Feeds

Feds move swiftly to exploit 7/7

Profiles in cowardice

  • alert
  • submit to reddit

SANS - Survey on application security programs

Washington Roundup The US Department of Homeland Security (DHS) will now peddle geospatial data (satellite imagery) overlaid with "suspicious incidents" to state and local cops, further adding to their considerable confusion over what constitutes a petty crime, an innocent person acting strangely (which can get you wrestled to the ground and your brains blown out by terrified cops in London these days), and a bona fide terrorist cell scouting a target.

Nevertheless, the Homeland Security Operations Center (HSOC) is ready to provide too much of a bad thing, with a massive database of images and incidents, comprising a product with "maybe fifty layers of information," according to HSOC Director Matthew Broderick. More noise, less signal, which is precisely what we don't need when every citizen is already viewed as a potential terrorist by our panicky, and trigger happy, guardians of Liberty. For a rough idea of the sort of chickenshit that DHS will be frightening local constabs with, check out this archive of double-secret incident reports, in which men with dark skin and cameras figure large. See also our report indicating that the vast majority of US counterterrorist intel is utter rubbish to begin with.


The US Transportation Security Administration (TSA) has officially been caught with its pants down, collecting vast reams of data about air travelers in blatant violation of federal law, and lying about it in a bald-faced manner. This will come as no surprise to Reg readers, but now the word is out on the street so that Congress can properly ignore it, rather than pretend not to know about it.

According to the GAO, testing of the TSA data-mining program formerly known as CAPPS-2, and now known as Secure Flight, involved supplementary commercial data mining affecting at least a quarter-million people. The commercial data was combined with passenger records that TSA had forced airlines to surrender. This degree of deep, personal privacy invasion is something that TSA has adamantly insisted it would never dream of doing. Furthermore, it's illegal, according to the Privacy Act of 1974, for government bureaux to collect such information without notifying the victims, and offering them an opportunity to examine the data and correct it as needed. TSA offers no such provisions. Not surprisingly, TSA has taken the low road, and simply no longer promises to abide by federal law in these matters. So we've got nothing to whine about, apparently.


Urgent calls are coming for greatly expanded CCTV surveillance in US cities, especially in mass transit venues. Politicians and law enforcement busybodies have been mightily impressed by all of the CCTV images coming out of London, showing us the faces of people who have already done the public harm.

The point that keeps getting lost is that there is no way on earth to prevent an attack with this sort of gear, although it does offer some advantage in solving crimes where the victims are, unfortunately, already dead, kidnapped, maimed, or beaten senseless. But this has not stopped police chief and mayor alike from advocating lots of cameras for their boys in blue to fiddle with in the safety of remote locations. Forget that the conspicuous presence of uniformed police is the only proven means of deterring crime; forget that suicide bombers about to die for their perverse causes don't at all mind being photographed en route to their atrocities; forget that the 9/11 hijackers, Madrid bombers, and 7/7 bombers would not have been flagged by face-recognition technology even if it did work, which it quite simply does not. But when bureaucrats get scared, common sense is always the first casualty.


The US House of Representatives last week voted to make all temporary provisions of the so-called "Patriot" Act permanent, as expected. This in itself is not news, nor will the Senate's inevitable capitulation to paranoia be news when Congress returns in October, but there are some interesting privacy and due-process provisions in the two versions that will have to be ironed out in conference committee, and that compromise might just become news when it happens.

While both versions will saddle the public permanently with all provisions of this most un-American legislation, the House version is the weaker in terms of civil liberties protections. It gives the FBI a generous 180 days to inform victims of sneak-and-peek warrants, and it allows the Feds to notify judges of certain surveillance activities after the fact, for example. Most interestingly, it requires the FBI to report to Congress on its use of data-mining services. Even so, the Bush Administration has made known its outrage at these minor impediments to its monarchial fantasies. Yet the Senate version is stronger, requiring more judicial oversight, to which the Administration is notoriously hostile. But once the two get spliced, something almost bearable could emerge from committee, and the fight will then be to keep it intact before the final vote.


Mass transit is getting hairy. Subway riders in New York and Washington are now subject to random searches, because they might have bombs. Forget that a suicide bomber would only detonate his payload upon being approached by a policeman, and take out whatever number of hapless innocents might be near him in these crowded venues. No doubt the body count will be high in any case, but the police insist on pretending to be able to protect us, even when they can do nothing more than inconvenience, and possibly embarrass, us instead.

But that's nothing compared with the London police policy of "shoot to protect," recently exercised with spectacular irony against an innocent man named Jean Charles de Menezes. Still, Tony Blair rushed to defend the tragic folly. "If you are dealing with someone you think might be a suicide bomber, then, obviously, the important thing is that they were not able to set off the bomb," he explained.

Of course, what he really meant to say was, "if you are dealing with someone you have no factual basis to believe is a suicide bomber, then, obviously, the important thing is that the victim was not able to set off a bomb that never existed, but which the police created in their overactive imaginations, and with which they terrified themselves, making themselves hysterical, and, understandably, causing them to blow the man's brains out after he had been subdued."

How lucky they were that the imaginary bomb turned out not to be connected to an imaginary dead-man's switch... ®

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.