Slashdot Mirror
Results From "Jam Echelon Day"
snotty sent us linkage to a USA Today story talking about the results of Jam Echelon Day. We mentioned this a bit earlier. Sorta a depressing followup I guess, but worth a read.
← Back to Stories (view on slashdot.org)
Although it's doubtful that echelon experienced any adverse reaction to "Jam Echelon Day", the real result was a partial success.
Most people don't have a clue as to what echelon is, or even if they did, perhaps they perceived the concept in a positive light. By having this type of protest, there was at least some media exposure. While there doesn't seem to be as much exposure as this deserves (hence, a partial success, imho), any is good. It may provide the avenue by which people can get a good wack with the cluestick.
Greater general awareness cannot be a bad thing, if nothing else, the NSA and their echelon conspiritors will have to tread just a little more lightly, and may even (God forbid) produce some answers to congress.
The media may be useless in many regards, but sometimes the blunt method of getting any information to the masses, is very useful. I'd rather have a slightly misinformed public than a totally uninformed one on matters like this.
Unfortunately, this civil disobedience thing was ill-conceived from the get-go. If we really wanted to jam echelon for a day, we shouldn't have been peppering our email with supposed keywords, we should all have encrypted *everything*.
If you really want to bring the computers at the NSA to a grinding halt, make them spend all their cycles on decrypting your shopping lists, your notes to your girlfriend, and the access logs from your web server.
Imagine, even if we all just used gzip, crypt(*), and uuencode, think of all preprocessing the NSA would have to do before they could scan the email and realize that all it said was "Cheezy poofs, ice cream, ciderjack".
(*) Yes I know that crypt is totally insecure. I'm not looking for security... I'm just looking to waste cycles on some poor schmoe's machine who's going to find httpd.log when he's done "cracking".
Better yet, why don't we all just use GPG, every day of the year?
My word processor was written by Stanford Professor Donald Knuth. Who wrote yours?
As has already been pointed out by many people, Echelon probably has filters built in that will seperate out simple lists of keywords, which is what most people were sending. Or even emails with too many keywords (at some point it becomes obvious you're just trying to draw attention to yourself. A real threat would be more likely to have only one or two keywords, if any). Someone mentioned in the original post about this topic that this list may even have originally been released by the NSA, and is peppered with false keywords that would indicate a specific message should be ignored. Even if it wasn't actually released by the NSA, they certainly heard of it, and likely adjusted their search algorithms to adjust for it (such a system would unlikely be static. What particular words constitute threats must change on a daily basis).
This kind of thing may actually do more harm than good. Assume that this prank actually did have some effect. Do you think the NSA is going to say "Its obvious our system doesn't work. Lets give up!" No, they're going to put billions of taxpayer dollars into improving the checking algorithms.
The NSA is not stupid. They've got some of the best people in the industry. And they'll be able to learn from any mistakes that they do happen to make. Jam Echelon Day simply provides them with a proving ground for their system.
If Echelon is as good as many seem to think it is, why raise all the fuss? If mere key words can't trigger it, and its actually able to tell pick "bad" intent out amongst all the other noise, what is the problem? eg: assasinate president in the name of allah, blow DC up, blow airplane up, etc etc etc.
Unless this thing returns a significant number of false positives (which it might); I, for one, am not that alarmed by this. If only terrorists and criminals are affected, I couldn't give a damn.
The issue is when they use this technology to audit anything they don't like -- abusing the power. I suppose this is a legitimate concern, but many advocates of "Jam Echelon" bring nothing but FUD to the table. They ought to give a coherant and rational argument as to how it could affect decent citizens adversely.
I was this over on HNN a while back, related to Echelon and a patent the NSA has for "document retrieval" which would, according to the information on their site, ignore the type of stuff people were sending for "Jam Echelon Day".
Basically, it can figure out what a document is about in spite of things such as keywords being planted in the document (ala the Jam Echelon plan), and is not dependant on the language of the document. It works by relating the document to a database of other document fragments, they say.
The NSA's website has some information about it, and this is the patent itself.
If this stuff exists and works, then Jam Echelon was a waste of time on the technical side - but I think the main point was to raise awareness, and that it has done.
I also can't see the NSA throwing compute resources at every single Email message with image attachments (unless they just have a statistical analyzer that tells them if a given image might have been dicked with to embed encrypted text).
Overall, I'd say that Echelon is now pretty much stuck with three classes of analysis:
Given the above and the fact that almost no one encrypts phone converstations, I'll bet Echelon gets quite a bit, but it would be easy to move data through in the noise in such a way that it would be almost impossible to detect, much less break.
How would I do it? Probably by setting up several VPNs which constanntly move random data. I would use several encryption technologies, and occasionally move small chunks of the real data over arbitrary subsets of the pipes. The real data would, of course, be encrypted once re-assembled using yet another scheme. Just to muddy the waters, I would also move chunks of the newspaper this way at least once a day.
Of course, I would only do this if I had something to hide, but these days, every business has something to hide, because you never know if your competition is bribing some lacky at the NSA to get your Email. Sure, that would be hard. Just look at the excellent security that the DOE was maintaining....
These days businesses can't affort to not be paranoid. And, yes, I know there are several simple flaws with the above, but if I told you exactly what I'd do, someone would write an engine to detect it, and that would defeat the point.
We're dealing with the best in the world here. The money ensures that.
No, what Jam Echelon Day did was accomplish the only thing we outside the system could have hoped to: raise awareness. The only way that this sort of crap goes on is because people don't know about it. Jam Echelon Day got press coverage, and that's ultimately what spooks like the NSA fear.
This is the part where we see a feature on '60 Minutes' about how the Big Bad Government is reading all of your 'private emails' (no matter how oxymoronic that term is). You'll see Mike Wallace walking past a row of Origins and talking incredulously about how our rights are being violated using our own tax dollars. He's good at that. Then, a couple of the higher-brow talk shows will include Echelon in their next 'CyberScare' episodes.
Then the congressional hearings start. That's what we can hope for. Hopefully, the violations of the rights of American citizens will be so bad that they'll dissolve the NSA or at least put it under some sort of realistic oversight.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.