Slashdot Mirror
The FBI Wants To Know About Your IT Skills
AHuxley writes "The FBI, via the Office of Management and Budget, would like to find out more about your information technology expertise if you are part of InfraGard. Terms like 'practical utility' have been included in a 60-day emergency notice of information collection via the Paperwork Reduction Act of 1995. Is your boss or cubicle colleague part of InfraGard? It's a private, non-profit organization run as a public-private partnership with the Federal Bureau of Investigation. Are they passing info back about you or your company?"
Maybe it's not that sinister but that's the first thing that popped into my head. Looking at the website, it's initial intentions aren't that sinister but mandating that much sharing of information sounds a bit creepy. You guys are going to be DHS'd/FBI'd to death if you're not careful.
They want to be ready for the next July 4 just in case they need someone capable to infiltrate into some alien computer system.
The part I don't understand is why anyone would voluntarily become a part of InfraGrad and start "sharing information" about others in the first place.
We have someone where I work on that, and you should know, information flows both ways.
start up those old german showers boys! don't drop the soap.
Who do we contact in the InfraGuard if we find someone deploying Microsoft products on a LAN connected to the Internet? Jokers like that are costing the country billions of dollars in lost productivity each quarter. This InfraGuard is very much needed if it will help clear out the posers, cocksuckas and charlatans pretending to know something about IT while actually deploying Microsoft instead of IT.
... the Stasi of the IT world or am I misreading this? The wording seems intentionally diffuse.
It's a trap!
While I'm against snooping without cause, something of this in a collaborative model isn't necessarily a bad thing, though it does open up for potential abuse. There are lots of times when I call up buddies ask them what sort of IT issues they're having with security, spam, etc, and this just seems to formalize it a bit, and get the circle of trust a little bigger. Companies too often seek to distrust the authorities for crimes because it will make their companies look weak. As such criminal will get away with things solely because no one reports them. This doesn't look like a secret "Stone Cutter" type group, just a way to get to know some local colleagues and keep more ears to more ground looking for potential threats.
The musings of just another geek and his junk.
I read this as having each field office have local contacts, kind of like a GeekSquad, that they can call on in case they need certain skills in a particular region. I don't see any domestic surveillance embedded in what's online.
Lol, "Self-identified as IT specialists" indeed. Thats one funny document. What would they need that kind of information for ? To evaluate bragging rights ?
Now the world has gone to bed, Darkness won't engulf my head, I can see by infra-red, How I hate the night.
Wekl, fwirstly, my tyuping sklills are spoty on.
Be it the government, a big corporation or a church: Centralism is inherently dangerous, not because the people are particularly bad but because there is little room for error. Massive parallelism of small independent entities is the stable form of organization.
As someone who's in the middle of watching Babylon 5, I couldn't help but think of the Night Watch when I read this story.
bigbrother, snoop, gestapo, stasi, kgb...
Shoes for Industry. Shoes for the Dead.
Cash, that is, not just "influence" which might backfire. I heard that Stasi rates were rock bottom, but the US screwy agencies have deeper pockets. Hey, in these challenging times lots of folks would be willing to snitch (perhaps even inventively) on their colleagues and other obstacles to job security or promotion (=boss).
Not being a citizen of any NATO country, they'd probably offer me less, the bastards.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
So, if the FBI wants to ask for certain records they have to get a warrant.
But, if a member of InfraGard decides to provide the FBI with records without the FBI asking then it's a private citizen reporting "suspicious behaviour"
Or, would a member of InfraGard be considered an officer of the government, making any records they had access to inadmissable?
I'm guessing it's pretty clear that I'm not a lawyer.
Not true.
"There are approximately 28,000 InfraGard members, for a total of 28,000 responses with an estimated response time of two minutes per response.
(6) An estimate of the total public burden (in hours) associated with this collection: There are approximately 917 hours, annual burden, associated with this information collection."
Can someone put a taxpayer's money cost estimate on the 917 hours annual burden, associated with this information collection?
The US is practically financially bankrupt. Is this money well spent?
