Clickstream

MIT Paper Proves I'm Right

In this post I argued that a terrorist group could actually subvert the TSA's passenger screening program, making our current airport security not only miserable, but also less safe than before the TSA was brought into existence. Some nice folks at MIT proved mathematically that I was right in this paper on defeating airport security, which analyzes a nearly identical approach. Too bad we've already spent untold billions on making our passenger screening less secure.

Posted by Mark Tuesday, August 26, 2003 1:58:00 PM | permalink | (0) comments

DHS Has a Timeshare to Sell You

To add insult to the whole CAPPS II mess is the following:

Homeland Security gave Galileo a huge financial incentive to collaborate. By creating dossiers on every member of the flying public, Galileo can sell, trade or use the information contained within for marketing purposes. Galileo's parent is Cendant, a company that sells everything from travel to insurance. The information in your travel dossier would help them turn you into a first-rate marketing victim.

In other words, in order to get an airline reservation system to work with them, DHS is going to let Cendant take what is supposedly national security data and use it for marketing. Imagine: Cendant could flag likely timeshare purchasers, detain them at the airport, and hard-sell them timeshares at their destinations. The opportunities are limitless! If you're Cendant, that is.

Posted by Mark 1:35:00 PM | permalink | (0) comments

CAPPS Is Back and Bigger Than Ever

The Department of Homeland Security has started testing CAPPS II again. A new and improved data warehouse for citizen surveillance:

To the Department of Homeland Security, you are no longer an American, you are a potential terrorist. Soon, anyone who books a flight through the Galileo Computerized Reservation System will have a nice fat file opened-up on them. In another test of a new Orwellian airline security program by the Department of Homeland Security's Transportation Security Administration, Galileo will be facilitating background checks on anyone using their system.

The basic idea behind CAPPS and the new and improved CAPPS is to evaluate each traveler based on data collected from public and private databases and decided whether to let people fly. The problem with this system, as with all the others I've blogged is the quality of the data and the serious consequences of the bad data.
The Galileo airline reservation system is the only participant at this point. The easiest way to avoid this latest in a series of bad ideas from the DHS is to boycott Delta airlines. There was a boycott during the original CAPPS, mostly by business travelers who don't need the extra hassle of being treated as potential terrorists.

Posted by Mark Monday, August 25, 2003 12:25:00 PM | permalink | (0) comments

Quiet News Week

It's been a quiet news week for the DW/DSS/BI market. More happening in the general IT market, other than a few minor developments in the SCO vs. the rest of the world battle. With all the companies and governments weighing in against them and the execs already having cashed out a pile of stock (see earlier post) it's likely that this will eventually drift away and die its deserved death. Software company acquisitions are generally dull ends to companies being pressured out of the market. In Oregon the news is s the ongoing fight of Open Source advocates vs. lobbyists over the state sending money and jobs out of state. The biggest IT news was yet another security flaw in the most secure Windows yet.

The developing stories about the federal uses and abuses of citizen data are more interesting. Federal agencies (FBI, CIA, NSA, TSA, DHS) have all been purchasing personal and consumer data from data syndicators at an alarming rate. Some of the abuses, and more important, the potential for abuse, are entering the public awareness. I've seen some stories popping up, and I know of a few more in the works over the next month.

The potential for abuse is the biggest worry, closely followed by the fear of consequences over bad data. The agencies are buying commercial data designed for uses like credit reporting, skip tracing and marketing. These databases have error rates ranging from 1% to 10%. Take three databases with an average rate of 3%, add in errors created because the data was never designed for easy integration with other data sources, and you have a large, expensive, worthless database that can result in wrongful jailing with no access to attorneys, rather than a slight increase in junk mail or a problem getting a loan.

The worry over the consequences, the lack of controls and the lack of visibility into the use of these systems has already reached several members of congress who have introduced or are introducing legislation to halt or control law enforcement use of the databases. The huge increase in security spending for a data-based silver bullet will be a big story this year. If this administration has its way, the story will stay buried and eventually get swept under the rug.

Posted by Mark Monday, August 18, 2003 10:05:00 PM | permalink | (0) comments

Example of the Danger of Vast Databases of Personal Information

Acxiom, one of the world's largest consumer database companies, was hacked according to this report. What is most interesting is that it was done by someone from inside, and not an external hacker:

Acxiom says a former employee of one of its client companies downloaded financial and personal information while he was still working for the client company.

This is exactly the sort of thing that the government keeps saying about the databases it wants to create based on data from multiple companies like Acxiom.
The reporter in this article found one of those helpful security people who downplay the risk of you losing your personal information:

How concerned should you be as a credit card or loan customer? The company and local computer experts say the risk to individuals is actually small.
"I'm not worried, because the chances and the ability of someone to steal a password and the percentage of passwords being stolen and the ability to get to this data is much less than,... someone stealing your mail," said Robert Nichols, Computerperson.com.

I'm glad Mr. Nichols thinks the chances and ability to get the data are so low. Too bad he ignores the fact that the data was already stolen. What is also not mentioned is that, last time I heard, Acxiom had data on over 150 million US consumers, or more than half the US population. 10% of that total is a lot of data.

Fortunately, company has managed to close the barn door:

Acxiom says it's contacted all affected client companies and it's changing all the passwords on the one server computer that was hacked.

This will make that estimated 10% of their consumer financial data much safer. I fell better already.

Posted by Mark Friday, August 08, 2003 11:33:00 PM | permalink | (0) comments

The Daily Show Reports on Dave Nelson

My favorite news show did a segment on the Dave Nelson terror cell and how effective the TSA is at preventing them from flying around. Lisa Rein made the segment available online for your viewing pleasure.

The Daily Show can always be counted on to air the news the networks ignore, and make it entertaining.

Posted by Mark Monday, August 04, 2003 7:43:00 PM | permalink | (0) comments

Is SCO Using the Linux Lawsuit to Pump Stock for Executive Gain?

SCO is a company that's been troubled for years now. With their first announcement about suing IBM, their stock went up, driven by speculators taking the risk that SCO may win or get bought out as a result.

With each subsequent outrageous announcement their stock bumps up further. Impressive stock performance for a company with little future that has been heading downhill for years, and impressive when you consider that even if they were to win one of these cases, the money won't flow in for years.

SCO recently announced the purchase of Vultus which is interesting because they haven't got much cash. Instead they used their pumped up stock as currency. Even more interesting is some of the details: SCO and Vultus are in the same building. The Canopy Group is the largest holder of SCO stock. The Canopy Group controls Vultus. The "purchase" really did nothing more than take money out of SCO stock and transfer it to the owners of Vultus.

And then there's the fact that SCO execs have been dumping stock since June, and then the tidbit in this report that these same execs received large options just prior to the IBM announcement [confirmed in the SEC filings].

These actions are reminiscent of the 2000 stock bubble, and certainly look like the criminal fleecing of investors that went on during that period. Doubtful that the SEC will be investigating. They're still busy protecting Ken Lay.

Addendum: a good collection of SEC filing links at Groklaw.

Posted by Mark Friday, August 01, 2003 12:01:00 AM | permalink | (0) comments