Schneier on Security
A blog covering security and security technology.
« Pinpointing a Computer to Within 690 Meters |
| Friday Squid Blogging: A New Book About Squid »
April 8, 2011
Get Your Terrorist Alerts on Facebook and Twitter
Colors are so last decade:
The U.S. government's new system to replace the five color-coded terror alerts will have two levels of warnings elevated and imminent that will be relayed to the public only under certain circumstances for limited periods of time, sometimes using Facebook and Twitter, according to a draft Homeland Security Department plan obtained by The Associated Press.
Some terror warnings could be withheld from the public entirely if announcing a threat would risk exposing an intelligence operation or a current investigation, according to the government's confidential plan.
Like a carton of milk, the new terror warnings will each come with a stamped expiration date.
Specific and limited are good. Twitter and Facebook: I'm not so sure.
But what could go wrong?
An errant keystroke touched off a brief panic Thursday at the University of Illinois at Urbana-Champaign when an emergency message accidentally was sent out saying an "active shooter" was on campus.
The first message was sent on the university's emergency alert system at 10:40 a.m., reaching 87,000 cellphones and email addresses, according to the university.
The university corrected the false alarm about 12 minutes later and said the alert was caused when a worker updating the emergency messaging system inadvertently sent the message rather than saving it.
The emails are designed to go out quickly in the event of an emergency, so the false alarm could not be canceled before it went out, the university said.
Posted on April 8, 2011 at 1:23 PM
• 34 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Why not Facebook? For some people it's the only way they get news.
As for the "errant keystroke", this article has a copy of the e-mail describing the mistake:
The crucial bit:
"The alert sent today was caused by a person making a mistake. Rather than
pushing the SAVE button to update the pre-scripted message, the person
pushed the SUBMIT button. We are working with the provider of the
Illini-Alert service to implement additional security features in the
program to prevent this type of error."
Ideally, those additional security features involve untangling edit mode from alert mode. Semi-ideally, the quick fixes would be 1) don't put those buttons next to each other, and 2) reword the labels ("submit" is commonly used as a synonym for "save"). But in actual practice, the change is likely to be an additional dialog asking "Are you sure?". This is problematic because people tend to click "Yes" to confirm the action they think they are taking, rather than realizing they didn't initiate they action they wanted.
How else should these types of messages be distributed? Most people carry these personal communication devices. Any system you use will be susceptible to human error.
"two levels of warnings: elevated and imminent"
Am I reading that right that the level is always at least "elevated"? Doublethink at its best.
Yeah, so what I really want to do is "friend" dhs ....
It looks like you are trying to alert students to an incident on the campus.
Is this related to
Type the words you see in the box below and press "send".
As I'm reading what Bruce quoted, the system will be similar to that of the National Weather Service severe weather system: When a severe weather advisory goes out, it's either a "watch" or a "warning" , and both watches and warnings cover specific areas with expiration times. Most of the time, an area won't have a weather advisory, so when one is issued, people (who find out about it) pay attention. There's isn't an explicit "no severe weather" status.
That sounds the same here: An "elevated" or "threatened" alert status is temporary, with a defined end time, but the standard background state is no alert.
Yep, that sounds like what they're planning to do, but the crucial difference here is that tornados don't watch the weather channel. If you're a terrorist it would make sense to plan your attack for something like "2:37 Monday afternoon, unless there's a terrorism warning, in which case 42 minutes after it expires"
So personally, I'm kind of conflicted about it... it seems worse than useless, and yet still a significant improvement over the previous alternative. So I am both happy and sad for them.
I'd be utterly shocked if they ever sent an alert at all. Nobody has a taste for causing panic.
As big as a Big 10 campus is, saying there is an "active shooter" on campus is like saying there is a shootout on the other side of town. Big whoop. Unless they pinpoint the incident -- He's in Professor Windythroat's chem lab! -- it will just sow panic. But then maybe I am just different ...
> Am I reading that right that the level is always at least "elevated"? Doublethink at its best.
My thoughts exactly. We can no longer even bother to pretend there's a "nothing particularly wrong" mode?
Even DEFCON has a "perfectly peaceful" mode. We've never used it, but it's there. If SAC can dream of a peaceful world, why can't DHS?
@ Michael H
"How else should these types of messages be distributed?"
How about in tomorrow's newspaper? The silly five color code never saved a single life, but the DHS can't simply quit using it without admitting it was both unnecessary and stupid. The new "bad" or "worse" scheme will be just as useless, and making it quicker won't make it better. If you're at the scene of an attack you know about it already, if you're not directly affected by an attack you don't need to know about it within seconds. All we need is an entire metroplex rush hour suddenly using their PDAs to Google more about the latest threat tweet. A false alarm will probably kill more commuters than blowing an airliner out of the sky.
That twitter/facebook thing is a loss from the get-go. Everybody around the world will see those the same time we do and alert the terrorists to either call off their plans or change them accordingly for greater impact. I expect we will see a stream of these alerts, valid or not, for days, weeks, and months until that system is canned (the alerts become victim of the "little boy who cried wold" syndrome). They should stick to the standard channels.
"All we need is an entire metroplex rush hour suddenly using their PDAs to Google more about the latest threat tweet. A false alarm will probably kill more commuters than blowing an airliner out of the sky."
Yup and what's worse is if it is a real threat...
