Slashdot Mirror
Open Source Spying
eldavojohn writes "The New York Times is running a very lengthy but amazingly interesting article on the short history of open source software and information on the inside of the intelligence community. The article discusses the transformation of the intelligence community from fighting the Cold War with traditional information exchange to fighting terrorism today utilizing things like wikis & blogs. From the end of the article, 'Today's spies exist in an age of constant information exchange, in which everyday citizens swap news, dial up satellite pictures of their houses and collaborate on distant Web sites with strangers. As John Arquilla told me, if the spies do not join the rest of the world, they risk growing to resemble the rigid, unchanging bureaucracy that they once confronted during the cold war. "Fifteen years ago we were fighting the Soviet Union," he said. "Who knew it would be replicated today in the intelligence community?"' You may recall that the CIA now has their own classified Wiki. I think it's interesting that the 9/11 Report recommended that United States agencies such as the DoD, CIA & FBI learn to share information more freely to overcome terrorism and now they're turning to internet community applications to accomplish that."
I hope I don't have to repeat myself.
THAT'S WHAT THEY WANT YOU TO THINK.
"Yeah, our systems are like old and stuff. Boy we sure aren't very technically adept at all. We couldn't monitor all phone calls in the world and automatically flag some for futher investigation. Nosiree. We're just some bumpkins who fell off the turnip truck near the guardpost at Langley. What's a cumpooter?"
It makes you wonder whether or not people will take offense to their tools being used by such agencies and whether or not they'll develop licenses to ban them from using them. If they do, would they be enforceable (assuming the person somehow found out). And if it was enforceable, is there absolutely any way to find out legally? Whistle blower? If the government breaks license agreements and classifies that information, shouldn't that be illegal?
That's what the Patriot Act was designed to address. Make us safer by making the government more efficient.
Back in the cold war times, secret services agencies had hundred of peoples reading ad analyzing every number of the must important publications in the world, searching for clues and disguised information. I guess the same can be applied now for the web, with the advantage that it's a lot easier to search the web and classify information using database filters than it was back then.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
One thing tha was not really discussed in the Times article was whether the same type of "social software" is being used in other countries' spy agencies. And what about international groups like Interpol and NATO. How do they share information that is sensitive and/or secret in some way?
I think it's interesting that the 9/11 Report recommended that United States agencies such as the DoD, CIA & FBI learn to share information more freely to overcome terrorism and now they're turning to internet community applications to accomplish that."
They will be sharing more internally, cutting across organizational boundaries and through previous barriers, and not necessarily with the outside world.
We will often never hear of their successes, even when some of them are readily available. I'm astonished how often you read comments denying that there have been any terrorism arrests or convictions, and acting as if it was all made up*.
* And this doesn't even get into the fringe ideas worthy of debunking.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Just because they said Open Source on one of ten pages doesn't meant they're talking about open source software. Blogs and Wikis are concepts, and it wasn't mentioned what software they run on. The whole thing was just about (surprise surprise) how much technology sucks in the government, and how two people (out of all of inteligence community) are trying to change it. The reported just used the term 'Open Source' to mean shareing.
RTFA.
I think it's interesting that the 9/11 Report recommended that United States agencies such as the DoD, CIA & FBI learn to share information more freely to overcome terrorism and now they're turning to internet community applications to accomplish that.
Very interesting, but certainly not surprising. Tools such as Wikis and blogs have exploded in popularity with the private sector because they are easy to use and more efficient than available alternatives (if any exist). It makes perfect sense that government agencies would be looking to harness those same advantages that have worked to the benefit of the public at large.
I think one of the most interesting things to me in my limited dealings with unclassified DoD communications contracting is that these government entities do not have an aversion to or ignorance of the available OSS technologies. On the contrary, they frequently have a strong desire to use these tools, but they're waiting for budget money to contract someone to tell them how to use it properly and securely. Unfortunately they often end up waiting far longer than they should.
I am very suprised by this too. I would really expect them to go after a cheaper and more efficient communication structure. Take pigeons, for example. They are useful in all sorts of ways
I read the article yesterday. I almost submited it to /., but then I realized it has almost nothing to do with open source. The article primarily talks about the "wiki" style of intelligence the US gov't is trying to set up, instead of the "need-to-know" style. It talks about technical issues preventing that which could easily be solved among the /. crowd.
--<Mike>--
I read it Sunday and also submitted it to /. The thing about it is that the author gets both the spy agency and the technology. I heard a comment on the radio the other day that I can't quite remember but it said that terrorism is just a technology problem waiting to be solved and the best way to do it is to open source it and have a million eyeballs on the thing.
Anything would be better than the annoyance of having to be at an airport for two hours, ditch most carry-on items, and submit to ridiculous searches and checks.
Yeah, I'm as old as my UID would suggest.
Pathetic that an open-source wiki *needs* to be established, but it's accomplished more than, say, SAIC's failed $200M boondoggle that was supposed to modernize the FBI's computer systems. See http://www.washingtonpost.com/wp-dyn/content/artic le/2006/08/17/AR2006081701485_pf.html for an enlightening read.
it didn't mention www.cryptome.org - a site which covers this sort of thing routinely. Whenever you read about "a US based site is hosting the information" it's this one. Well worth checking out.
