Slashdot Mirror
Australia Admits to sigint
Eater writes "Doubts about Echelon dispelled. "
Hrm... On one level it frightens me to know that this is going on, but on another level I am comforted by the fact that people already suspected it anyway.
← Back to Stories (view on slashdot.org)
At least two ways around it. The first way: stop sending email. Bad idea. The second way: PGP. Good Idea. Especially a copy (like GnuPG) where you can RTFS and self-verify that there is no back door.
I don't particularly use personal PGP today because it is a hassle, and because I tend not to send email that I mind being overread. At work (where serious paydata flows over the wires), PGP is a must.
The more they monitor, the more we must encrypt. We have the tools. With the GPL'd GnuPG, we have them copylefted, so that they cannot take them away. They can only make them illegal.
And if they did that, they would have to imprison a lot of pissed-off hackers who would encrypt stuff anyway. Considering the tremendous geek debt we're in, that's likely to hit the economy hard. Fortunately, Congress tends to avoid things that hit them in the wallet--as long as they understand that it will.
--The basis of all love is respect
As someone who knows chips...
I'd have to say that it's entirely possible. The actual computational speed of one "dictionary" checking node dosen't need to be all that fast. They just need to have millions of them. If you organized the system to have parts that do specific tasks, like message reconstruction, message dispatch, message ananlysis. It becomes no problem to construct a highly scaleable system that can process millions of bytes of text a second. Sure it's specialized hardware, but it can be built from commonly available chips with little or no problem.
As an example, a checking node could be made with a few simple components. CPU, Boot ROM, DRAM memory bank, Ethernet NIC, a few indicator LEDs, power connecter, NIC connecter and PCB. That would easily fit on a PCB 6"x6" and be rack mountable, or better yet, fit as manny as possible on one PCB that is as large as you can make reasonable, say 18"x18" for 9 per board. Crank out these boards by the thousands. Don't worry if your older boards are obsoleated by newer tech, just redesign around the newer tech, and make another batch of a few tens of thousands.
Now lets go to specialized hardware. Lets make a chip that checks a stream of bytes against a list of words. Lets make it so it can check 1024 words up to 32 bytes long. Well within fab techniques 15 years ago. Place it in an 8 pin surface mount package package for size. On powerup it waits till it's addressed to load a block of words. Then it waits for the message byte streams. When it matches a word it sends out an interupt, and the message is flagged for latter analysis. Being dedicated logic, they likely could process data well in excess of 1 MByte a second. 3600 of these chips could be placed on an 18"x18" PCB with driver and control logic. This gives us 3686400 check words per PCB. More than enough for all languages and future expansions. On each board is a processor that receives messages to be checked, then passes them by the checking hardware, noting which ones get flagged for a match. Now scale this to thousands of boards. At 25 boards per card cage, 4 card cages per rack case. That's only 10 refrigerator sized cases to check 1GByte a second against 3686400 words, Now reconfigure the hardware a bit to make it 100x more parallel in the checking, and we have 100GBytes per second against 36864 words. Now make this a room sized endevor, and you can easily get well into the terabytes a second scanning rate. The really scarry thing is this is with tech available in the late 80s. It should be easily able to be scaled by a couple of orders of magnitude by now.
It's all a matter of getting the right hardware in the right volume.
This isn't disturbing at all to anybody with any intelligence. If this is news to you, then you're naive in the extreme, my friend. OF COURSE governments are spying on all kinds of digital traffic. OF COURSE they include civilian traffic in their monitoring (that's where lots of important things happen).
More importantly, though, if you've been assuming that all your emails and other net traffic (or even your phone conversations) are blissfully private, then I'm sorry, but that's just plain stupid. Governments are the least of your worries (hell, my _father_ could tap your phone if he wanted to). If you want something to be secure, don't broadcast it unencrypted in the open. This should be obvious to anybody in this day and age.
So you're going to run off and write your "senators, congressmen, lords, whatever".. Hey, maybe you'll even be successful beyond anybody's (realistic) hopes and dreams and get all the politicians of the world to condemn this sort of monitoring and abolish it forever. Do you really think that any governments are actually going to stop doing it? It'll just go deeper underground and be a real secret, which means there will be even less monitoring, and absolutely no control over any of it.
Just look at the information which prompted this discussion in the first place: An official acknowledgement of (at least some of) what's going on by government officials. Countless people in the world are more aware/confident/knowledgeable of what's really going on because the Australian government was willing to inform their public about things like this. Would they have been willing to do that if they'd been previously forced to condemn this sort of thing and promise it wouldn't ever happen? I don't think so. We'd be sitting here discussing some new Linux feature instead.
Things like this are better in the open.
>>>>
While I'm sure there is some keyword searching being done, I'd be shocked if more thought didn't go into the system.
Surely there's some initial filtering done based on the identity of the sender and receiver-- messages sent between two people with FBI files probably get more scrutiny. Messages that cross national boundaries would also be more suspect, as would be messages the computer couldn't understand.
Assuming a reasonable set of criteria to prioritize messages, reasonable computing power could be brought to bare on "interesting" messages, easily defeating rot13. I'm sure they'd break 40-bit encryption regularly for really interesting messages. At this point, one could also do some interesting things analyzing the words used to try to identify coded messages. Someone from Montana who regularly describes building "watermelon" would likely raise some red flags here.
Of course, with 50 years to develop the system, it's surely smarter than anything we could envision in a few hours...
I've worked in sigint, myself. And I find it hard to believe that a system set up to detect key words and phrases in common internet traffic can be useful enough to justify its cost. Nations and security agencies *know* that internet communications can be intercepted, and so they send messages encrypted or not at all. Corporations are beginning to understand this, also. The only messages that Echelon could usefully intercept are personal communication and the rare 'slip-up' of a corporation or agency.
That being said, I can easily believe that it exists. Slip-ups do happen, and I can see a government betting a few billion dollars on the off chance of finding one. But the most frightening aspect is that the Echelon system is just better suited towards everyday unencrypted communication between private individuals...and thus, whether chartered or not, that's likely how it will be used. Thank you, Orwell.
Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
Personally, I do not care too much about what they do for hunting terrorists, because I am not making bombs or selling illegal drugs in my spare time and I do not think that I would get caught for any illegal activities (although I can never be too sure about that).
When they took the 2nd amendment, I was quiet because I didn't own a gun.
When they took the 4th amendment, I was quiet because I didn't deal drugs.
When they took the 5th amendment, I was quiet because I was innocent.
Now they've taken the 1st amendment, and I can't say anything at all.
(With apologies to whoever wrote that that I didn't credit).
You should care how they hunt down terrorists, as those same tactics may be used against you some day. Remember 1984? Well, we may not be there yet, but slowly and surely we're heading there. For every law passed that takes freedom from us for doing something that hurts no one else, the hope of staying free dies a little more. Personally, if this type of thing keeps up (the Australian government doing this will encourage the US government to also) I'm going to gather a bunch of people together and we'll go find an island and start our own country.
When I was able to do my own spam-armoring, you got a chance to email me. Now you can only hope I see your reply.
Since no human could go through all this manually, it has to be a computer program scanning for keywords. Which means the system is useless:
I'm sure you can all think up lots more interesting ways to bypass any such system without ever using PGP (the problem with PGP being that it's easy for the scanning program to recognize it as being encrypted.)
Oh, and lets all put the keywords in our emails:
Bomb, Gun, Cocain, Heroin - hi, mr. spy, I'm a terrorist!
-- http://www.wholepop.com/
Whole Pop Magazine Online - Pop Culture
http://www.wholepop.com/
Whole Pop Magazine Online - Pop Culture
He wrote a piece for a UK newspaper saying that the ISP Association (ISPA) and the police were holding secret meetings to allow the police to inspect the logs of all UK Net users activity (news pages read/written, Web pages browsed etc). The ISPs were supposedly agreeing to keep logs specially for police use and allow them free access.
