Tag, computer security

Are your fingerprints worthless?

By Maggie Koerth-Baker BoingBoing at 5:28 pm Monday, Apr 16 •

Is forensic evidence trustworthy?

Science in fiction affects our ability to understand science in real life. For instance, you might already be familiar with the idea that detective shows on TV, particularly forensics shows like CSI, might be influencing what juries expect to see in a courtroom.

This is called the “CSI effect” and it’s hotly debated. Some prosecutors think it has a real impact on jury decisions—if they don’t get the fancy, scientific evidence they’ve been conditioned to expect then they won’t convict. Meanwhile, though, empirical evidence seems to show a more complicated pattern. Surveys of more than 2000 Michigan jurors found that, while people were heavily expecting to see some high-tech forensic evidence during trials, that expectation probably had more to do with the general proliferation of technology throughout society. More interestingly, that broad expectation didn’t seem to definitively influence how jurors voted during a specific trial. In other words: The jury is still out. (*Puts on sunglasses*)

A FRONTLINE documentary that airs tomorrow centers around an interesting corollary on this issue: Whether or not shows like CSI influence juries to expect more technology, they do present a wildly inaccurate portrait of how accurate that technology is. The reality is, many of the tools and techniques used in detective work have never been scientifically verified. We don’t know that they actually tell us what they purport to tell us. Other forensic technologies do work, but only if you use them right—and there’s no across-the-board standard guaranteeing that happens.

Even ideas you think you can trust implicitly—like fingerprint evidence—turn out to have serious flaws that are seriously under-appreciated by cops, lawyers, judges, and juries.

Brandon Mayfield, an Oregon lawyer, was at the center of international controversy in 2004 after the FBI and an independent analyst incorrectly matched his prints to a partial print found on a bag of detonators from the Madrid terrorist bombings.

Dror asked five fingerprint experts to examine what they were told were the erroneously matched prints of Mayfield. In fact, they were re-examining prints from their own past cases. Only one of the experts stuck by their previous judgments. Three reversed their previous decisions and one deemed them “inconclusive.”

Dror’s argument is that these competent and well-meaning experts were swayed by “cognitive bias”: what they knew (or thought they knew) about the case in front of them swayed their analysis. The Mayfield case and studies like Dror’s have changed how fingerprints are used in the criminal justice system. The FBI no longer testifies that fingerprints are 100 percent infallible.

Watch a short video that explains more about the flaws in fingerprint analysis.

  APRIL 23, 2012 Categories: Latest News Tags: , , Comments: 1 Comment

New Interest in Hacking as Threat to Security

By

WASHINGTON — During the five-month period between October and February, there were 86 reported attacks on computer systems in the United States that control critical infrastructure, factories and databases, according to the Department of Homeland Security, compared with 11 over the same period a year ago.

None of the attacks caused significant damage, but they were part of a spike in hacking attacks on networks and computers of all kinds over the same period. The department recorded more than 50,000 incidents since October, about 10,000 more than in the same period a year earlier, with an incident defined as any intrusion or attempted intrusion on a computer network.

The increase has prompted a new interest in cybersecurity on Capitol Hill, where lawmakers are being prodded by the Obama administration to advance legislation that could require new standards at facilities where a breach could cause significant casualties or economic damage.

It is not clear whether the higher numbers were due to increased reporting amid a wave of high-profile hacking, including the arrest last week of several members of the group Anonymous, or an actual increase in attacks.

James A. Lewis, a senior fellow and a specialist in computer security issues at the Center for Strategic and International Studies, a policy group in Washington, said that as hacking awareness had increased, attacks had become more common. He said that the attacks on the nation’s infrastructure were particularly jarring.

“Some of this is heightened awareness because everyone is babbling about it,” he said of the reported rise in computer attacks. “But much of it is because the technology has improved and the hackers have gotten better and people and countries are probing around more like the Russians and Chinese have.”

He added: “We hit rock bottom on this in 2010. Then we hit rock bottom in 2011. And we are still at rock bottom. We were vulnerable before and now we’re just more vulnerable. You can destroy physical infrastructure with a cyberattack just like you could with a bomb.”

The legislation the administration is pressing Congress to pass would give the federal government greater authority to regulate the security used by companies that run the nation’s infrastructure. It would give the Homeland Security Department the authority to enforce minimum standards on companies whose service or product would lead to mass casualties, evacuations or major economic damage if crippled by hackers.

The bill the administration backs is sponsored by Senators Joseph I. Lieberman, independent of Connecticut, and Susan Collins, Republican of Maine. It has bipartisan support, and its prospects appear good. Senator John McCain, Republican of Arizona, is sponsoring a more business-friendly bill that emphasizes the sharing of information and has fewer requirements for companies.

Last week on Capitol Hill, Janet Napolitano, the secretary of Homeland Security; Robert S. Mueller III, the director of the Federal Bureau of Investigation; and Gen. Martin E. Dempsey, the chairman of the Joint Chiefs of Staff, made their pitch to roughly four dozen senators about why they should pass the Lieberman-Collins bill.

At a closed-door briefing, the senators were shown how a power company employee could derail the New York City electrical grid by clicking on an e-mail attachment sent by a hacker, and how an attack during a heat wave could have a cascading impact that would lead to deaths and cost the nation billions of dollars.

“I think General Dempsey said it best when he said that prior to 9/11, there were all kinds of information out there that a catastrophic attack was looming,” Ms. Napolitano said in an interview. “The information on a cyberattack is at that same frequency and intensity and is bubbling at the same level, and we should not wait for an attack in order to do something.”

General Dempsey told the senators that he had skipped a meeting of the National Security Council on Iran to attend the briefing because he was so concerned about a cyberattack, according to a person who had been told details of the meeting. A spokesman for General Dempsey said the chairman had “sent his vice chairman to the meeting on Iran so that he could attend the Senate meeting and emphasize his concern about cybersecurity.”

“His point was about his presence at the cyber exercise rather than a value judgment on the ‘threat,’ ” the spokesman, Col. David Lapan, said.

Experts say one of the biggest problems is that no part of the government has complete authority over the issue. The Central Intelligence Agency and the National Security Agency give the government intelligence on potential attacks, and the F.B.I. prosecutes hackers who break the law. The Department of Homeland Security receives reports about security breaches but has no authority to compel business to improve their security.

“Nobody does critical infrastructure of the dot-com space where America now relies on faith healing and snake oil for protection,” Mr. Lewis said. “The administration wants it to be the Department of Homeland Security, but the department needs additional authorities to be effective.”

  MARCH 26, 2012 Categories: Latest News Tags: , , , , Comments: No Comment

Copyright © 2013 - ASIS Northern NJ Chapter XIII
Web Design and Hosting: Scottidesign.com