Entries Tagged "mission creep"

Page 3 of 3

Face Recognition Comes to Bars

BioBouncer is a face recognition system intended for bars:

Its camera snaps customers entering clubs and bars, and facial recognition software compares them with stored images of previously identified troublemakers. The technology alerts club security to image matches, while innocent images are automatically flushed at the end of each night, Dussich said. Various clubs can share databases through a virtual private network, so belligerent drunks might find themselves unwelcome in all their neighborhood bars.

Anyone want to guess how long that “automatically flushed at the end of each night” will last? This data has enormous value. Insurance companies will want to know if someone was in a bar before a car accident. Employers will want to know if their employees were drinking before work—think airplane pilots. Private investigators will want to know who walked into a bar with whom. The police will want to know all sorts of things. Lots of people will want this data—and they’ll all be willing to pay for it.

And the data will be owned by the bars thatcollect it. They can choose to erase it, or they can choose to sell it to data aggregators like Acxiom.

It’s rarely the initial application that’s the problem. It’s the follow-on applications. It’s the function creep. Before you know it, everyone will know that they are identified the moment they walk into a commercial building. We will all lose privacy, and liberty, and freedom as a result.

Posted on February 28, 2006 at 3:47 PMView Comments

UK Terrorism Law Used for Non-Terrorism Purposes

The U.K. has used terrorism laws to stifle free speech; now it’s using them to keep pedestrians off bicycle paths.

With her year-round tan, long blonde hair and designer clothes, Sally Cameron does not look like a threat to national security.

But the 34-year-old property developer has joined the ranks of Britain’s most unlikely terrorist suspects after being held for hours for trespassing on a cycle path.

And also to prevent people from taking pictures of motorways:

A Hampshire student was stopped and warned by police under new anti-terror laws—for taking pictures of the M3.

Matthew Curtis had been gathering images for the website of a design company where he works part-time when he was stopped, searched and cautioned.

The 21-year-old was told that he was in a “vulnerable area” as he snapped pictures of the M3 and was made to account for his actions before he was issued with a warning and told not to do it again.

Officers, who had quoted the Prevention of Terrorism Act, today apologised for causing concern but say they were just being vigilant.

I get that terrorism is the threat of the moment, and that all sorts of government actions are being justified with terrorism. But this is ridiculous.

Posted on October 19, 2005 at 12:04 PMView Comments

Terrorism Laws Used to Stifle Political Speech

Walter Wolfgang, an 82-year-old political veteran, was forcefully removed from the UK Labour party conference for calling a speaker, Jack Straw, a liar. (Opinions on whether Jack Straw is or is not a liar are irrelevant here.) He was later denied access to the conference on basis of anti-terror laws. Keep in mind that as recently as the 1980s, Labour Party conferences were heated affairs compared with today’s media shows.

From The London Times:

A police spokeswoman said that Mr Wolfgang had not been arrested but detained because his security accreditation had been cancelled by Labour officials when he was ejected. She said: “The delegate asked the police officer what powers he was using. The police officer responded that he was using his powers under Section 44 of the Terrorism Act to confirm the delegate’s details.”

Also this:

More than 600 people were detained under the Terrorism Act during the Labour party conference, it was reported yesterday.

Anti-Iraq war protesters, anti-Blairite OAPs and conference delegates were all detained by police under legislation that was designed to combat violent fanatics and bombers – even though none of them was suspected of terrorist links. None of those detained under Section 44 stop-and-search rules in the 2000 Terrorism Act was arrested and no-one was charged under the terrorism laws.

Walter Wolfgang, an 82-year-old Jewish refugee from Nazi Germany, was thrown out of the conference hall by Labour heavies after heckling the Foreign Secretary, Jack Straw.

When he tried to get back in, he was detained under Section 44 and questioned by police. The party later apologised.

But the Home Office has refused to apologise for heavy-handed tactics used at this year’s conference.

A spokesman insisted: “Stop and search under Section 44 is an important tool in the on-going fight against terrorism.

“The powers help to deter terrorist activity by creating a hostile environment for terrorists.”

He added that the justification for authorising the use of the powers was “intelligence-led and based on an assessment of the threat against the UK.”

The shadow home secretary, David Davis, said: “Laws that are designed to fight terrorism should only be used against terrorism.”

Posted on October 10, 2005 at 8:13 AMView Comments

TSA's Secure Flight

As I wrote previously, I am participating in a working group to study the security and privacy of Secure Flight, the U.S. government’s program to match airline passengers with a terrorist watch list. In the end, I signed the NDA allowing me access to SSI (Sensitive Security Information) documents, but managed to avoid filling out the paperwork for a SECRET security clearance.

Last week the group had its second meeting.

So far, I have four general conclusions. One, assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement—in almost every way—over what is currently in place. (And by this I mean the matching program, not any potential uses of commercial or other third-party data.)

Two, the security system surrounding Secure Flight is riddled with security holes. There are security problems with false IDs, ID verification, the ability to fly on someone else’s ticket, airline procedures, etc.

Three, the urge to use this system for other things will be irresistible. It’s just too easy to say: “As long as you’ve got this system that watches out for terrorists, how about also looking for this list of drug dealers…and by the way, we’ve got the Super Bowl to worry about too.” Once Secure Flight gets built, all it’ll take is a new law and we’ll have a nationwide security checkpoint system.

And four, a program of matching airline passengers with names on terrorism watch lists is not making us appreciably safer, and is a lousy way to spend our security dollars.

Unfortunately, Congress has mandated that Secure Flight be implemented, so it is unlikely that the program will be killed. And analyzing the effectiveness of the program in general, potential mission creep, and whether the general idea is a worthwhile one, is beyond the scope of our little group. In other words, my first conclusion is basically all that they’re interested in hearing.

But that means I can write about everything else.

To speak to my fourth conclusion: Imagine for a minute that Secure Flight is perfect. That is, we can ensure that no one can fly under a false identity, that the watch lists have perfect identity information, and that Secure Flight can perfectly determine if a passenger is on the watch list: no false positives and no false negatives. Even if we could do all that, Secure Flight wouldn’t be worth it.

Secure Flight is a passive system. It waits for the bad guys to buy an airplane ticket and try to board. If the bad guys don’t fly, it’s a waste of money. If the bad guys try to blow up shopping malls instead of airplanes, it’s a waste of money.

If I had some millions of dollars to spend on terrorism security, and I had a watch list of potential terrorists, I would spend that money investigating those people. I would try to determine whether or not they were a terrorism threat before they got to the airport, or even if they had no intention of visiting an airport. I would try to prevent their plot regardless of whether it involved airplanes. I would clear the innocent people, and I would go after the guilty. I wouldn’t build a complex computerized infrastructure and wait until one of them happened to wander into an airport. It just doesn’t make security sense.

That’s my usual metric when I think about a terrorism security measure: Would it be more effective than taking that money and funding intelligence, investigation, or emergency response—things that protect us regardless of what the terrorists are planning next. Money spent on security measures that only work against a particular terrorist tactic, forgetting that terrorists are adaptable, is largely wasted.

Posted on January 31, 2005 at 9:26 AMView Comments

Terrorists and Border ID Systems

This Washington Times article titled “Border Patrol hails new ID system” could have just as accurately been titled “No terrorists caught by new ID system.”

Border Patrol agents assigned to U.S. Customs and Border Protection (CBP) identified and arrested 23,502 persons with criminal records nationwide through a new biometric integrated fingerprint system during a three-month period beginning in September, CBP officials said yesterday.

Terrorism justifies the security expense, and it ends up being used for something else.

During the three-month period this year, the agents identified and detained 84 homicide suspects, 37 kidnapping suspects, 151 sexual assault suspects, 212 robbery suspects, 1,238 suspects for assaults of other types, and 2,630 suspects implicated in dangerous narcotics-related charges.

Posted on January 7, 2005 at 7:58 AMView Comments

1 2 3

Sidebar photo of Bruce Schneier by Joe MacInnis.