'Echelon Study' Released by European Parliament

ckolar writes, "Duncan Campbell's report on Echelon has been delivered to the European Parliament's committee for Justice and Home Affairs and is available online. " This is the study that was commisioned by the EU - very interesting reading.

Don't Complain Here

[348]

Whining and bitching about big brother will achieve nothing. I you are interested in having more of their mission etc. made public, curbed completely or audited, the way to make a little noise and get heard is to write your representative. On the Echelon Watch site, they have an e-mail, letter, and fax engine that all you do is add your name, address etc. and something like this will get mailed.

As your constituent, I'm writing to ask for your support for a congressional inquiry into a threat to the privacy and civil liberties of all residents of the United States. I've read several credible reports that suggest that the global electronic communications surveillance system -- frequently known by the code name ECHELON -- presents an extreme threat to my privacy and that of other people around the world.

If you want to free hand your correspondence, get your senator or representatives name, address etc, from their wed site, and send the letter. Complaining on forums such as Slashdot, Attrition or HNN will not accomplish anything in bringing this stuff into the light. Whining on Slashdot only increases your Karma.

Re:Don't Complain Here

[G27+Radio]

Complaining on forums such as Slashdot, Attrition or HNN will not accomplish anything in bringing this stuff into the light. Whining on Slashdot only increases your Karma.

Not to disagree with your point about being proactive, but I've noticed a lot of people of people seem to disregard the importance of actually having the discussion. Most of the whining and bitching I read contains at least one element of interest, whether intended by the author or not.

Also keep in mind that not everyone that reads HNN, attrition, slashdot, etc, is predisposed to getting involved or reading discussions like this.

Even the things that could be considered "preaching to the choir" have some educational value for me. Reading other's thoughts on here reinforces ideas that I may have already had, but never thought to articulate or couldn't articulate as well as they did. Later on I can, and occasionally do, use these arguments effectively in day to day conversation. I'd dare say that I learn more from the bitching and preaching than I do from the original articles.

Bitch on brothers!

numb

related links

[ATKeiper]

Some links relating to the technology related to Echelon can be found in a recent edition of Crypto-Gram.

Also, there are several related links on the Personal Security page of the Center for the Study of Technology and Society.

Finally, if you want the wire version of the story, click here.

Yours,
A. Keiper
The Center for the Study of Technoloy and Society

Mirror

[brunes69]

The linked site appears to be slashdotted. I believe this is a valid mirrorof the report:

ht tp://www.cyber-rights.org/interception/stoa/interc eption_capabilities_2000.htm

Europe is pissed off

[spaceorb]

And it seems that France in particular has a taste for the fantastic. Microsoft is the NSA's largest customer, and IBM was forced into using DOS by the government?

France allegedly has its own Echelon, and no doubt that the UK does also. So if they're doing it themselves, why are they so pissed at the US?

The problem with Echelon

[jd]

The biggest problem with Echelon is the people that it's monitoring.

How so? Well, I've seen several posts suggesting writing to representitives. What good is that going to do? The NSA has refused to even say if the name even means anything to them, under Client - Lawyer privilage. Have you seen Congress push them into saying anything further? One try, and they seem satisfied they've done their part.

Ok, what about this jamming? As I've said on a number of occasions, NOBODY does interception by keywords. Even IDS systems use pattern-recognition and context-sensitive detectors. Why would one of the largest, most advanced, most brilliant collection of programmers and mathematicians use a simple 'tcpdump | grep'? It makes no sense.

Ok, so "conventional" jamming won't work, complaining gets nowhere, what CAN you do?

I'm not going to say people are powerless, because they're not. However, they DO need to be unorthodox. You can't break encryption, if you don't know the algorithm, or possible set of algorithms. Even then, your probability of a false positive goes up considerably, the greater the number of keys and/or algorithms.

There are a GREAT many encryption algorithms out there, some stronger than others but that's not really the point. If nobody can really tell which algorithm you're using, your effective keylength is equal to the key length of the -LONGEST- key possible, PLUS log2(number of algorithms).

eg: PGP/GPG uses RSA to encrypt a secret key, but uses a simple secret cypher to encrypt the message itself, using that secret key. If someone modified PGP/GPG to allow you to pick (or have it randomly select) one of, oh, 16 algorithms for the secret encryption, then your effective keylength is equal to 128 + 4 = 132. That's a lot tougher to crack (it'll take 16 times as long) and might well prove too difficult for a real-time system, such as Echelon.

Even so, I =can= tell you that Echelon is complex. My understanding is that it includes vast arrays of DSP chips embedded in the physical network, for pre-processing. The only hope is to make systems such as IPSec and PGP/GPG sufficiently advanced that one-size-fits-all solutions can't be used effectively.

effectiveness of echelon

[mistral]

how effective do slashdotters think echelon really is? and do you think they feed any data to U.S. commercial concerns? I've been thinking a bit about this recently; some simple calculations demonstrate that the amount of material they have to look through is simply phenomenal. The rumors say that the system has links to telephone lines, faxes, email systems, satellite links, and who knows what else. So, some extremely quick and dirty estimates:

I live in Boston with three other people and their respective girlfriends; most of us have cell phones. Our house has two phone lines, DSL, and ten computers hooked up behind a firewall. My roommate has a Palm V with an omnisky. That's eight or nine voice streams and as many data streams. The data streams are going all the time, and are all multiplexed through our single DSL connection. Now, admittedly we're a little more wired than most. So we'll scale this down a bit. Assume the government only is interested in monitoring large cities and a few out of the way enclaves dotted around the map. Maybe the ten largest US cities and 150 known subversive groups. Including the greater metro area, each city has maybe 4 million people on average, implying about 1.6 million families per city, giving 16 million
families total. We can guess that (plus or minus a few kooks) nearly every family has at least one phone line and 2 out of 5 have at least one cell phone. Probably 60% have an internet connection.
This gives us 32 million data streams, to monitor in real time, and at odd hours. Now given the current state of speech-to-text software, and assuming the NSA is 15-20 years ahead of the state-of-the-art (a very dubious assumption, these days), we'll also figure that with their software they can decrypt 200 voice streams per second with a pentium III. That still implies that they need the equivalent computing power of 160,000 high-end workstations.

Ok, this is not outside the realm of possibility. But it's right on the edge! Add in the complexity of understanding and dealing with different accents and different languages, static, spread spectrum cell phones, demultiplexing LANs, tapping who knows how many
switches, debugging the monitoring software and releasing (secret!) updates into the field, dealing with code words and both simple and complex black box and white box encryption, and dealing with the noise of slashdotters putting in things like "kill the president" and "natalie portman is trafficking in hot grits disguised as cocaine to pay off communist subversives," and we see that if Echelon exists, it's probably close to useless. And a horrible waste of taxpayers'
money. Though I guess developing such a omprehensive system could be valuable for use in targeted situations, like focusing on transmissions in a limited geographic area during high-tension conflicts.

These estimates are very much back-of-the-envelope, but does anybody see anything fundamentally wrong with them?

--
neil

Re:effectiveness of echelon

[adimarco]

Specific-purpose hardware could give them a big edge.

Funny you should say that.

I was interviewing for a job the other day with a Genetic Engineering firm, and about half way through the series of interviews, their sysadmin gave me a tour of the server room.

Amongst scary Enterprise Servers the likes of which I have only read about, they have a box with cool-looking (OSX-Aqua-esque in its sheer sleekness) blue lights which they apparently got from the NSA.

This box basically consists of 7000 simple, massively parallel processors specifically designed to do 1 thing: pattern matching from huge amounts of data. This has obvious benefits for the Genetic Engineering firm (genomic info is all just strings), and perhaps even more obvious benefits to the NSA.

Just thought it was interesting...

Anthony

How to really jam Echelon

[burris]

If you control a Linux box that sits on the net, go right now and get FreeS/WAN and install it. This is a free, open-source implementation of the IP/SEC protocols. Funded by John Gilmore (of Sun, Cygnus, EFF, and DEEP-CRACK fame), this software gives you secure Virtual Private Network support in Linux.

Set it up and create secure connections between your peers. Very soon it will support automatic keying using DNS-SEC (public keys kept in the DNS database).

Echelon makes little difference if everyone is using end-to-end transport level strong encryption.

Burris

Yawn, boring, encrypt your stuff

[rcromwell2]

Come on, what's with this echelon stuff? Have none of you read The CodeBreakers or The Puzzle Palace? Don't you realize this has been going on since the telegraph?

The wrong thing to do is to focus on "Echelon" Look, *ANYONE* can listen in on you, not just the NSA. Use a cell-phone? Use a cordless phone? Your neighbors will soon be able to buy or create scanners to decode digital transmissions. Use the internet? A hacker hacking into an ISP or wherever your mail is located can easily read it. How about cable modems? Opps, anyone can sniff your packets.

If you don't want to install window blinds or curtains on your windows, don't cry when someone uses a telescope to watch you getting undressed.

The only solution to the privacy problem is to use encryption. If your broadcast data in the clear over any medium, you are relying on security through obscurity.

Has anyone noticed how EU centric these articles are? Who's Echelon? Anyone not in mainland Europe apparently. US, Canada, Australia, New Zealand, UK, etc. (the GMO controversy also follows the same sort of dividing line, with the mainland Europeans being the most vocally opposed)

Of course, France, that moral and highly cultured "you don't even know what culture is you Americans", would never engage in something as distasteful as industrial espionage? Would they?

It's patently obvious that the world's spy agencies have been intercepting all the traffic they could, even since World War II and before. Echelon is nothing new, except a "ooh scary" code word.