The Ultimate Net Monitoring Tool?

Wired News is reporting that the equipment found in the "secret" NSA room at AT&T wasn't some elaborate device designed by Big Brother. Rather, it is a commercially available network-analysis product that any company could acquire. From the article: "'Anything that comes through (an IP network), we can record,' says Steve Bannerman, marketing vice president of Narus, a Mountain View, California, company. 'We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on, we can reconstruct their VOIP calls.'"

Functional Spec and Deliverables

[Tackhead]

From TFfunctional specification:

The Semantic Traffic Analyzer received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it; moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live--did live, from habit that became instinct--in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized."

Orwell, G. Functional Specification, Narus STA 6400 (rev. 1984)

From TFA, the deliverable:

We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on, we can reconstruct their VOIP calls.

AT&T. Your world, delivered.

Hm.

[DoctorDyna]

Does it make anybody else nervous that there is a market for these products? "off the shelf" products that can scale to this degree?

If enough large companies are purchasing these to the degree that a company manufactures this equipment...exclusively.. doesn't that strike an interesting chord?

Bellyaching

[crossmr]

and all I hear is a bunch of bellyaching and "ooh they're evil!". As I stated a few weeks ago, Who is going to do anything about it? Evertyime we turn around the American government or corporations come up with a new way to spy on us, restrict our rights or do something else to make the world a little less pleasant.

If they can't come up with anything specific that day, W. calls the RIAA and has them sue a dead woman. They want to make people so damn paranoid that one day they'll just turn around and say "Okay we're taking over your life, here is your itinerary for the day, don't alter this schedule. You have a bowel movement scheduled in 15 minutes". The vast majority will think its an awesome idea.

These stories are great to remind us what a wasteland this place has become, but they serve no real purpose if no one actually does anything about it.

Re:Tor

[republican+gourd]

Are there any estimate as to what percentage of the Tor (or Freenet, or etc etc) nodes are actually run by the Three-Letter-Agencies themselves? Considering that just about every nation has its own intelligence/security type agencies, thats easily a couple hundred nodes right there, probably on 'decent enough' links to get a decent share of traffic but not so fast as to attract suspicion.

I remember reading about the Freenet Guy's planned changes (moving freenet to a friend-based system where you connect along lines of trust rather than completely anonymously, and immediately thought that the unstated goal was to cut *those* people out as much as possible rather (or in addition to) than the scalability reasons given.

Hmm, better post this anonymously...

Expectations

[ulpilot]

The law of the land (the USA anyway) says that if you have a conversation in a restaurant, there is no expectation of privacy. If you have a conversation at home, you do have an expectation of privacy, unless I consent to having my conversation recorded. As soon as you send/receive information in a public place there is no expectation of privacy, from a legal perspective.

If you send/receive packets of data over a public connection, i.e. the internet, somehow you are expecting privacy? Hmmm. (notice the thoughtful pause) If you want or need privacy over a public medium, it seems simple to me. Use encryption.

Don't get me wrong, I hate big government and big government's intrusion into my personal life. But, I also do not see my internet activity as a personal/private activity. There are just too many people involved. Webmasters see me visiting their site. My ISP knows where I go and what I do. So, I assume there will be others knowing that stuff too. There may be dozens of people 'knowing' what my internet activity looks like. No, I do not like big brother recording everything. It will, however take an amazing database to house all the data while waiting to be filtered and I am doubtful that the end result will accomplish what they are striving for.

Re:Article Is Spin, Of Course

[99BottlesOfBeerInMyF]

This device as designed and built for spying, and was placed into telcos everywhere on the PRETEXT of being useful for traffic analysis. Then the NSA came calling and bulldozed the telcos into giving them everything that goes through it.

Well, sort of. This device is (I believe) a modified version of what the ISPs have been using for a long time to let them accurately bill people for the services they offer and negotiate peering agreements and QoS contracts.

The fact of the matters is that Narus the company is run by an "Israeli immigrant" and is financed by, among others, an Israeli investment company, one of the partners of whom happens to have worked for the Israeli government, including a stint developing optical devices for the Israeli military.

Whoa, whoa, whoa there cowboy! Now I like a good conspiracy theory as much as the next guy, but you're making some pretty big and likely unwarranted leaps here. A whole lot of the traffic shaping, modeling, and balancing technology came out of Israel. The university there had a top notch network engineering program with a lot of smart people and patents coming out of it. Most moved to the US, where they could make money off of the .com boom and the aftermath. I know because I work with one of the professors who came over here to do that and let me tell you, he giggles way to much to be a mossad agent. I imagine anyone working in high-tech in Israel probably did some work for the military, especially if they were in academia.

And one of the directors on the board happens to be an "ex-" NSA guy...

So? I'm sure it helped them get the contract, and maybe helped them decide on the feature set. This is very common in the security industry. The company I work for has ex Microsoft people and ex-Cisco people. Surprise, surprise we sell to both of them. Another company we do a lot business with has ex Naval intelligence and NSA people. Guess who two of their big customers are? That is just the way the industry works. If you know people, you have an in and and often an advocate who helps to make the sale.

The reality is that this device was designed and built for spying by the Mossad, in collaboration with the NSA, and then sold to the telcos under a pretext, which was then altered by arm-twisting or payment to the telcos to sell out the US Constitution.

The reality is, some people found a niche and they filled it. This same type of functionality is needed for billing services and compliance with a number of government acts regarding lawful intercept, financing, security, and privacy assurance. Now maybe the NSA or AT&T requested added features to make this sort of activity easier. Maybe Narus came up with them on its own and sold them on it.

I certainly think it is being misused and in a way that violates the founding principals of our government. That does not mean it is some grand conspiracy and running off half-cocked spouting this sort of unsupportable nonsense isn't helping anything. All it is doing is reducing the credibility of those who argue to have this sort of thing stopped and distracting people from the real issue.

..or is that your intention? You certainly do enough rabble rousing and insulting. If you really want to help, stick to the facts, not the wild speculation.

Could the government log all postal activity?

[martyb]

You wouldn't let a government agent swing by every morning and look at all the mailing addresses on letters going to/from your house, why the hell would you let them do the same to your phone records?

This got me thinking... according to this link: Handwritten address interpretation :

Handwritten address interpretation research began at CEDAR in 1987 through funding from the United States Postal Service (USPS). The objective was to automate mail sorting through a system that could read a handwritten street address and ZIP code and encode each envelope with the destination address for machine sorting.

This research ultimately led to the development and deployment of system that automates mail sorting through image analysis, digit recognition, word recognition, postal directory lookup, and a barcode assignment that designates the destination address. Since field-testing began in 1996, the Handwritten Address Interpretation System (HWAI) has been implemented at all USPS mail processing centers.

(emphasis mine.)

So, it's only a small step to record all that metadata for every letter sent within the USA. Just have postmasters general submit the day's scan logs to the gov't for review for possible terrorist links, and, by the way, archive all th information received. This information could include:

• Who received mail.
• Who sent it (from the return address).
• When it was sent.
• How much it weighed.
• How urgently it was sent (overnight, first class, parcel post, etc.)

So, maybe you were just joking, but from what I've seen lately, I'd have to suspect that this may already in place... can anyone corroborate this?