There’s an interesting story in Newsweek about the massive British CCTV surveillance system. Newsweek reports on how “a new class of guerrilla artists and hackers are commandeering the boring, grainy images of vacant parking lots and empty corridors for their own purposes.” Some of the artists simply ask for the CCTV footage under a provision in the country’s Data Protection Act.

Others, however, are using illegal means to gather these images. The sad fact is that it’s quite easy to break into surveillance systems’ video feeds.

For about $80 at any electronics supply store and some technical know-how, it is possible to tap into London’s CCTV hotspots with a simple wireless receiver (sold with any home-security camera) and a battery to power it. Dubbed “video sniffing,” [...] [t]hese excursions pick up obscure, random shots from the upper corners of restaurants and hotel lobbies, or of a young couple shopping in a housewares department nearby. Eerily, baby cribs are the most common images. Wireless child monitors work on the same frequency as other surveillance systems, and are almost never encrypted or secured.

News organizations are publicizing a recent Department of Homeland Security Inspector General report on the Federal Emergency Management Agency (FEMA). The recently released (and highly redacted) report (pdf) found (1) 13 new weaknesses in the agency’s information technology systems, (2) that FEMA failed to correct 31 security issues discovered in the IG’s Fiscal 2007 review, and (3), FEMA successfully dealt with 10 weaknesses the IG found last year. 

The Inspector General said that the 44 weaknesses in FEMA’s information technology system  “collectively limit FEMA’s ability to ensure that critical financial and operational data is maintained in a manner to ensure confidentiality, integrity and availability.” The Inspector General’s auditors found problems in “key financial systems and effective access controls, service continuity, change controls, system software,” and agency-wide security program planning and management.

There is “weak password management,” according to the report. For example, almost 800 former agency and contractor employees have active accounts and access privileges. Read the complete redacted report (pdf).

The terrorist watch lists have been in the news a lot recently. A few of the stories: the ACLU notes that the lists likely have topped one million names (TSA’s response); a pilot is suing TSA because he’s on the list, which could cost him his job; one individual forgot his license at home and was asked his political affiliation by TSA officials attempting to verify his identity (TSA’s response); and a USA Today story revealing that TSA was keeping lists of individuals who flew without identification (TSA’s response).

Now, security guru Bruce Schneier has written a great op-ed in the Los Angeles Times on the uselessness of terrorist watch lists and the Transportation Security Administration’s new identification requirement.

The TSA is tightening its photo ID rules at airport security. Previously, people with expired IDs or who claimed to have lost their IDs were subjected to secondary screening. Then the Transportation Security Administration realized that meant someone on the government’s no-fly list — the list that is supposed to keep our planes safe from terrorists — could just fly with no ID.  

Now, people without ID must also answer personal questions from their credit history to ascertain their identity. The TSA will keep records of who those ID-less people are, too, in case they’re trying to probe the system.

This may seem like an improvement, except that the photo ID requirement is a joke. Anyone on the no-fly list can easily fly whenever he wants. Even worse, the whole concept of matching passenger names against a list of bad guys has negligible security value. Read more »

The Associated Press has an interesting story on the increasing use of global positioning systems (GPS) in criminal cases.

Using technology to track a person’s location is nothing new, but the popularity of the Global Positioning System — in cars, cellphones and other handheld devices — gives the authorities a powerful tool to track suspects. [...]

Critics, however, say the police should be allowed to acquire global positioning data only by getting a warrant. Renée Hutchins, a University of Maryland law professor, wrote an article recently suggesting Global Positioning System data was protected under the Fourth Amendment.

“I think that in the last couple of years,” Ms. Hutchins said, “people are starting to be aware that if they have these units in their car, people can keep track of you. I think it’s a growing public awareness. The problem is that most people feel like, ‘I’m not doing anything wrong, so who cares?’ But I think that’s the wrong way of looking at it.”

See my previous posts on GPS systems here and here.

Found via Schneier on Security. 

According to the Guardian, the UK’s counterintelligence agency MI5’s Behavioural Science Unit wrote a report, “Understanding radicalisation and extremism in the UK.” The report concludes what security experts have long known: There is no terrorist profile. 

MI5 has concluded that there is no easy way to identify those who become involved in terrorism in Britain, according to a classified internal research document on radicalisation seen by the Guardian.

The sophisticated analysis, based on hundreds of case studies by the security service, says there is no single pathway to violent extremism. 

Consider the many differences among Timothy McVeigh, the Unabomber, and the perpetrators of the July 2005 bombings in London. It is clear that there is no such thing as the “typical terrorist,” and it is important for both security forces and the public to understand this. This will help to combat prejudices or stereotypes that can cloud intelligent and thorough investigations. More from the Guardian:

The main findings include:

• The majority are British nationals and the remainder, with a few exceptions, are here legally. Around half were born in the UK, with others migrating here later in life. Some of these fled traumatic experiences and oppressive regimes and claimed UK asylum, but more came to Britain to study or for family or economic reasons and became radicalised many years after arriving. Read more »

The Arizona Republic has an interesting story that highlights the continuing trend of biometrics identification seeping into everyday life.

Beginning this fall, individuals taking the rigorous Graduate Management Admission Test, or GMAT, will have to submit themselves to a palm-vein scan to ensure they are who they say they are and not a hired brain paid to bring in a higher score. [...]

Currently, when individuals register for the test, they are digitally fingerprinted, photographed and have their signature recorded. They also are videotaped while taking the exam. [...]

The technology is being used in some hospitals in the United States and on automated teller machines in Japan.

Trials of the palm-vein scan for the GMAT will begin this month at some testing sites in South Korea and India. If all goes well, the scanners will be distributed starting in the fall to be in every testing center by March 2009, including the two Pearson Professional Center locations in Mesa and Phoenix.