Slashdot Mirror
NSA Drowns In Useless Data, Impeding Work, Former Employee Claims
An anonymous reader writes in with this story of confusion at the NSA due to the flood of data they harvest. "Some of the documents released by Mr. Snowden detail concerns inside the NSA about drowning in information. An internal briefing document in 2012 about foreign cellphone-location tracking by the agency said the efforts were 'outpacing our ability to ingest, process and store' data. In March 2013, some NSA analysts asked for permission to collect less data through a program called Muscular because the 'relatively small intelligence value it contains does not justify the sheer volume of collection,' another document shows. In response to questions about Mr. Binney's claims, an NSA spokeswoman says the agency is 'not collecting everything, but we do need the tools to collect intelligence on foreign adversaries who wish to do harm to the nation and its allies.'"
Simply build a new $1.5 billion data center to process the collected data.
"National Security is the chief cause of national insecurity." - Celine's First Law
the sorrows of NSA, drowned in an information cocktail, Binny o Binny why did you leave me
the woman spoke
Because it's only simulated drowning.
And if that don't work: collect more useless data.
Do you even lift?
These aren't the 'roids you're looking for.
I think this is the problem at most companies. Once someone in charge has a "good" idea, then no one else can point out how stupid it is. Collecting data is easy, cheap. Analyzing it is what is expensive. And useful. Collecting unanalyzed data is a waste of time and effort. Period.
And the first analysis is: what sort of data should we collect to make analysis easier? But of course, if people actually analyzed the process itself, someone would have already pointed out that the only way to measure cost-effectiveness is to have an actual goal in mind. Collecting everything you can get your hands is an easy goal to state.
Stating why all that data will help you prevent attacks on America instead of being viewed as an attack on Americans is a whole lot harder to articulate.
Same old same old.
It's a lot easier to invade a country than it is to state what peace would really have to look like.
We have all this yummy data we gorged on, and we can't digest it all.
Obviously, we need a bigger budget for more contractor analysts and hiring Google to write better analytical tools.
Scruting the inscrutable for over 50 years.
Reminds me of this.
An easier solution .... treat foreigners as you would have them treat yourself or your compatriots. Apply the same standards of "justice" that you would meet out on your own citizens. That means no torture, no dronings, and respect for international law. In the end a much more successful strategy, and certainly a far cheaper one. Foreigners are not inherently evil, nor are they all plotting your demise. They are people who deserve equality.
The argument is that they have to "see everything" to see as many potential threats as they can. At a surface glance this makes sense.
At anything beyond a surface glance, you can see how mission creep happens and oversight is effectively nullified in the process.
Not all surveillance is necessary, without question the vast majority of it serves no functional purpose beyond its own self-certification.
The lying certainly isn't helping anyone trust them.
The NSA knew about some of the 9-11 hijackers, but it was lost in the noise (and in lack of interdepartmental information sharing). The solution, suck in more noise? Makes little sense to me.
Silence is a state of mime.
The belief that as the size of a pile of shit increases, the probability of finding a pony approaches 1.
After the fact it was discovered that they had lots of clues. The problem is how to link them together when you've got so much in your files.
Sheesh, evil *and* a jerk. -- Jade
Good. Let's create some more useless data for them, I'm starting a second Tor node and a Freenet node tonight.
Foreign adversaries.
Like the Germans, French, Spanish, British, Israel and other Americans?
"we do need the tools to collect intelligence on foreign adversaries who wish to do harm to the nation and its allies."
Ahh, good, something we can agree on. You should have those tools. And you do have them, even without the dragnets. Here's how they work:
1. Pick the person who you believe wishes to do harm to the nation and its allies.
2. Start collecting surveillance.
3. Present to an appropriately skeptical judge the reasons that you believe that person wishes to do harm to the nation and its allies.
4. The judge will decide whether your evidence amounts to reasonable suspicion.
5. As long as the judge agrees, you can continue the surveillance.
It's a pretty cool system, really. It ensures that you get the surveillance on people who really do appear to be up to something, while protecting the vast majority of people who are innocent.
Stop-Prism.org: Opt Out of Surveillance
Yeah, this 'employee' is claiming that they actually asked to collect less but were forced against their will to collect more than they can handle? Flat out bullshit.
They know the cats out of the bag so now they're just going to run with "We've got more information than we can use, so you really have nothing to worry about us hoarding all your data and in fact the more we collect the safer you are!"
Where have we seen this before? Oh that's right, "Pay no attention to the man behind the curtain!"
(captcha: seducing)
The fun the US and UK govs had was setting global standards and then passing them as 'tested' back to a tame private sector to offer in its product mix. http://www.theguardian.com/technology/2013/sep/16/nsa-gchq-undermine-internet-security
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
http://www.washingtonpost.com/blogs/the-switch/wp/2013/11/04/how-we-know-the-nsa-had-access-to-internal-google-and-yahoo-cloud-data/
https://en.wikipedia.org/wiki/Turbulence_(NSA)
Domestic spying is now "Benign Information Gathering"
You mean playing 'God of the Internet' is hard to do? Imagine that.
I've said it since the Snowden leaks first came out, there isn't a way to process all of the data that is generated on the internet. And I feel that this whole bullshit concept about the NSA collecting all of the information on the internet is another way to dowse for illegal activity (dowsing as explained here) Meaning that as long as people believe 'it has the power to do such' (because it was fucking expensive to build that Utah data center), that's all that's required to get others to follow along with rulings based on secret evidence that's all redacted.
I stand by my belief that the NSA, no, humanity itself, is not capable of playing God to itself, in any way - other than self-regulation (that means a person regulating him or herself and not as a country regulating itself). This fear-mongering way of regulation is outgrown by our own understanding of ourselves.
Politics; n. : A religion whereby man is god.
We are back to the pre Snowden classic - too much information. :)
This has never been a problem due to fast sorting, keywords, voice prints, numbers called and cheap storage.
GCHQ and the NSA could get every call from Intelsat back the late 1960's for sorting and indexing. Once you have the total 'in' and 'out' points of any nation as its telco networks is constructed: https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-laundering shows how easy a lifetime of collection can be and looks like under one small program
Domestic spying is now "Benign Information Gathering"
That's all very nice, but be clear -
Bruce Schneier: Crypto works.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Terrorist can use any words they want, common phrases but given a different and agreed upon meaning within their dialog constraints.
On the other hand and within the timeline there was need to have an ear to the public in order to know how to respond in the cover up of 9/11 (Building 7 was not hit by a plane, It obviously was taken down by demolition and what it contained needed to be removed to help the cover up.) This is verfied!
What the government knew for certain is that they could create a feedback loop with the help of the media, so to influence the public to their bias.
They did not have to look for the needles in a hay farm (terrorist), as they were looking at the hay....... the public.
They never needed technology that didn't yet exist to process so much information for terrorist finding. They just made use of what technology they could get
Spying on Americans....
I didn't agree to have my taxes spent this way!
Every US citizen could be calling the press, contacting a political leader, becoming a local activist, working with a trade unionist, helping an author, talking to a federal agency, helping a state agency, sending HD recordings to internal affairs, funding a political foundation, questioning more wars, ...
Any of the above could be politically sensitive to current or former political leaders, their backers and top staff.
If only you can be found before your story is published, open court work or protest starts
Domestic spying is now "Benign Information Gathering"
Thin Thread
http://www.businessinsider.com/nsa-whistleblower-william-binney-was-right-2013-6
http://en.wikipedia.org/wiki/ThinThread
http://www.whistleblower.org/program-areas/homeland-security-a-human-rights/surveillance/nsa-whistleblowers-bill-binney-a-j-kirk-wiebe
Binney.
http://www.newyorker.com/online/blogs/backissues/2013/06/takes-the-nsas-surveillance-programs.html
http://www.democracynow.org/2012/4/20/exclusive_national_security_agency_whistleblower_william
http://publicintelligence.net/binney-nsa-declaration/
Reinstate him as DNI.
Previously an article on slashdot of them wanting more data collection ...... in total contradiction to this article. http://slashdot.org/comments.pl?sid=4590265&cid=45767805
This mass collection is not about what they can process or correlate with terrorism or whatever. This massive amount is dangerous because they can target individuals. You simply can not assume that all this power will be used for the good of the nation, the inner workings of this huge system are manned by humans. They are prone to corruption, bribery, self interest and so on.
This much power with this little accountability is just bound to be used for personal gain. Imagine if some worker of this system decides he really does not like his neighbor guts. He could target that individual and discover that for example he is having an affair and the disclose that information to cause harm to that individual in particular. Well change that neighbor to some politician that is contrary to the current governing party.
The funny thing is that Metal Gear Solid 2 foretold all this more than a decade ago.
LOL The world now understands tame US crypto as used, sold and tested is junk.
You keep repeating that, but it still isn't true. (Did you even bother to watch any of it?) All the available evidence is that the math is still protective. The problems are other places.
I think the NSA would probably be happy to see your scenario. Just think, part time visual basic programmers around the world turning out "secure" products to protect you from the "Yankees." Of course they will guarantee their own work, it's from their elite programmers, their own local genius that can't be questioned. It is an extra bonus if they come up with their own cipher - nobody else knows how we do it, so it's unbreakable! The NSA will have the last laugh. So yes, sell that idea far and wide. An extra bonus comes in if the new government contract in that country goes to the minister's cousin, something I'm sure you'll agree never happens. After all, who would benefit?
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
...how can I help?
No, seriously - I tried to start discussion in a previous "The NSA is sniffing your dirty boxers" thread about the possibility of an easy-to-use browser / email plugin / app / etc. that would encourage Joe User to increase the amount of "noise traffic" he generated. E.g., something that would tack a bunch of Terror Words onto the end of every email, but more practical and less scary to use. Encourage people to automatically participate in conscientious objection to surveillance the way that they reflexively download mp3's or jaywalk.
I think the only response was "emacs spook mode", which is funny, but not really the discussion I was hoping for.
I guess it's my turn to LOL now. Bulk collection is cheap because encryption isn't generally used. When governments legally force the turnover of keys that won't change. Although there may be some spots where security is stronger, it is likely we'll see more actual junk being produced in the future. Perhaps you recall the early days of PCs when many vendors did their own thing instead of relying on DES. How many of those products would hold up to NSA, FSB, or China? And that is before you get into the question of key handling by all these new firms. The fact that you expect many more of them to be outside the US will also probably mean more crypto compromised by foreign governments since not all of them play as nicely as the US does despite the hysterics on Slashdot. If your concern is for the activists, that would make them more susceptible, not less. Your link doesn't seem to provide any evidence of encryption keys being compromised to private industry by US government intelligence, nor the infrastructure to exploit them if they did. Companies have always been interested in adversaries trying to bring them down and there are legitimate grounds for concern. Not every activist is honest, reasonable, sane, or has goals supported by general society. One only has to look at the eco-terrorists of ELF and Earth First to realize that. Private industry provides nearly all of the critical infrastructure and critical services relied upon by society, and there are legitimate security concerns. By the same token there is always a need for watchdogs against abusive or illegal behavior on the part of companies and government. You almost seem to be applauding panic on this, and panicked people seldom make good decisions. That is before we get to the question of human intelligence, the specialty of Russia, China, and various other nations. I've seen a number of your posts where you worry about "sock puppets," but you never seem to worry about agent provocateurs in this matter. Since you should understand the existence of pitfalls when approaching encryption and security, a single mistake can sink you, why don't you worry about the panicked herd being directed towards a cliff? From claimed "junk" crypto to actual junk crypto?
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
The NSA hates Tor. So running a Tor Relay is a great and safe way for us to actually do something about the NSA.
My attention span is too short to read that comment.
Your ingenious technique for not drowning in useless data is much more cost-effective than anything the NSA will come up with.
We all recall how DES ended up long term Cold: weakened http://cryptome.org/jya/cracking-des/cracking-des.htm
Domestic spying is now "Benign Information Gathering"
They are playing the injured naughty puppy. Please, what better way to alleviate your privacy invasion fears than to make you think they can't even handle all of the data. Surely, it's digitized, compressed and permanently stored for future data mining purposes should you ever become a person of interest. I mean really. The future FBI won't even have to profile people the traditional way, many of us are already doing it for them (hello FB).
LOL, sorry, no. DES was only ever intended for unclassified data and was limited in strength. The record is clear that NSA strengthened the DES algorithm against attacks not publicly known at the time. The best anyone ever did against full strength DES was pretty much brute force (linear was very late to the game, and limited). That is what the DES Cracking project was about, finally putting a bullet in DES to get the next standard going. Now we have AES, and nobody can really claim that it is weak, can they? IIRC AES it approved for both unclassified and classified data. People always suspected that NSA had inserted a back door in DES with the S-Box changes when they had actually strengthened it against differential cryptanalysis which humbled many other schemes, but not DES. DES was almost perfect as designed, as long as you executed it as designed. That is no reduced number of rounds, no changes to the S-boxes, no other toying. It was exactly as strong as it needed to be, and pretty much free of weaknesses other than speed (it was designed for hardware where it was fast, but many did it in software where it was slow). Only the key length was a long term issue, and then you could still do triple DES. Here is the funny thing - many people suspected the government put in a back door and went with some other crypto scheme that was almost certainly inferior if for no other reason than they weren't designed to resist the secret differential cryptanalysis technique, or any other secret techniques. People ran from the back door boogey man and ran over the cliff of poorly designed crypto, and that doesn't even take into account mistakes in implementation. We will almost certainly be seeing the same sort of thing playing out in the future. "You can't trust AES, it was approved by NSA! There must be a back door! No, we're going to use Krasnovian Software A.G.'s ROT-39, developed by our resident super genius."
Wouldn't the same argument apply? - ‘We Can Trust GCHQ On Encryption’
It will be interesting to see how it plays out.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
"When governments unethically and immorally, but legally force the turnover of keys that won't change."
FTFY
I have a better idea. The police forces and security services should do actual police work, instead of eavesdropping on the entire population. Detective work and investigations are labor intensive, but the US constitution demands that such labor be used instead of just spying on everyone.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Cold "the NSA strengthened the DES algorithm against attacks not publicly known" but kept the ability to decrypt. Good PR on one side, back to plain text as always.
Domestic spying is now "Benign Information Gathering"
If so then nobody but NSA knows about the technique despite decades of trying. The password and brute force are pretty much it as far as anyone else knows. Even differential and linear are hardly useful.
I suppose there is an advantage to spreading rumors that DES and AES have a back door. Then more people will use weak crypto, and NSA gets the bounty.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
I've given this capability a long and hard thought. This interception only works during an economic war and does nothing during a real war. Once a real war kicks off on any global scale, these types of interception capabilities get turned off because countries will sever certain cables and links.
Companies that are hosted in the cloud will get disconnected destroying them in hours.
Is not for terrorism, or even drug fighting. Its a tool for the Democrats or Republicans, whoever is in power, to snoop on their political opponents and line their pockets by stealing civilian secrets. Look at the IRS scandal, look at Fast & Furious / Gunwalker. Nothing is beyond this out of control, corrupt as heck govt. Probably more corrupt than Russia or wherever in the world, they just were able to hide most of it (until Snowden).
,
But never, ever dare ask why so many wish to do harm to the Imperial Us and our henchman, upon pain of treasonous death.
huh.. stasi did a lot of "meaningful" things.
just not any good things.
but there is a law, if the budget of the one who is controlling secrets is a secret, then his budget will be unlimited - and that has consequently ends up being more expensive than it is worth, but it takes the state to crumble to expose that, since where the money is going is a secret.
world was created 5 seconds before this post as it is.
Crypto (likely) still works now. The NSA wants to snapshot everything they can so that as their code cracking capabilities expand they can go back and decrypt old data as desired.
Yup imagine that a bug like debian's openssl bug is discovered.
That mean that the NSA can suddenly go back through all these archives and decrypt what they can.
Note: this is different from brute forcing. And brute forcing is NOT going to happen. Modern cryptography has reached the point where brute forcing is not merely difficult (like back in the time of Enigma) but beyond what could theoretically be possible with current mathematics and current physics while still even having a margin in case of some bugs.
Back at enigma time brute-forcing a password was the equivalent of searching for a needle in a haysack: proverbially difficult, but not technically impossible, given enough people and given enough time. (Or in enigma's case: given a big amount of very fast password-solving computers called bomb. Have giant halls full of them and enigma cracking became possible).
Nowadays the search space for burte forcing is immense. That would be like trying to find a grain of sand. Not anywhere on the whole planet, but even worse. That would be like trying to find a grain of sand, when each grain of sand on that Earth is actually a whole planet cointaining each one the same huge amoung of sand than our Earth. The scale is just mind blowing. Cracking this? Well not possible before the heat death of the universe. Brute-forcing modern crypto-graphy is just not possible under current laws of physics.
Breaking modern crypto usually relies on finding errors:
Like human errors:
- When the most frequent password is "123456" there's simply no point even trying to crack encryption. Just use that password and you've automatically gained access of 60% content, according to the last data leak mentionned here around.
- Add in a few more other common possibilities, take account of a few tricks, etc. and you can find even more access. Not by trying every single possible combination, but just heading for the most common ones. That's what dictionnary attacks are for.
Like implementation errors:
The mentionned openssl bug in debian. To use again the "grain of sand" metaphor, it is as if debian had a prefered spot on a nearby beach to pick its grains of sand from, due to a broken random generator.
Lastly, by looking for actual error in the algorithm themselves.
That's what happened to older algo like DES: it was found that they are not as secure as though. There are fundamental flaws in the algorithm making it easier to break. (To take another simplified image: think about ceasar-cyphers, where you rotate the alphabet around. In theory, there should be 25 different possible rotations. But simply looking at the frequencies in the encrypted text, you can spot the most frequent one, which could help you pin-point which rotation should produce the most common letter of the language. For english that means that instead of trying every single of the 25 rotations, you just try 2-3 best candidates which match clear text "e" with the most frequent coded symbol).
Regarding to modern cryptography that seems difficult. The currently considered "best" algorithme for encryption, signing, hashing, etc. (like AES, RSA, DSA, SHA, etc.) have been around for quite some time and have not been fundamentally broken. Only broken through implementation bugs.
Things like bitcoins and other alt-coins are even more interesting given that there's money at stake. Still, despite potential monetary gain, all the virtual coin heist have been through bugs or social engineering. Nobody has found a fundamental flaw in ecDSA (used in the protocol) or SHA256 (bitcoin's proof-of-work) or Scrypt (used in Litecoin), etc.
Currently, when newer algo are introduced (like SHA-3), it's not to replace broken algo (SHA256 is still unbroken) but to introduce newer interesting features (SHA-3' Keccak has an interest
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Thats the problem when you move beyond the CIA or FBI skills. One person can write to the press, question political leaders, turn up and be tracked at any/many local protests.
Have an interesting book buying list, travel: sooner or later a database will sort a lot of people's files for human security review.
The Stasi moment - that flood of new files, limit cleared staff and the political demands to find something to show the tame press.
The what can the gov do? A sneak and peak? More logging of web 2.0 use? A chat at the door hinting that a person was "seen" at a protest?
What can a gov afford to do with the files? Go to open court and face real lawyers? Form sealed courts and win every time? Sooner or later the lawyers will start asking questions.....
Domestic spying is now "Benign Information Gathering"
...to make the NSA's job even harder.
Don't assume that everyone who works for a company wants what the CEO wants. Some of them think he's stupid for wanting some things, and consider other things much more important.
So those articles aren't in contradiction, you're just hearing from different voices.
I think we've pushed this "anyone can grow up to be president" thing too far.
> Have an interesting book buying list, travel [...]
Real world example I know of personally: Have a (nominally Christian) boyfriend from a country where the prevailing religion is Islam. Bang - straight onto the list. So much so that the pair in question even picked up a tail of spooks at least once when on holiday.
Also FatPhil on SoylentNews, id 863
This is why i never cared if the NSA was spying on me. Cause odds are that my personal data they collect will never be seen by human eyes at the NSA cause they have so much of it, so its the same as them not spying on me.