[Politech] Jim Harper replies to Stu Baker on "surveillance-industrial complex" [priv]

From: Declan McCullagh (declan@private)
Date: Mon Oct 18 2004 - 20:14:12 PDT


-------- Original Message --------
Subject: RE: [Politech] Stewart Baker: What's in the water at Cato? [priv]
Date: Mon, 18 Oct 2004 14:38:35 -0400
From: Jim Harper - Privacilla.org <jim.harper@private>
Reply-To: <jim.harper@private>
Organization: Privacilla.org
To: 'Declan McCullagh' <declan@private>

Declan:

I like Stewart Baker and respect his work. I also know that he was the
General Counsel of the National Security Agency, making him deeply
knowledgeable about government spying, if sometimes a little too
accepting of such methods. I'm glad I could pique his interest in
defending the Markle Surveillance Project. He takes his positions and
states his opinions in good faith.

But given his taunt that I slept through 9/11, I believe a better
subject line would have been "Is Jim Harper narcoleptic?" . . .

We should start with first principles. The Fourth Amendment is not about
information parity between the government and the private sector. It
specially restricts the government's ability to collect information
about people. The Framers of our constitution knew the unique power of
governments and hemmed in our government accordingly, for the good. The
fact that the phone company has records doesn't mean the government
should have equal access to them, even if Fourth Amendment law is
currently in tatters.

The Fourth Amendment was not further repealed by 9/11 and I do not
accept the syllogism: "We had 9/11, so [insert policy] is acceptable."
Rather, policies should emerge from the crucible of debate, not from an
echo chamber, as the Markle Surveillance Project appears to have become.

I didn't express all my views in my rant last week, but Stu puts forward
a straw man when he suggests that I wouldn't use technology to upgrade
our country's law enforcement / national security abilities. My Op-Ed in
the San Francisco Chronicle Friday said:

"If there is to be a network, the mission should define the network,
rather than the network defining the mission. Let there be networked
delivery of warrants dealing with particular suspects, and networked
responses to those warrants. Using technology consistent with the
Constitution is perfectly acceptable, and there is no need for new legal
authority if a network serves an existing legitimate purpose."

http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2004/10/15/EDGAB99A971.DTL

Stu says the network should be used to apprehend "suspect[s]" and
"killers," so perhaps he and I have no disagreement. A network for
serving and responding to search warrants would be terrific. But the
Markle Surveillance Project did not suggest such a limited scope - and
the Senate took that advice. I would be delighted to learn that Stu
would confine sharing of personal data on this network to constitutional
limits, but I doubt it. So, continuing . . . .

Did the lack of a government surveillance network stand in the way of
apprehending al-Queda killers in the weeks before 9/11? It's more
evident that the government did not recognize them as killers, so no one
was looking for them all that hard. I believe one or two people were
quite agitated about the threats, but these voices were ignored. The
Markle Surveillance Project holds no cure for absence of foresight - or
for narcolepsy - in our national security infrastructure.

Which brings us to human intelligence. Few recognize that a U.S. agent
had infiltrated the al-Queda network and audaciously met with Osama bin
Laden while 9/11 was in the planning stages. He gained valuable
information about bin Laden, al-Queda, and its operations *without even
trying*.

Alas, John Walker Lindh was an agent of a jackass spiritual quest rather
than the U.S. government. Our national security apparatus seems to have
been attending to the maintenance of butt-prints in swivel chairs at the
time this dirt-bag - sorry, wanderer - from Marin was infiltrating
al-Queda.

Hindsight is 20/20, the terrorists were stupendously lucky, and I don't
blame the national security bureaucracy for proximately allowing 9/11.
Neither do I shrink from a fact that is clear to everyone who was awake
for 9/11: They failed.

Today, the surveillance-industrial complex is telling the national
security bureaucracy that a surveillance network will do the trick. This
must be a pleasing message because it suggests that the bureaucracy
didn't fail to prevent 9/11: No, it was a lack of technology. Maybe
further comfort comes from building a domestic surveillance network
because it seems to minimize the need to rise from those swivel chairs
and put boots on the ground in some very dangerous foreign assignments.
The Markle Surveillance Project helps carry all these messages forward.

But I'm not an expert in the ways of national security or international
espionage (obviously). I'm a privacy advocate, skeptical of domestic
surveillance. Stu did not answer the central argument I made about the
Markle surveillance roadmap, which I repeat here:

"[R]ules, protocols, and oversight boards will be impediments to the
institutional interests of those operating this surveillance system,
including not only the law enforcement/national security bureaucrats,
but also the growing number of companies in the surveillance-industrial
complex.  They will work quietly and diligently over years to dismantle
the limits placed on them, making a mockery of the 'careful balance'
supposedly struck by the Markle Surveillance Project."

I welcome Stu or anyone pointing out a government program that has
shrunk due to completion of its mission or become less invasive or
acquisitive over time. Looking for one leads to an inevitable
conclusion, the one I stated in the paragraph just above.

I do appreciate having a Plan named after me, and I think the Harper
Three-Point Plan for Worldwide Happiness (protection against tools and
methods of attack, HumInt, and promotion of liberty) survives Stu's
derision intact.

Jim



Jim Harper
Editor
Privacilla.org
and
Director of Information Policy Studies
The Cato Institute









-------- Original Message --------
Subject: Re: [Politech] Stewart Baker: What's in the water at Cato?  [priv]
Date: Mon, 18 Oct 2004 17:23:58 +0200
From: Mickey Coggins <mick@private>
To: sbaker@private <sbaker@private>
CC: Declan McCullagh <declan@private>
References: <4173CD2A.1000409@private>


 >Jim Harper seems to have slept through September 11.  In the weeks before
 >the attacks, we identified two of the hijackers as al-Qaeda killers, knew
 >they were in the country, but couldn't find them -- even though they had
 >drivers licenses, phones, etc., in their own names.  And, until we have a
 >method for rapidly checking private databases for suspects, we still won't
 >be able to find them.

Were "we" looking for them?  It seems like the FBI had all
the information they needed to know all about the upcoming
attacks, but could not get themselves adequately coordinated
to use this information.

  http://www.time.com/time/nation/article/0,8599,249997,00.html

 >At bottom, the task force recommends that the government use -- with
 >safeguards -- capabilities that the private sector already uses with
 >enthusiasm.  If Sprint can already tell that Messrs Atta and al-Hazmi 
make a
 >lot of phone calls to each other and to Afghanistan, and can use the
 >information to offer them cheap long-distance, most of us would like our
 >government to use the same information to keep our families alive.

How on earth would knowing that people call Afghanistan help prevent
a terrorist attack?  Unless you can read someone's mind, you can't
know what people are going to do before they do it.  Once "they"
know that we monitor everything, they'll just do it a different way,
but we're all stuck with the gargantuan bureaucracy, and privacy
invasions.  Get real.  Assuming that there really are a bunch of
crazy "freedom-hating terrorists" out there, none of the stuff
recommended will help catch them.

I won't even get into my personal feeling that we're just trying
to put steam back into a kettle of boiling water.  We need to spend
our energy looking at what our government is doing to cause these
people to want to use terror on us, not finding more ways to bloat
that same government with more power to spy on us.

Best regards,
Mickey


-- 

Mickey Coggins




-------- Original Message --------
Subject: Fw: [Politech] Stewart Baker: What's in the water at Cato? [priv]
Date: Mon, 18 Oct 2004 12:52:04 -0700
From: Fred Heutte <phred@private>
To: <declan@private>

Stewart Baker's response to Jim Harper slips past two
critical points about the difference between governmental and
private use of corporate customer data.

First, the government has powers and responsibilities different
than corporations.  The risks for misuse of such data by the
government is on a far different level than of the corporation
itself.  If Sprint knows when and where I made my phone calls,
that's one thing.  If a federal law enforcement agent with a
vendetta against something I believe in, like free speech, has
access to that data, it opens up a much larger realm of threats
and pressure even though I have done nothing illegal at all
except exercise my Constitutional rights.

Second, the power of databases is synergistic.  A federal agent
having both bank statements and phone call data can do much more
with the combination than with just one or the other.

The law rightfully allows law enforcement to receive this kind
of corporate customer data in cases of likelihood that a crime
has been committed or there is a substantive threat to national
security.  But they have to go before a judge and get a warrant.
The question is the standard that such a request must reach.

The "PATRIOT" law relaxed existing provisions to a dangerous
degree, in my view, in the name of increased security but with
the likely effect of making it more convenient for federal
agencies to intrude on the affairs of law abiding citizens.

