Re "unless anything in the Snowden leaks suggests that Public Key encryption no longer works? Yes, I know it's hard. Oh well: It's necessary."
If you are found to be using encryption you become interesting. Create too much interest and your computer gets a visit?
The issue of international standards and tame academics can hold back more positive infrastructure changes.
That goes back years. The UK faced the same with the interception of international telegrams and telexes (cable vetting, the D-Notice affair) in 1967.
The GCHQ was getting a copy of international telegrams and telexes.
D-notice affair https://en.wikipedia.org/wiki/...
The tradition of looking at all international telegrams went back to WW1.
Now its all optical:)
Why bother recording everything when that's already done by the telcos?
In the past the NSA and GCHQ could only store so much information. The idea was to collect all, sort and remove as much data as possible very quickly.
The Dictionary system using keywords and predesignated phrases would try and find new people of interest.
Later the cost of storage was so low that it was more simple just to collect and store it all.
The ability to track a message end to end and store that result for long term computer retrieval was ready for US use in the 1970's.
The UK would have had the same new options after its Cray upgrades from IBM-700 by the late 1970's.
The need to record everything is so the UK gov has its own copy. The UK could not trust that the US would keep its own data or data of interest to the UK long term.
That also helps with tracking UK gov staff and their personnel files long term. Internal UK security enquiries can then recall a lot of data without having to ask the US for help.
Every aspect of all network use is kept, everyone has a file.
Thats the interesting new part "1,693 10-gigabit connections and increasing egress capacity to 390"
Collect it all is back in the news.
A select few nations and their friends have total mastery over much of the telco networks. What if the other nations of interest stop using telco networks or just provide well created disinformation?
Yes a community know their local sounds. The 4x4, bikes, luxury cars. They all have distinctive sounds and the local population are aware of any changes.
When an army of occupation or their local death squads move into an area that news travels fast.
Special forces try to blend in. Local death squads use what they are given. New machines with loud new distinctive sounds will stand out in open areas.
Counterinsurgency is now going to be robotic? An endless war of robot patrols and local robot checkpoint?
Divide a country up and pack the civilians into safe areas "refugee camps" to win hearts and minds?
Most people found outside a camp can then be tracked and questioned?
Back to a scorched earth policy with big numbers of new robots. Great news for the robot makers.
Re "I wonder who was targeted?"
When different network where still needed experts did find a few interesting past projects:
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
The SISMI-Telecom scandal in Italy found in 2006 https://en.wikipedia.org/wiki/...
The code is of a quality set per user depending on OS, installed AV and all other understood networking conditions.
A consumer OS with standard trusted consumer AV and trustred normal OS updates?
A well understood open source install that a user looks over deeper OS level logs everyday?
The presence of unique new code a user "installed" and "allowed" is not going to report on huge anti-virus and anti-malware lists.
Will well understood behavior analysis on consumer grade AV be looking in the correct place?
Gov and mil know all about what AV can do and how unique code for one computer has to be installed so it is not really going to be found by consumer AV products.
Lots of nations can try.
Italy had its SISMI-Telecom scandal https://en.wikipedia.org/wiki/...
Greece had the wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
Now the world is seeing more software efforts beyond the expected gov tapping hardware and software.
So many staff around the world have done legitimate tapping for their govs and mil for generations.
Tame computer systems, networks have crypto that is well understood and of a weak international standard. Signals intelligence is great to sell to govs and mil. Ex staff, former staff and govs are all happy to see what they can get.
The only trick is getting local state and city officials to upgrade for 4G LTE without paperwork showing to local media or a FIOA request.
Cities scramble to upgrade “stingray” tracking as end of 2G network looms (Sept 2 2014) http://arstechnica.com/tech-po...
Phone Firewall Identifies Rogue Cell Towers Trying to Intercept Your Calls (09.03.14) http://www.wired.com/2014/09/c...
Will the next generation of rogue cell tower have the ability to be another normal cell tower?
Re 'Either the contents are not sensitive"
Think back to the early cell standards. Who set them and why? Emerging cell networks had to be safer from random strangers but totally open in real time to govs and mil needs.
Cost, time and who works on the telco networks can also be important to local law enforcement officials.
Why risk a computer database entry or tracked code change in a national or global telco system? A number or location is now been tracked.
Who at the telco has seen or can track the local or national law enforcement sensitive database changes?
Local law enforcement officials become the telco connection in an area for a time and the only people who have full details on who is been tracked.
No courts, no requests to telco staff or vast databases, no lawyers later, media, FOIA for paper work at a city or state level. Just all the call data.
Re Need to keep things secret?
Thats what the release of the records will show. Legal teams can go over past cases and talk about what was done to the press.
Issues of parallel construction, what legal teams saw or where not allowed to see and when can be talked about to the press.
Legal teams can then talk to the press about the use of a IMSI catcher, IMSI catcher like devices with denial-of-service attack options, location monitoring, transceiver amplifiers.
Meet the machines that steal your phone’s data (Sept 26 2013) http://arstechnica.com/tech-po...
If the US wants a secret court it can talk to all the legal teams and find cleared legal staff and experts depending on the case.
Re "Thanks to the influence of such groups as the NSA your mobile phone transmits it's data in an easily readable format instead of something encrypted such as was first proposed for the devices"
Thats the idea. Fill the gps logs with random trips to locations that fit in well with the non fiction "story" on a networked computer.
Who was that journalists phone around or who did it stop near? How would it fit in with a story been worked on? So many new digital hops to follow up on thanks to one random drive and a long coffee. Keep adding to that non fiction "story" on the networked computer every few days. Start a new story.
Once people know they are been watched they can change. The old idea was never to talk about tracking. Now terms like cell-site simulator and IMSI catcher are in the local press.
Re continued, and expanded
With domestic surveillance now been talked about more in public the press now understands what keywords and interviews will result in.
The media can wait to type a report into a networked computer just before publication.
A journalist can also fill their networked computer with a lot of non fiction that reads like a real story thats been worked on.
Drive out with a phone on to meet a person with more information.
All the domestic surveillance teams have is networking. The connected computer, the phone, the operating system, the logs over years.
Once a journalist understands that part of domestic surveillance they can shape it.
Re "So stop being paranoid. The FBI isn't going to after every donor to a project like this."
Recall "The NSA Is Targeting Users of Privacy Services, Leaked Code Shows" (07.03.14) http://www.wired.com/2014/07/n...
"The rules indicate that the NSA tracks any IP address that connects to the Tor web site or any IP address that contacts a server that is used for an anonymous email service..."
"The NSA is also tracking anyone who visits the popular online Linux publication,....., which the NSA refers to as an “extremist forum” in the source code."
It depends how the US military is counted. A huge number of civilian like staff, air force, army... could be used to hide deep counts.
So what can be counted on? The Air Force has very expensive equipment to look after. So great care is taken to only allow selected, well tested people near that equipment.
That would sort out most of the human issues long term and offer amazing statistics.
Other areas of the US mil may also like to have well tested people near some of the more interesting systems. Great numbers again due to expert testing and constant staff sorting.
The real issue is the head injury or meds used during long occupation tours.
Keep the best staff looked after and try and see what is left over for the rest.
Re "I'd put together a fake image which looks good enough to pass the sniff test for a day or two, but which is designed to "go off" shortly after when the public gets a chance to deconstruct it."
Some interesting ways to track this.
MI6 or CIA got something found in Russia and it was rushed out to the media. FSB just watched to track the origins, publication and expected Western media results.
Russia released the image internally to follow the image to expose some internal NGO or other well funded networks.
Limited hangout.
ie just to see something internal to Russia been activated.
Some other group set this in play and Russia, the US and UK are just interested to see where it tracks back and why.
So the value was not in the poor fake but its origins.
Re "What good is a law pertaining to"
The good news is that the US legal system now has to hold any mil or gov action in pubic courts to be legal.
Its a bit like a digital or legal Berlin Wall. Once the US mil and gov put that parallel construction into the public court system all legal teams and the press will know.
What are the options for the USA? Sealed security courts for all? People and lawyers at a federal and state level will begin to notice that change.
The other option is to make the domestic surveillance state legal. Vast collections of stored data about net use, calls, driving habits, spending, reading lists, media consumption, location, travel can be now be presented from a "locked box" in open court without question.
When that is done every legal team is going to see the same pattern. You where on the internet. You where on the phone. Your digital life is in open court.
All the US gov now has is the hope that all the connections will always be a call, digital or on the internet and be easy to collect.
Even defence lawyer will have to start writing on note pads and been very careful about how they talk to their clients and what files they keep.
Every scape of digital information is now in play.
The destination is material that can be presented in open court. Nothing from the NSA, GCHQ.
For that many nations need to be able to work together and watch networks as they react to changes in networking.
Not too hard on federal budgets and with international cooperation.
The real interesting aspect was how to make Tor the destination.
Years of raids where all users with normal provider accounts, credit card for international VPN use, proxy users all got found. But one networks users seemed to always get away and could spread the news. Tor was not as unsafe.
Tor was the destination. Just like low level British railways codes, M-209 cipher and US diplomatic codes M-138, Gray, Brown was to Germany in WW2.
Keep the low level information flowing and it is all collected. One question is why show in public that Tor open to such methods. Years of networks could have been watched as they form. Staff could have been befriended, turned or allowed front groups to be more trusted. Staff that where in the wild, setting up the next generation of networks over decades?
Why the exposure of the method now?
Nerd-appropriate would be just how many Western brands and firms sent their production lines to the East.
Cash that then supported the East German gov for years.
Nerd-appropriate would be just how quickly Western political leaders had their East German files found and then removed.
Nerd-appropriate would be where some top East German security experts later found work in the USA.
The ability of the West to track most of the East German and Russian gov and mil movements.
The fall of the wall still has many good tech stories but all the press likes is the escapes and television news.
To carry on with ideas like https://en.wikipedia.org/wiki/...
Law-enforcer misuse of driver database soars (January 22, 2013) http://articles.orlandosentine...
Thats some history and local news. What the mil and federal districts around the US are seeking is a near instant facial recognition system as a person walks down a street.
Has police contact been made before? What was the result? A US or international tourist looking at a WW1 memorial in a city moves their camera around?
A nice approach that can escalate to an ID demand and friendly chat down.
A social media film crew? Local media students? Social media citizens looking to do a "First amendment test" and post the resulting talk down on their blog or site?
A larger approach that can escalate to a talk down with enough law enforcement officials to walk around and find the "citizen journalists" car.
That is why a near instant facial recognition system is so important. Expert local law enforcement officials can be tasked to the person with a camera and then shape the local optics. From friendly to very direct.
The passports in and passports out would be a nice idea too. The US seems to have no real desire to go back to Operation Intercept https://en.wikipedia.org/wiki/... and having secure boarders again.
Yes and if you are in Germany you can track the issues back to the 1950's. West Germany and the NSA, GCHQ needed local telco experts that could be trusted.
One network to track all calls. One network to know all West German phone numbers. Staff tame to the US and UK where selected and stayed in place.
The tame staff then promoted the next generations with the same US and UK understandings. A Gehlen Organization https://en.wikipedia.org/wiki/... for the West German telco systems.
Great for tracking exposed East German deep penetration agents. Now great for tracking the press as they report on wars and tame telco surveillance.
The good news AC is the the world already knows who offered junk crypto and tame OS standards over generations of products.
So thats an easy list to start with:) Beyond that is a lot of review and testing. But no need to go back to the tame brands with their junk standards.
Re "unless anything in the Snowden leaks suggests that Public Key encryption no longer works? Yes, I know it's hard. Oh well: It's necessary."
If you are found to be using encryption you become interesting. Create too much interest and your computer gets a visit?
