Analytics // Security Monitoring
12/14/2012
07:04 PM
Connect Directly
RSS
E-Mail
50%
50%

U.S. Creates System To Look For 'Future Crimes'

In March, the United States granted counterterrorism officials the ability to hold data on Americans for up to five years. Now, the controversy surrounding the data-analysis program has come to light

The U.S. government green-lighted a program in March to retain data on U.S. citizens for up to five years as part of a counterterrorism monitoring and analysis effort, despite privacy concerns raised by high-ranking homeland-security and justice officials.

The concerns, first reported in The Wall Street Journal this week, suggest that the National Counterterrorism Center (NCTC) is trying to build an extensive monitoring system that can find terrorists using large datasets. Established in 2004, the NCTC brings together analysts from a variety of agencies and tasks them with sifting through intelligence reports for signs of terrorism activity.

Under the rules signed in March, the center can retain information on ordinary Americans for up to five years, even if they are not connected to terrorism or other crimes. While the monitoring system appears similar to those used by many companies to investigate compromises using forensic data, critics have worried that it undermines citizens' civil rights.

"Innocent people can be investigated and their data kept for years," said Chris Calabrese, legislative counsel for the American Civil Liberties Union, in a statement. "It can be shared with foreign governments. All of this in service of, not just terrorism investigations, but also investigations of future crimes."

Civil libertarians are not the only ones with concerns about the scope of the data collection and monitoring involved in the NCTC's analysis system. At the Department of Justice, Chief Privacy Officer Nancy Libin raised concerns, as did Mary Ellen Callahan, the former chief privacy officer of the Department of Homeland Security, according to The Wall Street Journal article.

"This is a sea change in the way that the government interacts with the general public," Callahan reportedly said.

But NCTC officials have argued that the monitoring system and analysis is not about creating a time machine to look for future crime, but to virtually go into the past and connect past actions that may have been overlooked. If an individual names a friend on a visa application, for example, and is later connected to a terrorism organization, counterterrorism officials want to be able to look back at that connection -- even it happened years ago -- and add it to the analysis, Matthew Olsen, director of the National Counterterrorism Center, told the American Bar Association (ABA) in May.

"In other words, certain data sets needed to be retained for a longer period of time in order to ensure that terrorism information was not deleted simply because its significance was not immediately apparent," he told the ABA's Standing Committee on Law and National Security in prepared remarks (PDF).

[Companies and universities look for specific algorithms that will help identify malicious insiders and compromised systems that are acting as insiders. See Analyzing Data To Pinpoint Rogue Insiders.]

The near success of Umar Farouk Abdulmutallab, popularly known as "the Underwear Bomber," in December 2009 was a wake-up call for counterterrorism intelligence analysts, Olsen said in May. While Olsen did not give examples of data points that could have been connected to catch the bomber, he stressed that the NCTC needed the ability to retain information for analysis.

Using monitoring systems to hunt down rogue actors, and even predict when employee may go rogue, has become a major initiative for the U.S. government. Following the leak of diplomatic memos from the U.S. State Department, the Pentagon created the Anomaly Detections at Multiple Scales (ADAMS) project to fund ways of detecting rogue behavior that could indicate a malicious insider.

Such projects may have an easier time pinpointing suspicious activity than network-security monitoring systems used by companies to identify potential rogue insiders by their online behavior, says Mike Lloyd, chief technology officer for RedSeal Networks.

"There is a big difference between the hackers and the terrorists," he says. "The terrorists ... would have to buy an awful lot of fertilizer, for example, to make a bomb, and that's something you can track. So it is plausible, I think, that the data mining will be more effective in counterterrorism than it is with hackers."

Today's network security monitoring systems focus on detecting anomalies that indicate a compromise of a company's systems or that hackers has access to those systems; in other words, they are looking for signs of an event that has already happened. Yet, by combining the analysis of big data with intelligence on the threats affecting an industry or community, companies are increasingly looking to detect potential attacks.

Such systems, however, require that companies and the federal government use them responsibly. Of the two, companies may be the more responsible, says Lloyd, because they are required to follow the privacy laws of the countries in which they operate. Some nations, such as those in Europe, are much stricter than the United States, he says.

In developing its monitoring system for detecting signs of terrorism, the U.S. government should look at strong safeguards, he says.

"Having this technology and having the ability to use it safely are really two different things," says Lloyd. "I think these systems work, but that is both the good news and the bad news."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Larry Seltzer - UBM Tech
50%
50%
Larry Seltzer - UBM Tech,
User Rank: Apprentice
12/19/2012 | 4:51:16 PM
re: U.S. Creates System To Look For 'Future Crimes'
I understand the concern, but privacy advocates get tunnel vision a lot. Many security experts will say that the real answer to terrorist threats is better intelligence rather than having us throw out nail clippers and take off our shoes.-á

And what kind of data are we talking about here? I'm actually less concerned about the government having data like this than I am about the possibility that it will leak or be sold by insiders.
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
12/17/2012 | 4:15:51 PM
re: U.S. Creates System To Look For 'Future Crimes'
This type of surveillance on individuals makes me nervous. Readers, what do you think?
--Tim Wilson, editor, Dark Reading
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.