Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

12/14/2012
07:04 PM
50%
50%

U.S. Creates System To Look For 'Future Crimes'

In March, the United States granted counterterrorism officials the ability to hold data on Americans for up to five years. Now, the controversy surrounding the data-analysis program has come to light

The U.S. government green-lighted a program in March to retain data on U.S. citizens for up to five years as part of a counterterrorism monitoring and analysis effort, despite privacy concerns raised by high-ranking homeland-security and justice officials.

The concerns, first reported in The Wall Street Journal this week, suggest that the National Counterterrorism Center (NCTC) is trying to build an extensive monitoring system that can find terrorists using large datasets. Established in 2004, the NCTC brings together analysts from a variety of agencies and tasks them with sifting through intelligence reports for signs of terrorism activity.

Under the rules signed in March, the center can retain information on ordinary Americans for up to five years, even if they are not connected to terrorism or other crimes. While the monitoring system appears similar to those used by many companies to investigate compromises using forensic data, critics have worried that it undermines citizens' civil rights.

"Innocent people can be investigated and their data kept for years," said Chris Calabrese, legislative counsel for the American Civil Liberties Union, in a statement. "It can be shared with foreign governments. All of this in service of, not just terrorism investigations, but also investigations of future crimes."

Civil libertarians are not the only ones with concerns about the scope of the data collection and monitoring involved in the NCTC's analysis system. At the Department of Justice, Chief Privacy Officer Nancy Libin raised concerns, as did Mary Ellen Callahan, the former chief privacy officer of the Department of Homeland Security, according to The Wall Street Journal article.

"This is a sea change in the way that the government interacts with the general public," Callahan reportedly said.

But NCTC officials have argued that the monitoring system and analysis is not about creating a time machine to look for future crime, but to virtually go into the past and connect past actions that may have been overlooked. If an individual names a friend on a visa application, for example, and is later connected to a terrorism organization, counterterrorism officials want to be able to look back at that connection -- even it happened years ago -- and add it to the analysis, Matthew Olsen, director of the National Counterterrorism Center, told the American Bar Association (ABA) in May.

"In other words, certain data sets needed to be retained for a longer period of time in order to ensure that terrorism information was not deleted simply because its significance was not immediately apparent," he told the ABA's Standing Committee on Law and National Security in prepared remarks (PDF).

[Companies and universities look for specific algorithms that will help identify malicious insiders and compromised systems that are acting as insiders. See Analyzing Data To Pinpoint Rogue Insiders.]

The near success of Umar Farouk Abdulmutallab, popularly known as "the Underwear Bomber," in December 2009 was a wake-up call for counterterrorism intelligence analysts, Olsen said in May. While Olsen did not give examples of data points that could have been connected to catch the bomber, he stressed that the NCTC needed the ability to retain information for analysis.

Using monitoring systems to hunt down rogue actors, and even predict when employee may go rogue, has become a major initiative for the U.S. government. Following the leak of diplomatic memos from the U.S. State Department, the Pentagon created the Anomaly Detections at Multiple Scales (ADAMS) project to fund ways of detecting rogue behavior that could indicate a malicious insider.

Such projects may have an easier time pinpointing suspicious activity than network-security monitoring systems used by companies to identify potential rogue insiders by their online behavior, says Mike Lloyd, chief technology officer for RedSeal Networks.

"There is a big difference between the hackers and the terrorists," he says. "The terrorists ... would have to buy an awful lot of fertilizer, for example, to make a bomb, and that's something you can track. So it is plausible, I think, that the data mining will be more effective in counterterrorism than it is with hackers."

Today's network security monitoring systems focus on detecting anomalies that indicate a compromise of a company's systems or that hackers has access to those systems; in other words, they are looking for signs of an event that has already happened. Yet, by combining the analysis of big data with intelligence on the threats affecting an industry or community, companies are increasingly looking to detect potential attacks.

Such systems, however, require that companies and the federal government use them responsibly. Of the two, companies may be the more responsible, says Lloyd, because they are required to follow the privacy laws of the countries in which they operate. Some nations, such as those in Europe, are much stricter than the United States, he says.

In developing its monitoring system for detecting signs of terrorism, the U.S. government should look at strong safeguards, he says.

"Having this technology and having the ability to use it safely are really two different things," says Lloyd. "I think these systems work, but that is both the good news and the bad news."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Larry Seltzer - UBM Tech
50%
50%
Larry Seltzer - UBM Tech,
User Rank: Apprentice
12/19/2012 | 4:51:16 PM
re: U.S. Creates System To Look For 'Future Crimes'
I understand the concern, but privacy advocates get tunnel vision a lot. Many security experts will say that the real answer to terrorist threats is better intelligence rather than having us throw out nail clippers and take off our shoes.-

And what kind of data are we talking about here? I'm actually less concerned about the government having data like this than I am about the possibility that it will leak or be sold by insiders.
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
12/17/2012 | 4:15:51 PM
re: U.S. Creates System To Look For 'Future Crimes'
This type of surveillance on individuals makes me nervous. Readers, what do you think?
--Tim Wilson, editor, Dark Reading
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing Writer,  5/28/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13817
PUBLISHED: 2020-06-04
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attac...
CVE-2020-13818
PUBLISHED: 2020-06-04
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
CVE-2020-6640
PUBLISHED: 2020-06-04
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.
CVE-2020-9292
PUBLISHED: 2020-06-04
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
CVE-2019-16150
PUBLISHED: 2020-06-04
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded ...