Slashdot Mirror
Government Wants to do Massive Internet Monitoring
jht writes "Taking the Clinton Administration's electronic paranoia to new heights, this NY Times article details plans to have the FBI establish an infrastructure (called FIDNET) capable of monitoring all non-military public networks. And you were wondering why they're so down on encryption... The NSA is reviewing it now, with final rules expected in September. " Uh,oh. This is potentially a Very Bad Thing. You may want to e-mail your Congressional Representative about it. (Free NYT online subscription required to read the article.)
Who are they after these days? They're after the pot smokers, the porn watchers, the gun owners, the religions outside the mainstream, the animal rights advocates, the environmentalists, the cypherpunks; basically, anyone who doesn't shut up and do what their corporate masters demand.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
for playing f*cking Cyberpunk in Denny's!
Seriously, we used to play every night at the Denny's we frequented, and this was in Denver, about the time the McVeigh trial was going on. Well, in the game, we were planning an assault that involved nerve gas, guns, and a lot of heavy explosives. We were tossing ideas back and forth with the waitress, who was a closet gamer.
Well, some concerned citizen obviously though we were stupid enough to plan a REAL bombing in a public place, and called the police. It got back to the FBI, and they had the place staked out for 3 days, which was when we played again, to question us about it.
It was ridiculous....they had the waitress in back, grilling her for like 45 minutes, and then came out to ask us questions. We were like "Dude, it's a game...here are the books, here are the dice...wanna see my stats?"
So I am on file with the FBI as a terrorist now. Yay.
I know it's off-topic, but I feel your pain, man.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
This is the truly scary part.
There is no way the government could possibly do this task intelligently. There isn't the manpower and computational power available. You're right.
So simplistic monitoring it will be. And the results will be similar to those of SurfWatcher software... You won't be able to research Childhood causes of breast cancer, hashtable processing algorithms, or anything containing a word combination that some bureaucrat deemed inappropriate in some context.
That is of course for 'in the clear' communication. If you send something encrypted, you'll end up on a 'watch' list, and your activities will undergo closer scrutiny.
And just try to take a guess at who is going to pay for all of this. No new taxes!! But we'll jack up the old ones. After all, it is a matter of national security.
-- What you do today will cost you a day of your life.
Oh, I see. The Government finally realizes that it's got to do something about the security of their computer systems and in order to make themselves more secure, the Government has to monitor all citizen's network traffic.
Where can I get encryption software (like that in Cryptonomicon) that allows 4096-bit keys????
CUR ALLOC 20195.....5804M
Read the article folks, they're proposing two things:
1) The construction of an FBI monitored network behind which nonmilitary government networks would reside.
2) Expanding this monitoring to selectively protect commercial networks.
Comments:
#1 is a Good Thing. As a taxpayer, I have no problems about protecting public property with firewalls, etc. This is just an extension of what the Pentagon is already using to protect military networks.
#2 *could* be a Bad Thing, if those sectors of industry are forced to submit to such monitoring. Given the American tendancies not to trust the government, I really doubt banks, etc. will elect to join such systems if they have to capitulate the standards of encryption they already enjoy.
The interesting part, is that the FBI is jockeying to become the knowledge/technology leader amoung conventional law enforcement agencies. The FBI has already started to internationalize, participating in counter-terrorism, investigating war crimes, etc.
But can the Internet be monitored in a fashion that doesn't affront the American values that the FBI are sworn to protect? Maybe. But that doens't mean that the Federal government doesn't have the right to protect their (our) computers the same way as private networks.
Now THERE'S a writer, dammit! Woo-hoo! Read, and
be enlightened. heh.
"Sneak shameless hangman rope gangster government leaders into Frankenstein living death eternal
slavery, I now go to death for your lowest deadly felony crime against me. Frankenstein Earphone Radio
parroting puppet gangster slave do not dare to repeat any part of this truthful message. For like Mr. Francis
E. Dec, Esquire, you too are expendable and you too can be beaten bloodily by the gangster police and
dragged in chains into a windowless telephone booth type prison cell and put into maximum security
insanity prison for undetectable extermination, and by the lowest gangsterism, namely, the law, character
assassinated for life as an insane, criminal menace to this worse Gangster Communism. Now that your
terrified, trembling delirium has subsided have your computer subdivision play out my letter, and you, reread
my letter FOR YOUR ONLY HOPE FOR A FUTURE. Francis E. Dec, Esquire, 29 Maple Street,
Hempstead, NY."
dr. j
"hey, where's my $100?"
props to all dead homiez
Actually, it wasn't meant seriously, it was a joke, but if you all are really interested. I have written her a few small demos before, and I was considering writing her a BIG CD with pictures and stuff of us, music, and demos on it. I revised that idea, and we're going to make one together while we're on vacation. She'll help pic out pictures, and I'm writing some programs and stuff for it. It should be nice :-)
:-)
Good suggestions though guys
Sorry dude, some one invented one-time-pads a while ago...
Beyond that, everything is breakable...
Blessed are the pessimists, for they have made backups.
It all seems like:
1 Small (perhaps temporary) problem exists.
2 Government claims they can fix it by raising taxes and spending money.
3 Problem gets worse.
4 Government claims that things are getting better or getting worse, but they need to spend more to really fix it.
5 Goto 3
Perhaps the problem is at step 2. The goverment shouldn't be fixing the problems anyway because they have a vested interest in maintaining themselves.
People have that attitude all the time, though. I get strange looks when I say that I see my goal as an software engineer is to make myself obsolete. I want to do my job well enough that they don't need me to do it anymore (because it's soo automated, or so easy that anyone can do it, or because it's completely solved and doesn't need doing anymore...). I want to be able to move on to other things, but most people don't get that. Perhaps people in the goverment more so.
"Why should I be content to simply live in this world, when I, as a human being, can CREATE it?" - Oertel
Actually, it wasn't meant seriously, it was a joke, but if you all are really interested. I have written her a few small demos before, and I was considering writing her a BIG CD with pictures and stuff of us, music, and demos on it. I revised that idea, and we're going to make one together while we're on vacation. She'll help pic out pictures, and I'm writing some programs and stuff for it. It should be nice :-)
:-)
Good suggestions though guys
yeh, wern't those the people who advocated terroism beacuse they knew they could never achive power democraticaly?
why yes, they were!
Idiot, I'd rather have the contry run by microsoft and AOL then a buch of stalin wanabies. I mean compared to the 'opressive' US China, Russa, cuba, North Koria, those places are paradices!
I do think this 'listening' system is a terrible Idea however
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
Yes, of couse, wern't those the guys who advocated terrorism beacuse they knew they could never achive what they wanted through a true democratic process?
why yess they were!
no goverments, just 'syndicates' like microsoft? woohoo! sounds like a plan!
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
Agreed...
The person isn't evil, isn't a tool, and really believes in the goal, is convinced of the sincerity of those he/she works with...
This person is a tool of a larger organization, although in this case more or less ignorant of his/her involvment. My point is that you cannot stop this kind of invasion of privacy by appealing to the techies who write code for the FBI.
I personally believe that there is a lack of people who hold their own beliefs and convictions above money in their own pocket. We can only hope to educate and pursuade those who don't have these convictions, but how many of the remaining ones who believe that this is wrong will turn down that high paying offer from a government agency because they know it is wrong?
I know I would, and I suppose you would too. You give me faith that there are others as well. They are not bastards who need to be shunned, or made fun of, or ridiculed. I believe there is more to life than money and I hope these people will believe that as well.
The truth is more important than the facts.
-Frank Lloyd Wright
FuckITAR is a GREAT name for some easy-to-use encrytion software... ;-)
In its most basic form, socialism simply means an economic system based on the exchange of labor, as opposed to the capitalist system which is based on ownership of resources. Socialism may or may not be statist - the exchange of labor may be either voluntary or directed by the state. (Capitalism, OTOH, relies on a strong state to enforce property claims. "Anarcho-capitalism" is a contracition in terms.)
"Leftist" orginally meant favoring the interests of the "common folk", as opposed to the "nobles." (Supposedly nobles sat to the king's right, commoners to his left, but that may be a UL derivation.) These days, the equivalent to the nobles would be the capitalist owners, while the commoners are the workers. ("Work" must be understood to include intellectual labor - failing to do so is a common error amoung socialists.)
This "socialist-capitalist" dimension is independent of the "free market-central control" and "(small l) libertarian-authoritarian" axes.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Excluding extremely high-traffic servers, a PC that is connected to the internet is devoting anywhere from a tenth to a thousandth of its processing power to the task of actually generating net traffic. I would estimate that a ratio of 1 PC monitoring to every 100 actually generating traffic would be more than sufficient. I imagine you could get away with a ratio closer to 1:10000.
It seems to me, from the article, that they'll be concentrating on specific points of vulnerability. That is, data flowing from Joe's ISP to Jane's ISP down the street will probably go unmonitored, but data flowing from Jane's ISP to Chase Manhattan Bank will be tracked and catalogued. At least, that is how it would be likely to work if they were really trying to defend the vital points of our data infrastructure against attack, which is what they claim. Any evidence to the contrary would seem to me to point to definitely sinister motivations.
Actually, that brings up an interesting point. The stated aim of this system is to detect attack and intrusion attempts -- the worry is that it will be misused for surveillance and monitoring of private communications. But a system that does one should be constructed differently from a system that does the other. I'm no expert -- perhaps someone out there would care to expound on whether that statement is accurate, and what those differences are most likely to be.
$_="06fde129ae54c1b4c8152374c00"; s/(.)/printf "%c",(10,32,65,67,69,72, (74..76),(78..80),(82..85))[hex $1]/eg;
The only problem with this idea:
:)
The primary alternative to Gore (G.W.Somethingorother) has absolutely no respect for the bill of rights either. Haven't heard that much about it lately, but his campaign has been Lawyer-nastygramming a lot of sites simply for the mention of his name...They even shut down a supporters site. Seems he has never heard of (or doesn't acknowledge) the first amendment. Of course, if it went to court, the site-owner would win, as it's valid commentary/satire/some form of protected speech...but I wouldn't be surprised if a few visits from the Secret Service occurred anyway.
Okay...the point (If you've read this far)
CONGRESS is the root of the problem - for some reason, they seem to feel a need to pass laws on everything. Repeatedly. Even when it is something that regulates itself quite well, they just can't keep their fingers out of it.
My suggestion: Voter rebellion - Don't *ever* vote for an incumbent - always vote for a challenger. If enough turnover is generated, we might start seeing normal people running, hopefully eliminating the professional politician class. If people with a job went to DC, did the job for 2, 4, or 6 years, they would probably at least be closer to the cluetrain than the existing taxpayer-supported leeches.
Wow..guess I'm getting a bit hostile towards our elected officials
FBI nor CIA nor NSA have _any_ kind of jurisdiction outside the US borders. FBI operates domestically and CIA operates abroad. The thing is i guess most of the CIA operations are illegal by the laws of the country they are operating and by international conventions. To me CIA is no different from the "evil" KGB. Both are propably spying on Finnish high-tech industry to gain trade secrets for domestic industry.
The thing is that currently there is no counter-force to the US. It's rather unfortunate since they no can do pretty much what they please and there is no one that can do anything about it. EU should do something about it. Echelon for example which is operating on European soil.
god damn netscape crashes!!! l;asdjkfl;asdfjkl;sdfjka
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
I can neither confirm nor deny specifics about Marly or Greatful Dead stickers, but:
H ^H^H^H law enforcement assaults against people who are guilty only of DWB / WWB / BBIP**
There are still a disturbing number of search-and-seizure^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^
There are an alarming number of children being sent home on a regular basis for wearing the wrong color shirts (ie gang-related colors)
**Driving While Black / Walking While Black / Being Black In Public
Fuck with a cop today! Hang your License plate upside down!
The thing is, in order for that code to be a valid communication tool, someone has to know what it means. In general, things that require a codebook or codetable aren't breakable, except if you get a copy of the codebook/table. That's why the germans thought they were secure in WWII. They were using code books, that we somehow managed to get our hands on. (sneaky americans) Randomly changing your definition of a code based on time will only work if the other side knows about it and how to handle it.
There are some computer encryption schemes that require a codetable, but then, if someone gets ahold of your codetable, your encrypted messages are easily breakable. The current standard is to make it so that you have to run an ungodly amount of checks to break the encryption. On Unix, the code for the passwords was chosen because a) it was a one way deal, meaning that the output could not be processed back into the data, you have to process the data through the same engine and check it, and b) it took a little over a second to calculate the encrypted value of one password. It has a random seed, between 1 and 4096, and that's before going into each character. To hack one password, it would have taken a little over 10M years or something disgusting like that. Look at the rc5 distributed net. It takes quite a host of computers and its still taken a long* time for them to grind down on the numbers.
Basically, you have to have some pattern so that the person you're talking to can reproduce the message, otherwise, you're just being solipsistic. Of course, my take is that this whole world is my solipsistic nightmare, but you're probably not going to subscribe to that.
--Raelin
*long is a very relative term. Given that I just mentioned 10M years, a few years isn't very long comparative, but still, if you're trying to get information that might give you an advantage, chances are, you'll find better ways to get what you want.
PS On another note, isn't it possible (Note, I'm not a trained mathematician, just a college student) to develop a code that produces multiple human readable results, one as the real result, and others that would be there to throw off the trail?
Blah I can't get my sig to work, it won't fit.
As someone who lives outside the U.S. I don't accept that as a reasonable solution. All of my traffic that goes out of Canada gets routed through the U.S. Does that put my traffic under the (domestic) jurisdiction of the FBI because it passes through some switches/routers in the States, even though neither of the end points is American?
Now, even if FIDNet has no jurisdiction over me, what about the CIA/NSA? If the U.S. government is putting so much research cash into _spying_on_their_own_citizens_, do we believe that this research will not also be shared with their external agencies?
The right answer is to develop strong encryption methods in a country which does not have stupid hypocritical export regulations, and export everywhere.
"Q: What do you think about American Culture?
A: I think it's a good idea."
A2: But not a realistic proposition...
"public networks" in this sense refers to the whole internet, not just the web or somthing. like a "public park" or "public land" (the goverment would be able to listen to anything you said in a park, or where you work....)
this would iniclude email, ICQ, as well as things like usnet posts
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
Well, we were studying McCarthyism in my college US government class yesterday...I also happen to be a Anarchist and spend a lot of my time visiting left and anarchist websites, as well as being on several mailing lists. This is very very very evil. All I can hope is that a bunch of Anonymous filtering websites come up that let you visit sites "anonymously" as well as send and receive email anonymously.
Many people have also been observing student protests, and many protests in general have really been rising recently, and many new people have been joining existing organizations (say NOW for instance). I'm wondering if they're planning on cracking down on government/corporate resistance. They're probably aware of the increases themselves. And the Internet has been a very usefull tool to unite organizations and struggles from all over the world. This is very f-cking scary.
Hmm....this is not good. But the question is, will it just be america or worldwide? How can they police it worldwide? Why should they be able to?
Its Unconstitutional See Ammendment IV
Amendment I
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the
press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
Amendment II
A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed.
Amendment III
No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law.
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no
warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or
things to be seized.
Amendment V
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases
arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same
offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty,
or property, without due process of law; nor shall private property be taken for public use, without just compensation.
Amendment VI
In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the state and district wherein the crime
shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to
be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the assistance of counsel for
his defense.
Amendment VII
In suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury,
shall be otherwise reexamined in any court of the United States, than according to the rules of the common law.
Amendment VIII
Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.
Amendment IX
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Amendment X
The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the
people.
Opinionated Law Student Strikes Again!
How about treating those individuals within the US who are currently abused, harassed, outcast, and generally treated like crap, as human beings for a change. The "geeks", the "nerds", the "poindexters". .gov servers and our military networks against attack from outside forces. /destructive/, perhaps they would feel less like outcasts.
How about changing budgets within our school systems to promote actual learning instead of how far some thug who is blank as a fart can throw a football. Then perhaps they could be enlisted in helping to secure
If the intelligence and creativity of many of these people could go to something worthwhile, something productive instead of
No no no no no. Far better to do the equivalent of rummaging through peoples homes without a warrant.
Just a little IMHO.
Soapbox-mode cancel.
Yes we don't want to see it.
Yes the potential for misuse is there.
Another concern, though, is the fact that any device deployed on a network has the potential to be compromised...I'd be more fearful of the badguys (tm) gaining access and monitoring all the things the government says it isn't interested in. With this potential in mind, how can the ends justify the means?
like it says in the title... The press think of republicans as the great satan, and feel that anything is justified in order to get a democraticly controlled congress with a democratic president.
;^)
Hillarycare! Save the children! free drugs for seniors! How can any compassionate person refuse or even question these lofty goals!
I think we should accept it now - our privacy is slowly eroding and will soon be a thing of the past... paranoid ? Not if they really are after you...
Man, that is exactly the kind of attitude that governments love to spread, because it makes the job of taking away your liberties that much easier. When the entire populace takes on this "Holier than thou" attitude, trying to prove to each other that "they have nothing to hide", the government has already won.
Michael Gentili
- He's just some guy, you know?
Vee hoff wayz off knowing who your friends are, confezz now and it will be eezier, trust me.
This took at least two years to cook up, where were your friends from the ACLU then, huh?
And all you Republicans, do you think Vacant Lott will oppose this?
It all depends on the meaning of intelligence is. Some people relate it to problem solving ability, others to data gathered on others.
Oh boy.
All you freaks who say "why should you be afraid" are missing the point. It is not out of fear of being caught. It is a constitutional right.
Geez, governmental voyeurism should be scaring the pants off you people!!!!!
The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk
The House Between - Original Sci-Fi Series
as far as attacks on civil liberties........ (also during world war 2)
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
it's amazing how stupid people can be sometimes.....
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
Um. Let's see now. There's a sincere difference between perhaps funding agencies to secure their own networks by running up-to-date and patched services and implementing smart firewall policies; and monitering the entire damn Internet. Those poor, poor government systems that were defaced didn't suffer their fate because communications from everyone and their grandmother weren't being tapped, it was because the lax, shit-for-brains administrators running the systems didn't find it worth their time to keep up with the times of the security world. Enough said.
C'mon guys... the US and its band of cronies (Canada, UK, NZ, Australia) do this already. Remember? It's called Echelon. Echelon Echelon Echelon. And it's nasty.
-- adr
>When will you sad, pathetic, "Look at me, I'm a first-poster" kiddies finally get a life ?
/. whiners just IGNORE THE FSCKING FIRST POSTS. The louder they scream, the more they're ignored. Eventually they tire of screaming into space and move on to their next annoyance (IRC flooding or whatever). Silence is a wonderful weapon.
>You server no purpose but to annoy....
When will you self-proclaimed "more clueful"
Nope, second...
When will you sad, pathetic, "Look at me, I'm a first-poster" kiddies finally get a life ? You server no purpose but to annoy....
To keep on-topic, perhaps if we are watched by the various American agencies they could at least put an end to the sorry individuals such as below...
The description under the post on the main page says you MAY want to write your representative. I'm begging you all -- PLEASE write your rep! Posting on /. only won't solve the problem. Please take action. Once momentum for this sort of thing builds up, it's almost impossible to stop. Let's use our community size to have some positive influence.
Didn't you hear that Barry Sanders is retiring from the Detroit Lions???
Slashdot: Liberal News for Nerds. Liberal Stuff that Matters.
Hi, I'm new to /.
Can you tell me what echelon is?
You know what the first thing that I think is?
...
"Hmmm - I wonder how good the Indian Ocean link is. Because we could always just cut the U.S.A. out of the link completely. Let them sort it out and connect them up once they want the rest of the world back."
I fear this sort of thing - it produces yet another block of mindless statistics, generates more FUD against the Internet and the whole reason we should be getting computers to talk to eachother in the first place, and serves only to increase the importance of the watchers at the expense of the watched.
Leave aside methods of IP forging and misdirection, and the possibility of abuse by hackers and corrupt agencies. You've still got the threat hanging over your head. The FBI might not have any power over me as an Australian Citizen directly, but no doubt ASIO would love to help its big brother, and even if I was immune to that pressure, there's always the people I've been talking to, and the servers they run, and
Write to your congressman. Do everything in your power to point out the futility of the Big Brother mentality. The best argument is to ask to see their records on public display. After all, if you knew who a terrorist was, wouldn't it be easier if you could use FIDNET's tools? No big surprise that this doesn't appeal to them...
AFAICS, you people in the USA have a problem. How to stop the mentality of blame and mistrust in your government that is crippling your education, legal, communications and health systems, and turn it around into productive work. I don't have the solutions - you'll have to do the best you can.
--Reason is a tool. Try to remember where you left it.--
the fbi has some authority in some countries such as russia b/c of inter-gov deals to work with international crime. not that not having authority has ever stopped the us from interfearing with other countries... really they are just advsiosors... with guns, not a some covert team underming your govenrment
Fair point. From this day forth I shall duly ignore all first posters...
hehe. before I scrolled down and saw your definitions, I was thinking other things.
:)
s/black/baked/g
I've decided to collect any links to articles, or other information I can find on this story and post them at fidnet.homepage.com.
Just added the CDT commentary, which also has the draft itself, online.
Visit Lockjaw's Lair. He won't bite.
how much disclosure can we squeeze out of the government and powerful organizations?
Never enough probably. We don't have that kind of control over our government. The way we're going, we'll continue to have less and less control. As long as elections continue to heavily favor the 2 main parties (not that they are much choice when you can't tell the difference between them much of the time), we'll never be able to vote for real change in the government.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Monitoring public networks? Sure.. they're public. Therefore, by definition, available to the general public.
As for me, my network is private. The connection to my ISP is by private agreement. Their network is private, and their connection to their provider is also a private agreement.
What is the Internet, but a collection of private systems/networks all hooked together in one big orgy of information?
The summary of this article says "the National Security Agency" is reviewing this proposal. Now, I will admit that I don't know what input NSA might have, but that's not what the NYT article says. Instead, it's the National Security Council, which is a completely different animal. The NSC is a bunch of advisors, not a spy agency.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
The RFC doesn't seem to address the possibility of using African Swallows, which are my favorite since they have good distance, can carry large packets (2 of them can carry a "coconut"), and decent speed.