Just like every person shot or bombed in Iraq is an 'insurgent' or 'terrorist' because the US has magic 'insurgent seeking munitions'.
Do you have any idea how different that conflict would look if we did act like the insurgents and exhibit no concern over who got killed on the sidelines? If we know there's an Acme IED Factory franchise operating out of the basement of a Baghdad apartment building, we can either risk the lives of our own people, and try to surgically deal with it, or we can just drop some big ol' bombs on the neighborhood and totally level the entire place. Guess which happens the most often. That's how our team gets shot up on raids - by choosing not to level whole neighborhoods the easy way. And of course, the guy with the backpack full of Iraninan RPGs doesn't just go into the place with the "Insurgent Hotel" sign over the door - he operates out of the local civilian population specifically as a form of cover, knowing we don't just hose down entire city blocks to kill one guy. How many people who've been there, on the ground, hunting these clowns, have ever sat down with and had a beer? Ah, I see.
And sure there are really only 19 people on those rendition flights, the US just flew them around a lot for the ride.
Well, since you're an expert on who works those flights, on the intel that's gathered in advance of capturing people like KSM or his cronies, on the places where these people are kept, on the tactics that are used to weed out the ones that have the financial, logistical, and tactical connections to the people pulling the strategic strings - do tell! Since you're quick to say what it's not, explain what it is, and cite your sources.
Don't disappoint your bird dog. Go to the range.
Did you know that the number of terrorists has tripled in the past six months?
Slashdot Burying Stories About Slashdot Media Owned
OMG!!! Terrorist ponies!!! LOL!!1 /obligatory
There are (at least) two ways to prevent people from doing what you don't want them to do. The first is making it impossible for them to do it, even if they know how you're preventing them. I argue that this is analogous to the open-source model of security - the algorithms are open source but the encryption is still hard to break.
The second method is obfuscation - making "doing what you don't want people to do" or "reading what you don't want people to read" so difficult, obscure (secret), bureaucratic, or otherwise unappealing, that they either can't or don't want to follow through. I argue that this is analogous to the closed-source model of security - the algorithms are unknown (and so the encryption might be hard to break), but if the algorithms were known, the encryption would be easy to break.
In the long run, people find ways around obfuscated security measures, analogous to untying a complicated knot, or finding a needle in a haystack. My point is that cracking obfuscated security requires time and energy (e.g. for a brute force crack), or maybe leaked information, but not necessarily innovation (although creative solutions are possible).
While open source security measures aren't perfect, breaking them will, almost by definition, require inventing new algorithms - and once these algorithms are known, they can be used to make security tighter. This is different (and more secure in the long run) than simply creating a longer password or more complicated hash.
This article clarifies for me that, in the long run, governments must ultimately choose the open-source method. Collaboration and freedom of information at the cost of obfuscation and some secrecy is necessary.
(( (CRAYON) )) >
What's the point of this kind of research when terrorists can just make their myspace friends only?!
What this all adds up to is that there are myriad obstacles to a number of different kinds of people who could be very helpful to US national security joining the intelligence services, which becomes a contributing factor to perpetuating the situation, i.e. a vicious circle. I don't think its the nature of government, its the nature of the present administration, that is scaring people off.
I believe that the CIA using open technologies such as a wiki or a blog only shows the strength of sharing. I don't think this is new info. Someone was fired from the CIA a while ago for blogging about torture. So, even though they got the open software, it seems like they still don't now how to use it correctly.
They have their own classified wiki? I wonder if it has different levels of classification. Like, you can see this post, but your login doesn't have clearance for this post.
Anyway, I say go open source community! You are making the world better.
I'll forgo my thoughts on the 9/11 cOmmission report, only to say that today is 1911 days since the attack.
A wiki without trolls. My mind is aboggle*.
*yeah, made up word.
He tried to kill me with a forklift!
First of all, Slashdotters need to understand that the term "open source" can be used differently in other contexts. In the intelligence community it has a specific meaning that has nothing to do with software - it refers to intelligence information available through publicly available sources (e.g., the news media, jihadist web sites, web blogs). Don't read too much into the title of the article - I doubt even the author knows for sure which meaning of "open source" was intended.
"Do you have any idea how different that conflict would look if we did act like the insurgents and exhibit no concern over who got killed on the sidelines?"
. html
You'd lose quicker. Remember you're supposed to win this one by *not* killing the civilian population.
"That's how our team gets shot up on raids"
So don't go on raids, declare yourself the winner and leave now.
"How many people who've been there, on the ground, hunting these clowns, have ever sat down with and had a beer?" Two.
"Since you're quick to say what it's not, explain what it is, and cite your sources."
http://news.bbc.co.uk/2/hi/americas/4946668.stm
"The CIA has run more than 1,000 flights within the European Union since 2001, often transporting terror suspects for questioning overseas, MEPs have said."
14 people transferred to Gitmo:
http://www.guardian.co.uk/usa/story/0,,1947647,00
1000 rendition flights could not possibly be used to transport so few people.
Do you wonder why they are shooting at you in Iraq when you are supposed to be the heroes who saved them from Sadam? Do you see no connection between the choices you make and the outcome?
What is this? A vague hint that open source is communism?
Ah, if it were only possible to tell when the Feds were viewing your information... Any spending time on some blogs would have some explaining to do. There's not always coded messages, there's not always secrets - um, unless you count Victoria...
Do you wonder why they are shooting at you in Iraq
You use the word "they" as if "the Iraqi people" are doing the shooting. Most of the people being shot by Iraqi people are other Iraqi people - but that's only a very small part of the carnage. Just like under Saddam - except that then, it was the minority Sunnis as brutally ruled by a family from Tikrit, killing people by the tens of thousands, for decades on end. Now you've got small sectarian cells fueled by cash and weapons from Iran and Syria, with the local Al Queda operator pouring gasoline on the fire. The average Iraqi is hardly rising up against the troops that are there training local forces, building infrastructure, and protecting the elected government as best they can from assasination attempts by foreign insurgents or would-be theocratic idiots that proclaim democracy to be un-Islamic.
Don't disappoint your bird dog. Go to the range.
Parent must be an example of what happens when the "social software" is actually MySpace. Maybe it's called SpySpace.
We will never hear of their failures, because those are bad for politics and being secrets that are not subject to scrutiny, they never have to be revealed.
Hmmm...and so how is it you know enough about the many failures to be so cynical? Who revealed the deep dark secrets to you? Or when you say "we" do you really mean you stupid yobos, us, the great ignorant unwashed public, who aren't nearly as clever as youself and can't see the obvious?
Just like every person shot or bombed in Iraq is an 'insurgent' or 'terrorist' because the US has magic 'insurgent seeking munitions'.
I should think not. That would be logically impossible. But it seems you are hoping by the obvious falseness of this extreme to imply that the other extreme must be true: that none or very few of the people killed in Iraq by Americans are 'insurgents' or 'terrorists.' This is a deceptive form of argument sometimes called the Bifurcation or Black-and-White fallacy. In fact, clearly there are a range of possibilities for who's being killed by Americans in Iraq, from 0% bad guys to 100% bad guys. The fact that it's obviously not 100% bad guys -- because of the lack of those 'insurgent seeking munitions' -- doesn't really say a damn thing about what the real number is. It certainly doesn't say it's 0%, or near 0%. It could be 97% bad guys.
Most people believe the number is pretty high, say 90-95%, and they consider that a pretty acceptable real-life tough-situation performance, at least as compared to, say, the high-altitude bombing deployed by the Clinton Administration with European encouragement in Bosnia, or compared to the complete inaction observed in Rwanda during the 90s, and in Darfur right now, both of which techniques tend to turn in much crappier ratios of bad-guys-to-innocents killed. Nevertheless, I would certainly agree that folks might be terribly deluded, and it could be that the real number is 10-20%. It could be that 80% of the Iraqis killed by American troops are innocents on whom the crazed soldiers unload a few rounds by accident, or just to blow off steam. And it could be there exists a conspiracy to suppress this hideous truth involving the whole US Administration, most of Congress, and nearly all of the 140,000 ordinary men and women in uniform over there. Stranger things have happened. (Although not in my lifetime.)
Well, no. Blogs and wikis are just new media outlets of information. The agencies just discovered that they are being used more by those they are spying on (i.e. more accurate and time-sensitive) versus the older channels of communications.
The agencies made the same transistion we're seeing today during the radio -- TV/Video Tapes switch over. It's just they gotten so huge that the organizations are slow to respond compared to the last transition (not to mention budget cuts and mission snafus)--the problem is it's not the technology, it's not the information wants to be free thing, it's the mission, the organization and the politics. In the 9/11 report, sharing is a 1/4 of the problem. Imagine monitoring the telco network (that was back in thec cold war era). Now imagine 2 (ethernet), of even 3 (cells) networks to monitor... then look at interoperability between these nets--definitely difficult by an exponential factor.
"Today's spies exist in an age of constant information exchange"
If anything, monitoring interoperable technologies is the real pain in their analysis.
Withen the first few paragraphs of this article I could not take it seriously... The guy who was in the DIA and than left, sounds like a complete moron... a web developer... who likes to blog and AIM, doesnt sound like a candidate for spying, I wouldnt even let this guy watch my home network. they probably showed him nmap... and he was like WTF NO BUTTONS!? the real tools of the trade arent fancy click-and-spy like what this moron was fantisizing about, this article / guy = lame not even worth any more of my time...
The old system was geared to limiting the damage that one traitor could do by limiting the amount of intelligence information that one person could see. This made sense when the KGB was dangling money in front of people to get them to reveal information that would weaken US intelligence capabilities.
The cost was severe of course. Maybe the risks are worth the benefits. A lot depends on the likelihood of enemy infiltration of the UN intelligence community.
a local police department in the Netherlands has started publishing files about cold cases, old unsolved crimes. They invite the general public to do more than just providing eye witness reports, but to come up with new angles and explanations.
see http://www.politieonderzoeken.nl/ (in Dutch, and uses flash)
-- my 7XL is not yet invented