Slashdot Mirror
Schneier: Metadata Equals Surveillance
Hugh Pickens DOT Com writes "Bruce Schneier writes that lots of people discount the seriousness of the NSA's actions by saying that it's just metadata — after all the NSA isn't really listening in on everybody's calls — they're just keeping track of who you call. 'Imagine you hired a detective to eavesdrop on someone,' writes Schneier. 'He might plant a bug in their office. He might tap their phone.' That's the data. 'Now imagine you hired that same detective to surveil that person. The result would be details of what he did: where he went, who he talked to, what he looked at, what he purchased — how he spent his day. That's all metadata.' When the government collects metadata on the entire country, they put everyone under surveillance says Schneier. 'Metadata equals surveillance; it's that simple.'"
This is a basic fact for anyone dealing with any substantive volume of data. The details are of no interest to anyone in power, but patterns are.
The dividing line people will have here is whether the 4th amendment(and the human right it's based on) protects a right to privacy or a right against freely targed witchhunt prosecutions. This spying won't especially invade the first, but could easily be construed to lead to the second.
The result would be details of what he did: where he went, who he talked to, what he looked at, what he purchased — how he spent his day.
And with big data hitting the databases of Amazon (and every other retailer you shop), Google, credit cards, banks, credit bureaus, medical information bureau, IRS, .... they can find out just about anything they want about you.
When you turn off Ghostery, NoScript and AdBlock, it's pretty fucking eerie the ads that are placed on pages - and that's JUST the marketing people. Just image what the NSA can do!
Yep! Made fun of the Tin Foil hat wearers all those years and we're RIGHT!
metadata is data?
It's gonna take awhile for everyone to get upto speed on this whole 'spying on everyone' thing.
Heck just 5 years ago if you made the statement 'the goverment is spying on all of us'. You'd get some sort of response involving tinfoil and hats even tho it was 100% true 5 years ago as it is today.
And now... People are starting to realize it wasn't just crazy tinfoil hat ramblings... Give them some time and they'll wise up. Somewhat...
Nother 10 years we might be able to even start fixing the problem. But i wouldn't bet on it.
In 1979, the US Supreme Court ruled that collection of this metadata did not contitute a search.
http://en.wikipedia.org/wiki/Smith_v._Maryland
Metada is as private as the contents is. However, I can't loose the the feeling, that somehow entire debate is being spun as if society "accepts" that metadata does not matter. It matters. The thing is that if existing law would be followed " The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized", then most of NSA would be out of work. The Irony is that one, merely mentioning his rights is automatically classified as potential terroris http://www.networkworld.com/community/blog/ridiculous-dhs-list-you-might-be-domestic-ter
aNd yOu mUsT dO aS i dO oR eLSe
Or else what
eXaCTly
Conform or be cast out
eXaCTly
The President of the United states refuses to divulge his visitor lists claiming that it might divulge privileged information. This has been going on for years under presidents of both parties. Visitor lists are metadata (who he talked to, not what they talked about). If the president recognizes his metadata is confidential, how can he claim other peoples' metadata is not confidential?
If the NSA collecting metadata on Americans isn't such a big deal then I propose the metadata for all politicians be posted on a publicly accessible website. I'm particularly interested in the phone records between Congress and K Street.
... and convince whatever journalists you're consulting with to start releasing reports with more technical details.
People seem to be losing sight of the fact that it isn't only the NSA that is doing this tracking. Europe and China are both huge on tracking, they just haven't had this kind of public leak. So, while the question of which US Constitutional Amendment has been breached is a good question, it doesn't address the larger picture question: Where do we, as citizens of whichever country, draw the line and force our governments to stop?
You guys still haven't understood you lived in a police state ?
What's it gonna take ??
Does anyone else see the irony in that an article composed entirely of metadata about NSA spying (i.e. explanations of the implications of the data, rather than new data) is pointing out how harmful metadata itself can be?
Cell information is basically location data. They may not collect what your talking about, but they do know where you were.
Am actually more worried about the false positives created by using just metadata. For example before I got a regular job, I worked as a Freelance I.T. consultant. Okay, that sounds good on the resume but really I just went around helping people and super small businesses with minor computer problems advertised mostly through word of mouth and flyers. The word of mouth part being very important because I helped one guy who was a member of ultra right wing Christan church. Well, he thought I did a good job for reasonable pay and wasn't lefty pinko; so he put a few flyers up at the chruch which lead to several more jobs. So the metadata would I have shown I was member of this church. I never heard of any credible threat and I don't see them doing anything but still it just takes one guy off his meds....
The primary filter has always been traffic analysis. It constructs the social graph. I've heard that's worth something. An otherwise valueless company seems to trade on it.
Traffic analysis is what one can do effectively on a perversive scale. It puts the "focus" into focused intelligence, which would otherwise amount to extracting needles from haystacks concerning the detection of novel threats. Indeed, often the forest is worth more than the trees. The bits of business of an individual life are often less easy to read than a person's extended social footprint.
Fu..hrermore, in an electronic society where six degrees of separation is an overestimate by half, is there anyone in the population less secluded than a junior wife in a Mormon splinter town who couldn't be painted as a threat for having crossed digital paths with at least three shady characters over three decades of normal living?
The social graph colours all nodes. Does anyone think that members of the judicial oversight committee are required to bone up on Turing's use of log probability to establish meaningful discrimination thresholds?
Consider the four principal categories of metadata:
* who
* what
* when
* where
Looks harmless to me. What goes under "why"? Anything their little minds decide to write down.
Who: public school teacher
What: google search for "pressure cooker"
When: yesterday
What: google search for "backpack"
When: day before yesterday
Where: domestic residence, Springfield
Yet again, the metadata paints a compelling picture: moral turpitude. What could be more obvious among a law enforcement community prone to the syllogism that "I don't like the look on your face" equates to "disturbing the peace".
Checks and balances? Guess what? Metadata signs all cheques.
the metadata is how we figure you out.
the data is just the evidence when we finally put you in jail for thoughtcrimes.
-- Tigger warning: This post may contain tiggers! --
Metadata can be abused as an ambiguous term, as we are seeing the NSA doing. I would like to hear the NSA definition of metadata in clear, no uncertain, and thorough terms. They are peddling the term to a populace that hasn't realized that by and large, they themselves don't know what it means. By saying "it's just metadata" that seems to be enough for much of the population to think what they are up to is benign without even knowing what it is, and I really don't understand why.
Brought to you by Carl's Junior.
There's no reason to believe that they're only capturing metadata. There's no technical distinction between the "data" and "metadata", as it's all just a byte stream. And if the NSA has direct access to the byte stream, there's absolutely nothing keeping them from capturing the whole thing rather than parsing out and keeping just the headers (to/from, subject, etc.). Keep in mind that these are people who've already demonstrated that they're willing to lie to Congress, and even to fund their surveilance of the American people out of secret funds to keep them going when explicitly forbidden (and the program de-funded) by Congress. Compared to that, it's not hard to believe that they're lying again, because they know in their hearts that they're the "good guys" and that they have to break the rules to stop the "bad guys". And the fact that it's illegal, immoral and unconstitutional is, apparently, a technicality.
Because although the American people don't want their conversations listened in on, they're not worried about the governemnt knowing who they called when.
That is all.
Metadata or not, here's the way I figure surveillance, espionage, wiretapping, etc.: If I can collect the data on some government officials and sell it to the Russians, Chinese, or North Koreans, its OK for them to collect it on me.
Have gnu, will travel.
It's a bad example, you can see who you are following, metadata is blind, it does not know anything about the specific person, it just indicates patterns.
There was an unknown error in the submission.
Politicians stole the word "metadata" from computer science, and declared it on-limits for warrantless spying. This is a sophistry, invented out of whole cloth.
The king of England would have used phone metadata to round up the Founding Fathers in quick order. Therefore government doesn't get to do this.
Stop government from building the tools of tyrrany to begin with. That is the meaning of the Constitution.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I'd like to see the metadata on their (also 1st and 2nd degree relatives) financial transactions. Not the list of what they bought, just metadata, like the transaction origin, time and ammount is fine.
We already know that the NSA is recording and monitoring every phone call and internet conversation. This has already been well documented. They don't START from the meta-data. They use it as a reverse lookup for the taps that they have already performed. All the phone calls, emails and web conversations arrive in their servers with only phone numbers, email and IP addresses. They listen to 100% of the conversations and then use the meta-data to attach a name to those that were 'of interest'. They request the meta-data once every few months in order to keep track of changes, but the phone and internet taps are comprehensive and in real time.
They have rifled through every house in the neighborhood but only look up the name of the individual after they find something. The FISA court then offers ex-post-facto 'probable cause' in order to attach a name to the discovery. This is exactly opposite the 4th amendment protection we assume we have.
Let's post all their calls with all donors, strategists, and members of the media.
If it's no big deal for people to know this, or abuse it .
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I feel like what needs to happen is for all of us geeks to get off our collective asses and start companies which openly, agressively track people and sell that data to the public. For instance, start tracking license plates. Make the database searchable for $10 per query. Advertise it. Scare the hell out of people. Only then will enough calls make it to congressional phone lines.
http://www.masturbateforpeace.com/
For breaking up with the Director's daughter :D
(Seriously though, given the stories you hear about cops, regardless of gender, doing that to their spouses, can you imagine what happens if you're in the right position and have the resources of the CIA or NSA backing you up and little to no legal supervision?) Anybody remember 'True Lies'? :D Now imagine that with an irate ex instead of a loving husband? Oh wait... what did he do to that used car salesman?
mail metadata, or public square discussions, or maybe even 'gentleman's club meetings'?
I think even telegraphs would be a bit of a stretch for the founding fathers :)
I propose going the other way... people complain about politicians... unless you seriously plan on changing the form of government, the solution would appear to be putting in better politicians. As running for public office is voluntary, why would you make the conditions worse, so that only the likes that would want to be on reality TV would want to sign up?
calls to anonymous numbers
Associating those numbers to a human being the same way that a name-string links to a human being? As I told you, it would be absolutely, totally, and in all other ways inconceivable!
Not.
ironic that bruce's use of the word metadata is as arbitrary as his opponents in the government: the term is inherently meaningless without defining what "data" you're talking about. IP addresses are metadata relative to the application layer payload; but can be considered data relative to the metadata of MAC addresses. his blog post would be much more pertinent if it contained any new insight into how the collection of the specific telephony metadata amassed per 215 raises fourth amendment concerns.
This won't be a popular perspective, but I agree that metadata is not data.
It's like collecting the "from" addresses on the mail delivered to your door without opening the envelopes. They're not steaming open your letters, so it's legal.
The problem is that "legal" isn't necessarily moral. Especially given the sheer volume of meta data generated by the average internet-connected humanoid in modern times.
For one thing, I keep in touch with far more people and places using email than I ever did using snail mail. I used to get maybe 3-4 letters a year, a few magazines, and anonymous junk mail when I relied on snail mail for communications. In the electronic age, I keep in touch with several dozen friends, get newsletters from vendors and sometimes click on the links to read the articles they've published or subscribe to the online training they've offered, I broadcast emails to groups of friends (something I couldn't do with snail mail at all), and generally am far more connected via email alone than I ever was by snail mail or phone calls.
Add in the browsing meta data, and you start to get a painfully clear picture of my likes, dislikes, interests, and associations without ever diving into the details. When you consider that the NSA, CSEC, GCHQ, and others track not only my direct interests but n levels of indirection, and I end up associated with all kinds of distasteful figures that I'd never willingly associate with in real life, much less send a snail-mail letter to.
The only saving grace is the needle-in-a-haystack problem. The more meta data they collect, the bigger the haystack and the harder it is to find the needles buried within.
And the number of mass shootings and bombings in the US and around the world just proves that point. I've not seen it broadcast that they arrested anyone other than the VIA train plotters in Canada to date.
One instance where surveillance did what it should. Versus dozens of instances where it failed abysmally.
I do not fail; I succeed at finding out what does not work.
When I was a lad it was referred to as 'call detail records,' at least for phone calls. That's a far too honest term for the Nominal Security Agency, which disguises it with the pablum of 'metadata.' Of course, when I was a lad we had a press that aspired to something higher than mere stenography. Today, unfortunately, our media lapdogs are more interested in the latest tweaking twit than they are in fourth amendment violations.
...than listening to calls in detail. Crappy bitrate audio of conversational speech is very difficult to analyze with voice recognition, etc. However, simpler digital data can be churned through massive datacenters and with ease, resulting in detailed dossiers on anybody with a cell phone (which is everyone these days). People don't seem to realize just how much info can begleaned from metadata. Shit, I'm on the paranoid side an I bet I would be shocked by the info the NSA probably has on me.
The SCOTUS has already determined that 'metadata' is fair game, and unless he can argue around that decision, his opinion is meaningless.
>This won't be a popular perspective, but I agree that metadata is not data.
You may view this merely as pedantic, but... metadata is data. Data about data. Thus the "meta".
It's just not considered "personal" data, just as you described.
I've been saying this all along. The metadata vastly more valuable than the content.
It's perfectly legal to follow someone around in public, and record everything you see them doing in public, private investigators do this all the time.
The problem here is that the government is not a person or a citizen, and specifically doesn't have all the rights and privileges of citizens, or "US persons". The constitution grants certain rights to the government to do things "people" aren't allowed to do, and at the same time places limitations on what it can do that don't apply to regular people.
The fact that they are the government and have certain powers granted to them makes it extremely dangerous if they also seize powers granted to "the people", because the combination of powers of government and power of "the states or the people" is pretty much unbridled.
A PI can follow you round and collect intelligence on you when there is no law against it because they have the right to do anything that isn't outlawed. The government has no such right because they weren't specifically granted that right, and anything they weren't specifically granted the power to do, they have no right to do.
Ironically, as a private citizen you have this right. The government on the other hand does not.
You can think of it this way: you have the right to do everything that is not outlawed. The US government has the right to do only those things specifically granted to it by the constitution.
ABSO-FUCKING-LUTELY
Any geek, nerd or other slashdot denizen who starts out with such a stupid basic factual error has obviously drunk the Kool-Aid, or is too ignorant to be worth reading.
Anyone who says "it was not X, because Metadata is not data is simply ignorant or lying, or both. That includes Obama and his NSA minions and apolo-ratchiks.
The NSA stores all encrypted communications until they can decrypt them -- How do you determine that (parts of) a call or communication is encrypted without downloading and processing the actual content of the connection?
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
So about a month ago, I had the opportunity to visit the Holocaust museum in Paris. At first, as a non-jew I felt disconnected from its history almost to the point of not making the visit... but in the end, I'm glad that I went... and now I recommend that everyone visit this museum, Jewish or not. As it pertains to this discussion, inside the innermost shrine there is what appears to be a card catalog of the type that you'd find in almost any library in the United States. Ordinary and unassuming in appearance, the casual onlooker at first might not grasp the ominous and ghastly nature of the catalog. The reality was however that as opposed to housing cards describing books, each card described the identity of a person. Later the cards would be used to round up Jews and other undesirables, pack them on trains, and send them to concentration camps where they would be killed.
Thus, the world witnessed information used as a weapon. So when "the authorities" talk about harmless meta-information, recognize that your cell phone and email records tell the authorities who you are, who you know, where you live, and where you were. In other words, turn back the clock a few decades and it becomes clear that the harmless meta information would have been the Nazi's wet dream to obtain if they could have years ago. Even if you trust this administration (and I don't know why you would) not to abuse its authority (despite the fact that it already has), there is no guaranty that a future administration wouldn't abuse its authority and misuse the information.
Perhaps at this point you may think that the Fascist Nazi' comparison is over the top, but even THIS GOVERNMENT understands the potential harm the information can cause because THEY EXPRESSED AS MUCH in their action against the online information broker industry in the mid 2000s. See FTC vs. 77 Investigations/Reginald Kimbro ( http://www.ftc.gov/os/caselist/pretextingsweep/77Investigations.shtm )
The argument that the FTC made against the online information broker industry was:
11. The invasion of privacy and security resulting from obtainingand selling confidential customer phone records without
the consumers' authorization causes substantial harm to consumers and the public, including, but not limited to, endangering the
health and safety of consumers. Consumers cannot reasonably avoid these lnjuries because Defendants' practices are entirely
invisible to them. The harm caused by Defendants' unauthorized access to and disclosure of confidential customer phone records
is not outweighed by countervailing benefits to consumers or to competition.
The government knows that it is putting you in jeopardy. The very powers it rightfully denied the private sector it accumulated for itself
despite having recognized the harm it was doing. That it claims a need to snoop on the lives of Americans in order to protect them
is a false argument because the 4th Amendment doesn't deny them the right to snoop. It denies them the right to snoop without a
warrant. The founding fathers knew what they were doing in this regard, it is a pity that so many in government have lost sight of the
importance of their accomplishments.
Fill out some FOIAs for your elected representatives. I now have a task for tonight and I will be writing to the local papers' letters to the editor sections letting them know that this has been done as it won't matter if no one knows.
Time to offend someone
Like, bedroom cams?
Europe is kinky.
Hey, there's an idea for a movie. Terminator-esque but instead of Skynet starting with the military and having access to a bunch of nukes and trying to kill off the human race, the computer in question starts as an advanced AI sorting data for the NSA. Eventually it is given the ability to send commands to human officers. Humans then go about believing they're getting rid of the "bad guys" while instead allowing the machine to supplant the government; anyone in the machine's way clearly is a terrorist according to report X or a monster according to report Y or a liberal according to report Z. Clearly dangerous. The [new] government then begins a program of "military modernization" and begins building an absurd number of drones for some reason.
Oh darn, I'm back to the going crazy and trying to kill humanity thing. Wait, didn't the Matrix say we could be batteries? Yay!
Does a bunch of data on some hard drive in some giant warehouse of computers really constitute surveillance if no human ever sees it? 99.99...% (to how many nines?) of this data is never seen by a human. It is impossible for the employees of an agency to observe more than the tiniest fraction of the data generated by the activities of the population of the planet.
to call another person on a radio phone, the switching network needs to know ...
where the recipient is located.
obviously every radio phone needs to "phone home" and report its location
so it can be found / called.
also the company providing the antennas and switching gear and databases
won't do it for free, so they have to record every radio phones usage somewhere.
on the bill you can then double check if the company billed you correctly
by looking at the numbers you made calls to.
this also is in a database.
if the government doesn't want to this data, then only employees of the mobile
company can access this data.
how can a radio phone user know if an company employee is spying on her (8+)? they can't.
if the government gets involved (another guy sitting in the room), then maybe there is a chance that the young
girlfriend-less mobile phone company tech will be more cautious about looking up
location data of the latest elite model using a radio phone on their network (or they do it together).
-
you know the effect, you are less likely to kick the crap out of a mars bar vending machine
if there are other people around...
Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C & load w/ OS + 1st net request resolver queried w\ 45++ yrs.of optimization):
---
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74
(Benefits hosts files provide on numerous levels for speed, security, reliability, & anonymity = in link above)
---
* Makes hosts population (even w/subdomains) EASY via 12 reputable security community sources + saves up to 40% bandwidth on avg. per site page!
---
A.) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Foxes guard a henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775
B.) Hosts add reliability vs. downed DNS & protect vs redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,
C.) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed DNS or vs. Kaminsky vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).
---
"Less is more" = GOOD engineering!
(Vs. slowing down SLOWER usermode browsers layering on MORE in addons which slow them down more: I work w/ what you have in kernelmode, via hosts - A tightly integrated PART of the IP stack itself)
APK
P.S.=> "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"
...apk