1. The world is not a more dangerous place – average lifespan continues to increase (More here: The World is Not a More Dangerous Place)
2. Fewer people can create bigger effects faster … in both directions – destruction or value creation (More here: More Death Cheaper in Future, Ludicrous Speed Billionaires)
3. Competition is driving technology adoption – notably the organization who receives the data first has the advantage (More here: Ubiquitous Sensors? You Have Seen Nothing Yet)
4. Data is being created faster than organizations can make sense of it – to this degree organizations are getting dumber (More here: Why Faster Systems Can Make Organizations Dumber Faster)
5. Commingling data for enhanced context will drive a new generation of smarter systems (More here: Smart Systems Flip-Flop)
6. The surveillance society continues to build momentum as consumers find it irresistible (More here: Six Ticks till Midnight: One Plausible Journey from Here to a Total Surveillance Society)
1. Las Vegas is one of the fastest growing cities in the Unites States of America (before the economic crash of course)
2. Casinos have a minimal security and surveillance budget
3. Casinos have a legal obligation, in some circumstances, to determine your identity (e.g., under age gambling, crossing a winnings threshold which necessitates IRS reporting)
4. Public and private watch lists are used – some compulsory, some elective
5. There are a fair number of scams that are tried on casinos – some scam artists are using false identities and disguises (More here: The Vegas Asymmetric Threat, Takin’ Vegas, Be Anyone in Las Vegas, Get Help Creating a Cover Story Here)
6. When employees go bad, this is particularly problematic
7. Most ‘tripwires’ are generated by alert employees who are watching, not by computers
8. An organization called Griffin Investigations provides information sharing of cheaters and advantage players (e.g., card counters) – they system is called Griffin GOLD (My old SRD company build this system)
9. One example of a watch list and insider-threat detection system known as Non-Obvious Relationship Awareness (NORA) was built for the industry (My old SRD company build this system too) (More here: IEEE Spectrum Story: Vegas 911, IEEE Paper: Threat and Fraud Intelligence – Las Vegas Style)
10. A patron can still enter a casino and enjoy a degree of activity without exposing their identity
11. There is no “predictive data mining” to spot unwanted behavior
12. Most vulnerabilities are remedied with processes not additional electronic surveillance
13. Humans are in the security decision loop – computer systems do not make security decisions, rather only promote items of interest
14. Facial recognition technology is not used at doors looking for watch listed persons
1. Technologists should more regularly engage the privacy community (More here: Responsible Innovation: Staying Engaged with the Privacy Community)
2. Information sharing systems must have information attribution (More here: Full Attribution, Don’t Leave Home Without It, Out-bound Record-level Accountability in Information Sharing Systems)
3. Data destruction requires careful planning and execution (More here: Decommissioning Data: Destruction of Accountability)
4. Limit data transfers and use indexes to make information discoverable (More here: Discoverability: The First Information Sharing Principle)
5. If data changes in a source system replicate this change through the information eco system (More here: Data Tethering: Managing the Echo)
6. Where possible obfuscate data (More here: To Anonymize or Not Anonymize, That is the Question)
7. Build high assurance accountability into systems (More here: Immutable Audit Logs (IAL’s), Found: An Immutable Audit Log)
8. Data mining is not always good or bad, it depends on the circumstances (More here: Effective Counter-Terrorism and the Limited Role of Predictive Data Mining, Data Mining, Predicate Triage and NSA Domestic Surveillance)
9. Link analysis, especially predicate-based, has some usefulness – although it is also wise to ‘prune’ early (More here: Hunting Bad Guys, Phone Records, and a Few Good Dead Men, Predicate-based Link Analysis: A Post 9/11 Analysis (1+1= 13), Sometimes a Big Picture is Worth a 1,000 False Positives)
10. Low fidelity watch list entries (identities with few attributes, e.g., name only) are problematic (More here: Precision in TSA’s Terrorist Watch List, Comments on the TSA No-Fly and Selectee Watch List Process)
1. There are going to be more sensors, more data. This data will be commingled for greater accuracy to serve consumers and to protect countries. What data is collected and when … will be the debate. Once data has been collected, the holder has the obligation to make sense of it.
2. The most fundamental principle I have synthesized from my many conversations with folks in the privacy advocacy community is this one point: “Avoid consumer surprise.” (More here: Where Possible … Avoid Consumer Surprise)
3. Finding professional bad actors involves the detection of weak signal. The computational remedy for weak signal involves observing and commingling transactions that are unanticipated by the bad actors.
4. Hence the tension.
There is so much in this one post that its mind-boggling! And am sure I've barely seen anythig yet!
Posted by: Aditi Das Patnaik | January 20, 2011 at 10:16 PM