Slashdot Mirror
Airport Monitoring of Travellers via Blackberry
glhturbo writes "According to this article in Mass. High Tech, Massachusetts State Police stationed at Logan Airport will soon have access (via Blackberry handhelds) to "7 billion records" containing information on "nearly 98 percent of the U.S. population, including, for example, a person's prior residence and with whom he or she lived, criminal information, court filings, vehicles owned, and even restricted government data." The database is from a Massachusetts company, LocatePlus, started by a former policeman who was "on the waiting list for the FBI". Seems like a good tool, but major potential for abuse, and hopefully no false identifications."
It'll be really nice to know that there are going to be tons of these little handheld devices with access to these huge dossiers on the whole population.
This is a neat little database, but I have to wonder what the quality of the database is. If it's like other databases, it's sorely out of date. Can't be an easy job to keep tabs on 98% of the population.
And I also wonder about the false positive rate. Extensive databases might just show up how connected we are. Just like studies that show that a huge number of us are related to the Queen of England through some tenuous tie, if we dug deep enough I bet we could find links between millions of average Joes and people who are terrorists. Insignificant links, but how does the database know that? It comes down to the judgement of the officer, and his training. And any security system that shows a false positive rate is weakened by that. False negatives are much less damaging to security.
I get a picture in my head from the movie "A Beautiful Mind" where John Nash is in his shed, putting pictures and strings on the wall, showing all the relationships between them. Except, these relationships are going to be in a database, and will be taken seriously just because a computer said so.
No weapon in the arsenals of the world is so formidable as the will and moral courage of free men.-Ronald Reagan
There are many things I'd give for the sake of convenience... but this is going a bit too far. I'll take my privacy, thank you very much. Who exactly is going to be able to view this information? And how far does this "restricted government data" extend? It's one thing when it's a trained government officer making sure I'm not toting a shoe bomb. It's another thing when the steward has access to all my records.
What happens if one of these are compromised? Does some thief suddenly have access to " restricted government data" on most of the population?
How strong is the encryption used? I'd seriously question both the encryption and the key distribution in a scheme like this. There's plenty of room for mischef.
"Eve of Destruction", it's not just for old hippies anymore...
I remember the goverment making profiles of people who where doing war protests and the like. Will this information be included in the profile? I also seem to recall an incident where a protester was flagged at harrased at an airport.
With all of that data being sent to these things, it could be a treasure trove for identity theft if you could just set up a monitoring/logging device in the airport.
The truck driver is driving 100 pounds of TNT in a delivery crate right into the airport unchecked. What pisses me off most about this loss of privacy, how your personal information including your underwear size and what are the last 3 videos you rented are - is that for all that work, and all that money spent on technology, they don't do shit to actually secure the place. You think you can drive a truck up to an El Al airliner in Tel Aviv unchecked? Not unless you want a .50cal Barrett round in the chest from 5000 meters away before you get anywhere NEAR the airliner.
Read Marcus Ranum's book, the "Myth of Homeland Security." Yay, we paid for a bunch of blackberries that will get lost or stolen and some tech firm pocketed good change with a fat ass Oracle project. Yay.
You, the passenger, aren't one damn bit safer. Tell yourself that while you watch the truck load the pretzels and soda pop out the window while the guys are looking in your toiletry bag at your toothbrush and blackberrying to see if you ever lived in Hoboken, NJ.
Lastly, you know why the terrorists picked Logan to board? As CNN and others reported in the weeks that followed 9/11 - Logan's security was known to be the worst on the eastern seaboard.
I also worked in the insurance industry. We also had the screen actors guild account - for everywhere but CA. My coworkers and me would look up movie stars and gawk at their personal info - most of it just said something like "Joe Berstein talent, NY,NY" or something like that - but the point is ---WE WERE SNOOPING.
I have no excuse nor reason - we were star struck.
My Point Personal information will be abused somehow!
Don't forget folks, it's not only the Republicans who are itching to strip your rights away. Massachusetts is about as Democratic as you can get and they're in on it too.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
nearly 98 percent of the U.S. population
This is great. As long as the terrorist population in the USA is more than 2%, some of them are guaranteed to be caught. If 4% of the population are terrorists, and they all pass through that airport, half of them will be caught! Your tax dollars at work...
