When Data Security Meets National Security

Syed Rizwan Farook, the male shooter in the December 2, 2015 San Bernardino terrorist attacks, carried an iPhone 5C that was owned by the county public health department, where he worked as an inspector.  After the attack, the county consented to the FBI’s search of Farook’s phone, but it runs on Apple’s iOS9 operating system, which is built with default device encryption — and, after two months of trying, the FBI hasn’t been able to break through the phone’s data security features.

The FBI believes the phone may hold data, such as in contact lists, photographs, or instant messages, that could materially assist in the investigation and potentially identify others, in the United States and overseas, who assisted Farook.  So, what to do?

The FBI went to a federal magistrate judge, who ordered Apple to help the FBI unlock the iPhone by disabling the feature that wipes the data on the phone after 10 incorrect tries at entering a password.  That would allow the government to keep trying new combinations, without deleting the data.  Apple says only the phone’s user can disable that feature, but the court order requires Apple to write software that would bypass it.

Apple is resisting the court order, saying that such software would be a back door to the iPhone and is too dangerous to create.  “Once created,” Apple CEO Tim Cook said, “the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”

National security and counterterrorism specialists say Apple should be a “good corporate citizen,” comply with the court order, and help in the investigation of one of the worst terrorist attacks in U.S. history.  Privacy advocates agree with Apple that the government is overreaching, and argue that the court decision could set a precedent that would undermine the privacy, and security, of everyone’s handheld devices.  So Apple will appeal the court order, and no doubt other technology companies and interest groups will weigh in, in court and in the court of public opinion, about the propriety of the order.

We’ll have to see how the appeal plays out, but for now we can draw some conclusions.  First, Apple’s default encryption system must be pretty robust, if it can withstand two months of probes and hacking efforts by a highly motivated FBI.  Second, in the post-Edward Snowden world, there is a huge amount of mistrust for our own government and an obvious unwillingness to hand them any code, key, or software that could then be used in another mass governmental data-gathering effort.  And third, with cell phones now ubiquitous world-wide and serving as wallets, photo albums, Rolodexes, mailboxes, message centers, internet search devices, and home to countless apps, all in one handy device the size of a playing card, we’re going to see more and more of these collisions between data security and national security in the future.

About Accepting Those 65,000 Syrian Refugees . . . .

Details are still sketchy in the aftermath of the horrific Paris terrorist attacks, but it appears that at least one of the killers was part of the wave of Syrian refugees that has come to Europe in recent months.  The French Prime Minister says he believes the attacks were planned from Syria, and intelligence agencies are fearful that ISIS, the organization that is claiming credit for the Paris atrocities, has implanted terrorists among the flood of refugees.

At Saturday night’s Democratic candidate debate, Hillary Clinton restated her view that the United States should accept 65,000 refugees, far more than the 10,000 President Obama originally proposed.  Obama Administration officials have discussed accelerating the process of vetting refugees for admission to the U.S. and defended the idea of accepting Syrian refugees, arguing that the refugees have suffered through the horrors of war and that “we can’t just shut our doors to those people.”  Republicans, on the other hand, contend that the security risks of accepting the refugees is simply too great.

This is one of those issues where the heart and the head tug in different directions.  The heart takes seriously the Statue of Liberty’s pledge to welcome the huddled masses yearning to breathe free and wants to help the downtrodden whose lives have been destroyed by terrorism and war.  The head, on the other hand, recognizes that allowing thousands of refugees to come to America inevitably increases the risk that terrorists might be among their midst, ready to pursue Paris-like atrocities on American soil.

The key point, for me at least, is whether the United States really can perform effective screening of refugees.  In Europe, where hundreds of thousands of refugees have been accepted, the vetting procedures have been slapdash at best.  The Obama Administration and Mrs. Clinton say the United States can perform a more thorough and careful investigation before allowing refugees into the country — but I’m skeptical of that claim.

Background screening presupposes the possession of accurate background information.  When employers check the job history or criminal record of applicants, they use public records and established data sources.  Do we actually have access to similarly reliable information about purported refugees from a war-torn land that has never been a friend to the United States?  Are we going to accept a Syrian passport at face value?  Even if we could determine whether an individual is in fact a Syrian national, how do we confirm that they haven’t been radicalized by ISIS?  All of these seem to be insurmountable problems with any meaningful screening process — and if you are accepting tens of thousands of refugees, only a small fraction of screening failures could produce catastrophic results.

The deadly Paris attacks raise legitimate questions about the security risks presented by accepting Syrian refugees, and if we don’t at least consider those questions in establishing our own policy and procedures we have only ourselves to blame.  It is not xenophobia to require some assurance that we can make meaningful screening decisions about whether a particular person who claims refugee status is, or is not, an ISIS terrorist-in-waiting.  Until such assurance can be provided, the better policy may be to honor our humanitarian impulses by working to establish safe havens for refugees within Syria itself.

Guys And Their Flies

It’s a story as old as the human race:  a powerful older married man has an affair with a younger woman, his indiscretions are discovered, and his career comes crashing down.

The latest example, of course, is former CIA director and four-star general David Petraeus, who resigned after his affair with his biographer, Paula Broadwell, was discovered.  Petraeus, 60, apparently began his affair with Broadwell, 40, shortly after he resigned from the Army, and the affair continued during his service as CIA director until it ended four months ago.  The affair became public when the FBI began investigating whether Broadwell had violated federal cyber-harassment laws by sending threatening anonymous e-mails to another woman.  During the investigation, the FBI traced the e-mails to Broadwell’s computer, where they found explicit and salacious e-mails between Petraeus and Broadwell that evidenced their affair.

