Tinkering with the Nuts and Bolts of Electronic Surveillance

Avatar

Burt Likko

Pseudonymous Portlander. Homebrewer. Atheist. Recovering litigator. Recovering Republican. Recovering Catholic. Recovering divorcé. Recovering Former Editor-in-Chief of Ordinary Times. House Likko's Words: Scite Verum. Colite Iusticia. Vivere Con Gaudium.

Related Post Roulette

12 Responses

  1. Avatar BlaiseP says:

    I don’t like the NSA but I routinely use NSA’s SELinux code to secure my own systems and machinery. Some people don’t like SELinux and some badly architected applications become problem children when it’s enabled — because they want too much access.

    Look, the problem is oversight. NSA is neither a good guy nor a bad guy in all this. They do what they’re allowed to do in the context of the applicable laws — and that’s the problem. When Clapper lied to Congress, he was lying to people who not only knew he was lying, they already had the facts of the matter, the very people who could change the laws which prevented him from telling the truth. Of course the NSA has been looking at phone records and email and damned near everything else you’ve been doing. Congress and the courts haven’t been doing their jobs, managing the NSA.

    I have more problems with the credit reporting agencies than NSA. This will come as no surprise to any steady reader of Ordinary Times, I tend to repeat myself with irritating frequency. I have parsers for all the major credit reporting agency reports and some you haven’t heard of yet. Your information is being bought and sold, from that “customer loyalty” card you use at the grocery store to your health care information to your Google and Yahoo searches. It’s all out there. Do you think privacy laws are enforced in an era where the bureaucrats who might actually enforce them are being funded out of existence? Information is power and power is money and one can be traded for the other in the frictionless world of fibre optic cables and high speed routers.

    You’re so easy to find and it’s so hard to hide, it’s actually more trouble than it’s worth to encrypt much any more. If I was a serious crook, I wouldn’t bother trying to hide my tracks. I’d start up a porn site and run my criminal enterprise using a master CA cert issued by any of a number of Highly Reputable Outfits, issuing my own sub-certs to all my criminal cronies. James Jesus Angleton, a man who would know, said if you’re trying to hide a leaf, put it on the floor of a forest.

    Why a porn site? Lots of hits from all over the world, lots of credit card transactions and lots of bandwidth in use. A hurricane of leaves. Furthermore, the Do Gooders really don’t want to fish around in the cesspool thus created.

    So Edward Snowden is hiding out in a Russian airport. Lots of crooks are hiding out in Russia and the Ukraine and Belarus and other such shitholes and dens of iniquity. In a well-run nation, such people would be detected and run to ground, using techniques very much akin to what we don’t like about how the NSA is doing its job now. Probably using the same tools. You can use them too, if you know how to configure and run tools like Aircrack and Wireshark.

    NSA are not the enemy you ought to fear. NSA are jealously guarding their information, silly people that they are. They’re bureaucrats, their instinct is to stash this stuff and not to share it. Crooks, now, they do share information. They sell it. And so do these credit rating agencies, who I consider to be worse than the garden variety Nigerian/Russian credit card thief. Nobody’s saying a damn thing about them and their abuses of power. Rupert Murdoch’s turds hack into famous people’s voice mails — do you think Fox is alone in so doing?

    The FISA court is asleep at the switch and Congress has done nothing to regulate them. SCOTUS won’t act: every time some Fourth Amendment case comes before it, it’s always come down on the side of the State and that goes back for many years. We’d like to think it’s still 1967 and Katz v. United States says the government has to obtain a warrant to do a wire tap. It’s not. Since 1979, Smith v. Maryland, 442 U.S. 735 has governed and NSA is doing nothing more than what Smith established way back then. The PATRIOT Act allows far more, of course: while it remains in effect, the Fourth Amendment is dead for all practical and legal purposes.

    But the part which ought to trouble people — and seemingly doesn’t, outside of a small-ish community of technical people, is the threat posed by all those magcards in our pockets and the practically unregulated trade in information. NSA are not the bad guys in all this. The NSA are a bunch of big dogs whose owners can’t or won’t control them. Don’t blame the dog under such circumstances. That dog is loyal in a world without much of that commodity. They are at war with totally unscrupulous enemies. Beating the dog will not fix what’s wrong with his master.Report

    • Avatar Jim Crawford in reply to BlaiseP says:

      Excellent comment, BlaiseP. I’d add that there’s a delicious irony in the outrage expressed by telcos and Silicon Valley over “forced” compliance in providing metadata to the NSA. Verizon uses the exact same data for its own commercial ends, and sells it to companies for marketing purposes. Google’s entire business model is based on the collection/filtering of customer data for targeted advertising. The corporate squawking about NSA strikes me as a classic case “the pot calling the kettle black.”

