Other Politech messages: http://www.politechbot.com/cgi-bin/politech.cgi?name=poindexter --- To: declanat_private Subject: Re: FC: What's so bad about Total Information Awareness? by Ben Brunk From: "Thomas A Giovanetti" <tomgat_private> Message-ID: <OF2821FA80.E4B93BD6-ON86256C8B.001EE99E@org> Date: Mon, 9 Dec 2002 23:48:35 -0600 If Ben is so bright a researcher, he should know better than to make such a glaring error in the first sentence of his post. TIA is NOT authorized in the Homeland bill. It was authorized as a DOD (Dept. of Defense) appropriation. In fact, the Homeland bill contains an explicit provision to ban anything like the TIA from ever being implemented. And that's good. Now we need to get TIA cancelled from the DOD budget. _______ Tom Giovanetti President Institute for Policy Innovation (IPI) http://www.ipi.org --- Date: Tue, 10 Dec 2002 16:53:01 +1100 From: Nathan Cochrane <ncochraneat_private> Reply-To: ncochraneat_private Organization: The Age newspaper To: declanat_private Subject: Re: FC: What's so bad about Total Information Awareness? by Ben Brunk Hi Declan Much of what Ben writes has merit. To paraphrase: 1. Private companies use different, often incompatible technologies. 2. There are usually several instances of the same person in different databases held in the same company. 3. There is no easy way to capture an individual's virtual identity across multiple databases short of mandating use of a national ID card and number at every transaction. 4. Lives could be ruined by poor use of information. The drive by groups such as OASIS, Microsoft, IBM and Sun to deliver eXtensible Markup Language (XML)-- a single rail gauge for online information sharing -- makes linking systems easier. Although it will be several years before this really takes hold because taxonomies still have to be ratified, software coded, systems migrated etc. But already law enforcement is looking at this area closely as a way to easily find the people and legal documents it is looking for. Legal XML lawful intercept technical committee announcement http://lists.oasis-open.org/archives/tc-announce/200211/msg00007.html "If emergency or exigent conditions exist ... judicial issuance of an authorizing instrument (warrant) can usually be altered by the LEA (law enforcement agency) using another instrument coupled with a posteriori judicial or administrative action." MORE: Legally speaking, it's a brief transition http://www.theage.com.au/articles/2002/12/09/1039379779706.html Just because an investigator can't be 100 per cent certain a particular identity is the one s/he is looking for, doesn't mean they can't be more or less sure, at least so far as to continue an investigation. This raises a bigger question, how much information will be winnowed out, and what processes will exist to maintain privacy during this phase? By their very existence, these sorts of fishing expeditions are harmful to a free society. Governments around the world already have national id card and number systems. In Australia it is the tax file number for individuals and BAS number for business. You can't transact without using these numbers, all of which is fed into government systems accessible by LEA here and in the US. In the US there is a drive to do the same thing with drivers' licenses. A single unique key is not necessary when you have a range of keys that can, in unison, provide a high level of confidence. DARPA is moving ahead with its plans to fund TIA. A few hours ago I spoke with a member of the executive management team of supercomputer maker Cray Inc. Cray is one of five companies each receiving $US3 million to fund a feasibility study into developing a petaflop computer. Big applications for this sort of computer are to track in real time the movements of people, understand how biochemical agents spread in populations dutring bioterrorism attacks, break complex crypto and trawl through signal streams using semantic forests to find patterns. Semantic forests article by Suelette Drefus http://www.underground-book.com/articles/CyberWireDispatch-1999-11-30-Semantic-Forests.php3 And just because a failed implementation would destroy an innocent's life is no reason for a government not to do it. The authorities would see that an arrested, imprisoned or executed innocent is a small price to pay for continued national security and the lives of millions, or the interests of a select few. --- Date: Tue, 10 Dec 2002 10:42:28 -0800 (PST) From: Ben Polen <benpolenat_private> Subject: Re: FC: What's so bad about Total Information Awareness? by Ben Brunk To: declanat_private Declan, Reading Ben's post reminded me of Terry Gilliam's movie "Brazil." In the noir sci-fi flick, the government is basically running its own version of TIA and a bug in the systems (literally, a fly interferes with the operation of a typewriter) leads to the arrest and prosecution of the wrong man. Its quite an amazing movie overall, but the dire warnings about a surveillance society (and a powerful state supporting it) are even more important now, in our USA Patriot/TIA/Homeland Security world. The director's cut of "Brazil" is worth another viewing for all Politechnicals. Seriously, don't even bother with the edited version. -Ben PS feel free to post this if you do a follow up to Brunk's --- Date: Mon, 09 Dec 2002 21:29:50 -0800 To: declanat_private, politechat_private From: Lizard <lizardat_private> Subject: Re: FC: What's so bad about Total Information Awareness? by Ben Brunk At 08:57 PM 12/9/2002, Declan McCullagh wrote: >--- > >Date: Mon, 09 Dec 2002 22:34:13 -0500 >From: Ben Brunk <brunkbat_private> >To: declanat_private >Subject: Debunking TIA > >Declan, > > > >Many of these sources of information are private databases owned and >maintained by the corporations that rely on them. Even if they were all >implemented in say, Oracle, it would be difficult to match up records to >any reliable degree. Who knows if the John Poindexter in one database is >the same as Jon Pointdexter in another? Bingo. Ever see 'Brazil'? Tuttle, Buttle, what's the difference? The thing is, no one is going to do a rational analysis and say "This can't work." If they do, they'll be ignored. Government isn't about doing things that work. Government is about looking like you're doing something. Simply honestly saying "There is nothing you can do to stop a determined madman from killing innocent people. Period. That's the price you pay for freedom. When people say that the tree of liberty must be watered in blood, they don't just mean the blood of those who volunteered for the job. A free society is one in which there is danger. Deal with it, or move to North Korea." will not get you re-elected. Promising false safety, out-and-out lying, will get you re-elected, by a wide margin. Nothing can stop the 'Homeland Security' juggernaut, because of the nature of politics. We'll just have to wait for the next revolution. --- Date: Tue, 10 Dec 2002 00:10:05 -0800 (PST) From: Marc Hedlund To: Declan McCullagh <declanat_private> Subject: Re: FC: What's so bad about Total Information Awareness? by Ben Brunk Declan, The criticism I would make of Total Information Awareness (TIA) and the Department of Homeland Security (DHS) in general is that they are agressively centralized solutions to an agressively decentralized problem. I would feel better about our government's efforts to fight terrorism if I heard much more discussion of decentralized solutions, and an economic and organizational plan that blended centralized and decentralized approaches to the problems of terrorism. The vast majority of discussion around government response to 9/11 has framed the question as, "How can we change the Federal government to prevent terrorist attacks?" The DHS is a Federal entity composed of existing Federal entities. Its efforts, and likewise the Pentagon's TIA proposal, have (in public discussion at least) been described as aiming to ensure information is shared between sources, analyzed at a single desk, and acted upon by a central enforcement agency. In other words, these efforts aim to centralize information about potential terrorist acts. Certainly these are approaches worth using. The INS sending Mohammed Atta a letter to his Florida address months after 9/11 can only provoke a wish for a better head on the shoulders of our national bureaucracy. But do we really believe that terrorists -- who presumably have heard about the DHS -- will act in the future in any way that would trigger DHS or TIA attention? We know these terrorists are determined and willing to spend enormous time and resources preparing a plan. Terrorist groups, we're told, plant "sleeper cells" in our country years before an intended attack, and these cells work strenuously to avoid detection or contact with other cells. Assume that we go ahead with a TIA-type program, or even just the DHS as planned, and that we are now able to monitor and correlate border entries, large cash transfers, anomalous airline ticket purchases, and whatever other data might alert a central authority of terror plans. Does this really prevent terrorism? Do we believe that no terrorist could ever enter the country without creating a record, bring gold or drugs or something else to convert to cash on the black market, buy a round-trip ticket rather than a one-way ticket, and so forth? It seems obvious that even if centralized data collection, analysis, and response help the problem, they certainly do not solve the problem. A determined attacker -- as the 9/11 attackers certainly were -- will do what it takes to avoid TIA triggers. Furthermore, is it really the best thing for the country for the FBI, the CIA, and now the DHS to focus so intently on preventing terrorism from Washington? I was taken aback to read in the November 21st New York Times that ...the [FBI]'s commitment to nonterrorism cases that were once staples of the bureau dropped significantly in the months after the Sept. 11 attacks. The number of agents working narcotics cases dropped 45 percent, bank fraud cases dropped 31 percent and bank robbery investigations dropped 25 percent, according to the Justice Department figures, even though the number of reported crimes in some cases went up. I can only wonder what has happened to the CIA in parallel. The FBI existed for good reason prior to 9/11 -- fought serious and difficult crimes prior to 9/11 -- and yet it is now being criticized roundly for not dropping its earlier priorities more quickly and completely. (Senator Charles Grassley of Iowa was quoted in the same article as saying, "Old habits die hard at the FBI.") We are debilitating the prevention of crimes that not only still occur, but are increasing. Who will take up fighting these crimes if not the FBI? Probably state and local law enforcement. Let's look at that for a moment. Prior to the Millenium celebrations, a truck filled with bomb-making equipment was stopped at a ferry crossing in Port Angeles, Washington, and this probably prevented a serious attack. While the person who stopped the truck was a Federal employee (a Customs Inspector), the reason for the stop was not a centralized database nor an alert from a centralized agency. Instead, the driver was stopped because he seemed suspicious. An individual acted on a hunch, investigated, and stopped an attack. We should learn from this, and we're not. Rather than centralizing, another approach to fighting terrorism would be to concentrate resources on training local law enforcement officers how to better spot and combat terrorism; that is, how to be more like the Port Angeles Customs Inspector. Rather than sucking all possible data sources into the Pentagon or the DHS, we could distribute knowledge to the local -- far more numerous -- law enforcement resouces who are far more likely to be able to prevent terrorism. How do you interview someone seeking admission to the country, or to a sports arena? What are the signs of lying that may be visible in facial expressions or demeanor? What set of purchases might signal an attempt to build a bomb? What are the little details a carefully-trained eye might be able to piece into detection of a terrorist? This is what I mean by a decentralized approach. Move the effort to the more massive, more distributed, more intuitive body of law enforcement coming into daily contact with the same terrorist cells trying so hard to look normal. If sleeper cells lie dormant for years, local police will very likely encounter at least one member of the cell in that time. Don't we want those police officers to know what questions to ask that might detect the cell? We could be taking this approach, but we're not. We could be improving the ability of local law enforcement to detect terrorism -- but instead we're degrading that ability, since we're shifting the FBI's traditional crime-fighting work onto local resources. The one method that has actually prevented a terrorist attack on US soil is not being used, and is instead being inhibited. We are focusing on centralizing intelligence and resources when instead -- or at least in addition -- we should be decomposing, distributing, decentralizing. I'm not suggesting, obviously, that the Federal government has no role, nor a minimal role. Watch lists and signals intelligence and data warehousing almost certainly are key tools for fighting terrorism. But before we go too far in creating (or trying to create) a grand unified database of all electronic transactions, maybe we should think first about whether this is a problem best solved by brute force data analysis, or a smart cop on the street. Marc Hedlund e: marc at precipice dot org --- From: "Carrick Mundell" <carrickat_private> To: <declanat_private> Subject: RE: What's so bad about Total Information Awareness? by Ben Brunk Date: Tue, 10 Dec 2002 08:45:10 -0800 Declan, Ben Brunk really spells it out. If the probability of finding a terrorist using TIA is practically nil, then the system must be going to be used for other purposes, namely, domestic spying. By increasing the size of the target (e.g. libertarians, liberals, privacy hawks, greens, pro choicers, Democratic Party donors, persons-we-hate, and, oh yeah, terrorists) maybe TIA will prove more useful. What's so bad about Total Information Awareness? Everything. -Carrick Mundell --- Subject: RE: What's so bad about Total Information Awareness? by Ben Brunk Date: Tue, 10 Dec 2002 08:59:19 -0800 From: "Ron Schweiger" <Schweigat_private> To: <declanat_private> Content-Transfer-Encoding: 8bit Benjamin is missing one little point that TIA will be widely successful at which is monitoring ordinary American's. With a 5% error rate they will know exactly what 95% of every American is doing at any given time! Ron --- Date: Tue, 10 Dec 2002 19:09:45 -0800 (PST) From: Sascha Goldsmith <saishat_private> Subject: Re: FC: What's so bad about Total Information Awareness? by Ben Brunk To: "Christopher A. Petro" <petroat_private>, Declan McCullagh <declanat_private> "I am SHOCKED, shocked to find gambling in this establishment" "Sir, your winings..." - Casablanca CP!!! I thought you were the leading "privacy/individual rights/get 'yer publicly-funded mitts off my data" individual I knew!!! That having been said, I agree with a lot of what you had said, with a few caveats. (God, this sounds a lot like our discussions at work, n'est-ce pas?) First, I think you are right. There is plenty of low-hanging fruit. (I cannot help but wonder if your current vocation makes you more entreated to security collection than your last, but that is only a supposition). The point is: you are right. However, as a drug-loving, freedom-loving, felony-avoiding indvidual, I cringe. We have no privacy. Live it, but don't love it. And for God's sake, don't encourage it. This leads me to my caveat. I fully and toally, without reservation, back the establishment of a British-like MI5 organization in this country. They have statutory limitations. They have a charter, a mission. And they do it well. It took dozens or IRA bombings to lead to its inception, but the institution has adapted and learned and works. We can leverage their decades of experience, and coupled with our simlilar traditions, the experiment should work. Here is why: call me a nut, call me a cashew. But I fully believe that the FBI has been, is, and will always been unsuited for intelligence. The duties of prosecution and espionage have significantly difference attributes. Let's not dilute the FBI so it does both poorly. With a newly funded department, focused on a singular mission, their powers to use the data (i.e. pool it with the DEA, IRS, FBI, etc.) will be limited by statue. However, their ability to pool information on terrorists (how that is decided is a tricky issue, but at least you have a separation) should be FULLY exercised in the manner your email eloquently describes. Pool databases, tap into corporate records, share information with the DEA, IRS, FBI, CIA, NSA, DIA and any other TLA they need to. All I want, as a libertarian, is a "separation of powers". In the most gracious nod to the founders I can muster, let's separate in a statutory, congressional and judicial way, the powers afforded to the aforementioned entities and the newly created US-MI5. (Hell, if we could get James Bond, I would sleep BETTER at night!) So, in general, I agree with you. But with the abject failure of aforementioned institutions to respect their jursidictions and to hoard information from other agencies, not to mention the abject failure to stop 9/11, let's start from scratch. Let's protect ourselves with an agency that is ONLY dedicated to that purpose. I'm not talking about Homeland Security. I'm talking about the tech of the NSA, the guile of the CIA, the resources of the DIA, and a whole lot more nefarious to boot. (Let THEM fear the Hellfire missiles from the Predators or the idea of being tapped, not me). Getting off my soapbox, Saish ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ Recent CNET News.com articles: http://news.search.com/search?q=declan -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 20:59:15 PST