Mashups for Terrorists

"Web site that tracks 911 calls ignites concerns about security" reads the headline in a story by John Cook and Scott Gutierrez in this weekend's Seattle Post-Intelligencer. What is it about? It starts with this mashup, Seattle911, a site created last year by local resident John Eberly that takes real-time feeds of 911 calls provided by the Seattle Fire Department and plots them on a Google Map. A good mashup and, as the story notes, the site developed a bit of a cult following. Now the site is down.


Why? The real controversy began last week when, citing "security concerns", the Seattle Fire Department deliberately broke John's mashup by changing the format of their data from text to graphics. Officials worried that the visual display of crew locations could jeopardize their safety and "make things easier if terrorists were planning an attack". The catch is that the data is still publicly available on the site. It's just harder to use. But likely not much harder for terrorists. Mashup developer Eberly says the Fire Department's reaction is "like placing a giant padlock on a flimsy door". Security guru Bruce Schneier calls it "idiotic".

The incident raises a lot of good questions and issues about the availability and use of public information (as well as accessibility questions for those who are unable to read the images). John Eberly has written more about the incident in the excellent blog post: World's worst use of a jpeg. Shown below is a screenshot from the new Seattle Fire Department Real-Time 911 page. Note that the big table of text on the page is one big jpg image.

Seattle Real-Time 911

As Schneier notes: "What the Fire Department is saying, which is interesting if you think about it, is that we are going to rely on the inconvenience of automating this to give you privacy," Schneier said. "The government is not saying, 'Hey, this data needs to be secret,' they are saying, 'This data needs to be inconvenient to get to.' "

This is not the first time the question of mashups and security has come up -- see this earlier post from the spring New Scientist: Mashups as Hacker Dream.


Comments (5)

Good tip Clay. Quite remarkable that it just takes one line of code to work-around the obstruction.

This is classic “security through obscurity�. There are some great arguments in this article both from a security and an accessibility standpoint. Makes you wonder who came up with this brilliant solution. I can just see someone articulating the requirement, “yeah, it has to be publicly available, but not to those with disabilities and, by the way, make it as hard as possible for concerned citizens to use this data.�

Joking aside, it’s a good thing and a sign of progression that the Seattle FD is even making this data available. I wish my local fire department would do the same. On the other hand, the work looks sophomoric when exposed to expert scrutiny. Goes to prove that once again, when exposing this type of information on the Internet, it’s best to do it right or just not do it at all.

The information is actually readily available in the public domain and there is no <a HREF="" rel="nofollow">fire risk</a> or risk to individuals to the information being collated in this way. In fact the more public the information is the better for everyone.