You Can't Hack a Steakhouse

What China doesn't get about how Washington works.

Last week, we learned that the Chinese government had hacked into the computers of some of Washington's most prominent organizations -- law firms, think tanks, news outlets, human rights groups, congressional offices, embassies, and federal agencies -- not to steal intellectual property or unearth state secrets, but rather to find out how things get done in the nation's capital. According to the Washington Post, hackers were "searching for the unseen forces that might explain how the administration approaches an issue … with many Chinese officials presuming that reports by think tanks or news organizations are secretly the work of government officials -- much as they would be in Beijing." In other words, it appears that Chinese hackers have a lot of time on their hands and don't know much about Washington. There are probably instances where a massive database and a fancy algorithm can tell you what you need to know about a place, but D.C. isn't one of them.

"They're trying to make connections between prominent people who work at think tanks, prominent donors that they've heard of and how the government makes decisions," the Post reported one informed expert as saying. "It's a sophisticated intelligence-gathering effort at trying to make human-network linkages of people in power, whether they be in Congress or the executive branch." Well, it's possible to use espionage to learn the inside thinking at one of Washington's prestigious think tanks. Or you could just attend any of the dozens of daily seminars, issue briefings, and the like in town, raise your hand, and get a direct answer to almost any question. You might even get a free bagel and a cup of coffee.

In Washington, you don't need a satellite to find out who is raising money for whom. Just look at the co-host list of an invitation to any fundraiser. And if the Chinese really want to get a look at where the power decisions get made, send an undercover eater to see who's dining with whom at the Four Seasons for breakfast, Tosca for lunch, and the Palm or Oceanaire for dinner. And here's a secret in Washington the Chinese haven't hacked into yet: Actual decision-makers will meet with the actual experts and affected parties in order to make as informed a decision as possible. Shhhh. Don't tell the Chinese.

Right now, it's a good bet that the Chinese hackers are sifting through millions of emails in which tons of people are saying sensible things, making all sorts of predictions, and maybe even revealing what they think about how and why a particular decision was made. But often the talk isn't connected to any particular decision -- and it isn't always well-informed. Washington is a cacophonic symphony of gigantic plans, dueling facts, eager ideals, and petty pursuits. To understand it, you have to be able to hear it all at the same time and also understand that the music never stops. Beijing will blow a circuit board trying to make sense of all this.

Maybe the Chinese don't understand that a literal transcript of what is said in Washington does not tell the real story. It never has. It never will. People are always saying something here. All we do is talk. At any given time you can find someone saying anything you want to hear -- on any given side of any issue -- from missile defense to agricultural policy. That doesn't happen in Beijing. And that's part of the reason it's so easy to be busy and yet so hard to be productive in D.C. It takes time to know who is relevant to a decision, to understand that person's history and how he or she approaches an issue. That's extremely important and not always easy to figure out.

Our decades of experience tell us that it's the nuance and fragments of information that form the mosaic of Washington politics and power. Reading what a single perceptive reporter overhears when strolling through the Speaker's Lobby during the last vote in the House of Representatives on a Thursday afternoon can be every bit as useful as what a hundred reporters write after a briefing by Jay Carney at the White House. Often it's better to have a short sidebar conversation during a chance encounter at a dinner or cocktails with a 20- or 30-something staffer on a key congressional committee than a courtesy meeting with a member of Congress or a cabinet secretary.

Finding the right people is important. But more and more, Washington has become a place that rewards what you know rather than whom you know. Sure, friendships and political affiliations make introductions easier and some meetings friendlier, but really hearing what was said and accomplishing something afterward requires real work and a lot of relevant, persuasively presented information. And though Washington always gets a bad rap, the people who make decisions that matter really do take their independence, transparency, and integrity seriously. While inside deals and doing favors are the commonplace caricature, they don't represent how Washington really works today.

The Chinese apparently spent gigantic amounts of resources plumbing the depths of computer systems inside the Beltway. Maybe that's because the mindset in Beijing is much more about top-down governance. But a lot of what moves the federal government originates in state capitals, places like Sacramento and Raleigh. The discerning Washington insider listens closely to what's said outside the Beltway to find out what's likely to happen next in D.C.

The Chinese government's worst mistake was to imagine that it could find out anything worth knowing by reading things that were written down, electronically or otherwise. If anyone were writing down anything useful in the first place, WikiLeaks stopped all that. The fact is, you don't have to spy -- you can just ask. You don't need to peep through the keyhole to follow the political maneuvering in Washington; just walk in to any good steakhouse and look around.

Hotel du Vin & Bistro/Flickr

National Security

You Can Leave Your Shoes On

Why sequester could make air travel a whole lot better.

Sequestration is coming...maybe. The $85 billion in spending cuts that were designed to force Congress to the bargaining table will go into effect March 1, and Washington is warning it could make your airport experience even more miserable than usual. Transportation Secretary Ray LaHood has said sequestration could cause delays because fewer air traffic controllers means fewer flights. And Homeland Security Secretary Janet Napolitano told Congress that spending cuts could lead to longer security lines at airports, as the Transportation Security Administration deploys fewer officers.

