Slashdot Mirror
Fighting Terrorists Through Software, Anonymously?
Silwenae writes "MSNBC has a story online from this week's Newsweek about Jeff Jonas, founder of System Research and Development. SRD's software attempts to verify a person is who he says he is, and then tries to determine who that person may be connected with. Originally used in casinos, the CIA has invested in SRD for use in the war against terrorism. Apparently, Jonas has developed a system that can anonymize the data being analyzed through hashing, so the government can share this information with the private sector to look for hits, without the private sector seeing the specific data."
then tries to determine who that person may be connected with.
Does this software detect siamese twins?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Still don't like it.
:)
:)
Just because they are searching for hash matches instead of plaintext doesn't mean profiling en-mass is right. It just means nosey companys who are being 'asked' won't know WHAT they are being 'asked' about.
Gee, bob the builder knowns mahek alzis. Mahek is a suspected link betwene so and so, and then he works for this manager, and then these people. Hmm, we better start asking alot of questions..see who else matches our '(personal network) search criteria'
What, you think i'm kidding?
(And yes, some of you are going to explode that this sort of search-and-peck is not profiling, when it really is. Look it up. Searching through personal *profiles* and *information* to find any people who match enough of the criteria = profiling.)
This sort of thing is bull, It really is. Instead of doing real investigative work, they can just whip up a list of 'possible hits',snatch them all up, and then queston and otherwise probably scare the shit out of all of them - hoping their deeper searches find a hit in the crowd.
Welcome to the nightmare, please don't choke on the red pill while the door is hitting you in the ass.
[/tinfoil-hat]
My new top secret key -> C>N|KB
There is really nothing new to this technology. It does not do what it claims. Hashing has been around for while, and so have techniques to defeat the attempted security of this type of system. Interestingly, I have seen around five stories from various forums reporting on SRD in the past week or so. It seems like some marketing department is working pretty hard.
The credit card companies, for example, have access to a LOT of data. People seem to be content with that.
And it is ridiculous how much information about your activities are already out there, though not publicly accessible, accessible to certain organisations.
I think the scariest bit about this article is that casinos have access to your, YES YOUR, data. And if casinos can do that, so can the mafia.
The government having access to all this information is only a part of the problem. The real problem is, how much of it is available to bad guys, like telemarketeers and the Russian Mafia.
Indefinitely Detained US Citizen
Big brother may be watching you, but you have no way of knowing...
... to me at least.
... well - I'm a foreign citizen, so hey presto - enemy combatant.
Which is far more scary
Personally I'd feel more comfortable travelling in China, as I know for a fact what will happen to me, if I were to air my oppinions about their government. In the USA however
We do not live in the 21st century. We live in the 20 second century.
Can anybody help me and define the limits of the problem "the war against terrorism"?
It strikes much of the issue is defining the problem, hey we're geeks right, give us a spec to build to, yup? This seems to be the chief concern of slashdot posters so far, that the problem has not been bounded and there are varying interpretations being made on what the problem is. How can we define the problem? Or are we accepting that the term is a worthless media and political construct to sell newspapers and justify military/ intelligence spending? Can we frame this fuzzy problem in a more meaningful way?
I thought the whole point of hash encryption was that it's not able to ever be unencrypted, even by the legitimate users?
In order to check if there is a matching telephone number, you would first have to run the encryption algorithm on the number and then match this against every encrypted number you have in your data store. So if the two encrypted strings are equal, you have a match. But there is no way to know what the encrypted number is unless you have something to test for in the first place.
But I'm not sure how much use that is. Wouldn't you then need to be able to see who's number that is, i.e. decrypt the person's personal data?
Also, it would be interesting to see what the reaction to this software would be in the EU what with its Data Protection directive. Storing personal details about someone is prohibited except for certain circumstances... long term storage of someone's personal data for distribution to companies is not one of them. Whether the encryption of the data would make this acceptable or not would make for an interesting argument.
Patriotism - the last resort of scoundrels.
What's really wonderful is that, since this is a static system, this is still subject to the Carnival Booth terrorist screeing attack which was documented not so long ago and which guarantees that this will reduce and not increase security by allowing terrorists to identify which people they can use to carry out attacks.
Idiots.
And then there's the problem of extra data hidden in the hashes - some of the signature algorithms, for instance, can carry a bunch of hidden "subliminal" bits, like the one that says you're a Jew or black or Dues-Paying Republican or a Federal Agent or a Known Troublemaker.
Spelling is a real problem. I have enough trouble because my ancestors or their relatives were either illiterate or at least using names like "Stewart" "Stuart" "Steward" and "Steuart" before English spelling became relatively standardized. But Americans munging the names of people who use other alphabets, like Arabs, or who don't use alphabets at all, like Chinese, can't just use simple hashes, because any misspelling can either let somebody whose name is the same as a Real Suspect not get flagged, or let some non-suspect whose name is close to a Real Suspect get flagged, and any terrorist smarter than the Shoe-Bomber knows to use an alternative spelling of his name or get some fake ID. You probably know Chinese people who use different names in English and Chinese, either as immigrants or kids of immigrants; I knew a Hakka Chinese family from Vietnam who also had Vietnamese names, and in at least one of their languages, they had an alternate set of names for use within the family (approximately "Number One Son" etc.) And then there's the problem of exactly which name parts to use if you've got more than three, and nicknames, etc.
And then there's the problem of people whose names are the same as Real Suspects' names, and people who ever had their wallet stolen. Just spend a day in traffic court listening to DMV-screwed-up-and-I-got-arrested-by-mistake cases some time if you weren't already worried, or read any news article about identity theft.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Zero problems, but how many innocent people wrongly flagged as being unsavory?
How does this SRD system measure the accuracy of its conclusions?
The peoples of democratic countries need to wake up to the fact that terrorism represents less of a threat than their own governments' response to it. Even 9/11, the worst terrorist attack in history, did not do much to increase the annual rate of homicides in the US. It remains much more dangerous to cross the street, drive to the supermarket, walk in the hills, or go for a drink on a weekend night (let alone smoking or eating burgers). We need to accept, and insist our governments accept, that there are risks involved in the world, of which terrorism is by no means the greatest, and that these cannot be eliminated while maintining a reasonable quality of life.
BTW, definitely a book everyone should read, worth it just for the anecdote of the guy who has been flying around the US using a photo ID which says he is the martian ambassador, and only had a problem when they started checking for an expiration date. Wouldn't want the Ex-martian ambassador on your plane!
_O_
.|< The named which can be named is not the true named
Basically, we have another instance of the current government administration taking advantage of the fact that our "freedoms are threatened" by terrorism to implement some sort of control and monitoring device on the entire population. I'm almost immune to the talk of it by now though, as we've had countless instances of things like this being proposed.
The false-positive rate should be emphasized far more than it has been. What does it mean? It means that whatever system they have in place, if it's based on statistical indicators rather than someone's hunch, will inevitably identify several innocent people for every terrorist that they find. Depending on the sensitivity of the detection algoritm, the value of "several" could be anywhere from dozens to thousands. And these people are not "borderline" terrorists in any sense. They are no more likely to be real terrorists than anyone else in the population. They're entirely innocent. So the use of such a system is guaranteed to falsely identify, stigmatize and punish large numbers of innocent people. This is not a tradeoff between freedom and security. It's a tradeoff between justice and the false perception of security.
Get your teeth into a small slice: the cake of liberty