Internet Monitoring: Who Watches the Watchers?

wiredmikey writes "Here's an interesting take on the IT security industry and tools being sold and used by to monitor internet users. It's no secret that many states and nations are censoring and monitoring the Internet. Many of these governments are considered authoritarian regimes, often times with trade restrictions and other sanctions against them. Most of these censorship systems are based on proprietary, enterprise hardware and solutions. Unfortunately, those who decide where these tools end up are often torn between conflicting interests. How many services and devices are actually being used by people whom we prefer would not have access to them? How long until they are used against us, even if indirectly? At which point do we have to stop looking at Information Security as a market, and begin viewing it as a matter of defense and (inter)national security?"

You don't get to decide

[mr1911]

It will be used against you.

Re:You don't get to decide

[Beardo+the+Bearded]

You mean "it IS being used against you, right now, and your ISP is selling the information for money."

In my case, the IT department is just adding to the pile of things they can fire me for. "This is the number of times you visited /. This is the number of times you visited fark. Get out."

Re:You don't get to decide

[blair1q]

I don't follow.

How does a rant on the inability of the government to stop corporate attacks on itself refute a claim that the government is coordinating attacks on the public?

Hudson, you'll note, says the solution is for we, the people, to get back in control and apply the laws we have.

Being able to look in on the banks' internet communications would be one of our, the people's, tools.

As for this entire scare-fest, I will repeat what I always say in this situation:

THE INTERNET IS NOT SECURE

Nor is it private. No more than using a megaphone to do your telecommunications. I know some people want to front the idea that there's a "reasonable expectation of privacy," but those people are blatantly ignorant of the origins and construction of the Internet. Or else they're well aware of them, and are trying to make the proles believe that the Internet dosn't pass every packet of your data along a sequence of loosely-related public and private linkages, any of which has every right to read and laugh at the data flowing through its equipment.

Re:You don't get to decide

[sl4shd0rk]

> It will be used against you.

It is* being used against you.

[*] - https://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy

Re:You don't get to decide

[Jeremiah+Cornelius]

The government is now nothing but a Rent-A-Cop for those corporations.

 

Re:You don't get to decide

[Deliveranc3]

We need a GPL type universal list of shit that's unethical. With a brief portion on punishment/restitution. Some companies will choose to subscribe, others will not... it will not be difficult to figure out which is which.

Let me get it started:
I won't collect information I don't directly need to offer automagicalness in my software.
I won't store information that is no longer relevant (old passwords, credit card numbers, etc.)
I will contact, though it might be impersonal, users who have been singled out for any reason and inform them of how they've been singled out. (overuse of bandwidth, RIAA inquest, CIA inquest etc.)
I will try to make information about my policies to the extent that competition, the legal system, and law enforcement allows.
I will be clear about my revenue streams, not just to tax officials but to my customers. I will do this so that I am less susceptible to under the table, anti-market influences. Such as: subsidies from the government for aid in doing wiretaps or other social analysis.

We are against (a list of whatever): Anything that reduces the freedom of our society to produce true individuals or subversives.
Violence
Information that can facilitate violence
Covert Monitoring
Social Analysis
Puppies (whatever, you get the idea).

Well I suppose you could go ask your government

[Shivetya]

on why they permit sales outside of the country followed quickly by asking yourself this, why do we expect to hold a corporation to a standard that we do not expect to hold our government too?

By that I mean, it sure is SAFE and EASY to go after a company to uphold values you hold dear but damn if anyone wants to stand up to their own government when it maintains relationships one way or another with the same regimes.

Then top it off with multinationals, to whom are they beholden. If you have offices in the US, Germany, Russia, and China, whose laws take precedence? What if your further incorporated on some tiny island for tax purposes?

Yes its a bad thing what these countries do, but guess what, they always have and will, hoping to limit the damage by limiting the software available won't get much relief to the oppressed. That change happens at home by getting the right people in government who actually stand behind the words they use on the campaign trail.

Security through obscurity

[concealment]

Writing one of these tool sets is not that difficult, nor are the technical concepts involved.

They will exist even if every existing developer decides to cease supporting them.

The only solution are strong workarounds: peer-to-peer proxies like Tor and BitTorrent, in addition to strong encryption.

At the point where any of those fail you, the solution is regime change, not technology.

I sure woud like...

[fyngyrz]

...to see the security issue land at the user's door. That would put the onus upon the manufacturers to provide secure computers for the general public, and let the market sort that out; rather than having a mommy-culture watch things "for" us/me. WRT states and corporations and so forth, they are responsible for protecting their data -- and they should guard it carefully. And if they don't, we should be able to take them to task for it. But I can't see sufficient justification to lock down the world just to make it easy for them.

But I suppose it's too late for any of that.

Re:I sure woud like...

[Jawnn]

...to see the security issue land at the user's door. That would put the onus upon the manufacturers to provide secure computers for the general public, and let the market sort that out; rather than having a mommy-culture watch things "for" us/me.

Keep wishing for your mythical free-market to "fix things". Be prepared to wait a very, very long time for that to actually happen, however. You Adam Smith fanboys all seem to continuously forget that "the invisible hand" requires a fully informed market to function properly. To suggest that "the general public", as a whole, has even the most remote possibility of being fully informed on a matter as complex as network/computer security is, to understate it by a bunch, absurd. I am not satisfied to live in a world where some magic akin to fairy dust will supposedly ensure that vendors only sell secure products. You're god damned right I want laws that require a certain level of security be engineered into the products and services that are offered to the market. And no, I do not want the law to specify the technology, only the need for it, and most importantly, the penalties for failing to provide it. It should hurt, by than a quarter or two worth of profits, when TJ Max or Blue Cross decides to cut corners on the guarding my personal information which they have insisted they must store in their systems. It should be a crime to be so negligent with so much treasure.

Re:I sure woud like...

[kelemvor4]

and most importantly, the penalties for failing to provide it. It should hurt, by than a quarter or two worth of profits, when TJ Max or Blue Cross decides to cut corners on the guarding my personal information which they have insisted they must store in their systems. It should be a crime to be so negligent with so much treasure.

Agreed, although I think financial penalties are not nearly enough. Executives working for a company that breaks the law should be held personally responsible. The world needs chain gangs made up of former executives imo.

Re:I sure woud like...

[dave562]

WTH are you talking about? The article is talking about ISP level traffic monitoring and filtering technology, and you're commenting about securing individual computers. I know this is /. and all, but come on now.

the scope seems grander

[nimbius]

than we're really willing to conclude. The American perspective is obvious that somehow if their technology should fall through the invisible hands of free market into the lap of a reigning dictator, then and only then is there a problem.

Americans have traded everything from stinger missiles to M16's with terrorists like al-quaeda as well as despots like iran and egypt for decades, and quite lucratively as well. Israel renders Palestine cities in flaming ruin not through sorcery, but the F-16 and apache gunship of american design and sale. our private corporations willfully bow to the will of islamic dictatorships and 'communist when it suits us' regimes like china as they mandate the strictest control of their citizens through censorship. our senate and library of congress are prohibited from searching wikileaks, and our schools ban searches for concepts like 'hacking.' thoughtcrimes like taking pictures of a well designed airport causeway or a large building are likewise branded terrorist acts.

The answer is that the problem does not exist in the systems created to censor; those from bluecoat or mcafee or even humble BSD and Linux. the bureaucrats, and plutocracy that control and vend these systems are in many cases tacit participants in their creation. They subsist garnering profits through dividends in their investment of bluecoat shares, and through securing the praise and reward of their constituency and corporate lobbying groups when a new deal is inked.

as if to turn a blind eye to the rest of the world, Security Week completely ignores the wrath of ACTA, DMCA, and the forcible seizure of domains registered abroad as though that which is the doctrine of kind-hearted multi-billion dollar industries is without question in the good service of all mankind.

Re:Where is the conflicting interest?

[ackthpt]

Most parties spying on the Internet have just one interest in mind. We (some, you, whoever) may not like that interest, but it is rare that one of them have conflicting intersts as the summary says.

Blind eyes all around.

• Sell from within Country A to Intermediary in Friendly Country B.
• Intermediary sells to friendly Country C, which is unfriendly to Country A and direct sale is banned.
• Profit!!!

True there was some legislation about a decade ago, threatening USA trade with that evil unnamed country to the north (eh!) because they were trading with Cuba, but eventually some work-around was settled on, because Canada was the USA's biggest trading partner (still might be, despite what you may think of China.)

This is why people who once worked in government become "Trade Consultants" for $$,$$$,$$$ after leaving the service of the people, because they have the contacts and know the loopholes.

Market wants v. security concerns

[girlintraining]

At which point do we have to stop looking at Information Security as a market, and begin viewing it as a matter of defense and (inter)national security?"

I believe all the governments of the world are unanimous in saying they don't like the influence that people in other countries have on their citizens. Thus, the internet is a threat to all governments, everywhere, and the solutions will be varying degrees of censorship and control of critical infrastructure until access to the internet in its present form is impossible and is instead subsumed by a global network which mirrors the geographical and sociolpolitical needs of those governments.

Re:Market wants v. security concerns

[TheGratefulNet]

very insightful.

governments are 'yay for us! we're so great, we're so great!' cheerleaders, essentially. telling their people they are the best and most evolved ones on the planet, those other guys don't know jack shit, etc, etc. this is standard programming from governments to their people. its what keeps the 'unity' stuff going. aka, patriotism.

the internet shows that man-drawn temporary land boundaries are just that; and that people are people and oppressors are oppressors. this is the real skin game (so to speak) and those in control don't want us to realize this.

ww3 is the internet vs those who try to own/control it. its a very slow war, but its a truly world war and its waged downward from those in control to their subjects (er, uh, I mean citizens). witness the world-side support of the Occupy movement. this is the very start of ww3. not a bang of canon or gunshot, but this is a new century and world wars start very differently.

Re:Market wants v. security concerns +1

[JonySuede]

I was hooked into digital anarchy by that text 25yr ago and I hope that the message it convoys will never stop:

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.