Categories
Geek It Happened to Me

Maps and Blueprints on the Internet: A Security Risk?

[I also posted this question on Ask Metafilter.]

Here’s one for the security buffs!

I often get called to appear on the nightly news whenever they need a

guy to talk about computers, the internet or blogging. This time, it’s

a piece about “how terrorists use the net to organize and plan attacks”

to be aired on national news (I’ll reveal the network later).

In my segment,

I will use my Google-fu to demonstrate how easy or hard it is to dig up

maps and blueprints, especially for “sensitive” places. I’m trying to

make sure the facts get out there, but I also want to do my bit to

counter any scaremongering.

My question: Can anyone point to sites or

articles that discuss whether or not such publicly-available maps,

diagrams and blueprints are a real security risk?

3 replies on “Maps and Blueprints on the Internet: A Security Risk?”

Well there have been a few news stories on this recently:

Lawmakers fear software use for terror

And this one:

Critics may contend the maps are an invasion of privacy, but the truth is that you’re not going to be reading license plates or checking out a nude sunbather next door.

For national security reasons, the U.S. Capitol building has been fuzzed over, as has the roof of the White House.

But you can still see Area 51.

Terrorists, however, now have mileage distances and crystal clear overhead maps in places like Baghdad or areas of Afghanistan — or shipyards in Norfolk.

Here’s what I’ve wondered about: you know how you can track a FedEx or UPS shipment online? I wonder how accurate that is. A terrorist could conceivably ship a bomb and then track it online to know when it’s in midtown Manhattan, or even when it gets to a specific building, and then trigger the bomb via cellphone. I wondered about this after 9/11 and figured this was so obvious that FedEx, UPS and others would have to turn this feature off. They haven’t done so, but it seems to me that the results have gotten “fuzzy” so that the tracking information may not show up online till sometime after a package gets to a certain place. Still, it seems like a risk.

Slashdot.org has had several detailed discussions concerning this topic. What was revealed is that the federal government has examined the situation fairly well. In one discussion a government paper was referenced that stated that revelation of map data was probably not important, since it could easily be duplicated or even bettered by information from other free and open public sources. Search Slashdot for the relevant discussions: there’s a “search” form at slashdot.org that will help you find these discussions.

The other relevant phrase to search for is “security by obscurity”.

Yeah, it might make it harder to find out where the nuclear plant is if you don’t have google maps, but here in Minnesota, even in the primitive 1970s, you could get a map of all the property in a county, with annotations on who owned what, from the county. They were some of the best maps for rural country, since they showed all the roads, driveways, etc.

Yeah, that wouldn’t pinpoint the containment chamber of a nuclear power plant, but it’s easy enough to walk to the property line and take a look. Any half-intelligent boy scout could go to two different spots and triangulate the location to within a few dozen feet.

What google does is destroy the ILLUSION of security, rather than any actual security.

See also the Google v. C|Net flap.

Leave a Reply