Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Wednesday, 5 May 2010

Times Square bombings

There's a discussion article in the New york Times about the failed bombing attempt in Time Square the other day. It rapidly turns into an assessment of the value of video surveillance in counter-terrorism.

Richard Clarke is surprisingly stoic, suggesting that we shouldn't panic, or assume that this means counter-terrorist efforts are failing. Steve Simon falls into the 'even if CCTV doesn't prevent this, we should still have more of it' trap and then goes on to use the UK as a positive example of how the United States should deploy CCTV. His argument is based upon post-event investigation. The 7/7 bombing investigation, although it is frequently visualised with the images of bombers getting on a train to London, was much more reliant on other, less visual investigative techniques. Evidence from the UK also suggests that the evidence value of CCTV is pretty small. Other research suggests that if many CCTV cameras were people, they'd be legally blind. Michale Black and Paul Eckman get this somewhat, although the former is pre-occupied with calibrating cameras so that they can spot people who are already on some list or database of potential suspects. Noah Shactman highlights the ease with which camera surveillance can be avoided (by a potential terrorist - it's still pointing at the vast majority of innocent people moving through the city, who perhaps shouldn't have to hide their faces).

The effect of video surveillance is often taken as almost axiomatic by security policy-makers. Kevin Haggerty recently called this the 'post-justificatory moment' in surveillance - where there doesn't have to be an explanation or justification for how and why a surveillance technology will effect a social problem - it is obvious that it will. In this case, obvious that video surveillance with help to counter-terrorism. There is something about the spectacle of the visual that makes video surveillance particualrly strong in this 'moment' (although the database is almost equally powerfully accepted - as Oscar H. Gandy's most recent book shows). Schneier points out that video footage of the bombing attempt "make for exciting television, but their value to law enforcement officers is limited."

Schneier highlights the importance of focusing efforts on investigation and effective post-event response, rather than on trying to identify specific targets - this was a problem that emerges in attempts to build in resilience. Firstly, a strong case had to be made that a specific site was a target for terrorists, and that this risk was high enough to merit the extra costs of building in counter-terrorism resilience. This case could rarely be made, firstly because of the low incidence of terrorism (it rarely happens, the chances of it happening to particular given place are extremely low, outside of some very high profile exceptions) and secondly because of speed with with 'targets' can change. The worrying response here would be to attempt to secure all locations (which at times seemed to be on the agenda).

Update - this bombing attempting has already been called 'The NY FAILbomb' in part because it was rubbish; a 'Rube Goldberg contraption' made of propane tanks and fireworks, made by somebody with 'more desire than ability'.

Wednesday, 9 July 2008

Identity and passport services failing to be a money spinner

"Government plans to position the Identity & Passport Service as the UK's de facto identity services broker seem not to have entirely caught the imagination of the private sector, figures in IPS' annual report and accounts suggest. Although IPS recruited 44 new customers for its Passport Validation Service (PVS), income from this for the year ending March 2008 was only £357,000."

the register article

Interesting article. The problem appears to be that the government's attempts to position itself as the source of verification of individual identity are not being looked favourably upon by the private sector.

The move seems counter to recent government's desire to privatise everything and outsource services (including such 'legitimate monopoly on the use of force' activities as policing and defence). Until it becomes apparent that the government intends it's identity checking services to be dependent upon data acquired from the commercial sector. As part of it's plans for the identity card scheme the government intends to compare application data to data held by the credit reference agencies, to check that you're a real person.

Obviously this means that a 'real person' has a relationship (or several) with financial services, and has developed a credit rating of some sort. Most of us do, but in isolated cases this could cause problems. This is one of the kickers about the identity card scheme and the register behind it - it's designed to work for people with 'normal' lives - and that's normal in a fairly statistical rather than normative sense. The people it will impact are those who fall outside this profile.

So. The government positions itself as the provider of secured identities, in the face of multiple threats and forces that make identity unstable and problematic. Yet at the same time, the real picture is so much more complex than this, as 'identity' would be made up from a series of institutional relationships, each with their own logics and metrics, and reasons for being put together.

This is the problem with re-using databases, and a good justification for data protection principles against re-use of data for reasons other than it was originally collected for. The questions asked when creating a database become hidden, and the provisional data, with all it's potential for inaccuracies, flaws, double records, missing elements, etc, becomes understood as 'fact'. Then used for other purposes, importing all those errors whilst at the same time hiding them, and discursively describing the system as more accurate, safe and secure.