Stewart Baker

Stewart Baker

Stewart A. Baker was the first assistant secretary for policy at the Department of Homeland Security from 2005 to 2009. He now practices law at Steptoe & Johnson in Washington, D.C., and is a visiting fellow at the Hoover Institution. His law practice covers homeland security, international trade, cybersecurity, data protection, and foreign investment regulation. Baker has also served as general counsel of the Robb-Silberman Commission investigating intelligence failures before the Iraq war (2004–5), as general counsel of the National Security Agency (1992–94), and as deputy general counsel of the Education Department (1979–81). He clerked for Justice John Paul Stevens on the Supreme Court and Judge Frank M. Coffin on the First Circuit Court.

REAL ID-Back from the Dead?

I testified a few days ago at a House Judiciary subcommittee hearing on REAL ID implementation.  I expected to have harsh things to say about the way REAL ID has been handled by the National Governors Association and the Obama administration. And there was certainly plenty to criticize.  But what surprised me after a few years away from the issue is how much progress has been made, almost reluctantly, by all parties.  Much more secure identification is now within reach, though politics may delay the final steps much too long.  Here’s some of what I told the subcommittee:

Unfortunately, not everyone agrees with the need for better drivers’ license security. Opposition to REAL ID unites the nations’ governors and the ACLU. As a candidate, President Obama campaigned against REAL ID. And as a governor, Secretary Napolitano did the same. So it was no surprise that the Obama administration supported repeal of REAL ID and adoption of a softer approach, called PASS ID. Expecting PASS ID to be adopted, the administration soft-pedaled the states’ obligations under REAL ID.

Continue reading Stewart Baker…

The Senate’s big cybersecurity bill has finally surfaced officially, and the hearing will be tomorrow at 2:30 DC time in front of the Homeland Security and Government Affairs Committee.  After Sen. Rockefeller and Sec. Napolitano, I’ll be part of a panel that includes Gov. Tom Ridge, Scott Charney of Microsoft, and Jim Lewis of the Center for Strategic and International Studies.

Here’s my prepared testimony.

Mr. Chairman, Ranking Member Collins, members of the committee, it is an honor to testify before you on such a vitally important topic. I have been concerned with cybersecurity for two decades, both in my private practice and in my public service career, as general counsel to the National Security Agency and, later, to the Robb-Silberman commission that assessed U.S. intelligence capabilities on weapons of mass destruction, and, more recently, as assistant secretary for policy at the Department of Homeland Security. In those two decades, security holes in computer networks have evolved from occasionally interesting intelligence opportunities into a full-fledged counterintelligence crisis. Today, network insecurity is not just an intelligence concern. It could easily cause the United States to lose its next serious military confrontation.

Moore’s Outlaws: The Exponential Growth of the Cybersecurity Threat

Our vulnerabilities, and their consequences, are growing at an exponential rate. We’ve all heard of Moore’s Law. What we face today, though, are Moore’s outlaws: criminals and spies whose ability to penetrate networks and to cause damage is increasing exponentially thanks to the growing complexity, vulnerability, and ubiquity of insecure networks. If we don’t do something, and soon, we will suffer network failures that dramatically change our lives and futures, both as individuals and as a nation.

It doesn’t take a high security clearance or great technical expertise to understand this threat. It follows from two or three simple facts.

Continue reading Stewart Baker…

Is GOP a SOPA “Nope” Hope?

Here’s a revised version of an op-ed I published on the potential importance of the SOPA fight.  The original appeared in Hollywood Reporter (caution: paywall).

What went wrong for SOPA, the entertainment industry’s proposal for stopping international piracy? And what does it mean for Hollywood’s future clout in Washington?

I had a ringside seat for the battle over SOPA, though not as a supporter.  I thought it would make Internet users more vulnerable to cybercrime. That was a problem that could have been fixed.  Instead, after a brief halt and some modest changes, the entertainment industry decided to press for a showdown.

And a showdown, of course, is what it got.

Why did it turn out so badly? The entertainment industry’s first mistake, then and now, is believing that its adversary is a group of other companies — Google, Internet service providers, and others — who are somehow hoping to profit from the Internet travails of the entertainment industry.

In fact, the industry is fighting what amounts to a new popular culture.

Unlike the old pop culture, this one is largely independent of the music, movie, and broadcast industries. In fact, people who spend hours on line instead of watching TV or going to movies will probably encounter the entertainment industry only when Youtube videos of their kids dancing to Prince or spoofing Star Wars are pulled down by Hollywood’s bots, or when the RIAA threatens to sue them for their college savings, or when digital rights software makes it hard to move their stuff to a new tablet or phone.

To the entertainment industry these episodes may seem like collateral damage in the fight to stop piracy.  To the new pop culture, though, collateral damage and misuse of enforcement tools is everywhere, and it threatens everyone.  The content industry has made itself into the villain. Increasingly it looks like an occupying power; obeyed at gunpoint, despised for its hamhanded excesses, and resisted from every dark corner.  Unfortunately for the entertainment industry, as its customers migrate to the Internet, it loses not just their money but their hearts and minds as well.

