The Vegas Shooting Makes It Clear More Surveillance Isn't The Answer

from the neither-is-a-reduction-in-civil-liberties dept

The solutions proposed by legislators, law enforcement, intelligence agencies, and multiple direct beneficiaries of amped-up surveillance in the wake of acts of terrorism are always the same: more of the stuff that didn't prevent the last attack.

London is a thicket of CCTV cameras and yet it's suffered multiple attacks in recent years. The NYPD and New York's former mayor idolized the London system: cameras everywhere (but not on NYPD officers). Despite this, New York City's relative safety appears to based more on policing tactics than hundreds of passive eyes.

Considering the unshakable belief "more cameras = more safety," how do surveillance supporters explain the recent shooting in Las Vegas, perhaps the most heavily-surveilled city on the planet?

In 2013, Nevada outfitted the Strip's "real-time crime center" with an additional 37 pivot-and-zoom cameras with a $350,000 federal grant. And as a surveillance expert told the Sun, most casinos on the strip are running thousands of cameras already: "Casinos have 100 percent coverage of virtually every square inch," he said. In the highways around Vegas, there are still cameras every half-mile. "Loss-prevention" recording devices stalk the Strip's employees in the back-of-house.

And still, while the footage will be rewound and analyzed in the coming weeks, acquired by the press, and used to model future scenarios, none of those cameras stopped a man from walking into the Mandalay and stocking a small arsenal of automatic weapons in his hotel room.

More isn't better. This much is clear. The NSA's infamous haystacks have caused more problems for analysts, who are tasked with sifting through millions of communications in hopes of flagging something worth pursuing. Thousands of cameras are useless if there aren't thousands of eyes to watch them in real time. It may help investigators after the fact, but after-the-fact detective work is never preferable to preventing deadly attacks.

As Molly Osberg points out for Splinter, the proposed prevention efforts will likely include even more cameras. And these proposals will come with zero stats backing up claims of increased safety and security.

[L]ondon police estimated almost a decade ago that for every 1,000 security cameras installed, only one crime was solved.

Eliminating cameras isn't the answer. But neither is continuing to prop up the delusion that more = safer. The same goes for other surveillance methods. Grabbing millions of communications daily might seem like a good way to catch something relevant now and then, but hours are wasted on filtering out false positives and internet detritus that wouldn't be swept up in more targeted approaches.

The surveillance state hasn't failed. It's just enamored with compounding its existing problems by adding more capacity. The only thing really guaranteed is more failure.

Filed Under: cameras, haystacks, las vegas, privacy, shooting, surveillance

Snowden Docs Show GCHQ, MI5 To Be All Haystack, No Needle

from the collections-so-bulky-they're-practically-immobile dept

"Collect it all," they said. "You can't find needles without haystacks," they proclaimed. "The more you know," they rainbowed. All well and good, except the NSA, GCHQ, et al. appear to have far more in common with the protagonists of "Hoarding: Buried Alive" than with effective, finely-tuned terrorism-fighting machines.

New documents from the Snowden stash show the UK's intelligence agencies love piling data on top of data, but seemingly have no idea how to utilize this massive haul.

MI5 “can currently collect (whether itself or through partners …) significantly more than it is able to exploit fully,” the report warned. “This creates a real risk of ‘intelligence failure’ i.e. from the Service being unable to access potentially life-saving intelligence from data that it has already collected.”

A followup report from a month later echoed these concerns:

“There is an imbalance between collection and exploitation capabilities, resulting in a failure to make effective use of some of the intelligence collected today,” the report noted. “With the exception of the highest priority investigations, a lack of staff and tools means that investigators are presented with raw and unfiltered DIGINT data. Frequently, this material is not fully assessed because of the significant time required to review it.”

This isn't just an MI5 problem. And it's not just a bulk surveillance problem. GCHQ uses the same "data broker" -- a program called PRESTON, run by the National Technical Assistance Center, which is supposed to act as a go-between for intelligence agencies in order to prevent the siloing of data. But it doesn't work. It has prevented agencies from walling each other off, but the info firehose is still too much for agencies to handle -- even with more-targeted surveillance.

Targeted collections fare little better than the bulk collections, in terms of needle location. The following chart shows how much data goes unutilized in cases where suspects are known and targeted with individualized warrants.

From the 2009 report detailing these problems:

[I]n one six-month period, the PRESTON program had intercepted more than 5 million communications. Remarkably, 97 percent of the calls, messages, and data it had collected were found to have been “not viewed” by the authorities.

Despite this failure to fully use the collections they already have, UK intelligence agencies are asking the government to give them more, supposedly to capture the "growing range of services available to internet users." But they've already shown they can't handle the data they already collect. Piling more hay on the stacks is only going to allow more "needles" to escape the attention of analysts. One solution would be to throw more people at the problem, but even this might cause its own issues, as every intelligence agency is increasingly wary of becoming the temporary home of the next Snowden. Vetting procedures have ramped up and security clearances have been scaled back.

More judicious collections are a better answer, but intelligence agencies -- just like many of the internet users they track -- apparently suffer from Fear of Missing Out. But an examination of their current collections/analysis shows they're "missing out" already, and expanded powers/collections would do nothing to better secure the nation. In fact, these reports show the more they collect, the less they know.

Filed Under: gchq, haystacks, information overload, mass surveillance, mi5, needles, surveillance

Former NSA Whistleblower Bill Binney Warns UK Lawmakers Mass Surveillance Will 'Cost Lives In Britain'

from the analysis-paralysis dept

Shortly after the first Snowden documents were leaked, Techdirt wrote about former NSA whistleblower Bill Binney providing some context and history to the newly-revealed information. The central point he made was that trying to collect "haystacks" of data -- mass surveillance -- doesn't work, because intelligence agencies have insufficient resources to search through vast digital stores for the "needles" hidden there. It's a theme Techdirt has returned to a number of times, as has Binney. This week, he was trying to convince a committee of MPs and peers who are scrutinizing the UK's Snooper's Charter Bill that too much data leads to "analysis paralysis," and that targeted surveillance was the way to go. The Guardian reported:

William Binney, a former technical director of the US National Security Agency (NSA), told parliamentarians that the plans for bulk collection of communications data tracking everyone’s internet and phone use are "99% useless" because they would swamp intelligence analysts with too much data.

He said:

This approach costs lives, and has cost lives in Britain because it inundates analysts with too much data. It is 99% useless. Who wants to know everyone who has ever [been] at Google or the BBC? We have known for decades that that swamps analysts.

He claimed that the attacks carried out on September 11 could have been thwarted if the NSA had adopted the more targeted approach he and his colleagues were advocating:

Sixteen months before the attacks on America, our organisation (Sigint Automation Research Center -- Sarc) was running a new method of finding terrorist networks that worked on focusing on 'smart collection'. Their plan was rejected in favour of a much more expensive plan to collect all communications from everyone.

The US large-scale surveillance plan failed. It had to be abandoned in 2005. Checks afterwards showed that communications from the terrorists had been collected, but not looked at in time.

Binney pointed out that in addition to improving the operational efficiency of intelligence agencies, a targeted approach brought with it other important advantages:

It reduces the privacy burden affecting the large number of innocent and suspicion-free persons whose communications are accessible to our systems.

And as a bonus:

Legally protected groups such as MPs, lawyers and journalists could have their communications screened out and excluded from bulk collection and analysis unless a designated and targeted authorisation is in place.

Alongside the facts about the failure of mass surveillance laid before them by Binney and other expert witnesses giving evidence to the committee, let's hope the MPs and peers also took on board that point about the personal advantages of targeted surveillance for them as a group.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: bill binney, haystacks, investigatory powers bill, ipbill, mass surveillance, needles, surveillance, uk

NSA Personnel: Search For Needles Not Being Helped By Continual Addition Of Hay To The Stacks

from the can't-use-intelligence-if-you-can't-locate-it dept

The NSA's desire to harvest as much data as possible lies at the root of its defense of the nearly-dead Section 215 collection. Although mostly useless, it is still being defended as a data collection the NSA needs to have around "just in case." Data -- lots and lots of it -- is good and useful and helps locate terrorists. And, according to those running these collection programs, the only thing better than data is more data. Hence: "collect it all." Hence, also: a gargantuan data center in Utah that is still in danger of losing its water supply.

"Collect it all," proclaimed Keith Alexander, as the NSA amassed haystack after haystack with the needles seemingly little more than an afterthought. "Collect it all," the analysts yelled back, frantically running haystacks through their analytic spinning wheels in hopes of appeasing King Alexander with the occasional production of counter-terrorist gold.

The Intercept's cache of documents reveals not everyone in the NSA is so enthralled with haystack-building. Adding haystacks doesn't aid in intelligence efforts. It just adds more hay. Sooner or later, everything bottlenecks at the analytic point. Worse, it adds to the amount of cleanup that must be done before the data can even be analyzed, as well as possibly removing "signal" while filtering out "noise."

These (leaked) informal documents contain conversational discussions of intelligence topics that come from about as "everyman" a perspective as spooks sitting in a sea of servers can actually have.

From "Too Many Choices," by the "SIGINT Philosopher:"

"Analysis paralysis" isn't only a cute rhyme. It's the term what happens when you spend so much time analysing a situation that you ultimately stymie any outcome. It's what happens inside your grandfather's brain while you wait endlessly him to make his move on the chessboard. It's what happens when I stand in of the jams and jellies at the supermarket. And it's what happens in SIGINT when we have access to endless possibilities, but we struggle to prioritize, narrow, and exploit the best ones.

A.k.a, the Netflix problem, for those more prone to stream entertainment then purchase jams and/or jellies. If nothing immediately stands out, the tendency to cycle through list after list of possibile choices results in more time spent looking for something to watch than actually watching something.

When lives are potentially on the line, adding more data makes it harder to find what you're looking for in a timely fashion. Stack up enough hay, and more time will be spent examining and discarding false positives and negligible intelligence than will be spent looking at useful data that might point analysts towards an impending threat.

The SIGINT mission is far too pressing for many team-building activities or brain-storming sessions aiming to improve our organizational approach to analysis. At the same time, the SIGINT mission is far too vital to unnecessarily expand the haystacks while we search for the needles. Prioritization is key.

But this doesn't seem to fit in with the NSA's general approach to intelligence gathering. Nearly every program it runs is an effort to gather even more data than it already has. Every exploit it plants gives it another source for intel. Every new agreement it makes with foreign countries' intelligence services gives it another set of haystacks to dig through. There is no apparent prioritization inherent in its intel gathering. Everything is potentially significant, but its significance can only be determined after it is collected and analyzed. The agency prefers collecting in bulk to targeting. It has been this way for years. So, it's no surprise that those questioning this approach may find themselves doing the following: [Side note: this paragraph says some interesting things about the Section 215 program capabilities and comprehensiveness.]

Recently I tried to answer what seemed like a relatively straightforward question about which telephony metadata collection capabilities are the most important in case we need to shut something off when the metadata coffers get full. By the end of the day, I felt like capitulating with the white flag of, "We need COLOSSAL data storage so we don't have to worry about it," [...] because getting the metrics for empirical evidence to review was so very difficult and, frankly, I'm still a little scarred by the experience.

The emphasis is "more hay," not "better targeting." And no one seems to know which collections are actually returning useful intel -- at least not in an agency-wide sense.

There's a running joke in the S3 community that we'll only know if collection is important by shutting it off and seeing if someone screams.

And that screaming may only be because someone thinks their particular haystack-gatherer is useful, rather than it actually being useful.

Despite all of this incoming intel, terrorists are still evading the worldwide surveillance net cast by the NSA and its global partners. Officials tend to blame this on leaks, encryption, "going dark" -- anything that doesn't raise the uncomfortable possibility that the needles it's looking for are already swimming through its massive haystacks. This isn't because the NSA doesn't know what it's looking for. It's because it can't find what it's looking for.

Snowden... noted in an interview with the Guardian that the men who committed recent terrorist attacks in France, Canada and Australia were under surveillance—their data was in the haystack yet they weren’t singled out. “It wasn’t the fact that we weren’t watching people or not,” Snowden said. “It was the fact that we were watching people so much that we did not understand what we had. The problem is that when you collect it all, when you monitor everyone, you understand nothing.”

Those in the analytic trenches seem to feel the NSA collects too much. Upper-level officials seem far less concerned. The NSA collects to collect. It collects "just in case." This saves intelligence officials from the unlikely event of having to explain how a gap in coverage resulted in a terrorist attack. It's CYA by massive data centers. The massive, overlapping collections are just as likely to result in an unthwarted terrorist attack, but it very pointedly won't be because the NSA didn't try.

Filed Under: collect it all, haystacks, needles, nsa, surveillance

Why Requiring Social Networks To Monitor Posts To Spot Terrorists Will Make It Even Harder To Catch Them

from the false-positives dept

Last week we wrote about how the UK government was clearly signalling it wanted social networks to start monitoring users' activity for tell-tale signs of terrorist intentions -- without, of course, worrying about how that might be done. Now, James Ball in the Guardian has put together a great summary of why that approach cannot possibly work.

He runs through various ways Facebook, Twitter and the rest might try to spot potential terrorists before they acted -- for example, by using keywords, lists of suspicious sites, social graphs etc. But one feature automated systems all share is that to avoid the risk of letting individuals slip through the net, the criteria for flagging up people have to be loose. And that, inevitably, means there will be false positives:

However sophisticated these systems are, they always produce false positives, so if you are unlucky enough to type oddly, or to say the wrong thing, you might end up in a dragnet.

Here's what that would mean in practice:

Data strategist Duncan Ross set out what would happen if someone could create an algorithm that correctly identified a terrorist from their communications 99.9% of the time -- far, far more accurate than any real algorithm - with the assumption that there were 100 terrorists in the UK.

The algorithm would correctly identify the 100 terrorists. But it would also misidentify 0.01% of the UK's non-terrorists as terrorists: that’s a further 60,000 people, leaving the authorities with a still-huge problem on their hands. Given that Facebook is not merely dealing with the UK’s 60 million population, but rather a billion users sending 1.4bn messages, that's an Everest-sized haystack for security services to trawl.

Requiring social networks to bring in any kind of automated monitoring -- the only kind that is feasible given the huge volume of posts involved -- will simply cause the intelligence agencies to be swamped with a huge number of false leads that will make it impossible to pick out the real terrorists from among the data supplied. In other words, the UK government's plans, if implemented, will just make a bad situation much, much worse.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: false positives, haystacks, liability, monitoring, policing, statistics, terrorists, uk

The Repeated Failure Of The US And UK Governments' 'Add More Hay' Approach To Surveillance

from the sipping-from-a-firehose dept

Recently we wrote about a UK Parliamentary report absolving the UK spy agencies of any responsibility for the failure to stop the killing of a British soldier last year. Significantly, one explanation given for the fact that the UK's MI5 undervalued the threat, despite investigating the men responsible several times, was that it has several thousand suspects under surveillance at any one time, and so it was beyond its capabilities to follow all leads thoroughly.

Of course, that is a consequence of the "needle in a haystack" approach that the US and UK agencies have adopted: collect as much information as possible in the hope that somehow it will be possible to sift through all the irrelevant hay to find the needle. But as an important piece by Coleen Rowley in the Guardian points out, this is not the first time that a "failure to connect the dots" from information to hand resulted in missed opportunities to stop attacks:

as an FBI whistleblower and witness for several US official inquiries into 9/11 intelligence failures, I fear that terrorists will succeed in carrying out future attacks -- not despite the massive collect-it-all, dragnet approach to intelligence implemented since 9/11, but because of it. This approach has made terrorist activity more difficult to spot and prevent.

She reminds us:

The common refrain back then was that, pre 9/11, intelligence had been flowing so fast and furiously, it was like a fire hose, "and you can’t get a sip from a fire hose". Intelligence such as the Phoenix memo -- which warned in July 2001 that terrorist suspects had been in flight schools and urgently requested further investigation -- went unread.

She details other instances of recent intelligence failures where having too much information meant that key leads were buried, and opportunities to stop attacks lost. In other words, US and UK agencies have over ten years of bad experiences with the "collect it all" and "needle in a haystack" approach to intelligence gathering, and yet it remains their principal response to successive attacks and continuing failures. Rowley concludes:

After Edward Snowden described just how massive and irrelevant the US and UK monitoring had become, people started to grasp the significance of the saying: "If you’re looking for a needle in a haystack, how does it help to add hay?"

Of course, she's not the first person to make this observation -- for example, Techdirt pointed this out over a year ago. But as someone who has worked for the FBI, and been privy to many secret details of surveillance operations, Rowley speaks with a special authority. Her article in the Guardian is well-worth reading -- especially by all those who continue to advocate the disproportionate and ineffective "add more hay" approach to keeping the public safe.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: gchq, haystacks, information overload, needles, nsa, surveillance

Latest Revelations Show How Collecting All The Haystacks To Find The Needle Makes The NSA's Job Harder

from the and-makes-us-all-less-safe dept

Yet another post about the latest NSA revelations about collecting buddy lists and email contacts. As we'd mentioned in the original post, the story noted that this data collection was at times overwhelming. Here's the Washington Post's report on this point:

The volume of NSA contacts collection is so high that it has occasionally threatened to overwhelm storage repositories, forcing the agency to halt its intake with “emergency detasking” orders. Three NSA documents describe short-term efforts to build an “across-the-board technology throttle for truly heinous data” and longer-term efforts to filter out information that the NSA does not need.

Spam has proven to be a significant problem for NSA — clogging databases with data that holds no foreign intelligence value. The majority of all e-mails, one NSA document says, “are SPAM from ‘fake’ addresses and never ‘delivered’ to targets.”

In fall 2011, according to an NSA presentation, the Yahoo account of an Iranian target was “hacked by an unknown actor,” who used it to send spam. The Iranian had “a number of Yahoo groups in his/her contact list, some with many hundreds or thousands of members.”

The cascading effects of repeated spam messages, compounded by the automatic addition of the Iranian’s contacts to other people’s address books, led to a massive spike in the volume of traffic collected by the Australian intelligence service on the NSA’s behalf.

After nine days of data-bombing, the Iranian’s contact book and contact books for several people within it were “emergency detasked.”

Here's a slide from the leaked NSA presentation, in which it urges people to be more careful about what kind of data it collects via this program, saying they're trying to "store less of the wrong data" and "shift the collection philosophy at the NSA" to "memorialize what you need" from "order one of everything off the menu and eat what you want." This is the very same NSA which is led by Keith Alexander, whose unofficial motto has been described as "collect it all." At times, Alexander has argued in public that "you need the haystack to find the needle."

Of course, that's bogus, and the data deluge discussed in this program demonstrated why. Collecting it all makes it harder to find the right information. Piling more hay on the haystack doesn't make it easier to find the needle, it makes it harder. That's one of many reasons why we're so concerned about these bulk data collection programs. Not only do they rarely seem to turn up useful information, but they also seem to better obscure important information by flooding the system with bogus data.

Filed Under: haystacks, keith alexander, needles, nsa, nsa surveillance, too much information