TSA worker tried to sabotage terror database

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others. The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday 10 March and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network.

Duchak’s job was to update the CSOC database as new information arrived from these two sources. But on Oct. 15, he was given two weeks’ notice that his job would be terminated.

About a week later, on Oct. 22, Duchak allegedly transmitted the malicious code onto a CSOC server that stored data from the U.S. Marshal’s Service, according to the indictment. The next day, he allegedly loaded malicious code to a server containing the Terrorist Screening Database. The source involved in the case said the servers “are part of the system that contains the no-fly list” and added that the code, if it had gone undetected, could have traveled to a facility in another state that uses a similar computer system.

Duchak has been charged in the U.S. District of Colorado with two counts of attempting to cause damage to a protected computer. If convicted, he faces a possible prison sentence of 10 years and a $250,000 fine for each count.

Duchak’s attorney, David Lindsey, disputes the government’s charges and says that the system Duchak worked on was a beta system used for testing statistical analyses.

“It wasn’t connected to anything that had to do with security,” Lindsey said. “Before anything he had his hands on left, it went to another system before it got into any live system that did screening. As I understand it, it is a system that does statistical analyses on the systems that are up and running. And when the tests are run, those are done at one level and then [go to] a second level and then at a final level before the analyses are verified and passed onto anything you would call a live system.”

Lindsey said the CSOC servers that were allegedly targeted for sabotage were used for screening workers primarily and were only “remotely, remotely” related to passenger screening, though he could not elaborate.

“The government has been very misleading in the indictment and press release as to any potential harm [this might have caused] to the public,” he said, adding that the alleged malware was not a virus and will ultimately be shown to have been “nothing.”

New robotics and the legality of targeted killings

A recent symposium hosted by the Harvard National Security Journal discussed the topic “New Robotics and the Legality of Targeted Killings”.  The technology is here to stay, and it is being deployed to kill designated enemies of the United States and its allies.  What are the legal and ethical implications of this trend?  And what rules govern killing by pilotless drones in some of the most remote regions of the world?

Brett H. McGurk (International Affairs Fellow at the Council on Foreign relations, former Special Assistant to the President and Senior Director for Iraq and Afghanistan during the George W. Bush Administration and special advisor to the National Security Council under President Obama) observes that law and ethics can take a back seat to new tactics that turn the tide against committed enemies. 

Quote:

So long as the tactics are legally available, whatever the theory, then the tactics will be used.  In Iraq, there have probably been more Predator drone strikes than anywhere else on earth – and with tremendous effect, degrading extremist networks and decapitating leadership cells.  Drone attacks alone are not strategically sound, but when combined with a campaign to secure the population against common enemies, the strategic advantages are proven and empirical.  The same strategy is now being employed in Afghanistan.

The Obama administration has, quite rightly in my view, also increased the targeting of al Qaida and Taliban leaders in the ungoverned tribal areas of northwestern Pakistan.  Many of these areas at the moment are inaccessible to Pakistani security forces, but a longer-term campaign plan will see Pakistani forces deploying in force to secure its population.  Until that can happen however, without sustained surveillance and drone strikes, we would accept a sanctuary for terrorist cells committed to killing U.S. forces in Afghanistan and threatening the stability of Pakistan (a country with 172 million people and nuclear weapons).  Ten years ago we paid a price for leaving such a sanctuary unmolested, and no U.S. President is likely to take that risk again.  So the drones are here, and they are here to stay.

But with increasing warfare there is an increasing need to explain what we are doing to the public – and how new tactics are grounded in the rule of law.  The silence from the Obama administration in this regard is troubling and may prove to be a core weakness in an otherwise successful military program.  Even if there is little chance that a legal challenge would shut down the drone campaign, the United States could easily lose the moral high ground, which the Obama team has worked so assiduously to retain.

Indeed, without a vigorous defense from the Obama administration, the vacuum is being filled by a new and respected chorus arguing that drone attacks are illegal and, perhaps, even tantamount to murder.  Mary Ellen O’Connell, a law professor at Notre Dame, argues that drone strikes are “unlawful” under any purported theory of international law (she knocks down all of them).  Philip Alston, the United Nations’ Special Rapporteur on Extrajudicial Executions, concluded that drone attacks in the Pakistan region “may well violate international humanitarian law and international human rights law.”  The Chief Prosecutor of the International Criminal Court, Luis Mereno Ocampo, has asserted jurisdiction over all NATO and U.S. forces in Afghanistan and said the court is conducting a “preliminary investigation” of alleged war crimes committed in that theater.  “Whatever the gravest war crimes are that have been committed,” he told the Wall Street Journal, “we have to check.”

