Picking Away at Predictive Programs

October 21, 2016

I read “Predicting Terrorism From Big Data Challenges U.S. Intelligence.” I assume that Bloomberg knows that Thomson Reuters licenses the Palantir Technologies Metropolitan suite to provide certain information to Thomson Reuters’ customers. Nevertheless, I was surprised at some of the information presented in this “real” journalism write up.

The main point is that numerical recipes cannot predict what, when, where, why, and how bad actors will do bad things. Excluding financial fraud, which seems to be a fertile field for wrong doing, the article chases the terrorist angle.

I learned:

  • Connect  the dots is a popular phrase, but connecting the dots to create a meaningful picture of bad actors’ future actions is tough
  • Big data is a “fundamental fuel”
  • Intel, PredPol, and Global Intellectual Property Enforcement Center are working in the field of “predictive policing”
  • The buzzword “total information awareness” is once again okay to use in public

I highlighted this passage attributed too a big thinker at the Brennan Center for Justice at NYU School of Law:

Computer algorithms also fail to understand the context of data, such as whether someone commenting on social media is joking or serious,

Several observations:

  • Not a single peep about Google Deep Mind and Recorded Future, outfits which I consider the leaders in the predictive ball game
  • Not a hint that Bloomberg was itself late to the party because Thomson Reuters, not exactly an innovation speed demon, saw value in Palantir’s methods
  • Not much about what “predictive technology” does.

In short, the write up delivers a modest payload in my opinion. I predict that more work will be needed to explain the interaction of math, data, and law enforcement. I don’t think a five minute segment with talking heads on Bloomberg TV won’t do it.

Stephen E Arnold, October 21, 2016

NSA Aftermath in Germany

October 19, 2016

When it was revealed not too long ago that the United States was actively spying on Germany, the country decided it was time to investigate.  Netzpolitik wrote an update on Germany’s investigation in “Snowden’s Legacy: Hearing In The Parliament Committee.”  The German parliament launched a committee to head the investigation, which included many hearings.  At recent hearing in Germany, five USA experts spoke to the committee, including ACLU technologist Charles Soghoian, Watson Institute’s Timothy H. Edgar, ACLU attorney Ashley Gorski, Open Society Foundation senior advisor Morton H. Halperin, and US Access Now policy manager Amie Stepanovich.

The experts met with the committee as a way to ease tensions between the US and Germany, but also share their knowledge about legal issues related to surveillance and individual’s privacy rights.  The overall agreement was that current legal framework for handling these issues is outdated and needs to be revamped.  There should not be a difference between technical and legal protection when it comes to privacy.  As for surveillance and anonymity, there currently is not a legal checks and balances system to rein in intelligence organizations’ power.  The bigger problem is not governmental spying, but how the tools are used:

Nevertheless, Christopher Soghoian noted that the real scandal was not that government agencies were spying on their people, but that technology was so poorly secured that it could have been exploited. Historically, encryption and security have had a very low priority for big Internet companies like Google. Snowden turned the discussion upside-down, his disclosures radicalised the very people who design the software the NSA had privately exploited. Therefore, the most important post-Snowden changes were not made in Government hallways but in the technological community, according to Soghoian.

German surveillance technology manufacturers Gamma Group and Trovicor were also mentioned.  As the committee was investigating how the NSA violated Germany’s civil rights, of course, a reference was made to the World Wars.  What we can pull from this meeting is we need change and technology needs to beef up its security capabilities.

Whitney Grace, October 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Palantir Technologies: An Overview of What Looks Like a Muliti Front War

October 18, 2016

I read “Conservatives See Political Reprisal As Obama Administration Sues Peter Thiel’s Palantir.” Here in Harrod’s Creek “political reprisal” gets translated as blood feud. The source for the “reprisal” allegation is a real journalistic outfit, The Washington Times. The story appeared on October 16, 2016, when most of the movers and shakers in DC and other US power centers were gearing up to watch NFL football.

Let’s assume that the information in the write up is rock solid, built on verifiable “factoids”, and objective. This suspension of disbelief is helpful for me; otherwise, I would have some research to do. I prefer to let the article about political reprisal speak for itself.

The hook for the write up is the legal action taken by Palantir Technologies against the US Army. On June 30, 2016, Palantir filed legal documents to air the matter of the US Army’s reluctance to license the Palantir Gotham system instead of the Army’s DCGS or Distributed Common Ground System.

