Antiterrorism Efforts

General Concerns

Criticism about anti-terrorism legislation and other measures in the United States, Canada and other countries focussed on three main areas:

• general concerns about the scope and effectiveness of these initiatives,
• violations of civil liberties, and
• invasions of privacy.

Expanded Scope of Domestic Surveillance

One of the main criticisms of the post-9/11 anti-terrorism initiatives is their overly broad scope, resulting in widespread surveillance of the general public. In Canada, this issue was the focus of much criticism for the proposed Public Safety Act, 2002. In his comments about Bill C-17, the Privacy Commissioner of Canada stated:

“This is unprecedented. The Government of Canada has absolutely no business creating a massive database of personal information about all law-abiding Canadians that is collected without our consent from third parties, not to provide us with any service but simply to have it available to use against us if it ever becomes expedient to do so. Compiling dossiers on the private activities of all law-abiding citizens is the sort of thing the Stasi secret police used to do in the former East Germany. It has no place in a free and democratic society.” (Privacy Commissioner of Canada, Annual Report to Parliament 2001-2002)

In the United States, the Center for Democracy and Technology (CDT) was particularly concerned about the USA PATRIOT Act because many of its provisions were not limited to terrorism investigations but rather applied to all criminal or intelligence investigations. Specifically, the CDT noted that the Act:

• allows government agents to collect undefined new information about Web browsing and e-mail without meaningful judicial review;
• allows ISPs, universities, network administrators to authorize surveillance of “computer trespassers” without a judicial order;
• allows law enforcement agencies to search homes and offices without notifying the owner for days or weeks after, not only in terrorism cases, but in all cases;
• allows FBI to share with the CIA information collected in the name of a grand jury, thereby giving the CIA “the domestic subpoena powers it was never supposed to have;” and
• allows FBI to conduct wiretaps and secret searches in criminal cases using the lower standards previously used only for the purpose of collecting foreign intelligence.(Center for Democracy and Technology, CDT Policy Post, Volume 7, Number 11, October 26, 2001)

The Electronic Frontier Foundation (EFF) also expressed the view that the “Attorney General seized upon the legitimate Congressional concern following the September 11, 2001, attacks to pad the USAPA [USA PATRIOT Act] with provisions that have at most, a tangential relationship to preventing terrorism.” The EFF argued that a number of the amendments were targeted at “low and mid-level computer defacement and damage cases” which, although clearly criminal, are “by no means terrorist offenses.” See Electronic Frontier Foundation, Analysis of the Provisions of the USA Patriot Act.

The proposed TIPS program in the United States drew immediate criticism because of the unprecedented scope of the domestic surveillance that it would have authorized: the program would use a minimum of 4% of Americans to report suspicious activity. See Goldstein, “US planning to recruit one in 24 Americans as citizen spies.”

Perhaps the most aggressive expansion of domestic surveillance is being proposed under the TIA initiative. A major concern is that it would combine every American´s bank records, tax filings, driver´s license information, records at credit card purchases, medical data, and phone and e-mail records into one giant, centralized database. This would then be combed through for evidence of any kind of suspicious activity.

Critics fear the chilling effect such widespread surveillance will have on society. It is thought the existence of TIA will impact the behaviour of both terrorists and law-abiding individuals alike. Terrorists are likely to go to great lengths to make certain that their behaviour is statistically “normal,” while ordinary people are likely to avoid unusual but lawful behaviour out of fear of being labelled “un-American.”(United States Public Policy Committee, Association for Computing Machinery, Letter to the Senate Committee on Armed Services, January 23, 2003) As one critic noted: “The program wouldn´t catch terrorists, but it would terrorize ordinary citizens by logging their every movement in a federal government database.” (Jane Black, “Snooping in All the Wrong Places: Not only would the Administration´s plan to centralize every American´s records destroy privacy, the security payoff would be minimal,” Business Week Online, December 18, 2002)

Lack of Justification

Concerns about the dramatic increase in the scope of surveillance in Canada and the United States were compounded by a lack of justification for such actions. Governments failed to demonstrate why these new measures were necessary to fight terrorism and enhance national security and most importantly, whether they would be effective. Critics of the anti-terrorism legislation argued the need and benefits presented by government were overstated and unsubstantiated.

