Slashdot Mirror
CIA Researching Automated IRC Spying
Iphtashu Fitz writes "CNet News is reporting that the CIA has been quietly investing in research programs to automatically monitor Internet chat rooms. In a two year agreement with the National Science Foundation, CIA officials were involved with the selection of recipients for research grants to develop automated chat room monitors. Researchers at Rensselaer Polytechnic Institute received $157,673 from the CIA and NSF for their proposal of 'a system to be deployed in the background of any chat room as a silent listener for eavesdropping ... The proposed system could aid the intelligence community to discover hidden communities and communication patterns in chat rooms without human intervention.' How soon until all IM conversations are monitored by Big Brother? The abstract of the proposal is available on the NFS website."
Even if its able to spy on private chat rooms on major networks, they wont be able to spy on thoose who dont want to be spied on... Its relatively easy to set up your own IRC server, and control exactly who has axcess to it so the feds are left outside alone...
If you didn't have a reason to enable SSL on your IRCD or on your client, now sounds like a GREAT time to do so!
Does anyone know if theyre allowed to "spy" on foreign citizen? If i chat on an european server with fellow europeans i cant see any way that they should be allowed to "spy" on me?
The only reason the government gets technology like this developed is intelligent people will do anything for their degree or grant money. Until we all stand together and refuse to help Americans spy on other Americans or any one else in the world our rights will continue to slowly errode because of people like the researchers at Rensellaer. Really, they are the ones who need to be punished by ostracizing them from the scientific community and their neighborhoods to make it clear that any one who accepts tax dollars to further the goals of Big Brother are not welcome in our hearts or minds as comrades.
Posthuman since 2001.
you know its funny, everyone mentions BOTs, but did you think about the nature of the IRC protocol. as if the CIA wasn't redirecting other protocols to their workhorse servers for analysis, it would be pretty bloody easy for them to flex their muscle and have TCP/6667+ datagrams routed there as well.
Anyone who thinks that the CIA doesn't already have systems to automatically monitor email, chatrooms etc - needs to read a bit more on intelligence technology. This would fall under "Echelon" anyhow.
The NSF might lack the tools, but I sincerely doubt that the CIA are developing these sorts of very basic tools. More likely, the NSF aren't given access or information on the extent of CIA information gathering.
Also, I imagine such a news article makes the public likely to believe that the technology isn't already in active use.
Si tacuisses philosophus mansisses. If you had kept quiet, you would have remained a philosopher.
There ya go. Didn't Nixon say that, if you don't have anything to hide why do you want us to get a search warrant.
The CIA is still being semi-passive here. It's shady seeming, but I think if you can join freely, they can as well.
This surpasses basic monitoring of clear text protocols like irc but it still doesn't have the ability to monitor where you must actually be a part of a community. If you use irc over SSL, you're in the clear from passive and undetectable monitoring. This obviously gets around that but it means that they will have some interesting people poking around with people who normally do the poking on networks.
The rand corp goes one step further and seeks to hire people to become members of groups by being an outright spy. Pretty interesting stuff. It was on cypherpunks a while back.
It should be assumed that if you don't use encryption, it can be monitored. If you use encryption (irc over ssl, silc, etc) in a broadcast medium (for an entire room), you should assume it's monitored also. It would just have to be monitored by an agent of some sort.
It's all about the threat model you're up against.
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
Hey, can't have a police state without keeping your eyes on your own. You never know when the citizens turn unpatriotic.
They have to pretend to be "researching" things they've had in operation for decades to keep us regular folks from getting too suspicious.
They'll probably announce in a couple of months that IRC monitoring was not feasible due to the super-complicated technical problems inherent in logging plain text.
It's easy to understand why I'm upset. You might understand the next time you pay your taxes. Remember that a fraction of your hard work is going to pay for your government to listen in on your conversations. Many people are making a living at it. I think they and my government have better uses for my money. I did not ask for it, I don't like it and I don't want to pay for it. it's also well-known that your IP address is exposed to all those on the server.
If you don't mind that kind of thing, perhaps I can interest you in a few personal services. For the low price of $50/hr, I'll log all of the communications from your "exposed" IP address, cull what I want, damage your reputation by questioning your peers if I note anything suspicious and even charge you with crimes if you happen to say the wrong thing. Most of the work will be automated but I take no responsibility for the information being stolen by insurance companies, employers and other organizations that have a direct impact on your quality of life. By freedom of information, I'll be sure to let people know that I'm investigating you but I'll tell them that I'm an official government agency, so they won't question my motives and will instead turn their suspicions onto you. Sound like a good deal?
Pay up!
Friends don't help friends install M$ junk.
The CIA should be operating in public spaces - there's little expectation of privacy in public. joeschmo can watch IRC traffic, so spy007.exe should be able, too. The control points on this activity lie at a slightly deeper level: we need a definition of "public" vs. "private" on the Internet that can work in courts and congresses as well as in compilers and chatrooms. And the CIA, or any organization (government, corporate, NGO or otherwise) must abide copyright constraints, which include right to copy personal info (including message traffic) for the express purpose in the license. In the case of the CIA, that means info that is read from public data must be either immediately discarded, for the purpose of separating data relevant to an operation from that which is not; or, if stored, it must be directly relevant to an operation. That further requires the CIA define the scopes of its operations sufficient for Congressional oversight to second-guess decisions of what data to retain.
