Friday, December 15, 2006

Effective Counterterrorism and the Limited Role of Predictive Data Mining

Schneier also points to a terrific report by Jeff Jonas and Jim Harper at the Cato Institute pointing out that data mining is not the holy grail solution to countering terrorism that it is widely sold as. The executive summary:

"The terrorist attacks on September 11, 2001,
spurred extraordinary efforts intended to protect
America from the newly highlighted scourge of
international terrorism. Among the efforts was the
consideration and possible use of “data mining” as
a way to discover planning and preparation for terrorism.
Data mining is the process of searching
data for previously unknown patterns and using
those patterns to predict future outcomes.

Information about key members of the 9/11
plot was available to the U.S. government prior
to the attacks, and the 9/11 terrorists were closely
connected to one another in a multitude of
ways. The National Commission on Terrorist
Attacks upon the United States concluded that,
by pursuing the leads available to it at the time,
the government might have derailed the plan.

Though data mining has many valuable uses,
it is not well suited to the terrorist discovery
problem. It would be unfortunate if data mining
for terrorism discovery had currency within
national security, law enforcement, and technology
circles because pursuing this use of data
mining would waste taxpayer dollars, needlessly
infringe on privacy and civil liberties, and misdirect
the valuable time and energy of the men and
women in the national security community.

What the 9/11 story most clearly calls for is a
sharper focus on the part of our national security
agencies—their focus had undoubtedly sharpened
by the end of the day on September 11,
2001—along with the ability to efficiently locate,
access, and aggregate information about specific
suspects."

TSA tip off airport screeners

It seems that TSA employees have been tipping off a private security firm that handles security at San Francico airport about visits of undercover agents sent to check the security.

"For 16 months ending last year, Transportation Security Administration employees tipped off screeners from Covenant Aviation Security that undercover agents were on their way to the airport's checkpoints to test whether the screeners were properly inspecting passengers and their carry-on luggage, the report said.

Despite the charges, the private security firm was rehired two weeks ago with a $314 million, four-year contract at the airport to screen passengers and checked bags."

Thanks to Bruce Schneier for the link.

Greek privacy watchdog fines Vodafone over wiretapping scandal

From AP via Findlaw:

"A Greek privacy watchdog on Thursday fined cell phone operator Vodafone รข‚¬76 million ($100 million) over a wiretapping scandal that involved the illegal monitoring of Prime Minister Costas Karamanlis."

Vodaphone are going to send the lawyers in to challenge the decision.

A system and method of providing personalized information

Google's new patent database search engine has led me to some more education system patents, which it is hard to believe that someone who actually knew something about computers in education would ever have granted. This System and method for network-based personalized education environment is a case in point. Here's the abstract:

"A system and method of providing personalized information to an individual over a network includes accessing a competency profile of the individual, such profile accessible to a server on a network and comparing the individual's competency profile with an education template and behavioral scenario accessible to the server. The template defines a current desired standard for the individual's competencies, in order to identify target training or learning areas. Information content relevant to the individual's target training or learning areas is provided over the network via user-selectable items of information content that may collectively have a plurality of information product types."

In other words a system to allow someone to tick some boxes on an electronic form so that the system can check through a list of provider courses and suggest a suitable one for that individual. Honestly! For 36 years people have been contacting the Open University to find out if we might have a course or degree programme that would suit them and then signing up for appropriate courses. Is anyone seriously expecting me to believe that now we carry out this process over the Net as well as face to face and via telephone that we might be infringing this ridiculous patent?

IBM and universities open up software research

From the IHT: IBM and U.S. universities work to open up software research

"The initiative, which IBM was expected to announce Thursday, is a break with the usual pattern of corporate- sponsored research at universities that typically involves lengthy negotiations over intellectual property rights.

The projects are also evidence that U.S. companies and universities are searching for ways to work together more easily, less hampered by legal wrangling about who holds the patents to research...

The current problem, research experts say, is that well-intentioned policies meant to encourage universities to make their research available for commercial uses have gone too far. The shift began with the Bayh-Dole Act of 1980, which allowed universities to hold the patents on federally funded research and to license that intellectual property. Since then, universities have often viewed themselves as idea factories and, like many corporations, have sought to cash in on their intellectual property.

But there is a sense at both universities and corporations that the pendulum has swung too far, and that adopting less restrictive intellectual property policies could benefit both sides."

Thursday, December 14, 2006

Blackjack v BlackBerry?

Having been on the wrong end of a more than half a billion dollar settlement in the patent dispute with NTP, RIM have decided to get active with their own IP lawyers in the trademark arena and have reportedly sued Samsung for "false designation of origin, unfair competition and trademark dilution." They believe that Samsung's "BlackJack" phone is too similar to the BlackBerry and the name might confuse some people. That will be a fun case to watch. Whilst I had a lot of sympathy with their plight in the NTP dispute - after all NTP were just a patent holding company and didn't make or deliver any products or services - I can't see that sympathy extending to a case of attempting to gain proprietary control of the word "black". Remember though that various courts found the NTP patent, which could have led to the shutting down of BlackBerry services in the US, to be valid. So the law was on NTP's side in that case. RIM in this case have to do more than prove that the law might be on their side.

I recognise that the case will be a bit more complicated than this initial report would make it appear and the detailed facts will, no doubt, be interesting. In the end though this comes down to controlling or owning the word "black" in a particular context and the onus is on RIM from my perspective to fully justify their stance.

Tuesday, December 12, 2006

The flaw in the government's child mass surveillance project

From icAyrshire:

"A court in Fife has heard that a Home Office expert who helped set up a national database for violent and sexual offenders sent child pornography to another man."

The next time a government minister trots out the usual platitudes about their child 'protection' mass surveillance programme they should be reminded of this case and some basic principles of security. It is not the vast majority of honest people you need to be concerned with but the attackers (insiders like this man or outsiders) who want to compromise your system and the people it holds personal details on. You also have to remember that with information systems it is possible to have scalability, functionality or security and sometimes even two of these simultaneously but not all three.

Thanks to Glyn via the ORG list for the link.