Slashdot Mirror
Open Source Spying
eldavojohn writes "The New York Times is running a very lengthy but amazingly interesting article on the short history of open source software and information on the inside of the intelligence community. The article discusses the transformation of the intelligence community from fighting the Cold War with traditional information exchange to fighting terrorism today utilizing things like wikis & blogs. From the end of the article, 'Today's spies exist in an age of constant information exchange, in which everyday citizens swap news, dial up satellite pictures of their houses and collaborate on distant Web sites with strangers. As John Arquilla told me, if the spies do not join the rest of the world, they risk growing to resemble the rigid, unchanging bureaucracy that they once confronted during the cold war. "Fifteen years ago we were fighting the Soviet Union," he said. "Who knew it would be replicated today in the intelligence community?"' You may recall that the CIA now has their own classified Wiki. I think it's interesting that the 9/11 Report recommended that United States agencies such as the DoD, CIA & FBI learn to share information more freely to overcome terrorism and now they're turning to internet community applications to accomplish that."
I hope I don't have to repeat myself.
THAT'S WHAT THEY WANT YOU TO THINK.
"Yeah, our systems are like old and stuff. Boy we sure aren't very technically adept at all. We couldn't monitor all phone calls in the world and automatically flag some for futher investigation. Nosiree. We're just some bumpkins who fell off the turnip truck near the guardpost at Langley. What's a cumpooter?"
It makes you wonder whether or not people will take offense to their tools being used by such agencies and whether or not they'll develop licenses to ban them from using them. If they do, would they be enforceable (assuming the person somehow found out). And if it was enforceable, is there absolutely any way to find out legally? Whistle blower? If the government breaks license agreements and classifies that information, shouldn't that be illegal?
That's what the Patriot Act was designed to address. Make us safer by making the government more efficient.
Back in the cold war times, secret services agencies had hundred of peoples reading ad analyzing every number of the must important publications in the world, searching for clues and disguised information. I guess the same can be applied now for the web, with the advantage that it's a lot easier to search the web and classify information using database filters than it was back then.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
One thing tha was not really discussed in the Times article was whether the same type of "social software" is being used in other countries' spy agencies. And what about international groups like Interpol and NATO. How do they share information that is sensitive and/or secret in some way?
lol!!1 dude, huk me up wit mor polonomiem, codmrade! i ttly blu my stash on AlexL.
u c american idel lstnt? ROTFLMFAO!!!1181
I think it's interesting that the 9/11 Report recommended that United States agencies such as the DoD, CIA & FBI learn to share information more freely to overcome terrorism and now they're turning to internet community applications to accomplish that."
They will be sharing more internally, cutting across organizational boundaries and through previous barriers, and not necessarily with the outside world.
We will often never hear of their successes, even when some of them are readily available. I'm astonished how often you read comments denying that there have been any terrorism arrests or convictions, and acting as if it was all made up*.
* And this doesn't even get into the fringe ideas worthy of debunking.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Just because they said Open Source on one of ten pages doesn't meant they're talking about open source software. Blogs and Wikis are concepts, and it wasn't mentioned what software they run on. The whole thing was just about (surprise surprise) how much technology sucks in the government, and how two people (out of all of inteligence community) are trying to change it. The reported just used the term 'Open Source' to mean shareing.
RTFA.
"Listen. I work for the CIA. I am not a spy. I just read books! We read everything that's published in the world. And we... we feed the plots - dirty tricks, codes - into a computer, and the computer checks against actual CIA plans and operations. I look for leaks, I look for new ideas... We read adventures and novels and journals. I... I... Who'd invent a job like that?"
;-)
Even in the 70's they had really cool microfiche machines!
http://www.imdb.com/title/tt0073802/
I think it's interesting that the 9/11 Report recommended that United States agencies such as the DoD, CIA & FBI learn to share information more freely to overcome terrorism and now they're turning to internet community applications to accomplish that.
Very interesting, but certainly not surprising. Tools such as Wikis and blogs have exploded in popularity with the private sector because they are easy to use and more efficient than available alternatives (if any exist). It makes perfect sense that government agencies would be looking to harness those same advantages that have worked to the benefit of the public at large.
I think one of the most interesting things to me in my limited dealings with unclassified DoD communications contracting is that these government entities do not have an aversion to or ignorance of the available OSS technologies. On the contrary, they frequently have a strong desire to use these tools, but they're waiting for budget money to contract someone to tell them how to use it properly and securely. Unfortunately they often end up waiting far longer than they should.
I am very suprised by this too. I would really expect them to go after a cheaper and more efficient communication structure. Take pigeons, for example. They are useful in all sorts of ways
I read the article yesterday. I almost submited it to /., but then I realized it has almost nothing to do with open source. The article primarily talks about the "wiki" style of intelligence the US gov't is trying to set up, instead of the "need-to-know" style. It talks about technical issues preventing that which could easily be solved among the /. crowd.
--<Mike>--
I read it Sunday and also submitted it to /. The thing about it is that the author gets both the spy agency and the technology. I heard a comment on the radio the other day that I can't quite remember but it said that terrorism is just a technology problem waiting to be solved and the best way to do it is to open source it and have a million eyeballs on the thing.
Anything would be better than the annoyance of having to be at an airport for two hours, ditch most carry-on items, and submit to ridiculous searches and checks.
Yeah, I'm as old as my UID would suggest.
Pathetic that an open-source wiki *needs* to be established, but it's accomplished more than, say, SAIC's failed $200M boondoggle that was supposed to modernize the FBI's computer systems. See http://www.washingtonpost.com/wp-dyn/content/artic le/2006/08/17/AR2006081701485_pf.html for an enlightening read.
I'm currently working in a contract job at an agency where surveillance is a major tool. (No, no one is spying on any Americans). The nature of the overall mission is critical to the safety of the United States, and that's all I can say about that.
I can say that the use of alternate technologies (vice the old ways of communicating) have been around for a while. Small case in point: whan units in the midst of an operation wish to communicate covertly, outside of the earshot of those they're watching, they frequently use IRC-type chats, although on a secure network. It's an effective tool because the data link is secure, and there's no emanations for the bad guys to monitor.
On the specific job in which I'm working, we are using a variety of open source tools, but not enough for my satisfaction. Part of the problem is the layers of IT security that surround even simple tasks like updating the version of Perl on a system (or accessing CPAN, which is nearly impossible), or which version of Linux or Solaris is certified for use on the secure network. This causes a lot of lag time, slowdowns in development and Catch-22s.
But, it's getting better, and it's a lot better then it used to be.
it didn't mention www.cryptome.org - a site which covers this sort of thing routinely. Whenever you read about "a US based site is hosting the information" it's this one. Well worth checking out.
Agreed. So was the very first Wiki and Blog, Open Source?
"Open source" in the intelligence community means "publicly available." Newspapers, web sites, etc. It's possible the writer was confused at some point by this usage and passed that on. I haven't finished the article yet.
"We will often never hear of their successes, even when some of them are readily available."
On the contrary, we will OFTEN read of their successes, even non-viable Mygyver plots involving wet-ones and jello will be claimed as successes and put up on the Whitehouse page. We will never hear of their failures, because those are bad for politics and being secrets that are not subject to scrutiny, they never have to be revealed.
Just like every person shot or bombed in Iraq is an 'insurgent' or 'terrorist' because the US has magic 'insurgent seeking munitions'.
Ever person kidnapped on those 1400+ rendition flights is a terrorist, because the CIA couldn't possible be wrong. And sure there are really only 19 people on those rendition flights, the US just flew them around a lot for the ride.
And if the net result of their +3 'Successes for Freedom' and their -10 'Taking Freedoms Away' is -7, it will still be claimed as a success for freedom.
Truly they are heroes in their own minds.
http://en.wikipedia.org/wiki/Open_source_informati on
People are way ahead. See
http://www.whosarat.com/
Don't forget the helpful insiders
Did you know that the number of terrorists has tripled in the past six months?
Slashdot Burying Stories About Slashdot Media Owned
OMG!!! Terrorist ponies!!! LOL!!1 /obligatory
There are (at least) two ways to prevent people from doing what you don't want them to do. The first is making it impossible for them to do it, even if they know how you're preventing them. I argue that this is analogous to the open-source model of security - the algorithms are open source but the encryption is still hard to break.
