Posts

Apparently Criticizing TSA’s Boss Is Anti-Worker

Yasha Levine insinuates I’m responsible for Paul Ciancia’s attack on TSA workers the other day.

The “progressive” blog FireDogLake was perhaps the biggest and loudest leftie media outlet to promote the anti-TSA crusade. The site even launched a “Petition to Investigate the TSA,” adopting right-wing lingo in calling the agency’s pat down procedures “aggressive groping” and getting “sexually assaulted by a government official.” FireDogLake blogger Marcy Wheeler frequently referred to TSA checkpoints procedures as “rape” and “groping.” In December 2010, she warned her readers that anywhere from a quarter-million to 1 million people “had their genitalia groped by a stranger working for the government” in a single week, and the Obama administration simply didn’t care. “That sort of seems like a lot of junk-touching in just one week.”

Two years later, Wheeler was comparing TSA workers to rapists, Tweeting out: “Rape is not about sexual enjoyment. It’s about power. So is this TSA stuff.”

[snip]

But so far the left has been strangely silent about the violent right-wing rhetoric and conspiracy-mongering that inspired the TSA shooting at LAX. I guess that isn’t very surprising, considering the left helped enable it.

I’m not going to respond to this beyond pulling together all the posts where I talk about how asinine the TSA screenings are. If there’s a villain in them, it’s TSA Director John Pistole, the guy setting that asinine policy, not the line workers who implement his policy. There are a number I haven’t included talking about John Pistole’s potential role in the UndieBomb 2.0 leak, some references in “Links” posts, some on relative choices in counterterrorism approaches, and a few on contractors.

Note, especially, the post with the asterisk, where I unpacked the illogic of Levine’s first conspiracy theory on TSA, which might explain why he’s now accusing me of contributing to someone’s death.

That is all.

June 28, 2007: TSA versus Booz Allen

August 15, 2007: Behavior Detection

November 22, 2010: John Pistole Wants Us to Be Afraid of His Shadow

November 22, 2010: White House: Only 170,000 People Have Had Genitalia Groped by Complete Stranger in Last Week

November 23, 2010: Did Just 170,000 Passengers Get Groped by Strangers Last Week? Or a Million?

*November 25, 2010: Correlation Does Not Equal KochNation

December 1, 2010: FBI Entrapment Leads to TSA Pat-Downs

December 9, 2010: John Pistole: “What I Think Is Appropriate in Terms of Privacy”

December 19, 2010: Protecting DC’s Metro from the FBI and Facebook

December 27, 2010: TSA’s Legal Justification for Gate Grope

May 17, 2011: Apparently the Terrorists Can’t Learn How Much Radiation They’ll Get from Going through TSA Security

May 21, 2011: First Mickey Donned Night Vision Goggles, Now Mickey Embraces GateGrope

June 14, 2011: More Security Theater as Play

May 7, 2012: It Takes an Attempted Terrorist Attack to Actually Test Backscatter Machines

August 12, 2012: Racial Profiling Is Wrong, Sometimes

August 7, 2013: The Ooga Booga* Continues to Wear Off 

The Kiddie Porn and the UndieBomb

Screen shot 2013-09-26 at 1.22.11 PMI was at a funeral Monday and Tuesday. So when I heard the FBI had busted the guy who leaked the UndieBomb 2.0 story, I assumed they had finally arrested John Brennan.

But, as bmaz emphasized in his post on Donald Sachtleben’s plea agreement, there’s no hint of prosecuting Brennan, who leaked Top Secret details about the British/Saudi double agent into AQAP, even while they’re imprisoning Donald Sachtleben, who is only accused of leaking details he knew to be Secret.

A law enforcement official indicated that the case has not been officially closed but the charges against Sachtleben are the only ones expected.

(Sure, the evidence that Sachtleben was involved with kiddie porn seems solid, but then Brennan drone-killed children, so he’s not above reproach for his treatment of children either.)

But that is by no means the weirdest thing about the government’s treatment of the UndieBomb 2.0 leak investigation.

