Intelligence Archives

Within the next 6 to 12 months, Homeland Security Department officials say they expect to have a long-awaited, instantaneous system for tracking foreigners who have overstayed their visits. Lawmakers have said such a tool is crucial for removing potential terrorists.

In 2002, DHS began to build a comprehensive entry and exit system for collecting biometric data from visitors traveling to the United States but nearly a decade later the exit part still doesn't exist.

Without an exit system, the department has encountered difficulty accurately identifying overstays, according to the Government Accountability Office. DHS estimates there were 36 overstays among the 400 people convicted through international terrorism-related investigations between September 2001 and March 2010. Five of the 19 hijackers on Sept. 11, 2001, were overstays.

Those statistics may change if all goes according to plans that DHS officials outlined at a House hearing this week.

The department is looping together a multitude of databases operated by three DHS components and the intelligence community to more quickly see red flags. Once integrated, the systems maintained by Customs and Border Protection, Immigration and Customs Enforcement and US-VISIT will be able automate previously manual searches and cross-check those findings with law enforcement and intelligence data. In essence, the integrated app will generate an e-dossier on leads, testified John D. Cohen, DHS principal deputy coordinator for counterterrorism.

"Instead of us being reactive," by screening an accumulated list of potential overstays, "CBP and the technologists will be developing essentially a hot sheet," he told members of the House Homeland Security Subcommittee on Border and Maritime Security. It "will essentially create a dashboard available to ICE, on a day to day basis, that will provide them with insights about those public safety and national security risks that are either overstays or existing visa holders."

At first, the application will not be the biometric one envisioned by authorities after 9/11. It will include biographic information and certain fingerprints from travelers entering the United States, and, with advances in research, gradually grow into a robust biometric system. "You have the foundation for a biometric exit capability of the future," Cohen said.

Already, the department has taken steps toward this goal by vetting a backlog of 1.6 million overstays, Cohen said.

In May, DHS officials began by scratching off names of people who had since left the country or changed immigration status. Then, they screened in-house law enforcement and immigration records, as well as intelligence holdings from the National Counterterrorism Center, to winnow the remaining 757,000 people to 2,000 high-risk individuals. Of those, some had died or since become part of an ongoing investigation, leaving several hundred potential leads.

Two months later, all of the previously un-reviewed overstay records had been analyzed from a national security and public safety perspective, Cohen said. ICE currently is pursuing suspects, he added.

"I cannot for one tell you how much better I feel now," said Subcommittee Chairman Candice Miller, R-Mich.

Not so, said GAO.

"If we're going to focus on the national security and public safety folks, which is the thing to start with -- it gives the impression that once you're in the country, you're in. Unless you act out," Richard M. Stana, GAO director for homeland security and justice issues, said at the hearing.

Omar Abdel-Rahman -- an overstay -- had no criminal record before he was arrested for the 1993 World Trade Center bombing, Rep. Michael McCaul, R-Texas, noted.

Construction began Thursday on a massive data center in Utah for the National Security Agency as part of the government's program to better protect its computer networks from cyber attacks.

The $1.2 billion contract for the project was awarded in September 2010 and will consist of a 1 million-square-foot facility south of Salt Lake City to support the intelligence community in providing foreign intelligence about cybersecurity threats and protecting Defense Department networks.

Ground was broken Thursday for the project, located inside Camp Williams, a Utah National Guard base near Lehi, Utah. Grading work is already underway for the center which will be capable of generating its own power and will have fuel and water storage, the Deseret News reported.

The construction is expected to bring 5,000 to 10,000 jobs to Utah and will be finished in October 2013, The Salt Lake Tribune reported.

The Library of Congress, which recently shutoff access to WikiLeaks on its computers, may be unintentionally undermining the research its analysts perform for lawmakers, classification expert Steven Aftergood, who regularly publishes a government secrecy newsletter, blogged on Monday.

The Congressional Research Service, a branch of the library that scours bills, news and other primary sources to inform lawmakers of pressing issues, "will be unable to access or to cite the leaked materials in their research reports to Congress," wrote Aftergood, who runs the project on government secrecy at the Federation of American Scientists, a nonpartisan think tank.

Several current and former library employees told him that restricting access to WikiLeaks could degrade CRS analysts' research and may not have a legal basis, he added.

• "It's a difficult situation," said one CRS analyst. "The information was released illegally, and it's not right for government agencies to be aiding and abetting this illegal dissemination. But the information is out there. Presumably, any Library of Congress researcher who wants to access the information that WikiLeaks illegally released will simply use their home computers or cell phones to do so. Will they be able to refer directly to the information in their writings for the library? Apparently not, unless a secondary source, like a newspaper, happens to have already cited it."


• "I don't know that you can make a credible argument that CRS reports are the gold standard of analytical reporting, as is often claimed, when its analysts are denied access to information that historians and public policy types call a treasure trove of data," a former CRS employee said.
• In a press release, LOC explained its actions by citing an Office of Management and Budget memo regarding the obligation that federal agencies and federal employees have to protect classified information. "But LOC is statutorily chartered as the library of the House and the Senate. It is a legislative branch agency. I don't recall either chamber directing the blocking of access to WikiLeaks for/or by its committees, offices, agencies, or members," a different former analyst said.

Aftergood's summation: "If CRS is 'Congress' brain,' then the new access restrictions could mean a partial lobotomy."

Need to know what SAEDA stands for? Enter "McGruff the Crime Dog-style cartoon sergeant to talk to your soldiers like Third Graders about information security," Gawker writes. (By the way, SAEDA is "Subversion and Espionage Directed Against the Army," shame on you.)

This guy in camo will dish out quizzes, make you memorize acronyms, terrorize and knock you down with a tank if you think you can fudge your way through his session. Watch a video of the interactive training here, or, better still, if you are in the mood to be traumatized, take it yourself.

77,000 documents on the Afghan conflict were posted on Oct. 22 onto the whistleblower website, WikiLeaks. The Pentagon wasn't pleased.

"We deplore WikiLeaks for inducing individuals to break the law, leak classified documents and then cavalierly share that secret information with the world, including our enemies," Geoff Morrell, the Defense Department press secretary, said in a statement to the New York Times.

With camo cartoon commando breathing down your neck, there might be good reason to be afraid, be very afraid.

Pentagon officials are starting to repeat one another's cyberwar rhetoric. Hello, is this an echo chamber?

On Wednesday, Deputy Defense Secretary William Lynn III discussed the military's cybersecurity strategy after meetings at NATO and the Supreme Headquarters Allied Powers Europe. "Like air, sea, land and space, we're going to have to treat cyberspace as an arena where we need to defend our networks and to be able to operate freely," he said.

The rhetoric sounds uncannily familiar to what retired CIA and National Security Agency Director Michael Hayden told infosec professionals at the annual security conference Black Hat in July. "Cyber is a domain like land, sea, air, and space," he said.

While Hayden has been reluctant to use the word "war," underscoring his belief that hackering doesn't equate to Pearl Harbor, he's continued to couch the security question in a language of territoriality and aggression. The result is a set of mixed signals: a denial that data infiltration amounts to war in what is, paradoxically, the language of war. According to AFP, at Black Hat, Hayden "called for the creation of Internet versions of rivers, mountains and other geographic features that soldiers use for defensive positions in real world battles."

In a June NPR Intelligence Squared debate on the question, "Has the cyberwar threat been grossly exaggerated?" tech commenter Bruce Schneier argued there needs to be a better language to frame infosec issues.

If we frame this discussion as a war discussion, then what you do when there's a threat of war is you call in the military and you get military solutions. You get lockdown; you get an enemy that needs to be subdued. If you think about these threats in terms of crime, you get police solutions. And as we have this debate, not just on stage, but in the country, the way we frame it, the way we talk about it; the way the headlines read, determine what sort of solutions we want, make us feel better. And so the threat of cyberwar is being grossly exaggerated and I think it's being done for a reason. This is a power grab by government. What Mike McConnell didn't mention is that grossly exaggerating a threat of cyberwar is incredibly profitable.

In that debate, former Navy Vice Admiral McConnell drew parallels between the concept of cyberwar and the Cold War. "We were in a Cold War and we never exchanged nuclear weapons," he said, implying that even though the Cold War didn't involve outright aggression, the omnipotent nuclear threat during the 1940s -- just like the cyberthreats of today -- did not discount it that era as a time of war.

The Pentagon statement on Lynn's speech picked up that reference. Lynn "likened this pillar [of sharing early detections of threats] to the Cold War strategy of shared early warning," the statement notes. "Just as our missile defenses have been linked, so too, our cyber defenses have to be linked as well," the deputy secretary said." In the words of the early modern poet John Milton, "Copy from one, it's plagiarism; copy from two, it's research."

Technology designed to circumvent Internet censorship by Iranian officials has been found to be riddled with security loopholes, raising questions on how the State Department could have approved it for distribution in Iran.

Haystack's website boasted that the tool employed "a sophisticated mathematical formula to hide users' real Internet traffic inside a continuous stream of innocuous-looking requests," guaranteeing Iranians protected access to Facebook and other blocked sites.

This week, security engineers discovered serious flaws in Haystack's software. Jacob Appelbaum, who is a programmer for the encryption software Tor, and who helped to reverse-engineer Haystack's code, tweeted, "I think in the end Haystack was misrepresented and its implementation was dangerous to real humans in the field."

Haystack's creator, Austin Heap, has claimed "a few dozen" people in Iran are using an initial test version of the software, but an Iranian activist mentioned that 5,000 people were on the Haystack network, reported The Financial Times.

When Foreign Policy tech blogger Evgeny Morovov ramped up his criticism of Haystack, the plug was pulled on the project. Heap announced Monday that users should refrain from using the program until a third party review was completed.

Much of the ensuing anger circulating in blogs and tweets has been directed towards the State Department. "What is most interesting is the enabling environment -- why tough questions weren't being asked," Morozov told The Washington Post. "People in Washington are jumping on the Haystack bandwagon because it portrays them as hip and in touch with the times but doesn't show all the risks involved."

According to a U.S. Office of Foreign Assets Control watchdog blog, because of trade sanction laws, items for distribution in Iran need to be vetted for approval first.

In regards to Haystack, it is unclear to me: 1) how these applications can clearly set out who the end users are; and 2) if the political dissidents who are receiving this software are really willing to share their identities and locations (i.e., addresses) with a U.S. government agency. If the end user information can not be provided I'm uncertain as to whether not OFAC will be willing to issue the specific licenses needed for the lawful exportation of this technology.

Independent bloggers have filed Freedom of Information Act requests to find out if State exercised all the oversight it could, or if it simply made a hasty decision in giving Haystack the green light.

Ari Schwartz, a longtime advocate for protecting privacy in the age of Web-based government, is leaving his post at the Center for Democracy and Technology to press for change from within the administration at the National Institute for Standards and Technology.

After working at the Washington civil liberties group for nearly 13 years, Schwartz on Monday announced that he has accepted an offer to become a NIST senior adviser for Internet policy. The move will allow him to continue examining issues related to identity management, cybersecurity and privacy, he said.

Recently, Schwartz helped CDT negotiate with the Office of Management and Budget to lift a decade-old rule banning federal websites from using Web-tracking tools and add constraints that would protect users' personal identities.

Schwartz will join the federal government on Aug. 30.

"I've always said that my position at CDT was my dream job. In fact, it exceeded any expectation I could have ever had. Mostly that is due to the great colleagues and mentors that I've had here. On the other hand, I have great admiration and respect for those in public service," he said in an e-mail. "I have been on the lookout for the right position in the federal government and I'm confident that this is it."

An annual gathering of hackers in New York City last week featured a presentation on how to successfully break into government files using Freedom of Information Act requests.

At the HOPE conference -- acronym stands for Hackers on Planet Earth -- an attorney and expert on phone cracking, told the story of an organization, GovernmentAttic.org, that since 2007 has filed more than 1,000 FOIA requests. Both speakers are habitual filers, as well.

The slides shown by lawyer Michael Ravnitzky and researcher Phil Lapsley provide quick, easy steps anyone can take to satisfy curiosity about the government's doings on intranets, internal databases and even in the real world.

Case studies include --

• Minutes, agendas and decisions of the DOD Resale Activities Board of Review, a congressionally-established entity that determines what sexually explicit magazines and videos can be sold or rented on military bases.
• FEMA's Remedial Action Management Program database, a collection of lessons learned from successful and failed missions, including the Space Shuttle Challenger accident.

My colleague Bob Brewin notes that President Obama has let up on the government's long held belief that America controls outer space in signing a new national space policy that contemplates relying on non-U.S. satellite navigation for backup and support.

The plan also imagines extraterrestrial observation as a way of advancing the White House's open government initiative, which centers on information disclosure and public-private collaboration throughout all levels of government, including overseas.

Some of the transparency-related items in the policy:

Departments and agencies, in coordination with the Secretary of State, shall "promote the adoption of policies internationally that facilitate full, open and timely access to government environmental data."

Non-security areas for potential collaboration with foreign governments include earth science and observation; environmental monitoring; geospatial information products and services; search and rescue; use of space for maritime domain awareness; and long-term preservation of the space environment for human activity and use.

Smashing Magazine, a publication for Web designers and developers, recently published a critique of military and intelligence agency websites worldwide, placing dozens of sites in one of its categories: Outdated, Poorly Coded, Poorly Designed, The Not So Bad, and A Few Good Sites.

The magazine's editors introduced the feature this way:

Members of military and intelligence forces around the world risk their lives daily to defend their countries and assist in peacekeeping and aid missions both at home and abroad. The men and women who make up the world's defense forces make sacrifices that most civilians wouldn't consider to serve their countries.

So, with everything they do for us, shouldn't they be represented online by website designs that reflect the honor and responsibility they undertake every day? Unfortunately, that's not the case in many countries out there.

Sites in the United States came through the analysis a bit better than most other countries. Here's a quick glance at how they ranked some U.S. sites, along with the editors' comments:

Outdated
U.S. National Reconnaissance Office
"This website screams late '90s and early 2000s, especially the navigation and typography."

United States Special Operations Command
"The headers for all the content blocks here are fine, except the one for the news feeds, which prefers to be higher up on the page."

The Poorly Designed
None

The Not So Bad
U.S. Air Force
"A professional yet boring design. But maybe that's how military websites should look?"

U.S. Central Intelligence Agency
"This website is way too narrow, and overall it's just not eye-catching."

U.S. Defense Department
"Too much is going on here, and the social media links (the icons especially) on the left look out of place."

U.S. Navy
"The icons and banners in the header don't really fit the rest of this design."

A Few Good Sites
U.S. National Security Agency
"Professional, easy to use and coherent: everything an intelligence website should be."