Counterterrorism, Inside Out
'Without a shot being fired, without even a clear sense of who the attacker is, much of the United States could find itself living in post-Katrina New Orleans, but without hope of a rescue anytime soon." Stewart Baker, the founding policy director at the Department of Homeland Security under Pres. George W. Bush, makes this and other alarming announcements in his new book, Skating on Stilts: Why We Aren't Stopping Tomorrow's Terrorism. He explains why he's so worried, what he learned about the ACLU, and more in an interview with National Review Online's Kathryn Jean Lopez:
LOPEZ: How did you come up with the title? I mean, I know you're into hiking, but have you ever tried skating on stilts?
BAKER: I was trying to convey two things. First, the notion that new technology can make us faster and more effective while also raising both the probability and the consequences of failure. Second, I thought it captured the flavor of working at the top of DHS -- exhilarating, exhausting, and never more than a minute's inattention from disaster.
Have I ever skated on stilts? I go hiking every year with my son, except for last year, when I was trying to get the book done while also relaunching my law practice. I've done a fair amount of rollerblading, but never on stilts. I've left enough skin on the Washington & Old Dominion Trail as it is.
LOPEZ: You write about being at the Pentagon memorial to those who were murdered there on September 11, 2001: "I look for my birth year -- 1947. Eleven dead. More than any other year. That seems fitting. By 2001, we baby boomers had shaped the United States to reflect ourselves. We were what the attackers hated. This is our fight." Do boomers know that? Have they forgotten?
BAKER: That's a great question. In general, I think boomers, or at least their leaders, have been oblivious to how they've changed the world, or how those changes are viewed abroad. Boomers want to get credit for legitimizing sex, drugs, and rock 'n' roll, or at least two out of three; at the same time, their one great claim to moral authority, the triumph over racism, is tied to an enthusiasm for embracing other cultures and an expectation that they'll be embraced in return.
In the Islamic world, that expectation seems incoherent. There, you can stand for modernism, women's rights, sex appeal, and rock music, but that puts you in permanent opposition to traditional Islamic values and their defenders -- at the risk of your life. If the attacks of 9/11 were a reaction to the West's intrusion into the Islamic world, and that's certainly how I'd view them, then the boomers did a lot to cause the reaction.
In the boomers' generational narrative, though, the bad guys are defenders of traditional values who don't like dark-skinned foreigners, while the good guys attack traditional values and defend dark-skinned minorities. So the boomers' response to the attacks has been to prove that they are the good guys by showing how tolerant of Islamic culture and Middle Eastern minorities they can be.
It makes a kind of sense if your generational myth is the Freedom Riders in Mississippi, but I don't think it communicates much more than muddle (or perhaps weakness) to al-Qaeda and its sympathizers.
LOPEZ: Is the "Ground Zero mosque" a homeland-security issue? How does it sit with you?
BAKER: To tell the truth, I'm pretty ambivalent. Of course there's a right to build the mosque there, but the First Amendment doesn't put an end to the debate over what's appropriate. I guess I'm like the vast majority; we honor the rights of the builders of the mosque but we profoundly wish that they'd show more sensitivity than they have so far.
LOPEZ: Nidal Malik Hasan at Fort Hood. Umar Abdulmutallab on Christmas Day. Faisal Shahzad at Times Square. Najibullah Zazi and the New York City subways. We've had our share of attacks and close calls this year. Are we not doing what we need to do to protect the homeland?
BAKER: Stopping lone-wolf attacks is extraordinarily difficult. Plus, now that the meme of Islamic suicide attacks is abroad in the land, it's going to attract some nutcases who might have killed their relatives or coworkers in a different climate. I don't think we should expect to stop every one of those attacks. Our best hope is to keep al-Qaeda and its affiliates from organizing and training a bunch of these people for a much more dangerous effort. So far, we've been lucky, but some of that luck is the result of a concerted effort. We spotted some of the attackers who were foiled in part because we know a lot about who is traveling to places where they might get training, and federal and New York City authorities have been aggressive about infiltration of nascent conspiracies. On the whole, I'd say that this administration has picked up and carried forward many of the policies that worked in the last administration, especially at home. Abroad, there's a growing risk that disengagement will allow al-Qaeda and its allies to find a place of refuge where our drones and troops will no longer go.
LOPEZ: "The American Civil Liberties Union went nuts," you write about one policy, in your book. Could that be written frequently?
BAKER: Yes, unfortunately, the ACLU's business model these days is to go nuts whenever the government responds to new threats by using new technology. The ACLU's tactic is one of weakness; they know that as new technologies become more common, the government's use of those technologies will come to seem ordinary common sense. So they have to start shouting early, before the technology is widely adopted, so it can be cast as strange, scary, and oppressive. My favorite example was when the ACLU denounced as the second coming of 1984 the police's use of handheld computers to search publicly available databases. It seemed silly then. A couple of years later, when we all are getting iPhones and Android phones with search built in, it seems downright quaint. But in other areas, like access to travel data, the ACLU and their foreign allies in the European Union have made it very difficult to run a smart air-security program.
LOPEZ: Were their concerns ever valid or reasonable?
BAKER: Sure, there's a grain of truth in most such concerns. If you'll forgive a digression, I've always been fascinated by the social predictions that accompany new technology, and especially the dystopian predictions. Because those founding fears are transmitted as part of the culture of the early adopters. The air industry, born in an age of war, feared the use of civilian flights for military purposes, and many early measures were designed to prevent such uses. The nuclear industry was born in original sin -- "I am become death" and all that -- so its advocates were always trying to find a way to show how splitting the atom could make mankind safer and better off; they became advocates for nuclear power and disarmament. And the same is true for computers. Born into a bitter and unresolved struggle with totalitarianism, the early industry was alive to the ways in which data processing could enable state control of citizens. That was not a foolish concern, and it's a good idea to be wary of that possibility. And indeed, the elite of the profession, even today, is acculturated as part of their technical education and socialization to resist such uses. But I would argue that the acculturation process has produced an overreaction. It's like an autoimmune disease in which useful responses to antibodies has been so amped up so far that they're causing harm, not good.
LOPEZ: You used to argue for the wall between cops and spies, as you put it. When did you see you were wrong?
BAKER: Not until after 9/11, when I saw how much harm the wall had done. In August 2001, as administered by the FISA court, the wall prevented the FBI from using a large, preexisting task force of criminal investigators to track down the al-Qaeda operatives we knew had entered the country. They could have been found and stopped if more resources had been mustered in those days, but even with the intelligence systems blinking red about an imminent attack, the FISA court and the FBI were more focused on maintaining the wall than on stopping al-Qaeda. That was far too high a price to pay for the modest and mostly theoretical civil-liberties payoff we got from the wall.
LOPEZ: So you're not anti-privacy?
BAKER: Like everybody, I believe in privacy, and I mourn the loss of secrecy and anonymity that modern technology has brought about. But trying to roll those developments back is a fool's errand, and rolling them back just in government is dangerous as well as foolish, since it will keep the government from protecting citizens from serious threats. I think we should protect privacy by using technology rather than fighting it. For example, the first place we should implement comprehensive computer surveillance is in government workers' use of government databases. They should lose workplace privacy first and most thoroughly, since that will allow us to punish government employees who misuse private data. We already do that -- in the 2008 campaign, both Barack Obama and Joe the Plumber were the victims of "file browsing" by hostile or curious government workers, and practically all of the browsers were caught and fired. Some were prosecuted, thanks to our computer-audit capabilities. Adopting those capabilities in a concerted fashion is very good practical protection for privacy.
LOPEZ: How would you rate Janet Napolitano's job performance?
BAKER: On fighting terrorism and building DHS into an effective and unified agency, I think she's done well. She's had an opportunity to back away from many of the initiatives that were launched in the last administration. Instead, she's kept most of them, and embraced a few with great enthusiasm. Perhaps her most effective achievement, for which she doesn't get much credit, has to do with DHS's role inside government. It would have been easy for this administration to treat DHS as the ugly stepsister -- adopted in a form that Democrats didn't like, committed to a mission associated with the last administration, and lacking any Democratic alumni who could speak up for the department in the crucial early turf battles. Instead, from the moment she took the reins, she's made DHS a force inside the administration, establishing that its role in fighting terrorism is a nonpartisan issue. Under a different leader, the outcome could have been very different
LOPEZ: Isn't it next to impossible to do that job well? Isn't the Department of Homeland Security way too big? Not just the bureaucracy, but its mission?
BAKER: It's an operational department, which is rare in the federal government. DOD, Veterans Affairs, and DHS are the three biggest departments precisely because they actually deliver services direct to constituents -- rather than telling states or industry how to deliver services.
That's an immense management challenge. I'm not sure it makes DHS "way too big," since those workers would have to be somewhere. Putting them in DHS has certainly helped focus them on terrorism prevention in a way they weren't before. The best example is border enforcement, which used to be divided between Justice (immigration), Treasury (customs) and Transportation (Coast Guard). Those are all smaller departments where in theory the border enforcers could have gotten more attention and oversight than at DHS. But in fact, each of those departments was dominated by a culture that was focused on something else -- prosecutions, or revenue, say. Only when they came to DHS could they take full responsibility for dealing effectively with border issues, and on using border authorities to keep terrorists out of the country. I think that's a major accomplishment that is directly attributable to the creation of DHS.
Of course, in an operational department with 50,000 employees, someone is always screwing up. Plus, as I said earlier, completely stopping every lone wolf attack is an unrealistic goal. If you hold the secretary responsible for every screw-up of that sort, the job is impossible. But I don't think that's been happening, at least not recently.
LOPEZ: You've written that "one of my cybersecurity nightmares is that foreign nations will use a network attack to bring down our power grid in a time of crisis." Do you just have particularly Bauer-ish nightmares, or is that a real threat?
BAKER: It is. Our computer networks are remarkably insecure, and the use of those networks to support the power grid is still growing. Indeed, the "smart grid" program is spurring that growth. Plus, it's so difficult to attribute such attacks, given the Internet's current architecture, that the temptation to launch an attack and blame it on criminals or "volunteers" would be very strong.
LOPEZ: You predict a "biological" "disaster" that won't likely be prevented, because of all these business and foreign and foreign interests who would push back against necessary measures. Are you being overly dire? Do we have concrete reasons to be worried about "biological malware"?
BAKER: Here's why I think a biologic disaster is coming if we stay on our current trajectory. Biotech's ability to construct viruses from scratch is following something like Moore's Law -- it's twice as cheap and twice as easy to build a virus today than it was a year ago, and it will be four times as cheap and easy next year. Pretty soon, the ability to build smallpox from scratch will move from a few very sophisticated labs to college and even high-school labs. I have a lot of faith in the essential goodness of most people, but I don't see how we proliferate that frightening capability that widely without it falling into the hands of someone who has a grudge against the world. And that doesn't take into account the possibility that someone would make a different but equally dangerous virus out of sloppiness, or because they have invented a vaccine for the new bug but can't sell it unless the disease spreads.
LOPEZ: How does the Visa Waiver Program remain a threat?
BAKER: The Visa Waiver Program allows people from some 35 countries to come to the U.S. without prior vetting. In its original conception, the program assumed that we could trust all the citizens of particular countries not to do anything here that we couldn't live with. Of course, we were worried more about illegal immigration than terrorism, so we ended up trusting most developed countries. The VWP was reformed substantially in the last administration, and I tell the story in the book. Now, no one comes here without going online and getting permission first, and most countries in the program share information about suspected terrorists and criminals inside their borders, so we know whom to scrutinize. All of the countries admitted after 9/11 have done this, and any other candidates will need to meet the standard.
Unfortunately, some of the countries that were admitted before 9/11, like France and some other Western European countries with large Muslim populations, don't share such information. So there's still a lot of risk in the program. We will need to show great resolve, and a willingness to kick a few of the least cooperative countries out of the program, if we want to close these security holes.
LOPEZ: Do we regularly surrender security to diplomacy?
BAKER: Yes.
LOPEZ: With certain countries in particular? Europe seems to be a big problem.
BAKER: I think we tend to view the European Union as an ally, even though most European institutions are strikingly cool, if not hostile, to U.S. interests, even in areas of common concern. I talk in the book about how often European officials tried to thwart reasonable security measures, using bogus legal and privacy arguments. There were three such negotiations between 2003 and 2007. Now the Europeans have launched a fourth attack on U.S. security measures. I can't think of another jurisdiction in the world that would feel free to force the U.S. into four negotiations in seven years over the same topic.
LOPEZ: How can you see that changing?
BAKER: I'd say Europe needs some tough love. European institutions are used to the idea that, come what may, the U.S. will support greater European consolidation. But in fact, the U.S. has much better relations with the nations of Europe than with Brussels, which raises the question whether the U.S. should continue to support further consolidation of authority in Brussels, especially since there's little evidence that European publics (as opposed to European elites) actually want more consolidation.
LOPEZ: How can the Transportation Security Administration be made better?
BAKER: We need to move from a weapons-focused air-security system to one that focuses on finding potential terrorists. I've got a chapter that lays out the way that travel data and good ID can be used to start the shift to a more efficient and more flexible screening system.
LOPEZ: Is there anything you've been pleasantly surprised by from the Obama administration?
BAKER: As I said earlier, DHS has seen a lot of continuity in counterterrorism policy and operations. That didn't have to happen.
LOPEZ: Is there anything that they've reversed that keeps you up at night?
BAKER: This administration has said a lot about cybersecurity, but it has lost a lot of practical momentum. The determination and some of the decisions that had been mustered in 2008 to address cybersecurity risks have been rolled back, delayed, or turned over to the lawyers for more talk. Meanwhile, the risks continue to grow.
LOPEZ: You write that "The new administration has embraced civil liberties rhetoric with enthusiasm. Some of them seem convinced that they have a mandate to roll back any security measure that reduced privacy or inconvenienced the international community. I don't think that will happen with border security, but the new administration's deference to privacy groups and international opinion will make it far harder to do anything about the new threats." Why do you say that about the border? What inspires your confidence?
BAKER: 9/11 provided a riveting and formative experience of our national-security exposure. Indeed, that may have been the only such experience that President Obama lived through -- since he missed the Cuban missile crisis. I'm confident that he understands experientially why we need real security measures aimed at terrorism. And in fact the last 18 months have demonstrated that the Obama administration is largely committed to the counterterror programs of the last administration.
LOPEZ: If whoever truly directs homeland-security policy for this administration can take one lesson from your book, what would you hope it be?
BAKER: When privacy groups attack your program, and they will, don't surrender. The ACLU and its allies in the media always fight a great first round. If you stop the fight then, you'll lose. But if you counterpunch with real data and self-confidence you can win every round after the first.
LOPEZ: Knowing what you know, what makes sleep possible?
BAKER: To paraphrase Churchill, in my experience our politicians, and the electorate, usually do the right thing -- after exhausting all the alternatives. And that's how we'll get the privacy-security balance right as well. I figure my job is to minimize our casualties in getting to that point. Plus, I've been surprised and pleased that a book that is so blunt about the failings of the privacy lobby has received so many favorable reviews from mainstream media such as the L.A. Times and the Wall Street Journal. Maybe that means that journalists, who have a nose for cant, are starting to get wise to the privacy lobby's excesses. If so, the tide may have already turned.
LOPEZ: How can the average American voter make use of your book?
BAKER: I'd offer two lessons:
1. Technology will make it easier for bad people to cause us harm. And government can only do so much. You need to be prepared to help yourself, your family, and your neighbors if bad things do happen. Don't obsess about it; just make sure you have a week's worth of stuff to keep you going in an emergency. Food, water, fuel. And, for reasons I give in the book, a course of antibiotics stored in a cool, dry place.
2. Since everyone believes in privacy and is a little uneasy about where technology and classified security programs could take us, there's a temptation to say, as I once said, that a little more privacy and a few more protections for civil liberties can't hurt. It's also tempting to assume, when your party isn't in power, that shocking government abuses of power are imminent, so any restriction on government authority is probably a good idea.
It's not. As the book shows, over and over, that kind of thing can get people killed. It was a seemingly harmless civil-liberties measure that killed our last best chance to find the hijackers. It also prevented TSA from building a security system that looks for terrorists, not just weapons, and at the same time made privacy victims out of a bunch of kids who had the same name as a terrorist. For five years, because Congress had declared that TSA could not be trusted with airline passengers' birthdates, those kids spent years getting hassled in airports because they couldn't be distinguished in government records from terrorists. And the rest of us were less safe because passengers like the Christmas Day bomber escaped notice.
Both the Republican and the Democratic parties have politicians who pander to that kind of disaffected libertarian sentiment.
As always in a democracy, the best way to put a stop to that is stop voting for them.
By Kathryn Jean Lopez
National Review Online.