Friday, January 8, 2010

Robert X. Cringely Takes Down the U.S. Government

Fearless reporter Robert X. Cringely tells it like it is. He undressed the government "security" system right before you eyes. He points out that the bozos spending billions can't do as well as a typical credit agency does in tracking people and identifying risks. And he assures you that despite the recent bombing attempt, it won't get any better. Read and weep...
This column is about homeland security, which is something our government isn’t very good at and I predict won’t get any better at this year because of a systemic inability to do correctly even the most basic things to protect our society, our privacy, and our way of life.

President Obama this week proposed some changes in how homeland security is managed following that Christmas Eve attempt to explode an airliner as it was landing in Detroit. These changes are minimal but I doubt they’ll even be implemented because this is a system that inevitably reverts to little fiefdoms run by idiots.

Can you tell I’m pissed-off?

I saw this coming. Here’s something I wrote in this space on September 13th, 2001, two days after the World Trade Center and Pentagon attacks:
“…. The most important reaction to terrorism that a free society can show is to not give in to it. But not giving in takes many forms, and I fear that some of the official reactions to the events of this week will take the form of effectively giving in if they also mean that we give up our freedom. “To a man with a hammer, everything looks like a nail,” wrote Mark Twain. In the current, context this means that the organizations charged with reacting to this catastrophe will do so by doing what they have always done, only more of it. Congress, which controls the budget and passes laws, will want to pass laws and to allocate more money, lots of money, forgetting completely about any campaign promises. The military, which is the nation’s enforcer, will want to use force, if only they can find a foe. The intelligence community, which gathers information, will want to be even more energetic in that gathering, no matter what the cost to the privacy of the millions of us who aren’t thinking of terrorist acts. And agencies like the Federal Aviation Administration, which regulate, will want to create more stringent regulations. Now here is an important point to be remembered: All these parties will want to do these things whether they are warranted or useful or not…. ”
That was more than eight years ago, yet not much has changed since then except the names of the agencies and the length of the queues. The current crisis is one that should have been foreseen, officials from the President on down admit, and the fact that it wasn’t worse comes down to terrorist incompetence, citizen bravery, and nothing else. The government had all along the information to stop this guy but they didn’t do it.

Instead of just complaining, let’s take a look at the issue from another angle. Contrast these three situations: 1) you are sitting in a hotel bar in Mongolia and want to use your Visa card to buy a round of drinks for your friends, and; 2) your Mom is at the check-out counter at a Sears store when the clerk asks her if she wants to apply for a Sears credit card and save 10 percent on her order, and 3) a possible terrorist with a dubious travel record and suspected al-Qaeda connections is standing in line at a European airport waiting to board a flight to the U.S. that leaves in an hour. What happens in each of these cases?

In Mongolia the bartender takes your card and authorizes it in seconds across a 12,000-mile round-trip. At the Sears store the transaction is not only authorized in less than a minute, but a new account is created and both your Mom’s identity and her creditworthiness are established and calculated on the spot, along with her discount. Meanwhile the airline, airport, local security, European police, Interpol, Transportation Security Administration, Department of Homeland Security, Customs Service, FBI, CIA, and NSA can’t between them figure out in an hour whether this guy standing in line in Holland should be allowed on the plane or not.

How is it that we can run our credit card operations so well and our national security so poorly?

I’ll answer that in a moment but first another anecdote from my files.

I wrote a column awhile back in which I explained that while the U. S. Government has little to no idea how many illegal aliens there are in America, the big credit reporting agencies know exactly how many:
“… The credit reporting agencies have a handle on total numbers and have a lot of information on specific individuals. So members of the gray economy are, for the most part, not invisible at all, just difficult to identify as individuals. But thanks to data mining down at the credit bureau, it is getting harder and harder to hide. A lot of this sleuthing comes down to a surprising artifact, the Social Security number. One would think that surprising for an economic class of people best known for not having Social Security numbers. Ah, but they do have Social Security numbers, just not their own. You need a Social Security number to sign up for utility services, for example. No Social Security number, no electricity, gas, phone, or satellite TV. So what’s a poor alien to do? They go down to some local hangout and buy a Social Security number to give to the utility. This has to be a legitimate number or it won’t fly with utility computer systems, but does it have to be the customer’s own number? Good question. Here’s where we have an interesting business ethics issue. Say you are the electric company and someone tries to set up service using a Social Security number that already exists in your database and is clearly borrowed, bought, or stolen. What do you do? Most utilities go ahead and set up the account, because to them what counts is whether the new customer will actually pay that bill and it turns out that people operating on such borrowed numbers are more reliable bill payers than the rest of us. They can’t afford to get in trouble with the electric company because that would draw attention to them. So there is a tacit agreement between the parties that a Social Security number must be provided because that’s the rule, but if it happens to be someone else’s Social Security number, well that’s okay. The funny thing about this is the impact it has to have on the person who was originally assigned that Social Security number by the U. S. government. Rather than hurt their credit it actually helps because there is so much evidence that they are good at paying their bills! Of course the credit bureau notices something and that’s why they are so able to estimate numbers in the first place. They know what Social Security numbers are being overused and can probably even trace the genealogy of that number as it makes its way across the country. Here’s an amazing fact: some individual Social Security numbers are in use right now by up to 3,000 people and it isn’t at all unusual for a borrowed number to be used by 200-1,000 people at the same time… ”
Okay, that’s interesting and weird, but let me tell you about the phone call I got later about it from the U. S. Department of Homeland Security.

“The credit bureaus can really do that? ” Mr. Homeland Security asked. “Do they really have that kind of data? Who can tell us more about this? ”

I am not making this up.

That was in 2007 — six years after 9/11 and the people who had already spent billions of dollars making us safer by gathering information had no idea at all what kind of information was already being gathered.

I don’t know what happened after that but I can make a good guess. My guess is that the folks at Homeland Security if they actually bothered to follow-up on the contacts I gave them probably decided they needed to spend more billions and build a similar information system for their own use — yet another fiefdom — and that system will be operational sometime this decade.

I have a better idea. Why not outsource the whole screening process to the credit agencies? Don’t build a new system, just throw a few extra fields in the existing records — fields like “terrorist associations” or “U. S. citizen” — fields that can be populated only by that long list of agencies I mentioned up the page. If there are security or privacy concerns then encrypt these new fields and limit access.

Of course credit agencies make mistakes, too. But it is a generally functional system, which is more than I can say for the way we’ve been running Homeland Security so far.

Sadly I can predict, too, that what I suggest here will never happen.
In my working life I had occasion to deal with government agencies (and military) and I can attest that these bureaucracies are mainly brain dead. All large organizations tend toward incompetence. Even in the world of private enterprise there is a lot of incompetence, but too much incompetence means you go out of business. So there is a natural thinning process that removes the most egregious incompetence. Sadly, there is no such remedy for government incompetence.

Don't get me wrong. Government is essential to a civilized society. But we have to be honest. Most governments are filled with timeservers and incompetents. There are far too few mechanisms to weed them out. I generally favour outsourcing government services, i.e. leave a government bureaucracy in place to set the policies and standards, but let private enterprise compete to provide the services. That is probably the best you can hope for.

In this spirit, Cringely's recommendation makes sense: outsource the screening process. Allow the spy agencies their secret data fields but turn over the tasks of data storage & maintenance as well as data queries & data mining to external agencies with real competence. Move as much as possible out of the hands of the security agencies and force them to focus on the one critical task that is their responsibility: find, track, & apprehend the terrorists.

No comments: