Slashdot Mirror
Spies in the Forests
Adam Jenkins writes "More info on the NSA patent has been reported in The Independent.
Specifically they have been lab-testing software that can sift
through calls and e-mails in search of key phrases." Can you say 'Echelon'? Anyone who still harbors any doubts about whether the network could exist should read this.
I think not.
If they were ever to be asked they would simply deny that they're doing it, and if some sort of legal pursuit occurred it would be deflected by the veil of NATIONAL SECURITY.
I saw Phil Zimmerman speak in Syracuse NY many years ago when the US Gov't was still pursuing their investigation of him, and he spoke about the potential collision of technology, and privacy rights.
At that time (1993-ish) Phil mentioned that the NSA had just released some of their speech recognition code into the public domain, and it was several generations ahead of what the best civilian code looked like.
What does this say about the code that they're actually using.
The NSA's motto is to be 5 years ahead of EVERYONE else's technology, and I believe they are.
Bottom line:
The NSA HAS BEEN developing and using speech recognition software for more than 10 years, and will continue to do so regardless of what congress attempts to do to curtail their trampling of people's privacy rights, and regardless of who patents what.
Ignore Alien Orders
Looks like one of those John Dvorak Notes and Asides columns.
When I'm singing a ballad and a pair of underwear lands on my head, I hate that. It really kills the mood.
-Tom Jones
So, this Echelon scanning system, it relies on boldface text to trigger?
I wish I had a nickel for every time someone said "Information wants to be free".
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
I think you may be missing the point here. Just because the vast majority of us "have nothing to worry about" personally, this doesn't mean that we should not worry about the issue generally. It's very similar to the burning down of rain forrests and 10 million other such areas of concern. Is it sensible that we ignore them just because the effect on us is not personal and immediate?
Snooping by three-letter agencies does indeed seem fairly innocuous (as long as you lay undistinguished and hence unseen among the teeming masses), but what if you have larger ambitions than to live and die unwitnessed? Whatever you do, even if it's totally legal, you're bound to annoy somebody sometime, and it's not beyond the bounds of possibility that the snooped info will pop up to haunt you, because *all* information is for sale to someone at some price. You'll feel different about it then than you do now.
And longer term, what about the Terminator, Matrix, or even Borg scenarios? A system that knows everything about what's going on is a system that can kill you in the end, no matter how benign it is at the start. Don't dismiss it as "just SF". It'll be too late to say "Oops, I was wrong" when it happens.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
The reason (a partial one, at least) for many other patents is to keep others from patenting the same thing. This is exactly why NSA is doing it too. The catch here is that NSA has a special position with the patent office: the patent doesn't come public until someone else tries to patent the same thing.
As it was stated, this kind of technology is not new, certainly not for NSA. For all we know, the patent may have lain dormant for years - or a decade. Given what we know about Echelon (or rather, the rumors we've heard about it) suggest that it has been around for a long time. And you can rest assured that no matter how sophisticated the technology in the patent may sound, it does not compare to what NSA has now. Because the patent is now public, it means that regarding this particular technology, the rest of the world (well, ok, the US), collectively, is where NSA was years ago.
Ummm, no.
If you're a known member of the Abu Nidal Fan Club, Black September, Islamic Jihaad, Hizbollah... they're going to have a vested interest in monitoring you even if you're ostensibly discussing your favorite laundry detergent.
Only the dead have seen the end of war.
Heh heh heh. I wonder if anyone could try to sue the NSA due to "prior art". Then the NSA would have to admit that no, they had prior art that was unpatented, but classified. I mean, how can the government patent anything they want to keep secret? And if you reinvent it and patent it, do you own it? Or would the USPTO be able to tell?
---
pb Reply or e-mail rather than vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
Computer networks and e-mail are a god-send for government spy agencies. It's much easier to spy on people if they are exchanging data in clear-text, over public networks. I figure it's only a matter of time before anything and everything we do on the net is tracked and cataloged. Sending sensitive data through unencrypted e-mail is just plain stupid nowadays, even if you aren't worried about the government reading it someone else will.
Now I don't mean to talk about nuclear war with anyone, but Iraq may eventually warrant it. Of course, importing narcotics from Cuba would be wrong, but one needs to avoid the government policies trying to prevent illegal action. I suggest we reveal our secrets to the chinese while purchasing arms for a mighty uprising against Democracy.
-
THIS IS PRE-ALPHA PRIVATE RELEASE CODE!!!
DO NOT USE IT UNLESS YOU ARE A DEVELOPER.
ALL IT DOES IS CRASH!
THIS IS PRE-ALPHA PRIVATE RELEASE CODE!!!
DO NOT USE IT UNLESS YOU ARE A DEVELOPER.
ALL IT DOES IS CRAS
I hate to date myself (but I will) but way back when, we got to add lines to feed the line-eater on our posts, and filled them with all sorts of vague (and not so vague) references to selling drugs, bombing buildings, etc. in the belief that there was some computer somewhere snarfing down all our messages.
Now I find out it's true. I am not sure if I should be happy or sad. From The Jargon Dictionary
NSA line eater n. The National Security Agency trawling program sometimes assumed to be reading the net for the U.S. Government's spooks. Most hackers describe it as a mythical beast, but some believe it actually exists, more aren't sure, and many believe in acting as though it exists just in case. Some netters put loaded phrases like `KGB', `Uzi', `nuclear materials', `Palestine', `cocaine', and `assassination' in their sig blocks in a (probably futile) attempt to confuse and overload the creature. The GNU version of EMACS actually has a command that randomly inserts a bunch of insidious anarcho-verbiage into your edited text.
There is a mainstream variant of this myth involving a `Trunk Line Monitor', which supposedly used speech recognition to extract words from telephone trunks. This one was making the rounds in the late 1970s, spread by people who had no idea of then-current technology or the storage, signal-processing, or speech recognition needs of such a project. On the basis of mass-storage costs alone it would have been cheaper to hire 50 high-school students and just let them listen in. Speech-recognition technology can't do this job even now (1993), and almost certainly won't in this millennium, either. The peak of silliness came with a letter to an alternative paper in New Haven, Connecticut, laying out the factoids of this Big Brotherly affair. The letter writer then revealed his actual agenda by offering --- at an amazing low price, just this once, we take VISA and MasterCard --- a scrambler guaranteed to daunt the Trunk Trawler and presumably allowing the would-be Baader-Meinhof gangs of the world to get on with their business.
NSA_LINE.HTML
LongTail SSH Brute Force analysis tool is here!
The NSA (DoD) paper on Semantic Forrests is available at: http://trec.nist.gov/pubs/trec7/papers/nsa-rev.pdf
For example, The Informedia Project at Carnegie Mellon (can't find a working link, but try http://informedia.cs.cmu.edu/) tries to find information about "interesting topics" from a feed of worldwide TV news broadcasts. They have even put a nice voice-command interface on their system, so you can query it by saying things like, "Tell me about last night's Bull's game."
Another example, the WebKB project, also out of Carnegie Mellon, has shown some success in deriving meaningful information by web-crawling -- where the signal:noise ratio is probably even lower than in phone calls.
The NSA could build a pretty good system for this kind of stuff without doing much original research. Developing the technology isn't that questionable. The application is a little spooky, though.
The thing that gets me the most about the whole Echelon thing is the sheer hubris of the NSA and the US Government to take upon themselves the right to invade the whole world's privacy by intercepting telephone calls, faxes, and emails - and still insist that the Right to Free Speech is enshrined in the US Constitution. I suppose what this really means is "You can say whatever you want, but if we don't like it you may disappear".
Luckily for the US they are the biggest and nastiest dog in the junkyard, so other countries in the world cannot afford to complain. Sadly, Might does make right it seems.
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
How many Americans are pro communist?
What individuals or oganizations want to assassinate the President?
What's the answer to the ultimate quesions of life, the universe, and everything?
The answers could be reasonably estimated from logs of phone calls and plaintext internet communications. Obviously, this has advantages for national security, but could easily be abused.
