Archive for February 20th, 2015
DHS approach to problems: Study, do not solve
Doing a study is easy—nothing really needs to change. Solving a problem involves (horror!) changes.
Jerry Markon reports in the Washington Post:
Afflicted with the lowest morale of any large federal agency, the Department of Homeland Security did what comes naturally to many in government.
It decided to study the problem. And then study it some more.
The first study cost about $1 million. When it was finished, it was put in a drawer. The next one cost less but duplicated the first. It also ended up in a drawer.
So last year, still stumped about why the employees charged with safeguarding Americans are so unhappy, the department commissioned two more studies.
Now, with the nation continuing to face threats to the homeland, some officials who have worked inside the agency acknowledge it should spend less time studying its internal problems and more energy trying to fix them.
“There’s really no excuse for the department expending finite resources on multiple studies, some at the same time, to tell the department pretty much what everyone has concluded: that there are four-to-five things that need to be done for morale,” said Chris Cummiskey, who left DHS in November after serving as its third-highest-ranking official. “You don’t need $2 million worth of studies to figure that out.”
Cummiskey added that DHS Secretary Jeh C. Johnson “understands this and is focused on delivering meaningful results for DHS employees.”
Since taking over the department in late 2013, Johnson has focused onraising morale and stemming high turnover, problems that date to the George W. Bush administration. Many DHS employees have said in the annual government “viewpoint” survey of federal employees that their senior leaders are ineffective; that the department discourages innovation, and that promotions and raises are not based on merit. Others have described in interviews how a stifling bureaucracy and relentless congressional criticism makes DHS an exhausting, even infuriating, place to work. . .
Repetitive stupidity is more or less the rule in bureaucracies and other large organizations. There is palpable resistance to understanding, and any progress in fought fiercely and rolled back at the first opportunity. It’s not just government: you see it in large corporations, church organizations, educational institutions: any place that has an entrenched group in power seems to grow stupidity like toadstools in damp forest group. It’s not merely a lack of understanding, it’s an aggressive effort on behalf of misunderstanding. “Against stupidity the gods themselves contend in vain.”
Here’s a wonderful example: Tomatoes are a fruit. But ignore that. Let’s reject knowledge, because being stupid is better. This is doubtless why the human race is doomed: on the whole, it embraces ignorance and stupidity.
From the DHS story above:
“It was not a very good light to shine on any of us, so we just hid it,” said one DHS employee familiar with the report, who spoke on the condition of anonymity because of fear of retaliation by supervisors.
Two (very) obvious problems: a) if a report has negative findings, report must be hidden (that in itself precludes improvement), and b) if someone speaks up, s/he fears retaliation by superviors (which reveals that there is ZERO interest in making improvements and empowering employees. So nothing will happen, and the department will become, in effect, a cesspool of broken dreams, with promotions given to those who will keep it that way. I’m beginning to think that it’s hopeless.
Belated daily SOTD: Wee Scot, I Coloniali, TV Super Speed, and Creed
Sorry for the belated posting. Miss Molly had to go in to the vet, who removed two teeth. (Maine Coon cats tend to have dental problems. One good thing about British Shorthairs: very few health issues.)
I used my Wee Scot with the really excellent I Coloniali shaving soap (that uses mango oil). It’s a somewhat thirsty soap, but now I know the drill.
With it, I used the Super Speed TV model—sold only through the TV—and a Swedish Gillette blade. I included the contemporary regular Super Speed in front so you can see the difference: no horizontal grooves.
Three passes to perfection, then a good spray into my palm of Creed Aventus, and that slapped onto my face as an aftershave. A great way to start the day for me, but then Molly was off to the dentist.
She’s back home and resting. Antibiotics for a week.
Another reason the Catholic church hides priestly abuse of children: The statute of limitations
If the Catholic church can keep things hidden long enough, the priests who raped children get away scot-free. See this story: Spanish Judge Drops Charges Against 9 Priests in Sexual Abuse Case
The priests are completely guilty, but thanks to the statute of limitations they get away with it. Their victims get no justice, no restitution, and no help: the Catholic church washes its hands of them. In fact, the Catholic church has taken a pretty hard-nosed stance against all the victims, fighting fiercely to avoid or at least minimize settlements. It’s hard to see much remorse or regret on the part of the church, and it certainly does not appear in any actions the church has taken.
