Yeah, yeah, nobody but you. Yet even though you keep quoting the FISA Amendment, and even linked to the definition of U.S. Persons (inline definition for those reading along: A U.S. citizen anywhere in the world, and anybody who is on U.S. soil legally), you haven't explained how reality falls within those legal guidelines. To get a mere pen register, you don't need to shunt the entirety of traffic going through AT&T switches into a separate room. If they were getting more than that, then they were getting the communications of U.S. Persons which requires a warrant. Warrants they did not get.
That's the point. No one here is in a position to comment on what they were getting, or how. What we do know is that the courts, including FISC, the Intelligence Committees in the House and Senate, the executive branch -- which will soon be headed by President Obama, legislation which speaks to this issue, the legal advisors of NSA and the Intelligence Community, and the Justice Department, are aware of what is implemented, and how, and it has been judged to be legal under the Constitution and under the law. I am not certain just how much more determination is required. You (and others) are focusing on what you feel, without access to all of the information, is an overbroad technical implementation and ignoring all other review, oversight, and controls.
What tripe. A U.S. citizen who is also a dissident plotting to overthrow the government is an "adversary", and is absolutely protected by the Constitution even though they may be guilty of treason. So in other words, sometimes this does require a warrant, sometimes it doesn't. When you pay no attention to which situation it is and never get a warrant, then you're surely operating outside the law.
Implicit in my comment was that this would not be a US Person. Sorry I didn't include it there, though my meaning should be clear from my numerous comments on the issue; namely, that it is non-US Persons which can legally be targeted without a warrant, even when the collection occurs within the US. If it is a US Person that is an "adversary", and as such becomes the target of intelligence collection, they are, of course, covered by the warrant requirements.
The old FISA law said any U.S. Person who was a party to the conversation being targeted, regardless of whether they were the target of the tap or not, must be protected by a warrant. If I read the new law correctly, it only applies when the person specifically being targeted is a U.S. Person. And the whole "anywhere on the globe" bit is inherent to the definition of U.S. Person!
No, the old law still allowed identifying information and content of incidental traffic from a US Person to be redacted, and a warrant was required only if the collection resulted in routine interception of traffic from the same US Person. The anywhere on the globe thing is NOW legally inherent to the definition of a US Person, but they were only protected under the old law in the context of foreign intelligence collection if they were inside of the US. Now they are protected anywhere. So the new law, is, in fact, stronger with respect to protection for US Persons. That was part of the give-and-take compromise that allowed for foreign collection on non-US Persons to happen within the US without a warrant.
Well, except between 1978 and 2007 when the versions of FISA then in effect put limitations on them if interception occurred inside the US. The limitations were certainly not as strict as for domestic law enforcement (and practically non-existent where no "US persons" were involved), but they were there nonetheless and, in all likelihood, illegally violated by Bush administration.
Actually, my point was that foreign intelligence collection, as generally performed outside of the US, has never required a warrant.
The difference, as you correctly noted, was when the collection occurred within the US...and the reason the law was written the way it was, was to prevent intelligence agencies from collecting in US Persons inside the US without a warrant under the guise of "foreign intelligence".
Until traffic of people who were legitimate targets for foreign intelligence collection -- namely, non-US Persons outside of the US -- started traveling through the US in some cases, and suddenly became subject to warrant requirements, sometimes even when no US Person was involved.
This decision, and the current law, as amended, speaks exactly to that issue; specifically, collection on non-US Persons does not require a warrant, even when the collection occurs within the US, and collection on US Persons ALWAYS requires a warrant, no matter where the person is or where the collection occurs. The latter is more strict that the prior law with respect to warrant protections for US Persons.
2008? So, you're talking about something that has nothing to so with the court ruling in the Slashdot article?
No, actually it's completely related to this court ruling. The court ruling itself was in August 2008, by the way, and the FISA Amendments Act of 2008 is directly related to all of the issues which the FISC Review decision is about.
One of the key objections to the Bush wiretapping (which the current court ruling seems to be OK with), was that US-persons were being wiretapped without a warrant. Specifically, phone calls involving US citizens were being listened to in cases were one end of the call was outside the USA.
No...that was the Terrorist Surveillance Program (TSP), which is separate from this issue, did target some Americans of interest in terrorism investigations without a warrant, and hasn't been reauthorized since it was discontinued in January 2007.
The current law allows for foreign intelligence collection on non-US Persons without a warrant -- and one end of the conversation may be a US Person, as long as that person is NOT the target of the surveillance, and the targeting of a non-US Person isn't used to sidestep warrant requirements. This is necessary, because when a non-US Person is legitimately targeted for foreign intelligence purposes, a warrant can't suddenly be required if that person happens to talk to a US Person. So, as long as the US Person is not a target of the collection and the content of that portion of the communication is protected as required by law, the collection is allowed.
In fact, such collection has ALWAYS been allowed without a warrant -- as long as the collection occurred outside of the United States. The difference is that the collection is now occurring inside the US, with the assistance of US telecom operators. The provisions protecting US Persons are now more stringent than previous law, and require an individualized warrant whenever a US Person is targeted anywhere on the globe for foreign intelligence purposes.
I think the idea here isn't to just indiscriminately target people who aren't US Persons.
But, to address your example specifically; if:
- One party of the conversation has no legal standing with the US (i.e., is not a citizen, visitor, permanent resident, employee of a US corporation, etc.), that is, not a US Person under the law,
- That person has been characterized as a target by our foreign intelligence apparatus, and
- That person is not being used as a justification to collect the content of the communication of a US Person,
then yes, that communication is fair game for foreign intelligence collection, by definition, just as much as someone on a Navy vessel listening in on someone in Saudi Arabia keying a radio mic in the clear.
This is all about continuing to enable foreign SIGINT collection in the digital age.
I like to read excerpts like these, which really speak to the issues at hand:
Safety and privacy - it's common thinking that, in order to have more safety, you get less privacy. I don't agree with that. I work from the assumption that you need to have both. When we try to make it an either/or proposition, we're bound to fail. You can be perfectly safe in a prison; but you certainly aren't free. And you can be perfectly free in an anarchist society; but you certainly aren't safe.
Now, security through collaboration raises questions among some people. You have all heard the discussion of pre-9/11 and the existence of the wall in the Justice Department that separated law enforcement and intelligence information. The concern, of course, was that grand jury information, other privileged kinds of information, would somehow improperly escape into the larger world. And I guess, on the intelligence side, you could argue there were suspicions as well. They've all been well-documented. And we've started to bring down those walls as we require information sharing between intelligence, Homeland Security, and Defense agencies, and law enforcement. Some have grown uneasy. People are asking, just what is it they're sharing?
And that leads you directly into the concern for privacy. Too often, privacy has been equated with anonymity; and it's an idea that is deeply rooted in American culture. The Long Ranger wore a mask but Tonto didn't seem to need one even though he did the dirty work for free. You'd think he would probably need one even more. But in our interconnected and wireless world, anonymity - or the appearance of anonymity - is quickly becoming a thing of the past.
Protecting anonymity isn't a fight that can be won. Anyone that's typed in their name on Google understands that. Instead, privacy, I would offer, is a system of laws, rules, and customs with an infrastructure of Inspectors General, oversight committees, and privacy boards on which our intelligence community commitment is based and measured. And it is that framework that we need to grow and nourish and adjust as our cultures change.
Our job now is to engage in a productive debate, which focuses on privacy as a component of appropriate levels of security and public safety. This is work that the Office of the DNI has started to do, and must continue and make a high priority. This careful balance we need to strike, however, is nothing new. With the advent of telephones, we entered a new frontier that required careful balancing between safety and privacy. We faced this challenge again at the end of the '70s in the aftermath of the Church-Pike Hearings. And now, in the era of new technologies, we have to work to continue to keep that balance, to earn that trust, and re-earn it every day through our actions. But we also have to be willing to reopen the laws and regulations that were based on technologies that existed 1978 and adjust them to the realities of 2007 and 2008.
If you argument is that if something COULD be abused, it automatically IS being abused, until it can be categorically proven to you, personally, otherwise, and you grant no authority to legal, judicial, and other oversight mechanisms to ensure that it isn't, and instead are willing to take what amounts to basically a few photocopied pages and uninformed speculation about a classified program about which Klein knows next to nothing and is not authoritative, and you simply ignore everything else I said in my response, then this discussion isn't going to go anywhere.
My biggest issue with this is domestic internet communication is semi-routinely routed through other countries and the eavesdropping program has no way to tell whether the 4th amendment is being violated.
No way to tell whether the Fourth Amendment is being violated?
You mean, other than oversight -- and explicit rulings with comprehensive knowledge about how the programs operate, like this one -- by FISC?
Or oversight and advisory of the Intelligence Committees in both houses of Congress, which is part of their purpose and function?
Or declarations by the Justice Department, when necessary, which will determine whether or not, under the law, an individual is a US Person when there is confusion?
Now if you mean we have no way of telling whether other countries through which internet traffic is routed are intercepting our traffic, you're right. And they are.
Basically, the court just gave permission to the NSA to dragnet anything they want without a warrant so long as they can demonstrate there is a possibility that the communication was to or from a foreigner.
It's a lot more than "demonstrate there is a possibility that the communication was to or from a foreigner". It's that the target of the surveillance is NOT a US Person, as established by legal and other procedures outlined by FISA in general, the FISA Amendments Act of 2008, procedural guidelines and restrictions employed by FISC, and by other judicial and legal oversight measures. It's not just a "possibility"; it is a firm, demonstrable belief, under the law, that the target is NOT a US Person, and hence, not subject to warrant requirements.
Additionally, US Persons may have been one piece of a conversation that is subject to foreign intelligence collection in the past; their identities and the contents of communications must be carefully handled and protected if in conjunction with other, legitimate foreign collection. The amended law explicitly states that US Persons cannot be collaterally targeted by targeting a foreigner. Any such collection still must be incidental, and the target must legally and demonstrably be a non-US Person. If a US Person becomes a target for any reason, anywhere in the world, an individualized warrant must be acquired. This is more stringent than previous law.
Or, since we control the intertubes, they could just route it through another country.
No, that's not at all the case.
The FISA Amendments Act of 2008 says, very explicitly and specifically, that a warrant is required to collect on a US Person, anywhere in the world. That is more strict than the previous law.
The difference is that foreign collection (i.e., collection on non-US Persons) can now occur without a warrant within the US. The digital age was actually creating situations where traffic that used to be intercepted between two non-US Persons on walkie talkies by someone sitting on a Navy ship 250 miles away was now suddenly two cell phones whose traffic was routed through a facility in Chicago -- and suddenly such traffic, because of analog-era law, requires a warrant?
So instead of concentrating on the geographic location -- individuals or intercept points inside or outside of the US -- the concentration is now on the target, and whether they are a US Person. US Persons have more protections under the current law than previous law, and our foreign intelligence agencies can still do the job of foreign intelligence collection without being required to obtain warrants to collect on people who aren't even protected by the Constitution or any US law.
The telephone company, at police request, installed at its central offices a pen register to record the numbers dialed from the telephone at petitioner's home. Prior to his robbery trial, petitioner moved to suppress "all fruits derived from" the pen register. The Maryland trial court denied this motion, holding that the warrantless installation of the pen register did not violate the Fourth Amendment. Petitioner was convicted, and the Maryland Court of Appeals affirmed.
This type of collection has subsequently been affirmed by the courts to also apply to all such communications metadata; information such as To: and From: fields in email, source and destination IP addresses, etc. It is the content of the communication that, for protected persons (US Persons, in this context), requires an individualized warrant.
You are making your assumption based on yet more assumptions of still others who are not privy to anywhere near all of the information required to have any comprehensive knowledge of this issue.
You are assuming that because (you believe) Equipment X is in place in Place Y, that must mean that Egregious Violation of Rights Z is occurring.
You know just as well as I do that I can't prove a negative, and you are not in a position -- even with leaks from individuals like Klein, who have clear political motivations, given some of the content of his interviews -- to claim that the government must be illegally collecting constitutionally protected information.
You are making statements that are not supportable by fact or observation, namely, that ALL traffic is "copied" to the government. You are making assumptions about what filtering is or isn't happening before the government has access to the traffic. You are making unwarranted assumptions about the controls -- technical, logistical, and otherwise -- in place on the equipment, software, and the nature of the relationship between foreign intelligence collection activity, US law, and telecom operators.
The other problem is that along with these assumptions often goes (incorrect) assertions that the administration broke the law before, so why should we believe they aren't now? Except that in itself is wrong, because on everything the administration did, particularly with regard to the foreign intelligence collection issue, there was ALWAYS a legal opinion, and ALWAYS advisory of the intelligence committees in Congress.
Law enforcement agencies, intelligence services, and other government entities have powers granted by society over and above ordinary citizens, and have the "power" to infringe on individual rights. You cannot, as an individual member of society, "prove" that they are not doing this. You trust that our system of law, the courts, and checks and balances in government enforce and monitor the legality of the use of such power by proxy.
So in the case of foreign intelligence collection, individuals in government who we charge with this responsibility have declared this activity legal and constitutional. Namely, this comes in the form of:
- The Foreign Intelligence Surveillance Court of Review ruling that applicable foreign intelligence collection without a warrant under the guise of current and previous law is legal and constitutional
- The FISA Amendments Act of 2008 explicitly declaring this type of collection (where the target of the collection is a non-US Person) legal, regardless of where the collection occurs
- Certification, when necessary, by the Justice Department that questionable targets do not constitute the definition of US Person
- The oversight function of the Intelligence Committees in both houses of Congress, which is one of the very reasons these bodies exist
If you still believe the burden is on me to "prove" that the Constitution isn't being violated, then there is a disconnect that is not going to be solved by me explaining to you the reality of how our current foreign intelligence collection policies work.
No one actually cares about the truth here, any of the issues at play, nor the legality of any programs. Most make it a huge political issue, and is it any surprise that even the "leakers" have all had a political axe to grind with the Bush administration?
They just scream "unconstitutional" and rant about Bush, when the very mechanisms set up in our society to render legal opinions on actions of various components of government and to rule on issues of legality or constitutionality have judged certain things to be legal.
And I'll fast forward to a period of Watergate, when the community was used to do a lot of intrusive observation. Out of that came a bill called FISA, Foreign Intelligence Surveillance Act. Here was the dilemma. We need this large, robust, wonderful capability to protect us in the context of the Cold War, but we can't allow it to conduct any observation of U.S. citizens. And our wonderful democracy, we want it both ways. Don't let anybody bother us, make sure we're safe, but don't do anything to look at anything that might reflect my activity.
