[Infowarrior] - From Casinos to Counterterrorism

[Richard Forno]

>From Casinos to Counterterrorism
Las Vegas Surveillance, U.S. Security Efforts Involve Similar Tactics

http://www.washingtonpost.com/wp-dyn/content/article/2007/10/21/AR2007102101
522_pf.html

By Ellen Nakashima
Washington Post Staff Writer
Monday, October 22, 2007; A01

LAS VEGAS -- This city, famous for being America's playground, has also
become its security lab. Like nowhere else in the United States, Las Vegas
has embraced the twin trends of data mining and high-tech surveillance, with
arguably more cameras per square foot than any airport or sports arena in
the country. Even the city's cabs and monorail have cameras. As the U.S.
government ramps up its efforts to forestall terrorist attacks, some privacy
advocates view the city as a harbinger of things to come.

In secret rooms in casinos across Las Vegas, surveillance specialists are
busy analyzing information about players and employees. Relying on thousands
of cameras in nearly every cranny of the casinos, they evaluate suspicious
behavior. They ping names against databases that share information with
other casinos, sometimes using facial-recognition software to validate a
match. And in the marketing suites, casino staffers track players' every
wager, every win or loss, the better to target high-rollers for special
treatment and low- and middle-rollers for promotions.

"You could almost look at Vegas as the incubator of a whole host of
surveillance technologies," said James X. Dempsey, policy director for the
Center for Democracy and Technology. Those technologies, he said, have
spread to other commercial venues: malls, stadiums, amusement parks.

And although that is "problematic," he said, "the spread of the techniques
to counterterrorism is doubly worrisome. Finding a terrorist is much harder
than finding a card counter, and the consequences of being wrongly labeled a
terrorist are much more severe than being excluded from a casino."
Eyes in the Sky

The casino industry, like the national security industry, is seeking
information to answer a fundamental question: Who are you?

"It's, are you a good guy or a bad guy? A threat or a non-threat?" explained
Derk Boss, the vice president for surveillance for the Stratosphere hotel
and casino, whose crew operates under what he calls the IOU system:
Identify, Observe and Understand.

"There are going to be people that just want to come and gamble and enjoy
your services," he said. "And there are going to be people that are going to
come to take your money. Our job is to distinguish between those two
groups."

In the surveillance room, 50 monitors are linked to 2,000 cameras, from the
casino entrance to the tower observation deck. Two employees keep an eye on
the monitors. Guests are on camera from the moment they enter -- except in
their rooms and in bathrooms. An investigator tracking a suspect could go
back and review old tape, assembling a mosaic of a visitor's moves for the
past two weeks.

What happens in Vegas does indeed stay in Vegas -- for a lot longer than
most patrons realize.

On a recent Friday night, the surveillance team at the Stratosphere is
watching a casino host they suspect of handing out unwarranted "comps," or
vouchers for free rooms and meals to guests. Might he be taking kickbacks?

Down on the floor, the pit boss is observing players, looking for "tells" --
behavioral signs of cheaters or other undesirables. The night before,
investigators identified a blackjack player as a card counter. Casinos
dislike card counters because they can determine when the cards are to their
advantage and raise their bets accordingly. When the pit boss told the card
counter he could bet only the minimum amount, he cashed in his chips and
left.

While casinos have been monitoring suspicious behavior for years, the
Department of Homeland Security is just now deploying specially trained
officers to look for behavioral clues and facial expressions.

Casinos have tried to use facial-recognition software to identify known
cheats in real time, but with little success. Casino lighting is often dim,
and a player who wants to conceal his identity can hide behind a hat,
sunglasses or a false beard.

But in a few years, some say, iris-scan technology will be mature enough to
use in gaming. Casinos might ask people to sit for a scan of the iris,
which, like a fingerprint, has a unique pattern. That pattern would be
transformed into a template to be matched against a database.

After Sept. 11, 2001, several airports tested facial-recognition software,
with little success. But the government is continuing to invest in biometric
technologies, and the military already uses iris scans on suspects captured
in Iraq and Afghanistan.
Following the Links

On occasion, national security and casino security interests directly
intersect. Jeff Jonas discovered that after he developed a computer program
for the casino industry that helps detect cheats using aliases.

A 43-year-old technology visionary and high-school dropout, Jonas soon
realized that his system could also identify employees colluding with
gamblers, say, by discovering that they share a home address. He calls his
program NORA -- for Non-Obvious Relationship Awareness.

Every time a player registers for a loyalty card or a hotel room, Jonas
explained from his lab near the Strip, the player's name, address and other
data are sent to NORA. Also in the casinos' NORA database is information
about employees and vendors.

NORA can spot links that a casino employee probably would never discover,
such as a phone number shared by two different names, Jonas said. It once
identified a casino promotions director who picked a winning ticket that
belonged to her sister, he said.

The idea was so powerful that the CIA's private investment arm, In-Q-Tel,
poured more than $1 million into NORA to help root out corruption in federal
agencies. Then, after the Sept. 11 attacks, it became clear that link
analysis could be useful in tracking terrorist networks.

