Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« New Biometric | Main | Airplane Terrorism Twenty Years Ago »
November 18, 2010
Unsolicited Terrorism Tips to the U.S. Government
Adding them all up, the U.S. government "receives between 8,000 and 10,000 pieces of information per day, fingering just as many different people as potential threats. They also get information about 40 supposed plots against the United States or its allies daily."
All of this means that first-time suspects and isolated pieces of information are less likely to be exhaustively investigated. That's what happened with underwear bomber Umar Farouk Abdulmutallab. Intelligence agencies had heard that a Nigerian was training with al-Qaeda, received information about a Christmas plot, and read a couple of intercepts about someone named Umar Farouk (no last name) before Abdulmutallab's father walked into a U.S. embassy to report him. No one ever figured out that these seemingly unrelated pieces of intelligence referred to the same plot, so intelligence agencies didn't pour enough resources into investigating it.
As I wrote in 2007, in my essay: "The War on the Unexpected":
If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security.
Posted on November 18, 2010 at 6:13 AM • 26 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Imperfect Citizen • November 18, 2010 6:24 AM
After the eguardian system there's a farm out down through the channels to contractors who get paid up to watch.
kingsnake • November 18, 2010 6:54 AM
To make matters worse, the amateur who gets lucky and actually detects a real terrorist plot, may end up having his life ruined by accusations that *he* is the terrorist -- just like that poor sap in Atlanta.
Clive Robinson • November 18, 2010 7:08 AM
@ Bruce,
Given that intel is about the only sensible way forward on "organised" terrorism but dosen't work on compleat loners except by chance. Any solution is going to be imperfect at best.
However the question is how do you sort the wheat from the chaff not just of amateur reports but proffessional reports as well.
If you have 10,000 bits of info a day with the best wish in the world you are not going to be able to cross check on the past couple of days let alone months.
I'm realy not sure how you actually tell the distilled output from a professional or amateur report simply due to the issues with the nature of the information it's self.
For instance identifing individuals is notoriously difficult with photographs taken on the street, it's even worse with CCTV, as for names how do you spell them let alone know if it's a given name a family name or a nickname?
I'm not sure we currently have the technical ability to draw meaningfull information out of what is effectivly not just random but also effectivly obsficated data.
ap • November 18, 2010 7:46 AM
Bruce,
Can you comment on how the constant communication about terrorism vigiliance which generates paranoia affects people reporting tips? I expect whipping up a frenzy about any suspicious activity leads to an inundation of "tips" (false positives) which security orgs have to sift through. It probably makes their job even harder. What's the balance of making it easy to report activity yet also making sure real tips are given and false positives are minimized?
Adam Trickett • November 18, 2010 7:56 AM
Read "Military Intelligence Blunders" by John Hughes-Wilson. It's quite interesting, lots of things have been known about in the past but governments failed to act and only after the event was it obvious that they had enough information to prevent something.
Picking out rare events from the chatter is hard to do.
BF Skinner • November 18, 2010 8:20 AM
What's the trade off?
These days, billon dollar(US) multinational companies with tens of thousands of employees can't afford to deploy their own counter-intelligence services and and the people who handle these internal security investigations are not likely to be on the recieving end of a compromise event.
The end user/gate guard / system administrator/design engineer/secretary/executive is the direct target for espionage (regardless of the intended outcome be it theft of trade secrets or sabatoge and destruction of a building).
These people are the something hinky sensors and they are the only ones that CAN be engaged to detect and report suspicous behavior.
kangaroo • November 18, 2010 8:57 AM
'Cept 10k people is a teeny-tiny portion of our intelligence community -- we can more than afford to have one person handle one tip a day, given the million folks we have in our intelligence services.
This is like someone in the USSR complaining that they lacked the manpower to handle all their tips.
The problem isn't money (manpower). The problem is that all these programs are administered by incompetent political hacks and there is no feedback. Has ANYONE yet been fired for the relentless intelligence failures of 2001? ANYONE at all?
Whining about process is easy, rather than facing the folks who create and embody the process.
BCS • November 18, 2010 9:11 AM
I might be biased coming from a software/data processing background but it seems to me that the value of a data glut like that will depend critically on the ability to automatically detect connections. That sounds to me like a source for several advanced degree topics and a few well funded jobs.
No One • November 18, 2010 9:29 AM
"given the million folks we have in our intelligence services."
You're kidding, right? If the US workforce is about 1/3rd of our population that puts it at around 100 million people. If one million are in intelligence agencies then one in one hundred people are. And beyond that, how many are actually trained agents as opposed to security personnel or secretaries?
There are 56 FBI field offices. So for the FBI to employ 100,000 people (one tenth of your purported size-of-the-intelligence-community) that would mean for each field office the FBI has 2,000 employees! That would make each field office half the size of the $10 billion company I work for.
Back-of-the-envelope says that this is a gross overestimation of the size of our intelligence force.
TheDoctor • November 18, 2010 9:48 AM
Hi Bruce,
currently all the same bull***t is rising in germany.
Our Secretary of the Interior warned about "the present danger of a terrorist attack at the end of november" and asked the public to "report anything suspicious"
There is no fault an american official can do that can't be copied by by a german one -.-
Brandioch Conner • November 18, 2010 10:05 AM
@kangaroo
"The problem is that all these programs are administered by incompetent political hacks and there is no feedback. Has ANYONE yet been fired for the relentless intelligence failures of 2001? ANYONE at all?"
Exactly.
I'm not going to argue your personnel count because I agree with the basis of your statement.
If the process does not cull ineffective aspects of itself then it does not matter how many people are assigned to it. It will ALWAYS generate more noise than signal.
NobodySpecial • November 18, 2010 10:11 AM
So not just an excuse then?
All these intelligence professionals can't spot the difference between the 1000s of green ink letters and the real plots ?
GreenSquirrel • November 18, 2010 11:08 AM
Sadly, more often than not intelligence only gives solid confirmation after the act. This is one of the reasons for so many ill-founded phrases like "military intelligence is an oxymoron"...
Of course using well trained, well motivated and well resourced professionals changes the balance but it will never be perfect.
There is also the ever present risk that even the most upright of professionals will start to blur the lines - especially when budgets come under pressure and performance reviews are being undertaken. Few people will be so morally courageous that they will allow themselves to be sacked, especially when it is easy to hype up the threat that person (or ethnic group) X is a terrorist etc.
As "free and open society" the only real options to us are:
1 - have genuine external control over the intelligence services. For too long these organisations have believed (correctly or otherwise) that their actions can be outside the law.
2 - Accept, on a "society" level, that sometimes the terrorists will strike. Loss of life is always tragic, but it happens. No security measure (intelligence or otherwise) is going to be perfect. We will always let *something* through. Rather than use this as an opportunity to blame government / state officials for some mistake, we should instead blame the terrorist for being a terrorist.
I think with these two measures we would be a lot better placed to fight the war on terror....
Pat Cahalan • November 18, 2010 11:21 AM
> Sadly, more often than not intelligence only gives solid
> confirmation after the act
To clarify, this isn't precisely the case (although this is what people *think* is going on).
Intelligence services generate data. Intelligence analysis is the process of trying to discern a pattern of relationships out of that data. We see "this", plus "that", with a suspicion of "some other", and that equals maybe "conclusion". The relationships may or may not be there underlying the data.
By definition, once an act has occurred, you *have* a pattern of relationships. You are no longer performing intelligence analysis, you're doing forensics... police work; you're looking *in* the data set for data *that is correlated* to the pattern.
The whole "in hindsight" characterization is imprecise. Prior to an event, you're doing something qualitatively and quantitatively different to after an event.
xd0s • November 18, 2010 11:27 AM
While I agree that using amatuers to be our first line (at least part of it) results in amatuer observations, I'm not sure that the following up with the result being amatuer security.
The data feed is partially (10000 pieces of data daily) amatuer sourced, and we have unknown volumes of professionally sourced, paid informant sourced, etc.
The job of sorting and matching that data across all permutations and confidence levels in the data itself to ferret out a real threat vs a rumor etc is very very hard. And the over identification of these threats might burn your data sources so the process is prone to err on inaction until sure.
Unfortunately that leaves us in the state we are in where we often are only sure when they move, are caught in the actual attempt, or if the event is realized.
GreenSquirrel • November 18, 2010 12:19 PM
@ Pat Calahan
Thanks for the clarification - that is pretty much what I meant by "solid confirmation".
The principle I was trying to get at is that before an event, it is largely guesswork even if it is very well informed guesswork. This is one of the reasons why some intelligence agencies are prevented from acting (as no "crime" has been committed *yetY) and other intelligence agencies are pilloried for taking action against innocent people.
The problem for society is that every agency will claim its intelligence is fantastic and the person they have executed, arrested, renditioned (or whatever) is a really bad person who deserved it.
We, the public, have no real way of knowing if the agency has lied, got it wrong or is actually correct.
Are *we* happy that some people will be punished before they commit a crime?
Are we happy that we understand the false positive rate and that no matter what some innocent people will suffer at the hands of the state (I suspect more people are happy about this when the probable victims are a different ethnic group).
Crucially, no matter what we accept the terrorists will STILL get occasional attacks in. So even if we are happy that all the brown skinned people are getting frisked every 10', we still have to accept the inevitable terrorist attack.
Harry • November 18, 2010 1:20 PM
According to the Washington Post series "Top Secret America" http://projects.washingtonpost.com/... 854,000 persons have top secret clearances. Most of them are not intelligence analysts: for example every single FBI agent (about 14,000) has a top secret clearance, as do the top employees in most (all?) Cabinet jobs (such as DOE and NRC), many of the people supporting those with top secret clearances (such as document handlers, secretaries, IT personnel), and many members of the military - such as the guys who encrypt messages.
Further, not all intelligence analysts with a top secret clearance works on terrorism. There are an undetermined number of CIA and NSA analysts who work counter intelligence, intelligence, disguise, criminal work (the FBI has criminal analysts with top secret clearances, for example).
So what looks like a very large number has become a much, much smaller one. Not that we'll ever know what that smaller number is - those who tell don't know and those who know don't tell.
As for those with secret (but not top secret) clearances, there are a LOT more of them and even more do jobs that are not associated with terrorism at all. Further, I wonder if one can work against terrorism without access to all the relevant information. It's hard enough to find patterns, how can one do so without all the info?
Reputo • November 18, 2010 2:41 PM
@harry,
Top Secret and Secret clearances are also given to housekeeping personnel at installations that deal with Top Secret and Secret information. Contractors (like Lockheed Martin or Rockwell Collins - and their associated secretaries and cleaning people) also receive the clearances because they have access to that information in doing their job. Having a security clearance is no big deal. It just means that you have been investigated by the government (or whoever else they contract out to) and are not deemed as a risk to divulge the information.
JimFive • November 18, 2010 4:01 PM
@Bruce
It would be helpful to make a distinction between data and information. What the agencies get is 8-10,000 pieces of data every day. The amount of information each day is probably negative.
--
JimFive
Davi Ottenheimer • November 18, 2010 7:05 PM
Ok, fair enough. Don't be surprised, but also don't stop asking for amateur help.
The best way to reduce the affect of noise is to increase the quality of analysis. Better agents are needed, not less source information.
It reminds me of the story that the US received detailed information including a cartoon/presentation from Greece predicting 9/11, but analysts did not see Greece as a reliable enough source and dismissed their warning.
SnallaBolaget • November 19, 2010 4:01 AM
@No One: Actually, 854,000 people have TS clearance in the US today - not far off the million, really. Also, there's not just the FBI, you know, there's the CIA, NSA, not to mention the DSS, etc. etc.
Anyway.
@Bruce; One minute you praise intelligence gathering and analysis as the only way to go, and the next moment you've got this gem;
"If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security."
I have a hard time taking it seriously.
Harry • November 19, 2010 4:28 AM
@SnallaBolaget:
The intelligence gathering and analysis Bruce is praising is that by (semi-)trainted people. That which he is denegrating is the sort that's generated by police signs saying "Report suspicious activity."
@Reputo - you're making my point even stronger.
