Tuesday, May 03, 2005

Oh, Those  Dangers of Outsourcing, Part III



Excel-web sharing of spreadsheetsIn April, insurance firm Northwestern Mutual proudly announced to the world that it routinely ships policyholders' personal data overseas to save money on IT costs. The venue was Gartner's Outsourcing Conference.

NM CIO Barbara Piehler explained the rationale: they weren't getting enough out of offshore contractors because of an internal restriction on shipping customer data offshore. And that, "limits what you can do offshore." So senior executives removed the internal obstacle to allow customer data to transit overseas.

But some federal regulators believe that shipping customer data overseas carries significant privacy risks. The FDIC noted last year that service firms in the US adhere to a completely different standard than those overseas. Who vets the outsourcers' employees, for instance?

Worse yet, Northwestern Mutual hasn't informed its 3 million policyholders that their personal data can be viewed by offshore workers. Phil Fersht at the Yankee Group is not enamored with this practice. "Beyond... ethical responsibility, you don't want your customers to have a nasty surprise if something goes wrong."

In my opinion, NM is undertaking a huge set of risks for what appear to be minimal rewards:

  • Some customers, certain to be aware of the offshoring trend, will not be pleased to find out that their personal data is transiting back and forth to India. They will likely change insurers once they discover this nugget of information.

  • There's been no explanation of any vetting process for the outsourcer's employees (e.g., a background check that would be routine in the U.S.). The risk is that the NM will be victim to fraudulent transactions that are very difficult to detect. The recent Citibank call center fraud, in which twelve persons tied to the outsourcing firm were arrested, is a case in point.

  • The targeting of Indian IT outsourcing companies by terrorists raises the specter of other, even more serious risks.


  • There are rumblings in certain state capitols, as well as Washington, that something needs to be done about this practice. Here's hoping that regulators and legislators deal with this issue quickly and comprehensively. Consumers shouldn't have to worry that the next ChoicePoint-style privacy conflagration will begin burning in Bangalore.

    Anyone up for a blogswarm?

    Information Week: The hard road to offshoring
     

    Rafsanjani


    Picture credit: Pritchett Cartoons
    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueHashemi Rafsanjani. The man believed to be the frontrunner for the presidency of Iran. A man dedicated to acquiring nuclear technology. A man who threatens use of nuclear weapons against Israel.

    On April 8, Iranian TV aired Rafsanjani's Friday speech at Tehran University:

    Rafsanjani: The teachings of Jesus do not exist in the Christian world today. They cannot serve as popes and spread the teachings of Jesus, and at the same time disregard the crimes that America commits all over the world. It's true that they opposed the war in Iraq, but America's crimes aren't limited to that. What America does all over the world in the name of the war on terrorism, the way in which it plunders the resources of peoples in needy and backwards countries, its aggression in international organizations, which belong to all of the world's peoples, and the inflammatory propaganda it uses in order to undermine other countries – all of these certainly contradict the spirit of the teachings of Jesus. Jesus compared the money-grubbing oppressors of his time to man-eating vipers and confronted them, so how can the Pope's functionaries remain indifferent when they see the oppression committed by the international arrogance? Therefore, a heavy responsibility lies on their shoulders. They should raise a great outcry against America. They should say to the Americans: Through the crimes you commit you disgrace Jesus, because you use the names of Jesus and the church to win over many votes in the American public.

    Crowd: Death to America

    Death to America

    Death to America

    Death to America

    Death to America


    MEMRI: Former Iranian President Hashemi Rafsanjani
     

    Monday, May 02, 2005

    Financial Ruin: It's Automatic



    Picture credit: Elder Law St. Louis
    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueTime Magazine's Blog of the Year continues its run of outstanding commentary. John Hinderaker posts the following ominous missive on the failure of either party to get serious about addressing out-of-control entitlement spending.

    And, yes, the MSM/DNC is worse -- much worse -- than the GOP because they fail to even acknowledge the problem. It used to be that both parties would step up to challenges together to confront true threats to the United States.

    But the Democratic leadership is no longer acting in the best interest of Americans. They are, instead, on a course of obstructionism for obstructionism's sake. And that spells the continued, catastrophic meltdown of the Democratic party. Read on:

    Entitlements are devouring the federal budget and, if they are not checked, will inevitably dictate higher taxes and a downward spiral of slow growth and unemployment. That's the way it looks to me, anyway. And no one is doing anything about it. The "cuts" proposed by the Republicans are so trivial as to be merely symbolic, as is the ritual faux-outrage expressed by the Democrats in response. Dafydd ab Hugh dissects the latest round of fake "cuts" and fake "outrage":

    Those nasty, brutish, and short Republicans are once again trying to take the pills that Grandma needs right out of her mouth, according to the Associated Press. Here is the scareline of the AP article:

    House Passes Budget That Cuts Medicaid

    Oh, no -- cutting Medicaid! Granny will have to choose between antibiotics and bread! The first two paragraphs make clear the perfidy of the Republicans:

    WASHINGTON (AP) - The House narrowly passed a $2.6 trillion budget Thursday evening that would cut back the Medicaid health care program for the poor for the first time since 1997 in a step toward trimming federal deficits.

    The 214-211 vote approved a blueprint that instructs lawmakers to freeze or cut spending in many domestic programs outside defense and homeland security and restrain farm, student loan, pension and some other government programs that grow automatically from year to year....


    So what are the specifics? How much will the dastardly Republicans slash from Granny’s health care?

    The budget would shave automatically increasing benefit programs by $35 billion over five years while also cutting taxes by as much as $106 billion over the same period.

    Medicaid, the federal-state health program for needy and disabled Americans, gets marked for the single biggest change, a $10 billion reduction over four years....


    Wait a moment... the new budget plan would shave the “automatically increasing” program? What exactly does that mean? Here is the kicker:

    Without any change, the Congressional Budget Office expects the government to spend $191 billion on Medicaid next year and more than $1.1 trillion over the five years covered by the budget.

    In other words, we originally anticipated spending an average of more than $220 billion per year over the next five years... which is an average increase of nearly $30 billion per year (15%) over the 2006 budget; but under the Republican plan, this would be reduced by $10 billion over four years, or an average of $2.5 billion per year.

    In other words, the “cuts” to Medicaid under the new budget would mean that instead of increasing the Medicaid budget by $30 billion per year -- we’ll only increase it by $27.5 billion per year!

    To Nancy Pelosi, that’s a pay cut so staggering it amounts to “an assault on our values!”


    Any truthful discussion of entitlement spending seems to be impossible. So the escalator just keeps on rising. It's automatic.


    Powerline: Financial Ruin: It's Automatic
     

    Scanning Cargo Containers



    Excel-web, collaborative sharing of spreadsheets over the InternetIn a recent blog post, I critiqued an anonymous column in CSO Online. Its basic premise was that we've spent too much money for too few results in the area of homeland security. One of its strawmen indicated that -- because we're only searching 3% of containers that enter the country -- it would be impossible to search significantly more, thus we should simply not bother. We should spend the money on reducing the deficit. Or a giant block party for the entire country on July 4th. Or something like that.

    Anyhow, among other things, I pointed out that a few dollars sensibly invested in container-scanning technologies could provide a dramatically increased capability for securing ports of entry. Sure enough, I recently noticed the following new cargo-scanner:

    Container Inspection

    * Enables the terminal to scan high volumes of containers in normal traffic.
    * Provides useful, timely data to help identify and inspect high-risk containers.
    * Integrates data from many sources, including legacy and third-party systems.
    * Increases throughput by collecting and storing data quickly for later analysis.
    * Can serve as a central component of a layered, comprehensive security solution.
    * Open-architecture design facilitates integration and expansion.

    ...ICIS can collect data from cargo-scanning systems throughout the terminal, including legacy and third-party systems... [and] offers these high-speed scanning capabilities:

    * Gamma ray imaging: The VACIS® gamma ray imaging system provides radiographic images of container contents.
    * Radiation scanning: The EXPLORANIUM™ Radiation Portal Monitor (RPM) provides a graphic profile of radioactivity levels inside the container.
    * OCR: OCR portal system technology automatically identifies containers to enable ICIS to integrate data for each container.


    Integrated Container Inspection System (ICIS)
     

    Moderately priced computing: 14 May 1952



    Excel-web sharing of spreadsheetsThis is some old-school computing. Ed Thelen's site represents a cyber-museum of antiquated and long-forgotten computing technology and is well worth visiting.

    Until recently, all commercially available general purpose automatic digital computers were large and cost many hundreds of thousands of dollars. Within the past year, however, a number of manufacturers have developed smaller, more compact (usually slower) automatic computers for sale at less than one hundred thousand dollars. Nearly all of these smaller computers use magnetic-drum storage. With this drastic reduction in the cost, it has become possible for agencies with modest budgets to consider acquiring such machines. Interested agencies, therefore, can evaluate the now available machines to determine which, if any, can best satisfy their scientific-computing or data-handling needs...


    COMMERCIALLY AVAILABLE GENERAL-PURPOSE ELECTRONIC DIGITAL COMPUTERS OF MODERATE PRICE
     

    Who is the blogosphere's favorite columnist?



    (Picture credit Political Friendster)
    Excel-web sharing of spreadsheetsThe invaluable RWN solicited the opinions of 200 right-of-center bloggers, asking the question: who's your favorite columnist? My personal favorites? Steyn, Krauthammer and Goldberg. Visit RWN for the entire list, but here's the top ten:

    10) Peggy Noonan (30)
    9) James Lileks (36) -- 1
    8) Ann Coulter (45) -- 4
    6) Michelle Malkin (48) -- 1
    6) George Will (48) -- 1
    5) Thomas Sowell (58) -- 3
    4) Victor Davis Hanson (72) -- 3
    3) Charles Krauthammer (75) -- 4
    2) Jonah Goldberg (76) -- 3
    1) Mark Steyn (96) -- 24


    RWN: Right-Of-Center Bloggers Select Their Favorite Columnists
     

    Camera Phones to the Rescue



    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueThose who claim that camera phones are a privacy disaster waiting to happen... have probably never been bitten by a Brazilian Wandering Spider.

    If you happen to come across giant spiders in your kitchen every now and then, you might want to pay attention to this one. A British chef bitten by the world's deadliest arachnid was saved after snapping a photo of it with his camera phone.

    According to a story in the Times Online, Matthew Stevens was bitten twice on the hand by a Brazilian Wandering Spider as he cleaned behind the freezer of his pub. The creature, not generally associated with life in England, is believed to have arrived as a stowaway in a box of bananas.

    Before the swelling and dizziness hit, the 23-year-old snapped a picture of his assailant to prove to friends just how big it was (very big--about 5 inches).

    Later, as Stevens' condition deteriorated and doctors fought to save his life, they were able to send the picture to experts at the Bristol Zoo, who identified the spider and told doctors which type of anti-venom was needed.


    Camera phone saves man from deadly spider
     

    Sunday, May 01, 2005

    Guess-the-Google



    Picture credit: Grant Robinson
    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueGrant Robinson's got some serious Flash skills. Noted for his Scribble app, which resembles a simple, thick-client painting program, he's also come up with a unique game based upon Google images.

    Guess-the-Google presents you with a set of images that were generated using a single word query of Google's Image Search. Your job? Guess the word used to generate those image results. Entertaining and maddening, it's fun for the whole family. I laughed. I cried. It very nearly changed my life.

    Guess-the-Google
     

    Saturday, April 30, 2005

    Getting Rid of the Highly Irritating 'Swat the Fly' Ad


    Picture credit: BBA
    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueThere's an ad floating around the web called 'Swat the Fly'. It's a rude piece of offal, which emanates a hideous buzzing noise every few seconds. Here's how to rid yourself of this dung, which is slightly less useful than an integrated ashtray in a child safety seat.

    If you know what you're doing, edit your hosts file, which can be found in your Windows folder. You can edit the file using Windows' Notepad. Remember to make a backup in case you mess anything up. And, no, I explicitly disclaim any liability for anything you do to your machine.

    Here's what my file looks like. The line with tribalfusion in it will suppress the fly from hell.

    #
    127.0.0.1 a.tribalfusion.com


    Here's what the rest of the Internet thinks of this horrid secretion. That some marketer got the okay to distribute this Flash-based diarrhea is truly frightening.
     

    When the Lawyers Come Around



    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueMy friend Pete recently changed jobs, leaving IBM's Workplace team. He's the flighty type, as his new role at Kubi Software will be his third job in twenty years.

    At IBM, Pete was a senior technical lead responsible for various aspects of the Notes/Domino product offering. And when he left, he blogged a few closing thoughts on his IBM career: what attracted him to IBM (a perceived career path for technical folks) and why he ended up leaving the organization (perhaps that the technical career path wasn't quite as he'd envisioned).

    In any event, after reading these posts (and pointing a few of my compadres to them), I was going to write a post about technical career paths and how they should (but seldom do) work.

    Lo and behold, the posts were gone. When I emailed Pete about them, he told me about the phone call and email he'd received. Something to the effect: please don't disclose our proprietary and confidential information including opinions on our development process. So Pete obliged and pulled the two entries related to IBM.

    In my opinion, there wasn't anything a bit proprietary and confidential in the posts. Just some honest impressions regarding IBM's management approach and how the technical career path could have functioned. In my opinion, IBM senior management should spend more time grokking unvarnished impressions from talented senior staff... and less time quashing criticism. But that's just me.

    Update: Pete writes, "...one factual error - it was my previous post about the interview question..." that turned out to be an issue. Nonetheless, I'll stand by my impression regarding senior management.

    * * *

    As an aside, a brief foray onto the Kubi website indicates: (a) that they sell email workflow and collaboration software (definitely an interesting area); and (b) they secured $8 million in venture funding (which means they must be executing diligently on their product and marketing roadmap). Sometimes I really miss Massachusetts.
     

    Friday, April 29, 2005

    Was Integrating IE and Windows Explorer a Good Idea? Part II



    Excel-web sharing of spreadsheetsThe discussion on the JOS forum related to whether Windows was poorly designed or not continues. Myron takes the general position that Windows was not poorly designed and that most security vulnerabilities in Windows are based upon buffer overflows. I disagree. Here's the latest:
    (Picture credit R C Vaughn)

    #1 List a security vulnerability that was caused by poor design. So far you haven't. All you've done is make vague statements.

    Follow me here...

    #2 How is the registry a security vulnerability? And how is it poor design? I wish Linux had a registry.

    Examples: how is it that malware can write to the registry and secrete away a myriad of automatic, surreptitious startup options? Wouldn't it make sense (at least) to let the user in on that little secret? Extra credit - how is it that the default address book was programmatically accessible without some sort of authentication step, the cause of scores of email worms and untold labor hours?

    #3 While one could argue that COM is very complicated, I don't think you could call it "poor design". If you think it is, please cite some specific examples.

    It's a horrible design. Simply put - why do you think SOA/SOAP/UDDI/etc., for example, have de facto replaced *COM* and CORBA as the leading method for marshalling services (even localhost services)? Because *COM* and CORBA were so great? No, because they were overly complex and nightmarishly difficult to work with: i.e., poorly designed.

    #4 "DLL hell" is more the fault of crappy installers than anything.

    And why, then, has Microsoft dramatically evolved DLL handling by the OS over the years? It's been a huge point of weakness in the OS and you should readily admit it. They do.

    #5 No, browser helper objects aren't a security vulnerability. BHO's don't magically install themselves. They are installed by a user after clicks Yes. If you disapprove of an extensible browser interface, then you must really hate Mozilla plug-ins.

    And how does the average user list the installed BHO's - most of which are pure malware? How about removing them? If your Mom has a BHO polluting her machine, what's your recommendation for getting rid of it? Some third-party product? BHO's are, flat out, a security _nightmare_. Poor design: think CRUD without the RD and you've got BHO's.

    #6 Mandatory access control is certainly an improvement, although I don't think it's quite ready for mainstream deployment yet. It is available in Windows via 3rd party add-ons. Either way, you can't cite this as proof that Linux is somehow "better deisgned" than Windows, since this is a fairly new addition to the Linux kernel.

    Please name a third-party Win32 product that adds MAC - I've been looking for one and have not found a thing. I sincerely would like to see one for a project I'm working on.

    #7 I could argue that Microsoft's ACL and Active Directory system allows for far more granularity than Unix's UGO system.

    The ACL/ACE structure is quite powerful and I would agree that in many ways it is superior to the Unices approach. That said, the relative merits of ACLs are tangential to the overall security of a box... compared with, say, MAC/RBAC integrated at the kernel level.


