Schneier on Security
A blog covering security and security technology.
« Automobile Identity Theft |
| Terrorists and Hurricanes »
September 21, 2005
Cameras Catch Dry Run of 7/7 London Terrorists
Score one for security cameras:
Newly released CCTV footage shows the 7 July London bombers staged a practice run nine days before the attack.
Detectives reconstructed the bombers' movements after studying thousands of hours of film as part of the probe into the blasts which killed 52 people.
CCTV images show three of the bombers entering Luton station, before travelling to King's Cross station where they are also pictured.
Officers are keen to find out if the men met anyone else on the day.
See also The New York Times.
Security cameras certainly aren't useless. I just don't think they're worth it.
Posted on September 21, 2005 at 12:50 PM
• 45 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I knew you'd come around eventually. ;)
Cameras provide better intelligence info if deployed and managed properly. Most critiques of the cameras are (rightly) directed at poor planning, poor management, and/or poor handling of the data.
One of the critical issues with the British system is that the police do not recieve any special training to analyze the camera data, and lack the newer technology that makes the job significantly easier (e.g. real-time analysis). Learning on the job is great for some things, but it obviously puts a "surveillance" system at a huge disadvantage if time is of the essence.
Moreover, the camera network in Britain appears to be a patchwork of technologies that requires a great deal of external (human) cooperation/communication, and perhaps even legal support, to tie together data.
As camera technology rapidly evolves to provide superior intelligence capabilities, agencies need to get much better at how they address issues related to deployment and management of the controls, as well as proper access and handling of the subsequent data.
Cameras are not complete useless. Afterwards it is possible that they give information. This is the same for for example the dataretention such as those in Europe is also presented. I think there are other manners to find who the terrorists are. It me would not astonish if this the reason is for wasting much money to cameras who not working to prevent us.
"Security cameras certainly aren't useless. I just don't think they're worth it."
So you agree that they are useful, and presumably can't be complaining about the monetary cost (which is pretty slight compared to most other physical security measures), so I presume you are saying that the risk of abuse outweighs the utility.
I agree that there is a risk of abuse with security cameras, and it must be guarded against. But it also should not be exaggerated. For example we are here talking about a railway platform. A railway platform is a very public place; there is no such thing as a right to privacy whilst on a railway platform, and never has been.
Our rights to privacy are valuable and should be guarded, but public fora, and public places, by definition are _not_ private; attempts to endlessly extended privacy to the public realm risk a corrosive effect on normal civil discourse.
It might be argued -- and has been argued -- that automated image processing of the data from thousands of cameras, in particular machine facial recognition, gives security cameras a qualitative difference to mere public observation. That may one day be so, but the fact that the British have taken 2 and half months to process the footage on such a high profile case is indication enough that whatever the salesmen claim, such technologies are still science fiction.
Isn't this just proof that cameras are good for evidentiary purposes?
In order for them to be good for intelligence or security, you have to be able to glean from more than what you already know.
Unlike light faster-then-light travel, efficient automated image processing isn't science fiction in the near future. The problem is that once the cameras are up, they are up. You can't un-tell someone a secret, and I've seen precious few instances of people being able to un-grant power to their government. After this result you can be sure the British will be spending lots of effort streamlining their ability to process camera data.
Also, from a slightly more paranoid standpoint, how do we KNOW it took them two months to process all the images? Couldn't they have figured it out in two weeks and only told us now. The time it takes to glean intelligence like this is information about national security that some people might not like to disclose. Remember all the information the Allies decrypted during WWII but could not act on unless they had another plausible way to have gotten it? I don't believe that it didn't take them two months to get the images this time though. But the real question is, if it started taking two weeks, or two days, or two hours, how would we really know?
"So you agree that they are useful, and presumably can't be complaining about the monetary cost (which is pretty slight compared to most other physical security measures), so I presume you are saying that the risk of abuse outweighs the utility."
Cameras have security value, primarily forensic. I regularly complain about the monetary costs. Comparing them with other physical security measures is complicated, as most other physical security measures are preventive in nature and not forensic. I also complain about the non-monetary costs: privacy, the chilling effect on freedom, etc. And they are certainly ripe for abuse.
"I knew you'd come around eventually."
Come around to what? I don't think I've ever said that cameras are useless for security. I hope I've always said that they're not worth it.
It's the same decision process you used when you decided not to wear a bullet-proof vest. (It's not because the vests are ineffective; it's because you don't think the added security is worth it.)
"Isn't this just proof that cameras are good for evidentiary purposes?"