Imperfect Citizen • November 19, 2010 4:52 AM
Being subjected to amateurs in domestic observations as an innocent citizen I can tell you it looks and feels like a witch hunt on the ground. People untrained in surveillance act like stalkers. Imagine, that you are targeted as a terrorist on US soil. There's no evidence, you have no criminal record.
Just think for a minute, there aren't enough trained folks in surveillance to watch all the false positives, all the tips. There's a lot of money that we don't know where its going or what its doing in the counter terror game. You have your 9-1-1 fellowship, wives/family, active duty/retired military, cooperating contractors, etc.
So what if the false positives generate a lot of cash for a local jurisdiction? How easy is it to let go of cash? Do you need evidence? No.
There's no judge looking at it, no attorney to pick apart the charges. I've overheard my observers say that the reason my job continues is that they aren't clear about my religion. Why is that an issue? They named a Muslim neighbor and others, what's the confusion? I had Tibetan Buddhist peace prayer flags in my yard and I wear hand of Miriam earrings that a friend who died in 1995 gave me, he was German not mideastern. The man in a city 100 miles from my house discussing my case in front of me on a cellphone and naming all my neighbors on a dead end street said I must be hiding something Catholics don't have Buddhist peace prayer flags. Over and over observers ask me about those earrings and totally ignore the cross I wear, the fact that they follow me to Church etc. I am asked what my religion is and where my people are from. I am asked straight up if I am a Muslim, just standing in the grocery store. I say I'm not, I'm Catholic. A little information is a dangerous thing when its tied to a lot of money and no transparency. When people run around debating what kind of terrorist you must be for the government to keep watching you, and you are an innocent person, you get a different picture than the folks out east are getting. I was doing laundry at the homeless shelter and the guests were asking me a lot of weird questions (I've been there for over 10 yrs so I know odd patterns). I had washed a guest's jeans with the money in the pockets, so I pulled out the jeans and made a joke about money laundering. They were saying, "that's it, that's why they are watching her she's a money launderer" These folks were serious. Do you see what kind of crazy data amateurs can generate? Taking a joke out of context? Deliberately ignoring the fact that I go to mass and receive communion? Focusing on earrings that I've explained over and over? So I stop wearing the earrings, I stop playing Irish music which observers came up to me and said it sounds like Arabic (elementary school carline windows down). These amateur security games use military protocols on people who have no day in court, no right to an attorney. Everything is hidden. I called the FBI and the NSA after an Arabic sounding phone message was left on my answering machine when we were out of state for 2 weeks. I called Homeland. I told all the alphabet folks about it. I knew what that call meant it meant no evidence and someone spent too much money on a false positive. I read this blog and Bamford's books. I'd been watched for a long time before that. I don't speak Arabic. I don't know Arabs, I am not Muslim. Yet my observers over and over question me "say what can you tell me about Muslims?" Out of the blue.
I hope you never find out what its like to be "watched" you will know it right away if you pay attention to your surroundings. I had a stalker in the past, and I might have noticed it earlier than others would, but I have to say if you miss someone driving past your mailbox when you go out and they have a digital camera/cellphone in video mode pointed at you and it happens over and over...
SnallaBolaget • November 19, 2010 5:23 AM
Yikes... okay, Imperfect Citizen. Thanks for that WoT. I don't think I dare comment on that...
@Harry; So the 8000-10000 "pieces of information" are all processed by so-called amateurs then? Where did all the professionals go?
Actually, it seems to me that Bruce is just trying to cover up the fact that the intelligence services he so praises at every opportunity are failing to do what he says they do - stop terrorist efforts. First the UPS-planes, and now the "pieces of info" thing and the boxers-bomber.
Harry • November 19, 2010 10:18 AM
@SnallaBolaget "So the 8000-10000 "pieces of information" are all processed by so-called amateurs then?"
No, I'm saying they're *collected* by amateurs. They're processed by professionals ... or maybe not processed.
The main point of my post is that while there are many people with top secret clearances, only a small percentage of them are counter terrorism intelligence analysts.
Maybe there aren't enough of them to process all the data collected by amateurs.
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments