Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

12/14/2012
07:04 PM
50%
50%

U.S. Creates System To Look For 'Future Crimes'

In March, the United States granted counterterrorism officials the ability to hold data on Americans for up to five years. Now, the controversy surrounding the data-analysis program has come to light

The U.S. government green-lighted a program in March to retain data on U.S. citizens for up to five years as part of a counterterrorism monitoring and analysis effort, despite privacy concerns raised by high-ranking homeland-security and justice officials.

The concerns, first reported in The Wall Street Journal this week, suggest that the National Counterterrorism Center (NCTC) is trying to build an extensive monitoring system that can find terrorists using large datasets. Established in 2004, the NCTC brings together analysts from a variety of agencies and tasks them with sifting through intelligence reports for signs of terrorism activity.

Under the rules signed in March, the center can retain information on ordinary Americans for up to five years, even if they are not connected to terrorism or other crimes. While the monitoring system appears similar to those used by many companies to investigate compromises using forensic data, critics have worried that it undermines citizens' civil rights.

"Innocent people can be investigated and their data kept for years," said Chris Calabrese, legislative counsel for the American Civil Liberties Union, in a statement. "It can be shared with foreign governments. All of this in service of, not just terrorism investigations, but also investigations of future crimes."

Civil libertarians are not the only ones with concerns about the scope of the data collection and monitoring involved in the NCTC's analysis system. At the Department of Justice, Chief Privacy Officer Nancy Libin raised concerns, as did Mary Ellen Callahan, the former chief privacy officer of the Department of Homeland Security, according to The Wall Street Journal article.

"This is a sea change in the way that the government interacts with the general public," Callahan reportedly said.

But NCTC officials have argued that the monitoring system and analysis is not about creating a time machine to look for future crime, but to virtually go into the past and connect past actions that may have been overlooked. If an individual names a friend on a visa application, for example, and is later connected to a terrorism organization, counterterrorism officials want to be able to look back at that connection -- even it happened years ago -- and add it to the analysis, Matthew Olsen, director of the National Counterterrorism Center, told the American Bar Association (ABA) in May.

"In other words, certain data sets needed to be retained for a longer period of time in order to ensure that terrorism information was not deleted simply because its significance was not immediately apparent," he told the ABA's Standing Committee on Law and National Security in prepared remarks (PDF).

[Companies and universities look for specific algorithms that will help identify malicious insiders and compromised systems that are acting as insiders. See Analyzing Data To Pinpoint Rogue Insiders.]

The near success of Umar Farouk Abdulmutallab, popularly known as "the Underwear Bomber," in December 2009 was a wake-up call for counterterrorism intelligence analysts, Olsen said in May. While Olsen did not give examples of data points that could have been connected to catch the bomber, he stressed that the NCTC needed the ability to retain information for analysis.

Using monitoring systems to hunt down rogue actors, and even predict when employee may go rogue, has become a major initiative for the U.S. government. Following the leak of diplomatic memos from the U.S. State Department, the Pentagon created the Anomaly Detections at Multiple Scales (ADAMS) project to fund ways of detecting rogue behavior that could indicate a malicious insider.

Such projects may have an easier time pinpointing suspicious activity than network-security monitoring systems used by companies to identify potential rogue insiders by their online behavior, says Mike Lloyd, chief technology officer for RedSeal Networks.

"There is a big difference between the hackers and the terrorists," he says. "The terrorists ... would have to buy an awful lot of fertilizer, for example, to make a bomb, and that's something you can track. So it is plausible, I think, that the data mining will be more effective in counterterrorism than it is with hackers."

Today's network security monitoring systems focus on detecting anomalies that indicate a compromise of a company's systems or that hackers has access to those systems; in other words, they are looking for signs of an event that has already happened. Yet, by combining the analysis of big data with intelligence on the threats affecting an industry or community, companies are increasingly looking to detect potential attacks.

Such systems, however, require that companies and the federal government use them responsibly. Of the two, companies may be the more responsible, says Lloyd, because they are required to follow the privacy laws of the countries in which they operate. Some nations, such as those in Europe, are much stricter than the United States, he says.

In developing its monitoring system for detecting signs of terrorism, the U.S. government should look at strong safeguards, he says.

"Having this technology and having the ability to use it safely are really two different things," says Lloyd. "I think these systems work, but that is both the good news and the bad news."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Larry Seltzer - UBM Tech
50%
50%
Larry Seltzer - UBM Tech,
User Rank: Apprentice
12/19/2012 | 4:51:16 PM
re: U.S. Creates System To Look For 'Future Crimes'
I understand the concern, but privacy advocates get tunnel vision a lot. Many security experts will say that the real answer to terrorist threats is better intelligence rather than having us throw out nail clippers and take off our shoes.-

And what kind of data are we talking about here? I'm actually less concerned about the government having data like this than I am about the possibility that it will leak or be sold by insiders.
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
12/17/2012 | 4:15:51 PM
re: U.S. Creates System To Look For 'Future Crimes'
This type of surveillance on individuals makes me nervous. Readers, what do you think?
--Tim Wilson, editor, Dark Reading
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.