Slashdot Mirror
Training Materials for NSA Spying Tool "XKeyScore" Revealed
dryriver writes with news of the latest document release on NSA spying programs. Quoting The Guardian: "A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats, social media activities and the internet browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden. The NSA boasts in training materials that the program, called XKeyscore, is its 'widest-reaching' system for developing intelligence from the Internet. The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight. The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10. 'I, sitting at my desk,' said Snowden, could 'wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.' U.S. officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: 'He's lying. It's impossible for him to do what he was saying he could do.'"
The slides in question. Looks like it was Mike Rogers that was lying and not Snowden. So much for the NSA's attempt at quieting public fear by releasing information on the Verizon phone data collection program before Congressional hearings today.
"They don't want the voice of reason spoken, folks, 'cause otherwise we'd be free. Otherwise we wouldn't believe their fucking horseshit lies, nor the fucking propaganda machine, the mainstream media, and buy their horseshit products that we don't fucking need, and become a third world consumer fucking plantation, which is what we're becoming. Fuck them! They're liars and murders. All governments are liars and murderers, and I am now Jesus. Now. And this is my compound."
- Bill Hicks, Live at Laff Stop in Austin
...yes. It runs Linux.
b&
All but God can prove this sentence true.
First off, almost anything "publicly" done on the Internet or through a third party server is suspect. Second, the idea that the NSA isn't doing this is patently absurd. Third, if you believe the NSA when they deny doing things like this, you are an idiot. Espionage agencies are basically required to lie. It's in their job description. Quite literally, their job is to deceive people.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
. . . I bought that Midnight Sparkle inflatable love-pony for a FRIEND.
They run themselves. They have a secret court where defendants are not allowed to attend, and are not even told they are on trial. They lie to congress. They lie to the president. They have an unlimited secret budget that nobody can check. They appear to be mostly controlled by the contractors and companies that sell them services. It's a giant graft. Private parties are helping themselves to public money, creating a surveillance state for unknown reasons under the guise fighting terrorism.
This is going to end badly. People with money and lots of power don't give up their toys easily. Expect to see the following soon: Lots of assassinations, or the NSA being raided by another enforcement branch of govt. Or maybe both.
Every public statement they make is a fucking lie. If they tell you it's sunny outside, you can bet that it's raining. They lie to Congress, they lie to the public, they lie to the President. When they go home at night, they lie to their wives and kids. They tell their dying grandmothers that they're fine and don't need chemo. They take down "Road Closed" signs and laugh when people wreck their cars as a result. They will climb a tree to lie when they could stand on the ground and tell the truth.
They always lie. They always WILL lie.
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
"we only plan to store metadata" my buntrocks.
Lovely bullet point:
* Show me all the VPN startups in country X, and give me the data so I can decrypt and discover the users.
Translation: not only do you have no privacy, doing what you think will make you hidden will just shine a spotlight on yourself.
b&
All but God can prove this sentence true.
Why would anyone assume the database includes only suspects that they're authorized to track? Given the track record of the NSA it is less likely that that is the case and it is more likely that they have anyone they want in it.
Modern copyright is theft of culture from everyone and it retards the progress of the useful arts and sciences.
Bogus! It's a congressional coverup designed to rationalize all this bullshit, with people like Pelosi on her knees before the NSA. Of course what makes it worse is the idiot public who believes all this crap and reelects these bums. How do we stop them from voting away our rights?
“He’s not deformed, he’s just drunk!”
For me the only viable solution is making the NSA's work/effort and all of their data capture completely transparent with audit trails, Etc. not to stop them, but so when the abuses do come we can figure out who did want and seek redress.
http://www.hawknest.com/
The burden of proof lies with the government, not Snowden.
Now how did they get their server in a territory of Russia? I understand Ukraine, but Russia???!!!!!
Rolling buffer of 3 days of ALL unfiltered data? So much for not collecting content.
Kool-Aid tastes good, huh? The authorities should have to prove their innocence. That is the price we have to demand for such power. Put them all under the Sword of Damocles.
“He’s not deformed, he’s just drunk!”
What part of PRISM didn't you get? The part where they hoover up data on everyone without a warrant or the part where they don't have to justify it to anyone?
So what does being a bootlicker pay these days?
Wikipedia has an entry on it: X-Keyscore
Good background story: Solving the mystery of PRISM
Spiegel Online covered it: 'Key Partners': Secret Links Between Germany and the NSA
Oddly enough it appears that news about intelligence programs used by America and its allies is reported in Persian. Go figure.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
I take it you either failed to read or comprehend the presentation then. Unless I'm misunderstanding, slide 18 makes it pretty clear.