What is the effect of a government, tax financed patent? Can the NSA dictate terms for use of this technology for the next 25 years or so and charge licensing fees? The technology is useful for many information filtering tasks besides Echelon style eavesdropping. The general technique should no more be patented than other software algorithms.
On the privacy thing I have assumed for quite some time now that as technology advances there is no such thing as real privacy. I am afraid we need to get use to that idea and work to insure there will not be ensuing abuse of other rights when almost all details of our lives are semi-public.
Yes. When the feds spied on Dr. Martin Luther King, it was to protect people.
When the NSA broke into the Watergate hotel to bug the DNC, it was to protect people too.
When the FBI delivers their files on Republicans to Bill Clinton, that too is to protect people.
Most people won't really catch the eye of Big Brother. It's only important people, people who really are bad, and a few false positives who have to worry. Most people can go about their day to day lives without ever being touched by Big Brother, because most people are insignificant.
So go do your little business as usual. You'll be fine.
Don't worry that the government is corrupt. They're after some other guy, not you.
Don't worry that what you say might make them angry. You don't have anything to say that matters.
Move along people.
There's nothing to see here.
(The above has high sarcasm content, in case you haven't noticed.)
I agree with you that a more immediate concern to me is spying done by employers. I know people who have browsed job sites during their lunch hour only to get called into their bosses office to explain why they were doing so. I suppose it is naive to expect any privacy when you are at work, but I find it extremely unsettling.
Scuttlemonkey is a troll
Even if people aren't in fact generally being surveilled, there is a definite effect when people feel that they could be being surveilled at any time. It has a chilling effect on democracy -- people become afraid to say things that may be controversial or unpopular when it's possible that Big Brother could use those statements against them in some way. When public discourse is stunted like this, democracy suffers.
And what about when the surveillance goes beyond public policy matters and becomes a tool to give force to the prejudices and petty hatreds of the men who control the cameras? J. Edgar Hoover made a career out of using intelligence collected under official auspices to destroy the lives of people he just happened not to like, for whatever reason. Does it have any bearing on the public good whether, for example, Martin Luther King, Jr. cheated on his wife? Hoover thought so. Hoover decided that any black man who talked about freedom for his long-suffering people was a Communist by definition, and spent untold taxpayer dollars spying on King's private life in order to find some silver bullet that he could use against him. And this wasn't an isolated case -- Hoover kept tabs on anyone and everyone who he could use some leverage over. And anyone who dared speak out against this could count on having Hoover's cameras pointed at them next. This gave Hoover great power -- and his power knew no bound, no accountability. Secret government by its nature is un-democratic government.
Your main point seems to be that people should shut up and sit down because they're not important enough for anyone to pay attention to, and even if they were nobody's being dragged away in Black Marias yet. But "security through obscurity" only works when you're willing to forfeit your right to participate in public life, a right which no free man or woman who wishes to make a difference in society should be asked to surrender. And the fact that we have what freedoms we enjoy today springs from the efforts and sacrifices of people who knew that if you wait until the secret police are at your door to protest the loss of your freedom, you've waited too long.
-- Jason A. Lefkowitz
Read my blog.
CND's website documents an amazing amount of information about Menworth Hill and the NSA base there, including their programs for monitoring satellite-based communications, and their plans for linking their interception capability with spy satellite systems.
Whilst I have no means of verifying the claims, I have talked with a person who claimed to be familiar with Echelon. He didn't go into details (no great surprise, either way), but his description of extremely massive arrays of very fast DSP systems certainly sound a technically feasable approach.
I agree with other posters - Echelon won't be using keywords. If conventional search engines abandoned that approach as useless, you can be sure that the Intelligence community would have reached the same conclusion, eventually. They almost certainly use some kind of basic "expert system", either as an inclusive or exclusive filter.
Menworth Hill alone, of the 5 countries known to be involved, intercepts hundreds, if not thousands, of hours of communications, every day. If the guys there had to sort through spam and false hits, from a basic keyword search, they'd need an army the size of England just to cope.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Well, great. From now on all terrorists add "bombs iraq nuclear assasination" to their .sig's, and nobody notices them.
