Slashdot Mirror
The Evil in E-Mail
Frenchy in Ontario writes "An Ontario university researcher is devising ways to help law enforcement agencies better pinpoint likely criminal behavior in e-mails. His theory is that people who are "up to something" are more likely to write differently than people who aren't - either by avoiding using certain words at all that could be flagged for possible criminal context (like "bombed) or to examine patterns that might indicate criminal activity - like several people e-mailing one person but not each other, which is how some criminal networks operate. There's also an interesting paragraph on why Enron's emails aren't as valuable as you might think for this sort of work."
From TFA:
Super. I'm predicting a whole lot of false positives...especially during the initial phase of this operation...
Also from TFA:
Great...so words like 'bombed' get the email flagged...as well as an absense of the word 'bombed'? So far, Skillicorn's test appears 100% sensitive...too bad it's 0% specific.
Some more from TFA:
OMG! This is the pattern of emails in my company! My whole company is a giant terrorist organization! I had no idea!
But here's the kicker...again with the quoting:
So let me get this straight...if criminals are okay with their criminal activity (like...say...terrorists), they'll 'slip under the radar'??? Great test, Skillicorn...sounds a lot like a standard polygraph test, which experienced criminals can fool at will, while innocent people fail them 50% of the time. That's what the War on Terror really needs...another inaccurate 'test' that does nothing but throw false positives.
I'm just glad that this method is so obviously stupid that it will never be implemented by our government...
Oh, wait...one more from TFA:
Crap.
____
~ |rip/\/\aster /\/\onkey
This may work well for English,etc.. but may not work with other languages..
The emails you send would be encrypted instead plaintext.
Real criminals aren't dumb, only the bad ones who get caught are.
There are no atheists when recovering from tape backup.
Pattern recognition has been around a long time - from analyzing the causes of infection to finding likely cheats on expense reports (and the latter uses the frequencies of certain digits, rather than looking for the text entries).
I do disagree with his statement about not being useful to fight spam - recognizing patterns ins spam is already in use, applying the idea that the same or significantly numerous occurrences of the same words from either the same person to multiple users at the same sight and different sites, or the same basic message sent to multiple users from different mailers / return addresses might be a good indicator of spam. The challenge is how do you monitor all the traffic?
I'm a consultant - I convert gibberish into cash-flow.
This will be a total BOMB , Honestly this is not a new field of science at-all , Letters and writing have been examined for years and criminals writing E-mails will be writing the same things they always write .
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Ah, my alma mater Queen's makes it onto Slashdot!
I don't know if using the Enron e-mails as his test material is such a good idea. Corporate malfeasance is probably not conducted the same way that every other criminal (or terrorist) network runs. At least their communication might be different due not to a "lack of guilt" but due to the fact that it's probably so easy to make a naughty memo sound like an innocent one without being obvious. After all these memos would be mixed in with a lot of legitimate company business the conspirators are also conducting.
How does automated analysis separate a memo saying "I think we should go ahead and promote Price out of the mailroom" - which means "Have Price-Waterhouse cook those spreadsheets I sent you", from one which just leads to some dude getting promoted out of the mailroom? Of course if they are not bothering to use code words then the system might work very well.
A related trick, he says, is to examine patterns in who e-mails whom. As an example, in criminal networks it is common to find several people communicating regularly with the same person, but never with each other. This is meant to ensure that if one lawbreaker is caught, he or she is unlikely to lead authorities to too many others. But it can also be a clue to suspicious activity.
Traffic analysis is probably more promising, since you can reconstruct relationships between players with it. The traffic pattern could look like a terrorist cell, or it could look like a bunch of guys who know each other - as he says, there's a difference. But this is old news, though automating it would make snoops' lives easier.
At any rate I find this line of inquiry disturbing for civil rights reasons, but I don't believe we should attack the researcher for working on it. Academic freedom is a very useful concept and ultimately does us more good than harm, IMO.
Freedom: "I won't!"
I am sure this will prove to as productive as searching eBay images for hidden Al-Qaeda messages.
This is not the sig you are looking for...
Personally, I can't see how this would ever work. It is typical of the attitude that "all terrorists are bad, they are all the same and we just have to deal with them all in the same way".
Isn't it obvious that different terrorists will have different styles, different levels of literacy, different levels of security awareness, different languages, different aims, different approaches - the list goes on and on. Normal emails all have these traits too. I can't imagine there is any way of applying Bayesian filtering to help with this task.
I'm going to go out on a limb here and say that Al Queda probably uses GPG or some other form of strong encryption in their e-mails.
The Yasashii Syndicate ||
He's just using statistics to detect emails that are "different". So, anyone who isn't conforming is flagged up. Organising an anti-war protest? There you are, flagged. Say goodbye to freedom, if you hadn't already. Or encrypt all your emails, and try and persuade everyone you know to. Maybe we can make encryption widespread enough these things are useless.
I am trolling
...or to examine patterns that might indicate criminal activity - like several people e-mailing one person but not each other, which is how some criminal networks operate.
Not to mention most social networks. Or is everyone you know equally popular?
Dr Skillicorn has obviously never done any work with or for a law enforcement or intelligence agency. After spending three years in this area working on data mining of electronic communication, I can say this fella has not done his research properly. He has failed to note that the frequency of grammatical and spelling mistakes, let alone "missing" words, have become so frequent now in the SMS TXT generation that this will cause a major problem when scanning messages on this scale. I really can't be bothered to pick any more holes in this because it is time for a bacon and ketchup sandwich.
Once the cops are convinced that you are guilty of something, they can put a case together that will convince a jury. We have lots of wrongful convictions to prove that. We now have laws that will let the authorities lock you up forever without a trial based on security concerns.
The case I have in mind is a guy who was wrongfully convicted of murder. The lead investigator was certain it was him because he was a 'weird guy'. He concentrated on only this suspect and assembled enough circumstancial evidence to get a conviction.
This of pseudo-science proposed in tfa will lead the authorities to investigate and charge completely innocent people. Some of those investigated will be convicted. This reminds me of the fruit machine used in the 1950s to detect homosexuals (who could be easily blackmailed into betraying their country).
This is why we need privacy laws. This is why the Patriot act should be repealed.
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety." FDR
So It is now no longer good enough to just have the ability to subpoena your records if your arrested?Now the government wants to activly sort/monitor the emails of an entire nation. HMM I smell more violations of the rights of the people. How much more of this are we willing to accept. How much longer until dissidents start a revolution. That's right I said it a revolution. This sounds like a combo of search/packet sniffing software.Last I heard PGP and RSA encryption was still unbreakable. This will NOT be effective for the worst thieves or tererorists.
Graduate students, take notice. This research is a wonderful example of ... going where the wind is blowing; that gives you media coverage and funding from people who know even less than you ... not doing your background research; doing your background research would just discourage you, and it takes time that isn't required for convincing people who know less than you that your sexy proposal is worth funding
So if you don't talk about things which a terrorist would talk about, you are a terrorist?
like several people e-mailing one person but not each other, which is how some criminal networks operate.
Yes, it's also how every other nuclear network of friends operates. Not all my friends know eachother. Not all a bank's customer's know eachother, not all a mailing list's users know eachother.
My 3D Texturing Skinning work (under construction)
How many criminals are going to send plain text emails discussing criminal activities?
This is clearly just designed to appeal to the government of Police State America, probably to get more funding.
This whole obsession with 'terrorists' is just becoming tiring. There are very few 'terrorists' in the world that the Americans didn't create through their own acts of terror. If America would stop its interference in the affairs of other countries, there would probably be almost none at all outside of the White House.
Worse yet, people will be watched and harrased by this technology, but never brought to court over it.
In a court, you can question the evidence used against you. Considering that the creator of this evidence indicated that he didn't need to know how it works, it's highly likely that you could get this evidence thrown out because it fails the test of provablility.
So this technology will "flag" people, and they will be watched "just in case". However, there's not going to be a court case, just continued monitoring until the budget to watch this person dries up. And it's very easy to get a bigger budget because you can argue, "We are watching 400,000 people who have been flagged as possible terrorists, we can't keep up. We need more money." Even when your flagging system has worse odds of finding a terrorist than the Lottery.
>Look at the nubmer of civilian casualty in
>Irak/Afghanistan (*), oh, sorry,you call them
>"collateral damage"...
Actually, I call them unfortunate victims of their own failure to successfully rebel and repress the tyrannical regime that had dominated them.
Had they done so themselves, there would not have been a motivation for an outside power to wage war in their country.
These people aren't victims of the US, and they aren't victims of Saddam -- they are willing architects of their own destruction, a path they chose when they allowed the Ba'ath party to take power in the first place. You've got a moral obligation to resist tyranny.
If you believe that's too much of a sacrifice, then you've already accepted the consequences of some situation later, where some other power decides to topple the tyrannical regime which you have allowed to dominate.
There are no innocents. By refusing to stand up to tyranny at dawn, you have chosen to sacrifice your children at sunset.
The people in Iraq made that choice as long ago as 1958, they confirmed their choice in 1979, and every day thereafter.
I'm sorry if standing up to tyranny means making an uncomfortable sacrifice, but that's part of the price of freedom. And failure to do it, may very well mean going on a course that ends with some of your people becoming "collateral damage". You chose to pass the buck, because it was simpler to live under the oppression than to take the risks involved in opposing it -- even if opposition appeared futile.