Slashdot Mirror
Ask Slashdot: What's the Real NSA Like?
"The National Security Agency, is actually an organization of geeks and nerds parallel to the role of Q in James Bond. They arm the government (CIA, the spy agency; FBI the government police, and the military) with cryptographic systems to protect the missions of those other organizations, and they also have the job of trying to break the cryptographic systems that might be in place to prevent the completion of those missions. You can see this evidenced in their behavior of attempting to block the export of "strong cryptosystems", because that merely makes their job harder.
In all honesty, you will find that the charter for the NSA has a Top Secret clearance level, so we may not actually know the true ajenda of the group, but since they are solely populated by scientists, mathematicians, and engineers, the stories of their involvement in Danger and Daring Do are greatly exaggerated. I would doubt that many of them have ever held a gun before.
So in my not so humble, but somewhat educated, opinion, the popular view of the NSA is fairly inaccurate, and confusingly to me, they seem uninterested in correcting that view.
Comments welcome. But keep in mind that these are the opinions of one person based on contact through job fairs, interviews, and cryptographic history articles. "
So what image do you think represents the real NSA? Are they closer to the Spooks from Hollywood, or are they just normal people like you and me?
I'm surprised that nobody has mentioned this yet. The NSA is reportedly one of the biggest employers of mathematicians in the world. They have had decades of time to develop their own theories as well as learn from all the work going on in the open. We can only imagine the kind of mathematical wonderland the NSA must have built up by now!
I hope at some point their theorems start being declassified. It would be fascinating to know how many things were done first by the NSA (Public Key Cryptography is rumored to be one such thing) and how many others have no parallels in the outside world. Given the nature of its general mission, I'm sure that the NSA has an interest in Computer Science and Complexity Theory. For all we know, the NSA could be sitting on a proof that "P != NP" and none of us would know any better!
IMHO the problem is not that spies exist, or that someone is working on inventing and breaking codes -- those things are unavoidable. Just like there is no problem in the fact that people are trying to make money. Problems starts when the desire to have comfortable life turns into all-destroying passion to get all money and power in the world, obliterating everything that remotely looks like competition in the process (I believe, you know few examples of that) and reasonable concern about enemies' secrets turns into self-perpetuating activity with one goal -- to get all information that may exist, and find out everything it is related to. It becomes not about security -- it approaches logic like this: "we have found that some random guy went to the airport, and now can find all people who went to the airport -- we now must at any cost make it possible to determine why, and become able to do so for every guy who went to the airport. Or into a gun store. Or into any suspiciously-looking meeting".
No goals, no justifications, no restrictions -- just have to do because in theory we can. There are satellites that carry phone converstaions? We must pass everything through our listening stations, or our missions will be considered failed. There are internet backbones? We won't sleep well until we not only would be able to listen to any particular transmission -- we have to make it possible to listen to all transmissions, simultaneously, and with all possible kinds of filtering/searching/recording. (And there are two guys with smoke signals? We don't care if someone will die, but we must have all their messages). There are laws that forbid us from spying on our citizens? Sign agreement with some other spies to bypass those laws.
What for? Why infringe on people's privacy in cases when it's forbidden by law, and is absolutely pointless for national security, except for cases so rare and unusual that it can't possibly justify the damage caused by spying and especially spying-supporting measures, such as crypto restrictions? After all it damages exactly what it is supposed to protect -- society, its laws and economy.
I'm afraid, the answer is the same as in the case of money -- just like Bill Gates has no use for his billions, and keeps his world conquest efforts just to prove himself that he is not a loser (who he absolutely certainly is -- life of maniac is pretty miserable), "spook agencies" have no use for a lot of information, yet collect it to remain busy, and to be proud of being the largest waste of money in the world.
IMHO if they were rational, they would know that some things are worth spying, some aren't, and some shouldn't even though theoretically they can be of some use. No matter how well funded NSA or even FBI, or even ECHELON will be, they will have no chance against suicidal school shooter (ex: Columbine). And some well-developed technology plus a lot of "normal" intelligence activity will give more useful information to the army (like, location of buildings in hostile countries) than millions of hours of randomly recorded conversations, especially considering that ones that are really "interesting" are still very likely unbreakable in the time when they are still useful.
I don't think that they really are listening to everything, so I may be exaggerating things, however the problem is, their goal is to be able to listen to everything all the time, no matter how useless it is.
Contrary to the popular belief, there indeed is no God.
There is one unusual thing that seems to be limited to their(?) jargon -- abbreviations (but not acronyms) or even complete words written in all caps -- "COMINT", "SIGINT", "COMSEC", "MOONPENNY".
Commercial companies use BiCapitalization with complete words, glued together (lack of creativity, insensitivity to ugliness, treatment of language as a playing field in grab-a-trademark game), government uses acronyms (sounds obscure and important, requires some "inside" knowledge to participate in an argument), but computers geeks language is different. In normal speech only acronyms are capitalized ("TCP/IP", "SMTP"), other kinds of abbreviations are rare and mostly one word (that however may be leaked from a programming language), or abbreviated (or otherwise odd) words in plural, converted to verb, etc.: "sig", "grep", "caps", "sigs", "ifdefs", "to grep". All caps are used in:
I am not familiar with military jargon, it may be from there.
Contrary to the popular belief, there indeed is no God.