    JOS: An ongoing discussion
     

    Thursday, April 28, 2005

    Introducing One of the "Seven Judicial Fanatics"



    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueIf you're interested in knowing a little bit more about the "seven Judicial fanatics" (or so says "Crazy Al" Gore), I located a brief biography of Janice Rogers Brown on Wikipedia. This is an excerpt.

    Janice Rogers Brown is the daughter of a family of Alabama sharecroppers. She received her B.A. from California State University in Sacramento in 1974, and her Juris Doctorate from UCLA in 1977. She has now been on the California Supreme Court for nine years.

    She wrote the majority opinion upholding an amendment to the California Constitution prohibiting affirmative action for women and minorities and dissented from an opinion striking down a parental consent law for abortions.

    Brown has also surprised some conservatives with traditionally liberal positions on criminal sentencing and freedom of speech. She was the lone justice to contend that a provision in the California Constitution requires drug offenders be given treatment instead of jail time.


    Ayup. She's got judicial fanatic written all over her.

    Wikipedia: Janice Rogers Brown
     

    Time to Level Playing Field for Gun Makers



    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueThis is another classic, beautifully written article from John Lott:

    Every product has illegitimate uses and undesirable consequences, but even lawsuits have had their limits. In 2002 in the U.S., car accidents killed 45,380 people and injured another 3 million, 838 children under the age of 15 drowned, 474 children died from residential fires, and 130 children died in bicycle accidents.

    Fortunately, local governments haven’t started recouping medical costs or police salaries by suing auto or bicycle companies, pool builders or makers of home heaters.

    All sorts of products, including cars and computers, are also used in the commission of crimes. But again, no one yet seriously proposes that these companies be sued for the losses from these crimes...

    ...Yet suing manufacturers for costs cities incur from gun injuries and deaths is exactly the theory behind government lawsuits by cities against gun makers. George Soros, via the Brady Campaign, has funded most of these suits...


    John Lott: Time to Level Playing Field for Gun Makers
     

    Wednesday, April 27, 2005

    Crazy Al is Slashing Metaphors!



    Click here for AmazonInternet inventor Al Gore launched another entertaining diatribe yesterday. His missives were, of course, directed towards the Republican effort to get simple up-or-down votes on President Bush's judicial nominees. You know, the way the Congress has been operating for only, oh, the last couple of centuries.

    Well, Mr. Gore says that the GOP has a "lust for one-party domination.' Dammit, someone revealed the secret! Who let it out that Rove and company have a lasvicious, carnal desire to crush the Democrats beneath a spiked boot heel? Isn't the point of elections to... win?

    He also noted, in what was likely a nasally and monotonal whine, the GOP's "willingness to do serious damage to our American democracy." Yes, that's exactly what I'd call trying to get the Senate to... vote. After all, voting is tantamount to... yes... crushing... democracy... beneath a spiked boot heel!

    Another Gore-gasm: "This family of 7 judicial fanatics is now being stopped at democracy's gates by 44 Democratic Senators." Yes, they're being stopped at democracy's gate... by a refusal to vote! Yes, dammit, I know it makes no sense, but this is Al Gore we're talking about!

    "They seek nothing less than absolute power." Alright, someone really let the cat out of the bag! How in the heck can the Republicans expect to get away with this dastardly, insidious plot to get seven whole judges a vote? After all, these seven judges represent absolute power! What could the GOP be thinking? It's ridiculous! Outrageous! Preposterous! Thanks goodness the Inventor of the Internet has rescued our Democracy!

    * * *

    If given a choice between trusting my children with Al Gore or trusting my children with Dennis Rodman, I'm thinking I go with Rodman.

    Guardian: Gore Blasts GOP
     

    Was Integrating IE and Windows Explorer a Good Idea?



    Excel-web sharing of spreadsheetsInteresting side-thread -- from, yes, the JOS forum -- related to security.

