Comments on: Are maps and blueprints on the 'net a security risk?

Question: Are maps and blueprints on the 'net a security risk?

AccordionGuy — Thu, 18 Aug 2005 13:59:39 -0800

I often get called to appear on the nightly news whenever they need a guy to talk about computers, the internet or blogging. This time, it's a piece about "how terrorists use the net to organize and plan attacks" to be aired in a series for the week leading up to 9/11. In my segment, I will use my Google-fu to demonstrate how easy or hard it is to dig up maps and blueprints, especially for "sensitive" places. I'm trying to make sure the facts get out there, but I also want to do my bit to counter any scaremongering. My question: Can anyone point to sites or articles that discuss whether or not such publicly-available maps, diagrams and blueprints are a real security risk?

By: arruns

arruns — Thu, 18 Aug 2005 14:03:49 -0800

From the Washington Post in 2003 on a dissertation that was classified

By: GarageWine

GarageWine — Thu, 18 Aug 2005 14:40:24 -0800

No sites or articles, but I do have a short anecdote. I was writing a report for my client, a big high-tech firm. As I was going over a draft of the report, the client told me I had to take out a drawing of the firm's facilities that I had included. My response was, "Have you seen [insert name of local government's GIS site]? It's got aerial photos of your facility." I pulled up the site on the web and in about 5 clicks, showed him the aerials. I could tell that he wasn't please with this by his next question: "Can we get these pictures removed from the website?"

I bet if you talked to a few security sensitive firms, they'd probably be less than enthused about (e.g.) Keyhole and other such stuff.

By: Rothko

Rothko — Thu, 18 Aug 2005 14:41:21 -0800

Crytome regularly publishes sensitive material without regard for its perceived sensitivity. I'd argue that its continued existence is anecdotal evidence that there is little security gained through obscurity, but that would just be my opinion.

By: jasper411

jasper411 — Thu, 18 Aug 2005 14:44:33 -0800

The United States Insititute of Peace did a report that discussed the ways terrorists use the internet. I wasn't sure how speculative and fear mongering it was, and it focused mostly on things like using the internet for fundraising, recruiting, publicity, etc. However there was a section on data mining (page 6 & 7) that might be a good jumping off point for you.

By: jasper411

jasper411 — Thu, 18 Aug 2005 14:46:48 -0800

PS Congrats! Hope the wedding goes great!

By: mcwetboy

mcwetboy — Thu, 18 Aug 2005 15:04:51 -0800

You'll want to look at this MeFi thread, which discusses the story referred to by arruns above (I blogged about it on The Map Room here; self-link), and the related links. More recently, I noticed this story (via Ogle Earth) about Dutch concerns over the use of Google Earth; the story references some similar worries from Australia. There were also concerns about Google Maps's satellite imagery when it came out: FoxTrot had some fun with it (self-link), and see Jeff Veen's post from back then.

By: ldenneau

ldenneau — Thu, 18 Aug 2005 15:10:16 -0800

Bruce Schneier's Crypto-gram newsletter and his book Beyond Fear discuss real-world security tradeoffs pretty cogently.

By: phearlez

phearlez — Thu, 18 Aug 2005 15:16:34 -0800

Bruce's weblog also has good stuff in it and has talked about this on occassion.

By: mnology

mnology — Thu, 18 Aug 2005 15:21:18 -0800

Seconding the Bruce link. Particulary this story he found about finding nuclear power plants.

By: Civil_Disobedient

Civil_Disobedient — Thu, 18 Aug 2005 15:44:52 -0800

Besides Google Maps (or the like), the biggest HOLY FUCK site I've ever seen is ZabaSearch. Just enter your name and a state you've lived in, ever.

By: adamrice

adamrice — Thu, 18 Aug 2005 17:17:51 -0800

I can't imagine that my town is the only place where this is true, but in the course of house-hunting, I've found the City of Austin GIS viewer to be very useful, with pictures vastly more detailed than Google maps. In certain modes, it displays reference numbers that I can plug into the Travis County Appraisal District's website to find out who owns whatever parcel I'm looking at.

This isn't analysis--this is just the raw material. There's a lot of it out there!

psst, I hear the terrorists can use the telephone network too!

By: bunglin jones

bunglin jones — Thu, 18 Aug 2005 19:03:43 -0800

I don't know if you're interested, because it's Australian, but there's an article here about "security fears" regarding Google Earth

By: aberrant

aberrant — Fri, 19 Aug 2005 05:14:58 -0800

Try this out: Interagency OPSEC Support Staff. There's a whole methodology surrounding risks and protection of unclassified but sensitive information.