I also like the fact that I personally have easy access to 128-bit encryption but that the average stupid criminal doesn't.
Why do you think criminals can't get 128-bit or better encryption? Just because US citizens can't export it does not mean it does not exist everywhere within and without the US. Terrorists in country X are not bound by laws (by definition), let alone US laws. Do you really think encryption is the unique invention of Americans?
And can I get some of that great crack you're smoking?
that budgets can be motherlodes of unexpected info
That is very true, and is an issue. It would be somewhat helpful if secrets were given an expiration date to allow for some sort of checks and balances. After all, other than avoiding embarassment, what reason can there be for keeping pre -WWII information classified? Are we really afraid Saddam will attack us with a fleet of top secret Sopwith Camels?
National security.
The problem isn't their goal, but how they define it and the means to that goal. For example, many people are of the opinion that either the Demicans or the Republicrats are bad for the country. Or that they are OK, but the upstart independants are a bad thing.
Many times, government agencies have decided that a particular fact being in the news would harm national security. Watching how a group of poor black men died of syphallis while telling them they were recieving treatment was once defined to be in the interest of National Security (tm, pat. pend.) At one time citizens of Japanese descent were put in concentration camps in the interest of National Security.
The point is, when you're in power, it's amazing how whatever is good for you is 'in the interest of National Security'.
There isn't some super-secret multi-billion dollar slush fund to pay off spies everywhere.
Considering that their budget is classified, how do we know that? We do know that some people working in the private sector were paid well to engineer faulty crypto products for embassy use.
working unknown to their employer for the NSA
www.aci.net/kalliste/speccoll.htm
http://www.interesting-p eople.org/archive/199610/0041.html
Of course, you backed up my statement for me. Note that I do not claim that there is an ongoing operation, I am just pointing out that it isn't exactly unheard of, and that with congress and the public being kept in the dark, we can't say it isn't happening.
If you can find it, get a copy of "Puzzle Palace". Written by a fellow that retired from the NSA. It's got just about everything you ever wanted to know in it.
Hmm. Interesting:
./queso www.nsa.gov:8080 ./queso www.nsa.gov:80
wolff/queso-980922#
208.212.172.33:8080 * Solaris 2.x
wolff/queso-980922#
208.212.172.33:80 *- Linux-2.2.x or Freebsd.
-- Roger.
I'm floored by the credulity of some people. Time and time again the media expose the scams pulled off by our government's secret organizations and yet there are still people out there who still say to themselves and anyone who asks that they don't know what a secret organization does, but that they're certain it's beneficial and just.
It's sad that the citizens of democratic countries glory in their governments' secret organizations. Government organizations that keep secrets from the citizenry obscure the powers and actions of the government. But in a democracy, the government's power is lent it by the people. Its actions are authorized by the people. It is no less rational for the people to give up the right to observe what their government is doing with their authority than to give up the right to vote; the results are the same: the usurpation of their power.
Perhaps the nation's security demands that the government keep some secrets, but we permit our government to keep secrets from us only reluctantly and mindful of the threat to democracy that secrecy poses.
It's no relief that there are "only geeks," so to speak, in the NSA. One of the problems with our democracy is that too few Americans are willing to exercise their moral autonomy, to get informed, or to clarify and assert their values at the polls or in the workplace. In my experience, geeks are a little worse in this regard, on average. So we're probably a little worse off for there being "just geeks" in the NSA than spooks a la James Bond.
The African dyoung stays cool in its burrow during the daytime, coming out only at night to forage for food.
> Many spy thrillers have claimed there is another classification above Top Secret, without needing to shoot me, can you confirm or deny that? :)
SCI: Special Compartmentalized Intelligence.
It's not any more secret than Top Secret, but it has more stringent rules concerning its distribution. Having Top Secret clearance doesn't automatically clear you for SCI. It's the codified definition of "need to know". SCI information viewed on computers is done in a separate room on separate wiring where even the nearby water pipes are electrically isolated. Very secure stuff. But otherwise a well-known level of security.
The stuff more secret than that is the stuff that doesn't have a classification. It's the stuff the president or the director of the NSA or CIA says to another aide "don't tell this to anyone, ANYONE, got it?" In other words, pretty much all your extralegal stuff.
I've finally had it: until slashdot gets article moderation, I am not coming back.
According to Bamford's Puzzle Palace, the NSA employed over 68,000 people back in 1978, making it larger than any other US intelligence agency. With the increase over the last 21 years in telephone traffic, cell phones, the Internet, etc., and in the corresponding US law enforcement reliance on COMINT, that number must surely have grown.
So you're from Down Under. Ever heard of Pine Gap? Bamford describes it as being in the Australian interior some eleven and a half miles from Alice Springs. He described it as being a listening post, receiving information from NSA satellites, and eavesdropping on Australia, New Zealand, and southeast Asia. Another NSA installation Bamford describes is in the Woomera Prohibited Area, 600 miles southeast of Pine Gap. Bamford wrote over 20 years ago, though, so those operatios may not be operating today.
--JT
And there's also David Kahn's The Codebreakers which is a comprehensive survey of cryptology. And I do mean comprehensive: he goes back as far as 1900 BC, describing unusal hieroglyphics on the tomb of the nobleman Khnumhotop II in Mene Khufu on the Nile. From there, he works his way forward. I'm hoping to finish this kilopage tome sometime this year so I can move on to Cryptonomicon.
--JT
Ok so they have something in common with the rest of us.
Here's something they don't have in common with the rest of us.
When the Congress subpoenas information from you company usually a letter from lawyers that says 'sorry, atty client privilege' is not sufficient to end the inquiry.
The president definetly should NOT ever have top secret clearance, unless in the case of war, where (s)he should be allowed to know everything relevant to the situation at hand. The presidential post is pretty much a revolving door. New presidnt every four or eight years. That's a security issue. Generals, etc... can and do recieve higher security clearances than the president, because it's their job, and #2, barring unforeseen circumstances, a high ranking military official last much longer than the president (in terms of staying in a role where they would need to have the clearances they do.)
However when I read this post, I was immediately reminded of Pine gap (etc.) and the fact that we (through the British) once effectively overthrew a duly elected Australian administration (ousting the PM) because he asked too many embarrassing questions about intelligence actvities at massive US intelligence installations in their own country.)
I just thought I'd provide that bit of background so his post could be properly appreciated (I hope that I haven't misread the Australian's intent) since I know thesefacts are not widely known in the US. We don't just mess with banana republics (Chile, Allende) or even 'darkie' NATO allies (Greece, where we actively assisted in a military overthrow of of a democratic parliament)
I say 'darkie' because, though many of the principals were unprejudiced and principled, the overall institutional outlook seemed to be -well, racist isn't quite the right word, but it's close.
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
"Grave Damage" is the definition of Top Secret in the U.S. security agencies.
:-)
"Serious Damage" is Secret, and "Can be expected to cause damage in some degree" is the weaselly-worded definition of Confidential.
Seems like we could classify nearly anything as Confidential if we wanted to.
Illegitimi non carborundum
I was a radioman in the USN with a TS/CRYPTO/SBI
ticket. I worked down in Key West in the mid 70's
at a receiver station. We ran most of the crypto
gear for comms at the base. Most of the crap the
NSA collects is total junk. We snooped Cuban broadcasts "TV, radio" typed it up and sent it to
FT. MEADE via TTY. Typing up Casro's 4 hour
speeches was not fun. Scan the net for FBIS, they
are a NSA front to collect overseas broadcasts.
The only time I had any real contact with a NSA
agent was for a lost key card on a KWR-37 crypto
unit. We set the key card down on a table and it
got stuck to the back of a clipboard that had a
wad of gum on it. You DON'T want to lose a card!!
If you do everone in the world useing that keylist
has to dump the correct card and use a spare. After searching for the card to two days we found it. I had visions of 10 years in jail during that
time.
In GOD we trust, all others we monitor.
Isn't satellite monitoring the responsibility of the NRO?
The NRO is responsible for visual spy satalites, i.e., pictures of things the enemy is doing.
The satalite stuff the NSA does is to intercept electronic communications (voice and data), so the NSA can monitor and attempt to decrypt enemy message traffic.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Undoubtedly, their charter mentions the benefit of the US and the US alone, but wouldn't it be cool if the effort could be expended (and the equipment and resources) working on something that will benefit everyone, not just those who have signed the right agreements with the US.
-- Evan Read
Linux -- "It is computing, Jim, but not as we know it"
"The future comes 60 minutes an hour no matter who you are or what you do." The Screwtape Letters - C.S. Lewis
I work in Natural Language Processing at my company, and I work on summarization software for them. It seems that it's difficult (damn near impossible) to keep up with the flood of information that is now available in the open. Never mind the encrypted stuff! I don't know what exactly is going on there, but they listen to everything they can. FWIW, one of my co-workers claims that they are very good about avooinding listening to anything involving a US citizen once they know they are. All I can say is that if they are doing something they shouldn't, well, most people in my department are also very strong advocates of strong crypto, and wouldn't trust anything that the NSA approves.
Anyway, he also once told me that when the movie Sneakers came out in 1992, the NSA actually issued an order to all its employees stating that under no circumstances were they to comment to the press or anyone else on the movie's validity (the movie deals a lot with the NSA). Apparently, the movie was very, very accurate in its depiction of the NSA, and even included quite a few details that had been top secret. And aside from all that, it's a pretty good movie, too. :)
Hmm,
Everyone at NSA is a nerd.
All nerds read slashdot.
Every reader of slashdot can be a moderator.
:. some of the moderators work at NSA
Think I better read those Anonymous (score:-1) posts:)
Almost amusingly, the government started thinking about regulating the distribution of manure fertilizer, because it was (supposedly?) a fertilizer bomb in that truck. The talk went nowhere.
My guess is that Congress started thinking about it, but realized that once they banned the slinging of bull???? that they'd be out of a job.
--The basis of all love is respect
I don't know if misclassification is a problem unique to the States or if it happens everywhere. But when you have a department of spooks, they often feel the need to classify information that has no need to be classified. Often, this information is embarrasing rather than strategic. Especially in the States, any government information that does not have to be classified has to be released.
The NSA itself is a secret organization. For a while, its mere existence was classified. Why? The US could have simply gone public and said "We are forming a National Security Agency, which will specialize in cryptography and counter-cryptography". How would that have caused harm to the States? Everybody assumed that this was happening anyhow, since we were code-cracking in WWII.
OTOH, there are a lot of secrets that we should keep. Look at the F-117 Stealth Fighter. The ability to keep that under wraps for so long until it was used in a war kept other forces from getting a head-start on developing countermeasures. Once it made a wartime appearance, we could publicly reveal the weapon, as our enemies had seen it already.
Currently, the NSA is so secretive that its entire budget is classified. I cannot imagine any need for an agency's entire budget to be classified. I can imagine a need for large parts, perhaps the majority, of the budget to be classified. But for crying out loud, how much are these guys spending on #2 pencils?. All that gives away is a clue into the NSA's headcount. Maybe. (Unless, of course, they are working on the dreaded pencil-gatling).
America needs to keep secrets. It needs to keep a lot of secrets. But it is keeping a lot more secrets than it has to, and thus a lot more secrets than it should.
--The basis of all love is respect
NSA is a very hardworking agency. If one wishes to tell how hard they work all one has to do is to check the parking lot at Fort Meade at about seven at night. I have done so. The lot is full of cars. It would seem to me that the media blows their involvement in gunfights and terrorist actions way out of proportion. NSA's main job is to provide the president with info, not go out and blow the world up. NSA still plays a very important role in what goes on in the country. They have their own advisor to the president, while some agencies do not like the DIA . I think we appreciate the work they do in keeping our nation safe far to little. I believe that we think like that because of the media. Someday perhaps, thier archives of records will be opened and we can come to a true understanding of everything they do for us.
Is it progress if a cannibal uses a fork?
I once met a guy at a Safeway store in Laurel, Maryland; which is perhaps at most 5-6 miles from NSA in Fort Meade. He could speak flawless Turkish, and his command of the language and his accent were probably better than most high-school educated Turks. We chatted for a couple of minutes only, and I asked him where he worked. He said he was working for the Dept. of Defense. He then cut the conversation short and told me that he had to leave, walked to his car with a Maryland licence plate and left.
I used to study at a university where NSA has a research facility disguised as an administrative building in a remote area of campus, and there used to be lots of NSA-sponsored grad students around. (University of Maryland, College Park) All of those students will tell you that they work for the Department of Defense.
Zigbee Central: A Zigbee weblog
I think that the best way for this problem to be solved, would be for a government agency to obtain a code breaking computer, and operate it publicly. It would require a warrent to use. Then they could encourge the use of strong crypto, at least dommesticly. Internatioally would be a bigger problem, but it the millitary operated simillar machines in the public eye, it may work.
The problem with this is that it would require the NSA to admit they have the technology to crack strong crypto (granted that they can, but with their budget and personal, it seems likely). It would also stir up many paranoid people, who would only see it as more evidence that their being watched.
I know many paranoid people would consider this even worse, i think that it would be a huge step forward. I would hate to see a child molester get off because he encrypted the photos that he took and then just got rid of the key.
Anyone remember the Hunt for the Red October? And its send-back to the authour for rework?
That book offers a lot of insights in to who is really in charge in the US.
In Canada, we have CSIS. Noone ever seems to have even heard of CSIS. (Canadian Security Intelligence Service), and they keep getting in trouble with the mounties. A couple of years back, they were informed by the RCMP that they did not, in fact, have the authority to use wire-taps without a warrant and permssion from the RCMP.
The RCMP, on the other hand, afaik, does do internal spying, to make sure no one is doing spying on our country. (Like Canada has any military secrets, anyhow.)
The NSA, from what I gather, is a bunch of laptop toting geeks who are endlessly obsessed with breaking codes, tracking technology in foreign countries, know who's doing what, when, and how, and reading slashdot.
They are secretive, but I can't think of a government agency, of this nature, in any country (KGB anyone?) that actually tells the country what they're doing.
Its not in the government's best interest to spy on its own citizens and not tell them anything that they are doing. The populous is a gigantic mind that has been taken by social darwinism, and has an interest in protecting itself. It builds itself a government to protect it and choose what to do to get to that end. The NSA is just a reaction to this. It is there to figure out who is doing what, when, and how, that could possibly jeapordise the safety or survival of the populous. It is _not_ there just to see if they can break code.
To them, seeing someone using stronger encryption sends a flag to them saying 'I wonder if this person has something to hide" and they want to make sure they don't.
Just my $0.02 (add GST if in Canada)
OFTC: By the community, for the community
Um, not that I like getting off topic even more, but have you ever heard of reaganomics? Reagan was a supply sider who relied on unproven, wishful economic policies that ulimately hurt the economy. He believed in big business tax cuts -- while cutting goverment spending -- hoping that it would take a turn for the business cycle. Well unfortunately, cutting goverment spending while cutting taxes for big businesses, is more like a trade off. They both offset each other, leaving the economy where it was before. If anyone here has ever read any keynesian literature, they would know that much government spending is automatic stabilizers such as unemployment insurance and welfare. The problem with stagflation (higher prices[inflation] and lower output), however, is that you dig yourself a hole that is hard to climb out of. Therefore, it's a good thing that sound keynesian economists like greenspan are in power today.
In times of economic prosperity, where inflation is starting to show its ugly face in the gdp deflator or core cpi, it's smart to raise interest rates and cut government spending. Just as it's smart to increase government spending and decrease interest rates during the dips in the business cycle. Yes, general economic theory does state that as inflation rises, so will employment. However, fiscal and monetary policy have to be working and reacting in the first place to adjust for unknowns such as high rising oil cartel prices (happening now as in the 80's)-- otherwise you get big dips and peaks in the business cycle.
----------
My NSA?
;)
Kinda like the Springfield Nuclear Power Plant where Homer Simpson works. Lots a little switches and do-hickeys. All scientific. Everybody is a phony. High security sure, but layed back work.
They definately have doughnuts and vending machines. O ya, and they crack code nobody else can. But who care about that?!?
And the biggest parallel of them all? -- Evil Bosses...
Mr. Burns = US Goverment
:p
-----
So in my not so humble, but somewhat educated, opinion, the popular view of the NSA is fairly inaccurate, and confusingly to me, they seem uninterested in correcting that view. -- This is their method. They reel ya in with this "educated outsider" approach. Aren't interested in correcting it - nah, that's what this guy's doing.
Now watch, tomorrow morning I'll have a "heart attack," right after my computer is stolen by a "burgular".... :)
--
you must amputate to email me
i read all replies to my comments
While I was still working for the Treasury Department last year, I was asked to do some research on certain technology businesses, but the one article that caught my eye was about the number of people from the NSA who were leaving to go work for RSA or Netscape or such designing crypto systems from 3x what they were making at the NSA. One of the comments was from a guy who had worked at Ft. Meade before leaving, and had mentioned that while there was nothing like being launched off the deck of an aircraft carrier (I would assume on an E-2 Hawkeye), he was enjoying his new job (and extra money) even more. The article made a point of mentioning that the NSA was having a hard time keeping people on after the usual four-five year stints they spend out of college. They'd get experience working on crypto for the government, and then when the time came they'd jump ship to go work in the private sector, and this had become a bit of a problem even to the point of NSA starting to offer even more money, but they just can't compete. It reminds me a lot of the numerous people I know who have left the military or just the numbers of people leaving the military because the rest of the DoD is investing so much in things like the F-22 that they can't afford to pay (opinionated) decent salaries to the guys who actually work on the tech.
Just kidding Gary...if in fact that is your real name, after all, Anonymous Coward is my real name. wait a sec,some one's knocking at my doo ~h?#~~~~DISCONNECT
When my dad was in Vietnam (5th Special Forces) his team was under the direction of the NSA and he answered to them. So I don't know if the NSA carries guns themselves, but they can control those that do. Their charter (or whatever), Executive Order 12333 of 12/4/1981 states "The Information Assurance mission provides the solutions, products and services, and conducts defensive information operations, to achieve information assurance for information infrastructures critical to U.S. national security interests." To me, this would indicate that they can proform "operations" to gather information for "national security interests". Sounds like employing spys to me. FYI: my dad's missions involved being in countries that the US was not supposed to be involved in doing recon.
Probably true, but they do have field agents; what sort of activities these guys do is anybody's guess. One interesting piece of trivia is that the first American casualty in Viet Nam was an NSA agent posing as a USAF SSgt.
They're also doing some of the leading work in things like computerized face recognition. They've already got this working surprisingly well, and claim that it's far more accurate than a fingerprint. 'Course if they admit that much, who knows what they've actually got going there; maybe it can guess your weight too. ;)
The most interesting thing to me is that they have their own fab; they can design and build all the custom chips they want in house. I'd be willing to bet they've commited some sweet things to silicon in there. It's also interesting to note that they say the fab is for designing chips for the purposes of encryption, not decryption. Personally, I wonder how big a wink comes with that statement.
The NSA has a CM-5. I know, because I saw it. Sitting idle in the public museum. With other 'outdated and useless' computers (like a Cray XMP and a big robotic disk loader).
So if they don't use a CM-5 because it's obsolete for them, I shudder to think of what they do use. Although god forbid they should sell the old mainframes to people who could give them good homes. Quake's been ported to the Connection Machine, right?
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
I never said this was a fact, and I even said that this is _NOT_ a conspiracy theory. All I was stating was that I thought it was weird that she'd know shitloads about everything else, but when it came to PGP specificly she wouldn't answer any questions. From her reaction, I got the impression that there was something else going on other then her just not knowing. In fact her answer wasn't "I don't know" but rather "I can't discuss that" (not verbatum). I probably should've said this earlier though ;)
As A Class Level C security holder, I must now take all of you in custody. You have discussed a three letter anacronym that shall not be observed without the proper clearance, which we all have not * since the reason why I have not said ...SAID anacronym *
Seriously folks, my father and I have both worked for the intelligence community, and it is NOTHING LIKE we see in the movies.... Especially the NSA,
Picture a bunch of tie-dyed dead-head ( oh Hell forget the stereotypes) THEY ARE GEEKS JUST LIKE SOME OF US!!!!!!!!!!!! they just have better paying jobs with more security concerns than the average BOFH (like me)..... Like DLR said on "Everybody wants some"..... " come on guys.... Gimme a break "
-- Life: Hate the Game... Love the cereal
They also said that it was able to brute force a regular unix password in less than a second!
:-)
A modern day PC can brute-force a typical UNIX password in under ten hours. Far less for a password based on a dictionary word, etc. Put a supercomputer on it, and I'm sure it won't take long. This is why we have shadow passwords...
I figured if she would answer my question that it'd be that they attack the seperate components of PGP, but since she _didn't_ answer it, I assumed that they know of a weakness in it
More likely, she just didn't know. The biggest misconception people have about large government agencies is that they function as a single unit. That is contrary to one of the most basic rules of security -- unless you need to know, you don't.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
If you're interested in the NSA James Bamford has done a great job writing a history of No Such Agency, _The_Puzzle_Palace_ It doesn't have the latest developments (written in the early 80's) but it's about as good as I think you can get being on the outside.