    (Picture credit BC Designs)

    Out of curiosity, is there anyone who still thinks integrating IE and Windows Explorer was a good idea?
          comp.lang.c refugee
          Tuesday, April 26, 2005

    If mean integrating a HTML rendering library into the OS I'd most definately say yes. Wether that redering library had to share code with that of a full blown state-of-the-art Internet browser , or could be restricted to a simpeler subset, remains open for discussion.
          Just me (Sir to you)
          Wednesday, April 27, 2005

    I'll have to respectfully disagree with Just Me.

    The concept of embedding and intertwining all sorts of interesting technologies may have helped certain (ahem) business development practices at MSFT. But it had the unfortunate side-effect of making a fundamentally sound architecture -- from Office apps to Outlook to the browser -- almost impossible.

    Clean layering would have allowed MSFT's architects and engineers to build these systems upon rock-solid foundations. Instead, security is a nightmare as is troubleshooting embedded objects gone wild... or diagnosing DLL hell... or any one of hundreds of other idiosyncratic Windows issues.

    IMO, the tactical zeal to aggressively pursue markets like the browser hampered the strategic vision of delivering rock-solid solutions.

    But that's just me. I'm old-fashioned like that.
          directorblue Send private email
          Wednesday, April 27, 2005


    JOS Forum: Win2K Security Threat
     

    How eBay Fraudsters Operate



    Excel-web sharing of spreadsheetsDuff on the JOS forums had an interesting description of how eBay fraudsters operate. I can't vouch for its accuracy, but it certainly sounds plausible.
    (Picture credit Filtered Life)

    You're wasting your time. A buddy of mine was ripped off by a laptop scam, and a few of us started looking at the rampant fraud on eBay... we managed to identify about 60 accounts that were being setup to scam people and confirmed 7 of them via auction feedback.

    Response from ebay? Nothing.

    The scam works like this:

    - Create several accounts, buy & sell information and low value crap like recipies, ebooks, etc between these accounts.

    - Leave phoney feedback for your phony auctions. (A++ Super seller! Great Laptop! A++++)

    - Build up a feedback rating of 20 or so.

    - Wait 60-90 days for your bogus auctions to be unviewable by other users

    - Start selling laptops that don't exist.

    - Disappear.

    Does ebay do anything about this?

    Nyet.


    Has eBay been successful catching phishers?
     

    Life without the Associated Press



    Click here for AmazonReading the paper this morning, I was struck with an unusual thought. What would we do without the Associated Press? Well, we'd have to go without gems like this from Hope Yen on a Supreme Court ruling:

    ...The ruling, divided mostly along ideological lines, created a bit of an anomalous result for the conservatives Scalia and Thomas... In their opinion, Scalia and Thomas stuck to their conservative philosophy of interpreting statutes according to their strict, dictionary meaning, rather than delving into a presumed intent of Congress...


    Of course, no mention of liberal Justices and their habit of using subjective, relaxed, interpretative meanings based upon extra-sensory perception or other means of divining what they thought Congress had intended.

    Just conservative Judges who use a cold, strict, dictionary meaning.

    Going without an AP would also mean we'd miss stool samples such as this from Noor Khan:

    Afghan farmers have begun harvesting this year's opium crop, exposing the limits of a U.S.-sponsored crackdown on the world's largest narcotics industry despite claims Tuesday by President Hamid Karzai that drug cultivation was down sharply...


    Of course, recall the fact that Bashir Noorzai -- the Tony Montana of Afghan Opium production -- was arrested just a couple of days ago in New York. Wouldn't it make sense to report upon the impact that his arrest might make on funding the nascent, Afghan insurgency? How it might damage the distribution channels? Or how it might hamper a reconstituted Taliban? Nope. Not if you're the AP.

    The AP has had enough arrows fired at them over the past year or so -- and deservedly so. You'd think they'd have gotten the picture by now... and at least have made a cursory effort to curtail their biased tripe. But they can't seem to help themselves.

    You know, a more liberal reading of the pooper-scooper laws would keep droppings like these out of the newspaper.
     

    Tuesday, April 26, 2005

    Fisking Security Roulette



    Click here for AmazonFor security executives, CSO Online offers articles and opinions on all things security. If a topic relates to physical security, privacy, or information security, CSO Online will probably cover it.

    The April 1, 2005 publication offered an anonymous column by a "real CSO". In short, the author questions the Government's current approach to national security. Ostensibly apolitical, it provides subtle jibes at the administration's spending priorities.

