Darpa Wants to Save Us From Our Own Dangerous Data - Businessweek
"The author William Gibson once confessed to writing up a terrorist plot so plausible that he didn’t want to publish it. He cut it out of his book Idoru. 'It seemed so workable and media-efficient an idea,' he told the Village Voice in 2003, 'that I didn’t feel like I could let it out.' Gibson refused further comment. If he were of a mind to help, Gibson is the sort of person who could extend a hand to the U.S. Defense Advanced Research Projects Agency, or Darpa. The agency, with its characteristic spirit of paranoid generosity that gave us killer robots and the Internet, recently asked researchers to submit proposals for research projects that investigate whether freely available, open data could be weaponized. 'Could a modestly funded group,” asks the RFP, “deliver nation-state type effects using only public data?' Meaning data from geographic information systems, marketing databases, Facebook (FB), Twitter, the open Web—or any one of millions of new data systems that have come online in the last couple of decades. Could a few malicious actors with regular computers and access to the Web cause a lot of death for Americans without hacking—just by making use of what’s out there and available? It’s a funny time for this RFP to be out there. Foreign Policy issued an 'Irony Alert,' contrasting the Darpa request with the recently released leaks about the National Security Agency and spying. “The military,” wrote Shane Harris on FP’s Killer Apps blog, 'is worried that Russia or al-Qaeda is going to wreak nationwide havoc after combing through people’s personal records.' Darpa isn’t necessarily wrong to worry. Public data can absolutely be used to nefarious ends—we’ve already seen what happens after people get 'doxxed,' when Internet vigilantes find their addresses and publicize them. In China there have been hundreds of cases where a 'human flesh search engine'—basically mass doxxing—came together to create huge, shared dossiers about various moral outrages, corruption issues, or adultery cases. Things go up a notch with 'swatting,' wherein pranksters pretend to be their victim, call 911, and phrase their calls so that the protocol results in a visit by a police SWAT team. Celebrities are common targets: Diddy has been swatted. So you see the formula emerging: Take public data and extract something meaningful from it, like an address. Take knowledge of law enforcement protocols that lead to SWAT team deployments. Combine the two and you’ve created a dangerous, high-risk situation for all. There’s no 'hacking' involved, in the context of breaking into computers. It’s just social engineering. Then again, the same instinct in human flesh search engines is at work in collating and editing Wikipedia. These impulses can be turned to lasting benefit ..."