Wednesday, April 8, 2009

Cybersecurity 2009

In the Navy we used to have a lot of inspections.

Inspections, of course, aren’t unique to the Navy, they are a common occurrence in any branch of military service.

In the Navy we had uniform inspections, zone inspections, maintenance inspections, readiness inspections, equipment inspections, weapons inspections, security inspections, classified materials inspections, pre-deployment inspections, engineering inspections, fire and safety inspection, medical inspections, required publications inspections, and, well, hell, we had a lot of inspections.

Periodically, we’d also do something called a Health and Comfort inspection. A H&C is where senior NCO’s inspect the personal belongings of each junior member of the crew and the crew’s living quarters. The senior petty officers and the Chiefs would go through each crewman’s locker, both coffin and stand-up, their rack (a Sailor’s bunk area), and sometimes even require that a Sailor turn out his or her pockets. The senior Petty Officers were inspected by the Chiefs, the Chiefs by the Officers, the Officers by the Executive Officer and the XO by the Captain. (Generally, the Captain doesn’t get subjected to a H&C, rank hath its privileges after all – though if it became necessary that inspection would be conducted by the squadron Commodore.)

In an H&C inspection what we’re looking for is contraband. Drugs and alcohol, unauthorized weapons, hazardous materials, stolen property, health concerns, and like that. Sometimes a Health and Comfort inspection is announced in advance, but most times an H&C is conducted as a surprise inspection. All H&C’s turn up something. When I was an instructor at the Naval Technical Training Center in Pensacola, the command ordered an H&C of the student barracks for the first time in years (the Navy was undergoing a major post-Tailhook overhaul at the time). The pile of illicit booze stacked up in the courtyard was taller than my head and twenty feet in diameter. The pile of weapons was almost as big. The pile of sex toys and pornography was equally impressive (Contrary to popular belief, pornography is not permitted in Navy barracks, especially post Tailhook). The biggest pile of all was the heap of unauthorized electronics, everything from electric razors to computers to TVs and game stations and especially hot plates and coffee makers. It’s not that you can’t have such things in a Navy barracks room, it’s that they have to be electrically certified first by the Electrical Safety Officer or one of his flunkies. You bring your electronic device to the electronic shop during the approved hours, and a tech inspects the device (grounding check, cord in good repair, no exposed wires, etc) and slaps a certification sticker on it, or tells you that you either need to get it fixed or toss it in the dumpster as a safety hazard. In addition, any equipment involved in food preparation has to be inspected by medical – your coffee pot for example, or your microwave oven. Shore commands vary in their enforcement of the the electrical safety program, but ships are fanatical about it. And, just for the record, during a ship’s Admin inspection, the Electrical Safety Inspection program gets inspected.

We inspected people, specifically their bodies. There’s an old saying in the military, Your soul may belong to God, but your ass belongs to Uncle Sam. We checked that haircuts and mustaches and ear hair were within regulations. We checked that fingernails were clipped, and, in the case of woman, painted in an approved color. Medical and dental checkups were mandatory. In the military, you don’t have the option of avoiding the dentist, or your yearly prostate finger wave, or your annual pap smear, or your Anthrax inoculation, or wandering around with a case of the crabs. You want a tattoo, you need permission (though this is rarely enforced outside of special forces and special programs where identifying personal marks can have an impact on your career). Piecings are also strictly controlled, and you can get into serious trouble for it. (sometimes in a hysterically funny fashion. I once saw a young maintenance tech grab his crotch, start screaming like an axe murder victim, and dance around spastically while looking for all the world like he was trying to yank his own reproductive organ off through his coveralls. Seems the gold rings he recently had placed in his scrotal piercings where picking up excesses RF radiation from a high power amplifier that he had gundecked the safety procedures on – right before switching it on for a full power test. Exactly like a spoon in a microwave, those gold rings got hot, fast. Really hot. (Actually a good thing, because the metal heated first, alerting us to the problem and causing an immediate manual shutdown of the amplifier before the microwave energy could bake us. From then on we referred to that as the “Electromagnetic Ball Detector.” Yeah, that kid didn’t last long in my unit. Trust me. Failure to replace a shield, then forcing the safety switch so the amp would power up anyway is a level of stupid that almost defies comprehension. There’s a reason why you remove all rings and metal object from your person when working on such equipment, and strict rules and inspections to ensure compliance with procedure).

Basically, in the Navy we inspected everything – including personal communication. There is no such thing as private communications on a US military facility – especially shipboard. All incoming and outgoing email is scanned, usually electronically but sometimes by a real live human censor, for sensitive information. I happen to know a former Navy Captain who was masted before the Admiral and forced to retire his commission under other than honorable circumstance for displaying the bad sense to discuss the extramarital affair he was having - with a junior enlisted man’s wife while his own wife lay dying in the hospital from cancer no less - via shipboard email and chat. Every phone call from a US government facility is subject to monitoring, every one. This includes cell phone communications. There’s a big sign outside the gate of every US military and government facility that specifically calls out US Code, Title 10 and that by entering the base or facility you implicitly consent to monitoring and inspection. Period and no exceptions.

