Roundtable with Secretary of Homeland Security Michael Chertoff
Andrew Storms – nCircle, George Ou, DHS secretaries, Secretary Michael Chertoff
Photo credits: Martin McKeay, photo 1 and photo 2, Attribution-ShareAlike License
I had the pleasure this Tuesday of meeting Secretary of Homeland Security Michael Chertoff along with a small roundtable of bloggers in Silicon Valley and the San Francisco Bay Area. The event was hosted by the Hoover Institution at Stanford University in a really high-end conference room with a round table, seats for an audience, and video conferencing gear mounted high up.
UPDATE 11/13/2008 – Martin posted more comments and photos and Andrew posted his wrap-up here.
Martin McKeay got the call and invited me and Andrew Storms to the event and it was fortunate that he did because there was only the three of us and one reporter from the San Francisco Chronicle Deborah Gage besides the Department of Homeland Security (DHS) staffers and Mr. Chertoff. Martin already posted a good wrap-up here and he put up the whole audio session on his regular podcast. I just wish I had grabbed Martin’s camera and got a shot of him and Mr. Chertoff at the other end of the table. Deborah Gage has a summary posted here at the SF Chronicle. Andrew posted a series of nice photos here.
I personally thought the event was fruitful and I very much appreciated Mr. Chertoff’s time as well as his candid and straight forth answers. I wish him well in whatever endeavor he moves on to after President-elect Obama’s transition.
Mr. Chertoff talked about the challenges of their relatively new organization and the understandable growing pains they’ve had trying to get their own house in order. The DHS struggled with failing grades in the federal information security standards in its first 3 years of operation but managed to raise its grade to a “D” in 2006 and a “B” in 2007. I know the media and the blogosphere usually have a field day blasting the feds for this but from my personal experience in information security, private businesses are not much better than the federal agencies. The press recently had their own black eye at the 2008 Blackhat event this summer. I’m certainly not trying to make an “everyone does it” excuse and the point I’m trying to make is that security is everyone’s problem and we can all use improvement.
One of the things I complained about to Mr. Chertoff about was the lack of encryption security on all the laptops that are frequently lost or stolen by the various federal departments. I’m all too familiar with the letters from the Veteran’s administration that my private information was compromised. The two questions that need to be answered is what were those laptops doing with all that data in the first place and why weren’t those hard drives encrypted.
Mr. Chertoff answered by examining the root cause of the problem which is the question of why we even care about all this personal information such as social security number, mother’s maiden name, and other unique tidbits of our identities to begin with. The bigger question is why are we relying on these easily obtainable static secrets to begin with. I agree with Mr. Chertoff and I’ve been a long time proponent of strong authentication technologies. Unfortunately, the United States is far behind Europe and Asian countries when it comes to adopting smartcard strong cryptographic technologies which not only make life more secure but also more convenient. With strong token based authentication technologies and other digitally signed identification cards, we would no longer need to bother with such easily breakable security measures. The think tank which I work for Information Technology Innovation Foundation (ITIF) issued a report about Digital Quality of Life which shows all the social benefits of the IT revolution.
The problem for the time being is that while we wait for the day banks and institutions no longer rely on our social security numbers, our mother’s maiden name, and other “secrets”, we’re all vulnerable. Governments and businesses must handle our data with the utmost security and care. The challenge is that our data is so dispersed and handled by so many different entities that all it takes is a single leak to compromise our sensitive personal data. This is where federal security guidelines as well as mandatory public disclosure rules for companies that lose customer data can make a significant difference. If companies don’t need to disclose a breach in security, they often view data theft as an acceptable cost of doing business compared to the cost of implementing stronger security measures. When a company’s public reputation is on the line because they have to notify the public of any security breaches, the cost of failure often becomes high enough that it justifies security measures that were once deemed too high.
Lastly, we closed the session with a discussion on the “no-fly list” becoming too diluted with the alleged million names. The million name no-fly list figure has been repeated so often in the press and blogosphere that most of us have come to accept it as “fact” and I’m ashamed to admit that I’m guilty of believing this urban legend since I asked Mr. Chertoff the question. The problem is that there aren’t a million names on the no-fly list or anything remotely close to it. The DHS recently disclosed the actual number to be 2,500 people on the actual no-fly list and 20,000 people on the total selectee list.
However, that 20,000 list has many permutations in the way names are potentially spelled and arranged that the effective list is many times more than 20,000 names. Sometimes there might be a common name on the list that may be shared by many people. Mr. Chertoff explained that people can actually get themselves off the list if they were to give a little more detail about themselves to the airline such as a birthday so that the airline can filter them out of the list, but the airlines will need maintain a more detailed database and go through with the filtering. Next year this may become easier when the DHS will send the list to the airlines so that they can compare the list to their manifests rather than the current system where the airlines have to send lists to the DHS.
What I’m wondering is why the airline can’t simply check the passport on the spot and look at the birthday to see if it matches the no-fly or total selectee list rather than refuse to let the individual fly because of a false positive. We can also leverage technology where the newest digitally signed E-Passports could be prescreened so that a simple check of an E-Passport should allow any passenger to quickly and positively prove their innocence and avoid the nightmare of a no-fly false positive.
Many of the challenges in security we face today are not technical but social. These social issues must be overcome to make people secure as possible while making life easier. But too many technically uninformed people are scaring the public with claims that E-Passports or strong authentication mechanisms are somehow all about tracking and controlling the movements of citizens when none of these fears are grounded in reality. Tracking exists today every time someone uses a credit card or ATM card and all it takes is a court order to access that information yet people are generally willing to use those technologies for the convenience, discounts, and safety they offer. But because of the many unfounded fears of new technology, we are left in the worst state of technology where people want just enough to be dangerous but not enough to be secure. I only hope that through education, we can eventually get people accept strong authentication technology which will improve the lives of everyone.
Interesting discussion indeed! I am in completely agreement over the issues around SSNs and ID. I find it incredulous that I need to provide a video rental store with almost enough information to open a bank account or get a passport, just to rent a copy of "Total Recall". I was flabergasted in college that my SSN was my student ID number, as well as the account number of my student debit account, which was then printed on every receipt from the student convenience store. I was shocked when I was looking into getting a satellite TV system, and they wanted all of the information to do a full credit check BEFORE even quoting me a price; I refused to do so, because they don’t need that information as far as I am concerned.
This country desparately needs a smartcard ID which is controlled by the federal government and available to anyone regardless of their legal status. Period. I think that it is rediculous that if you don’t have a driver’s license (and you really don’t need one in a lot of places) that you are persona non grata as far as half of the institutions out there are concerned. Even more shameful is that things like a family Bible with baptismal dates, or school admittance papers is considered proof of age and identity in many states… the drivers license is considered "Strong ID" because it comes from the government, but it is trivial to get one! Furthermore, I would rather see people of non-citizen status (regardless of how they got here, and whether or not they are supposed to be here) have ID that universally works, than to not have ID. Finally, it is a royal pain in the neck to write processes and systems that take into account all of the various forms of ID out there… SSNs, drivers licenses, green cards, alien registration numbers, etc. Look at the instructions for the I-9 form for an example. I would much rather see 1 system, 1 number, 1 verification.
Is it "Big Brother"? Maybe. But in this case, I would rather have "Big Brother" than "no supervision" like we have now, leading to the current mess.
J.Ja
Smartcard IDs have public keys which don’t compromise you. You give people your public key which has been bound to your identification and signed by the government as a trustworthy authority. You keep your own private key private along with all your other private information.
"I would rather see people of non-citizen status (regardless of how they got here, and whether or not they are supposed to be here) have ID that universally works, than to not have ID."
Or worse, those people have a fake ID with your name and/or social security number.
"Is it "Big Brother"? Maybe. But in this case, I would rather have "Big Brother" than "no supervision" like we have now, leading to the current mess."
Having one strong ID just makes a lot more sense than having a bunch of weak and worthless IDs where other people get to steal your identity and ruin your credit line or worse. I think it’s gotten to the point where the E-Passport will soon become the only strong form of identification. Too bad I can’t give people the public key from that thing and use it electronically.