Unless those queries are fractions of a penny, wouldn't it be cheaper in the long term for the state to setup some type of non-profit or holding company and just buy out LocatePlus? Ha! i just RTFA and they said "between $1 and $7 per click. At what point does HomeLand Security decide that these businesses are critical to National Security & co-opt them?
p.s. the article does say "restricted government data" i.e. not public records.
[Fuck Beta]
o0t!
According to this article in Mass. High Tech, Massachusetts State Police stationed at Logan Airport will soon have access (via Blackberry handhelds) to "7 billion records" containing information on "nearly 98 percent of the U.S. population
Nice to hear so much being spent on a system which wouldn't have had any information on the 9/11 hijackers. And another thing which will get me earmarked for special treatment as a non-US citizen living here.
Boston is also "randomly" searching its subway passengers. The Supreme Court ruled this month that Americans must give their name to police who ask, even without cause, or be arrested. Freedom's just another word for something left to lose.
--
make install -not war
From their site:
"Introducing LP-Police Unlimited Flat Rate
LP-Police's unlimited low monthly rate of only $74.99 is unmatched by any other database available today! This database is restricted to use by Government and Law Enforcement only. LP-Police is an extensive database that includes searchable and cross-referenced public information on approximately 98% of the United States adult population. Subscribers to LP-Police are given unlimited access to the following searches: Telephone/Mobile/Cellular information, Address Information, Motor Vehicle Registration, Online Criminal and Sexual Offender information, Corporations and UCC and Real Estate Property."
Have a good day!
Tomas
There are dangers in relying on electronic information. Particularly when it is used without any exercise of common sense.
Note: I'm merely throwing out a hypothetical, this is not necessarily my belief. Just a discussion point.
On Slashdot, it is commonly argued and agreed upon that "security thru obscurity" is a falacy and the best way to get yourself into trouble. Obscure facts and details are eventually discovered and exploited. It is better to have all source and algorithms out in the open, have everyone pick at it, find the holes and patch them.
Compare this to the commonly held belief in keeping all personal information "secret". If someone tries hard enough, they can pretty much discover any information about yourself. Private detectives, for example, specialize in "hacking" personal information (arrest record, who you are sleeping with). Would it not be better to "open source" your life and deal with the consequences? Your SSN and Credit Card numbers should be secured with something better than mere obscurity, for example. If you are cheating on your spouse you would assume you are going to be caught and be able to deal with the consequences. With everything out in the open we don't have to worry about blackmail and dirty tricks and you better know people's character and motivations. Kinda like looking inside a program's source and seeing the flaws.
Note, these are NOT my opinions, just things that went through my head at 10pm.
Brian Ellenberger
If this is wireless I can see someone stealing one of these little suckers, getting the encryption code, and getting access to tons of info they shouldn't have.
Actually, this is one I can speak intelligently to. The device is BUILT from the ground up to be secure. I work for a large US bank. We implemented the BES, or blackberry enterprise server, approx. eight months ago. We now have 500 of these devices deployed. They are triple-des encrypted back to the bes in our data center, they are wipable OTA, they wipe themselves after 10 bad passwords, they have the ability to implement strong passwords, they (can be forced to) lock when placed into the holster, they can be limited only to pre-installed applications and transports, TLS and S/MIME can be terminated on the device or the bes/mds, and a whole raft of other security considerations.
In short, I'm much more worried about the application they access than I am the device and the transport it uses.
The truth about Scientology, Xenu, and you: Operation Clambake
In 1987 I founded a company in Orlando, FL that did most of this.
:-)
1987 was before the public was aware of the Internet, so it wasn't as prevalent. But, using CompuServe's packet switching network, we had access to most of the nation's public records: auto, plane & boat registration; worker's comp records; driver's licenses; arrest records; court filings; etc.
We also had access to the "top half" of a credit report. The major credit bureaus make a fortune selling the non-credit related info they have: names, addresses, employment history, etc. Federal law *prohibited* most law enforcement agencies from directly accessing this data.
For three years *we* made a small fortune reselling this info to several police/sheriff departments.
This experience taught me three things:
1. Gather all that information and even if a bunch of it is out of date or invalid, you can put together a VERY accurate picture of someone's life.
2. Many LEOs were quite loose with information they were not supposed to access or share. By this I mean cops sitting in parking lots running every tag, DL and NCIC reports on every driver. I also received full information requests on cop girlfriends, ex-wives, etc.
They are also more than willing to discretely share things like DL photos, NCIC records, etc. with people who give them data.
Hell, at one time I found full info on an escaped murderer who had been hiding for 10 years. His wife once applied for a Sears credit card using his real SSN. THAT led to a California DL photo that confirmed it was him; auto tag in Nevada with an almost-current address; and a forwarding address from a gas company that owed him a refund - bingo.
$5,000 reward, certificate of appreciation from 3 law enforcement agencies, and the knowledge that 98% of all $100 bills in circulation have enough drug residue on them to hit a drug dog. So, while taking that stack of $100s to the bank, I had a personal contact in the US Marshall's Office if I got stopped.
Oh, yeah, #3. The most important.
How to hide in today's society if I really want to.
chill
I have one of these devices (I'm a cop), although I do not live in Mass, and it uses a different provider for the information. All of the information is based on collection from three sources: public records, driving records, and criminal history. The public records are fairly accurate, but they are not perfect. The driving and criminal records are more accurate, and reflect the same information that I can collect when running a vehicle tag or a driver's license. That's the key. I need to know who I am searching for in order to get the information. I can't just put in a name, for example, with no other information (such as a date of birth, SSN, city of birth, etc.) and expect to receive any information. It just doesn't work that way. Is it dangerous? Depends on your stance towards records queries, I suppose. I can get all of this information without the Blackberry, but it is more convenient when I'm on foot interacting with a crowd to have the device. Push come to shove, however, and I'll take you back to the patrol car to get the information. It works for both of us, in a sense. I don't have to go back to the car to get the info, and you don't have to waste the time coming with me. Something else to consider: I am required by law (at least in my state) to protect the information that I gather on a person. The law is so protective that I can be held responsible if someone else HEARS the information on my radio, including the person I am checking! This would undoubtedly extend to my control over the Blackberry. If I lost it, I would be in a great deal of civil liability. That doesn't prevent someone from using the device illegally, granted, but it is something to consider none the less.
Yet I bet that their "120,000" number is about as good as my own analysis above- sounds very precise, but not at all accurate... But since those HTQ people are now defined- and who wants to waste data- they're going to show up in the gov't databases. And then their roommates and co-workers are going to get flagged as medium TQ people. And then their roommates get to be medium-low TQ people. And so on and so on... If you're lucky you'll only be a LLML TQ, but no one gets to be 100% free of the taint.
Even though that original 120k number doesn't pass the sniff test. Sure, ".04%" seems like a small number, but that equals one in 2500 people. Is 1/2500 people in the US a terrorist? That'd be 1 terrorist per 10 airplane flights, or several terrorists per major sporting event, or 400 terrorists in Silicon Valley (plus the 30 laid off who've moved back home). Unless they're all fantastically incompetent, the US should have several terror events per day.
[Pause to answer knock on door....]
Oh, never mind, we are crawling with terrorists, like the Peace Fresno anti-war group with their monthly streetside protest. Forgot that civil disobedience is now terrorism. Unless its lawful civil disobedience, of course. I'm just going to go back to my Orrin Hatch CD now.
The current BES (Blackberry Enterprise Server) allows you, as an admin to send a "poison pill" which will wipe the device automatically. They also have local passwords and an autolock feature set from the server. The device also wipes itself after 10 attempts with the wrong password.
.-=Wit is educated insolence=-. -Aristotle
48 bit was broken by a bunch of college geeks with commodity parts (less than $10,000 worth) in just a day a few years back.
It won't be too long till 64 bit is broken in a day by a similar group.
I have only read about these a few times, but everyone who rants about how you can opt-out or expunge data from public dbs don't realize that any and every kind of restrictive rules are why Police Officers Associations create their own private databases and where do you think all the data comes from that they put in them. It is like if the bank tellers association had a database that their "members" could enter and query data including SSN's, account balances, check payees and amounts taking any and all data they wanted to from their workplace. People would certainly howl if such a thing existed. Yet since people don't know about these and they are kept quiet and out of public view.
Private Police db example
One guy for example found himself stopped and searched because the fact that he had applied for a Concealed Carry Permit and ended up in a private police db.
Talk about the lawless wild West, who is going to control the data is these databases?