The issue of international standards and tame academics can hold back more positive infrastructure changes.
That goes back years. The UK faced the same with the interception of international telegrams and telexes (cable vetting, the D-Notice affair) in 1967. :)
The GCHQ was getting a copy of international telegrams and telexes.
D-notice affair https://en.wikipedia.org/wiki/...
The tradition of looking at all international telegrams went back to WW1.
Now its all optical
Why bother recording everything when that's already done by the telcos?
In the past the NSA and GCHQ could only store so much information. The idea was to collect all, sort and remove as much data as possible very quickly.
The Dictionary system using keywords and predesignated phrases would try and find new people of interest.
Later the cost of storage was so low that it was more simple just to collect and store it all.
The ability to track a message end to end and store that result for long term computer retrieval was ready for US use in the 1970's.
The UK would have had the same new options after its Cray upgrades from IBM-700 by the late 1970's.
The need to record everything is so the UK gov has its own copy. The UK could not trust that the US would keep its own data or data of interest to the UK long term.
That also helps with tracking UK gov staff and their personnel files long term. Internal UK security enquiries can then recall a lot of data without having to ask the US for help.
Every aspect of all network use is kept, everyone has a file.
Thats the interesting new part "1,693 10-gigabit connections and increasing egress capacity to 390"
Collect it all is back in the news.
A select few nations and their friends have total mastery over much of the telco networks. What if the other nations of interest stop using telco networks or just provide well created disinformation?
Yes a community know their local sounds. The 4x4, bikes, luxury cars. They all have distinctive sounds and the local population are aware of any changes.
When an army of occupation or their local death squads move into an area that news travels fast.
Special forces try to blend in. Local death squads use what they are given. New machines with loud new distinctive sounds will stand out in open areas.
Counterinsurgency is now going to be robotic? An endless war of robot patrols and local robot checkpoint?
Divide a country up and pack the civilians into safe areas "refugee camps" to win hearts and minds?
Most people found outside a camp can then be tracked and questioned?
Back to a scorched earth policy with big numbers of new robots. Great news for the robot makers.
Re "I wonder who was targeted?"
When different network where still needed experts did find a few interesting past projects:
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
The SISMI-Telecom scandal in Italy found in 2006 https://en.wikipedia.org/wiki/...
The code is of a quality set per user depending on OS, installed AV and all other understood networking conditions.
A consumer OS with standard trusted consumer AV and trustred normal OS updates?
A well understood open source install that a user looks over deeper OS level logs everyday?
The presence of unique new code a user "installed" and "allowed" is not going to report on huge anti-virus and anti-malware lists.
Will well understood behavior analysis on consumer grade AV be looking in the correct place?
Gov and mil know all about what AV can do and how unique code for one computer has to be installed so it is not really going to be found by consumer AV products.
Lots of nations can try. Italy had its SISMI-Telecom scandal https://en.wikipedia.org/wiki/...
Greece had the wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
Now the world is seeing more software efforts beyond the expected gov tapping hardware and software.
So many staff around the world have done legitimate tapping for their govs and mil for generations.
Tame computer systems, networks have crypto that is well understood and of a weak international standard. Signals intelligence is great to sell to govs and mil. Ex staff, former staff and govs are all happy to see what they can get.
The only trick is getting local state and city officials to upgrade for 4G LTE without paperwork showing to local media or a FIOA request.
Cities scramble to upgrade “stingray” tracking as end of 2G network looms (Sept 2 2014)
http://arstechnica.com/tech-po...
Phone Firewall Identifies Rogue Cell Towers Trying to Intercept Your Calls (09.03.14)
http://www.wired.com/2014/09/c...
Will the next generation of rogue cell tower have the ability to be another normal cell tower?
Re 'Either the contents are not sensitive"
Think back to the early cell standards. Who set them and why? Emerging cell networks had to be safer from random strangers but totally open in real time to govs and mil needs.
Cost, time and who works on the telco networks can also be important to local law enforcement officials.
Why risk a computer database entry or tracked code change in a national or global telco system? A number or location is now been tracked.
Who at the telco has seen or can track the local or national law enforcement sensitive database changes?
Local law enforcement officials become the telco connection in an area for a time and the only people who have full details on who is been tracked.
No courts, no requests to telco staff or vast databases, no lawyers later, media, FOIA for paper work at a city or state level. Just all the call data.
Re Need to keep things secret?
Thats what the release of the records will show. Legal teams can go over past cases and talk about what was done to the press.
Issues of parallel construction, what legal teams saw or where not allowed to see and when can be talked about to the press.
Legal teams can then talk to the press about the use of a IMSI catcher, IMSI catcher like devices with denial-of-service attack options, location monitoring, transceiver amplifiers.
Meet the machines that steal your phone’s data (Sept 26 2013)
http://arstechnica.com/tech-po...
If the US wants a secret court it can talk to all the legal teams and find cleared legal staff and experts depending on the case.
Re "Thanks to the influence of such groups as the NSA your mobile phone transmits it's data in an easily readable format instead of something encrypted such as was first proposed for the devices"
Thats the idea. Fill the gps logs with random trips to locations that fit in well with the non fiction "story" on a networked computer.
Who was that journalists phone around or who did it stop near? How would it fit in with a story been worked on? So many new digital hops to follow up on thanks to one random drive and a long coffee. Keep adding to that non fiction "story" on the networked computer every few days. Start a new story.
Once people know they are been watched they can change. The old idea was never to talk about tracking. Now terms like cell-site simulator and IMSI catcher are in the local press.
Re continued, and expanded
With domestic surveillance now been talked about more in public the press now understands what keywords and interviews will result in.
The media can wait to type a report into a networked computer just before publication.
A journalist can also fill their networked computer with a lot of non fiction that reads like a real story thats been worked on.
Drive out with a phone on to meet a person with more information.
All the domestic surveillance teams have is networking. The connected computer, the phone, the operating system, the logs over years.
Once a journalist understands that part of domestic surveillance they can shape it.
Yes it goes back to the Trailblazer Project https://en.wikipedia.org/wiki/...
ThinThread https://en.wikipedia.org/wiki/...
Before that was Main Core https://en.wikipedia.org/wiki/...
Recall Project MINARET https://en.wikipedia.org/wiki/...
and going way back to the The Armed Forces Security Agency (AFSA) with Project SHAMROCK https://en.wikipedia.org/wiki/...
Re "So stop being paranoid. The FBI isn't going to after every donor to a project like this." ....., which the NSA refers to as an “extremist forum” in the source code."
Recall "The NSA Is Targeting Users of Privacy Services, Leaked Code Shows" (07.03.14)
http://www.wired.com/2014/07/n...
"The rules indicate that the NSA tracks any IP address that connects to the Tor web site or any IP address that contacts a server that is used for an anonymous email service..."
"The NSA is also tracking anyone who visits the popular online Linux publication,
http://pando.com/2014/07/16/to... (JULY 16, 2014)
It depends how the US military is counted. A huge number of civilian like staff, air force, army... could be used to hide deep counts.
So what can be counted on? The Air Force has very expensive equipment to look after. So great care is taken to only allow selected, well tested people near that equipment.
That would sort out most of the human issues long term and offer amazing statistics.
Other areas of the US mil may also like to have well tested people near some of the more interesting systems. Great numbers again due to expert testing and constant staff sorting.
The real issue is the head injury or meds used during long occupation tours.
Keep the best staff looked after and try and see what is left over for the rest.
Re "I'd put together a fake image which looks good enough to pass the sniff test for a day or two, but which is designed to "go off" shortly after when the public gets a chance to deconstruct it."
Some interesting ways to track this.
MI6 or CIA got something found in Russia and it was rushed out to the media. FSB just watched to track the origins, publication and expected Western media results.
Russia released the image internally to follow the image to expose some internal NGO or other well funded networks.
Limited hangout.
ie just to see something internal to Russia been activated.
Some other group set this in play and Russia, the US and UK are just interested to see where it tracks back and why.
So the value was not in the poor fake but its origins.
Re "What good is a law pertaining to" The good news is that the US legal system now has to hold any mil or gov action in pubic courts to be legal.
Its a bit like a digital or legal Berlin Wall. Once the US mil and gov put that parallel construction into the public court system all legal teams and the press will know.
What are the options for the USA? Sealed security courts for all? People and lawyers at a federal and state level will begin to notice that change.
The other option is to make the domestic surveillance state legal. Vast collections of stored data about net use, calls, driving habits, spending, reading lists, media consumption, location, travel can be now be presented from a "locked box" in open court without question.
When that is done every legal team is going to see the same pattern. You where on the internet. You where on the phone. Your digital life is in open court. All the US gov now has is the hope that all the connections will always be a call, digital or on the internet and be easy to collect.
Even defence lawyer will have to start writing on note pads and been very careful about how they talk to their clients and what files they keep.
Every scape of digital information is now in play.
The destination is material that can be presented in open court. Nothing from the NSA, GCHQ.
For that many nations need to be able to work together and watch networks as they react to changes in networking.
Not too hard on federal budgets and with international cooperation.
The real interesting aspect was how to make Tor the destination.
Years of raids where all users with normal provider accounts, credit card for international VPN use, proxy users all got found. But one networks users seemed to always get away and could spread the news. Tor was not as unsafe.
Tor was the destination. Just like low level British railways codes, M-209 cipher and US diplomatic codes M-138, Gray, Brown was to Germany in WW2.
Keep the low level information flowing and it is all collected. One question is why show in public that Tor open to such methods.
Years of networks could have been watched as they form. Staff could have been befriended, turned or allowed front groups to be more trusted. Staff that where in the wild, setting up the next generation of networks over decades?
Why the exposure of the method now?
Nerd-appropriate would be just how many Western brands and firms sent their production lines to the East.
Cash that then supported the East German gov for years.
Nerd-appropriate would be just how quickly Western political leaders had their East German files found and then removed.
Nerd-appropriate would be where some top East German security experts later found work in the USA.
The ability of the West to track most of the East German and Russian gov and mil movements.
The fall of the wall still has many good tech stories but all the press likes is the escapes and television news.
To carry on with ideas like https://en.wikipedia.org/wiki/... Law-enforcer misuse of driver database soars (January 22, 2013) http://articles.orlandosentine...
Thats some history and local news. What the mil and federal districts around the US are seeking is a near instant facial recognition system as a person walks down a street.
Has police contact been made before? What was the result? A US or international tourist looking at a WW1 memorial in a city moves their camera around?
A nice approach that can escalate to an ID demand and friendly chat down.
A social media film crew? Local media students? Social media citizens looking to do a "First amendment test" and post the resulting talk down on their blog or site?
A larger approach that can escalate to a talk down with enough law enforcement officials to walk around and find the "citizen journalists" car.
That is why a near instant facial recognition system is so important. Expert local law enforcement officials can be tasked to the person with a camera and then shape the local optics. From friendly to very direct.
The passports in and passports out would be a nice idea too.
The US seems to have no real desire to go back to Operation Intercept https://en.wikipedia.org/wiki/... and having secure boarders again.
Yes and if you are in Germany you can track the issues back to the 1950's. West Germany and the NSA, GCHQ needed local telco experts that could be trusted.
One network to track all calls. One network to know all West German phone numbers. Staff tame to the US and UK where selected and stayed in place.
The tame staff then promoted the next generations with the same US and UK understandings. A Gehlen Organization https://en.wikipedia.org/wiki/... for the West German telco systems.
Great for tracking exposed East German deep penetration agents. Now great for tracking the press as they report on wars and tame telco surveillance.
The good news AC is the the world already knows who offered junk crypto and tame OS standards over generations of products. :) Beyond that is a lot of review and testing. But no need to go back to the tame brands with their junk standards.
So thats an easy list to start with