Security Snake Oil, Revisited

We have met the enemy, and he is us. — Pogo, by Walt Kelly

Back at the  end of 2009, I posted an article about one Dennis Montgomery, a self-styled scientist and software expert who, it appears, conned numerous agencies of the US government out of several million dollars for security software of, at best, questionable value — if it ever really existed at all.  The New York Times this weekend published another article on the case; it appears that Mr. Montgomery’s ship has not come in since I last wrote about him.

For eight years, government officials turned to Dennis Montgomery, a California computer programmer, for eye-popping technology that he said could catch terrorists. Now, federal officials want nothing to do with him and are going to extraordinary lengths to ensure that his dealings with Washington stay secret.

The article recounts the story of many of the same technology products that I mentioned last time (and which were originally reported in  an article in Playboy, of all places).  But it goes a bit further, reporting that several actual terror alerts were based on “intelligence” provided by Mr. Montgomery’s technology.

The software he patented  … prompted an international false alarm that led President George W. Bush to order airliners to turn around over the Atlantic Ocean in 2003.

The CIA began to have suspicions about the technology as early as 2003, and the French intelligence service, upset about the impact of the supposed 2003 plot, conducted their own review of the technology.

French officials, upset that their planes were being grounded, commissioned a secret study concluding that the technology was a fabrication. Presented with the findings soon after the 2003 episode, Bush administration officials began to suspect that “we got played,” a former counterterrorism official said.

Nonetheless, at least as late as 2009, Mr. Montgomery’s firm was awarded a $3 million contract for its technology by the US Air Force.  And apparently some of that same technology was still being used as an intelligence source, and generating terrorism alerts, as recently as the inauguration of President Obama in January, 2009.

Mr. Montgomery himself is currently in bankruptcy, and is about to be tried in Las Vegas for attempting to pass bad checks totaling $1.8 million at local casinos.  According to the Times, he has not been charged with anything related to his government contracting activities; some suspect that the government is trying to cover up the case out of embarrassment.  That is, I think, entirely possible; but I would like to say a bit about how all this came to pass.

When I first read about this case, back in 2009, I had the feeling that Yogi Berra called “déjà vu all over again”, because I have seen this kind of thing before.  In fact, I wrote about one specific case from my own experience in the financial markets, in which I said:

I have seen, first hand, situations where otherwise well-qualified, intelligent, sensible people have temporarily, in essence, lost their minds.  The combination of rushed time scales and knowledge of how one would like the results of an analysis to come out can definitely impair one’s judgement.

After the attacks of September 11, 2001, government security and intelligence agencies were given large additional resource allocations, in an entirely well-intentioned attempt to prevent any such attack from happening again.  As the Times put it:

Government officials, with billions of dollars in new counterterrorism financing after Sept. 11, eagerly embraced the promise of new tools against militants.

The people involved had a very sincere and legitimate wish to accomplish their objective; I would suggest that this made them particularly vulnerable to just the kind of scam Mr. Montgomery is alleged to have been peddling.  Technology, of course, can do many wonderful things.  But some of the reported claims were pretty far-fetched; for example, Mr. Montgomery is alleged to have claimed that his technology could locate submerged submarines from satellite photographs. (There are some specific circumstances where this may be possible, but in mid-ocean it seems implausible.)

Undoubtedly, though, the most compelling alleged claim for that audience was that the software could identify secret coded messages from Al Qaeda, hidden in video broadcast by the Arab network, Al Jazeera.  Government officials already had an instinctive antipathy toward the network, because of what they saw as its anti-American bias, so they welcomed the technology.

The software so excited C.I.A. officials that, for a few months at least, it was considered “the most important, most sensitive” intelligence tool the agency had, according to a former agency official, who like several others would speak only on the condition of anonymity because the technology was classified.

As I’ve observed before in other contexts, ideology is a very powerful prophylactic against the influence of inconvenient facts.

Back in the 1970s, Bob Townsend, CEO of Avis Rent-a-Car, wrote a popular management book called Up the Organization.  In it, he suggested that companies should have an executive, one of whose main functions was to go around and yell “Horseshit!” at appropriate times, when peoples’ enthusiasm had trampled sense.   Maybe the US government needs a Secretary of Horseshit (we’ll have to work on that name a bit).

National Broadband Map Released

The National Telecommunications and Information Administration [NTIA], part of the US Department of Commerce, has released the National Broadband Map, a Web-accessible, searchable data base of broadband Internet service across the US.   The creation of the database, which contains approximately 25 million records detailing broadband service options, was mandated by Congress.  The data were collected from the various service providers; it is important to note that the service speeds claimed were, in general, not independently verified.

The announcement also contains some summary observations about the availability of high-speed service.  In particular, there is still a significant group of Americans who have no high-speed options.

The map shows that between 5 – 10 percent of Americans lack access to broadband at speeds that support a basic set of applications, including downloading Web pages, photos and video, and using simple video conferencing. The FCC last July set a benchmark of 4 Mbps actual speed downstream and 1 Mbps upstream to support these applications.

The NTIA also says that many “community anchor” institutions, such as school and libraries, probably do not have adequate capacity to support a reasonable number of users.

The map allows you to enter an address, or a county, and see the available service options.  It is obvious that some of the data may not be complete; I entered our address here, and our ISP was not listed.  Still, this is the first release of the data, and some lacunae are to be expected.

The site offers a variety of ways to look at the underlying data.  Ars Technica has an article outlining some of its capabilities.