The entire premise of the FBI narrative is that they exercised greater care with a kiddie porn accusee they had dead to rights than they did the 100 or so AP reporters who got sucked up in their overbroad dragnet. They would have you believe that, even after seizing a CD holding a November 2, 2006 SECRET CIA intelligence report at Sachtleben’s house in May 2012 pursuant to a kiddie porn warrant (which they have not produced in the docket), they just sat on his devices for almost a year until they obtained the phone records for 20 AP phone lines, in a seizure far more intrusive into journalism than any recent known subpoena.

Sachtleben was identified as a suspect in the case of this unauthorized disclosure only after toll records for phone numbers related to the reporter were obtained through a subpoena and compared to other evidence collected during the leak investigation. This allowed investigators to obtain a search warrant authorizing a more exhaustive search of Sachtleben’s cell phone, computer, and other electronic media, which were in the possession of federal investigators due to the child pornography investigation.

(I may be mistaken, but I don’t think the FBI made this claim in any court document, so I assume it is bullshit, especially since they had had to do extensive forensic searches of Sachtleben’s computer and he had already signed a plea deal forfeiting it.)

They would also have you believe the AP had no inkling of the UndieBomb plot until ABC reported inflammatory claims about cavity bombs on April 30, 2012, even in spite of ABC’s reference to TSA head John Pistole’s earlier fear-mongering about it and in spite of additional reporting about broad Air Marshall mobilization. DOJ goes to great lengths to make you believe AP first texted Sachtleben on April 30 and not, say, on April 28 (which would mean the kiddie porn investigation accelerated after such contact), though there’s no reason to believe that’s true and the AP call records DOJ obtained apparently go back to well before April 30. They also suggest AP was asking Sachtleben about an Asiri bomb, though the first text they include is an assertion — not a question — that Asiri has been busy.

They would have you believe that two Pulitzer Prize winners would defy White House and CIA wishes with a story sourced to a single source who, just a day earlier, had provided a mistaken guess about the excitement. Read more

Maybe the Gimmick Is in the Timing of Legion of Doom?

In my first post on this Yemen scare — which I will henceforth call “Legion of Doom” in honor of the Daily Beast source’s use of the term — I suggested the big part of the plot might have already transpired.

There’s the increased drone activity in Yemen. Who knows! Maybe, like last year, the plot has already been rolled up and we’re just waiting to confirm one of the several recent drone strikes have taken out our target?

I made that suggestion because of evidence that the US rolled up UndieBomb 2.0 on April 20-24 of last year, and only then deployed a bunch of Air Marshals and fear-mongering about Ibrahim al-Asiri for the days leading up to the May 1 anniversary of Osama bin Laden’s killing. They eliminated the threat (which was minimal in any case, since the bomber was a British-Saudi-US mole), then rolled out fear-mongering about it, as if the threat still existed. Fairly clearly, the White House planned a big press conference on their operation once they killed Fahd al-Quso, and thus got furious when the AP managed to scoop their theater.

I increasingly think that may be the case. Whether or not there was ever a real threat, I suspect it may have partly passed before the big rollout of it last Friday (though the targeting of a top AQAP member, the presence of additional JSOC forces, or all the drone strikes may have increased the risk for Americans in Yemen).

Consider: back when Pentagon stenographer Barbara Starr was among the first to discuss the intercepts behind Legion of Doom, she suggested very fresh SIGINT chatter and a warning from President Abdo Rabi Mansour Hadi delivered on July 31 or August 1 had led the US to close a bunch of embassies (though even there, they waited a few days to start closing embassies).

Fresh intelligence led the United States to conclude that operatives of al Qaeda in the Arabian Peninsula were in the final stages of planning an attack against U.S. and Western targets, several U.S. officials told CNN.

The warning led the U.S. State Department to issue a global travel alert Friday, warning al Qaeda may launch attacks in the Middle East, North Africa and beyond in coming weeks. The U.S. government also was preparing to close 22 embassies and consulates in the region Sunday as a precaution.

The chatter among al Qaeda in the Arabian Peninsula operatives had gone on for weeks but increased in the last few days, the officials said.

Taken together with a warning from Yemeni officials, the United States took the extraordinary step of shutting down embassies and issuing travel warnings, said the officials, who spoke on condition of anonymity.

While the specific target is uncertain, U.S. officials are deeply worried about a possible attack against the U.S. Embassy in Yemen occurring through Tuesday, the officials said.

