Slashdot Mirror
'Echelon Study' Released by European Parliament
ckolar writes, "Duncan Campbell's report on Echelon has been delivered to the European Parliament's committee for Justice and Home Affairs and is available online. " This is the study that was commisioned by the EU - very interesting reading.
--
--
It is no measure of health to be well adjusted to a profoundly sick society.
I can't seem to access the page, which begs the question: Government cover-up, or /. effect gone awry? *YOU* decide!
Just to note: while I *am* in Canada, most of my traffic gets routed through the States by default <SIGH>. Maybe, one day, Canada will have its own link to Europe...
"Don't mind me cutting myself on Occam's Razor"
They have been either slashdotted or silenced. Anyone dare to mirror the report?
I saw this story briefly on the wire this morning, but it appears to have been pulled. Maybe the MIB phoned the AP and said "We would be so much happier if you would show a little more discretion in running stories of this nature..."
As your constituent, I'm writing to ask for your support for a congressional inquiry into a threat to the privacy and civil liberties of all residents of the United States. I've read several credible reports that suggest that the global electronic communications surveillance system -- frequently known by the code name ECHELON -- presents an extreme threat to my privacy and that of other people around the world.
If you want to free hand your correspondence, get your senator or representatives name, address etc, from their wed site, and send the letter. Complaining on forums such as Slashdot, Attrition or HNN will not accomplish anything in bringing this stuff into the light. Whining on Slashdot only increases your Karma.
More race stuff in one place,
than any one place on the net.
do you mods have so many mod points that you could waste 5 on one post?
I don't understand you mods at all!
Moderation Totals:Troll=3, Funny=2, Total=5.
Does anybody know what format the report is in, what size it is and precisely what time the link went live? I'd like to read it, but I'd also like to get my connection back at some point...
The only Good System is a Sound System
-3 Troll??? WTF is going on here. Rob needs to prevent abuses like this, this is an evil thing to have happen. I browse @ -1 and it pains me not to read stuff like this!!!
Also, there are several related links on the Personal Security page of the Center for the Study of Technology and Society.
Finally, if you want the wire version of the story, click here.
Yours,
A. Keiper
The Center for the Study of Technoloy and Society
Echelon is just another indication that the constitution has been suspended.
Time to go home now.
Someone mail the text of the report and I'll mirror it or just post it here. Something. I can't stand the suspense! :O
You got it wrong - those are your knuckles dragging on the ground.
The linked site appears to be slashdotted. I believe this is a valid mirrorof the report:
ht tp://www.cyber-rights.org/interception/stoa/inter
Interesting how the "Echelon Study" article is posted next to a "Blame Canada" article. After all the operating principle of Echelon just ahppends to be "Blame Canada" (The UK blames Australia... and so on) Coincidence these articles ended up next to each other... I don't think so.
And it seems that France in particular has a taste for the fantastic. Microsoft is the NSA's largest customer, and IBM was forced into using DOS by the government?
France allegedly has its own Echelon, and no doubt that the UK does also. So if they're doing it themselves, why are they so pissed at the US?
if you add "&threshold=-10" to the end of the
url it shows posts below -1
Where can you see the Moderation Totals???
Whining and bitching about big brother will achieve nothing.
If that's ALL you do, then that's true. You're preaching to the converted. But if you write (yes, with paper and stamps, because it's so much more effective than email that our benighted representatives seldom even hear about) to your representatives and THEN get onto a public forum like Slashdot and tell others what you did and why, it might get others to follow in your footsteps.
But please be polite. These people have to slog through bureaucratic BS all day. You won't win any friends in high places by venting your spleen at them. Just explain logically why this is a Bad Thing.
And while you're at it, write to your local newspaper. There you'll be preaching to many who are not yet converted. Spread the word!
It might just be me, but it said that they monitor all email/fax/telephone conversations in Europe.. but doesn't that require the co-operation of the other European telcos? What about email? wouldn't that require something somewhere along the line sorting out all the email stuff? If so.. where is it? Do our ISPs know about it? (I'm in the UK) or is everything based at the telcos.. (which'd make slight sense.. fax/email/phone all go through them.. one way or another..).. It just seems wierd that something of this power and complexity isn't completely out in the open if it could do what it is supposed to do..
SysWear - Geek T-shirts (UK/Europe)
I think. At least I've so far gotten what looks to be the header to the document. Maybe everyone with Internet access all went to this page at once.
Eruantalon
Eruantalon
The Annals of Middle-earth
"Uptime"
74 days, 3 hours, 18 minutes
"Mail status"
"3 new messages"
etc.
How so? Well, I've seen several posts suggesting writing to representitives. What good is that going to do? The NSA has refused to even say if the name even means anything to them, under Client - Lawyer privilage. Have you seen Congress push them into saying anything further? One try, and they seem satisfied they've done their part.
Ok, what about this jamming? As I've said on a number of occasions, NOBODY does interception by keywords. Even IDS systems use pattern-recognition and context-sensitive detectors. Why would one of the largest, most advanced, most brilliant collection of programmers and mathematicians use a simple 'tcpdump | grep'? It makes no sense.
Ok, so "conventional" jamming won't work, complaining gets nowhere, what CAN you do?
I'm not going to say people are powerless, because they're not. However, they DO need to be unorthodox. You can't break encryption, if you don't know the algorithm, or possible set of algorithms. Even then, your probability of a false positive goes up considerably, the greater the number of keys and/or algorithms.
There are a GREAT many encryption algorithms out there, some stronger than others but that's not really the point. If nobody can really tell which algorithm you're using, your effective keylength is equal to the key length of the -LONGEST- key possible, PLUS log2(number of algorithms).
eg: PGP/GPG uses RSA to encrypt a secret key, but uses a simple secret cypher to encrypt the message itself, using that secret key. If someone modified PGP/GPG to allow you to pick (or have it randomly select) one of, oh, 16 algorithms for the secret encryption, then your effective keylength is equal to 128 + 4 = 132. That's a lot tougher to crack (it'll take 16 times as long) and might well prove too difficult for a real-time system, such as Echelon.
