News is breaking right now that Intelligence operations led American forces to kill Osama bin Laden. Navy SEALs attacked from helicopters 30 miles North of Islamabad in Abbottabad, Pakistan a wealthy suburb and regimental center of the Pakistan Army. Simple human intelligence (HUMINT), such as tracking couriers, is said to have unraveled his location. Ironically the hideout was betrayed by its enhanced security — much larger with more control (taller fences, waste incinerators, no obvious sources of income) compared with other houses in the area.

President Obama’s speech indicated the operation started in August 2010. The timing coincides with deployment of US military helicopters to Ghazi, 30 miles north-west of Islamabad, to provide humanitarian assistance).

A shipload of U.S. Marines and helicopters have arrived to boost relief efforts in flooded Pakistan.

The “USS Peleliu” arrived off the coast near Karachi along with helicopters and about 1,000 Marines.

While that was public news, this operation was kept secret even from the Pakistan authorities after several previous operations were known to have leaked — suspects fled the target buildings before US soldiers arrived.

Visit msnbc.com for breaking news, world news, and news about the economy

Although the killing will stir controversy related to positive identification, let alone the dual-edge of humanitarian assistance or America’s relationship with the Muslim world, there is another reason to pause and review the details.

Like the recent black helicopter AH-6 operations in Somalia, which I have written about before, (this operation is said to have used the MH-60) America has been focused recently on development of a more effective approach to asymmetric threats — rapid response by very small teams to kill and extract high-value targets in foreign territory.

This is not the automation of smart bombs, laser shields, drones or nuclear deterrence. This news is America’s demonstration of classic intelligence and exceptional human capability.

The fact that it happens deep within the confines of another country means there is also a more traditional long-range global military support and supply chain element to the story — the helicopters were said to be launched from Ghazi, the site of a humanitarian mission. But the small team and low or no civilian casualty count suggests that America’s operational capabilities have evolved significantly in just a few years.

These aren’t the drones bin Laden was expecting.

Update: Some reports say one of the four helicopters in the mission was destroyed. Other reports, including eye-witness accounts, say only two helicopters were involved and they came from Jalalabad, Afghanistan; 200 miles East of Abbottabad. Perhaps there were two on the ground and two in a higher-elevation support role? The official line has been that a mechanical failure was the cause of the crash. A forced landing inside of the compound also could have been expected or even planned, similar to the 1970 Operation Ivory Coast in North Vietnam, designed to get troops on the ground as quickly as possible and distract from others.

The landing was a hard one, but successful. Rotors contacted some of the tall trees which bordered one side of the landing area. It was anticipated that damage would occur and the plan provided for the HH-3 to be considered a loss. By means of an explosive charge with a timing device, it was to be destroyed upon departure of our troops from the compound.

I see the FUD (Fear, Uncertainty, Doubt) acronym thrown around a lot these days. If you disagree with someone you throw a FUD card at them, as if it is sufficient on its own to discredit an argument. TechCrunch gives a good example of this as they defend Apple.

They give their perspective on the controversy surrounding mobile location data and conclude there’s no need to worry just because Apple made three mistakes; the critics of Apple are accused of spreading FUD. What’s the opposite of FUD, rose colored glasses?

It’s a long article but here’s the meat of it. The attack requires someone to already have access to your phone and that must mean they have access to all your other information. TechCrunch concludes that the failure to prevent access negates any further worry because you probably already are screwed.

Theoretically, someone could steal your phone, hack it, and get access to this data. This could potentially show them where you were up until the point they stole your phone. (Of course, given that they stole/found your phone, they would probably already know that.)

But wait. If they stole/found your phone, couldn’t they also have access to information like your address, the addresses of friends/family, all your phone numbers, perhaps some passwords, maybe monetary information? Yes, but that’s not as sexy of a story.

Here are four simple reasons why they are wrong:

1) Six months is a long time. TechCrunch says “given that they stole/found your phone, they would probably already know [where you were]”. Not so, not at all. As anyone who has worked in digital forensics knows, you can take data from a device without knowing anything about the individual who owns it. I have even engineered a distraction, then imaged a device, and left before the owner returned. It is easier today than ever with remote apps and hidden services. The controversy is not about the hours or even days of movement on a stolen phone — knowing where you are when your phone is stolen — it’s about the months and even years of movement as the lawsuit in Germany proved in 2009.

2) Asset value may be related to surveillance. Addresses and phone numbers are sensitive, but everyone knows they tend to be in the public domain (e.g. phone books) and are easily changed. While a list of your addresses and phone numbers (static data) may be worth protecting, it has a much lower surveillance value than a database that shows where you have been every minute of the day for the past six months (active log). You should be able to specify that when you want to share a phone number that does not mean you also want to expose more valuable location data.

3) Opt-in rather than opt-out. You might be able to guess a little about someone from the records they keep for themselves, but a tracking system they do not know about is invaluable for investigators and surveillance. Someone may choose to only keep a few phone numbers, no addresses, no passwords…but how do they choose to reduce the amount of location data stored on their iPhone? Even more to the point a user may select how long they want to store call and message records. They may have a habit of regularly deleting the records on their phone. But if they want to reduce the location data…?

4) *Someone* could hack your phone? No need to hack the phone with so many remote vectors open. What about someone who hacks third party marketing firms or engineers an app to aid the theft of location data? Who trusts Apple to protect the information from exposure through non-hack channels since they say in their TOS that they may share the information on a phone with whomever? They clearly leave the door open to the old infamous ChoicePoint attack vector.

Let me recap how that breach unfolded in 2004. An attacker used stolen identities to set up businesses that looked legitimate to ChoicePoint. The attacker then opened 50 ChoicePoint accounts over twelve months in order to avoid suspicion as they stole identity information. The District Attorney on the case told me that someone at ChoicePoint only grew suspicious when a Nigerian in Los Angeles named Olatunji Oluwatosin called and said he had a common American name but he could not pronounce it. He then was arrested with five phones and three credit cards that he had registered with stolen identity information. As an aside, Oluwatosin’s attack was not the first major breach of this kind. An almost identical one happened two years before, leading to nearly $1 million in fraud. The difference in 2004 was that it happened after the 2003 California breach notification law (SB1386).

I would wager that many inside ChoicePoint before 2004 had a big stack of FUD cards they would throw at anyone who dared to say information was at risk. After 2004, due to California law, they could no longer use a FUD card to avoid dealing with the security of information — too much was available to too many people without the consent of the owners.

I hope that helps clarify why the controversy surrounding the iPhone tracking data reveals something much more serious than just an Apple oops moment. If consumers have to use laws or an online fuss to affect the privacy settings in an Apple device, it means Apple’s privacy advocate and security team inside their organization lack the necessary influence to represent consumer concerns.

A privacy screw up like this probably happens at Apple because no one was vested with the authority or presence to put their foot down and say “location info is too valuable to collect and store for a long time — we have no justification for the risk — no more than 7 days” or “users must have an opt-out”. Perhaps even that is being too kind. Maybe no one calculated the risk of collecting location data at all, which would be an even more disappointing possibility. Hopefully they are looking at the root cause for the failure and increasing the scrutiny of products before launch, but so far their public explanations have not been encouraging.

There are many issues in the TechCrunch analysis, and I could go on about how wrong they are (e.g. even anonymous data can be abused and need privacy protection), but I want to end with a brief favorite. Compare and contrast these two statements:

I’ve been sitting on panels about location issues for a few years now. The discussion always falls to the same place: privacy and security.

[…]

Let’s be honest: no one is going to be talking about this issue in a few weeks.

It seems that they predict no one will talk about this location issue of privacy and security because the discussion always comes back to this location issue of…privacy and security. Got that?

A Representative for New Mexico, Republican Steve Pearce, says the oil industry is at risk of a shut down if forced to avoid killing a species of lizard.

Pearce has received over $1.2 million in campaign contributions from the industry he is trying to protect. He recently explained to a public gathering that protection of a nearly extinct lizard would interfere with the availability of funds for his next campaign, as well as possibly affect the economy of southeastern New Mexico and west Texas.

Pearce, focusing on the reptile this week in town meetings throughout his congressional district, said people would be put in peril if the federal government classifies the dunes sagebrush lizard as “endangered.”

“Most of the oil and gas jobs in southeast New Mexico are at risk,” he said. “In the ’70s, they listed the spotted owl as endangered and it killed the entire timber industry.”

I spot a problem. The spotted owl was not listed as an endangered species until 1990, as clearly stated in a US Fish and Wildlife Service record of review. Pearce is off by 20 years!

April 30, 1990. The status review team recommended that the northern spotted owl be listed as threatened throughout its range. This review resulted in the final listing on June 26, 1990.

Moreover, the timber industry actually saw profits boom in the 1990s, after the owl was listed as endangered.

Despite predictions of disaster for the industry after federal logging was reduced in Oregon to protect endangered species, profits of the 12 largest publicly traded forest products companies in the Northwest were up 43 percent in 1994 compared to 1993, the Oregonian reported.

So Pearce is spreading false information about the risks and the effects of regulation.

What he should explain is how his financial backers have enjoyed uncontrolled oil and gas drilling. They simply don’t like following the rules. Don’t make me bring up the BP disaster. Their disdain for the health of residents in Pearce’s districts, combined with herbicide spraying by the ranching industry, has forced a rare lizard to the brink of extinction.

Saying that an oil company is at risk in this scenario is like saying the coal industry is at risk of failure if it has to protect its canaries in the mines.

The oil industry is very hardy and resilient. It not only can survive the protections required to save a desert lizard but it actually can generate jobs when required to find solutions to prevent and detect environmental damage (reducing overall cost burdens by removing the need for high-cost cleanup). Protection of the lizard should be thought of in terms of overall risk reduction to residents and as a potential test for creation of long-term employment opportunities.