Red Cross fights reports by lying like a rug
The American Red Cross has become a dysfunctional organization that has decided that their best defense is to lie. The organization should be avoided until it has undertaken a thorough housecleaning rid itself of the vermin currently in charge. Report here, worth reading, by Justin Elliott and Jesse Eisinger in ProPublica:
The American Red Cross recently sent ProPublica and NPR a request for corrections to our series of stories about the charity’s failures in responding to Hurricane Isaac and Superstorm Sandy, misleading donors about how money is spent, and other issues. We stand by our reporting and have found no instances of errors. We have responded in detail below, noting where the Red Cross’ assertions are misleading or incorrect.
The organization’s request for corrections came shortly after we sent questions related to our ongoing reporting, specifically about the Red Cross’ response to the 2010 Haiti earthquake.
Our stories have been scrupulously fair to the Red Cross. The Red Cross had an opportunity to respond to every fact, detail, and allegation from our reporting before every story. Before the stories ran, we sent the Red Cross extensive and detailed questions, documents and had in-person interviews with officials. We took the charity’s responses seriously and modified our stories based on the Red Cross’ responses.
Our core conclusions about the Red Cross’ response to Sandy and Isaac were drawn from the charity’s own high-level internal assessments. We posted those documents.
We also interviewed dozens of Red Cross officials and volunteers, storm victims, and government officials.
Below, we have summarized the charity’s complaints about our coverage, followed by our responses. (Here are the Red Cross’ criticisms in full.)
1. Emergency response vehicles diverted for PR purposes
Red Cross complaint (pg. 1):
The charity takes issue with our reporting that executives diverted vehicles for public relations purposes. In particular, the Red Cross asserts that NPR’s version of the story erroneously refers to multiple “incidents” where 40 percent of available emergency response vehicles were used for press conferences. The Red Cross also says our reporting relied on a “lone source.” It both denies that any emergency vehicles were diverted away from providing relief and says that the 40 percent figure is wrong.
Our response:
The Red Cross’ claim that we referred to multiple “incidents” where 40 percent of vehicles were diverted is based on its use of a misleading, truncated quotation.
NPR’s transcript makes clear the word “incidents” refers to a variety of episodes, not just the diversion of trucks:
Our reporting found incidents where the charity sent as many as 40 percent of its emergency vehicles to press conferences instead of into the field, where it failed to show up as promised to open shelters, allowed sex offenders to hang out in a shelter’s play area.
As for the Red Cross’ claim that our account was based on a single source, that is false.
The account of the Red Cross’ use of its vehicles for public relations purposes was based on interviews with multiple Red Cross officials and volunteers, including two current Red Cross senior managers. Their accounts were bolstered by internal documents and twocontemporaneous emails, one to senior Red Cross officials at the time and another a month later to Red Cross disaster volunteers.
After our story published, we were contacted by a Red Cross driver who received orders to stop delivering goods to storm victims and instead show up at the press conference cited in the story with Red Cross President Gail McGovern.
“The press conference did keep us from being able to provide any meaningful response that day,” the driver told us.
Another Red Cross official at the event told us, “The only purpose for sending the ERVs there was to show a large presence. The vehicles were told where to park, which was behind where the podium was set up,” the official said. “They were not providing services there.”
All of those first-hand accounts are in line with the Red Cross’ own Lessons Learned PowerPoint presentation, produced out of national headquarters in Washington, whichlists “diverting assets for public relations purposes” as a “hindrance to service delivery.”
As for the Red Cross’ claim that even if vehicles were diverted, it wasn’t 40 percent of them: In supporting its point, the group cites a “disaster log” showing a count of emergency response vehicles assigned during Sandy in New York state overall. It is not a log of the vehicles available in the relevant area, New York City. We asked Red Cross officials for that information before publication and they have declined to provide it.
2. Hurricane Isaac volunteers sent where they weren’t needed . . .
Muck Reads this week
Amanda Zamora and Terry Parris Jr. report at ProPublica with links to Muck Reads. The first few:
“Illegal … immoral … ineffective … unconstitutional.” That is how the deputy commander of a now-defunct Guantanamo task force described the interrogation tactics of Richard Zuley, a Navy reserve lieutenant who was known for extracting intelligence from his subjects through prolonged shackling, threats against family members and sleep depravation. The Guardian traced some of Zuley’s methods at Gitmo to the police precincts of Chicago, where his detective work helped put at least one innocent man in prison and has generated serious allegations of abuse. Zuley declined to comment. — The Guardian via @attackerman @guardianus [This one is amazing, and reflects the sorry state of American police departments. – LG]
It’s called popcorn lung. Diacetyl — used to flavor items like candy, coffee, chips and increasingly popular e-cigarettes — has been linked to hundreds of injuries and at least five deaths among workers in popcorn factories and flavoring companies over the last 15 years. When inhaled in large, concentrated amounts, it can obliterate your lungs, experts say. Researchers and regulators have known about the harmful affects of the chemical for years, but the National Institute of Occupational Health and Safety has issued nothing more than an advisory bulletin to manufacturers on how to reduce exposure. And while most studies focus on the nicotine risks of e-cigarettes, one study found nearly 70% of flavored “smoke juice” contained diacetyl. “These are avoidable risks,” said one researcher. — The Milwaukee Journal Sentinel via @john_diedrich
Surprise? “Consumer protection rules rarely apply to government debts.”Government agencies are outsourcing debt collection to private firms for things like unpaid taxes, parking tickets and traffic tolls. Although these are government debts, consumer protection laws usually don’t bind the private firms collecting against them. One of those firms is Linebarger Goggan Blair & Sampson, which “has gone so far as to argue it has immunity because it is an extension of the government,” CNN Money reports. These firms have “the power to threaten debtors with the suspension of their driver’s license, garnishment of their wages, foreclosure and arrest to get them to pay up.” They are also able to charge debtors directly, while consumer creditors collect fees from the debt itself. — CNN Money via @MarkObbie
The ‘Watchtower’ will decide which abusers are predators. Internal documents portray a religious hierarchy more concerned with protecting its members from criminal prosecution than from sexual abuse. The Watchtower Bible and Tract Society of New York, which governs Jehovah’s Witnesses around the world, has repeatedly instructed church elders to handle allegations of sexual abuse against children in secret, and to “avoid unnecessary entanglement with secular authorities who may be conducting a criminal investigation.” In a written statement, church officials told Reveal they “continue to educate parents and provide them with valuable tools to help them educate and protect their children.” — Reveal via @Rachael_Bale . . .
And there are more. Click the link.
The NSA’s Undetectable Hard Drive Hack Was First Demonstrated a Year Ago
Jason Koebler reports at Motherboard:
News broke earlier this week about the NSA’s “most sophisticated” malware yet: An undetectable backdoor that can filter information to and from a hard drive, using the underlying framework of the drive itself. It surprised a lot of people, sure, but maybe it shouldn’t have. A group of ordinary security researchers warned this was possible, and in fact installed hard drive backdoors themselves, nearly a year ago.
The paper ” Implementation and Implications of a Stealth Hard-Drive Backdoor,” published in March 2014 by a team of eight researchers from Eurecom in France, IBM Research in Zurich, and UCSD and Northeastern University in the US, reads almostexactly like security firm Kaspersky’s expose on the NSA malware. The full paper is absolutely worth your read if you’ve been fascinated by Kaspersky’s revelations.
The malware, developed by Travis Goodspeed and his colleagues (Goodspeed has spoken the most publicly about the exploit), can be installed remotely by people who have no physical access to it. In fact, the paper asserts that such an attack “is not limited to the area of government cyber warfare; rather, it is well within the reach of moderately funded criminals, botnet herders, and academic researchers.”
To install it remotely, a hacker would need to infect the operating system of the user’s computer with run-of-the-mill malware, alter the hard drive’s firmware, and then delete the original, operating system-side virus. From then on, the hacker would have complete access to everything on the person’s hard disk, the exploit would be almost completely undetectable, and it would persist until the hard drive was physically destroyed.
The exploit could also be installed by someone who had physical access to the drive.
“Once you have firmware control of a disk, you can also have it commit suicide or overwrite itself,” he explained at the 0x07 Sec-T Conference last year. “You can also have it act as a backdoor.”
That, apparently, is what the NSA was doing with its exploit. Though we just discovered the NSA was actually doing this, it seems likely that the program was going on for a while, perhaps a decade or more.
The team explains in its paper that a “catastrophic loss of security occurs when hard disks are not trustworthy.” Information can be funneled remotely from the disk and new information can be written to the disk, using remote commands sent to the exploit. An infected hard drive loses less than 1 percent of its read and write speed, so it’s essentially undetectable from a performance perspective. . .
Later On 
