Read an Excerpt

Skating on Stilts

Why We Aren't Stopping Tomorrow's Terrorism

Hoover Institution Press

Skating on Stilts

In a way, all truly popular technologies resemble the bicycle. A bicycle is an implausible thing. To see how implausible, take it out in the street and stand it up. Now let go.

It falls over.

Stand it up in the street and put a man on it; it falls over faster, and he's likely to skin his knee. The thing is utterly unstable.

So who would imagine that the way to solve the instability is to put a man on it and roll the bicycle down a long hill?

Nobody. It defies common sense that something so unstable could become more stable when it's moving. Perhaps that's why nobody imagined the bicycle, at least not for a couple of thousand years after it became perfectly possible to build one.

It took a lot to make the bicycle imaginable. In 1815, the Battle of Waterloo brought an end to nearly twenty years of European war. At the same time, the largest volcanic explosion in recorded history occurred, at Mount Tambora in what is now Indonesia.

The next year, summer never came. Snow fell in every month. Crops failed. Without the crops, pack animals died.

Everyone in Europe cast a wary eye on St. Helena, where Napoleon was imprisoned, and wondered how they'd fight a war without pack animals.

The following year, in 1817, a German official named Karl von Drais showed them how. He invented the bicycle. He demonstrated that soldiers could carry heavy weights quickly over long distances by riding and pushing a crude bicycle. His model weighed nearly fifty pounds, was built of wood and had no pedals. But once he showed that it worked, others improved the design until by the turn of the century the bicycle as we know it was everywhere.

The Romans — perhaps even Alexander the Great — could have built a bicycle like Karl von Drais's, something with crude bearings and no pedals.

They didn't, though. Why not? Here's my theory: The whole idea was simply implausible. Who could imagine traveling at high speeds on a vehicle that can't even stand upright by itself?

But moving forward is the key to the bicycle's stability. A bike moving at one mile per hour is a lot more stable than a bike at rest, and at five miles per hour it's more stable still. At even higher speeds, the bike can adjust faster and roll over obstacles that will bring it to a dead stop at lower speeds.

Go faster and feel safer. We all remember discovering this amazing rule as kids. If 5 mph is good, 10 should be better. And it is! We remember how it ends, too. Fifteen mph is better still. And twenty. Everything is better on a bike when you go faster. Until, quite surprisingly, it's not.

That's when you discover that falling off a bike at 30 mph means something a lot worse than a skinned knee.

And suddenly the Romans don't look quite so dumb.

Lots of technology is like the bicycle. It seems implausible at first. As Arthur C. Clarke once said, "Any sufficiently advanced technology is indistinguishable from magic."

Once we relax and learn to trust it, it really does give us new, nearly magical powers. It gets better and better, faster and faster.

Then it starts finding new ways to kill us.

In a way, that's what happened on September 11, 2001.

Technology — cheap commercial jet travel — made the attacks possible. In fact, it made attacks like September 11 more or less inevitable.

It may be hard to remember now, but air travel was once seen as the great technological achievement of the twentieth century. Futurists marveled at how it would change our world.

In 1907, as heavier-than-air flight was just becoming a reality, Alexander Graham Bell declared that it would not be long until "a man can take dinner in New York and breakfast the next morning in Liverpool."

By the 1920s and 1930s, airplanes and air travel were to young men what computers became in the 1970s and 1980s — a way to revolutionize society, make a better world, and find a fortune. After World War II, the youngsters of the twenties and thirties set about building their dreams, and they succeeded.

As late as 1958, European flights were still a special event. That year, Life magazine ran a feature story "Off for Paris in Jet Time," describing a Pan American flight from Idlewild (not yet Kennedy) Airport in New York. Actress Greer Garson was in "deluxe" class, along with forty other passengers paying $909 for their round-trip tickets. Another seventy-one economy passengers, attired mostly in suit and tie, or dresses, also made the trip.

Fifty years after Bell envisioned transatlantic travel, it was still remarkable enough to deserve a gushing feature in the preeminent magazine of the era.

That ended in 1959, when Boeing introduced its 707. The new jet cut flying time between New York and London from twelve hours to six. In an instant, international air travel went from luxury to commonplace. By 1965, 95 percent of transatlantic travelers were crossing in the fast jets of Pan Am and European airlines such as British Overseas Air.

In the seventies, Boeing introduced the jumbo jet. By then, jet travel had lost any resemblance to magic and had acquired an unfortunately close resemblance to, well, bus travel. Yet jet tourism kept growing. In 1950, air travelers flew about 28 billion kilometers. By 2000, that number had grown to three trillion.