From the information provided, which is very little, it appears that the FBI is requesting information from people who have voluntarily joined an organization of IT professionals not just sponsored by but directly affiliated with the FBI. Why is this getting everyone's hackles up? It does not say that the information will be required of all members, nor does it say that members will be required to inform on their coworkers or companies. The ACM asks you about your IT skills, too. How is this different?
They only want information about the IT skills of their own members. How else would they process ONLY 28,000 responses at 2 minutes each? This doesn't even seem to apply to all Infragard members, only:
"Public and private professionals
self-identified as having information technology expertise."
This would also be why it's called:
"InfraGard Knowledge/Skills/
Abilities Profile"
IT seems kindof obvious that they might want to know what the skills of their own members are if they need assistance on something. Not like the FBI knows anything about technology.
Perhaps they're looking for resources for the next time they have an IT issue/project they need to not fuck up. According to their website, you need a background check to join. Seems like a good way to build a database of IT professionals that you don't need to do background checks on after the fact.
Disclaimer; I'm an Infragard member (have been for about 7 years). Why are they collecting this? Easy, they're public/private partnership that focuses on emergency response. "In the event", they want to know who within there membership has skills that may be needed. Don't like it, don't join (or quit). Don't want them to have your data, make them remove it (you have the legal right to do so). No conspiratorial aspect here.
The Stasi were very good at collecting information. In fact, they were too good. They collected so much that their analysts couldn't effectively evaluate even a fraction of it. They lacked IT resources (when compared to Western agencies) and the Stasi leadership should have shifted more manpower from spying to analyzing.
The FBI has access to unlimited IT resources, and the US intelligent community if very effective at evaluating the information that they have collected. Just look at how they stopped the underwear bomber . . .
. . . uh-oh . . . never mind . . .
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Now we know where he got the rank of Commander.
I am the unwilling control for my Origin.
The FBI has no need or right to know about my IT skills, but I would certainly like to know more about their IT skills, given all of the obvious and avoidable breaches in silicon-based security, document controls and methodologies lately.
I note that the web developers of InfraGaurd don't know how to change their favicon.ico from the sun logo.
Nice to see they're using Sun and Unix, I suppose, but who leaves the sun logo there?
Would it concern being able to surf pron with only one hand?
Just wondering what mad skills they might be looking for....
-Goran
Carpe Scrotum - The only way to deal with your competition.
Big Brother, I love Big Brother, I love ...
Don't suspect a Friend.
Report Him.
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
The only reason that they switched from spying to analyzing is because half of the population was spying on the other half. That was also the reason that they got so much information, speaking of which if you have or did have a family member who lived or visited E.Germany at the time they were in operation you can view their STASI records if they weren't destroyed. My mother visited 2 times since she left as a child, on her first trip back they had 15 banker boxes full of information on her, her habits, and where she went and what she did.
Om, nomnomnom...
InfraGard was the topic on Jesse Venturas Conspiracy Theory
http://www.conspiracytheoryjesseventura.com/category/season-1-episode-4-big-brother/
Perhaps the usual conspiracy theory blahblah but they did really seem fairly creepy with all the "information gathering".
They say that every medium or larger sized company in China has a spy in it reporting to the government. This sounds exactly the same, unfortunately. But then again, did you really expect it to be any different over here?
Jesse Ventura's "Conspiracy Theory" did a good job at covering this in the episode "Big Brother":
Part 1 of 6
Part 2 of 6
Part 3 of 6
Part 4 of 6
Part 5 of 6
Part 6 of 6
Couldn't they in turn get sued by their employers?
Where do you think all those guys went when the wall came down?
Here it will be blackshirts; brown is a discredited color.
History: The source book for the unimaginative.
Can we really have this conversation without invoking Godwin's Law? :)
Truth isn't Truth - Guliani
do not judge people based on 'shift key' issues.
you'd be very wrong to do so on such trite matters. hint: there are other reasons for lower case.
you don't know all you think you do. realize that.
--
"It is now safe to switch off your computer."
Under the 1974 Privacy Act the US Government needs to notify we the people whenever they collect information about them. So the FBI needs to know what IT people they can contact for different areas of expertise to help them with investigations. In order to put together so much as an Excel spreadsheet with names and phone numbers they need to examine the privacy considerations. A nationwide database has similar considerations, usually a Privacy Impact Assessment, and if the assessment warrants it, a System of Records Notice in the Federal Register. Under OMB Memo 06-16 this also means the data is Personally Identifiable Information and they should encrypt it on mobile media, and while in transmission. Which means if some Infragard member has hundreds or thousands of names and contact info on their laptop and it is lost or stolen, the information of self-selected members should be protected with a FIPS 140-2 and FIPS 197 compliant algorithm and certified implementation. Lets hope they don't keep it on the Kingston thumb drives. I once attended an Infragard meeting in Maryland right after SQL Slammer hit, there were tons of us standing in line to get in all talking about who hadn't bothered to install a 2 year old patch.
> Are they passing info back about you or your company?
No, we are not.
Do they ask ...
- whether you know how to remove DRM from music?
- if you have ripping music from audio CDs that you own to place onto a home media server?
- if you rip movies from DVDs that you own to place onto a home media server?
- if you record TV content and time shift and archive it onto a home media server?
- if you've ever driven over the posted speed?
As someone with a previous clearance, I'm not convinced of the good intentions behind this program, since much of the "ethics requirements" include removal of my "fair use" rights, if laws are strictly interpreted.
That and I believe marijuana use should it be legalized similar to cigarette and alcohol - for adults.
I'm all for governments securing their networks and systems, but they need to keep their policy-pushing-fingers off my network and equipment. If they'd like my help with security, I "have a rate for that."
Fuck you.
I'm glad to see that I'm not the only one on /. that sees this InfraGard as a group of people who are, in effect, saying, "Yes! Please social engineer me! Here's how!"
"A government is a body of people usually -- notably -- ungoverned." -Shepherd Book
This smells like Nazi Germany: Kid's, Neighbors, you need to tell the State if you suspect your parents, co-workers, neighbors are doing something wrong. The Fatherland needs to help them see the light.
Then, remember the 1980's as kids turned their parents in for smoking pot?
I'd say the only real fishy thing about it is that they are asking for emergency processing in accordance with 5 CFR 1320.13. The Federal Register listing doesn't say why though. I wonder which one of these was their problem:
(i) Public harm is reasonably likely to result if normal clearance procedures are followed;
(ii) An unanticipated event has occurred; or
(iii) The use of normal clearance procedures is reasonably likely to prevent or disrupt the collection of information or is reasonably likely to cause a statutory or court ordered deadline to be missed.
Did someone miss a deadline or did something unexpected happen?
Link if you are interested:
http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&rgn=div5&view=text&node=5:3.0.2.3.9&idno=5#5:3.0.2.3.9.0.48.13
Other than that I don't think anything horrifically fishy is going on. The whole reason InfraGard is a bit opaque has to do with what authorized it in the first place, PDD 63.
Link: http://www.fas.org/irp/offdocs/pdd-63.htm
To save you the reading time, here's are 2 goals I lifted out:
* Seeks the voluntary participation of private industry to meet common goals for protecting our critical systems through public-private partnerships;
* Protects privacy rights and seeks to utilize market forces. It is meant to strengthen and protect the nation's economic power, not to stifle it.
Sometimes you have to do things behind closed doors to get all the players to the table. Security through obscurity? Maybe.
If you really want to learn more about PDD 63, I suggest you read this: http://www.justice.gov/criminal/cybercrime/white_pr.htm
Discuss.
You too can become a James Bond of IT with rights to"shoot to kill".
More details.
I am not an extraterrestrial. I use a Macintosh because it is the best computer available on this backwards planet, even if it is a mere abacus compared to a child's toy from where I come from, which is France, of course.
Do not continue to claim that I am an alien unless you wish to become assimilated into The Collective.
This ain't rocket surgery.
"Don't fully disclose their actual intent and purpose." - by TheGratefulNet (143330) on Sunday January 10, @10:25AM (#30714632)
Per my subject-line above (sarcasm, or... is it?):
NightOwl: "How long can we keep this up?"
The Comedian: "Congress is pushing some new bill that's gonna outlaw masks - our days are numbered. Till then, it's like you always say - 'Were societies only protection'"
NightOwl: "From what?"
The Comedian: "What're you kiddin' me? From themselves!"
In other words, it'll probably become illegal to have any kind of networking skills and especially out online on the public internet (unless otherwise approved by "the party")
If it's being aware of vulnerabilities then they must be aware that computer security starts with getting rid of M$ products. The first move there is getting rid of the personnel problems that bring in or protect M$ products in the work place. M$ is a staffing problem that can't be solved until some get the ax so that clean up can begin.
So tell me... Why do you enjoy the taste of poopy cocks? I'm not trolling, I'm just seriously trying to understand your point of view.
Obviously, this is just the first step. First, they register everyone with IT skills. Then they'll impose a tax on bits. Eventually, we'll be denied our constitutional right to keep and bear keyboards.
Is Slashdot now Fox News?
There are periodic calls for expertise on a variety of specialties, such as power distribution, water treatment, mass-transit, communications, etc.
There is no "reporting on co-workers". Members need to get the OK from their organizations before sharing data, just like anywhere else. It's really about situational-awareness.
If your organization supports U.S. national infrastructure (ISP, managed hosting, telecom, wireless, etc.) and you don't have a member in InfraGuard I suggest you join.
The InfraGard website reads like one of those 1990's internet companies. I found a half dozen spelling and grammatical errors, I found nothing that actually explains what they are, what they do, or even an idea of their basic business model. I can however guarantee that someone has already printed up the t-shirts.
For some strange reason it's controversial here to mention the formation of an organisation that acts on behalf of it's members but wouldn't part of the function of an IT Union be to asses and represent the interests of it's members when it comes to organisations like these? Seems to me IT professionals need an organisational structure to support them from bureaucrats.
Asides from a bidding war lowering IT professionals pay rates towards slavery there is the matter of protecting our interests amongst many other issues. It seems to me, if we were as smart as we really think we are, we would work together to protect ourselves and have a focal point - aside from /. , for gathering intelligence on issues such as these.
My ism, it's full of beliefs.
The Stasi (early version) lost their records in the in the early days thanks to a defector. :)
They split all the data up, so a walk out would be very hard.
Want a spies details, its paper work and face to face with a few top people.
The system worked well until they thought about nuclear war.
How could the reach their sleeper agents in the West, if the paper work was ash?
So they made digital records and placed them in a safe.
The CIA got a copy and did not share with the Germans
In the end the west injected so much into peace and church groups and on the international stage, that East Germany fell apart.
Domestic spying is now "Benign Information Gathering"
Why does their website have a Sun Microsystems favicon?
If it acquires resources on instantiation like a duck, then its a shared_ptr<Duck>
But who is going to police the police?
I dont like the smell of this, something smells like rats.
If information is voluntarily given to DHS, then no constitutional problems. How Nazi Germany Hitler youth of them.
Living in Chile
A friend of mine (a psych graduate) once told me that that your ability to use language is an indication of your intelligence. This suggests that the use of a shift key may in fact show that you're not as smart as you think you are. It is worth adding that there is a chance that you have a bipolar personality disorder, due to the paranoid nature of your discourse.
Betray your family and friends
Fabulous prizes to be won
"A cynic is what an idealist calls a realist" - Sir Humphrey Appleby
Ignore the names and parties for the moment.
You can't blame the new guy for what the previous guy set up - that is just being childish and petty. What you can do is blame the new guy for taking a long time to fix the problems left by the previous guy. IMHO it hasn't been a long time yet
In this case I think Jerry Doyle is being childish and petty about where he is laying the blame.
New problems that arise are of course a completely different story but that's not what we are talking about, all this creeping authoritarionism because due process takes too long or requires expensive training of competatant people is well and truly a G.W. Bush legacy. It's not even about the party since McCain actively opposed the more extreme portions of it. It was alway more about things like Wolfowitz getting his girlfriend a better paying job than Rice with less responsibility than actually doing anything to benefit the USA.
What's so wrong for a government to want to know who they can call on in case of cyber emergency?
I know people are afraid of big brother now, but not everything is done out of fear or terrorism....sometimes doing a head count of
a trade or career that can or is important to society is a good thing, else we would not have doctor's lawyers or engineers being
asked to register to let the government know who they are.
I guess we could view this as a compliment to the IT industry being promoted to being important enough to warrant a
head count. Just my opinion
I am an Infragard member. I was working for a university research group and was required to join Infragard as a part of this research. I did not like the idea of being forced to join an organization I knew little to nothing about so I did research into the organization first. I read up on all of the conspiracy theories about Infragard and spoke with some members before joining.
The conspiracy theories link this organization to "big brother" programs that encourage people to spy on their neighbors. This is not actually the case with Infragard - as far as I can tell.
From what I can see, this organization is put into place for very good reasons. Look into the Russian action in Georgia last year - a large component of that military action was cyber-based. The Russians took over the Georgian infrastructure (electric, news and radio) far before tanks rolled into Georgian territory. If the US is ever attacked on a large scale, our infrastructure will be the first strike. Infragard allows a secured group of IT professionals to be "in the loop" on potential threats that cannot be made widely public yet. It also allows these professionals to collaborate on security issues in real time - as they happen.
Say a new worm was propagating across major infrastructure networks. An administrator at the water company finds evidence of this worm and sends a message to Infragard asking if anybody else has seen it. A person working at the electric company reads that message and notices that it matches something they are addressing as well. The issue may be quickly escalated and addressed appropriately. If these individuals had to deal with conventional reporting then the link between two critical infrastructure networks experiencing the same problem at the same time may be missed.
In my experience Infragard does not care a bit about individuals ripping a CD or something. This is about bridging the gap between law enforcement and IT professionals in order to minimize the time it takes to address a potential cyber threat on critical infrastructure.
Registering your IT skills with Infragard is optional, not mandatory. This is not as evil as it sounds and I see much more upside to this than downside.
That's what this is, essentially, since IT workers believe they are better than normal humans.
Whose side are you on?
First of all, anyone worth anything in IT security circles probably gets finger-printed and retina-scanned, for the record, several times a year.
Why a "non-profit" organization would want to know something that its government client already knows in spades should worry everyone in IT.
Second is the use of the "non-profit" organization status: Anyone who volunteers services to Infragard without knowledge of their employer is likely to get sanctioned for unauthorized provisioning of IT services, including consulting services, and resources, such as storage, power, and bandwidth, to a "non-profit" organization. Without cost-recapture reporting processes in place, "non-profit" quickly becomes theft of services, which should be generating revenue for the employer and tax revenue for the government. Cost-recapture would allow the IRS to grant tax credits to the employer for all of the "volunteered" hours and other IT services appropriated for "national security." Where are the Federal time card and authorized job requisition numbers required by the GAO on the Infragard website?
Third, is that the existence of Infragard creates millions of opportunities for false flag recruitment of IT staffers: How exactly does an IT staffer know when an Infragard request for information is legitimately backed up with a FISA-court signed warrant? How exactly does one Infragard volunteer respond to an information request from another Infragard volunteer? If the request breaks corporate rules, I would go to corporate legal and the FBI anyway, but that's just me. Add to that the number of ex-intel operatives with the ability to counterfeit federal authorization documents and IDs and the shadow world gets darker.
The history of US and allied national security is littered with underpaid, under-appreciated, government operatives who were turned by the offer of cash under the table to work against the national interests. Infragard, being non-profit, should be clearly suspected of harboring similar work conditions rife with opportunites for security breaches by turncoat insiders. The fact that 80% of corporate IT staff feel the same way, makes the opportunity for false flag recruitment even greater.
So, Infragard volunteers have to ask themselves two questions:
Do they want to co-conspire in the theft of corporate IT services with a non-profit organization that claims the authority of the government?
Can they trust operatives of a non-profit organization who can fail to provide the security, confidentiality, and protection that Infragard implies that it can provide?
Because humans can fail, don't expect Infragard to be accountable to volunteers or even the IRS or GAO. At least, if you are going to volunteer, be smart enough to have your employer send you to counter-intelligence courses at Quantico, since the Infragard contact you trust today, might be your last.
Afterall, joining the witness protection program is not a cakewalk, and the Infragard ain't the Eagle Scouts.
-----------
Please feel free to copy and forward to your US congressional delegation.
-----------
Really bad ideas should remain in spy novels.
-----------
DarkStarZumaBeachSurfinApocalypseWow