Schneier on Security

"Hancock" just doesn't sound right, it doesn't have that zip or pizazz for a language optimized for this sort of purpose.

Suggestions?

@Pat: "Orwell"

What the summary doesn't hammer home is that this is more than an academic exercise. Quoting the Wired blog:

"But it's of interest to THREAT LEVEL because of recent revelations that the FBI has been requesting "communities of interest" records from phone companies under the USA PATRIOT Act without a warrant. Where the bureau got the idea that phone companies collect such data has, until now, been a mystery."

# Andrew (other) Says:
October 31st, 2007 at 5:12 pm

>> Those of us who would prefer to put our heads in the sand, will likely wake up one day to a very sad reality and an extremely weak economy.

We see the threat of terrorist attack with a clear eye and a calm heart.

While acknowledging that evil people can do horrible things, we choose not to live in fear and terror and allow little people with delusions of grandeur to control our hearts and minds.

We must first have liberty, for the state of the economy to have any meaning. The freedom to think is much more important than the freedom to buy.

Consider this: the term “traitor� was used as an epithet to describe people during the Revolutionary War. Treason remains the only crime defined in the Constitution as requiring the testimony of two witnesses to the same overt act, or confession in open court.

In the 21st century, we have allowed “terrorist� to take the place of the 18th century “traitor.� Labeling people as terrorists based on network analysis is like labeling people traitors based on who their friends and family are.

We also define corruption of blood and ex post facto laws as unconstitutional. This form of guilt by association smacks of both.

Tracking actual honest-to-goodness terrorists? With all that taxpayer money, you’d better.

Denying people the opportunity to work and to travel on the basis of secret government lists? Not in my Constitutional republic you don’t.

If their data mining algorithms are so high tech, why haven't they shared some of that expertise with the accounting and HR departments?

I bought several iPhones for the family and signed us up for AT&T wireless service. One salesman gave me a free $150 Nokia just to get a slightly larger bonus from the new non-iPhone account.

Changing area codes took three hours at AT&T store counters, and they "lost" $2,000 in deposits because these had to be transferred manually through several systems by means of various employees emailing each other. Good thing it's so hard to forge RFC822 emails!

Finally a smart store employee called the external customer support 800 number and read out my account, password, and SSN suffix from his screen, after asking me for nothing more than my phone number, and told them what changes to make.

If these same people are in charge of finding terrorists, either they have an excellent cover, or we're in serious trouble.

I always thought that analyzing call data (who's calling who) is a lot like google's page rank.

PageRank is really nifty. Building some sort of AI that can read pages and decide which one on a given subject is best is impossible. But ignoring the content of the page, and ranking them through an analysis of the topology of the links is easy.

In practice, though, the topology does a pretty good job of telling you which pages are best.

So it doesn't seem like that crazy of a stretch to think that looking at the shape of the graph that phone calls make could, in fact, give you useful information about the content of those calls, even though the content wasn't being analyzed.

Obviously, if someone pops up, you'd have to have a human being double check.

I have really mixed feelings about this, because I'm very much opposed to the massive wave of surveillance that's washing over us, but I'm kind of excited by this technology.

It might be that I'm totally wrong about it, though. This is not anything I have expertise in.

Going OT: "(Remember, back in the last century, intercontinental long-distance voice communication actually cost money!) "

Yeah, it still does. A lot. Maybe not if you're in the US or the UK, but in other countries it's still pretty expensive. (And before anyone mentions VOIP - yes, but broadband is paid for by the Gb, and it's pretty expensive too).

Hmm, "Guilt by Association" eh? I'm sure glad I'm back in High School working for the local Pizza Hut! I can only imagine the number of times that the local fast food chains get flagged as a "suspect of interest".

Of course that would also be an excellent cover tactic. Get a few bad guys working the phones and taking orders, but when another bad guy calls in their order can be coded words. The order delivery is the other half of the code.

Heck, even if the pizza guy wasn't a "bad guy", he could still be used to deliver messages this way.

(Maybe I've been reading too many trashy spy novels lately...)

Dan

IF (and I do mean if!) I was a "person of interest" to terrorist hunters, I would be tempted on this basis to open up a phone book and start making calls to random people. I could easily make 100 meaningless calls per one good one. And imagine the turmoil having the FBI go and check out each one of these potential terrorist cells. In fact, with VOIP, it is essentially free!

If the ooma device (http://www.ooma.com) became prevalent, this analysis would become much more difficult. It's likely no single company would have all the data available to them to connect the dots. Unless ooma keeps records of all end-points...

@ Pat: YouTreed

@Dan Linder:

There's always the old 'Domino's Effect', in which a Domino's pizza outlet in Washington D.C. claimed it could predict major shifts in foreign policy based on an increased number of pizza orders from the Pentagon...