I made this same point after the underpants bomber event. While the government can think up new security measures, we need to recognize that the best and most effective defense will be the distributed and ubiquitous eyes on the street. To repeat, relying on people means that you have eyes everywhere and some intelligence and context assessment thrown in. Very hard and expensive to do with just technology.
Sunday, May 9, 2010
Times Sq Bomb & Crowd Sourced Security #2
Posted by
Unknown
at
8:11 AM
0
comments
Labels: openness, security, technology, web 2.0
Tuesday, January 5, 2010
Underpants Bomber & Crowd-Sourced Safety
For all the billions of dollars (and hours of time) spent on airline safety, the actual take down of Umar Farouk Abdulmutallab was by people in the plane. It was adjacent people, using common sense and common reactions, that foiled the plan.
It occurs to me that we could think of this from the crowd sourcing perspective. It is crowd-sourced safety.
Fifty million people flew last year. That is fifty million potential watchdogs and actors. We could decide that only 10 percent of that population would be competent to act, still pretty good and likely enough.
If you see something, DO something.
Do I really think that civilians should be trained to disarm terrorists in flight? No. But it does seem to me that these passengers are likely one of the best lines of defense. Isn’t this what happened with the plane that was forced to crash into the ground, instead of into a building (the Whitehouse?)in a Pennsylvania field in 2001?
This the similar lesson for emergency communications. After Katrina, we understood that what was really needed was existing on-the-ground communications, owned, operated, and understood by regular people.
The experts aren’t everywhere. In fact, we can know with a pretty high probability that they won’t be where an emergency event is. Haven’t we spent time teaching everyday people how to do CPR and the Heimlich maneuver?
Homeland Security might think about a different approach.
Posted by
Unknown
at
3:01 PM
5
comments
Labels: mesh networking, security, technology
Tuesday, October 16, 2007
Congestion pricing poses a threat to locational privacy.
What this means and why you should care
Q: What does "locational privacy" mean?
A: "Locational privacy" means the ability to walk in public space and drive on public roads with the expectation that one's movements are not being tracked or recorded for later analysis.
Q: How will congestion pricing violate my locational privacy?
A: Congestion pricing systems track drivers in order to charge them for their road usage. In practice, congestion pricing systems use pervasive networks of cameras and electronic tag readers to charge drivers and catch violators. Some proposed systems require a GPS transmitter in every car to assess charges based on the car's recorded path. Almost all of the designs in use or under consideration require the tolling authority to build a giant database of tracking information that includes data for each driver who uses the congestion pricing zone.
Q: Aren't law enforcement agencies allowed to track my movements already? How is congestion pricing different?
A: The police have limited resources to devote to tracking your movements. As a consequence, they can't afford to track very many people at once. Besides, it's hard for the police to track you without your knowledge -- even if an unmarked car is following you, you'll probably become aware of it sooner or later. With a congestion pricing system, by contrast, a widespread network of inexpensive data-collection devices silently records everyone's movements in a central log, without anyone noticing. This quantitative difference in the ease of tracking and exploiting the collected data creates a huge qualitative difference in the tracking's impact. It's like wiretapping: there's a critical qualitative difference between single wiretaps that require a court order and disclosure, and the government secretly recording all phone calls for subsequent analysis.
Q: Don't EZ-Pass and similar existing electronic tolling systems already violate my locational privacy this way?
A: YES! The tolling data collected by EZ-Pass is linked to a credit card account (without being encoded to protect your privacy) and then stored in a single central location. In contrast, "electronic cash''-based highway tolling systems which preserve locational privacy have been deployed in the past, but are not widespread today.
Q: Won't the government keep the data safe and delete it as soon as it's no longer needed?
A: No. Many states keep EZ-Pass tolling data indefinitely, for example, and such data has already been (successfully) subpoenaed for use in divorce cases. Tolling authorities will be tempted to keep the data for ostensibly reasonable "law and order'' purposes.
Q: What kinds of tracking data misuse should we be afraid of?
A: It's easy to imagine civil-rights abuses based on data-mining. For instance, people who are tracked driving to a mosque might be referred to the FBI for careful observation. People who are tracked visiting the Riverdale Democratic clubhouse could be singled out for audits by the IRS. Neither of these examples is farfetched --- reports of officers recording the license plate numbers of cars parked at mosques are fairly widespread, and All Souls church in Pasadena was investigated by the IRS and threatened with revocation of its tax-exempt status based on an anti-war sermon delivered in 2004. And of course, such data could be used to pursue illegal immigrants. In addition to actual government abuses, the reasonable fear that visits to such locations might be tracked, stored and used later could have a chilling effect on legitimate political and religious expression.
Q: I frequently provide a lot of identifying information about my physical location --- for instance, to my credit card company. Why is this any worse?
A: It's hard to interact with the modern financial world without leaving a trace. And if you have a cell phone, you're probably already trackable by your cell phone company. But that doesn't make it right. The slow but steady erosion of locational privacy is a good reason to be concerned about further loss of privacy. Anyway, if you're worried about privacy, it's much easier to switch to cash, or turn off your cell phone occasionally, than to stop driving. Furthermore, these two examples involve the use of your data by private corporations, which -- unlike the government -- have no power to arrest you or take away your rights.
Q: Pervasive tracking of all vehicles will provide needed security in this age of terrorism. Shouldn't we be willing to sacrifice this kind of privacy for security?
A: No. We should no more have to sacrifice locational privacy for security than we should have to consent to the deprivation of any other rights. Residents of former Eastern bloc countries have written eloquently about the horrors of pervasive monitoring and surveillance. Even if it were reasonable to have cameras constantly watching high-risk areas (Wall Street, courthouses, and so forth), congestion pricing will cover the city and eventually the whole metropolitan area, and pervasive surveillance everywhere is fundamentally incompatible with a free and democratic society.
Q: Driving is privilege, not a right. Why shouldn't we demand the sacrifice of privacy in return for that privilege?
A: Particularly in areas that are poorly served by mass transit, it's such a hardship to refrain from driving that there's no reasonable way to opt out. In those situations, this proposition is coercive. As an analogy, suppose we demanded that people whose homes are connected to public sewer lines allow cameras in their bathrooms to track water usage. But there's really no need to use cameras for the purpose of monitoring water usage --- and the same is true of congestion pricing (see the next question).
Q: But we need congestion pricing systems to alleviate downtown traffic problems. What alternatives do we have?
A: There are ways of designing congestion pricing systems that preserve locational privacy! Using modern cryptography, a congestion pricing system could simultaneously protect our locational privacy and allow tolling authorities to collect revenue. This is the same technology that makes it safe to use ATMs or buy things online. See our other documents for more information on how this could work.
Authors of this posting are Andrew J. Blumberg, Department of Mathematics, Stanford University, Stanford, CA 94305, email blumberg @ math.stanford.edu and Robin Chase, Meadow Networks, email robin @ meadownetworks.com
Posted by
Unknown
at
6:46 PM
8
comments
Labels: congestion pricing, EZ pass, privacy, security