[snip]

Yemeni intelligence agencies alerted authorities of the threat two days ago, when the Yemeni president was in Washington, said the official, who spoke on condition of anonymity. [my emphasis]

And the original and an update to the NYT’s original story on Legion of Doom says the intercept between Zawahiri and Wuhayshi came sometime last week.

The intercepted conversations last week between Ayman al-Zawahri, who succeeded Osama bin Laden as the head of the global terrorist group, and Nasser al-Wuhayshi, the head of the Yemen-based Al Qaeda in the Arabian Peninsula, revealed what American intelligence officials and lawmakers have described as one of the most serious plots against American and Western interests since the attacks on Sept. 11, 2001.

But the latest AP version of the intercept call says it was picked up “several weeks ago.”

A U.S. intelligence official and a Mideast diplomat said al-Zawahri’s message was picked up several weeks ago and appeared to initially target Yemeni interests. The threat was expanded to include American or other Western sites abroad, officials said, indicating the target could be a single embassy, a number of posts or some other site. Lawmakers have said it was a massive plot in the final stages, but they have offered no specifics.

Perhaps the discrepancy comes from confusion about two different Zawahiri-Wuhayshi intercepts. In its conference call report, the Daily Beast reports that authorities picked up a communication, via courier, between Zawahiri and Wuhayshi “last month.”

An earlier communication between Zawahiri and Wuhayshi delivered through a courier was picked up last month, according to three U.S. intelligence officials.

That earlier conversation may simply have been Zawahiri naming Wuhayshi his deputy, but the role of a courier in the interception suggests they may have gotten far more intelligence — perhaps not just intelligence tipping the US off to whatever conference call protocol AQ was using, but also to the location of Wuhayshi and other figures.

Read more

The Ooga Booga* Continues to Wear Off

Two and a half years ago, I noted how TSA head John Pistole pointed to a plot the FBI created while he was still its Deputy Director to justify the use of VIPR teams to stop people on non-aviation public transportation.

A couple of weeks back, I pointed to John Pistole’s testimony that directly justified the expansion of VIPR checkpoints to mass transport locations by pointing to a recent FBI-entrapment facilitated arrest.

Another recent case highlights the importance of mass transit security. On October 27, the Federal Bureau of Investigation (FBI) arrested a Pakistan-born naturalized U.S. citizen for attempting to assist others whom he believed to be members of al Qaida in planning multiple bombings at Metrorail stations in the Washington, D.C., area. During a sting operation, Farooque Ahmed allegedly conducted surveillance of the Arlington National Cemetery, Courthouse, and Pentagon City Metro stations, indicated that he would travel overseas for jihad, and agreed to donate $10,000 to terrorist causes. A federal grand jury in Alexandria, Virginia, returned a three-count indictment against Ahmed, charging him with attempting to provide material support to a designated terrorist organization, collecting information to assist in planning a terrorist attack on a transit facility, and attempting to provide material support to help carry out multiple bombings to cause mass casualties at D.C.-area Metrorail stations.

While the public was never in danger, Ahmed’s intentions provide a reminder of the terrorist attacks on other mass transit systems: Madrid in March 2004, London in July 2005, and Moscow earlier this year. Our ability to protect mass transit and other surface transportation venues from evolving threats of terrorism requires us to explore ways to improve the partnerships between TSA and state, local, tribal, and territorial law enforcement, and other mass transit stakeholders. These partnerships include measures such as Visible Intermodal Prevention and Response (VIPR) teams we have put in place with the support of the Congress. [my emphasis]

Now to be clear, as with Mohamed Mohamud’s alleged plot, Ahmed’s plot never existed except as it was performed by FBI undercover employees. In fact, at the time the FBI invented this plot, now TSA-head Pistole was the Deputy Director of FBI, so in some ways, Ahmed’s plot is Pistole’s plot. Nevertheless, Pistole had no problem pointing to a plot invented by his then-subordinates at the FBI to justify increased VIPR surveillance on “mass transit and other surface transportation venues.” As if the fake FBI plot represented a real threat.

Today, a NYT piece raises questions about VIPR’s efficacy (without, however, noting how TSA has pointed to FBI-generated plots to justify it).

T.S.A. and local law enforcement officials say the teams are a critical component of the nation’s counterterrorism efforts, but some members of Congress, auditors at the Department of Homeland Security and civil liberties groups are sounding alarms. The teams are also raising hackles among passengers who call them unnecessary and intrusive.

