Government Wants to do Massive Internet Monitoring

jht writes "Taking the Clinton Administration's electronic paranoia to new heights, this NY Times article details plans to have the FBI establish an infrastructure (called FIDNET) capable of monitoring all non-military public networks. And you were wondering why they're so down on encryption... The NSA is reviewing it now, with final rules expected in September. " Uh,oh. This is potentially a Very Bad Thing. You may want to e-mail your Congressional Representative about it. (Free NYT online subscription required to read the article.)

Re:The classic quote

[Mr.+Slippery]

When 'they' go after the first of any of these groups (or any other non-criminal groups) it will be time to speak up.

Ah, but the government doen't go after non-criminal groups. First, they declare the group criminal (or better yet, a "conspiracy" or a "threat to national security"), then they go after them. The government defines crime, ergo those they oppsose are always criminals.

Who are they after these days? They're after the pot smokers, the porn watchers, the gun owners, the religions outside the mainstream, the animal rights advocates, the environmentalists, the cypherpunks; basically, anyone who doesn't shut up and do what their corporate masters demand.

I got harassed by FBI thugs once

[forkboy]

for playing f*cking Cyberpunk in Denny's!

Seriously, we used to play every night at the Denny's we frequented, and this was in Denver, about the time the McVeigh trial was going on. Well, in the game, we were planning an assault that involved nerve gas, guns, and a lot of heavy explosives. We were tossing ideas back and forth with the waitress, who was a closet gamer.

Well, some concerned citizen obviously though we were stupid enough to plan a REAL bombing in a public place, and called the police. It got back to the FBI, and they had the place staked out for 3 days, which was when we played again, to question us about it.

It was ridiculous....they had the waitress in back, grilling her for like 45 minutes, and then came out to ask us questions. We were like "Dude, it's a game...here are the books, here are the dice...wanna see my stats?"

So I am on file with the FBI as a terrorist now. Yay.


I know it's off-topic, but I feel your pain, man.

Re:I got harassed by FBI thugs once

[Stonehand]

{chuckle} Ahhhhh, fun. If memory serves, SJG even advertised that very same RPG as the only one investigated by the Feds (apparently who'd been a little sensitive, even at that time, to suggestions regarding cracking)...

Re:simplistic monitoring

[jabber]

This is the truly scary part.
There is no way the government could possibly do this task intelligently. There isn't the manpower and computational power available. You're right.

So simplistic monitoring it will be. And the results will be similar to those of SurfWatcher software... You won't be able to research Childhood causes of breast cancer, hashtable processing algorithms, or anything containing a word combination that some bureaucrat deemed inappropriate in some context.

That is of course for 'in the clear' communication. If you send something encrypted, you'll end up on a 'watch' list, and your activities will undergo closer scrutiny.

And just try to take a guess at who is going to pay for all of this. No new taxes!! But we'll jack up the old ones. After all, it is a matter of national security.

Okay! That's It!

[rnturn]

``The plan was created in response to a Presidential directive in May 1998 requiring the Executive Branch to review the vulnerabilities of the Federal Government's computer systems in order to become a "model of information and security."

In a cover letter to the draft Clinton writes: "A concerted attack on the computers of any one of our key economic sectors or Governmental agencies could have catastrophic effects."''

Oh, I see. The Government finally realizes that it's got to do something about the security of their computer systems and in order to make themselves more secure, the Government has to monitor all citizen's network traffic.

Where can I get encryption software (like that in Cryptonomicon) that allows 4096-bit keys????

RTFA

[molozonide]

Read the article folks, they're proposing two things:

1) The construction of an FBI monitored network behind which nonmilitary government networks would reside.

2) Expanding this monitoring to selectively protect commercial networks.

Comments:
#1 is a Good Thing. As a taxpayer, I have no problems about protecting public property with firewalls, etc. This is just an extension of what the Pentagon is already using to protect military networks.

#2 *could* be a Bad Thing, if those sectors of industry are forced to submit to such monitoring. Given the American tendancies not to trust the government, I really doubt banks, etc. will elect to join such systems if they have to capitulate the standards of encryption they already enjoy.

The interesting part, is that the FBI is jockeying to become the knowledge/technology leader amoung conventional law enforcement agencies. The FBI has already started to internationalize, participating in counter-terrorism, investigating war crimes, etc.

But can the Internet be monitored in a fashion that doesn't affront the American values that the FBI are sworn to protect? Maybe. But that doens't mean that the Federal government doesn't have the right to protect their (our) computers the same way as private networks.

Re:RTFA

[daala]

You are a very good citizen aren't you. Of course they are doing it for benign and helpful reasons.

Must be easy to get elected over their with people like you voting.!!!

Re:Terrorist Computer God

[kahuna720]

Sounds like the work of Francis Dec to me...

Now THERE'S a writer, dammit! Woo-hoo! Read, and
be enlightened. heh.

"Sneak shameless hangman rope gangster government leaders into Frankenstein living death eternal
slavery, I now go to death for your lowest deadly felony crime against me. Frankenstein Earphone Radio
parroting puppet gangster slave do not dare to repeat any part of this truthful message. For like Mr. Francis
E. Dec, Esquire, you too are expendable and you too can be beaten bloodily by the gangster police and
dragged in chains into a windowless telephone booth type prison cell and put into maximum security
insanity prison for undetectable extermination, and by the lowest gangsterism, namely, the law, character
assassinated for life as an insane, criminal menace to this worse Gangster Communism. Now that your
terrified, trembling delirium has subsided have your computer subdivision play out my letter, and you, reread
my letter FOR YOUR ONLY HOPE FOR A FUTURE. Francis E. Dec, Esquire, 29 Maple Street,
Hempstead, NY."

dr. j
"hey, where's my $100?"

Re:Sappy Love Letters

[Mountaineer]

Actually, it wasn't meant seriously, it was a joke, but if you all are really interested. I have written her a few small demos before, and I was considering writing her a BIG CD with pictures and stuff of us, music, and demos on it. I revised that idea, and we're going to make one together while we're on vacation. She'll help pic out pictures, and I'm writing some programs and stuff for it. It should be nice :-)

Good suggestions though guys :-)

Re:Unbreakable Encryption

[spinkham]

Sorry dude, some one invented one-time-pads a while ago...
Beyond that, everything is breakable...

Re:Stickin' it to the man...

[Manax]

These seem like really good points... do you have any references to the security break ins?

It all seems like:

1 Small (perhaps temporary) problem exists.

2 Government claims they can fix it by raising taxes and spending money.

3 Problem gets worse.

4 Government claims that things are getting better or getting worse, but they need to spend more to really fix it.

5 Goto 3

Perhaps the problem is at step 2. The goverment shouldn't be fixing the problems anyway because they have a vested interest in maintaining themselves.

People have that attitude all the time, though. I get strange looks when I say that I see my goal as an software engineer is to make myself obsolete. I want to do my job well enough that they don't need me to do it anymore (because it's soo automated, or so easy that anyone can do it, or because it's completely solved and doesn't need doing anymore...). I want to be able to move on to other things, but most people don't get that. Perhaps people in the goverment more so.

Re:Sappy Love Letters

[Mountaineer]

Actually, it wasn't meant seriously, it was a joke, but if you all are really interested. I have written her a few small demos before, and I was considering writing her a BIG CD with pictures and stuff of us, music, and demos on it. I revised that idea, and we're going to make one together while we're on vacation. She'll help pic out pictures, and I'm writing some programs and stuff for it. It should be nice :-)



Good suggestions though guys :-)

Re:I am f-cking scared shitless

[delmoi]

yeh, wern't those the people who advocated terroism beacuse they knew they could never achive power democraticaly?

why yes, they were!
Idiot, I'd rather have the contry run by microsoft and AOL then a buch of stalin wanabies. I mean compared to the 'opressive' US China, Russa, cuba, North Koria, those places are paradices!

I do think this 'listening' system is a terrible Idea however
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:I am f-cking scared shitless

[delmoi]

Yes, of couse, wern't those the guys who advocated terrorism beacuse they knew they could never achive what they wanted through a true democratic process?

why yess they were!

no goverments, just 'syndicates' like microsoft? woohoo! sounds like a plan!
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:Money- Tool of Tyrants

[pos]

Agreed...

The person isn't evil, isn't a tool, and really believes in the goal, is convinced of the sincerity of those he/she works with...

This person is a tool of a larger organization, although in this case more or less ignorant of his/her involvment. My point is that you cannot stop this kind of invasion of privacy by appealing to the techies who write code for the FBI.

I personally believe that there is a lack of people who hold their own beliefs and convictions above money in their own pocket. We can only hope to educate and pursuade those who don't have these convictions, but how many of the remaining ones who believe that this is wrong will turn down that high paying offer from a government agency because they know it is wrong?

I know I would, and I suppose you would too. You give me faith that there are others as well. They are not bastards who need to be shunned, or made fun of, or ridiculed. I believe there is more to life than money and I hope these people will believe that as well.

Re:Stickin' it to the man...

[PerlGerl]

FuckITAR is a GREAT name for some easy-to-use encrytion software... ;-)

Left and Right, Socialist and Capitalist

[Mr.+Slippery]

Calling something socialist doesn't make it so, just like calling something a "republic" doesn't make it a representative form of government. The members of the Union of Soviet Socialist Republics were neither socialist nor republics.

In its most basic form, socialism simply means an economic system based on the exchange of labor, as opposed to the capitalist system which is based on ownership of resources. Socialism may or may not be statist - the exchange of labor may be either voluntary or directed by the state. (Capitalism, OTOH, relies on a strong state to enforce property claims. "Anarcho-capitalism" is a contracition in terms.)

"Leftist" orginally meant favoring the interests of the "common folk", as opposed to the "nobles." (Supposedly nobles sat to the king's right, commoners to his left, but that may be a UL derivation.) These days, the equivalent to the nobles would be the capitalist owners, while the commoners are the workers. ("Work" must be understood to include intellectual labor - failing to do so is a common error amoung socialists.)

This "socialist-capitalist" dimension is independent of the "free market-central control" and "(small l) libertarian-authoritarian" axes.

Re:Left and Right, Socialist and Capitalist

[Mr.+Slippery]

Except that exchange of labor involves ownership of resources...I own my skills and I sell them to the employer that gives me my best return.

If you own your skills (and I don't think that "own" is the best word for it, your body and mind are not property, they are much more intimate than that) you do not own them in that same way that someone "owns" a piece of land. It is this second sort of ownership that capitalism requires.

Nobility of the past and owners today have about zero in common.

Nonsense. Nobles of feudal times did no useful work but made their living off the peasants who worked lived on "their" land (as granted by the king). Modern owners of capital profit from the workers who use "their" resources - that is, who work for "their" corporation (as chartered by the state), or mine "their" metals/drill for "their" oil/cut down "their" trees (as deeded by the state), or pick crops grown on "their" land (as deeded by the state)....

Nobles got, and owners get, special treatment from the goverment, because the government exists to serve them; nobles could injure commoners without being punished, corporate criminals can and do maim, injure, and kill and laugh all the way to the bank.

We are all owners now.

A beloved American fallacy. You're not an owner until you make a living by owning rather than doing.

Marx's writings only make sense within a classed society. The US is without a class system(please do not respond with any arbritrary cuts like middle class v upper class),

It's not an arbitrary middle vs. upper class distinction, but rather the very simple and concrete division between those who work and those who "own" the resources.

Can you tell me how a socialist-centrally controlled-libertarian system would work?

Since centrally planned economies tend to suck, I think it would work rather poorly. B->

The state would decide what work needs to be done - how much food the nation will produce, how many acres of corn to plant, how many pairs of blue jeans, et cetera. That's the central planning part. (And it generally wouldn't work too well in the long term.)

It would try to find people to do it, either going directly to individual workers or to groups of workers in voluntary organizations. That's the socialist part. (As opposed to a capitalist system, where the government would go to the owners of corporations or their proxies - CEO and board of directors).

Workers would be free to go it on their own or to band together in voluntary groups, sort of like employee-owned corporations. And other then directing ecomonic production, the state would pretty much leave you alone unless you were violating or credibly threatening to violate other people's rights. That's the libertarian part.

Re:Left and Right, Socialist and Capitalist

[daala]

No class system

HAHAHAHAHAHAHAHAHAHAHHAAHAHAHAHAHAH!!!!

You are either stupid or completely naive

Re:Technical feasibility?

[Eric+Hillman]

Excluding extremely high-traffic servers, a PC that is connected to the internet is devoting anywhere from a tenth to a thousandth of its processing power to the task of actually generating net traffic. I would estimate that a ratio of 1 PC monitoring to every 100 actually generating traffic would be more than sufficient. I imagine you could get away with a ratio closer to 1:10000.

It seems to me, from the article, that they'll be concentrating on specific points of vulnerability. That is, data flowing from Joe's ISP to Jane's ISP down the street will probably go unmonitored, but data flowing from Jane's ISP to Chase Manhattan Bank will be tracked and catalogued. At least, that is how it would be likely to work if they were really trying to defend the vital points of our data infrastructure against attack, which is what they claim. Any evidence to the contrary would seem to me to point to definitely sinister motivations.

Actually, that brings up an interesting point. The stated aim of this system is to detect attack and intrusion attempts -- the worry is that it will be misused for surveillance and monitoring of private communications. But a system that does one should be constructed differently from a system that does the other. I'm no expert -- perhaps someone out there would care to expound on whether that statement is accurate, and what those differences are most likely to be.

Re:Gore should be held accountable

[Superfreak]

The only problem with this idea:

The primary alternative to Gore (G.W.Somethingorother) has absolutely no respect for the bill of rights either. Haven't heard that much about it lately, but his campaign has been Lawyer-nastygramming a lot of sites simply for the mention of his name...They even shut down a supporters site. Seems he has never heard of (or doesn't acknowledge) the first amendment. Of course, if it went to court, the site-owner would win, as it's valid commentary/satire/some form of protected speech...but I wouldn't be surprised if a few visits from the Secret Service occurred anyway.

Okay...the point (If you've read this far)

CONGRESS is the root of the problem - for some reason, they seem to feel a need to pass laws on everything. Repeatedly. Even when it is something that regulates itself quite well, they just can't keep their fingers out of it.

My suggestion: Voter rebellion - Don't *ever* vote for an incumbent - always vote for a challenger. If enough turnover is generated, we might start seeing normal people running, hopefully eliminating the professional politician class. If people with a job went to DC, did the job for 2, 4, or 6 years, they would probably at least be closer to the cluetrain than the existing taxpayer-supported leeches.

Wow..guess I'm getting a bit hostile towards our elected officials :)

Re:Worldwide

[jukervin]

FBI nor CIA nor NSA have _any_ kind of jurisdiction outside the US borders. FBI operates domestically and CIA operates abroad. The thing is i guess most of the CIA operations are illegal by the laws of the country they are operating and by international conventions. To me CIA is no different from the "evil" KGB. Both are propably spying on Finnish high-tech industry to gain trade secrets for domestic industry.

The thing is that currently there is no counter-force to the US. It's rather unfortunate since they no can do pretty much what they please and there is no one that can do anything about it. EU should do something about it. Echelon for example which is operating on European soil.

netscape

[delmoi]

god damn netscape crashes!!! l;asdjkfl;asdfjkl;sdfjka
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:Time to play the definition game...

[bungalow]

I can neither confirm nor deny specifics about Marly or Greatful Dead stickers, but:

There are still a disturbing number of search-and-seizure^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H ^H^H^H law enforcement assaults against people who are guilty only of DWB / WWB / BBIP**

There are an alarming number of children being sent home on a regular basis for wearing the wrong color shirts (ie gang-related colors)



**Driving While Black / Walking While Black / Being Black In Public



Fuck with a cop today! Hang your License plate upside down!

Re:Codes

[Raelin]

The thing is, in order for that code to be a valid communication tool, someone has to know what it means. In general, things that require a codebook or codetable aren't breakable, except if you get a copy of the codebook/table. That's why the germans thought they were secure in WWII. They were using code books, that we somehow managed to get our hands on. (sneaky americans) Randomly changing your definition of a code based on time will only work if the other side knows about it and how to handle it.
There are some computer encryption schemes that require a codetable, but then, if someone gets ahold of your codetable, your encrypted messages are easily breakable. The current standard is to make it so that you have to run an ungodly amount of checks to break the encryption. On Unix, the code for the passwords was chosen because a) it was a one way deal, meaning that the output could not be processed back into the data, you have to process the data through the same engine and check it, and b) it took a little over a second to calculate the encrypted value of one password. It has a random seed, between 1 and 4096, and that's before going into each character. To hack one password, it would have taken a little over 10M years or something disgusting like that. Look at the rc5 distributed net. It takes quite a host of computers and its still taken a long* time for them to grind down on the numbers.
Basically, you have to have some pattern so that the person you're talking to can reproduce the message, otherwise, you're just being solipsistic. Of course, my take is that this whole world is my solipsistic nightmare, but you're probably not going to subscribe to that.

--Raelin
*long is a very relative term. Given that I just mentioned 10M years, a few years isn't very long comparative, but still, if you're trying to get information that might give you an advantage, chances are, you'll find better ways to get what you want.

PS On another note, isn't it possible (Note, I'm not a trained mathematician, just a college student) to develop a code that produces multiple human readable results, one as the real result, and others that would be there to throw off the trail?

Jurisdiction

[???]

As someone who lives outside the U.S. I don't accept that as a reasonable solution. All of my traffic that goes out of Canada gets routed through the U.S. Does that put my traffic under the (domestic) jurisdiction of the FBI because it passes through some switches/routers in the States, even though neither of the end points is American?

Now, even if FIDNet has no jurisdiction over me, what about the CIA/NSA? If the U.S. government is putting so much research cash into _spying_on_their_own_citizens_, do we believe that this research will not also be shared with their external agencies?

The right answer is to develop strong encryption methods in a country which does not have stupid hypocritical export regulations, and export everywhere.

"Q: What do you think about American Culture?
A: I think it's a good idea."
A2: But not a realistic proposition...

Re:Jurisdiction

[I+R+A+Aggie]

Now, even if FIDNet has no jurisdiction over me, what about the CIA/NSA? If the U.S. government is putting so much research cash into _spying_on_their_own_citizens_, do we believe that this research will not also be shared with their external agencies?

YM 'developed by' not 'shared with'. HTH.

James - you realize we're all on the 'A' list of subversives?

what they want to monitor

[delmoi]

"public networks" in this sense refers to the whole internet, not just the web or somthing. like a "public park" or "public land" (the goverment would be able to listen to anything you said in a park, or where you work....)

this would iniclude email, ICQ, as well as things like usnet posts
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Bill Of Rights

[Uart]

Its Unconstitutional See Ammendment IV

Amendment I

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the
press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

Amendment II

A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed.

Amendment III

No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law.

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no
warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or
things to be seized.

Amendment V

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases
arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same
offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty,
or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Amendment VI

In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the state and district wherein the crime
shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to
be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the assistance of counsel for
his defense.

Amendment VII

In suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury,
shall be otherwise reexamined in any court of the United States, than according to the rules of the common law.

Amendment VIII

Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.

Amendment IX

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Amendment X

The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the
people.

me... paranoid

[The_Jazzman]

I think we should accept it now - our privacy is slowly eroding and will soon be a thing of the past... paranoid ? Not if they really are after you...

Re:me... paranoid

[Rozzin]

... our privacy is slowly eroding and will soon be a thing of the past...

Privacy? The statement was that they want to monitor (contradicting the `policing' mentioned in the anonymous comment above yours) all public networks, right?

Does this effect private communications?

If they only want to look at public stuff, big deal--if you don't want someone to be see your stuff, don't show it to them; if you don't want it public, don't make it public.

As a number of posts have already mentioned (so I'm being a bit redundant--apologies), the government(s) already monitor both public and private communications, sand permission, though they don't do a hell of a lot with what they see.

How much public-network data is locatable with the zillion nifty search engines, right now?

Re:me... paranoid

[um...+Lucas]

It's not slowly eroding. It's gone. Sorry to break the news.

Even if you do encrypt all your communications, the headers on your email say where the mail came from and where it's going. This is almost as useful as knowing what is actually said, when combined with other information, say, banking transactions.

Credit reports are only a SSN away.
SSN's are only $50 away

Everything about you is available to anyone willing to spend a little (very little - say $500) money...

Urg!

[Inspector]

Man, that is exactly the kind of attitude that governments love to spread, because it makes the job of taking away your liberties that much easier. When the entire populace takes on this "Holier than thou" attitude, trying to prove to each other that "they have nothing to hide", the government has already won.

missing the point

[The+Queen]

All you freaks who say "why should you be afraid" are missing the point. It is not out of fear of being caught. It is a constitutional right.
Geez, governmental voyeurism should be scaring the pants off you people!!!!!

The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk

Dont' forget japanese internment

[delmoi]

as far as attacks on civil liberties........ (also during world war 2)
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

wow.....

[delmoi]

it's amazing how stupid people can be sometimes.....
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Hellooooo? This is already being done!

[adr]

C'mon guys... the US and its band of cronies (Canada, UK, NZ, Australia) do this already. Remember? It's called Echelon. Echelon Echelon Echelon. And it's nasty.

-- adr

Re:Hellooooo? This is already being done!

[Bobzibub]

It is illegal in most countries to monitor their own citizens this way. That is the 'beauty' of the current system. I believe that you'll find that Canada (allways happy to wave our flag..) is involved on 'spying' on US citizens. And Vice Versa.

Geographic proximity would be important here--allowing greater access than just trans-continental links. Of course the extent of cooperative spying has never been admitted due to the obvious political problems.
Encrypt, Encrypt, Encrypt!

Re:Hellooooo? This is already being done!

[Ray+Dassen]

I've not seen reports that Echelon is employed within the US itself. From what I've read, Echelon employs the hardware formerly used to spy on the Eastern block to spy on Europe as a whole, focussing in particular on industrial spionage.

Re:Hellooooo? This is already being done!

[BugMaster+ChuckyD]

Actually they try and and monitor all traffic world wide, it is used to do industrial espionage on the Japanese as well as the Europeans. Furthoermore although its illegal for the US to spy on US citizens communications without a warrent, its not illegal for the UK or NZ or Austrailia to do so and to share any information they deem important with the US. IF your teleophone call bounces off a satelite, or your e-mail uses a international cable Echelon can see it.

Re:Hellooooo? This is already being done!

[daala]

Oh it's illegal that's alright then. Governments have never done anything illegal have they - Radiation testing on patients, MKII Ultra program run by the CIA, lying to their own citizens and in court as well (impeachment), embezzle money (ala Whitewater)

Come on, take of the rosy glasses. Or have you already accepted their form of reality. In that case go back to watching some beef slapping Baywatch tittie on TV they know how to keep you pacified

Re:Hellooooo? This is already being done!

[poink]

If I wipe my nose with a tissue from a transcontinental flight, does Echelon know about it?

Re:Hellooooo? This is already being done!

[cale]

Only if you are American traveling on a British Airways flight with an Australian stewardess taking off from Toronto. Isn't international politics fun?

Re:Hellooooo? This is already being done!

[nstrug]

Echelon is employed in the US. It's illegal for a US agency such as NSA to routinely spy on US communications but not for British GCHQ to do so, but guess what, GCHQ shares all it's information with NSA...

Re:I waited

[The_Jazzman]

Nope, second...

When will you sad, pathetic, "Look at me, I'm a first-poster" kiddies finally get a life ? You server no purpose but to annoy....

To keep on-topic, perhaps if we are watched by the various American agencies they could at least put an end to the sorry individuals such as below...

A Plea...

[jcrosby]

The description under the post on the main page says you MAY want to write your representative. I'm begging you all -- PLEASE write your rep! Posting on /. only won't solve the problem. Please take action. Once momentum for this sort of thing builds up, it's almost impossible to stop. Let's use our community size to have some positive influence.

Re:A Plea...

[DavidCarrico]

Do as I have and let your congressional representative KNOW how big of an issue this is. The silent masses are slowly being robbed of their individual freedoms one at a time. Stand up and show some solidarity! I can't believe some of the people writing comments on this page...ready to lay down and let the Man walk on in. Didn't you guys see Braveheart? Grow some nads and do something before it's too late!

Re:A Plea...

[bdowne01]

I did it.. it's quick and painless. This freaks me out.. I really get spooked everytime they mention some nationwide monitoring system...uh.. hello Russia?

WHO CARES!!!

[wakebrdr]

Didn't you hear that Barry Sanders is retiring from the Detroit Lions???

It's a network - route around the problem

[PaulWay]

You know what the first thing that I think is?

"Hmmm - I wonder how good the Indian Ocean link is. Because we could always just cut the U.S.A. out of the link completely. Let them sort it out and connect them up once they want the rest of the world back."

I fear this sort of thing - it produces yet another block of mindless statistics, generates more FUD against the Internet and the whole reason we should be getting computers to talk to eachother in the first place, and serves only to increase the importance of the watchers at the expense of the watched.

Leave aside methods of IP forging and misdirection, and the possibility of abuse by hackers and corrupt agencies. You've still got the threat hanging over your head. The FBI might not have any power over me as an Australian Citizen directly, but no doubt ASIO would love to help its big brother, and even if I was immune to that pressure, there's always the people I've been talking to, and the servers they run, and ...

Write to your congressman. Do everything in your power to point out the futility of the Big Brother mentality. The best argument is to ask to see their records on public display. After all, if you knew who a terrorist was, wouldn't it be easier if you could use FIDNET's tools? No big surprise that this doesn't appeal to them...

AFAICS, you people in the USA have a problem. How to stop the mentality of blame and mistrust in your government that is crippling your education, legal, communications and health systems, and turn it around into productive work. I don't have the solutions - you'll have to do the best you can.

Re:It's a network - route around the problem

[daala]

Pity that most traffic goes through the USA anyway because of the large amount of ROUTERS and BACKBONE they have there.

Nice idea though!!

Re:Worldwide

[apathetic]

the fbi has some authority in some countries such as russia b/c of inter-gov deals to work with international crime. not that not having authority has ever stopped the us from interfearing with other countries... really they are just advsiosors... with guns, not a some covert team underming your govenrment

Re:I waited

[The_Jazzman]

Fair point. From this day forth I shall duly ignore all first posters...

Re:Time to play the definition game...

[cswiii]

hehe. before I scrolled down and saw your definitions, I was thinking other things.

s/black/baked/g

:)

Re:I am f-cking scared shitless

[The_Jazzman]

Whilst the point you are making was not argued, the stuff about knowing your email address and the like is rubbish... the *only* things that are sent when you contact a page are such things are what browser you are using, what page you requested, what OS, your ip address and the like. Yes, they can find out your ISP from your ip address (have you ever done a traceroute ?) but that's no problem... just sign up from a library computer to one of the free isps that is quite happy to allow Mr A B from CDE to have an account.

Fidnet Information

[TaxSlave]

I've decided to collect any links to articles, or other information I can find on this story and post them at fidnet.homepage.com.

Just added the CDT commentary, which also has the draft itself, online.

Re:Routine Encryption: Maybe not the Answer

[Danse]

how much disclosure can we squeeze out of the government and powerful organizations?

Never enough probably. We don't have that kind of control over our government. The way we're going, we'll continue to have less and less control. As long as elections continue to heavily favor the 2 main parties (not that they are much choice when you can't tell the difference between them much of the time), we'll never be able to vote for real change in the government.

Bad mistake in this summary

[phil+reed]

The summary of this article says "the National Security Agency" is reviewing this proposal. Now, I will admit that I don't know what input NSA might have, but that's not what the NYT article says. Instead, it's the National Security Council, which is a completely different animal. The NSC is a bunch of advisors, not a spy agency.


...phil

Re:Bad mistake in this summary

[daala]

That is not strictly true.....


Ever heard of a thing called the MILITARY INDUSTRIAL COMPLEX (look back to this councils roots during Roosevelt, WWII)

Re:Sappy Love Letters

[Mountaineer]

The RFC doesn't seem to address the possibility of using African Swallows, which are my favorite since they have good distance, can carry large packets (2 of them can carry a "coconut"), and decent speed.

Re:The US Govt. Wants to Protect It's Network?

[daala]

So they are afraid for their own networks. But that doesn't stop them hacking into Slobodan Milosevic's accounts to try and stop his flow of money or any other of a thousand and one kooks out there. So I guess we choose who we give our civil rights to don't we. Of course the people effected can't complain they have been branded criminals by the ISA (INC STATES OF AMERICA)(I don't support any of these monsters so don't go after me on that!. You think they don't do their own snooping (don't be so naive) I with them being able to monitor traffice at ROUTERS (NOT AT GOVERNMENT SITES AS YOU SO ERRONEOUSLY DEDUCED) they will be able to see all traffice. ECHELON have been doing this for years and I guess the FBI are chaffing to have a go as well.

Remember that the government of the United States is it's people not peppered hair man who can't keep his dick to himself!!!

Re:The US Govt. Wants to Protect It's Network?

[Mr.+Slippery]

There have been an enourmous number of government sites hacked, and they want to stop it from continuing.

Then they should:

• not put sensitive data on machines directly connected to the Internet
• hire competent admins
• run stable and secure OSes and servers
• use B-level trusted OSes and implement serious physical security for machines with sensitive data
• configure servers properly
• apply all security patches

That would be a hell of a lot more effective than snooping everyone's communication, wouldn't it? I mean, if the objective were really to stop website vandalism and the compromise of sensitive information.

Re:inside the US / outside the US

[daala]

Not really...

When I was at Sydney University (AUSTRALIA the 53rd state of America) we had the FBI investigate over infiltration of the NASA site. Since the site accessed was on US soil the Hoover boys where justified in coming over here.

Not only that speaking to a friend of mine who is in the FEDERAL POLICE (similar to the FBI in OZ)he said that the FBI do have jurisdiction here upon cooperation with an Australian Agency or Government body. Seeing as we are so far up the ISA's ass do you think we would say no!!!

Re:A Plea...And KISS

[mwa]

AND: Keep it simple. Explain to them that there is nothing special about the internet. E-mail should be as protected as snail mail; chat as protected as a phone conversation. Law enforcement and security agencies have every thing they need to legally monitor communications. It's called getting a warrant and it requires proving to a judge that there is likely to be something amiss.

Most govmint types "Just Don't Get It" (TM).

Cryptography is nothing more that putting your private letter in an envelope and expecting that the Post Office will not open it.

Re:The classic quote

>1. Labor unions ?
>2. Communists ?
>3. Jews ?
>4. Catholics ?
> When 'they' go after the first of any of these
> groups (or any other non-criminal groups)


Now who decides what is a criminal group? Of course, you know it's criminal to be a Labor Unionist, Communist, Jew or Catholic. ;)

As for in the US of A, they've already started to go after the dope smokers(all property stolen and sold + 30 year sentence for smoking pot), to a smaller extent the nerds(anything you own that involves electronics or telephony in any way gets stolen if anyone(usually someone in the FBI looking for a case) says you might have done anything possibly illegal with a computer and you never get it returned, plus some accused have spent long times in jail without trial), and probably a lot more that I don't know about. They've been going after the Native Americans for so long that people don't notice anymore, IIRC the last military action was in the 1970s, and theft of land and property continues to this day.

I've never done illegal drugs or cracked, illegally hacked, or phreaked, so don't call me a dope-smoking h4x0r lamer. These things are happening in the US, and if you live here in the States you should be very concerned.

You should be concerned that people are getting life sentences for petty crimes. You should be concerned that people are getting pulled over, harrassed, and arrested for Driving While Black. You should be concerned that the people have lost their constitutional right to constitute a fighting force powerful enough to defeat an invading army, or to defend against the US military if the government becomes corrupt. You should be concerned that the Congress is considering an amendment to the Constitution that will make it illegal to protest against the government by burning a flag, which if it becomes law will be a precedent for further legistlation restricting public protest.

As for the topic, monitoring the public does not show a desire to solve crimes. It shows a desperation to find criminals which makes every citizen a suspect of crimes that have not yet been commited. Public monitoring could also be used to find people who do not like certain government policies(say, public monitoring for instance) and punish them in underhanded ways such as ordering an IRS audit(It's happened before, Nixon ordered the IRS to audit several of his political opponents).

Most people consider themselves to have a right to privacy. The gov't does not need to hear their telephone conversation with their aunt, the gov't does not need to see what's in the love letter they're writing to their [g|b]f, the gov't does not need to watch them take a piss. You get to the old envelope example -- If we didn't value privacy we wouldn't use envelopes, and it is in fact a federal offense to tamper with mail.

The government already has the powers to post surveillance on somebody, however they need to go through a judge and present evidence that this person may be a criminal. If the gov't doesn't have a good reason, the judge can tell them to stuff it. With public monitoring, this important legal right will disappear.

These 'rights' are often considered 'loopholes' that let guilty men go free. We have them for a reason. The founders of the US knew what a corrupt police force did compared to an honest police force, and drew up a set of laws that requires the police to be honest. When the police have acted in ways which deprive the rights of the suspect, you will read in the morning newspaper about a guilty man who has gone free because of a loophole, never mind that a man is not considered guilty until he has gone through a trial and been found so. Losing suspects and evidence because of acting in an illegal manner is what keeps the police forces honest. When we lose these laws and regulations, we stand to be ruled by a corrupt police system.


-Perpetual Newbie

Please do not put links of Times!

[Quebec]

Times got a mandatory registration process and This kind of measure should not be encouraged.

I would like reading Times articles but I don't like being categorized and I don't want anyone to control the information that comes in front of me.
I accepted the registration process of Slashdot b'cause they enable easily everyone to be anonymous but I don't trust a bigger company doing the same.

Times does not enable easily and clearly a way to browse its articles anonymously.

Re:Please do not put links of Times!

[phil+reed]

So use the login "cypherpunks" password "cypherpunks". That's about as anonymous as you can get.


...phil

Re:Please do not put links of Times!

[Mr.+Slippery]

Try:

login: cypherpunks
password: cypherpunks

Folks have set up "cypherpunks" accounts on many of these registration-required websites. (My favorite is the cypherpunks login on the Amtrak website...)

Monitoring network intrusions

[cmc]

I find it difficult to believe the government is deluding itself into believing that somehow it can detect "network intrusions" -- let along determine whether these network intrusions were not from someone being paid for security testing.

And they are further deluding themselves in believing that they can monitor all of the Internet traffic.

secure webmail

[delmoi]

actualy you can SSL hotmail, I think.

there's also a site called "hushmail.com" witch uses 2048bit ecryption in java. it's not a US company, obviously...
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:HaHaHa

The ACLU does not favor Clinton. Maybe take a look at their site. The ACLU consists largely of libertarians (socialist and capitalist) and such. It is well known, even among hardcore democrats that Clinton resembles more of a moderate Republican, than a "liberal" Democrat. Al Gore is even worse. This blind party loyalty/hatred is stupid. Not all democrats meet certain descriptions, nor republicans. Democrats are FAR from left wing at all. They tend to favor a bit more social spending, but that's about it. I don't like either side, because as you move more to the left of democrats, it tends to be limiting of freedom, but more help for those who need it. More to the right, more control over your freedom, but more favor to corporations. Not that either side dislike corporations, they're both business friendly political parties. I don't see how anyone could disagree with this. Democratic party does not equal Communists. The republican party does not represent fascism, although both seem to be fairly close to fascism. They both get paid off by the wealthy and corporations, so, if one party really opposed them, it'd be unlikely the rich and corporations would invest into their funding.

Glad to see someone hasn't jumped to conclusions

[PenguinDude]

Yeah, I think you're right. The article mentioned gave too little details about what exactly Big Brother had in store.
Remember, the NYT got all of it's information from the civil liberties union (mention in the first paragraph). They themselves did not look at a copy themselves. All they said was
"A draft prepared by officials at the National Security Council last month, which was provided to The New York Times by a civil liberties group..."
A draft. Nothing more. Furthermore, what makes everyone so sure the "civil liberties" group in question didn't leave out parts of the report in order to obscure some facts about it.
I believe
A) The government has a right to be worried about a cyber-terrorist attack
B) They already have anti-terrorist laws in effect for "conventional" technology, why is this any different
C) Until we see a final bill, unabridged, and not some NYT article giving their insights to a civil liberties insights on a bill that isn't even out of a subcommitte yet, let's keep the hysteria factor to a minimum.

It's not like I'm not concerned about it, but as it stands now, we don't have enough information about it to really base our judgements on.

Re:Ooooh, good!!! More shooting in the foot!!!

[daala]

Oh yeah that's right. Like you didn't follow them into IRAQ, KOSOVO or anywhere else they want to send their stormtroopers, oh that's right there called NATO PEACEKEEPERS. You where so powerful that you never had US troops protecting you from the RED BEAR during the COLD WAR. Had so much money that you needed a MARSHALL PLAN after WWII and if you hadn't had the YANKS at the beginning everybody would be singing DEUTSCHLAND UBER ALLES by now.

Grow up or grow a brain - your naive nationalism is not based anywhere in fact or even fiction,.

Kiss off moron

Re:Read the article a bit more carefully

[daala]

Fuck you!!!!!!!

I do not take drugs nor have I ever taken them.

Go fuck the prom queen moron!

Re:Encryption up the wazoo!

[Colol]

Since posting this, it should be noted that strange things have started happening...

Just today, maybe an hour ago, some guy pulled up across the street in a Green Ford Explorer and took pictures of my neighbor's house and my house.

Big Brother is watching.

Re:Don't say you haven't been warned

[matthewmccoy]

From what I have been told by people, many groups/organizations are allowed to monitor the Internet. I have been told that MSN monitors the things that you do while connected, and if you do bad things (which I wouldn't ever do :) such as downloading illegal software, sending illegal stuff, they can catch you. I don't think that the Internet should be monitored by the government, because I think that it's the person's responsibility to take the concequences for one's actions, and if anyone really wanted to plan a huge bombing or something, they wouldn't leave their tracks!
I noticed before someone posted that all the money that they're spending on this could be used to provide houses for all the homeless people in America. I don't think that that's too true, but I'm sure that if they really needed to waste their money they should waste it on a good cause that would help everyone. I do not think that the FBI should monitor the Internet, because we are entitled to our first amendment. I'm no lawyer or anything, but I want my rights respected!
Matthew McCoy

Re:makes me wonder

[Mr.+Slippery]

Are you ashamed of making love to your (boy/girl)friend?

Do you do it on the front lawn, or do you prefer a bit of privacy?

People prefer privacy for things they want to be private about. That's all; no value judgement or assumption of shame can or should be implied.

PGP and PGPNet

[Barbarian]

PGP and PGPNet allow 4096 bit keys.

Re:Time to play the definition game...

[georgeha]

I've heard that too, about the Dead sticker, on the Grateful Dead newsgroup, though it usually seems to be a southern or midwestern state. Deadheads that use stickers that aren't blatantly "Dead" like are said to be driving stealth.

From my own experience, I've driven with Dead stickers on my cars for 12 years, I was pulled over once in Atlantic City for inadvertantly running a red light, and was let go, and once in Rochester for forgetting to turn my headlights on, and was let go.

I think the police in Rochester have better things to do than pull over Dead or Phish stickered cars (about 10% of the cars on the road it seems).

George

Re:Time to play the definition game...

[georgeha]

My brother-in-law is about as square as you get, and he has a Marley sticker on his wagon. (I think it makes him feel less square to like Marley).

I've always had at least one Dead sticker on my car, to ward off evil spirits.

Anyhow, Rochester police don't have the manpower to pull over every car with a Dead sticker, and I think I read in rec.music.gdead that 30% of cars with bumperstickers on them in Massachusetts have Dead stickers on them.

George

Re:Terrorist Computer God

[Eater]

Francis E. Dec Esquire!

Re:Because most of the press are democrats

[Stonehand]

Really? I've seen probably more references to the Brookings people than, say, their opposite numbers at Cato. At least in print...

It's arguable whether the Dem's serve business as much as the GOP, given their traditional pro-labor stance and their general opposition to lowering capital-gains taxes and so forth. Still, a smart businessman will give to both major parties...

Anti-war arguments? Well, yes. Historically, at least -- look at 'Nam, for instance, in which the Tet Offensive was portrayed almost as a VC victory. 'course, all sides warped the truth horribly in regards to that conflict. There was some coverage of your "no-blood-for-oil" protesters regarding the Desert Storm. I did see occasional coverage of pro-Serb/anti-Nato protests in the US and elsewhere, so it wasn't completely lopsided...

Re:It's all a gummint conspiracy

[Error+404]

Um, you compared the stamp price increases to the inflation rate over substantial time periods lately?

The latest stamp price increase covered the inflation rate for the year it happened. But there are typicaly several years between stamp price increases.

Stamps are getting cheaper, not more expensive, in fixed-value dollars.


Fear my wrath, please, fear my wrath?
Homer

Re:The classic quote

[Eric+Hillman]

"First they came for the slashdotters and Ilakwejrl;mph'

This could get to be a real problem, folks.

[fable2112]

On the one hand, I'm not one to encourage needless paranoia. On the other hand, I don't like this.

I'm in a fairly militant mood these days for both personal reasons (as discussed on the Ticket Booth Tyranny thread) and political ones ( Damien Echols' Rule 37 appeal was denied, and I'm very pissed about it).

Post-Columbine, a friend of mine was given trouble for wearing a BEIGE trenchcoat. If the Powers That Be (or anyone else) start looking for a certain "profile," then anyone who has anything in common with that profile is screwed. Where I live, there have been a lot of recent stories concerning racial profiling. (Maybe THAT is why more African-Americans aren't on the net. *wry smile*)

But of course, it's not just race. If someone wants a scapegoat, it's easy to pick a likely-looking one. This goes on in schools, it goes on in law enforcement, and it goes on in politics.

I'm not over-cautious with personal info because I don't feel I have to hide things from people. However, I realize that if things in this country get really crazy, I'm going to be one of the first people that gets harassed for being a social deviant.

The FBI's probably got a file on me as it is, but as long as I'm not kicked out of my housing or prevented from getting a job or arrested for something I didn't do (or something I did do that shouldn't be illegal), I don't give a damn. However, I've got contacts, resources, and what-have-you; many of my fellow social deviants aren't quite so lucky.

So I fight for their right to keep their correspondence and personal details private. And since some of them talk to me over e-mail, I don't want anyone reading my e-mail either. Things that I do that are public or semi-public record (/. posts, my web page, petitions I've signed, that sort of thing) are obviously things that I don't mind having traced back to me. But there are a lot of people who can't or choose not to be as open as I am, and dammit, that's their right. (Even in the current atmosphere of Don't Ask, Don't Tell, for instance, I'm sure some homophobic military types would love to scan e-mail looking for anything that might suggest a soldier is gay. *sigh*)

Another big problem here is that people don't profile for actual criminals as often as they seem to for stereotypical criminals. Racial profiling is a major example of this -- black man driving nice car in suburbs, wonder how he got it? Drug money? Let's stop him. Etc. Satanic Panic based profiling is another biggie; there is no other reasonable explanation for why Damien Echols is on death row and his two friends are in prison serving life sentences. With net-based searches, we'd get the additional problem of "profiling" of anyone who, say, visited 2600's website.

I, personally, have nothing to hide, and haven't suffered much in the way of harassment. But damned if I'm going to make it easier for other people to have their lives ruined for no good reason.

Re:This could get to be a real problem, folks.

[Danse]

I haven't yet figured out how to explain these things to people without sounding like a conspiracy nut. I've got a couple friends who understand, but others who don't. I try to just point things out and let them draw their own conclusions. This works in some instances. I couldn't really talk about these kinds of things with people at work though. I work for a government contractor and it might not go over well. Overall, it's pretty tough to discuss these things with most people. They either dismiss it out of hand since they have nothing to hide or are not really interested because they don't understand all that computer stuff.

I suppose the real question is what do you do when the government gets out of control, but the population at large doesn't seem to care or even understand what it all means? Are we that far gone already? Where are the prominent people who can be heard? What are they doing to scrape together some kind of backing to prevent these gross invasions of privacy and violations of our rights? Starting at the bottom is a tough way to do things. It works out much better if you have a focal point to rally around. I'd like to know if one exists, or will everyone going off to their own little group and our voices will be drown out by the bigger, louder voices?

Re:This could get to be a real problem, folks.

[fable2112]

*nod* *sigh* I just had a very long discussion about this kind of stuff with a very good friend of mine. Post-Columbine, she started supporting restrictions that she would have found unacceptable before. I keep pointing out that THE WRONG THINGS are being restricted, and she says "so, should we restrict nothing?"

What bothers me is that this person is a lesbian and Jewish. She should know better than to side with most of the folks who are decrying the decadence of American culture these days, because the let's-blow-things-up violence in a kid's movie like SW:TPM, which is what is freaking her out, is NOT what they are really complaining about. Personally, I don't enjoy shooting myself in the foot.

I'm real militant on this issue because as an "out" bisexual and as a pagan, I know just how screwed I'm going to be if the Religious Reich ever gets its way. And when someone who shares those characteristics with me starts getting cozy with the perceived enemies-of-their-enemies, I get very upset because I know that they're going to be the next target of those who wish to censor and monitor. This is very much not a good thing. There is all sorts of potential for truly hideous abuse to go on here. *sigh* The posting of "... and then they came for me" elsewhere on comments for this article is far too relevant. :(

We are at fault.

[AxelBoldt]

It has been well known for a while that all net traffic, national and international, is monitored.

The real scandal is that we, the hackers, don't aggressively use strong and unbreakable crypto. Why is SMTP still send in the clear? How about HTTP?

It would be trivial to secure these protocols, in fact, secure versions exist, but are largely ignored.

We control the infrastructure and the protocols, so why don't we get off our lazy asses?

--

Re:We are at fault.

[scogan]

http://jya.com/crypto.htm#Echelon

Re:We are at fault.

[fishbowl]

"The real scandal is that we, the hackers, don't aggressively use strong and unbreakable crypto. Why is
SMTP still send in the clear? How about HTTP? "

Eek. Do you realize the processor load that comes
from adding ssl to these protocols? A site that
runs 1000 http daemons can run substantially fewer HTTPS instances on the same machine.

Re:We are at fault.

[Stonehand]

Huh? NOT all communications are monitored. That's patently impossible, or are you claiming that, say, the NSA can monitor what happens on a private network behind a firewall that aggressively obliterates packets going in either direction? That, say, half the world's net traffic goes to specific sites? I don't think so, due to limitations on hardware, software and people. Aside from communications on certain important cables, and so forth, there's not that much monitoring capacity. Period.

Re:Don't say you haven't been warned

[Detritus]

The U.S. Secret Service is well known for not having a sense of humor. They investigate all threats against the president, no matter how silly.

If you don't believe me, post something on usenet that threatens the president. The Secret Service will be talking to you.

Re:Unbreakable Encryption

[phil+reed]

It's likely you are wasting your time. The only provably unbreakable system is the one-time pad. Anything else can be broken, given sufficient time, attention and interest. Any 'simulation' of a one-time pad is not a one time pad (i.e. use of a pseudo-random number generator for a one-time pad can be attacked through the generator).

Also, you'd get a better review of it if you posted it to sci.crypt. Be prepared to provide source code.


...phil

What exactly are they going to do?

[Baka]

I've noticed that while everyone is discussing privacy and how the government is becoming/has become big brother, the NyTimes article is pretty vauge about specifics of the Clinton plan (probably because the plan itself is really vauge). Is Clinton's plan talking about intrusion detection on government and "vital" private systems, or monitoring all traffic on the backbones? The NyTimes article talks about gathering data, but then also talks IDS software, implying that the plan is talking about letting the government setup IDS software and then gather the system logs. If this is the case, it seems getting a strict definition of what a "vital" private network is would be in order, not jumping to the conclusion that clinton just wants to play Big Brother. Of course, Clinton could be trying to get the FBI the power to read your email at will - I don't know; it just seems that no one has commented on the fact that the details of the plan are really vauge, and instead jumped to certain conclusions which may or may not be true.

Re:Worldwide

[rube]

There is already a worldwide surveillance network in place called ECHELON. It's a cooperative effort between the US, UK, Canada, New Zealand, & Australia.

CIA urisdiction

[DunbarTheInept]

The CIA has no jurisdiction outside the US either. No US agency has jurisdiction outside the US. Not that that stops them from acting like they do anyway...

A question for the Slashdot boyz

[Athos]

So... when are we going to have encrypted Slashdot?

--

Rush Limbaugh

[KevinRemhof]

Rush Limbaugh even commented on this today. He spoke for about 5 minutes on how terrible it would be if this comes to pass.

His argument was that it is very simple to step up from monitoring to invading.

Re:simplistic monitoring

[Mr+T]

Except the warning words won't be as mundane. They simply aren't interested in busting kiddieporn traffikers and druggies. That stuff is already remarkably easy to come by out in the open on the internet. The words of interest will be ones like "bomb" and "president" and "revolution" and "guns"

I don't want to sound like some wacko but big brother doesn't give a damn if you're a kink or freak or if your ideas are different, they give a damn when your ideas are against them or potentially against them.

Re:Technical feasibility?

[rube]

I would say that if the govt. has the capability to implement something like ECHELON, which monitors many different media (and more bandwidth intensive ones at that), then they definitely have the capability to implement FIDNET.

Re:HaHaHa

[Trepidity]

most staffers and appointees indicted
most staffers and appointees convicted

I'm not sure about these. Reagan had quite a few of his staffers and appointees indicted and convicted for his Iran/Contra dealings.

most dramatic attacks on civil liberties in this century

While bad, they weren't the worst this century. Take a look at world war I, where members of the U.S. Socialist party were imprisoned for opposing the war. Not for doing anything illegal, mind you, just for speaking out publically against the war.

largest expansion of US government spending since WWII

I'm not sure about this one. I was under the impression that Reagan expanded US government spending significantly more than Clinton has. I could be wrong however.

Re:Stickin' it to the man...

[ph43drus]

The project has already begun.

www.ompages.com -- it should be up this evening, I can't remember where the mirrors of our manifesto are right now (any others on the project have it up?).

First thing we're going for is open-source webmail with full encryption capabilities, after that, a 'public' private network (ie, all connections transparently encrypted). We just started up, but that's where we are heading, and we've gathered a decent following already.

Thankyou.
</plug>

Don't say you haven't been warned

[Kaa]

Well, on the one hand there is nothing really new in this. NSA has been monitoring the 'net for ages, and now FBI wants to have a peek, too. On the other hand the government agencies are not exactly known for cluefulness, so the idea of yet another bunch of idio^H^H^H^Hgovernment servants watching the net does not appeal to me at all. They are very likely to see something they do not understand and do Very Stupid Things (tm) as a result.

Yet, on the third hand, this could be the necessary push to get strong encryption in wide use over the net. Generally it's too much of a bother but now that everybody and his lawyer will be compiling a database of IP traffic I just might try persuading my friends to use strong crypto in email.

Kaa

Re:Don't say you haven't been warned

[schporto]

It might encourage strong encryption. Especially when congress realizes this includes them. And any email they send. And out of US people can't get the same strong encryption due to export laws so the FBI can now see that the white house is taking kick backs from china and...
Ok there are a few too many conspiracy theories there, but if you really want to scare the congressmen make them realize thi will include any email they send, or receive. Include stuff from their lobbyists.
-cpd

Re:Don't say you haven't been warned

[Danse]

Just by using the words "assassinate the president?" The president of what? The local bingo group? The kitty litter company on the other side of town? What?

Re:Don't say you haven't been warned

[Gleef]

Yeah, at least you can count on the NSA keeping your dirty laundry quiet, even the President has trouble geting information out of them. The FBI won't keep secrets anywhere near as well, and if they happen on something criminal, they'll try to prosecute even though due process wasn't followed.

----

Re:Don't say you haven't been warned

[timftbf]

Those of us outside of the US are quite happily obtaining and using strong encryption, all completely legally. We're just not obtaining it from US companies.

I'm surprised that this hasn't been put forward more often as a counter to the 'encryption == munitions' farce - no country is prevented from obtaining strong encryption. All that is prevented is a revenue stream to US companies.

Talk about shooting yourself in the foot...

Re:makes me wonder

[fishbowl]

"...what it is that people are doing to be worried about being caught in the first place."

One of the most important aspects to "freedom" as
it is written into the American system of government, is that your attitude expressed here
is unamerican in nature. Just because someone wants freedom and privacy they should not be
subjected to suspicion! Now that we have crossed
out that founding principle (time and time again),
"security concerns" have replaced "freedom" as the
primary national ideal.

Out of their political domain

[Mountaineer]

Since the beginning of this thing, it has seemed that certain people in the government have wanted to do things that it is not within it's authority or power to do. I haven't read the newest stuff yet, but could this be the one that could actually work? While the thought of this being a total dominant control thing, I don't think that there are enough people in the government who would ACTUALLY do terrible bad things with this information to make this whole thing any more than a petty nuisance.

Re:Out of their political domain

[StormChaser]

Its might well just be a nuisance for most americans but speaking as a non-american (Im European) I dont want a foreign nation spying on every mail I send or transaction I have and Im sure a lot of businesses would be very concerned about the possibilites from state sponsered industrial espionage . Look at it this way a lot of transatlantic cables ground themselves at or near the Irish coast - how would you like it if we listened in on every conversation you had to Europe? Its just going to mean that Americas going to cut itself off, to a certain extent, from the rest of the world...

Re:Out of their political domain

[Mountaineer]

How likely is it that anybody is actually going to do that though?

Re:Out of their political domain

[StormChaser]

There was a current affairs program on English TV recently (Channel 4) which described how one of the English secret service divisions had erected a tower in the middle of the microwave link between England and Ireland and had beeen routinely monitoring all calls between the two countries. The stated reason for this was to prevent terrorism from the IRA (which I completely agree with) but it had also been used to get information valuable from an economic perspective. It only came to light because with the increased use of fiber optics the microwave link wasnt being used and the relevant tower was up for sale.... My point is though, that if the English government thought it was a good idea to spend a whole lot of money spying on Irish calls (and we were very much a second world nation at that time) why wouldnt the american government decide a similar operation would be justified on all incoming european traffic, especially if they have a large surveillance network already in place??? (Of course they probably do already, but theres no need to be so blatant about it :-] )

Theory...

[Dast]

This is probably just a way to take attention away from Echelon.

If everyone gets all crazy about this before it even happens, the gov hopes maybe we will forget the fact they are already spying on us. Blah. Time to mail the old congressman again.

Time for the "Geek Uprising"?

[Juggle]

Could this be it? Could this be the moment all geeks across the world have been waiting for? Something that only we can save the helpless clueless public from? I dunno.

Personally I think they're going about it all wrong. Anyone who needs a refresher about just how far up their own butt the gov't got their head when it comes to the internet should go back and read "The Cuckoos Egg" again. They don't need to watch civilian traffic. That's the public's problem. What they need to watch and guard much more carfully is the very thing this proposal leaves out...government and military networks. That's what they need to be worried about. So what if rogue terrorist hackers from bolivia hack into Bank One and steal every last penny. That's the banks problem and they should be on the watch for it just like any other sysadmin. What the feds need to do is keep their nose in their own business since they obviously don't spend enough time watching their own backs.

Cover story?

[TonyThompson]

Perhaps this is an echelon cover story? Pretend to create some monitoring facility, and add FBI signs to the front of all the echelon buildings...

Maybe it's easier to justify something after the fact than to admit wrongdoing?

Re:Terrorist Computer God

[Syslevel]

That's Psychic TV, I think off one of Gen's "Rave" albums.

But I'm not expecting a hundred bucks from an AC...

Re:Glad to see someone hasn't jumped to conclusion

[norm_bone]

B) They already have anti-terrorist laws in effect for "conventional" technology, why is this any different


So because they're taking unreasonable "conventional" steps to violate my privacy, I should accept unreasonable, "novel" forms of intrusion? Nope. I don't buy it.

Re:Viva La Revolution!!

[fishbowl]

"P.S. Does anyone want to sponser my citizenship to another country? "

Do you mean the Peoples Republic of China, or
do you mean Turkey?

Stickin' it to the man...

This isn't as big a deal as people are about to start freaking out about - although it's definately worth a letter or two to your wonderfully representative *ha* elected officials.

The open-source and linux communities have the power to make these plans effectively useless through the implmentation of transparent public key encryption schemes - Fuck ITAR, this is an international community. A good implementation followed by a new "secure" linux distribution - perhaps Trinix - or maybe RedHat, but they're less likely to take on "the Man", IPO and all.

So let them monitor your SSH sessions, let them monitor encrypted web communitications. The key is to make it automatic and transparent, so that the end user doesn't have to do anything.

I'm sick of this bullshit from the US Government - I'm not a US Citizen, but being north of the border in Canada means this crap will diffuse up sooner or later - Our spineless prime minister does what the US wants.

So rather than bitch and moan and cry and whine, we've got the tools to make this system effectively useless. Run with it.

AC (with damn good reason).

Re:Stickin' it to the man...

[Nino+the+Mind+Boggle]

Which works until they make encryption illegal.

I wouldn't be particularly worried, 'cuz I don't generally send stuff electronically that I wouldn't mind sending on a postcard. But that's entirely beside the point: The government has no bloody business reading my postcards or "monitoring all non-military public networks."

The plan, as described in the article, is attacking the percieved problem ("attacks that might cripple Government operations or the nation's economy") the wrong way. If your house is vulnerable to break-ins because your door doesn't have a lock, you don't stay up all night watching your door, you install the best lock you can find (along with all the rest of the security system).

Maybe someone knows this: In most of the recent cyber-attacks against government systems, have the crackers gotten in *despite* the best security systems, or have the gotten in because someone left the back door open?

Re:Guerilla.net

[I+R+A+Aggie]

ssh is the only way to go. I don't particularly care to have my passwords hanging in the telnet breeze...the other advantages are icing on the cake. :)

James

These ppl need some work...

[xnixnix]

Here in Europe something similar is happening. These Secret Information Gatheres and Controllers are actively seeking new ways to show the Government that they are needed. Since after the Fall of the Soviet Union, a big bad enemy has evaporated, they probably do not know what to do in their free time. So they want to surf the Internet and see what normal people or baddies like me do when they communicate. I would recommend the Governments to cut down the Budgets of FBI, CIA, BND or how you call these Dinosaurs who look too many James Bond movies. Then use the money to build better schools and educate the kids so that a self regulation can be possible. Heck I hate these Controlfreaks - I just use PGP or ssh or ssl if I want to and they will not stop me.

Time to play the definition game...

[jbaratz]

"Government officials argue that they are not interested in eavesdropping, but rather are looking for patterns of behavior that suggest
illegal activity."

What I want to know is: what sort of patterns suggest illegal activity? Based on previous nonsense, I wonder if use of encryption is enough to raise warning flags.

Re:Time to play the definition game...

[cswiii]

yeah...especially considering this little piece of info I learned just recently...

I've been told that, in several places across the US, having a Bob Marley or Grateful Dead sticker on your vehicle is considered 'probable cause'.

If anyone could confirm/deny these claims, I'd apprecate it.

Re:Time to play the definition game...

[Surazal]

I've been told that, in several places across the US, having a Bob Marley or Grateful Dead sticker on your vehicle is considered 'probable cause'.

If anyone could confirm/deny these claims, I'd apprecate it.

Oh that's just the tip of the iceberg. Being black in most areas is "probable cause". Long hair, ditto. Under the age of 18? Ooo, guaranteed criminal there. Heck, if you don't look like Ozzy and Hariette, then that is grounds for probable cause.

Unofficially, of course.

Re:Time to play the definition game...

[Syslevel]

I've always wondered why anybody would be so stupid as to have a Bob Marley or Grateful Dead sticker on a vehicle. I've often wondered if the only people who do so are the narcs.

Re:Time to play the definition game...

Sorry to break it to y'all -- but yes, the cops will stop you if you are driving a VW bus with Dead stickers all over it, weaving in traffic, with the windows fogged over with hash residue before they will stop Mr. Stockborker in his Beemer. You know why? They aren't stupid. Want to be less paranoid? Smoke less weed, sparky.

Re:Time to play the definition game...

[fable2112]

Fellow Rochesterian? Merry meet! :)

They may not be bothering with Dead stickers (a very silly thing to do in any case in an area with so many colleges), but the suburban cops are allegedly "bothering" those who "drive while black" in some areas. Big local news item these days.

But no, Rochester doesn't seem to be a bad area for most bumper stickers. Rainbow and other gay pride stickers are OK, and the "Pagan and Proud" birthday present that is going up on my car as soon as I find it again shouldn't be a problem. And of course, I'll be putting up an SCA or AEthelmearc Kingdom sticker soon too, because it's the easiest way to get friendly roadside assistance going to and from events. *grin*

Me, I wish they'd bother to pull over the pizza delivery guys who drive down Route 383 on the wrong side of the road and/or the bozos who hit and run cats on said road. (I live there. One week, I saw three different road kill cats on three different sections of NY383. I was upset. I have two cats who stay inside because I don't want them to be next. One of them got out once, though. Scared me.)

*sigh* That's always been the thing that bothers me. There's enough REAL problems going on, sometimes where you'd least expected it, that you'd think the cops would have better things to do than profile people who "look suspicious" to their all-too-often narrow minds. *grumble*

Re:Out of their political domain, wrong:

[Mountaineer]

If they are going to put a legal face on it, then they must do so legally. What you speak of is doing things illegally for political power. Perhaps it is you that are problem free anonymous coward...

Re:Routine Encryption: Maybe not the Answer

[Carl+C-M]

I take exception that the only way to combat misuse of personal information is through routine encryption.

• Routinely encrypting all my traffic may not buy me much privacy.
  • Traffic analysis can reveal where I have been surfing and who I have been emailing without saying anything about what I was saying. But I imagine that in this hypothetical police state exchanging email with subversives would be a crime. And don't think that anonymous remailers will protect you; remember anon.penet.fi.
  • Failing traffic analysis, I am still conducting transactions with websites, who is to say that they won't decide that its financially advantageous to get together and construct detailed profiles of me. Isn't that what ads.doubleclick.com is doing?
• How do I know that my security protocols are really secure? I just downloaded PGP from some random website or installed the standard Red Hat Distribution. How do I know that the implimentation wasn't weakened so that powerful interests can read my mail anyway? Worse I might believe that I can send whatever I want with PGP and end up incriminating myself more completely.
• Rather than pressuring congress to allow me to implement weak and insecure protocols that give me the illusion of privacy, why don't we pressure Congress to open up government. "Okay Congress, you want to monitor our networks for criminal activity, you can, if you make verifiable public records of all activities and results from the monitoring." Better yet, if they want this tool, let them build it, but make it a public domain tool that serves everyone. Why should we trust incompetent government workers to secure our networks?

  This bargain could be struck on many levels. If congress wants to monitor all email, I'd be quite happy to go along with this if in exchange the government would publish all gov. documents on the web five years after creation regardless of classification.

• Perhaps surveillance of everyone is immanent, but it doesn't have to be clandestine. We have an opportunity to choose how it is implemented.

If given a choice between having all my email read by the NSA without my knowledge or permission or having all my email read by the NSA and receiving notification whenever it happens; I will always pick the later case. Even better is if I recieve notification from anyone when that email is used. Whose to say that Coca-Cola doesn't have nefarious schemes?

-Carl Coryell-Martin

Re:Cryptonomicon trick

[Bastard+Child]

You could encrypt it weakly (or not at all), and fill it full of the kind of keywords they're looking for ...

"Kill the President"
"DRUGS"
"Smuggle"
"terrorism"
etc...

send 3 emails like this every day. Jam the signal.

Deja vu...

[rde]

The plan, an outgrowth of the Administration's anti-terrorism program...
Ah, yes. Not unlike Ireland's Special Criminal Court, ostensibly for terrorist cases in which juries are, ahem, impractical. This court is now used for drug dealers and pretty much any case in which a jury is likely to dismiss the case or return an inconvenient verdict.

Routine Encryption

[BugMaster+ChuckyD]

If it wasn't obvious already, here is all the motivation you need to routinely encrypt every network traffic you can. With routine logging of activity and computerized searches of the reulting databases the possibility of misuse ranging from unauthorized abuse by individuals up to systematic clandestine surveilance of everyday netizens is immence.

The only efective way to combat this is routine use of strong encryption no matter how innocuous the nature of what you're doing. The congress won't do much as these things are always justified in terms of stronger law enforcemnt aginst stalker pedophile spies form China (or whatever the bad-guy-du-jour is) And your representitive/senator can't appear to be "soft on crime" now can they?

Re:A proposal: Good concept, poor implementation

[Carl+C-M]

I like the basic principle of giving ordinary users tools available to more powerful organizations.

However, a packet sniffer is only useful for packets that pass through your computer, so Joe Average with a dial up connection would be able to snoop on members of his family. Jane Hacker with a DSL may be able to sniff on her neighbors, but she won't see packets from arbitrary IP addresses. That would require sniffers on the major hubs.

--Carl Coryell-Martin

Why worry?

[EZ-G]

This has been possible for ages. If not the FBI, what about all the sysadmins at your ISP or people on your intranet. Just use strong encryption for everything. I don't see the problem. It is legal here in Holland.

I know it is illegal to export it from the USA, but is it also illegal to use it?

IMO a good compromise would be to allow strong encryption and to have a law which, after a warrant from a judge, forces people to give in the encryption key. A (heavy) punishment could be put on a refusal.

Re:Why worry?

[jpancake]

>This has been possible for ages. If not the FBI, what about all the sysadmins at your ISP or people on your intranet.

Exactly. At my university, all network traffic is logged and stored on cds daily. Unless you try to break into somebody's machine, there are no problems.

I mean, does it really matter all that much if someone knows what websites you're going to? Or that you have a penchant for writing boring, one-sentence letters? Keep in mind that you're using someone else's network and they're just ensuring that you don't mess it up.

Re:Why worry?

[Kaa]

I mean, does it really matter all that much if someone knows what websites you're going to?

You must lead a very boring life ;)

Yes, it does really matter. See the post below for an instructive example.

Kaa

Guerilla.net

[ben.b]

Maybe this will rekindle interest in Guerilla.net, the L0pht wireless network.

Of course, I may just get in the habit of encrypting all e-mail and only using ssh for remote connections.

--sig time!--

Re:Routine Encryption: Maybe not the Answer

[Danse]

You make a point. I've considered the prospect of a compromise that would allow us to have access to our government once again, in exchange for our privacy. It's almost worth it. Remember David Brin's "Transparent Society?"

We seem to have completely lost our government. Elections are a sham. If our votes don't have realy power, how can we make a difference? Additionally, most people don't have time to keep up with everything happening in Washington. Big business controls nearly all the news. How do we know what's really important and what's not being said?

Techies - Tools of the Tyrants

[laetus]

What bothers me most about this whole affair is not that the United States Government is planning to monitor the private communications of our population (by nature, nation-states and the bureaucrats that run them are control freaks), but that supposedly educated techs and engineers are PROGRAMMING and NETWORKING these monitoring systems. Quit blaming the government and look deep within. We are our own worst enemy. We're just following orders, right?

Re:Routine Encryption: Maybe not the Answer

[Carl+C-M]

Of course, Brin would probably argue (and I agree) that the 'in exchange for our privacy' deal is no deal at all. We, as little people, will have no privacy; my question is: how much disclosure can we squeeze out of the government and powerful organizations?

-Carl Coryell-Martin

link to article about echelon

[UM_Maverick]

here's a description about echelon: http://capo.org/opeds/pp0615.htm

Technology behind this...

[TypoDaemon]

If someone would please explain the technology(in quasi-laymen's terms) I would appreciate it much. I would really rather know how much could be monitored and how before I start ranting to other people. The Typo Daemon

Re:I am f-cking scared shitless

[daala]

Yes that is the model that they may have ascribed to in the beginning socialism, populism,

I would rather lump them all into the category of totalitarian states much the same as the Incorporated States of America

Echelon Info

[Steve+Furlong]

Several people have asked what Echelon is. It's a cooperative electronic snooping effort of the US, UK, and others. It's reportedly been used for industrial espionage at the expense of nations not in the select group. For more data than you probably want, go to http://jya.com/crypto.htm and click the "Echelon" link right at the top of the page.

What I sent to my Representative

[grossdog]

Rep. XXX,

I'm writing to you regarding Fidnet, the Federal Intrusion Detection Network, which is currently in the planning stages. I will keep this brief because I recognize that your office probably receives quite a few letters and emails.

If you're unfamiliar with it, Fidnet, as proposed, is intended to "protect our national information infrastructure" by monitoring non-Governmental computer networks. This in itself should sound suspicious. There are several reasons why such a program should be opposed and I hope that, after reading them, you and your office do what you can to prevent this ill-though-out program.

1) This is an incredible intrusion on the populace's privacy, providing the FBI, which would be in charge of Fidnet, with unmonitored access to the electronic communications of nearly every American.

2) At the same time, however, criminals, who often use encryption schemes to disguise their online activities, would be largely unaffected, as Fidnet would have no capabilities for dealing with encryption.

3) Our country's "nongovernmental information infrastructure" is the domain of private business. The government should not be protecting private companies from "electronic attacks" when such protection, in the form of knowledgable computer specialists, is available in the private sector. Further, how crippling would an attack on our private networks be? Every corporation controls their own connectivity; the nation's private networks cannot be lumped into a single network that is vulnerable to attack. At worst, it is possible that individual company's network access could be taken down, but this would be the fault of the company for not assuring its own security and providing redundant connectivity. The economic and societal effects would be hardly staggering if amazon.com, one of the largest companies on the Internet, was offline for a day or two.

4) Finally, the concept of "electronic warfare" is a flawed one, meant to bolster the budgets of those who feel they need more resources. The Government keeps no crucial data on the Internet; the "hacking" of a government site is, at worst, an embarrassment. While losses can result when companies are offline for any amount of time, their are not actually any bombs or violence involved in this "electronic warfare." Sure, one's Web site may be down for a few hours and some business may be lost, but this hardly seems to be something that the government should be compromising the nation's privacy for.

I realize this was a bit long, but I feel that the issue is an important one. Please inform me if their is anyone else I could contact about this or if you would like more information or clarifications from a very computer-literate constituent. Thank you for your time.

--Andrew Grossman

--Andrew Grossman
grossdog@dartmouth.edu

It's all a gummint conspiracy

[jabber]

That's right folks,

Never mind the privacy issues, never mind ethics or morals or any of that ethereal stuff like Liberty or Freedom. It's about the money.

Ever since the boom of the Internet, the Federal government has been losing money. They support much of the backbone infrastructure through NSF grants and such. The Internet2 is based in major Universities, but funded by the Fed, and we're going to piggyback off of that tech in a little while. The Fed is losing money since their grants are used to send spam and view porn.

But that is not the biggest dollar sinkhole that results from the Internet Age. It's all about the stamps!

That's right. The price of stamps has gone up dramatically over the last vew years. As we've migrated out corespondences to the net, the U.S. P.S. has tried to break even by hiking stamp prices. This just drove more people onto the net, and into long distance phone companies. This is why they're fostering competition and the proliferation of 10-10 numbers...

The government is just trying to make the net less convenient, more shady and just plain creepy(r) to drive the sheeple back to using the ol'U.S. Post. Under Federal regs, nobody (FBI, NSA, CIA, IRS...) can read your mail.

Watch for new U.S. Mail ads this fall. I ga-roon-tee it.

--Where'd I leave my meds?

Re:Why worry? -- that's why

[Luis+Casillas]

And don't bother applying for a government or a government-contractor job: "We see you engaged in some patterns of behaviour that could point to illegal activity on your part. Be thankful we don't prosecute you. Next, please..." [...] This is fiction right now, but it could easily become reality.

Scenarios like this are definitely not fiction. In fact, the FBI has been doing stuff like this for years. It's their bread and butter.

One of my best friend's uncles found out when he was in his 40s that in all the local government jobs he had applied to in his 20s he had been rejected for political reasons, despite his being top candidate for some of them. The government of Puerto Rico and the FBI used to keep (and probably still do) files of people considered to be "subversives"; those people were continuously harrassed by the authorities in many different manners. The criteria for being a "subversive" was opposing U.S. domination of Puerto Rico, and who was considered a subversive was established by means of surveillance, paid informers and covert agents, which also did sabotage operations.

This is all very well documented since both PR government and FBI files are now public.

I suggest you look at this page to find out more about COINTELPRO, the FBI's 60s-70s civillian surveillance program.

---

Sappy Love Letters

[Mountaineer]

Ok, so, now if I want to send sappy love letters to my GF, and don't feel like sharing the details with every spy on the face of the earth, what do I do? Burn it to a CD, and have an emmissary drive it over to her house? Probably tempest monitoring her over there too, going to have to case her computer room in lead just to be safe...

But then again, who cares what I'm doing saturday night? If I can't even find a date who's remotely interested, what makes me think that the NSA is?

At any rate, my business of selling government secrets to the chinese has been severely hurting lately ever since they started doing it themselves (just kidding uncle sam), so this whole monitoring thing is just another nail in the coffin.

BTW, I'm a total patriot, I would never sell government secrets, I just thought that this conversation needed a dumb joke like that.

Re:Sappy Love Letters

[Raphael]

If you want to be able to share love letters with your girlfriend but not with the spies, you could have a look at RFC 1149 which suggest a solution that might be immune to the usual packet filters (or at least it makes the filtering a bit harder for the spies). I recommend that you have a look at the "Security Considerations" chapter in that RFC, for potential risks of that solution.

Note that RFC 1149 has recently been updated by RFC 2549 which provides additional Quality of Service considerations. This is something that you should care about if you want to be sure that your message is delivered before you have switched to another girlfriend.

Re:Sappy Love Letters

[Sloppy]

Just a tip... You don't want to send a CD for every love letter. Just send her a CD full of random bits when you announce your relationship, keep a copy of the CD for yourself, and then use it as a one-time crypto pad. If you ever use up the one-time pad (having written over 650MB of love letters to her) then it's time to get married, because that's just waaay too many love letters.

Re:I am f-cking scared shitless

[Luis+Casillas]

Well, we were studying McCarthyism in my college US government class yesterday...

Yeah... spooky stuff, isn't it? And it wasn't only McCarthy involved. Everyone realized back then he was a loon, and fell into disgrace. But most other people who were involved in this suffered no ill effects. In fact, some went on to greater things, like Nixon and Reagan...

I also happen to be a Anarchist and spend a lot of my time visiting left and anarchist websites, as well as being on several mailing lists. This is very very very evil. All I can hope is that a bunch of Anonymous filtering websites come up that let you visit sites "anonymously" as well as send and receive email anonymously.

And not be corvertly set up by the gov't, as well. Don't you realize that such an "anonymizer" is perfect for surveillance? That way you can easily gather a good database of juicy info on people who use it. Even info on people you're not after is useful-- you can blackmail people into falsely testifying against people you're after. The FBI is known to have used such tactics.

Many people have also been observing student protests, and many protests in general have really been rising recently, and many new people have been joining existing organizations (say NOW for instance).

And you can be sure that among the people joining there will be agents, which can serve to gather info or as provocateurs. I did my BA at the Universtiy of Puerto Rico, where there's a very long story of that. Though nowadays it's cooled down somewhat, people I know who went there in the 70s can tell you the stories about the left organizations getting infiltrated. For example, in the mid 80s, when government files on political opponents were made public, one could see that many of the most violent, extremist "radicals" who were always calling for violence against the state were actually agents...

I'm wondering if they're planning on cracking down on government/corporate resistance. They're probably aware of the increases themselves. And the Internet has been a very usefull tool to unite organizations and struggles from all over the world. This is very f-cking scary.

That's what the FBI has historically dedicated itself to, and there's no real indicator that this has changed.

Really, this thing about monitoring the net is just extending current civillian surveillance to email messages and such.

Anyone who wants to know more about the FBI's history of surveillance and sabotage of civillian organizations, check out this page on COINTELPRO. The material there is actual declassified FBI documents.

Also, I've noticed that a couple of messages above show their posters to be completely ignorant with respect to Anarchism. I would suggest them to go check out the Anarchist FAQ Webpage.

---

Time for Geeks to Get Involved in Politics?

[Saige]

Perhaps this is another sign that geeks need to start getting involved in politics. We sit and watch the clueless government do one thing after another to take away privacy, cripple technology research and advance, and just generally try to treat us like children.

And all the while, I see geeks complaining about it, but doing little else. Maybe it's time to start getting the word out to people what is being done, and do something to change it. All the whining in the world won't do any good if that's all that is done.

I don't know, maybe a Geek Political Party? So the geeks will know who to vote for? So some visibility may be gained? Or is this just another one of those ideas that wouldn't work?
---

Re:Time for Geeks to Get Involved in Politics?

[timothy]

Saige wrote:

"Perhaps this is another sign that geeks need to start getting involved in politics. We sit and watch the clueless government do one thing after another to take away privacy, cripple technology research and advance, and just generally try to treat us like children."

I think that last point in the most important. Rather than allowing people to make informed, possibly risky choices, it is increasingly the role of the gub'mint to decide what you *ought* to want to decide - in other words, as you say, treat you like a child.

Several things flow together to make this happen -- here are the most obvious ones:

1) Life expectancy is growing, and the portion of life considered 'childhood' or 'youth' is right alongside.

2) People have come to expect / accept more guarantees in life; just like getting a free bed from Mom and Dad means you owe them (at least) filial piety, getting a free handout from Big Brother means the same.

3) Young people -- because they are young temporarily and are busy doing things that MTV tells them today's hip teenager ought, or getting into the Ivy League, or going to punk shows, or hacking -- are not much of a political force; even when they occasionally become one, it's more like a militia than ...

4) the Standing Army of Gerontocrats, as in the AARP and many others. Unlike young people, old people both stay old and have the experience to organize effectively.

5) A general (and I think growing) tendency to accept regulation as necessary and appropriate, especially from non-elected bodies with no purpose *other* than to issue regulations. All the 3 and 4-letter acronyms you care to throw out: FDIC, FDA, FTC, FCC ... the fact that their appointers are elected does not make these bodies answerable to anyone but themselves and the rare, half-hearted reviews.

6) Willingness to trade at every turn a little essential liberty for security.

America was founded as a radically free society (for its time). In our time though, American freedom is lukewarm. "Still freer than most other countries" is not a very exciting slogan. :(

• Mandatory school attendence, overwhelmingly at State-run schools, ought to raise more hackles than it does. Both parents and students ought to resent the assumption that their time and bodies belong to the regulators.
  
  
• Laws that prevent 18(19/20)-year-olds from sipping a glass of wine in a restaurant ought to disgust everyone.
  
  
• Increasing regulations about gun ownership ought to frighten anyone who looks at previous disarmament campaigns. (See jpfo.org)
  

Answers? No good ones. I guess vote for (L)libertarian candidates and use encryption. Buy guns while you can.

timothy

Govt on the internet anyway

[Gambit+Thirty-Two]

I still firmly believe that the government should keep everything even vaguely sensative off the net. Yes, keep your public relations websites online, but give me a break, and take off anything.

That will solve their cyberterrorism threat. You cant very well hack into a machine that has no connection to the outside world.

Re:Govt on the internet anyway

[Mountaineer]

Yeah, I've heard some pretty crazy notions from people about transmitting sensitive government info over the net. Mostly from kids who don't know what they're talking about... Speaking from the standpoint of someone in the know, the US government KNOWS (or did know at one time) how to maintain a safe network, it's whether or not they choose to these days I figure.

Re:Govt on the internet anyway

[Stonehand]

Well, how does one enforce this? Government employees may be provided with two machines (one that may hold classified information, but has no physical connection to public networks, nor any unapproved software or hardware; and one that's just the opposite), but in practice people will migrate information from machine to machine. They have yet to crack down on this, despite such issues as apparent transfers of information from Los Alamos to public networks. Short of not providing the connected machines (or completely isolating the "black" machines, via prohibiting *any* means of data transfer except through the network connection to the classified network, which may not be accessed by "white" machines. This policy makes sense, actually.), how?

Keep in mind that this is the same administration such that (former, IIRC) DoE head O'Leary ended the policy of easily-discernable security classification via boldly-colored ID badges, and ruled that the classification had to come through small-size text that's not easily read at a distance. And with an Attorney General who refused to allow inspections/monitoring of Wen Ho Lee's computer, even when he was suspected of espionage *and* he had signed a consent form explicitly allowing such monitoring. And so forth.

Encryption and F.B.I. monitoring patterns

[Raphael]

The NYT article contains the following quote:

"The fight over this could make the fight over encryption look like nothing," said Mary Culnan, an professor at Georgetown University who served on a Presidential commission whose work led to the May 1998 directive on infrastructure protection.

Actually, it seems that encryption would not help a lot in protecting your privacy. The first thing that the F.B.I. will do is to monitor "patterns" and check for unusual stuff. In other words, it does not matter much if you are sending encrypted e-mails to someone. If that someone is being closely monitored by the F.B.I., then the simple fact of sending some messages to that person will trigger some alarms. The contents of the messages are not so important.

Tracking "patterns" is not only about e-mail (which is one of the first things that people think about when encryption is mentioned), but also about all other kinds of traffic. So the spooks could also be alerted if you are accessing some suspicious web servers frequently. It does not matter if you are doing a secure transaction or not, because the first thing that they are interested in is your (IP) address. And this is not limited to web traffic either. They could also check if you are trying to connect to non-standard TCP or UDP ports on some computers.

The latter case is probably what the draft plan intends to make easier to detect, in the case of governement computers. Detecting suspicious accesses to governement computers is not a bad idea in itself. But it would be far too easy for the F.B.I. to abuse this power.

Re:I am f-cking scared shitless

[Luis+Casillas]

Yes, of couse, wern't those the guys who advocated terrorism beacuse they knew they could never achive what they wanted through a true democratic process?

There's a couple of unstated assumptions here that are worth challenging.

First, that of "true democratic process". I would like to know which "democratic process" you refer to when talking about terrorist organizations. I hope you don't mean the U.S. "democratic" system (where power is wielded by a bureacracy, the elected officials get to where they are because of corporate support, and there has been historically political persecution against people who oppose corporate power).

Also the word "terrorism". Well, I am against terrorism, but I happen to oppose it regardless of who is doing it, whether it be by Islamic fundamentalists or U.S. government agents. The latter, of course, call what they do not "terrorism", but rather "counterinsurgency".

Let's take a look at your message again:

Yes, of couse, wern't those the guys who advocated terrorism beacuse they knew they could never achive what they wanted through a true democratic process?

And now, let us take "the US government" as the referent for "they", and recognize such doublespeak as "counterinsurgency", "defense from internal attack", or "stabilization" for what they really are when the U.S. gov't has used them, and think of cases like:

• Vietnam;
• Guatemala;
• El Salvador;
• Nicaragua;
• Chile

and many others.

In that context, your message could very well be talking about the way the U.S. government has conducted its post-WWII international relations.

---

Re:HaHaHa

[Microlith]

I don't think he will oppose, as Vacant Lott (it fits him) has proven himself to be ignorant and somewhat stupid about his country by some previous comments by him about a certain group of people...

Re:Cryptonomicon trick

You don't need to encrypt anything. There's not enough CPU horsepower in the entire Universe to monitor everything on the net. The net has grown too big to control. Remember what G. Custer said at Little Big Horn--"Look at all them fuckin' Indians!"

Freedom will not be supressed, no matter what some Joe McCarthy wannabe wants.

Harmless or NOT?

[MeanGene]

On the surface (which is just underneath all the catchy nonsense) this looks just like a gov't-operated syslog monitor and port wrapper. So far so good - this is something that a considerate sysadmin would do on his network. BUT...

If the gov't then tries to leverage its influence against the private sector, we're in big poo-poo. As you probably know, any business dealing with the gov't has to comply with the whole slew of requirements. Next thing we'll see is the gov't DEMANDING that all of its contractors use FIDNET and escrowed encryption (all, of course, under the pretext of reliable supply of whatever the gov't is buying). Once the Fortune XXX companies are sucked into this, FIDNET is going to propagate itself further down the food chain. Pretty soon in-duh-viduals will not be able to get an account with an ISP without allowing FIDNET into their home computer...

Let's give 'em something to chew on...

[Microlith]

I guess it's time to start (bomb) inserting words (anfo) into our sentences to (plutonium uranium fission) throw (AAFJ#@L57H8a8e479) off the authorities

NOT paranoid!

