Entries Tagged "law enforcement"

Page 17 of 46

Three Emerging Cyber Threats

On Monday, I participated in a panel at the Information Systems Forum in Berlin. The moderator asked us what the top three emerging threats were in cyberspace. I went last, and decided to focus on the top three threats that are not criminal:

  1. The Rise of Big Data. By this I mean industries that trade on our data. These include traditional credit bureaus and data brokers, but also data-collection companies like Facebook and Google. They’re collecting more and more data about everyone, often without their knowledge and explicit consent, and selling it far and wide: to both other corporate users and to government. Big data is becoming a powerful industry, resisting any calls to regulate its behavior.
  2. Ill-Conceived Regulations from Law Enforcement. We’re seeing increasing calls to regulate cyberspace in the mistaken belief that this will fight crime. I’m thinking about data retention laws, Internet kill switches, and calls to eliminate anonymity. None of these will work, and they’ll all make us less safe.
  3. The Cyberwar Arms Race. I’m not worried about cyberwar, but I am worried about the proliferation of cyber weapons. Arms races are fundamentally destabilizing, especially when their development can be so easily hidden. I worry about cyberweapons being triggered by accident, cyberweapons getting into the wrong hands and being triggered on purpose, and the inability to reliably trace a cyberweapon leading to increased distrust. Plus, arms races are expensive.

That’s my list, and they all have the potential to be more dangerous than cybercriminals.

Posted on September 23, 2011 at 6:53 AMView Comments

Identifying Speakers in Encrypted Voice Communication

I’ve already written how it is possible to detect words and phrases in encrypted VoIP calls. Turns out it’s possible to detect speakers as well:

Abstract: Most of the voice over IP (VoIP) traffic is encrypted prior to its transmission over the Internet. This makes the identity tracing of perpetrators during forensic investigations a challenging task since conventional speaker recognition techniques are limited to unencrypted speech communications. In this paper, we propose techniques for speaker identification and verification from encrypted VoIP conversations. Our experimental results show that the proposed techniques can correctly identify the actual speaker for 70-75% of the time among a group of 10 potential suspects. We also achieve more than 10 fold improvement over random guessing in identifying a perpetrator in a group of 20 potential suspects. An equal error rate of 17% in case of speaker verification on the CSLU speaker recognition corpus is achieved.

Posted on September 16, 2011 at 12:31 PMView Comments

The Efficacy of Post-9/11 Counterterrorism

This is an interesting article. The authors argue that the whole war-on-terror nonsense is useless—that’s not new—but that the security establishment knows it doesn’t work and abandoned many of the draconian security measures years ago, long before Obama became president. All that’s left of the war on terror is political, as lawmakers fund unwanted projects in an effort to be tough on crime.

I wish it were true, but I don’t buy it. The war on terror is an enormous cash cow, and law enforcement is spending the money as fast as it can get it. It’s also a great stalking horse for increases in police powers, and I see no signs of agencies like the FBI or the TSA not grabbing all the power they can.

The second half of the article is better. The authors argue that openness, not secrecy, improves security:

The worst mistakes and abuses of the War on Terror were possible, in no small part, because national security is still practiced more as a craft than a science. Lacking rigorous evaluations of its practices, the national security establishment was particularly vulnerable to the panic, grandiosity, and overreach that colored policymaking in the wake of 9/11.

To avoid making those sorts of mistakes again, it is essential that we reimagine national security as an object of scientific inquiry. Over the last four centuries, virtually every other aspect of statecraft—from the economy to social policy to even domestic law enforcement—has been opened up to engagement with and evaluation by civil society. The practice of national security is long overdue for a similar transformation.

Maintaining the nation’s security of course will continue to require some degree of secrecy. But there is little reason to think that appropriate secrecy is inconsistent with a fact-based culture of robust and multiplicative inquiry. Indeed, to whatever partial extent that culture already exists within the national security establishment, it has led the move away from many of the counterproductive security measures established after 9/11.

Yet, in the ten years that Congress has been debating issues like coercive interrogation, ethnic profiling, and military tribunals, the House and Senate Intelligence committees, which have all the proper security clearances to evaluate such questions, have never established any formal process to consistently evaluate and improve the effectiveness of U.S. counterterrorism measures.

Establishing proper oversight and evaluation of the efficacy of our security practices will not come easily, for the security craft guards its claims to privileged knowledge jealously. But as long as the practice of security remains hidden behind a veil of classified documents and accepted wisdoms handed down from generation to generation of security agents, our national security apparatus will never become fully modern.

Here’s the report the article was based on.

Posted on September 2, 2011 at 1:34 PMView Comments

The Effects of Social Media on Undercover Policing

Social networking sites make it very difficult, if not impossible, to have undercover police officers:

“The results found that 90 per cent of female officers were using social media compared with 81 per cent of males.”

The most popular site was Facebook, followed by Twitter. Forty seven per cent of those surveyed used social networking sites daily while another 24 per cent used them weekly. All respondents aged 26 years or younger had uploaded photos of themselves onto the internet.

“The thinking we had with this result means that the 16-year-olds of today who might become officers in the future have already been exposed.

“It’s too late [for them to take it down] because once it’s uploaded, it’s there forever.”

There’s another side to this issue as well. Social networking sites can help undercover officers with their backstory, by building a fictional history. Some of this might require help from the company that owns the social networking site, but that seems like a reasonable request by the police.

I am in the middle of reading Diego Gambetta’s book Codes of the Underworld: How Criminals Communicate. He talks about the lengthy vetting process organized crime uses to vet new members—often relying on people who knew the person since birth, or people who served time with him in jail—to protect against police informants. I agree that social networking sites can make undercover work even harder, but it’s gotten pretty hard even without that.

Posted on August 31, 2011 at 6:21 AMView Comments

German Police Call Airport Full-Body Scanners Useless

I’m not surprised:

The weekly Welt am Sonntag, quoting a police report, said 35 percent of the 730,000 passengers checked by the scanners set off the alarm more than once despite being innocent.

The report said the machines were confused by several layers of clothing, boots, zip fasteners and even pleats, while in 10 percent of cases the passenger’s posture set them off.

The police called for the scanners to be made less sensitive to movements and certain types of clothing and the software to be improved. They also said the US manufacturer L3 Communications should make them work faster.

In the wake of the 10-month trial which began on September 27 last year, German federal police see no interest in carrying out any more tests with the scanners until new more effective models become available, Welt am Sonntag said.

However, this surprised me:

The European parliament backed on July 6 the deployment of body scanners at airports, but on condition that travellers have the right to refuse to walk through the controversial machines.

I was told in Amsterdam that there was no option. I either had to walk through the machines, or not fly.

Here’s a story about full-body scanners that are overly sensitive to sweaty armpits.

Posted on August 5, 2011 at 6:22 AMView Comments

Cryptography and Wiretapping

Matt Blaze analyzes the 2010 U.S. Wiretap Report.

In 2000, government policy finally reversed course, acknowledging that encryption needed to become a critical part of security in modern networks, something that deserved to be encouraged, even if it might occasionally cause some trouble for law enforcement wiretappers. And since that time the transparent use of cryptography by everyday people (and criminals) has, in fact, exploded. Crypto software and algorithms, once categorized for arms control purposes as a “munition” alongside rocket launchers and nuclear triggers, can now be openly discussed, improved and incorporated into products and services without the end user even knowing that it’s there. Virtually every cellular telephone call is today encrypted and effectively impervious to unauthorized over-the-air eavesdropping. Web transactions, for everything from commerce to social networking, are now routinely encrypted end-to-end. (A few applications, particularly email and wireline telephony, remain stubbornly unencrypted, but they are increasingly the exception rather than the rule.)

So, with this increasing proliferation of eavesdrop-thwarting encryption built in to our infrastructure, we might expect law enforcement wiretap rooms to have become quiet, lonely places.

But not so fast: the latest wiretap report identifies a total of just six (out of 3194) cases in which encryption was encountered, and that prevented recovery of evidence a grand total of … (drumroll) … zero times. Not once. Previous wiretap reports have indicated similarly minuscule numbers.

I second Matt’s recommendation of Susan Landau’s book: Surveillance or Security: The Risks Posed by New Wiretapping Technologies (MIT Press, 2011). It’s an excellent discussion of the security and politics of wiretapping.

Posted on July 27, 2011 at 2:10 PMView Comments

iPhone Iris Scanning Technology

No indication about how well it works:

The smartphone-based scanner, named Mobile Offender Recognition and Information System, or MORIS, is made by BI2 Technologies in Plymouth, Massachusetts, and can be deployed by officers out on the beat or back at the station.

An iris scan, which detects unique patterns in a person’s eyes, can reduce to seconds the time it takes to identify a suspect in custody. This technique also is significantly more accurate than results from other fingerprinting technology long in use by police, BI2 says.

When attached to an iPhone, MORIS can photograph a person’s face and run the image through software that hunts for a match in a BI2-managed database of U.S. criminal records. Each unit costs about $3,000.

[…]

Roughly 40 law enforcement units nationwide will soon be using the MORIS, including Arizona’s Pinal County Sheriff’s Office, as well as officers in Hampton City in Virginia and Calhoun County in Alabama.

Posted on July 26, 2011 at 6:51 AMView Comments

Members of "Anonymous" Hacker Group Arrested

The police arrested sixteen suspected members of the Anonymous hacker group.

Whatever you may think of their politics, the group committed crimes and their members should be arrested and prosecuted. I just hope we don’t get a media flurry about how they were some sort of cyber super criminals. Near as I can tell, they were just garden variety hackers who were lucky and caught a media wave.

EDITED TO ADD (7/19): I understand that the particular people arrested are innocent until proven guilty—hence my use of the word “suspected” in the first sentence—but there doesn’t seem any question that members of the group claimed credit for criminal cyber attacks. I suppose I could have said “the group allegedly committed crimes,” but that seemed overly cautious.

And yes, I agree that calling them a “group” is probably giving them more organizational credit than they have.

EDITED TO ADD (7/19): More news articles.

EDITED TO ADD (7/25): Last December, Richard Stallman wrote about the Anonymous group and their actions as a form of protest.

EDITED TO ADD (8/12): Department of Justice press release on the arrests.

Posted on July 19, 2011 at 2:50 PMView Comments

Assisting a Hostage Taker via Facebook

It’s a new world:

An armed Valdez, 36, held a woman hostage at a motel in a tense 16-hour, overnight standoff with SWAT teams, all while finding time to keep his family and friends updated on Facebook.

[…]

In all, Valdez made six posts and added at least a dozen new friends.

His family and friends responded with 100 comments. Some people offered words of support, and others pleaded for him to “do the right thing.”

[…]

“I’m currently in a standoff … kinda ugly, but ready for whatever,” Valdez wrote in his first post at 11.23pm “I love u guyz and if I don’t make it out of here alive that I’m in a better place and u were all great friends.”

[…]

At 2.04am, Valdez posted two pictures of himself and the woman. “Got a cute ‘Hostage’ huh,” Valdez wrote of the photographs.

At 3.48am, one of Valdez’ friends posted that police had a “gunner in the bushes stay low.” Valdez thanked him in a reply.

[…]

Police believe that responses from Valdez’s friend gave him an advantage.

Authorities are now discussing whether some of Valdez’ friends should be arrested and charged with obstruction of justice for hampering a police investigation. “We’re not sure yet how to deal with it,” said Croyle.

Posted on June 24, 2011 at 11:40 AMView Comments

Status Report on the War on Photography

Worth reading: Morgan Leigh Manning, “Less than Picture Perfect: The Legal Relationship between Photographers’ Rights and Law Enforcement,” Tennessee Law Review, Vol. 78, p. 105, 2010.

Abstract: Threats to national security and public safety, whether real or perceived, result in an atmosphere conducive to the abuse of civil liberties. History is littered with examples: The Alien and Sedition Acts of 1798, the suspension of habeas corpus during the Civil War, the Palmer Raids during World War I, and McCarthyism in the aftermath of World War II.Unfortunately, the post-9/11 world represents no departure from this age-old trend. Evidence of post-9/11 tension between national security and civil liberties is seen in the heightened regulation of photography; scholars have labeled it the “War on Photography” – a conflict between law enforcement officials and photographers over the right to take pictures in public places. A simple Google search reveals countless incidents of overzealous law enforcement officials detaining or arresting photographers and, in many cases, confiscating their cameras and memory cards, despite the fact that these individuals were in lawful places, at lawful times, partaking in lawful activities.

This article examines the so-called War on Photography and the remedies available to those who have been unlawfully detained, arrested, or have had their property seized for taking pictures in public places or private places open to the public. It discusses recent incidents that highlight the growing infringement of photography rights and the magnitude of the harm that law enforcement officials have inflicted, paying particular attention to the themes these events have in common. It explores the existing legal framework surrounding photography rights and the federal and state remedies available to those whose rights have been violated. It examines the adequacy of each remedy including: (1) declaratory and injunctive relief, (2) Section 1983 and Bivens actions, and (3) state tort remedies. It discusses the obstacles associated with each remedy and the reasons why these obstacles are particularly hard to overcome in the context of photography. It then argues that most, if not all, of the remedies discussed are either inadequate or altogether impractical considering the costs of litigation. Lastly, this article will discuss the reasons why people should be concerned about the War on Photography and possible ways to reverse the erosion of photography rights.

Posted on June 14, 2011 at 1:45 PMView Comments

1 15 16 17 18 19 46

Sidebar photo of Bruce Schneier by Joe MacInnis.