Slashdot Mirror
Rand Report Says Geospatial Data Not Big Threat
scupper writes "An article in Federal Computer Week came out Monday that announced The Rand Corporation has published a report (sponsored by the National Geospatial-Intelligence Agency) concerning the threat that publicly available geospatial data on US Government web sites might pose in the hands of terrorists that 'found that less than one percent of the 629 federal data sets they studied appeared to have notable value to would-be attackers', according to the report titled: Mapping the Risks:Assessing the Homeland Security Implications of Publicly Available Geospatial Information. A curious 'finding' from page xxv of the summary not mentioned in the article states: 'However, we cannot conclude that publicly accessible federal geospatial information provides no special benefit to the attacker. Neither can we conclude that it would benefit the attacker.' The release of this report reminded me strangly of the Washington Post news story about a George Mason University graduate student, whose dissertation mapped critical fiber optic network infrastructure."
The big problem with terrorists is that they cause terror.
In this case, we're falling for it. We're having an unrational fear of the unknown. We're worried that in everything we publish, there's a terrorist reading it and trying to use it to their advantage.
On 9-11-01, they did something we didn't expect. They hijacked planes and brought their on minimally trained pilots to fly them into buildings. We didn't think that was likely to happen... at that time, standard policy during a hijacking was to let the hijacker into the cockpit. We're never going to make that mistake again.
But think about that, in all of our past dealings with hijackers, we assumed the hijackers wanted to live, and therefore would not crash the plane, nevermind know how to crash the plane into something else. In every case prior to 9-11-01, that was a correct decision. In most cases, we were able to get a majority of the passengers and crew members off the plane alive.
If a hijacker were to take over a plane today, there'd be much more opposition given to them by the passengers and flight crews. However, if a hijacking team were ever to succeed... now the default response would not be to attempt to reason with them but instead shoot the plane down. 100% of the innocent passengers would be lost, but we would be relieved that the plane didn't crash into a building.
Hey, wait a second... we're playing the game not to get the maximum lives returned, but instead to avoid the worst-case senario that has only struck once. That's somewhat a broken logic.
And that's really the culture that's taking over the nation. We've gotten so risk-adverse at doing things that when there's a possiblity of information being used negatively, we're ignoring all of the more-likely probablities that the infromation could also be used for good causes that we'd want to support. It's easier to point at the fear of what could go wrong than the dream of what could go right.
When a player is at a casino, the lure of the possibilty of a big jackpot convinces them to play games where the probabity of coming out positive just isn't there. Again, it's a case of possibility of an positve extreme case causing the ignorance of a probablity of a negative result.
Somehow, the concept of multiplying odds by result values is something average people just can't comprehend because emotions get in the way of cold logic... we act based on the possible emotional outcome rather than more likely outcome that logic would lead us to look for.
But it has become a public interest problem.
Not long ago, you could finally get information from the government without spending several days and gobs of cash. It was brought to you via an innovative system called the Internet. If you were living next to a toxic waste dump, you could do a search on the 'web' and literally dozens of published reports were at your finger tips. At long last, public interest groups and individuals could see the reports the government was publishing about these sites, but were largely unavailable unless you lived near a library that qualified as a federal repository.
In short, there were damn few access points for information about what the government was doing with your money and the Internet made the barriers disappear.
Along came 911 and now everything is back to the old days. I publish scads of documents about cleaning up nuclear waste dumps and no one will see them unless they can convince the government that they are not a threat. You can pump your arms all over the place and tell me how "newclear stuff should be off the web 'cause its dangerous", but I'm not buying it. The stuff we are not allowed to discuss is so difficult to extract that even the US government is wondering what they are going to do with it. How the hell do you clean tritium out of groundwater?
What my colleages and I report on is soooo not a terrorist target that it is laughable. But the information is in geospatial coverages that are now considered off-limits (official use only) to the public. The 911 tragedy has been a coup for those who want to obstruct the public's access to information related to their own health and safety.
The government just uses terrorism as an excuse.
"Rocky Rococo, at your cervix!"
Buy Steampunk Clothing Online!
Well yes, it is a threat - so are the AAA maps, tourist gides and almanacs, should we regulate those, demeand photo ID with biometrics to purchase a map? (I know, the FBI and Almanacs)As an early poster pointed out we play into terrorist hands by being scared of this and limiting our information that is available.
Underloved Movies and Pub Quiz: donotquestionme.org
If we spread our attention and resources too thinly, though, any target becomes accessible.
Terrorists have to have large-scale loss of life to generate the headlines they need for fundraising. I wouldn't worry about infrastructure (even vital infrastructure), since it's too hard to explain to uneducated fundamentalists why snarling up internet traffic is a victory for Allah.
RAND hasa bit of an uneven history. I wouldn't even call the right wing so much as establishment/pol/mil/industrial complex wing. This is probably on honest report on the part of the person who made it, but it does smell odd from this distance.
:), the targets terrorists want to and may actually try to hit are pretty well known and not at all hard to find. Stuff in the middle of nowhere is pretty low on their list.
Fundamentally, I think they're right on this (and privatizing schools
It's also pretty unlikely that the punks will get their hands on a launchable ICBM or suchlike.
That being said, I'm trying to think of why I would need GPS coords for cabinet offices or suchlike. It's a pretty limited use, I'm not sure it would be worth doing, especially with My Tax Dollars (I know, pennies, but it's the principle).
Obviously if you have a sensitive (NSA, Weather mountain, Federal Brocolli Pricing Board, etc) site, don't put GPS coords on your website. Duh.
My first knee-jerk reaction upon reading the Slashdot summary was:
"We find that this information isn't really important to terrorists"
>boom
"oops. uh... guess we were wrong..."
But after reading the article it sounds like they're making a perfectly valid statement. Sure, some information like large military bases off the beaten path shouldn't have their details published. But it makes no sense to remove maps of public utility Nuclear Reactors because that information is commonly available from about a dozen other sources. Like, street maps! So removing it from the federal records doesn't make it "secure". Or from the example in the article where the feds removed offshore oil sites from their public records. Turns out Scuba diving maps sold to divers were showing where those were ANYWAY. Rand is calling for the government to redefine what needs to be "secret" and it it does, work with local companies to have all sources removed.
Where is planet Kamino, anyway?
Speaking as a GIS tech/programmer, and geologist ... holding back geospatial data from free public use will hurt the enonomy far more than any of those imagined threats. If a terrorist really wants to know where a target is, he can just wander on past with a GPS.
If the US government really cared, they wouldn't have turned of the 'selective availability' distortion that used to reduce the accuracy of common GPS units from a nice 10m accuracy down to an annoying 100m.
I think history has proven that at least so far terrorists attacking the US have preferred large symbolic targets, the kind that you can't hide, where openly available geospatial data is irrelevant.
And consider that having as much data available as possible to the public enables all kinds of value added / data mining uses to crop up that the data owners might never think of themselves. There are many business models out there working right now, feeding families.
Open free exchange and full interoperability if geospatial data is the future. It is happening now through the Open GIS Consortium, GML, and through free open source programs such as Grass, and MapServer. Good things happen when the right people have easy access to your spatial data.
Do your part! set up a MapServer WMS server today, make your spatial data available to the world yet still maintain control (the server passes out raster map layers that become part of a user's raster map, no one gets your valuable vectors)
George Bush + Linux = "I will not let information get in the way of the fight against Windows"
Maybe they don't think the data is a threat because they've already had their way with it before it's made publicly available. Take this TerraServer shot of of the US Capital using the new .25 meters / pixel USGS natural color data set. The Capital and Senate / Congressional office buildings are mosaic'd out!