Here seem to be the big complaints against data-mining:
1. Mass databasing of personal information – as exemplified by the failed ‘Total Information Awareness’ Act, it would require those in the US to register all viable information about themselves. Ok, that would be somewhat creepy, so the mass database of information can be avoided. There will probably be a way to cross search government and private databases in a few years anyway.
2. Lack of Theory – Privacy advocates argue that law enforcement and other governmental analysts that employ data-mining techniques to sift through mass amounts of information do not base their searches, which often use algorithims, in theory. This is a problem. Because what is driving the searches expect perhaps investigator bias or stereotypes? And how can we ensure these searches are valid?
3. False Positive High Return – This issue is actually perpetuated by problem #2. When searches are done and they return results which are ‘false positive,’ meaning that someone was flagged as ‘terrorist’ when really they are not, can have a lot of problems. Because there is no theory behind searches, false positive rates are extremely high when the current data-mining techniques are employed.

Thus, how to fix this problem? 1. Forget about the database. 2. Build Theory 3. Test theories to reduce false positives – refine theory.

What is cyber-crime? Law enforcement experts and legal commentators are divided. Some experts believe that computer crime is nothing more than ordinary crime committed by high-tech computers and that current criminal laws on the books should be applied to the various laws broken, such as trespass, larceny, and conspiracy. Others view cyber-crime as a new category of crime requiring a comprehensive new legal framework to address the unique nature of the emerging technologies and the unique set of challenges that traditional crimes do not deal with: such as jurisdiction, international cooperation, intent, and the difficulty of identifying the perpetrator.

I am half and half on this issue and understand why there must be debate. Like the Pew Institute’s Internet & American Life Project has shown through various forms of extensive research the Internet seems to just be another area where all human behavior is mimicked from the real world. Online activities and behaviors – both the positive and the negative – mimic real world activities and behaviors. Thus, fraud is equivalent to cyber fraud, viruses are equivalent to burglary, and sniffers are equivalent to theft. In this sense, criminal law as it stands should be sufficient to deal with these issues. However, is a denial of service attack aimed at threatening public health and safety, such as in the case of U.S. v. Unnamed Juvenile, where a teenager ‘disabled a key telephone company’s computer servicing the Worcester airport…vital services to the FAA control tower were disabled for six hours’ which caused financial damage as well as threatened the lives of airplane passengers and personnel equivalent to attempted murder? If it is, the courts do not punish it the same way. Likewise, in cases of straight up fraud or theft using pre-established law may be the best way to prosecute such offenses. It would certainly expedite the debate on such things while allowing for attention to be focused on the more complicated and pressing issues such as the above noted case.

Additionally, I think the advent of the Internet has brought upon new issues. As previously discussed in an early post – What if our culture is changing – this means cyber-threat permeates many more levels not only in cyberspace but also offline and these issues may need to be brought into consideration and should certainly be thought about. Defining cyber-threat/cyber-crime and the potential implications of the Internet’s proliferation will need to be thoroughly, yet concisely discussed as background material.

In a relatively brief article in Science, DJ Watts et al. simply proclaim, “our model suggest that searchability is a generic property of real-world social networks.” Their additional conclusions lead one to believe that relationships can be determined by searching only a few known dimensions. So what? This means if terrorism experts or cyber crime investigators can determine what those similar dimensions are and can determine that they are specific unto the suspect groups/individuals then it should allow for more fruitful data-mining searches by highlighting certain nodes and chains and also decreasing the production of false positives.

While not the focus of my research, another interesting topic to explore would be looking at social networks in comparison to, or in conjunction with the development of organic groups whose organization has been encouraged by the Internet (as read in Johnson’s Two Ways to Emerge; and how to tell the difference between them ). Further, and perhaps time will permit for my examination, of the use of social networking and how leader/individual/group decision making is determined or what other influences can be seen when looking at the many variables involved with development of social networks. Again, hard sciences often have the upper hand in development but there is much importance in incorporating the soft sciences into these new innovations.

LIWC is another example of how behavioral/psychological theory can be utilized in information technologies. While such applications are sparse, their use by FBI investigators speak to their importance. Additionally, if more applications are to be developed or older ones to be improved, the possibilities of social sciences becoming more exact while providing more accurate threat assessment/risk analysis seem very likely.

The problem of finding insider threats has only magnified with the advent of networked information systems. In Protecting Against Insider Threat, it was stated that “in cases where respondents could identify the perpetrator of an electronic crime, 32% were committed by insiders.” While it is no easy task to determine who a potential insider is, a if a third of the attacks could have been deterred or prevented then it is something worth researching and looking into.

Developed by a team of behavioral, technical and legal specialists, WarmTouch is “computer software designed to detect changes in the emotional state and attitudes of individuals from their online communications, indicative of the emotions and attitudes associated with disgruntlement and risk of dangerous behaviors.” While it is still in the testing phase, this program has one key component that should be highlighted. It uses algorithms to search through a lot of data – not unlike data mining algorithms. However these algorithms are based in theory, thus, giving it more validity and reducing the false positives so typical in data-mining. Proponents of data-mining should look to such an application as an example for what is needed to produce legitimate data-mining algorithms which could lead to greater acceptance of its use.

Software applications which focus on the human element, programs based on theory, or those that fill a very real need and are properly secured. One brilliant innovation is that of the Intellipedia. The importance of information sharing was stressed in the 9/11 commission’s recommendations. After doing light personal research, the problem did seem to be more systemic. Intellipedia assists in this process of sharing information which before seemed to have never occur.

Software applications or data-mining based on theory and contrived from a range of experts should also be more readily utilized in the security field and more should be developed. There are some programs which are already being utilized such as WarmTouch, LIWC, and SSA. Each of these will be discussed in turn and more in-depth to better understand their development, current capabilities and any utilization implications. Additionally, such programs reinforce a need for developing technologies/algorithms/etc based on theories not on chance discovery.

Wallich also discusses speech programs in the article. It is understandable that the government would want to create programs which do real time and accurate translation of languages. The language instruction in the US compared to other nations is lacking and recruitment of native speakers of desirable languages is difficult. And, it would greatly assist analysts if they could determine a command from a joke without listening to an entire conversation.

The intrusiveness of the face and now gait recognition makes the hairs on my neck stand up. The HumanID program’s goal is to recognize faces at a distance using ‘face-matching recognition.’ Our fears are only mildly relieved by knowing “[no program] has demonstrated the kind of selectivity required for large public venues – air-ports, say.” Likewise, gait recognition “recognizes the hitches and rhythms characteristic of a person’s walk.” How do we determine a known criminal or terrorists walk? And how do you explain away a false positive?

With all the hubbub against data-mining or using technology to search accessible information, there seems to be little attention on these intrusive innovations. It is important to use technology to the extent that it assists analysts in removing the white noise; however there is a fine line between accessing available information and subjecting entire populations to recognition programs. I can only hope that our civil liberties will fight these mass uses to ensure that our society is not forced to operate like some sci-fi movie, such as Minority Report, scanning our retinas/faces/walks/runs/etc to determine who we are; and if we are ‘good’ or ‘bad’.

Concurrently, learned covert behavior is being passively taught to younger generations and is reinforced by instant messaging applications. Instant messaging services are used by all ages; and in a naturally innocent effort to avoid parental monitoring, children have created ‘secret’ messages to notify their counterpart that they are being observed. For example, ‘Parent Over Shoulder’ (POS) does not look much different from ‘Laughing Outloud’ (LOL) to someone who does not understand the code. The ability to communicate and act stealthy when being observed is being learned very young. In applications or even in on-line chat rooms, there is now an option to ‘go off the record’ as means to avoid having conversations inscribed, or to speak away from others. While Americans tend to be more naïve and unassuming, this new learning curve may later reveal trends that society is increasing its covert capabilities.

These developments require further investigation into whether human behaviors differ between the real world and virtual world. An example is a person who would never shoplift, because it is bad, but downloads free music without any thought. And has our society changed so much that these offenses are considered comparable to the general population? Likewise, are their other scenarios in which it seems acceptable to do something in the virtual world that is considered illegal in the real world? While these are issues which require more study, CI may begin to focus less on physical threats introduced by technology and start to examine these concealed treats. If these behaviors and trends continue, they should be viewed as a potential insider threat for which current internal safeguards should be adapted to accommodate, but still maintain oversight of, this evolving culture.

What is counterintelligence (CI)? A compilation of definitions assists with understanding that CI is:

a division within an intelligence service charged with protecting sensitive information from an enemy, who is a hostile intelligence service or individual(s) engaged in espionage, sabotage, subversion or terrorism, by identifying threats to security, creating and disseminating deceptive information, preventing subversion and sabotage, and thwarting attempts to access and collect while still attempting to gather information from that enemy.

The second theme is that of pattern producing models. I wholly agree with the authors that ‘modeling tools play a crucial role in countering terrorism’. Ideally, statisticians, terrorist experts, and dynamics modeling experts should work closely to begin working on pattern searches that are based in theories. It would be interesting if critical pathways for terrorist schemes – at least on a simplistic level – could be found and utilized to help drill down through the information. There is certainly a lot of information out there, and more precise patterns would assist in purging some of the irrelevant information.

While the definition of data mining is fairly subjective, the general consensus is that the use of data analysis tools, such as statistical analysis and modeling, to find patterns and relationships in large data sets. Most definitions also include a phrase which states that data mining includes doing analysis and prediction. This last portion is where I often disagree – leave the analysis and predictions to the human analysts and let the machine be the number crunch. But to not digress, data mining is often also broken into two forms, one that searches for subjects and another that searches for patterns. The subject-based analysis starts with known information about a known threat and traces relationships between the known and others. Pattern-based analysis, though, statistical probabilities are utilized to find new data based solely on predictions which are not based in theory. There are many arguments against the latter form of data mining, and they are all very sound. Still, there seems to be more focus on the negative aspects of the bad technique than positive encouragement for subject-based analysis which would seem to be hugely beneficial to analysts and law enforcement agencies. Focus on what can be used and support information technologies and encourage their use in an effort to produce better analysis and locate more known threats or their accomplices.

Since the discovery of a secret presidential authorization to eaves-drop on American citizens as one effort in the War on Terror, the American public has reacted vehemently to government interference with personal liberties such as freedom of speech and search and seizure. The security perspective admits that the lack of defining capabilities and desired outcomes has been to the detriment of several initiatives which would have greatly assisted intelligence and counterterrorism analysts in their daily jobs. Still, the focus tends to be on invasion of privacy and the government going into places they are not allowed because standard law has been extrapolated to cyberlaw. Noting the quotation above, can we not think of ways around this?

It is frustrating to see initiatives, acts, bills, actions all deaded because of the ACLU, or public outcry. This is sleazy and probably more back-handed than allowed, but can’t these freedoms be gone around as they have in the past? For instance, there is much controversy surrounding the reading of emails – and there is a whole, long process that must be enacted in order to access and read emails of a suspected terrorist, or other potential convict. Still, like in the real world, all mail providers have a ‘Trash Bin’. Places to put discarded pieces of information so that it doesn’t clutter your life. Why is it not possible to just read trash bins? If it is perfectly legal to seize someone’s trash once it has been put to the curb, then why cannot this be the case in cyber-space? Any good investigator or analyst would be able to put pieces together just the same in the real world as the virtual realm. Instead of the security wonks fighting head on with public at large and the ACLU, they should start thinking out of the box to find creative solutions which are already legal and translate them to the virtual world. It’s a compromise – analysts get access to data legally without infringing on privacy on personal issues.

More serious, and perhaps more likely, than limited cyber war is what can be termed unrestricted cyber war, [it] has three major characteristics. First,…[there are] no distinctions between the military and civilian targets…Second,…[there are] physical consequences and casualties…Third, the economic and social impact – in addition to the loss of life – could be profound.

