Information warfare but against whom?
on
Inside Echelon
·
· Score: 3
"They knew that privacy and security, then as a century ago, lay in secret codes or encryption. Until such protections become effective and ubiquitous, Echelon or systems like it, will remain with us."
I couldn't agree more with this conclusion. The main reason Echelon and other privacy invading projects such as Carnivore can thrive in the first place, is that the people don't use crypto and anon-services. Why?
People in general seem to live under the impression that their lives are not interesting enough for anyone to snoop on. "Why should anyone spend money and time reading my e-mails or listening to my phone conversations? I've got nothing to hide".
This is exactly the kind of an attitude that benefits the law enforcement and intelligence agencies and, as a result, people aren't encouraged to use crypto -- even if at the same time the very same agencies keep on hyping how dangerous a place the net is and how much more funding they need to counter this threat. Furthermore, and not surprisingly, major software companies have not, so far, put much an effort into producing an easy to use e-mail system that would incorporate strong encryption and authentication. On the contrary, Microsoft (let's face it, Microsoft's products dominate the market) seems to be hell bent on producing software that's full of security holes and whenever encryption has been included, ominous NSAKEYs and other intelligence agency connections seem to be involved. I don't know about you, but MS doesn't really give me the warm and fuzzy feeling when it comes to security and privacy.
It is also wrong to assume that your, mine or Joe Sixpack's life is not interesting enough to warrant occasional or even constant surveillance by the authorities. Joe Sixpack is a part of the body politic and, as every citizen, is also a potential criminal. To the big business, he's a consumer and his habits are valuable information. Oh yes, he'd be very well worth of watching if you just could do it.
And with new technology, you can.
Current technology provides the law enforcement community (and why not the business community as well) possibilities that even the hard core technophiles do not always fully comprehend. In the past, in order to keep an eye on someone required a group of people to operate the equipment 24 hours a day and 7 days a week. Unless you happened to live in a full fledged police state, like DDR where half of the population had been hired to spy on the other half, the authorities just couldn't keep an eye on everyone.
Nowadays, as the article points out, e-mails, faxes and phone calls can be screened automatically based on keywords or even your voice. Automatic face recognition is making its way to mainstream surveillance allowing a more effective use of those cameras you can see in any major European city center (don't know about US). It's becoming so easy for the authorities to monitor the bulk of the population that the tempatation to gather dirt illegally on political opponents, keep an eye on special interest groups and collect brownie-points for cracking down on crime by spying on everyone even remotely connected to the case must soon be overwhelming. Obviously the authorities aren't the only threat. Spammers and people who are in the business of profiling netizens also benefit from the complacent attitude towards privacy.
Is new legislation controlling the new technology answer then? I doubt that. There is not enough political will or technological know-how within the legislative branch to do it. However, as long as using strong encryption is legal, we can at least retain our privacy in the net. Unfortunately, it doesn't help if only the people who are interested in technology use encryption when all the majority of the people know about encryption is that "only criminals use it". People need to be educated about privacy, cryptography and their right to keep things hidden even from the government.
I recall very specifically of reports in text books, technical literature and even science shows on TV
Well, don't blame the scientists if the popularised science makes it all sound too clear cut. And regarding the text books, how do you think it would sound to an already bored high school student if the science books would endlessly speculate whether this or that theory is correct. People who write those books have to draw the line somewhere and call the present knowledge as "the truth". The strong stuff (=the fact that in reality we know very little about anything) is left to those who decide to pursue a scientific career.
I am a professional scientist. For every answer I get from my research, there are always more questions. It just never ends and you can never be sure.
True, but try telling a layman what the orders of magnitude mean.
Take, for instance, the risks of travelling by car as compared to risks of flying. Even if the risk of dying in a plane crash is much smaller, people still feel like flying is inherently more dangerous. You show them the numbers and all you get is a blank stare and "Oh yeah? But what if it happens... I'll rather drive 1000 miles, thank you very much."
You can't prove that something's safe; only safe-enough.
Have you ever read the list of possible side-effects of your prescription drug? Sometimes they're pretty wild. The best I've seen so far was psychosis, but since this extreme side-effect is so rare, the drug is still deemed "safe". I don't think there would be any drugs available if complete "safety" was required (like the people who are now whining about cell phones and GM food).
Why would I want to carry around a device which would allow anyone in the world to call and bug me at any time?
I was thinking like that as well before my employer provided me with a cell phone and I got used to using it. The point is that a cell phone provides you more freedom: you can be easily reached by phone, but you can also screen what calls (caller id) to take and when to take them.
You see, if you don't want to be disturbed, switch the damn thing to silent mode or off. When you feel like it, switch the phone back to normal mode again.
Then of course there are all these young dumbass punks who have them because they think it is "cool" and who think they're impressing people when they're talking on them.
This phase is fortunately already over in Europe where it looks like everybody from kids to grandparents have cell phones. Claiming that people try to impress other people by carrying a cell phone is rather ridiculous in this situation. It's almost like saying that people who own a PC are just trying to impress their friends.
Hmm... some people also get potato shaped tumors. Perhaps we should do more research on the carcinogenic properties of potatoes.
Seriously, to me all this fuss looks like what every new technology has to go through. People are afraid of the new and as a result all kind of horror stories, modern urban legends are popping up everywhere.
And you think everybody gives their dissertations away for free?
Well, yes, if they want to be seen as a professional scientist and not a greedy bastard.
I mail free copies of my publications to anyone who asks (and people ask) and wouldn't even consider charging anything for it. A few times I've also asked for a copy and every time people have been happy to oblige.
Personally, I'd consider charging money for a copy of your article extremely rude and unprofessional.
In addition to the good job ACLU, EFF and other similar organizations are doing to preserve privacy in the net, we could do a lot more at the grassroot level. That is, we should do more to educate people in general about their right to privacy in the net ("No! Encryption is not only used by criminals nor does its use mean that you have got something to hide!") and advocate the use of strong encryption.
Right now the problem with encryption is two-fold:
1) PGP/GnuPG is still too complicated for an average computer user, not to mention Mom and Pop who just want to get their "internet experience".
2) Strong encryption doesn't come as a default option in any popular e-mail program that I know of. Intentional or not, this severely cuts down the number of potential encryption users from the start.
That's interesting. And you haven't had any stability problems?
I've wanted to reduce the noise made by my two computers for a long time and have been wondering if I could run the P-IIIs (2x500 MHz Katmai and 2x650 MHz Coppermine) with passive cooling only. I really would like to get those four fans out, but don't know if that would be safe. The Katmais are running hot-to-touch even with fans in place but, surprisingly, the two Coppermines are running only at a mild 40 C (as reported by BIOS).
By the way, does anyone know if there is any point in putting silicon paste between the chip and heat sink?
Of coarse I guess we would have to fight with Microsoft for the "OS of Satan" title...
It depends on whether the "OS of Satan" refers to the OS on which Satan is able to run his database system of lost souls in the most efficient manner, or if it refers to an OS which is an instrument of torture in the Hell.
The vast majority of computer users--even professionals--want nothing to do with a command line. Witness the earlier success of Windows NT
Most professionals I know prefer the command line over GUI when setting up a system. Especially if the system isn't something trivial like a Win98 box for word processing.
Our previous network system administrator used to rant about NT and how he was fed up with having to put up with the cumbersome dialog based configuration, when editing simple ascii files with a simple editor would be so much easier.
Most people are now comfortable with Windows, and a lot of them don't see it's obvious bugs as a reason to change over.
Well, there's little point in trying to convince a non-tech person to learn yet another system unless his/her productivity is truly being hampered by a temperamental OS or application. Some people do have serious difficulties even in learning Mac or Windows, and if the alternative operating system requires you to do things like mounting/unmounting floppies manually, you can bet they'll stick with OS they know.
And even if the old and new operating system were as easy to learn and use, learning the new OS would still take time which most people would rather use to keep up with their PHB's insane deadlines. It's not really a comfort-zone thing; it's more like a surviving-the-schedule thing. Unless you're job is to test new operating systems, you can't afford to lose time playing with an alternative system no matter how bad the old one might be.
But speaking of Sun StarOffice, I must say I was pleasantly surprised after I installed it to give it a test drive. An office tool which has the look-and-feel of a typical Windows application is definitely going to make Linux more attractive in the eyes of an average user.
challenges the idea that industry self-regulation alone can protect consumer privacy on company Web sites.
How cleverly put. In other words: "Since we don't believe the industry can control the net, we should be given the authority to do it". What's wrong with this picture is that the net doesn't need to be regulated by any institution! So far it has done just fine without a one. Unfortunately, just like the Seagrams guy basically claimed that only corporations have brought (and can bring) content to the net, lots of non-tech people believe that the government is the only way to impose order in the net.
Wrong.
