Fighting Terrorists Through Software, Anonymously?

Silwenae writes "MSNBC has a story online from this week's Newsweek about Jeff Jonas, founder of System Research and Development. SRD's software attempts to verify a person is who he says he is, and then tries to determine who that person may be connected with. Originally used in casinos, the CIA has invested in SRD for use in the war against terrorism. Apparently, Jonas has developed a system that can anonymize the data being analyzed through hashing, so the government can share this information with the private sector to look for hits, without the private sector seeing the specific data."

Who has access to our data?

[myownkidney]

The question is, who exactly has access to our data?

The credit card companies, for example, have access to a LOT of data. People seem to be content with that.

And it is ridiculous how much information about your activities are already out there, though not publicly accessible, accessible to certain organisations.

I think the scariest bit about this article is that casinos have access to your, YES YOUR, data. And if casinos can do that, so can the mafia.

The government having access to all this information is only a part of the problem. The real problem is, how much of it is available to bad guys, like telemarketeers and the Russian Mafia.

Re:Using Hashing

[CountBrass]

Brute forced? Nope. Assuming they picked a decent secure hashing algorithm (ie something like a 3-pass SHA-256 and definately not MD-5) then brute forcing isn't feasible.

The weakness is not in the hash algorithm, it's in the use the hash is being put to. See my other post for an explanation.

Re:Using Hashing

[Laverne]

Taken from whatis.com.

Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.
The hash function is used to index the original value or key and then used later each time the data associated with the value or key is to be retrieved. Thus, hashing is always a one-way operation. There's no need to "reverse engineer" the hash function by analyzing the hashed values. In fact, the ideal hash function can't be derived by such analysis.

Re:False Positives and False Negatives

[CountBrass]

A real danger as all hashes (unless they are at least as large as the data they are hashing- which makes them a bit pointless) inherently will have collisions (ie two sets of different content will produce the same hash).

In fact secure hashes emphasise the fact that given a hash and the content it would be difficult to modify the content to give the same hash. This is different to "there won't be any collisions".

Err no.

[CountBrass]

Hashing != encryption.

Encryption is intended to be unencrypted.

Hashing is one way because it involves information loss. It is not encryption: there is nothing secret. For example simple hashing algorithm might be "take the ascii value for each character in string and add them all up, rolling over each time you reach 10,000". The result will be a hash. Which is dependent on the data you put in- is impossible to *directly* extract the original data (you could use a lookup table to do it). As I said though, this is NOT encryption.

Re:Brute-forcing hashes and Spelling

[SYRanger]

The Soundex-algorithm can be used for English names, but of I guess no such algorithms exist (or are even appliccable) for Ararb or Chinese names).

Re:Freedom for security

[SQL+Error]

Except that Benjamin Franklin never said that.

What he did say is this: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

Puts it in a different light, doesn't it?

And the bodycount site you link to is, not to put to fine a point on it, a complete lie. Deaths of Iraqi civilians caused by our (and their) enemies is presented as though it was caused by the US and its allies. And even that needs to be contrasted against the thousands of deaths directly caused by the Iraqi government before it was removed from power.

You ask: "When will people learn that labelling people "terrorists" and killing them just creates new "terrorists" at an exponential rate?"

The answer is clearly never, because the latter does not in fact happen.

"As far as these "terrorists" are concerned, America and the UK are "terrorists" too."

The terrorists are the ones deliberately seeking to maximise the civilian death toll. Since US and allied troops are seeking to minimise civilian casualties - at risk of their own lives - they are quite clearly anti-terrorists.

Save your anti-American rhetoric for when America actually does something wrong.

Re:Using Hashing

[goatan]

I mean, this information may be valid for years, a thing you did when you where 18 may still be there when you are 50. I don't think this data should be distributed much at all, even though it's encrypted.

This is an issue in the UK at the moment with the Soham murders in that some data (complaints of rape and indecent assault) on Ian Huntley was deleted because some police departments thought they couldn't keep it with others the information was there but not found

More information here the BBC has a lot on the Soham case

Re:Freedom for security

[mu-sly]

I'm not anti-American. I'm anti the actions of the American government under the banner of "the war against terror", because it is utter bullshit.

The only correct reaction to terrorism is no reaction at all. Give them an inch, and they'll take a mile. By reacting to terrorist attacks in such a knee-jerk frenzy of panic, we have already lost the war against terror, because it has taken the grip on society that the terrorists wanted it to take.

I'm not saying terrorism is right - it's clearly not. But the fact of the matter is that that you're about ten times more likely to get murdered by a fellow American than you are by a terrorist inside America, and you have to keep things in perspective.

Bin Laden and co are insane maniacs who must be stopped, but you can't wipe out terrorists by killing them - it simply doesn't work like that. You have to address the reason they are terrorists in the first place, whether it's an insane reason or not, otherwise the terrorists will never go away.

Large-scale sponsorship of their enemies (eg. Israel) is hardly a good idea.

Re:The terrorists are winning... NOT

[cascadingstylesheet]

The US governments reactions to terrorist threats are exactly what the terrorists wanted.

How so?

• They wanted to topple the current government of Saudi Arabia. Hasn't happened.
• They wanted the US "out of the Middle East". Er ... maybe you haven't been paying attention, but the opposite has happened.
• They wanted to strike at us in our homeland and have us rattle our saber and make "strong statements" in futility. Instead, we flattened their base of operations and replaced the government, flattened one of their allies and replaced the government, and have been rounding them up apace.

Re:Using Hashing

[goatan]

Sould have had this and this

Re:definition of "war against terrorism"?

[jedidiah]

The difference between soldiers and terrorists is that the former don't go out of their way to increase civilian casualties.

Go to Parris Island (Marine Corps boot camp), find a recruit and take the notebook that he is likely carrying. Look inside the cover and you will see listed the "Articles of War".

Not going out of your way to inflict civilian damage is one of the rules listed.

This is what makes the difference between a Chechen partisan and a Chechen terrorist.