about the grim business of responding to the real disasters of tornadoes and flooding — and in their own way, demonstrating why planning and exercises are so vital.

]]>
The new National Terrorism Advisory System http://nationalsecurityzone.medill.northwestern.edu/blog/2011/04/21/the-new-national-terrorism-advisory-system/ Thu, 21 Apr 2011 23:00:30 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=6107 Continue reading ]]> “Elevated” and “imminent” have replaced orange and the rest of the coded colors as the words that will alert Americans to terrorist threats. Fewer choices, less fodder for late-night comedians, but what is the real impact of the change?

The change was announced in late January and state and local governments, airports and other transportation hubs were given 90 days to make the transition to the new alert system.  On Thursday, the Department of Homeland Security rolled out the system to the general public.

Under the system, an elevated threat “warns of a credible terrorist threat against the United States,” and an imminent threat “warns of a credible, specific, and impending terrorist threat” against the country.  Americans will be able to subscribe to a new National Terrorism Advisory System (NTAS) and follow the government alerts on Facebook, Twitter, or through an email alert system.

So, is the system an improvement?  That remains to be seen.  In one sense, any system that replaces the benighted color coded threat system is an improvement.  And the new NTAS may be little more than a politically expedient way-station for the government as it walks away from an alert system that is no longer sustainable but that cannot be eliminated completely without political fallout.

It is also possible that the NTAS may actually prove useful to the public.  If the new alert system is more specific than the earlier color-coded system in defining the threat it is to be effective.  The system has that promise – DHS says it will try to give threat information that is narrowly targeted at a geographic region or a specific sector of the economy, and that’s a good thing.  It will be of great value to know, for example, that there is an elevated threat to, say, dams in the Rockies.  It’s of far less value to know that the overall threat to the country is elevated.

One other clear improvement is planned.  Each new NTAS alert will come with a built in sunset provision that says how long the alert lasts.  No longer will we have to live with expired alerts that linger simply because nobody has the authority to end them.  So in the end, NTAS will give us something good:  At a minimum we should stop hearing the  incessant announcements at the airport that “DHS has determined that the current threat advisory level is orange.”  What could be bad about that?

]]>