You can do most of what Snowden says for free on the internet with a couple of specific search engines for pete's sake. For instance: https://pipl.com/search/?q=Jeff+Flanagan&l=Bolingbrook%2C+IL%2C+US&sloc=US|IL|Bolingbrook&in=5
That's a literal 3 seconds of work on a publicly available site without an email address, doesn't require an extensive database for even that small amount of information and your profile is relatively clean. They've already admitted that nearly the entire US was in their "authorized" group of people through 3 hops from the target. I'd guess that their software has access to a lot more than this really simple public tool, and even some of the paid tools. Make no mistake I can ruin your life without NSA tools, the NSA can most definitely do what Snowden was saying they could do and believes it has the authority to do so.
Because they have been saying they need to collect everything so that when they know what they're looking for it's already there.
They've been steadily expanding into the "record everything" domain for years now.
I see no reason to doubt that they're grabbing everything they can get and then deciding if it's pertinent later. That's been their stated goal for a long time.
Lost at C:>. Found at C.
I thought they couldn't search their own e-mail? It can't be that good a tool if they don't even use it on their own stuff.
It's shocking to discover that the government can actually accomplish anything, as opposed to wasting $800 million in taxpayer money with nothing to show for it.
But I'm sure if they would just show us the redacted slides, it would clear everything up... right?
Seriously though, I kind of expected things to be this bad, and they may even be worse, but this really does add frightening perspective. If they release enough information about their systems, perhaps one day someone or some group will come up with a way to at least partially work against it, or at least muddy up the data they are collecting.
Brought to you by Carl's Junior.
FYI try plugging in your middle initial and it gets really creepy from there.
They've already cop'd to mapping networks out to (n>2) degrees of contact. It's the "implicit authorization to track people networked to a suspect" that makes this all so dangerous.
I'm not the first to refer to the lame "Kevin Bacon" jest.
Mike Rogers did not say that it wasn't possible for someone to eavesdrop from their desk, he was saying that official policy was not to do that (without the OK of a superior). I think he was fairly clear on that point. He's not saying that it's not technically feasible, just that NSA personnel are told that it's contrary to stated policy and are (officially) requested to comply. He didn't address whether the policy was enforced in any way or whether that sort of activity was audited - but then again, everyone was careful not to ask that question.
Rep. Mike Rogers may not have been lying, exactly, with what he stated earlier. He may have been misinformed (e.g., lied to) by whoever briefed him on NSA's capabilities and available data. Which is not surprising, given the blatant lies and deception exhibited over and over again by the highest levels of NSA executives.
Hear me out. Snowden said he could wiretap you with just your email address.
This doesn't amount to that. All this is is a large database. All the data they get they put into a database. That's how they use "big data".
But you can only search for what's in there.
What will be in there is metadata from the metadata drag net (pen register/trap and trace). This includes email from/to, etc, but not the content. It also includes phone call from and to numbers but not the content, although Snowden said email, so I guess he wasn't talking about that.
Also in there will be the content of communications which were captured previously. This is what amounts to an actual wiretap. But they cannot capture these communications between Americans with a drag net, they have to get individual warrants (presumably secret FISA warrants).
So, if you gave your email to Snowden, he could look up everything which is in there, but unless you were already wiretapped, he wouldn't find any wiretap info. If you are American, he cannot put on a wiretap just by you supplying your email address.
So the original denials were correct. Snowden did overstate what he could do. He may not have been limited enough in what he could do, but this was not one of the things he could do.
http://lkml.org/lkml/2005/8/20/95
I heard the NSA has had trouble complying with a recent FOIA request, something about not being able to read their own emails. Someone should tell them about this "XKeyScore" thingamajig!
How could you even implement a search unless you had a database that already contains scads of generic data to search through? If you could make a database consisting only of "suspects they're authorized to track", then you wouldn't have to search anything. You've already got the search results.
A database containing only suspects they are authorized to track would be worthless to them in the context they're trying to sell it. Every argument they have made makes it clear that they see it as searching for a needle in the haystack, and all of us, all of us, are the hay.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
I'm not exactly sure what they mean by a "strong-selector," and maybe someone can explain that, but it seems to me slide 15 implies they can look through large pools of data they've already collected to find targets. So it seems like they're gathering info about everyone they can.
That the data is collected has already been established, by more than one whistleblower. That's old news.
The new revelation here is that a relatively low-level guy could easily search through the database looking for everything they want. That lapse in security is actually surprising, even if you have a low opinion of the NSA.
From a legal perspective, it seems they are allowed to collect the data, but they can only look at it if authorized (ie, crtain requirements are met). What Snowden is saying is that the authorization method wasn't very robust, which means that someone somewhere probably has actually abused this to check up on his girlfriend or something.
"First they came for the slanderers and i said nothing."
'bout tree-fitty.
We don't have a state-run media we have a media-run state.
Why is it that nobody points to the obvious?... That this is evidence that the NSA (and US government) has intentionally undermined the security of all communications and computer systems. The global financial and communications infrastructure is wide open for anyone that has the key. Every power the NSA has, they have also granted to everyone else on the planet with the interest and means to wield it. They might say, "well, if someone could do that, then we'd know about it..." but I don't believe that it would be so obvious. If someone set up a trade in industrial trade secrets, or skimmed financial transactions properly, the world wouldn't be the wiser. Blackmail, extortion, ...
I wonder how much of an accident it is that Chrome's Incognito mode tells you:
Going incognito doesn't affect the behavior of other people, servers, or software. Be wary of:
well.. it's only people they're authorized to track(EVERYONE OUTSIDE USA!) and then people with connections to them..
soo.. yeah, figure it out.
yes, I am aware that it is a bit of a hyperbole because they've only admitted to two levels of separation between persons of interests.. those being anyone with ties to iran, middle eastern groups, unwanted groups etc.
besides, how the fuck do you think you add people to the system? that the judge reviews the data on the case, ponders and then the judge gives an authorization key that lets them add a contact? fuck no. you just add their addresses while making a single promise holding up your pinky that you "believe" you have rights to to add that tap. they don't have the manpower to go through every tap added.
world was created 5 seconds before this post as it is.
OK what I see is a raw TCP traffic that they are scanning and parsing for hosts, request types (get,post), header info (referrer), and content. So they are talking about any web site. So does it mean they have access to record every single piece of traffic passed through a major backbone? But than they have a server in Russia. And in China. Someone above mentioned that the servers could be inside of the embassies. Not exactly intelligence friendly countries. Does it mean they managed to put a sniffer on their hosts' networks backbone? HOW if they do not have a physical access to the major routers?
"The XKeyscore program also allows an analyst to learn the IP addresses of every person who visits any website the analyst specifies..."
I'm with the NSA and I'm posting as AC for obvious reasons.
When you assume that they're always lying, they'll tell the truth, under the secure knowledge that you won't believe them.
We always lie and I'm lying.
Hey, it worked on Star Trek!
If you tell a kid that it should not steal cookies and when it does you do nothing about it, it will assume that it is allowed to take the cookies. The longer you allow it, the harder it will be to enforce the rule.
The defense of the parent could be anything from "Because I said so." to "My house, my rules."
So who has told the NSA to stop it and what actions have been taken to punish them? If I were the NSA, I would assume that all I do is authorized, until somebody stops me.
Don't fight for your country, if your country does not fight for you.
Here is an SMBC comic about intelligence agencies.
A database containing only suspects they are authorized to track would be worthless to them in the context they're trying to sell it. Every argument they have made makes it clear that they see it as searching for a needle in the haystack, and all of us, all of us, are the hay.
That is, until someone in some government somewhere decides you look more like a needle.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
How many more lies are we going to put up with until something is actually done?
I'm sorry, but you actually believe that they don't or are you just playing devil's advocate? Because frankly, the thought that they got authorizations to track all of these individuals that it would require, "Over 700 Servers"
"Don't meddle in the affairs of a patent dragon, for thou art tasty and good with ketchup." ~ohcrapitssteve
Too bad the media bought it hook, line, and sinker. They did not build the huge, Soviet-style Utah Data Center to store meta data...
It turned out that bootlicker was the lochness monster!
He did also show that they were snarfing up all call data on everyone. Gee, I wonder where they put that mass of data. If only there was some stable base platform for storing data....
Exactly. There is a reason they are called PUBLIC servants, and we are called PRIVATE citizens. Their actions are supposed to be public so that we can make sure they are representing our interests and vote accordingly. A representative democracy in which that is impossible is fundamentally broken, and one in which the privacy of all the private citizens is ignored, even more so.
What changed under Obama? Nothing Good
You raise a very important point. It's more like they're looking for arbitrarily chosen pieces of hay, and all the pieces of hay that they suspect may in some way be related to that other hay. By their own arbitrary criteria, of course.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Which is not surprising, given the blatant lies and deception exhibited over and over again by the highest levels of NSA executives.
You are being unfair to the NSA. Eric Holden, the Attorney General in office, is on record for more perjury before congress than any single NSA official. Once regarded as a felony (and officially still being labelled as that), perjury before congress has become an integral part of playing the representatives of the public, and those are being good sports about it. Nobody crying foul here.
Found a little comment in the Austin,TX paper that is very appropriate to the NSA actions: "If we are to accept that the executive branch of the U.S. government is operating within the bounds of the Constitution in its implementation of the recently disclosed domestic spy program. i.e., having approval through the FISA court and tacit congressional consent, then per the 4th amendment, “no warrants shall issue, but upon probable cause,” the only valid probable cause to surveil the entire domestic population is to declare them likely criminals. The question to answer then becomes, what do the citizens of this land do when their government has wholesale declared them all criminals?" So I put it to you, what is the correct course of action when we citizens of these United States of America are now all criminals in the eyes of the government?
Not only are they spying on you - they also stole all you money a few years back.. remember? Pepperidge Farm remembers..
Besides, there is no rule to prohibit surveillance of non-American or communications between non-American and an American.
Only 700 servers in 2008? That is a very small setup for something pretending to be so massive.
It seems they can't keep the data they collect for that long.
With the possibility of multiple countries (US, AU, CAN, GBR + NZ) being involved you would think they could get their hands on more processing power than that.
I call bullshit. I would take that document with a big dose of salt.
This is propaganda. Don't buy into it.
The new revelation here is that a relatively low-level guy could easily search through the database looking for everything they want. That lapse in security is actually surprising, even if you have a low opinion of the NSA.
There was almost certainly a ton of oversight in what they were looking at. It just wasn't what any reasonable minded person would interpret as JUDICIAL oversight.
President Merkin Muffley: General Turgidson, I find this very difficult to understand. I was under the impression that I was the only one in authority to order the use of nuclear weapons.
General "Buck" Turgidson: That's right, sir, you are the only person authorized to do so. And although I, uh, hate to judge before all the facts are in, it's beginning to look like, uh, General Ripper exceeded his authority.
We don't have a state-run media we have a media-run state.
If tomorrow you become a suspect, they will need to examine all your past data. So all the your data must be there, just in case. QED
Addendum: unless you are out of trial by definition, like being a politician, some middle-to-high management level related to this and other government protegees, in that case your data probably is not there, and never will. Nobody watches the watchers.
Thirty pieces of silver
We complain about how all the "sheeple" keep voting the idiots into power and then doing nothing as their freedoms erode, but if ignorance is a significant part of the problem, what are we doing to fix it?
I don't always have the time or eloquence to lay out a compelling narrative with an overwhelming mountain of evidence to persuade my friends and relatives - and frankly, my memory sucks. So I'm wondering, is there compelling, noninflammatory collection of facts that I can point people to?
The media isn't telling the story, so that leaves it to us.
They have been doing this for years, blaming "Obummer" glosses over the fact that a very many number of people are infringing on constitutional rights.
"No other system does this!" is repeated on practically every slide. This smells a lot like a sales pitch. Kinda like a private contractor trying to upsell a government agency. I am not saying that this isn't legit, but if a salesman tells you that their system does "unbelievable and unparalleled thing X" (ahem, decoding, storing, and indexing all VPN traffic around the world) he better have more than just a slide to prove it.
It breaks my pluginses, my precious!
Batman listened to everything through everyone's cellphones. Barrayaran Imperial Security monitors everything. BBC-America's MI5 (or Spooks, for original BBC wachers) seemed to be able to access every webcam ever made. Jack Ryan survives through signal intercepts.
Google and Bing and Yahoo are scanning all your base all your time. How else can they find whatever you want whenever you want it?
This is one of those things that seems like a good idea when applied to OTHER things and OTHER people. Search engines on the web? Of course, anybody putting something online *wants* it to be found. Fictional security agents hunting the bad guys hiding among the solid citizens? Of course, that's what we fictionally pay them for.
For arguments' sake: How do you debug a problem? Probably trace everything and look for anomalies, right? So why be surprised that the NSA thought any different?
We're starting to argue over semantics.
The NSA clearly has a different definition of 'wiretap' than how Snowden used it, which is how they can argue 'no, we don't do that'. I assume that Snowden meant 'I can retrieve large amounts of data on you given your e-mail address' while to NSA it meant 'we can set up an individualized 100% reliable sniffer given your e-mail address'.
Next, we should discuss what the definition of 'is' is.
Build it, and they will come^Hplain.
Umm.. read the PDF - it's pretty clear this is something like a 3 day+ 'buffer' of all trackable internet metadata (e.g. connection logs, http requests), with application and site specific 'smart filters' to capture more on request
'I, sitting at my desk,' said Snowden, could 'wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.' U.S. officials vehemently denied this specific claim.
They're vehemently denying that they can wiretap anyone that easily. Strictly speaking, running a database query is not wiretapping.
Sorry to inform you but it says so in the very document:
"Rolling Buffer" of ~3 days of ALL unfiltered data seen by XKEYSCORE:
- stores full-take data at the collection site - indexed by meta-data
- over 500 servers distributed around the world
Later:
- we can use this traffic to detect anomalies which can lead us to intelligence by itself
- E-mail Addresses, Extracted Files, Full Log, HTTP Parser, Phone Number, User Activity
It appears they take all data and then use that to detect anomalies. It includes data on everyone, and from all of the data they try to pinpoint targets.
Look for anomalous events
- Someone whose language is out of place for the region they are in
- Someone who is using encryption
- Someone searching the web for suspicious stuff
They have example tasks listed such as:
- Show me all the encrypted word documents from Iran
- Show me all PGP usage in Iran
- Swow me all the VPN startups in country X, and give me the data so I can decrypt and discover the users
- Show me all the Microsoft Excel spreadsheets containing MAC addresses coming out of Iraq so I can perform network mapping
- Show me all th exploitable machines in country X
- Show me all the word documents with references to IAEO [International Atomic Energy Organization?]
- Show me all documents that reference Osama Bin Laden
Just think of the data mining that was done in the swing states last election. Is sending a taylored message to a specific subset of people which has a high probability of changing their voting position truly the democratic way of electing our officials? We're just sheep in swayed by parties to vote Democrat or Republican.
http://mikerogers.house.gov/contact/
Full disclose here, I'm a security professional. I personally see a capability within these slides that the US needs to have and would be scared if we didn't. For me I have no expectation of privacy when on the Internet. The protocols were not designed for privacy they were designed for availability. All the meta data is in clear text all the connections are in clear text. Yes we can encrypt our payload but it's very difficult to mask were we are going. Even with a VPN it has to terminate somewhere and the traffic from that termination point would be available to be snooped. As almost all communication moves to the Internet how does a government with limited human resources investigate potential threats? Are we satisfied with after the fact response from our government? If this was in place and it stopped 9/11 would we be grateful for all the lives it has saved? Over 300 terrorists captured. It only took a handful to pull off 9/11. Does the government care if I look at something a little strange. Maybe, I'll be flagged and then an analyst will look into my traffic and see that there is nothing of major concern, move on to next suspicious activity. I ask slashdotter's what is the best way for a government to find threats to it's citizens in this digital age? Should the Internet be hands off for our government?
So if this is 'XKeyScore', is there a command line version 'KeyScore'?
well.. it's only people they're authorized to track(EVERYONE OUTSIDE USA!) and then people with connections to them..
You mean like, people sharing an IP address space with criminals and terrorists?
NSA is our common enemy.
NSA should be attacked continuously by anyone skilled at this until everything it stores has been leaked causing worldwide outrage.
NSA should be destroyed.
NSA doesn't abide by international nor regional laws and conventions thus i declare myself at war with the NSA.
Don't think that the revelations about the NSA are the only areas of secrecy.
Based on the example queries in the slideshow, you're assuming that things like "show me all spreadsheets sent from Iraq that contain MAC addresses", or "show me all exploitable machines in country X" only include data from people on some list? Wouldn't they have to first get the data in order to find out if it is even relevant to their list? If they already have the data, why not just store it? It may come in useful later, right? Don't worry though, they claim to have captured over 300 terrorists with information from this system. So all of our web searches, HTTP traffic, email addresses, phone numbers, files and documents, VPN traffic, VOIP traffic, Google Earth traffic, cookies, usernames, buddy lists etc are in their databases, but that's ok because they've captured over 300 terrorists.
Go fuck yourself if you're going to defend this program, and scroll up to the top of the comments and read that quote from Bill Hicks.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Tha's what I've been saying every story so far -- the "safeguards" are written process that people are supposed to follow. There is no uncorruptible logging going on, with MD5'd files shipping offsite to multiple storace sites; no alarms going off; no checks that servers don't have extra stuff installed.
If a G. Gordon Liddy operative wanted to do a little political spying on the opposition, nobody would know. And it is exactly this issue, spying on opponents, that half the first 10 amenents exist, not to stop them from spying on hot chicks.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
That is, until someone in some person in government somewhere decides you look more like a needle.
Slight addendum. A person like, say, a vengeful ex?
upon the advice of my lawyer, i have no sig at this time
I care...I really do. I find this latest revelation shocking and upsetting. But the people I talk to about the NSA including my parents, my spouse, and many others --don't care--. They don't care at all. "I'm not a terrorist, so I don't care if they are reading my emails." And in long discussions about why they should care, if not for themselves than for their children/grandchildren...I get nothing. It's terribly disappointing, and frankly I think even if they found out that the NSA had cameras in our living room, I still don't think they would care.
Sort of like the environment or global warming...people, especially those of us in the comfortable middle-class, first world, truly can't be motivated to action unless they are directly affected by something.
Mr Snowden I applaud you, and now unfortunately I pity you.
A very effective way to demonstrate the power of the system would have been, prior to his departure, to run the XKeyScore system on himself and then release that information at some point in the future. This would have shown the power of the system, and the fact that it can be used arbitrarily against anyone, US citizens included. Right there for all to see, his personal online activities and communications. It's not like he's still living that life anyway.
I've given a couple of presentations on the vast amount of publicly available data that is available on everyone. To demonstrate, I used reports I purchased on myself from a couple of data aggregation providers. Eye-opening.
BlameBillCosby.com
It's not as if they're trolling through private citizens' personal data looking for petty crimes. They're looking for known terrorists who are active threats against Americans.
Besides, even if they were, if you don't have anything to hide, then there's nothing to worry about anyway. If you are the law-abiding citizens you claim you are, then you have nothing to fear from any of this. Uncle Sam is just trying to do his constitutional duty to protect the United States.
I like how slide 6 shows the band of sites to defend against the Mighty Antarctic Threat.
When I first got onto the Internet in the early 1990's, there were three things that were made quite clear to me when given my account:
The NSA claims they are simply collecting Call Detail Records (CDRs) and packet headers, although likely more is being collected. But seeing CDRs and IP headers is no different than watching me when I'm walking around the street. Seeing the packets to my Google session is no different than knowing that I walked from my house to the nearest pizza shack. Everybody and anybody could see me do it, but it doesn't mean my privacy was violated -- I did all of these actions in public!
People should not be surprised or upset that this information is available to be collected because that is the cost of using the Internet. You are intentionally sharing information with third-parties in the interest of obtaining a service. Even the snooping of email in GMail or Yahoo should not be surprising because you shared that information with a third-party (the service provider) and the provider has different legal requirements than if you simply shared that information directly and exclusively with your interlocutor.
If you are upset about the Internet being public, then you should stop wasting your breath complaining about how what you thought was private is actually public and instead start advocating for the wide-spread use of encryption algorithms and always-on SSL. You should start advocating for the ability to run servers (mail and web) on residential connections so you don't have to share "private" information with third-party providers. You should advocate for rolling out IPv6 instead of being lazy and claiming that unencrypted NAT-ed IPv4 is good enough security.
And when your done advocating, lead by example and use these technologies yourself.
Just because you think something is private and secure doesn't mean that it is.
Why keep this in the shadows and create all this controversy. If the American public wants this, then just repeal the 4th amendment and have at it. No one would be at all surprised to learn that China monitors all electronic communication, they have made no promises not to.
Now if there aren't enough votes to repeal the 4th amendment, maybe, this isn't what the public wants.
Nor should there be. Ever.
Don't we nerds have to blame ourselves ?
So.. every slashdot reader knows that every mail, every facebook posting, every twitter fart, everything you do on the internet travels in the clear through anyone's server. Moreover, we "store" our live's data (email, photos) for free at providers we KNOW sell our data to anyone who is paying.
How exactly is what NSA doing different from what Facebook is doing or Google, or DoubleClick or any other add company ? These companies promise us they only reveal aggregate data,not details ? Really ? Any of these providers can change their terms and conditions at any time and maybe we will find out and, no, we will never be able to delete stuff we already have posted if we don't agree with the new terms. We can throw a tizzy and "close our account" but really no account can ever be closed, it will still count towards the member count the providers show to their investors.
Having the gubment change the rules for the NSA or any other government organization does not begin to address the real issue.
The real issue is that we, the internet users never cared one little bit about our privacy, we KNOW everything we do on the net is visible to anyone who cares and we also know that stuff will never go away.
It is not exactly that the NSA (as we know off) hacks into our computers and steals our data, they simply care to collect the huge trail of litter we leave behind us wherever we go.
It is as if we open all our mail and scatter it around town, can't exactly blame anyone for reading and/or collecting it now can't we ?
The burden of proof lies with whoever is making the assertion.
There should be if there is no reason to believe they present danger to us; anything else is just cowardly warmongering.
Spying could be interpreted as act of war ... you know
You cannot just spy on countries and do not expect consequences.
Jew World Order - the absolute power like the Kim family in North Korea, combined with the technology and the military strength of the USA.
> people sharing an IP address space with criminals and terrorists?
Possibly, if the space you meant was 0.0.0.0/32 .
Be real, it's probably everyone connected by having sent email to each other, posted on the same threads in any forum, or even possibly just visited the same URL even at different times. Or connected to a connection (by the same criteria). Etc.
It runs lotus notes...
don't ask me how I know this :)
It has been intentionally dumb down over the decades, as the elite ruling class knows, the more knowledgeable a person has, the more dangerous (to the elites) this person will become.
New Economic Perspectives
Harry Tuttle, Heating Engineer will fix it!
I wonder if they ever use this information to troll people. Like, if a subject visited a certain site they could all go there and mess with his head.
Nor should there be. Ever.
I see, you don't believe in human rights, only in American rights.
The Tao of math: The numbers you can count are not the real numbers.
buck 'o five
Someone in some person?
The Tao of math: The numbers you can count are not the real numbers.
Ever since Edward Snowden went public, I have been racking my brain trying to conceive of a catastrophic event involving government surveillance that would motivate a large number of people to march on Washington chanting "Enough!" Say the words "Social security reform" out loud and retirees start boarding buses bound for the capitol. Suggest that limits on gun ownership should be put in place and the NRA is on your doorstep. Point out that the NSA is building a massive repository of every aspect of your very being...and people shrug. They just don't see the value of and power of personal or private information. It's too nebulous a concept for the average person to grasp, and no amount of public awareness is going to help. And those running the program and collecting the data sure as hell aren't going to give up their valuable and powerful tools, no matter how embarrassing it is when they're called out in public. Quite the opposite: they want more tools and they want them yesterday, and they don't want to be told what they can and can't do with them, especially when are busy protecting us from the bogeyman. Very few of us - Mr. Snowden et al - are willing to stop and consider why this is wrong. So does anyone have any ideas of what it will take to turn this indifference into outrage? Or will it take a full-scale and bloody revolution to stop us from being dragged down that path to hell that is paved with good intentions?
"Could be worse...could be raining." Igor
I understand that at first glance this looks like overreach, and depending on who had access and how often it was used, perhaps it is. But the NSA does not do law enforcement, they do threat detection.
Imposing a suspicion-based, after-the-fact scheme would mean terror cells could (and probably already do) host their own encrypted SMTP servers with no archive, thus thwarting any attempt to trace messages sent before a target is identified. So even if a judge finds probable cause and some kind of targeted hack/trace could be established, it would be too late to look at data created before the warrant was issued. Why would we hobble our first line of defense against real, plausible threats in order to avoid theoretical abuses? Wouldn't it make more sense to keep the programs intact and ensure safeguards against abuse?
Even if you are afraid of some hypothetical future fascist regime that has plans to abuse this apparatus on a large scale, please explain why such a regime would have any interest in respecting the Constitution at all? In other words, if things got so bad that the NSA started spying on you because you wrote something to a friend they didn't like, citing the lack of a warrant is not going to help.
Of course there are many (actually just some, but they like to think they are many) who believe the US is already some kind of fascist state, but I would suggest you talk to people living in places like Russia or China before establishing a "Big Brother" standard against which to compare the US.
As for the legality, IANAL, but some obvious observations:
We need to protect ourselves against government overreach and abuse - we are after all a nation of laws, not men. But the notion that the NSA keeping a few days worth of 1s and 0s just in case they are needed is anathema to our way of life is ludicrous. We keep medical, criminal, travel, financial and many other records for years and years. Why is this any different except that its a convenient vector of attack against an arm of government that is charged with doing exactly what XKeyScore is designed to do - seek out and neutralize threats to national security.
You unblock guadian with noscript, but then you have a list of 20+ other sites and no idea which one leads you to the article. I wanted to see the slides, but fuck it, I don't want to keep guessing on which sites to unblock.
Be seeing you...
I find it funny that no one is believing the officials, congressmen, etc...but they believe an IT specialist who has documents and slides that can easily be manipulated and changed to say whatever he wants. I think I'll publish my own stuff and slap a bunch of official labels on it and then flee to Russia.
So we're going to believe one man who claims to be doing everything for freedom and the american way, but he's seeking asylum in countries that have pretty shaky human rights records? America, you are a bunch of morons! Don't believe Snowden and don't believe your government. Just scrap the whole thing and make something you can all agree with!!1 What's that? You can't agree on the basic necessities for living in the modern world? Morons!
Batman listened to everything through everyone's cellphones. Barrayaran Imperial Security monitors everything. BBC-America's MI5 (or Spooks, for original BBC wachers) seemed to be able to access every webcam ever made. Jack Ryan survives through signal intercepts.
Google and Bing and Yahoo are scanning all your base all your time. How else can they find whatever you want whenever you want it?
This is one of those things that seems like a good idea when applied to OTHER things and OTHER people. Search engines on the web? Of course, anybody putting something online *wants* it to be found. Fictional security agents hunting the bad guys hiding among the solid citizens? Of course, that's what we fictionally pay them for.
For arguments' sake: How do you debug a problem? Probably trace everything and look for anomalies, right? So why be surprised that the NSA thought any different?
Okay, the first shit was movies dude. Movies. Not reality. Yes, Google, yahoo & MS have search engines, they search the internet for data. They track our online movement to make money off us. Does MS & Yahoo scan my Gmail email account? No. They don't. Does Gmail scan my emails? I do not know, and I do not care. See, I understand that the internet isn't safe. That gmail has access to my gmail account. If i really wanted to send info I didn't want others to read, I'd encrypt it first. Probably like most any fucking terrorist would do, because it puts a layer of security on your email that YOU control.
The NSA has been compiling a database on everyone. Forcing corporations to give up security keys, open holes in the system, etc to get info about everyone in the world. While claiming it wasn't. Not only was this done on tax payers money, it was done in secret, while we were being lied to about it. It is a system that is being abused, and will continue to be abused unless we do something about it.
Be seeing you...
"The new revelation here is that a relatively low-level guy could easily search through the database looking for everything they want. That lapse in security is actually surprising, even if you have a low opinion of the NSA."
It's not really surprising at all, without any particularly negative opinion of the agency involved beyond expecting that they are more concerned with the tasks immediately before them than with the legality of what they are doing and the long term affects on the republic. This is negative, yes, but it hardly applies to them, in this they and the rest of the government unfortunately mirror a large portion of the public.
Any sort of security or accountability layers here would be seen as needless mickey-mouse nonsense getting in the way of them doing their jobs. And that's exactly why our founding fathers were far-sighted in denying the government the authority to run this sort of operation in the first place. The power to snoop like this is simply too much power for any individual or institution to be trusted with. Power corrupts.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Dude - I *agree* with you. I think the lying bastards are just DOING THEIR JOBS defined by the conservative congressmen who WROTE the Patriot Act and pooh-poohed the worries and objections at the time, and who are now claiming to be offended since the president is of the other party.
I realize those are movies and TV shows and books. My title did include the word "fiction", right? Then the idea creeps closer with search engines, until finally someone is reading my diary over my shoulder. It's frighteningly easy for this stuff to go from "1984" fiction to current fiction to reality.
for people to realise that the Government is lying to you!
And as I remember every time I use it: It disables ALL extensions, meaning they have javascript access to your 'incognito' client while you're using it, if for example you run Notscripts.
Not everyone at google needs to be evil... just the ones setting policy.... (Gee, where else does that sound like....)
I would mod it up from the Bill Hicks quote, I do not have any..
Why is it others make this argument and get modded down others make the same comments and get modded up? /. is just as backwards as our moron politicians. So something /.ers can spot out from someone famous get everyone ogling. No wonder the country is fucked.
The NSA, like any police force, is going to be full of evil people. Some decent people as well, but probably more of them are downright evil. And being evil, they don't have morals that get in the way of getting promoted.
Now if an evil person has the ability to tap the President's email and find enough dirt to blackmail them, why wouldn't they?
I moderated this topic hard, so posting as AC.
intelligence from the Internet.
If I was looking for intelligence, the internet is the last place I would look.
...no need to go to any further degrees, as it's not just one subject (i.e. everyone, not just KB) the birthday paradox means they get 100% coverage.
All your ghosts are just false positives.
If you remember, Mike Rogers was trying to push through CISPA. I think the signs of this were out there, long before the SOPA / PIPA debates.
It takes some serious cognative dissonence to assume you are OK to do something on one hand, but do everything in your power to prevent people who might be able to stop you from knowing you are doing it on the other.
You really are a shill aren't you? I mean, you actually work for the NSA or some part of public relations responsible for defending them online. This sounds like it comes right out of some internal propaganda sheet. Traitor.
Ignoring the slander for a moment, I would suggest that you reconsider calling anyone who disagrees with your assessment of the situation a traitor. That is exactly what 1984 and a totalitarian state is all about. I find it quite amusing that your big finish involves claims of disloyalty to your cause and accusations of commiserating with the "enemy". You sir are the type of person who the average citizen should be concerned about. You are the definition of a zealot who considers opinion as fact, speculation as truth, and evidence as lies. What was the motto of the Oceanic government? Oh right, it was: Ignorance is strength.
For what it's worth, ubermiester, great rebuttals. I've enjoyed reading them. Also, I hope you don't feel too bad. This seems to be a common theme with this guy, and the irony is utterly lost on him.
In Soviet America, the internet searches you!
Should that be /0 ?
Yes, Anonymous Pedant... it should have been /0... ("I'm a mathematician, Jim, not a network guru!")