How to Lie with Maps: When Open Source and National Security Collide

On Friday, I received an article that was published by C|NET and reprinted on CNN entitled California lawmaker wants to blur Google Earth. I spent the weekend driving around my county with a set of maps and a GPS device, plotting and ground truthing a variety of sites where we can put operators for an upcoming drill and I finally got around to reading the article and it really has me wondering if Assemblyman Anderson has taken leave of his senses.

This is not the first time that the world of Open Source and the desire for national security has slammed together. The most notable of these was the release of Phil Zimmerman’s PGP software in the mid 1990s. But is this really an issue of national security?

I have always loved maps. So much so, that I wanted to be a cartographer when I grew up. I even picked the universities I wanted to attend based on their offerings of cartographic programs, minors and majors. In the 1980s, when I was entering university, the science of the art of cartography was changing from a pure hand-based art to one that was more and more based on computer systems, and databases, long held on paper, were being moved to silicon and steel. This was a big deal. It was not enough to have a steady hand and a keen eye; you now had to be a computer technician as well.

According to the bill introduced by Assemblyman Anderson, images provided by commercial web sites shall not provide aerial or satellite photographs or imagery of a building or facility in this state that is identified on the Internet Web site by the operator as a school or place of worship, or a government or medical building or facilityand shall not provide street view photographs or images of the buildings and facilities. His argument is based in the assumption that planners of the attacks in Mumbai utilized tools such as Google Earth to plan their attacks and that information, freely available today, could be utilized to coordinate similar attacks in the United States. For most, this argument rings true. We see examples of these sorts of maps and images every day on television and in some cases, these representations are even close to what the state of the art is capable of providing. As a trained geographer however, I would suggest that Assemblyman Anderson needs to actually use some of these tools, and then get out of his office and go for a walk.

To test the theory that you can actually get accurate planning documents from the Internet without ever going to the site, I decided to pick a site I know well and one you can follow along with. It is also one that is heavily protected, well known and easily identifiable. I chose the White House, located at 1600 Pennsylvania Ave, NW, Washington, DC. It is hardly a state secret that this building is one of the most fortified buildings in the United States, even before the unfortunate incidents of September 11, 2001. There is a high police presence surrounding the building at all times and it is identified, not only on Google maps, but also on printed maps provided by the United States Government itself.

Herein lays the problem with the Assemblyman’s requirement. Maps, paper maps, with key locations have been available for most places in the world for decades and even a simple topographic map of Washington DC would provide a would-be bad guy with enough planning information that it would be unnecessary to visit Google. The 7.5 minute Washington West quadrangle that contains the White House and most of the major tourist sites in Washington DC is a product of the United States Government. There are literally thousands of these maps in circulation today, in books, software and other forms. The government makes the underlying data available free of charge to those who want it and users of Open Source tools like GRASS are very happy for this.

Let’s do an experiment: As I write this, I am looking at an image of the White House in Google Maps on-line. If you do the same thing and zoom in, you will note that the roof and its supporting structures are not blurred. Further, if you look at the copyright date, you will see that the image appears to be current, and thus justify the Alderman’s concerns that we are giving away sensitive information.

Zoom in and adjust your view to the point where Pennsylvania Avenue almost fills your screen and then move to the east (right) until you see a series of round objects clustered in a group of four (they are easier to spot). These are planters. Just to the left, there are a two in a row a white object laid across the street north-south, and more planters in the shadows on the south side of the street. If you are not a resident of DC, you would think that these are actually in place, after all, the image is current. What you are looking at is the first generation security measure put in place to close Pennsylvania Avenue to traffic following the bombing of another American city – Oklahoma City – in 1995! I can assure you, as I walk that way every day, that there are no planters in the middle of the street anymore. In fact, if you do a street level view from 15th Street looking back towards the White House, you will get a better idea of the current state of security, but you can get no closer than the middle of 15th Street.

