Page 81 of 92
How’s this for a dumb idea? Tagging passengers at airports. That’s all passengers.
EDITED TO ADD (10/13): Ross Anderson said this to me in e-mail: “The real reason for wanting to tag airline passengers is that when people check bags but don’t turn up for the flight in time, the bags have to be unloaded, causing expensive delays.” Interesting analysis.
From the New York Times:
All new threats entail huge uncertainties. Then, as now, there was a pronounced tendency to assume the worst, and for the government to claim enormous discretion in protecting the American public. The Bush administration has consistently argued that it needs to be protected from Congressional oversight and media scrutiny. An example is the National Security Agency’s warrantless surveillance of telephone traffic into and out of the United States. Rather than going to Congress and trying to negotiate changes to the law that regulates such activities, the administration simply grabbed that authority for itself, saying, in effect, “Trust us: if you knew what we know about the threat, you’d be perfectly happy to have us do what we’re doing.” In other areas, like the holding of prisoners in Guantanamo and interrogation methods used there and in the Middle East, one can only quote Moynihan on an earlier era: “As fears of Communist conspiracies and German subversion mounted, it was the U.S. government’s conduct that approached the illegal.”
Even if we do not at this juncture know the full scope of the threat we face from jihadist terrorism, it is certainly large enough to justify many changes in the way we conduct our lives, both at home and abroad. But the American government does have a track record in dealing with similar problems in the past, one suggesting that all American institutions—Congress, the courts, the news media—need to do their jobs in scrutinizing official behavior, and not take the easy way out of deferring to the executive. Past experience also suggests that the government would do far better to make public what it knows, as well as the limits of that knowledge, if we are to arrive at a balanced view of the challenges we face today.
Interesting research:
A consortium of major universities, using Homeland Security Department money, is developing software that would let the government monitor negative opinions of the United States or its leaders in newspapers and other publications overseas.
Such a “sentiment analysis” is intended to identify potential threats to the nation, security officials said.
This kind of thing could actually be a good idea. For example, it could be used to help the administration understand how we are viewed by people in other countries, and make us more responsible players on the world stage as a result.
On the other hand, this kind of thing could also be used to track critics of the U.S., and to aid in media manipulation. It is not unusual for government leaders to punish reporters who do not provide favorable coverage by excluding them from important events and key briefings, and this could facilitate that. At the very least, it would have a chilling effect on worldwide freedom of the press.
Note also that the project director says that the system would not extend to domestic news sources:
It could take several years for such a monitoring system to be in place, said Joe Kielman, coordinator of the research effort. The monitoring would not extend to United States news, Mr. Kielman said.
But a few paragraphs later:
The articles in the database include work from many American newspapers and news wire services, including The Miami Herald and The New York Times, as well as foreign sources like Agence France-Presse and The Dawn, a newspaper in Pakistan.
I have to admit I find the whole thing a bit too Orwellian for my tastes.
Maher Arar is a Syrian-born Canadian citizen. On September 26, 2002, he tried to fly from Switzerland to Toronto. Changing planes in New York, he was detained by the U.S. authorities, and eventually shipped to Syria where he was tortured. He’s 100% innocent. (Background here.)
The Canadian government has completed its “Commission of Inquiry into the Actions of Canadian Officials in Relation to Maher Arar,” the results of which are public. From their press release:
On Maher Arar, the Commissioner comes to one important conclusion: “I am able to say categorically that there is no evidence to indicate that Mr. Arar has committed any offence or that his activities constitute a threat to the security of Canada.”
Certainly something that everyone who supports the U.S.’s right to detain and torture people without having to demonstrate their guilt should think about. But what’s more interesting to readers of this blog is the role that inaccurate data played in the deportation and ultimately torture of an innocent man.
Privacy International summarizes the report. These are among their bullet points:
- The RCMP provided the U.S. with an entire database of information relating to a terrorism investigation (three CDs of information), in a way that did not comply with RCMP policies that require screening for relevance, reliability, and personal information. In fact, this action was without precedent.
- The RCMP provided the U.S. with inaccurate information about Arar that portrayed him in an infairly negative fashion and overstated his importance to a RCMP investigation. They included some “erroneous notes.”
- While he was detained in the U.S., the RCMP provided information regarding him to the U.S. Federal Bureau of Investigation (FBI), “some of which portrayed him in an inaccurate and unfair way.” The RCMP provided inaccurate information to the U.S. authorities that tended to link Arar to other terrorist suspects; and told the U.S. authorities that Arar had previously refused to be interviewed, which was also incorrect; and the RCMP also said that soon after refusing the interview he suddenly left Canada for Tunisia. “The statement about the refusal to be interviewed had the potential to arouse suspicion, especially among law enforcement officers, that Mr. Arar had something to hide.” The RCMP’s information to the U.S. authorities also placed Arar in the vicinity of Washington DC on September 11, 2001 when he was instead in California.
Judicial oversight is a security mechanism. It prevents the police from incarcerating the wrong person. The point of habeas corpus is that the police need to present their evidence in front of a neutral third party, and not indefinitely detain or torture people just because they believe they’re guilty. We are all less secure if we water down these security measures.
You can’t make this stuff up:
Electronic spy ‘bugs’ have been secretly planted in hundreds of thousands of household wheelie bins.