That's not the way to do things under our Constitution.

I read the Markle summary and thought it had some good points,
but I also find merit in the criticism.  The restraints needed to
prevent government from acting with arbitrary authority against
those holding opinions it doesn't like must be far stronger than
before because of the synergistic effect of customer information
databases.  Those of us who are involved with database management
for a living know this is a matter of the greatest import.

Finally, I am worried by the tone of Baker's response.  Aside
from the passive-aggressive form so popular with the TV shouters
("seems to have slept through September 11"), I get the sense
that Baker feels the topic is closed to discussion and nothing
can be done to improve the Markle proposal.  This is all too
similar to the attitude that prevailed during the passage of the
"PATRIOT" law.

Three people attending a Bush campaign rally in southern Oregon
last week were ejected by police on the demand of the campaign
because they were wearing shirts that said, "Protect Our Civil
Liberties."

I'm not willing to give an administration so relentlessly
antagonistic to criticism and debate any quarter whatsoever on
the matter of access to private information.  I'm not sure I expect
the Democrats to be much better on this either; it always amazed
me what a former professor of constitutional law, Bill Clinton,
supported during his tenure, on matters ranging from the Clipper
Chip to the Anti-Terrorism and Effective Death Penalty Act of
1996 to other actions of his administration diminishing civil
liberties and the Fourth Amendment.

The Founders were right to build strong protections against
arbitrary government power into our Constitution.  The threat of
terrorism is serious today, just as was the threat of sedition by
partisans of the Crown in 1789.  But the extent to which there is
suppression of vigorous debate and legal activity by government
in the name of security will, in the end, have more bearing on
the real substance of our future security.

Fred Heutte
Portland, Oregon

------------------------

(Portland) Oregonian
10/18/1004

The three women were ordered, under threat of arrest, to leave
the president's rally in Central Point. They said a volunteer
objected to a statement on their T-shirts, "Protect Our Civil
Liberties." . . .

Tonia Tong, a Medford schoolteacher who was one of the three
women removed from the rally, also participated in the
conference call. She said the trio had agreed to remain quiet
during the event and had successfully passed three security
checkpoints.

But she said a volunteer helping with security stopped one of
the three women, Janet Voorhies, when she tried to go to the
bathroom. The volunteer told her they were no longer welcome and
would have to leave the event. The women said they were escorted
out of the Central Point fairgrounds by police officers and
threatened with arrest if they did not comply.







-------- Original Message --------
Subject: Re: [Politech] Stewart Baker: What's in the water at Cato? [priv]
Date: Mon, 18 Oct 2004 16:11:29 -0500
From: Jim Davidson <davidson@private>
To: Declan McCullagh <declan@private>
CC: sbaker@private, info@private

Dear Declan,

Fascinating stuff.

 > Jim Harper seems to have slept through September 11.

That's a harsh and unfair criticism.  My friend John Perry did not
sleep through 11 September 2001.  He died attempting to rescue others
in the WTC.  He was a police officer and a lawyer and he was against
the abuses of the identity state and the war on drugs.

I think it is wrong to assert that Mr. Harper was asleep during the
attacks in 2001 if Mr. Harper doesn't happen to agree with using that
event as a Reichstag fire to justify wand raping Americans at the
airports or otherwise invading their privacy.  Moreover, I think it
is wrong to remember John Perry and the other victims of 11 Sep 2001
by using their deaths as a pretext for further erosions of liberty.

 > In the weeks before the attacks, we identified two of the hijackers
 > as al-Qaeda killers, knew they were in the country, but couldn't find
 > them
 > -- even though they had drivers licenses, phones, etc., in their own
 > names.

I am always curious about the plural pronoun "we" in these instances.
Who had identified two of the hijackers?  Mr. Baker?  Persons of
steptoe.com? Apparatchiks of the Markle "task force"?  Or persons in
the USA fedgov?

If the latter, why am I filled with "not surprise" that the government
was incompetent at finding people who were determined to harm Americans?
According the the "9/11 Commission" report one of the organizers of the
Nairobi and Dar es Salaam embassy bombings was USA military trained.

Apparently, having driver licenses and phones and perhaps even credit
cards does not expose someone who doesn't wish to be exposed.  Unless
Mr. Baker manages to get all private economic transactions banned and
manages to get all Federal Reserve note money implanted with tracking
chips, people who do not want to be found will continue to use cash
and private transactions.

 > And, until we have a method for rapidly checking private databases for
 > suspects, we still won't be able to find them.

The problem with this assertion is that it suggests that the proposed
methods for rapidly checking private databases would have turned up
these suspects.  However, that isn't at all clear.  Unless all hotels
wand rape everyone who comes through their doors, it is still possible
for one person to rent a hotel room and invite guests to visit.  The
hotel may be the unwitting host to wanted criminals, whose identities
would not ever appear in the private databases Mr. Baker seems so eager
to compromise.

In fact, again according to the "9/11 Commission" report, several of
the hijackers were singled out for special security attention at the
airports.  In other words, they were identified, presumably from the
"private" databases of the airline companies offering up traveler
information on a wholesale basis to the government as collaborators
with the earlier Nazi regime were able to do only on a retail basis.
Yet, even with this terrible invasion of privacy and horrific amount
of data from private airline databases on who was traveling on 11 Sep
2001 the government failed to interdict the hijackers, leaving
dozens of air travelers and thousands on the ground with limited
options for their safety.

In fact, again, according to the "9/11 Commission" report, the very
distributed nature of postmodern terrorist methods left it up to the
passengers of the four hijacked airliners to gather their courage
and thwart the hijackers.  In the event, only one airplane had
passengers
who were alert enough and convinced that obeying the hijackers would
also get them killed to attempt to defend themselves and those on the
ground.  The report informs us that we owe a debt of gratitude to those
who fought that day armed with pocketknives and toenail clippers and
other implements of self-defense which are now banned on all airlines.

In other words, in order to secure the safety of future flights, the
very people most capable of defending against a distributed threat
have been further disarmed.  Passengers who have qualified in their
states for concealed carry permits or are otherwise authorized to
keep and bear arms continue to be disarmed at every boarding checkpoint,
continue to be subjected to unwarranted searches and unreasonable
seizures by a cartelized airline industry and its federal security
authorities.

My friend John Perry once told me that he became a police officer in
part motivated by his desire to live in New York City and still
exercise his freedom to keep and bear arms.  It was not a failure
of information access for agents of the Geheimstadt Polizei which
caused John's death, but a lack of access to effective weapons of
self-defense on the part of air travelers.

 > Evidently that's fine with Jim.

I would certainly be curious about Mr. Baker's evidence for this
statement of "evidently."

 > He'd rather rely on three other techniques,

Perhaps Mr. Harper would rather not rely on techniques that have
failed in the past, which seem destined to fail in the future, and
which thwart the Bill of Rights protections guaranteeing Americans
that they should be safe in their papers, persons, houses, and
posssessions from unreasonable searches.

 > which seem to be teaching Arab kids to read,

Teaching Arab children to read is not a bad idea.  Mr. Baker seems
to favor illiteracy for Arab children.

If children in Islamic countries were encouraged to read, they might
be inclined to read the Koran and thereby learn of its admonitions
against shedding innocent blood.  I gather Mr. Baker is against any
sort of enlightenment, because he seems to be against any sort of
religious or individual liberty.

 > huddling behind more and higher blast walls,

Blast walls and other physical security certainly has its place. But,
for a distributed threat to be met effectively, it has to be met by
a distributed defense, a defense in depth.  If American civilians are
to be considered front line soldiers in the war on terror, they should
not be sent into combat unarmed.

 > and using something called "human intelligence" -- unaided by
 > any technical advances made during Steve Jobs's lifetime.

It is curious to me that Mr. Harper is being accused of wanting
intelligence agents to be unaided by computer technology.  I do not
find anything in Mr. Harper's words that merit such an accusation.

 > Evidently recognizing that nobody else is likely to feel safer under
 > the
 > Harper Three-Point Plan, he also trashes the report by misstating its
 > impact.

Yes, trashing the opponent does seem to be part of this discussion.

 > His claim that dozens of laws will have to be amended is flat
 > wrong.  There is already plenty of legal authority for gathering
 > information
 > from private sources.

Curious then, that the 11 Sep 2001 attacks were so successful.  Data
was gathered from private sources and several of the hijackers were
subjected to increased scrutiny at the airports, yet they were still
able to board planes and use them as weapons.

Maybe Mr. Baker's securitat apparatus won't make anyone actually safer,
though it may make Mr. Baker feel better.

 > The charts simply set forth existing law, without
 > proposing to water down any of them.  In fact, the safeguards
 > recommended by
 > the Markle task force actually add restraints to the government's
 > current
 > capabilities (a fact that gave me real pause when I was part of the
 > task
 > force).

I can only imagine the pause, and its length as measured in picoseconds,
Mr. Baker displayed toward any restraint of the machinery of government
which might serve as a modicum of safeguard for the liberties guaranteed
by the Constitution.

 > At bottom, the task force recommends that the government use -- with
 > safeguards -- capabilities that the private sector already uses with
 > enthusiasm.

I wonder if the task force recognizes that government is a "terrible
servant and a fearsome master."  I wonder if the task force recognizes
that private sector use of data is fundamentally different from the
government use of the same data, given that the private sector has not
been formed under a constitution limiting its power, but government has.
Or are constitutions an old fashioned thing we shouldn't concern
ourselves
with?

 > If Sprint can already tell that Messrs Atta and al-Hazmi make a
 > lot of phone calls to each other and to Afghanistan, and can use the
 > information to offer them cheap long-distance, most of us would like
 > our
 > government to use the same information to keep our families alive.

One must suppose, then, that the tyranny of the majority is at hand.
The constitution is brought low and the monster of governmental power
and authority is unleashed.  We already see that government providing
pan et circenses to the masses to keep their loyalty, even as it offers
them up to the warfare machine to be obliterated in distant lands.

Sprint may well have been able to tell that its customers were making
phone calls to each other and to Afghanistan.  Of course, it is
possible to buy phones and phone services from other companies and
pay cash without providing any identity information whatever.  I
gather that Mr. Baker would outlaw such private transactions.  It
would still remain possible for Mr. Unknown to buy a phone and pay
for its services while handing it over to Mr. Terrorist for use.
But, I suppose, Mr. Baker would favor checkpoints at every major
freeway intersection so that every cell phone would be found and
identified along with the person in possession.

Having apparently agreed to eliminate the Fourth Amendment's
protections against  unreasonable searches and seizures, I suppose
Mr. Baker would be just as inclined to do away with the due process
protections of the Bill of Rights and allow for summary roadside
executions of those who have cash or gold or "unregistered" cell
phones or the phones of some third party in their possession.

Perhaps the majority would like to give up all their liberty for a
bit of imagined safety.  If one considers the record of governments
in the 20th Century imprisoning, torturing, maiming, and killing
civilian populations, I do wonder at this rush to empower government
with more tools to limit liberty, establish injustice, and provide
for the general slaughter.

Regards,

Jim





-------- Original Message --------
Subject: Re: [Politech] Stewart Baker: What's in the water at Cato? [priv]
Date: Mon, 18 Oct 2004 16:08:10 -0400 (EDT)
From: Dean Anderson <dean@private>
To: Declan McCullagh <declan@private>
CC: sbaker@private

On Mon, 18 Oct 2004, Declan McCullagh wrote:

 > Jim Harper seems to have slept through September 11.  In the weeks before
 > the attacks, we identified two of the hijackers as al-Qaeda killers, knew
 > they were in the country, but couldn't find them -- even though they had
 > drivers licenses, phones, etc., in their own names.  And, until we have a
 > method for rapidly checking private databases for suspects, we still 
won't
 > be able to find them.

Actually, its much worse than simply having drivers licenses.  The
hijackers had pilot's licenses (student, then private, then commercial) as
required to attend FlightSafety's 757 Training program.  The FAA list of
names and addresses of pilots is public information, and is used by
marketers. Not only could you call the FAA and get the (correct for the
hijackers) home address information, but the FAA will sell the entire
database to anyone who wants it.

When you combine this with the Presidential Daily Brief (PDB) report that
AlQuaeda was interested in hijacking aircraft, and the PDB report that
AlQuaeda was interested in learning to fly (both reports given to the
President and select staff), it seems incredible that these names weren't
checked with the FAA.

It is no exaggeration to say that if _I_ had the PDB's and the names, I
could have found the hijackers. Surveillance of the hijacker pilots would
have easily disrupted the plot.  No one bothered to check to see if the
known bad guys were actually learning to fly, even after the PDB about
AlQuaeda learning to fly.

 >

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Mon Oct 18 2004 - 20:55:00 PDT