The write up points out that eight weeks after Palantir’s legal eagles dropped their payload on the US Court of Claims, the US Department of Labor pointed out that Palantir was discriminating against Asians. For Federal contractors, discrimination, if proven, is bad news. Loss of contracts and road blocks for future US government work are more than speed bumps for fast growing companies.

The article explains that Palantir perceives that it is not being given a fair shake; specifically:

The US Army “illegally prevented Palantir from bidding” when regulations required the armed service to seek already developed commercial products.

The write up draws a connection between a Palantir founder (Peter Thiel), who supports Donald Trump, and the alleged “political reprisal” by the Department of Labor.

The write up reports that Palantir’s legal eagles:

forced a number of Army intelligence czars to undergo sworn depositions by lawyers from the firm of Boies, Schiller & Flexner. While much of their testimony is under seal, some surprising snippets have emerged in follow-up legal motions asking the judge to rule based on the existing record of evidence.

The article asserts that a decision from the court may come as soon as the end of October 2016, which is pretty zippy based on my experience with US government processes.

The article then shifts to a discussion of the multi year, multi billion dollar DCGS system itself. Among the points in the write up I highlighted is this statement from the Washington Times’s write up:

Depositions also show that the Army misled lawmakers when it circulated a white paper on Palantir. The paper said the Army had conducted an extensive evaluation of Palantir when, in fact, it had not. “We did not do any formal evaluation or determination of whether or not the tools could live inside [the common ground system],” an Army official said.

I also noted this comment, which—if on the money—may make some of the big players in the DCGS contracting game nervous:

“This case has the potential to dramatically change not just DCGS as a program, for the better, but also the way the Army goes about contracting commercial solutions already in the marketplace,” said Joe Kasper, Mr. Hunter’s chief of staff. “From the beginning, utilizing Palantir has always been a win-win for the Army and the taxpayer. And if it takes a court decision to make the Army see it, then that’s just the way it is.”

The article then digs into the history of DCGS. The article reveals:

A confidential Army email reveals one reason Palantir never gained favor inside the halls of the Pentagon: Ms. Schnurr hated the system.

Okay, the article pinpoints Lynn Schnurr, once the US Army’s senior information officer, as the source of the burr under the saddle. Ms. Schnurr, the write up says:

appears to have an entrenched animosity towards Palantir, which has been spread and inculcated into the DA staff,” the [an unidentified US Army] officer wrote.

Ms Schnurr has an interesting background. She joined General Dynamics in February 2013. She left her job at the US Army in January 2013 after a 17 year career. She was a 1975 graduate of Virginia Polytechnic Institute (Blacksburg, Virginia) with a BS in education.

Several observations crossed my mind as I thought about this interesting example of “real” journalism:

  1. The sources for the write up remain a bit fuzzy. That’s not uncommon in some “real” journalism today. I find it annoying to read a reference to an email without a link to that source document.
  2. The write up laser dots Lynn Schnurr. I find it interesting that an individual is responsible for the behavior of procurement procedures. When I worked at Booz, Allen & Hamilton, it was unusual to find one person who could be identified as the “cause” of a particular event. The bureaucracy works in predictable ways because committees have to do the real work with assorted contractors lending a hand. I am confident that Ms. Schnurr is and was  a force with which to be reckoned, but when I bumped into one government project and was hired by a sitting president, I was told: “Not even the president can pay you. Fill out these forms first.”
  3. Other issues affecting Palantir are not far to seek. The Washington Times did not explore such issues as: [a] Possible resistance to Palantir after the legal dust up about Palantir’s alleged improper use of i2 Group Analyst’s Notebook intellectual property, [b] Palantir’s providing some US Army personnel with access to Gotham without going through the US Army’s often Byzantine procedures, and [c] the clash of the Silicon Valley culture with the Beltway Bandit culture, among others.

If you are following the Palantir US Army legal matter, you will want to read the Washington Times’s article. However, there may be more information germane to the subject than putting Ms. Schnurr in the spotlight. Why identify a person no longer working at the Pentagon as a full time employee as the primum mobile? That triggers me to look for other factors.

In the back of my mind, I continue to consider the consequences of the i2 Group (now owned by IBM, a company with DCGS aspirations). I recall the shock of Sergey Brin’s visit to Washington when he chose to wear sneakers and a T shirt as he called on officials before Google embraced traditional lobbying and revolving doors. I understand the so-called “arrogance” of the start up culture when it encounters individuals who are not as “clued in” to  the ins and outs of the Clue Train Railroad. I understand the connection between selling work and following government procedures and protocols.

I surmise that Palantir is facing down a bureaucracy which wants what it wants when it wants it. Outfits which light up the radar screens of numerous individuals in the bureaucracy find themselves burdened with tar balls at every turn. Palantir faces not a singleton issue like the legacy of Ms. Schnurr. Palantir finds itself dealing with the consequences of its actions since the company took CIA – In-Q-Tel funds and received the smiles of a powerful intel outfit.

I have not worked in Washington’s corridors of power for years, but I know that friction can exist between Executive Branch agencies and other US government units. Palantir may be caught of a multi front war here in the USA. Write ups like the one in the Washington Times may only provide a glimpse of a larger, more variegated scene and raise other questions; for example, fund raising, taxes, etc.

Stephen E Arnold, October 18, 2016

Demand for British Passports Surge on Dark Web Post Brexit

October 17, 2016

Freedom of Information Act request submitted by British general insurer Esure reveals that 270,000 British passports have been reported missing so far in 2016. A tiny percentage of these passports are for sale on Dark Web for a premium.

In an article by Jennifer Baker titled Dark Web awash with pricey British passports after UK vote for Brexitstates:

The value of a fake British passport has increased by six percent since the vote in favor of Brexit, and is predicted to rise further if rules on European Union freedom of movement change

Each passport is being sold for around $3,360 and upwards in Bitcoin or its equivalent. Restriction of movement across borders from the European Union to the United Kingdom is considered to be the primary reason for the surge in demand for British passports.

While the asking price for smaller EU nation passports remains tepid on Dark Web, experts are warning that instances of British passport thefts will increase by 20 percent next year.

The offline and online black market for British passports is estimated to be around $57 million a year. According to Ms Baker:

The most common hotspots for passport theft included bars and restaurants (14 percent), the beach (14 percent), busy streets (14 percent) and hotel rooms (13 percent). However, it isn’t just overseas as one in five (19 percent) of people reported a passport being stolen from their own homes.

A stolen passport can be used without any hassles till it is reported lost or stolen, and Brexit rules come into force. Even after being reported, the passport can still be used for identity theft and other online scams. Can there be a better way to curb this practice of identity theft, Brexit or not?

Vishal Ingole, October 17, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Palantir Technologies: Pushing Back at Labor

October 15, 2016

Goodness gracious. Palantir Technologies is becoming a public outfit despite its penchant for secrecy. The company was featured in a Fortune Magazine write up called “Palantir Responds to Labor Department’s Discrimination Lawsuit.” Too bad Fortune’s online site did not include a link to the Palantirians’ response. The main point is that the US Department of Labor did not reflect reality. The main point of the Fortune write up struck me as this statement:

Palantir’s aim? To clear its name and move on.

Yeah. My hunch is that the “aim” is to continue to get US government contracts and not lose the work already underway. The notion that Palantir’s reputation is fueling the hassle with Labor is interesting. My view from rural Kentucky is that Palantir sued the US Army and the wheels of government often turn in eccentric ways. I am surprised that the IRS and SEC have not raised questions. In the current political climate, fooling around with government bureaucracy can be interesting.

Stephen E Arnold, October 15, 2016

Smart Software: The White House and Its Artificial Intelligence Lean Back

October 13, 2016

I am not sure how influential White House reports are. But I scanned “Preparing for the Future of Artificial Intelligence” looking for what’s ahead. I did not notice any reference to the Sillycon Valley outfits and some cohorts getting together to chat about keeping artificial intelligence docile like digital bunny rabbits. I did not see a reference to IBM Watson’s WOW conference (If you don’t know about this, check out the five day event here. For $2,395 you will be so much smarter.) Nor did the report inject any factoids about Deep Mind and the London underground tunnel into my flawed gray matter.

You can, for now, download a copy of the report from this link. US government content can move around, so keep in mind that you may have to do some searching if the link does not work. Hopefully your research will be less of a challenge than looking for some Library of Congress reports.

For me, the take away is that standards are needed. Perhaps the folks from IBM, Facebook, and Google plus some smart academic outfits have already volunteered to provide wizards to work on the standards? How will those standards apply to companies operating in nation states other than the US? Will smart software advance more rapidly than the work on standards? Will companies deploying “non standard” smart software make changes to match the standards? The report does not address these issues and it is a nice write up which contains footnotes too like a high school research paper.

Alexa, play Pink Floyd’s “Comfortably Numb.”

Stephen E Arnold, October 13, 2016

New Terrorism and Technology Reports Released

October 11, 2016

Attempting to understand the level of threat a terrorist organization poses continues to be difficult. DefenseSystems.com published Report: Electronic jihad grows in sophistication, which shares the cyber-jihad survey from the Institute for Critical Infrastructure Technology. The authors of this survey present social media and other cyberspace tools to be “the great equalizer” in warfare. In addition to social media, there are a few hacker groups which have launched attacks on western websites and Arab media: the Cyber Caliphate, the dedicated hacker division of the Islamic State, and the Terrorist Team for Electronic Jihad. The write-up explains,

The cyber jihad survey notes that ISIS has mostly dedicated its expanding offensive cyber capabilities to specific social media accounts, including the Twitter and YouTube accounts of U.S. Central Command. Offensive capabilities are thought to include the use of malware, insider threats and “preconfigured tools.” Malware efforts have included spear-phishing emails containing malware designed to sweep up the IP addresses and geolocation data about anti-ISIS groups in the ISIS stronghold of Raqqa, Syria. As ISIS and other cyber-jihadists become more sophisticated and aggressive, experts worry that they will eventually attempt more audacious attacks.

However, a report from the federal government suggests ISIS’ Twitter traffic dropped 45 percent in the past two years. While terrorist group’s technology may be expanding in the arena of offensive strikes, officials believe the decline in Twitter popularity suggests recruitment may be slowing. We think there needs to more analysis of recruitment via Dark Web.

Megan Feil, October 11, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

World-Check Database Leaked by Third Party

October 4, 2016

This is the problem with sensitive data—it likes to wander from its confines. Motherboard reports, “Terrorism Database Used by Governments and Banks Leaked Online.” Security researcher Chris Vickery reported stumbling upon a copy of the World-Check intelligence database from mid-2014 that was made available by a third party. The database maintained by Thomson Reuters for use by governments, intelligence agencies, banks, and law firms to guard against risks. Reporter Joseph Cox specifies:

Described by Thomson Reuters as a ‘global screening solution,’ the World-Check service, which relies on information from all over the world, is designed to give deep insight into financial crime and the people potentially behind it.

We monitor over 530 sanctions, including watch and regulatory law and enforcement lists, and hundreds of thousands of information sources, often identifying heightened-risk entities months or years before they are listed. In fact, in 2012 alone we identified more than 180 entities before they appeared on the US Treasury Office of Foreign Assets Control (OFAC) list based on reputable sources identifying relevant risks,’ the Thomson Reuters website reads.

A compilation of sensitive data like the World-Check database, though built on publicly available info, is subject to strict European privacy laws. As a result, it is (normally) only used by carefully vetted organizations. The article notes that much the U.S.’s No Fly List, World-Check has been known to flag the innocent on occasion.

Though Vickery remained mum on just how and where he found the data, he did characterize it as a third-party leak, not a hack. Thomson Reuters reports that the leak is now plugged, and they have secured a promise from that party to never leak the database again.

Cynthia Murrell, October 4, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

What Content Management Systems Ring the Chimes of US Government Procurement Teams?

September 28, 2016

The answer to this question does not require a consultant in content management or, as the insiders term it, CMS. Navigate to Digital Gov’s run down. The list is, like many things about the US government, “unofficial.” You can look up an agency like the Economic Research Service and learn that the whiz kids at ERS rely upon Umbraco, an open source CMS which works with Microsoft software. It should. Umbraco lists Microsoft as a customer. What this says about SharePoint I will leave to you, gentle reader.

There are some interesting systems in use; for example:

  • EpiServer from former Microsoft Sweden folks
  • DotNetNuke for the Department of Defense. The name of the product may have resonated with someone at the DoD.
  • RedDot, a German software product which is now an OpenText property
  • WebZerve, product of xpdient Inc.
  • InMagic Presto, which I thought was a law firm centric system. InMagic is now owned by a Canadian firm.

The list is a sure fire guide for those who want to sell CMS consulting services to government agencies. Any notion of standardization or buying US software seems to be out of fashion.

Stephen E Arnold, September 28, 2016

Snowden Revelations: Many Clicks, Few Will Access Documents

September 27, 2016

I read “This Is Everything Edward Snowden Revealed in Just One Year of Unprecedented Top-Secret Leaks.” I love “everything” articles. If you follow the Snowden documents, you know that these are scattered across different sites. Most of the write ups referencing the documents point to mini versions of the slides. I had high hopes that this write up would create a list of direct links to downloadable PDFs. No such luck. My conclusion about the article is that it does little to make the Snowden documents more readily available. Nevertheless, I love writes ups with the word “everything” in their title. Easy to say. Either too difficult, too time consuming, or to risky to do.

Stephen E Arnold, September 27, 2016

Next Page »