So the law in 1978 said okay to observe foreign, but if you observe anything in the United States, U.S. person for a foreign intelligence purpose, you must have a warrant. That was the law of the land, but it was an analog law. Where we found ourselves most recently is it's one global network. And so communications overseas by foreigners - terrorists plotting to attack the United States - those communications were passing through the United States. If you go back to the old analog law, it said if you take information from a wire, even though it's a glass pipe called fiber on a wire in the United States, you must have a warrant. So the dilemma for us was we had a terrorist overseas plotting to attack us by speaking with a terrorist in another overseas location and the community was required to get a warrant.
The debate and the dilemma for us is how do you modernize that law for the modern age? And we debated. For two years we debated and we finally came to closure. The good news is when it was finally voted, two-thirds of the House and two-thirds of the Senate voted for it and here's what it says today: if it's a U.S. person anywhere in the globe, you must have a warrant. A judge must grant you to conduct surveillance and the purpose of the surveillance can only be for one thing, foreign intelligence. Now, why would you do surveillance of a U.S. person for foreign surveillance? What if it's a spy that's been recruited by a foreign agent and you need to know what they're giving away? You would then have a warrant for surveillance of that person for a foreign intelligence purpose.
The other part of the law is no warrant for a foreign target regardless of where or how you intercept it. And the third part of the law was in today's world it's digital, it's global - you can't do it without the help of the private sector and so the private sector was authorized to give us that help and provided a level of liability protection.
That's the kind of dilemma that we face in making sure we balance our responsibilities for conducting surveillance of foreign targets that might wish us harm and respecting the civil liberties and privacy of American citizens.
Intelligence collection on non-US Persons outside of the US has never required a warrant, throughout the entire history of the United States.
The difference occurred when traffic of non-US Persons outside of the US started traveling through the US. Suddenly a warrant is required because digital traffic passed through a routing center in Chicago when one end is in Pakistan and the other is in Saudi Arabia? That's what the now-sunset Protect America Act temporarily fixed, and the FISA Amendments Act of 2008 permanently fixes.
If you believe that a warrant should be required for intelligence collection on persons outside of the US with no legal standing of any kind with the US (i.e., citizen, vistor, legal resident, etc.), then you are completely out of step with all law, intelligence policy, and scholarship on the issue.
With all the breathless coverage about whether Apple can survive, you could have fooled me.
Just because he's not releasing hourly reports of his health doesn't mean he secretly has a recurrence of cancer with a vengeance, or that he's on his deathbed.
At some point, though, Apple will have to overcome the (incorrect) perception that "Steve Jobs is Apple", and that without him, Apple will most certainly fail (though the Apple haters have the gloat machine in full swing). No doubt he's a visionary and apparently an effective CEO, but Apple can survive without Jobs...as long as they keep concentrating on things they're good at, and not wandering aimlessly into dozens of disparate and mundane product areas, as was the case under Amelio.
The main thing Jobs did was streamline the business to a few things Apple is good at. Sure he's got charisma by the truckload, cachet as a Silicon Valley luminary, and sway with media heavyweights in Hollywood and elsewhere. But arriving at a sensible business model was his main achievement -- and one that has worked remarkably well for Apple, with nearly all metrics breaking records for several years now.
That said, Jobs' condition -- not being able to absorb protein from food -- is an extremely common result for the type of procedure that he had. In the Whipple procedure, part of the pancreas and duodenum are removed. As a result, enzymes required to allow the body to digest proteins and fats are reduced. Thus, the weight loss that is extremely common in persons who have had this procedure.
Unfortunately, Jobs' first course of action is to do things like eating raw vegetables and consulting Eastern practitioners, rather than actually getting medical care that can solve this issue. (I also think he meant "enzyme imbalance", not "hormone imbalance", given what we know about his condition.)
Apple will continue to be successful, with or without Steve Jobs as CEO, as long as it doesn't lose sight of doing what it's good at.
The main issue Apple will have to overcome is the perception issue surrounding Jobs. Case-in-point: on the NBC Nightly News last night, Brian Williams talked for several minutes about dismal news about the economy, devastating job losses, thoughts from economists about how this won't end in 2009, dreary report after dreary report, a ceaseless drumbeat of doom and gloom...until he said (paraphrasing, here) this: by far the most shocking news, shocking I tell you, was that Apple CEO Steve Jobs would be stepping down for a medical leave of absence, and a dedicated story segment followed, complete with Maria Bartiromo from the Exchange floor.
When you've got a cult of personality like that, how can you escape it?
1. A warrant is not required to collect intelligence when the target is not a US Person, regardless of where the collection occurs, including within the US.
2. A warrant is always required to collect intelligence when the target is a US Person, whether inside or outside of the US (more strict than previous law).
This requires the assistance of telecom operators in the US. In order to determine which traffic can be legally intercepted without a warrant, basic information about the traffic, such as its source and destination, must also be examined. Such examination of traffic -- a "pen register" -- also does not require a warrant.
The job of our foreign intelligence services is to collect information on the activities and plans of US adversaries. This activity has never required a warrant, because these individuals are not protected by the Constitution of the United States.
The path traffic takes shouldn't prevent us from doing this job.
Actually, this story did cause some criticism, which resulted in a followup story (even calling it "Ubunto" once - nice). So more angry (or informative) letters from Linux-advocates aren't going to set the record straight at this point.
But it does raise a larger question about the adoption of Linux. How can the perception that Microsoft Windows and its trappings are effectively mandatory be overcome? Her computer can handle all of her needs: email, web browsing via Firefox, Microsoft Office-compatible documents via OpenOffice.org, and no need to "install" any Windows-only "Verizon High Speed Internet CD" to use Verizon DSL.
But since many Linux-advocates presumably want to see things like Ubuntu go mainstream, the answer can't be "this woman is a moron and the TV station is worse for covering it". Her problems, even if they seem ridiculous, were real enough to her. So how do you counter this kind of problem? (Some might say decent journalism could have helped here, but that's part and parcel of the perception problem.)
LEDs are not traditionally used for illumination not only because of the costs of LEDs, but because of the complex optics required to distribute the light. it's rare to see LEDs used for illumination, though it is making an entrance for some applications, like flashlights and even headlamps. As LED prices continue to come down and LED optics technology improves and cost stabilize, conventional LED lamp retrofits will become commonplace. Take a look at LEDtronics for some examples.
"how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended?"
"if one of our documents were opened in a foreign country, that would arouse suspicions."
"Logging access" is exactly what he's trying to do. The idea here would be at least knowing, and if you've only given a document to one external entity, you know you have a leak somewhere within that entity or your own organization. Simple managed watermarking can help to discover which.
And DRM in general may be broken, but it's not that black and white: DRM does prevent some casual theft of content, because it's a hassle...that's all anyone with a brain -- and who has paid attention to anything in digital media for the last decade and still employs DRM -- expects anymore.
Those who which to pirate content will ALWAYS be able to do so, regardless of any protections put in place. Perhaps someday those who favor DRM will realize that the losses from hassle to honest customers or prospective customers outweighs anything "gained" from having DRM in place.
But back to the issue at hand, which is a different one: an organization wants to track -- and potentially prevent, under some circumstances -- access to original documents representing proprietary data. A "DRM" model (like that employed by Microsoft Rights Management Server) can help to accomplish this. Of course, once someone discovers it's in place, then any number of untrackable circumvention options, such as those you mentioned, can easily be employed. So, the best option for this case is passive tracking/logging.
If you're talking about CIFA, it has been closed, and its capabilities will be subsumed buy DIA. If you're talking about CI in general, I think it's safe to say that even beyond DIA we still have a diffuse CI capability. Each IC element down to individual military units in the field have their own dedicated CI capability. The problems that we have relate to an inability to share this information. We need to be able to share horizontally across multiple agencies, and we need to learn how to effectively connect with resources at the state and local level, as this is where threats are often first detected or discovered. "Fusion centers" are one way to tackle this problem, but some fusion centers have a whole range of problems of their own. Information sharing tools (Web 2.0, social software, etc.) are another way, but some organizations miss the point: they see the value of information sharing tools (such as Intellipedia), but instead of using a shared resource, they choose to set up their own because they want to "own" it.
We'll never "get there"; it will be a continuous process of improvement and learning from mistakes. In a free society, intelligence collection is always a contentious subject -- even foreign collection, much less any (lawful) domestic activity.
The democratic Republic of China, commonly called Taiwan -- which America backs and the communist People's Republic of China considers part of its territory -- frequently irritates Chinese leaders with calls for greater independence from the mainland. But while the American military mulls its options, Chinese missiles hit runways, fuel lines, barracks and supply depots at U.S. Air Force bases in Japan and South Korea. Long-range warheads destroy American satellites, crippling Air Force surveillance and communication networks. A nuclear fireball erupts high above the Pacific Ocean, ionizing the atmosphere and scrambling radars and radio feeds.
This is China's anti-U.S. sucker punch strategy.
It's designed to strike America's military suddenly, stunning and stalling the Air Force more than any other service. In a script written by Chinese military officers and defense analysts, a bruised U.S. military, beholden to a sheepish American public, puts up a small fight before slinking off to avoid full-on war.
[...]
Because the American public is "abnormally sensitive" about military casualties, according to an article in China's Liberation Army Daily, killing U.S. airmen or other personnel would spark a "domestic anti-war cry" on the home front and possibly force early withdrawal of U.S. forces.
[...]
The PLA also would likely use less conventional attacks on the American military's vital communications network. The goal, as one Chinese expert put it: leaving U.S. combat capabilities "blind," "deaf" and "paralyzed." Losing early-warning systems designed to detect incoming missiles would be, for the Air Force, the most devastating setback -- one that could force the service to exit the region altogether, according to Rand.
The report that is the subject of this article also discusses options for hardening US military targets and infrastructure. But ultimately, even dedicated military networks have some of the same vulnerabilities as the commodity internet. They are just as sensitive to EM disruption, and some common modes of attack. The other piece you're missing is the more subtle psychological manipulation, which can occur over a much longer term.
This isn't just about DoSing web sites. The attacks that can occur in the information realm span many more areas, and may not even be interpreted or recognized as an attack until it's too late. It pays to be aware of this landscape in a changing world:
A global multipolar system is emerging with the rise of China, India, and others. The relative power of nonstate actors -- businesses, tribes, religious organizations, and even criminal networks -- also will increase.
By 2025 a single "international community" composed of nation-states will no longer exist. Power will be more dispersed with the newer players bringing new rules of the game while risks will increase that the traditional Western alliances will weaken. Rather than emulating Western models of political and economic development, more countries may be attracted to China's alternative development model.
If we place any importance on the positive aspects of Western systems of values and influence (something which moral relativists may find extremely difficult to do), over, say, government and social models in China or Russia, then there should be an awareness about threats against those systems.
Yes, the Chinese military has decided exactly this, and it's been in Chinese doctrine for a decade. It's clear in Chinese military publications, and even a cursory literature review of Chinese journals finds a consistent message: China can defeat superior enemies by utilizing information warfare against information dependent-states, particularly the United States, and it must have a diligent, long-term view to do it successfully.
If China spends 15 years shaping American public opinion -- including that of politicians in power, or who come to power -- that military conflict with China must be avoided at all costs, even in a scenario where China invades Taiwan, has the goal not been accomplished? If China is able to temporarily blind US command and control to give it enough time to become entrenched in a symbolic region, has the goal not been accomplished?
China believes it, and China has embraced the idea of using principles of information warfare -- from long-term PSYOP, to public relations, to coordinated computer attack, to "useful idiots" without any government affiliation doing the Party's bidding for the "good of China" -- to skip the full extent of the costly and painful military-industrial modernization it would take to counter an adversary like the US in a conventional war.
BOTH are happening. And it's not just "Chinese hackers". It is a concerted, organized, long-term effort supported through the highest levels of Chinese government to control the information landscape as a tool for superiority over the United States. We've talked about how China is planning to use technology to leapfrog its foes militarily -- including the United States -- and Chinese doctrine on Information Warfare makes this no secret. There are financial concerns, and there are very real concerns about the information realm as well. Human interaction is based on the dissemination, exchange, and interpretation of information. It's not just "hackers" or "cyberwar"; information warfare is much bigger, and it IS happening. This is important enough that a previous comment of mine on this issue bears repeating here:
"Information Warfare" (IW), sometimes called Information Operations (IO), spans several arenas, from the purely technical to the social and psychological. The goals and missions of IO and intelligence in general, particularly against and within non-free societies, will constantly be at odds with the democratic nature of the United States and the West. Even so, the United States currently doesn't appear to acknowledge the scope of the information campaigns China has executed against it. China's motives are strategic rather than tactical in nature; that is, they do not necessarily serve any direct or immediate specific purpose, but rather serve to create influence in its own favor over long periods of time. For this reason, many in the US see China as something of a misunderstood ally, while China simultaneously builds out its military capability.
While cyber warfare is now routinely considered in various analyses of China and other nations, the larger question of why China is so diligently pursuing this path is overlooked. China's activities in this realm are assumed to be part of a natural technological progression. However, a study of literature examining China's efforts in Information Warfare viewed against the backdrop of the importance of the Information Revolution which is sweeping the globe paints a picture of a nation looking to the information realm as a critical and key mechanism to modernize its military capabilities. Similar to how the Industrial Revolution ushered in a new era and greatly enhanced nations' abilities to wage war, the Information Revolution again could change the face of conflict. China's motivations for expanding its cyber warfare capabilities against the United States may transcend that of simple technological evolution, and warrant a deeper examination. Why, then, can China be expected to expand its Information Warfare capabilities, particularly with respect to the United States?
The US Army War College's Strategic Studies Institute encapsulates these findings in one simple thought: to China's leadership, it could mean a pathway to modernization that would obviate the need for costly and time-consuming interim modernization. "IW offers opportunities to win wars without the traditional clash of arms" (Yoshihara 2001). Indeed, China appears to be focused on the notion of such asymmetric warfare. Yoshihara (2001) goes on to explore the current state of Chinese IW and IO philosophy. The focus of Chinese theoreticians appears squarely focused on the possibility of IW offering China a decisive option to defeat a superior adversary by crippling its command and control capabilities. Moreover, Yoshihara (2001) notes that some Chinese military scholars consider the notion of victory without conventional battle; not only via disabling information-based attacks in the electronic realm, but even via more subtle psychological operations (PSYOP) designed to alter and shape an adversary's thinking.
Part of China's motivations for the intense focus on the information realm stems from China's fascination with recent conflicts driven by information. China witnessed the decisive US tactical victory in the
Engineers like Mark Klein, who, by their statements, also clearly have a political agenda?
Engineers like Mark Klein, who have no direct knowledge of the implementation of the surveillance equipment?
Perhaps you could tell me how a system would work to "intercept" internet traffic which is lawful to intercept without being able to examine the "wrapper" of each packet.
You can't. And no, the answer isn't, "Well, that's NSA's problem, and right now they're violating the law." This isn't the answer for two reasons:
1. No, they're not violating the law, actually. An infrastructure being in place to allow for interception of foreign traffic passing through US equipment does not imply all traffic is being "intercepted" in a legal context. See 2.
2. Monitoring the metadata or "envelope" (source and destination information) of a communication is required to determine whether the traffic can be monitored with a warrant.
Such collection has been found to be legal without a warrant or court oversight by the US Supreme Court:
The telephone company, at police request, installed at its central offices a pen register to record the numbers dialed from the telephone at petitioner's home. Prior to his robbery trial, petitioner moved to suppress "all fruits derived from" the pen register. The Maryland trial court denied this motion, holding that the warrantless installation of the pen register did not violate the Fourth Amendment. Petitioner was convicted, and the Maryland Court of Appeals affirmed.
Courts have subsequently found that pen register statutes apply similarly to computer network addresses known as IP addresses, lists of web sites visited, and the "envelope" of an email message -- its To: and From: addresses and related information. The NSA itself has long understood that while the capture of the "metadata" of communications is fair game, the capture of the contents of the conversations of US Persons is not, without a warrant. Whether or not all traffic passes through a particular piece of equipment is immaterial.
The current law, as represented after the FISA Amendments Act of 2008 (HR 3773), sponsored by Rep. John Conyers (D-MI) and cosponsored by 7 other Democratic colleagues:
1. Clarifies that no court warrant is required to intercept communications of non-US Persons when both ends of the communications are outside the United States. (Even when the interception occurs within the US.)
2. Requires an individualized court warrant from the FISA Court when targeting US Persons. (Same as previous law.)
The interception mechanisms required to enable lawful foreign intelligence collection from the internet within the US necessitates the technical capability to monitor and potentially collect all traffic. It is not a crime, and the current, amended law that speaks to exactly this issue does not consider it a crime. The intelligence oversight committees in both houses of Congress know exactly how this has been implemented, and Congress overwhelmingly chose to protect telecom operators from liability -- both for their prior assistance and going forward -- as a result of their lawful assistance.
Your assertion has two problems:
"Develop a system that intercepts only the communications of interest"
This is a convenient Catch-22, usually for individuals grinding a political axe. This is often put forward as an argument because the implication is that it's impossible to build a system that can only intercept foreign traffic without first determining whether it's foreign traffic or not -- which itself requires examining at least the traffic's meta
Slashdot Mirror
There is no indication that this spying program was limited strictly to non-US Persons.
Please do not confuse the now-defunct "Terrorist Surveillance Program" (TSP) with foreign intelligence collection on non-US Persons within the US.
The whole point and purpose of the program in question is NOT collection on US Persons, but targeted collection on NON-US Persons.
Warrantless collection on US Persons did happen under TSP, but TSP was not reauthorized after January 2007 because of the controversy.
Yeah, yeah, nobody but you. Yet even though you keep quoting the FISA Amendment, and even linked to the definition of U.S. Persons (inline definition for those reading along: A U.S. citizen anywhere in the world, and anybody who is on U.S. soil legally), you haven't explained how reality falls within those legal guidelines. To get a mere pen register, you don't need to shunt the entirety of traffic going through AT&T switches into a separate room. If they were getting more than that, then they were getting the communications of U.S. Persons which requires a warrant. Warrants they did not get.
That's the point. No one here is in a position to comment on what they were getting, or how. What we do know is that the courts, including FISC, the Intelligence Committees in the House and Senate, the executive branch -- which will soon be headed by President Obama, legislation which speaks to this issue, the legal advisors of NSA and the Intelligence Community, and the Justice Department, are aware of what is implemented, and how, and it has been judged to be legal under the Constitution and under the law. I am not certain just how much more determination is required. You (and others) are focusing on what you feel, without access to all of the information, is an overbroad technical implementation and ignoring all other review, oversight, and controls.
What tripe. A U.S. citizen who is also a dissident plotting to overthrow the government is an "adversary", and is absolutely protected by the Constitution even though they may be guilty of treason. So in other words, sometimes this does require a warrant, sometimes it doesn't. When you pay no attention to which situation it is and never get a warrant, then you're surely operating outside the law.
Implicit in my comment was that this would not be a US Person. Sorry I didn't include it there, though my meaning should be clear from my numerous comments on the issue; namely, that it is non-US Persons which can legally be targeted without a warrant, even when the collection occurs within the US. If it is a US Person that is an "adversary", and as such becomes the target of intelligence collection, they are, of course, covered by the warrant requirements.
The old FISA law said any U.S. Person who was a party to the conversation being targeted, regardless of whether they were the target of the tap or not, must be protected by a warrant. If I read the new law correctly, it only applies when the person specifically being targeted is a U.S. Person. And the whole "anywhere on the globe" bit is inherent to the definition of U.S. Person!
No, the old law still allowed identifying information and content of incidental traffic from a US Person to be redacted, and a warrant was required only if the collection resulted in routine interception of traffic from the same US Person. The anywhere on the globe thing is NOW legally inherent to the definition of a US Person, but they were only protected under the old law in the context of foreign intelligence collection if they were inside of the US. Now they are protected anywhere. So the new law, is, in fact, stronger with respect to protection for US Persons. That was part of the give-and-take compromise that allowed for foreign collection on non-US Persons to happen within the US without a warrant.
Well, except between 1978 and 2007 when the versions of FISA then in effect put limitations on them if interception occurred inside the US. The limitations were certainly not as strict as for domestic law enforcement (and practically non-existent where no "US persons" were involved), but they were there nonetheless and, in all likelihood, illegally violated by Bush administration.
Actually, my point was that foreign intelligence collection, as generally performed outside of the US, has never required a warrant.
The difference, as you correctly noted, was when the collection occurred within the US...and the reason the law was written the way it was, was to prevent intelligence agencies from collecting in US Persons inside the US without a warrant under the guise of "foreign intelligence".
Until traffic of people who were legitimate targets for foreign intelligence collection -- namely, non-US Persons outside of the US -- started traveling through the US in some cases, and suddenly became subject to warrant requirements, sometimes even when no US Person was involved.
This decision, and the current law, as amended, speaks exactly to that issue; specifically, collection on non-US Persons does not require a warrant, even when the collection occurs within the US, and collection on US Persons ALWAYS requires a warrant, no matter where the person is or where the collection occurs. The latter is more strict that the prior law with respect to warrant protections for US Persons.
2008? So, you're talking about something that has nothing to so with the court ruling in the Slashdot article?
No, actually it's completely related to this court ruling. The court ruling itself was in August 2008, by the way, and the FISA Amendments Act of 2008 is directly related to all of the issues which the FISC Review decision is about.
One of the key objections to the Bush wiretapping (which the current court ruling seems to be OK with), was that US-persons were being wiretapped without a warrant. Specifically, phone calls involving US citizens were being listened to in cases were one end of the call was outside the USA.
No...that was the Terrorist Surveillance Program (TSP), which is separate from this issue, did target some Americans of interest in terrorism investigations without a warrant, and hasn't been reauthorized since it was discontinued in January 2007.
The current law allows for foreign intelligence collection on non-US Persons without a warrant -- and one end of the conversation may be a US Person, as long as that person is NOT the target of the surveillance, and the targeting of a non-US Person isn't used to sidestep warrant requirements. This is necessary, because when a non-US Person is legitimately targeted for foreign intelligence purposes, a warrant can't suddenly be required if that person happens to talk to a US Person. So, as long as the US Person is not a target of the collection and the content of that portion of the communication is protected as required by law, the collection is allowed.
In fact, such collection has ALWAYS been allowed without a warrant -- as long as the collection occurred outside of the United States. The difference is that the collection is now occurring inside the US, with the assistance of US telecom operators. The provisions protecting US Persons are now more stringent than previous law, and require an individualized warrant whenever a US Person is targeted anywhere on the globe for foreign intelligence purposes.
I think the idea here isn't to just indiscriminately target people who aren't US Persons.
But, to address your example specifically; if:
- One party of the conversation has no legal standing with the US (i.e., is not a citizen, visitor, permanent resident, employee of a US corporation, etc.), that is, not a US Person under the law,
- That person has been characterized as a target by our foreign intelligence apparatus, and
- That person is not being used as a justification to collect the content of the communication of a US Person,
then yes, that communication is fair game for foreign intelligence collection, by definition, just as much as someone on a Navy vessel listening in on someone in Saudi Arabia keying a radio mic in the clear.
This is all about continuing to enable foreign SIGINT collection in the digital age.
I like to read excerpts like these, which really speak to the issues at hand:
- PDDNI Dr. Donald Kerr
That and my p
I see you've already made up your mind.
If you argument is that if something COULD be abused, it automatically IS being abused, until it can be categorically proven to you, personally, otherwise, and you grant no authority to legal, judicial, and other oversight mechanisms to ensure that it isn't, and instead are willing to take what amounts to basically a few photocopied pages and uninformed speculation about a classified program about which Klein knows next to nothing and is not authoritative, and you simply ignore everything else I said in my response, then this discussion isn't going to go anywhere.
No way to tell whether the Fourth Amendment is being violated?
You mean, other than oversight -- and explicit rulings with comprehensive knowledge about how the programs operate, like this one -- by FISC?
Or oversight and advisory of the Intelligence Committees in both houses of Congress, which is part of their purpose and function?
Or declarations by the Justice Department, when necessary, which will determine whether or not, under the law, an individual is a US Person when there is confusion?
Now if you mean we have no way of telling whether other countries through which internet traffic is routed are intercepting our traffic, you're right. And they are.
It's a lot more than "demonstrate there is a possibility that the communication was to or from a foreigner". It's that the target of the surveillance is NOT a US Person, as established by legal and other procedures outlined by FISA in general, the FISA Amendments Act of 2008, procedural guidelines and restrictions employed by FISC, and by other judicial and legal oversight measures. It's not just a "possibility"; it is a firm, demonstrable belief, under the law, that the target is NOT a US Person, and hence, not subject to warrant requirements.
Additionally, US Persons may have been one piece of a conversation that is subject to foreign intelligence collection in the past; their identities and the contents of communications must be carefully handled and protected if in conjunction with other, legitimate foreign collection. The amended law explicitly states that US Persons cannot be collaterally targeted by targeting a foreigner. Any such collection still must be incidental, and the target must legally and demonstrably be a non-US Person. If a US Person becomes a target for any reason, anywhere in the world, an individualized warrant must be acquired. This is more stringent than previous law.
No, that's not at all the case.
The FISA Amendments Act of 2008 says, very explicitly and specifically, that a warrant is required to collect on a US Person, anywhere in the world. That is more strict than the previous law.
The difference is that foreign collection (i.e., collection on non-US Persons) can now occur without a warrant within the US. The digital age was actually creating situations where traffic that used to be intercepted between two non-US Persons on walkie talkies by someone sitting on a Navy ship 250 miles away was now suddenly two cell phones whose traffic was routed through a facility in Chicago -- and suddenly such traffic, because of analog-era law, requires a warrant?
So instead of concentrating on the geographic location -- individuals or intercept points inside or outside of the US -- the concentration is now on the target, and whether they are a US Person. US Persons have more protections under the current law than previous law, and our foreign intelligence agencies can still do the job of foreign intelligence collection without being required to obtain warrants to collect on people who aren't even protected by the Constitution or any US law.
Indeed, and for anyone else reading this, it was Smith v Maryland, 442 U.S. 735 (1979):
This type of collection has subsequently been affirmed by the courts to also apply to all such communications metadata; information such as To: and From: fields in email, source and destination IP addresses, etc. It is the content of the communication that, for protected persons (US Persons, in this context), requires an individualized warrant.
You are making your assumption based on yet more assumptions of still others who are not privy to anywhere near all of the information required to have any comprehensive knowledge of this issue.
You are assuming that because (you believe) Equipment X is in place in Place Y, that must mean that Egregious Violation of Rights Z is occurring.
You know just as well as I do that I can't prove a negative, and you are not in a position -- even with leaks from individuals like Klein, who have clear political motivations, given some of the content of his interviews -- to claim that the government must be illegally collecting constitutionally protected information.
You are making statements that are not supportable by fact or observation, namely, that ALL traffic is "copied" to the government. You are making assumptions about what filtering is or isn't happening before the government has access to the traffic. You are making unwarranted assumptions about the controls -- technical, logistical, and otherwise -- in place on the equipment, software, and the nature of the relationship between foreign intelligence collection activity, US law, and telecom operators.
The other problem is that along with these assumptions often goes (incorrect) assertions that the administration broke the law before, so why should we believe they aren't now? Except that in itself is wrong, because on everything the administration did, particularly with regard to the foreign intelligence collection issue, there was ALWAYS a legal opinion, and ALWAYS advisory of the intelligence committees in Congress.
Law enforcement agencies, intelligence services, and other government entities have powers granted by society over and above ordinary citizens, and have the "power" to infringe on individual rights. You cannot, as an individual member of society, "prove" that they are not doing this. You trust that our system of law, the courts, and checks and balances in government enforce and monitor the legality of the use of such power by proxy.
So in the case of foreign intelligence collection, individuals in government who we charge with this responsibility have declared this activity legal and constitutional. Namely, this comes in the form of:
- The Foreign Intelligence Surveillance Court of Review ruling that applicable foreign intelligence collection without a warrant under the guise of current and previous law is legal and constitutional
- The FISA Amendments Act of 2008 explicitly declaring this type of collection (where the target of the collection is a non-US Person) legal, regardless of where the collection occurs
- Certification, when necessary, by the Justice Department that questionable targets do not constitute the definition of US Person
- The oversight function of the Intelligence Committees in both houses of Congress, which is one of the very reasons these bodies exist
If you still believe the burden is on me to "prove" that the Constitution isn't being violated, then there is a disconnect that is not going to be solved by me explaining to you the reality of how our current foreign intelligence collection policies work.
* Sales Slump Over Economic Crisis
* = Insert nearly anything here
No one actually cares about the truth here, any of the issues at play, nor the legality of any programs. Most make it a huge political issue, and is it any surprise that even the "leakers" have all had a political axe to grind with the Bush administration?
They just scream "unconstitutional" and rant about Bush, when the very mechanisms set up in our society to render legal opinions on actions of various components of government and to rule on issues of legality or constitutionality have judged certain things to be legal.
The issue is summed up fairly well by comments of DNI Mike McConnell (video) at Harvard's Kennedy School:
Intelligence collection on non-US Persons outside of the US has never required a warrant, throughout the entire history of the United States.
The difference occurred when traffic of non-US Persons outside of the US started traveling through the US. Suddenly a warrant is required because digital traffic passed through a routing center in Chicago when one end is in Pakistan and the other is in Saudi Arabia? That's what the now-sunset Protect America Act temporarily fixed, and the FISA Amendments Act of 2008 permanently fixes.
If you believe that a warrant should be required for intelligence collection on persons outside of the US with no legal standing of any kind with the US (i.e., citizen, vistor, legal resident, etc.), then you are completely out of step with all law, intelligence policy, and scholarship on the issue.
Did Steve Jobs die?
What's that? He didn't?
With all the breathless coverage about whether Apple can survive, you could have fooled me.
Just because he's not releasing hourly reports of his health doesn't mean he secretly has a recurrence of cancer with a vengeance, or that he's on his deathbed.
At some point, though, Apple will have to overcome the (incorrect) perception that "Steve Jobs is Apple", and that without him, Apple will most certainly fail (though the Apple haters have the gloat machine in full swing). No doubt he's a visionary and apparently an effective CEO, but Apple can survive without Jobs...as long as they keep concentrating on things they're good at, and not wandering aimlessly into dozens of disparate and mundane product areas, as was the case under Amelio.
The main thing Jobs did was streamline the business to a few things Apple is good at. Sure he's got charisma by the truckload, cachet as a Silicon Valley luminary, and sway with media heavyweights in Hollywood and elsewhere. But arriving at a sensible business model was his main achievement -- and one that has worked remarkably well for Apple, with nearly all metrics breaking records for several years now.
That said, Jobs' condition -- not being able to absorb protein from food -- is an extremely common result for the type of procedure that he had. In the Whipple procedure, part of the pancreas and duodenum are removed. As a result, enzymes required to allow the body to digest proteins and fats are reduced. Thus, the weight loss that is extremely common in persons who have had this procedure.
Unfortunately, Jobs' first course of action is to do things like eating raw vegetables and consulting Eastern practitioners, rather than actually getting medical care that can solve this issue. (I also think he meant "enzyme imbalance", not "hormone imbalance", given what we know about his condition.)
Apple will continue to be successful, with or without Steve Jobs as CEO, as long as it doesn't lose sight of doing what it's good at.
The main issue Apple will have to overcome is the perception issue surrounding Jobs. Case-in-point: on the NBC Nightly News last night, Brian Williams talked for several minutes about dismal news about the economy, devastating job losses, thoughts from economists about how this won't end in 2009, dreary report after dreary report, a ceaseless drumbeat of doom and gloom...until he said (paraphrasing, here) this: by far the most shocking news, shocking I tell you, was that Apple CEO Steve Jobs would be stepping down for a medical leave of absence, and a dedicated story segment followed, complete with Maria Bartiromo from the Exchange floor.
When you've got a cult of personality like that, how can you escape it?
The FISA Amendments Act of 2008 says:
1. A warrant is not required to collect intelligence when the target is not a US Person, regardless of where the collection occurs, including within the US.
2. A warrant is always required to collect intelligence when the target is a US Person, whether inside or outside of the US (more strict than previous law).
This requires the assistance of telecom operators in the US. In order to determine which traffic can be legally intercepted without a warrant, basic information about the traffic, such as its source and destination, must also be examined. Such examination of traffic -- a "pen register" -- also does not require a warrant.
The job of our foreign intelligence services is to collect information on the activities and plans of US adversaries. This activity has never required a warrant, because these individuals are not protected by the Constitution of the United States.
The path traffic takes shouldn't prevent us from doing this job.
This connects with what I just said below you.
Sure, we can mock it, but there are real issues here:
- She doesn't know that she doesn't need to install any "Verizon High Speed Internet CD" in order for her Verizon DSL to function.
- She doesn't know that OpenOffice.org can handle her needs for "Microsoft Word" just fine
- She probably wouldn't know that Firefox can handle all of her browsing needs even where another OS is specified (under most circumstances)
So how can we bridge those kinds of gaps?
Actually, this story did cause some criticism, which resulted in a followup story (even calling it "Ubunto" once - nice). So more angry (or informative) letters from Linux-advocates aren't going to set the record straight at this point.
But it does raise a larger question about the adoption of Linux. How can the perception that Microsoft Windows and its trappings are effectively mandatory be overcome? Her computer can handle all of her needs: email, web browsing via Firefox, Microsoft Office-compatible documents via OpenOffice.org, and no need to "install" any Windows-only "Verizon High Speed Internet CD" to use Verizon DSL.
But since many Linux-advocates presumably want to see things like Ubuntu go mainstream, the answer can't be "this woman is a moron and the TV station is worse for covering it". Her problems, even if they seem ridiculous, were real enough to her. So how do you counter this kind of problem? (Some might say decent journalism could have helped here, but that's part and parcel of the perception problem.)
LEDs are not traditionally used for illumination not only because of the costs of LEDs, but because of the complex optics required to distribute the light. it's rare to see LEDs used for illumination, though it is making an entrance for some applications, like flashlights and even headlamps. As LED prices continue to come down and LED optics technology improves and cost stabilize, conventional LED lamp retrofits will become commonplace. Take a look at LEDtronics for some examples.
"how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended?"
"if one of our documents were opened in a foreign country, that would arouse suspicions."
"Logging access" is exactly what he's trying to do. The idea here would be at least knowing, and if you've only given a document to one external entity, you know you have a leak somewhere within that entity or your own organization. Simple managed watermarking can help to discover which.
And DRM in general may be broken, but it's not that black and white: DRM does prevent some casual theft of content, because it's a hassle...that's all anyone with a brain -- and who has paid attention to anything in digital media for the last decade and still employs DRM -- expects anymore.
Those who which to pirate content will ALWAYS be able to do so, regardless of any protections put in place. Perhaps someday those who favor DRM will realize that the losses from hassle to honest customers or prospective customers outweighs anything "gained" from having DRM in place.
But back to the issue at hand, which is a different one: an organization wants to track -- and potentially prevent, under some circumstances -- access to original documents representing proprietary data. A "DRM" model (like that employed by Microsoft Rights Management Server) can help to accomplish this. Of course, once someone discovers it's in place, then any number of untrackable circumvention options, such as those you mentioned, can easily be employed. So, the best option for this case is passive tracking/logging.
If you're talking about CIFA, it has been closed, and its capabilities will be subsumed buy DIA. If you're talking about CI in general, I think it's safe to say that even beyond DIA we still have a diffuse CI capability. Each IC element down to individual military units in the field have their own dedicated CI capability. The problems that we have relate to an inability to share this information. We need to be able to share horizontally across multiple agencies, and we need to learn how to effectively connect with resources at the state and local level, as this is where threats are often first detected or discovered. "Fusion centers" are one way to tackle this problem, but some fusion centers have a whole range of problems of their own. Information sharing tools (Web 2.0, social software, etc.) are another way, but some organizations miss the point: they see the value of information sharing tools (such as Intellipedia), but instead of using a shared resource, they choose to set up their own because they want to "own" it.
We'll never "get there"; it will be a continuous process of improvement and learning from mistakes. In a free society, intelligence collection is always a contentious subject -- even foreign collection, much less any (lawful) domestic activity.
This is a good summary of China's lines of thinking:
Hypothetical attack on U.S. outlined by China, Air Force Times, January 28, 2008
The report that is the subject of this article also discusses options for hardening US military targets and infrastructure. But ultimately, even dedicated military networks have some of the same vulnerabilities as the commodity internet. They are just as sensitive to EM disruption, and some common modes of attack. The other piece you're missing is the more subtle psychological manipulation, which can occur over a much longer term.
This isn't just about DoSing web sites. The attacks that can occur in the information realm span many more areas, and may not even be interpreted or recognized as an attack until it's too late. It pays to be aware of this landscape in a changing world:
If we place any importance on the positive aspects of Western systems of values and influence (something which moral relativists may find extremely difficult to do), over, say, government and social models in China or Russia, then there should be an awareness about threats against those systems.
See also: Entering the Dragon's Lair: Chinese Antiaccess Strategies and Their Implications for the United States. This entire book is available free and is a great read for those interested in Chinese military strategy.
Yes, the Chinese military has decided exactly this, and it's been in Chinese doctrine for a decade. It's clear in Chinese military publications, and even a cursory literature review of Chinese journals finds a consistent message: China can defeat superior enemies by utilizing information warfare against information dependent-states, particularly the United States, and it must have a diligent, long-term view to do it successfully.
If China spends 15 years shaping American public opinion -- including that of politicians in power, or who come to power -- that military conflict with China must be avoided at all costs, even in a scenario where China invades Taiwan, has the goal not been accomplished? If China is able to temporarily blind US command and control to give it enough time to become entrenched in a symbolic region, has the goal not been accomplished?
China believes it, and China has embraced the idea of using principles of information warfare -- from long-term PSYOP, to public relations, to coordinated computer attack, to "useful idiots" without any government affiliation doing the Party's bidding for the "good of China" -- to skip the full extent of the costly and painful military-industrial modernization it would take to counter an adversary like the US in a conventional war.
Note that Android Dev Phone 1 devices are not intended for non-developer end users. Since the devices can be configured with system software not provided by or supported by Google or any other company, end users operate these devices at their own risk.
BOTH are happening. And it's not just "Chinese hackers". It is a concerted, organized, long-term effort supported through the highest levels of Chinese government to control the information landscape as a tool for superiority over the United States. We've talked about how China is planning to use technology to leapfrog its foes militarily -- including the United States -- and Chinese doctrine on Information Warfare makes this no secret. There are financial concerns, and there are very real concerns about the information realm as well. Human interaction is based on the dissemination, exchange, and interpretation of information. It's not just "hackers" or "cyberwar"; information warfare is much bigger, and it IS happening. This is important enough that a previous comment of mine on this issue bears repeating here:
"Information Warfare" (IW), sometimes called Information Operations (IO), spans several arenas, from the purely technical to the social and psychological. The goals and missions of IO and intelligence in general, particularly against and within non-free societies, will constantly be at odds with the democratic nature of the United States and the West. Even so, the United States currently doesn't appear to acknowledge the scope of the information campaigns China has executed against it. China's motives are strategic rather than tactical in nature; that is, they do not necessarily serve any direct or immediate specific purpose, but rather serve to create influence in its own favor over long periods of time. For this reason, many in the US see China as something of a misunderstood ally, while China simultaneously builds out its military capability.
While cyber warfare is now routinely considered in various analyses of China and other nations, the larger question of why China is so diligently pursuing this path is overlooked. China's activities in this realm are assumed to be part of a natural technological progression. However, a study of literature examining China's efforts in Information Warfare viewed against the backdrop of the importance of the Information Revolution which is sweeping the globe paints a picture of a nation looking to the information realm as a critical and key mechanism to modernize its military capabilities. Similar to how the Industrial Revolution ushered in a new era and greatly enhanced nations' abilities to wage war, the Information Revolution again could change the face of conflict. China's motivations for expanding its cyber warfare capabilities against the United States may transcend that of simple technological evolution, and warrant a deeper examination. Why, then, can China be expected to expand its Information Warfare capabilities, particularly with respect to the United States?
The US Army War College's Strategic Studies Institute encapsulates these findings in one simple thought: to China's leadership, it could mean a pathway to modernization that would obviate the need for costly and time-consuming interim modernization. "IW offers opportunities to win wars without the traditional clash of arms" (Yoshihara 2001). Indeed, China appears to be focused on the notion of such asymmetric warfare. Yoshihara (2001) goes on to explore the current state of Chinese IW and IO philosophy. The focus of Chinese theoreticians appears squarely focused on the possibility of IW offering China a decisive option to defeat a superior adversary by crippling its command and control capabilities. Moreover, Yoshihara (2001) notes that some Chinese military scholars consider the notion of victory without conventional battle; not only via disabling information-based attacks in the electronic realm, but even via more subtle psychological operations (PSYOP) designed to alter and shape an adversary's thinking.
Part of China's motivations for the intense focus on the information realm stems from China's fascination with recent conflicts driven by information. China witnessed the decisive US tactical victory in the
What engineers?
Engineers like Mark Klein, who, by their statements, also clearly have a political agenda?
Engineers like Mark Klein, who have no direct knowledge of the implementation of the surveillance equipment?
Perhaps you could tell me how a system would work to "intercept" internet traffic which is lawful to intercept without being able to examine the "wrapper" of each packet.
You can't. And no, the answer isn't, "Well, that's NSA's problem, and right now they're violating the law." This isn't the answer for two reasons:
1. No, they're not violating the law, actually. An infrastructure being in place to allow for interception of foreign traffic passing through US equipment does not imply all traffic is being "intercepted" in a legal context. See 2.
2. Monitoring the metadata or "envelope" (source and destination information) of a communication is required to determine whether the traffic can be monitored with a warrant.
Such collection has been found to be legal without a warrant or court oversight by the US Supreme Court:
Source: Smith v. Maryland, 442 U.S. 735 (1979)
Courts have subsequently found that pen register statutes apply similarly to computer network addresses known as IP addresses, lists of web sites visited, and the "envelope" of an email message -- its To: and From: addresses and related information. The NSA itself has long understood that while the capture of the "metadata" of communications is fair game, the capture of the contents of the conversations of US Persons is not, without a warrant. Whether or not all traffic passes through a particular piece of equipment is immaterial.
The current law, as represented after the FISA Amendments Act of 2008 (HR 3773), sponsored by Rep. John Conyers (D-MI) and cosponsored by 7 other Democratic colleagues:
1. Clarifies that no court warrant is required to intercept communications of non-US Persons when both ends of the communications are outside the United States. (Even when the interception occurs within the US.)
2. Requires an individualized court warrant from the FISA Court when targeting US Persons. (Same as previous law.)
The interception mechanisms required to enable lawful foreign intelligence collection from the internet within the US necessitates the technical capability to monitor and potentially collect all traffic. It is not a crime, and the current, amended law that speaks to exactly this issue does not consider it a crime. The intelligence oversight committees in both houses of Congress know exactly how this has been implemented, and Congress overwhelmingly chose to protect telecom operators from liability -- both for their prior assistance and going forward -- as a result of their lawful assistance.
Your assertion has two problems:
"Develop a system that intercepts only the communications of interest"
This is a convenient Catch-22, usually for individuals grinding a political axe. This is often put forward as an argument because the implication is that it's impossible to build a system that can only intercept foreign traffic without first determining whether it's foreign traffic or not -- which itself requires examining at least the traffic's meta