'So this really looks to be to be furthermore an inside job'

From: Remarks by Homeland Security Secretary Michael Chertoff at the University of Pennsylvania Wharton School on Risk Management

Question: My name's Zack. I'm a senior. I'm wondering, could you comment on the U.S.A. Patriot Act and how you understand that within the risk management framework.

Secretary Chertoff: That -- that's one of the great misunderstood Acts of all time. The Patriot Act, notwithstanding its name, is pretty modest and it's actually in this way a very good risk management tool.

The insight didn't take a long time to come to it after 9/11 as the best way to drive down risk with respect to terrorism was more information about people. If I had to guess on the population, you know, of millions of people coming to the U.S. who's dangerous, I could either search everybody, which would be astronomically expensive and inconvenient, I could do it randomly which would give me no better than a random chance of identifying somebody, or I could let everybody come in without looking at them in which case I would face really the question of do I fill up because I have no way to stop a bad person from coming in, but if I get more information about each of these people, you know, something about their travel pattern, something about their passport, something about where they have, for example, communicated, if I can take intelligence data from a lot of different agencies and combine it to get a better picture of what are potentially dangerous people, now I can look at that pool of people and I can say, well, I have information that here are people where there's reason to believe they may be a higher than average risk and I can focus on that.

What the Patriot Act mainly did was say we have a whole series of legally separated databases and intelligence agencies who are forbidden to talk to each other. They can't connect the dots. If we tear down walls and we let them connect the dots, we're going to have a better idea of the total amount of information available about people who are dangerous and that's going to enable us to focus more specifically on people who are dangerous. And that's going to be a way to reduce the risk and it's actually a fairly low-cost way to reduce risk because it frees a lot of people from any scrutiny and focuses certainly on people who are, because of some connection that they have, likely to be in a higher-risk group.

Question: Nick, sociology major. On the issue of internal security, in the wake of the 2001 anthrax attacks which were initially pinned on al-Qaeda, until a few months afterwards it became evident that it was not an al-Qaeda attack but rather some sort of internal security breach because the particular strain of anthrax that was used was one of 118 strains, one of which that came out of Fort Detrick, Maryland, the Department of Defense program in the 1980s, Project Jefferson had developed, it was essentially a derivation of a military grade weapon, and then they tried to put it on to Steven Hatfield, one of the engineers or the technicians out at the department but he was later exonerated and he won a $5 million settlement. Then more recently we had Bruce Ivins, who was pinned as the perpetrator and he conveniently committed suicide, the real issue here -- the real issue is he wouldn't have been able to create this weaponized grade of an anthrax because he needed a static charge and a machine with infrared capabilities that was well outside of his purview.

So this really looks to be to be furthermore an inside job, but the question is who particularly is involved, and we know from 1962 and Operation Northwoods that criminal elements in the U.S. Government have planned and staged terrorist attacks as a way of justifying political agendas and furthering whatever aims they have.

So the question is -- the question is what -- what has the Department of Homeland Security done to further investigate this issue?

Secretary Chertoff: Well, first let me say that it is incorrect to say that -- I don't know that anybody seriously thought that al-Qaeda might have been responsible. I don't think anybody officially ever asserted that.

The FBI has done a very comprehensive review of this. Now that's -- you know, the risk that the government, based on a 1962 program, launched an anthrax attack, it was put in the basic non-existent risk category and that's actually a great example -- if that's the kind of risk we worry about, then we're moving away from the real risks into the realm of imaginary risks because that's not the risks.