Even so, I =can= tell you that Echelon is complex. My understanding is that it includes vast arrays of DSP chips embedded in the physical network, for pre-processing. The only hope is to make systems such as IPSec and PGP/GPG sufficiently advanced that one-size-fits-all solutions can't be used effectively.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
how effective do slashdotters think echelon really is? and do you think they feed any data to U.S. commercial concerns? I've been thinking a bit about this recently; some simple calculations demonstrate that the amount of material they have to look through is simply phenomenal. The rumors say that the system has links to telephone lines, faxes, email systems, satellite links, and who knows what else. So, some extremely quick and dirty estimates:
I live in Boston with three other people and their respective girlfriends; most of us have cell phones. Our house has two phone lines, DSL, and ten computers hooked up behind a firewall. My roommate has a Palm V with an omnisky. That's eight or nine voice streams and as many data streams. The data streams are going all the time, and are all multiplexed through our single DSL connection. Now, admittedly we're a little more wired than most. So we'll scale this down a bit. Assume the government only is interested in monitoring large cities and a few out of the way enclaves dotted around the map. Maybe the ten largest US cities and 150 known subversive groups. Including the greater metro area, each city has maybe 4 million people on average, implying about 1.6 million families per city, giving 16 million
families total. We can guess that (plus or minus a few kooks) nearly every family has at least one phone line and 2 out of 5 have at least one cell phone. Probably 60% have an internet connection.
This gives us 32 million data streams, to monitor in real time, and at odd hours. Now given the current state of speech-to-text software, and assuming the NSA is 15-20 years ahead of the state-of-the-art (a very dubious assumption, these days), we'll also figure that with their software they can decrypt 200 voice streams per second with a pentium III. That still implies that they need the equivalent computing power of 160,000 high-end workstations.
Ok, this is not outside the realm of possibility. But it's right on the edge! Add in the complexity of understanding and dealing with different accents and different languages, static, spread spectrum cell phones, demultiplexing LANs, tapping who knows how many
switches, debugging the monitoring software and releasing (secret!) updates into the field, dealing with code words and both simple and complex black box and white box encryption, and dealing with the noise of slashdotters putting in things like "kill the president" and "natalie portman is trafficking in hot grits disguised as cocaine to pay off communist subversives," and we see that if Echelon exists, it's probably close to useless. And a horrible waste of taxpayers'
money. Though I guess developing such a omprehensive system could be valuable for use in targeted situations, like focusing on transmissions in a limited geographic area during high-tension conflicts.
These estimates are very much back-of-the-envelope, but does anybody see anything fundamentally wrong with them?
--
neil
First you add &threshold=-10 to the URL to show the post (if less than -1) then just click the (#22) link (or whatever number the post has.
This will list a buncha details about the post...
(Surely/Shirley you Jest).
"Blame Canada" was a joke about exactly that.
Sarcasm detector registered 0 reading your post.
Addison
One of the main news items on Finnish TV tonight was about Echelon. In brief, Tony Blair told the EU commission today that Britain hasn't betrayed Europe by participating in the US spy network also known as Echelon. Interesting was also the mention of that Echelon probably started as early as 1940.
Those who can understand Finnish can read a pretty good article summarizing the news here. Finland is one of the biggest supporters of privacy and protection of the individual in the EU.
Set it up and create secure connections between your peers. Very soon it will support automatic keying using DNS-SEC (public keys kept in the DNS database).
Echelon makes little difference if everyone is using end-to-end transport level strong encryption.
Burris
Report Details Vast Spy Network Updated 9:50 AM ET February 23, 2000 Current quotes (delayed 20 mins.) MSFT 94 1/4 7/16 (0.47%) By CONSTANT BRAND, Associated Press Writer BRUSSELS, Belgium (AP) - A U.S.-led communications monitoring network is intercepting "billions of messages per hour" including telephone calls, fax transmissions and private e-mails, according to a European Parliament report made public Wednesday. "We are not talking about a trivial thing here ... we cannot stop them, they will continue," said Ducan Campbell, author of the special parliament-commissioned report on the Echelon spy-network. Campbell said that the intelligence network monitors and intercepts sensitive European-wide commercial communications. "The level of use is getting out of control," he told a packed hearing of the Parliament's Committee for Justice and Home Affairs. He said Canada, Britain, Australia and New Zealand are also involved in Echelon. Other nations including France and Germany also participate in a lower level in the spy-network which dates back 50 years to the beginning of the Cold War. "The capacity of the filtering systems is enormous," Campbell said. He added that most international internet communications are being routed through the United States and through nine known U.S. National Security Agency interception sites. Intelligence facilities located in the five countries can intercept fax, e-mail or telephone communications easily he said. Campbell urged the European Union to take action to protect against unwanted interception of communications, which he said were violations of human rights. Committee chairman Graham Watson said he wanted to be sure the international surveillance system was not abusing its powers. Campbell said Microsoft, IBM, and a certain "large American microchip maker" were providing certain product features which allow the interception of information flow. Campbell said he did not know whether the U.S. corporations were benefitting from the information gathering but said previous commercial espionage resulted in the collapse of several European contracts in the airline industry - both military and commercial.
The lesson is that someone is always monitoring you. You can never stop them, or get the to stop, or even know they all stopped even if they did. So use crypto everywhere and then you won't have to worry. After all, feds never deciphered Mitnicks encrypted files, did they?
Just because you're paranoid doesn't mean they really aren't all out to get you.
Note: the above is probably all just made up fiction.
Is someone actually reading our mail? With terrorists, hostile governments, nuclear weapons, chemical weapons and biological weapons, does the government really care about anything you say?
If they are thoroughly reading your mail (suppose), are you suggesting that men in black suits come and oppress you? Because if not...
You must be suggesting that this evidence will be used in a court case against you. However, since it was obtained illegally, and the way in which it was obtained is classified (there was a case like this a while back), there is no way it can be used against you in a court of law.
As for the industrial espionage allegations, I could see someone doing that, but would suggest that it isn't commonplace. The government keeps a Very tight rein on its contractors, in terms of what they are allowed and not allowed to do, and it seems unlikely that it would make a *habit* of breaking similar rules itself, with the complicity of one of its contractors.
Also, do you think that microsoft and the nsa could slip something like that under our noses? Under several hundred million of our noses?
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
peradi fuenaya, cara ""echelon"", ho á ferragarba alo terina buada!! bena, la soyana garosa perola ""l33t 5k1llZ"" !!! ho!
I think this also points up the reason the government has fought PGP so fiercely. Even if they subvert the author, they can't do anything very obvious or easy, and you or I are quite likely to break anything they hide in the code, while rooting about in it.
Perhaps the most important question now is: what do the new crypto rules imply, in light of this? If we can really just give the no-goods at NSA a heads-up and export freely, does this mean that they're giving up? Or could it be that they can do an end run around the crypto if they have to (as in Tempest, bounce a laser off your window, intimidate your neighbor, et cetera)? Perhaps the best answer is: don't do anything bad, and encrypt everything, just in case.
See what I've been reading.
One thing that deeply bothers me about this report is that it seems to focus primarily on purely economic problems associated with Echelon. The EU ministers seem to be worried that their businesses are going to lose market share because NSA is passing their plans on to their American competitors. This seems both dangerous and hypocritical to me. It's dangerous because they seem to be downplaying or ignoring the (IMO) much more significant damage to personal privacy that is inherent in the NSA's pawing through everyone's communications.
It's hypocritical because EU countries have been as vigorous as anyone in using government intelligence to benefit their commercial sector. Interestingly, two of the specific examples of intelligence alleged to have come from Echelon were about EU companies offering bribes in pursuit of contracts. I don't want to compare the significance of offering bribes to that of reading people's mail, but it find it pretty hypocritical of the EU to bitch about others' reading of their mail turning up illegal and immoral behavior.
There's no point in questioning authority if you aren't going to listen to the answers.
Poor guys, on their europarl server theyve probably got a few requests from students every day, but apart from that... And being a EU employee the admin probably went home 18:00 MET :-)
.int domains for myself...
What is that eu.int-domain, anyway? I want one of these
The europarl link is down, so who must be responsible? ECHELON. Remember, they'll trace all those hits back to YOU. No seriously, this is a problem. Is there some legitimation to this type of large scale espionage and data gathering? Did the americans, canadians and english just decide to collectivelly have themselves and their neighbours under constant surveillance? Are they calling themselves democracies when they do anything they want without asking? so we should better start complaining before one beaurocratic monolith goes after the other one( i mean the european commission going after the echelon project). This is really scary... BOMB NUCLEAR FISSION.. ooops shouldn't have said that.. go catch me... -Go do some CREATIVE journalism-
I recently used one of those e-mail engines to send correspondance to my two state senators (Sen. Chuck Grassley [R] and Sen. Tom Harkin [D], of Iowa), and *BOTH* sent me a snail mail response.
FYI, it was concerning the Know Your Customer Sunset Act.
--
Intelligence is definitely a recessive trait.
> But isn't it the goal of existence? Better karma is the ultimate goal :-)
> of life, isn't it?
I think the Jainists believe this, but some might interpret the goals of Buddhism and Taoism (in different ways) as the ceasing or slowing of karma; of bringing peace to the Tao through inaction and lack of desire. ("Doing good", especially having a burning lust to do good, is seen in these contexts as, to use Lao-tze's term, "degredation of the great Way.")
Those more schooled in religion will see many holes in this argument, and will now flame me. Bring it on!
Why do you think the net is so slow. It's really simple... we actually run your data streams through a compartmentalizer and slow it down by.. I've said too much.... and who is that guy in the black suit wiht a black shirt and black tie? dont he know that black ties are out? Nice sunglasses though... Aaaarrrrgghh...
CARRIER LOST
Do not look at laser with remaining good eye.
Bitching to your congressman or senator or president is not gonna do jack shit. We live in a time when politicians are OWNED by corporations and run a corrupt government. Corporations who benefit from Echelon, a corrupt government than benefits from Echelon. Complaining will do nothing. It's time to stand up for ourselves and fight the fascist pigs. Obviously we can not fight them with violence, they have the guns but we have the numbers. And even more important, we have the technological know-how.
Come on, what's with this echelon stuff? Have none of you read The CodeBreakers or The Puzzle Palace? Don't you realize this has been going on since the telegraph?
The wrong thing to do is to focus on "Echelon" Look, *ANYONE* can listen in on you, not just the NSA. Use a cell-phone? Use a cordless phone? Your neighbors will soon be able to buy or create scanners to decode digital transmissions. Use the internet? A hacker hacking into an ISP or wherever your mail is located can easily read it. How about cable modems? Opps, anyone can sniff your packets.
If you don't want to install window blinds or curtains on your windows, don't cry when someone uses a telescope to watch you getting undressed.
The only solution to the privacy problem is to use encryption. If your broadcast data in the clear over any medium, you are relying on security through obscurity.
Has anyone noticed how EU centric these articles are? Who's Echelon? Anyone not in mainland Europe apparently. US, Canada, Australia, New Zealand, UK, etc. (the GMO controversy also follows the same sort of dividing line, with the mainland Europeans being the most vocally opposed)
Of course, France, that moral and highly cultured "you don't even know what culture is you Americans", would never engage in something as distasteful as industrial espionage? Would they?
It's patently obvious that the world's spy agencies have been intercepting all the traffic they could, even since World War II and before. Echelon is nothing new, except a "ooh scary" code word.
I am not living in Montana, but I am from there and knew him to be a fair and reasonable person who was also at the time putting up a good fight against encryption restrictions.
I did receive a response from Senator Burns that indicated that he had read it and considered it interesting. I have no idea how far he went with it.
The point is that if you are reasonable congress is willing to listen. They may not act, but you can at least put the seed into their head, and get them to at least consider your point of view.
Chris Pugrud
chris@pugrud.net
-- not anonymous, not a coward
Alternate link!! http://www.gn.apc.org/duncan/stoa.htm
hahahah! He said "impossible"
http://www.gn.apc.org/duncan/stoa.htm
Chris Pugrud
chris@pugrud.net
--Not anonymous, not a coward
This is the 1999 report, not the one issued today.
:wq
Fine. How about, unless I live to be several hundred or several thousand years old or more, I won't live to see my crypto cracked by 3rd parties. That's good enough for me.
1) There seems to be an assumption that part of Echelon is the ability to compromise a 128-bit key in a negligible amount of time (i.e. instantly.) Now, I'm not super-duper-hardcore up to date on my Echelon readings, but I haven't seen any indication that anyone actually has the capability to brute force a 128 bit key in real-time. If I've just been living in a cave (not far from the truth) and simply failed to hear about this advance, someone please post a link/reference, or e-mail me (above address, minus the DELETME), or something-- I'd be really interested in such news.
2)PGP/GPG uses RSA to encrypt a secret key, but uses a simple secret cypher to encrypt the message itself, using that secret key.
Maybe I'm reading this wrong, but it sounds like you're saying that PGP/GPG use a proprietary algo for their symmetrical crypto. At least with PGP, this is not the case. PGP (I think) currently uses IDEA, and used to use DES. While the latter is somewhat shady, these are hardly secret, and aren't that simple, either.
3) In the above set-up (with the PGP/GPG system which randomly selects the private-key algo to be used on a message-by-message basis) how do you securely communicate this to the recipient? Is the selected algo package with the key inside the public-key encrypted portion of the transmission, or do they just guess? (Not that having them just guess is such a bad idea-- it's sorta like those first versions of Public Key systems, the ones that used numeric puzzles for the keys. If the recipient just has the key, it'll take a more-or-less negligible amount of time for her to decrypt the message under each algo and see which version isn't gibberish.) Still, I'm not seeing the need for this, as per #1 I mean, if they can brute-force a 128-bit key in more-or-less no time, is making this time 16X longer gonna put that much of a knot in their britches? If 128-bit keys aren't secure, then this sort of arrangement is just a Band-Aid.
Again, it's possible that I'm just totally mis-reading the above. Sorry if all of this is out-of-left-field.
Much Love,
"S"HM
*****
(I refuse to spellcheck out of contempt for your belief system)
Sure us geeks can use strong encryption to hide our pr0n from prying eyes, but ego's aside we're the minority!, what about the other 95% of people out there who don't have enough knowledge to use systems such as PGP, or frankly have no idea of what they are or why they exist?
How many upcoming international companies have gone under because information about their new products has been leaked from surveillance?
How do we know that Micro$oft's dominance hasn't been influenced by Echelon leaked information?
It sure makes me wonder sometimes...
Jeremy.
I am putting some of the report PDFs that I have around in my cache on my web site at www.kolar.org/echelon.
This is a golden key for open source to establish itself as the security and privacy guard of the EU institutions.
p>
Do you think a french minister trusts his Windoze laptop? I think not... Or a German director trust the central site mainframe ... s/he should think twice before saying "I do".
We are in the unique position to say "if you don't trust my code THEN READ IT!
Can you, at the center of the continent use this door to offer a reliable, worthy and verifiable platform solution to our governments? Do we have the sense (and the ability) to make our administrations to listen to the reason?
We should! We must!
and it seems to be showing...
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
So what are the biggest revelations in this report, for those already familiar with intelligence collection? And for those who are new to the field and just worried about Echelon, what are the most important facts to remember?
1. Nobody is spying on you unless they already have reason to suspect you.
"The geographical and processing difficulties of collecting messages simultaneously from all parts of the globe suggest strongly that the tasking of these satellites [and other resources, as the report states] will be directed towards the highest priority national and military targets."
2. NSA has a much better grasp of Internet communications than would at first seem possible. The sheer immensity of Internet traffic and its global reach would seem to handicap NSA intelligence collection efforts. Not so, according to the report.
"Since the early 1990s, fast and sophisticated Comint systems have been developed to collect, filter and analyse the forms of fast digital communications used by the Internet... [A] large proportion of international communications on the Internet will by the nature of the system pass through the United States and thus be readily accessible to NSA... Although the quantities of data involved are immense, NSA is normally legally restricted to looking only at communications that start or finish in a foreign country. Unless special warrants are issued, all other data [like domestic U.S. e-mail] should normally be thrown away by machine before it can be examined or recorded... Much other Internet traffic (whether foreign to the US or not) is of trivial intelligence interest or can be handled in other ways [and usually reached by OSINT, "open source" intelligence]."
3. U.S. companies like Microsoft have purportedly cooperated in these intelligence collection efforts. This is unorthodox, to say the least. The following claims made in the report are allegations without a great deal of substantiation.
"According to a former employee, NSA had by 1995 installed "sniffer" software to collect such traffic at nine major Internet exchange points (IXPs). [A list follows.] ... The same article alleged that a leading US Internet and telecommunications company had contracted with NSA to develop software to capture Internet data of interest, and that deals had been struck with the leading manufacturers Microsoft, Lotus, and Netscape to alter their products for foreign use... The companies agreed to adapt their software to reduce the level of security provided to users outside the United States. In the case of Lotus Notes, which includes a secure e-mail system, the built-in cryptographic system uses a 64 bit encryption key. This provides a medium level of security, which might at present only be broken by NSA in months or years... [In 1995, the] companies agreed to adapt their software to reduce the level of security provided to users outside the United States. [Actually, this was not so much an agreement as a direct government requirement for exports.] In the case of Lotus Notes, which includes a secure e-mail system, the built-in cryptographic system uses a 64 bit encryption key. This provides a medium level of security, which might at present only be broken by NSA in months or years.
4. They don't tap your phones.
"Effective voice 'wordspotting' systems do not exist are not in use, despite reports to the contrary," according to the report. "Fax messages and computer data (from modems) are given priority in processing because of the ease with which they are understood and analysed." The only special phone technology the NSA has are systems that identify speakers by their voiceprint, which "have been in use since at least 1995."
5. The FBI may know more than it should. Collaboration between the intelligence community and FBI is seriously frowned upon, especially since it is occasionally the FBI's job to investigate breaches of protocol by the intelligence community. Yet, according to the report, the International Law Enforcement Telecommunications Seminar (ILETS) was set up by the FBI in 1993, and has served as a guiding body for much of the COMINT work that fits under the name "Echelon."
"The work of ILETS has proceeded for 6 years without the involvement of parliaments, and in the absence of consultation with the industrial organisations whose vital interests their work affects."
Why is it important to keep the NSA (collection of intelligence) and the FBI (domestic crimes) separate? "Any failure to distinguish between legitimate law enforcement interception requirements and interception for clandestine intelligence purposes raises grave issues for civil liberties. A clear boundary between law enforcement and 'national security' interception activity is essential to the protection of human rights and fundamental freedoms."
6. The study has no real proof of corporations inappropriately benefiting from collected intelligence.
Businesses do not get help from intelligence agencies - governments do. The study admits this: "There is no evidence that companies in any of the UKUSA countries are able to task Comint collection to suit their private purposes."
Generally, there is nothing ethically wrong with a country collecting economic intelligence about another country. If intelligence is to be useful in any way, we need to know important economic data so we can act on them if necessary. The only ethical problem would be if specific businesses got help, but other than a spurious hint of impropriety, the study doesn't really have any proof. All it has is this quotation from a Baltimore Sun article: "Former intelligence officials and other experts say tips based on spying ... regularly flow from the Commerce Department to U.S. companies to help them win contracts overseas."
7. Echelon or not, the intelligence agencies are losing.
Every day, U.S. intelligence collection agencies slip farther behind. They are in sorry shape right now, with huge input, and very limited analysis capabilities. And in the end, the study admits that "[t]he use of strong cryptography is slowly impinging on Comint agencies' capabilities... [I]n the absence of new discoveries in physics or mathematics, Moore's law favours codemakers, not codebreakers."
Let me know if you think I've missed any of the study's major revelations.
Thank you.
Yours,
A. Keiper
The Center for the Study of Technology and Society
FYI, the document mentioned on the Europarliament page (entitled "Development of surveillance technology and risk of abuse of economic information") is dated October 1999. The document itself is not available there however :-( My guess is that the document on the mirror site is a draft version of the same report. If not, it's worth a read anyway!
Just wanted to make sure that I'm on the same page as everyone else: By "false positive" we mean "a text which appears to be the original plaintext really but is not"? So a "false positive" (in the sense we're using here) would be, for example, if I encrypted my plans to buy all of the choco-donuts and, when my nefarious enemy attempted to decrypt the plans, he ended up holding what looked like a transcript of a radio morning show out of Fargo? Is this the sort of situation we're talking about? What are the odds of this, really? I respect that doing thing A, B or C can make this more likely to occur, but how likely is it to begin with?
Much Love,
"S"HM
*****
(I refuse to spellcheck out of contempt for your belief system)
Reminds me of the old radio gag of having everyone flush their toilets at the same time to protest high water prices.
Speaking of flooding national systems, a friend of mine worked at a water treatment plant (sewage.) I joked to him about the "Superbowl Flush" effect that I heard about in the late 70's and asked if he could comment on it. The theory went something like when America would all get together on Superbowl Sunday to drink beer and watch the barbaric game of football up until halftime, at which time thier urinary bladders exceeded maximum capacity. The concern was that everyone and thier brother made a dash for the toilet, whizzed, and flushed at the same time, overloading the sewer systems and rivers across the country, possibly causing mass flooding, etc...
He stated it was no joke and described the incoming rush of water was real.
So, I guess we could all flush our crap at the same time and jam echelon in the same way. Whoooohooooo!
Doesn't The Official Secrets Act require Blair to lie when necessary to hide secrets which he knows?
I just have this feeling that no matter what I do someone out there will be watching these days.
Given that I'd rather put all my efforts into stopping something that is DEFINATELY harmful to
you rather then annoying that someone somewhere is reading my email. If all the people
who don't have any secrets that NEED to be protected put their efforts toward say stopping
drunk drivers, or spam I believe our quality of life would go up much more than Echelon may be
brining it down.
I mean hell maybe they'll use this for good and stop the next two crazy guys who wanna blow up
A building full of workers and their kids, or stop some guy from molesting that 12 year old
girl who doesn't know not to give her address to people on the net.
Apologies,
A. Keiper
The Center for the Study of Technology and Society
OK, I know www.cryptome.org has these same articles, but I thought I'd mirror them just for the hell of it.
:)
DEVELOPMENT OF SURVEILLANCE TECHNOLOGY AND RISK OF ABUSE OF ECONOMIC INFORMATION (An appraisal of technologies of political control)
Part 2 of the article above
Part 3 of the article above
Interception Capabilities 2000, or Part 4 of the article above
Also:
AN APPRAISAL OF TECHNOLOGIES OF POLITICAL CONTROL , or the working copy of the above article
Enjoy reading - there's a lot of it
Eruantalon
Eruantalon
The Annals of Middle-earth
Dr. Burris T. Ewell
They don't spy me unless they have a reason!
And I'm wondering... who defines the reasons?
For instance in the US, did Nixon had a good reason to spy the Democrats in Watergate? Certainly he did! They were planning to win elections from him ! Those bastards!
If I am a political active citizen and I am against the current trend in power do they have a reason to spy my emails? According to your views it seems they do. I gave them a reason.
And you know how it works in the real life... covered blackmail, hidden menaces, a working contract that is not renewed, etc
I can hear you say "That cannot happen within the US!". Maybe not, maybe it only be "offered" to us silly and idiotic europeans, maybe that information will be passed to a company that I'm working for, maybe that company is american and I was idiotic enough to have opinions while working there, maybe, maybe... maybe I would loose my job, or ... , or somethig else if I have suspicious political views.
That's why these "spy traps" scare everyone ... maybe.
Just as a quick aside, for those who don't already know, the second link in spaceorb's post is from John Young's really excellent "Cryptome" site at jya.com/crypto.htm
The site is primarily devoted to the technological and political aspects of law enforcement and intelligence agencies around the world, and is a great resource for those of you out there interested in things like echelon, TEMPEST, wiretapping, etc. Very cool and highly recommended...
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
Like you said, bribing or attempts to bribe is a bit different than maintaining an intercontinental system designed to stick your nose in stuff which does not belong to you. Losing money is just one aspect, not the whole picture.
Personal privacy is at stake too, naturally. But so is the sovereignty of the countries being spied on. And so is the question of trust between certain countries.
If this had been Europe spying on the USA, we'd have 3 movies and 12 books portraying it as an invasion of the constitutional rights/democracy/freedom of speech/whatever, a trade embargo, endless talk shows, a nuclear war and God knows what else.
If you are seriously suggesting that US companies don't use bribes... wake up.
PS. I've been thinking too. What is it that the Echelon system is really used to spy on? What issue is so dangerous that all communications relating to it has to be monitored on a planetary scale? Any ideas (aside from the usual space alien colonies and looney cults)...?
This government in Washington is a terrible embarrasment to America, I think. I suppose it's better than most, but that's not the appropriate comparison. Most other governments exist explicitly to screw the governed for the benefit of the governors (e.g., think about the history of the English government). That's not supposed to be how it works here.
See what I've been reading.
The problem is that the NSA & Ignorance has been pretty effective at preventing people from using crypto. We need a campaign to get the Linux distributions to come with this stuff preinstalled. Actually, we need a campaign to get PGP preinstalled on Windows boxes too. Debian dose some stuff to make it easyer, but we really need it to be a standard part of using a computer.
Actually, the most effective thinkg would be to get propper use of public key cryptography to be tought in every CS101 class (i.e. first class a CS student takes). Perhaps going so far as to require all their assignments to be digitally signed and encrypted for the recipiant (with GPG) when turnned in via computer. A strong case can be made for this being an essential part of a computer education.
I suppose you could also go to high schools and teach the kids how to keep their emails secret with PGP, but that takes a little more work then just convincing collage profesors to teach it.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
From the report:
33.TCP/IP. TCP/IP stands for Terminal Control Protocol/Internet Protocol.
I've seen "transport control protocol" and "transmission control protocol" but never "terminal control protocol"...
IP is the basic network layer of the Internet.
Ummm... okay.
My argument in the main posting was merely that Echelon doesn't seem to be all that different from what we already publicly knew about ordinary intelligence collection.
Yours,
A. Keiper
I was thinking...
Collect a lot of pr0n, and put in national security type keywords in the comment section in the pictures.
Encrypt them lightly, and send them to a friend in North Korea. Some poor schmuck sees a lot of traffic going to North Korea, and easily decrypts it. Boss-man walks in, sees the pr0n. "No, really! It has all these keywords, really!"
Calmacil
I can't seem to face up to the facts, I'm tense and nervous and I can't relax... --Talking Heads
Okey who's messing around here? Post #107 is supose to be to a mirror of the report and it links to cuntlicker.com and #114 links to hardcoresex.com and #103 links to crackwhores.com... Are these people trying to get free advertiseing or what?
Now, about the Government reading your mail: by that logic, you wouldn't mind if I read it, too, would you? I couldn't legally use it (in any way that you could find out about). So why should you mind? You shouldn't be worried that I would make some illegal use of your personal information. After all, I'm just as reliable as the guys who get hired by the Government! Maybe more so; they usually aren't held personally liable for their illegal acts, while I would be.
I agree that the Government is more interested in terrorists than the likes of you or me. But you should remember that when the terrorists are having a holiday, they've got to watch somebody! More to the point, what if you are politically active? What if somebody with connections (or enough bucks to rent Clinton for an evening) decides he wants to screw you up? Sound ridiculous? How about that Norwegian kid who's getting pushed around by the movie industry? What about an environmental activist who really embarrases a big corporation (the movie "Silkwood" claimed to be based on a true story)? I guess I've made my point: you don't have to think you're important to be made an example of.
See what I've been reading.
Ok, so this is a good time to mention it. I read an excite story (from drudge report) talking about this EU summary. Scary. So I do some looking for security. Email is when I say the most incriminating things. So I find hushmail.com Uses Blowfish to provided end to end encrypted email. Now, PGP is real pain for some people. My mom who needs Clip the office assistant to type a letter couldn't handle it. She can handle hushmail. I'm a huge fan, it's totally secure and it's from www.hushmail.com No affiliation, just a huge fan.
Look, people, who cares if NSA is reading your stupid email? Do they care? Are they gonna do anything about it? I mean, seriously, they can read everything I have, it doesn't matter to them. Nobody ever takes the other viewpoint, that they are actually doing this to PROTECT US. They our not our enemies, they are trying to PROTECT us! They are on YOUR SIDE and they don't CARE about your email. It's not like they are stealing your credit card info or spamming you!
To wit, they would have to be copying and routing packets from all over the Net to machines that process this traffic. Or they would have to maintain a huge network of snooping machines all over. If they do it the first way, then there are suspicious piles of traffic flowing off into dark corners. Do it the second way, and they increase the odds that someone will locate one of their spy machines and blow the lid off.
A recent auditor's report found the NSA dangerously close to the edge in terms of their inability to keep up with the rising tide of Net traffic. The NSA might be the NSA, but it's still a gov't agency, and look at the mess that is the CIA. Talk about the gang who couldn't shoot straight.
How then to explain this EU report?
My theory is that this is just another brick in the wall of the rising tide of anti-American sentiment in Europe, a disappointing phenomenon for which the French seem largely responsible. Look also at their investigation of Microsoft, statements regarding which are often tinged with nationalist invective.
This sort of thing is disappointing development, because the free world faces real potential threats in the form of Russia and China. A strong strategic partnership between the US and Europe is essential for our security in this new century.
As for Echelon, I wish I could believe such a thing existed. Why? The world is a dark and dangerous place, populated with many characters who wish to harm our national interest, security, even plant bombs and bioweapons in our cities. Traditional SIGINT, which is what the NSA is good at, is no longer enough. Few people truly know how much this helped us in the past 50 years, and how many lives may have been saved because of it.
But I don't think it's true. I think many people are simply having fantasies driven by "The Matrix" and too many Tom Clancy books and X-files episodes.
-cwk.
Since most communications aren't encrypted, including a surprising amount of sensitive stuff, tcpdump | grep probably gets more data than any subsequent analysis. After that it'll be diminishing returns on computing time.
perl -e 'fork||print for split//,"hahahaha"'
http://www.abcnews.go.com/wire/World/reuters200002 23_3251.html
Check out I Listen : A Document of Digital Voyeurism by The Spacewurm. It's a book of transcribed cell phone conversatsions:
Since 1993, electronic music artist The Spacewurm has used specially modified digital scanning equipment to secretly (and illegally) record the cellular and portable phone calls of everyday people all over the country. The stories, confessions, and intimate conversations of these unwitting participants are described in I LISTEN.
cpeterso
There is an Echelon Station in Herbert Rd, Artarmon, Sydney. It's on the SBS studio side of the road, about halfway between that and St Leonards, and is basically three huge warehouses lined up away from the road. It is officially a Telstra bill printing plant, and the security appears about right for that at first (open plan gates etc), but is just way too big and the 4 security cameras on the front left corner alone look a little suss. A friend has seen someone removed at gunpoint, and knew someone who did the pebblecreting who had his camer confiscated for photographing his work. Apparently the second warhouse contains Australia's Echelon computer processing power, which was more powerful that the British defense's when it was built ...
The principal problem with SIGINT lies in breaking encryption. As with the breaking of Enigma, there is no need to solve an algorithm by brute force if users make mistakes (an all users will). The first mistake is not having your computer sealed in a faraday cage, allowing TEMPEST type options. Of course, this option means you have already made a series of big mistakes, and led them to your door.
Echelon will have its greatest value in conflicts of a military nature, directing large ears at a known foe. Randomly listening to millions of conversations is more expensive and less useful than less sophisticated HUMINT options. The privacy issues are negated by using end-to-end encryption, especially in a personal code or argot. Better still if you post the message anonymously to a public forum. Then they can't track the recipient(s).
The point is, protecting messages in path is easy. Keeping your neighbors quiet, hiding your trash, and guarding against break-ins is difficult. The people responding to this thread have their priorities in precisely the wrong order. Read the histories: directed SIGINT is valuable against a known foe. At other times, the expense and false positive rate will be apparent.
Burn your trash. Let the crypto people worry about Echelon. You're already making big mistakes in keeping your privacy. Who is listening in on your phone sex conversations is the least of your problems.
Alternatively, go straight to http://www.shub-internet.org/eu/ and download them all for yourselves.
Please mirror these files widely, so that my poor little server isn't slashdotted out of existence!
--
Brad Knowles
Brad Knowles
http://daily.daemonnews.org/ -- if you're not
I hate it when sites go down and disappear. Here is a mirror of one of the reports complete with pretty pictures.
scary!
These guys here are working on some great speech pattern recognition software that is much faster than anything else out there. check them out.
Was that supposed to be funny? You wasted my time.
Holy shit! We're being monitored! It scares the shit outta me, and it's a real pain in the ass, I tell you for sure!
Anyone else here read The Illuminatus Trilogy? Anyone else here recognize a joke when they hear one?
Somewhere close by Robert Anton Wilson is laughing his ass off at another brilliant mass-cultural hack.
Some suspiciouns German Thefts and closer to my heart is the story abount monitoring all Irish International Phonecalls, This one was pretty much suspected for some time, particularly by the IDA (Irish Development Agency in charge of convincing companies to invest in Ireland), they got terribly suspicious when a few large companies got slightly better bids to set up in Scotland, each time just a little better than the Irish bid. I believe that they ended up asking travelling diplomats to transfer their most valuable documents by diplomatic pouch rather than fax or email them. Though I can't find the story where I read this one, Sunday Tribune I believe but they don't have an online search engine
C.
I sometimes write stuff
I note that the report indicates that keyword recognition for voice calls isn't yet available. This is incorrect. It's a standard feature of advanced prison phone systems. "The LazerVoice Keyword Recognition feature listens to all conversations and selects the call records that fit your customized keyword criteria creating faster and more cost efficient investigations." "Our top-selling product", says the manufacturer, Schlumberger. Order yours today.
This report made a lot of fuzz in Denmark 6 months ago, so the goverment had it translated. The danish version is available at The Danish Ministry of Research and Information Technology. Danish Broadcasting Coorporation also has a lot of related stuff here in danish and english.
The computers watch and listen for key words in telephone, fax and Internet communications and route intercepted messages on a topic requested by a country, the descendant of a decades-old electronic eavesdropping network set up by the United States with Australia, Britain, Canada and New Zealand.
"New York Times" - free registration required An Electronic Spy Scare Is Alarming Europe.Fears that the United States, Britain and other English-speaking countries are using a cold-war eavesdropping network to gain a commercial edge roused passions across Europe today, even after Washington and London roundly denied the notion.
The subject kept the European Parliament in Brussels entranced for hours and drew banner headlines across the continent. [...] The hubbub grew from a report prepared for the European Parliament that found that communications intercepted by a network called Echelon twice helped American companies gain an advantage over Europeans.
And considering the diversity of opinion and political choices in this country, what exactly does "on OUR SIDE" mean? Who's side? The people's? The government's? Big buisiness? Democrats? Republicans? Socialists? Anarchists?
To all the people who suggest encrypting everything... Here in the UK, thanks to Herr Obengruppenfuhrer Jack Straw's draconian reign as Home Secretary, encryption is irrelevant.
It doesn't matter how many bits you encrypt by, if they ask you for the key you must hand it over or be imprisoned...
Governments doing corporate espionage is probably a bad thing.
However, I would expect that some of these reports are fallacious. The one french guy (look at that reference -- that's why I'm a programmer and not a journalist) who claimed all these corporate espionage things also claimed that the NSA collaborated with a large american chipmaker (a veiled reference to intel's ID #'s on chips, which seems unlikely to be inspired by anybody other than worth .3 something trillion dollars intel), has hidden traps in microsoft software (although, somehow, several hundred million users of microsoft products have been unable to find these), and forced IBM to use microsoft products (?)
Yeah, that's kind of faulty logic. My brain is still reeling from the effects of loss of sleep from reading hitchikers guide (for the first time, man) and too much raspberry mocha.
I guess my point is that just because the allegations are made doesn't mean they are true. And just because allegations are made doesn't mean that intelligence agencies will respond to them. It is impossible for them to prove their innocence anyway. And I would suspect that they don't answer any questions about their operations if they can help it.
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
The actual document links come up in a JS pop-window (why? I dunno... and why PDF? Obviously, this *is* a conspiracy :)
Here they are: http://www.europarl.eu.int/dg4/stoa/en/publi/pdf/9 8-14-01-1en.pdf http://www.europarl.eu.int/dg4/stoa/en/publi/pdf/9 8-14-01-2en.pdf http://www.europarl.eu.int/dg4/stoa/en/publi/pdf/9 8-14-01-3en.pdf http://www.europarl.eu.int/dg4/stoa/en/publi/pdf/9 8-14-01-4en.pdf http://www.europarl.eu.int/dg4/stoa/en/publi/pdf/9 81401-5en.pdf
The links seem to connect, but am still waiting for a download... ~200b/s with lots of stalling...
This is from the US.
"The Internet is made of cats."
I replied to a similar article a while ago asking what people had to hide, I stick by that. The real issue here is that governments are selling the information, supposedly gained in the interests of national security, to businesses and indaviduals supporting their own personal interests, not national security.
Actually, there is NOTHING you can do that will have any effect. Whine, bitch, moan, write, etc. At most you'll get a few people fired, the system 'restructured' (oh my!), and it will continue as before. The press and people enjoy the illusion that they bring about change, but they do not.
You (the people) are not in a position of power. They are. Until you realize that and become fully aware of its depth you're just playing into their hands with your little protests.
As for encryption, it annoys them, and there's some they probably can't crack. That's why they enlist Microsoft, IBM, Intel, etc to install backdoors, why they use Van Eck freaking (tempest), etc.
Don't lose hope, but don't convince yourself you're free when you're not, as that's a true loss of freedom.
Remembering waaaayyy back.. We used to use EMACS as a mail program (a funny little CMU app called BatMail.) Anyway, because BatMail ran on Emacs, there were all of these cool Lisp programs that enhanced the value of Emacs and BatMail. My favorite of which was called Spook. Spook would insert a paragraph of "NSA Hot-Words" into your email header before sending the email out. The obvious implication being that all of your quite trivial messages would eventually congest the NSA's computers. Has anyone seen a Spook macro for Outlook or Eudora? Bringing that up to the present times might be fun; now that we know they are indeed listening.... -drew
I think echelon has blocked that web site (http://www.europarl.eu.int/dg2/hearings/20000222/ ). We better watch out. They'll be blocking /. next.
While the EU is using their apparant economic disadvantage to the U.S as an excuse to release everything they know about Echelon, I'm all happily for it!
This is the most information I've read on Echelon and I'm glad that the EU finally made it all public.
I think the perception of what Echelon does (rather than what they have the potential to do) is made much more clear in the report. While Echelon can monitor most communication media available, they won't..because they don't care about it all. From reading the report, which can be considered at least non-biased towards the NSA since the EU is basically accusing the NSA of spying and wouldn't leave the more controversial info out, one can see that Echelon generally doesn't spy on American or British citizens. The problem arises when military + economic information interception accidentally collects private, non-related information. I see this as not a purposeful attack of personal liberties, but a failing of the technology.
The NSA doesn't care about the latest hack you did against some web page. The NSA doesn't care about your kiddy porn.
They're looking for the military and economic advantage over other countries..and they have so much information to process and disseminate that tracking foreign national security matters AND domestic 'small time crimes' would be a waste of resources.
I think anyone who wishes to retain their privacy and is doing something they're afraid others will find out should use PGP. It's pretty simple. Elsewise, I don't think the NSA will care about your non-encrypted email to a domestic friend about your latest script kiddie prank.
And if Echelon gives the U.S an economic advantage over others, I applaud it. If it allows the U.S to retain its edge over the IT industry, I think it's worth it. I forsee no 1984 scenario..that's just paranoia sweeping in.
Howard Salis
Favorite