Slashdot Mirror
Technology, Not Law, Limits Mass Surveillance
holy_calamity writes "U.S. citizens have historically been protected from government surveillance by technical limits, not legal ones, writes independent security researcher Ashkan Soltani at MIT Tech Review. He claims that recent leaks show that technical limits are loosening, fast, with data storage and analysis cheap and large Internet services taking care of data collection for free. 'Spying no longer requires following people or planting bugs, but rather filling out forms to demand access to an existing trove of information,' writes Soltani."
CIA's 'Facebook' Program Dramatically Cut Agency's Costs.
Get free satoshi (Bitcoin) and Dogecoins
We've been told that we've been protected from such things, a la the constitution...yet if you go back into history, it's never really been seen by the gov't as a 'limit' to their power...they just make up a 'reason' why they needed to do it. Reasons why it's legal to do so. We have not been historically protected...we've been historically monitored, invaded and exploited for one reason or another in the name of national security and 'fighting enemies'...oh, and marketing. Just because there's not a dictator behind the Securitate, doesn't mean it's not being done behind the scenes.
There are three kinds of people in the world. Those that can count, and those that can't.
why didn't they notice that the Boston Bombers were planning on setting off bombs in public?
Either:
(a) they're not a Panopticon, or
(b) they're massively incompetent, or
(c) they don't care what happens to the Plebs.
In any of the cases, we don't actually have anything to worry about.
"I don't know, therefore Aliens" Wafflebox1
Just as lack of technology can prevent mass surveillance, use of technology can as well. As always, there are good and bad uses. Just as our government keeps secrets from us, we can keep secrets from them through proper use of encryption and not implicitly trusting service providers (like Google, Microsoft etc) with all our data.
There is no reason, aside from legacy compatibility (which can and have been solved!) for your email to not be end to end encrypted. There is no need for social networks. There are other technologies that can meet those needs in a distributed and secure manner (sure, you lose ad targeting info to pay for hosting, but I don't care). Web browsing should be end to end encrypted. If you need anonymity, you can use Tor (for hosting / and or client side). Chat programs are easy to secure.
Cell phone meta-data is a harder target. If you force some separation between the parties who provide connections to the network (towers/cells) from those which identify customers, and those that manage the routing and ISP services for the cells/towers, protection could be at least drastically improved. At the very least, when latency is not critical, you can still hide what you are accessing through Tor, and you can always hide the content with encryption.
Also, we can attack the problem from the legislative and regulatory side as well. Impose massive fines (and maybe some jail time) for any companies (or individuals) logging and/or distributing such information. Yes: make collection, even if kept locally, illegal in many cases. Theres no reason for my ISP to collect traffic analysis details, so ban logging all but a specific white list of things they really need (not want). Same for cell providers etc. Then compensate individuals who report violations with a portion of the fine.
I'd love to see a ban on ISPs from being in other businesses to remove the biases and make regulating them easier.
We can improve this situation. Its not going to be easy, but we can make progress, both technically and legislatively.
http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html ...
"Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all. Cheap computing makes possible just about cheap everything else, as does the ability to make better designs through shared computing.
There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all."
Going forward, there are many other implications of trends from "better, faster, cheaper". We should think about the positive trends and try to help amplify them. Related suggestions by me in areas of collective intelligence for mutual intrinsic security, space settlement, and health sensemaking:
http://www.phibetaiota.net/2011/09/paul-fernhout-open-letter-to-the-intelligence-advanced-programs-research-agency-iarpa/
http://www.kurtz-fernhout.com/oscomak/SSI_Fernhout2001_web.html
https://www.changemakers.com/morehealth/entries/health-sensemaking
Or, read "The Skills of Xanadu" for ideas from the 1950s by Theodore Sturgeon which helped inspire Ted Nelson and hypertext and so the world wide web:
http://books.google.com/books?id=wpuJQrxHZXAC&pg=PA51&lpg=PP1#v=onepage&q&f=false
Or look to groups like the Maker community or sustainable technology community inventing new ways of local subsistence.
Something I wrote thirteen years ago to Doug Engelbart's Unrev-II mailing list, and we are still more-or-less following predicted exponential trends: ...
"[unrev-II] Singularity in twenty to forty years?"
http://www.dougengelbart.org/colloquium/forum/discussion/0126.html
"Below are six "explosive" technology trends that all appear to culminate in around twenty years. Even if some of them don't pan out, the others will revolutionize our world (for good or bad).
You may argue the dates -- ten years for some, forty for others. You may point out Y2K didn't melt things down, that AI researchers predicted AIs by now, that fusion power was supposed to be here by now, etc. And you would be right to be skeptical. My point is that these are trends in many different areas -- any one of which would make this world radically different. Together, they spell awesome change -- in economics, politics, lifestyle, relationships, and values.
It is quite likely we are heading for a singularity in
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
The fourth amendment seems pretty clear to me.
Unfortunately it's not when it comes to electronic communications.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
A phone call isn't clearly covered, and SCOTUS explicitly decided it wasn't in 1928, then reversed itself in 1967. That's also when they came up with the "reasonable expectation of privacy" test, which I always thought was reasonable. Of course 1967 was an era when the court thought its job was to defend the Bill of Rights, rather than play nitpicking legal games to create as many loopholes as possible.
Don't bother trying to convince me that email, etc, should be covered by the 4th, as you'll be preaching to the choir. I don't give a damn what kind of legal games they play about you not owning the servers or storage medium. That's like saying that the 4th doesn't apply if you rent rather than own your home. My only point was that SCOTUS is free to play lots of games. My favorite is their recent Catch-22 nonsense, that you can't sue the government for a secret program violating your rights because you can't be sure they've been violated (of course not, it's a secret!). Maybe Snowden will release info on who has unlawfully been a surveillance target so they can sue.
Just like a swimming pool, keeping records that someone else might want is an attractive nuisance: people you don't want will go snooping around in them. And just like a swimming pool, it you that's liable when someone uses them without your permission.
At the moment, it's ISPs that find themselves having to cough up DHCP records to courts: give the criminals a week or two and they'll be writing exploits to get at Facebook, Google+ and your local video store, just like they've been doing for people who have lists of credit-card numbers.
--dave
davecb@spamcop.net
I've used the fact that GoogleFiber was my first ISP choice involving IPv6 to press a new novel interpretation of NetworkNeutrality. It seems to be going somewhere. ComIntercept(FCC->Google):
"The enclosed informal complaint, dated September 1, 2012, has been filed with the Commission by Douglas McClendon against Google pursuant to section 1.41 of Comissions's Rules, 47 C.F.R. // 1.41. Also attached is Mr. McClendon's October 24, 2012 complaint forwarded to the FCC by the Kansas Office of the Attorney General. Mr. McClendon asserts that Google's policy prohibiting use of its fixed broadband internet service (Google Fiber connection) to host any type of server violates the Open Internet Order, FCC 10-201, and the Commission's rules at 47 C.F.R. // 8.1-11.
We are forwarding a copy of the informal complaint so that you may satisfy or answer the informal complaint based on a thorough review of all relevant records and other information. You should respond in writing specifically and comprehensively to all material allegations raised in the informal complaint, being sure not to include the specifics of any confidential settlement discussions. ...
Your written response to the informal complaint must be filed with the Commission contact listed below by U.S. mail and e-mail by July 29, 2013. On that same day, you must mail and e-mail your response to Douglas McClendon.
The parties shall retain all records that may be relevant to the informal complaint until final Commission disposition of the informal complaint or of any formal complaint that may arise from this matter. See 47 C.F.R. //1.812-17. (seriously, can't I and Google just depend on the NSA's backups of our records? :)
Failure of any person to answer any lawful Commission inquiry is considered a misdemeanor punishable by a fine... ... ...
http://cloudsession.com/dawg/downloads/misc/mcclendon_notice_of_informal_complaint.pdf
http://cloudsession.com/dawg/downloads/misc/mcclendon_oct24_2012_complaint.pdf
This represents Google getting 'served' this week, my form 2000F 'informal' 53 page complaint that suggests that NetNeutrality provides protections against ISP blocking to my home servers as well as to Skype's. Google has been compelled by the government to respond to me on July 29th. GoogleFiber's 'evil' terms of service prohibit hosting any kind of server without prior written permission against your residential connection. And zero transparency for any alternate server-allowed plan rates, or what kinds of reasons they might use to disallow a requested written permission (which is laughable as the FCC 10-201 NetNeutrality document goes out of it's way to laud Tim Berner Lee's invention of the web atop tcp/ip, specifically, without having to have gotten any permission from any government or network provider)
I forwarded the documents to schneier@schneier.com and requested any insight he might have into the matter. I got an email response (theoretically perhaps spoofed) that read "Thanks.\n\nGood Luck."
I wonder if you could sue the feds for spying on you, and use the lawsuit to get a subpoena against the federal agency in question. When the subpoena is inevitably challenged on grounds of national security, rebut that with the fact that your constitutional rights are provided by the constitution which supercedes any laws that make the information secret in the first place (supremacy clause).
Of course, this is doomed to failure since the feds have shown they'll do whatever the hell they want to anyway.
A New constitutional amendment is needed in nearly every western country. It needs to strictly limit the information that a government can conceal from the public and limit what corporations and governments may collect.
Right now people blah blah about big data but the reality is that most data collected is not well analyzed and is poorly collected. A simple example is that I was doing some billing system work for a telephone company and based on the records they kept many phone calls never started, and many phone calls never ended. Just glitches in the recorded data. This is just one problem among many in really analyzing data. But people are only going to get better at this and with image recognition I can see both the police and retailers going mad once they can get it working. Through the pile of cameras you should be able to make a fairly good map of where everyone is all the time. Retailers on the otherhand would love to know your tastes and spending habits. That way they can pounce on their likely customers and say, "These green pants will go well with your new red sweater that you bought across town a week ago."
If corporations can start combining their data they can quickly build an incredible profile of every person. Get records from your power company about power usage, scan what car you are driving, what you are wearing, who you are with. I can see them identifying that you might have a new girlfriend and try to guilt you into buying her something "Special". This might all sound like innocent marketing but it becomes nastier when your employer can now buy a retail record that you met with some union organizers. (Which I did yesterday even though I run my own company because they happen to be friends).
Once the information that is gathered has some real value you will see companies energetically collecting it (paying everyone with a security camera to feed their machine) and then finding the gaps and putting up bill boards that watch cars go by and check their occupants.
But the elephant in the room is that governments really really should not know that much about people. If a government (democratically elected included) can watch its opponents then it will. Many people elected to government get very righteous about their mission and think that their opposition (taking cheap shots) only exists to steal their jobs and stop them from doing the right thing. So using government gathered data to stop them is actually the righteous thing to do. Or they are just dirtbags who don't want to let go.
Another one was a telephone tech division that used company's call records to see if they were talking to the competition. They also had the sales division's phones set up for two neat tricks. One was that if a phone call was forwarded they would see what number the call had been forwarded to. And they would see private numbers. These guys saw nothing wrong with this.
In my neck of the woods a government lost an election and one of the nails in their coffin was when it was revealed that they were using private tax records to target their fundraising.
So as this big data becomes easier and easier I can see where anyone with access to this data will misuse it. Not everyone just that there are some people who will abuse any data they can get.
So quite simply there need to be constitutional amendments (that lobbyists can't keep working against) that limit what data anyone can store and what data can be hidden. A simple example of this is that I don't want my power records accessible to anyone without a warrant. I want the mall security video to only be used in relation to a crime not sold to a marketing a company.
...the researcher, Ashkan Soltani, may not have enough understanding of the United States of America to come into a more holistic conclusion that it was the technology that puts the limit on the Big Brother
There was a limit, - and I use the past tense, "was", - and that limit, was morality
You just gotta be an American to understand what makes an American, an American
It's not a "snide remark" or a "fool's pride", but to be a true American, one has to have that sense of responsibility, that morality that pushes one to respect other people's rights, that forces one to limit oneself in order to not infringing onto other people's "space"
It was a social construct - that, in order for others to respect your right, you gotta respect others first
Unfortunately, all that had gone out of the door, when the congress critters in Washington D.C., stop thinking of themselves being Americans, but rather, a part of the global ruling elites governing the entire world
The erosion of morality on Congress Hill did not start with Obama, it started way back during Clinton's administration
While some may want to push the envelope to Tricky Dick's time (after all, he was the president who was pushed out of his presidency), but during Tricky Dick's era, the sense of morality was _still_ intact, or Richard Nixon wouldn't have to move out of the White House
Compare to Richard Nixon, how many of you think that Obama feels ashamed of what he has done ?
Muchas Gracias, Señor Edward Snowden !