The second method is obfuscation - making "doing what you don't want people to do" or "reading what you don't want people to read" so difficult, obscure (secret), bureaucratic, or otherwise unappealing, that they either can't or don't want to follow through. I argue that this is analogous to the closed-source model of security - the algorithms are unknown (and so the encryption might be hard to break), but if the algorithms were known, the encryption would be easy to break.
In the long run, people find ways around obfuscated security measures, analogous to untying a complicated knot, or finding a needle in a haystack. My point is that cracking obfuscated security requires time and energy (e.g. for a brute force crack), or maybe leaked information, but not necessarily innovation (although creative solutions are possible).
While open source security measures aren't perfect, breaking them will, almost by definition, require inventing new algorithms - and once these algorithms are known, they can be used to make security tighter. This is different (and more secure in the long run) than simply creating a longer password or more complicated hash.
This article clarifies for me that, in the long run, governments must ultimately choose the open-source method. Collaboration and freedom of information at the cost of obfuscation and some secrecy is necessary.
(( (CRAYON) )) >
What's the point of this kind of research when terrorists can just make their myspace friends only?!
What this all adds up to is that there are myriad obstacles to a number of different kinds of people who could be very helpful to US national security joining the intelligence services, which becomes a contributing factor to perpetuating the situation, i.e. a vicious circle. I don't think its the nature of government, its the nature of the present administration, that is scaring people off.
I believe that the CIA using open technologies such as a wiki or a blog only shows the strength of sharing. I don't think this is new info. Someone was fired from the CIA a while ago for blogging about torture. So, even though they got the open software, it seems like they still don't now how to use it correctly.
They have their own classified wiki? I wonder if it has different levels of classification. Like, you can see this post, but your login doesn't have clearance for this post.
Anyway, I say go open source community! You are making the world better.
I'll forgo my thoughts on the 9/11 cOmmission report, only to say that today is 1911 days since the attack.
A wiki without trolls. My mind is aboggle*.
*yeah, made up word.
He tried to kill me with a forklift!
First of all, Slashdotters need to understand that the term "open source" can be used differently in other contexts. In the intelligence community it has a specific meaning that has nothing to do with software - it refers to intelligence information available through publicly available sources (e.g., the news media, jihadist web sites, web blogs). Don't read too much into the title of the article - I doubt even the author knows for sure which meaning of "open source" was intended.
What is this? A vague hint that open source is communism?
Ah, if it were only possible to tell when the Feds were viewing your information... Any spending time on some blogs would have some explaining to do. There's not always coded messages, there's not always secrets - um, unless you count Victoria...
Parent must be an example of what happens when the "social software" is actually MySpace. Maybe it's called SpySpace.
should have been a better title, isnt it?e nce
http://en.wikipedia.org/wiki/Open_source_intellig
We will never hear of their failures, because those are bad for politics and being secrets that are not subject to scrutiny, they never have to be revealed.
Hmmm...and so how is it you know enough about the many failures to be so cynical? Who revealed the deep dark secrets to you? Or when you say "we" do you really mean you stupid yobos, us, the great ignorant unwashed public, who aren't nearly as clever as youself and can't see the obvious?
Just like every person shot or bombed in Iraq is an 'insurgent' or 'terrorist' because the US has magic 'insurgent seeking munitions'.
I should think not. That would be logically impossible. But it seems you are hoping by the obvious falseness of this extreme to imply that the other extreme must be true: that none or very few of the people killed in Iraq by Americans are 'insurgents' or 'terrorists.' This is a deceptive form of argument sometimes called the Bifurcation or Black-and-White fallacy. In fact, clearly there are a range of possibilities for who's being killed by Americans in Iraq, from 0% bad guys to 100% bad guys. The fact that it's obviously not 100% bad guys -- because of the lack of those 'insurgent seeking munitions' -- doesn't really say a damn thing about what the real number is. It certainly doesn't say it's 0%, or near 0%. It could be 97% bad guys.
Most people believe the number is pretty high, say 90-95%, and they consider that a pretty acceptable real-life tough-situation performance, at least as compared to, say, the high-altitude bombing deployed by the Clinton Administration with European encouragement in Bosnia, or compared to the complete inaction observed in Rwanda during the 90s, and in Darfur right now, both of which techniques tend to turn in much crappier ratios of bad-guys-to-innocents killed. Nevertheless, I would certainly agree that folks might be terribly deluded, and it could be that the real number is 10-20%. It could be that 80% of the Iraqis killed by American troops are innocents on whom the crazed soldiers unload a few rounds by accident, or just to blow off steam. And it could be there exists a conspiracy to suppress this hideous truth involving the whole US Administration, most of Congress, and nearly all of the 140,000 ordinary men and women in uniform over there. Stranger things have happened. (Although not in my lifetime.)
Who is that? Maybe you're confusing Gen Douglas MacArthur with Sen Joseph McCarthy. Idiot.
Well, no. Blogs and wikis are just new media outlets of information. The agencies just discovered that they are being used more by those they are spying on (i.e. more accurate and time-sensitive) versus the older channels of communications.
The agencies made the same transistion we're seeing today during the radio -- TV/Video Tapes switch over. It's just they gotten so huge that the organizations are slow to respond compared to the last transition (not to mention budget cuts and mission snafus)--the problem is it's not the technology, it's not the information wants to be free thing, it's the mission, the organization and the politics. In the 9/11 report, sharing is a 1/4 of the problem. Imagine monitoring the telco network (that was back in thec cold war era). Now imagine 2 (ethernet), of even 3 (cells) networks to monitor... then look at interoperability between these nets--definitely difficult by an exponential factor.
"Today's spies exist in an age of constant information exchange"
If anything, monitoring interoperable technologies is the real pain in their analysis.
"Hmmm...and so how is it you know enough about the many failures to be so cynical? "
GP said you wouldn't hear about successes, yet he pointed to a Whitehouse page touting successes. Can you point me to the Whitehouse page touting failures?
"I should think not. That would be logically impossible. "
Not in the Army press releases it's not, it's routine.
"Most people believe the number is pretty high, say 90-95%,"
Most people believe the number is 30%-40% and that would be high for street to street fighting.
Withen the first few paragraphs of this article I could not take it seriously... The guy who was in the DIA and than left, sounds like a complete moron... a web developer... who likes to blog and AIM, doesnt sound like a candidate for spying, I wouldnt even let this guy watch my home network. they probably showed him nmap... and he was like WTF NO BUTTONS!? the real tools of the trade arent fancy click-and-spy like what this moron was fantisizing about, this article / guy = lame not even worth any more of my time...
The old system was geared to limiting the damage that one traitor could do by limiting the amount of intelligence information that one person could see. This made sense when the KGB was dangling money in front of people to get them to reveal information that would weaken US intelligence capabilities.
The cost was severe of course. Maybe the risks are worth the benefits. A lot depends on the likelihood of enemy infiltration of the UN intelligence community.
a local police department in the Netherlands has started publishing files about cold cases, old unsolved crimes. They invite the general public to do more than just providing eye witness reports, but to come up with new angles and explanations.
see http://www.politieonderzoeken.nl/ (in Dutch, and uses flash)
-- my 7XL is not yet invented
So is it obvious that there may be interesting posts buried in the response to this article? Somebody please browse at 0 and mod the good stuff up?
It occurs to me that any intelligence agency is always about keeping and finding secrets. No computer system is secure, we all know that, least of all a network. I'll just bet there are many people opposed to using such a system since all it takes is one double agent and all the secrets are out. No only our secrets but exactly which of bad guys secrets we know and how much we know about them. The positive aspects would be negated by the dangers inherent in any such system.
And when these secrets can get people killed in nasty ways (yes, this still happens), any such system would be not only detrimental but horrendous. So I'm glad CIA agents aren't blogging about their latest secrets. In fact, I'm very glad.
On the other hand there are many opportunities to use information technology to an intelligence agency's advantage and I'm convinced they are doing so. I've always thought a public forum would be a great place to convey information to a contact.
So. That said.
Note to Joe: It's a cold day for pontooning.