“Our mandate is to provide security and counterterrorism operations for all high-risk transportation targets, not just airports and aviation,” said John S. Pistole, the administrator of the agency. “The VIPR teams are a big part of that.”

Some in Congress, however, say the T.S.A. has not demonstrated that the teams are effective. Auditors at the Department of Homeland Security are asking questions about whether the teams are properly trained and deployed based on actual security threats.

It’d really be nice if NYT had named the “some” in Congress who had raised concerns. Read more

If Only DOJ Hadn’t Burned AP’s Sources …

The State Department announced a broad but vague warning today.

The Department of State alerts U.S. citizens to the continued potential for terrorist attacks, particularly in the Middle East and North Africa, and possibly occurring in or emanating from the Arabian Peninsula.  Current information suggests that al-Qa’ida and affiliated organizations continue to plan terrorist attacks both in the region and beyond, and that they may focus efforts to conduct attacks in the period between now and the end of August.  This Travel Alert expires on August 31, 2013.

Terrorists may elect to use a variety of means and weapons and target both official and private interests. U.S. citizens are reminded of the potential for terrorists to attack public transportation systems and other tourist infrastructure.  Terrorists have targeted and attacked subway and rail systems, as well as aviation and maritime services.  U.S. citizens should take every precaution to be aware of their surroundings and to adopt appropriate safety measures to protect themselves when traveling.

We continue to work closely with other nations on the threat from international terrorism, including from al-Qa’ida.  Information is routinely shared between the U.S. and our key partners in order to disrupt terrorist plotting, identify and take action against potential operatives, and strengthen our defenses against potential threats.

There’s a part of me that thinks this might be credible and serious.

After all, between Iraq, Pakistan, and Libya, up to 1,750 men have just escaped prison, and extremists claim responsibility for the first two prison breaks. That’s a lot of men running around who might make mischief (though you’d think it would take a bit of time to organize after the breaks).

That said, there are aspects of this that remind me of the politicized alert surrounding the April 2012 thwarting of our own plot in Yemen (which was rolled out in May 2012, well after any threat had subsided). There’s John Pistole’s ostentatious boosting of AQAP bomb-maker Ibrahim al-Asiri as “our greatest threat.”

The use of a new explosive has been previously reported, but Pistole continued with less familiar details about Underwear 2 that reflect the growing sophistication of Asiri’s sinister craftsmanship. He said the device included redundancy, by mean of two different syringes to mix liquid explosive compounds–”a double initiation system,” apparently a response to a failure of Abdulmutallab’s initiation process. In essence, Pistole said, “they made two devices.”

Finally, Pistole said, the new bomb was encased in simple household caulk in an effort to trap vapors that might alert any bomb-sniffing machines or dogs that did happen to be capable of identifying the explosive.

“So you really have a twisted genius in Yemen,” Ross observed. “That is our greatest threat,” Pistole replied. “All the intel folks here [at the forum] know that is a clear and present danger.”

Similar sensationalized reporting preceded and followed the exposure of the UndieBomb 2.0 plot last year.

There’s the increased drone activity in Yemen. Who knows! Maybe, like last year, the plot has already been rolled up and we’re just waiting to confirm one of the several recent drone strikes have taken out our target?

And there’s the apparent disparate treatment of the threat, with the US issuing a broad alert across the Middle East but with the Brits focusing thus far only on their Yemeni Embassy.

The State Department just happened to announce its support for Yemen in conjunction with President Hadi’s visit this morning, of which security aid remains the largest part, not long before this alert went out. Last year the thwarted plot was designed to coincide with the approval of signature strikes in Yemen.

Last year, the many people the US deployed to prevent a threat that had already been rolled up may have been one of the sources that revealed the threat had already been rolled up. If this is kabuki, then perhaps the same thing would happen again: some guy sent to protect flights in the Middle East might complain that it’s just show. Perhaps someone like the AP could report that the threat has been thwarted and we can go back to worrying about climate change as the most urgent threat to “the homeland.”

