Feeds

US brain trust: Beware of trawling-for-terrorist apps

Are your rights intruded?

SANS - Survey on application security programs

Surveillance programs that try to identify terrorists by trawling the internet and electronic databases for tell-tale signs are of limited success and should be carefully evaluated for privacy concerns, a group of technologists and policy makers that advises the US government said.

A 352-page report issued Tuesday by the National Research Council can be viewed as a partial rejection of US government data-mining efforts, such as its Total Information Awareness program. The programs try to identify terrorist activity by piecing together disparate details found in chat forums, credit card processing records, and commercial databases. Civil libertarians have long warned they pose a threat to the privacy of ordinary people. The NRC report appeared to agree.

"These new technologies, coupled with the unprecedented nature of the threat, are likely to bring great pressure to apply these technologies and measures, some of which might intrude on the fundamental rights of US citizens," the report warns. Elsewhere it concluded: "The current policy regime does not adequately address violations of privacy that arise from information-based programs using advanced analytical techniques, such as state-of-the-art data mining and record linkage."

The report goes on to say that automated identification of terrorists through such measures "is neither feasible as an objective nor desirable as a goal of the technology development efforts." It also warns that unavoidable false positives will result in the surveillance of "ordinary, law-abiding citizens and businesses."

The report was written by a committee that was headed by William Perry, a former US secretary of defense under President Bill Clinton who is now a professor at Stanford University. The committee included professors of law and science from Carnegie Mellon University, the University of California at Berkeley, the University of Pittsburgh Medical Center, Johns Hopkins University and the Center for Applied Cybersecurity Research at Indiana University. Other members were researchers at Google and Microsoft.

The authors recommend that the US government follow guidelines to evaluate whether data mining programs are effective, legal, and conform to US values. They also suggest laws mandating such programs be evaluated periodically.

The report was sponsored by the US Department of Homeland Security. As best we can tell, it's not available online, but excerpts can be read or skimmed here. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.