information security


As required by law, the Director of National Intelligence today disclosed that the budget for the National Intelligence Program in Fiscal Year 2007 was $43.5 billion.
     http://www.fas.org/sgp/news/2007/10/dni103007.pdf
The disclosure was strongly resisted by the intelligence bureaucracy, and for that very reason it may have significant repercussions for national security classification policy.
Although the aggregate intelligence budget figures for 1997 and 1998 ($26.6 and $26.7 billion respectively) had previously been disclosed in response to a Freedom of  information Act lawsuit brought by the Federation of American Scientists, intelligence officials literally swore under oath that any further disclosures would damage national
security.
“Information about the intelligence budget is of great interest to nations and non-state groups (e.g., terrorists and drug traffickers) wishing to calculate the strengths and weaknesses of the United States and their own points of vulnerability to U.S. intelligence and law enforcement agencies,” then-DCI George J. Tenet told a federal court in April 2003, explaining his position that disclosure of the intelligence budget total would cause “serious damage” to the United States.
Even historical budget information from half a century ago “must be withheld from public disclosure… because its release would tend to reveal intelligence methods,” declared then-acting DCI John E. McLaughlin in a 2004 lawsuit, also filed by FAS.
Deferring to executive authority, federal judges including Judge Thomas F. Hogan and Judge Ricardo M. Urbina accepted these statements at face value and ruled in favor of continued secrecy.
But now it appears that such information may safely be disclosed after all.
Because the new disclosure is so sharply at odds with past practice, it may introduce some positive instability into a recalcitrant classification system.  The question implicitly arises, if intelligence officials were wrong to classify this information, what other data are they wrongly withholding?

Advertisements

Upon lawful request and for a thousand dollars, Comcast, one of the nation’s leading telecommunications companies, will intercept its customers’ communications under the Foreign Intelligence Surveillance Act.

The cost for performing any FISA surveillance “requiring deployment of an intercept device” is $1,000.00 for the “initial start-up fee (including the first month of intercept service),” according to a newly disclosed Comcast Handbook for Law Enforcement.

Thereafter, the surveillance fee goes down to “$750.00 per month for each subsequent month in which the original [FISA] order or any extensions of the original order are active.”  With respect to surveillance policy, the Comcast manual hews closely to the letter of the law, as one would hope and expect.

“If your [FISA intercept] request pertains to individuals outside the U.S., please be sure you have complied with all the requirements in 50 U.S.C. sections 105A and/or 105B,” the manual says, referring to provisions of the Protect America Act that was enacted last month. “Requests such as these can not be honored after one year and must be dated prior to February 5, 2008, unless extended by Congress.”

Comcast will also comply with disclosure demands presented in the form of National Security Letters.  owever, the manual says, “Attention must be paid to the various court proceedings in which the legal status of such requests is at issue.”

In short, “Comcast will assist law enforcement agencies in their investigations while protecting subscriber privacy as required by law and applicable privacy policies.”

At the same time, “Comcast reserves the right to respond or object to, or seek clarification of, any legal requests and treat legal requests for subscriber information in any manner consistent with applicable law.”

A copy of the manual was obtained by Secrecy News.

See “Comcast Cable Law Enforcement Handbook,” September 2007:

http://www.fas.org/blog/secrecy/docs/handbook.pdf

Following the success of the first edition of this book published two years ago, this New Edition, now in paperback format, has been updated and includes new data on the main market players (28 companies are described) to reflect the latest changes and developments within the text mining sector.Text Mining is an interdisciplinary field bringing together techniques from data mining, linguistics, information retrieval, and visualization to address the issue of quickly extracting information from large databases with different applicative objectives. This book is directed towards graduate students in business, and undergraduate students in computer science, and to practitioners in law enforcement, security, intelligence, marketing and IT departments; it assumes readers have little or no previous knowledge about mathematics or linguistics. It has been structured as a self-teaching guide and has been written as a result of the authors’ experiences in participating in several large-scale text mining projects. It can be used as a guide for system integrators, and designers of text mining systems, but especially for business analysts and consultants who wish to apply the powerful tools of this technology to real situations.CONTENTS:THEORETICAL OVERVIEW: Text Processing and Information Retrieval; Information Extraction; Text Clustering; Text Categorization; Summarization and Visualization; Application Integration; ROI in Text Mining Projects.APPLICATIONS: Open Sources Analysis for Corporate and Government Intelligence; A Critical Appraisal of Text Mining in an Intelligence Environment; How to Forecast Telecommunications Competitive Landscape; Competitive Intelligence for SMEs: An Application to the Italian Building Sector; Virtual Communities: Human Capital and other Personal Characteristics Extraction; Customer Feedbacks and Opinion Surveys Analysis in the Automotive industry; Email Management System; TV Channel Provider: Mining the User Feedback; Text Mining in Banking; Text Mining in Life Sciences; Information Search and Classification to Foster Innovation in SMEs; Media Industry: How to Improve Documentalists Efficiency; Link Analysisin Crime Pattern Detection; SOFTWARE AND SERVICES: Text Mining Resources. ABOUT THE EDITOR:Alessandro Zanasi is a security research advisor and professor at Bologna University, Italy. Before he served asCarabinieri officer in Rome Scientific Investigations Center; IBM executive in Italy, Paris and San Jose (USA); METAGroup analyst; cofounder of Temis SA.As an intelligence specialist, he has been advising governments and corporations in security, intelligence and detectiontechnologies for more than twenty years. Among the others: European Commission through his membership, since 2005,to ESRAB-European Security Research Advisory Board and, since 2007, to ESRIF-European Security Research andInnovation Forum. AMONG THE 28 AUTHORS:Milic (Microsoft, UK), Pazienza (Univ.Roma,IT), Tiberio (Univ.Modena,IT), Sebastiani (Univ.Padova,IT),Mladenic, Grobelnik (Stefan Institute, SL), Sullivan (Ballston, USA), Politi (Analyst, IT), de’ Rossi (Telecom Italia,IT), Grivel (CNRS, F), Wives, Loh (Univ.Rio Grande, BR), Lebeth (Dresdner Bank, D), Fluck, Gieger (FraunhoferInstitute, D), Peters (Gruner+Jahr, D), Ananyan (Megaputer, USA).Abstract Previex and other info: 1313textminingv207.pdf

After September 11th 2001 there has been a growing awareness in the West that counterterrorist efforts  will not be successful  against global jihadism without   a long-term strategy of soft power designed to conquer the hearts and minds of Islamic communities around the world. Although the struggle against Al-Qaeda must  necessarily  employ the instruments of hard power  (military and police force), the latter will not be effective in the long-run if the West does not  develop and implement  a  strategy of soft power  (the power of ideas,  of culture,  of information, of mass communication, of education) to undermine jihadism.   The arrest or physical elimination of one or more members of a jihadist organization will only be a short-term success if jihadism continues to recruit, indoctrinate and train new members. Al Qaeda is implementing its own soft power strategy including  propaganda, disinformation and psychological warfare activities. This strategy, which reflects an advanced adaptation to  the new environment  of  globalization and the information revolution pursues two basic objectives: (1) In the Islamic world (including Islamic communities in the West)  jihadist strategy aims  to radicalize Islamic populations, widen popular support for global jihadism and spread  feelings of  hatred  for the  West, the US, Israel and  Judaism.   One of the methods used is to spread paranoid conspiracy  theories of a “Zionist-Christian alliance”  against the Islamic world. (2) In the West, jihadist strategy aims to intimidate and demoralize public opinion,  undermine popular consensus and support to governments, weaken the public’s faith in the capacity of governments to protect them from terrorist attacks, spread confusion and guilt feelings in countries that have been attacked by jihadism

During the Cold War the West, led by the United States,  successfully employed soft power and strategic influence to contain the expansion of communism in Western Europe and in other regions of the world. This eventually led to the breakdown of the Soviet system.  One of the key challenges of the 21st century is   developing a  long-term Western strategy  to  undermine  jihadism using the instruments of soft power,  including the media,  education, cultural influence,   support of reformist and modernizing movements within Islam and  currents of Islamic thought that are critical of jihadism.  Such a strategy should aim at creating a more positive and attractive image of  Western societies and progressively diminishing the attractiveness of the jihadist world-view.       

softpowerejihad.pdf

For further information please contact me at the e-mail address below or prof. Sergio Germani, academic director of the conference(l.germani@unilink.it) . To register please contact Mr. Francesco D’Arrigo (f.darrigo@ceasonline.eu).

By Mary O. Foley Most businesses have made sure to protect computer systems and networks from hackers. But the majority of data leaks or breaches of sensitive company information or intellectual property are often inside jobs.You’ve installed protective software, adjusted your hardware, and developed a range of new office policies, all in the name of protecting your computer networks and systems from hackers, phishers, and scammers. Externally, your system seems protected.But what are you doing to prevent an inside job? Do outgoing or disgruntled employees, or on-site contractors, have too much access to your company’s top-secret data?The answer could well be yes. According to a March 2006 Enterprise Strategy Group survey of 227 IT professionals, “employees and on-site contractors were cited as the most likely threat to confidential data security.” They even outranked concerns over off-shore outsourcers and random hackers. A separate 2005 study by PriceWaterhouseCoopers found that 33 percent of all security breaches involved current employees, and another 28 percent involved former employees or former partners.And the stakes are high: According to those surveyed, up to 50 percent of the data used in their offices could be considered confidential.The survey warned that while many companies use gateway filtering technologies to protect their network perimeter, they are much less likely to have adopted access controls and other policies to protect their systems from within.What can your company do to protect itself inside and out? For answers, IncTechnology.com looked up Kevin Mitnick, the former hacker-turned-IT security consultant. Mitnick, who served jail time in the 1990s for illegally gaining access to computer networks, now runs his own small business, Mitnick Security LLC, in Las Vegas, Nev., and helps firms address IT security problems.Have a planThe first step is to create a company-wide policy. Ideally, this policy should include “physical, technical, and human factor elements,” says Mitnick. For example, terminated employees should immediately lose access to not only the physical office, but to the computer network as well.Develop access controlsIn smaller businesses in particular, almost anyone in the company can access any data they choose. Eliminate this risk by setting up internal firewalls, Mitnick says, “so that sales people can’t access the payroll.” Through the operating system, set restrictive missions on files and directories or certain information, and allow only select employees access to it.Keep your OS up to dateMitnick notes that a lot of companies, especially smaller ones on a budget, don’t update their computer operating systems often enough. “I’ve seen businesses still using Windows 2000,” he says. The newer systems, especially Vista, have better access-control options.New password policiesDon’t let employees share passwords, Mitnick warns. “And don’t post passwords on Post-it notes in your office,” he adds. In fact, for very small offices with less than 20 employees, Mitnick recommends that all employees change their passwords every time a person leaves the company.  Larger companies might consider changing out passwords periodically, or developing additional passwords for sensitive information. Whether passwords get changed or not, however, terminated employees should lose their access to the network immediately.Monitor employee computer useIf an employee has put in notice to leave the company — on pleasant terms or not — your IT staff should start watching their computer habits. “Most employees take work product,” says Mitnick. IT staff should watch for e-mails the employee might be sending him or herself, e-mails that the employee’s friends within the company might be sending to them, or downloads to CDs, DVDs, or iPods. In addition, companies should block employee access to free storage sites, such as Yahoo’s Briefcase, notes securityinfowatch.com.Seek out helpIf your business, or simply your IT department, is too small to handle this type of project, consider hiring a consultant or VAR to help put a system in place, says Mitnick. With luck, taking these steps will help you to protect your computer networks inside and out.