The gadgets – mostly installed by companies based in Germany – transmit information about the contents of the bins to a central database which then keeps records on the waste disposal habits of each individual address.
Already some 500,000 bins in council districts across England have been fitted with the bugs – with nearly all areas expected to follow suit within the next couple of years.
Until now, the majority of bins have been altered without the knowledge of their owners. In many cases, councils which ordered the installation of the devices did not even debate the proposals publicly.
The official reason for the bugs is to ‘improve efficiency’ and settle disputes between neighbours over wheelie-bin ownership. But experts say the technology is actually intended to enable councils to impose fines on householders who exceed limits on the amount of non-recyclable waste they put out. New powers for councils to do this are expected to be introduced by the Government shortly.
Two weeks ago I wrote about a spying scandal involving the HP board. There’s more:
A secret investigation of news leaks at Hewlett-Packard was more elaborate than previously reported, and almost from the start involved the illicit gathering of private phone records and direct surveillance of board members and journalists, according to people briefed on the company’s review of the operation.
Given this, I predict a real investigation into the incident:
Those briefed on the company’s review of the operation say detectives tried to plant software on at least one journalist’s computer that would enable messages to be traced, and also followed directors and possibly a journalist in an attempt to identify a leaker on the board.
I’m amazed there isn’t more outcry. Pretexting, planting Trojans…this is the sort of thing that would get a “hacker” immediately arrested. But if the chairman of the HP board does it, suddenly it’s a gray area.
EDITED TO ADD (9/20): More info.
Interesting article from The New York Times:
Flip open your husband’s cellphone and scroll down the log of calls received. Glance over your teenager’s shoulder at his screenful of instant messages. Type in a girlfriend’s password and rifle through her e-mail.
There was a time when unearthing someone’s private thoughts and deeds required sliding a hand beneath a mattress, fishing out a diary and hurriedly skimming its pages. The process was tactile, deliberate and fraught with anxiety: Will I be caught? Is this ethical? What will it do to my relationship with my child or partner?
But digital technology has made uncovering secrets such a painless, antiseptic process that the boundary delineating what is permissible in a relationship appears to be shifting.
In interviews and on blogs across the Web, people report that they snoop and spy on others “friends, family, colleagues” unencumbered by anxiety or guilt.
Basically, the chairman of Hewlett-Packard, annoyed at leaks, hired investigators to track down the phone records (including home and cell) of the other HP board members. One board member resigned because of this. The leaker has refused to resign, although he has been outed.
Note that the article says that the investigators used “pretexting,” which is illegal.
The entire episode—beyond its impact on the boardroom of a $100 billion company, Dunn’s ability to continue as chairwoman and the possibility of civil lawsuits claiming privacy invasions and fraudulent misrepresentations—raises questions about corporate surveillance in a digital age. Audio and visual surveillance capabilities keep advancing, both in their ability to collect and analyze data. The Web helps distribute that data efficiently and effortlessly. But what happens when these advances outstrip the
ability of companies (and, for that matter, governments) to reach consensus on ethical limits? How far will companies go to obtain information they seek for competitive gain or better management?The HP case specifically also sheds another spotlight on the questionable tactics used by security consultants to obtain personal information. HP acknowledged in an internal e-mail sent from its outside counsel to Perkins that it got the paper trail it needed to link the director-leaker to CNET through a controversial practice called “pretexting”; NEWSWEEK obtained a copy of that e-mail. That practice, according to the Federal Trade Commission, involves using “false pretenses” to get another individual’s personal nonpublic information: telephone records, bank and credit-card account numbers, Social Security number and the like.
EDITED TO ADD (9/8): Good commentary.
EDITED TO ADD (9/12): HP Chairman Patricia Dunn was fired.
Business Week cover story on “The State of Surveillance.”
And here’s my essay on “The Future of Privacy.”
EDITED TO ADD (9/6): The cover story is from August 2005.
EDITED TO ADD (9/7): CIO Insight on the death of privacy.
Details are emerging:
What pisses me off most is the second item. By arresting the conspirators early, the police squandered the chance to learn more about the network and arrest more of them—and to present a less flimsy case. There have been many news reports detailing how the U.S. pressured the UK government to make the arrests sooner, possibly out of political motivations. (And then Scotland Yard got annoyed at the U.S. leaking plot details to the press, hampering their case.)
My initial comments on the arrest are here. I still think that all of the new airline security measures are an overreaction (This essay makes the same point, as well as describing a 1995 terrorist plot that was remarkably similar in both materials and modus operandi—and didn’t result in a complete ban on liquids.)
As I said on a radio interview a couple of weeks ago: “We ban guns and knives, and the terrorists use box cutters. We ban box cutters and corkscrews, and they hide explosives in their shoes. We screen shoes, and the terrorists use liquids. We ban liquids, and the terrorist will use something else. It’s not a fair game, because the terrorists get to see our security measures before they plan their attack.” And it’s not a game we can win. So let’s stop playing, and play a game we actually can win. The real lesson of the London arrests is that investigation and intelligence work.
EDITED TO ADD (8/29): Seems this URL is unavailable in the U.K. See the comments for ways to bypass the block.
Sidebar photo of Bruce Schneier by Joe MacInnis.
