WASHINGTON--Politicians from states opposed to the U.S. government's Real ID plan had one message on Wednesday: It's not too late to turn this ship around.
Democratic Senator Jon Tester
(Credit: U.S. Senate)Mark Sanford, the Republican governor of South Carolina, and Jon Tester, a Democratic U.S. senator from Montana, on Wednesday delivered a now-familiar bruising to the controversial national driver's license standards, which they criticized as an unfunded mandate that passed with no formal debate in Congress, posing threats to U.S. citizens' privacy and states' authority.
Now that the U.S. Department of Homeland Security has extended deadlines for all 50 states and the District of Columbia, the rules have essentially been punted to the next administration. That "baton passing" stage is a key opportunity to continue rebelling against the rules, the two politicians told a packed auditorium at an event sponsored by the Cato Institute, a free-market think tank that opposes Real ID.
"With a broad-based group, we can make some changes, but you need to be active, you need to be vocal, you need to be talking to your folks," Tester said.
Tester is one of the sponsors of Identification Security Enhancement Act, which would yank Real ID and replace it with a "negotiated" rulemaking process that was proposed before Real ID was glued onto an emergency Iraq war spending bill that passed unanimously in 2005. At a hearing last week, some senators indicated they'd be pushing for that proposal's enactment into law, although a timeline is unclear.
Sanford, for his part, is worried that many people are "sleeping through" the debate and urged opponents to help awaken them to the problems that he and other state officials see with Real ID. He charged that the plan is "the mother of all unfunded mandates" (with an estimated $116 million price tag for his small state), will force his state's residents to endure long waits at the Department of Motor Vehicles, meddles in states' governing powers, and requires interlinked databases that could offer "one-stop shopping for every computer hacker around the world."
Homeland Security, for its part, argues that more secure driver's licenses and identification documents are necessary to prevent terrorists, identity thieves, and illegal immigrants from committing wrongdoing, and it views Real ID as a pathway to that end.
The department has always characterized Real ID as voluntary, but when the rules kick in, state residents won't be able to board airplanes or enter federal buildings unless they present without a compliant identification card, driver's license, or U.S. passport. The first wave of requirements were originally supposed to kick in May 11, but any potential airport chaos has been postponed until at least the end of next year: The agency has since opted all 50 states and the District of Columbia deadline extensions for beginning to come into compliance with Real ID--whether they requested them or not.
South Carolina Gov. Mark Sanford
(Credit: South Carolina Governor's Office)South Carolina is one of eight states that has passed legislation prohibiting implementation of Real ID--and it also falls into the category of states that vowed to stick by that position, Sanford said. (Ten other states have passed resolutions opposing Real ID, and two more--Arizona and Alaska--may be joining the rebellion soon.)
In late March, Sanford sent a letter (PDF) to Homeland Security Secretary Michael Chertoff, in which he said he could not authorize the state to comply with Real ID and outlining a list of concerns with the policy. The governor recounted receiving a "bizarre" response: an effectively unsolicited deadline extension.
Sanford suggested he'll continue to uphold his state's law rejecting Real ID and indicated Homeland Security's behavior is nothing more than politics as usual. "There's a real tendency in the political process to kick the can," he said. "Everyone wants to have a reasonably good day. The idea of having a meltdown on a policy or proposal that you're responsible for is not exactly an idea of a good day."
The U.S. government has been keeping watch from space for almost 50 years, starting with the Corona program overseen by the National Reconnaissance Office. In September 1967, a Corona camera in orbit took this picture of the Pentagon.
(Credit: National Reconnaissance Office)WASHINGTON--A plan to expand the number of government police and security agencies that can tap into detailed satellite images is proceeding, despite concerns from Congress, the head of the U.S. Department of Homeland Security said Wednesday.
During a roundtable discussion with bloggers and journalists here, Secretary Michael Chertoff said a "charter has been signed" to create a new office, which will serve as a clearinghouse for requests from law enforcement, border security, and other domestic homeland security agencies to view feeds from powerful satellites. It will be called the National Applications Office.
"I think the way is now clear to stand (the office) up and go warm on it," said Chertoff at Homeland Security's headquarters here.
Right now, these spy satellites are more commonly used for things like monitoring volcanic activity, hurricanes, floods, and various environmental and geological shifts. But the agency has said it sees important applications for the images in other areas within its purview, such as terrorism investigations and illegal immigration busts.
Originally, the but those plans were delayed after congressional Democrats raised privacy concerns. They said they wouldn't be able to support the program until the agency lays out exactly what legal framework it will be using to fulfill requests by, say, state and local police, and how it will protect Americans' civil liberties.
Chertoff said Wednesday that the department has completed the privacy impact assessments for the new office and should be releasing them within a few days. He said that members of Congress have received briefings and that he thinks there's a "good process in place to make sure there aren't any legal transgressions."
This photo shows the Soviet Union's Dolon Air Field in August 1966. The NRO calls Corona the "first operational space photo reconnaissance satellite."
(Credit: National Reconnaissance Office)In the past, Homeland Security officials have downplayed the implications of allowing more agencies to access the satellites, arguing that in addition to scientific applications, the technique has already been employed from time to time by the Secret Service and FBI. For instance, when a well-publicized series of sniper attacks swept through the Washington, D.C., area in October 2002, the CIA and FBI were permitted to use images provided by the National Geospatial Intelligence Agency to look for places snipers might hide along highways along the east coast.
"I think we have fully addressed everybody's concerns," Chertoff said Wednesday. "We've made it clear this is not going to be interception of communications, verbal or oral or written. That's still going to be done under the traditional way."
The Homeland Security secretary, however, may not have that easy a time persuading congressional overseers.
Within the next few days, Reps. Jane Harman (D-Calif.) and Christopher Carney (D-Penn.), who lead Homeland Security subcommittees, are planning to send Chertoff a letter that says the new scheme still isn't ready for launch, a Democratic aide to the U.S. House of Representatives Homeland Security Committee, which oversees the department, told CNET News.com on Wednesday.
Committee leaders say the charter for the National Applications Office is "wholly inadequate," said the aide, who spoke on condition of anonymity since the letter is still being drafted. They plan to criticize the department for allegedly failing to outline the legal framework and other "standard operating procedures" governing the program.
Furthermore, the Government Accountability Office has not yet vetted the program's privacy guidelines, which was made a condition for the National Applications Office to receive congressional funding, the aide said.
On cybersecurity
Also at the roundtable discussion, Chertoff attempted to defuse concerns that Homeland Security's cybersecurity arm plans to "sit on the Internet," as he put it, and monitor traffic in a manner reminiscent of the Chinese government.
As part of its efforts to detect network intrusions in real time, Homeland Security has said it plans to expand use of an existing system known as Einstein, that will, among other things, monitor visits from Americans and foreigners visiting .gov Web sites. The set-up is in place at 15 federal agencies, but Chertoff has asked for $293.5 million from Congress in next year's budget to roll it out governmentwide.
In addition to outfitting federal networks with those tools, Chertoff said the government also plans to help companies to fend off cyberattacks by offering some of its "classified" intrusion detection tools--but such aid will be purely optional.
As for the department's broader strategy, "in some ways, it's more and better of what we're doing," Chertoff said. "In some cases, it may involve some additional things I can't talk about."
In addition, Chertoff spoke about the Real ID Act and the department's May 11 deadline--see our separate story.
At U.S. Secret Service headquarters, numerous companies, and state and international government offices this week, computer security types have been forced to fend off hundreds of potentially crippling cyberattacks.
No need to worry, though--at least this time around, no actual networks were harmed in the process.
It was all part of the Department of Homeland Security's second iteration of Cyber Storm. The weeklong, congressionally mandated exercise is designed to test the readiness of government and business officials if confronted by cyberthreats to critical networked services, from transportation systems to the electrical grid to chemical plants.
This time around, the mock attack involved officials from 18 federal government agencies, four foreign countries (Australia, Canada, New Zealand, and the United Kingdom), nine states, and more than 40 companies (among them: McAfee, Microsoft, Cisco, Dow Chemical Company, Juniper Networks, and Wachovia).
Homeland Security is hailing the exercise as the largest-ever simulation of its kind, with a significant uptick in the number of "incidents" lobbed at participants. That may be true, but since it's also only the second such activity of its kind, it seems only logical that its scale would grow over time.
Participants this year have had to contend with nearly 2,000 "injects," ranging from hacker intrusions and amped-up denial-of-service attacks, with intentionally misleading intelligence information thrown in just to make things even more difficult, according to DHS officials' interviews in other published reports.
Cyber Storm I, which played out over a week in February 2006, involved seven federal agencies, more than 30 companies, and the same five countries. At the time, it was called the "most complex multinational, cross-sector cyber exercise to date" and involved coordination among people in 60 different physical locations.
A fairly general report on Cyber Storm I (PDF) spotlighted a number of remaining challenges, such as an insufficient number of "technical experts" on board to decipher loads of information pouring in; difficulties figuring who to call within organizations to seek help during crises; and lack of a "triage" plan for cyber incidents.
But we probably won't know for quite awhile exactly what the Cyber Storm II exercise looked like or how well the responses to incidents held up.
After all, it wasn't until nearly two years after Cyber Storm I that the Associated Press was able to obtain a portion of heavily censored internal files that shed some light on the scenarios. Fake catastrophes ranged from downed New York seaport computers, to bloggers revealing locations of railcars with hazardous materials, to airport control tower disruptions in Philadelphia and Chicago.
WASHINGTON--One of the U.S. Department of Homeland Security's most prominent Real ID cheerleaders made a more timid than usual push on Tuesday for states to adopt the controversial identification card standards.
Stewart Baker, the department's assistant secretary for policy, has touted what he perceives as the privacy-protective, identity theft-preventive features of the congressionally mandated Real ID driver's license regime during the past year.
But, clearly fearing criticism during a Tuesday morning speech at the spring meeting of the National Association of Attorneys General, he saved any mention of the program until the tail end of a 20-minute speech about the perils of identity theft.
"One thing I will say," Baker said, almost couching his imminent pitch as something of an afterthought. "One of the key ways to catch identity thieves is better security for driver's licenses."
The former National Security Agency general counsel then launched into a kinder, gentler defense of Real ID, first acknowledging he expected "to get a little pushback on this."
"Real ID has a bad bumper sticker reputation," Baker said, "but what it boils down to is a set of standards for obtaining driver's licenses, so it's harder to obtain fraudulent driver's licenses."
Baker and other proponents argue that the scheme, which was passed as part of an emergency spending bill by Congress in 2005, is necessary to prevent terrorists, criminals, and illegal immigrants from successfully obtaining and using fraudulent driver's licenses. (For that reason, it's a "pro-consumer" and "antiterrorism" measure, Baker said Tuesday.) Privacy and civil liberties advocates, however, say the regime doesn't have enough checks built in to prevent abuse of information encoded on the licenses, and a number of states have balked at the cost of the mandate.
Homeland Security is pushing states "pretty hard" to come into compliance with Real ID requirements over the next 18 months and has gotten a "decent" response so far, Baker said. According to an agency-produced map, 45 states and the District of Columbia have already received deadline extensions, which means their driver's licenses will continue to be accepted for boarding airplanes and entering federal buildings come May 11, 2008, when the new rules kick in. But another five states--Maine, Montana, South Carolina, New Hampshire, and Delaware--have said they will not comply. (See related story.)
Baker, for his part, characterized that continued resistance as "ideological and, in my opinion, based on misconceptions." Citing fake driver's licenses used by Oklahoma City bomber Timothy McVeigh and September 11 hijackers, he suggested the Real ID plan's requirements were something of an inevitability, even if they may be a bit costly.
"That's my proposal," Baker said at the close of his speech. "If you've got better ideas, then I'd really like to hear it."
None of the two dozen or so attorneys general present at the meeting raised their hands with questions or comments.
"It must be really early in the morning if Real ID doesn't get a bite," he quipped with a chuckle, before being handed a medallion as a "token of appreciation" from his hosts.
WASHINGTON--A new Bush administration plan to capture and analyze traffic on all federal government networks in real time is generating privacy worries from congressional Democrats and Republicans alike.
At a hearing convened here Thursday by the U.S. House of Representatives Homeland Security Committee, politicians directed pointed questions to Department of Homeland Security officials about their plans to expand an existing "intrusion detection" system known as Einstein. Among other things, the system will monitor visits from Americans--and foreigners--visiting .gov Web sites.
Einstein, which DHS calls an "early warning system" for cyber-incidents, is described in a Homeland Security document from September 2004 as "an automated process for collecting, correlating, analyzing, and sharing computer security information across the federal civilian government." It's still only in place at 15 federal agencies, but Homeland Security Secretary Michael Chertoff requesting $293.5 million from Congress in next year's budget to roll it out government-wide.
The round-the-clock system captures traffic flow data, which currently includes source and destination IP addresses and ports, Internet Control Message Protocol data, and the length of data packets. According to an internal 2004 privacy impact assessment (PDF), "the program is not intended to collect information that will be retrieved by name or personal identifier." Members of the U.S. Computer Emergency Readiness Team, which coordinates federal responses to cyber attacks, analyze the downloaded records once per day in hopes of detecting worms and other "anomalous activity," pinpointing trends, and advising agencies on how best to configure their systems.
Homeland Security says the setup has helped reduce the time it takes for agencies to share such data from four to five days to four to five hours. The next step is to hire more analysts and enable the analysis to occur in real time, DHS says.
Beyond that, it's not exactly clear what will change, including whether the system will gather more information than before, or what will be done with it. But some politicians said they're already apprehensive about the new plans.
"I encourage you to try to find something beyond Einstein that's going to be focusing on bad guys, not just focusing on the general public but finding some way to protect the privacy of American citizens," said Rep. Paul Broun (R-Ga.).
Rep. Jane Harman (D-Calif.) criticized the department on one hand for treating cyber threats with sufficient urgency--a common refrain from members of both parties ever since the sprawling government agency's inception. But she also questioned the new approach being offered.
"I can assure you constituents of mine listening to this hearing are thinking about this as the government sets up a new spy network," she said. "What would you advise me to tell my constituents (who want to know) how I'm going to stop this latest government spy network?"
Homeland Security under secretary Robert Jamison presides over an agency division that's responsible for coordinating all federal cybersecurity activities.
(Credit: U.S. Department of Homeland Security)Robert Jamison, a Homeland Security undersecretary whose division oversees cybersecurity activities, declined to talk specifics, saying details must be reserved for a classified session.
"We have privacy and civil rights folks involved in this," he said. "We're in the process doing a privacy impact assessment for the new capability as we move forward."
Government agencies are required by law to produce such a report whenever they're planning to use a new technology that could involve collection of personally identifiable information. The goal is to ensure that no information is collected, stored, or accessed either unnecessarily or unlawfully.
The fact that Homeland Security officials are drawing up a new privacy impact assessment for the expansion of the Einstein project would seem to indicate they're considering gathering additional information, although it was unclear after Thursday's hearing whether that's the case.
Jamison, for one, claimed Einstein's new capabilities will be "no different" from those in commercial products used to detect worms or other malware. He indicated, however, that the government has no intention of scaling back the scope of its network monitoring.
"Adversaries are very adept at hiding their attacks in normal traffic--normal, everyday traffic that comes across the network that very well could be disguised and could be malicious," Jamison told the committee.
Einstein is just one part of Homeland Security's attempts to revamp its cybersecurity reputation. It's also working with the Office of Management and Budget on a project that would reduce the number of points at which all federal agency networks connect to the Internet--which right now numbers around 4,000--and thus encounter vulnerabilities from outside their realms.
Whenever a system monitors users' communications, privacy concerns naturally arise, said James Lewis, who runs the technology policy wing of the Center for Strategic and International Studies, a Washington think tank, and is working with members of Congress to devise cybersecurity policy recommendations for the next president. In this case, however, he said he didn't see any reason to be alarmed about Einstein quite yet.
"For Einstein to really affect privacy, you'd need to monitor and collect the communications, store them, and analyze them (e.g. have somebody actually read the content)," he said in an e-mail interview after Thursday's hearing. "I'm told that DHS won't store Einstein data and won't be analyzing it, which greatly reduces any risk to privacy."
Committee leaders warned that they'd be watching closely to see whether the plans pan out.
"It's hard to believe this administration now believes it has the answers to secure our federal networks and critical infrastructure," said Committee Chairman Bennie Thompson (D-Miss.).
The Bush administration's plan to outfit the U.S.-Mexico border with a "virtual" fence consisting of sensors, cameras, and drone aircraft is running into technical snags.
Federal officials told a congressional committee on Wednesday that the first phase of the project--consisting of about 100 miles near Yuma and Tuscon, Ariz., and El Paso, Texas--won't likely be completed until 2011, about three years later than expected, according to The Washington Post. The task is being overseen by the Department of Homeland Security and has been contracted out to Boeing.
The Bush administration is working on adding a 'virtual' fence--consisting of sensors, drones, and cameras--in an effort to supplement physical fences like this one along the U.S.-Mexico border.
(Credit: U.S. Department of Homeland Security)For years, the Bush administration has been heralding the concept of a "high-tech" fence as a sophisticated, 21st-century way to help border patrol agents nab foreigners trying to sneak into the country--and supplement physical fences, which are also in the works. In 2006, it estimated that it would cost $7.6 billion to secure the entire 2,000-mile southern border. Critics, including Democrats in Congress, charge the effort has been wasteful and poorly executed so far, and civil libertarians have raised questions about privacy.
The decision to postpone completion of the first phase came after government auditors discovered numerous flaws in a 28-mile pilot of the border fence in Arizona. Known as "Project 28," the $20.6 million effort was supposed to have been operational last summer, but software integration issues stymied a timely launch.
In the past, other glitches--including lags in radar information displaying in command centers and newly deployed radars being activated by rain or other environmental factors--have made the system unusable, according to Government Accountability Office investigators. However, the GAO did note in its testimony Wednesday to Congress (PDF) that border security agents they interviewed say the current project provides "greater technological capabilities" than what they're accustomed to working with.
Homeland Security Secretary Michael Chertoff said last week that the department had "accepted" the pilot, which he said means the agency will take elements of the prototype and apply them to other parts of its virtual fence plan. He also said the department plans to double the number of unmanned aerial vehicles policing the border. In a blog entry on Tuesday, Chertoff denied any allegations that the overall border security plan is facing setbacks or, as The Wall Street Journal called it in a weekend article, "mothballing."
"I've seen this system work with my own eyes, and I've talked with the Border Patrol Agents who are using it," Chertoff wrote. "They assure me that it adds value."
The Electronic Frontier Foundation and the Asian Law Caucus are suing the Department of Homeland Security over aggressive searches and seizures of travelers' property and information at U.S. borders.
As reported on BoingBoing:
ALC, a San Francisco-based civil rights organization, received more than 20 complaints from Northern California residents last year who said they were grilled about their families, religious practices, volunteer activities, political beliefs, or associations when returning to the United States from travels abroad. In addition, customs agents examined travelers' books, business cards collected from friends and colleagues, handwritten notes, personal photos, laptop computer files, and cell phone directories, and sometimes made copies of this information. When individuals complained, they were told, "This is the border, and you have no rights."
"When the government searches your books, peers into your computer, and demands to know your political views, it sends the message that free expression and privacy disappear at our nation's doorstep," said Shirin Sinnar, staff attorney at ALC. "The fact that so many people face these searches and questioning every time they return to the United States, not knowing why and unable to clear their names, violates basic notions of fairness and due process."
NPR's Morning Edition broadcast a segment on this story this morning. The Department of Homeland Security is vigorously defending its right to search and seize at the border, and is supported by legal precedent. The segment suggested that travelers' best option was to bring only essential information along on international trips.
I feel like ordinary American citizens are having to become like Jason Bourne, buying the cell phone, making a call and then throwing it away. A more practical suggestion may be that if you are upgrading a laptop, you may want to keep the old one in stripped-down form for travel. But it would be ironic and sad to leave the light, little MacBook Air at home on the desk while you carry a clunkier model with you.
It will be interesting to see if sensible consumer solutions to this problem spring up, and how they can be marketed without sounding "unpatriotic." Let's face it: just because we have nothing to hide doesn't mean we want to have our lives uploaded to government servers. There must be a way to create a "travel" profile on one's laptop or PDA that doesn't unnecessarily expose all of your contact information to surveillance. Some version of backing up the information before you leave, stripping the laptop to bare bones, and then restoring it after you return home.
WASHINGTON--Some critics of the U.S. government's cybersecurity efforts might argue that nothing short of a bomb going off--or, well, purported Chinese cyberattacks on feds' machines--will land the issue more notice.
Without tougher security standards, Americans are in danger of hacker-induced blackouts, some politicians say.
(Credit: Declan McCullagh/mccullagh.org)This time around, the wake-up call for politicians was, indeed, an explosion: In September, U.S. Homeland Security officials revealed that researchers at the Idaho National Laboratory had managed to destroy a small electrical generator through a simulated cyberattack. A few weeks ago, CNN aired a gloom-and-doom segment featuring snips from the once-classified video showing the device going up in smoke.
Although the prospect of that sort of incident causing massive disruption to the U.S. electrical grid , the success of the experimental hack is drawing new calls from Congress for tougher federal security standards on the computer systems that control the nation's power systems.
"I'll be blunt--if this administration doesn't recognize and prioritize these problems soon, the future isn't going to be pretty," said Rep. Jim Langevin (D-R.I.), chairman of a House of Representatives cybersecurity panel that convened a hearing here on the topic Wednesday afternoon.
It's widely agreed that the threats to so-called "control" systems--sometimes known by the acronym SCADA, short for "Supervisory Control And Data Acquisition"--have grown in recent years. That's because more and more of them are being hooked up to "open" networks, including corporate intranets and the Internet, in an effort by their owners and operators to improve efficiency and lower costs.
But there was never much focus on the idea of building security features into those systems when they were first created, and that trend, unfortunately, continues today, said Joseph Weiss, a consultant and nuclear engineer who spent more than 30 years designing, implementing and analyzing control systems.
Feds: We're on it
Government regulators, for their part, say they are growing increasingly aware of those shortcomings and working valiantly to address the problem. Homeland Security's cybersecurity czar, Greg Garcia, told politicians Wednesday that his agency is handing out cybersecurity self-assessment guidelines to control systems operators, offering training to workers in that sphere, and distributing recommended "mitigations" against real-world attacks like the one simulated in Idaho.
And right now, the Federal Energy Regulatory Commission (FERC), which is responsible for overseeing the reliability of the nation's power systems, is considering proposed rules that purport to strengthen cybersecurity standards for the nation's power systems.
That proposal, however, falls woefully short of offering sufficient protections, Langevin and his Democratic and Republican colleagues said in comments filed recently with FERC. One major problem: The proposed rules are written in such a way that they would not even require electric grid operators and owners to install comprehensive security measures on all critical pieces of their systems that, if compromised, could cause significant disruptions, they argued. Instead, they'd have some latitude to focus only on certain components and neglect others.
The politicians are urging FERC to incorporate some of the more comprehensive, stringent standards developed by the National Institute of Standards and Technology, which is considered home to the government's technical experts.
Weiss, the consultant, argued that the infamous blackout that pummeled the Northeast in August 2003 (and was reportedly linked to the so-called MSBlast worm) arguably wouldn't have been prevented by the proposed regulations, but the NIST rules are comprehensive enough to deal with that issue.
Some suggested that the rules may not be up to par because, as required by law, they were devised chiefly by a group called the North American Electric Reliability Corporation (NERC), which was long considered the trade association for the power industry and was recently given legal authority to propose regulations for federal regulators to approve. An entity with those potential conflicts of interest isn't necessarily well-positioned to come up with objective standards, and it's high time for Congress to create a more independent means of devising critically important cybersecurity rules, Weiss said.
Rep. Zoe Lofgren (D-Calif.) appeared sympathetic to that idea and suggested that Homeland Security's cybersecurity division should be granted more authority to help out. "I don't think the energy sector is necessarily the expert on cybersecurity," she said.
NERC Executive Vice President David Whiteley said his organization was open to revising the proposed rules, while Joseph McClelland, director of FERC's Office of Electric Reliability, acknowledged that further improvements should be made before the rules gain final approval.
Although the electric grid was the primary focus Wednesday, threats to the control systems that deal with myriad other types of utilities could also prove, how shall we say, messy.
