[Infowarrior] - Surveillance made easy

Richard Forno rforno at infowarrior.org
Mon Aug 25 03:16:53 UTC 2008 

http://technology.newscientist.com/channel/tech/dn14591-surveillance-made-easy.html

Surveillance made easy

     * 09:00 23 August 2008
     * NewScientist.com news service
     * Laura Margottini


"THIS data allows investigators to identify suspects, examine their  
contacts, establish relationships between conspirators and place them  
in a specific location at a certain time."

So said the UK Home Office last week as it announced plans to give law- 
enforcement agencies, local councils and other public bodies access to  
the details of people's text messages, emails and internet activity.  
The move followed its announcement in May that it was considering  
creating a massive central database to store all this data, as a tool  
to help the security services tackle crime and terrorism.

Meanwhile in the US the FISA Amendments Act, which became law in July,  
allows the security services to intercept anyone's international phone  
calls and emails without a warrant for up to seven days. Governments  
around the world are developing increasingly sophisticated electronic  
surveillance methods in a bid to identify terrorist cells or spot  
criminal activity.

However, technology companies, in particular telecommunications firms  
and internet service providers, have often been criticised for  
assisting governments in what many see as unwarranted intrusion, most  
notably in China.

Now German electronics company Siemens has gone a step further,  
developing a complete "surveillance in a box" system called the  
Intelligence Platform, designed for security services in Europe  
andAsia. It has already sold the system to 60 countries.

According to a document obtained by New Scientist, the system  
integrates tasks typically done by separate surveillance teams or  
machines, pooling data from sources such as telephone calls, email and  
internet activity, bank transactions and insurance records. It then  
sorts through this mountain of information using software that Siemens  
dubs "intelligence modules".

This software is trained on a large number of sample documents to pick  
out items such as names, phone numbers and places from generic text.  
This means it can spot names or numbers that crop up alongside anyone  
already of interest to the authorities, and then catalogue any  
documents that contain such associates.

Once a person is being monitored, pattern-recognition software first  
identifies their typical behaviour, such as repeated calls to certain  
numbers over a period of a few months. The software can then identify  
any deviations from the norm and flag up unusual activities, such as  
transactions with a foreign bank, or contact with someone who is also  
under surveillance, so that analysts can take a closer look.

Included within the package is a phone call "monitoring centre",  
developed by the joint-venture company Nokia Siemens Networks.

However, it is far from clear whether the technology will prove  
accurate. Security experts warn that data-fusion technologies tend to  
produce a huge number of false positives, flagging up perfectly  
innocent people as suspicious.
"These systems tend to produce false positives, flagging up innocent  
people as suspicious"

"Combining two different sources of data has the tendency to increase  
your false-positive rate or your false-negative rate," says Ross  
Anderson, a computer security engineer at the University of Cambridge.  
"If you're looking for burglars in a run-down district where 50 per  
cent of men have a criminal conviction, you may find plenty. But if  
you're trying to find terrorists among airline passengers - where they  
are extremely rare - then almost all your hits will be false."

Computer security expert Bruce Schneier agrees. "Currently there are  
no good patterns available to recognise terrorists," he says, and  
questions whether Siemens has got around this.

Whatever the level of accuracy, human rights advocates are concerned  
that the system could give surveillance-hungry repressive regimes a  
ready-made means of monitoring their citizens. Carole Samdup of the  
organisation Rights and Democracy in Montreal, Canada, says the system  
bears a strong resemblance to the Chinese government's "Golden Shield"  
concept, a massive surveillance network encompassing internet and  
email monitoring as well as speech and facial-recognition technologies  
and closed-circuit TV cameras.

In 2001, Rights and Democracy raised concerns about the potential for  
governments to integrate huge information databases with real-time  
analysis to track the activities of individuals. "Now in 2008 these  
very characteristics are presented as value-added selling points in  
the company advertisement of its product," Samdup says.

In June, the PRISE consortium of security technology and human-rights  
experts, funded by the European Union (EU), submitted a report to the  
European Commission asking for a moratorium on the development of data- 
fusion technologies, referring explicitly to the Siemens Intelligence  
Platform.

"The efficiency and reliability of such tools is as yet unknown," says  
the report. "More surveillance does not necessarily lead to a higher  
level of societal security. Hence there must be a thorough examination  
of whether the resulting massive constraints on human rights are  
proportionate and justified."

Nokia Siemens says 90 of the systems are already being used around the  
world, although it hasn't specified which countries are using it. A  
spokesman for the company said, "We implement stringent safeguards to  
prevent misuse of such systems for unauthorised purposes. In all  
countries where we operate we do business strictly according to the  
Nokia Siemens Networks standard code of conduct and UN and EU export  
regulations."

Samdup argues that such systems should fall under government controls  
that are imposed on "dual-use" goods - systems that could be used both  
for civil and military purposes. Security technologies usually escape  
these controls. For example, the EU regulation on the export and  
transfer of dual-use technology does not include surveillance and  
intelligence technologies on the list of items that must be checked  
and authorised before they are exported to certain countries.

The problem is that surveillance technologies have developed so  
rapidly that they have outpaced developments in export controls, says  
Samdup. "In many cases politicians, policy-makers and human-rights  
organisations lack the technical expertise to adequately assess the  
impact that such technology could have when it is exported to  
repressive regimes."

More information about the Infowarrior mailing list