    After reading it, digesting it, and allowing it to percolate, I started having some doubts regarding the author's assertions. Let's fisk it, shall we?

    On any given day, we CSOs come to work facing a multitude of security risks... To guard against these risks, we have a finite budget of resources in the way of time, personnel, money and equipment—poker chips, if you will.

    If we're good gamblers, we put those chips where there is the highest probability of winning a high payout. In other words, we guard against risks that are most likely to occur and that, if they do occur, will cost the company the most money... So lately I've been wondering—as I watch spending on national security continue to skyrocket, with diminishing marginal returns—why we as a nation can't apply this same logic to national security spending. If we did this, the war on terrorism would look a lot different. In fact, it might even be over.


    Diminishing marginal returns? How so? The country's borders are porous and a serious problem, I think most would agree. A nuclear device detonated in New York City would literally pulverize the economy and risk a global thermonuclear exchange. And a single EMP weapon detonated at altitude could literally turn the country's economy off, sending the US back into the nineteenth century.

    So, I suppose we need to understand what "diminishing marginal returns" mean, when stopping a single device from entering the country could literally be the difference between, oh I don't know, the United States and, say, Haiti.

    Let's assume, first of all, that the ultimate goal of security is to prevent the loss of lives. In this risk management approach, then, the first thing to look at is the leading causes of death in the United States. The total number of deaths from all attacks on Sept. 11, 2001, was approximately 2,988, according to the National Center for Health Statistics. The top 10 causes of other deaths in the United States in 2001 were the following.

    1. Heart disease: 700,142
    2. Cancer: 553,768
    3. Stroke: 163,538
    4. Chronic lower respiratory disease: 123,013
    5. Accidents: 101,537
    6. Diabetes: 71,372
    7. Pneumonia/flu: 62,034
    8. Alzheimer's disease: 53,852
    9. Kidney disease: 39,480
    10. Suicide: 30,622

    The 9/11 deaths were classified within a category called assaults/homicides, which was the 13th leading cause of death at 20,308.


    I'm guessing that you picked a convenient criterion out of your... err... hat... but it's the wrong one. The 9/11 attacks were not a major contributor to deaths in the U.S. in 2001. But the attacks were absolutely devastating to the national economy and, indirectly, to the entire global economy.

    $16.9 billion in total lost output for the New York City economy alone. $83 billion in direct and indirect costs, according to the GAO.

    This translates to a serious impact on the livelihoods of tens or hundreds of millions of people... all caused by an attack that killed several thousands of people, but was small potatos compared to the worst-case scenarios.

    Thus, there's little question that the wrong criterion was used.

    The next thing to look at is spending. As I write this article, the president has just released his proposed federal budget for fiscal year 2006. The projected budget for the Department of Defense is $419.3 billion, and the projected budget for the Department of Homeland Security is $34.2 billion. Since 2001, defense spending has risen by more than 40 percent, and the Department of Homeland Security budget has roughly tripled... CSOs know how to best allocate available resources to guard against the most likely threats. We should be vocal about the need to apply that same logic to our nation's security.


    And if you had access to all of the actionable intelligence, much of which I am sure is classified, perhaps you could evaluate that logic. But I'm betting you don't have such access... and therefore you are flying blind. And that's no way to run a security operation.

    ...For example, eight of the top 10 causes of death are health-related. If one classifies suicide as a mental health problem, then nine of the top 10 causes of death are health-related. Could those billions of dollars have saved more lives if they had been spent on health research or on making health care available to a larger percentage of the population?


    Wrong criterion. Wrong... wrong... and wrong.

    Probably. But, you might ask, what about the costs of another successful terrorist attack? Another terrorist attack using say, a nuclear device, could result in hundreds of thousands or maybe even millions of deaths—not to mention having a catastrophic effect on the nation's economy and environment. That's true. But ask yourself this question: Have the billions of dollars spent on additional security since 9/11 made this kind of attack impossible?


    Impossible? Since when does any defensive course of action render something impossible? Never. Nothing is impenetrable. But when the very existence of the United States is at risk, every possible and reasonable avenue must be explored.

    We inspect less than 3 percent of the cargo containers coming into this country. It would be catastrophic if just one of the 97 percent that aren't checked made it through with a nuclear device. Or what about the possibility of a terrorist sailing a vessel with a nuclear device on board into the harbor of New York City, San Francisco or New Orleans, or any other port city? All the money in the U.S. Treasury might not be enough to prevent that from happening.


    And yet, a modest amount of R&D funding might create a sophisticated scanning technology that would make protecting ports feasible. Again, without an understanding of the actionable intelligence and all ongoing programs/countermeasures, you are simply flying blind. And your statements are therefore little more than conjecture.

    In economics, there is something called the law of diminishing marginal returns, which dictates that, at some point, spending additional dollars no longer gains you as much improvement. As a nation, we have certainly reached that point with spending on security.


    And you've reached that conclusion... how? Not a shred of evidence has been presented to make that case.

    ...If you don't want to spend money on those problems, fine. Save it instead. The U.S. Federal budget deficit is at a historic high... The money we spend fighting terrorism could be used to reduce the budget deficit and prevent future economic problems instead...

    ...Former Vermont Sen. George Aiken reportedly gave some now-famous advise to Lyndon Johnson during the Vietnam War. He told him, "Just declare victory and go home." It's time we did the same on terrorism. The sooner we stop spending more and more on security and start applying to other, more serious threats, the better off this country will be.


    Are the government's decisions perfect? Of course not. Are you -- a person almost certainly unfamiliar with the relevant, actionable intelligence -- capable of adjudicating the government's performance? Likewise: no. Not even close.

    The byline shouldn't have read "anonymous". It should have read, "Naive, anonymous, and probably partisan to boot.".

    CSO Online: Security Roulette
     

    Kerry vs. Hillary, part 75



    Click here for AmazonLet's get it on! The accompanying picture reminds me of the old saying, "Keep your friends close... and your enemies closer."

    A fuming John Kerry had "daggers in his eyes" after a fellow Democrat promoted Hillary Rodham Clinton for president — suggesting the 2004 loser is green with envy at a potential rival.

    The flap was touched off two weeks ago when Clinton spoke at a Minneapolis Democratic dinner and Sen. Mark Dayton (D-Minn.) told the cheering crowd that he was introducing "the next great president of the United States."

    Two days later, Kerry came over to Dayton on the Senate floor "with daggers in his eyes and said, 'What are you doing endorsing my 2008 presidential opponent?' . . . He was very serious," Dayton told the Minneapolis Star Tribune...


    NY Post: JEALOUS KERRY FUMES AS DEM BOOSTS HILL
     

    Al Qaqaa: Proof of MSM/DNC Bias



    Click here for AmazonI've been saving this story for a while, because it's so delicious. In March, Jonah Goldberg expertly recalled the shrill rantings of the MSM/DNC (a singular noun) regarding al Qaqaa. You'll recall that al Qaqaa was, for a week prior to the presidential election, the most important story on Earth .

    Al Qaqaa was the monstrous weapons cache that wasn't properly secured after Saddam fell. Or so the stories went. And it was due, one would surmise from these stories, to the ineptitude of (a) President Bush; (b) Donald Rumsfeld; (c) the U.S. Military; or (d) all of the above. Problem was... the story didn't hold water. I haven't seen many references to al Qaqaa since the election. I'm not the only one.

    The New York Times splashed the news on its front page and didn't stop splashing it for a week. In all, the Times ran 16 stories and columns about al-Qaqaa, plus seven anti-Bush letters to the editor on the subject over an eight-day period. Editorial boards across the country hammered the "outrage" for days. It led all the news broadcasts. It became the central talking point of the Kerry campaign, with John Kerry bellowing his indignation at the administration's incompetence at every stump stop. Maureen Dowd wrote a column about it, titled "White House of Horrors." ...

    ...So, anyway, I'd forgotten about all this. Bush won the election despite the al-Qaqaa drumbeat from Kerry and his surrogates in and out of the press.

    But Byron York, my colleague at National Review, didn't forget. He wondered, whatever happened to The Biggest Story on Earth? The answer, it turns out, is nothing. The Times has not run a single story about the al-Qaqaa story since November 1...


    Read the whole thing. And, please, sit down while you're reading it.

    Jonah Goldberg: Remember al-Qaqaa?