The Obama team needs to get ahead of this legal train.  In warfare, nothing always goes right, and it is inevitable that a drone strike will at some point go badly awry.  Our enemies might adapt and surround themselves with children, or live in schools, using human shields to invite public scrutiny in the event of their demise.  And while drones with GPS or laser-guided munitions are among the most precise weapons in the history of warfare, targeting errors and loss of innocent life are certain.  The United States should make its case now, therefore, to justify the drone program according to international legal standards.

That framework might be humanitarian law or it might be classic self defense, as proposed by my symposium colleague, Kenneth Anderson.  But whatever the theory, what is most important is that it is articulated, well reasoned, known to the public, and vehemently defended by administration lawyers and policymakers.  Saying nothing has allowed those opposed to one of our most successful military programs define the narrative – and could leave its operators high and dry when things go wrong.

There is yet another reason to define clear standards for the drone program:  “In warfare, what comes around – goes around.” Tad Oelstrom emphasized that simple maxim during the symposium, a point driven home by MIT’s Mary Cummings, who showed with alarming detail how easily drone technology is patterned and even piloted with an iPhone.  “Yes,” she said, “there is an app for that.”  We need rules for this untraveled road now – with sober reflection and foresight – rather than in the near future, and in reaction to unforeseen events, such as drone technology in the hands of terrorists with an Xbox.

The United States is certainly the dominant player in this field at the moment, but that will change as the technology is patterned and becomes more broadly available.  Policymakers in Washington would be well served, therefore, to do everything they can to retain the technological and legal edge by establishing the norms and standards of drone warfare before it is established by the Ivory Tower – or worse – our adversaries.

US State Department releases 2009 annual rights reports

[JURIST] The US State Department (DOS) on Thursday 11 March released its 2009 Country Reports on Human Rights Practices. Announcing the release, Secretary of State Hillary Clinton said that the US has recommitted “to continue the hard work of making human rights a human reality.” In its introduction to the reports, which covered 194 countries, the DOS noted that human rights violations have continued throughout the world, noting several global trends:

In 2009, governments across the globe continued to commit serious violations of human rights. As we survey the world, there still are an alarming number of reports of torture, extrajudicial killings, and other violations of universal human rights. Often these violations relating to the integrity of the person are in countries where conflicts are occurring. These violent attacks are a central concern wherever they take place.

In a significant number of countries, governments have imposed new and often draconian restrictions on NGOs. Since 2008, no fewer than 25 governments have imposed new restrictions on the ability of these organizations to register, to operate freely, or to receive foreign funding, adversely impacting freedom of association. In many countries, human rights defenders are singled out for particularly harsh treatment, and in the most egregious cases, they are imprisoned or even attacked or killed in reaction to their advocacy.

These restrictions and repressive measures are part of a larger pattern of governmental efforts to control dissenting or critical voices. This pattern also extends to the media and to new forms of electronic communications through the Internet and other new technologies. Restrictions on freedom of expression, including on members of the media, are increasing and becoming more severe. In many cases, such restrictions are applied subtly by autocrats aiming to avoid attention from human rights groups and donor countries, such as through the threat of criminal penalties and administrative or economic obstacles, rather than through violence or imprisonment; the end result is still a chilling effect on freedom of expression.

A third trend we observed is the continuing and escalating discrimination and persecution of members of vulnerable groups – often racial, religious, or ethnic minorities, but also women, members of indigenous communities, children, persons with disabilities, and other vulnerable groups that lack the political power in their societies to defend their own interests.

In Africa, the DOS criticized continuing conflicts in the Democratic Republic of Congo and Sudan. It also criticized Uganda for its treatment of homosexuals and Nigeria [JURIST news archives] for extrajudicial killings.

In East Asia and the Pacific, the DOS criticized China for its increased Internet censorship and Myanmar for attacks on ethnic minorities. The DOS also criticized North Korea for denying citizens freedoms of expression, assembly, and association, and Vietnam for suppressing dissent.

In Europe and Eurasia, the DOS said that the situation in the North Caucasus region of Russia has worsened. The DOS also criticized Belarus for restrictions on civil liberties and Switzerland for passing a constitutional amendment banning the construction of minarets. The Department noted an increase in the killings of Roma people in Italy, Hungary, Romania, Slovakia, and the Czech Republic.

In the Near East and North Africa, the DOS criticized Egypt for failing to respect the freedom of association and the freedom of religion and Saudi Arabia for violence against women. The DOS also criticized Iran for human rights violations following the disputed presidential election last June, Israel for violations during last year’s Operation Cast Lead, and Iraq for ongoing rights abuses.

In South and Central Asia, the DOS said human rights had deteriorated in Afghanistan because of increased insurgent attacks. The Department said that civilian authorities had taken positive steps in Pakistan, but that significant challenges remain. The DOS criticized Sri Lanka for using excessive force before the end of the conflict with the Liberation Tigers of Tamil Eelam (LTTE) last May and Uzbekistan for restricting freedom of the press.

In the Western Hemisphere, the DOS praised Colombia for an active independent media, but warned of intimidation by members of illegal armed groups. The DOS criticized Cuba for interfering with the right to privacy and Venezuela for attacking private media owners.

GCHQ staff lost 35 laptop computers

Staff at GCHQ, the UK government’s electronic eavesdropping centre, mislaid 35 laptops and it was not known whether the computers contained top secret information because of the agency’s “haphazard” monitoring system, it emerged on 11 March.

The computer disappearances were revealed in the latest report by the parliamentary intelligence security committee (ISC), which also expressed concern about GCHQ’s failure to meet the growing threat of cyber attacks, both state-sponsored and by Islamist terrorists.

Referring to the mislaid laptops, the report described GCHQ’s attitude towards valuable and sensitive assets as “cavalier” and “unacceptable”.

A GCHQ spokesperson said there was no evidence that any of the material on the laptops had “got into wrong hands”, but admitted: “Given the state of the records, there is no way of confirming that”.

The ISC said work to tackle the threat of electronic attacks was “about one-third below the level planned”.

It added: “We have been told that the shortfall is because of the difficulties GCHQ has had in recruiting and retaining skilled internet specialists in sufficient numbers.”

Unexplained delays in Gordon Brown’s decision to clear the report mean the period covered by it ended eight months ago.

Kim Howells, a former Foreign Office minister and the Labour chairman of the committee said today the report was “therefore considerably out of date”.

He also described as a “matter of great disappointment” an eight-month delay between the time the government promised to hand over guidance given to MI5 and MI6 officers engaged with detainees and terror suspects abroad.

The committee’s views on the guidance, which was eventually handed over in November, have been sent to Brown, who has the power to the censor its reports as well as over the timing of their publication.

Today’s report, which covers a seven-month period up to last July, is studded with asterisks where information considered to be sensitive has been suppressed. These areas include the money spent by MI5, MI6 and GCHQ. The one figure the report does publish is £2bn, described as the single combined expenditure of the three agencies.

The document refers to “critical weaknesses” in the way GCHQ manages its contracts, including what it describes as very large and unidentified sums involved in providing the Cheltenham-based agency with a “signals intelligence modernisation programme”.

In an attempt to attract more recruits, GCHQ is using video boards on the London underground and “mass marketing along commuter routes into London”, the ISC report said.

MI6, the agency responsible for intelligence-gathering abroad, is also now advertising for recruits on the London underground.

The recent expansion of MI6 has exacerbated the problem of managing data, with an accompanying risk described by the head of the agency as “not knowing what we know”, the report disclosed.

European Day on Remembrance of the Victims of Terrorism

On 11 March 2010 the EU celebrated the 6th European Day on Remembrance of the Victims of Terrorism. In this occasion, the EU Counter-terrorism Coordinator Gilles de Kerchove made a statement, indicating assistance to the victims of terrorism as a priority of EU counter-terrorism policies.

“Terrorists are criminals who de-humanize us in order to legitimize our killing; supporting the victims of terrorism is essential to deglamourize terrorism in the minds of those who consider terror a legitimate tool for political action. I believe that policies of international solidarity with the victims of terrorism also offer strong prevention value by mobilizing civil society against the consequences of terrorism on ordinary citizens”, the EU Coordinator said.

Gilles de Kerchove also called EU to further develop policies of international solidarity with the victims of terrorism.
“I believe that policies of international solidarity and assistance to the victims of terrorism must be based on four core principles: Recognition, Memory, Justice and Reparation”, the Coordinator added.

De Kerchove concluded by saying that he expects an actionable Commission proposal by the beginning of 2011 for a comprehensive instrument providing common minimum standards for international solidarity with the victims of terrorism, including measures to address the compensation to EU citizens who suffer a terrorist attack outside of the EU.

Click here to watch a video interview to de Kerchove.