After all, the first prominent recorded incident of such an act came in 2000, when a software developer in Australia, apparently miffed after being turned down for a government job, used stolen radio equipment to hack into a system controlling a sewage plant. On nearly 50 occasions, he sent malicious code that opened control valves, causing refuse to ooze into nearby rivers and parks.
WASHINGTON--We already know that some aging politicians and bureaucrats are prone to less-than-coherent ramblings about the technological topics that fall within their job descriptions (See: Alaska Sen. Ted Stevens, former chairman of the panel overseeing Internet regulation, "The Internet is a series of tubes," July 2006).
You can imagine what goes through their minds: I really need to show the public that I get it. The only problem is that it doesn't always work.
Take an event held Wednesday at the U.S. Chamber of Commerce, a storied pro-business lobbying group. It was called "RFID Solutions: Securing the Commerce of Tomorrow." Representatives from government agencies, foreign embassies and RFID (that's radio frequency identification) vendors--some of whom were sponsors--came to listen to panels that lauded the benefits of using the track-and-trace chips in everything from pharmaceutical shipments to international relief.
W. Ralph Basham, CBP Commissioner
(Credit: U.S. Customs and Border Protection)Fast-forward to lunch and the chicken cordon bleu. U.S. Customs and Border Protection Commissioner Ralph Basham took the podium. Basham, a former Secret Service chief, launched into a speech about how his agency is the only one he's aware of to use RFID chips "operationally"--that is, they're not just used for building security or employee identification cards, as several other federal agencies do.
Basham boasted that they're currently embedded in "trusted traveler" cards carried by some 325,000 commercial truck drivers and frequent border-crossing commuters.
But before he even began his speech, he treated the audience to this witticism: "I probably couldn't tell you the difference between an RFID chip and a potato chip."
I wondered at first whether I had misheard him. After all, this was the same guy who went on to boast about how tech-enabled his agency is. But after his speech, he did it again. After agreeing to take a few questions from the audience, he reminded the packed ballroom not to ask him anything about chips--oh, "unless it's potato chips," of course.
During his talk, he described each of the RFID-chipped identification programs and sought to dismiss the need for privacy worries about the tactic. That's because the chips don't store any "personal information," Basham said--just a unique identifying number that's read from a distance by a border patrol agent's reader and transmitted through the air. He said such "vicinity"-read ID cards were a proven means of vetting people at the borders and had been used in trusted traveler cards since 1995.
"We are tagging a number, not a human being," he said. Referring to the Canadian and Mexican border-crossing cards, as well as the program for commercial truck drivers, he added: "SENTRI, NEXUS and FAST members do not have to worry about their personal ID or identity being stolen."
The only thing missing, I guess, was Basham proudly sharing with the audience that he couldn't figure out how to get rid of the blinking "12:00" on his VCR.
Score one for the skeptics on the U.S. House of Representatives Homeland Security Committee.
Under fire from politicians citing privacy worries, the U.S. Department of Homeland Security is delaying plans--previously slated to kick in Monday--to begin making detailed spy-satellite images available to a wider range of government agencies.
A Wall Street Journal report in August first revealed publicly that the agency planned on October 1 to open what it has dubbed the National Applications Office (NAO), drawing a rash of questions from politicians who complained they had been left out of the discussion. (Homeland Security has maintained, however, that it did brief congressional intelligence and appropriations committee members on the plans.)
The NAO is described as a "clearinghouse" for what the Bush administration anticipates will be a broader set of requests--particularly by law enforcement, border security and other domestic homeland security agencies--to tap into feeds from powerful satellites that have largely collected data for scientific or military purposes in the past.
Now the House of Representatives Homeland Security Committee is reporting that Homeland Security won't be opening the office as scheduled after all.
That committee in September
Committee leaders formally asked officials to suspend its rollout until they'd received satisfactory information in writing. Last week, they went a step further, asking a key committee controlling congressional spending to execute the archetypal congressional dis: denying the program funding until their questions were answered.
Rep. Bennie Thompson (D-Miss.), who heads the Homeland Security committee, said in a statement Monday that he was pleased to hear the agency was delaying the effort's rollout. But he said so far the committee has so far encountered only "silence" in response to its requests for information and urged the agency to deliver the requested response soon.
Homeland Security department representatives didn't immediately respond to interview requests on Monday seeking further details about what happens next.