I don't think we needed proof of that; it's kind of obvious.
That's the main reason they're installed in banks, retail stores, etc. That, and the fact that moving the hold up across the street is considered a win for a bank.
While it is true that subway station platforms are public places, the possibility for long-term storage of camera footage makes a big difference.
Without cameras, after a relatively short period of time it is almost impossible for a third party to discover whether you were there or not. And as you have mentioned, eventually technology will enable much easier access to large amounts of information unavailable now, which has a possibility of abuse.
It's unclear to me whether the benefits are worth the risks.
It is perhaps interesting to ask what contribution the knowledge underlying the recently publicised CCTV footage has actually made to the case against the criminal suspects for the 7/7 terrorist attack.
There might be some. However, I cannot really view it as material. The perpetrators/suspects are dead (and in custody for extra certainty).
The pressing issue is identification of additional conspirators. I don't recollect the recently publicised CCTV footage indicating anything at all on that. Does anyone else?
So, does the publicity serve any purpose?
Am I just too cynical, in believing its intent is to create the impression of useful progress in the police investigation, to more credulous members of the public, when there is actually no progress to report (which is, of course, different from no progress at a more subtle level, that not "worthy" of reporting to the public).
None of this stops CCTV being a very useful contributor of evidence in many cases.
"I don't think I've ever said that cameras are useless for security. I hope I've always said that they're not worth it."
Actually you have said "Why, when there is no evidence that cameras are effectice at reducing either terrorism and crime, and every reason to believe that they are ineffective"
Ok, I'll grant that there is a difference between useless and ineffective, but only because cameras can be effective as detective controls. Their ineffectiveness used to be technology-based (worn VCR tapes, poor light sensitivity, etc.) but that is no longer the case. The problems today are mainly a procedural and policy-based, which actually means you should say the operators are ineffective, not the controls.
"It's the same decision process you used when you decided not to wear a bullet-proof vest. (It's not because the vests are ineffective; it's because you don't think the added security is worth it.)"
There are two issues with this analogy:
1) Vests are preventative controls, not detective. So it is more akin to deciding on whether to use forensic technology instead of traditional measures.
2) A more apt analogy is the decision process used to create a bullet-proof vest policy for a police force in a major city. Some are told to wear vests, some not, depending on the threat. It's not because the technology itself is effective or not in a vaccum, it's whether or not a technology can provide a better control to handle the type/quantity of incidents that will be encountered.
I'm curious to find out what the British officers think that they have learned from this evidence. It is hardly surprising that people about to commit an organized crime might case out the scene for planning purposes. What's the real story here?
Increased numbers of cameras risks destroying a great deal of our practical freedoms. Indeed, strange as it sounds, we need a sort of public privacy.
Now, if the police are actively investigating a suspect, I have no problems with them watching the suspect in public. There is a system of checks and balances to protect suspects from abuse of the system (in the US at least, I'm less familiar with British law). The system isn't perfect, but it mostly works.
The problem is when pervasive cameras mean that we can watch huge numbers of innocent people. There are little to no limitations on what is done with that footage. It's going to become easier and easier to link together camera data and track people. Eventually it will because cheap and easy enough to be easily abused. Maybe a company doing advertising will purchase copies of camera feeds across a city. They'll use the data to track movements of people to optimise advertising. It sounds reasonably innocent, but it means that there is a database tracking a large number of people. Eventually someone inside the company will abuse the data personally or will sell access to someone else who will abuse it. To take a few extreme examples, perhaps your religion is unpopular and a small number of criminals are harassing members of your faith. You've got a family to protect, so you're quiet about your faith. One of these criminals might work at the advertising agency. A bit of cross referencing reveals that you regularlly attend that church and suddenly you and your family becomes a target.
Perhaps you're being stalked by some nutter. I'm sure he'd love to bribe someone at a camera database company to find your day-to-day schedule.
Perhaps you're working on important, but controversal social issues, similar to the civil rights movement in the US. Again, you have a family to protect, so you work in the back office for a social work organization and take steps to avoid being publically connected to it. Again, a criminal who wants to strike at the social work might be willing to bribe someone to track everyone who is near the social work office at traditional open and closing of business to track potential employees. The data even provides routes, making it easy to ambush someone.
Perhaps the job sitation in your town is tough. You can't afford to move, so you count yourself lucky to have a job. Unfortunately your boss would fire you instantly if he knew of your political views. (It might be illegal to do so, but at least in the US it's pretty easy for a small business to fire someone without cause.) While he's doing illegal investigations to see who in his company is driving the insurance costs up, he might also pay to see who attended the recent political rally.
For a more concrete example, the otherwise innocent seeming US Census Bureau turned over counts of Americans of Japanese ancestry to the War Department. Though far less specific than individual movements, it did give counts for how many Japanese-Americans lived in a given area. This was used to gather them up against their will and put them in internment camps without no trial.
Here are some more recent examples of police abusing their database access: http://tinyurl.com/krxe
Innocent people often have things to hide. Privacy allows innocent people to safely do legal, ethical things that are only unsafe because third parties might react against them. The system isn't perfect and will sometimes fail. Information intended for one good purpose will eventually be abused. Privacy is an individual's last resort when the system fails. Pervasive cameras without strict rules and enforcement will further reduce our privacy.
The social cost of pervasive cameras is quite high, far higher than poponents suggest. It's not enough to simply say that "it's in public, so it's okay." Ten years ago any given individual had a fair amount of practical privacy in public. Tracking an individual was expensive; you typically had to hire someone to follow the individual. Pervasive cameras combined with inevitable tracking technology and shared data will lower that cost.
"What's the real story here?"
The story is that a surveillance system has provided data relevant to an investigation. Some are using this to demonstrate that the investment in cameras was not a total loss.
Bruce, on the other hand, seems to say the cameras have done nothing more than what can be done (and was in fact accomlished in this case) through regular investigative measures.
I'm just trying to point out that camera technology has made a giant leap in capabilities over the past several years, and it now requires operators/lawyers to catch up quickly in order for the new technology to be used effectively. In other words, don't always judge a car by its driver.
"what the British officers think that they have learned from this evidence"
Not just the evidence itself, but lessons from the search for evidence will be invaluable:
One of the biggest lessons in that regard will be that the operators must be trained in analyzing camera footage, and manipulating video software tools, to be effective. Another lesson will be that emergency scenarios require pre-established procedures/authority to efficiently sequester data from the thousands of cameras owned and operated by hundreds of independent entities.
In terms of the evidence itself, similar footage helped justify the arrest of the individuals accused of attempting another attack on July 21st.
"In other words, don't always judge a car by its driver."
Fair enough. I've read many postings on the cameras here. At this time, I'm leaning towards agreeing with Bruce's opinion on the topic as, for instance, I haven't heard anything coming from London regarding this new evidence that leads me to believe that they've learned anything new about the terrorist methods. Granted, I might not hear anything new until someone either goes to trial or a new attack is prevented.
What, do you imagine, might justify the costs of the system? What do you think the new camera technologies could achieve, given properly trained individuals and a properly set up system? If, for instance, we learn something new about techniques, then why wouldn't future terrorists just adapt/change their techniques for the next strike, thereby preventing that knowledge from being of use in stopping their attack?
I'm willing to be swayed. I just haven't read anything that I find convincing.
I was formulating a reply when you posted. It seems you answered my post.
"The problem is when pervasive cameras mean that we can watch huge numbers of innocent people. There are little to no limitations on what is done with that footage."
I agree with your concerns about privacy. The technology is starting to change everything, so we need to rethink how we protect ourselves not only by denying access but also by allowing access.
I often try to tell people that the technology actually solves some of its own problems. That is to say if you are worried about camera operators always watching people (the old paradigm) you can adopt a system with the capability to remain dark until an anomaly is detected and an alert is automatically sent.
For example, some swimming pools now have video surveillance of the deep end. Lifeguards do not watch the video, they watch the surface of the pool. But when someone falls to the bottom of the pool and they stop moving (unconscious) cameras send an alarm that gives lifeguards the data they need to save lives:
"A YOUNG girl has been saved from drowning by an extraordinary computer system that keeps an eye on everybody in a swimming pool."
Could this be abused by people who just want footage of swimmers? Yes, unless the system is designed and setup to only send video based on anomaly to authorized lifeguards. Data protection is not a new science but you are correct to worry about how often it is properly practiced, and whether incentives exist to ensure privacy.
I have to agree with B.D. when I saw this on TV, my 1st thought was, "what the hell is the use of that". They already identified the people, and they already new that it was a well planned attack. So the only plausible explaination I can think of is that either they want to demonstate the cameras are useful in preventing these attacks, or they want to keep the 'threat' in everyones minds to justify other 'preventative measures'.
I agree with Bruce on this.
