As we think about the postmortem on security procedures following from the Boston Marathon attack and plan on new procedures, Bruce Schneier has some crucial security design advice: don't forget transparency and accountability. Without these two crucial elements, security can't work:
Long ago, we realized that simply trusting people and government agencies to always do the right thing doesn't work, so we need to check up on them. In a democracy, transparency and accountability are how we do that. It's how we ensure that we get both effective and cost-effective government. It's how we prevent those we trust from abusing that trust, and protect ourselves when they do. And it's especially important when security is concerned.
First, we need to ensure that the stuff we're paying money for actually works and has a measureable impact. Law-enforcement organizations regularly invest in technologies that don't make us any safer. The TSA, for example, could devote an entire museum to expensive but ineffective systems: puffer machines, body scanners, FAST behavioral screening, and so on. Local police departments have been wasting lots of post-9/11 money on unnecessary high-tech weaponry and equipment. The occasional high-profile success aside, police surveillance cameras have been shown to be a largely ineffective police tool.
Sometimes honest mistakes led organizations to invest in these technologies. Sometimes there's self-deception and mismanagement -- and far too often lobbyists are involved. Given the enormous amount of security money post-9/11, you inevitably end up with an enormous amount of waste. Transparency and accountability are how we keep all of this in check.
Second, we need to ensure that law enforcement does what we expect it to do and nothing more. Police powers are invariably abused. Mission creep is inevitable, and it results in laws designed to combat one particular type of crime being used for an ever-widening array of crimes. Transparency is the only way we have of knowing when this is going on.
Transparency and Accountability Don't Hurt Security—They're Crucial to It
Bruce Schneier has a great op-ed on CNN on why it's stupid to talk about whether the FBI should have "connected the dots" on the Boston bomber. As Bruce points out, it's only in hindsight that there's a neat trail of dots to connect, a narrative we can make sense of. Before the fact, it's a hairy, swirling hotchpotch of mostly irrelevancies, and it's only the "narrative fallacy" that makes it seem like a neat story in retrospect. The risk here is that intelligence agencies and the press will push this fallacy as grounds for taking away more rights and more privacy in order to "connect the dots" next time.
Rather than thinking of intelligence as a simple connect-the-dots picture, think of it as a million unnumbered pictures superimposed on top of each other. Or a random-dot stereogram. Is it a sailboat, a puppy, two guys with pressure-cooker bombs or just an unintelligible mess of dots? You try to figure it out.
It's not a matter of not enough data, either.
Piling more data onto the mix makes it harder, not easier. The best way to think of it is a needle-in-a-haystack problem; the last thing you want to do is increase the amount of hay you have to search through.
The television show "Person of Interest" is fiction, not fact.
There's a name for this sort of logical fallacy: hindsight bias.
Why FBI and CIA didn't connect the dots
(Image: connect-the-dots, a Creative Commons Attribution Share-Alike (2.0) image from whitneywaller's photostream)
“We were there like that. We do this day in, day out. This is what we do. We went over and when I put that [infrared camera] on the boat, I was actually shocked that not only did I see there was a heat source, but I got a perfect human silhouette. That doesn’t happen that much.” Read more at the Boston Globe
The body of 22-year-old Sunil Tripathi was "pulled from the water off India Point Park in Rhode Island," reports USA Today
. Sunil was the student mistakenly linked to the Boston bombings by users on Reddit. "It was not immediately clear when Tripathi, who was last seen March 15, died," nor has a cause of death been determined.
"Law enforcement agencies regularly turn to sites like Websleuths.com to help crack cold cases. Maybe there’s hope for Reddit," writes Tim Murphy in a piece at Mother Jones
Redditors have, for years, worked to use the resources of crowds as a force for good. There's an entire subreddit dedicated to Redditors ordering pizzas for families and raising money for surgeries. But Boston represents a reality check. Can Reddit harness its greatest asset—the tireless brainstorming of millions—while reining in the speculative impulse that makes the site tick? And even if Reddit could solve crimes, would it be worth it?
James Surowiecki in the New Yorker
After Reddit’s attempt to find the Boston Marathon bombers turned into a major failure (for which Reddit’s general manager Erik Martin publicly apologized Monday), the over-all conclusion seems to be that the whole experiment was misguided from the start, and that the Redditors’ inability to identify the Tsarnaev brothers demonstrates the futility of using an online crowd of amateur sleuths to help with a criminal investigation. Or, as the Times’s Nick Bilton put it, “It looks as if the theory of the ‘wisdom of crowds’ doesn’t apply to terrorist manhunts.” That proposition may be true. But Reddit’s failure isn’t evidence for it.
Read the rest: "Reddit and the Marathon Bombers: The Wise Way to Crowdsource a Manhunt" [newyorker.com]
At Wired News' Danger Room, Spencer Ackerman's feature on the technology and crowdsourcing dynamics
that allowed law enforcement to identify the suspects in the Boston Marathon bombing so rapidly. "Hiding in plain sight was an ocean of data, from torrents of photography to cell-tower information to locals’ memories, waiting to be exploited." [Wired.com]
Writes Spencer Ackerman at Wired's Danger Room
: A “weapon of mass destruction” is "a very broad category under federal law. Grenades, mines, missiles and rockets all apply. So do homemade bombs of the sort Tsarnaev allegedly constructed."
Responding to claims from the mother of the two Boston bombing suspects, the FBI said today it had not been tracking her oldest son
, nor had the bureau spoken with him last week after the deadly marathon bombing. The only communication the FBI claims to have ever had with Tamerlan Tsarnaev "was an interview agents conducted with him in 2011 at the urging of a foreign government, since identified as Russia." [CNN.com]
Over at Buzzfeed, Rosie Gray seems pretty sure deceased bombing suspect Tamarlan Tsarnaev may well be responsible for a triple homicide
. Based on Instagram comments and tweets. Seems legit.
"The images captured in Boston are validation of a three-year project in St. Louis to link 150 surveillance cameras into a single security system throughout the city’s central corridor, from the riverfront to Forest Park," reports Doug Moore at stltoday.com
. This despite a statement by Boston's police chief that facial recognition technology system did not help find the suspects
. How much you wanna bet the "surveillance imaging solved this crime" argument will lead to more forceful pushes for expanded surveillance imaging in any number of other American cities? (HT: @kgosztola)
"The digital era allows no asylum from extremism, let alone from the toxic combination of high-minded zealotry and the curdled disappointments of young men."—David Remnick in The New Yorker
on the Boston bombing suspects.
Modified version of image from Dzhokhar Tsarnaev's account on Russian social network vk.com.
Below, an array of perspectives on what legal rights the 19-year-old American citizen suspected of co-executing the Boston Marathon bombings has, and whether law enforcement is obliged to honor those rights under the circumstances:
• "If captured, I hope [the] Administration will at least consider holding the Boston suspect as [an] enemy combatant for intelligence gathering purposes. If the Boston suspect has ties to overseas terror organizations he could be treasure trove of information. The last thing we may want to do is read Boston suspect Miranda Rights telling him to 'remain silent.'"—Republican senator Lindsay Graham, on Twitter.
• "There's no way an American citizen committing a domestic crime in the city of Boston could be tried as an enemy combatant. It could never happen. And that shows absolute ignorance of the law."—Alan Dershowitz, prominent defense attorney and Harvard law professor, speaking on CNN.
Read the rest
Laura Griffin collected some tweets
from apparent real-world friends of Boston Marathon bombing suspect Dzhokhar A. Tsarnaev. The post-bombing tweets "from four people who know him, and old conversations they had with him" suggest that @J_tsar
was a real Twitter account belonging to the 19-year-old suspect.