Silos Persist: GAO Analysis of DHS Asserts

March 23, 2019

Government reports are often filled with useful information. Some reports can be difficult to locate. A good example is GAP-19-210 “Homeland Security: Research & Development Coordination Has Improved, but Additional Actions Need to Track and Evaluate Project.” This report is online as of March 23, 2019, at this link: https://www.gao.gov/products/GAO-19-210. In order to obtain a copy, right click on the link and download the PDF. Rendering of the document in a browser is not reliable.

I think this findability issue provides a good example of the information sharing issues discussed in the 59 page report.

If you are interested in the structure of DHS, the report contains several current organization charts.

The information about the technologies in use for border control is one of the first lists of this type which I have seen recently. You can find these data in Appendix I: Overview of the Science Technology Directorate’s Research and Development Projects on pages 48 and following.

This is a useful document because future procurements are hinted at.

A quick heads up. If you look for the document at www.gao.gov, the document does not appear on the public facing Web site yet. Experimenting with the different options for locating public information, one selector returned a list of DHS related reports with the most recent document dated 2014.

Stephen E Arnold, March 23, 2019

Such Nice Fellows. Such a Fine. Such a Trend Line

March 20, 2019

I read “EU Fines Google $1.7 Billion for Abusing Online Advertising.” The fine works out to about $1.7 billion US dollars. DarkCyber believes that further penalties may be forthcoming. The write up states:

It’s the third time the commission has slapped Google with an antitrust penalty, following multibillion-dollar fines resulting from separate probes into two other parts of the Silicon Valley giant’s business.

The old adage “the third time is a charm” is not applicable. The third fine simply puts a trend line in a regulator’s spreadsheet.

What adage applies? How about Willie Sutton’s apocryphal statement: “I rob banks because that’s where the money is.” Here is Harrod’s Creek people have been known to identify a piggy bank and take whatever money falls out when shaken.

Stephen E Arnold, March 20, 2019

Who Is Assisting China in Its Technology Push?

March 20, 2019

I read “U.S. Firms Are Helping Build China’s Orwellian State.” The write up is interesting because it identifies companies which allegedly provide technology to the Middle Kingdom. The article also uses an interesting phrase; that is, “tech partnerships.” Please, read the original article for the names of the US companies allegedly cooperating with China.

I want to tell a story.

Several years ago, my team was asked to prepare a report for a major US university. Our task was to try and answer what I thought was a simple question when I accepted the engagement, “Why isn’t this university’s computer science program ranked in the top ten in the US?”

The answer, my team and I learned, had zero to do with faculty, courses, or the intelligence of students. The primary reason was that the university’s graduates were returning to their “home countries.” These included China, Russia, and India, among others. In one advanced course, there was no US born, US educated student.

We documented that for over a seven year period, when the undergraduate, the graduate students, and post doctoral students completed their work, they had little incentive to start up companies in proximity to the university, donate to the school’s fund raising, and provide the rah rah that happy graduates often do. To see the rah rah in action, may I suggest you visit a “get together” of graduates near Stanford or an eatery in Boston or on NCAA elimination week end in Las Vegas.

How could my client fix this problem? We were not able to offer a quick fix or even an easy fix. The university had institutionalized revenue from non US student and was, when we did the research, dependent on non US students. These students were very, very capable and they came to the US to learn, form friendships, and sharpen their business and technical “soft” skills. These, I assume, were skills put to use to reach out to firms where a “soft” contact could be easily initiated and brought to fruition.

threads fixed

Follow the threads and the money.

China has been a country eager to learn in and from the US. The identification of some US firms which work with China should not be a surprise.

However, I would suggest that Foreign Policy or another investigative entity consider a slightly different approach to the topic of China’s technical capabilities. Let me offer one example. Consider this question:

What Israeli companies provide technology to China and other countries which may have some antipathy to the US?

This line of inquiry might lead to some interesting items of information; for example, a major US company which meets on a regular basis with a counterpart with what I would characterize as “close links” to the Chinese government. One colloquial way to describe the situation is like a conduit. Digging in  this field of inquiry, one can learn how the Israeli company “flows” US intelligence-related technology from the US and elsewhere through an intermediary so that certain surveillance systems in China can benefit directly from what looks like technology developed in Israel.

Net net: If one wants to understand how US technology moves from the US, the subject must be examined in terms of academic programs, admissions, policies, and connections as well as from the point of view of US company investments in technologies which received funding from Chinese sources routed through entities based in Israel. Looking at a couple of firms does not do the topic justice and indeed suggests a small scale operation.

Uighur monitoring is one thread to follow. But just one.

