Big Brother's Database

The Salt Lake Tribune reports on the NSA's construction data storage facility in Utah.

The secretive NSA on Friday made public what has for months been Utah's worst-kept military secret: It plans to build an enormous new data center at the Utah National Guard's Camp Williams. The facility could consume as much power as every home in Salt Lake City as it processes information collected in an effort to prevent attacks on the nation's cyber networks. But only a very small slice of the information stored at the center in southern Salt Lake County will ever be scanned by human eyes. And that's the reality for most of what is collected by the nation's other spy agencies as well.

James Bamford sheds further light on this facility on the challenges faced by the NSA in the 21st century in this piece in the New York Review of Books.

Where does all this leave us? Aid concludes that the biggest problem facing the agency is not the fact that it's drowning in untranslated, indecipherable, and mostly unusable data, problems that the troubled new modernization plan, Turbulence, is supposed to eventually fix. "These problems may, in fact, be the tip of the iceberg," he writes. Instead, what the agency needs most, Aid says, is more power. But the type of power to which he is referring is the kind that comes from electrical substations, not statutes. "As strange as it may sound," he writes, "one of the most urgent problems facing NSA is a severe shortage of electrical power." With supercomputers measured by the acre and estimated $70 million annual electricity bills for its headquarters, the agency has begun browning out, which is the reason for locating its new data centers in Utah and Texas. And as it pleads for more money to construct newer and bigger power generators, Aid notes, Congress is balking.

While both these pieces raise important questions about the balance between privacy and security, they also raise important questions about the efficacy of spending so much money collecting data which is never analyzed. According to MIT defense expert Pete Rustan, who complained that "70 percent of the data we collect is falling on the floor." Bamford is right to suggest that the money spent on these collection capabilities may be better spent on other programs.

Cyberespionage Overview

An article in today's Wall Street Journal outlines evidence of a cyberespionage attack against a US technology company. According to the article,

The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing.The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are "straining the U.S. capacity to respond," the report concludes.

The report also details the techniques, tactics, and procedures of the cyberspies.

In the months leading up to the 2007 operation, cyberspies did extensive reconnaissance, identifying which employee computer accounts they wanted to hijack and which files they wanted to steal. They obtained credentials for dozens of employee accounts, which they accessed nearly 150 times.The cyberspies then reached into the company's networks using the same type of program help-desk administrators use to remotely access computers.The hackers copied and transferred files to seven servers hosting the company's email system, which were capable of processing large amounts of data quickly. Once they moved the data to the email servers, the intruders renamed the stolen files to blend in with the other files on the system and compressed and encrypted the files for export.Before exporting the data, the collection team used employee accounts to take over four desktop computers to direct the final stage of the operation.They selected at least eight U.S. computers outside the company, including two at unidentified universities, as a drop point for the stolen data before sending it overseas. The high Internet traffic volume on university networks provides excellent cover.

We will discuss the specifics of these kind of targeted cyberespionage attacks in class in the coming weeks.

The Case Against Transparency

Larry Lessig writes an interesting piece entitled Against Transparency The New Republic.

Many of the arguments made by Lessig echo many of our in class discussions. In particular, Lessig notes that transparency does not necessarily lead to greater understanding. Rather, in some cases increased transparency can lead to misunderstanding and misperception. In a world of excessive data flows it is easy to misinterpret data when the context required to understand the data is missing.

O'Harrow made a similar argument in No Place to Hide. When he noted that even when accurate data was released it could easily be misunderstood and abused. The story of the man who lost is job because his juvenile record of vandalism was released to his employer offers a case in point.

I recommend that you peruse this article prior to next weeks class when we our guest speaker Brian Drake will discuss how the government is using cloud computing and social media to increase transparency.

From Wired Magazine's 12 Shocking Ideas that Could Change the World

Want to put your doctor's stethoscope in a twist? Ask them to hand over a complete copy of your medical records. Then watch as they nervously demur, citing state laws, cost, and fuzzy hospital policies.

Jamie Heywood wants those obstacles legislated out of existence so we can access our own health data almost as easily as ordering a pizza. And he hopes consumers will in turn share that data with one another via online communities such as PatientsLikeMe, which he cofounded in 2004.

"Privacy has been used as an excuse by those who have a vested interest in hoarding this information," Heywood says. He believes that the real reason hospitals jealously guard medical records is they don't want to open themselves up to second-guessing from patients—or patients' lawyers. And that lack of openness, Heywood argues, is making us sicker: With data scarce, there's no clear way for physicians to know what treatments are working for other practitioners.

Today's guest speaker, Joel Selzer, the founder of Ozmosis.com, will discuss this idea and others as he discusses how to best balance the need for patient privacy with the need for improved health care through information sharing.

Augmenting Aerial Earth Maps with Dynamic Information

Researchers at Georgia Tech are developing a system that uses CCTV to add dynamic data to Google Earth. According to researchers their goal

is to make Augmented Earth Maps that visualize the live broadcast of dynamic sceneries within a city. We propose different approaches to analyze videos of pedestrians and cars.

This research raises a number of privacy questions. Not only could this system perform a surveillance function but it could also be used to make surveillance data increasingly accessible. Moreover, this system would create increased privacy problems if it were integrated with identification technologies like biometrics or RFID.