They also have a homepage: http://www.nsa.gov:8080/
The NSA is an organisation designed and designated to, in secret, subvert both American and non-American privacy and freedom for the larger cause of "national security" (and to some extent even some international security).
... you know the cliche.
/. is like a steer's horns, a point here, a point there and a lot of bull in between.
However, national security is a thing of the past. What threat is their towards american national freedom? Really?
There is only one enemy left, and it is only as dangerous as we are letting it be (for reasons of commerce) and actually more interested in the continued repression of its own people then anything to do with us (hmm, I wonder if Chinese people can access Slashdot... and if they do??).
Instead, the entire intelligence community, which, no doubt, is undemocratic in the very secrecy of its nature, has gotten so happy with its own unbarred existance that it just is not about to let go. To some extent they try to justify their actions in the public eye by speaking of the horrid, but largely imaginary, terrophiles from which they are keeping us and our children safe, but to an even larger degree they don't need to defend themselves. Shadow organizations like the NSA already have their claws so deep in the bumbling, populistic, corrupted to the bone political climates like Washington, that they simply are not under any threat at all.
SAFE will never pass. The NSA knows it, we know it.
What I wonder about, more than anything else is: Where does the NSA find new mathematicians?
They are the largest employer of mathematicians in the WORLD, meaning they are picking the best and brightest of maths majors like me right out of university and using them in a work that is shifting from subverting the freedom of people to the useless struggle to keep an organization with no use alive.
Why do people do it? As I see it, it must either be ignorance or cynisism. Either because they, like the scientists who worked away building bombs and rockets for the Nazis, are too enclosed in their work and research to look even one second at what they are doing, and who they are doing it for.
Or, because they share the simple, yet dark, conviction that a free society needs to be schimera in order to exist. That man kind simply isn't capable of being free without destroying itself. That out of arrogance for people they are doing them a favour by deciding their lives for them.
And maybe they are right. But then I say we might as well let things take their course. Give me freedom or
-
> The RAND Corporation's Netwar report, prepared
> for the U.S. government, recommends that the
> govt assists repressive governments in defending
> themselves in struggles over their reputations,
> and that repressive governments can do this with
> a variety of dirty tricks and covert operations.
You obviously didn't read the summary... The
whole point was that a repressive government was
vulnerable to a netwar if and only if it is:
1. In a state of political flux
2. In the process of opening up political freedom
3. Requiring greater world participation in its
economy.
Thus, only states which are becoming more
liberalized, with greater personal freedoms and
are starting to actually participate in the world
economy and wish to benefit from international
trade are vulnerable to this sort of attack.
Looks to me like the whole concept of a netwar is
empowering a minority to harass a (silent?)
majority. Hmmm...
So... A radical revolutionary group who wishes
to overthrow a burgeoning democratic government
starts a netwar and sets them back 10 years
because there's so much apparent trouble in this
country that nobody wants to do any business with
them. Thus, even though it is the growth of freedom in such a country which provides the
tools necessary to do public damage, and
Don't like my sig? I don't either.
I'm sure the NSA is far less scary than Hollywood would have it, unless you happen to be on their short list anyway.
I guess the major question in my mind is the degree of autonomy they may have. Presuming they are effectively reviewed and controlled by our government and not a hidden branch of it, there's not much more to fear there than with the military. Just make sure the politicians don't use them inappropriately. How you can do that without knowing what the NSA is up to is an interesting question however. Amounts to electing those you trust, which leaves some of us a little unsatisfied.
In view of the lack of normal feedback over operations I consider a distrust of the NSA a healthy thing. If they tried something really horrible, and it got out, people would believe it. You might consider Echelon an example. So they have to be a little careful, both in their security, and not doing stuff that's too embarassing if they get caught, because eventually, everything that's really juicy leaks.
I can corroborate your view- I attended Presidential Classroom in summer of '97- our program coordinator was "flag"-level clearance at teh NSA. (if you don't know, maybe you don't want to) We had a walking tour of the facilities, and this much I can tell you- #- The NSA is the #1 recruiting center for "theoretical" mathematicians (number/ring/field theory, abstract/linear algebra, analysis) in the world. (approximately 70% of the talent pool) Read their recruiting page (easy enough to find)- at least the NSA realizes that pure mathematics eventually advances all of technology. #- Where we visited, the people were quiet but friendly: to sum up, there are numerous signs with 50's-style comic-book people waving their fingers and saying "Remember, no confidential talk." #- The NSA is an impressive R&D dept. in their own rite outside of cryptography- the projects we were "allowed" to view included: high-penetration PCMCIA wireless-LAN (at the time of my visit, 1000 yards through concrete and steel); fingerprint pattern recognition via embedded systems about as big as a credit card (dead serious- we were told to expect it to be a standard in about 4-5 years);and finally, natural language recognition that gives Dragon Naturally Speaking (?) pause. (so far, Spanish, Japanese, and certain dialects of English are recognized) It's an impressive facility, and I would encourage anyone who wants to know more to take the tour- there ARE certain things that the people who work there can tell you about. Not EVERYTHING's top secret.
Are the ones we catch. The ones who get nominated for Darwin awards. The ones who fail.
You will never see a smart criminal because they don't get caught. They get elected for office, own corporations, control institutions, etc. They figure out how to use the system to their advantage.
They probably aren't that different than successful businessmen, excepting that successful businessmen also, as a side effect, benefit the country, the people, or the economy.
-AS
-AS
*Pikachu*
The NSA may just be a bunch of geeks, but the power of geekhood may be used for good or for evil. Don't forget that Hitler had a huge crypto department, too, with Enigma and all. Just because an organization employs geeks doesn't mean that they're doing things true geeks/hackers would approve of. It just means they require skills that only geeks have (math & coding primarily) and are willing to pay for those skills.
Crypto in the hands of the mafia, or kiddie porn peddlers, does society no good. Crypto in the hands of honest citizens who value their privacy does society no harm. It's a shame that the NSA, the treasury department, and our government have taken the first as a reason to hinder the second.
I am the king... of No Pants! www.penny-arcade.com
---- aut viam inveniam aut faciam
In fact.. based on this model of what the NSA is and isn't... many of the people reading this are members of the NSA... /. is afterall 'News for Nerds'.
NSA MONDAY MORNING {at the coffee machine):
NSA AGENT 1: Hey guys, did you check out slashdot over the weekend?
AGENT 2: No, I was installing Mandrake 6.1 and I coulnd't get the darn ppp connection up..
AGENT 1: Well check it out... they're on to us.
/* CDM */
hi, i'm neko, and i work for the nsa. (crowd replies "hi, neko")
:) ). we aren't freaks, and i can attest that we're not all brainiacs (don't make me recall some bad examples *shiver*)
seriously, i'm a korean linguist, and while i put on an air force uniform to go to work, it's the nsa which really calls the shots. although i've not worked in the nsa headquarters in maryland (i don't plan on it either, since it just means getting bounced back here to korea every other year, and korea's not bad anyway), i can tell you what i know from my perspective (well, not all of it, of course).
to be honest, what we do we regard as Just a Job. granted, a deadly serious job, but that's as maybe, it's still a job. we don't go around talking spy talk or codewords, i've never met agent 99, we don't hack into you computer at night, and we spend more time than any of us will admit irritating each other with stupid practical jokes just like everyone else (we locked our flight commander in a phone booth the other night, that was a sight
as for specifically what we do, i of course can't say much about it, but suffice to say that no, we don't spend our time spying on americans, or south koreans for that matter. in fact, there are quite explicit guidelines about making damn sure that we don't. as for the 'black helicopter' conspiracy perception of the lot of us, i have to say it's pretty much bogus from what i've seen. personally i thought the earlier story regarding bar codes with social security number being placed on high school students to be far more disturbing than anything i've seen here. we sure the hell don't do anything like that.
in short, if you don't believe anything i've said here, and hate us because of some book you read or something on dateline, then fine, that's not our job. just remember that our job is to help prevent wars, and help minimalize the loss of american lives in case one breaks out, and i think we do a damned good job of it. i know south korea is happy to have us here (and they do know exactly what we do, sicne we work with korean soldiers side by side), even if you're not.
-- the opinions stated above aren't those of my employer. in fact, they're probably not even my own. you know what, ju
NSA job requirements:
- Degree in computer science/engineering, electrical engineering, math, or whatever language the enemy is speaking today (Arabic languages)
- U.S. citizenship of you and your immediate family (though I hear this is sometimes waived)
- Ability to pass a detailed background check for security clearance
That's about it. The NSA has all sorts of educational programs, such as one I am applying for where they will pay for your college education if you go to work for them afterwards. Free college, guaranteed employment, and if you're really good private enterprise will pay 'em off and you go work for someone else.
From what I know (based on a Discovery Channel program) they have their own chip manufacturers in their main headquarters making processors for a warehouse-sized supercomputer submersed in a non-conductive coolant (which is located in the basement). They also said that it was able to brute force a regular unix password in less than a second! Thats 30 Years of computing time for those of us with a pentium.
A woman from the NSA recently came to give a colloqium for the math dept at my school. One of the things she talked about was cryptography and why the NSA doesn't like us having large keys. One of my questions was why the NSA has never (as far as I know) attacked PGP. I figured if she would answer my question that it'd be that they attack the seperate components of PGP, but since she _didn't_ answer it, I assumed that they know of a weakness in it (maybe some type of multiplication by a number). I've been speculating ever since.
I used to work for a USAF contractor developing COMSEC (communications security) accounting software. I can tell you that that primary role of the NSA is making and breaking cryptography. (If you want to speculate wildly on secondary roles, be my guest.)
Ironically, the two parts of their major role are polar opposites. On one hand, the NSA researches new crypto systems, evaluates and approves third-party (i.e., commercial) crypto systems, generates and distributes key, and provides infrastructure to keep all that running.
On the other hand, they are constantly involved in trying to break enemy crypto systems -- providing COMINT (communications intelligence) and SIGINT (signal intelligence) to the rest of the government. They're generally not involved in classic Hollywood "spy stuff". They don't have agents (ala James Bond), domestically or abroad. That's the domain of the CIA.
To the people in the field, the NSA was a source of bureaucracy and paperwork, but did not inspire much fear. The expansion "National Stupidity Agency" was far more common then "No Such Agency".
Which is not to say the NSA is not extremely paranoid. It is. The rules for EMSEC, COMPUSEC, and the like are a royal pain in the you-know-what. The NSA invented them all. But there is nothing "secret" about those rules.
Incidentally, the NSA is trying to get out of the business of generating and distributing crypto key, because it is damn expensive and rather impractical. They distribute over something like 200 tons of crypto key annually. At the same time, however, they want to maintain full, draconian control over everything. The resulting conflicting efforts would be amusing if my tax dollars weren't paying for it.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
For example, Ronald Reagon in the early 1980's purposefully caused the recession at that time. Inflation was at 14% and getting worse. According to economic theory, you should be able jack up interest rates, throw millions of people out of work, and within a year the economy will recover, but resume at a much lower inflation rate.
As it turns out, Ronnie was right. But try explaining that to the people at the beginning of the recession who lost their jobs. I'm sure if they really understood how much control the government has over whether or not to force the country into a recession, they would be majorly pissed off.
Likewise, consider US cryptographic export restrictions. While its theoretical purpose is to make it easier for the NSA to spy on foreigners, it has the weird effect of reducing encryption within the United States. The average person in the US uses 40-bit encryption. Lots of products (such as the new AirPort wireless LAN) use 40-bit encryption because of this, even within the US. I think the government really does understand that export restrictions really have an effect on the encryption used by their own population.
On the other hand, I like low-inflation, and I also like the fact that I personally have easy access to 128-bit encryption but that the average stupid criminal doesn't. In other words, I think I like conspiracies. :)
My grandfather was an agent of the NSA, and so I know a little bit about it, but most of my knowledge comes from everyone but him. He never really talks about it, but I have to wonder what a WWII vet and a NSA employee would think of Cryptonomicon. I know for a fact that he's good with simple cryptosystems, even though we have no knowledge of him ever working in that field. We (family members) believe that at later stages, he was mostly administrative, working on intercepting transmissions.
:)
The NSA is really an outgrowth of what was known as the Army Security Agency, in which he spent a lot of time doing something involving lots of radios and the Philippines [intercepting foreign communications]. The NSA and ASA both exist now, but apparently the NSA is essentially a workhorse agency, taking orders [more like kind requests] from the other cloak-and-dagger types. They have two basic functions, those being to monitor the world's radio traffic [if one visits Fort Meade, Maryland, they will note the large geodesic bubbles on the tops of buildings; apparently the purpose is to obscure the directions their satellite dishes point, for obvious reasons], and the other being to decrypt everything in sight. At the same time, they do advise the rest of the Executive Branch on matters of systems security and in the past, have worked on developing secure cryptosystems ["in the past" because one has to wonder whether the private sector is outpacing them in that respect and rendering those efforts outdated] and implementing them.
As far as what the "real" NSA is like, I suppose it's always been a very real phenomenon for me, and I have never really had any illusions about what they do... it appears to all simple inspections that what they do is exactly what they claim to do, except that now, they have been forced to react to the internet, and have thus extended their resources in that direction. However, at least as far as bursting in anywhere, guns blazing, I think that's most likely the last thing they've ever been involved in. The most clandestine thing I can see the NSA doing is setting up big radio antennae inside sketchy little huts in the jungle. Fun
This thread seems to say "the NSA are technocrats".
Our tax dollars hire them to spy on everyone outside the united states and find the connections between all sorts of people, their bank accounts, their friends, political and commercial organizations. They may or may not be spying on Americans as well--they have stone-walled the U.S. Senate on the issue of Echelon.
> I've heard some say they are the biggest
> collection of brains in the US. I think that's
> probably true, except for maybe RAND.
The RAND Corporation's Netwar report, prepared for the U.S.
government, recommends that the govt assists repressive governments in
defending themselves in struggles over their reputations, and that
repressive governments can do this with a variety of dirty tricks and
covert operations.
If these recommendations are being carried out, and I have seen some
evidence to suggest that they are, I suspect information from Echelon is
being used to destroy human-rights networks.
I personally believe NSA intelligence filters from
the NSA => the U.S. Army =>
to the Columbian army => rightwing paramilitary
If the NSA's powerful data collection capabilities have been used in this pursuit, American money is [indirectly] responsible for the the blood of, for example, Columbian and Mexican peasants killed by pro-military paramilitaries.
Merlin
Gary, care to expand on your visit to the NSA? Here's my story:
In '95, I visited the NSA and the National Cryptographic Museum (adjacent to the NSA headquarters). I didn't make it past the barb-wire fence at the NSA, but I did encounter a few spooks.
The front gate was unattended, so I drove right in and parked as close to the big black monolith of a building as I could. My friend and I began to make silly poses and take lots of pictures, joking that we probably weren't the only ones taking photos of us. A man in a white shirt and black tie (think Michael Douglas in Falling Down) approaches us: "Are you lost?" Without waiting for an answer, he briskly walks away. We jump in the car and head to the museum.
A group of Marines were on some sort of field trip to the museum. As they exited, an officer was giving them coffee cups with the NSA seal on them. Wearing my "Clipper Chip Inside" t-shirt, I approached him and asked how I might get one. After a few minutes of "you punks don't know the reasons the world needs the Clipper Chip...to tell you would be a breach of national security," he agreed to sell me one for $8 cash.
So, no real MIB-types. But there's certainly a spook mentality around that place.