[beavis88]

The argument that "they're not after me, so why should I care?" is _totally_ bogus! That's just the sort of attitude that has caused the continual erosion of our privacy rights as U.S. citizens. IMHO, this quote sums it up best:

"When they took the fourth amendment, I was quiet because I didn't deal drugs. When they took the sixth amendment, I was quiet because I was innocent. When they took the second amendment, I was quiet because I didn't own a gun. Now they've taken the first amendment, and I can say nothing about it."

-- Anonymous

The US Govt. Wants to Protect It's Network?

[Grave]

Oh gee, this is such terrible news! The US Government has decided that it needs to protect it's computer networks from being hacked! What a crime against freedom! I mean, really, people, are you all on crack? There have been an enourmous number of government sites hacked, and they want to stop it from continuing. This is nothing unexpected and is really being blown out of proportion by you people.

Re:The US Govt. Wants to Protect It's Network?

[kevinT]

Read the article!!!!

The goverment wants to monitor each and every network for intrusions and develop patterns. The only mention in the article about goverment computers is the statement that because Goverment employee's allow monitoring, then there is no privicy issue.

READ THE ARTICLE!

Re:The US Govt. Wants to Protect It's Network?

[Zack]

>The US Government has decided that it needs to protect
>it's computer networks from being hacked!

Then take them off the bloody internet. The internet in no way shape or form belongs to the US government. The phone lines? Nope, not property of the US Government. The servers? Nope, try again. My computer? Hell no.

This is about a lack of privacy. They want to monitor ALL NON-MILITARY COMMUNICATION. Well, they can bite me.

This has NOTHING to do with their sites getting cracked. That has to do with their sys admins being lazy slobs.

> being blown out of proportion by you people.

Really? Would you mind posting all the emails you send and receive and transcripts of your telephone conversations, plus a complete list of all the web pages you've visted on your website?

Why not? That wouldn't violate your freedom, would it? In fact, I'm going to shut off your internet access unless you do so!

That's total bulls*** man... NO ONE needs to read my emails. Not even the "I'll be right over" ones or the "What time are we going to the game" or "what's for dinner"... NO ONE.

Tell me WHY they need to monitor all communicaition. If they're concerned about their sites, then let the rat bastards protect them.

The classic quote

[Kaa]

"When they took the fourth amendment, I was quiet because I didn?t deal drugs. When they took the sixth amendment, I was quiet because I was innocent. When they took the second amendment, I was quiet because I didn?t own a gun. Now they?ve taken the first amendment, and I can say nothing about it."

It might interest people to know where this came from. The original quote belongs to Pastor Martin Niemoller who had the misfortune to live in Nazi Germany in the 30s:

"First, they came for the labor unions but I wasn't a labor unionist, so I didn't speak up. Then they came for the Communists but I wasn't a Communist, so I didn't speak up. Then they came for the Jews; but I wasn't a Jew, so I didn't speak up. Then they came for the Catholics, but I wasn't a Catholic, so I didn't speak up. Then they came for me-and there was no one left to speak up."

You might want to keep this in mind.

Kaa

Re:The classic quote

[Syslevel]

The question needs to be, are 'they' going after:

1. Labor unions ?
2. Communists ?
3. Jews ?
4. Catholics ?

When 'they' go after the first of any of these groups (or any other non-criminal groups) it will be time to speak up. Until then, speaking up will just fog up the water, dilute the message, and make it difficult to speak up if and when it becomes necessary.

Re:The classic quote

[Ralph]

The question needs to be, are 'they' going after: 1. Labor unions ? 2. Communists ? 3. Jews ? 4. Catholics ?

Nope, they are directly going after you, leaving out all these groups. As said before: The attitude "as long as I don't do anything wrong I don't care" will cost you your privacy faster then you can say "Why me?"

Related to that: At the end of may Janet Reno wrote a note to the german minister of justice about the issue of exporting strong cryptography.

Germany, as well as most other countries in the European Union allow the export programs using strong cryptography, as long as they are in the Public Domain.

Janet Reno opposed to that, saying that this weakens the Wassenaar treaty, which was signed by more than 30 countries world wide.

For the complete article - and Janet Reno's letter - go here (by telepolis, an online magazine published by the Heise-Verlag, which also publishes c't).

Sorry, only available in german, maybe you want to babelfish it.

Ralph

Re:The classic quote

[sjames]

By monitoring everyone's communications on the net at random, they are going after ALL of those groups and more. All you have to do to be logged is to have a packet pass through a monitored network.

Meanwhile, the money they are spending on this could buy every homeless person a condo.

The real answer to preventing attacks on our infrastructure is to encourage the use of strong crypto and the development of hardware and software based on it.

Finally, if the objective is to prevent cyber attacks from outside the US, why aren't the monitors confined to the border routers on the links to the 'outside'?

Re:The classic quote

[Stonehand]

I'd say they're going after industry sysadmins, by planning to install monitoring software on non-governmental systems. Either they'll be required to hire government spooks who'll use those systems on-site, or far more likely, the monitoring system will either report electronically, perhaps with remote access, or it'll do something like log to CD-R's which are then shipped off to a gov't warehouse. In any event, I'm just as concerned with *how* and why they're "going after" a group as with whom.


* If there are *any* vulnerabilities in the monitoring software, and I'm a sysadmin, you've now weakened my network. Thanks a lot.

* How can I trust the monitoring software to know that that's *all* it's doing -- monitoring? And that none of the information, such as traffic analysis, could leak out to a competitor who happens to be a larger campaign contributor? For instance, if somebody's suddenly engaging in SMTP traffic with somebody at a competitor, and the traffic coincides with that to a recruitment firm or so forth.

* Wouldn't this cause some to fall prey to false confidence? Given that the Gov't hasn't shown itself to be the most clueful 'bout computer security in the past, what makes them think that they can catch up?

inside the US / outside the US

[levl289]

From my understanding of the US encryption laws, there are no regulations on how strong it can be within the borders of the US...
That being the case, along with the fact that the FBI is only a national department (as opposed to the CIA et al., which are international), you can develop encryption methods that they would have large headaches trying to get past. Then outside the US, use weak encryption, seeing as the technically have no jurisdiction there...

-lev

Re:inside the US / outside the US

[bluGill]

Right, inside the us there is no limit to encryption use. It is gaurentied in our constitution that we can secure our comunications. Not to imply that they won't try to get around this somehow, but the reason the laws applie only outside the US (as if there is jurisdiction) is it sortof gets around the problem for those who want to take away out rights.

Re:Worldwide

[Dominic]

I don't think so. I mean, if someone said to me "I'm from the FBI and you're under arrest" I would ignore him and wait for the real police. It would be like a policeman from here (the UK) going to New York and arresting someone. They would only have the same powers as anyone else (ie a citizens arrest), but no more.

theonion.com

[/]

That was a story on theOnion a while ago. It's parody.

Re:An Idea...

[landtuna]

Or just type Meta-x spook at the bottom of everything you write in Emacs.

And this is different how?

[ethereal]

I'd certainly like to see some of the details filled in on this plan, as the NYT was fairly vague about it. This is probably because the plan isn't close to final yet. What sort of "patterns of patterns" are being monitored here? Other than detecting quantity-based attacks such as smurfs and mailbombs, I don't see what this monitoring can accomplish. Most attackers of other systems will look more or less like authorized users in terms of the quantity of bandwidth they use in their attacks. Only by inspecting the actual contents of their packets could you find out what their actions are, and there are way too many packets flying around for that. Also, how is this monitoring system planning to differentiate between authorized users doing potentially dangerous things (rebooting a server, etc) and unauthorized users doing the same thing?

Implementation issues aside, this doesn't necessarily decrease the security or privacy of Internet use. With the proper tools anyone could monitor Internet packets right now, whether or not there is a sophisticated government effort to do so. Plaintext email and other unencrypted data will be no less secure under the FBI's plan, and packets to and from your host to the rest of the 'net will just be logged in one more place than they were before. The loss of privacy and security is not as severe as you would think; mostly because there wasn't a whole lot of privacy and security on the 'net to begin with. There's an understanding that you don't monitor traffic that isn't yours, but there's no guarantee that everyone who can see your traffic is high-minded enough to abide by that understanding.

This is not to say that I support the government's monitoring plan - I don't think it will work, for reasons listed above. And of course I object to my traffic being preemptively monitored by a government party without a warrant or a court order. But I'm not sure even in the worst case there would be as much loss of privacy as there would be loss of the illusion of privacy. If this leads to more pervasive use of strong cryptography, wonderful.

Re:And this is different how?

[Stonehand]

Well, I do have to worry when the Gov't appears willing to say to the administrators of a non-government network that they must install specific monitoring systems of the Government's choice. How do we know that such information won't be misused, and that monitoring is *all* the system does? Also, if it becomes the "official" or trusted system in any way, then it might be made more difficult to investigate occurences undetected by the system.

Couldn't they think of a better name??

[mountain]

I realise there's room for confusing in the TLA department. But naming a something FIDNET.. That's gotta cause confusion. FIDNET -- FIDONET.

I don't expect anyone who hasn't used a dial up BBS (Hell, I still ring one to play LORD) to understand.

No actually, I correct myself. Anyone who's ever used FidoNet (and knows what it is) will be smart enough to know the difference.

*continues pissing in the wind*

Technical feasibility?

[Woodie]

Hey -

lets all just think about this for a moment. Maybe I'm being simpleminded, but in order to effectively monitor all the traffic on the Internet today, wouldn't you have to have an equal amount of computing power in aggregate to that which is generating the traffic?

Lets just say (hypothetically) that the total combined bandwidth usage on the internet today is 100 Terabytes daily (in the USA). This traffic is generated by a billion computers being online at once, all transferring files, exchanging mail, etc. Wouldn't it take a system (distributed or centralized) of equal processing power to effectively monitor this?

Unless we're talking simplistic monitoring, where some widget is snapped onto the major switches, and whenever it sees some keywords, it generates a signal that computer X exchanged a restricted word with computer Y. But - come on, even that would require immense devotion of computing power (effectively a system that mirrors the power of the switch itself) and it wouldn't even be logging the traffic...

Maybe I'm just being stupid - or overly optimistic. Someone let me know if my hypothesis is correct - that in order to monitor a system that has the complexity of the Internet - one effectively must duplicate the level of resources currently on the internet.

- PW

Why worry? -- that's why

[Kaa]

Let's say you go and visit www.hyperreal.org -- a site that contains, among other things, information about psychoactive substances, some of which happen to be illegal in the US. Now, of course, only drug pushers would be interested in information on such a filthy topic, right? So you wouldn't be surprised to see some cops on your doorstep with a search warrant, the probable cause being visiting the site? And don't bother applying for a government or a government-contractor job: "We see you engaged in some patterns of behaviour that could point to illegal activity on your part. Be thankful we don't prosecute you. Next, please..."

This is fiction right now, but it could easily become reality.

Just use strong encryption for everything. I don't see the problem.

Use of encryption necessitates that both parties do it. In the example above how would encryption have helped me (other than using Freedom.net or some equivalent of it)?

I know it is illegal to export it from the USA, but is it also illegal to use it?

It is legal to use. For the time being, that is.

Kaa

Orwellian crap like this gives me the creeps

[Afrosheen]

Why is it that every time the government gleefully steals our rights it's done under the moniker of Anti-terrorism? I remember that following the Murrah building bombing here in OKC, the Pres was in a big rush to pass the newest anti-terrorist legislation. Couldn't have timed it better, because all the sheeple in this country were having their heart-strings tugged at by the media spin. Why didn't they feel the same sense of loss for the children of Waco? Were they not equally innocent? Because it didn't fit in with the government agenda, of course. Waco was okay, because those people were terrorists waiting to happen. Ruby Ridge was okay too. Just a little dust under the rug, media-wise.
The point I'm trying to make is, think very carefully about things of this nature. It's your right to be a private, law abiding citizen. It's your right to not be snooped on every corner, every phonecall or every email. Terrorism is a bullshit excuse that our government needs to deal with in other ways. Ever stop to think why terrorists hate America?
A good start would be effective foreign policy. And stronger networks, not riddled with weak NT web servers that skript kiddies feel the need to hack at.
Just after reading the NYT story, I wrote an intelligent, coherent letter to my congressman in response to this. I hope you all do the same. Keep in mind that there's nothing an oppressive government values more than apathy and disinterest. If you don't care about losing your freedom, they don't care about taking it.
..expecting echelon to start watching me any minute now :)

Re:Money- Tool of Tyrants

[cale]

It could be even more simple than that. We all need to eat the last time I checked, and you don't eat if you don't get paid. That and some people really don't have any morals and can just be bought.

today's outrage

[jwjr]

Having failed to control the availability of reasonable cryptography,
the FBI wants to install a giant traffic analysis system. Some
thoughts on this system:

o It represents a second best surveillance tactic after
eavesdropping. If you can't tell what a person is saying, it's at
least interesting to be able to tell to whom they're saying it
(traffic analysis). If the Clipper chip was plan A, this sort of
thing is plan B.

o This is definitely a lot bigger than what any private agency can do
because they FBI can theoretically use the law to gain monitoring
access at any network access point they desire, which a private entity
could not, and likely would not, do.

o Federal law enforcement realizes that the public computer
internetwork has become or is rapidly becoming the world's primary
nexus of communication, and therefore they must be able to analyze it
in order to snoop on the citizenry.

o Traffic analysis in order to hunt for "patterns of behavior that
suggest illegal activity" might lead to a vague fishing expedition
approach to law enforcement. Perhaps this is an attempt to do an
end-run around troublesome fourth amendment protections, which are
fairly well defined in the case of telephone wiretapping.
Interestingly, this seems to me to require that the use of IP
telephony would get far less protection from warrantless search than
regular phone calls. For example, even if you encrypt your phone
call, and even if you use anonymous forwarders, this type of system
might theoretically allow the FBI to detect the end points of an IP
telephony call, unless you handed the call off along the way to the
PSTN (a normal phone company). The FBI could thus ensure that there is no
reasonable expectation of privacy in telephone call end-points, which
might then make such information admissable evidence in criminal
prosecutions.

o The conflation of domestic and international concerns may be a new
tactic in the constant pursuit of greater surveillance powers for law
enforcement. I expect we'll see more of this. Theoretically these
measures are for "national security", and defense against foreign
attack, but that excuse is being used to justify snooping in the US.
The internet, by being a global medium open to easy foreign access,
may well represent the thin edge of the wedge for this sort of
argument, where foreign threats are used to expand the powers of
domestic law enforcement.

Re:Worldwide

[Stonehand]

I believe that at the very least, while the FBI's worldwide jurisdiction might legally be a fiction, in practice they do investigate and seize people outside of the country. In particular, it's historically had a significant counterespionage roll versus the (former...) KGB and satellite services.

Ditto for the US Marshals, who have been known to forcibly extract people when the host nation is either unable or unwilling to cooperate via apprehension and extradition.

Viva La Revolution!!

[Z0z]

As a network security specialist, I'm as paranoid as they come, and because of that paranoia, I am starting to suspect key officials in our government are on crack. Unfortunately, this is knee jerk reactionism at its worst. Think of the government as the worlds pointiest haired boss. As I'm sure most of you know.. the solution to any problem in their mind is to tack on more technology! Nevermind properly configuring and maintaining the products you already have! If the goverment is worried about the vulnerabilities in key network infrastructures, a nationwide IDS is NOT the answer. It does little good to detect an intrusion after the fact, when you could have used those resources to protect the damn systems in the first place. I won't even go into the privacy issues surrounding this.

P.S. Does anyone want to sponser my citizenship to another country?

Codes

[Jimhotep]

Why is it even possible to
break codes? Is there a rule
that says all codes must work the
same?

the next line is a coded message

the eagle has landed

ok, what does that line really mean?
you can run code breakers against it
till the end of time, you will never
know what it means.

Why?

It's my code. And, tomorrow the same line
will mean something else.

Good luck.

oh, I hope all of my internet traffic is
being logged and looked at. should be
very confusing. I'm interested in too
many things.

Feds : this guy is into conspiracys about
mp3 files from the Mermen and checks
Drudge 10-15 times a day while listening
to Phil Hendry on real audio. This guy
is a mess.

Re:Codes

[underwhelm]

I'll bite:

Just on a purely practical level, how do you expect to communicate anything with that code? It takes more than one person to communicate, and the parties must share a common language.

Your code means nothing to everybody, and you fail to sucessfully communicate, unless someone has the key to the code. You are forced to reveal the key to someone, somehow.

That revelation will give you away.

So unless you have come up with a way to create a keyless or transparent-key code (which I'm not denying is possible, but I would suggest is fallible), you'll never be heard but in your head.

Re:Codes

[Stonehand]

You're talking about traditional codes, the kind that used to take books to encode/decode.

Well, it's still vulnerable.

* All parties must be fully informed about how to either encode or decode such messages; possibly not both, but at some point this information must be passed. Generally, this sort of substitution is not exactly as strong as public-key in this regard; more like private, in that interception costs secrecy.

* It's still possible to monitor traffic, and to make educated guesses (if you're under surveillance) about what you might be up to. That can provide a starting point.

* Depending upon the host government, they may be able to compel you to decoding it, or alternately trick you into providing access to the decoding. This is particularly true if your machine is not completely physically secure.

Oh yeah, this is just the foot in the door

[ch-chuck]

The National Information Stool-pigeon Infrastructure is just another case of us lil'ol people not able to fend for ourselves against the meen ol' hackers out there. What'cha bet the same system installed to 'protect us' gets used to enforce collection of taxes on Internet commerce, among other things.

The bureaucracy is expanding to fulfill the needs of an ever expanding bureaucracy.

Chuck

Don't you find it funny...

[demon]

Am I the only one who finds it odd that they seem to be worrying about "critical" systems being taken down? I think that's a ridiculous claim - if they have anything more critical than a Web or shell server connected to the Internet, then I say they deserve what they get, and every geek should make his/her way to DC for a mass mooning of the White House.

Monitoring: nothing new

[Tincan]

The NSA has been monitoring Internet traffic for quite a long time not only on a domestic level, but globally. I suspect the NSA will either turn down the FBI's plan or declare neutrality because A) the NSA would get too much publicity if it was approved and publicity is the last thing they want, and B) they already have such a system. If they downright scrap the FBI plan, that will spurn assumptions that such a system exists and they don't want that either.

What worries me...

[Hector]

What worries me the most about this whole thing is the fact that the Government is trying to impliment this whole thing to have better security in the Government, but in actual practiceit seems like one huge invasion of privacy. I would think that if their security was so bad they had to monitor other people they have a lot more to worry about.

Techies - Tools of the Tyrants

[laetus]

What bothers me most about this whole affair is not that the United States Government is planning to monitor the private communications of our population (by nature, nation-states and the bureaucrats that run them are control freaks), but that supposedly educated techs and engineers are PROGRAMMING and NETWORKING these monitoring systems. Quit blaming the government and look deep within. We are our own worst enemy. We're just following orders, right?

too bad...

[DaveTerrell]

They could have called it the Federal Intrusion Detection and Operations Network, but nooooo....

mailserver crashing

[The+Big+D]

In the UK we have been having arguments over similar stuff for a while now. A group has formed called Stand. You can check out their philosophy here.
The principal is that MPs (a bit like your senators of something) have ways around huge mailbags of complaints about the same thing - whether electronic or whatever. They'll get pissed off, filter the messages, and write back to everyone with some condescending thanks for your ideas. Stand has organised for groups of concerned constituants to send only one full, explanatory letter to each MP and then anyone else who agrees can write a brief note saying so.
You might find a similar approach will work better.

will fidnet be opensource?

[jackmott]

...

www.zeroknowledge.com

[Kaa]

Encryption + anonymity.

Hey, guys, accelerate your beta, we need this thing now!

Kaa

Re:Jerk

[Demandred]

Go away you troll....

Money- Tool of Tyrants

[pos]

There will always be people to code whatever you need to be coded.

There are people who live for money because money is power in our world. It brings them their worth and they would sell their souls for it, and even that assumes that they aren't control freaks who think government spying is a good thing.

Re:Money- Tool of Tyrants

[Manax]

And maybe some of them really believe that the goverment isn't really out to get them and are willing to help with this noble goal of protecting US citizens from the bad guys.

Just image for a moment, someone who has graduated school, perhaps with a CS degree, has spent some time with ROTC, perhaps would like to get into law enforcement, but doesn't like the idea of getting shot. Instead, the person gets a call from someone at the FBI who says "We need people like you. We are building this network monitoring facility, with all this high-end equipment to help protect us all from terrorists abroad. We will be looking for specific types of attacks and we need you to help write the software for that." The graduate meets the FBI people, likes them, they sound like they really believe what they are saying (and perhaps actually believe it), and so the grad joins up.

The person isn't evil, isn't a tool, and really believes in the goal, is convinced of the sincerity of those he/she works with...

Bottom line, I'm scared by all the invasions of privacy, the goverment intrusions into far too many aspects of life, the threat of being harassed by the Enforcers (police), the unauthorized confiscation of private property, etc. but to say that these people are all immoral, irrational bastards out to screw us all is just demonizing people who are more like you and me, than different.

Yeah, some of them are assholes, and some are stupid and many are irrational, but they are still just human beings trying to live out their lives the best they can.

And while trying to get along the best I can, I try do something to make the world a better place (according to my own, perhaps warped, judgement) by avoiding (and protecting myself from) the assholes, educating the stupid and by being understanding of the irrational (and trying to help them do the rational thing).

Bottom line, I'm very much against this proposed system, regardless of the goal, since I believe having a highly distributed, highly heterogeneous network, with individually applied security is the best defense. I also believe that a system like this can all too easily be used (by the stupid, or the irrational) to do bad things to you and I. (Besides being an ineffective way to do it's stated intent.)

Re:Worldwide

[Woundweavr]

The FBI has no authority outside the US, just as the CIA has no jurisdiciton inside the US.

At least officially.

one thing...

[arhawth]

One thing this could do is force people to start using encryption more. Maybe the gov't has access to your network traffic, but if they can't read it, then who cares? It is probably an infringement of civil liberties, but if they were to get it in place, the net result would probably be a more secure Internet, or at least the part that resides in the US.
Adam

The NSA already does just that.

[tool_man]

The NSA has 2 branches that do just that. The one branch is responsible for intercepting and 'monitoring' all signals (satellite, etc), the other branch is responsible for communications (ever hear of Echalon (did I spell it right NSA))

There are 9 listening posts around the world, 1 in Virginia, 1 in UK (Ireland I believe), 1 in Australia, etc.

Basically all faxes, phone calls, cell phone, emails, internet activity is monitored, satellite activity is monitored and scanned. Some people think they can scan words, I heard that they do voice pattern recognition. Watch "Enemy of the State"

Re:Terrorist Computer God

[Stonehand]

Sounds vaguely like the rantings of a certain Francis E. Dec, judging from AltaVista. {shrug} 'tho it bears passing similarities to "They Live" :-) ...

Gore should be held accountable

I hope there are enough people that care about this issue to really hurt Gore in the 2000 election. I'd really like to see him pay by not getting to be president for the assault on civil liberties he's responsibible for.

The problem is, no one makes this an issue in the mainstream media. The only way it is going to become an issue is if we talk about these things at the grass roots with our friends collegaues and neighbors, and make them aware of what has been happening under Gore's tuttelage. The important thing to do is not come off like some wild-ass paranoic, but calmly and completely state the case with valid and supporatble eveidence, i.e. "did you know that under the Clinton Administration frederal wiretaps have gone up 500%."

We have got to make this a major issue in the primaries if possible, be cause there's strong evidence that Boy George isn't going to be any better. (Not to mention the affect he would have on the environment, courts, etc..)

By the way, does anyone have any good references to a complete (accurate!) list of the many attacks that the Clinton administration (and especially Gore) have made on the Bill of Rights during there tenure in office?

And please don't moderate this down. All of us geeks need to stop pretending that there isn't a real political process, with real consequences, out there. Who we elect as our next president coulnd't be more on-topic, IMO.

A proposal.

[Bobzibub]

Since griping on ./ isn't going to do much, I propose that some literate folks get together and write a small OpenSource program to bring the issues to the public.

Essentially this would be built on an existing packet sniffer but with the added ability to search packets for keywords which the user may input. Once the key word has been found, the IP is placed on a 'watchlist' and all packets will be stored for the user, and rebuilt.

It should have a *very* easy interface for end users, perhaps even a WIN9X port.

Also it should contain statements which implore the user to use it responsibly, but we could also suggest words such as "liberal". ; )

I propose to call it: Santa. Remember-- he's making a list and checking it twice, gonna find out who's naughty or nice..

Then we mass mail copies to government and media people so that they can all spy on each other.

The point is to crystalize to the media and government what issues are at stake with these monitoring systems.

We could spin it so that "individuals ought to have the same rights [to abuse others' rights] as governments currently enjoy."

If interested or have some comments, please drop me an Email, at chappel@home.com

Cheers,

David.

Ooooh, good!!! More shooting in the foot!!!

[Pig+Hogger]

Keep going, keep going, yanks, after a while, all the worthy stuff will no longer be done in the United States.
Way to go, guys, way to go!!! Europe will rule!!!
-- ----------------------------------------------
Vive le logiciel... Libre!!!

Ping a random fed today!

[Barbarian]

How about an OSS program that, say, once every hour would send a ping to a random host. Considering that many IT people consider a single ping to be an attack, this might set their detection systems off all the time if enough people ran it.

Does this mean ...

[aphrael]

It's time to start encrypting e-mail on
a routine basis? I've always thought the
guys advocating that were kinda nuts ...
but i'm suddenly not so sure.

Am I missing something?

[Zoltar]

What's the difference between this and listening in on someones phone conversations?

"Well..we just want to listen in on your phone conversation to monitor for certain patterns of words that might indicate wrong-doings"

Lets face it, the public sector is so far advanced in terms of tech stuff that the government is just freaking. So what do you do when your freaking.....something stupid and unconstitutional-ish

Fidnet == FUDnet

[ultra1]

Watch out everyone - the big bad cyberterrorists are gonna get ya. You need good ol' Uncle Sam to Save You and Protect You from the Bad Guys of the world. BOOGA BOOGA!!!

Next they'll be telling us it needs to be done to Protect The Children. Oh wait, they've already done that :-P.

I hope the knuckle draggers over at the NSA and the FBI get absolutely swamped with people using free encryption software. In fact, I hope they choke on it.

Anarchism

[nmarshall]

there is a lot to anarchism. ie righthanded and lefthanded, then there is the crasies..
read Illuminatus! by bob wilson to get an understanding of anarchism...

and there are no contradictions just perceptions...

nmarshall
#include "standard_disclaimer.h"
R.U. SIRIUS: THE ONLY POSSIBLE RESPONSE

Libertarianism, definitely

[mosch]

I suggest that everyone take The World's Smallest Political Quiz if they haven't already.

Encryption up the wazoo!

[Colol]

Why worry about all this? The simplest solution would be to hack your preferred OS to warm and fuzzy completely-encrypted status ;o) With a little work, there couldbe a major revolt against the US government. They've tried to stick their noses where they don't belong one too many times. For a country that was founded on the rights of humans, I see them quickly disappearing every time a story like this comes up. Replace all http connections with secure http. Phase out telnet, let's all switch to ssh. Use insanely huge PGP keys for everything ... Grocery lists, e-mails, anything else you can think of. ;oP If this isn't another one of those Oh-the-press-is-stupid-it-never-existed stories, like several others about supposed Bills to be passed, the US government will have a revolution on their hands. You don't have to let anyone into you home anymore, because they don't have to be in your home to monitor what you're doing. Just tap into their net connection and monitor the bits and bytes flying by. "Unalienable rights" comes to mind, among other things. Enough ranting for now.

makes me wonder

[capt.+eyeball]

...what it is that people are doing to be worried about being caught in the first place. I mean privacy is one thing, but usually people use it to hide things that they are ashamed of.

I'm not worried. I haven't done anything to be ashamed of. You can monitor everything that I do all you want to. The problem comes when someone (i.e. congress) passes legislation that makes what I do illegal. I'm more concerned about someone getting ahold of personal financial infomation who shouldn't, therefore that info is encrypted _if_ I ever transmit it electronically.