Tuesday, January 24, 2006

Project semaphore to get force of law

Project Semaphore, The UK's equivalent of the US 'Secure Flight' passenger profiling system, is to get enshrined in UK law. Semaphore, strangely enough, has received nothing like the level of negative publicity targeted at Secure Flight. It's actually had very little publicity at all but has been running as a limited pilot project for over a year now. Alan Travis at the Guardian says:

"The police and security services are to be given access to advanced travel details on more than 40 million passengers a year who travel on domestic flights and ferries within Britain under legislation to be announced tomorrow.

The new power in the police and justice bill will give the authorities the ability to screen and track the movements of suspected terrorists and serious criminals within Britain for the first time...

The new system will enable them to check names against watchlists for terror suspects and wanted criminals and to develop a "profiling system" of those worthy of further scrutiny. It is hoped that the system will help the security services develop a picture of terror and crime suspects' travel patterns and networks...

The monitoring of domestic travellers builds on the experience of a three-year pilot scheme under which the details of 10 million passengers on selected international flights have been monitored since last January.

Known as Project Semaphore this pilot scheme receives data on passengers leaving Britain only after their flights have left, yet the Home Office claims that eight terror suspects have been detained in the UK or overseas as a result. One person has also been arrested for indecency and a child porn suspect identified. The police say that access to advance information would have enabled them to stop the terror suspects boarding their flights."

Here we go again with the false assumption that mass surveillance will somehow automatically, with the aid of magical computing technology, point out the bad guys. Moreover this magic technology will obviate the need for difficult police and intelligence work by many law enforcement and intelligence personnel engaged in gathering intelligence, developing sources, targetting and monitoring suspects, real human suspect surveillance, prevention, rapid response to criminal acts, arresting and detaining suspects, gathering evidence, advising on and supporting physical security, following money trails, community policing and all that other real life hard stuff.

Even if the technology is effective 99% of the time (and it's nowhere near that yet) there are millions of people travelling through UK airports every year and the number s of false positives will be huge. As Bruce Schneier says,

"Security systems fail in two different ways. The first is the obvious one: they fail to detect, stop, catch, or whatever, the bad guys. The second is more common, and often more important: they wrongly detect, stop, catch, or whatever, an innocent person. This story is from the New Zealand Herald:

A New Zealand resident who sent $5000 to his ill uncle in India had the money frozen for nearly a month because his name matched that of several men on a terrorist watch list.

Because there are far more innocent people than guilty ones, this second type of error is far more common than the first type. Security is always a trade-off, and when you're trading off positives and negatives, you have to look at these sorts of things.

Well 9 suspected criminals have allegedly been detained because of Semaphore, which sounds great until you look at the statistics, which suggest that at least eight of them are probably innocent, assuming, of course that Semaphore pointers were the only reason these folks were detained. It's hard to know until the details of the specific cases come out but I suspect there was some real police and intelligence work involved in these cases too.

No comments: