Entries Tagged "intelligence"

Page 24 of 24

Ex-MI5 Chief Calls ID Cards "Useless"

Refreshing candor:

The case for identity cards has been branded “bogus” after an ex-MI5 chief said they might not help fight terror.

Dame Stella Rimington has said most documents could be forged and this would render ID cards “useless”.

[…]

She said: “ID cards have possibly some purpose.

“But I don’t think that anybody in the intelligence services, particularly in my former service, would be pressing for ID cards.

“My angle on ID cards is that they may be of some use but only if they can be made unforgeable – and all our other documentation is quite easy to forge.

“If we have ID cards at vast expense and people can go into a back room and forge them they are going to be absolutely useless.

“ID cards may be helpful in all kinds of things but I don’t think they are necessarily going to make us any safer.”

Posted on November 18, 2005 at 6:48 AMView Comments

FBI Abuses of the USA Patriot Act

Since the Patriot Act was passed, administration officials have repeatedly assured the public and Congress that there have not been improper uses of that law. As recently as April 27, 2005, Attorney General Alberto Gonzales testified that “there has not been one verified case of civil liberties abuse.”

However:

Documents obtained by EPIC from the FBI describe thirteen cases of possible misconduct in intelligence investigations. The case numbering suggests that there were at least 153 investigations of misconduct at the FBI in 2003 alone.

These documents reveal that the Intelligence Oversight Board has investigated many instances of alleged abuse, and perhaps most critically, may not have disclosed these facts to the Congressional oversight committees charged with evaluating the Patriot Act.

According to The Washington Post

In one case, FBI agents kept an unidentified target under surveillance for at least five years—including more than 15 months without notifying Justice Department lawyers after the subject had moved from New York to Detroit. An FBI investigation concluded that the delay was a violation of Justice guidelines and prevented the department “from exercising its responsibility for oversight and approval of an ongoing foreign counterintelligence investigation of a U.S. person.”

In other cases, agents obtained e-mails after a warrant expired, seized bank records without proper authority and conducted an improper “unconsented physical search,” according to the documents.

Although heavily censored, the documents provide a rare glimpse into the world of domestic spying, which is governed by a secret court and overseen by a presidential board that does not publicize its deliberations. The records are also emerging as the House and Senate battle over whether to put new restrictions on the controversial USA Patriot Act, which made it easier for the government to conduct secret searches and surveillance but has come under attack from civil liberties groups.

EPIC received these documents under FOIA, and has written to the Senate Judiciary Committee to urge hearings on the matter, and has recommended that the Attorney General be required to report to Congress when the Intelligence Oversight Board receives allegations of unlawful intelligence investigations.

This week marks the four-year anniversary of the enactment of the Patriot Act. Does anyone feel safer because of it?

EDITED TO ADD: There’s a New York Times article on the topic.

Posted on October 25, 2005 at 7:09 AMView Comments

Security Lessons of the Response to Hurricane Katrina

There are many, large and small, but I want to mention two that I haven’t seen discussed elsewhere.

1. The aftermath of this tragedy reflects on how poorly we’ve been spending our homeland security dollars. Again and again, I’ve said that we need to invest in 1) intelligence gathering, and 2) emergency response. These two things will help us regardless of what the terrorists are plotting, and the second helps in the event of a natural disaster. (In general, the only difference between a manmade disaster and a natural one is the cause. After a disaster occurs, it doesn’t matter.) The response by DHS and FEMA was abysmal, and demonstrated how little we’ve been getting for all our security spending. It’s unconscionable that we’re wasting our money on national ID cards, airline passenger profiling, and foreign invasions rather than emergency response at home: communications, training, transportation, coordination.

2. Redundancy, and to a lesser extent, inefficiency, are good for security. Efficiency is brittle. Redundancy results in less-brittle systems, and provides defense in depth. We need multiple organizations with overlapping capabilities, all helping in their own way: FEMA, DHS, the military, the Red Cross, etc. We need overcapacity, in water pumping capabilities, communications, emergency supplies, and so on. I wrote about this back in 2001, in opposition to the formation of the Department of Homeland Security. The government’s response to Katrina demonstrates this yet again.

Posted on September 6, 2005 at 12:15 PMView Comments

Unintended Information Revelation

Here’s a new Internet data-mining research program with a cool name: Unintended Information Revelation:

Existing search engines process individual documents based on the number of times a key word appears in a single document, but UIR constructs a concept chain graph used to search for the best path connecting two ideas within a multitude of documents.

To develop the method, researchers used the chapters of the 9/11 Commission Report to establish concept ontologies – lists of terms of interest in the specific domains relevant to the researchers: aviation, security and anti-terrorism issues.

“A concept chain graph will show you what’s common between two seemingly unconnected things,” said Srihari. “With regular searches, the input is a set of key words, the search produces a ranked list of documents, any one of which could satisfy the query.

“UIR, on the other hand, is a composite query, not a keyword query. It is designed to find the best path, the best chain of associations between two or more ideas. It returns to you an evidence trail that says, ‘This is how these pieces are connected.'”

The hope is to develop the core algorithms exposing veiled paths through documents generated by different individuals or organisations.

I’m a big fan of research, and I’m glad to see it being done. But I hope there is a lot of discussion and debate before we deploy something like this. I want to be convinced that the false positives don’t make it useless as an intelligence-gathering tool.

Posted on August 30, 2005 at 12:53 PMView Comments

Sandia on Terrorism Security

I have very mixed feelings about this report:

Anticipating attacks from terrorists, and hardening potential targets against them, is a wearying and expensive business that could be made simpler through a broader view of the opponents’ origins, fears, and ultimate objectives, according to studies by the Advanced Concepts Group (ACG) of Sandia National Laboratories.

“Right now, there are way too many targets considered and way too many ways to attack them,” says ACG’s Curtis Johnson. “Any thinking person can spin up enemies, threats, and locations it takes billions [of dollars] to fix.”

That makes a lot of sense, and this way of thinking is sorely needed. As is this kind of thing:

“The game really starts when the bad guys are getting together to plan something, not when they show up at your door,” says Johnson. “Can you ping them to get them to reveal their hand, or get them to turn against themselves?”

Better yet is to bring the battle to the countries from which terrorists spring, and beat insurgencies before they have a foothold.

“We need to help win over the as-yet-undecided populace to the view it is their government that is legitimate and not the insurgents,” says the ACG’s David Kitterman. Data from Middle East polls suggest, perhaps surprisingly, that most respondents are favorable to Western values. Turbulent times, however, put that liking under stress.

A nation’s people and media can be won over, says Yonas, through global initiatives that deal with local problems such as the need for clean water and affordable energy.

Says Johnson, “U.S. security already is integrated with global security. We’re always helping victims of disaster like tsunami victims, or victims of oppressive governments. Perhaps our ideas on national security should be redefined to reflect the needs of these people.”

Remember right after 9/11, when that kind of thinking would get you vilified?

But the article also talks about security mechanisms that won’t work, cost too much in freedoms and liberties, and have dangerous side effects.

People in airports voluntarily might carry smart cards if the cards could be sweetened to perform additional tasks like helping the bearer get through security, or to the right gate at the right time.

Mall shoppers might be handed a sensing card that also would help locate a particular store, a special sale, or find the closest parking space through cheap distributed-sensor networks.

“Suppose every PDA had a sensor on it,” suggests ACG researcher Laura McNamara. “We would achieve decentralized surveillance.” These sensors could report by radio frequency to a central computer any signal from contraband biological, chemical, or nuclear material.

Universal surveillance to improve our security? Seems unlikely.

But the most chilling quote of all:

“The goal here is to abolish anonymity, the terrorist’s friend,” says Sandia researcher Peter Chew. “We’re not talking about abolishing privacy—that’s another issue. We’re only considering the effect of setting up an electronic situation where all the people in a mall, subway, or airport ‘know’ each other—via, say, Bluetooth—as they would have, personally, in a small town. This would help malls and communities become bad targets.”

Anonymity is now the terrorist’s friend? I like to think of it as democracy’s friend.

Security against terrorism is important, but it’s equally important to remember that terrorism isn’t the only threat. Criminals, police, and governments are also threats, and security needs to be viewed as a trade-off with respect to all the threats. When you analyze terrorism in isolation, you end up with all sorts of weird answers.

Posted on April 5, 2005 at 9:26 AMView Comments

Technology and Counterterrorism

Technology makes us safer.

Communications technologies ensure that emergency response personnel can communicate with each other in an emergency—whether police, fire or medical. Bomb-sniffing machines now routinely scan airplane baggage. Other technologies may someday detect contaminants in our water supply or our atmosphere.

Throughout law enforcement and intelligence investigation, different technologies are being harnessed for the good of defense. However, technologies designed to secure specific targets have a limited value.

By its very nature, defense against terrorism means we must be prepared for anything. This makes it expensive—if not nearly impossible—to deploy threat-specific technological advances at all the places where they’re likely needed. So while it’s good to have bomb-detection devices in airports and bioweapon detectors in crowded subways, defensive technology cannot be applied at every conceivable target for every conceivable threat. If we spent billions of dollars securing airports and the terrorists shifted their attacks to shopping malls, we wouldn’t gain any security as a society.

It’s far more effective to try and mitigate the general threat. For example, technologies that improve intelligence gathering and analysis could help federal agents quickly chase down information about suspected terrorists. The technologies could help agents more rapidly uncover terrorist plots of any type and aimed at any target, from nuclear plants to the food supply. In addition, technologies that foster communication, coordination and emergency response could reduce the effects of a terrorist attack, regardless of what form the attack takes. We get the most value for our security dollar when we can leverage technology to extend the capabilities of humans.

Just as terrorists can use technology more or less wisely, we as defenders can do the same. It is only by keeping in mind the strengths and limitations of technology that we can increase our security without wasting money, freedoms or civil liberties, and without making ourselves more vulnerable to other threats. Security is a trade-off, and it is important that we use technologies that enable us to make better trade-offs and not worse ones.

Originally published on CNet

Posted on October 20, 2004 at 4:35 PMView Comments

1 22 23 24

Sidebar photo of Bruce Schneier by Joe MacInnis.