Having the government (or actually: governments) in control of the net would be just as bad as having corporations running the place. While FTC does seem to have a more positive attitude towards privacy (for now), it doesn't change the fact that they are -- just like corporations -- simply trying to gain back the ground they lost by being asleep when the net started to become mainstream.
I love being able to choose whether I want subtitles or not as well as the spoken language (really loved watching Das Boot Director's Cut in German and in English). Commentary tracks are also great.
Fortunately I got myself an RFC-1 DVD-ROM before they became extinct, so region coding really doesn't pose such a problem.
That wouldn't too well if a movie is coming out on home video (DVD) in N. America at the same time it's being released in the Cinemas in Europe and Japan.
Which is total bullshit, of course.
It's again the same old, tired story about how videos were supposed to destroy the entire movie theatre business. Only this time it's DVD.
As far as the public research goes, I remember seeing late 1999 articles in Science (or was it Nature?) and PRL dealing with extremely basic things such as if reading and writing data from/to a quantum computer is possible at all. So, if the theory is at this stage, I'd say quantum computing is largely "vaporware" far into the future.
Another question is, how far ahead this research NSA's and other intelligence gathering organizations' R&D is. (Paranoid-mode on;-)
Soon we'll have a worldwide DMCA and those found in violation of it will be sent to "re-education camps", a concept so successfully employed by the Chinese.
Looks like the corporate world is really going to overdrive in their attempt in crushing privacy and sources of independent information.
Today a pan-european newschannel broadcast a story about how important "curbing cyberterrorism" (images of ILOVEYOU e-mails and the alleged author being arrested flashing by) is in the next few years, and how international legislation and collaboration is required to ensure trouble free commercial use of the net.
The recent G8 meeting also received a corporate brewed proposal/request for tightened net control. It's truly worrying when corporations start dictating international policies. Especially when privacy is an issue.
Of course the world is full of APIs. That's exactly why API standards should be open (really open, not pseudo-open like M$-standards). If the standards are open there's no need to develop one, world dominating standard to which everyone must conform. Would you like to be forced to a single GUI in Linux? I wouldn't.
Design your program well and you should be able to port it to another API with minimal effort. An effective way achieving portability is to use abstracting patterns ([Abstract] Factory, Prototype,...) to hide GUI, process management and other OS/hardware-specific details. This way your free software can be easily ported not only to different X APIs but also to Windows, for instance. All you have to do is to code the GUI specific part so that the rest of the program can access it through a common GUI interface. Same applies to memory handling, too. You may want to have a different memory allocation technique for single and many processor machine in order to improve performance.
Obviously there's slight overhead, but at least to me good portability signals better software quality than blindingly fast execution on one, specific platform. Maintaining and extending well designed codebase is also easier.
Unfortunately free software projects rarely seem to go through a design phase before rushing to the coding stage. This unprofessionality shows embarrasingly well since the source code is available (in contrast to badly designed closed source programs). That's fine with small projects, but not if you're trying to produce something like an office suite or OS.
I'm still waiting for a free software project to release full design specifications for community peer review. If the thousands of pairs of eyes can better pinpoint faults in source code, then why not employ the same technique to the design specs and prevent structural faults even before a line of code has been written?
Slashdot Mirror
I couldn't agree more with this conclusion. The main reason Echelon and other privacy invading projects such as Carnivore can thrive in the first place, is that the people don't use crypto and anon-services. Why?
People in general seem to live under the impression that their lives are not interesting enough for anyone to snoop on. "Why should anyone spend money and time reading my e-mails or listening to my phone conversations? I've got nothing to hide".
This is exactly the kind of an attitude that benefits the law enforcement and intelligence agencies and, as a result, people aren't encouraged to use crypto -- even if at the same time the very same agencies keep on hyping how dangerous a place the net is and how much more funding they need to counter this threat. Furthermore, and not surprisingly, major software companies have not, so far, put much an effort into producing an easy to use e-mail system that would incorporate strong encryption and authentication. On the contrary, Microsoft (let's face it, Microsoft's products dominate the market) seems to be hell bent on producing software that's full of security holes and whenever encryption has been included, ominous NSAKEYs and other intelligence agency connections seem to be involved. I don't know about you, but MS doesn't really give me the warm and fuzzy feeling when it comes to security and privacy.
It is also wrong to assume that your, mine or Joe Sixpack's life is not interesting enough to warrant occasional or even constant surveillance by the authorities. Joe Sixpack is a part of the body politic and, as every citizen, is also a potential criminal. To the big business, he's a consumer and his habits are valuable information. Oh yes, he'd be very well worth of watching if you just could do it.
