Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Plastinated Squid |
| Church's Pastor Is an ID Thief »
March 31, 2008
N-DEx National Intelligence System
An article from The Washington Post:
Federal authorities hope N-DEx will become what one called a "one-stop shop" enabling federal law enforcement, counterterrorism and intelligence analysts to automatically examine the enormous caches of local and state records for the first time.
The expanding police systems illustrate the prominent roles that private companies play in homeland security and counterterrorism efforts. They also underscore how the use of new data -- and data surveillance -- technology to fight crime and terrorism is evolving faster than the public's understanding or the laws intended to check government power and protect civil liberties, authorities said.
Three decades ago, Congress imposed limits on domestic intelligence activity after revelations that the FBI, Army, local police and others had misused their authority for years to build troves of personal dossiers and monitor political activists and other law-abiding Americans.
Since those reforms, police and federal authorities have observed a wall between law enforcement information-gathering, relating to crimes and prosecutions, and more open-ended intelligence that relates to national security and counterterrorism. That wall is fast eroding following the passage of laws expanding surveillance authorities, the push for information-sharing networks, and the expectation that local and state police will play larger roles as national security sentinels.
Law enforcement and federal security authorities said these developments, along with a new willingness by police to share information, hold out the promise of fulfilling post-Sept. 11, 2001, mandates to connect the dots and root out signs of threats before attacks can occur.
Posted on March 31, 2008 at 6:13 AM
• 23 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
As I said just a few days ago,
In the past a surveillence society was limited by the cost of performing the surveilance in terms of manpower and the cost and limitations of technology and the people being watched.
The "survailance operatives" where required because in the past people commited little to paper let alone any form of searchable technology, and getting a record of the spoken word was often exceptionaly difficult.
Now however the less cautious of the populace commit just about every aspect of their lives to searchable technology. And unfortunatly the rest of us are effectivly forced to commit more and more information to searchable technology as the price of trying to live normal lives.
Worse the equation is continuously changing, the cost of technology halves every 12-20 months and has now dropped so far that manpower is nolonger a consideration except for development and enforcment.
The technology has replaced the survailance operatives not just because it costs less, but the usage of searchable media for record keeping and everyday communication gives it a very significant advantage.
To make things worse the technology is now so cheap that we are at a point where peoples entire lives are so cheap to record that marketing organisations will give virtualy unlimited storage access apparently for free just to get their hands on peoples lives. Be it by writen word, spoken word or photographs and other visual medium, even your once intangable prefrences and choices are laid bare via web search and page visits (and times between page views).
The question is when is it going to stop?
And don't think voting for a different party is going to stop it any time soon as this sort of thing has developed it's own momentum, based on the old "better to be safe than sorry" attitiude with the usual "if you knew what we know" argument from the recepients of you hard earned tax money.
It would also be nice to think it was only a U.S. problem but it's not in the U.K. it is probably worse but the public ae less interested in making a noise about it...
I'd like to post a correction, based on the past performance (rather than wishful thinking):
"Federal authorities hope N-DEx will become what one called a "one-stop shop" enabling federal law enforcement, counterterrorism and intelligence analysts to automatically [lose] the enormous caches of local and state records for the first time[, exposing virtually everyone to identity theft, as well as allowing unscrupulous law enforcement officials to use gathered data to intimidate anyone they wish.]"
My rationale for thinking this:
1) Consistent low grades on data safety practices from recent audits
2) FBI NSL abuses.
People ask me why I think having major databases at Homeland Security is a bad idea. I respond with: "They had this sort of database, although compiled manually, at the KGB and the East German Secret Police. You know what *they* did - or some of it - with that data. What do you think will happen with our data? What if one officer with access to that data became more loyal to, say, the KKK? How would you feel then?"
OTOH, the databases exist. I have no idea how you'd stop it.
roxanne, you could run a fake data campaign directed at domestic intelligence gathering sources. Create masses of fake profiles on the Internet, have them say things that the police want to hear, making sure you use tor and other encryption. Much of the time police intelligence is different to police case work, police intel is run not only off the web, but also off citizen call in phone numbers that allow callers to be anonymous.
If we fill their lower echelons with waves of crap, then what good is their information?
Clive, I don't really agree that the core of the problem is the falling cost of pervasive surveillance. That is at best an aggravating factor. The core of the problem is the nexus of public fear and amnesia.
Fear (largely the irrational variety) of terrorism, which our government has done it's level best to amplify, is causing people to demand that the Feds take action --- any action --- to protect them from terrorists at any cost.
Amnesia prevents the public from recalling what happened between 1930 and 1970, when the Feds could freely monitor anyone they deemed a threat. J. Edgar Hoover is not a household name any more, and a rosy glow surrounds most biographic material about Richard Nixon. Our national close shave with political/ideological policing apparently taught us nothing.
The problem is political, not technical. A cowed, scared, and militantly ignorant polity cannot learn from its past, and is therefore doomed to repeat it. Probably not as comedy, either.
"Nearly every state and local jurisdiction has its own guides for these new systems, rules that include restrictions intended to protect against police intrusiveness, authorities said. The systems also automatically keep track of how police use them."
Yup, and just how long do you think that will last?
"I don't really agree that the core of the problem is the falling cost of pervasive surveillance. That is at best an aggravating factor. The core of the problem is the nexus of public fear and amnesia.
My "core point" about resource cost was why it was possible now and had not happened previously.
The "political imperative" for wholesale survaillence has always been with our "politcal lords and masters" that has not changed. You only need to think back to the Nazi's marking voting papers with milk, the brown shirts and the SS, through Stalin's not so little purges on to J Edgar Hoover and friend(s), Tricky Dicky Nixon etc.
The reason for the "political imperative" might have differed in each case put the imperative was always there. The only thing stoping it was that previously it was just not practicaly possible due to cost to maintain wholesale surveillance.
One of the reasons that the old eastern block countries failed was that they could not afford the cost of watching the people.
Once you started wholesale survaillence previously there was only two possible final outcomes,
1) you bankrupt the country,
2) those watched revolt and depose you.
In the later case sometimes it was bloodless and in others it was most definatly not.
However the cost of technology (or the lack of it) has changed the equation and now there may be more than the above two outcomes.
And the drive towards these universal databases was not actually down to "political imperative" but down to the largest industry in the world "marketing".
You could argue (reasonably) that free market economics has been responsible for producing the technology to "enslave us all" by removing our freedom of choice not just for purchasing but politicaly as well.
Do law enforcement agencies have the resources to follow up on the millions of false positives such a system inevitably will produce?
Perhaps the greatest of the Bush administration's numerous failings is their complete inability to plan for the consequences of their actions. The Iraqi civil war is the best example, but there's also last year's passport fiasco and this year's naturalization backlog.
"Do law enforcement agencies have the resources to follow up on the millions of false positives such a system inevitably will produce?"
No. Nor will they even attempt to. This is not about stopping "terrorism".
This is about collecting information. Just collecting information. At the largest / fastest rate possible.
Knowledge is power.
The people in power want to STAY in power. They want to have the information about OTHER people.
If it comes to collecting information about themselves ... just look at the White House email scandal.
The question is, are there more terrorists in our country ... or more people in our government and law enforcement agencies who would abuse this information.
Great. Now every police jurisdiction in the country can learn that Greenpeace is a dangerous terrorist organization. And add their own local groups to the national list. People don't need to spoof profiles to make a mess of this database; petty officials will do it themselves.
the FBI started collecting intelligence on every person who ran for any office in the US so that they could have blackmail to use when the time came. that when on for decades under the corrupt John edgar Hoover. The files were "lost" the day he died, there are various theories on who got them, the israelis seem to own our politicians now but that may be because they tap all the phones. An israeli company has a contract from the FBI to monitor all phone subscriptions in the US for billing records. The data goes to tel aviv before it gets to the FBI in fact they are monitoring more americans in tel aviv than the feebs are monitoring here. they need to know your political views.
If we could just force a law through or instill a campaign tradition that would require all political candidates to reveal all the information concerning themselves in systems like these to public scrutiny when running for office, I imagine they would quickly loose their appeal. If the government wants this level of information on all the people, the people should insist on a little quid pro quo.
> militantly ignorant polity
Nicely put. I nominate this for phrase of the week.
This comment is beyond chilling:
"Authorities are aware that all of this is unsettling to people worried about privacy and civil liberties. Mark D. Rasch, a former federal prosecutor who is now a security consultant for FTI Consulting, said that the mining of police information by intelligence agencies could lead to improper targeting of U.S. citizens even when they've done nothing wrong."
So -- this initiative will inevitably lead to the TARGETING of US citizens who've done nothing wrong? Terrific!
This could be a good thing for law enforcement. Here in Minnesota, we've had problems with police in one county not knowing a person was wanted in another county ("wanted" as in there was a warrant for arrest out).
However, for intelligence and counterintelligence, it appears to me that there are two possibilities.
1. There is no good information on the system, and its sole use will be to harass innocent people.
2. There is good information on the system, and every competent group of spies or terrorists gets their own entry into the system, and follows what the FBI et al. know about them.
Any speculation about which is the worse idea?
Even if you assume that the database will be used only for a narrow set of legal and ethical tasks, well within the bounds of law enforcement and national security...
putting all that data in one place means that one good security breach could have much more severe consequences. They would have data on nearly every citizen in one location.
So an attacker would have greater incentive to mount a more expensive and time-consuming attack, one that would be more likely to succeed.
You've changed the ratio of cost of attack versus value of target to favor the attacker.
Methinks Frank has nailed it!
We're not to worry if personal information is in small discrete electronic files that don't compose a fat paper dossier in a manila folder, right? We're not electronically “dossiered” unless a data key (e.g., one's SSN or driver's license number) is entered and all the cross-referenced files come together and sprout a profile and announce any applicable alerts, right, which wouldn't just happen to an upstanding citizen, would it?
All of this stirs from our caveman skillz applied in the information age. This type of problem has occured in the past and it should not surpise anyone that it will reoccur in the future.
There is an assumption here that needs to be challenged.
Since those reforms, police and federal authorities have observed a wall between law enforcement information-gathering, relating to crimes and prosecutions, and more open-ended intelligence that relates to national security and counterterrorism.
Terrorism belongs on the law-enforcement side of the wall, not the national security side. There does need to be some coordination, simply because the people who have committed these acts in the past have operated both inside and outside of this country, but drug smugglers have done that for years. These acts are simple crimes, and the perpetrators are common criminals, and they should be treated as such by this country.
sedgequill, if I thought you really believed that sheeple shit, I would drop a dime and have ya put on the big list.
they'll put a probe up yer backside next time you step into an airport. :~}
Google for "COPLINK"
These days, I bet everyone has a file by default, the smaller yours is, the more they may want to gather information on you.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.