But, to be blunt, the length and speed of security lines at airports are a function of the TSA's inefficient security methodology, not its budget and staff. Reduced federal funds will magnify this inefficiency, but to claim longer lines are purely a result of budget cuts is a cop-out. Sequestration is actually an opportunity for the TSA to abandon its insistence on screening all airline passengers, which demands extraordinary resources and manpower, and instead adopt a more efficient and effective approach. If it does, budget cuts might be the best thing that ever happened to airport screening.

For years, the TSA has attempted to detect every single threat to the U.S. transportation system. In aviation, this has meant scanning every bag, every piece of cargo, and every man, woman, and child that comes through an airport. This 100 percent methodology is deceptively simple, and it gives the false impression that if everything on an airplane has been scanned, then there is no threat. But it is flawed. Detecting and stopping every threatening item and person is not possible. Eventually, there will be another "failure of imagination," a black swan that undercuts the misperception that U.S. transportation is completely secure.

Some degree of risk is unavoidable, and spending tax dollars with abandon chasing after the unobtainable is a waste. Worse, in trying to stop every potential danger, low priorities receive an inordinate amount of attention. For example, in April 2005, the TSA started confiscating cigarette lighters because they could be used to ignite a bomb. This meant ferreting out about 22,000 lighters a day (which cost $4 million annually to destroy). In having transportation security officers focus their attention on lighters, they potentially missed other threatening items -- such as the very bomb components the lighter supposedly could ignite. This is precisely why TSA Administrator Kip Hawley removed the lighter ban in 2007.

Other aspects of TSA's airport passenger screening follow the same methodology that banned lighters. Advanced Imaging Technology (AIT) machines (aka full-body scanners) are at best a deterrent, and at worst, a waste of money. Of the full-body scanners in use across the United States, exactly none of them could have detected the explosives hidden in Umar Farouk Abdulmutallab's underwear during his attempted 2009 attack. Nor can these machines detect explosives hidden inside the body, either in a cavity or surgically implanted. This is a tactic al Qaeda terrorists have already used in attacks in other countries, most notably in the 2009 attempted assassination of Saudi Prince Muhammad bin Nayif.

The 100 percent methodology was also behind the controversial full-body pat downs levied against every passenger who refused to pass through or who triggered an AIT machine. This suggests a 3-year-old child, a terminally ill cancer patient, and a grandmother in her 90s all present the same level of threat as a Yemeni national visiting the United States with a one-way plane ticket. This is, of course, absurd.

When it comes to passenger screening, the TSA has answered the aviation threat with manpower and dollars, but not much common sense. However, times are changing, albeit slowly. This is where sequestration can help.

In recent years, the TSA (and the Department of Homeland Security writ large) has begun shifting to a risk-based security methodology. This is a far more efficient and effective approach to securing people and cargo because it recognizes that there are variations in the threat level. The TSA has already begun implementing risk-based screening in cargo security, and the agency is also starting to amend passenger screening policies.

Last year, the TSA announced that children under 12 and passengers 75 and older could wear their shoes and light jackets during screening and could pass through an AIT machine one extra time if their first pass detected "an anomaly." The agency's website proudly declares that these adjustments are "part of TSA's overarching risk-based security methodology."

It's a good start, but more changes are needed. At its best, risk-based screening would draw on a range of intelligence -- like behavioral analysis, origin and destination points, nationality, and other passenger data -- in addition to body scanning and physical inspection. It would allow the TSA to focus most of its resources on the most likely threats. This would be a more efficient, expedient, and effective way of determining who among the million-plus people flying in the United States every day could put lives in jeopardy.

Risk-based screening, however, can be a tough pill for some to swallow. Scanning every passenger has a lot of political value, as it shows that elected officials and government agencies are tough on terrorism, doing whatever they can to protect the public. The 100 percent methodology is easy to sell because it gives the impression that U.S. aviation security is impenetrable, even though it is not.

Given this, shifting to this smarter, more cost-effective screening methodology cannot happen overnight. The TSA is slowly wading into the risk-based waters, but with sequestration looming, this is the perfect opportunity for the TSA to explain and implement the risk-based methodology across the board. Short on resources, asked to do more with less, the TSA will be able to make the case that the 100 percent security methodology is untenable in the current economy. Fortunately, however, a risk-based methodology will allow the agency to maintain or even elevate the level of security it provides.

The TSA could draw down its use of AIT machines and reduce the resources needed to maintain them. For every full-body scanner, the TSA requires a team of officers. Most concourses have several machines and most airports have several concourses. That costs a significant amount in salaries and technology acquisitions just to watch an irritated public (virtually all of which is benign) shuffle through million-dollar machines. Fewer officers mean fewer salaries paid with limited tax dollars.

But the TSA need not hand pink slips to most airport screening officers. Some are essential, and following the risk-based methodology, the agency might also retrain and move select staff to the front lines as behavioral detection officers or even beyond airport grounds in conspicuous and proactive Visible Intermodal Prevention and Response units. These are things the TSA already does, and in the face of a lower budget but a consistent threat, it needs to do more of them.

The TSA's mandate is clear: Protect the public. A smaller budget is no excuse for reduced security or reduced throughput. The TSA has the means and the methodology to make airport screening faster, cheaper, and more effective, and it should take this opportunity to put the pedal down on risk-based screening. Even though sequestration is a monster invented by Congress, if airport security lines grow longer after March 1, the blame can be laid fully at the TSA's feet.

Natalie Behring/Getty Images