Demon (a UK ISP) responded that these meetings were not secret (any one could attend at £60/day), and were primarily concerned with formalising the limits of what the police could ask for, and the evidence that had to be submitted to the ISPs along with the request. A request would have to include prima-facie evidence of a crime, plus supporting details of when and where the electronic side took place. These details would have to match the ISPs logs before any information would be released. The police had asked for wider access, but the ISPs turned them down, citing UK privacy law which makes the ISPs liable for releasing private information to the police without good reason. Many of the police requests (e.g. web browsing logs) were technically infeasible anyway.
Now its possible that Duncan Cambell was right and Demon are spinning a line here. But Demon were the pioneers in the ISP business, and have firmly resisted attempts at censorship (e.g. blocking the porn groups) in the past. And the legal argument about liability checks out. So I'm strongly inclined to trust Demon on this one.
Now DC has moved on to bigger things. He claims there is a whole big sigint organisation dedicated to listening to you. In the referenced article he takes a few quotes from an Australian politician as evidence that he is right. But go back and look at that article. Note what was quoted, and what was written by DC. Big difference.
And the report for the European parliment was ... also written by Duncan Cambell.
Meanwhile a new law to require european ISPs to provide the police with a dedicated line into their systems was passed earlier this week, rammed through the EU Parliament after 10 minutes debate. Fortunately its not binding (the EU Parliament has comparitively little power), but its still worrying. Where is Duncan Cambell when you need him? Quoting Australian politicians in an attempt to play Fox Mulder!
Paul.
You are lost in a twisty maze of little standards, all different.
I had my doubts about the existence of Echelon before this. Like, how could such a massive thing really be kept under wraps by agencies as idiotic as our 'intelligence agencies' seem to be. And, how could they process the massive amount of information gathered.
Well, this is pretty convincing. I wonder what made them want to go public? I find it hard to believe anyone in the 'intelligence' game could have anything like a conscience. Maybe they were tired of being junior members.
I am going to write my congress-person, senator, & my local paper. This is outrageous, our governments blatently spying on their own citizens, most likely slipping certain tasty tidbits to favored companies (the bastards probably own stock in). It is unconstitutional, immoral, and sadly, completely what most of us expect from our governments these days
I urge everyone to help get the word out about this. We all know people who love to pass things on via email (hi Mom) so tell 'em. Then call and write your representatives. This has to stop.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
BTW, a bunch of useful Steganography info can be found at:
http://www.jjtc.com/Steganography/
A (probably incomplete) list of steganography software packages for various OSs can be found at:
http://members.iquest.net/~mrm il/stego/software.html
Instead of mailing the image/text/whatever to a specific recipent, you could use a less trackable (for both sender and reciever) way of distributing it. Putting it up on somewhere that offers free anonymous web space would be good; posting to one of the alt.binaries.* would work too. Then anyone could grab it at their whim and easily hide their identity thru various anonymizers, internet coffee shop, library, etc.
As for the matter of privacy: Given enough time and resources there is a pretty good chance a professional investigator can find out anything they like about you or your activities.
In this day and age privacy is a myth.
We leave information about ourseleves everywhere. In the 80's the world was astounded when kids going by names like Phiber Optik could find out their intimate details.
10 to 15 years later, when the world has become much more connected, and when the President of the USA can be impeached because an internet journalist didn't need an editor to approve his story, when the company owned by the richest man in the world can be sued because of emails written 10 years ago, you cannot tell me real privacy exists. That our information is more secure from those who want to get at it.
Every day people are paid to find out things about others. Corporations, individuals, governments, marketing companies and crime syndicates all have reasons for collecting information on people. IMHO, it is wishful thinking to believe that anything disclosed to anyone else is safe from prying eyes.
Echelon may exist. It probably doesn't for very sound technical reasons. But if the technology did exist - do you think it wouldn't be used?
my blog: good times, man, good times
Posted by FascDot Killed My Previous Use:
There are nearly insurmountable problems in performing this kind of spying.
1) Collection: The various agencies involved would have to have their fingers in many many pies to cover all the ways people could communicate with each other. Phone lines (voice and data), banks, radio, cells, satellites, etc, etc, etc.