;) will say that once the CIA is operating at all in this medium (it surely already is), the finer points of policy and law will be given mere lip service, and abuse will be the norm. Unfortunately, the CIA has Americans over a barrel: their legitimate service is essential, while their unaccountability is lethal, in the survival of our society. This issue doesn't change that dilemma, though it forces the issue - and ought to pressure exactly these kind of delineations. Since the current purges at the CIA seem likely to merely institutionalize the Iran/Contra CIA abuses to the exclusion of any legitimate control, we who understand these issues can at least understand their workable boundaries, and enforce them ourselves, for ourselves. Like comprehensive crypto for messaging, which defines an expectation of privacy, whether defensible from CIA codebreaking filters or not. It's all we've got, and will be harder for the CIA, or any other prying eyes, to casually violate, either on the Net or in a court.
Of course, cynics (like me
--
make install -not war
IM is like a phone conversation. You talk with someone, and you "know" exactly who that someone is.
IRC is more like a bar. You're talking to a bunch of people, and people come and go freely. Of course people can record what you're saying in a bar, just as they can record a log of what's said in an IRC channel, but would you go to a bar with the expectation of your every word being recorded?
And, if you were in a bar and there was a high probability that your every word was being monitored, wouldn't you choose your words more carefully? For example, wouldn't you think twice about talking about your new supply of weed, that movie or that album you downloaded last night or that time you ripped off a bunch of stuff from work?
Of course, you're right that you shouldn't have a complete expectation of privacy in just about everything you do online but there's a difference between having no expectation of privacy and your every conversation actually being monitored.
There's a name for the country where everything is recorded and nothing goes unseen. It's called Oceania.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
No, they probably won't get terrorism information on IRC, but this isn't really about terrorism. It never was, despite what they say.
The Patriot Act was never going to give the government access to terrorists' library records, either. It was to find people in the United States who are "dissident". If people are talking about things (other than terrorism) that the government doesn't like, this IRC parser is an easy way to find them. Bolster the lists of people to watch. (They must be bored.)
Okay, so one of the largest and most complex intelligence organizations in the world is dropping $150k on getting a college to make a really complex chat logging system. How lame is that. Shouldn't the CIA have their own people that specialize in this kind of thing? Also, why are they getting the NSF to help fund it? $150000 is peanuts to these folks. They have a $40 billion or so budget. If something is this critical to "national security" doesn't it deserve more than .0004% of your resources?
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 is the magic number.
It wont take more than a couple days of monitoring all of that teen angst and drama for the computer to commit suicide.
Actually, this would not be that bad an idea, if only, IF ONLY, our government actually represented th average citizen, and NOT the corporations and the investors.
Until we can control our govts, something like this is just a bad thing.
eat shiat and bark at the moon
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Been tired of the kids monkeying around on IRC years ago and switched to Jabber. Good luck in monitoring my conversations on private servers with SSL connections and end-to-end PGP encryption. Distributed networks of servers like email or jabber (and unlike msn messenger, yahoo, aim, icq etc) seem to have other advantages, besides the "load balancing".
/. about "encrypted" usb-flash keys that kept password in plaintext on the key.
Or good luck to listening to my Skype conversations. Although, knowing that Skype is closed source and proprietary, I have absolutely no guarantee, that their claim of AES encryption gives me any protection/privacy. Just recently there was thread on
Or couple of years ago, I've had to convince my boss that "security" of MDaemon on Windows does not exist. I sat to its password files, noticed something peculiar about them and broke the "secret algorithm" in about 4hrs. Passwords were not even xored, they were summed[1] with "secret" and encoded with base64. The secret was "The setup process could not create the necessary system accout MDaemon".
Robert
[1] you know: (passwd[n] + secret[n]) & 0xff
Bastard Operator From 193.219.28.162
You assume that encryption will protect you. Go get any cryptography handbook, and the first thing it will say is that it is impossible to create an algorithim that is capable of producing unbreakable code. The goal of encryption is to make it so someone cannot break it in a certain time period.
If you are relying on SSL and consider yourself immune to spying, you are in for a suprise. If they want to spy on you badly enough, they can. It just takes more work with encryption.
HA! I just wasted some of your bandwidth with a frivolous sig!
They are creating this to monitor for terrorist activity right?
How long before it's used to monitor for dissenting comments towards the nationalist regime?
"We are at war with terrorist states Winston and we have always been at war with terrorist states; is that correct Winston?"
No, the only reason they get technology like this is because we allow them to ask for it. You think that if they offered enough money (say $157,673) that some company wouldn't jump to make this same product for them? Should we boycott IBM because they sell computers to the government which they then use to crack codes or monitor the Internet (Carnivore, etc)? Should we boycott Smith and Wesson because they make guns for agents to use? No, we should tell our government that they are not allowed to do these things. Making of tools should not be punished; commiting bad/wrong acts should be disallowed, especially in a government "by the people, of the people and for the people".
Nathan's blog