Camera's have a forensic application but that's all and although forensic capability is a part of the mix it's a small part. CCTV footage of the bombers before the fact reinforces this view; it didn't prevent anything.
Intelligence aimed at prevention and increasing my ability for response are my security focuses. All the money, energy and focus on camera's is simply a lost opportunity to do something useful.
Priorities and opportunity loss are the issues here.
If we're asking the question of what the cameras might be worth, let's also ask the question what they cost.
For about USD1000 or less, I can buy a CCTV system which includes three (some systems have four) moderate-quality security cameras and a video monitor (set up to monitor up to four inputs simultaneously). For about USD700 I can get a digital Personal Video Recorder system which can take the video images and record them to a 200 Gig hard drive, with included DVD burning capabilities.
And let's assume that they cost as much again to install.
For the sake of discussion, let's assume the monitor is unmanned, and that twice a week somebody spends half a day (i.e. one day a week, or let's call it USD10k/year of his $50k/year salary) doing nothing but burning (any "interesting") previously recorded video to DVDs (blanks at about 40 cents per; we'll call it, say, a thousand bucks a year) and generally maintaining the system.
Total, we're looking at (generously) less than $4k/year for each camera. (And that $4k assumes replacing each, annually, at these numbers.)
Now let's compare that to the value of having someone spend, say, three-quarters of a day every week actually applying some skill to the task of monitoring people.
Which would you rather have for the same money: a 24/7 video record, or less than an 8-hour (out of 168) intelligent patrol with no reviewable record? Does it change the answer if it were 10 or even 12 hours out of 168? Or if it were only 3 hours?
Of course, this is a very trivial analysis and doesn't include any allocations for time spent actually poring over any of the collected data. Such costs are assumed to be over and above this tradeoff, since they are zero if no such record is analyzed (or available) (or no such analysis is deemed necessary).
I think you are way to reliant on technology to solve human problems and I also think you underestimate your adversaries.
In your lead up to your swimming pool analogy you said "you can adopt a system with the capability to remain dark until an anomaly is detected and an alert is automatically sent."
What anomalies are we looking for when there are terrorist attacks and is the software sufficient enough to spot them? If humans are having a hard time seeing these attacks coming, I'd say software is going to have an even worse time trying to spot behaviour from within a crowd. There is also the element of adversary deception. If humans can be deceived so can the cameras.
The only time that the software may have use is after the fact e.g. the bomb has already gone off. Kinda like your swimming pool analogy where there was a clear cut case of an emergency.
"Camera's have a forensic application but that's all"
Forensic is a subset of detective controls. If you agree that better intelligence is needed than you are advocating for better detective controls. When you say cameras aren't "worth it", you are implying that they are too expensive. Solutions to the cost dilemma are not hard to find if cameras are used properly.
Again, with regard to the pool cameras,
"Mrs Matthews, whose son, Nathan, drowned in the Thames Leisure Centre’s Jubilee Pool in July 2004, said: 'This proves to people that the system does work. It would cost only £1.75 per child per year to install them in all public swimming pools."
I would support comments such as "cameras must be used properly to be worth the cost", but saying they will never be worth it is to totally disregard the nature of tools -- they are almost always double-edged devices. Cameras, for whatever reason, are described as too risky mainly due to ineffective operation and not some inherent flaw in their capability to produce genuinely safe benefits.
"I think you are way to reliant on technology to solve human problems"
Funny, since we're writing on a blog. I'm not sure of what you define as technology but I include many of the devices used to solve human problems over history. Air conditioning is a good example. Or the wheel might be a less controversial one.
"What anomalies are we looking for when there are terrorist attacks and is the software sufficient enough to spot them?"
I agree with that. Seeing a bomber only seconds or even minutes before an explosion does not bode well for detective controls. Facial recognition is problematic for many reasons, and even gait recognition systems fail if you wear the right kind of shoes (apparently flip-flops defeat the system, if anyone cares). But that just goes to the point that "anomaly" has to be very carefully defined and monitored for accuracy.
To be clear, I am not saying that security cameras are the best solution today for detecting terrorists. Many of the problems with detecting the bombers in time is based on intelligence gaps that need to be resolved. These gaps should not be used to say cameras have failed or will never succeed. In fact, most technical solutions will not work if you have not properly identified the problem to solve. On the other hand, there are many applications today that demonstrate security cameras are not only "worth it", but they are also one of the best ways to enhance detective controls.
Camera's are not new, are installed all over major cities in the western world and have been used for many years in public places. Fat lot of good it did us in Oklahoma, New York, London etc.
There are simply better things to do with my time and budget. That's my trade off.
Hey davi, when are you going to get your own blog? I don't agree with you half the time but you always offer up interesting contrarian points anyway. Let us know when you have one.
the most interesting issue about the london bombings is whether or not the bombers knew they were going to die: zealots or dupes?
bruce schneier says "security cameras certainly aren't useless. i just don't think they're worth it."
context is everything. a statement like this with no defined context from which risks and rewards can be calculated is essentially meaningless, and i'm surprised at him for saying it.
1. the cameras caught them doing a dry run. this may turn out to be useful.
2. the cost of this technology is going down over time, cameras, networking and storage are getting cheaper.
3. public transit stations and vehicles are pretty public places. i reject the "if you have nothing to hide..." argument in the private space context, but in the public space i don't give a damn who's watching me. cameras or no cameras, it wouldn't even occur to me to do drugs, lift somebody's wallet or masturbate on a bart train.
"the most interesting issue about the london bombings is whether or not the bombers knew they were going to die: zealots or dupes?"
Seems more likely zealots...
From the London Times 21/09/2005
"How were bombs detonated?
Scientists are not sure. No evidence found to indicate use of timers or remote detonation."
The detectives knew where to look in the CCTV archive for the suspects on the dry run, because they found receipts for their train tickets from Luton to London after searching their residences (according to TV news reports).
The purpose of releasing information about the investigation is to keep the public calm, as well as maintaining police morale (police officers have been working extremely hard on this investigation for a couple of months now, and they need to be kept motivated with wins/progress).
The problem with security cameras isn't the cameras - it's the people using them. As with all police activities in a reasonably open society, the camera operators are reactive. They're great in the role they're being used for now - reconstructing the scenes of crimes. This may be useful for stopping a future crime if there is evidence (another police term) of others' involvement. They won't prevent the crime they record (obvious), and may not have any preventative value against future attacks.
Police won't be able to stop terrorist behaviors unless the terrorists are as slow to learn as most criminals are. In an open society, police must of necessity be reactive/responsive, not preemptive.
The cameras did prevent something. They got the second set of bombers arrested before they could make a second attempt. The footage of the trial run doesn't seem to have told us much - except that the bus bomber wasn't there, and that the other three did the trial run alone (without a fifth man).
@another_bruce - you don't have to lift wallets to worry. You just have to "associate" with someone dodgy. You don't have to know they're dodgy. For example, suppose an innocent person had got talking to the London bombers during the trial run, and been caught on camera. For sure, they'd be locked up without trial right now.
Cameras can be used (and are used) to guide law enforcement to the site of a crime and catch the criminals in the act. This will generally limit the damage done (and camera images allow for easier trial of the suspects).
For such a system to work, you need well trained camera operators that know how to spot a disturbance and good communication with law enforcement. The camera is an additional "police eye", but don't expect it to do anything without on site hands.
"Fat lot of good it did us in Oklahoma, New York, London etc."
The argument that cameras should prevent an attack, but are a total failure if they can not prevent every attack, is specious.
"There are simply better things to do with my time and budget. That's my trade off."
Based on the above logic, I can understand why. Someone looking for a silver bullet of prevention is going to be highly unsatisfied with a detective control on its own.
But if you are comparing the cameras to other methods of achieving the same ends (technology used to enhance or replace manual detective work), then that's a different argument entirely.
I see there's a lot of good arguments for and against CCTV; I personally have no problem with someone watching me when I'm in public.
Now for something more light hearted:
When I was living in the UK there were cameras on my walk from the pub to my street. After a celebration one evening I was very drunk and on the walk home I kept falling in bushes; the police turned up after seeing me on CCTV and gave me a ride back to my house!
After reading all of the posts, perhaps I've been thinking about the cameras differently. I've been viewing the cameras as an autopsy, not prevention. Sure the autopsy can tell you which knife or bullet killed a guy and possibly catch the serial killer from killing again, but it won't bring the victim to life. The cameras are supposed to stop violence and a terrorist does cause violence, but only does it once. You can't catch the terrorist a second time. We need to learn from the camera on how to better reinforce structures, add blast dampening walls, and design better coverage of the sprinkler system.
--"2. the cost of this technology is going down over time,"
The cost in question is the opportunity cost, not the absolute cost (of which the technology cost is only one factor; I suspect personel costs vastly outweigh it if you want to make the system do anything interesting).
When the camera can actually stop a crime from being committed, someone may have a point of value. It may also be good at keeping limited areas secure, such as banks, or public areas where crime is an issue (like some parking lots, train stations, etc.), but only in tracking down petty criminals. Terrorists won't be deterred because they know that the "casing the attack" isn't illegal or even suspicious -- it's only evidence after they committed the crime in which they blew themselves up, so what's the real benefit there?
In the end, governments are the most dangerous entities on Earth. They control those cameras, and that's where fear should come from.
Have regular Americans attacked Iraq? Did Japanese citizens attack Pearl Harbor? Did German citizens invade Poland? Did Iraqi citizens invade Kuwait? All of the WMD and all of the power lies with governments, including the ability to print money so they never run out of cash. This puts citizens in a position of powerlessness.
In the end, the loss of privacy -- even in public places -- is a loss of freedom and liberty and the right to carry on in any legal manner without being investigated, without being checked through image scans, without having your long lunch break or liason being recorded or analyzed.
When the U.S. was founded, people could write anonymous letters and books and could talk about issues that could land them in jail (for sedition or the like). Yet it was a free and safe enough nation. It seems that more governments lock down their people for "safety," the less safe the world gets.
Did nukes make us safer? Tyranny make bring safety, but who prefers that over liberty?
As you say, Bruce, this shows that CCTV has its uses. As a British citizen, and thus someone whose nearest and dearest might be threatened by such terrorist attacks, I have a powerful interest in what the authorities are doing. But my first reaction to this story was, "Well, that's progress of a sort. Now all they have to do is find out what is going to happen BEFORE it happens, rather than two months afterwards". Meanwhile the plague of false positives continues, e.g. http://gizmonaut.net/bits/suspect.html
"The police decided that wearing a rain jacket, carrying a rucksack with a laptop inside, looking down at the steps while going into a tube station and checking your phone for messages just ticked too many boxes on their checklist and makes you a terrorist suspect. How many other people are not only wrongly detained but wrongly arrested every week in similar circumstances? And how many of them are also computer and telecoms enthusiasts, fitting the police's terrorist profile so well?"
"Hey davi, when are you going to get your own blog? I don't agree with you half the time but you always offer up interesting contrarian points anyway. Let us know when you have one."
You got me thinking, Wiggy. Gorbachev once said of his great detractor, Yeltsin, "If he didn't already exist, I would have invented him". Perhaps Davi is Bruce, playing his own devil's advocate. It makes the blog interesting to read. They are both well reasoned and insightful and share an obvious mutual respect. And you never see them together. Think about it.
Cameras don't prevent anything. They're only a deterrent and a tool for audit afterwards. The only question I can think of is wether or not they're worth the tradeoff on public areas.
"Cameras don't prevent anything. They're only a deterrent and a tool for audit afterwards. The only question I can think of is wether or not they're worth the tradeoff on public areas."
Exactly. They're certainly worth it if your area of concern is small enough. If, for example, you're a store owner and install a camera, and the criminals rob the store next door, that's great. But if you're the police department, the crime rate hasn't been reduced at all.
Though I tend to agree with Bruce's abhorrence of the continual loss of privacy in public space as technology marches on, I will jump in and say that cameras can indeed be preventative if they can be used to identify those with whom the terrorists associated before the attacks. Investigating and specifically deterring these individuals from commission of terrorism adds to everyone's security (so long as the methods of deterrence do not lead others to commit terrorist acts).
In the US the FBI spends millions every year on physical surveillance performed by people on terrorist suspects. The point is to identify their associations, to see if they are meeting with others who merit investigation. Regular investigative work would in most cases not turn up these sorts of connections, which are critical to identifying members of terrorist networks. The British camera system can do the same thing, and hopefully that is how it is being utilized with regard to the 7/7 attackers.
Is it prone to abuse? You'd better believe it. That's why watching the watchers is so important: there need to be strict legal controls over when these types of intelligence-gathering (physical surveillance and surveillance cameras) can be utilized, and how the information that they provide can be used. By and large, there are such controls in the US, but they could probably use a revision with an eye to privacy guarantees. Still, both methods can provide critical intelligence that would be unavailable by other means.
Power alone is never the problem. Misuse of power is, and that is why we are a society of laws, not of men. Sadly, punishing those who misuse such information sources is not exactly a cause likely to mobilize the silent masses. I'm not a big fan of how power is shifting to the government in the US, and I hope that concerned citizens will inform their lawmaking representatives that they will not stand for letting those who abuse access to intrusive intelligence sources go unpunished.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.