feature | Katherine Wilson

188 cover

spring 2007
ISBN 978-0-9775171-5-2
published 20 September 2007


Katherine Wilson in a national security Disneyland

Years ago I lived – not quite legally – in a studio in St Kilda’s landmark George Hotel. I owned an old station wagon which I kept in a nearby parking lot frequented by junkies. Many mornings, around 3 am, the sound of car alarms woke me. But I returned to sleep certain that, in a party of smashed car windows, my car alone would remain undamaged. Soon the sirens hardly disturbed me.

Some mornings I found signs that junkies had rummaged through my car. But it was never broken into, because I used a simple, low-tech security technique: I kept it unlocked.

This is what security engineers call a ‘ductile’ measure: if security is breached, there’s no huge consequence. A ductile system relies on understanding criminal behaviour, and is resilient when one component is compromised. Even if my old car was stolen, it was only a secondary means of travel (after public transport and my bike) and I’d insured it for more than its value.

Other parking lot residents had what engineers call ‘brittle’ security protection. Their expensive, high-tech alarm systems had little deterrent effect, and locking their cars often resulted in more crime (breaking as well as entering), more damage and more expense.

The best security measures are sometimes simple and cheap. They’re usually low-tech, physical and human. Some of the most advanced systems, on the other hand, are brittle and insecure. Or worse: by misunderstanding crime, they invite new offences.

Here are three examples reported by the Atlantic Monthly‘s security correspondent, Charles Mann:

  • To stop the rampant theft of expensive cars, manufacturers in the 1990s began to make ignitions very difficult to hot-wire. This reduced the likelihood that cars would be stolen from parking lots – but contributed to the sudden appearance of a new and more dangerous crime, carjacking.
  • After a vote against management, Vivendi Universal announced that its shareholder voting system, adopted to tabulate votes efficiently and securely, had been broken into by hackers. Because the new system eliminated the old paper ballots, recounting the votes – or even independently verifying the attack – was impossible.
  • To help merchants verify and protect the identity of their customers, marketing firms and financial institutions have created large computerised databases of personal information: social security numbers, credit card numbers, telephone numbers, home addresses and the like. With these databases increasingly connected by the internet, they have become irresistible targets for criminals. From 1995 to 2000 the incidence of identity theft tripled.

Some of the world’s most advanced IT networks are fully encrypted, never connected to outside networks, and only accessible from secure rooms to people with security clearances. But they’ve been infected by common internet viruses, “probably because some official checked email on a laptop, got infected, and then plugged the same laptop into the classified network”. Operatives have protected their top secret data with uncrackable encrypting, only to have their passwords revealed through less sophisticated keylogging technology.

As Mann observes, you can almost always get around high-tech with lower-tech. In Buda’s Wagon: A Brief History of the Car Bomb, Mike Davis documents how, despite governments spending dizzying sums on state-of-the-art measures to thwart nuclear or bio-terrorism, the ‘poor-man’s weapon’, the random urban car bomb, remains the most potent.

All this came to mind in 2006 when I visited Canberra’s National Security Summit and Expo, held in September each year – a time when our memories of September 11 are revived. At $1195 a ticket, and hosted by Australia’s Homeland Security Research Centre, it’s part trade fair, part talkfest and part ‘boy’s own’ exhibit. But when I visited, the exhibitors were shy.

“No,” was the firm response from the men at L-3 Communications, makers of X-ray technology that ‘sees’ through people’s clothing. (In a video demonstration, a woman’s underwear is visible along with strapped-on explosives.)

“Not on the record,” said Aija Seittenranta from Thales “defence industry providers”, a company handing out toy armoured vehicles.

“Not unless we can review what you write,” said Mark Rebentrost, business development manager of VSL Australia, exhibiting explosive-resistant walls.

“No comment,” said Simon Langsford of Tenix Defence when I asked if his company, which makes armoured limousines for politicians, had a two billion dollar contract to make covert cameras for ASIO, as Business Review Weekly had reported. Later, after speaking with a colleague, he added: “We categorically deny that.”

I repeated his categorical denial to IBM exhibitor David Hughes, who laughed heartily. “If they had a contract,” he chuckled, “they could hardly tell you.”

Opposite him, a young technician with an explosive device hidden under his shirt strolled towards a camera. He represented TAC, producers of “the world’s first and only suicide bomb and concealed weapons detection system”.

TAC’s “passive millimetre waves” detect what airport metal detectors miss. On screen, the area where the technician’s bomb was concealed was identified with a pixelated square. So was the area around his breast pocket – possibly identifying a packet of fags with a lighter tucked in. He grinned when I suggested this, and explained: “We don’t have accuracy figures yet.”

The summit’s ninety-two speakers included some of Australia’s most prominent opinion writers, politicians and corporate heads, as well as academics. The summit was produced with the federal government’s Research Network for a Secure Australia, whose tagline isn’t (as you might expect) “Protecting Australian Citizens”, but “Protecting Australian Infrastructure”.

At the entrance, I tried to peg the ratio of males to females (about thirty to one), while next to me a widescreen monitor broadcast video footage of a van travelling at high speed. The van collided suddenly and violently with a fat bollard. This, explained Leda-Vannaclip’s manager Heng Jiang Cheng, was designed to be hidden beneath the road surface. It sprang up by push-button instruction from a law enforcement agency.

We both looked at the screen. The van had wrapped itself around the bollard like a screwed up piece of alfoil – a mess of metal wreckage.

“I wouldn’t like to be a passenger,” I said to Heng Jiang.

“It would definitely kill you,” he replied.

Kill a speeding motorist?

Heng Jiang then asked not to be quoted directly, but assured me that the machine would be used only on suicide bombers driving to a target: people who would kill themselves – and possibly others – anyway.

This has been dubbed the ‘guns, guards and gates’ approach to security; one that treats a symptom, not a cause. I asked about the ethics of technology that applies lethal force to untried suspects. Heng Jiang said if I wanted to quote him directly I could email him questions, which I did. I haven’t received a response.

I did learn, though, that this technology is staggeringly expensive to develop. Each killer-bollard experiment costs around $30 000 to stage (the company had apparently performed three at the time of the expo).

Another exhibitor, Ductal “blast-resistant concrete panels”, conducted repeated large-scale blast tests at Woomera. How do you get return on this investment when bomb attacks on Australian buildings are almost unheard of?

“Low risk, high consequence,” said Mark Rebentrost.

How do you convince the Australian market of a threat?

“Read the papers.”

Security technology can be hard to sell without a strong war on terror campaign. And with high-investment ventures like these, the industry lobbies government to foot the bill. Regulatory pressure on business to meet greater national security standards (including the Terrorism (Community Protection) Act), has prompted the corporate sector, particularly transport, to demand that governments put their money where their mouths are, according to BRW.

A stand attended by Whispir executive director Romilly Blackburn (whose company specialises in “field response”) carried the Australian Defence Business Review, whose headline shouted: “Bringing military security to the commercial world”.

“This conference,” Blackburn told me, “is about bringing together academic interests with business interests. Government needs to share its role with the community.”

You mean the business community?


On day two in the expo hall, the most popular exhibits, after stockpiles of chocolate cake, were the Daytona Grand Prix simulation games. I lined up with the suits to have a go. While we waited, we could fill out competition forms to win a Sony PlayStation Portable.

Or we could tool around with the gadgets. Among the James Bond devices were infra-red binoculars, ballistic vests, miniature cameras, ‘round-the-corner’ handguns, bomb disposal robots, armoured vehicles, under-vehicle search devices and bio-terror suits.

It was hard not to be thrilled. A high-definition infra-red camera was so powerful that, pointed towards the floor, it mapped people’s ‘warm’ footprints on the carpet minutes after they’d strolled past. If you brushed your face with fingertips, it traced vestiges of ‘cool’ on your cheeks.

Another exhibit featured $15 000 ‘eyeball grenades’, gadgets that looked a bit like bowling balls – or grenades. They could be discreetly rolled into hostage situations to spy on events with high-definition quality.

“Just pull the pin and roll,” said XTEK’s Greg Baldwin.

Was there a market for these?

“There will be.”

Critics of the nascent ‘security-industrial complex’ fear the consequences of fattening our security agencies and industries out of all proportion to the real threat of terrorism.

“What do you reckon’s the risk?” I pestered each exhibitor.

They were technicians and sales reps, not statisticians. None gave me a figure; several quoted the expo’s mantra: Low risk, high consequence.

What risk, exactly, and what consequence? Even in the US, where security agencies acknowledge an increased terror threat after the Iraq invasion, the likelihood of being killed by a terrorist is staggeringly low. Taking September 11 into account, figures published in Wired show US citizens are far more likely to die from police shootings, several times more likely to die of the flu or from falling out of a window, thirteen times as likely to die strolling down the street, and eighty-one times more likely to die by driving off the road: all very, very improbable events themselves.

Among Australians, even those travelling overseas, the risk is “miniscule” says investment analyst Chris Leithne, who publishes with the free-market think-tank, the Centre for Independent Studies. He pegs the probability at six in ten million.

Since September 11, Australia has spent twenty billion dollars on the war on terror. Despite this dizzying figure, Australians are, according to ASIO, still no safer from the threat of terrorism. Five, six years later – longer than the First World War – and we’re no more secure.

ASIO’s budget has almost quadrupled in these years. The Office of National Assessment’s has increased threefold. ASIS, Foreign Affairs, the Federal Police, the Department of Immigration and Department of Defence have all ballooned with massive budget injections.

This promises lucrative times for the security industry. At the summit, “Home-grown terrorism” sessions rubbed shoulders with “Detection of concealed threats using sub-THz imaging technologies” and “Datatrace DNA®: A Rapid, Secure, Field-Based System for Tracking & Authentication of Sensitive Materials”. And summit host, the Homeland Security Research Centre, issued a report explaining that ASIO’s “core functions” will soon be “outsourced to the private sector” and to “intelligence entrepreneurs, not career intelligence officers but innovative practitioners engaged contractually”.

Perhaps this is what Whispir’s Romilly Blackburn had meant by “bringing together academic interests with business interests”. Refereeing papers by the ninety-two speakers was Curtin University’s Dr Alexey Muraviev, who enjoys frequent media spots as a terror expert. Muraviev’s own paper warned of potential TEGs (Terrorist and Extremist Groups) in universities. Acknowledging the rarity of terrorism in universities, he said students, staff and members of the community are “in some cases turning centres of intellectual excellence into hubs of radical propaganda and recruitment centres” because universities are places “where academic freedom and freedom of speech could be exploited”. Without citing sources, his paper explained that people at risk of becoming TEGs included “orphans”, “anti-abortionists”, “impoverished people”, people who “oppose ruling governments”, who “express certain cultural sympathies”, are “interested in certain sports” and “exercise regionalism”. And “male sexuality could be exploited”.

His views seem to be taken seriously by Canberra: the Federal Police recently interviewed a Muslim student about borrowed library textbooks; the Attorney-General prevented an academic from pursuing a study involving alleged TEGs. More recently, the Australian Strategic Policy Institute produced a similar paper (almost verbatim in parts) to Muraviev’s, but went further, arguing for the need to consider “the matter of academics monitoring students on behalf of security agencies” and to “coordinate academic support for government agencies responsible for counter-terrorism”.

So at what point does an activist, a scholar or a person with religious or political beliefs become a suspected security or terror threat? To find out, “pattern management” software is considered the way of the future, and its developers are flocking to Canberra – a city BRW has dubbed “Security Valley”. Among the companies angling for research and development grants is the Distillery, whose software “distils large amounts of information to find the hidden links between people and events”. The Distillery has reportedly secured grants totalling $16 million.

One company, Argus Solutions, has developed video technology that captures transient faces in crowds. Another, iOmniscient, is working on video screening to detect “suspicious walks” (people’s gaits are collected in a database; the software can then detect them in a crowd, and match information).

NetMap Analytics “discovers patterns of information, building connections that can reveal both threats and fraud”. Its chief scientist John Galloway told BRW that more than suspect behaviour can be traced.

“You can spot their train of thought,” he said.

And there’s IBM’s impressive “spacio-temporal metadata” software which sat at the expo alongside the Daytona Grand Prix games. This program tracks all manner of activities through data-collection networks, integrating it with real-time satellite 3D graphic mapping of a suspect’s movements, producing results that’d put World’s Wildest Police Videos out of business.

With the meshing of corporate, academic and national security interests, it’s tempting to speculate how these technologies might be used to identify and track demonstrators, corporate whistleblowers, dissident academics or shop stewards on building sites. One of the summit’s academic speakers, Monash University’s Luke Howie, warned of “a slippery slope” towards this kind of surveillance.

But Howie also pointed out that the expo’s developers aren’t conspiratorial opportunists peddling sinister products.

He was right. They were, for the most part, pleasant, talented technicians and engineers doing what technicians and engineers do. Their spectacular technologies were often single product lines in a vast arsenal of what many might consider commonsense security measures.