So they are afraid for their own networks. But that doesn't stop them hacking into Slobodan Milosevic's accounts to try and stop his flow of money or any other of a thousand and one kooks out there. So I guess we choose who we give our civil rights to don't we. Of course the people effected can't complain they have been branded criminals by the ISA (INC STATES OF AMERICA)(I don't support any of these monsters so don't go after me on that!. You think they don't do their own snooping (don't be so naive) I with them being able to monitor traffice at ROUTERS (NOT AT GOVERNMENT SITES AS YOU SO ERRONEOUSLY DEDUCED) they will be able to see all traffice. ECHELON have been doing this for years and I guess the FBI are chaffing to have a go as well.
Remember that the government of the United States is it's people not peppered hair man who can't keep his dick to himself!!!
"The way she used to say Rimmer as if it rhymed with scum" Red Dwarf
- not put sensitive data on machines directly connected to the Internet
- hire competent admins
- run stable and secure OSes and servers
- use B-level trusted OSes and implement serious physical security for machines with sensitive data
- configure servers properly
- apply all security patches
That would be a hell of a lot more effective than snooping everyone's communication, wouldn't it? I mean, if the objective were really to stop website vandalism and the compromise of sensitive information.Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Sure, encryption works for point to point comm where both sides agree to support encryption, but even then it's usually for a limited purpose (e.g., sending credit card info). There is just no way I can BROWSE the web securely because the control is out of my hands. When all websites use SSL with 128-bit encryption, only then will the cries of "Encrypt! Encrypt! Encrypt!" even begin to make sense.
Not really...
When I was at Sydney University (AUSTRALIA the 53rd state of America) we had the FBI investigate over infiltration of the NASA site. Since the site accessed was on US soil the Hoover boys where justified in coming over here.
Not only that speaking to a friend of mine who is in the FEDERAL POLICE (similar to the FBI in OZ)he said that the FBI do have jurisdiction here upon cooperation with an Australian Agency or Government body. Seeing as we are so far up the ISA's ass do you think we would say no!!!
"The way she used to say Rimmer as if it rhymed with scum" Red Dwarf
Most govmint types "Just Don't Get It" (TM).
Cryptography is nothing more that putting your private letter in an envelope and expecting that the Post Office will not open it.
>1. Labor unions ?
;)
>2. Communists ?
>3. Jews ?
>4. Catholics ?
> When 'they' go after the first of any of these
> groups (or any other non-criminal groups)
Now who decides what is a criminal group? Of course, you know it's criminal to be a Labor Unionist, Communist, Jew or Catholic.
As for in the US of A, they've already started to go after the dope smokers(all property stolen and sold + 30 year sentence for smoking pot), to a smaller extent the nerds(anything you own that involves electronics or telephony in any way gets stolen if anyone(usually someone in the FBI looking for a case) says you might have done anything possibly illegal with a computer and you never get it returned, plus some accused have spent long times in jail without trial), and probably a lot more that I don't know about. They've been going after the Native Americans for so long that people don't notice anymore, IIRC the last military action was in the 1970s, and theft of land and property continues to this day.
I've never done illegal drugs or cracked, illegally hacked, or phreaked, so don't call me a dope-smoking h4x0r lamer. These things are happening in the US, and if you live here in the States you should be very concerned.
You should be concerned that people are getting life sentences for petty crimes. You should be concerned that people are getting pulled over, harrassed, and arrested for Driving While Black. You should be concerned that the people have lost their constitutional right to constitute a fighting force powerful enough to defeat an invading army, or to defend against the US military if the government becomes corrupt. You should be concerned that the Congress is considering an amendment to the Constitution that will make it illegal to protest against the government by burning a flag, which if it becomes law will be a precedent for further legistlation restricting public protest.
As for the topic, monitoring the public does not show a desire to solve crimes. It shows a desperation to find criminals which makes every citizen a suspect of crimes that have not yet been commited. Public monitoring could also be used to find people who do not like certain government policies(say, public monitoring for instance) and punish them in underhanded ways such as ordering an IRS audit(It's happened before, Nixon ordered the IRS to audit several of his political opponents).
Most people consider themselves to have a right to privacy. The gov't does not need to hear their telephone conversation with their aunt, the gov't does not need to see what's in the love letter they're writing to their [g|b]f, the gov't does not need to watch them take a piss. You get to the old envelope example -- If we didn't value privacy we wouldn't use envelopes, and it is in fact a federal offense to tamper with mail.
The government already has the powers to post surveillance on somebody, however they need to go through a judge and present evidence that this person may be a criminal. If the gov't doesn't have a good reason, the judge can tell them to stuff it. With public monitoring, this important legal right will disappear.
These 'rights' are often considered 'loopholes' that let guilty men go free. We have them for a reason. The founders of the US knew what a corrupt police force did compared to an honest police force, and drew up a set of laws that requires the police to be honest. When the police have acted in ways which deprive the rights of the suspect, you will read in the morning newspaper about a guilty man who has gone free because of a loophole, never mind that a man is not considered guilty until he has gone through a trial and been found so. Losing suspects and evidence because of acting in an illegal manner is what keeps the police forces honest. When we lose these laws and regulations, we stand to be ruled by a corrupt police system.
-Perpetual Newbie
What about PGPVPN? Sounds like a good way to take this.
Ladies and Gentlemen, Boys and Girls...
Let me assure you all that Stonehand is mostly correct in his commentary. Let me ALSO assure you, as a former Federal Law Enforcement Official, that there is 1 and ONLY 1 offense that can be prosecuted in the US when committed outside the US (an "extraterritorial offense") and that is TREASON!
The FBI does maintain a presence in all foreign industrialized nations ("Legal Attache" in the Embassy/Consulate) and in many lesser-developed ones...
They are supposed to cooperate fully with the local Law Enforcement Officials, to include ensuring that extradition requests are complete and correct.
~ti dave
"Mistrust those in whom the impulse to punish is strong."
~Friedrich Nietzsche
I think everyones a bit too paranoid, read on:
"calls for a sophisticated software system to monitor activities on nonmilitary Government networks and a separate system to track networks used in crucial industries like banking, telecommunications and transportation. "
... notice this says one system for non-military GOVERNMENT networks and another for CRUCIAL INDUSTRIES. It doesn't say anything about monitoring public networks, therefore, they are completely in their right to monitor their own networks (I'm a little sketchy on how they go about monitoring industrial networks, but either way it doesn't affect the average joe). In summary, read more and stay off of drugs that increase paranoia.
dan-
Times got a mandatory registration process and This kind of measure should not be encouraged.
I would like reading Times articles but I don't like being categorized and I don't want anyone to control the information that comes in front of me.
I accepted the registration process of Slashdot b'cause they enable easily everyone to be anonymous but I don't trust a bigger company doing the same.
Times does not enable easily and clearly a way to browse its articles anonymously.
I find it difficult to believe the government is deluding itself into believing that somehow it can detect "network intrusions" -- let along determine whether these network intrusions were not from someone being paid for security testing.
And they are further deluding themselves in believing that they can monitor all of the Internet traffic.
actualy you can SSL hotmail, I think.
there's also a site called "hushmail.com" witch uses 2048bit ecryption in java. it's not a US company, obviously...
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
Yeah, I think you're right. The article mentioned gave too little details about what exactly Big Brother had in store.
Remember, the NYT got all of it's information from the civil liberties union (mention in the first paragraph). They themselves did not look at a copy themselves. All they said was
"A draft prepared by officials at the National Security Council last month, which was provided to The New York Times by a civil liberties group..."
A draft. Nothing more. Furthermore, what makes everyone so sure the "civil liberties" group in question didn't leave out parts of the report in order to obscure some facts about it.
I believe
A) The government has a right to be worried about a cyber-terrorist attack
B) They already have anti-terrorist laws in effect for "conventional" technology, why is this any different
C) Until we see a final bill, unabridged, and not some NYT article giving their insights to a civil liberties insights on a bill that isn't even out of a subcommitte yet, let's keep the hysteria factor to a minimum.
It's not like I'm not concerned about it, but as it stands now, we don't have enough information about it to really base our judgements on.
at least with ssl, probably others are in the works. The gov can already take a man-in-the-middle technique to transparently break the ssl connection in half and read the no longer encrypted data.
I know because I work on one.
Oh yeah that's right. Like you didn't follow them into IRAQ, KOSOVO or anywhere else they want to send their stormtroopers, oh that's right there called NATO PEACEKEEPERS. You where so powerful that you never had US troops protecting you from the RED BEAR during the COLD WAR. Had so much money that you needed a MARSHALL PLAN after WWII and if you hadn't had the YANKS at the beginning everybody would be singing DEUTSCHLAND UBER ALLES by now.
Grow up or grow a brain - your naive nationalism is not based anywhere in fact or even fiction,.
Kiss off moron
"The way she used to say Rimmer as if it rhymed with scum" Red Dwarf
*singing*
A trolling we will go,
A trolling we will go!
High-ho, the merry-o
A trolling we will go!
Always nice to see that all man is indeed created equal, and that saying daft racist/ nationalist/ bigoted things was not a market cornered by Americans.
Since posting this, it should be noted that strange things have started happening...
Just today, maybe an hour ago, some guy pulled up across the street in a Green Ford Explorer and took pictures of my neighbor's house and my house.
Big Brother is watching.From what I have been told by people, many groups/organizations are allowed to monitor the Internet. I have been told that MSN monitors the things that you do while connected, and if you do bad things (which I wouldn't ever do :) such as downloading illegal software, sending illegal stuff, they can catch you. I don't think that the Internet should be monitored by the government, because I think that it's the person's responsibility to take the concequences for one's actions, and if anyone really wanted to plan a huge bombing or something, they wouldn't leave their tracks!
I noticed before someone posted that all the money that they're spending on this could be used to provide houses for all the homeless people in America. I don't think that that's too true, but I'm sure that if they really needed to waste their money they should waste it on a good cause that would help everyone. I do not think that the FBI should monitor the Internet, because we are entitled to our first amendment. I'm no lawyer or anything, but I want my rights respected!
Matthew McCoy
Do you do it on the front lawn, or do you prefer a bit of privacy?
People prefer privacy for things they want to be private about. That's all; no value judgement or assumption of shame can or should be implied.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
PGP and PGPNet allow 4096 bit keys.
I've heard that too, about the Dead sticker, on the Grateful Dead newsgroup, though it usually seems to be a southern or midwestern state. Deadheads that use stickers that aren't blatantly "Dead" like are said to be driving stealth.
From my own experience, I've driven with Dead stickers on my cars for 12 years, I was pulled over once in Atlantic City for inadvertantly running a red light, and was let go, and once in Rochester for forgetting to turn my headlights on, and was let go.
I think the police in Rochester have better things to do than pull over Dead or Phish stickered cars (about 10% of the cars on the road it seems).
George
My brother-in-law is about as square as you get, and he has a Marley sticker on his wagon. (I think it makes him feel less square to like Marley).
I've always had at least one Dead sticker on my car, to ward off evil spirits.
Anyhow, Rochester police don't have the manpower to pull over every car with a Dead sticker, and I think I read in rec.music.gdead that 30% of cars with bumperstickers on them in Massachusetts have Dead stickers on them.
George
Francis E. Dec Esquire!
Um, you compared the stamp price increases to the inflation rate over substantial time periods lately?
The latest stamp price increase covered the inflation rate for the year it happened. But there are typicaly several years between stamp price increases.
Stamps are getting cheaper, not more expensive, in fixed-value dollars.
Fear my wrath, please, fear my wrath?
Homer
We apologize for the inconvenience.
"First they came for the slashdotters and Ilakwejrl;mph'
$_="06fde129ae54c1b4c8152374c00"; s/(.)/printf "%c",(10,32,65,67,69,72, (74..76),(78..80),(82..85))[hex $1]/eg;
On the one hand, I'm not one to encourage needless paranoia. On the other hand, I don't like this.
I'm in a fairly militant mood these days for both personal reasons (as discussed on the Ticket Booth Tyranny thread) and political ones ( Damien Echols' Rule 37 appeal was denied, and I'm very pissed about it).
Post-Columbine, a friend of mine was given trouble for wearing a BEIGE trenchcoat. If the Powers That Be (or anyone else) start looking for a certain "profile," then anyone who has anything in common with that profile is screwed. Where I live, there have been a lot of recent stories concerning racial profiling. (Maybe THAT is why more African-Americans aren't on the net. *wry smile*)
But of course, it's not just race. If someone wants a scapegoat, it's easy to pick a likely-looking one. This goes on in schools, it goes on in law enforcement, and it goes on in politics.
I'm not over-cautious with personal info because I don't feel I have to hide things from people. However, I realize that if things in this country get really crazy, I'm going to be one of the first people that gets harassed for being a social deviant.
The FBI's probably got a file on me as it is, but as long as I'm not kicked out of my housing or prevented from getting a job or arrested for something I didn't do (or something I did do that shouldn't be illegal), I don't give a damn. However, I've got contacts, resources, and what-have-you; many of my fellow social deviants aren't quite so lucky.
So I fight for their right to keep their correspondence and personal details private. And since some of them talk to me over e-mail, I don't want anyone reading my e-mail either. Things that I do that are public or semi-public record (/. posts, my web page, petitions I've signed, that sort of thing) are obviously things that I don't mind having traced back to me. But there are a lot of people who can't or choose not to be as open as I am, and dammit, that's their right. (Even in the current atmosphere of Don't Ask, Don't Tell, for instance, I'm sure some homophobic military types would love to scan e-mail looking for anything that might suggest a soldier is gay. *sigh*)
Another big problem here is that people don't profile for actual criminals as often as they seem to for stereotypical criminals. Racial profiling is a major example of this -- black man driving nice car in suburbs, wonder how he got it? Drug money? Let's stop him. Etc. Satanic Panic based profiling is another biggie; there is no other reasonable explanation for why Damien Echols is on death row and his two friends are in prison serving life sentences. With net-based searches, we'd get the additional problem of "profiling" of anyone who, say, visited 2600's website.
I, personally, have nothing to hide, and haven't suffered much in the way of harassment. But damned if I'm going to make it easier for other people to have their lives ruined for no good reason.
"Somebody exploded a letter-bomb today
Never apologize for your jokes!!!!
:-P
If those capitalist swine can't take a joke, well, you wouldn't want them as friends anyway. Stupid Crackers!
The real scandal is that we, the hackers, don't aggressively use strong and unbreakable crypto. Why is SMTP still send in the clear? How about HTTP?
It would be trivial to secure these protocols, in fact, secure versions exist, but are largely ignored.
We control the infrastructure and the protocols, so why don't we get off our lazy asses?
--
Yeah... me too. But mine will be faster. I guarantee it.
If you don't believe me, post something on usenet that threatens the president. The Secret Service will be talking to you.
Mea navis aericumbens anguillis abundat
It's likely you are wasting your time. The only provably unbreakable system is the one-time pad. Anything else can be broken, given sufficient time, attention and interest. Any 'simulation' of a one-time pad is not a one time pad (i.e. use of a pseudo-random number generator for a one-time pad can be attacked through the generator).
Also, you'd get a better review of it if you posted it to sci.crypt. Be prepared to provide source code.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
WHERE'S THE SSL???
I've noticed that while everyone is discussing privacy and how the government is becoming/has become big brother, the NyTimes article is pretty vauge about specifics of the Clinton plan (probably because the plan itself is really vauge). Is Clinton's plan talking about intrusion detection on government and "vital" private systems, or monitoring all traffic on the backbones? The NyTimes article talks about gathering data, but then also talks IDS software, implying that the plan is talking about letting the government setup IDS software and then gather the system logs. If this is the case, it seems getting a strict definition of what a "vital" private network is would be in order, not jumping to the conclusion that clinton just wants to play Big Brother. Of course, Clinton could be trying to get the FBI the power to read your email at will - I don't know; it just seems that no one has commented on the fact that the details of the plan are really vauge, and instead jumped to certain conclusions which may or may not be true.
Touch The Puppet Head
"He who controls the infomation, Has vast power"
There is already a worldwide surveillance network in place called ECHELON. It's a cooperative effort between the US, UK, Canada, New Zealand, & Australia.
The CIA has no jurisdiction outside the US either. No US agency has jurisdiction outside the US. Not that that stops them from acting like they do anyway...
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
I had some win32 software a few months ago, that had the power to steal someones packet any time they tried to goto a web site, (as in on my local network) what if someone was to make software like this that did this to the whole internet? It would bring down all major sites, and the thief would only need a isdn to do it. He don't take down your site, he just steals your packets to it, so you get an error about the site not being there.... I've worked with software like this.. I know it can be done.
So... when are we going to have encrypted Slashdot?
--
--
The Internet is the Suppository of All Knowledge. You get it in the end.
If we tried to do this to them, they would haul us off to jail. This is rediculous.
Rush Limbaugh even commented on this today. He spoke for about 5 minutes on how terrible it would be if this comes to pass.
His argument was that it is very simple to step up from monitoring to invading.
So, what about countries that the US aren't allowed to track? Would there be an IP list in the systems that would be ignored by the system? And could you declare your Ip block a seperate system from the US, and therefore be added to the list, or will they require your physical system to be located in a anti-watch country? And if that is true, coudn't you have a block of IP address's that are owned by the said country routed to your location?
So in the end you would have countries defined by their numerical and electronic standing, not their real location. The internet would become fractionalized via IP blocks, and a firewall would devide them instead of an iron curtain. People seen coming from the free block of IP's would be watched while on systems on the inside, secretly of course because otherwise it would be breaking various treaties. I could go on and on with various theories, but you can probably come up with just as many as I.
All in all, a very frightning idea, escaping one reality just to have the world's view imprinted on another.
I don't want to sound like some wacko but big brother doesn't give a damn if you're a kink or freak or if your ideas are different, they give a damn when your ideas are against them or potentially against them.
This is my signature. There are many signatures like it but this one is mine..
I would say that if the govt. has the capability to implement something like ECHELON, which monitors many different media (and more bandwidth intensive ones at that), then they definitely have the capability to implement FIDNET.
The Chicago police have an analogous offense when they see Blacks driving through white neighborhoods at any time or through major intersections on a weekend night.
Just a couple months ago, two routine, minor traffic stops where turned into self defense shootings. One guy just graduated (Northwestern, I think), the other was some sort of computer analyst.
This is what happens when cops err on the side of safety.
There is one huge difference between the NSA watching us and the FBI. The NSA cares less about what 99.9% of the people in the world do. They are watching the largest threats to national security, they will not bother with small fish. Why waste the technology/techniques on small fish letting the bigger fish know of what they're capable of?
The FBI is a bit closer to home, their primary task is essentially policing the USA. They will announce what they want to do, do it and then go after the smaller fish, the drug dealers, software pirates, distrbutors of "evil" information etc...
The next logical step will be for them to archive the data on people, add some pattern recognition software and identify the people who seem to be the most likely to commit a crime, and send people out to monitor them. We are working on a system like this at work to determine what products our customers want to purchase next and barrage them with advertisements for the product. (The technology is here... and we are watching...)
The project has already begun.
www.ompages.com -- it should be up this evening, I can't remember where the mirrors of our manifesto are right now (any others on the project have it up?).
First thing we're going for is open-source webmail with full encryption capabilities, after that, a 'public' private network (ie, all connections transparently encrypted). We just started up, but that's where we are heading, and we've gathered a decent following already.
Thankyou.
</plug>
Well, on the one hand there is nothing really new in this. NSA has been monitoring the 'net for ages, and now FBI wants to have a peek, too. On the other hand the government agencies are not exactly known for cluefulness, so the idea of yet another bunch of idio^H^H^H^Hgovernment servants watching the net does not appeal to me at all. They are very likely to see something they do not understand and do Very Stupid Things (tm) as a result.
Yet, on the third hand, this could be the necessary push to get strong encryption in wide use over the net. Generally it's too much of a bother but now that everybody and his lawyer will be compiling a database of IP traffic I just might try persuading my friends to use strong crypto in email.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
It's already being done.
It's called Echelon!
"...what it is that people are doing to be worried about being caught in the first place."
One of the most important aspects to "freedom" as
it is written into the American system of government, is that your attitude expressed here
is unamerican in nature. Just because someone wants freedom and privacy they should not be
subjected to suspicion! Now that we have crossed
out that founding principle (time and time again),
"security concerns" have replaced "freedom" as the
primary national ideal.
-fb Everything not expressly forbidden is now mandatory.
Since the beginning of this thing, it has seemed that certain people in the government have wanted to do things that it is not within it's authority or power to do. I haven't read the newest stuff yet, but could this be the one that could actually work? While the thought of this being a total dominant control thing, I don't think that there are enough people in the government who would ACTUALLY do terrible bad things with this information to make this whole thing any more than a petty nuisance.
cover for what they are already doing, in the US and in Europe at least.
I work for an ISP in Europe and, as you know
if it were the UK I could get 10 years to tell you this.
Hi Guys
This is probably just a way to take attention away from Echelon.
If everyone gets all crazy about this before it even happens, the gov hopes maybe we will forget the fact they are already spying on us. Blah. Time to mail the old congressman again.
This sig is false.
Could this be it? Could this be the moment all geeks across the world have been waiting for? Something that only we can save the helpless clueless public from? I dunno.
Personally I think they're going about it all wrong. Anyone who needs a refresher about just how far up their own butt the gov't got their head when it comes to the internet should go back and read "The Cuckoos Egg" again. They don't need to watch civilian traffic. That's the public's problem. What they need to watch and guard much more carfully is the very thing this proposal leaves out...government and military networks. That's what they need to be worried about. So what if rogue terrorist hackers from bolivia hack into Bank One and steal every last penny. That's the banks problem and they should be on the watch for it just like any other sysadmin. What the feds need to do is keep their nose in their own business since they obviously don't spend enough time watching their own backs.
--- Juggle juggle@hitesman.com
Your web page sucks!
Perhaps this is an echelon cover story? Pretend to create some monitoring facility, and add FBI signs to the front of all the echelon buildings...
Maybe it's easier to justify something after the fact than to admit wrongdoing?
Nope, you've lost in a big way... and going by the way you take delight in doing so, I would say this must sum up your whole life... "I dream of being a first-poster on Slashdot... perhaps I'll get a friend then... I might even go out..."
That's Psychic TV, I think off one of Gen's "Rave" albums.
But I'm not expecting a hundred bucks from an AC...
B) They already have anti-terrorist laws in effect for "conventional" technology, why is this any different
So because they're taking unreasonable "conventional" steps to violate my privacy, I should accept unreasonable, "novel" forms of intrusion? Nope. I don't buy it.
"P.S. Does anyone want to sponser my citizenship to another country? "
Do you mean the Peoples Republic of China, or
do you mean Turkey?
-fb Everything not expressly forbidden is now mandatory.
This isn't as big a deal as people are about to start freaking out about - although it's definately worth a letter or two to your wonderfully representative *ha* elected officials.
The open-source and linux communities have the power to make these plans effectively useless through the implmentation of transparent public key encryption schemes - Fuck ITAR, this is an international community. A good implementation followed by a new "secure" linux distribution - perhaps Trinix - or maybe RedHat, but they're less likely to take on "the Man", IPO and all.
So let them monitor your SSH sessions, let them monitor encrypted web communitications. The key is to make it automatic and transparent, so that the end user doesn't have to do anything.
I'm sick of this bullshit from the US Government - I'm not a US Citizen, but being north of the border in Canada means this crap will diffuse up sooner or later - Our spineless prime minister does what the US wants.
So rather than bitch and moan and cry and whine, we've got the tools to make this system effectively useless. Run with it.
AC (with damn good reason).
ssh is the only way to go. I don't particularly care to have my passwords hanging in the telnet breeze...the other advantages are icing on the cake. :)
James
Here in Europe something similar is happening. These Secret Information Gatheres and Controllers are actively seeking new ways to show the Government that they are needed. Since after the Fall of the Soviet Union, a big bad enemy has evaporated, they probably do not know what to do in their free time. So they want to surf the Internet and see what normal people or baddies like me do when they communicate. I would recommend the Governments to cut down the Budgets of FBI, CIA, BND or how you call these Dinosaurs who look too many James Bond movies. Then use the money to build better schools and educate the kids so that a self regulation can be possible. Heck I hate these Controlfreaks - I just use PGP or ssh or ssl if I want to and they will not stop me.
"Government officials argue that they are not interested in eavesdropping, but rather are looking for patterns of behavior that suggest
illegal activity."
What I want to know is: what sort of patterns suggest illegal activity? Based on previous nonsense, I wonder if use of encryption is enough to raise warning flags.
hey, what's echelon??
News Flash: Gov backs down, for now.
, 2304092,00.html
http://www.zdnet.com/zdnn/filters/bursts/0,3422
I hope that Y2K really does bring the Feds to their knees. We really must start voting for better elected officials AND disempower all unelected bureaucrats. To achieve this, we must start paying more attention to local elections. Federalism has gotten completely out-of-control. We need to return to our Constitution and Bill Of Rights.
but doesn't share, does have enough analyists
to following everything flowing through it
(and everthing flows through the NSA).
Enough said.
If they are going to put a legal face on it, then they must do so legally. What you speak of is doing things illegally for political power. Perhaps it is you that are problem free anonymous coward...
- Routinely encrypting all my traffic may not buy me much privacy.
- Traffic analysis can reveal where I have been surfing and who I have been emailing without saying anything about what I was saying. But I imagine that in this hypothetical police state exchanging email with subversives would be a crime. And don't think that anonymous remailers will protect you; remember anon.penet.fi.
- Failing traffic analysis, I am still conducting transactions with websites, who is to say that they won't decide that its financially advantageous to get together and construct detailed profiles of me. Isn't that what ads.doubleclick.com is doing?
- How do I know that my security protocols are really secure? I just downloaded PGP from some random website or installed the standard Red Hat Distribution. How do I know that the implimentation wasn't weakened so that powerful interests can read my mail anyway? Worse I might believe that I can send whatever I want with PGP and end up incriminating myself more completely.
- Rather than pressuring congress to allow me to implement weak and insecure protocols that give me the illusion of privacy, why don't we pressure Congress to open up government. "Okay Congress, you want to monitor our networks for criminal activity, you can, if you make verifiable public records of all activities and results from the monitoring." Better yet, if they want this tool, let them build it, but make it a public domain tool that serves everyone. Why should we trust incompetent government workers to secure our networks?
- Perhaps surveillance of everyone is immanent, but it doesn't have to be clandestine. We have an opportunity to choose how it is implemented.
If given a choice between having all my email read by the NSA without my knowledge or permission or having all my email read by the NSA and receiving notification whenever it happens; I will always pick the later case. Even better is if I recieve notification from anyone when that email is used. Whose to say that Coca-Cola doesn't have nefarious schemes?This bargain could be struck on many levels. If congress wants to monitor all email, I'd be quite happy to go along with this if in exchange the government would publish all gov. documents on the web five years after creation regardless of classification.
-Carl Coryell-Martin
Duh, money is power...money also is a store of value, a measure of success. Added benefit...if there is no gold standard and the central bank f*cks up and hyperinflation kicks in you can use it to wipe your tush.
This is John Galt speaking
You could encrypt it weakly (or not at all), and fill it full of the kind of keywords they're looking for ...
"Kill the President"
"DRUGS"
"Smuggle"
"terrorism"
etc...
send 3 emails like this every day. Jam the signal.
Here's a link over at news.com talking about the same thing.
...you freakin' fascist fscks! Get off my wire! :)
Watch all smtp traffic flowwing through a couple of the MAE's, don't bother with anything but the headers for the most part. Propperly stored and indexed you should be able to establish what email address is an associate of any other email address, eg, who else is worthy of suspicion if somebody is flagged as dangerous.
They know who you talk to, and they don't have to supoena any telcos for those records. Screw due process.
The plan, an outgrowth of the Administration's anti-terrorism program...
Ah, yes. Not unlike Ireland's Special Criminal Court, ostensibly for terrorist cases in which juries are, ahem, impractical. This court is now used for drug dealers and pretty much any case in which a jury is likely to dismiss the case or return an inconvenient verdict.
If it wasn't obvious already, here is all the motivation you need to routinely encrypt every network traffic you can. With routine logging of activity and computerized searches of the reulting databases the possibility of misuse ranging from unauthorized abuse by individuals up to systematic clandestine surveilance of everyday netizens is immence.
The only efective way to combat this is routine use of strong encryption no matter how innocuous the nature of what you're doing. The congress won't do much as these things are always justified in terms of stronger law enforcemnt aginst stalker pedophile spies form China (or whatever the bad-guy-du-jour is) And your representitive/senator can't appear to be "soft on crime" now can they?
See http://www.zdnet.com/zdnn/stories/news/0,4586,2304 083,00.html?chkpt=zdnnstop
Isn't the internet wonderful?
Surely you can't forget the flap over funding for the echelon (sp) system? This might be a way to get new funding to expand and sugar-coat it for the public at large. (I can hear echos of "we're doing it for the children" and "you must be an anti-government conspiracy theorist" to anyone that opposes it.)
The government seems to have a bad habit of announcing their intentions to use something after it's already been in place for awhile.
I like the basic principle of giving ordinary users tools available to more powerful organizations.
However, a packet sniffer is only useful for packets that pass through your computer, so Joe Average with a dial up connection would be able to snoop on members of his family. Jane Hacker with a DSL may be able to sniff on her neighbors, but she won't see packets from arbitrary IP addresses. That would require sniffers on the major hubs.
--Carl Coryell-Martin
I know it is illegal to export it from the USA, but is it also illegal to use it?
IMO a good compromise would be to allow strong encryption and to have a law which, after a warrant from a judge, forces people to give in the encryption key. A (heavy) punishment could be put on a refusal.
Maybe this will rekindle interest in Guerilla.net, the L0pht wireless network.
Of course, I may just get in the habit of encrypting all e-mail and only using ssh for remote connections.
--sig time!--
What about a "keyword daemon" that just transmits fun words like "espionage, bombs, C-4, FBI, assassination, nuclear, biological..." across the wires to select "bounce" hosts. That'll put their little monitoring system on overload with enough people running it. Somehow the IPs would have to change, or each client only transmits 500 words and then it dies... Heh. :)
Do I assume that you are posting flamebait, or do you believe the party line: That this system is somehow related to "national security"?
Actually, the idea of overloading the system has some merit, increase the noise/signal to make it worthless. I recall in WWII a prince in one of the Scandahoovian countries put on a yellow star to show solidarity with the jews, same basic concept: it ain't yer dang bizniz.
Germany didn't have nearly the monitoring ability of the USA today. It would have made it so much more convienient.
You make a point. I've considered the prospect of a compromise that would allow us to have access to our government once again, in exchange for our privacy. It's almost worth it. Remember David Brin's "Transparent Society?"
We seem to have completely lost our government. Elections are a sham. If our votes don't have realy power, how can we make a difference? Additionally, most people don't have time to keep up with everything happening in Washington. Big business controls nearly all the news. How do we know what's really important and what's not being said?
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
What bothers me most about this whole affair is not that the United States Government is planning to monitor the private communications of our population (by nature, nation-states and the bureaucrats that run them are control freaks), but that supposedly educated techs and engineers are PROGRAMMING and NETWORKING these monitoring systems. Quit blaming the government and look deep within. We are our own worst enemy. We're just following orders, right?
"We're sorry, but the website you're trying to reach has been disconnected."
Of course, Brin would probably argue (and I agree) that the 'in exchange for our privacy' deal is no deal at all. We, as little people, will have no privacy; my question is: how much disclosure can we squeeze out of the government and powerful organizations?
-Carl Coryell-Martin
Geez, if you're still doing ANYTHING slightly confidential over unencrypted channels you deserve what you get. ssh is your friend. :-)
An example - me and a friend used to be able to comment on the girls down the bar with complete easy - NHB (Not half bad), PBM (Paper bag material), YBY (Yeah baby yeah) - The key here was an agreed standard of coding that allowed the my friend to work out what I ment. We would sometimes generate new ones on the fly too. Endless fun
Now on to encryption schemes. Both ends agree on how the data is to be encrypted (usually using a key of some sort). For large scale use this standard has to be published, even if it is published in a program it isn't to hard to disassemble it. So you can assume that everybody in the public forum knows how your message is encoded.
For computers It's not too hard to guess what part of message is either. If it's small it is most likely to text it will ASCII, if it is big it is most probably going to be a ZIP file or an EXE file, and medium size things will be pictures.
Using encrypted versions of standard protocols give you a pretty good idea of what some of the data will be - standard HTTP headers are a good example.
So, the person who wants to break your code has
Now, the hard stuff. Finding the original key.
Because Public/Private key crypto is relatively slow, it is usually only used to negotiate a session key for things like network traffic, and this session key is used to encode the larger data stream. This data stream is then open to attack by the above methods, or by attack on how the session key is generated.
An example of bad use of crypto: A web browser might generate the session key in a way that limited the number of keys. Perhaps it takes a hash of the process id (16 bits), user id (16bits) and the system's uptime (32 bits). Great - 64 bits of data for a key!
Wrong - On a home PC assume PID could be 16bits. User will be somehere in from 500-564 (on a home PC remember!) (6 bits), uptime will be less than a day - 17 bits. The key is based on only 39 bits! - But if the pid is known to within a few hundred then it is only 31 bits. So much for that 64 bit key.
here's a description about echelon: http://capo.org/opeds/pp0615.htm
Juiced? Or Not?
The point is, *I* shouldn't have to go to a lot of unnecessary work to avoid monitoring. I don't care if average Joe hacker can see me access the Apple web site. I *do* care if the government starts building profiles on me...at that point, information that no one cares about in small quantities becomes important.
If someone would please explain the technology(in quasi-laymen's terms) I would appreciate it much. I would really rather know how much could be monitored and how before I start ranting to other people. The Typo Daemon
It might be worthwhile trying a variation on a technique mentioned in the boot Crytonomicon and just send out a bunch of encrypted noise. Not to hide anything, just to get them to burn all their cpu cycles trying to decrypt it.
Several people have asked what Echelon is. It's a cooperative electronic snooping effort of the US, UK, and others. It's reportedly been used for industrial espionage at the expense of nations not in the select group. For more data than you probably want, go to http://jya.com/crypto.htm and click the "Echelon" link right at the top of the page.
Rep. XXX,
I'm writing to you regarding Fidnet, the Federal Intrusion Detection Network, which is currently in the planning stages. I will keep this brief because I recognize that your office probably receives quite a few letters and emails.
If you're unfamiliar with it, Fidnet, as proposed, is intended to "protect our national information infrastructure" by monitoring non-Governmental computer networks. This in itself should sound suspicious. There are several reasons why such a program should be opposed and I hope that, after reading them, you and your office do what you can to prevent this ill-though-out program.
1) This is an incredible intrusion on the populace's privacy, providing the FBI, which would be in charge of Fidnet, with unmonitored access to the electronic communications of nearly every American.
2) At the same time, however, criminals, who often use encryption schemes to disguise their online activities, would be largely unaffected, as Fidnet would have no capabilities for dealing with encryption.
3) Our country's "nongovernmental information infrastructure" is the domain of private business. The government should not be protecting private companies from "electronic attacks" when such protection, in the form of knowledgable computer specialists, is available in the private sector. Further, how crippling would an attack on our private networks be? Every corporation controls their own connectivity; the nation's private networks cannot be lumped into a single network that is vulnerable to attack. At worst, it is possible that individual company's network access could be taken down, but this would be the fault of the company for not assuring its own security and providing redundant connectivity. The economic and societal effects would be hardly staggering if amazon.com, one of the largest companies on the Internet, was offline for a day or two.
4) Finally, the concept of "electronic warfare" is a flawed one, meant to bolster the budgets of those who feel they need more resources. The Government keeps no crucial data on the Internet; the "hacking" of a government site is, at worst, an embarrassment. While losses can result when companies are offline for any amount of time, their are not actually any bombs or violence involved in this "electronic warfare." Sure, one's Web site may be down for a few hours and some business may be lost, but this hardly seems to be something that the government should be compromising the nation's privacy for.
I realize this was a bit long, but I feel that the issue is an important one. Please inform me if their is anyone else I could contact about this or if you would like more information or clarifications from a very computer-literate constituent. Thank you for your time.
--Andrew Grossman
--Andrew Grossman
grossdog@dartmouth.edu
That's right folks,
Never mind the privacy issues, never mind ethics or morals or any of that ethereal stuff like Liberty or Freedom. It's about the money.
Ever since the boom of the Internet, the Federal government has been losing money. They support much of the backbone infrastructure through NSF grants and such. The Internet2 is based in major Universities, but funded by the Fed, and we're going to piggyback off of that tech in a little while. The Fed is losing money since their grants are used to send spam and view porn.
But that is not the biggest dollar sinkhole that results from the Internet Age. It's all about the stamps!
That's right. The price of stamps has gone up dramatically over the last vew years. As we've migrated out corespondences to the net, the U.S. P.S. has tried to break even by hiking stamp prices. This just drove more people onto the net, and into long distance phone companies. This is why they're fostering competition and the proliferation of 10-10 numbers...
The government is just trying to make the net less convenient, more shady and just plain creepy(r) to drive the sheeple back to using the ol'U.S. Post. Under Federal regs, nobody (FBI, NSA, CIA, IRS...) can read your mail.
Watch for new U.S. Mail ads this fall. I ga-roon-tee it.
--Where'd I leave my meds?
-- What you do today will cost you a day of your life.
Scenarios like this are definitely not fiction. In fact, the FBI has been doing stuff like this for years. It's their bread and butter.
One of my best friend's uncles found out when he was in his 40s that in all the local government jobs he had applied to in his 20s he had been rejected for political reasons, despite his being top candidate for some of them. The government of Puerto Rico and the FBI used to keep (and probably still do) files of people considered to be "subversives"; those people were continuously harrassed by the authorities in many different manners. The criteria for being a "subversive" was opposing U.S. domination of Puerto Rico, and who was considered a subversive was established by means of surveillance, paid informers and covert agents, which also did sabotage operations.
This is all very well documented since both PR government and FBI files are now public.
I suggest you look at this page to find out more about COINTELPRO, the FBI's 60s-70s civillian surveillance program.
---
I was reading the book: "The hacker crackdown" and in it was described how the war on hackers from 198x til 1990 led to a civil rights protest and the EFF. The book described clearly the troubles the police had with tracing down hackers/phreaks etc. However I am seriously wondering whether it would be best to keep governments hands off the internet permanently, or maybe only involve itself in very serious crimes (credit card theft etc.). It seems the government wants to play cop in a world that is just to large and chaotic for them. Their time would be better spend warning companies about the security of their networks. Massive wiretaps will only hurt the public not protect them and encryption helps get around the problem anyway. I don't live in America but Americans often say that they are (or should be) an example. But I never had anybody in my country even suggesting something like the CDA or Echelon. I believe it would be best if the government didn't invlove itself in 'illegal computer entry' or 'theft of intellectual property'.
Yes, they had their business seized for publishing "GURPS Cyberpunk", which was deemed to be a manual for terrorism. The fact that it was not made no difference to the SS officers that raided SJ's headquarters. After years of legal wrangling, the judge agreed that the SS was in the wrong, ordered SJ's computers and property returned (woo-hoo, a bunch of 286's) and ordered the government to pay $250,000 in damages. $200,000 went to SJ's lawyers. See here for details. Steve Jackson thought it would never happen to him, either.
Ok, so, now if I want to send sappy love letters to my GF, and don't feel like sharing the details with every spy on the face of the earth, what do I do? Burn it to a CD, and have an emmissary drive it over to her house? Probably tempest monitoring her over there too, going to have to case her computer room in lead just to be safe...
But then again, who cares what I'm doing saturday night? If I can't even find a date who's remotely interested, what makes me think that the NSA is?
At any rate, my business of selling government secrets to the chinese has been severely hurting lately ever since they started doing it themselves (just kidding uncle sam), so this whole monitoring thing is just another nail in the coffin.
BTW, I'm a total patriot, I would never sell government secrets, I just thought that this conversation needed a dumb joke like that.
Perhaps this is another sign that geeks need to start getting involved in politics. We sit and watch the clueless government do one thing after another to take away privacy, cripple technology research and advance, and just generally try to treat us like children.
And all the while, I see geeks complaining about it, but doing little else. Maybe it's time to start getting the word out to people what is being done, and do something to change it. All the whining in the world won't do any good if that's all that is done.
I don't know, maybe a Geek Political Party? So the geeks will know who to vote for? So some visibility may be gained? Or is this just another one of those ideas that wouldn't work?
---
"You know your god is man-made when he hates all the same people you do."
I still firmly believe that the government should keep everything even vaguely sensative off the net. Yes, keep your public relations websites online, but give me a break, and take off anything.
That will solve their cyberterrorism threat. You cant very well hack into a machine that has no connection to the outside world.
The NYT article contains the following quote:
Actually, it seems that encryption would not help a lot in protecting your privacy. The first thing that the F.B.I. will do is to monitor "patterns" and check for unusual stuff. In other words, it does not matter much if you are sending encrypted e-mails to someone. If that someone is being closely monitored by the F.B.I., then the simple fact of sending some messages to that person will trigger some alarms. The contents of the messages are not so important.
Tracking "patterns" is not only about e-mail (which is one of the first things that people think about when encryption is mentioned), but also about all other kinds of traffic. So the spooks could also be alerted if you are accessing some suspicious web servers frequently. It does not matter if you are doing a secure transaction or not, because the first thing that they are interested in is your (IP) address. And this is not limited to web traffic either. They could also check if you are trying to connect to non-standard TCP or UDP ports on some computers.
The latter case is probably what the draft plan intends to make easier to detect, in the case of governement computers. Detecting suspicious accesses to governement computers is not a bad idea in itself. But it would be far too easy for the F.B.I. to abuse this power.
-Raphaël
This will take a lot of computing power and bandwidth.
It's a shame the US Govt. isn't doing something more positive with the money, like laying down a few thousand more Km of fibre for instance.
They really ought to be thinking ahead. Right now the US is ahead in the online game but smaller countries like the UK and Japan are much more densely populated - making the provision of massive bandwidth to the masses much cheaper to achieve.
The net will never have enough bandwidth, but those countries with more to play with are going to be the innovators of internet technologies in the years ahead.
- SparkyUK.
If the gov't then tries to leverage its influence against the private sector, we're in big poo-poo. As you probably know, any business dealing with the gov't has to comply with the whole slew of requirements. Next thing we'll see is the gov't DEMANDING that all of its contractors use FIDNET and escrowed encryption (all, of course, under the pretext of reliable supply of whatever the gov't is buying). Once the Fortune XXX companies are sucked into this, FIDNET is going to propagate itself further down the food chain. Pretty soon in-duh-viduals will not be able to get an account with an ISP without allowing FIDNET into their home computer...
He didn't say anything of the sort. This isn't designed to be anti-terrorist. If I was a terrorist, especially with monentary backing from a foreign country, I'd be *really* likely to send *everything* plain-text. Yup, uh huh. If you think US export regs on encryption keep encryption away from terrorists, criminals and foreign goverments, get real. It's not exactly difficult, and the drive to get US encryption is there. Heck, even with no technical skill (FTP bounce attacks, whatever), you can just ask a friend in the US to get a copy of X software and send it to you. *I* never filled out Netscape's "secure" forms with valid information...I just headed over to Yahoo People Search, got some information on Jim Smith of Boston (or whoever), and plugged that (valid) information in. One copy smuggled across national lines is all that's required...lots of copies will then be made in X country.
The people it *does* prevent from getting ahold of encryption are the same ones international monitoring is aimed at -- foreign *legitimate* companies and countries. THEY are the ones that have to follow laws and not use illegal encryption software (ya, as a terrorist, I'm *really* worried about not breaking any laws...). THEY are the ones that have valuable information (political and economic) that can be grabbed.
I read an article on the US company that contracted to build China's cell phone network. Everything goes through Beijing, where it can be monitored. They didn't have a problem with it -- "It's what the customer wants, so it's what we provide...we're a business, and our job is to make money...they have a right to run their country however they want" were statements in the article.
The FBI has worldwide jurisdiction.
I guess it's time to start (bomb) inserting words (anfo) into our sentences to (plutonium uranium fission) throw (AAFJ#@L57H8a8e479) off the authorities
The argument that "they're not after me, so why should I care?" is _totally_ bogus! That's just the sort of attitude that has caused the continual erosion of our privacy rights as U.S. citizens. IMHO, this quote sums it up best:
"When they took the fourth amendment, I was quiet because I didn't deal drugs. When they took the sixth amendment, I was quiet because I was innocent. When they took the second amendment, I was quiet because I didn't own a gun. Now they've taken the first amendment, and I can say nothing about it."
-- Anonymous
Oh gee, this is such terrible news! The US Government has decided that it needs to protect it's computer networks from being hacked! What a crime against freedom! I mean, really, people, are you all on crack? There have been an enourmous number of government sites hacked, and they want to stop it from continuing. This is nothing unexpected and is really being blown out of proportion by you people.
"When they took the fourth amendment, I was quiet because I didn?t deal drugs. When they took the sixth amendment, I was quiet because I was innocent. When they took the second amendment, I was quiet because I didn?t own a gun. Now they?ve taken the first amendment, and I can say nothing about it."
It might interest people to know where this came from. The original quote belongs to Pastor Martin Niemoller who had the misfortune to live in Nazi Germany in the 30s:
"First, they came for the labor unions but I wasn't a labor unionist, so I didn't speak up. Then they came for the Communists but I wasn't a Communist, so I didn't speak up. Then they came for the Jews; but I wasn't a Jew, so I didn't speak up. Then they came for the Catholics, but I wasn't a Catholic, so I didn't speak up. Then they came for me-and there was no one left to speak up."
You might want to keep this in mind.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
But don't wiretap innocent people. It's easy for a hacker to swap accounts or jump through machines anyway.
From my understanding of the US encryption laws, there are no regulations on how strong it can be within the borders of the US...
That being the case, along with the fact that the FBI is only a national department (as opposed to the CIA et al., which are international), you can develop encryption methods that they would have large headaches trying to get past. Then outside the US, use weak encryption, seeing as the technically have no jurisdiction there...
-lev
Q: What do you think about American Culture?
A: I think it's a good idea.
(adapted from Gandhi)
You have a point, it is why I resent the whole hacker vs. cracker wars in the first place. By aiding the feds you're not helping yourself. If they had it their way, they could listen in on any voice/data connection at the blink of an eye. Would you be glad if you could say: "Look.. I build those networks!".
Hi. I'm working on a completely unbreakable encryption program. I'll be making an announcement on Slashdot when it's done.
That was a story on theOnion a while ago. It's parody.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
I'd certainly like to see some of the details filled in on this plan, as the NYT was fairly vague about it. This is probably because the plan isn't close to final yet. What sort of "patterns of patterns" are being monitored here? Other than detecting quantity-based attacks such as smurfs and mailbombs, I don't see what this monitoring can accomplish. Most attackers of other systems will look more or less like authorized users in terms of the quantity of bandwidth they use in their attacks. Only by inspecting the actual contents of their packets could you find out what their actions are, and there are way too many packets flying around for that. Also, how is this monitoring system planning to differentiate between authorized users doing potentially dangerous things (rebooting a server, etc) and unauthorized users doing the same thing?
Implementation issues aside, this doesn't necessarily decrease the security or privacy of Internet use. With the proper tools anyone could monitor Internet packets right now, whether or not there is a sophisticated government effort to do so. Plaintext email and other unencrypted data will be no less secure under the FBI's plan, and packets to and from your host to the rest of the 'net will just be logged in one more place than they were before. The loss of privacy and security is not as severe as you would think; mostly because there wasn't a whole lot of privacy and security on the 'net to begin with. There's an understanding that you don't monitor traffic that isn't yours, but there's no guarantee that everyone who can see your traffic is high-minded enough to abide by that understanding.
This is not to say that I support the government's monitoring plan - I don't think it will work, for reasons listed above. And of course I object to my traffic being preemptively monitored by a government party without a warrant or a court order. But I'm not sure even in the worst case there would be as much loss of privacy as there would be loss of the illusion of privacy. If this leads to more pervasive use of strong cryptography, wonderful.
Your right to not believe: Americans United for Separation of Church and
I realise there's room for confusing in the TLA department. But naming a something FIDNET.. That's gotta cause confusion. FIDNET -- FIDONET.
I don't expect anyone who hasn't used a dial up BBS (Hell, I still ring one to play LORD) to understand.
No actually, I correct myself. Anyone who's ever used FidoNet (and knows what it is) will be smart enough to know the difference.
*continues pissing in the wind*
--- "If a man speaks in a forest, and no woman hears him, is he still wrong?"
Hey -
lets all just think about this for a moment. Maybe I'm being simpleminded, but in order to effectively monitor all the traffic on the Internet today, wouldn't you have to have an equal amount of computing power in aggregate to that which is generating the traffic?
Lets just say (hypothetically) that the total combined bandwidth usage on the internet today is 100 Terabytes daily (in the USA). This traffic is generated by a billion computers being online at once, all transferring files, exchanging mail, etc. Wouldn't it take a system (distributed or centralized) of equal processing power to effectively monitor this?
Unless we're talking simplistic monitoring, where some widget is snapped onto the major switches, and whenever it sees some keywords, it generates a signal that computer X exchanged a restricted word with computer Y. But - come on, even that would require immense devotion of computing power (effectively a system that mirrors the power of the switch itself) and it wouldn't even be logging the traffic...
Maybe I'm just being stupid - or overly optimistic. Someone let me know if my hypothesis is correct - that in order to monitor a system that has the complexity of the Internet - one effectively must duplicate the level of resources currently on the internet.
- PW
Let's say you go and visit www.hyperreal.org -- a site that contains, among other things, information about psychoactive substances, some of which happen to be illegal in the US. Now, of course, only drug pushers would be interested in information on such a filthy topic, right? So you wouldn't be surprised to see some cops on your doorstep with a search warrant, the probable cause being visiting the site? And don't bother applying for a government or a government-contractor job: "We see you engaged in some patterns of behaviour that could point to illegal activity on your part. Be thankful we don't prosecute you. Next, please..."
This is fiction right now, but it could easily become reality.
Just use strong encryption for everything. I don't see the problem.
Use of encryption necessitates that both parties do it. In the example above how would encryption have helped me (other than using Freedom.net or some equivalent of it)?
I know it is illegal to export it from the USA, but is it also illegal to use it?
It is legal to use. For the time being, that is.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Why is it that every time the government gleefully steals our rights it's done under the moniker of Anti-terrorism? I remember that following the Murrah building bombing here in OKC, the Pres was in a big rush to pass the newest anti-terrorist legislation. Couldn't have timed it better, because all the sheeple in this country were having their heart-strings tugged at by the media spin. Why didn't they feel the same sense of loss for the children of Waco? Were they not equally innocent? Because it didn't fit in with the government agenda, of course. Waco was okay, because those people were terrorists waiting to happen. Ruby Ridge was okay too. Just a little dust under the rug, media-wise.
..expecting echelon to start watching me any minute now :)
The point I'm trying to make is, think very carefully about things of this nature. It's your right to be a private, law abiding citizen. It's your right to not be snooped on every corner, every phonecall or every email. Terrorism is a bullshit excuse that our government needs to deal with in other ways. Ever stop to think why terrorists hate America?
A good start would be effective foreign policy. And stronger networks, not riddled with weak NT web servers that skript kiddies feel the need to hack at.
Just after reading the NYT story, I wrote an intelligent, coherent letter to my congressman in response to this. I hope you all do the same. Keep in mind that there's nothing an oppressive government values more than apathy and disinterest. If you don't care about losing your freedom, they don't care about taking it.
It could be even more simple than that. We all need to eat the last time I checked, and you don't eat if you don't get paid. That and some people really don't have any morals and can just be bought.
Having failed to control the availability of reasonable cryptography,
the FBI wants to install a giant traffic analysis system. Some
thoughts on this system:
o It represents a second best surveillance tactic after
eavesdropping. If you can't tell what a person is saying, it's at
least interesting to be able to tell to whom they're saying it
(traffic analysis). If the Clipper chip was plan A, this sort of
thing is plan B.
o This is definitely a lot bigger than what any private agency can do
because they FBI can theoretically use the law to gain monitoring
access at any network access point they desire, which a private entity
could not, and likely would not, do.
o Federal law enforcement realizes that the public computer
internetwork has become or is rapidly becoming the world's primary
nexus of communication, and therefore they must be able to analyze it
in order to snoop on the citizenry.
o Traffic analysis in order to hunt for "patterns of behavior that
suggest illegal activity" might lead to a vague fishing expedition
approach to law enforcement. Perhaps this is an attempt to do an
end-run around troublesome fourth amendment protections, which are
fairly well defined in the case of telephone wiretapping.
Interestingly, this seems to me to require that the use of IP
telephony would get far less protection from warrantless search than
regular phone calls. For example, even if you encrypt your phone
call, and even if you use anonymous forwarders, this type of system
might theoretically allow the FBI to detect the end points of an IP
telephony call, unless you handed the call off along the way to the
PSTN (a normal phone company). The FBI could thus ensure that there is no
reasonable expectation of privacy in telephone call end-points, which
might then make such information admissable evidence in criminal
prosecutions.
o The conflation of domestic and international concerns may be a new
tactic in the constant pursuit of greater surveillance powers for law
enforcement. I expect we'll see more of this. Theoretically these
measures are for "national security", and defense against foreign
attack, but that excuse is being used to justify snooping in the US.
The internet, by being a global medium open to easy foreign access,
may well represent the thin edge of the wedge for this sort of
argument, where foreign threats are used to expand the powers of
domestic law enforcement.
Look up and see, the gangster computer god concocted and controlled new fake starry skies. The brazen, deadly computer god controls designed to control you, the terrorized frankenstein slave, through eyesight television and even brainthought broadcast radio. The gangster computer god worldwide systematic deathray that manipulates you, through countless precisely positioned and controlled satellites, will eventually cause premature death and aging, even in thin skulls of educated white males. In 1965, CIA agents beat me bloody, dragged me in chains from kennedy new york airport. Since then I hide, enforce jobless poverty, isolated, alone, in this roadhouse. The brazen gangster sneak deadly police assault me with deadly attacks, even in my yard, with bricks and stones, even deadly touch pavement or around corner trajection of remote controlled killer tarantula spiders, even electric shock flashlights.
:) PTV, E23 is your first clue.
Man, if anybody can tell me where I got this rant, I'll send you a hundred bucks.
As a network security specialist, I'm as paranoid as they come, and because of that paranoia, I am starting to suspect key officials in our government are on crack. Unfortunately, this is knee jerk reactionism at its worst. Think of the government as the worlds pointiest haired boss. As I'm sure most of you know.. the solution to any problem in their mind is to tack on more technology! Nevermind properly configuring and maintaining the products you already have! If the goverment is worried about the vulnerabilities in key network infrastructures, a nationwide IDS is NOT the answer. It does little good to detect an intrusion after the fact, when you could have used those resources to protect the damn systems in the first place. I won't even go into the privacy issues surrounding this.
P.S. Does anyone want to sponser my citizenship to another country?
P.S. Any misspellings or faults of grammar you think you detect are mearly transmition errors, and probably your fault a
Why is it even possible to
break codes? Is there a rule
that says all codes must work the
same?
the next line is a coded message
the eagle has landed
ok, what does that line really mean?
you can run code breakers against it
till the end of time, you will never
know what it means.
Why?
It's my code. And, tomorrow the same line
will mean something else.
Good luck.
oh, I hope all of my internet traffic is
being logged and looked at. should be
very confusing. I'm interested in too
many things.
Feds : this guy is into conspiracys about
mp3 files from the Mermen and checks
Drudge 10-15 times a day while listening
to Phil Hendry on real audio. This guy
is a mess.
The National Information Stool-pigeon Infrastructure is just another case of us lil'ol people not able to fend for ourselves against the meen ol' hackers out there. What'cha bet the same system installed to 'protect us' gets used to enforce collection of taxes on Internet commerce, among other things.
The bureaucracy is expanding to fulfill the needs of an ever expanding bureaucracy.
Chuck
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Am I the only one who finds it odd that they seem to be worrying about "critical" systems being taken down? I think that's a ridiculous claim - if they have anything more critical than a Web or shell server connected to the Internet, then I say they deserve what they get, and every geek should make his/her way to DC for a mass mooning of the White House.
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
The NSA has been monitoring Internet traffic for quite a long time not only on a domestic level, but globally. I suspect the NSA will either turn down the FBI's plan or declare neutrality because A) the NSA would get too much publicity if it was approved and publicity is the last thing they want, and B) they already have such a system. If they downright scrap the FBI plan, that will spurn assumptions that such a system exists and they don't want that either.
What worries me the most about this whole thing is the fact that the Government is trying to impliment this whole thing to have better security in the Government, but in actual practiceit seems like one huge invasion of privacy. I would think that if their security was so bad they had to monitor other people they have a lot more to worry about.
Why would you want to help terrorists?
What bothers me most about this whole affair is not that the United States Government is planning to monitor the private communications of our population (by nature, nation-states and the bureaucrats that run them are control freaks), but that supposedly educated techs and engineers are PROGRAMMING and NETWORKING these monitoring systems. Quit blaming the government and look deep within. We are our own worst enemy. We're just following orders, right?
"We're sorry, but the website you're trying to reach has been disconnected."
They could have called it the Federal Intrusion Detection and Operations Network, but nooooo....
In the UK we have been having arguments over similar stuff for a while now. A group has formed called Stand. You can check out their philosophy here.
The principal is that MPs (a bit like your senators of something) have ways around huge mailbags of complaints about the same thing - whether electronic or whatever. They'll get pissed off, filter the messages, and write back to everyone with some condescending thanks for your ideas. Stand has organised for groups of concerned constituants to send only one full, explanatory letter to each MP and then anyone else who agrees can write a brief note saying so.
You might find a similar approach will work better.
Why is it even possible to
break codes? Is there a rule
that says all codes must work the
same?
the next line is a coded message
the eagle has landed
ok, what does that line really mean?
you can run code breakers against it
till the end of time, you will never
know what it means.
Why?
It's my code. And, tomorrow the same line
will mean something else.
Good luck.
oh, I hope all of my internet traffic is
being logged and looked at. should be
very confusing. I'm interested in too
many things.
Feds : this guy is into conspiracys about
mp3 files from the Mermen and checks
Drudge 10-15 times a day while listening
to Phil Hendry on real audio. This guy
is a mess.
...
-I go to Rice, so figure out my email address
We need to get rid of those silly crypto restrictions or do our best to avoid them and use CRYPTO on EVERYTHING!!!
We need OPPORTUNISTIC (i.e. automatic) LINK-LEVEL (i.e. ipsec) CRYPTO from/to EVERY PAIR OF HOSTS THAT SUPPORTS IT, and we need it NOW!
Encryption + anonymity.
Hey, guys, accelerate your beta, we need this thing now!
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
There will always be people to code whatever you need to be coded.
There are people who live for money because money is power in our world. It brings them their worth and they would sell their souls for it, and even that assumes that they aren't control freaks who think government spying is a good thing.
The truth is more important than the facts.
-Frank Lloyd Wright
It's at times like this that I give thanks for not being in the US. I'm telling you, if you don't like the idea of being trapped in some darker version of 1984, the American geeks should start doing something about it. And I'm not talking about signing up with the Libertarian party or anything of the sort. I'm taking about a revolution. You're one of the few countries in the world with anything like 2nd Amendment rights; use them!
To the editors: your English is as bad as your Perl. Please go back to grade school.
There were rumours that FBI agents were pulling drug dealers out of BC without the support of the Canadian Police.
One thing this could do is force people to start using encryption more. Maybe the gov't has access to your network traffic, but if they can't read it, then who cares? It is probably an infringement of civil liberties, but if they were to get it in place, the net result would probably be a more secure Internet, or at least the part that resides in the US.
Adam
The NSA has 2 branches that do just that. The one branch is responsible for intercepting and 'monitoring' all signals (satellite, etc), the other branch is responsible for communications (ever hear of Echalon (did I spell it right NSA))
There are 9 listening posts around the world, 1 in Virginia, 1 in UK (Ireland I believe), 1 in Australia, etc.
Basically all faxes, phone calls, cell phone, emails, internet activity is monitored, satellite activity is monitored and scanned. Some people think they can scan words, I heard that they do voice pattern recognition. Watch "Enemy of the State"
I hope there are enough people that care about this issue to really hurt Gore in the 2000 election. I'd really like to see him pay by not getting to be president for the assault on civil liberties he's responsibible for.
The problem is, no one makes this an issue in the mainstream media. The only way it is going to become an issue is if we talk about these things at the grass roots with our friends collegaues and neighbors, and make them aware of what has been happening under Gore's tuttelage. The important thing to do is not come off like some wild-ass paranoic, but calmly and completely state the case with valid and supporatble eveidence, i.e. "did you know that under the Clinton Administration frederal wiretaps have gone up 500%."
We have got to make this a major issue in the primaries if possible, be cause there's strong evidence that Boy George isn't going to be any better. (Not to mention the affect he would have on the environment, courts, etc..)
By the way, does anyone have any good references to a complete (accurate!) list of the many attacks that the Clinton administration (and especially Gore) have made on the Bill of Rights during there tenure in office?
And please don't moderate this down. All of us geeks need to stop pretending that there isn't a real political process, with real consequences, out there. Who we elect as our next president coulnd't be more on-topic, IMO.
Wouldn't this be like a wiretap? A court order is required (at least supposedly) to get a wiretap on a phone, but the gov. will now publicly state they are monitoring all internet traffic (they already do). It's also an invasion of privacy. The gov. is so up on privacy on web sites, yet they don't want to give any privacy to it's citizens. And why is the military exempt from this, why should the FBI trust them. And they terrorist excuse is getting really, really old. Do they still think terrorists and the rest of the world is so stupid that they won't know ways around this.
He makes me embarassed to be a Republican
Gag me with a spoon, but when I read this, all I could think about was the trace program running at the beginning and end of The Matrix...
The time when I raise a fuss is when men wearing sunglasses suddenly posses my body. That's just going too far!
Since griping on
Essentially this would be built on an existing packet sniffer but with the added ability to search packets for keywords which the user may input. Once the key word has been found, the IP is placed on a 'watchlist' and all packets will be stored for the user, and rebuilt.
It should have a *very* easy interface for end users, perhaps even a WIN9X port.
Also it should contain statements which implore the user to use it responsibly, but we could also suggest words such as "liberal". ; )
I propose to call it: Santa. Remember-- he's making a list and checking it twice, gonna find out who's naughty or nice..
Then we mass mail copies to government and media people so that they can all spy on each other.
The point is to crystalize to the media and government what issues are at stake with these monitoring systems.
We could spin it so that "individuals ought to have the same rights [to abuse others' rights] as governments currently enjoy."
If interested or have some comments, please drop me an Email, at chappel@home.com
Cheers,
David.
FYI: In some government circles, the proposed system has been nicknamed "Hillary."
Keep going, keep going, yanks, after a while, all the worthy stuff will no longer be done in the United States.
Way to go, guys, way to go!!! Europe will rule!!!
-- ----------------------------------------------
Vive le logiciel... Libre!!!
I kinda have a bias against logging in for the NYT articles, so I did my own searching, and came up with a cool site giving a brief background/history of the NSA and some useful links to other info. Check it out...t ml
http://arena.cwnet.com/~zen/hack/txt/nsamonitor.h
How about an OSS program that, say, once every hour would send a ping to a random host. Considering that many IT people consider a single ping to be an attack, this might set their detection systems off all the time if enough people ran it.
Not.
It's time to start encrypting e-mail on ...
a routine basis? I've always thought the
guys advocating that were kinda nuts
but i'm suddenly not so sure.
What's the difference between this and listening in on someones phone conversations?
"Well..we just want to listen in on your phone conversation to monitor for certain patterns of words that might indicate wrong-doings"
Lets face it, the public sector is so far advanced in terms of tech stuff that the government is just freaking. So what do you do when your freaking.....something stupid and unconstitutional-ish
Next they'll be telling us it needs to be done to Protect The Children. Oh wait, they've already done that :-P.
I hope the knuckle draggers over at the NSA and the FBI get absolutely swamped with people using free encryption software. In fact, I hope they choke on it.
-- ultra1
Their political domain is keeping the power in
the hands of the "right" people.
To say that this is beeng done by only a
"nuisance" or two is a gross misundrestanding.
You obviously need to learn a lot about the
the hidden, ruthless face of politics. And
make no mistake - it all starts with gathering
information about you and most of all
_are_you_way_too_smart_ ? and
_do_you_know_and_share__way_too_much ?
But, rest assured, as of now, you are prblem free.
there is a lot to anarchism. ie righthanded and lefthanded, then there is the crasies..
read Illuminatus! by bob wilson to get an understanding of anarchism...
and there are no contradictions just perceptions...
nmarshall
#include "standard_disclaimer.h"
R.U. SIRIUS: THE ONLY POSSIBLE RESPONSE
nmarshall
The law is that which it boldly asserted and plausibly maintained..
--Colonel Burr 1783
I suggest that everyone take The World's Smallest Political Quiz if they haven't already.
Why worry about all this? The simplest solution would be to hack your preferred OS to warm and fuzzy completely-encrypted status ;o) With a little work, there couldbe a major revolt against the US government. They've tried to stick their noses where they don't belong one too many times. For a country that was founded on the rights of humans, I see them quickly disappearing every time a story like this comes up. Replace all http connections with secure http. Phase out telnet, let's all switch to ssh. Use insanely huge PGP keys for everything ... Grocery lists, e-mails, anything else you can think of. ;oP If this isn't another one of those Oh-the-press-is-stupid-it-never-existed stories, like several others about supposed Bills to be passed, the US government will have a revolution on their hands. You don't have to let anyone into you home anymore, because they don't have to be in your home to monitor what you're doing. Just tap into their net connection and monitor the bits and bytes flying by. "Unalienable rights" comes to mind, among other things. Enough ranting for now.
...what it is that people are doing to be worried about being caught in the first place. I mean privacy is one thing, but usually people use it to hide things that they are ashamed of.
I'm not worried. I haven't done anything to be ashamed of. You can monitor everything that I do all you want to. The problem comes when someone (i.e. congress) passes legislation that makes what I do illegal. I'm more concerned about someone getting ahold of personal financial infomation who shouldn't, therefore that info is encrypted _if_ I ever transmit it electronically.
"Don't put a question mark where god puts a period."