As you have done your stint at the range and after game, a simple question for you,
"Who's eaiser to shoot, some one just standing there thumbing through their PDA/Smart Phone or somebody ducking and weaving as they get out of the line of fire?"
Yup lets all make like rabbits in the lamp light...
Douglas Adams satirised this sot of technology with the "Peril sensitive sunglasses" which went totaly black so you could not see what would frighten you, so you went blindly forward to your peril...
And nobody has ever tested sending a message to everyone at once, have they?
So crashing the cell towers would be a really smart thing for DHS to do...
In my scenario, someone gets put on the no-fly and one or more terrorist watch lists as a result of clicking the "Like" link for a terrorist alert.
I work at the U of I and got that false alert message. It was pretty obvious right away that it was a mistake, as the generic "Add location here" part was still in it and they had been troubleshooting a problem with the system from the day before. The really sad part of that mess is that the vast majority of users did not receive the cell phone text message that is supposed to be the real first notice of such an incident. The system has been a failure in that respect since it started. I wonder if some of the problem is that the system is designed to send cell phone text messages to umpteen thousand people all at once. Might the cell companies be blocking the messages as suspected spam?
FEMA is already progressing toward IPAWS, Integrated Public Alerting and Warning System , the succesor to today's Emergency Alert System.
After reading about the project, it has authenticated sender provisions, multi-avenue alert paths such as email, cell broadcast, SMS, as well as broadcast media.
Why use social media instead?
Posting a "terror alert" that says "somewhere in the United States" or even "somewhere in Texas" there "might" be an "elevated" risk of a terror attack is worse than useless. If you can't pinpoint the risk area to at least a city, it's complete crap.
Reportedly San Francisco Mayor Willie Brown got a nice precise terror alert before 9/11 - "Don't fly tomorrow" - although I believe he now denies it to keep up appearances.
The Israeli movers who had their camera equipment set up on the Jersey shore filming the towers coming down obviously had a REALLY good terror alert system - from Israel.
@kingsnake: the problem with location is that the shooter may move around. Notifications to the emergency center may also provide only a vague or even incorrect location.
I think a general alert can be useful to help interpret noises and people running around screaming. E.g., to know that it's not firecrackers (sounds like fun - go there).
Likewise, people who are trained to act as first responders in certain cases may want to know whether this is a fight or a flight situation for them.
Will the messages also include a friendly smiling blob with
When its budget time at the CIA, the alerts will increase to scare the politicians into writing a blank cheque.
Well, if they basically aim to keep the fear levels high (something quite a few people are riding on in the US administration), then this is definitely the right approach. As these "warning systems" are useless for anything else, I guess this is a sound implementation of a well defined goal.
And completely amoral. Not that those responsible would care or even understand.
Reminds me of those ridiculous Amber Alerts, so surely this is being pushed by the same people who run those freeway signs.
If you're in the business of spreading fear, it makes sense to tap into any channel available.
I work at the University of Illinois as well and the system was implemented in response to the general panic about the Virginia Tech shootings and the poorly coordinated response to that incident.
The system has been through several implementations, starting with one of the major phone companies, going through a shoddy (but cheap) offshore contractor who sent several spurious alerts, and I believe we're on at least #3 at this point.
Another part of the equation is that the head of public safety has been installing surveillance cameras, emailing crime reports and generally doing whatever she can to get her staff numbers up - whether this is simple Parkinsonian expansion or a legitimate attempt to make the area safer is unknown.
The latest series of several alarms had to do with a building fire near campus - obviously important stuff.
"""It was pretty obvious right away that it was a mistake, as the generic "Add location here" part was still in it """
That just proves it's authentic!
The location was deliberately withheld to deny information to the terrorists!
@Scott "emailing crime reports"
Couldn't say about the survelillance cameras or other stuff but informing student population about criminal activity is a regulation from Dept of
"I'd be utterly shocked if they ever sent an alert at all. Nobody has a taste for causing panic."
You are kidding, right? Fear and Panic is how the PATRIOT act got passed.
I would expect an effort to instill fear and panic on Election Day in order to ensure that the electorate has the "right" attitude.
My alma mater, Florida State University, also has mass notification in place, via text messaging, wide-area outdoor speakers like in tornado-prone areas, and in buildings with PA systems or talking fire alarms.
The primary reason for the system is for severe weather. During my undergraduate career, FSU had several extremely nasty thunderstorms and floods which required sheltering--I was in the gym for one and got herded into the windowless locker room, emerging an hour later to several inches of water in the street.
Here's the kicker: FSU had been kicking around the idea of outdoor speakers for a while. They were installed not long after the Virginia Tech massacre.
Severe weather, eh?
I think this is just an attempt by the feds to get control of some parts of Facebook and Twitter to forestall protest activities and other citizen based movements.
I'd suspect that if anyone in the U.S. called for their friends to meet them ( in front of the White House, at the Washington Memorial, etc) for a protest, that the feds would pull the plug on pre-selected groups of individuals, so that the protests wouldn't happen.
They could hardly have picked less authoritative communication channels than Facebook and Twitter. I foresee many spammed messages from spoofed "DHS Alert System" profiles.
"Terrorist attack in your area! Click here for details!" -> malicious iframe -> ipwned!
... dated April 1st.... how embarrassing could that be...
Oh and with regards to 'elevated' as the lowest possible level:
"You keep using that word. I do not think it means what you think it means."
The errant alert went out during UIUC's spring break, so most students were off-campus at the time.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.