And you know what? Those inspections and monitoring work, for the most part. Despite the sometimes incredible dangers inherent in the military, we have a lot less accidents, per capita, than most civilians. Those intrusive, privacy violating, Health and Comfort inspections save lives and demonstrably increase the safety of the majority. Those electrical safety inspections have prevented countless fires – and in the confines of a ship or a crowded barracks those fires could have killed or injured hundreds and cost the taxpayer billions. Those mandatory medical and dental inspections have saved countless lives and improved the health and safety of millions of military personal. Those phone calls we monitor? Not a month goes by that we don’t catch somebody divulging classified information, usually accidentally. Those mistakes can cost lives and again billions, and have.

Now, show of hands, how many of you would like to live like that?

Really? Why not?

If you’re following the rules, regulations, and laws – why wouldn’t you want to live under a system that significantly increases your health, safety, and security?

Close inspection of military personal, their equipment, their communications, their health, and personal effects can be demonstrated to have significantly increased safety, security, readiness, wellbeing, and saved the taxpayer untold billions. I think that it could be demonstrated that if we decided to ditch the Constitution and subject every American and other resident of this country to the same type of inspection and monitoring, the general safety of citizenry would be significantly increased. Seriously, how many deaths would be prevented each year if the fire department conducted a bi-annual inspection of your house? Checking that you’ve replaced your smoke detector batteries and aren’t storing your gas cans next to the water heater? Maybe we should make it mandatory that you get all of your electrical appliances checked by a tech down at the local town hall, how many electrical fires would be prevented as a result? Ask yourself how many cases of food poisoning could be avoided by having the health department come in once a month and check to make sure you are properly cleaning out those nasty leftovers in the fridge and scrubbing your counters once in a while. How about those medicine cabinets? How many of you have expired or excess medicine that should have been thrown out long ago, just waiting for your kids to decide they look like fun? Hell, here in Alaska, you can’t buy cold medicine off the shelf, you’ve got to get it from the pharmacist behind the counter. Supposedly this keeps the kids from turning Sudafed into a recreational drug, but once you bring it home there’s nothing to keep it out of your little coke dealer’s hands. You wouldn’t have that problem if the BATF came through once a month and made sure you were storing your medicine securely. What about Schedule 1 drugs? How many of you are sure you don’t have illegal drugs in your house? Are you sure that your kids, or their friends, or that asshole from the office who came to your party last week, didn’t bring some in? Don’t you want to know for sure? BATF should bring along a couple of drug dogs on their monthly visit. Now I know no Stonekettle Station regular would have illegal downloads, but many people have copies of movies or music they didn’t pay for. That’s a crime. They’re stealing money from the entertainment industry and that costs all of us. Why shouldn’t the recording industry enforcers have the right to inspect your computer periodically? How many people fudge on their taxes? How about home businesses, are they complying with all the laws? Even when nobody is looking? Maybe the IRS should perform surprise audits of every citizen on a periodic basis – seriously here, isn’t that in the public interest? How about our kids? Sexting, you know what that is? You should, it’s the hula-hoop fad of the new millennium. It’s when you send naked pictures of yourself or others from your camera phone via video texting. How many of your kids are doing this? A hell of lot, actually, according to recent figures, and wouldn’t you want to know if it was happening in your house? If your kid is underage, it’s child pornography. It could also be solicitation of a minor. It could be public indecency. Hell it falls under a lot of statutes. Now, if people knew that NSA was monitoring every picture sent across the web, with serious consequences for those involved, wouldn’t that cut down on a heinous crime? How about those people you hear about who keep dead relatives around for years, stuffed in the freezer, or mummified in a back bedroom? Periodic H&C of every dwelling in America would keep that kind of insanity from happening.

I could go on here, but then I’d just start getting silly.

But in all honesty people are generally bastard flavored bastards with bastard filling and little bastard sprinkles on top. Even well intentioned people break laws in their own home or when they think people aren’t watching. They speed. They do unsafe things. They do stupid things. They do ignorant things. They eat fatty foods. They drink themselves blind. They beat their kids and their spouses and their dogs. And it costs us all. It costs us in public safety, public health, national security, national income, taxes, and a wide variety of other things. Now, we can never prevent all of this. We can never be 100% safe, or secure, or efficient – but we could do a hell of a lot better.

So how come we don’t?

How come you people would rather live with significantly increased risk instead of significantly increased security, safety, and efficiency?

Hey, don’t look at me – I was in the military for twenty years and I don’t want to live like that either.

It’s about freedom, isn’t it?

And it’s about liberty.

It’s about the ideals that America was founded on.

You Goddamned right it is.

Which brings us to The Cybersecurity Act of 2009, unveiled yesterday by Senators John Rockefeller (D-W. Va) and Olympia Snowe (R-Maine) in a show of bipartisan stupidity. Basically, if enacted, this law would explicitly give the President power to shut down all domestic Internet traffic.

Sound alarmist? Go read the draft, I’ll wait.

Basically, the Cybersecurity Act would give the president the authority to “declare a cybersecurity emergency” and shut down or limit Internet traffic in any “critical” information network “in the interest of National Security.” The definition of “Cybersecurity Emergency,” “Critical network,” and “National Security” would be left up to the president.

Now, what does that have to do with the introduction to this post? Well, see, the Cybersecurity Act of 2009 would also allow the Secretary of Commerce “access to all relevant data” concerning critical networks “without regard to any provision of law, regulation, rule, or policy restricting such access.” Yep. Basically what that means is that the SoC can monitor or access any data on any private, commercial, or public network without regard to privacy laws providing he’s doing it for national security reasons – as he defines it – no warrant, no oversight, no regard for existing laws. In effect this bills creates a new domestic intelligence organ under the Department of Commerce. Now, since the DoC has neither the assets nor the expertise for such things, they’ll need to find somebody who has both unlimited assets and the requisite knowledge in the area of domestic monitoring. Those folks are up on MD32, just off the Baltimore Washington Parkway. Ask yourself just how closely you’d like to have the Department of Commerce and the Pentagon intertwined.

Rockafeller said yesterday, "We must protect our critical infrastructure at all costs—from our water to our electricity, to banking, traffic lights and electronic health records—the list goes on."

Snowe agreed, and went further saying, "if we fail to take swift action, we, regrettably, risk a cyber-Katrina."

Now here’s a funny little aside, all those Conservatives who were so gung-ho about the Patriot Act and the Protect America Act, which made it legal for the Bush Administration to spy on Americans at home and without warrants, are all screaming bloody murder about how President Obama wants to snoop through their computers. One wonders if they’d be so opposed if Bush and Cheney were still in the White House. Pretty damned ironic, if you ask me, especially since they’ve already given Obama the power to shut down or intrude into their computer systems. Oh, yes, that’s right folks, The Homeland Security Act gives the president wide ranging and direct control over critical national infrastructure – and guess what the Internet is?

Those powers are detailed in Presidential Decision Directives 63, Executive Orders 13228 and 13231, the Homeland Security Presidential Directive 7, and the National Infrastructure Plan.

Basically, conservatives, you already gave Obama permission to cut off your access and look through you computer files. Forgive me while I enjoy a mocking chuckle at your expense.

This bill really doesn’t give the president any new power at all, though it does shift power from the Department of Defense to the Department of Commerce to a certain extent. In reality, of course, it will simply expand the power of both departments and simply bypass Constitutional protections for all Americans.

This bill has nothing to do with the current or past occupant of the Oval Office, but it’s very likely to have a great deal to do with future occupants.

Far from protecting the rights and securities of Americans, this bill is about power. It’s about protecting and expanding the power of government. This bill is about government to the people, not of, by, and for the people. Conservatives who pushed through bills that gave unfettered power to the last president are suddenly finding out what a sharp two edged sword that power is, now that it can be turned against them and not just the liberals they despise so badly. Allow this bill to become law, you give not only this president, but all who follow him even more unchecked power… and one day your children are very likely to have a President who becomes Emperor during a period of extended and unending crises. Sound crazy? Sound alarmist and paranoid and conspiracy theorist? You should do some reading into how Republics die.

Will this president abuse his power as the last one did? I don’t know. Power corrupts, absolute power corrupts absolutely, there are few truisms more true than that. Our founding fathers knew it, and they designed this country to deliberately limit the powers of the president. Any president. All presidents. Conservative presidents. Liberal presidents. All presidents. And not just the president, this bill gives nearly unlimited power to the Commerce Department. Power that they’ve never had. Power that they have no experience managing or controlling. The National Security Agency under the Department of Defense has been doing this since 1952, under strict guidelines put in place after numerous abuses – and still abuses occur. I have to wonder how the DoC will protect the rights of Americans, how they’ll keep their own people from abusing the unlimited information and power they will suddenly have access to when they can reach into private and commercial networks without regard for the law. The potential for abuse is simply staggering and of an order of magnitude beyond anything that has gone before. Our world, our nation, our lives are inside those machines. Everything, banking information, production, prototyping, travel, mental and physical health records, finance, investment, ideas, thoughts, designs, communications, worldview, access to maps, navigation, services, opinions, news, what you buy, what you eat, your location every time you swipe a credit card or dial a phone, who you talk to, and more. Much, much more. Everything is in there. Believe me folks, I know, I used to do this for a living. Right now, it takes a court order to pry into a majority of this information. The Electronic Privacy Act protects your 1st, 4th, and 5th Amendment rights in the online world – this bill would gut that protection and make a sham of the very rights those of us in the military gave up in order to protect.

We’ve traveled down the wrong road for eight years now. We’ve given up our freedoms, we’ve made our president a king in all but name – all because we have repeatedly allowed shortsighted and foolish leaders to frighten us with meaningless made up bogymen like “Weapons of Mass Destruction,” “islamofascism,” “emboldened purveyors of false populism” - and now we have a new word, Cyber-Katrina. Yet another meaningless and undefined threat used to frighten the populace into acquiesce.

It’s long past time to return to the vision of our founders. It’s long past time to stand up and demand the inalienable rights we as Americans are guaranteed under the Constitution.

There are dangers in the online world, there are national security threats, but this bill will do absolutely nothing to protect us from them. And will in fact go one more step towards destroying the very things that make the United States a nation of free people.

I strongly urge you to write your congressmen and demand that this bill be substantially revised to fully and clearly protect the Constitutional rights of all Americans, limit its scope and power, and require full adherence to 200 years of US Constitutional law – or better yet be thrown out altogether, let it die a silent death in committee.


  1. We need to do a better job of cyber security (the report that Russian and Chinese cyberspies have hacked into the U.S. electrical grid - assuming it's true and not media overkill), but this new act ain't it.

    And for those who might read this post and be clueless, there's a big difference between military personnel and civilians. Which is why they're treated differently when it comes to privacy, security, etc.

  2. Vince, absolutely. On both accounts.

    This bill does nothing whatsoever to prevent the type of cracking and insertion reported today regarding the US electrical grid, and in fact there is strong evidence that this bill will in fact increase such attacks because it gives unfettered access to the nation's networks by single individuals. A number of organizations, including US government organizations have raised this exact point. The types of attacks Senators Rockefeller and Snowe are talking about, i.e. this exact situation right here, will not in any way be thwarted by this bill. Once again, we are attempting to ward off external threats by restricting the domestic rights of our own citizens. This doesn't work, and never has. Not now, and not during the McCarthy era.

    And an important distinction regarding your observation vis a vis military personnel that I probably should have mentioned but I thought was obvious - military folks voluntarily give up certain rights, including their right to privacy, when sworn in. Civilians do not and have every expectation that the government is confined by law and the Constitution.

  3. I really wish this had come out before I did my presentation on Orwell's society being alive and well in our present day society.

  4. Even well intentioned people break laws in their own home or when they think people aren’t watching.

    One of the silliest things I think I ever heard a law professor say was a repetition of the canard that the Constitution (specifically the Fourth Amendment) protects the citizens at the incidental benefit of criminals. The reason this is silly, of course, is that the Constitution was written by criminals for criminals, something we tend to forget at our peril.

    No, seriously: what does the First Amendment protect? Among other things, it protects seditious libel, a hanging offense routinely engaged in by the Founders during their tiff with King George. The Fourth Amendment (the one trampled on by the Cybersecurity Act of 2009) just happens to nicely cover your right to have all those seditious pamphlets stacked next to your printing press. The Eighth Amendment maybe keeps the redcoats from pouring boiling pitch on your exposed skin and covering you with down before they string you up.

    Sometimes well-intentioned people break the laws on purpose. The Founders did, and then they symbolically covered their asses by guaranteeing that future generations could pull the same stunts they themselves did. You're unlikely to find too many comparable cases today--notwithstanding the idjits who are planning their cheezy little "tea parties" in honor of Malkinism or whatever it is they're into--but there are people whose criminality does have some kind of social or political legitimacy, whether it's a promotion of Fair Use doctrine or a person who is violating Federal law while complying with state-level medical marijuana statutes. I'm sure I could come up with other examples, but I should have been in bed an hour ago so we'll leave it at that.

    Point is, of course: we're a nation of "criminals" and our basic principles reflect that. We're just disinclined to remember it because we don't think it's flattering, but that's just nonsense--we need to remember who we are and why.

  5. You should have been in bed two hours ago, Counselor.

  6. Now I have something else to blog about this morning.


    The weirdest thing I ever found on an H&C inspection was three liter pop bottles full of urine. Silly kid was too lazy to get up and go to the head in the middle of the night.


    And both Senators and Congressman have been contacted.

  7. Hmmm. Does Singapore still cane people for chewing gum?


Comments on this blog are moderated. Each will be reviewed before being allowed to post. This may take a while. I don't allow personal attacks, trolling, or obnoxious stupidity. If you post anonymously and hide behind an IP blocker, I'm a lot more likely to consider you a troll. Be sure to read the commenting rules before you start typing. Really.