False Positives and Ubiquitous Surveillance

Searching on Google for a pressure cooker and backpacks got one family investigated by the police. More stories and comments.

This seems not to be the NSA eavesdropping on everyone's Internet traffic, as was first assumed. It was one of those "see something, say something" amateur tips:

Suffolk County Criminal Intelligence Detectives received a tip from a Bay Shore based computer company regarding suspicious computer searches conducted by a recently released employee. The former employee’s computer searches took place on this employee’s workplace computer. On that computer, the employee searched the terms "pressure cooker bombs" and "backpacks."

Scary, nonetheless.

EDITED TO ADD (8/2): Another article.

EDITED TO ADD (8/3): As more of the facts come out, this seems like less of an overreaction than I first thought. The person was an ex-employee of the company -- not an employee -- and was searching "pressure cooker bomb." It's not unreasonable for the company to call the police in that case, and for the police to investigate the searcher. Whether or not the employer should be monitoring Internet use is another matter.

Posted on August 2, 2013 at 8:03 AM • 32 Comments

Comments

Nathan GilliattAugust 2, 2013 8:20 AM

I suppose this is what happens when ordinary household items are transformed into dual-use technologies. The false positives risk multiplies.

Clive RobinsonAugust 2, 2013 8:46 AM

The problem with looking at other peoples searches is that it does not actually show the state of mind behind the search. Also in reality prior to any further activity by the individual the searches are not even "circumstantial evidence".

But in this case of more intrest is it's still not clear "which agency" visited.

And also the back peddling by other agencies, makes me wonder just how much of a "pigs breakfast" these investigations realy are.

Also the comment about the number of visits, if they are doing 100 visits a week that's atleat fourteen a day or if these guys work 35hour weeks around 20mins each including driving time...

Basicly it all sounds like "Amature Hour" down at the local stand up commic club.

bcsAugust 2, 2013 8:49 AM

@Jimux: read the artical.

Doing internet searching *did* get them investigated by the police, but it was spotted because their *employer* was doing surveillance of an employer issued computer. Nothing much Google (or anyone) can do when the system admin installs the equivalent of a key-logger.

QnJ1Y2UAugust 2, 2013 8:56 AM

@Clive

The '100 visits' comment was pretty vague about who was doing the work - could've been more than just the one team that was involved. And given how much was garbled in transmission on this story, I'd be surprised if the time frame or the count were accurate.

paulAugust 2, 2013 9:04 AM

Maybe in some ways more scary. Google and the FBI couldn't really care less about most people, except insofar as they ping some kind of profile (which may be good or bad). But I haven't been in any workplace where there hasn't been at least one person the IT or HR department didn't like.

Nicholas WeaverAugust 2, 2013 9:09 AM

Actually, I find it far from scary once the truth came out about what triggered the police response.

1) The police did not do a swat raid or the like (unlike the very deceptive photo on the Atlantic article), but just a more casual drop-by questioning.

2) The search triggering this was not "pressure cooker" but rather "pressure cooker bomb". There is a huge difference between those two searches.

3) The work computer being searched which triggered it was now owned not by a current employee, but an ex-employee.

Once an employee is now an ex-employee, the level of trust allowed goes way down, and the employer is also no longer in a position to ask questions internally like "Hey bill, why are you searching for X" with a response of "hey, it was all over CNN and I was curious" and then "yeah, ok, thanks".

I would hope that, if you were observing an EX-employee's searches, and you saw such searches in the history, you'd forward it to the cops. This is a quite reasonable example of where "say something" actually is the right answer.

CamillaAugust 2, 2013 9:11 AM

We don't actually seem to know whether the employer went through the web history to find grounds for firing... or whether they fired him for cause, and went through the web history afterwards.

If it's the latter, they might have been thinking "whoa, this guy's scary, wonder if he's going to come back with a gun..." and the "and he was searching for pressure cooker bombs" was them building a case (looking for justification) for involving the police.

Nicholas WeaverAugust 2, 2013 9:15 AM

That "100 visits a week" is such obvious hyperbole that got lost in being relayed from police to husband to wife to print.

Its clearly the officer griping that "yeah, we get a ton of such reports, and they are almost always false positives". To take that "100 visits a week" literally would be ridiculous: Given 6 officers for the visit, at least an hour of time, that workload would require a dozen+ detectives.

CamillaAugust 2, 2013 9:22 AM

Also, if an NPR interviewer asked a guest what quinoa is, I wouldn't actually assume they don't know. Same thing for police officers - being pleasantly ignorant and letting the subject educate you is a solid interview technique.

unknown.soldierAugust 2, 2013 9:22 AM

Not surprising to see this story had some bunk to it. If this was happening, as it was presented, there would be videotape. There would be many other reports. I am surprised the story was not completely made up, and was disappointed to see the Guardian print it. (For the above factors, basically, you need more then one source for any story.)

However, I also reasoned that the story was good to print - as they probably did as well - because it shows what sort of future people are looking at.

None of this means the real and more pressing threats of a surveillance state are being exposed or even talked about. Besides from what Tice and some other more high level whistleblowers have mentioned.

Namely, freedom and surveillance state do not go together. If the politicians are under surveillance, they are under control by those who surveil them.

This compromises the entire system. And there are no safeguards against it.

If you are a government worker, you may reflexively say, "Oh pooh, no, it is all totally good, legit, safeguarded, and...". Because you know you know everyone who works for your government. You have clearance and have secrets. You trust Obama and the intel leaders know everything and are in total control.

But, above all, you know if you have any other opinion, your job and your liberty will be in trouble. Because the further in you are, the more likely you are to understand you may be under surveillance 24.7 and can never safely assume otherwise.

So what else can you do but sing this song. Why have troubling thoughts when you can't ever say anything, anywhere, safely?

Snowden was singing this song, as ARS pointed out. (And who would have known ARS had him effectively under surveillance way back then.) He said leakers should be shot in the balls.

He was you.

Fact is, of course, you can expect that someone does watch the watchmen -- and who people are calling the watchmen are by no means the watchers, anyway.


LPAugust 2, 2013 9:36 AM

Thing is, the ex-employee could have just been reading about the bombing in Boston and looking for info. Personally I've searched for the same during and even after the event just to gain perspective of what happened. This is ridiculous and exactly why our government should not be profiling us in this way!

Nicholas WeaverAugust 2, 2013 9:58 AM

One other note, the husband had "lost his job". So this was not the case of an ex-employee just moving on to greener pastures, but an ex-employee who was terminated from his position.

It would be negligent for the employer, upon discovering the ex-employee's search history, to not contact the police under the circumstances with a "Its probably nothing, but..."

unknown.soldierAugust 2, 2013 10:40 AM

@Nicholas Weaver

It would be negligent for the employer, upon discovering the ex-employee's search history, to not contact the police under the circumstances with a "Its probably nothing, but..."

True, though this could be said for every person on the planet. Everyone says and does things which could be misconstrued by someone who is out of the context but listening in.

No new concept, there is even a line in Proverbs on this.

Fuel of countless sitcoms.

Also true that this kind of monitoring is what the free world is headed to. The Aurora killer, the Connecticut killer, the 911 terrorists -- they could be your grandmother or mom. Who knows? The Boston Bombers, they were just anybodies.

Best to just "just trust God and monitor everyone else". If in doubt, lock em up!

(Sarcasm in the last two paragraphs. Sarcasm does not translate well to morality police, so we should have to note these things.)

paulAugust 2, 2013 10:49 AM

The focus on job loss seems overblown to me. If they had been fired for some very clear infraction, maybe (or maybe not), but in the current economy people get terminated every day because the company is downsizing, because someone has a headcount to make, because a project is over, because they've come to a parting of the ways, or just because.

You may have read that being currently unemployed is considered a disqualification for even considering an applicant by many HR departments around the country. Now it's a sign that someone may be considering a terrorist attack?

IRSAugust 2, 2013 11:08 AM

How many millions of Americans googled "pressure cooker bomb" after the Boston bombings? How many intended to make one? Following up leads with these odds just takes time away from productive counterterrorism work, and it is thus the responsibility of the police to filter the reasonability of tips they receive.

To add to the security theatre of it all, the police did not actually verify that the family was not a threat: someone who intends to make a bomb can say "I was just curious" as easily as someone who did not.

FigureitoutAugust 2, 2013 12:42 PM

makes me wonder just how much of a "pigs breakfast"..
Clive Robinson
--Yet another double entendre sir? Ladies aren't allowed non-see-thru purses now at NFL games (need your plastic baggie so I can check out your tampons and feminine hygiene products lol) and other sporting events they are limiting backpacks, fannie-packs, and coolers. We're not afraid! Lol, get real.

KenAugust 2, 2013 1:05 PM

HERE's what you do if you visit any websites you think might be incriminating to someone: SPAM'm in the name of helping them.

1. E-mail the local, state and federal police forces that might conceivably have jurisdiction (include the NSA, etc. public affairs or other publicly available accounts) with a brief explanation...given'm a "heads up" & "don't worry it's all benign" sort of single sentence clarifying note. Quickly pasting representative websites into a pending e-mail while surfing the web is easy & almost effortless & instantaneous (once you make the effort & get the rhythm going), so this turns out to be surprisingly easy to do!

2. Get everyone you know to do the same thing.

That should gum up their works--and since we know they're watching us anyway, this is, truly, helpful and they have no position to complain -- like leaving the curtains & blinds open when we know they're outside watching in person. Right?

NobodySpecialAugust 2, 2013 1:15 PM

@Camilla - by the same standards we don't know if he really DID search for them.
If an employer wants to get rid of an employee but can't (in their jurisdiction) then logging certain phrases from their computer in the proxy log would be a good way to do it - not exactly difficult to edit a log file


willyAugust 2, 2013 1:29 PM

Security, paranoia, and plain 'ol fear translates all over the place in the current environment. Having a yard sale this weekend, found an old pressure cooker from my parents house, and actually stopped to consider if I should sell it or simply throw it away or crush it.
Beginning to wonder if all the "net watch", phone records,
"meta-blah-blah" isn't in itself a form of terrorism....oh, my, don't go there.

eindgebruikerAugust 2, 2013 2:12 PM

And now for the common sense question: would a terrorist do research from his personal computer at work?

SomebodyAugust 2, 2013 3:10 PM

Cardinal Richelieu is famously quoted as saying "Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him."

It seems to me that we can go in two different directions from here. The first is to ignore any evidence presented by Richelieu, since he has declared he has no interest in reality. The second is to realize that everyone has written at least six lines, so we can hang them without waiting for Richelieu's interpretation. In either case we can ignore Richelieu as his pitiful existence adds nothing.

So why does everybody keep paying attention to the Cardinal Richelieus?

G van GrijnenAugust 2, 2013 4:25 PM

Reading the article I had to laugh. Just like the husband who saw himself surrounded by six cops.

An employer clicks on the google searchbar of a former employee, gets suspiscious - it was just after the Boston Bombing - and makes a phonecall to the police.

The police was slow to react.

Nevertheless they decided to pay the suspect a visit.

But within 15 minutes after their arrival the whole thing was sorted out.

This didn't scare me.

What did scare was a tiny message of the FBI.

That the Boston Bombing couldn't have be prevented.

That in spite of warnings out of Russia about the perpetrators , in spite of the all the eavesdropping, and in spite of the titanic surveillance state we are living under today, the FBI couldn't find anything wrong with them.

We have created a potential police state and at the same time we cannot catch terrorists.

It seems to me, we are living in the worst of both worlds.

alizardxAugust 2, 2013 6:49 PM

Ask anyone currently employed as an East German head of state how well the STASI ubiquitous surveillance model works to keep a bad government in power ... never mind, you can't.

The problem with a surveillance system that generates abundant false positives from the POV of its owners is that the real threats get lost in the false positive noise. IMO, it's a problem that has to be fixed with actual HUMINT, not better algorithms, no matter how many government rice bowls it fills and contracts to politically connected corporations and think tanks doing it wrong generates.

scandinavianpirateAugust 2, 2013 6:57 PM

"If the politicians are under surveillance, they are under control by those who surveil them."

Exactly. Politicians then basically become puppets. First unapproved policy they try and pull - the surveillers will take them down, because no one is really clean. New politicians who are unfit ( according to the surveillers ) are never allowed to get any power, they will be socially excluded by spreading rumors about whatever mistakes they've done, and if they really haven't done anything unlawful at all... the rumors will probably be about whatever smutty porn they have been surfing online or something else shameful which would undermine their chances to do politics.

If the surveillance becomes too rampant, the politicians will become a tool for the NSA, and not the other way around.

But the same can be used in corporate settings too. An entrepreneur can be excluded by same methods so no one dares to do business with him. Great for big establieshed business who want to keep challengers in check.

scandinavianpirateAugust 2, 2013 7:23 PM

Oh what the fuck... you can kill many more people than the Boston bombings by driving a car fast into a crowded street say for instance a week before christmas. Whatcha gonna do to prevent that? Revoke everyone's drivers license?? What if I google "cheap second hand car" will that make me a suspect?

The types of systematic harrassment that surveillance allows for will definitely create many more terrorists than it catches.

unknown.soldierAugust 3, 2013 9:54 AM

@scandinavianpirate

"But the same can be used in corporate settings too. An entrepreneur can be excluded by same methods so no one dares to do business with him. Great for big establieshed business who want to keep challengers in check."

This is what interests me, once you have surveillance, besides locking people up, how do you not use that information. Hoover did use this to control politicians, and he got away with it for decades right in a free world country.

Surveillance is used in these ways in totalitarian countries routinely, and there are many now declassified stories about how surveillance has been used in spy wars through history -- the XX program, and the like of WWII are especially good points.

There are many cases also of how surveillance is used by private citizens to bad, and how cops have use surveillance data in investigations.

With totalitarian nations, the government owns the companies, so I see that factor of commercial espionage very real. We have seen it with China. We are not real sure on how they have used all of that information they have siphoned, yet.

I would be very surprised if economic control is not exerted likewise for large and small corporations by the US and other free countries.

It does destroy any possibility of fair and open competition in either commerce or politics.

Probably a main factor in people thinking this is not so much a threat is not that they trust the moral spine of people enacting surveillance, but that people tend to be bad at keeping secrets. But this really is simply nonsense, people are very good at keeping secrets if they believe they have to keep them.

unknown.soldierAugust 3, 2013 10:13 AM

@scandinavianpirate

The types of systematic harrassment that surveillance allows for will definitely create many more terrorists than it catches.

That systematic harassment is across the world already. Even small cases can make it stronger. In a flash, everyone is already in a world where they have to watch what they think and what they say. Already everyone they talk to may be an informer. And already they can assume anywhere they write may be tapped.

There is a myth of anonymity. Take this site. Unless you are using something like Tor, it is not hard to see who is who by IP address if you have the upstream which the governments do.

Not to say what you probably already agree with, but the fact is: all of these security moves only increase the threat. Building up the war machine -- other nations see this as a real threat. Invading other countries -- increases the threat. Overthrowing nations -- increases the threat.

Problem is the threat is part of the war machine's business model. More threat, more business. More terrorism, more business.

They can say, "Oh a good soldier would rather not be a soldier". Then quit. Not happening. No, they do not want to lose their jobs, and they want more power. I am sure there are some noble exceptions to this rule, but the general principle remains the same.

If the US, for instance, were to try and dismantle their military machine, a lot of people would be without jobs. A lot of companies, many now very big and scary would be defunct.

It is crack.

The ball has been rolling since WWI and it not stopping. The momentum it now has is massive. It is big, always getting bigger, and rolling far faster then anything else.


The song in, especially, the US.... is military, intelligence, law enforcement is heaven. More like Rome. Everybody still actually thinks that they are all about fighting "evil", that they are good people "serving" the people.

Not much different, I suppose, then how scandavian pirates, for instance, were viewed, probably. Not much different then how Rome viewed it, probably.

Problem is there aren't bad guys. There are just guys who are not you. They are as bad as you.

The apache copter leak is a great example of this. Mowing down reporters, mowing down children, and laughing about it.

That is worse behavior then what you see with the worst serial killers, and worse behavior then what you see with the worst of organized crime.


cakmplsAugust 3, 2013 11:12 AM

To me the most disturbing thing is that her husband let the police into the house and consented to a search WITH NO WARRANT.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..