Stephen E Arnold, March 20, 2019

Thrilling Devices Begging for Strict, Punishing Regulation

March 20, 2019

Why are we not surprised? The Next Web reports, “Laws Can’t Keep Up with Sex Robots’ Ethical and Privacy Issues.” Whatever one feels about them, “sexbots” are already being sold overseas and seem destined to arrive here in the not-too-distant future. As laws are now, these products will probably fall under the category of sex toys, a market that is not heavily regulated for safety. There is one exception—legislators are already making laws to guard against sexbots that resemble children. That disturbing possibility aside, writer Francis X. Shen examines some potential hazards of these devices:

“For example, dangers lurk even in a seemingly innocent scene where a sex robot and human hold hands and kiss. What if the sexbots’ lips were manufactured with lead paint or some other toxin? And what if the robot, with the strength of five humans, accidentally crushes the human’s finger in a display of passion? It’s not just physical harm, but security as well. For instance, just as a human partner learns by remembering what words were soothing, and what type of touch was comforting, so too is a sex robot likely to store and process massive amounts of intimate information. What regulations are in place to ensure that this data remains private? How vulnerable will the sex robot be to hacking?”

See the write-up for more unanswered questions. No one knows what the future holds in this arena, but reportedly about half of us believe sexbots will be commonplace in 50 years. I suppose we had better decide how to deal with them before that time arrives.

Cynthia Murrell, March 20, 2019

New CIA Chief Information Officer: Watson, Who Is It?

March 19, 2019

The answer comes not from IBM Watson. “CIA Announces New Chief Information Officer” reveals that Juliane Gallina, an IBM professional has landed the job. DarkCyber finds this interesting for three reasons.

image

Aurora, which means dawn and $500 million for one system, may be a new technology the CIA explores.

First, Amazon’s policeware found some traction in that government agency. IBM covets US government work. Amazon may find that Gallina may ask different questions in her tenure.

Second, IBM Federal Systems is the poster child for old-school government contracting. The idea within some sectors of the US government is to find a new-school approach. Gallina may have some interesting ideas about how next-generation systems are selected, shaken down, and made operational.

Third, Gallina has intelligence sector experience. Presumably that experience will make it easier to determine which units can best be served by specific technologies. Will that insight match the diverse community of interests within the CIA?

The appointment is going be one closely watched by those within and outside the Beltway. Perhaps there will be a new technology dawn at the agency. Aurora, it’s called.

Stephen E Arnold, March 19, 2019

Google: No China Interaction?

March 18, 2019

I read the NBC report “Google Denies Working with the Chinese Military after Trump Criticism.” Not much of a surprise. The Google had to say something. The real news outfit reported:

“We are not working with the Chinese military. We are working with the U.S. government, including the Department of Defense, in many areas including cybersecurity, recruiting and healthcare,” a spokesperson said.

Google blew off the US government project Project Maven and then found itself stung by its Dragonfly initiative.

DarkCyber believes everything Google says. Doesn’t everyone? Mr. Trump does not it seems.

Stephen E Arnold, March 18, 2019

Forget Facebook Resignations, Is Google Actually Aiding the Chinese?

March 15, 2019

Okay, okay, the source is Gizmodo. The article may be spot on or a bit like outputs from quite interesting sources from lesser known experts. The value of the write up rests in its reminding me of the duck – rabbit paradox:

image

Is this a duck (Peking variety) or rabbit (cute technological bunny)?

The title which caught my eye was:

Pentagon Brass Bafflingly Accuses Google of Providing ‘Direct Benefit’ to China’s Military

The “bafflingly” is an interesting word. Gizmodo cannot understand why someone from the Pentagon would “accuse Google of providing direct benefit to China.”

I noted this passage:

Dunford’s incendiary comments came during a budgetary hearing by the Senate Armed Services Committee this afternoon. During his time for questioning, freshman Senator Josh Hawley, a Republican, turned to the subject of Google’s decision to back away from projects with the Pentagon. Hawley asked the panel if he understood the situation correctly and that the men were saying, “that Google, an American company, supposedly, is refusing to work with the Department of Defense, but is doing work with China, in China, in a way that at least indirectly benefits the Chinese government.”

General Dunford is the chairman of the joint chiefs of staff.

Google has many government projects, a big office near a Metro stop, and a modest lobbying team. Nevertheless, “brass” seems to suggest that our beloved Google is not interested in working on behalf of the US. I wonder if the same could be said of Baidu, Huawei, or ZTE efforts on behalf of the Chinese government?

General Dunford is quoted as saying:

You know, senator, I’m nodding my head on exactly the point that you made: that the work that Google is doing in China is indirectly benefitting the Chinese military. And I’ve been very public on this issue as well; in fact, the way I described it to our industry partners is, ‘look we’re the good guys in the values that we represent and the system that we represent is the one that will allow and has allowed you to thrive,’ and that’s the way I’ve characterized it. I was just nodding that what the secretary was articulating is the general sense of all of us as leaders. We watch with great concern when industry partners work in China knowing there is that indirect benefit, and frankly ‘indirect’ may be not a full characterization of the way it really is. It’s more of a direct benefit to the Chinese military.

Google’s position is:

As an American company, we cherish the values and freedoms that have allowed us to grow and serve so many users. I am proud to say we do work, and we will continue to work, with the government to keep our country safe and secure.

Gizmodo’s interpretation of the baffling comments may be nestled in this paragraph:

But Dunford sent a striking message to any tech companies that might consider getting involved with the DoD in the future: If you get in bed with us and you decide you want to break it off, you might be called a traitor.

