Quotulatiousness

September 23, 2009

Information is data, but data is not information

Filed under: Liberty, USA — Tags: , , — Nicholas @ 12:12

Wired obtained several hundred pages of information through a Freedom of Information Act query relating to internal surveillance of Americans by the FBI — including information from hotels, car rental agencies, and at least one department store chain:

A fast-growing FBI data-mining system billed as a tool for hunting terrorists is being used in hacker and domestic criminal investigations, and now contains tens of thousands of records from private corporate databases, including car-rental companies, large hotel chains and at least one national department store, declassified documents obtained by Wired.com show.

Headquartered in Crystal City, Virginia, just outside Washington, the FBI’s National Security Branch Analysis Center (NSAC) maintains a hodgepodge of data sets packed with more than 1.5 billion government and private-sector records about citizens and foreigners, the documents show, bringing the government closer than ever to implementing the “Total Information Awareness” system first dreamed up by the Pentagon in the days following the Sept. 11 attacks.

Such a system, if successful, would correlate data from scores of different sources to automatically identify terrorists and other threats before they could strike. The FBI is seeking to quadruple the known staff of the program.

The last paragraph needs a bit of analysis . . . because just adding more data won’t “automatically” do any good for domestic security or individual privacy. There was no lack of data on the 9/11 terrorists: if anything, there was too much data. Data is useless until it is corelated with other data to form actual information, a pattern of data that shows something of interest. The various intelligence-gathering arms of the US government already gather lots and lots of data, but they haven’t always been able to turn that collection of raw data into useful information . . . at least, not in a timely fashion.

Opsahl cites a October 2008 National Research Council paper that concluded that data mining is a dangerous and ineffective way to identify potential terrorists, which will inevitably generate false positives that subject innocent citizens to invasive scrutiny by their government.

At the same time, Opsahl admits the NSAC is not at the moment the Orwellian system that TIA would have been.

Those false positives may be enough to disrupt the private lives of many Americans and non-citizen residents, because everyone still has things about them they don’t particularly want to be broadcast to the world. Many employers reconsider their employees who are deemed to be “of interest” to the government, leading to potential loss of employment, diminished opportunities for promotion, or other less obvious but still negative consequences. Having “nothing to hide” is no defence . . . in fact, it may make things tougher — if they don’t find anything obvious, they may decide to dig deeper, creating more disruption.

Of course, things could always be worse: the EU is busy working towards their own Precrime database. (Obscure reference explanation.)

September 6, 2009

QotD: Politics in the 21st century will not be about . . .

Filed under: Politics, Quotations — Tags: , , — Nicholas @ 09:10

. . . privacy and intellectual property. Or rather, it’s going to be about privacy and intellectual property the way that the 20th century was about steam locomotives and iron foundries. These were vital 19th century technologies that provided a platform for 20th century industries to evolve on top of, but triple-condensing steam engines tell us nothing about semiconductor fab lines: they lie too far down the stack of incremental technologies. By the time we reach 2050, the microprocessor and software industries will be about as innovative and interesting as steam locomotives were in 1950; and the big questions about privacy and IP will have been answered (hint: ubiquitous polycentric surveillance, some sort of abstraction layer to encapsulate and insulate the public against the crisis of copyright, and a generation for whom the concept of “blackmail” makes less sense than bleeding with leeches as a cure for a surfeit of billious humours).

Thirdly, it’s not going to be about biotechnology any more than the 20th century was about powered heavier-than-air flight. Yes, flight was and is important, but not in the way the Italian modernists of the first three decades imagined, with their manifestos about “air-mindedness” and Douhet’s insane, apocalyptic visions of air power — that led to such atrocities as the British Empire’s policing with bombers (dropping poison gas!) in the 1920s, and strategic bombing raids against civilian populations during subsequent wars. For the most part, military aviation falls into two categories (better artillery, and better logistics); it doesn’t really change warfare, it just makes the whole barbaric affair more efficient (which is to say, more destructive). Biotechnology is going to be an efficiency enabler for a whole lot of things, and have immense second-order effects (just like cheap air travel), but it’s not going to fundamentally change us (unless some lunatic repeats the mousepox/interleukin-4 experiment with weaponized smallpox, in which case we are probably all dead).

Charles Stross, “Chrome Plated Jackboots”, Charlie’s Diary, 2009-09-04

August 11, 2009

So much for the right to not self-incriminate

Filed under: Britain, Law, Liberty — Tags: , , — Nicholas @ 12:24

The headline really does tell the story: Two convicted for refusal to decrypt data: Up to five years in jail after landmark prosecutions. You will provide the key, citizen . . . or you’ll do hard time:

Two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark convictions that may have carried jail sentences of up to five years.

The government said today it does not know their fate.

The power to force people to unscramble their data was granted to authorities in October 2007. Between 1 April, 2008 and 31 March this year the first two convictions were obtained.

The disclosure was made by Sir Christopher Rose, the government’s Chief Surveillance Commissioner, in his recent annual report.

The former High Court judge did not provide details of the crimes being investigated in the case of the individuals &mash; who were not necessarily suspects — nor of the sentences they received.

Deleting your cookies doesn’t protect your privacy

Filed under: Technology — Tags: , — Nicholas @ 09:44

According to a report in Wired, there are lots of sites out there (including whitehouse.gov) who are actively circumventing the common practice and zombifying the cookies you thought you’d deleted:

More than half of the internet’s top websites use a little known capability of Adobe’s Flash plugin to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.

Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not.

What’s even sneakier?

Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called ‘re-spawning’ in homage to video games where zombies come back to life even after being “killed,” the report found. So even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”

This would be a good opportunity for Adobe (who control the Flash cookie capability) and the browser developers to get together and provide end users with enhanced capability to turn off these zombies. Probably a tiny percentage of current users ever bother to delete cookies, so it’s not like this would seriously undermine legitimate uses of cookies, but it would put a bit more control of how personal information is used back in the hands of the individual.

Of course, back here in the real world, I don’t honestly expect any such thing, but regulation is almost always the wrong answer to a given problem on the internet. But that’s what we’re likely to get . . .

« Newer Posts

Powered by WordPress