In 2002, Jonas shared his technology with Pentagon officials, who were
researching a more controversial technique called pattern-based data mining.
Their aim was to identify terror networks from patterns of behavior, by
plowing through vast beds of data such as hotel, flight and rental-car
reservations. Jonas, now an IBM chief scientist, said narrowly focused link
analysis is less invasive because it starts with a known suspect rather than
casting about in the general population.

At the U.S. Treasury's Financial Crimes Enforcement Network, for example,
investigators have used link analysis to track money laundering. From one
Suspicious Activity Report -- which financial institutions are required to
send to the government -- they have identified a money launderer's partners
in crime. FinCEN has a decade's worth of data on 170 million report forms.
"We find a tremendous amount of connectivity," said Steve Hudak, FinCEN
spokesman. "We find suspects linked by addresses, suspects linked by phone
numbers. So we definitely know that these people are operating together."

But privacy advocates warn that the farther it moves from the suspect, the
more likely link analysis is to snare innocent people.
Chips Tracking Chips

Rolland Steil moves a stack of 34 casino chips across the felt of a baccarat
table. On a monitor linked to the table in this desert laboratory, 34
numbers pop up. Each chip is embedded with a radio frequency identification
(RFID) chip that enables the casino to track how much money is being wagered
on this roulette number or that baccarat spot.

Steil, a product manager for Progressive Gaming International, which
developed the chips, expects all casinos to use RFID-enabled chips soon --
to detect counterfeiters, to keep track of chip flow at tables, to know
instantly how much a player has bet, won or lost.

"We're providing so much data to the casinos, they're drooling for it," he
said.

In the outside world, counterterrorism and Homeland Security officials are
looking for ways RFID technology can help them, too. RFID chips are in new
passports, EZPasses, credit cards and building passes. Soon they might be in
clothing.

All this electronic data is trackable, as are text messages sent from
cellphones or instant messages from laptops. Following the trail could
uncover a terrorist network.

Or an innocent group of, say, bird-watchers.

"We often hear of the surveillance technology du jour, but what we're seeing
now in America is a collection of surveillance technologies that work
together," said Barry Steinhardt, the American Civil Liberties Union's
technology and liberty project director. "It isn't just video surveillance
or face recognition or license plate readers or RFID chips. It's that all
these technologies are converging to create a surveillance society."
'We Know Who You Are'

Under the elegant chandeliers at Caesars Palace, 10,000 people a day
willingly give up personal information -- name, address, birthday -- and
allow their gambling habits to be tracked so they can win free hotel rooms
and show tickets. In nearly a decade, 40 million have signed up for Harrah's
Total Rewards loyalty card.

Harrah's Entertainment, owner of Ceasars Palace and the industry leader in
data mining for marketing, can then customize the gambler's experience. A
guest celebrating her birthday might insert her card in a slot machine and
be surprised by a promotions manager bearing a birthday card and a cookie.

"It's really about, how do we convince these people to be more loyal and
give them a sense of 'We know who you are,' " said David W. Norton, senior
vice president at Harrah's.

Guests may or may not see that as a good thing.

In December 2003, faced with a warning that terrorists were about to attack
Las Vegas, the FBI asked hotels, rental-car agencies and airlines for
customer data. Some balked, but others produced the data, sometimes
voluntarily, sometimes when presented with a subpoena.

The data sweep turned up no leads. One gambler who was there at the time
said he approved of the tactic. "The only people who have anything to worry
about are the people who have something to hide," said Dale Weinstein, a Los
Angeles media market consultant sitting at a Caesar's Palace slot machine
where he had just won a $2,000 jackpot.

But for David Richardson, a real estate inspector from in Upstate New York,
the data gathering crossed a line. "They have no right to get in your
shorts," he said, strolling between casinos. "It's all about gathering
personal information, which I'm not so crazy about the government knowing.
It's none of their business."
Below the Radar

Despite all the high-tech gizmos, some casino targets still slip through.

On a Sunday afternoon, Mike Aponte slides onto a stool at a blackjack table
in a medium-size casino on the Strip and lays $300 on the felt. Aponte draws
little notice in a town filled with droves of other Asian gamblers.

Both the dealer and floor manager urge him to sign up for a player's card.
He demurs. Within 15 minutes, he's up by $700.

At one point, Aponte has a 12, with the dealer showing a 3. Basic strategy
dictates that Aponte should take another card. But he has been counting and
knows mostly high cards are left, so he has a good chance of busting. He
stands, the dealer busts and he wins the hand.

An hour and 15 minutes later, Aponte cashes in, $500 richer.

No one realizes it at this casino, but Aponte is a veteran of the
card-counting team of math whizzes from the Massachusetts Institute of
Technology. The team reportedly took more than $10 million from casinos in
its heyday from 1994 to 2000.

Aponte has been barred from more than 100 casinos in the United States and a
few overseas. In St. Kitts, he said, he was recognized by a Biometrica
database, and now he avoids the biggest, most modern casinos.

The team's No. 1 downfall, he said, was information sharing. Once the
members' faces began showing up in databases, their days were numbered.