      Hadn’t even stopped to think about credit rating agencies. You’re dead right on that.Report

    • Avatar Barry in reply to BlaiseP says:

      “Look, the problem is oversight. NSA is neither a good guy nor a bad guy in all this. They do what they’re allowed to do in the context of the applicable laws — and that’s the problem. When Clapper lied to Congress, he was lying to people who not only knew he was lying, they already had the facts of the matter, the very people who could change the laws which prevented him from telling the truth. Of course the NSA has been looking at phone records and email and damned near everything else you’ve been doing. Congress and the courts haven’t been doing their jobs, managing the NSA.”

      Bull f-ing sh*t. These people had verbal briefing they were barred by law from sharing, they had no way to confirm or rebut what they were being told, and (even if people were honest) they undoubtedly were getting highly redacted information.

      As for abuses, you’ve pretty much torn up your right to question anybody, in the rest of government or in the private sector, because both of those groups have more transparency and face more consequences.Report

  2. Avatar Mad Rocket Scientist says:

    All that ability, & the NSA apparently can’t search it’s own email servers:

    http://www.propublica.org/article/nsa-says-it-cant-search-own-emailsReport

  3. Avatar Stillwater says:

    I wonder if merely suggesting a fix like this doesn’t grant the NSA too much rope. I’m still waiting to hear a compelling reason why government has the right to monitor private individual communications and meta-data as a matter of course. It seems to me that the mere fact that data is being collected by private parties and that it can be – and is – stored for a certain period of time doesn’t constitute an argument that government ought to be able to access that data in real time or review it without establishing probably cause or at least reasonable suspicion.

    Of course, if your argument is that this shit is going to happen anyway so why not try to put a check on it, then I agree.Report

    • Avatar Burt Likko in reply to Stillwater says:

      There are some foundational questions to consider.

      Is what the NSA does with XKeyscore a ‘search’ at all? It seems obvious to me that it is, but maybe it isn’t quite as obvious as I think it is, or maybe if it is, it’s not a private person who is being ‘searched.’

      Is there a reasonable expectation of privacy in one’s electronic communications? Again, it seems obvious to me that the answer is ‘yes,’ but if that turns out to be wrong, then strong criticism of interception and analysis of those communications may not be warranted.

      Is it technologically possible to know that a communication is between two American citizens before that communication is intercepted? The answer here seems to be “no,” although I confess I am ignorant of the finer points of how this works. I know IP addresses can be traced back to specific geographic locations easily and that there are services that obscure the actual origination point of an IP address. Beyond that, I’m ignorant of almost anything other than what is superficially obvious on a technical level. But, if it is not possible, then a signal must be intercepted and analyzed before its content can really be known. The universe of things that can be done at all, without sacrificing signals intelligence altogether, is not so vast as we might wish it were.

      Is signals intelligence necessary to preserve national security? I suspect that the answer is yes, although of necessity that is a religious rather than a scientific question for all but the most well-informed of analysts. I take it as a matter of faith that important security information is gathered this way. Having said that I want the government to find and kill those who would do me, my countrymen, and my country grievous harm, I must accept that the “find” part is going to involve a degree of “looking.”

      And then, is the question of liberty and security, of privacy and effectiveness, necessarily a zero-sum game? The balance wire is suspended above a fall to the left of too little security or a fall to the right of too little freedom, and we ask a difficult thing of our public servant to not only keep their balance but actually move forwards while doing so.

      That last point gets to yours most directly — there is going to be surveillance and interception of electronic communications. We’re going to abolish the NSA and we’re not going to stop using technology to try and find communication between the bad guys. So given that as a society we find this activity by the government to be indispensable, we must then conform that indispensable activity with our other principles, else collectively we fall off the high wire into the abyss. The falling might actually be pleasant, at least for a while — it’s when you hit the ground that it becomes unendurable to have made a mistake.Report

Leave a Reply

Your email address will not be published. Required fields are marked *