I don’t know anything about General Dunford. I know nothing about Google’s current work for the US government. However, I have heard comments from my acquaintances to the effect:

If it walks like a duck, looks like a duck, and quacks like a duck. It is a duck.

Stephen E Arnold,  March 15, 2019

First, Encryption, Now DNA: Annoying, Marketing, or Taunting?

March 14, 2019

I read “Home DNA-Testing Firm Will Let Users Block FBI Access to Their Data.” I came away asking myself, “Is this outfit just annoying government authorities or taunting them? Or, maybe the company wants to look good from a PR point of view?”

Australia introduced regulations which require that companies doing business in the country cooperated with law enforcement when it comes to accessing data on encrypted services. That initiative is likely to be watched closely by those in the Five Eyes. In fact, DarkCyber thinks that the Australian move is a trial balloon. Decryption is a contentious issues, and Facebook has suggested that it will embrace privacy. Some in the enforcement sector rely on Facebook data, and if those data become unreadable, that will spark some discussion. The key point is that Australia took regulatory action.

When the no DNA for the FBI story crossed my desk, I thought about the implications. China has addressed the DNA sampling issue directly. In once geographic area, people have to show up and provide a sample. Fail to cooperate? That action will not generate positive points on the individual’s social credit score.

DNA information is available or obtainable. I want to add “in one way or another.”

The issue is control and access. The use of DNA data is fairly straightforward. DNA may answer the question, “Whom should be investigate?”

The write up states:

The combination of genetic data from home DNA-testing kits and family tree databases has allowed individuals to find relatives by matching DNA, but has also opened a new way for police to solve crimes. Police used the technique last year to identify the man thought to be behind a series of murders in California during the 1970s.

But the company was cooperating. Now a “procedure” must be followed.

Mixed signals, push back, a concern for customer privacy, or PR? The more interesting question is, “Is the company poking pointy sticks into the backs of government authorities.” Will compliance regulations emerge from one of the Five Eyes?

Stephen E Arnold, March 14, 2019

US Government Slow In Adopting Big Data?

March 13, 2019

We are not sure if this is good news or bad news. But the United States may be slow in adopting new technology and policies. The IRS is one government branch that is leveraging big data with actual results. Mondaq shares the IRS’s data analysis in the article, “United States: States Follow The IRS In Joining The Big Data Revolution.”

The IRS has used data analysis since the 1960s to select taxes to adult. As the technology advanced over the years, it has caught more errors and corrected them without any human involvement. The IRS created a new data analysis projected dubbed the Nationally Coordinated Investigation Unit (NCIU). NCIU will focus on using external data and the IRS to select criminal investigations. They also signed a $99 million deal with Palantir. With Palantir’s technology, the IRS will analyze and search terabytes of data on internal and external data sources on a single platform. The IRS is not only data mining for criminal activities. Big data is also being used for civil audits and predict outcomes on cases referred to the IRS Office of Appeals.

State governments have followed the IRS and implemented their own tax data analysis projects. Many of them have already caught fraudulent returns and so far state governments have saved sizable chunks of cash. These data analysis implementations are great, but there are still limitations. We learned:

“Like the IRS, many state departments of revenue have faced significant budgetary pressure in recent years, as governments have tried to cut down the size and cost of government, and have turned to technology to fill the gap. As powerful as data analytics are, however, there is a limit to the extent they can replace human investigators. In 2016, for example, the Arizona Department of Revenue began to lay off dozens of auditors and tax collectors, citing budget cuts. The result was a catastrophe, as audit collections dropped nearly 47 percent—$82 million—in 2017. The IRS itself has taken a markedly different approach: IRS CI has recently announced a hiring blitz, in the course of which it will hire 250 special agents, a number of data scientists, and over 100 professional staff.”

Big data analysis will become a significant tool in the future for the IRS and local tax offices. Good or bad? Excellent question.

Whitney Grace, March 13, 2019

New Field Manual about Social Media Deception

March 7, 2019

How effective are false personas and social media? The answer is, “Remarkably effective.” A new report published by the US Army provides a wealth of information about online deception. The 100 page publication is “FM 3-13.4 Army Support to Military Deception.” The document provides a review of the fundamentals of deception, information about planning a deception operation, and data about preparation and execution. An example of the information contained in the report is a useful review of the terminology of deception. DarkCyber requires these types of glossaries essential to researching additional information.

Without the key terms or jargon, queries about software, methods, and activities are difficult to formulate. Equally valuable is the checklist of “principles.” The information provides a series of reminders about specific operational considerations required for a successful deception campaign. The list of techniques is one of the first summaries of the spectrum of functions associated with deception operations.

The report captures a post operation evaluation checklist. One weakness is the report does not operational examples focused on social media like Facebook, Instagram, Twitter, and LinkedIn. With NATO’s social media phishing of its own soldiers proving effective, more attention is warranted on what can be accomplished at this time with widely used online services. DarkCyber recommends this document because deception activities will become an increasing important tool in law enforcement and intelligence activities.

Stephen E Arnold, March 7, 2019

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta