MI5 Terror Alerts by E-mail

Sounds like security theater to me:

But he added that one of the difficult questions was what people should do about the information when they receive it: "There's not necessarily that much information on the website about how you should act and how you should respond other than being vigilant and calling a hotline if you see anything suspicious."

The first, called Threat Level Only, will inform the recipient if the nationwide terror threat level changes. The condition is currently listed as severe.

The second more inclusive service is called What's New, and will be a digest of the latest information from MI5, including speeches made by the director general and links to relevant websites.

I've written about terror threat alerts in the UK before.

EDITED TO ADD (1/15): System is in shambles and being overhauled:

Digital detective work by campaigners revealed that the alerting system did little to protect the identities of anyone signing up.

They found that data gathered was being stored in the US leading to questions about who would have access to the list of names and e-mail addresses.

Posted on January 10, 2007 at 6:31 AM • 28 Comments

Comments

Ben SmythJanuary 10, 2007 6:54 AM

I wonder how long it will be before someone sends a spoofed email claiming that the country is at the highest level of alert... Panic buying would commence. I wonder if a leading supermarket chain would create such an email to clear their shelves.

RichJanuary 10, 2007 7:25 AM

Spoofing?

I did a trial subscription usnig pookmail. Want to see what happens first. The subscription confirmation came from yoho-common.wc09.net which is owned by:
OrgName: Level 3 Communications, Inc.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US

because they're using www.whatcounts.com to manage their mailing list.

Just how many ways is this a bad idea?

Rich

a.January 10, 2007 7:28 AM

So when all the terrorists will be subscribing to these terrorist alert emails ... will they strike then the terrorist threat is at high or at low? Somehow I think there will be the green ever "go out and enjoy your life".

Flying ScotsmanJanuary 10, 2007 7:30 AM

I thinks it's a good idea. At the moment the threat level is Severe, which is reassuring, because recent terrorist attacks have only happened when there was supposed to be no threat.

bacJanuary 10, 2007 8:04 AM

Off topic but hopefully helpful.

Just for those who have not discovered a good way to post long urls in post here is TinyUrl

http://tinyurl.com/

I do not work for TinyUrl, just think it helps post look neater and organized.

vwmJanuary 10, 2007 8:57 AM

@ben: The current level is "Severe" meaning "an attack is highly likely". The next (and also the highest) level is "Critical" meaning "an attack is expected imminently". If it gets that far, you might want to avoid crowded places like supermarkets.

So if you want to fill up your stock in a panic, the right moment would be now...

FinJanuary 10, 2007 9:06 AM

Bac, tinyurl is not for the paranoid. It is not readily apparent where you'll end up when clicking the link and the target may not be 'work safe'. That said I use it quite a bit and they have a preview feature on thier site.

regards,

Fin

DJanuary 10, 2007 9:32 AM

@Fin

so use http://preview.tinyurl.com/ , or add the 'preview.' before any tinyurls you come across. At the least, you can preview the actual link. Your NSFW comment applies to *any* link - do you trust the word of someone random on a public message board about whether their long link is SFW?

SteveJanuary 10, 2007 9:33 AM

Anyone who actually believes in the MI5 threat level probably deserves whatever they get in terms of spoof email alerts.

The Home Secretary, John Reid, stated in December that an attempted terrorist attack in the UK over Christmas was "highly likely": http://www.google.com/search?...

Since there wasn't one, I think Bayes' Theorem tells us that it is "highly likely" that Reid, and hence also MI5, either don't know what they're talking about, or else were lying.

Rainer OtsJanuary 10, 2007 11:14 AM

All those terror alert levels etc. remind me of a mother trying to get her child to bed/school/etc.
Like:
"Johnny, I will count to 3 now, and then you'll do it !
One...... Two .... Two and a half .... 2,75 .... "
Basically everyone wants to raise the alert level so when something happens they could say "I told you", but since raising it to maximum too often is not a good idea, it kind of fluctuates somewhere near the top.
I wonder when new levels are invented .... like "Very Critical", "Extremely Critical", "Critical, and I do mean it ! "....

PaulJanuary 10, 2007 11:34 AM

Do they increase the terror alert level before the director makes a speech?

I can see how that might be useful.

Everything else, bleh.

another_bruceJanuary 10, 2007 11:42 AM

surely a vista machine running nsa code can stop an mi5-spoof email. coming soon to your box: spy versus spy!

gfujimoriJanuary 10, 2007 12:28 PM

There's got to be some sort of math formula here...

It would have to include something about stupidity approaching infinity and multiplied by FUD equals waste times hysteria, so that hysteria becomes infinite given a limit on waste. I need to spend some time working this out - the proof alone could be great.

Many office workers in NYC were hysterical about the stink the other day. People are no longer just afraid of being blown up - they're now afraid of being "stunk to death." This is how far it's come: a sad state of affairs indeed.

RoyJanuary 10, 2007 1:36 PM

Presumably, when the 'Terrist' color code went to red, the system would flood the internet with identical messages bound for all IP address in the UK.

Hopefully, antispam software would intercept all of these and scram the spam.

Still, it would cause a general DoS, would it not?

Davi OttenheimerJanuary 10, 2007 6:20 PM

"...not necessarily that much information on the website about how you should act and how you should respond..."

Therein lies the real issue. MI5 should be trying to answer the "difficult question" of what to do with information about threats, and resist the easy path of spreading FUD.

Dave WalkerJanuary 11, 2007 4:45 AM

While this may well be security theatre from the perspective of "being seen to be doing something", it does give MI5 a database of the email addresses of the folk who are most paranoid about terror alerts. I have no idea how useful such a thing might be, but..

Felix DzerzhinskyJanuary 11, 2007 8:54 AM

MI5 e-mail alert signup shambles - all email subscription web forms sent to the USA, without encryption

See Spyblog:

http://p10.hostingprod.com/@spyblog.org.uk/blog/...


"Astonishingly, MI5, the Security Service, part of whose remit is supposed to be giving protection advice against electronic attacks over the internet, is sending all our personal details (forename, surname and email address) unencrypted to commercial third party e-mail marketing and tracking companies which are physically and legally in the jurisdiction of the United States of America, and is even not bothering to make use of the SSL / TLS encrypted web forms and processing scripts which are already available to them."

SARAHMay 21, 2007 5:04 PM

MY NAME IS SARAH , I EXPORT TRUCKS ALL OVER THE WORLD,, i do get alot of those check from nigeria you all now that scam, i just throw them away
but today, i got a large check ,, and
it came from london the directions said to wire this money to a forien group in san fransisco, which is not typcle, money
scam, makes me wonder if this foriegn group in san fransisco is planing something, i'm going to turn the info to FBI WHAT DO YOU THINK,, I THINK SOMETHINGS UPP

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..