2) Bandwidth: All this data then has to be A) processed immediately and/or B) stored. Let's do some back of the envelope calculations for a second. 100 million computers (leaving aside phones, etc) connected at an average of 10 Mb/s (dialup vs T1--hey this is an envelope calc) is 1 billion Mb/s = 1 million Gb/s = 1000 Tb/s = 1 Eb/s.
3) Secrecy: They've been doing for 50 years without a hitch? When they'd obviously need an army of techs/programmers/spooks? Not to mention all the accomplices necessary (phone companies, computer/software makers, etc)?
Number 3 has some additional points: If this conspiracy is so vast, evil and secret, how come Joe Blow from Australia was allowed to blow the whistle?
I don't doubt there is SOME "domestic intelligence" going on, especially on the Internet. But every single message? No fscking way.
--
"Please remember that how you say something is often more important than what you say." - Rob Malda
Y'know, one really shouldn't get one's shorts in a bundle over this. This has been going on ever since the second world war. My father was a grunt technician non-com in the US Army Security Agency when he served in the Army. He couldn't tell me anything really about what they did, saw, or read but he assured me that the "powers that be" were well up on who was saying what to whom all over the world and this was in the 1950s.
What I think FDH Americans (FDH -- Fat, Dumb, and Happy) fail to realize is that national givernments all over the world do this routinely. Spying on one another is a stabilizing factor in international relations. What would have happened between Pakistan and India if India wondered if Pakistan had nuclear weapons? The first-strike temptation might well have become overwhelming.
The process of discovering, keeping, and disclosing secrets is the shadowy part of international politics and diplomacy.
I also know that even back in the 1950's various security agencies (including the domestic FBI) have had broadband recording equipment and they systematically record vast swaths of the RF spectrum for later analysis. Heck, the FCC has vans that do this with the not altogether inimical objective of finding and eliminating what radio amateurs call QRM, man-made radio interference.
In your own neighborhood, I'd be willing to bet, there is at least one person who comes to the window every time there's a loud noise in the street. We love to snoop.
If you want paranoia, consider that intelligence services have to consider whether intercepts are planted to ferret out information sources! The people who work on these things will sometimes weigh the importance of information against the importance of assets in place and might choose NOT to use an intercept.
Consider also that they can figure out a lot just from seeing the number, freqency, and endpoints of indecipherable communications. You can glean information from the pattern of messages, even if you can't read the messages.
I think all of this is necessary. Its part of why, despite a world bristling with weapons of terrifying power, we have gone without a global war for over 50 years.
My concern comes in when governments have this power exclusively. So long as you and I can watch the watchers, I think things are reasonably safe. If the US government succeeds in forcing Clipper and Skipjack on us, I think we have something to worry about.
I think the second amendment should add crypto to the right to bear arms as a defence against tyranny. I'm not a gun not, nor am I a crypto nut, but I think the right needs to be there just in case.
So long as you can secure your communications if you really need to, I think you should accept that they watch everything. Heck, I'm glad they watch everything. I just think I should be able to too.
Finally, I don't think it matters much what the government does or does not want us to have. Computing power is becoming nearly free (Beowulf), cameras, recorders, microphones are becoming ubiquitous. It will not be long before everything has a net address (your car, your home, your wristwatch) and GPS will know where all of them are all the time.
Privacy will cease to exist. In fact, it largely already has. Now I think we need to make sure that everybody knows everything or else it will just be governments and marketers. There's a world I don't want to live in.
If you want some background info on Pine Gap and Alice Springs and the whole UKUSA/SIGINT bit, check out:
The Puzzle Palace : A Report on America's Most Secret Agency, by James Bamford. Its an older book, but you'll learn quite a bit. I actually ended up having a lot more respect for the NSA when I had finished reading the book.
Another book you may want to check out is Pine Gap : Australia and the US Geostationary Signals
Intelligence Satellite Program. It may be harder to find this one. Its ISBN is 0043030025.
You can always look them up on Amazon.com
Here is one URL on Echelon to get you going.
By the way I think its very silly for Australia to openly or honestly admit this stuff in any fashion or form.
All communications should be considered to be broadcasts. If you don't encrypt and carefully protect your key, you must assume you're being listened to.
Bruce
Bruce Perens.