Yet the proliferation of these might worry those who believe recent amendments to terror laws give enforcement agencies latitude to incriminate people for thought crime. Law Council of Australia president John North has said: “These laws … are arming our police and intelligence services with powers that history shows will likely lead to abuse and misuse.”

Despite regular media claims of terror ‘attacks’ being ‘thwarted’, most Australians accused of terror offences have been charged for having links – sometimes tenuous and speculative – with Islamist organisations.

While companies like Appen have developed software that translates Middle Eastern dialects, the summit’s face-recognition software demonstration featured close-ups solely of Asian and Middle Eastern faces – though two out of the three Australian men convicted of terror offences at the time of writing were actually Caucasian.

And while biometrics – technologies that measure people’s physical or biological characteristics – are said to be security’s future, they’re easy technologies to foil. German journalists at c’t magazine outsmarted face recognition systems, iris scanners and fingerprint readers by simple tricks like holding life-size photographs to their faces. As Mann reported in the Atlantic Monthly, “many of the fingerprint readers could be tricked simply by breathing on them, reactivating the last person’s fingerprint”. Not all biometric systems are so easily fooled, “but all of them fail badly”. (Failing badly, in engineering terms, makes a system ‘brittle’; ‘failing well’, like my unlocked car, makes a system ‘ductile’.)

And none of these technologies would have prevented the terrorists who attacked the World Trade Center way back when. In that landmark event, the terrorists were who they said they were. None of them were suspects, none was on intelligence databases.

Yet since September 11, face recognition software has been placed in US airports, and there’s a push to install similar machines in Australian airports, too. This software, reported Mann:

cannot pick random terrorists out of the mob in an airport terminal. That task requires comparing many sets of features with many other sets of features in a database of people in a “watch list”. Identix, of Minnesota, one of the largest face recognition technology companies, contends that in independent tests its FaceIt software has a success rate of 99.32 per cent – that is, when the software matches a passenger’s face with a face on a list of terrorists, it is mistaken only 0.68 per cent of the time. Assume for the moment this claim is credible; assume, too, that good pictures of suspected terrorists are readily available. About 25 million passengers used Boston’s Logan Airport in 2001. Had face recognition software been used on 25 million faces, it would have wrongly picked out just 0.68 percent of them – but that would have been enough, given the large number of passengers, to flag as many as 170 000 innocent people as terrorists. With almost 500 false alarms a day, the face recognition system would quickly become something to ignore.

Rather like car alarms in the night.

Yet Australia’s security forces are considering using huge national repositories of information like Intellipedia (dubbed ‘Wikipedia for spooks’) to gather databases for these systems. This would allow our intelligence agencies to track people’s activity and share information about suspects with foreign agencies. At the time of writing, the classified version of Intellipedia reportedly has 28 000 pages and 3600 registered users. Like Wikipedia, Intellipedia is accessible and editable by its users (agents with a security clearance). Also like Wikipedia, it’s subject to politicisation and inaccuracies, not to mention hacking and leaks.

New security technologies are impressive in the extreme as a feat of human engineering, and the finger can hardly be pointed at entrepreneurs and skilled technicians responding to a demand born of Howard’s (and, by complicity, Labor’s) war on terror. Yet many of their products sit alongside the fickle car alarms that have become part of our slumber soundscape: expensive, fallible and far more brittle than their promoters would have us believe. Worse, while we ignore them as we sleep, they are agents of politicisation.

Of course, my opening metaphor doesn’t entirely work: there’s a vast chasm between the consequences of junkie crime and those of terrorism. Yet, a ductile approach, the solution to both, relies on understanding causes rather than consequences. This is what Flinders University Emeritus Professor Riaz Hassan sought with his ARC grant to study terrorist motivation, before Attorney-General Philip Ruddock intervened, scuppering Hassan’s funds and telling the Australian: “We are funding research and we want that research to be able to better inform us.”

Kevin Rudd agreed, saying: “Taxpayer dollars need to be used wisely.”

So I left the expo wondering: as Canberra spends tens of billions of these taxpayer dollars on national security, as industry lines up for the war on terror’s lucrative rewards, as we fortify our transport and institutions, as our civil liberties and cultural tolerance erode while we slumber – are we making the same mistakes as the car owners living near the George? For all our expensive, high-tech, end-point responses, are we any safer?

Katherine Wilson is a former co-editor of Overland and a citizen journalist.
© Katherine Wilson
Overland 188 – spring 2007, pp. 14-18

Like this article? Subscribe!