Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fighting Terrorists Through Software, Anonymously?

Posted by simoniker on from the i'm-not-who-you-think-i-am dept.

Silwenae writes "MSNBC has a story online from this week's Newsweek about Jeff Jonas, founder of System Research and Development. SRD's software attempts to verify a person is who he says he is, and then tries to determine who that person may be connected with. Originally used in casinos, the CIA has invested in SRD for use in the war against terrorism. Apparently, Jonas has developed a system that can anonymize the data being analyzed through hashing, so the government can share this information with the private sector to look for hits, without the private sector seeing the specific data."

21 of 257 comments (clear)

  1. Stealth Snooping by R.Caley · · Score: 4, Insightful
    [...]so the government can share this information with the private sector to look for hits, without the private sector seeing the specific data.

    I.e. so the state can put people it doesn't like on the list of people to be tracked with less risk that that person, or the rest of us, can know who is on the list.

    Yeah, that's really reassuring.

    Big brother may be watching you, but you have no way of knowing...

    --
    _O_
    .|<     The named which can be named is not the true named
    1. Re:Stealth Snooping by Hektor_Troy · · Score: 5, Insightful

      Big brother may be watching you, but you have no way of knowing...

      Which is far more scary ... to me at least.

      Personally I'd feel more comfortable travelling in China, as I know for a fact what will happen to me, if I were to air my oppinions about their government. In the USA however ... well - I'm a foreign citizen, so hey presto - enemy combatant.

      --
      We do not live in the 21st century. We live in the 20 second century.
    2. Re:Stealth Snooping by Anonymous Coward · · Score: 5, Insightful

      What's really wonderful is that, since this is a static system, this is still subject to the Carnival Booth terrorist screeing attack which was documented not so long ago and which guarantees that this will reduce and not increase security by allowing terrorists to identify which people they can use to carry out attacks.

      Idiots.

    3. Re:Stealth Snooping by kfg · · Score: 4, Insightful

      This would be a valid criticism if any of these "antiterrorist" technologies had anything to do with security.

      They're about the DEA and tracking potential "politcal radicals." i.e. people who are likely to oppose you politically.

      KFG

    4. Re:Stealth Snooping by kfg · · Score: 4, Insightful

      So we've recreated the 2nd Red Scare

      Second? Hell, we've been down this road so many times the cobbles are worn to little nubs. We've had the French scare, the Loyalist scare, the Mexican scare, the Spanish scare, the Nez Perce scare, the bootlegger scare and the British scare alone was milked for 100 years. The Alien and Sedition acts were passed in 1798.

      Christ almighty, if you want to get an idea of how far back this goes just read the Bible.

      KFG

    5. Re:Stealth Snooping by R.Caley · · Score: 3, Insightful
      Unless you're operating under the assumption that the people they watch never, EVER turn out to be actual terrorists, I would think the reasons why that's an absolute necessity would be obvious.

      I'm sure the East German secret police occasionaly caught someone who was an actual danger to people (rather than to the state). Would that justify their networks of secret informers etc?

      I think we are well into ``those who would give up...'' terretory here.

      --
      _O_
      .|<       The named which can be named is not the true named
    6. Re:Stealth Snooping by tom's+a-cold · · Score: 5, Insightful

      The false-positive rate should be emphasized far more than it has been. What does it mean? It means that whatever system they have in place, if it's based on statistical indicators rather than someone's hunch, will inevitably identify several innocent people for every terrorist that they find. Depending on the sensitivity of the detection algoritm, the value of "several" could be anywhere from dozens to thousands. And these people are not "borderline" terrorists in any sense. They are no more likely to be real terrorists than anyone else in the population. They're entirely innocent. So the use of such a system is guaranteed to falsely identify, stigmatize and punish large numbers of innocent people. This is not a tradeoff between freedom and security. It's a tradeoff between justice and the false perception of security.

      --
      Get your teeth into a small slice: the cake of liberty
    7. Re:Stealth Snooping by R.Caley · · Score: 4, Insightful
      What happens when a crime is committed? The police round up suspects. How do they get that list of suspects?

      One would hope that they start from the crime and compile the list, rather than starting from a list and trying to fit list members to the crime.

      Otherwise we end up with Louis:

      Realising the importance of the case, my men are rounding up twice the usual number of suspects.
      The classic case in the UK is the `Birmingham Six'. Faced with the worst terrorist attack ther had ever been on the UK mainland, the police started with their list and worked really hard to find some suspects who fitted. Needless to say, those convicted were eventually found innocent and set free, and the people who did it were never caught and punished.
      --
      _O_
      .|<       The named which can be named is not the true named
  2. Using Hashing by MoonFog · · Score: 4, Insightful

    His response was to invent ANNA ("NORA's little sister," he explains), a system that "anonymizes" data by an encryption technique called hashing. Because the data are scrambled, private records can be shared with the government and secret watch lists can be distributed to private entities, all without fear--because they can't be read

    Although this is a step in the right direction, hashing algorithms can be brute forced right ?
    I mean, this information may be valid for years, a thing you did when you where 18 may still be there when you are 50. I don't think this data should be distributed much at all, even though it's encrypted.

  3. False Positives and False Negatives by billstewart · · Score: 4, Insightful

    Great. While there are definite positive privacy things they _could_ accomplish with this, it's also open to lots of possible problems like "The computer said you matched a terrorist's name, no we don't know why, or where the list came from, we just have to cancel your account and call the police on you" which are as hard to defend against as being on the "No-Fly List" of Americans whose rights to travel are arbitrarily and unconstitutionally limited, or the "Strip-Search-Before-Flying" list, or the "Hollywood Suspected Commies Blacklist".

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  4. Why should we spy on ourselves? by Adolph_Hitler · · Score: 3, Insightful

    I understand fighting terrorism, but fighting terrorism has nothing to do with this. This is just outright invasion of privacy to the nth degree. Whats the point of living in America if we are going to throw the constitution into the trash and become a police state like Saddams Iraq once was? This country is supposed to be the most free, now we let some terrorists rob us of our greatest strength? What are people dying for in Iraq?

    --
    People don't exist to serve systems, systems exist to serve people.
  5. definition of "war against terrorism"? by fantomas · · Score: 5, Insightful

    Can anybody help me and define the limits of the problem "the war against terrorism"?


    It strikes much of the issue is defining the problem, hey we're geeks right, give us a spec to build to, yup? This seems to be the chief concern of slashdot posters so far, that the problem has not been bounded and there are varying interpretations being made on what the problem is. How can we define the problem? Or are we accepting that the term is a worthless media and political construct to sell newspapers and justify military/ intelligence spending? Can we frame this fuzzy problem in a more meaningful way?

    1. Re:definition of "war against terrorism"? by Anonymous Coward · · Score: 3, Insightful

      No. In fact that's exactly the sort of naive thinking that landed us here in this mess to start with.

      Many men far wiser than us have pondered the human mind, and we have discovered its complexity and depth are pretty much beyond comprehension. ( I know PhDs in cognitive science, AI and psychology who all say the same thing so dont even argue the point unless you fall into that category ) Deterministic behaviourism is a childs philosophy, as are the many inadequate and naive tools used by so called 'anti - terrorism' agencies. The field is rife with charlatans and soothsayers peddling thier predictive tools, data miners, pattern matchers, signal processors (voice stress analysis), did you know the utterly discredited 'polygraph' is still used by some dumb government agencies? Most of this technology is snake oil, a comfortable lie at best.

      All this adds up to jack, trust me.

      It makes jobs for the boys. They get to spend your taxes on black suits, fancy gadgets and have a laugh sitting all day long disecting your telephone calls, emails, laughing at your love affairs and dirty secrets.

      Meanwhile, 'terrorists', who do exist, and are far far smarter than you ever would imagine slip in and out at will. They are ethereal, nebulous, unseen. They use cunning methods of communication that are thousands of years old and completely undetectable by the most sophisticated modern equiptment. They have no physical or geographial base. No rules of engagement to hamper them. They can blend in to normal society as your brother, sister, workmates. They have enduring patience and can 'sleep' for decades. They may not even know they are a 'terrorist' - one day some average joe just 'wakes up' and goes postal, that's terrorism, unpredictable, unforseen, unavoidable*.

      Every time some prick wastes another tax dollar on some technological snooping scheme my blood boils. Get it into your heads people.. YOU CANNOT WIN A WAR ON TERRORISM, all these measures disguised as fighting terror are big brother control methods, nothing more. The government is using your fear to make you willing slaves.

      KFG, I respect you for your normally intelligent and insightful posts, but if you believe that predicting terror is a matter of 'extrapolation' you are living in a dream world my friend.

      The best way to stop terror is to stop terrorising people.

  6. Freedom for security by mu-sly · · Score: 4, Insightful

    Obligatory quote:

    "Those willing to give up a little liberty for a little security deserve neither security nor liberty." - Benjamin Franklin

    My personal opinion on the matter is that you can't fight a war against terrorism without looking at what the root causes of that terrorism are. The fact is, that at the moment the west is seemingly willing to just overlook what the causes of terrorism are, and are trying to just blow the terrorists to smithereens.

    When will people learn that labelling people "terrorists" and killing them just creates new "terrorists" at an exponential rate? As far as these "terrorists" are concerned, America and the UK are "terrorists" too.

    Clever tracking software or not, "terrorists" are not going to go away until we start looking at why they are "terrorists" in the first place.

    Just because a government chooses to carry out military activities, doesn't make them any less terroristic or any more legitimate.

    Perhaps those doubting the terrorism carried out by the US and allies in Iraq should check this page for help in visualising the numbers.

    --
    Organic free-range music... yum!
  7. This is getting absurd by hardcode57 · · Score: 5, Insightful

    The peoples of democratic countries need to wake up to the fact that terrorism represents less of a threat than their own governments' response to it. Even 9/11, the worst terrorist attack in history, did not do much to increase the annual rate of homicides in the US. It remains much more dangerous to cross the street, drive to the supermarket, walk in the hills, or go for a drink on a weekend night (let alone smoking or eating burgers). We need to accept, and insist our governments accept, that there are risks involved in the world, of which terrorism is by no means the greatest, and that these cannot be eliminated while maintining a reasonable quality of life.

  8. To what degree... by Sciamachy · · Score: 4, Insightful

    ...does this work? I mean, the theory goes that we're all connected by 6 degrees of seperation. How do they define a connection? Depending on these factors, anyone could be condemned as connected somehow with undesirables.

  9. Guilt By Association by wfberg · · Score: 3, Insightful

    Pure and simple.

    --
    SCO employee? Check out the bounty
  10. If you search deep enough... by MavEtJu · · Score: 3, Insightful

    If you search deep enough, you'll find something which will link me to a terrorist group. Just broaden your definition of terrorism wide enough, make the links deep enough and oh my...

    It will be cheaper to put a fence around the whole country I'm living in than to build prisons for all of us.

    --
    bash$ :(){ :|:&};:
  11. Dumb idea... by shic · · Score: 4, Insightful

    It is not sensible to publish this data - even in "anonymous form." Use of hashing will only prevent a party with access to the hash from directly reverse engineering the hashed data to arrive at a list of suspect names - however this completely misses the mark.

    If I were a terrorist organisation planning something like 9/11 and I knew many of my lemming-recruits would be identified by airport security as risks, I would process my terrorist volunteers myself and only send those who would not raise any eyebrows. This information (anonymous though it is) would be of great value as it would eliminate another uncertainty from the evil plan.

    If I were a private individual with interest in knowing the identities of all suspects then I would be able to mount a dictionary attack using, say, the electoral role or census data - with only a few billion people worldwide, a modest cluster of PCs would be able to exhaustively search for matches in reasonable time.

    Finally - if this anonymous data were to be available only to authorities to whom the raw information would otherwise have been available then this approach is still a disadvantage. Without access to the reason for someone matching, it will make it much harder for authorities to make appropriate judgement calls based upon a match. The mere possibility that a match might be due to a hashing collision or data- entry errors prior to hashing could result in the wrong decisions being taken. There is certainly a risk that without information on why someone is a suspected risk that related vital clues may be missed - possibly resulting in an otherwise preventable disaster.

  12. This is a huge threat to civil liberties by Sivaram_Velauthapill · · Score: 3, Insightful

    This is a huge threat to civil liberties. Typical citizens will still be safe for a while. This won't have a major impact on citizens until the technology is passed from the spy agencies (eg. CIA) to the police agencies (eg. FBI). Not really sure when this will happen but at the rate the "war" on terrorism is going, it may be tomorrow...

    Sivaram Velauthapillai

    --
    Sivaram Velauthapillai
    Seeking the meaning of life... @slashdot of all places ;)
  13. This is the stupidest concept ever. by DavidTC · · Score: 3, Insightful
    And it's not stupid because it's a privacy invasion, it's stupid because it makes it more likely terrorists can get past the system.


    All they have to do is figure out their position on this 'watch list', which is easy enough to do with the ability to query the list in private hands. Then pick the least suspected one of them to carry the bomb. If they want to be really clever, send a half dozen really suspicious people in in front of the guy with the bomb, so security is busy and they won't get hit with a random search.


    Flagging suspicious people in ways they can find out they have been flagged is so mind-bogglingly stupid anyone suggesting it should be utterly shunned by the security community. Hello, terrorists normally operating in groups! In any group, there's going to be a few people we've never suspected, and we must never let the terrorists know which ones those are!

    --
    If corporations are people, aren't stockholders guilty of slavery?