Reconnaissance Gone Retail and Security - A Challenging Duality
Reconnaissance has “gone retail.” Capabilities that used to be the costly province of nation states have been democratized.
Communications technologies have become so pervasive that a newborn's first pictures are likely to be transmitted wirelessly within moments of birth, arriving at beaming grandparents half a world away within seconds, if not in real-time.
Smart phones, digital cameras, and netbooks, are only the most recent signposts on a road of information fluidity.
Life can certainly be more pleasant and entertaining when distant events are no longer distant; when a child's birth or first steps can be shared with friends and family half a world away in mere seconds.
At a recent security conference in Tel Aviv, Yuval Diskin, the Director of Shin Beth, an Israeli intelligence agency, recently observed:“Intelligence once enjoyed only by countries and world powers can now be obtained through Internet systems like Google Earth, Internet cameras that are deployed all over the world and linked to the Web, or applications for IPhone [sic] devices that allow for quality intelligence to be received in real-time.”
Director Diskin has a point, albeit this djinni escaped its bottle long before the most recent cavalcade of portable electronic devices and network connectivity.
I noted that connectivity, accessibility and computing power created a collation hazard in 1995.
In 2002, I noted a corollary of this: that the costs of data collection and correlation had decreased dramatically, from the scale of a nation state to the retail level, exposing people to hazards previously feasible, but uneconomically unviable (e.g., the 1989 murder of actress Rebecca Shaeffer by an obsessed stalker who located her residence from then easily available public motor vehicle records).
Intent is difficult, if not impossible to determine. Nature is always impartial. Physics rules with draconian impartiality.
This underlies a duality that many find troubling: Connectivity brings us closer together, both friend and foe. Our great-grandparents waited anxiously for letters to arrive bearing the first pictures of a new grandchild; often weeks after the birth.
Today, the time span of anxiety is reduced to mere minutes, practically the interval between labor contractions.
This is the dilemma to which Director Diskin refers: the same technology that brings families closer together for the birth of a child, can just as easily be used to celebrate terrorism and other far less peaceful pursuits.
Recently, I had to visit someone in a nearby major hospital center. Just a few years ago, the possession of a notebook computer would have been cause for a cautionary warning that electronic devices are not allowed within the building.
Now, much, if not all of the facility is equipped with Wi-Fi, and there is an unencrypted Wi-Fi available for patients and visitors. I am almost certain that this is not merely altruism.
I expect that the connectivity provided to patients and visitors is, in effect, spare bandwidth from a properly encrypted co-network, one that directly supports patient care.[4,5]
Yet another example of the economics of the cloud; otherwise unused capacity is used for a purpose, rather than simply being discarded.
As a result, families can share precious moments with others at the press of a button. No longer is the hospital an isolating experience.
Indeed, as a visitor, I was able to use my waiting time somewhat productively, securely connected back to my office through my wireless card and virtual private network.
Regrettably, there are no good answers to the concerns raised by Director Diskin. There is no a priori way to differentiate between pictures of new homes or cars, and a pre-attack reconnaissance of the same by a terrorist group.
In the recent Mumbai attack, terrorists are reported to have used communications devices to coordinate or receive instructions; but these same communications channels were also separately being used by civilians to communicate their location for rescue, yet another example of how communications are neutral.
Reuters (2010, November 1) “Google Earth and iPhone Trouble Israeli Security Chief” The New York Times
 Robert Gezelter (1995) “Security on the Internet”, Chapter 23 in Computer Security Handbook, Third Edition, pp 23-6, et seq.
 Ibid (2002) “Protecting Web Sites”, Chapter 22 in Computer Security Handbook, Fourth Edition, pp 22-20, et seq.
 Ibid (2003, June) “Internet Dial Tones & Firewalls: One Policy Does Not Fit All” Charleston, South Carolina chapter of the IEEE Computer Society.
 Ibid (2007) “Safe Computing in the Age of Ubiquitous Connectity”, Long Island Science Applications Technology 2007 ReferencesSeymour Bosworth and Michel Kabay (2002) Computer Security Handbook, Fourth Edition WileyRobert Gezelter (1995) “Security on the Internet” (Chapter 23) in Computer Security Handbook, Third Edition Wiley(2003) “Internet Dial Tones & Firewalls: One Policy Does Not Fit All” Charleston, South Carolina chapter of the IEEE Computer Society. Slides retrieved from http://www.rlgsc.com/ieee/charleston/2003-6/internetdial.html on November 2, 2010Ibid (2007) “Safe Computing in the Age of Ubiquitous Connectity”, Long Island Science Applications Technology 2007. Retrieved from http://www.rlgsc.com/ieee/longisland/2007/ubiquitous.html on November 2, 2010Ibid (2009, December 9) “Networks Placed At Risk: By Their Providers” Ruminations - An IT Blog Retrieved from http://www.rlgsc.com/blog/ruminations/networks-placed-at-risk.html on November 2, 2010Ibid (2010, March 31) “Will Long Term Dynamic Address Allocation Record Retention Help or Hurt?” Ruminations - An IT Blog Retrieved from http://www.rlgsc.com/blog/ruminations/retain-dynamic-address-allocation-logs.html on November 2, 2010Ibid (2010, May 25) “New IRS Reporting Requirements Have Implications for Business Large and Small” Ruminations - An IT Blog Retrieved from http://www.rlgsc.com/blog/ruminations/new-irs-reporting-requirements.html on November 2, 2010Ibid (2010, August 31) “GPS Recorders and Law Enforcement Accountability” Ruminations - An IT Blog Retrieved from http://www.rlgsc.com/blog/ruminations/gps-and-law-enforcement-accountability.html on November 2, 2010Ibid (2010, October 25) “Google Street View and Unencrypted Wi-Fi: Not a Hazard” Ruminations - An IT Blog Retrieved from http://www.rlgsc.com/blog/ruminations/google-street-view-and-unencrypted-wifi.html on November 2, 2010Arthur Hutt, Seymour Bosworth, and Douglas Hoyt (1995) Computer Security Handbook, Third Edition WileyReuters (2010, November 1) “Google Earth and iPhone Trouble Israeli Security Chief” The New York Times. Retrieved from http://www.nytimes.com/reuters/2010/11/01/technology/tech-us-israel-security.html on November 2, 2010
Reproduced from Reconnaissance Gone Retail and Security: A Challenging Duality, an entry in Ruminations -- An IT Blog by Robert Gezelter. Copyright (c) 2010, Robert Gezelter. Unlimited Reproduction permitted with attribution.Note: the views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post. Infosec Island reserves the right to remove or edit the content of all material submitted by our members.