Wednesday, May 24, 2006

Weird thing about phone/Internet tapping

There has been a thought that has been puzzling me for days with regards to the NSA/phone company wire tapping database. Proponents of the program often state that they look at the patterns of phone calls made by the 9/11 attackers and then search for similar patterns to attempt to thwart another attack. On the surface, this sounds like it might be an appropriate strategy.

However, if I were a terrorist organization, why would I use that same tactic twice? I mean, one could argue that if it was successful the first time, then one should try it again. That works well for groups that don't mind exposure, but for organizations that are trying to remain off of the radar screen such a tactic is suicide.

Consider how some hackers are caught. Some of them are emboldened enough that they use the same technique time and again, eventually leaving traces that could be detected and tracked. Others use the techniques exposed by hackers before them and get caught in the same type of net. Would the Unibomber have been as "successful" had he not used random timing and random mailing outlets? Heck, he'd still be at large if he hadn't have presented the code to his own unmasking and been turned in by his brother.

I think it's safe to assume that Al Qaeda is an intelligent enough organization not to rely on a single method of organizing. Proof of this was recently discovered by Pakistani authorities when they found that operatives in the British subway attacks used free email services to communicate. A terrorist would compose a message and then save it as a draft. His connection would then use the same username and password to log on and retrieve the draft message and, perhaps, reply in his own draft. No email was ever exchanged. Nothing passed through the servers that the NSA is monitoring. It's likely that Al Qaeda has changed tactics once again.

So, the NSA system is reactionary. Is it helpful? Is it too much money? What are the built-in privacy assurances and who guarantees those assurances ("who" meaning which publicly elected body, since I do not trust government to do it)? Would our resources be better directed at such things as human infiltration, port security, emergency preparedness (also reactionary, but with a clear and uncontested benefit), etc?


Scott said...

I was listening to an interesting show yesterday on NPR, talking about this very thing. Their point was how do you filter out the tens of thousands of legitimate business communications to get the one terrorist? Projects of any sort tend to generate more communications as they near completion, whether it is a Microsoft Consulting Service project, produce shipment, construction project for some some middle eastern business, or a terrorist project? The point of the security expert, was there is no substantive difference in the communications, particularly anonymous comms. And your point that they constantly change methodology (which we taught them when they were Afghan Freedom Fighters terrorizing Soviet troops) shows it to be an even more useless program.

I'm thinking the whole thing is a red herring, or they are intentionally building up false hopes, so sometime in the future they can say "We need to compromise more of your privacy to protect you. " The more they try legitimize their actions, the more I suspect our government of being up to no good.

B.D. said...

Well, put, and I think you really point out the danger (or perhaps the plan) of what they are doing. The more pro-government citizens distrust their elected officials the more harm it causes to government in general. As it snowballs, it begins to affect even the most well meaning of government actions. Ultimately, it makes government as an institution illegitimate.

People begin to think of their government as not capable of representing themselves. Now, this can have consequences, either positive or negative, but all are painful. For instance, it could result in a revolution (peaceful, most likely) and a disruption to both parties and the current political system. To my mind, that would be the positive reaction. What takes it's place, however, could be something not so good.

To my mind, the more likely possibility is a disenfranchising of the citizenry. The current attitude of the country is pretty cynical. It could turn to a deeper form of apathy and the conclusion that the concept of a large government is a failure. In some ways, this would be a victory for segments of conservative ideology which wants to disable and dismantle government anyhow (like Bush over spending in order to cripple future government programs or Bush crippling FEMA, then Republicans using it as an example of how government cannot work).

I have faith in government working. I'm sure that I don't have faith in the current batch of Republicans being able or have the desire to make it work. I'm skeptical that the current crop of Democrats can get it working properly again, but I'm willing to give them a try.

Albatross said...

All the terrorists have to do in order to successfully attack America again is enter on a valid visa, get a job in the construction industry, wire themselves with explosives from the construction site, and blow themselves up at the local mall.

9/11 was an anomaly, and part of why it was such an immense event was that four teams were sent to hijack four planes in the hopes that at least one would be successful. The fact that 3 and 1/2 were successful indicates that even the terrorists thought our airport security was much better than it actually turned out to be.

The KISS principle suggests that the next terrorist attacks will be very simple and straightforward: public suicide bombings, random sniper attacks across the nation, etc.

The NSA's wiretaps and call tracing are very unlikely to detect the minimal planning necessary for such events. On the other hand, wiretaps and call tracing are very, very effective methods of intimidating one's political opponents.