Thursday, February 26, 2015

Family Security: Data Mining and COMSEC/OPSEC (Communication and Operation Security)

A good reason for OPSEC and COMSEC
I’m watching as the mainstream media (MSM) says that they know the name and identity of Jihadi John the man with the British accent who has been in the ISIS beheading videos. Don’t get me wrong, I’m glad they know who he is. It’s easier to pursue someone when you know who they are. But with this story has come the fact that U.S. and British intelligence have known who he is for some time. That means that, barring any information they have that we don’t, he was identified by his voice and possibly his eyes, which were all that were showing in the videos.
Most of us in the U.S. are not worried about the government knowing who we are and where we are. I know that with my affiliation with the government I’ve been photographed, fingerprinted, and had many, many background checks done on me. I’ve held a security clearance with the Department of Defense since 1983 and still do. They know who I am! But in spite of this, I maintain as much anonymity on the internet and in my personal life as I can.
I know that some of you may be rolling your eyes and thinking to yourself “Paranoid guy.” I maintain that it’s not paranoia but preparedness.
The abbreviation PII is widely accepted in the US context, but the phrase it abbreviates has four common variants based on personal / personally, and identifiable / identifying. Not all are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used. An example of this would be the following:
• Full name (if not common)
• Home address
• Email address (if private from an association/club membership, etc.)
• National identification number (used by the governments of many countries as a means of tracking their citizens, permanent residents, and temporary residents for the purposes of work, taxation, government benefits, health care, and other governmentally-related functions
• IP address (in some cases)
• Vehicle registration plate number
• Driver's license number
• Face, fingerprints, or handwriting
• Credit card numbers
• Digital identity
• Date of birth
• Birthplace
• Genetic information
• Telephone number
• Login name, screen name, nickname, or handle
The following are less often used to distinguish individual identity, because they are traits shared by many people. However, they are potentially PII, because they may be combined with other personal information to identify an individual.
• First or last name, if common
• Country, state, or city of residence
• Age, especially if non-specific
• Gender or race
• Name of the school they attend or workplace
• Grades, salary, or job position
• Criminal record
Safeguard all of the above information and you can protect yourself. If you let some of this information out, your full name for instance, it would probably not be enough for someone to find you or steal your identity. When you start to put several (3 or 4) of these together is where you are at risk.
Most of us have a picture on Facebook or Twitter. I would suggest changing that picture to a graphic or something that will not let your identity out. Pictures of the family or other seemingly harmless pictures should be left to very few. Remember the importance of picture background. A picture of your dog may have you street address, or license plate in the background. Be especially careful with your children. I know this will be difficult for some, especially those of a younger generation, but believe me, finding this information that can hurt you is real. I have 3 different friends who were in intelligence in the military. One is still in the intel business but for a law enforcement agency now. Finding this info is called “mining”.
Data mining is something that has been done by business almost since the beginning of internet commerce.
For example, one Midwest grocery chain used the data mining capacity of Oracle software to analyze local buying patterns. They discovered that when men bought diapers on Thursdays and Saturdays, they also tended to buy beer. Further analysis showed that these shoppers typically did their weekly grocery shopping on Saturdays. On Thursdays, however, they only bought a few items. The retailer concluded that they purchased the beer to have it available for the upcoming weekend. The grocery chain could use this newly discovered information in various ways to increase revenue. For example, they could move the beer display closer to the diaper display. And, they could make sure beer and diapers were sold at full price on Thursdays.
That doesn’t sound too insidious does it? But what if criminals did the same thing for different reasons? Governments and law enforcement has been doing this for decades. Be careful about your digital footprint. Criminals have been caught because of Facebook. Don’t underestimate the power of information and the internet. Be careful. Be safe. Rethink what you do and how you do it.
Semper Paratus
Check 6