My point here is two-fold. First, Google is already working to blur the images. They are using out of date images for bird’s eye views and they are restricting access to major monuments at street level. As a further experiment, I picked two schools. One in my neighbourhood, a suburb of DC and one in DC I happen to know well. Neither one was visible in any useful fashion. Further, many of the entrances to the Metro System (subway) are conveniently blocked by strategically placed buses and other vehicles. Secondly, most of this information is valueless without ground-truthing – the act of visiting the site and verifying that a road, path or obstacle present or absent on a map is in fact present or absent on the ground.

Could a skilled bad guy glean a lot of information from Google Earth or similar system? Sure. Just like you or I can plot out a route to maximize our walking time or minimize our commute. I would argue that I could get better information from a 7.5 minute quadrangle because it would also include the ability to generate points that I could enter into my GPS for turn-by-turn directions. But until we actually go through the motions, it is just static data. And I would suggest that the attackers in Mumbai, once they planned their route on paper, walked, rode and photographed any number of things that were not available publicly.

Access to information is just that. It is not evil or nefarious nor a prayer answered from above. It is data to be consumed and manipulated. It exists in any number of forms. And will continue to exists, long after the access to it has been cut off by those with small minds, bore-sighted on one small piece of the puzzle. The data exists. The Internet, that original act of Open Source, just makes it a little easier to access. What we do with it is our responsibility.

Shameless Plugs: If you are interested about the history of lying with maps, both intentionally and unintentionally, I would encourage you to read How to Lie with Maps. For more on Open Source GIS tools, O'Reilly has several books in their Mapping Topics.

______________________

David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Hi

Barun Saha's picture

Hi David,

Thanks to your article, I used the "Street View" feature of Google for the first time! I've never used it before ... actually this is not available for India.

~ Barun

Computer Maps <-> GIGO

Anonymous's picture

....I've used public transit routing web forms from time to time over the years. There have been results that have had hilarious bloopers. A recent trip from San Francisco down to South S.F. supposedly included several minutes of walking at the ends of the bus ride. Had the information providers done some ground truthing they would have seen that the bus stops were AT the corners of the intersections I provided as end points. Therefore, the walking in question was at most the length of an articulated bus - about thirty (30) to sixty (60) seconds total of ambling for a senior citizen.
....Something else that Anderson doesn't seem to get - computer data is usually flat. Stereoscopic and 3D displays are still wickedly expensive. A ground-pounder with a helmet-cam and voice recorder is much cheaper and more effective. Also, I would point people to the British TV series "UFO". In one episode a recon. satellite had an altimeter failure that made all of the pictures worthless. They drove the point home by doing a zoom-out on an actress's costume. The initial, close-up image looked like an industrial complex. As they zoomed out you could see the weave of the costume's fabric and then the actress.

The Mumbai attacks succeeded

Anonymous's picture

The Mumbai attacks succeeded to the extent they did, because of multiple level of failure of existing security measures. Mainly personnel failure. Again not because of lack of dedication, but simply total lack of training and equipment.
Why was an attempt possible at all? Failure of intelligence.
Oh well nothing intelligent in the above para anyway.

Mumbai is changing so rapidly that any attempt to use google maps will get you stuck in the wrong place.

And the best "anonymous" method for going from one spot to another in Mumbai - the local taxi. No gps, no maps - not even printed maps. Heck you dont even need the address, just the name of the target location is good enough. And if you are chatty enough, the cabbie will help you along witha few more target locations and give you a couple of tips on how to get in and out FAAAST.

I thought we had idiot politicos and security xpertz only in India. But i guess they abound everywhere.

Security is not a single layer

David Lane's picture

Thank you for that insight. Most people tend to see security as a single layer. Of course, it cannot be or it is easily defeated and as you point out, even layered security, when critically flawed, can be just as inefficient as no security at all.

David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack

Blurry Images

Landover Baptist Church's picture

I heard about this on another news site. That's really ridiculous. People on the street don't have the expectation of privacy. If Google Earth takes their picture, so be it.

Landover Baptist Church

Security through obscurity redux

JJSans's picture

All of the arguments in favor of the Assemblyman's bill are the classic 'security through obscurity' line. If you are not familiar with this long debated topic, you can start with http://en.wikipedia.org/wiki/Security_through_obscurity. But the short answer is that STO is only applicable where information cannot be obtained from another source, otherwise the measures taken do nothing to stop the bad guys and cause various levels of harm to the good guys. I think David made an airtight case that STO does not apply to online maps.

Later . . . Jim
http://realeyes.sourceforge.net/

Transforming the innocuous into something evil

Ken Jennings's picture

Think about the uselessness of this legislation. Does anyone really think it will stop a terrorist? Or even make a terrorist act difficult? There are laws against having explosives, but that doesn't deter terrorists one bit. There are laws restricting firearm ownership and laws against using guns to commit crimes, but they don't deter terrorists in the least. There's a lot of law on the books against violent crimes and murdering people and these do not deter terrorists at all. Laws don't matter to terrorists. The very nature of their actions is all about lawlessness, and that's why terrorist attacks shock us.

The road to heck-in-a-handbasket is paved with good intentions. Politicians always make the mistake of assuming they are being benevolent and everyone who follows them will be just as benevolent. The reality history presents is that these feel-good, seemingly innocuous intrusions on private citizens lives become the tools used by despots to oppress people. Since laws don't matter to terrorists, all that's being accomplished with this law is another sliver carved off of our personal liberties and another little nudge pushing government closer to a police state.

Good legistlators look for ways to limit and control government, not law abiding citizens.

bad, bad security

Eric Mesa's picture

If this bill goes through and if I'm a terrorist and I want to find out what should be attacked, I'll just search for blurry images. Clearly anything blurry is something the government considers important. Mwahaha! Just crash a plane into anything blurry. It's much better to leave it unblurred so no one knows what you think is important.

Also, for most of what a person would want to do, they still need to case the joint. Relying on satellite data would not be good enough.

This reminds me

Daniel Cheng's picture

This reminds me why I canceled my LJ subscription when they changed the editor.

First, they pull in some politics and claims how this related to OSS movements. Then, they started to talk like our favorite politician...

Thanks for the good time. Thanks.

Politics and Open Source

David Lane's picture

Daniel,

I am sorry that you feel there is no link between an elected representative wanting to blur data and the Open Source movement.

Personally, I see it in quite the opposite light. It is yet another attempt by an uneducated elected leader trying to restrict access to information. Stallman and the FOSS movement has always been about Free as in speech. As someone who watched the flailing and gnashing of teeth over such technologies as PGP and Carnivore and remembers doing searches for technical support by pouring through out-of-date service manuals and has seen the World Wide Web evolve from a simple text based system to what we know and love today, I find any comments to censor data and the flow of data almost reprehensible.

Further, it is clear to me that Assemblyman Anderson has not thought through all the ramifications, least of which is he would put California in the position of having to sue the Federal Government for violating California State law because the USGS runs one of the largest public sources of this sort of data that he is riling against.

Assemblyman Anderson is not discussing the action of yelling fire in a crowded theatre. He is talking about curtailing freedoms for security's sake. And without much in the way of supporting facts for his position.

David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack

(1) You address that the

Anonymous's picture

(1) You address that the information is available, you do not address the question of whether or not it should be _freely_ available? Freely as in no tracking as to whom accessed it - not without cost, but without authorization or tracking. Why just blindly hand over ammunition to be used against yourself? That they could get the information elsewhere is an insufficient answer - the same consideration applies to that source. Not saying I know the answer, but it seems intuitive to not make it effortless.

(2) Where is the line between obfuscating things enough to not make it easy for people to be a nuisance, perhaps those with a mental illness, and accommodating those with deliberate and reasonable non-nefarious intent?

I certainly don't have the answers, but I don't think the issues and answers are as black and white as you seem to suggest, here.

Let alone one man's nefarious intent is another man's reasonable protest. How does the content creator distinguish, or react accordingly?

sure, I agree...

Anonymous's picture

but that information needs to be stored, tracked and safe guard, who'll pay for it? we're broken enough and we don't need another tax ..

if Osama Bin Laden wanted to introduce fear in our society, he has succeeded, a few weeks ago a UPS caught fire in one of the datacenters of the company I work for, the first reaction by the security folks was to post a big banner, "It wasn't a terrorist attack"

Access to information

David Lane's picture

I would argue that it is available. I do not have to "register" to buy a map. I do not have to "register" to read a news paper, I do not have to "register" when I look through a book in a book store or library and I do not have to "register" when I walk or drive past a location with my camera and GPS. So why should I have to "register" to access the same data on-line? The "ammunition" is already available.

There is a certain amount of obfuscation going on now, as I pointed out. The images are out of date, the pictures are less than clear. Does this mean that you could not find a flikr site of "my visit to DC" that shows every visible security provision surrounding the White House? No, but if I was serious about making a mess of things, then I am serious about doing the foot work that would get me the answers I need. It is the difference between true espionage and casual mayhem. The first is unpreventable. The latter is simply risk management.

I would also argue that the issue is pretty straight forward - there is enough historical evidence that shows what happens in nations when information is restricted.

David Lane, KG4GIY is a member of Linux Journal's Editorial Advisory Panel and the Control Op for Linux Journal's Virtual Ham Shack

blur google maps?

lduvall's picture

Another would-be law maker passes the dumb test.

I disagree - you have to

Anonymous's picture

I disagree - you have to appreciate the intent. Ill advised and/or uninformed, perhaps, but not dumb. The nature of the system is that those who have better information have an opportunity to provide better advice, AND, a group of his peers will have to agree that action is necessary (pass a law), and the nature of that action.

An idea was expressed - nothing wrong, or dumb, in expressing that idea. Only dumb to dismiss the idea out of hand, without appreciating the intent, and without honest debate.

your argument

Anonymous's picture

Your essential argument is :

1) Anyone can be elected;
2) Everyone has (mostly) free speech;
3) Therefore a fool, when elected, has a right to speak.

Entirely true.

There are a couple of problems though. One is...do I have the right to photograph schools, churches, and hospitals and make money by selling that information, directly, or via adwords or some other advertising revenue stream?

And the answer is yes. These organizations have no special right to privacy. I have the right to fly over them, and take their picture, and take their picture from the street.

Yet this person, who swore an oath to uphold the Constitution and serve the People, wants to remove that right. He's wasting government time and $$ on a frivolous bill that is just pandering to a small constituency in his district.

Exactly how is that "good government"?

Your other argument is there are "fail safes" in place to prevent this bad legislation from being enacted. I'll have to let the EFF or ACLU speak to this one. So many bad/broken/unconstitutional laws have been passed in American history I can't even think of where to start.

Now to my exercise of free speech : I hope this whack job keeps talking, and people keep writing articles about it. Eventually he'll be tossed out of office to the betterment of society.

> Therefore a fool, when

Anonymous's picture

> Therefore a fool, when elected, has a right to speak.

And a key point here is that he was elected. People chose him. (Rightly, or wrongly, to their regret, or not.)

> There are a couple of problems though. ... who swore an oath to uphold the Constitution and serve the People ... (shortened for brevity / to provide reference here, not to dismiss or offend).

But to serve the people, by protecting them and keeping them secure is his intent. (I'm not saying a worthy intent.)

... EFF or ACLU speak to this one ...

Fair enough, but ... how then did he still manage to get elected? Somehow this 'fool' managed to get enough other 'fools' to vote for him. Is the group of 'fools' not a constituency? ('fool' to use your term, not to dis/agree with any merits of its use, here)

> Eventually he'll be tossed out of office to the betterment of society.

Absolutely, and that is another check / balance present here.

I don't disagree, sooner rather than later, please. But we should appreciate the intent. Who knows, maybe sufficient outcry will occur that a more appropriate and effective method of accomplishing that intent will be enacted.

But I'm not holding my breath. The most unfortunate part is the waste of $$$ spent on the ill considered idea. Rather than remaining silent until a more reasonable method of accomplishing the intent was formulated.

Debate is good. And we're all newbies.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState