Slashdot Mirror
Rand Report Says Geospatial Data Not Big Threat
scupper writes "An article in Federal Computer Week came out Monday that announced The Rand Corporation has published a report (sponsored by the National Geospatial-Intelligence Agency) concerning the threat that publicly available geospatial data on US Government web sites might pose in the hands of terrorists that 'found that less than one percent of the 629 federal data sets they studied appeared to have notable value to would-be attackers', according to the report titled: Mapping the Risks:Assessing the Homeland Security Implications of Publicly Available Geospatial Information. A curious 'finding' from page xxv of the summary not mentioned in the article states: 'However, we cannot conclude that publicly accessible federal geospatial information provides no special benefit to the attacker. Neither can we conclude that it would benefit the attacker.' The release of this report reminded me strangly of the Washington Post news story about a George Mason University graduate student, whose dissertation mapped critical fiber optic network infrastructure."
As in: the Rand Corporation, in conjunction with with the saucer people, under the supervision of reverse vampires, are forcing our parents to go to bed early in a fiendish plot to eliminate the meal of dinner.
Holy Shit!!! We're through the looking glass here, people..
The big problem with terrorists is that they cause terror.
In this case, we're falling for it. We're having an unrational fear of the unknown. We're worried that in everything we publish, there's a terrorist reading it and trying to use it to their advantage.
On 9-11-01, they did something we didn't expect. They hijacked planes and brought their on minimally trained pilots to fly them into buildings. We didn't think that was likely to happen... at that time, standard policy during a hijacking was to let the hijacker into the cockpit. We're never going to make that mistake again.
But think about that, in all of our past dealings with hijackers, we assumed the hijackers wanted to live, and therefore would not crash the plane, nevermind know how to crash the plane into something else. In every case prior to 9-11-01, that was a correct decision. In most cases, we were able to get a majority of the passengers and crew members off the plane alive.
If a hijacker were to take over a plane today, there'd be much more opposition given to them by the passengers and flight crews. However, if a hijacking team were ever to succeed... now the default response would not be to attempt to reason with them but instead shoot the plane down. 100% of the innocent passengers would be lost, but we would be relieved that the plane didn't crash into a building.
Hey, wait a second... we're playing the game not to get the maximum lives returned, but instead to avoid the worst-case senario that has only struck once. That's somewhat a broken logic.
And that's really the culture that's taking over the nation. We've gotten so risk-adverse at doing things that when there's a possiblity of information being used negatively, we're ignoring all of the more-likely probablities that the infromation could also be used for good causes that we'd want to support. It's easier to point at the fear of what could go wrong than the dream of what could go right.
When a player is at a casino, the lure of the possibilty of a big jackpot convinces them to play games where the probabity of coming out positive just isn't there. Again, it's a case of possibility of an positve extreme case causing the ignorance of a probablity of a negative result.
Somehow, the concept of multiplying odds by result values is something average people just can't comprehend because emotions get in the way of cold logic... we act based on the possible emotional outcome rather than more likely outcome that logic would lead us to look for.
found that less than one percent of the 629 federal data sets they studied appeared to have notable value to would-be attackers
Less than one percent of 629 is still 6. Granted, six isn't a large number when one considers it's relative relation, but it's still a number greater than zero.
(I'm not being paranoid, right?)
An effective signature identifies a particular user amongst a base of thousands.
Nick Berg's Head (779033)
--
Watch me be decapitated! [freecache.org]
Now that's just cold.
But it has become a public interest problem.
Not long ago, you could finally get information from the government without spending several days and gobs of cash. It was brought to you via an innovative system called the Internet. If you were living next to a toxic waste dump, you could do a search on the 'web' and literally dozens of published reports were at your finger tips. At long last, public interest groups and individuals could see the reports the government was publishing about these sites, but were largely unavailable unless you lived near a library that qualified as a federal repository.
In short, there were damn few access points for information about what the government was doing with your money and the Internet made the barriers disappear.
Along came 911 and now everything is back to the old days. I publish scads of documents about cleaning up nuclear waste dumps and no one will see them unless they can convince the government that they are not a threat. You can pump your arms all over the place and tell me how "newclear stuff should be off the web 'cause its dangerous", but I'm not buying it. The stuff we are not allowed to discuss is so difficult to extract that even the US government is wondering what they are going to do with it. How the hell do you clean tritium out of groundwater?
What my colleages and I report on is soooo not a terrorist target that it is laughable. But the information is in geospatial coverages that are now considered off-limits (official use only) to the public. The 911 tragedy has been a coup for those who want to obstruct the public's access to information related to their own health and safety.
The government just uses terrorism as an excuse.
"Rocky Rococo, at your cervix!"
Buy Steampunk Clothing Online!
Well yes, it is a threat - so are the AAA maps, tourist gides and almanacs, should we regulate those, demeand photo ID with biometrics to purchase a map? (I know, the FBI and Almanacs)As an early poster pointed out we play into terrorist hands by being scared of this and limiting our information that is available.
Underloved Movies and Pub Quiz: donotquestionme.org
Sean Gorman mapped and correlated data about a whole lot more than just fiber optic lines. Data, electric, transportation and god knows what more, wrapped up in a nice little program that makes the data quite easy to get at. Incredibly useful, but quite potentially dangerous in the wrong hands. Now what I wouldn't give to have that thing in MY hands...pretty...
Wrong "Rand". You're thinking of the objectivist creator Ayn Rand which is similar to the classic liberal (now called libertarian) political party. RAND Corp. is a defense organization and RAND is short for "Research and Development".
:)
Libertarians aren't "FAR right" by the way, but that's off topic.
If we spread our attention and resources too thinly, though, any target becomes accessible.
Terrorists have to have large-scale loss of life to generate the headlines they need for fundraising. I wouldn't worry about infrastructure (even vital infrastructure), since it's too hard to explain to uneducated fundamentalists why snarling up internet traffic is a victory for Allah.
RAND hasa bit of an uneven history. I wouldn't even call the right wing so much as establishment/pol/mil/industrial complex wing. This is probably on honest report on the part of the person who made it, but it does smell odd from this distance.
:), the targets terrorists want to and may actually try to hit are pretty well known and not at all hard to find. Stuff in the middle of nowhere is pretty low on their list.
Fundamentally, I think they're right on this (and privatizing schools
It's also pretty unlikely that the punks will get their hands on a launchable ICBM or suchlike.
That being said, I'm trying to think of why I would need GPS coords for cabinet offices or suchlike. It's a pretty limited use, I'm not sure it would be worth doing, especially with My Tax Dollars (I know, pennies, but it's the principle).
Obviously if you have a sensitive (NSA, Weather mountain, Federal Brocolli Pricing Board, etc) site, don't put GPS coords on your website. Duh.
Wow you mods totally dropped the ball on this nice Simpsons quote. The episode is at http://www.snpp.com/episodes/2F07.html. The quote is right near the end.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
My first knee-jerk reaction upon reading the Slashdot summary was:
"We find that this information isn't really important to terrorists"
>boom
"oops. uh... guess we were wrong..."
But after reading the article it sounds like they're making a perfectly valid statement. Sure, some information like large military bases off the beaten path shouldn't have their details published. But it makes no sense to remove maps of public utility Nuclear Reactors because that information is commonly available from about a dozen other sources. Like, street maps! So removing it from the federal records doesn't make it "secure". Or from the example in the article where the feds removed offshore oil sites from their public records. Turns out Scuba diving maps sold to divers were showing where those were ANYWAY. Rand is calling for the government to redefine what needs to be "secret" and it it does, work with local companies to have all sources removed.
Where is planet Kamino, anyway?
What is their definition of a data set? A data set for the NSA/CIA/FBI may have attributes for military locations, population density, etc.
Now, if they get their hands on a data set by the Parks Commisioner, indicating locations of forests with attributes relating to the trees, I highly doubt that would be threatening.
So a 1% possibility that a data set may be useful to terrorists is subjective, as it depends on their objective.
In the right hands, any data set can potentialy enhance the ability of terrorists. And of course, don't forget. Private companies are the ones that sell most of the data to the government (see US Census for example). Why bother going after government publication of data and not control to whom a company sells the data?
As for the fiber optic map... It was useful not because you can cut cables (redundancy does exist), but because you know the ends of cables are to where corporations are (that is why the dissertation did get credit in the first place). Also, you know that where the biggest bandwidth cable go to is a prime target, as it promises a network depended coproration/entity that could be damaged by loss of communications.
The above post, while the truth, is basically a summary of the first few chapters of Bruce Schneier's book, "Beyond Fear".
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
I remember when the story about mapping the fibreoptic infrastructure broke.
I also remember several months later, massive power grid failures in the US and UK among others, all within a reasonably short timeframe.
I thought even back then, while the two aren't directly related, that there was a possibility that someone had figured out the electrical grid chokepoints sufficiently to do a test run of sorts, to see if it worked or not, possibly inspired by the fibreoptic story.
My point is this - if you were a terrorist and wanted to hit hard again, why not follow standard military doctrine and cut off the enemy's power grid first? After all, we do it, so why wouldn't they do it as well? In all the confusion, that's when you conduct your real strike.
Thankfully, since the information is public, we too can look for potential chokepoints and demand of governments that they fix them or mitigate the risk by building in redundancy. If we don't keep this information public, we will not be able to hold governments accountable when they don't make the effort and the system fails when it's most needed. And if you can no longer hold your government accountable when they screw up, because you don't have access to the information you need to do it, then you are no longer in control, and they are ruling you, not governing on behalf of you.
Visceral Psyche Films
What an organization researches is very different than bias towards the establishment. RAND advocates relaxing drug policy, especially for marijuana. They were the original group who said (and with evidence) that Vietnam was a bad idea. They said this even before we got involved in any significant way. Finally, RAND recommends a moderate Islamic state for middle eastern states we "liberate," which doesn't jive with the religious right's plans. Just because RAND researches for the military doesn't mean it's obligated to make things sound good to warmongers and Republicans (are they different?). RAND is damn objective for the politically sensitive work they perform.
Any information is really only valuable when you have enough creativity and common sense to make something of it. People aren't trained to think "outside of the box", but given enough time and motivation, things will happen.
I'm not saying that we should keep all of this info under lock and key(among dozens of other safeguards), but we should at least make a few more independent analysies(sp?) of the threat the data poses.
The thing that I think would be alot more interesting is to take the layouts of some of these buildings; turn them into maps for some FPS games (UT2k4 is my fav) and figure out the best way to attack/defend them. (I've been wanting to do this for my college campus for awhile now.... let players spawn in their dorm rooms... consider it preparation for the giant paintball war we're planning for halloween)
yeah, just my 2 cents..
"Operating systems suck: you're better off using only the BIOS" --trainsaw.com
Speaking as a GIS tech/programmer, and geologist ... holding back geospatial data from free public use will hurt the enonomy far more than any of those imagined threats. If a terrorist really wants to know where a target is, he can just wander on past with a GPS.
If the US government really cared, they wouldn't have turned of the 'selective availability' distortion that used to reduce the accuracy of common GPS units from a nice 10m accuracy down to an annoying 100m.
I think history has proven that at least so far terrorists attacking the US have preferred large symbolic targets, the kind that you can't hide, where openly available geospatial data is irrelevant.
And consider that having as much data available as possible to the public enables all kinds of value added / data mining uses to crop up that the data owners might never think of themselves. There are many business models out there working right now, feeding families.
Open free exchange and full interoperability if geospatial data is the future. It is happening now through the Open GIS Consortium, GML, and through free open source programs such as Grass, and MapServer. Good things happen when the right people have easy access to your spatial data.
Do your part! set up a MapServer WMS server today, make your spatial data available to the world yet still maintain control (the server passes out raster map layers that become part of a user's raster map, no one gets your valuable vectors)
George Bush + Linux = "I will not let information get in the way of the fight against Windows"
Maybe they don't think the data is a threat because they've already had their way with it before it's made publicly available. Take this TerraServer shot of of the US Capital using the new .25 meters / pixel USGS natural color data set. The Capital and Senate / Congressional office buildings are mosaic'd out!
But seriously, the (US) governments totally gets the mind-set of these people wrong. They don't download multi-gigabyte maps from the net before they attack, they simply and effectively pick so-called postcard targets, because they seek to attract media attention and these targets stand for what they resent.
Most terrorists are surprisingly low-tech, but that's actually why they can be difficult to track down: if you never use Web browsers, phones and credit cards you leave few traces.
If you read the recent intelligence 'success story' where they tracked some people because they used a Swiss pre-paid mobile phone SIM-card from somewhere in Pakistan, apparently swapping mobile phones and not SIM-cards instead of the other way round, this gives you an idea of what to expect.