Except for one thing. Since last year, DOJ went positively nuclear on the AP, which exposed the kabuki last year. Without warning, DOJ obtained records of 20 AP phone lines, identifying the sources of up to 100 journalists, for at least a 2 week period. We’ve heard not one peep about DOJ prosecuting anyone in the UndieBomb 2.0 leak (especially not CIA Director John Brennan, who made the leak far worse). But DOJ did make sure sources are going to be far warier about speaking with the guys who undermined the White House kabuki last year.

So as you wonder about the seriousness of a plot that feels like a lot of the vague warnings the Bush White House used to release, remember how useful it was back when reporters were allowed to do their jobs.

It Takes an Attempted Terrorist Attack to Actually Test Backscatter Machines

Long after rolling out backscatter machines without proving their efficacy and safety, it looks like the machines will finally be tested. As the AP reports, the government is now testing the underwear bomb Al Qaeda in the Arabian Peninsula planned to use to conduct an Osama bin Laden death anniversary attack to see whether it would have gotten by airport security.

The FBI is examining the latest bomb to see whether it could have passed through airport security and brought down an airplane, officials said. They said the device did not contain metal, meaning it probably could have passed through an airport metal detector. But it was not clear whether new body scanners used in many airports would have detected it.

If the machines wouldn’t have stopped the attack (note, the terrorist had not yet bought a ticket, so it’s not even clear which airports they’d be testing), then we can just take solace in the fact that Michael Chertoff will have a nice comfy retirement. If they would have, then the TSA will feel justified in all the gate grope they’ve been engaging in for years.

Of course, the real lesson is that we’d be better off relying on good intelligence to stop an attack–as it stopped this one–long before a terrorist gets caught at the gate.

DOJ Deems Plan to Attack Military Targets with a Drone, Terrorism

Last year, I tracked how TSA head (and former FBI Deputy Director) John Pistole used an FBI entrapment plot targeted at the Metro to justify increased TSA surveillance of the Metro.

Which is why I’m intrigued that the FBI’s latest entrapment product, Rezwan Ferdaus, is alleged to have wanted to strike the Pentagon with, effectively, a drone (with what Julian Sanchez, in a great post, calls a comic book plot). I wondered whether Ferdaus came up with his comic book plot himself, whether this was projection, or whether the FBI wanted us to fear being struck via the same means we’re striking others.

In the affidavit supporting Ferdaus’ arrest, the FBI emphasizes that Ferdaus came up with the idea of a drone himself (if you can call replicating our own tactics an original idea). They describe, for example, a March 29, 2011 meeting with two FBI undercover officers at which Ferdaus,

explained that he had this idea of attacking the Pentagon long before he met the [cooperating witness] (and by implication before he met the [FBI undercover officers–UCEs]). FERDAUS advised the UCEs that he had initially discussed his remote controlled aircraft plans with a friend from Dorchester. FERDAUS told the UCEs that his Dorchester friend had a “less complicated idea” — his friend’s idea was to “just get weapons and go after … a recruitment center.” The UCEs asked FERDAUS what was wrong with that idea, to which FERDAUS responded: “nothing.” FERDAUS indicated, however, that he wanted “to go bigger.”

But they don’t say how the FBI–rather, their cooperating witness–came to find Ferdaus.

Particularly given the FBI’s past misrepresentations about when one of their entrapments began, this seems relevant. All the more so in this case, given that the affidavit appears to support its claim that “FERDAUS told the UCEs that he realized more than a year ago from viewing jihadi websites and videos ‘how evil’ America is” based on an August 1, 2011 conversation with the UCEs (but again, not the cooperating witness) that his jihad,

started last year. I realized I should try to do something to attack them here. I should try to go down to Washington or something like that. I should try to get them here. That is the best thing.

There’s nothing in this quote that says it happened more than a year ago–only that it happened before January 2011. Given that the cooperating witness shows up in the narrative “last year” (in December), the seemingly unsupported claim about how long Ferdaus has been pursuing his comic book plot seems relevant–or perhaps an indication the FBI has reason to know his surfing on jihadi sites happened more than a year ago.

So what about that cooperating witness, who, the affidavit admits, “has a criminal record and has served time in prison”? The affidavit describes his involvement this way:

Initially, FERDAUS met and engaged in conversations with an FBI CW regarding his planned attacks against the United States. These conversations occurred between December 2010 and April 2011; the majority of them were consensually recorded. [my emphasis]

Yet the affidavit doesn’t say anything about what transpired between Ferdaus and the CW in December, neither how they met nor how many times they conversed or met before January 7, 2011, the first meeting described in the affidavit.

Nor do they tell us the circumstances surrounding that minority of conversations that weren’t recorded. There always seems to be a conversation that doesn’t get recorded, doesn’t there?

Nor does the affidavit explain how long they were monitoring Ferdaus’ participation in jihad chat rooms. They describe him saying that’s what radicalized him. But they don’t admit the obvious, that that’s probably what led them to send an informant out to cultivate him to the point where trained FBI agents would take over (assuming, of course, that Ferdaus’ friend from Dorchester wasn’t another informant, but who knows?).

One more point. The only times the affidavit describes Ferdaus accessing the Internet, he does so via public computers, at a library and internet cafe, though the affidavit also describes him using his own computer to show the UCEs his plan.

It looks very tidy, wrapped up in this affidavit, if you ignore the fact that when the FBI told Ferdaus not to play with chemicals he complied. But this is yet another entrapment that seems to obscure where the plot came from.

TSA’s Legal Justification for Gate Grope

The Electronic Privacy Information Center has been suing the Department of Homeland Security because it refused to engage in the public rule-making process before it adopted RapeAScan machines as part of the primary screening at airports. DHS responded to EPIC’s suit the other day. While I think their response will be largely successful as written, they’re playing games with the timing of EPIC’s suit so as to avoid doing any discussion or even administrative privacy assessment of giving passengers a choice between being photographed nude or having their genitalia fondled.

The key to this is that EPIC first requested a request for review of whether DHS should have engaged in rule-making on May 28, 2010, before TSA changed pat-down procedures. It then submitted its brief on November 1, 2010, after the enhanced pat-downs were being rolled out. But the issue still focuses on the machines and not the machines in tandem with the invasive pat-downs. So a central part of DHS’ argument is that passengers are given an alternative to the RapeAScan machines: pat-downs. But its filing never deals with the possibility that pat-downs are more invasive than even the RapeAScan machines.

TSA communicates and provides a meaningful alternative to AIT screening. TSA posts signs at security checkpoints clearly stating that AIT screening is optional, and TSA includes the same information on its website. AR 071.003. Those travelers who opt out of AIT screening must undergo an equal level of screening, consisting of a physical pat-down to check for metallic and nonmetallic weapons or devices. Ibid.

A physical pat-down is currently the only effective alternative method for screening individuals for both metallic and nonmetallic objects that might be concealed under layers of clothing. The physical pat-down given to passengers who opt out of AIT screening is the same as the pat-down given to passengers who trigger an alarm on a walk-through metal detector or register an anomaly during AIT screening. Passengers may request that physical pat-downs be conducted by same gender officers. AR 132.001. Additionally, all passengers have the right to request a private screening. Ibid. More than 98% of passengers selected for AIT screening proceed with it rather than opting out. AR 071.003.

And by focusing on this alternative with no real discussion of what it currently entails, DHS dodges the question of whether the two screening techniques together–RapeAScans and enhanced pat-downs–violate passengers’ privacy. Note, for example, how the filing boasts of two Privacy Impact Assessments TSA’s privacy officer did (plus an update just as EPIC was last complaining about this technology).

Pursuant to 6 U.S.C. § 142, DHS conducted Privacy Impact Assessments (“PIAs”) dated January 2, 2008, and October 17, 2008, to ensure that the use of AIT does not erode privacy protections. AR 011.001-.009, 025.001-.010. The second PIA was updated on July 23, 2009 and lays out several privacy safeguards tied to TSA’s use of AIT. AR 043.001-010.

Now, as a threshold matter, there’s something odd about DHS citing 6 U.S.C. § 142 here. Its requirement for PIAs reads:

The Secretary shall appoint a senior official in the Department to assume primary responsibility for privacy policy, including – (1) assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information; (2) assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974 [5 U.S.C. 552a]; (3) evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government; (4) conducting a privacy impact assessment of proposed rules of the Department or that of the Department on the privacy of personal information, including the type of personal information collected and the number of people affected; and (5) preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974 [5 U.S.C. 552a], internal controls, and other matters. [my emphasis]

See how it says the department has to do PIAs “of proposed rules”? That suggests the Privacy Officer treated the plan to use RapeAScans as a rule and did a PIA accordingly. But this entire filing–which explains why DHS refused to accede to EPIC’s request to conduct public rule-making on the use of RapeAScans–argues that the implementation of the machines did not constitute a rule. But they did a PIA as if it was a rule!

But there’s another thing this filing doesn’t say about PIAs: that Congress demanded TSA publish a PIA on the enhanced pat-downs.

In the absence of an Executive branch level Privacy and Civil Liberties Oversight Board that would evaluate decisions such as this, it was crucial that the Department of Homeland Security’s Privacy Officer and Office for Civil Rights and Civil Liberties thoroughly evaluate and publish written assessments on how this decision affects the privacy and civil rights of the traveling public. To date, the Department has not published either a Privacy Impact Assessment (PIA) nor a Civil Liberties Impact Assessment (CLIA) on the enhanced pat down procedures. Without a published PIA or CLIA, we cannot ascertain the extent to which TSA has considered how these procedures should be implemented with respect to certain populations such as children, people with disabilities, and the elderly. By not issuing these assessments, the traveling public has no assurance that these procedures have been thoroughly evaluated for constitutionality.

So while DHS boasts that it did PIAs on the RapeAScans before it rolled them out, it still does not appear to have done a PIA on the groping that serves as DHS’ much touted alternative to RapeAScans, much less a PIA on the two techniques offered together.

Now, DHS is using procedural complaints to object to EPIC’s inclusion of Nadhira Al-Khalili on the complaint, a lawyer with ties to the Muslim community. But their response to EPIC’s freedom of religion complaint seems to suggest they recognize they are vulnerable: suggesting that if a Muslim (or anyone else with documented reason to be opposed to having nude pictures taken and/or their genitalia groped by strangers) were to sue, the procedures would not hold up.

But for now, DHS is treating the RapeAScans separately from the groping so as to be able to argue that in conjunction with the “choice” of being groped, the RapeAScans present no big privacy problem.

Protecting DC’s Metro from the FBI and Facebook

While I’ve been in moving hell (one more day, a long drive, and then!!! relax), there have been two developments in the FBI’s efforts to fearmonger in the DC Metro.

As I first reported several weeks ago, TSA Director and former FBI Deputy Director John Pistole testified to Congress that we need to implement searches on public transportation because of the threat invoked by an FBI-invented plot.

We need to search people on the DC Metro, Pistole was basically saying, because the FBI chose to target the DC Metro in one of their stings.

On Thursday, the DC Metro announced they will–in conjunction with Pistole’s TSA–start conducting the random searches Pistole said we needed because of FBI’s sting.

Metro Transit Police today advised customers they will conduct random inspections of carry-on items, as part of the continuously changing law enforcement programs designed to keep the system safe.

[snip]

The inspections will be conducted in conjunction with Transportation Security Administration officials and are expected to take only minutes and are designed to be non-intrusive, as police will randomly select bags or packages to check for hazardous materials using ionization technology as well as K-9 units trained to detect explosive materials. Carry on items will generally not be opened and physically inspected unless the equipment indicates a need for further inspection.

Anyone who is randomly selected and refuses to submit their carry-on items for inspection will be prohibited from bringing those items into the station. Customers who encounter a baggage checkpoint at a station entrance may choose not to enter the station if they would prefer not to submit their carry-ons for inspection.

Since the time Pistole tried to use an FBI-invented plot to justify searches, a somewhat more real threat to the Metro did occur. On November 18, 2010, Arlington, VA resident Awais Younis boasted on his Facebook about the best way to maximize damage on–among other targets–the Metro.

The complainant recounted that during a chat with Ghilzai [aka Younis] in November 2010, Ghilzai described how to build a pipe bomb and what type of shrapnel would cause the greatest amount of damage. Ghilzai also stated that he could place a pipe bomb under a sewer head in Georgetown (assumed to be a reference to the neighborhood in Washington, D.C.) at rush hour to produce the greatest number of casualties. Ghilzai further stated that the third and fifth cars in the METRO trains had the highest number of commuters on them and he could place pipebombs in these locations and would not be noticed. Complainant responded by saying “you wouldn’t do that,”and Ghilzai replied by saying,”watch me.”

Mind you, there was little to indicate this was anything more than a boastful threat on the Toobz–Younis didn’t act on this threat. The FBI has as much as admitted that when they have emphasized that Younis wasn’t charged with any terrorism related charges.

Yet coverage of the decision to search the Metro mentioned both the FBI-created sting and this Facebook boast to explain the threat:

The inspections have been in the works for years, and are not a response to any particular threat, Taborn said. However, in recent months various threats to the system have come to light. One man was accused of casing stations in what he thought was an al-Qaida plot to bomb and kill commuters and another man is charged with threatening on Facebook to detonate pipe bombs in the subway system.

So it all works out! Based in part on the FBI’s own manufactured “terrorist attack” DC’s commuters will experience the joy of random searches.

Who needs real terrorist threats when the FBI can invent their own?

Update: Joy for job fixed per zapkitty.

John Pistole: “What I Think Is Appropriate in Terms of Privacy”

This entire interview between TSA Director John Pistole, James Fallows, and Jeffrey Goldberg is worth reading. But I’m particularly interested in what Pistole says about his role in finding the appropriate balance between security and privacy.

James Fallows: I’d like to start with a question both Jeff and I have raised, which is the whole question of the balance between security, on the one hand, and liberty and privacy concerns, on the other. Is it TSA’s job to set that balance? Or how do you think that balance is set?

John Pistole: The way I view it is for TSA to develop the security protocols that afford the best security, while recognizing that there is a balance. The best security would be something way beyond what we’re doing.

Jeffrey Goldberg: The best security would be to just not allow people on planes. That’s perfect security.

Pistole: That’s “risk elimination.” And we’re not in the risk-elimination business, we’re in risk mitigation, informed by the latest intelligence, informed by our friends [in the intelligence agencies], and informed by the results of our covert testing.

Those things inform judgments and actions and then we take that information — I take that information — and then ask the experts how can we address these threats? They come up with different things based on all the information they have, and then they make a recommendation, and then it’s up to me to say, OK, does that exceed what I think is appropriate in terms of privacy?

So that’s my responsibility. To say, does this give us security, without violating something that would be a Fourth Amendment issue? [my emphasis]

According to Pistole, it’s up to him–his responsibility–to determine what the appropriate balance between privacy and security.

Now, I appreciate that, at some level, it is up to him. He’s in charge of TSA and he’s got to make the final decision whether to implement (or discontinue) a controversial scanning technology.

But it’s not up to him.

It’s up to the entities that review counterterrorism techniques for their civil liberties and privacy impact. Specifically it’s up to the Privacy and Civil Liberties Oversight Board, which is mandated by Congress to do the following:

(1) analyze and review actions the executive branch takes to protect the Nation from terrorism, ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties; and

(2) ensure that liberty concerns are appropriately considered in the development and implementation of laws, regulations, and policies related to efforts to protect the Nation against terrorism.

The PCLOB never got fully off the ground after it was passed in 2007. More appallingly, Obama hasn’t even nominated anyone to the board.

Absent review by the PCLOB, Department of Homeland Security is required to conduct a Privacy Impact Assessment, which it appears not to have done either. And Pistole should know that these reviews should take place, since Bennie Thompson reminded him of the fact several weeks ago.

In the absence of an Executive branch level Privacy and Civil Liberties Oversight Board that would evaluate decisions such as this, it was crucial that the Department of Homeland Security’s Privacy Officer and Office for Civil Rights and Civil Liberties thoroughly evaluate and publish written assessments on how this decision affects the privacy and civil rights of the traveling public. To date, the Department has not published either a Privacy Impact Assessment (PIA) nor a Civil Liberties Impact Assessment (CLIA) on the enhanced pat down procedures. Without a published PIA or CLIA, we cannot ascertain the extent to which TSA has considered how these procedures should be implemented with respect to certain populations such as children, people with disabilities, and the elderly. By not issuing these assessments, the traveling public has no assurance that these procedures have been thoroughly evaluated for constitutionality.

There is a means to conduct an independent review of where the line between privacy and security is–or at least there’s supposed to be, even if Obama refuses to fulfill that mandate.

I’m sure it’s nice for Obama and Pistole that, rather than having an independent board review gate grope before it gets implemented, Pistole just took it on himself to decide whether it’s constitutional and appropriate or not.

But that’s not how it’s supposed to work.