Petraeus, who has been married to his wife Holly for 38 years, regrets his indiscretions and says he showed “extremely poor judgment” in having the affair.  No kidding!  He not only betrayed his vows to his long-time wife, he also could have jeopardized classified information given his critical role at the CIA and his access to top-secret information.  Fortunately for Petraeus and everyone else, there is no sign that his tryst with Broadwell compromised national security.

Why do some powerful older men act so stupidly and recklessly?  Is it vanity, or a belief that they are beyond reproach, or is it just that they aren’t thinking at all — at least, not with the right body parts?  After the public disclosure, and the ritual actions of apology and contrition by the disgraced individual are played out, it’s tough to ferret out what really motivates such actions.

It’s a lesson for the rest of us, too.  Behind the carefully controlled and cultivated public image of powerful people, a silly, embarrassing inner adolescent may be lurking and ready to burst forth at any time.  We should all keep that possibility in mind the next time we think a public figure may be perfect and we are told to implicitly trust their judgment on important matters.

The Value Of In Person, Versus In Writing

The recent attacks on U.S. embassies and consulates in Egypt, Libya, and Yemen have come on the heels of reports that President Obama has missed more than half of his daily intelligence briefing meetings.  And, in the wake of the embassy attacks, The Independent, a British newspaper, is reporting that the the U.S. received warnings of attacks on U.S. embassies and consulates but did not respond to them.  The Obama Administration flatly denies the latter report.

The Obama Administration doesn’t deny that the President has missed a lot of his daily intelligence briefings but argues that missing the meetings really isn’t that important because the President can get all the information he needs from briefing books.  As the writer of the linked article points out, that position stands in contrast to earlier reports in which Administration sources contended that the daily meetings were important and were well handled by the President.

I don’t doubt that President Obama gets lots of information in writing and reads it carefully.  In addition, some complicated concepts are better explained on paper.  Still, I think face-to-face interaction must play an important role.  Obviously, you can’t ask questions of a briefing book, but there are other important elements to in-person discussions.  The act of preparing for such meetings — finishing the review of briefing books in advance, preparing questions, deciding where to focus — itself has value for the person leading the meeting.  Attending such meetings shows that you attach importance to what the other participants do and thereby encourages them; attendance also permits give-and-take, brainstorming, and free-wheeling discussion that simply can’t be replicated by a written document or an email exchange.  Finally, humans communicate a lot of information through facial expressions, gestures, tone of voice, and other methods that can’t be translated to writing.

I’m not saying that President Obama could have waded through intelligence information and pieced together clues that would have alerted him to the impending attacks if he had regularly attended the daily intelligence briefings, as President Bush apparently did.  What I am saying is that national security issues are a crucial part of the President’s job, and that attending meetings where the President participates, in person, in discussions about intelligence and threat issues is an important part of doing that job the right way.  I don’t know why President Obama has missed so many of these meetings, and what other events took priority on his schedule.  In view of this week’s events, however, I think he, and we, would be better served if he made it a point to make those meetings.

Taking a Different Direction

I too agree with President Obama and Bob for that matter regarding the president’s decision not to release the photos of Osama bin Laden. The president made a number of very good speeches early in his presidency that have led me to continue to be supportive of him and his efforts.

This speech was given by the president at the National Archives back on May 21, 2009 a few months after his oath of office. I am not as articulate in my writing skills as Bob is, so I thought it best to let the president speak for himself.

If you scroll to 32:18 in the president’s speech below he discusses his campaign pledge of government transparency and his decision making approach when that transparency conflicts with our national security.

“Nothing would be gained by the release of these photos that matters more than the lives of our men and women serving in harms way”. I could not agree more !

The U-Trou Bomber (Cont.)

Recent congressional testimony has shed some interesting light on the treatment of Omar Abdulmutallab, the U-Trou Bomber, after his failed attempt to blow up a Northwest flight to Detroit on Christmas Day.  Various intelligence officials testified that they were not consulted on how best to deal with Abdulmutallab, who was promptly charged with a crime, read Miranda rights, and provided with a court-appointed lawyer.  Although the Obama Administration claims that Abdulmutallab provided some intelligence information, no effort was made to have him questioned by intelligence officials to see whether he could provide even more information.  Even the Washington Post, in an editorial published yesterday, has criticized that approach.

From the standpoint of constitutional rights and protections, a foreign national clearly is different from an American citizen, and an attempted terrorist attack undertaken pursuant to instructions from an entity that is at war with the United States is different from a criminal act.  Moreover, national security considerations related to getting fresh, actionable intelligence from the failed attacker may trump whatever minimal constitutional protections might apply at the point the terrorist is first detained.  If Abdulmutallab could have provided immediate intelligence on the whereabouts of the al Qaeda operatives who trained and equipped him for his mission, such that we could promptly target and respond to those operatives, that possibility should have been incorporated into the analysis of how to deal with him.   For all of these reasons, simply equating a foiled terrorist with a common criminal and treating them in the same way seems foolish and dangerous, unnecessarily hamstringing our ability to fight a shadowy organization committed to doing us harm.

I hope that the Obama Administration revisits its procedures and at least involves its intelligence agencies in the decision-making process the next time a failed terrorist is caught.  Unfortunately for all of us, these kinds of opportunities aren’t commonplace.  The U-Trou Bomber failed only because his ignition device misfired.  How often will we have the chance to obtain fresh intelligence from a shaken, unsuccessful terrorist?  Let’s hope that, if there is a next time, we take better advantage of that opportunity.

The U-Trou Bomber (Cont.)

The U-Trou Bomber (Cont.)

The U-Trou Bomber

What Do Bureaucrats Do, Anyway?