And with new technology, you can.
Current technology provides the law enforcement community (and why not the business community as well) possibilities that even the hard core technophiles do not always fully comprehend. In the past, in order to keep an eye on someone required a group of people to operate the equipment 24 hours a day and 7 days a week. Unless you happened to live in a full fledged police state, like DDR where half of the population had been hired to spy on the other half, the authorities just couldn't keep an eye on everyone.
Nowadays, as the article points out, e-mails, faxes and phone calls can be screened automatically based on keywords or even your voice. Automatic face recognition is making its way to mainstream surveillance allowing a more effective use of those cameras you can see in any major European city center (don't know about US). It's becoming so easy for the authorities to monitor the bulk of the population that the tempatation to gather dirt illegally on political opponents, keep an eye on special interest groups and collect brownie-points for cracking down on crime by spying on everyone even remotely connected to the case must soon be overwhelming. Obviously the authorities aren't the only threat. Spammers and people who are in the business of profiling netizens also benefit from the complacent attitude towards privacy.
Is new legislation controlling the new technology answer then? I doubt that. There is not enough political will or technological know-how within the legislative branch to do it. However, as long as using strong encryption is legal, we can at least retain our privacy in the net. Unfortunately, it doesn't help if only the people who are interested in technology use encryption when all the majority of the people know about encryption is that "only criminals use it". People need to be educated about privacy, cryptography and their right to keep things hidden even from the government.
Well, don't blame the scientists if the popularised science makes it all sound too clear cut. And regarding the text books, how do you think it would sound to an already bored high school student if the science books would endlessly speculate whether this or that theory is correct. People who write those books have to draw the line somewhere and call the present knowledge as "the truth". The strong stuff (=the fact that in reality we know very little about anything) is left to those who decide to pursue a scientific career.
I am a professional scientist. For every answer I get from my research, there are always more questions. It just never ends and you can never be sure.
Take, for instance, the risks of travelling by car as compared to risks of flying. Even if the risk of dying in a plane crash is much smaller, people still feel like flying is inherently more dangerous. You show them the numbers and all you get is a blank stare and "Oh yeah? But what if it happens... I'll rather drive 1000 miles, thank you very much."
Have you ever read the list of possible side-effects of your prescription drug? Sometimes they're pretty wild. The best I've seen so far was psychosis, but since this extreme side-effect is so rare, the drug is still deemed "safe". I don't think there would be any drugs available if complete "safety" was required (like the people who are now whining about cell phones and GM food).
I was thinking like that as well before my employer provided me with a cell phone and I got used to using it. The point is that a cell phone provides you more freedom: you can be easily reached by phone, but you can also screen what calls (caller id) to take and when to take them.
You see, if you don't want to be disturbed, switch the damn thing to silent mode or off. When you feel like it, switch the phone back to normal mode again.
Then of course there are all these young dumbass punks who have them because they think it is "cool" and who think they're impressing people when they're talking on them.
This phase is fortunately already over in Europe where it looks like everybody from kids to grandparents have cell phones. Claiming that people try to impress other people by carrying a cell phone is rather ridiculous in this situation. It's almost like saying that people who own a PC are just trying to impress their friends.
Seriously, to me all this fuss looks like what every new technology has to go through. People are afraid of the new and as a result all kind of horror stories, modern urban legends are popping up everywhere.
Well, yes, if they want to be seen as a professional scientist and not a greedy bastard.
I mail free copies of my publications to anyone who asks (and people ask) and wouldn't even consider charging anything for it. A few times I've also asked for a copy and every time people have been happy to oblige.
Personally, I'd consider charging money for a copy of your article extremely rude and unprofessional.
Right now the problem with encryption is two-fold:
1) PGP/GnuPG is still too complicated for an average computer user, not to mention Mom and Pop who just want to get their "internet experience".
2) Strong encryption doesn't come as a default option in any popular e-mail program that I know of. Intentional or not, this severely cuts down the number of potential encryption users from the start.
That's interesting. And you haven't had any stability problems?
I've wanted to reduce the noise made by my two computers for a long time and have been wondering if I could run the P-IIIs (2x500 MHz Katmai and 2x650 MHz Coppermine) with passive cooling only. I really would like to get those four fans out, but don't know if that would be safe. The Katmais are running hot-to-touch even with fans in place but, surprisingly, the two Coppermines are running only at a mild 40 C (as reported by BIOS).
By the way, does anyone know if there is any point in putting silicon paste between the chip and heat sink?
It depends on whether the "OS of Satan" refers to the OS on which Satan is able to run his database system of lost souls in the most efficient manner, or if it refers to an OS which is an instrument of torture in the Hell.
BTW, how does the scripted NT/W2K installation work?
Most professionals I know prefer the command line over GUI when setting up a system. Especially if the system isn't something trivial like a Win98 box for word processing.
Our previous network system administrator used to rant about NT and how he was fed up with having to put up with the cumbersome dialog based configuration, when editing simple ascii files with a simple editor would be so much easier.
Heh. Good point.
Still, all NSA would have to do is to make an offer that these people simply can't refuse... ;-)
Well, there's little point in trying to convince a non-tech person to learn yet another system unless his/her productivity is truly being hampered by a temperamental OS or application. Some people do have serious difficulties even in learning Mac or Windows, and if the alternative operating system requires you to do things like mounting/unmounting floppies manually, you can bet they'll stick with OS they know.
And even if the old and new operating system were as easy to learn and use, learning the new OS would still take time which most people would rather use to keep up with their PHB's insane deadlines. It's not really a comfort-zone thing; it's more like a surviving-the-schedule thing. Unless you're job is to test new operating systems, you can't afford to lose time playing with an alternative system no matter how bad the old one might be.
But speaking of Sun StarOffice, I must say I was pleasantly surprised after I installed it to give it a test drive. An office tool which has the look-and-feel of a typical Windows application is definitely going to make Linux more attractive in the eyes of an average user.
How cleverly put. In other words: "Since we don't believe the industry can control the net, we should be given the authority to do it". What's wrong with this picture is that the net doesn't need to be regulated by any institution! So far it has done just fine without a one. Unfortunately, just like the Seagrams guy basically claimed that only corporations have brought (and can bring) content to the net, lots of non-tech people believe that the government is the only way to impose order in the net.
Wrong.
Having the government (or actually: governments) in control of the net would be just as bad as having corporations running the place. While FTC does seem to have a more positive attitude towards privacy (for now), it doesn't change the fact that they are -- just like corporations -- simply trying to gain back the ground they lost by being asleep when the net started to become mainstream.
And what you can get with that increased price is nothing but "crippled" RFC-2 drives.
9. A new MS Outlook worm is discovered... (Janet Simons' resume)
Fortunately I got myself an RFC-1 DVD-ROM before they became extinct, so region coding really doesn't pose such a problem.
"The court hereby orders the defendant, Rob Malda, to remove this smell from Slashdot..."
Which is total bullshit, of course.
It's again the same old, tired story about how videos were supposed to destroy the entire movie theatre business. Only this time it's DVD.
Ridiculous.
Has the 2.4.0 kernel changed significantly with respect to SMP (as compared to 2.2.x)?
Another question is, how far ahead this research NSA's and other intelligence gathering organizations' R&D is. (Paranoid-mode on ;-)
Soon we'll have a worldwide DMCA and those found in violation of it will be sent to "re-education camps", a concept so successfully employed by the Chinese.
Today a pan-european newschannel broadcast a story about how important "curbing cyberterrorism" (images of ILOVEYOU e-mails and the alleged author being arrested flashing by) is in the next few years, and how international legislation and collaboration is required to ensure trouble free commercial use of the net.
The recent G8 meeting also received a corporate brewed proposal/request for tightened net control. It's truly worrying when corporations start dictating international policies. Especially when privacy is an issue.
Design your program well and you should be able to port it to another API with minimal effort. An effective way achieving portability is to use abstracting patterns ([Abstract] Factory, Prototype,...) to hide GUI, process management and other OS/hardware-specific details. This way your free software can be easily ported not only to different X APIs but also to Windows, for instance. All you have to do is to code the GUI specific part so that the rest of the program can access it through a common GUI interface. Same applies to memory handling, too. You may want to have a different memory allocation technique for single and many processor machine in order to improve performance.
Obviously there's slight overhead, but at least to me good portability signals better software quality than blindingly fast execution on one, specific platform. Maintaining and extending well designed codebase is also easier.
Unfortunately free software projects rarely seem to go through a design phase before rushing to the coding stage. This unprofessionality shows embarrasingly well since the source code is available (in contrast to badly designed closed source programs). That's fine with small projects, but not if you're trying to produce something like an office suite or OS.
I'm still waiting for a free software project to release full design specifications for community peer review. If the thousands of pairs of eyes can better pinpoint faults in source code, then why not employ the same technique to the design specs and prevent structural faults even before a line of code has been written?