Continue reading Stewart Baker…

(photo credit: practicalowl)

Matt Drudge and The Atlantic are hyperventilating, and Mark Hosenball of Reuters is bragging, about a Reuters“exclusive” report that DHS “routinely monitors dozens of popular websites, including Facebook, Twitter, Hulu, WikiLeaks and news and gossip sites including the Huffington Post and Drudge Report.”

There are just two problems with this exclusive news report. It isn’t news and it isn’t exclusive.

Readers of this blog could have learned exactly the same thing in one of my posts from, uh, February of 2010.

Continue reading Stewart Baker…

I recently read Popular Mechanics’ riveting article reconstructing the last minutes Air France 447, which in 2009 disappeared without explanation over the Atlantic between Rio and Paris. Using the cockpit transcript, the article reveals that the pilots essentially flew a fully functioning passenger jet into the sea. Why?  It appears that a temporary loss of flight speed data and then the disconnection of autopilot systems panicked a copilot into lifting the nose of the plane.  He then more or less kept the stick pulled all the way back as the plane lost forward speed and plunged into the ocean, paying no attention to dozens of blared stall warnings. Here’s a bit of the transcript and Popular Mechanics’ commentary:

Continue reading Stewart Baker…

(photo credit: Arnoldo Riker)

SOPA-rope-a-dopa

Critics of the Stop Online Piracy Act (H.R. 3261) have had an impact.  A manager’s amendment has been offered by Lamar Smith, R-TX, the Judiciary Committee chairman.  I was critical of the first version.  Here’s my take on the new version.

This version contains several provisions aimed at the security concerns raised about the first version.  The new bill insists that it is imposing no technology mandate and that it should not be construed to impair the security of the domain name system or the network of an ISP that receives an order. And it whittles away at the original requirement that ISPs must “block and redirect” visitors to pirate sites. Now, the ISPs are only obliged to block those efforts, not to redirect the subscribers to an alternative site that warns against piracy. ISPs also get a safe harbor that allows them some assurance that they don’t have to redesign their networks to carry out the blocking.

Continue reading Stewart Baker…

On Privacy

The Wall Street Journal recently published a round-robin dialogue on privacy featuring Jeff Jarvis, danah boyd, Chris Soghoian, and me. Our vibrant discussion was quite heavily compressed for publication, so two of the other participants have now published their contributions in full.  Jeff Jarvis’s is here, and danah boyd’s is here. Publishing the full version on the web seems like good practice generally, so I’m following suit, with a few edits to avoid cross-referencing material that hasn’t been put on the web.  The Wall Street Journal’s questions are in bold italics.

How much should people care about privacy?

That’s like asking how much they should care about the weather. Some, for sure. If we don’t, we’re liable to end up deeply uncomfortable from time to time.

But let’s not kid ourselves. Privacy is like the weather in another way, too. For all the complaining, no one is going to do much about it.

They can’t. The price of storing and analyzing data is dropping exponentially; and keeping that data hidden is a hopeless task.

So, in the end, we will adjust.  Privacy is the most adaptable of rights.

Sometimes our sense of what is private shrinks. The man who invented the right to privacy, Louis Brandeis, was appalled that ordinary newsmen could snap his picture and print it in the paper without so much as a by-your-leave.  And most of us can sympathize, if we remember the shock of seeing ourselves in a photo, looking quite different than we imagined.  But no one today thinks that photography is a privacy violation. We’ve adjusted to the new technology.

Continue reading Stewart Baker…

Adele Tops the Supremes

Why is there so much bad privacy law, and so many privacy victims? Here’s my theory.  Privacy advocates exploit that first uncomfortable moment when we realize that technology is changing our world, offering a Luddite illusion that law can prevent uncomfortable change.  The result is laws and court rulings on privacy that quickly become quaint.

It’s not hard to find support for that view if you compare United States v. Jones, the GPS 4th Amendment case, with an article in today’s Washington Post about the rapid spread of license plate readers:

When stored over time, the collected data can be used instantaneously or can help with complex analysis, such as whether a car appears to have been followed by another car or if cars are traveling in a convoy. Police also have begun using them as a tool to prevent crime. By positioning them in nightclub parking lots, for example, police can collect information about who is there. If members of rival gangs appear at a club, police can send patrol cars there to squelch any flare-ups before they turn violent. After a crime, police can gather a list of potential witnesses in seconds. … Arlington police cars equipped with the readers regularly drive through the parking garage at the Pentagon City mall looking for stolen cars, checking hundreds of them in a matter of minutes as they cruise up and down the aisles.

At the same time that license plate readers are spreading across the landscape, companies like Google and Apple are investing heavily in location-based services for smartphones. As a result, we’re rapidly losing any expectation that our location is private.

Continue reading Stewart Baker…

Once again, Congress is being asked to make bad rules that will hurt network security, but this time the blame doesn’t fall on the privacy lobby.  This time the booby prize goes to the intellectual property lobby.

Below is an op-ed I wrote for Politico this week on the security consequences of the copyright enforcement bills now on the Hill — PROTECT IP and the Stop Online Piracy Act.  As it happens, the House Judiciary Committee held a hearing on the proposal on Wednesday, when the op-ed appeared, and some of the questioning turned on my op-ed.  Indeed, I gather that it contributed to an unexpectedly ragged performance from Hollywood’s normally smooth witnesses.

Continue reading Stewart Baker…