U.S. is spying on its citizens and others

GostHacked · June 26, 2013

http://www.foxnews.com/tech/2013/06/26/declassified-govt-report-details-decades-nsa-computer-spying/?test=latestnews

The clandestine National Security Agency is partly responsible for the modern PC era, a newly declassified document reveals, thanks to decades of custom computers built for one thing: espionage.

Declassified by the NSA on May 29 and posted online on Monday, the 344-page report “It Wasn’t All Magic: The Early Struggle to Automate Cryptanalysis, 1930s – 1960s,” details the unknown high-tech history of computers so secretive even their code names were kept confidential.

Until now.

It’s a never-before seen history of code-breaking, spying and its role in the birth of the computer.

'This is a story that has been little told until now due to the secrecy of these programs.'

“NSA has arguably been the largest single user of advanced computing machines in the world,” reads the introduction to the report, written by Colin Burke, former scholar-in-residence at the NSA and recently retired professor of history at the University of Maryland, Baltimore County. “[The NSA’s] computer purchases and its research and development contracts helped establish America as the world's leading computer manufacturer.

So as I said before, you gotta understand the technology and where it came from to really understand the scope in how this spy program is currently being used and how long it's actually been in place.

DogOnPorch · June 26, 2013

Right, but they gotta frisk grandma to survive court challenges to security screenings. Airliner security pre-dates the current WOT going back to the 1960's and highjackings. "Fly this plane to CUBA !! "

Yes, indeed. I recall during The Troubles walking down a long corridor after disembarking lined with UK customs officers standing in front of doors to small interrogation/investigation rooms. By the time we got to the end, there were no passengers left with even remote Irish connections in our passenger group. This didn't stop the Old Bailey bombing some days later, however.

Edited June 26, 2013 by DogOnPorch

dre · June 26, 2013

It's too wide a net for too small a gain. I don't think it would work.

3K people out of 300M died in 2001, which is 1 out of 100K for that year. Factor in the fear, misery, and economic damage and value can be seen in putting up barriers to anybody planning attacks. Also, it's not if but when: America and the west in general have enemies who are plotting against them - this is not imaginary.

I think there are ways to do it cheaply.

Depends on how it's done.

It's too wide a net for too small a gain. I don't think it would work.

The potential gain here is much larger than it is with terrorism... hundreds or thousands of times as large based on the statistics I posted before. And I think it would work really well and be one of the most powerfull crime fighting tools the police have ever had.

But without a doubt, searching everyones email over a 1:20000000 threat is "Casting the net too wide for too small a gain".

I think there are ways to do it cheaply.

I dunno. We are talking about petabytes of information and hundreds of millions of items on a daily basis... It cost our government hundreds of millions of dollars just to store registration info on 15 million long guns and make that searchable. Two things the government is really bad at: IT... and controlling costs.

Depends on how it's done.

Not really the entire concept you have outlined would constitute an illegal search and siezure under section 8. The government running searches would be searching the private communications of EVERYONE... including people not suspected of commiting any crime. This is exactly what section 8 protects against. Searches have to be focused and targeted.

Michael Hardner · June 26, 2013

Not really the entire concept you have outlined would constitute an illegal search and siezure under section 8. The government running searches would be searching the private communications of EVERYONE... including people not suspected of commiting any crime. This is exactly what section 8 protects against. Searches have to be focused and targeted.

Here's how I see it done:

The US govt. provides the search algorithm (do you know what regular expressions are ? if so, then they provide a regex to the company.) For all messages, the service provider saves them temporarily until after the search is run, which could only be a few short seconds. The company runs the search, then saves all messages that result in a 'hit' and all related messages in permanent storage on their site, then discards the rest. They then inform the government (automatically sending an email to the govt agency and the approving judge) that a 'hit' was achieved, asking for approval to search the message and related messages. Only after the judge approves the search, are the saved messages turned over. The government has to pay for the hardware, software, administration costs and any other services required to keep this going.

dre · June 26, 2013

Here's how I see it done:

The US govt. provides the search algorithm (do you know what regular expressions are ? if so, then they provide a regex to the company.) For all messages, the service provider saves them temporarily until after the search is run, which could only be a few short seconds. The company runs the search, then saves all messages that result in a 'hit' and all related messages in permanent storage on their site, then discards the rest. They then inform the government (automatically sending an email to the govt agency and the approving judge) that a 'hit' was achieved, asking for approval to search the message and related messages. Only after the judge approves the search, are the saved messages turned over. The government has to pay for the hardware, software, administration costs and any other services required to keep this going.

From a technology standpoint regex is strictly a pattern matching language... you have to scan all of the underlying data so it would be extremely slow (as opposed to searching an inverted index which is quite fast) and a massive ammount of computing power would be required. Its also a lot less useful than the technologies employed by modern analytics.

Pattern and boolean searching is extremely limited and most of the techniques used to analyze this kind of data are entirely semantic. Technologies like PLSI can find relevant documents even if they dont contain your keywords or patterns. If the government was going to mine data this is the type of technology they would use.

In any case your proposal doesnt get around section 8 because you are still siezing broad swaths of unfocused information. They government is still illegally searching EVERYONES email which is no different than if they searched everyones houses or cars under the law. And some ISP's have privacy agreements with their customers that prevent them from doing this kind of thing.

What WOULD be acceptable and legal is this...

The government has a reason to believe someone may be involved in a conspiracy to commit a crime. They go to a judge and and make a case to violate that persons limited right to privacy under section 8. If the judge approves the request then the ISP collects that persons traffic and turns it over to the government to do as they please with.

This would not violate section 8 because it does not involve the wholesale siezure of property from everyone. In order to legally sieze your email probable cause must be shown on a person by person basis. The government is not allowed to engage in broad untargeted searches and siezures.

R. v. Dyment (1988),^[5] the Court defined it simply as the "taking of a thing from a person by a public authority without that person's consent."

In other words the government (or agent of the government) cannot intercept my email and do ANYTHING with it unless it has probably cause.

\

I do see one legal way around this... If you signed an agreement with your ISP surrending all of your rights to everything you send out, and giving them the legal authorization to do whatever they wanted with your data, then they could voluntarily give it to the government (or store it and allow the search of it) if they chose to. The government could not compell them to.

Edited June 26, 2013 by dre

bush_cheney2004 · June 26, 2013

....They then inform the government (automatically sending an email to the govt agency and the approving judge) that a 'hit' was achieved, asking for approval to search the message and related messages. Only after the judge approves the search, are the saved messages turned over. The government has to pay for the hardware, software, administration costs and any other services required to keep this going.

That would be only one element of surveillance, the NSA is also interested in patterns for source and target entities. The automated software tools are now sophisticated enough to aggregate recurring patterns and apply heuristics. Often an individual or group of messages are not as important as the actual networks and comms links for future intel exploitation. Remember PM Churchill's agonizing decision about the bombing of Coventry.

Michael Hardner · June 26, 2013

That would be only one element of surveillance, the NSA is also interested in patterns for source and target entities. The automated software tools are now sophisticated enough to aggregate recurring patterns and apply heuristics. Often an individual or group of messages are not as important as the actual networks and comms links for future intel exploitation. Remember PM Churchill's agonizing decision about the bombing of Coventry.

Certainly. And if there are elements that they're allowed to store, ie. meta data, then these things could be cross listed via a key.

Michael Hardner · June 26, 2013

What WOULD be acceptable and legal is this...

Ok, that's interesting.

Michael Hardner · June 26, 2013

Why do you need to spy on Americans when the FBI already knows about most of the terrorists through already working methods.

Again, new thread for this would be good.

GostHacked · June 26, 2013

Again, new thread for this would be good.

Why would it be good for another thread? You don't think it has relevance here?

FBI facilitates terrorists. They will catch nothing but low level idiot terrorists who will do less damage than gangbangers in L.A. or NYC. They also know the real terrorists do not use the same systems that are used to spy on the rest of us. So the NSA program is to prevent attacks in the USA from entities like Al-Queda, but at the same time sending weapons to the Free Syrian Army which comprises of many known terror groups including Al-Queda.

So even though they follow and facilitate the terrorists, they still say they need to spy on us to catch the terrorists in which they are supporting in another part of the world?

This all makes sense to you?

bush_cheney2004 · June 26, 2013

Certainly. And if there are elements that they're allowed to store, ie. meta data, then these things could be cross listed via a key.

Yes...it's an old problem and puzzle to solve. The CIA and NSA hire technical analysts who are good at solving complex puzzles, with a decidedly computer science emphasis today.

Many years ago, graphics files (mostly porn) used to be sent as binary text files via usenet bulletin boards using UUENCODE/UUDECODE (Unix lineage). The "bad guys" figured out how to embed messages in these files. Brilliant !

Michael Hardner · June 26, 2013

The "bad guys" figured out how to embed messages in these files. Brilliant !

Would the image still render ? "Leave me alone, special agent Hotchkins I'm decoding this VERY IMPORTANT MESSAGE !"

I think the better way to stay out of the spotlight would be to stay off the ISPs - to use foreign satellite services and so on...

dre · June 26, 2013

Since the NSA is already doing this, and theres enough irrational people to possibly allow the Canadian government to legalize government snooping of mail, i figured it would be usefull to talk about how to completely stop them in their tracks.

They key to this is assymetric encryption. Establishing an SSL connection between servers will stop groups like the NSA from grabbing your data directly off the wire by positioning themselves as a man in the middle. But it wont protect your email when its at rest on someone elses servers.

In order to do that, you need to use assymetric encryption that uses a separate public and private key for encryption/decryption. This tool here http://www.gpg4win.org/download.html is free and works nicely. If you have a group of people that you discuss senstive information with you will need to have them install it as well.

This is a perfect example of why ideas like Mikes will in fact harm security. When people believed their privacy was protected they spoke openly, and sent messages as plain text. But now that everyone knows this data mining is going on (Thanks to Snowden) all that information will now be encrypted and government will lose the decent access they already had.

Spread this information with your friends, and hopefully we can get to the point where all mail is ecrypted within the next couple of years.

dre · June 26, 2013

Would the image still render ? "Leave me alone, special agent Hotchkins I'm decoding this VERY IMPORTANT MESSAGE !"

I think the better way to stay out of the spotlight would be to stay off the ISPs - to use foreign satellite services and so on...

No need. Just encrypt your data, and the ISP cant see it to share it with the government in the first place.

GostHacked · June 26, 2013

Since the NSA is already doing this, and theres enough irrational people to possibly allow the Canadian government to legalize government snooping of mail, i figured it would be usefull to talk about how to completely stop them in their tracks.

Unfortunately that won't be the case. Google now owns the only publicly known 512 cubit quantum computer. Cracking encryption will be a complete breeze with this new hardware. The computational powers of this computer is light years ahead of anything we have seen to date. Meaning it can look at a combination and explore every permutation instantly and know which is the correct combination. Well that is the theory.

http://www.wired.com/wiredenterprise/2013/05/google-dwave/

bush_cheney2004 · June 26, 2013

Would the image still render ? "Leave me alone, special agent Hotchkins I'm decoding this VERY IMPORTANT MESSAGE !"

I think the better way to stay out of the spotlight would be to stay off the ISPs - to use foreign satellite services and so on...

Yes, the images would decode just fine. If sender and receiver have conspired to create a cryptic messaging system, almost any medium will do. The difference with modern telecommunications is the speed and volume.

It sounds like Snowden freaked out as a contractor when he understood the scope of the NSA mission(s), perhaps because of some existing paranoia and ideology. Allegations are being made that he sought the NSA job as a "mole" hell bent on exposing their spying program. NPR reported today that he may have kept his cell phone in a refrigerator because they have " Faraday Cage" like properties, preventing electromagnetic energy transmission (i.e. tinfoil hat).

GostHacked · June 26, 2013

No need. Just encrypt your data, and the ISP cant see it to share it with the government in the first place.

ISPs have the ability to determine if it is encrypted or not. But regardless of encryption, the metadata still contains origin, path and destination. Some packet sniffers have the ability to see what is inside an encrypted packet.

bush_cheney2004 · June 26, 2013

No need. Just encrypt your data, and the ISP cant see it to share it with the government in the first place.

OK, but encrypted data invites attention regardless of the actual message content.

dre · June 26, 2013

Unfortunately that won't be the case. Google now owns the only publicly known 512 cubit quantum computer. Cracking encryption will be a complete breeze with this new hardware. The computational powers of this computer is light years ahead of anything we have seen to date. Meaning it can look at a combination and explore every permutation instantly and know which is the correct combination. Well that is the theory.

http://www.wired.com/wiredenterprise/2013/05/google-dwave/

Thats a drop in the bucket, and all you have to do is increase the size of the key and cracking it becomes astronomically harder.

For example... 96 bit encryption is 4.3 BILLION times harder to crack than 64 bit encryption. The largest RC5 key ever cracked was 64 bits, and it took hundreds of thousands of computers working together almost 5 years. That same bank of hundreds of thousands of computers would take more than 20 BILLION years to crack a 96 bit key. And the government would have to do this for every single email they want to read.

With AES 128 bit encryption it would take a billion billion years for the fastest computer in the world today to crack it. Thats longer than the universe is old.

And encryption algorithms will just keep getting stronger, and the keys will just keep getting longer.

Edited June 26, 2013 by dre

dre · June 26, 2013

ISPs have the ability to determine if it is encrypted or not. But regardless of encryption, the metadata still contains origin, path and destination. Some packet sniffers have the ability to see what is inside an encrypted packet.

Yes its true... some of the metadata is attached in transit, and the ISP certain has that. But the encrypted content is by all intents and purposes uncrackable within any useful timeframe. Yeah... they can crack your email, but by the time they do you will have been dead for billions of years.

dre · June 26, 2013

OK, but encrypted data invites attention regardless of the actual message content.

I dunno about that. Theres an absolute mountain of encrypted data flowing back and forth, more and more all the time. All the SSL traffic on millions of websites, all the VPN traffic, etc etc. And the ammount of encryption is going to skyrocket if people and businesses think their data is observable by a third party.

This activity by government presents one hell of a business opportunity for the private sector.

Edited June 26, 2013 by dre

bush_cheney2004 · June 26, 2013

This activity by government presents one hell of a business opportunity for the private sector.

Governments already have their paws on public and private encryption keys. Or the court orders to get them. Cell phones are now routinely cracked and downloaded with UFED field devices used by law enforcement:

data-pirates-aka-cops-can-hack-your-cell

Shady · June 26, 2013

Which can and will eventually tie into the spy program. Why do you need to spy on Americans when the FBI already knows about most of the terrorists through already working methods.

Sorry, but that's another unsubstantiated claim. Define "most" terrorists. What about the terrorists the FBI doesn't know about?

GostHacked · June 27, 2013

Sorry, but that's another unsubstantiated claim.

I've already pointed out in other threads about the FBI facilitating the ones within the USA. The ones that are supposed attacking the USA, do not use the systems that is set up for the NSA spy program. The criminals are always two steps ahead of the game.

You could completely clean up organized crime with all this data and blanket spying. But when you clean up the crime, you no longer have a need for a large militarized police force.

Define "most" terrorists. What about the terrorists the FBI doesn't know about?

Invoking Mr Rumsfeld? Unknown unknowns? Laughable really. If they don't know about them, it's because they are spying on Americans instead of doing the legwork and investigating the terrorists overseas that don't use GMAIL.

But to drive that point home, the unknown terrorists don't use Verizon, Gmail or a Windows computer. So the NSA spy program will NOT ever deal with the so called threat of terrorism.

PATRIOT ACT and the NDAA are all part of this.

Get out of your compartmentalized thinking and see the bigger picture here.

kimmy · June 27, 2013

I don't disagree, but such legislation would have to be ultimately passed in public and then approved by the courts. I frankly don't see the courts agreeing that someone who took a video camera into a slaughterhouse should be labelled a 'terrorist' and punished appropriately. Some of those hick states are always passing anti-abortion laws, for example, which the federal courts promptly overturn. Texas just passed another last week. So what some loudmouthed Tea Party wacko says doesn't necessarily wind up becoming law, or at least, not for long.

Well, that's the law in Missouri right now ( http://www.house.mo.gov/billtracking/bills121/sumpdf/HB2095I.pdf ) and it remains the law until it's struck down in ... well, probably the Supreme Court. It's taken straight from a boilerplate legislation that ALEC drew up and peddled to other Republican agricultural states as well. (why does ALEC care about protecting factory farms and feed lots from animal cruelty charges? because some ALEC sponsors have factory farms and feed lots, of course.) ALEC's lawyers are extremely confident that states have the authority to decide for themselves who qualifies as terrorists.

Anyway, I've shown you a government arbitrarily deciding to declare critics of its private sector allies "terrorists". And I showed you TransCanada Pipeline educating state law enforcement agencies on they can to use anti-terrorism laws to deal with Keystone XL protestors.

Giving governments carte blanche to do whatever they want in the name of fighting terrorists is a bad idea if they can decide that anybody they don't like is a terrorist. It's just begging to be abused.

-k