While this description seems to feed the public desire for worst case scenarios, it is still conceivable that the reality is not that bad. Being innocent and having faith in higher beings and our great nation, we, Americans, know that our government is there protecting us and that everything is planned and any such grand attacks are well prepared for. Sadly, this is not the case. PBS’s Frontline did an expose revealing that we can only hope our infrastructure capabilities and utility companies are as well secured as they are in a dumb, ridiculous movie. Due to a couple of serious and successful attacks in the aftermath of 9/11, there seems to be some progress being made in regards to preparing for potential cyber attacks. Still, cyber security advancement in preventing or thwarting attacks of large scale seems to be lacking; and further frustrating the issue is the continuing conflict between the public administrators and the private corporations as no one seems willing to fund such protection.

Still, the most innovative thinkers though still dream in Technicolor showing us there hundreds of variations. Newly Nasty: Defences against cyberwarfare are still rudimentary argues cybersecurity is too concerned with defending national secrets and really needs to start focusing its efforts on deterring perpetrators who threaten daily internet activity. Using the recent case study of Estonia, the article made a very compelling point. How to not only prepare for such a disturbance and attack, but how to deter it in advance, or how to prosecute the violators raises many unanswered questions. This complex perspective is something that requires further exploration as some key conventions were noted which may have the beginnings of sound policy that need to be reawakened in the light of such recent events such as Estonia and the US Pentagon; and in the frame of mind that the internet is another world in which to wage wars.

Technology fascinates me. Frankly, I know quite little about the subject – technically speaking. Being surrounded by it in both personal and professional life makes it ever more alluring to learn more about hardware, software, the Internet and its workings, and any numerous topics within the general realm of Information Technologies. I am slowly learning more about the networked environment in which I operate daily; and about all the miniscule tidbits of information which seem to be common knowledge among all my peers. Still, technology must be guided by users; and everyone, for all practical purposes, must employ technology for everyday tasks. This dynamic of continual interaction and its implications for individuals and society is really what motivates me to learn more.

My background is in the social sciences. The hard numbers of engineering, or physics, or anything of the like is somewhat baffling to me. Thus, trying to fully understand how blogs link to one another and what it means for other blogs requires much dedicated effort. While I like to consider myself generally bright, there are some topics which take more time for me to grasp in their entirety. I much prefer to look at the user end to determine correlations between the humanistic aspects and how they relate to human interactions with technology, and particularly, individual behaviors within cyberspace. The research of social psychology and the internet began almost at the same time as I was born. This is striking for someone who remembers the first proliferation of instant messaging and email access to suburban America; especially when thinking of how ‘connected’ the US and much of the world is these days and the numbers with internet access are only projected to increase. The internet has changed how people communicate and interact with one another. It enables them to find others like themselves to reinforce uncertain feelings or thoughts; and occasionally encourages behavior which is disapproved of in real life. While this of course raises the questions of regulation and prompts general rhetoric, there are so many individual aspects which could potentially affect not only the virtual realm and how users interact in it, but also how users begin to interact with the real world.

Additionally, my studies have often revolved around international and historical security issues. A field that has become more paramount in the advent of 9/11. Much of the appeal in this area lies in the cat and mouse game which exists in this field; and how to always gain the upper hand. So, knowing more about the enemy is key to having an advantage. There some compelling, yet unstudied, proclamations that the Internet being so prominent in daily lives is having cultural affects, such as those noted above with increased propinquity with like-minded individuals, but also include notions of increased aggression and deception. This is something which literature has not as frequently touched upon – on how to guard against what we really do not know or understand. While it is easier to ban or limit those things which are already considered illegal and difficult to even attempt on the Internet, likewise it is tantalizing to think that culturally behavior may be adapting to this new cyberspace and then prepare of any of its implications.

Combining the above inclinations has hugely increased my curiosity in how antisocial behavior differs online versus off-line, if it does in fact differ; and what implications this could have in detecting or identifying cyber-threats, or even for the general population and how we interact both on-line and offline. I am struggling to find a way to tie this interest, or rough ideas, into how it will affect policy, law and politics; but yet, I feel that everything we have read is very much involved with the topic. I will continue to explore, and hopefully soon find the common link on which to focus my thoughts.