NZ Professor Advocates Civil Disobedience Against Mass Surveillance

nut writes "We're all aware of how much surveillance we are under on the internet thanks to Edward Snowden. Gehan Gunasekara, an associate commercial law professor at Auckland University in New Zealand, wants us all to start sending suspicious looking but meaningless data across the internet to overload automated surveillance systems. Essentially he is advocating a mass distributed Bayesian poisoning attack against our watchers."

Need to Do More

[Jherek+Carnelian]

Just sending a bunch of keywords in email isn't enough - emacs has had a spook function since the 80s so they are kind of used to that stuff by now./ You'll have to act like a crazy-pants terrorist.

To make it really work we need to bring the eternal september to the islamic extremist websites. Everybody go post on those arabic jihadi websites. Uh, does anyone know of any arabic jihadi websites? Or how to read and write arabic?

Re:Need to Do More

[AHuxley]

Lists where tried in the 1990's and seem to be filtered.
http://blogs.fas.org/secrecy/2013/08/quantum-leap/ seems to hint at the "exploiting open sources of information, particularly social media"
"utility of social media in exploiting human networks, including networks in which individual members actively seek to limit their exposure to the internet and social media"
Go to your local library and search for a few good local political journalists emails.
Spend a few days looking at real, local political scandals, deals, foreign intrigue or any interesting issues.
Note as many names as you can, brands, firms, lawyers names, journalists. Create a new draft email and account with one of the big US technology giants that the NSA likes.
Start shaping your draft message. Be as creative as you can about new information, a family member willing to talk.
Anonymity, hint at a bank, a document, past low level political access that 'helped'.
Pad out the intro and local aspect with a time line, what was in the press, how a journalist was on the right track, regional terms.
Save the draft.
Read and save your message from the account via clean computer (MAC and wifi unused) in the state capitol days later.
Keep a camera near your door if you ever get a 'unrelated' visit.
Speak loud and ask the person at the door to speak up too :)
i.e. make your message flow like a real whistelblower might. Great practice for a work of fiction.

Re:Need to Do More

Under UK Law, downloading this could result in a prison sentence.

Re:Need to Do More

In high school, I got in interested in explosive chemistry, so I had a local bookstore order The Anarchists Cookbook for me. The easiest recipes are the most dangerous. I asked my grandfather to get me the materials for the easiest and most-powerful thing to make (because he knew everyone, and could get anything), and he basically told me I was crazy. I was asking to make the detonator that he loaded into howitzer shells during the war. The stuff was so sensitive, they tested it by firing shells through PAPER. I was still determined to make SOMEthing that exploded.

Then my chemistry teacher (who I was very close to) caught wind of what my best friend and I were up to. One day, he didn't lecture or give us a lab. He did a demo. While he talked about the weather, or some other nonsense, he very calmly distilled a couple of drops of 100% nitric acid. He didn't explain any of this; I just knew enough about it to know what was going on. He then poured HALF of that couple of drops into a fire tube and stuffed a wad of test tube straw packing material into it. He continued to talk while the nitric acid effused into the straw. He then started a wood splint on fire, and held it towards the open end of the fire tube, which he had placed at a 45-degree angle. The straw ignited, and the wad shot about 12 or 15 feet across the room. I understood that he had just made very weak dynamite, and saw how powerful that was, and immediately resigned to not screw around with trying to make explosives. He never explained why he did it, to me, or the rest of the class, but I learned the lesson as clearly as I ever learned any.

Re:Need to Do More

[dmbasso]

And yet I love the never ending posts about how America is the ONLY country which is a threat to liberty. It certainly is pushing at the boundaries of crazy but at least it is still ostensibly legal to download that manual.

FTFY. But republicans (and democrats, but less explicitly) are working hard to "fix" that.

These programs are thrust on us, and we have to really complain for even the slightest hope of the patriot act to not be renewed.

Money is the root of all problems. Best action is to reduce its influence: http://www.wolf-pac.com/

If we stumble we may drag everyone to the ministry of love with us.

True, and a really scary thought.

Re:Need to Do More

[buchner.johannes]

Under UK Law, downloading this could result in a prison sentence.

Yes? It sounds like the US has the strictest rules here, punishable by a $250,000 fine and 20 years' imprisonment.
https://en.wikipedia.org/wiki/Bomb-making_instructions_on_the_internet#Legislation

Re:Need to Do More

[fuzznutz]

What a crock of drivel, the citation is right there, the US has it punishable by a $250,000 fine and 20 years' imprisonment. Do all the hand waving you like, the truth is the law is much more oppressive in the USA than it is in the UK in this matter.

Every day, I am more and more convinced that Dianne Feinstein (the author of the amendment) is by far the greatest danger to freedom in the United States Congress. Apparently, neither the 1st nor the 4th amendment mean anything to her.

It is interesting to note as was posted earlier that this particular law is not being enforced. The executive knows it will be thrown out by the courts if tested.

Re:I've my own approach.

[SuricouRaven]

Oh, almost forgot: FIRST!

There are a few small issues with retroshare still (No forward secrecy, key length should be longer, hell to compile), but those are just refinement issues. More users means more incentive and developer attention to perfect it.

You first!

[Seumas]

Fifteen years ago, I'd have been all for causing a disruption. Exercising my self-evident liberties and thwarting The Man, when he came down on me for it.

