Slashdot Mirror
Internet Monitoring: Who Watches the Watchers?
wiredmikey writes "Here's an interesting take on the IT security industry and tools being sold and used by to monitor internet users. It's no secret that many states and nations are censoring and monitoring the Internet. Many of these governments are considered authoritarian regimes, often times with trade restrictions and other sanctions against them. Most of these censorship systems are based on proprietary, enterprise hardware and solutions. Unfortunately, those who decide where these tools end up are often torn between conflicting interests. How many services and devices are actually being used by people whom we prefer would not have access to them? How long until they are used against us, even if indirectly? At which point do we have to stop looking at Information Security as a market, and begin viewing it as a matter of defense and (inter)national security?"
Back to the plow !!
It will be used against you.
This post comes with a double-your-money-back guarantee!
Any offense taken to this post is at your sole discretion.
Most parties spying on the Internet have just one interest in mind. We (some, you, whoever) may not like that interest, but it is rare that one of them have conflicting intersts as the summary says.
Rethinking email
on why they permit sales outside of the country followed quickly by asking yourself this, why do we expect to hold a corporation to a standard that we do not expect to hold our government too?
By that I mean, it sure is SAFE and EASY to go after a company to uphold values you hold dear but damn if anyone wants to stand up to their own government when it maintains relationships one way or another with the same regimes.
Then top it off with multinationals, to whom are they beholden. If you have offices in the US, Germany, Russia, and China, whose laws take precedence? What if your further incorporated on some tiny island for tax purposes?
Yes its a bad thing what these countries do, but guess what, they always have and will, hoping to limit the damage by limiting the software available won't get much relief to the oppressed. That change happens at home by getting the right people in government who actually stand behind the words they use on the campaign trail.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Writing one of these tool sets is not that difficult, nor are the technical concepts involved.
They will exist even if every existing developer decides to cease supporting them.
The only solution are strong workarounds: peer-to-peer proxies like Tor and BitTorrent, in addition to strong encryption.
At the point where any of those fail you, the solution is regime change, not technology.
most enterprise, carrier, and production grade security tools have internal auditing and tracking such that the auditors have an audit log of themselves with respect to the actions taken within the security tool.
that said, in the end whatever individual or group has oversight and access into that log data might review it manually, using correlation engines, or ignore it entirely. if they find something that is questionable, they might choose to act on it or not. in the end there is a serious human element, and the same strategy of checks and balances with respect to authority, control, and access that exists in systems such as politics, military, banking, etc need to exist in all information security departments.
as the public we have a problem, and that is for security reasons we don't have any visibility into any of the inner workings, audit trail, or behavior of the organizations, people, and systems that monitor us. this is a "damned if you do, damned if you don't" dilemma. when it comes to issues of security we have no real choice but to trust big brother as things stand today.
the best thing we can do is try to structure our organizations such checks and balances exist in necessary areas, and power is granted only to those with authority. as the general public we can have influence here, but in the end we will probably just have to trust the people that we empower. as technologists we can have high standards for security, ethics, integrity, and morality. in that sense the technologists are at a slight advantage over the general public when it comes to solving this problem.
-paymon
Well, if you're in the US, you could lobby to get the relevant technologies, software and hardware controlled by the Export Administration. Yes, the US has had export restrictions for 220+ years, since banning the export of long straight pine logs the Royal Navy wanted for masts & spars.
New and revised ECCNs get published in the Federal Register daily. But they only apply to the US, so you just may be exporting jobs.
You'd better think long and hard about what you want to control. Crisco would not be happy if hardware (routers) were controlled. IBM, Oracle and others will not be happy if your try to control software. It won't be easy to write.
But I suppose it's too late for any of that.
I've fallen off your lawn, and I can't get up.
than we're really willing to conclude. The American perspective is obvious that somehow if their technology should fall through the invisible hands of free market into the lap of a reigning dictator, then and only then is there a problem.
Americans have traded everything from stinger missiles to M16's with terrorists like al-quaeda as well as despots like iran and egypt for decades, and quite lucratively as well. Israel renders Palestine cities in flaming ruin not through sorcery, but the F-16 and apache gunship of american design and sale. our private corporations willfully bow to the will of islamic dictatorships and 'communist when it suits us' regimes like china as they mandate the strictest control of their citizens through censorship. our senate and library of congress are prohibited from searching wikileaks, and our schools ban searches for concepts like 'hacking.' thoughtcrimes like taking pictures of a well designed airport causeway or a large building are likewise branded terrorist acts.
The answer is that the problem does not exist in the systems created to censor; those from bluecoat or mcafee or even humble BSD and Linux. the bureaucrats, and plutocracy that control and vend these systems are in many cases tacit participants in their creation. They subsist garnering profits through dividends in their investment of bluecoat shares, and through securing the praise and reward of their constituency and corporate lobbying groups when a new deal is inked.
as if to turn a blind eye to the rest of the world, Security Week completely ignores the wrath of ACTA, DMCA, and the forcible seizure of domains registered abroad as though that which is the doctrine of kind-hearted multi-billion dollar industries is without question in the good service of all mankind.
Good people go to bed earlier.
Coast Guard?
Linux O Muerte!
Stop fussing over Syria, the protestors being shot are lying and are the exact opposite of the shot Bahrain shiite muslims.
Syria's dissident's are the textbook example of political Astroturfing, why is the world shitting and pissing itself over "wounded hurt syrians" when one major Correspondant on AlJazeera, a former ambassador himself actually told another AlJazeera news anchor/interviewer that these campaigns are funded grassroots operations? They had to say "Er..Thank you" and end the hour long discussion after 35 minutes have went by, afraid it'd anger the higher ups who fund the channel and their defensive allies.
While when the Bahrain scandal popped up, no one mentioned it or mentioned it briefly... BBC Arabic denied everything and kept comparing the people calling them from Bahrain to nazi sympathisers because those who called were seeing the whole "Free" world say their dead family members are alive and living.
Wikileaks didn't have documents else it would have showed the world that Saudi Arabia was funding the major press organizations and telling them to keep a lid on anything related to Bahrain, Qatar's AlJazeera did so without being paid unlike CNN and the BBC.
Oh and if you like to discuss this offline with me, I'm Musallam AlBarrak, proud parliament member.
When you build something essential to the operation of a must-have, you'd better believe the government is going to come knocking.
Seriously, ain't no shit going on while she in the room.
sysadmins and parents of newborns get the same amount of sleep.
The Hawtch-Hawtcher Net Watcher....
At which point do we have to stop looking at Information Security as a market, and begin viewing it as a matter of defense and (inter)national security?"
I believe all the governments of the world are unanimous in saying they don't like the influence that people in other countries have on their citizens. Thus, the internet is a threat to all governments, everywhere, and the solutions will be varying degrees of censorship and control of critical infrastructure until access to the internet in its present form is impossible and is instead subsumed by a global network which mirrors the geographical and sociolpolitical needs of those governments.
#fuckbeta #iamslashdot #dicemustdie
"Quis custodiet ipsos custodes?" -Who Watches the Watchmen? would have been a slightly more apt title. Not trying to be pretentious or anything; I learnt it from Alan Moore's Watchmen comic (which everyone here should have read). I saw this on my feed and it was slightly disappointing when I saw the full title. Just saying it would've made for a better title.
It's ok to put down the crack pipe. The illumanati is just a book, there is no grand jewish conspiracy to take over the world, the cia didn't assassinate jfk and the nsa could care less about your porn habits.
I'd like to welcome you to the real world where we have sunshine and problems like hunger and unemployment to deal with.
Step 1 - put down the crack pipe, lay off the drugs, just for a few hours, ok?
Step 2 - step out of your mothers basement
Step 3 - go outside, see a bit of the world
Step 4 - you really need a shrink, you can find one of google if you don't think the government has take over your internet connection in a grand conspiracy theory.
You really, really need to get a grip.
How many services and devices are actually being used by people whom we prefer would not have access to them?
All of them.
How long until they are used against us, even if indirectly?
Indefinitely
Give me Classic Slashdot or give me death!
Perhaps the best thing to do is make EVERYONEs search data available to EVERYONE.
That way we're all on equal footing and may even find out that Grandma has the same interest in midgets as you.
"That's the way to do it" - Punch
With SOPA/PIPA, the United States may be building its own censorship regime. So it seems hypocritical to talk of other authoritarian regimes and their censorship systems.
I'm more concerned about who watches those that watch the watchers?
"At which point do we have to stop looking at Information Security as a market, and begin viewing it as a matter of defense and (inter)national security?"
As soon as a long time ago.
Great insight. It will be sad to look back on our current Internet in 50 years and realize how free it was.
I dunno. Coastguard?
Here's an interesting take on the IT security industry and tools being sold and used by to monitor internet users.
Looks like we're using it where I work, i'm guessing we censored our company name so no one would grow suspicious.
Why do we still accept communication standards that do not include true end-to-end encryption ?
Then it may still be possible to see who talks to who, but at least it will not be possible to see what is being said.
Solve this more fundamental problem first.
Eventually, someone wins the rat race, and from then on they can establish impossible-to-overcome barriers-to-entry, and rent-seek to their heart's content.
Which is how things should be. Incidentally, nobody should watch the watchers. We are watching you just fine without any help.
Now stop pretending you have any political influence and get back to the business of giving me your money!
Chuck Norris protects the internet. :)
Anons need not reply. Questions end with a question mark.
LOL. All the Slashdot retards who actually use the term 'hate speech' - I think you mean 'thought crimes', which Orwell WARNED us about - 1984 was supposed to be a warning, not an instruction manual.
Tyrants take away free speech because otherwise they will be exposed by it. Idiots support the removal of other people's free speech because you are too STUPID to be able to rationally argue your position, so you seek to silence any opposition. How embarrassing is that.
Go ahead and mod me down, thus proving me right.
Your countries are being invaded by millions of third worlders, who are soon going to turn your country into a third world country. "Hate" speech! There's good little goyim, do what your Jewish masters tell you...
I was hooked into digital anarchy by that text 25yr ago and I hope that the message it convoys will never stop:
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Damn kids. They're all alike.
But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?
I am a hacker, enter my world...
Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...
Damn underachiever. They're all alike.
I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."
Damn kid. Probably copied it. They're all alike.
I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike.
And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...
Damn kid. Tying up the phone line again. They're all alike...
You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.
This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.
Jehovah be praised, Oracle was not selected
This article seems to be another example of "blah-blah-blah". Why is it here on /.?
The reason for this is to make sure viruses or exploits cannot be encrypted. But of course it also means your company could, in theory, grab e-mail account passwords or look into bank accounts if you do this from the company network.
Here is the scenario. Workers do stuff secretively because they do not want their supervisors to know. Now the supervisors start to monitor those workers so that they can see when they are being naughty, except, they themselves are not being monitored, so the workers are outraged when they find out the supervisor was watching youtube on the job, which entails monitoring the workers to make sure they aren't watching youtube...
So who watches the watchers?
First, one doesn't need to monitor someone to undo secretiveness. For example, have their monitor displayed on a public wall. Them knowing that what they are doing is public will already alter their behavior. Openness makes people behave. No watchers.
Second, the idea that the workers need to be watched would apply to all workers at all levels. In other words, why stop with the workers? Or the supervisors? Or the branch managers? Or the VP or CEO? Is the one person that behaves without being monitored the one? To think that monitoring only should apply to a certain class or category of people already implies prejudice:
"I am better, ergo, don't watch me."
If members of a system or group can all watch one another, and they all have the capability to challenge anyone, then consider that system well monitored.