Ignorant Vigilance Is Worthless

Back in the 1980s, a cabal of fringe law enforcement officials (who also happened to be Born Again Christians), radio and televangelists (Bob Larson, to name but one) and traumatized parents (Pat Pulling being one) got together to warn the world about the dangers of Satanism. I became involved in a rational effort to rein them in because one huge focus of their efforts was roleplaying games. The result of those efforts was, in part, The Pulling Report, which I wrote in 1990.

In analyzing Mrs. Pulling and her work, I became acquainted with Robert D. Hicks. He sent me a number of documents which were being circulated to law enforcement officials by “experts” like Mrs. Pulling. She and others traveled throughout the country providing seminars to teach police how to spot Satanists and how to deal with them. I analyzed the documents for accuracy and relevancy concerning roleplaying games. FBI agent Ken Lanning analyzed them from a law enforcement perspective. Under that twin assault, the documents fell apart. Our analysis showed that not only would following those guidelines generate false information, it would result in no actionable intelligence. In essence, doing what the “experts” suggested would waste time, waste money and have folks looking in one place when they should be looking at another.

Today, via Twitter, I was pointed at a Joint Regional Intelligence Center generated document titled, “Potential Indicators of Terrorist Activities Related to Internet Café.” It’s published under a banner featuring the FBI and Bureau of Justice Assistance logos, and was financed by a Department of Justice grant. It’s got that same graphic style as the “We’ve Fondled Your Stuff” notices the TSA inserts into luggage after they’ve fondled your stuff.

I couldn’t help but be struck by a massive sense of deja vu. In my opinion, following these guidelines will generate a lot of smoke, no fire, few arrests and more lawsuits than convictions. I won’t break down everything in the document, but there are a couple of points I’d like to analyze for you.

Law enforcement is directing this, rather obviously, to those dark dens of gaming iniquity where folks gather for hours on end to play WOW. We’ve all seen images of long, narrow internet cafes with users crammed in, save for the back where some middle-linebacker sized dude blocks access to where his boss (a terrorist or drug dealer) is conducting his nefarious business. Plays well in the movies, but, hey, this is the 21st century, and we’re talking America here. (Because the brochure is written in English, I’m assuming it’s for domestic consumption.)

Let’s move away from that image, however, and think about the most common of locations where folks come to do their outside computing: Starbucks. (Substitute McDonalds, if you wish, or some non-chain establishment which offers internet service. There’s this Irish bar across town here… but I digress…) Okay, got that image in mind? Good. Let’s go through bits of the checklist, then, and see how things stack up.

Starting at the top, you need to look out for folks who shield the screen from others. Okay, clearly I’m a terrorist. Or, in my case, I use my iPad to look at sites like The Chive and The Huffington Post. In Scottsdale, the fact that I’m not stumping for a Republican makes me suspicious, and being seen reading a liberal or amusing website would get me arrested. But privacy, yeah, I like my privacy.

Next on the list, you’re told to look out for folks who pay cash or pay with different credit cards in a variety of names. Clearly they’re talking about buying internet time here, but who buys internet time in public anymore? Hello, 21st century, free wifi everywhere! (As for paying with different things for your coffee, who doesn’t shift between cash, gift cards, that nifty phone app or the card that gives you points and a percentage back?) My point here is that anyone who wants to be secretive and to do so on the cheap, is going to use free wifi and not worry about being tracked.

Next is the line about tradecraft. I love this. Which tradecraft are we talking about? The stuff we know spies do because we’ve watched the latest 007 movie, or episodes of 24 or MI5? (Think about that for a sec… this stuff is so “secret” and so “current” that it’s had time to filter down to a script writer and survive the 2-3 years of development hell to finally make it on the screen. Can law enforcement actually expect anyone who’s not had training to spot “tradecraft?”

More importantly, let’s go back to the seedy Internet cafe situation where there is a blocker. Anyone who would employ a blocker would also bribe or intimidate the cafe’s staff so they’d not be disturbed or remembered. And if the terrorists can’t afford to do that, well, see my point above about free wifi.

We move on. Folks acting suspicious… I guess law enforcement has never seen a blind date going down in flames at a Starbucks. Not pretty, suspicious as hell. Look, I live in a state where anyone can carry a loaded gun concealed on his person virtually anywhere, and Starbucks has agreed that their stores will not be posted prohibiting that practice. And my Starbucks is convenient to a High School. I see less suspicious behavior at a comics convention than I do at Starbucks in the mid-afternoon.

And having multiple cell phones is suspicious? The Starbucks I frequent is often used as meeting places by realtors and brokers, corporate headhunters, local business leaders and a lot of otherwise busy people. Not everyone carries a bandolier with cell phones, but folks having a pair of them is not at all unusual.

Lastly, on the suspicion list, we have folks traveling an “illogical distance to use Internet Café.” Honestly, how on earth would anyone know? First off, Scottsdale is a tourist destination. This time of year, swing a dead cat and you’ll hit a dozen folks who consider home some place chilly up north. A third of them will be Canadian. Moreover, even if you did notice an out of state or out of country license plate on someone’s car, would it seem suspicious? Anybody?

The next few sections talk about stuff which someone might learn if they got their hands on a computer after someone used it. However, to get that data, one would have to do the things they’re explicitly told not to do in the “What should I do?” section of the document. So much for any budding, cyber-Sherlock-Holmes out there dreaming of rewards for turning in the newest Al Qaeda #3.

More importantly, what honest-to-goodness terrorist is going to risk using a communal computer when he can do everything he needs to do with greater security from a smart phone or tablet? Serious operatives have to weigh budgetary considerations against risks of exposure. Using an Internet Cafe to save money when you can snag an Android-based tablets for under $300? (Heck, buy a Kindle Fire or Nook Color and root them. Not rocket science. Have someone encode messages in the pages of their self-published novel, operatives download it, decode it, and delete it on all ends, chances of exposure drop to nothing. (Yeah, plot for a story in there.))

In my opinion, this document has as much relevance to today, and usefulness, as the Department of Transportation putting out a brochure on how to drive your carriage and four on an Interstate highway. It’s just more hand-waving to make us feel secure, but what it really does is feed the fear of people who will just make the FBI’s job that much more difficult.This is an instruction manual on how to generate false positive reports, created by people who think the Internets are tubes that can get clogged, and that 24 was a documentary series.

Sure, Al Qaeda may intend to bring the world back to a 7th Century Caliphate, but they’ll use 21 Century means to do it. Nice to know the government hands out grants for 20/20 Hindsight documents. I’m clearly in the wrong business.