Now, I have a fucked up back from a car crash, a fucked up knee from wrestling, a mortgage, people depending on me, a professional career, and neighbors. The amount of ways they could absolutely obliterate my life at their slightest whim are uncountable. As much as I'm all about people doing something and not just playing "Reddit-pretend-rebel/protestor", we are beyond the time of, say, the 90s -- where civil disobedience and voicing your dissent or even just being a vocal weirdo just got you either a knock on the door or a two hour trip into and out of your local lockup. We're in a time where you become an instant "child molester" or you just disappear or your finances go all permanently wonky, or you get "investigated" and now your neighbors and employer and coworkers all wonder what you've been up to that has raised the interest of The Man.

Re:You first!

[Jah-Wren+Ryel]

> You first!

You may feel you have too much to lose by taking action. But the least you can do is be entirely supportive of the people who do take action.

It seems like whenever someone does take action, everybody and his brother comes up with a reason to say that the guy who did take action didn't do it the "right" way. Fuck those guys. Nobody is perfect, people like Snowden, Assange, Manning, Drake, etc are all flawed human beings. But they did put their lives on the line for US. The least we can do is support them in that.

N.B. this isn't directed you personally, just a general statement to everyone who feels they can't take the risk themselves, at least you can speak out in support of the people who do take the risks.

Re:You first!

[Thanshin]

The Man is immensely stronger than the individual. It makes no strategic sense to call his attention.

If an individual really wanted to hurt the system, and not just make a lot of noise for ego and PR reasons, instead of putting bombs he'd spend one or two decades studying biological weaponry, building a hidden lab and accumulating enough product as to kill his entire continent.

With a doctorate in molecular biology, a well paid stable job, and two or three decades of free time, it's not so hard to make some tons of nerve gas and then snail mail thousands of tiny fragile glass vials to the entire world.

(Is that enough Bayesian poisoning? Or must I also put pictures of the secret lab's location, right under the MPAA HQ)

Re:You first!

[aralin]

The amount of ways they could absolutely obliterate my life at their slightest whim are uncountable. We're in a time where you become an instant "child molester" or you just disappear or your finances go all permanently wonky, or you get "investigated" and now your neighbors and employer and coworkers all wonder what you've been up to that has raised the interest of The Man.

This is to a dot the same justification my father gave me for joining and staying in the Communist Party of Czechoslovakia back in 1985. I was taught early on in my adolescence not to stick the head out, mind my own business and ignore the governemt abuses of power.

Re:You first!

I think your rose-colored glasses are distorting your view of others' wardrobes. Honestly, if you cannot relate to these fears, then you are too young, too stupid, or too much a combination of both to realistically participate in this discussion.

It's easy to be brave when you have nothing to lose.

Re:Excellent Idea

[some+old+guy]

Very true, for now. The short-term solution is scale: sheer volume can create enough noise and wasted effort to at least slow the bastards down a bit, albeit temporarily. Overflows still happen.

In the longer term, we just need to develop and host purpose-built junk generator applications whose sole mission is to flood the sniffer's nostrils with the digital aroma of a cattle feed lot.

Re:Excellent Idea

[FriendlyLurker]

Tools are not the problem. The problem is that at a certain scale you need some infrastructure to distribute and authenticate encryption keys and at that point you'll run into the same problem we're at now: You have third parties you'll have to trust. Doesn't matter then if you have to trust them not to hand over your data (like Google and ISPs do) or your encryption keys.

It's not a technical problem, it's a political problem.

I do not agree, or at least not see it as so black and white. Tools *are* a big problem, almost a complete failure even being designed by engineers for engineers. Hard to use and setup for people with no 5kill2, not up and running by default with zero configuration on programs first install. Tools today put the egg before the chicken requiring that you pay/setup/configure yourself into the "infrastructure to distribute and authenticate encryption keys" before you can encrypt anything by default, therefore the overwhelming default is that nothing is encrypted - a big fail. In this light OTR does it right - 100% everything encrypted by default after first install of chat clients supporting it, by default. If you are one of the few that wants to raise the bar on the security from there, then you can easily check signatures out of band or use a third party authenticator - but that is secondary and and very easy to do given everyone is using it already by default. PGP/SSL does it the hard/wrong way (IMO): Forces everyone into "too complicated for the average person"/$$$ solutions even before you can start encrypting (without scary browser warnings etc). End result: Nobody encrypts, an especially glaring failure in the case of email. SSL is mostly for commercial orientated websites - check stats for vast majority of websites vs those that support SSL. Self signed certs are a dirst word

Security experts will be growling "MITM", "we neeeed third party authentication", "good security is hard to do", "MITM, again", but again it is egg before the chicken missing the forest for the trees. Top priority Job #1 is get everything encrypted all the time. Job #2 you can start worrying about how to check signatures on your certs out of band, raise the visual cues that your session is both encrypted and you have taken the extra time or used a third party to authenticate the certs signatires. If the whistleblower Snowden has taught us nothing else, it is that if you do bother to encrypt whilst nobody else is doing it then your communications are automatically being targeted for extra monitoring. Oh, and if you do happen to visit some website over https that one agency or other happens to have a grudge against or wishes to perform some industrial espionage on, then your also MITM'ed.

Security tools are still in the dark ages and do not cater to humans. No amount of political hot air is going to fix that...