At the time the USA PATRIOT Act was introduced the EFF stated:

“… in asking for … broad new powers, the government made no showing that the previous powers of law enforcement and intelligence agencies to spy on US citizens were insufficient to allow them to investigate and prosecute acts of terrorism. The process leading to the passage of the bill did little to ease these concerns. To the contrary, they are amplified by the inclusion of so many provisions that, instead of aimed at terrorism, are aimed at non-violent, domestic computer crime. In addition, although many of the provisions facially appear aimed at terrorism, the Government made no showing that the reasons they failed to detect the planning of the recent attacks or any other terrorist attacks were the civil liberties compromised with the passage of [the USA PATRIOT Act].”(Electronic Frontier Foundation, Analysis of the Provisions of the USA Patriot Act)

Canada´s Privacy Commissioners and consumer groups were quick to question the justification for the wide-ranging powers proposed under the lawful access consultation paper. The federal Privacy Commissioner noted:

“… what is being requested here are significantly new and enhanced powers of access to the private communications of Canadians that go far beyond maintaining the capabilities and authorities that law enforcement and national security agencies may have had in the past.

What´ missing is evidence demonstrating that there is, in fact, a serious problem that needs to be addressed. Lacking any evidence of serious problems requiring correction by invading the privacy of Canadians, it is not possible to be persuaded that the proposals address these problems effectively, proportionally, and in the least privacy-invasive manner possible.” (George Radwanski, Privacy Commissioner of Canada, Letter sent to the Honourable Martin Cauchon, Minister of Justice and the Attorney General of Canada, the Honourable Wayne Easter, Solicitor General of Canada, and the Honourable Allan Rock, Minister of Industry, regarding the “Lawful Access” proposals, November 25, 2002).

Rush Job

In both Canada and the United States one of the first waves of protest over anti-terrorism legislation was the speed with which they were passed. The USA PATRIOT Act was passed just six weeks after the September 11 attacks, with Canada´s Anti-terrorism Act being passed 14 weeks after the attacks.

Many critics felt the broad scope and complexity of these statutes, combined with no formal consultation and extremely short time frames for public reaction precluded informed debate and comprehensive analysis of their provisions.

When introduced, the USA PATRIOT Act was 342 pages long and made changes to over 15 different statutes. As the EFF noted:

“… it is a large and complex law that had over four different names and several versions in the five weeks between the introduction of its first predecessor and its final passage into law. … it seems clear that the vast majority of the sections included have not been carefully studied by Congress, nor was sufficient time taken to debate it or to hear testimony from experts outside of law enforcement in the fields where it makes major changes. This concern is amplified because several of the key procedural processes applicable to any other proposed laws, including inter-agency review, the normal committee and hearing processes and thorough voting, were suspended for this bill.” (Electronic Frontier Foundation, Analysis of the Provisions of the USA Patriot Act)

The Canadian Centre for Policy Alternatives (CCPA) levelled the same criticism against Bill C-36, noting there was no opportunity to ask and have answered key questions such as:

• Is the Bill necessary in order to combat terrorism?
• Has the government demonstrated satisfactorily that existing domestic legislation, including the Criminal Code, the Immigration Act, the National Defence Act, the Security Offences Act and the Official Secrets Act, is not adequate?
• Will the measures in Bill C-36 make Canadians safer?
• Are there not more effective responses, such as better enforcement of existing laws and measures to improve communication between, for example, the RCMP and the Canadian Security Intelligence Service?
• Will key provisions of the Bill withstand scrutiny under the Canadian Charter of Rights and Freedoms? Will Canadians have to challenge any rights´ violations at a high personal and financial cost? (Canadian Centre for Policy Alternatives, Analysis Of Bill C-36: An Act To Combat Terrorism)

Lack of Openness

Critics remain concerned because details about both the scope and operation of a number of initiatives are limited or unknown. In addition, new national security legislation authorizes secret law enforcement activities, some without any reporting requirements.

This lack of openness was the flash point for the Privacy Commissioner of Canada regarding the API/PNR program run by CCRA. According to his 2002 Annual Report, when the amendment to the Customs Act were before Parliament, he sought and received a formal written undertaking from the CCRA that API/PNR information would be destroyed within 24 hours, except in those relatively few instances where this data identified an individual for secondary screening. Some time later he was told that CCRA had decided to keep all API/PNR information about Canadian travellers for a period of six years in a new database. (Privacy Commissioner of Canada, Annual Report to Parliament 2001-2002) The federal Privacy Commissioner objected to what he characterized as a clear deception by the Government of Canada.

Lack of openness has lead to a great deal of uneasiness and speculation about the scope of the TIA program. It is known that it will use data retrieval, biometric identification and other technologies to analyze information in databases. What has not been disclosed by DARPA is what databases will be searched. One of the resulting fears is that private purchases and travel patterns will now become subject to government inspection.

In a January 10, 2003, letter to Attorney General Ashcroft, Senators Patrick Leahy, Russell D. Feingold, and Maria Cantwell asked for a clear explanation of the scope of the TIA program. They wanted to determine the extent to which the Justice Department would rely on data mining and what safeguards would be in place for the collection, use and dissemination of information. Specifically, the Senators wanted to know:

• What government, private sector or proprietary databases are being obtained or used by the Department of Justice for data mining or pattern recognition activities?
• Is the Department using any data mining tools to obtain information for law enforcement purposes unrelated to the detection and prosecution of terrorism?
• What procedures, if any, does the Department follow to ensure the accuracy and reliability of information currently collected and stored in databases used for data mining? (Senators Patrick Leahy, Russell Feingold and Maria Cantwell, Letter to the Honourable John Ashcroft, Attorney General, United States Department of Justice, January 10, 2003)

One of the provisions in the USA PATRIOT Act that received much criticism related to secret searches: these are searches without notifying the subjects until long after the search has been executed. This is a significant change from previous practices. Such notice is considered a “crucial check on the government´s power because it forces the authorities to operate in the open and allows the subject of searches to challenge their validity in court.” (Jay Stanley and Barry Steinhardt, American Civil Liberties Union, Bigger Monster, Weaker Chains: The Growth of an American Surveillance Society, January 2003, p. 9).

Another openness concern relates to the reduction in the scope of freedom of information legislation. In both Canada and the United States, there has been a conscious effort by government to limit the public´s ability to access information about national security measures.

For example, the Homeland Security Act empowers the Department of Homeland Security to withhold information it receives voluntarily from “non-Federal entities or individuals” that relates to “the vulnerability of a critical infrastructure” including computers critical to communication, transportation, and banking. Senator Patrick Leahy called this “the most severe weakening of the Freedom of Information Act in its 36-year history.” He said it “would hurt and not help our national security, and along the way it would frustrate enforcement of the laws that protect the public´s health and safety.” (Black, “Snooping in All the Wrong Places.”)

In an effort to fight the erosion of freedom of information Senators Leahy, Levin, Jeffords, Lieberman and Byrd introduced the Restore Freedom of Information Act on March 12, 2003. The Bill would clarify and narrow exemptions to the Freedom of Information Act (FOIA) created by the Homeland Security Act of 2002 by:

• Limiting the FOIA exemption to relevant “records” submitted by private entities, so that only those records actually pertain to critical infrastructure safety are protected.
• Removing the restrictions on the government´s ability to use the information it receives, except to prohibit disclosure where such information is appropriately exempted under FOIA.
• Protecting the actions of legitimate whistleblowers by removing the unnecessary criminal penalties.
• Respecting, rather than pre-empting, state and local FOIA laws.68 (OMB Watch, “Restore FOIA Bill: An Important Step in Fixing the Homeland Security Act,” March 12, 2003)

Weakening or Elimination Judicial Controls

Many of the anti-terrorism initiatives altered or eliminated traditional checks and balances that function to protect society against abuse from government. This has been one of the most significant areas of concern, particularly in the United States.

The proposed TIPS program would have allowed U.S. federal law enforcement agents to avoid the constitutional requirement of warrants or subpoenas before launching a search or an investigation. This would have been possible because individuals who are not law enforcement officers are not required to get a search warrant in order to look around a home where they are laying carpet, hooking up cable TV or a telephone, or connecting a gas stove (Charles Levendosky, “Protecting Liberty While Ensuring Homeland Security,” First Amendment Cyber-Tribune, July 28, 2002). Harvey Silverglate, a Boston civil liberties lawyer, warned: “It´s a way into every American´s home without judicial oversight.” (Jane Black, “Some TIPS for John Ashcroft: Mr. Attorney General, forget your plan for a system to promote Americans spying on Americans. It won´t work — and is un-American,” Business Week Online, July 25, 2002)

Previously, the law relating to wiretaps and pen register/trap and trace devices authorized the execution of a court order only within the geographic jurisdiction of the issuing court. The USA PATRIOT Act expanded the jurisdictional authority of a court to authorize the installation of a surveillance device anywhere in the United States. In addition this provision is not limited to investigations of suspected terrorist activity.

According to the EFF, the FBI and CIA can now go from phone to phone, computer to computer without demonstrating that each is even being used by a suspect or target of an order. The government may now serve a single wiretap, FISA wiretap or pen/trap order on any person or entity nationwide, regardless of whether that person or entity is named in the order. The government need not make any showing to a court that the particular information or communication to be acquired is relevant to a criminal investigation. In the pen/trap or FISA situations, they do not even have to report where they served the order or what information they received. The EFF believes that the opportunities for abuse of these broad new powers are immense. (Electronic Frontier Foundation, Analysis of the Provisions of the USA Patriot Act.)

In addition, under the USA PATRIOT Act the FBI need not show probable cause or even reasonable suspicion of criminal activity. Critics maintain that as a result judicial oversight is now essentially nil.

“With this law we have given sweeping new powers to both domestic law enforcement and international intelligence agencies and have eliminated the checks and balances that previously gave courts the opportunity to ensure that these powers were not abused. Most of these checks and balances were put into place after previous misuse of surveillance powers by these agencies, including the revelation in 1974 that the FBI and foreign intelligence agencies had spied on over 10,000 U.S. citizens, including Martin Luther King.” (Electronic Frontier Foundation, Analysis of the Provisions of the USA Patriot Act.)

The reduction of judicial controls also was a point of great concern with Canada´s Anti-terrorism Act. In its submission to the federal government regarding Bill C-36, the IPC stated:

“The proposed changes to the National Defence Act and Criminal Code … would result in a significant reduction of the procedural and judicial controls on electronic surveillance and wiretapping. For example, Bill C-36 reduces the requirement for law enforcement agencies to justify the need for such measures in an application to a judge. There is no longer a need to demonstrate that resorting to a wiretap is the last resort, having exhausted all other investigative techniques. I believe that such justification continues to be necessary in order to ensure proper judicial supervision and oversight.” (Ann Cavoukian, Information and Privacy Commissioner/Ontario, Letter to federal Attorney General Anne McLellan on Bill C-36, the proposed anti-terrorism legislation, October 30, 2001)

Lack of Oversight

Along with a reduction in judicial controls, national security legislation removed or lessened other forms of oversight. Under Bill C-36, Canada´s Attorney General was empowered to issue a certificate prohibiting the disclosure of certain information. The very existence of the certificate would be secret, and it would not be subject to the Statutory Instruments Act. The Privacy Commissioner recommended the certificates, if necessary, be:

• issued by Cabinet, rather than the Attorney General alone;
• subject to review by the federal Information Commissioner and Privacy Commissioner, respectively, as well as the federal court; and
• time-limited.

The Privacy Commissioner also recommended that the CSE be designated as an agency under the Access to Information Act and the Privacy Act so there could be independent oversight by the Information Commissioner and the Privacy Commissioner, comparable to other law enforcement and intelligence agencies such as CSIS and the RCMP. (Ann Cavoukian, Information and Privacy Commissioner/Ontario, Letter to federal Attorney General Anne McLellan on Bill C-36, the proposed anti-terrorism legislation, October 30, 2001)

Lack of oversight was raised regarding the TIA program in the United States. On November 18, 2002, a “nonpartisan coalition” of over 50 organizations (including the Electronic Privacy Information Center (EPIC), Privacy Rights Clearinghouse, EFF, and the American Civil Liberties Union (ACLU) wrote Senators Tom Daschle and Trent Lott urging them “to stop the development of this unconstitutional system of public surveillance.” The letter noted there are “no systems of oversight or accountability contemplated in the TIA project. DARPA itself has resisted lawful requests for information about the program pursuant to the Freedom of Information Act.” (Electronic Privacy Information Center, Letter to Senators Tom Daschle and Trent Lott, November 18, 2002)

The broad scope and lack of accountability were the underlying concerns that led the United States Senate to vote to stop all funding for the TIA program until the Pentagon can prove to Congress the program does not violate the privacy rights of Americans. Senator Ron Wyden, who authored the amendment to cut all funding to the TIA, said:

“My concern is the program that has been developed by Mr. Poindexter is going forward without congressional oversight and without clear accountability and guidelines … That is why I think it is important for the Senate, as we reflect on the need to fight terrorism while balancing the need to protect the rights of our citizens, to emphasize how important it is a program like this be subject to congressional oversight, and that there be clear accountability.” (Roy Mark, “Senate Kills Funding for Pentagon Data Mining Program,” CIO Information Network, EarthWeb, January 24, 2003)

In an effort to address this concern, in February 2003, the Pentagon announced the creation of two boards (one internal and the other an external advisory board) to oversee the TIA program. (Rowan Scarborough, “Two panels to monitor Pentagon’ s spy project,” The Washington Times, February 8, 2003).

Economic Risks

A number of critics believe that the success of electronic commerce in the United States may be threatened by TIA. Wayne Crews, Cato Institute´s Director of Technology Policy Studies, thinks the TIA system could undermine electronic commerce because business is predicated on the “sanctity of privately owned databases.” He was worried that if companies are forced to submit their databases to inspection by the TIA, “customer´s assumptions of privacy would be assailed.” (Shane Harris, “Critics say Defense “total information awareness” impractical,” Government Executive Magazine, December 12, 2002).

This position was supported by the Association for Computing Machinery (ACM). In a letter to the Senate Committee on Armed Services, the ACM argued that:

“As most non-Americans would oppose allowing the U.S. government access to their personal information, American companies can expect the development of e-commerce systems that exclude the United States, thereby depriving American companies of significant export opportunities. For example, a European Union subsidiary of a U.S. based e-commerce company might be forbidden from running the company´s systems in the EU because of the EU´s Data Privacy Directive. Alternatively, if privacy restrictions elsewhere in the world conflict with TIA-inspired surveillance, companies may be forced to develop and operate expensive, parallel systems of record-keeping for non-U.S. customers.” (United States Public Policy Committee, Association for Computing Machinery, Letter to the Senate Committee on Armed Services).

Not Effective

Some of the most compelling criticism of the anti-terrorism measures has come from security and technology experts. They have identified a number of troubling technical and methodological problems.

Quite simply, these experts believe that a number of these initiatives will just not work. Regarding the anti-terrorism initiatives introduced in the United States post-9/11, Bruce Schneier, a noted American cryptographer and security expert, wrote:

“A few minutes of speculation should be enough to convince anyone that we cannot make the United States, let alone the world, safe from terrorism. It doesn´t matter what Draconian counterterrorism legislation we enact, how many civil liberties we sacrifice, or where we post armed guards. We cannot stop terrorism within a country. We cannot block it at its borders. We have always been at risk, and we always will be.” (Bruce Schneier, Crypto-Gram Newsletter, October 15, 2001).

The greatest concern is that while national security measures will result in pervasive surveillance of the general public, they will not actually enhance security in the process. Operation TIPS was halted primarily for this reason. As one author noted of TIPS:

“Let´s be real: Terrorists with half a brain aren´t likely to be outsmarted by the mailman or open the door to have the gas meter read if they have bomb-making material nearby.

But ordinary people, who might be reading the Koran, will. The result could be a flood of unsubstantiated and largely irrelevant tips that overwhelm law-enforcement officials already mired in data. Worst of all, the program could sow the seeds of suspicion among loyal American citizens.”(Jane Black, “Some TIPS for John Ashcroft.”).

The United States Justice Department maintained it had no intention of recruiting a civilian army of spies. The Department´s Director of Public Affairs issued a statement saying Operations TIPS was to be a program that empowered Americans “uniquely well positioned to understand the ordinary course of business in the area they serve, and to identify things that are out of the ordinary.”

Given that objective, one critic noted “if the aim is a central database to log suspicious activity, it would be better to simply publish a toll-free phone number for all 285 million Americans, not just 10 million workers with special access to individuals´ homes.” (Jane Black, “Some TIPS for John Ashcroft.”).

Bruce Schneier argues that identity cards would not have stopped the terrorists who attacked the World Trade Center and the Pentagon. According to the FBI, all the hijackers seem to have been who they said they were; their intentions, not their identities, were the issue. Each entered the country with a valid visa, and each had a photo ID in his real name. Regarding the debate about the use of identity cards “smart or otherwise” to enhance national security, Schneier asks: “What problem is being solved here?” (Charles C. Mann, “Homeland Insecurity,” The Atlantic Monthly, September 2002)

A number of anti-terrorist initiatives in the United States and Canada contemplate matching information collected at points of entry in order to find known or suspected terrorists. For example, in June 2002, the United States´ Attorney General John Ashcroft announced a plan to fingerprint and photograph foreign visitors who fall into categories of “elevated national security concern” when they enter the United States. Approximately 100,000 people would be tracked this way in the first year. According to his plan, the fingerprints and photographs would be compared with those of known or suspected terrorists and wanted criminals. (Charles C. Mann, “Homeland Insecurity,” The Atlantic Monthly, September 2002)

Critics note one of the big problems with such a scheme is no such database of terrorist fingerprints and photographs exists. “Most terrorists are outside the country, and thus hard to fingerprint, and latent fingerprints rarely survive bomb blasts.” (Charles C. Mann, “Homeland Insecurity,” The Atlantic Monthly, September 2002)

The following discussion outlines a number of specific concerns about the effectiveness of anti-terrorism systems (proposed and existing).

Vulnerable and Complicated Technology

Both the Canadian and United States federal governments have talked about using biometric technology such as electronic fingerprinting, face recognition, and retinal scans to confirm identity.

Bruce Schneier agrees that biometrics may be useful in certain circumstances. Face recognition software could be useful to identify authorized airline employees in order to permit them to enter a secure area. But he does not think the technology can pick random terrorists out of the crowd in an airport.

“That much-larger-scale task requires comparing many sets of features with the many other sets of features in a database of people on a “watch list.” Identix … one of the largest face-recognition-technology companies, contends that in independent tests, its FaceIt software has a success rate of 99.32 percent — that is, when the software matches a passenger´s face with a face on a list of terrorists, it is mistaken only 0.68 percent of the time. Assume for the moment that this claim is credible; assume, too, that good pictures of suspected terrorists are readily available. About 25 million passengers used Boston´s Logan Airport in 2001. Had face-recognition software been used on 25 million faces, it would have wrongly picked out just 0.68 percent of them–but that would have been enough, given the large number of passengers, to flag as many as 170,000 innocent people as terrorists. With almost 500 false alarms a day, the face-recognition system would quickly become something to ignore.” (Charles C. Mann, “Homeland Insecurity,” The Atlantic Monthly, September 2002)

Biometric systems can be poorly implemented and, therefore, can be easily breached. For example, three reporters at a German digital-culture magazine, tested a face-recognition system, an iris scanner, and nine fingerprint readers. All proved easy to outsmart.

Smart cards have been routinely breached, often with inexpensive oscilloscope-like devices that detect and interpret the timing and power fluctuations as the chip operates. Another method requires only a bright light, a standard microscope, and duct tape.

Schneier is concerned about building security measures that are so complicated or onerous that they are by-passed. He notes the United States federal government already has several computer networks that are fully encrypted, accessible only from secure rooms and buildings, and never connected to the Internet. Yet despite their lack of Net access, the secure networks have been infected by e-mail viruses. Possibly a staff member checked e-mail on a laptop, got infected, and then plugged the same laptop into the classified network. Secure networks are unavoidably harder to work with and, therefore, people are frequently tempted to by-pass them. (Charles C. Mann, “Homeland Insecurity,” The Atlantic Monthly, September 2002)

Tempting Target

A number of security experts are concerned about the creation of large national databases that are a component of many of the anti-terrorist initiatives in the United States and Canada.

Currently, government information is scattered through scores of databases, meaning that, however inadvertent, it is compartmentalized so that a breach in one system will not compromise all the data.

The ACM argues immense databases, such as are being proposed by TIA, represent substantial security risks. All-encompassing databases would provide new targets for exploitation and attack by malicious computer users, criminals, and terrorists. The databases proposed by TIA would increase the risk of identity theft by providing a wealth of personal information to anyone accessing the databases. In addition, the ACM thinks it is “unlikely that sufficiently robust databases of the required size and complexity, whether centralized or distributed, can be constructed, financed, and effectively employed in a secure environment, even with significant research advances.”
(United States Public Policy Committee, Association for Computing Machinery, Letter to the Senate Committee on Armed Services).

“A single individual who has a personal or political vendetta, or who has been compromised by blackmail or greed, could do great harm. Yet, tens of thousands of systems administrators, domestic law enforcement staff, and intelligence personnel will be able to access the data; the security of the data will depend on the trustworthiness of every one of them. This is not something that can be guaranteed with technology.” (United States Public Policy Committee, Association for Computing Machinery, Letter to the Senate Committee on Armed Services).

The track record for security of government databases is of significant concern to security experts. One American commentator reported that security risks to federal computers and telecommunications systems are worse than ever. Hackers have broken into computer systems of the CIA, Justice Department, National Aeronautics and Space Administration, and the Web page of the Air Force. (Susan E. Gindin, Lost and Found in Cyberspace: Informational Privacy in the Age of the Internet, 1997).

Since September 11 at least forty government networks have been publicly cracked by typographically challenged vandals with names like “Criminals” and “Discordian Dodgers.” Summing up the problem, a House subcommittee … awarded federal agencies a collective computer-security grade of F. (Mann, “Homeland Insecurity.”).

Too Much Information

One of the stated objectives of the TIA program is to determine if using technology to predict terrorist attacks is even feasible. Steven Aftergood, the head of the Federation of American Scientists´ projects on government secrecy and intelligence, doubts that “technology can be precise enough to distinguish a few suspicious transactions in a sea of activity.” (Shane Harris, “Counterterrorism project assailed by lawmakers, privacy advocates,” Government Executive Magazine, November 25, 2002).

A policy analyst with the Cato Institute in Washington, said “it´s statistically unlikely that the system could predict and pre-empt attacks and also avoid targeting innocent people as suspected terrorists.” (Harris, “Critics say Defense “total information awareness” impractical”).

“… if the system “which theoretically would analyze relationships among transactions such as credit card or airline ticket purchases” were applied to the entire population, almost as many people would incorrectly be identified as terror plotters as would be correctly fingered. That scenario would make the technology useless.” …(Harris, “Critics say Defense “total information awareness” impractical”).

Security experts do not believe solving national security problems requires a huge electronic infrastructure. In fact, one of the key lessons learned from the September 11 tragedy is that a lack of information was not what prevented the FBI from detecting the terrorists´ plans. It was an excess of badly organized and poorly shared data. (Black, “Some TIPS for John Ashcroft”).

“In July, 2001, FBI agent Kenneth Williams warned colleagues in a memo that supporters of Osama bin Laden were attending civil-aviation colleges in Arizona. That important information never made it into the right hands. Six months after two hijacked jetliners brought down the World Trade Center, the Immigration & Naturalization Service sent a letter to the flight school that suspected ringleader Mohammed Atta had attended in Florida, saying his student-visa application had been approved.” (Black, “Snooping in All the Wrong Places”).

Wasted Resources

Some critics believe the scope of a number of the anti-terrorist initiatives will actually result in pulling law enforcement away from critical investigations. This was certainly one of the core concerns about Operation TIPS. Millions of tips could have been filed each week, all of which would have to have been reviewed by law enforcement: wasting valuable resources needed to address real threats to national security.

Easy to Exploit

A Washington Post report indicated CAPS used complex computer algorithms, including neural networks, to sort through personal information to identify “suspicious” people (Stanley and Steinhardt, Bigger Monster, Weaker Chains). Two students out of the Massachusetts Institute of Technology and Harvard maintain the use of these algorithms actually introduces “a gaping security hole” easily exploitable by terrorists. They argue any security system that uses profiles to select passengers for increased scrutiny is less secure than systems that randomly select passengers for thorough inspection (Chakrabarti and Strauss, Carnival Booth).

In order to understand their arguments, some background information about the operation of CAPS is required. These systems operate according to a two-stage model “profile development,” followed by profile evaluation.

Based on a historical record of data pertaining to known terrorist activities, software attempts to detect patterns in the data that “correlate” with prior terrorist plots and “anti-correlate” with the activities of non-criminals. For instance, the software might find that those people who bought one-way tickets using cash and traveled abroad frequently had an elevated chance of being terrorists. Once compiled, this profile is then reviewed by the Department of Justice. Since this process occurs only periodically, “the derived master profile is presumably static for long periods of time” (Chakrabarti and Strauss, Carnival Booth).

The approved profile is incorporated into software that is accessible from every airline check-in counter nationwide. When a passenger checks in, the ticket agent enters the passenger´s name into the CAPS console. Data mining software linked to government databases searches for information about the passenger, retrieving data relevant to the profile. The software compares the similarity of the acquired data to the profile and computes a “threat index” assessing how much potential risk that passenger may pose. If the passenger has one of the top 3-8% of threat indices relative to the other people on his/her flight, then CAPS flags him/her for “special treatment.” A small percentage of people on each flight are randomly flagged as well (Chakrabarti and Strauss, Carnival Booth).

The MIT students present an algorithm called Carnival Booth which they maintain “a terrorist cell can employ to increase their probability of mounting a successful attack under CAPS as opposed to an airport security system that employs only random searches (Chakrabarti and Strauss, Carnival Booth).”

A terrorist organization can probe the security system to ascertain which of their members have low CAPS scores. Since security manpower is disproportionately spent on people with high CAPS scores, the terrorist with a low score most likely will face reduced scrutiny (Chakrabarti and Strauss, Carnival Booth). It could be used as follows by a terrorist organization:

• First, probe the system by sending an operative on a flight. The operative has no intent of causing harm. He/she has no explosives or weapons and is simply taking the flight to determine whether or not CAPS flags him/her.
• If flagged, then the organization sends another operative in the same manner.
• Repeat this process until a member who consistently eludes being flagged by CAPS is found.
• Now send this operative on a mission with intent to harm, complete with weapons or explosives. Since CAPS did not flag the operative the last few times, he/she most likely will not be flagged this time and, thus, be subject to less scrutiny (Chakrabarti and Strauss, Carnival Booth).

Newsweek reported in the weeks before September 11, the terrorists practiced their attack by boarding the flights they intended to later hijack (same type of planes, same times, same origins and destinations). They wanted to be certain they did not raise any suspicions or red flags (Reported in several issues during October 2001).

The hijackers showed they had no shortage of money, patience, and planning acumen. The terrorists already understood how to use weaknesses in CAPS to their advantage (Chakrabarti and Strauss, Carnival Booth).105 In conclusion, the MIT students stated:

“The carnival booth effect prevents CAPS from being an effective deterrent against terrorism. … In short, the financial resources our nation commits to counter-terrorism should not support a CAPS-like system, which may appeal to our intuitions, but is in fact more amenable to compromise” (Chakrabarti and Strauss, Carnival Booth).

