Page 84 of 86
Many people have sent me the story about Dell Computers selling machines with hardware keyboard loggers built in. The story was scant on details, and smelled like a hoax to me. Snopes has weighed in; they believe it’s a hoax too.
The politics is certainly interesting, but I am impressed with Felt’s tradecraft. Read Bob Woodward’s description of how he would arrange secret meetings with Felt.
I tried to call Felt, but he wouldn’t take the call. I tried his home in Virginia and had no better luck. So one night I showed up at his Fairfax home. It was a plain-vanilla, perfectly kept, everything-in-its-place suburban house. His manner made me nervous. He said no more phone calls, no more visits to his home, nothing in the open.
I did not know then that in Felt’s earliest days in the FBI, during World War II, he had been assigned to work on the general desk of the Espionage Section. Felt learned a great deal about German spying in the job, and after the war he spent time keeping suspected Soviet agents under surveillance.
So at his home in Virginia that summer, Felt said that if we were to talk it would have to be face to face where no one could observe us.
I said anything would be fine with me.
We would need a preplanned notification system—a change in the environment that no one else would notice or attach any meaning to. I didn’t know what he was talking about.
If you keep the drapes in your apartment closed, open them and that could signal me, he said. I could check each day or have them checked, and if they were open we could meet that night at a designated place. I liked to let the light in at times, I explained.
We needed another signal, he said, indicating that he could check my apartment regularly. He never explained how he could do this.
Feeling under some pressure, I said that I had a red cloth flag, less than a foot square—the kind used as warnings on long truck loads—that a girlfriend had found on the street. She had stuck it in an empty flowerpot on my apartment balcony.
Felt and I agreed that I would move the flowerpot with the flag, which usually was in the front near the railing, to the rear of the balcony if I urgently needed a meeting. This would have to be important and rare, he said sternly. The signal, he said, would mean we would meet that same night about 2 a.m. on the bottom level of an underground garage just over the Key Bridge in Rosslyn.
Felt said I would have to follow strict countersurveillance techniques. How did I get out of my apartment?
I walked out, down the hall, and took the elevator.
Which takes you to the lobby? he asked.
Yes.
Did I have back stairs to my apartment house?
Yes.
Use them when you are heading for a meeting. Do they open into an alley?
Yes.
Take the alley. Don’t use your own car. Take a taxi to several blocks from a hotel where there are cabs after midnight, get dropped off and then walk to get a second cab to Rosslyn. Don’t get dropped off directly at the parking garage. Walk the last several blocks. If you are being followed, don’t go down to the garage. I’ll understand if you don’t show. All this was like a lecture. The key was taking the necessary time—one to two hours to get there. Be patient, serene. Trust the prearrangements. There was no fallback meeting place or time. If we both didn’t show, there would be no meeting.
Felt said that if he had something for me, he could get me a message. He quizzed me about my daily routine, what came to my apartment, the mailbox, etc. The Post was delivered outside my apartment door. I did have a subscription to the New York Times. A number of people in my apartment building near Dupont Circle got the Times. The copies were left in the lobby with the apartment number. Mine was No. 617, and it was written clearly on the outside of each paper in marker pen. Felt said if there was something important he could get to my New York Times—how, I never knew. Page 20 would be circled, and the hands of a clock in the lower part of the page would be drawn to indicate the time of the meeting that night, probably 2 a.m., in the same Rosslyn parking garage.
The relationship was a compact of trust; nothing about it was to be discussed or shared with anyone, he said.
How he could have made a daily observation of my balcony is still a mystery to me. At the time, before the era of intensive security, the back of the building was not enclosed, so anyone could have driven in the back alley to observe my balcony. In addition, my balcony and the back of the apartment complex faced onto a courtyard or back area that was shared with a number of other apartment or office buildings in the area. My balcony could have been seen from dozens of apartments or offices, as best I can tell.
A number of embassies were located in the area. The Iraqi Embassy was down the street, and I thought it possible that the FBI had surveillance or listening posts nearby. Could Felt have had the counterintelligence agents regularly report on the status of my flag and flowerpot? That seems highly unlikely, if not impossible.
From EPIC:
The Department of Homeland Security (DHS) has requested more than $2 billion to finance grants to state and local governments for homeland security needs. Some of this money is being used by state and local governments to create networks of surveillance cameras to watch over the public in the streets, shopping centers, at airports and more. However, studies have found that such surveillance systems have little effect on crime, and that it is more effective to place more officers on the streets and improve lighting in high-crime areas. There are significant concerns about citizens’ privacy rights and misuse or abuse of the system. A professor at the University of Nevada at Reno has alleged that the university used a homeland security camera system to surreptitiously watch him after he filed a complaint alleging that the university abused its research animals. Also, British studies have found there is a significant danger of racial discrimination and stereotyping by those monitoring the cameras.
The International Campaign Against Mass Surveillance has issued a report (dated April 2005): “The Emergence of a Global Infrastructure for Mass Registration and Surveillance.” It’s a chilling assessment of the current international trends towards global surveillance. Most of it you will have seen before, although it’s good to have everything in one place. I am particularly pleased that the report explicitly states that these measures do not make us any safer, but only create the illusion of security.
The global surveillance initiatives that governments have embarked upon do not make us more secure. They create only the illusion of security.
Sifting through an ocean of information with a net of bias and faulty logic, they yield outrageous numbers of false positives and false negatives. The dragnet approach might make the public feel that something is being done, but the dragnet is easily circumvented by determined terrorists who are either not known to authorities, or who use identity theft to evade them.
For the statistically large number of people that will be wrongly identified or wrongly assessed as a risk under the system, the consequences can be dire.
At the same time, the democratic institutions and protections, which would be the safeguards of individuals’ personal security, are being weakened. And national sovereignty and the ability of national governments to protect citizens against the actions of other states (when they are willing) are being compromised as security functions become more and more deeply integrated.
The global surveillance dragnet diverts crucial resources and efforts away from the kind of investments that would make people safer. What is required is good information about specific threats, not crude racial profiling and useless information on the nearly 100 percent of the population that poses no threat whatsoever.
Universal automobile surveillance comes to the United Arab Emirates:
IBM will begin installing a “Smart Box” system in vehicles in the United Arab Emirates next year, potentially generating millions in traffic fines for the Gulf state. The UAE signed a $125 million contract with IBM today to provide the high-tech traffic monitoring and speed-enforcing system in which a GPS-enabled “Smart Box” would be installed in cars to provide a voice warning if the driver exceeds the local speed limit for wherever he may be driving. If the voice warning is ignored, the system would use a GSM/GPRS link to beam the car’s speed, identity and location to the police so that a ticket could be issued. The system would also track and monitor any other driving violations, including “reckless behavior.”
This kind of thing is also being implemented in the UK, for insurance purposes.
From TheNewspaper.com:
The fictional police spy helicopter from the movie Blue Thunder is taking a big step toward becoming a reality. Police in the UK have successfully tested a 160 MPH helicopter that can read license plates from as much as 2,000 feet in the air. The Eurocopter EC135 is equipped with a camera capable of scanning 5 cars every second. Essex Police Inspector Paul Moor told the Daily Star newspaper: “This is all about denying criminals the use of the road. Using a number plate recognition camera from the air means crooks will have nowhere to hide.”
The use of Automated Plate Number Recognition (ANPR) is growing. ANPR devices photograph vehicles and then use optical character recognition to extract license plate numbers and match them with any selected databases. The devices use infrared sensors to avoid the need for a flash and to operate in all weather conditions.
This is an example of wholesale surveillance, and something I’ve written about before.
Of course, once the system is in place it will be used for privacy violations that we can’t even conceive of.
One of the companies that sells the camera scanning equipment touts it’s potential for marketing applications. “Once the number plate has been successfully ‘captured’ applications for it’s use are limited only by imagination and almost anything is possible,” Westminister International says on its website. UK police also envision a national database that holds time and location data on every vehicle scanned. “This data warehouse would also hold ANPR reads and hits as a further source of vehicle intelligence, providing great benefits to major crime and terrorism enquiries,” a Home Office proposal explains.
The only way to maintain security is not to field this sort of system in the first place.
I have very mixed feelings about this report:
Anticipating attacks from terrorists, and hardening potential targets against them, is a wearying and expensive business that could be made simpler through a broader view of the opponents’ origins, fears, and ultimate objectives, according to studies by the Advanced Concepts Group (ACG) of Sandia National Laboratories.
“Right now, there are way too many targets considered and way too many ways to attack them,” says ACG’s Curtis Johnson. “Any thinking person can spin up enemies, threats, and locations it takes billions [of dollars] to fix.”
That makes a lot of sense, and this way of thinking is sorely needed. As is this kind of thing:
“The game really starts when the bad guys are getting together to plan something, not when they show up at your door,” says Johnson. “Can you ping them to get them to reveal their hand, or get them to turn against themselves?”
Better yet is to bring the battle to the countries from which terrorists spring, and beat insurgencies before they have a foothold.
“We need to help win over the as-yet-undecided populace to the view it is their government that is legitimate and not the insurgents,” says the ACG’s David Kitterman. Data from Middle East polls suggest, perhaps surprisingly, that most respondents are favorable to Western values. Turbulent times, however, put that liking under stress.
A nation’s people and media can be won over, says Yonas, through global initiatives that deal with local problems such as the need for clean water and affordable energy.
Says Johnson, “U.S. security already is integrated with global security. We’re always helping victims of disaster like tsunami victims, or victims of oppressive governments. Perhaps our ideas on national security should be redefined to reflect the needs of these people.”
Remember right after 9/11, when that kind of thinking would get you vilified?
But the article also talks about security mechanisms that won’t work, cost too much in freedoms and liberties, and have dangerous side effects.
People in airports voluntarily might carry smart cards if the cards could be sweetened to perform additional tasks like helping the bearer get through security, or to the right gate at the right time.
Mall shoppers might be handed a sensing card that also would help locate a particular store, a special sale, or find the closest parking space through cheap distributed-sensor networks.
“Suppose every PDA had a sensor on it,” suggests ACG researcher Laura McNamara. “We would achieve decentralized surveillance.” These sensors could report by radio frequency to a central computer any signal from contraband biological, chemical, or nuclear material.
Universal surveillance to improve our security? Seems unlikely.
But the most chilling quote of all:
“The goal here is to abolish anonymity, the terrorist’s friend,” says Sandia researcher Peter Chew. “We’re not talking about abolishing privacy—that’s another issue. We’re only considering the effect of setting up an electronic situation where all the people in a mall, subway, or airport ‘know’ each other—via, say, Bluetooth—as they would have, personally, in a small town. This would help malls and communities become bad targets.”
Anonymity is now the terrorist’s friend? I like to think of it as democracy’s friend.
Security against terrorism is important, but it’s equally important to remember that terrorism isn’t the only threat. Criminals, police, and governments are also threats, and security needs to be viewed as a trade-off with respect to all the threats. When you analyze terrorism in isolation, you end up with all sorts of weird answers.
In this story, someone took control of a webcam using the Subseven Trojan.
In other cases, it’s even easier. There are lots of webcams out there that are completely open to anyone who logs into them. You can even search for them using Google.
Sidebar photo of Bruce Schneier by Joe MacInnis.