In those years, international air travel had roughly doubled every five years. That's fifty years of exponential growth.

Any technology that grows so fast is going to have some unexpected effects. As it grew, jet travel brought a slow revolution to the border.

The U.S. border agencies now at the heart of the Department of Homeland Security were confronted with exponentially increasing international travel. As they watched, a rising tide of travelers slowly overwhelmed their 1950-era security measures.

Border checkpoints and searches, travel visas and printed passports — these things had changed little since the nineteenth century. Some were even older; written safe conduct passes for travelers go back to 1414 in England and the oldest, existing passport was issued in 1641 by King Charles I. Even the name "passport" reveals its antiquity. Passports were used to pass through the gate (the porte) in a medieval city wall. By the 1980s, though, the walls were down and the gate was open.

Border controls that depended on a serious inspection of individuals, their passports and their luggage, simply could not keep up. Security officials could not spend much time with each traveler. The lines at the border were getting too long.

By the 1980s, governments had begun to vie with each other to dismantle these border security measures. U.S. Customs abandoned individual inspection of travelers, allowing those with nothing to declare simply to stroll through the Green Lane. The United States also adopted the Visa Waiver Program (VWP). That program abolished our single most important restraint on foreign visitors entering the United States — the visa.

Visas are travel permits. Issued by a country's embassy or consulate abroad, they authorize the visa holder to travel to that country. The process of issuing a visa can be quite simple or quite elaborate, but it typically requires at a minimum that the applicant go to the embassy of the country he wants to visit to provide whatever information the consular official requires.

As a control mechanism, the visa is highly flexible. To discourage illegal economic migration, nations may grant very few visas in poor countries — and those only to the well-to-do. They may also deny visas to potential troublemakers, criminals, or terrorists. They may insist that the local government vouch for the visa applicant. They may require that applicants fill out detailed forms, or provide fingerprints, to help in the clearance process.

These control mechanisms worked pretty well in the first half of the 20th century. But a flood of commercial jet travelers turned visas into costly barriers to casual travel — barriers that soon began to fall.

In 1988, the United States stopped requiring visas for nationals of Japan and the United Kingdom, and these governments did the same for Americans. The United States was certainly not alone. If anything, other countries moved further and faster. In 1985, for example, most members of the European Union began simply abolishing controls at their borders with other member states. In countries like Belgium, border inspectors were deployed only at international airports. Everywhere else, travelers were free to enter and leave the country without a glance from officialdom.

By the end of the 1980s, even the world's most notorious border barrier had fallen. The fortified iron curtain cutting Eastern Europe off from the West was broken — by governments and by crowds of citizens from East and West.

Soon, the retreat from border control measures became a rout. Thirteen years after admitting two countries to the VWP, we had opened our doors to two dozen. By 2001, half of all the foreign visitors to the United States — a million a month or more — were coming without visas. No American official laid eyes on these travelers, or even knew they were coming, right up to the moment they reached the immigration booth at LAX or JFK.

Even when visas were required, they were streamlined to eliminate the hassles, as well as the safeguards. In Saudi Arabia, for example, the U.S. State Department launched the Visa Express program in June 2001. The program allowed applicants to obtain a visa by submitting a two-page application to their Saudi travel agency instead of going to a U.S. consulate to provide visa information.

Commercial jet technology had triumphed. It had made mass international travel possible, empowering millions. And almost without noticing it, these millions of empowered travelers were eroding a system of border security that had existed for decades.

Border officials noticed, of course, but they could not resist the onslaught. If they insisted on the old controls, tourism and foreign investment would lag behind the rest of the world. As they saw it, they had only one choice: surrender the old control system or watch their country stagnate.

So they surrendered.

We all know what happened next.

Four years after the 9/11 attacks, I joined the Department of Homeland Security. Secretary Michael Chertoff asked me to create and run a policy office that would let DHS lift its head above the scrum of daily crises and think about its biggest challenges.

DHS was still a startup, barely two years old, and it had spent those two years getting organized, finding desks and office space — and at the same time frantically trying to build defenses against an unseen enemy. No one had had much time to think about the future. That was one of the reasons we needed a policy office, or so I thought.

I wanted to think about 9/11 in a new way. It seemed to me that it was an event driven as much by technological change as by evil men and government errors. Sure, there were evil men, and there were errors. But we had to get beyond the immediate mistakes and focus on the long-term trends that had made the attacks possible in the first place.

When we started tracing the roots of the 9/11 attacks, we realized how jet travel and a growing flood of travelers had wrecked our traditional border defenses. That's when we began to ask what other technologies might have in store for us.

Technologies like jet travel are seductive. That's why we flock to them. They give us more choices and more reach. Commercial jets allowed us to work or play on any continent in a matter of hours. More recently, computers and the Internet gave us instant access to knowledge that once was available only to a handful of librarians. Biotechnology, a new, explosively exponential technology, gives us the power to create and design life itself.

Giving individuals the opportunity to use these tools, with the choices, reach, and power they confer, is a great thing — much of the time. It's like skating on stilts that get a little longer each year. Every year we get faster and more powerful. Every year we're a little more at risk. We are skating for a fall, and the fall grows worse every year we put it off.

Technologies that empower ordinary individuals also empower people like Osama bin Laden and Unabomber Ted Kaczynski. Commercial jet technology had been around for nearly half a century before nineteen men were able to use it to kill three thousand. But the possibility of something like 9/11 was inherent in the technology from the start.

The 9/11 Commission (formally known as The National Commission on Terrorist Attacks upon the United States) criticized officials for a failure of imagination in the run-up to the attacks. Even those who knew al Qaeda was planning an attack did not imagine domestic jet hijackings that ended in suicide attacks on national symbols. I resolved when I joined DHS to keep that failure in mind. Where else was our imagination failing us?

Once I began to look for other emerging threats, I realized that jet travel is not the only technology that puts Americans at risk. Computer technology and bioengineering are more recent. Their power to change our lives is still growing, and their future is harder to predict. But if we wanted to get ahead of tomorrow's terrorism, DHS had to begin thinking about future risks as well.

Based on my own experiences, I knew of two that were bearing down on us fast.

For decades, information technology has been driven by Moore's Law. One version of the law holds that the number of transistors that can be cheaply placed on a chip doubles every eighteen to twenty-four months.

As chip capacity grows, the cost of computer power falls. A computer that cost $1 million in 1970 could be duplicated for $500,000 in 1972 and for $10,000 in 1984. By the end of the 1980s, personal computers were giving individuals capabilities that were once available only to government and the Fortune 500; electronic spreadsheets, word processors, contacts files, and email began expanding the capabilities of all.

Surely one of the oddest results of going to work for NSA was my initiation into the vanguard of this trend. The agency controlled encryption, and especially exports of encryption technology to other countries. But as cheap home computers made the Internet a potential source of mass electronic commerce, Microsoft and other software companies wanted to build encryption into their products. They rightly saw a need for more security if computer networks were going to carry large transactions.

"We're going to put encryption in your toaster," one Microsoft representative told me, invoking a day when every kitchen appliance would have its own Internet address.

To defend NSA's encryption policy, I had to understand this Internet thing and the changes it would bring. While I never fully accepted the techies' encryption policy proposals, I came to believe that they were right about the Internet. A revolution was coming. After leaving government I built a law practice around that insight. I represented dozens of Silicon Valley firms, including Netscape in the days before its IPO helped to launch the Internet revolution.

So I had a ringside seat as Moore's Law worked its magic. By the late 1990s, computing power that had cost $1 million in 1970 could be had for a hundred dollars.

Cheap computing and telecommunications (not to mention a gradually softening policy on encryption exports) did indeed create a mass market Internet. We were able to search the accumulated wisdom and folly of humanity in seconds. We could download books, music, and movies — what we wanted when we wanted it. We could bank, play games, trade securities, salute friends, trash enemies, gossip, build businesses, lose and find lovers — all online.

Oh, and a few more things: we could be defrauded, robbed, extorted, and blackmailed — with stolen secrets — online, too. The industry push to incorporate strong encryption into their products turned out to be a red herring. Government did get out of the way, but even the strongest encryption didn't provide the security the techies thought it would. Crooks easily found ways around it.

But, as with commercial jet travel, the bad news about information technology arrived late — long after the technology had become indispensable. We were up on our stilts and skating hell for leather before we even noticed there might be a problem. It wasn't until the 1970s that some of the first hackers discovered they could obtain free phone service by fooling AT&T's computers, and it took until 1988 for the first computerized "worm" to clog the Internet. Computer viruses also emerged in the 1980s, passed from disk to disk. They were an annoyance, but little more. Most were written simply to show off the skills of the author.

But as we moved our lives online, criminals followed. Hackers discovered that there was money in compromising other people's computers. Spammers could use those machines to send messages without fear of being shut down. Online networks allowed foreign criminals to reach across borders without leaving home as Nigerian spammers learned to defraud gullible men and women in the United States and Europe.

---

Excerpted from Skating on Stilts by Stewart A. Baker. Copyright © 2010 Board of Trustees of the Leland Stanford Junior University. Excerpted by permission of Hoover Institution Press.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

---