Slashdot Mirror
Grad Student's Work Reveals National Infrastructure
CodeHog writes "The WP reports about a student working on a PhD and how it relates to national (US) security. Very interesting that he has been able to get all this information. It raises some very challenging questions, should some of this information be classified?"
In the background, he plays the Beastie Boys.
He's got the right to party!
--------
Free your mind.
This software is used in the firmware of WMDs! It should be taken of the public internet immediatley!
After this kind of publicity, he'll have some job offers coming in, I guarantee it.
I'd tell 'em to classify it all they want, just looks BETTER on the resume...
For instance, this is not the first time Sean Gorman has been talked about:
Article in Science Daily
Plus, someone with the same email address has posts in rec.sports.rowing...
The bottom line is that if you know where to look, you can find out lots of stuff. Classifying this guy's dissertation isn't going to prevent someone else (from anywhere on the planet) using the same tools he did to do the same things he did.
We either have to control all information (hello, Mr. Orwell!) or accept that information can't be controlled and plan accordingly. It's been said many times before, but security through obsucrity just doesn't work.
libertarianswag.com
I work for Transport for London (Transport Authority in London, UK, duh), and, after 9/11 my boss asked me to print out a huge map of the city and put a little sticky label over every "potential terrorist target". Buckingham Palace, Houses of Parliament, the big wheel thing, ministry of defence, big office blocks, army barracks, more palaces....
After three hours I was running out of sticky labels and was very scared.
But hey, look on the bright side, maybe it'll never happen!!!
evil math within Nature's Cubic Creation!
Did anyone else think that this article had a dark undertone of government and corporerations looking to lock down information in the name of security. I mean, some of this information is important and may have benefits to the general public.
The scariest line is that they wanted to burn his research. Flash backs of 1984 flashed in my mind.
--------
Free your mind.
Some people might wonder why in the world you'd need to have maps of electrical grids and fibre lines...
I'm working on the periphery of the emergency response industry, and suffice it to say, any infrastructure data is vital as hell for responding to major natural disasters like quakes, hurricanes and tornadoes.
Tossing all this "scary" data into the classified domain will hammer on emergency responders' ability to effectively map this stuff.
It's vital, and I think the anti-"security through obscurity" comment in the article hits the nail on the head...
It's very interesting the way that an assemblage of publicly available information is suddenly a matter of national security. This must be based on the assumption that evildoers are never grad students.
From the article, all of the data he compiled was obtained from public sources. If anybody else wanted to replicate the work, it would only take their time. I'd imagine that you could get all the information you need through public records for building permits and right of way use. I mean, squelching the person who took the time to compile it all isn't going to do much good unless you classify every public record the US has for infrastructure.
"Tedious and boring?" He's got an application that can actually do some of the stuff Hollywood hackers have been doing for years. How could anyone think that's boring?
"Tank, find a structural drawing of this building. Find it fast."
With all this information, maybe he can tell me when they're going install my damn DSL line...
Correlating information is what gives you the bigger picture. Sure, it might be a secuirty threat as a whole, but it's been made up of snippets of information gleaned individually that probably aren't much use on their own.
Same as a bomb really, component parts are pretty common; chemicals, circuitry. It's about knowing how to connect stuff together to make it a bomb. 9/11 was flying lessons, plane timetables, GPS and box cutters. Each on their own is pretty harmless until you join the dots...
Same with information, connected together in the right way, it's just as dangerous. Ask the CIA or any intelligence agency...
the same questions have been asked about some of Tom Clancy's work. I remember reading that he was paid a visit by the FBI asking where he got his classified information, only it turned out everything he used was publicly available. My thought is that suppressing information will not prevent terrorism, only when would-be terrorists change the way they think of the free world will it stop. /rant
Gorman's work and the access he used is vital - if I'm paying for two links that should be separate, I need to know that I can really check that we have separated physical facilities.
There are a lot more backhoe operators than terrorists - and historically, the chances of a backhoe impact on infrastructure are pretty high.
I do not understand why the information would be classified. Our national highways are critical infrastructure, without which we would all be brought to a standstill, yet maps of them are readily available online or at any bookstore.
Could you imagine if the locations of communications infrastructure were classified? Would you need clearance to set up a node? Would you need to pay to have every line technicican get a full background check? This reminds me of the reaction of "security" people when they see WHOIS entries for their companies for the first time. Their foreheads are usually bruised for weeks because of the knee jerking. The first thing they want to do is take it down. They forget that a certain level of openness is neccesary for a system that benefits everyone.
The whole point of a privatised distributed communications infrastructure is that a terrorist or enemy state cannot cripple the entire thing. Now if the people at banks and government insititutions have not done a good job of ensuring redundancy and disaster recovery then it's their own fault. The solution is to fix it, not suppress information about it.
Obviously, no one recommends mailing al-qaeda a copy of the telecom/data infrastructure, but this exposes a major flaw with what's going on and we would be foolish to ignore it or suppress it.
"The plural of anecdote is not data." -- Roger Brinner
Frankly, I'm on your side...keeping some of the stuff he used to generate his maps classified would knock some information which is really very handy from the public use - things like the shipping/loading dock information that he mentioned (would a prospective company have to go through clearance procedures to find out whether shipping their goods through a given area is worthwhile??), like ISP bandwidth and routing information, and the depth of cable trenches (would telephone or paving companies also have to be cleared before putting in a new pole or rebuilding a road?) "It gives us a great thrill," Young said. "If it's banned, it should be published. We like defying authority as a matter of principle." That, I think, is a little extreme, but there are some things which can't be pulled from the public domain without wreaking havoc on the people dependant on them.
"Eat any good books lately?" -Q
The best Windows accelerator is 9.81m/s^2
People are _SO_ freaking paranoid these days. Having access to a database like this could be enormously helpful to a great range of people. But all people think about is, "What will al Queda do with it?"
Since 2000 about 3,000 people have died in terrorist attacks. About 175,000 have died in car accidents. About what should we be worried?
...between all the pieces of information being publicly available and all the information being publicly available.
From most of the comments so far, it appears the majority of people seem to think that this guy's PhD took about as long to compile as mapping a route from coast to coast with MapQuest. Hello? I imagine there was quite a bit of work put into compiling this information, and that not just anyone would have the time, persistence or devotion to duplicate the complilation. So yes, there is a HUGE difference between the information being available scattered across the 'net and having it all compiled, cross referenced and searchable in one easily downloaded program.
And IMHO, you most definitely can had a compilation of 100% publicly available information be classified as a threat to national security.
And personally, I don't believe there is a "publicly beneficial" use for this info in its compiled form that couldn't be easily be satisfied with the publicly available pieces - if a link is severed, you only need the info for the area of the problem (where the tornado hit, for example), not for the whole country. And the utilities that would be effected and responsible for the repairs would have the info they need anyhow.
I think the biggest value to the public of this information is the fact that it exists and that this can be done. The information itself is only important to those who would protect it or exploit it.
666-607: 6th floor apartment of the beast
You're either "land of the free", or you are not. So either live up to the hype, or change the tagline. Can't have it both ways, with a closed society fueled on fear, claming to be "free".
That's a huge oversimplification. I wouldn't even respond to such a troll had some ill-informed moderators not decided to mod it up to a 5 and make it the first comment on the page.
Ideally, information becomes classified when the benefits of the information being publicly available are less than the dangers of that availability. Here at the university where I work, when I need to get a list of students in my department, I can't just call up and request it. I have to be authorized to have it. In that case, the extra day it takes to get the information is justified because we don't want just anybody to have access to that sort of information.
On the flip side, we have the Freedom of Information Act. It has been decided that certain information should be available to the public without such restrictions. In this case, the public benefit outweighs the negative aspects of the FOIA.
To suggest that the "land of the free" entails zero security is simply ignorant.
-- "Complacency is a far more dangerous attitude than outrage." -Naomi Littlebear
The smartest thing they could do, is use his information and go through each weakness and look to secure it as much as possible. Many of them may look at that as cost prohibitive and just try to obsure the information and hope no one finds it.
I'm not drunk, I just have a speech impediment. And a stomach virus. And an inner ear infection.
With all this concern over whether the "terrorists" should be allowed to know where all of our weak spots are, where is the concern for our real weak spot: creating more terrorists? If we could just figure out how to stop behaving so idiotically and stomping all over the world, we wouldn't have to worry quite so badly about being open with our information. Granted, there would still be people who want to do damage, but not nearly as many.
An open, friendly society breeds safety simply by virtue of not pissing so many people off to the point where they want to do unsafe things. On the other hand, greed, power-lust and secrecy just breeds more conflict. With less secrecy, greed and power-lust become a lot more difficult to hide, and therefore more difficult to perpetrate. This information, as well as so much more, should be out in the open.
Besides, if he got it, it already is, as has been pointed out.
Actually, it would be easy for me to put "classified" on my list of publications on my résumé. It is just the "mostly as bullshit" part that wouldn't do me any good.
The infrastructure is all interconnected... High voltage lines and their rights of way are used for fiber optic cable runs, Oil and gas pipelines and their rights of way are used for fiber optic runs, same for railway rights of way... because they all have the same basic need, to go from point A to point B, without crossing anyone else's properties. Start correllating telco/internet outages with railroad derailings (which tend to dig up the right of way), and you'll see what I mean. I have known for 10 years, the easiest way to cripple "the typical city" (since the fire in chicago, that destroyed the phone Central Office!) -Jazz
-- All That's Evil in the Geek Space
From the Clancy FAQ:2 0CIA%20and%20FBI.htm
http://www.clancyfaq.com/Clancy%20contacted%20by%
You have responded to an oversimplification by making another, far more dangerous simplification.
Your ideal is that we classify when the benefits of information being available are less than the dangers. Who exactly makes this determination? What subject matters are subject to this?
When we deal with information that is dangerous by "hiding" it, what we really do is shift resources away from solving the underlying vulnerability. Sometimes the vulnerability isn't solvable, but much of the time it is.
With Gorman's work, he is highlighting choke points in the infrastructure. Would the rational response to this situation not be to diversify off those choke points? We should identify key weaknesses with this kind of research then solve them. We should not simply hide the information.
First principles also apply here: I find myself somewhat in agreement with one poster who indicated that we should quit "stomping" around the world creating enemies. It is far easier to defend against an enemy you do not have.
FOIA and classification are unrelated. FOIA is generally used to punch holes through government bureaucracy; to get at information that should be available to the public but is obscured by red tape. Classification contains information that should not be available to the public. Some FOIA requests come back redacted for security reasons.
It is far too easy for an administration to simply designate information as confidential. Such designations can and are used to avoid information release that would be politically senstivie. The bar is too low.
As with so many other things, it comes down to "who decides"...
The implications, however, in the post-Sept. 11 world, were enough....
In this post-September 11th world, I'm getting REALLY sick of that phrase.
"I either want less corruption, or more chance
to participate in it." -- Ashleigh Brilliant
Sorry, couldn't resist. I grew up in the USSR where everything was classified - so here is a map story for you.
Map information was classified and map publishers were required to add deliberately inaccurate information to their maps. You would have whole cities that were not on the map or shown a couple of hundred km away from their real location. This was done in the name of national security, so the enemy (US) would not be able to use maps to plan a nuclear strike or sabotage military installations.
The enemy of course just used satellite imaging to create their own maps and ended up with better maps of Russia than the Russians had. In the 80s folks who needed maps (geologists, archeologists, hikers, ...) would try really hard to get their hands on foreign made maps, because they were so much more accurate.
Security by obscurity is counterproductive...