Solving the Wrong Problem

It is impossible to seal up a country or protect every access point. To illustrate the scope of even contemplating such action, one American noted:

“In 2000, more than 350 million non-U.S. citizens entered the country. In 1999, Americans made 5.2 billion phone calls to locations outside the United States. Federal Express handles nearly five million packages every business day, UPS accounts for 13.6 million, and until it became a portal for terror, the Postal Service processed 680 million pieces of mail a day. More than two billion tons of cargo ran in and out of U.S. ports in 1999, and about 7.5 million North Americans got on and off cruise ships last year” (David Carr, “The Futility of omeland Defense,” The Atlantic Monthly, January 2002).

Bruce Schneier argues most of the security measures contemplated after September 11 will be ineffective. “Worse, their use may make Americans less safe, because many of these tools fail badly … Meanwhile, simple, effective, ductile measures are being overlooked or even rejected.” (Mann, Homeland Insecurity)

Specifically, Schneier suggests the following:

• To forestall attacks, security systems need to be small-scale, redundant, and compartmentalized. Rather than large, sweeping programs, they should be carefully crafted mosaics, each piece aimed at a specific weakness.
• It is seldom necessary to gather large amounts of additional information, because in modern societies people leave wide audit trails. The problem is sifting through the already existing mountain of data. Calls for heavy monitoring and record-keeping are usually a mistake.
• Security systems that depend on keeping secrets tend not to work very well “airport security is such a system. Procedures for screening passengers, for examining luggage, for allowing people on the tarmac, for entering the cockpit, for running the autopilot software” all must be concealed, and all seriously compromise the system if they become known.
• Some efforts are solving the wrong problem and, therefore, deflecting efforts from the real security risks. For example, the United States´ federal government and the airlines are spending millions of dollars on systems that screen every passenger to keep knives and weapons out of planes. “But what matters most is keeping dangerous passengers out of airline cockpits, which can be accomplished by reinforcing the door.”(Mann, Homeland Insecurity)

Security experts do not believe that massive surveillance resulting in more information being collected is the answer: better use and co-ordination of existing information by law enforcement, better training of key personnel, and a more informed public could have significant impact on security.

“America needs flight-training instructors like the one in Minnesota who alerted the FBI to Zacarias Moussaoui´s alleged desire to learn to fly a plane but not to land one. The country needs alert passengers on airplanes, like those who noticed and took down shoe-bomber Robert Reid on American Airlines Flight 63 from Paris.” (Black, “Snooping in All the Wrong Places”).

Schneier maintains that it is “impossible to guard all potential targets, because anything and everything can be subject to attack. Palestinian suicide bombers have shown this by murdering at random the occupants of pool halls and hotel meeting rooms.”

“The most important element of any security measure, Schneier argues, is people, not technology, and the people need to be at the scene. Recall the German journalists who fooled the fingerprint readers and iris scanners. None of their tricks would have worked if a reasonably attentive guard had been watching.”(Mann, Homeland Insecurity).

As one commentator in the United States said:

“Get over thinking that America can be made safe. Defending a country as big and commercially robust as the United States raises profound, and probably insurmountable, issues of scale. … When one target is shored up, nimble transnational cells that can turn on a dime simply find new bull´s-eyes. Up against those practical realities, homeland security is the national version of the gas mask in the desk drawer–something that lets people feel safer without actually making them so.” (Carr, The Futility of Homeland Defense).

Main Source: Green College, University of British Columbia

Countries Not Cooperating Fully With Antiterrorism Efforts in 2011

United States views on international law (based on the document “Digest of U.S. Practice in International Law”): On May 11, 2011, James B. Steinberg, Deputy Secretary of State, acting on delegated authority, determined and certified to Congress pursuant to § 40A of the Arms Export Control Act, 22 U.S.C. § 2781, and Executive Order 11958, as amended, that Cuba, Eritrea, Iran, the Democratic People’s Republic of Korea (“DPRK” or “North Korea”), Syria, and Venezuela were not cooperating fully with U.S. counterterrorism efforts. 76 Fed. Reg. 31,390 (May 31, 2011). For information concerning the prohibition on U.S. assistance and the export controls that these designations trigger, see Cumulative World Encyclopedia of Law 1991-99 at 508 or World Encyclopedia of Law 2003 at 167.

Resources

See Also

• Sanctions
• Export Controls
• International Restrictions
• Imposition Of Sanctions
• Implementation Of Sanctions
• Modification Of Sanctions
• Terrorism