I'm a little confused why No Such Agency would even bother with patenting things. They're not for profit, so they obviously have no vested interest in protecting intellectual property. Furthermore, they've only screwed the pooch more; as soon an Barr and his cronies get ahold of this it'll just add fuel to the fire for congressional hearings on Echelon. As far as I can tell, all they've done is inform the public more as to what they're doing.
--
"Some people say that I proved if you get a C average, you can end up being successful in life."
I think there is a world market for maybe five personal web logs.
Can we be sure that the DoD and NSA are really working together on these issues? Perhaps there is a bit of competition going on within the American government here.
After all, we were all wondering why the NSA would effectively comfirm that this is what they were doing by taking out that patent. But if they saw that the DoD were working on technology like it, they may have felt that that was reason enough to get a patent.
It also seems to make sense, in light of the cludged up nature of governments that makes it very hard to believe that they are keeping anything really secret. Thank god for profit motives huh
-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
I've already seen several posts implying that you can fool NSA technology by simply including key phrases in your documents. Thus the "spook" command in emacs, etc.
But NSA technology is far more sophisticated than this. In fact, if you've used a variety of search engines, you've seen such such technology in use. The better search engines do a good job of rejecting key-phrase laden documents and returning only good hits.
Of course, eveybody who's used a search engine and gotten some bogus site hit knows that the technology is far from perfect. But remember, the NSA has been throwing millions of dollars at the problem basically since computers existed. They're likely to be well ahead of current search engine technology.
In other words, you can continue to use spook-mode in emacs (I do, it's fun), but you should be aware that it's probably not fooling anybody. The private sector already has technology that can eliminate that sort of spoofing, and the military is probably years ahead of the game. Trust No One.
The Independent is a very high quality UK broadsheet paper; it's about as credible as any mainstream news source can be. What's more, *all* the people cited in the article know what they're talking about: people like (from memory) Brian Gladman, Julian Assange, Caspar Bowden, and Bruce Schneier.
I think this article is a pretty impressive bit of cluefulness.
--
Xenu loves you!
I think you misunderstand the purpose of the keys available on keyservers.
Only public keys are stored on keyservers, and they're used by a message sender to encrypt messages destinated for the corresponding recipients who are the only people that can decrypt them because they alone hold the corresponding private keys. The NSA can't get the private keys from the keyservers because they aren't there.
Recipients of incoming messages don't grab public keys from keyservers in order to decrypt the messages, but only to authenticate their signatures. For message signing, keys are used in reverse, ie. the sender signs his message with his private key and then recipients can check that it really came from him with the help of his public key.
Needless to say, even a non-clueful user has to generate his own keypair and place his public key on a default keyserver, but that operation can be completely hidden from him by being done at the time his email system is installed, configured, or just run for the first time. Sensible crypto users go to great lengths to select a good and long passphrase to protect their private key, but this is not necessary if the only goal is to defeat the snoops: the passphrase can be left completely empty by default, so the mailreader can decrypt incoming mail (which has been encrypted by the senders using the recipient's public key obtained from a keyserver) without bothering the user with a request for a passphrase. [Not ideal of course, but at least it would make the operation transparent.]
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
A few random ideas... Consider this my "wishlist":
If most of these points are actually implemented, we may be protected from Echelon, depending on the sophistication of the cracking techniques of the NSA. What you write in a forum like
On a side note: "The Independent" is a very well-known and accurate newspaper in the UK. You can have a fair amount of trust in this paper -- it's not called "The Independent" for nothing.
Of course this opinion is worth exactly what you paid for it... =)
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
There is no need for a central database of keys, nor indeed for a new database of any sort. The PGP "database" is an already existing widely implemented distributed repository of public PGP keys which is well supported worldwide.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
start kite flying...
..one reason COULD be that there is a lot of interest in this field due to the increase in a desire to replace manned call centres with software, so key phrase recognition would be a neat trick. Software designed using this could help callers by recognising what they were talking about and acting accordingly
..end kite flying
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
Another site with the same idea is The Hunger Site
Visit and save a life!
A little planning goes a long way...
I am just amazed at the responses here on /. about any news related to the NSA. I am clinically paranoid, and you all exceed even my exploits.
I will admit, though, it does sound like a blatant disregard for my personal privacy, so I'm going to attack the government back.
It never fails that there is a score of posts containing supposedly keywords that would set of the "Echelon" buzzers deep inside some bunker in the DC area. Then, thugs come and raid your house while you sleep and drag you away hancuffed, naked, and screaming to their torture chambers, where you are given a showtrial and then sentenced to 8 years in a work camp in the frozen north.
Wake up, people.
As anybody with a rational mind can tell you. most people (99.99999%) have nothing to worry about. Just because someone can collect information on just about anything they want to (try it sometime--even use whois and a couple of internet search engines to see what you can come up with about yourself) doesn't mean that they will.
Just about anybody who has experience in the intelligence field or law enforcement can tell you that true, valuable intelligence (or investigation, if you prefer) is the result of long-term collection and analysis. Just scanning traffic for keywords will not work. Pull up your favorite search engine and do a search for bomb. How many results do you get?
If you want to collect intelligence, you need to set a specific goal or target. Usually, this is influenced by political means. It's just like a police investigation. In one very well-documanted book ("Inside the Aquarium") about Soviet intelligence collection, Victor Suvorov (former Spetznaz and GRU Major who defected to the west) talked about picking an area such as the US 7th Fleet in the Mediterranean. They focused on the question, "When and where are the major deployments of the Carrier Battle Groups?" Then, you identify the means to collect on that target. In our case, the spies ran a hotel in a major port town that served as a homebase for several fleet ships. They didn't just walk around town asking people for information, which is fairly comparable to scanning IP packets.
In order for intelligence to be valuable, it has to be correct, timely, and actually useful to the guys who need it. It takes a concerted effort between many different organizations to accomplish this. Just because you "intercepted" an email containing a few keywords, that does not constitute an intelligence lead. Basically, it is as reliable as a rumor that you overheard in a seedy bar downtown. No police investigator would bet his reputation on such a piece of information.
All the so-called 'experts" on Echelon are just speculating. They are conducting a very weak intelligence collection operation on the NSA. Alot of information is easily available, such as purchase contracts with suppliers. So, they collect all this information and then make a good guess. That's all it is. Unless you've been in the bunkers and fences, you have no idea what goes on inside.
As far as invasion of privacy, yes, some intelligence agencies are more invasive in their techniques than other ones. Ever since they got their buttocks burned several decades ago (Vietnam and Mccarthy Eras), they have had to seriously rethink their policy concerning this. I think, just like the police, trying to conduct operations in as unintrusive means as possible is basically the policy. Honestly, I'm more worried about my boss tracking my keystrokes to find out if I'm jerking off at work, or my system administrator forking my mail through a buzzword filter to report me to my boss, and the adolescent who lives in the high-rise next to me who was given a 100x telescope for his birthday.
In short, just because the NSA, FBI, CIA, and others can spy on you doesn't mean that they will, or that they even want to.
I do what the voices on my console tell me to do.
Although the answer to electronic snooping is clearly encryption, anti-snooping and pro-privacy campaigners regularly bemoan the fact that encrypting one's email never really took off as the normal thing to do, despite a plethora of PGP wrappers.
I think the reason for that is pretty clear, and consequently the solution is as well: the major mailreaders needs to automatically retrieve PGP keys from default keyservers and automatically decrypt incoming mail *by default* for electronic envelopes to catch on in any significant way. [This is even more important than encrypting outgoing mail.] If there is any manual configuration involved, or any hassle whatsoever, or (shock horror!) any knowledge required, then it just won't happen. Clued up computer users simply aren't around in sufficient numbers to form a critical mass in the email world. For encrypted email to take off, Joe Bloggs has to be part of the revolution, without even being aware of it. [Just like he sends WINMAIL.DAT attachments everywhere without being aware of it.]
I guess this means that until Netscape and Microsoft implement the above in their respective products, nothing of any statistical significance will happen in this area.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra