Software developed by S.R.D. (Systems Research and Development), recently acquired by IBM, allows huge collections of personal data (travel manifests, medical data) to be compared with other databases, such as terrorist watch lists, while not actually disclosing the data between two entities. What’s actually compared is a one-way hash, and any “hits” between two lists, would identify a record number that would presumably lead to a request for the whole record. S.R.D. was originally funded by the CIA’s In-Q-Tel venture capital arm.
IBM Gives Your Information to the Government
Submitted by Anonymous 2005-05-31 Privacy, Security 13 Comments
Then that means everything we are typing here is being compared with other info?
It would be nice if everything typed in here were compared to a dictionary and a style guide.
I worked with SRD 1 month after the 9/11 attack. All most every casino in Las Vegas dumped Hotel Reservations and vendor information into the SRD database under CIA research. Even today, most hotels are giving weekly updates of hotel guest information over to SRD.
I think the reason it’s getting notice is that about 6 months ago IBM purchased SRD and now what to sale it to more people.
Editor Adams’ title is unfair and not a little misleading.
Surely, selecting some records for detailed comparison is less intrusive than receiving and retaining all databases in their entirety, with a view to eventually matching up their contents?
Granted, the Government will use the ‘less intrusive’ nature of these records’ extraction to expand quite dramatically the domain of databases they can mine in such a fashion.
If, however, we are to remain clear-minded about the scope and character of State surveillance, let us see that truer peril to our privacy for what it is — not reflexively recoil at each non-retentive Governmental query against data that already exist.
Furthermore: IBM seems, here, to be at most indirectly privy to the information or complicit in its transfer. Identifying records, as a third party, is not tantamount to disclosing them. It is difficult to contrive even an irregular OSnews participant to whom this would not be immediately self-evident.
Contrastingly, the title of the NYT article referenced at Cryptome decidedly leans a bit far the other way: ‘I.B.M. Software Aims to Provide Security Without Sacrificing Privacy’. This sort of endeavour, cleverly applied, may enhance security; but it can no more provide security than can the duty sergeant’s shift log at my local police precinct. And clearly each new Governmental scrutiny of formerly private data, however narrow or beneficial, sacrifices some privacy.
Both OSnews and the NYT are subject to the frustrating redactive (and moreover reductive) constraints of headline distillation. Recognising the magnitude of this challenge, though, does not excuse sloppiness in an editor’s exercise of the discipline.
In the spirit of good criticism, let me offer these alternative titles, themselves certainly also imperfect.
NYT: ‘I.B.M. Software Aims to Enhance Security by Targeting Data Demands’ (original 68char, mine 66char)
OSnews: ‘IBM Searches Your Information for the Government’ (original 44char, mine 48 char)
This sounds like an excellent approach, much better than “here’s our database!”. I just pray that they’re using a good hash algorithm, and that the people involved actually take the added step of hand-comparing the records and throwing out misses rather than believing the computer knows something they don’t.
There are enough problems with the current climate and the rush to field these systems without another layer of stupidity being added. (A friend of mine is named an approximation of “john smith”, and is always being stopped when flying because that name is on “a list”. We are closer to Terry Gilliam’s “Brazil” than you think).
I see nothing to indicate IBM is giving anybody’s information to the government. The article says the opposite – information is being withheld from the government except when there is a connection between that info and information on terrorists.
OTOH, one CAN say that we don’t know where that “terrorist information” can from or how accurate it is. Therefore it is still possible that a “hit” can be made between an innocent person’s info and that same person’s info INTERPRETED by some analyst who made a mistake as “terrorist info”.
In any event, none of this is going to help fight terrorism. You fight terrorism by seizing a KNOWN terrorist, drugging him to obtain information, then killing your way up the chain of command. You don’t need to be pulling data in from everybody to spot a terrorist. They have connections and those connections are obtainable from standard counterespionage technigues like infiltration and turning members of terrorist groups. You follow the connections from known terrorists to unknown terrorists which is FAR more profitable than trying to find a needle in a haystack.
This is why the entire “War on Terrorism” and Homeland Security crap is bogus. It flies in the face of methods that have worked for a hundred years. It’s obviously more for extending government control of citizenry than finding terrorists.
So why didn’t we find the 9/11 terrorists? Two answers:
1) We DID find them. The problem was the findings were ignored by people in charge.
2) The findings were ignored because it was politically expedient to allow certain things to happen to justify other actions. In other words, it was the “Reichstag Fire” ploy all over again – the oldest state game in the book.
Yet cooks get this stuff everyday are really do use it against “the people”.
because the info wasnt important.
there was thousands and thousands of other places and instances were that basically beniegn info occured also.
the 9/11 hijackers didnt do anything that was of interest that wasnt also happenening and caused by others.
you can look at a piece of info and wonder why no one cared enough about it, but until you look at that piece of info in the historical perspective it is meaningless.
Man, most people don’t even shred their bank statements, or just leave all kinds of their info lying around or behind. Not to mention…the “government” or “big brother” or whatever can already get access to way more than people know/want/think.
Even if IBM is selling your instant teller pin to some company, who cares? Think it already isn’t happening?
Sorry to sound so negative, but when your car’s on fire, you don’t curse at the radio reception.
IBM provided tabulating machines to the Nazis prior to WW2. These machines were essential for the Nazis to determine who was of Jewish origin so they could be exterminated. IBM was well aware of the purpose of these machines being purchased but still supplied them anyway. Seems not much has changed.
I totally agree with you.
And then we gotta read stupid zealots claiming about 500 software libre craps generously donated by this monsters.. that’s like MTV, the Oscars and all that crap out there that tries to makes you blind. You know, a-la Michael Moore.
Well, I guess its time to listen up some AFI
Im very concerned about the amount of data agrigation that goes on these days, whith everyone selling everyone elses info and all. Still, there are some benefits, such as for law enforcment that can’t be ignored. Comparing data by one-way hashes is a welcome change from the ususal “share everyones info with everyone, screw their privacy” methods ususally applied.
Heres hoping we see more hash comparison in the future. Massive inter-connected databases without any protection for peoples privacy are terrible weapons that terrorize the innocent, far more then the criminals who know how to steal/forge identities and such. Its like outlawing guns: then only the criminals will know how to get them.
Seems that most of the replies to this article consist of statments that “This isn’t as bad as the government simply taking the whole database” –or other comparisons to hypothetical alternatives that would be much worse.
This is spurious reasoning.