What Big Data does, and doesn’t, know about me

The world of Big Data is a world of pervasive data collection and aggressive analytics. Some see the future and cheer it on; others rebel. Behind it all lurks a question most of us are asking—does it really matter? I had a chance to find out recently, as I got to see what Acxiom, a large-scale commercial data aggregator, had collected about me.

At least in theory large scale data collection matters quite a bit. Large data sets can be used to create social network maps and can form the seeds for link analysis of connections between individuals .  Some see this as a good thing; others as a bad one—but whatever your viewpoint, we live in a world which sees increasing power and utility in Big Data’s large scale data sets.

Of course much of the concern is about government collection. But it’s difficult to assess just how useful this sort of data collection by the government is because, of course, most governmental data collection projects are classified. The good news, however, is that we can begin to test the utility of the program in the private sector arena—a useful analog in the private sector just became publicly available and it’s both moderately amusing and instructive to use it as a lens for thinking about Big Data. Continue reading →

Weighing in on key issues related to the domestic use of drones

The expanding use of drones over U.S. airspace has become a fast-growing national security topic and privacy concern. We asked our colleague Paul Rosenzweig, who co-authored a recent Heritage Foundation paper on drones, to weigh in.  Flying drones—unmanned aerial vehicles—have … Continue reading →

From Worms to Cyberwar

Twenty five years ago, we saw the very first worm.  Today, we find worms are but the first step in a possible cyber war.  For those who want to know a little bit more about the underlying technology and how it works, this piece I did for the Hoover Institution, “From Worms to Cyberwar” is an easy reading introduction. Continue reading →

ADAMS Is Such A Friendly Name

John Adams. Adam’s Apple. In the US the Adams name is as American as apple pie.

Good thing then that a new DARPA project has the same name!

DARPA (the Defense Advanced Research Project Administration) recently announced that it would be funding a project known as ADAMS (Anomaly Detection at Multiple Scales). According the Homeland Security Newswire, “Researchers in a 2-year, $9 million project will create a suite of algorithms that can detect multiple types of insider threats by analyzing massive amounts of data — including email, text messages and file transfers — for unusual activity.”
Continue reading →

US v. Jones

The Supreme Court today heard oral argument in the case of United States v. Antoine Jones.  Jones was convicted of drug offenses based, in large part, on the evidence derived from a Global Positioning System (GPS) tracking device that law enforcement had put on his car.  The GPS tracker was live for 28 days, tracking Jones’ car 24/7.  When they put the GPS on the car, the police did not have a valid warrant.

The government says that it didn’t need one.  They argue that a person has no reasonable expectation of privacy in his travel on public roads.  After all, they argue, the police could have tailed Jones in an unmarked vehicle and they wouldn’t have needed a warrant.  Jones argues, however, that GPS tracking devices are uniquely intrusive — that they allow the government to collect a large volume of geo-location tracking data and use it to build a “mosaic” picture of a person, learning, for example, what church he goes to; what bar he drinks at; and whether or not he is a regular gym attendee. Continue reading →

Aviation Secuirity in New Zealand

There isn’t any.  Honest.

My wife and I are on holiday in New Zealand and earlier today we took a domestic flight from Wellington to Nelson.  It was a short commuter hop — 30 minutes, across the strait separating the North and South Islands.  On the whole an utterly unremarkable experience, just like any number of flights we’ve taken before.

Save for one thing — no security.  We arrived for the flights with our e-tickets in hand, scanned them at a kiosk, dropped our bags off on the conveyor and walked to the gate.  No ID check; no metal detector; no X-ray of our carry on bags.  Probably no X-ray of the checked luggage but we couldn’t tell for sure.  We scanned our boarding passes again at the gate, but no ID check.  Nothing. In short, it felt like something from before 9/11 — and possibly even before the 1980s and the advent of hijacking.
Continue reading →

The Authoritarian Cloud

Cloud Computing is the “new thing.” Everyone is rushing to it — the new Federal Cloud Computing Strategy isn’t called “Cloud First” for no reason. Indeed, the reasons to like the cloud are obvious With economies of scale it is often cheaper and more efficient at the same time — what’s not to like?

In the end, maybe more than we realize. Today’s cloud system uses “thin clients” — simple interfaces like Google’s Chrome system — with minimal independent computing power. All of the data, software, and operating systems, software, and processing resources are stored in the cloud, managed by a cloud system administrator. Continue reading →

The best and worst cybersecurity headlines

Jason Healey, a cyber-expert at the Atlantic Council, isn’t too impressed with how the press covers cyber issues.  The challenge, of course, is common to many national security stories — how to tackle a complex topic with nuance while making it readily understandable for the reader.  Headline writers sometimes don’t help in that process.  Healey’s nominee for worst headline (and I agree): Obama Reserves Right to Nuke Hackers. Continue reading →

The law of large numbers

It is shocking, apparently, to hear that the Transportation Security Administration has had more than 25,000 security breaches since 2001, or roughly 2,500 breaches every year.  Representative Jason Chaffetz (R-UT) thinks its a scandal that proves that airport security is “a mess.”  (And, now, apparently, Congressman Chaffetz and TSA are in a tussle about whether or not he was authorized to release these numbers).

But what’s really a mess is how our Representatives (and, sometimes, the press) report these sorts of numbers.  They are always portrayed as absolute values and in that abstract context they seem immense.  Who, after all, could approve of 2,500 mistakes per year?

But the abstract context is just that — abstract.  Numbers have meaning only in a concrete context.  So how about this for context:  Domestically, there are approximately 2 million enplanements (passengers boarding aircraft) every day.   That’s roughly 700 million passengers a year, or 7 billion passengers in the 10 years for which the security breach data are reported (and bear in mind that this is every security breach however minor).  That’s an error rate of less than 0.0001%.  In what human endeavor is that considered a poor performance? Continue reading →

Disaster Planning and Exercises Meet Disaster Reality

The old saying goes “prior planning prevents poor performance.” And what is true of music recitals is true (and even more so) of preparing for the response to a natural or man-made disaster.

When disaster strikes, a large number of resources need to be mobilized. The larger the disaster, the more resources are needed, and the greater the need for coordination. But given how infrequent large-scale disasters are (thankfully!) we don’t have a lot of practice with that sort of coordination.

The Federal government runs a robust training and exercise program that models disaster response by having all the players respond to a hypothetical disaster. They run both small regional programs and, annually, a National Level Exercise that models a major catastrophe. This year, NLE 2011 is an exercise that asks “what would happen if we had a major earthquake along the New Madrid fault line in the Midwest?” The three-day exercise is scheduled to begin today.
Continue reading →