Electronic surveillance skyrockets in the US
October 3, 2012 9:02 PM   Subscribe

The Justice Department, after a legal battle with the ACLU to avoid having to admit it, recently released documents showing that the federal government’s use of warrantless “pen register” and “tap and trace” surveillance has multiplied over the past decade. But the Justice Department is small potatoes. Every day, the NSA intercepts and stores 1.7 billion emails, phone calls, texts, and other electronic communications.

(Previously on Metafilter: Mobile Phone Surveillance by the numbers, Former NSA officials sue NSA over NSA misconduct, Washington Post's project on government surveillance, Map of organizations authorized to use drones in the US)

Surveillance is ubiquitous. Do we really need more data, or do we need better data & analysis? The Washington Post’s project on electronic surveillance raised some important points:
* Many security and intelligence agencies do the same work [as each other], creating redundancy and waste. For example, 51 federal organizations and military commands, operating in 15 U.S. cities, track the flow of money to and from terrorist networks.

* Analysts who make sense of documents and conversations obtained by foreign and domestic spying share their judgment by publishing 50,000 intelligence reports each year - a volume so large that many are routinely ignored.

….improvements have been overtaken by volume at the ODNI, as the increased flow of intelligence data overwhelms the system's ability to analyze and use it. Every day, collection systems at the National Security Agency intercept and store 1.7 billion e-mails, phone calls and other types of communications. The NSA sorts a fraction of those into 70 separate databases. The same problem bedevils every other intelligence agency, none of which have enough analysts and translators for all this work.
To deal with the information glut, the government is turning to artificial intelligence for help. AI surveillance has also gone from cyberspace to meatspace: Known projects for sorting through the high volume of video surveillance include the military-developed Mind’s Eye (still in the works) and the privately-developed Trapwire, (already in use here).

Sooner or later it will be standard for security cameras to be able to identify individuals and recognize their actions at least as well as the Xbox Kinect can.

Updates on the legal status of domestic surveillance:
1.The House of Representatives last month re-approved the FISA bill, and the bill is now ready to pass in the Senate as well.

2. In August a federal appeals court ruled that the federal government may spy on Americans’ communications without warrants and without fear of being sued in the case of Al-Haramain Islamic V. Obama. This case is all over unless the Supreme Court agrees to hear it.

3. The Electronic Frontier Foundation's case Jewel v. NSA challenges the NSA's enormous domestic spying operation. It looked like a lost cause, but it's now up for a hearing on December 14, 2012.

4. The Supreme Court ruled earlier this year that law enforcement officers can’t sneak a GPS tracking device onto an individual’s vehicle unless they get a warrant first.

5. (From Salon):
the Obama administration is aggressively seeking to block any efforts to have federal courts rule on the constitutionality of this new FISA law. Immediately after its 2008 passage, the ACLU, on behalf of journalists, activists, and writers, sued to invalidate the law on the ground that it violates the Fourth Amendment rights of Americans by subjecting them to warrantless eavesdropping. As they always do in such cases, the Bush and Obama DOJs demanded dismissal of the suit on the ground of “standing”: namely, they asserted the definitively Kafkaesque claim that because the list of Americans who have their conversations intercepted is kept secret, the plaintiffs cannot prove they were eavesdropped on under the law, and thus lack “standing” to challenge it.
The widespread use of electronic surveillance couldn’t occur without the assistance of the telecommunications companies. The Electronic Frontier Foundation reports:
The undisputed documents show that AT&T installed a fiberoptic splitter at its facility at 611 Folsom Street in San Francisco that makes copies of all emails web browsing and other Internet traffic to and from AT&T customers and provides those copies to the NSA. This copying includes both domestic and international Internet activities of AT&T customers. As one expert observed “this isn’t a wiretap, it’s a country-tap.”
The ACLU lists several ways that telecommunications companies stumble over themselves to meet the government’s requests for private information: Copying of existing messages to a separate account, The Voicemail PIN Reset, Voicemail “cloning," etc.

Related: Spy drone usage increases domestically and globally. Last year saw the first-ever drone-assisted arrest of a US citizen, as well as the first-ever drone-assisted killing of a US citizen by the US government.

Lastly, coming soon to a city near you: Gorgon Stare , a drone-mounted city-spanning surveillance system planned to be deployed in Afghanistan that could eventually be deployed in the US. (Man, who named that thing?) It's designed to be combined with visual recognition technology like Mind's Eye. With this, they won’t need to put a GPS tracker on anyone’s car.
posted by Sleeper (82 comments total) 60 users marked this as a favorite
 
Soon, they won't have to beat the fuck out of peaceful protesters, they'll be able to arrest them before there's any kind of messy showdown.

Nothing to see here, citizen. Move along.
posted by Malor at 9:13 PM on October 3, 2012 [6 favorites]


It seems like focusing on the government's misconduct in this area is missing at least half the story. How can we tell which telecommunications company is preferable to another regarding its respect for customers' privacy? Are there any companies that tout their lack of a cavalier attitude towards their users' data? Is there a consumer movement to encourage users of telecommunications companies to favor the ones that respect users' privacy?
posted by Sleeper at 9:23 PM on October 3, 2012 [4 favorites]


They are intercepting and storing absolutely everything. Do not discuss tactics on open forums. Access the net via TOR.

The mushrooming surveillance of the net is because they are scared that people will use it to organize against them. They are right. When the net came out 20 years ago, they didnt know what they were getting into. But now, they're on top of their game. Be very scared.
posted by dunkadunc at 9:26 PM on October 3, 2012 [6 favorites]


Before reading James Bamford's The Shadow Factory, I thought that the NSA wiretapping "scandal" involved the NSA warrantlessly spying on particular people it thought might be suspicious or connected to terror plots in some way (or for whatever other reason a government agency might want to spy on a particular human being).

Nope! They were (are?) literally siphoning everything off the phone companies' wires and then sifting through it. It would be damn impressive if it weren't so terrifying.
posted by eugenen at 9:27 PM on October 3, 2012 [2 favorites]


The government may be malevolent but at least we can be confident that they're bad at it.
posted by silby at 9:29 PM on October 3, 2012 [8 favorites]


sleeper- if you are talking hosting, some providers are better than others. No ISP will protect you. The backbone of the net is run through spy facilities. TOR, although slow and clunky, is the way to go and becoming much easier to use.
posted by dunkadunc at 9:30 PM on October 3, 2012


Nope! They were (are?) literally siphoning everything off the phone companies' wires and then sifting through it. It would be damn impressive if it weren't so terrifying

And its computerized and therefore automated. This is what the Utah Data Center is for, on an unprecedented scale.
posted by dunkadunc at 9:32 PM on October 3, 2012


Caught myself not posting an opinion on facebook the other day. Wasn't just worried about future employers....
posted by sendai sleep master at 9:32 PM on October 3, 2012 [1 favorite]


They're drinking from a fire hose... for now.
posted by basicchannel at 9:33 PM on October 3, 2012 [1 favorite]


Facebook is the worst place to share opinions that matter.
posted by dunkadunc at 9:36 PM on October 3, 2012 [1 favorite]


TOR would be great except it's banned from everywhere

also, I kind of wonder what Hemingway'd have dealt with if the internet as it is today existed in his time
posted by This, of course, alludes to you at 9:40 PM on October 3, 2012


Facebook is the worst place to share opinions that matter.

And yet, it's the only way I can share my insights on the state of the US economy and the dysfunction of America's political system with the women who refused to make out with me in high school.
posted by R. Schlock at 9:40 PM on October 3, 2012 [31 favorites]


Gorgon Stare previously
posted by XMLicious at 9:41 PM on October 3, 2012


Ok. New plan. We drop privacy entirely so that there remains no legitimate argument for a government monopoly over such information. Now we can begin protesting for our right to the same access. Let's see us some politician weeners and internet histories!
posted by TwelveTwo at 9:43 PM on October 3, 2012 [5 favorites]


I think I was mistaken in saying that the new FISA bill was ready to pass the Senate. Apparently, a group of 13 Senators led by Ron Wyden have put a hold on the bill until the NSA shows willingness to give information on the information it takes.
posted by Sleeper at 9:44 PM on October 3, 2012 [2 favorites]


Obviously, the only rational choice is to vote Romney and any GOP candidate you can find.
posted by Ironmouth at 9:44 PM on October 3, 2012


@twelvetwo

its spelled "wieners"

also, i vote for privacy for everyone because the consequences of none for anyone are horrifying
posted by This, of course, alludes to you at 9:48 PM on October 3, 2012


New plan. We drop privacy entirely so that there remains no legitimate argument for a government monopoly over such information.

The Transparent Society (1998) by David Brin
posted by XMLicious at 9:49 PM on October 3, 2012 [4 favorites]


Ahh. I can finally stop writing down the recipes I share with my friends and family and rely on FOIA transcripts instead of Siri. Thank you, US government.
posted by bloggerwench at 9:51 PM on October 3, 2012 [3 favorites]


We've already crossed the Rubicon with the retroactive immunity of the Bush-co telcom spying, which was for all practical purposes the final chance to assert the idea of individual privacy in online affairs. Opinions against the state will be tracked, controlled, and eventually suppressed, and the power that today takes an entire NSA data-center to scan for keywords regarding a terror attack, tomorrow will be used by your friendly local police department to make a note of your online order of hydroponics equipment or as a justification for a no-knock raid after you text a friend looking for a joint.
posted by T.D. Strange at 9:52 PM on October 3, 2012 [5 favorites]


How can we tell which telecommunications company is preferable to another regarding its respect for customers' privacy?

Well, there's Qwest, for one.
posted by a snickering nuthatch at 9:58 PM on October 3, 2012 [2 favorites]


They're drinking from a fire hose... for now.

That's about right. Years ago, people were really worried about terrorists, to the point where it seemed reasonable to monitor everybody, just so you could sift out potential terrorist threats.

Those two ideas - monitoring everybody and sifting out terrorist threats - don't play well together, because the information volume of monitoring everybody drowns out the ability to recognize terrorist threats. The amount of information available when you start monitoring everybody tends to make analysis so difficult that you can't find a single terrorist threat. If you make your haystack bigger, it can make it harder to find the needle.

Look at the idea of fusion centers that Mitt Romney advocated when he was a governor and chairman of a national task force on intelligence sharing. All that concentration of information-gathering resulted in exactly zero terrorist threats exposed.

I could bore you with specific analyses of the total quantity of information flow available when you start monitoring everybody, and equally boring analyses of the total processing speed of the NSA, which is huge, and when I was done boring you with those numbers you would have to agree that centralized processors can't possibly process the variety available to that many sensors.

But, you know, it's not worth boring you over something that can't happen.
posted by twoleftfeet at 9:58 PM on October 3, 2012


Oh, hm. But I better cover all bases. If anyone is reading this and works at the state department then please read the following:

These comments are a work of fiction. Names, characters, places and incidents either are products of the author's imagination or are used fictitiously. Any resemblance to actual events or facts or locales or persons, living or dead, is entirely coincidental. The opinions and views expressed at or through these comments do not necessarily reflect the opinions or views of the author.
posted by TwelveTwo at 10:03 PM on October 3, 2012


Soon, they won't have to beat the fuck out of peaceful protesters, they'll be able to arrest them before there's any kind of messy showdown.


If by soon you mean the past ten years or so...
posted by srboisvert at 10:35 PM on October 3, 2012 [4 favorites]


The government may be malevolent but at least we can be confident that they're bad at it.

That just means that merely being innocent of wrongdoing is no protection against having any of these agencies take an interest and wreck you life. :-(
posted by anonymisc at 10:41 PM on October 3, 2012 [7 favorites]


Okay, let's do the quick and dirty analysis. Let's say the average email size is 75 Kilobytes. Assume that 200 million Americans just send one email a day. To process the total volume of those emails, the NSA (or whoever is monitoring all the emails) would have to process 75 x 200 x 10^9 kilobytes, or about 14,300 gigabytes per day. That part is easy. That's not a huge information flow, by modern standards. If they need to check every word in an email against a list of keywords, that adds a roughly linear factor.

Now, the keyword isn't that important unless information about the email is correlated with the recipient of the email (so there's an actual communication), and that adds a quadratic factor. We're still only at about 14,300^2 = about 2 X 10^8 gigabytes, or about 200 petabytes. Google processes about 24 petabytes a day, so the NSA (or whoever) has to, at this point, do the work of almost 10 Googles.

But that's not even close to the total information flow that privacy advocates worry about. Global information flow is very roughly 1000 petabytes a day, or 1 exabyte/day, not including mobile traffic, handwritten letters, word of mouth, or any other form of information transmission.

The rest of the analysis looks at processing speeds of modern computers, and this gets increasingly more boring and less reliable because I have to keep making rough estimates of these things. But you get my drift. If the NSA (or whatever) tries to monitor everything, and still make sense of it, then the information load very quickly becomes unwieldy.

Still, I don't want them spying on me, in particular.
posted by twoleftfeet at 11:01 PM on October 3, 2012 [6 favorites]


Nah, they'll just store stuff until you piss them off. Then they'll trawl through your backlog.
posted by ryanrs at 11:07 PM on October 3, 2012 [11 favorites]


Humanity can store 295 exabytes of data, so that whole idea that we can just store the data and mine it later has its own problems. In that respect, there's not much difference in analyzing data in real-time and storing it for later analysis. There are significant costs associated with retrieving and analyzing stored data, but that is another calculation.

Disclaimer: A "quick and dirty" analysis is likely to be wrong.
posted by twoleftfeet at 11:20 PM on October 3, 2012


I recently heard an interview with Laura Poitras on NPR, a documentarian who recently one one of the MacArthur Genius Grants for her work on previous documentaries outlining the War on Terror, including work on Iraq and detainees in Guantanamo.

Her new work is focusing on the NSA. Even though she's an American citizen, she's finishing the work in Europe.

She's doing this because she's been pulled aside around 40 times at airports at the border when flying. She's had her laptops and personal digital devices seized, and her personal documents copied off them.

She doesn't want to risk or harm her sources. And she can't do that if every time she flies she's interrogated and subject to having all of her data collected.

The amount of information isn't a problem. You can easily identify targets via simple network analysis of the envelope, routing or address information, which conveniently has been ruled as not covered under 4th amendment protections.

Once you've found a link between an individual and a known "terrorist" (remember, Assange is now an Enemy of the State), you can throw them in the dragnet and begin pulling down more info. For example, Ironmouth thought that the "material support" concern regarding Julian Assange was hogwash, because he wasn't a terrorist. Well, it's now on the table.

Most people out there, who cares. Most people are going to sit on the couch the rest of their lives, watching Jersey Shore and Leno.

But all you have to do is identify the 1% who are a threat. Then watch them. Continuously. And soon enough you'll have enough to blackmail anybody.

Machine learning can guide you towards who to target, and from there you just gobble it all up. See Target automatically identifying pregnant women and targeting them for a great example of a simple corporation doing this.

Now imagine an unaccountable intelligence agency with an undisclosed budget and what they can do.

"Links", "associations" and "relationships" are going to be the keywords we hear in the next couple decades regarding terrorism. Because the terms are so nebulous that they could mean anything, but they give an excuse when you build a massive network database to pull in who you're really looking for.
posted by formless at 11:32 PM on October 3, 2012 [32 favorites]


I look forward to the two presidential candidates discussing this gross misuse of power by the DOJ.

oh wait
posted by Phire at 11:36 PM on October 3, 2012 [8 favorites]


Twoleftfeet: Why would you imagine that the average size of an email is 75K? If you ignore binary attachments you have only a small amount of text; and most of that is routing information. I would think that the text that has to be scanned for keywords averages less than half a kilobyte and that NSA has very efficient ways of doing this.

The way Google used to do text storage and searches, as I understand it, was to tokenise everything and then use Map/Reduce to do things like supply the intersection of a list of keywords. There are probably better ways of doing this, but even this technique effectively does your scanning at the time of storage and turns an email into a compressed archival copy plus a collection of entries in an index. This doesn't work for things like binary attachments, but people using these for communication are helpfully alerting the NSA by acting suspiciously.

And as ryanrs said, they can just store stuff and examine it when they have a good reason to do so. This might well help law enforcement, presuming the NSA would turn things over to them, but a less scrupulous agency might well use this for political reasons - I'm sure that many of us have occasionally said something intemperate in an email. We just have to hope that J Edgar Hoover was an aberration.
posted by Joe in Australia at 11:39 PM on October 3, 2012 [2 favorites]


Twoleftfeet: Why would you imagine that the average size of an email is 75K?

Well, no,... I don't. I just pulled that figure from About.com in order to begin a "quick and dirty analysis." I'm not really sure what the average email size really is.

And as ryanrs said, they can just store stuff and examine it when they have a good reason to do so.

If you store everything until you have a good reason to look at it, you're still in the position of invoking a data flow. Perhaps the data flow is real-time, or perhaps the data flow comes from some kind of huge data warehouse. But the analysis is still done in real-time, if it really needs to be done quickly. So the constraints of real-time analysis of enormous data flows aren't that different, whether you're taking your data live off the current web or stored.

There are real constraints here. There's just a mind-boggling amount of data out there, and the idea that we can just suck it all in, or maybe store it all somewhere, and make reasonable sense of it, doesn't reflect the reality of that amount of data. In practice, it's like formless said above: "The amount of information isn't a problem. You can easily identify targets via simple network analysis of the envelope, routing or address information,..."

The NSA uses heuristics to cut that data flow down. They are much more interested in data from someone connected with a known terrorist network than they are in the data they have gathered from Bob Smith, of Bismarck, North Dakota, who likes to play golf and build birdhouses. But if they gather everybody's data equally, and if their heuristics go astray (because terrorists start using "birdhouse" when they mean "nuclear bomb", or whatever) then there is the possibility that global monitoring could seriously fuck shit up.
posted by twoleftfeet at 12:17 AM on October 4, 2012


Or, once their political enemies start to gain any power, that kind of analysis could be used to covertly destroy their lives.
posted by Malor at 12:31 AM on October 4, 2012 [1 favorite]


Malor, I see where you're coming from, but you're wrong, because they are the National Security Agency. Security means safety. It would be against their brief to destroy anybody's life.
posted by Joe in Australia at 12:51 AM on October 4, 2012 [1 favorite]


The NSA has a right to spy on me, but they are totally unwilling to let me spy on them. So, yes, there's an asymmetry of power there.

If somebody could make the case that the NSA is a potential terrorist, public opinion could flip that dynamic completely.
posted by twoleftfeet at 12:51 AM on October 4, 2012 [1 favorite]


duncadunc, correct me if I'm wrong - I know only a little about TOR - but couldn't the DOJ, or anyone really, simply host a TOR router and then peek on everything going through it if they wanted to? Isn't TOR only as secure as what it's rerouted through?
posted by smoke at 1:05 AM on October 4, 2012 [1 favorite]


As depressing as this might seem at first blush, my spirits are somewhat buoyed by the fact that on a longer timeline than, oh my god they're storing all my (bullshit) communications, the ability of any agency -- NSA or otherwise -- to make any kind of sense of the data they collect is necessarily the kind of hard problem that merely saying "we'll sort through it later" is never going to solve. 50,000 ignored intelligence reports seems laughably small.

The capital-I Internet is based around a realization we (as a species) made years ago that routing around whatever temporary -- and I almost mean that term in the almost-geological sense -- blockade you care to imagine is much better than you would think was possible. If you look at protocols like TOR, the shortcomings (usability, traffic analysis) are only issues if the motivation for surpassing them is sufficiently small. Usability is certainly an issue, but if I were organizaing a revolution (or a terrorist cell) the cost of overcoming those problems is dwarfed by the price of not doing so.

The next generation of anonymity-protective protocols like TOR will combine end-to-end security with intractable defenses against traffic monitoring. You can have your mountainous haystack, I'll quietly needle you.
posted by axiom at 1:18 AM on October 4, 2012 [2 favorites]


I would imagine anyone using TOR or encryption such as PGP on a regular basis would be regularly monitored.
posted by digitalprimate at 1:24 AM on October 4, 2012 [1 favorite]


The dollar is about to implode, all this will be rendered moot when the power grid goes down and takes the internet with it. The subsequent collapse of the US will leave us with a lot more pressing concerns.

Gosh it would be nice to worry about privacy instead of survival.
posted by MikeWarot at 1:24 AM on October 4, 2012


Ugh, not geological. Whatever the opposite of that is. Nanometrical?

Edit: My kingdom for a longer edit window!
posted by axiom at 1:30 AM on October 4, 2012 [1 favorite]


Malor, I see where you're coming from, but you're wrong, because they are the National Security Agency. Security means safety. It would be against their brief to destroy anybody's life.

Yeah, that'll last precisely until they actually feel threatened in any way whatsoever.
posted by Malor at 1:36 AM on October 4, 2012 [1 favorite]


I would imagine anyone using TOR or encryption such as PGP on a regular basis would be regularly monitored.

Like, say, anyone doing any online shopping or banking?
posted by Blazecock Pileon at 1:37 AM on October 4, 2012 [3 favorites]


This stuff is already KNOWN to be widely abused, to help American corporations win contracts. That's been true for, god, twenty years now?

If you think someone like Bush or Cheney wouldn't use this info, if they had it, to destroy their political enemies, you're deluded.
posted by Malor at 1:37 AM on October 4, 2012 [2 favorites]




Malor, I see where you're coming from, but you're wrong, because they are the National Security Agency. Security means safety. It would be against their brief to destroy anybody's life.

Yeah, that'll last precisely until they actually feel threatened in any way whatsoever.


Surely, Joe is joking.

And stop calling me Shirley.
posted by axiom at 1:55 AM on October 4, 2012


It would be pretty trivial for the NSA to run an on-line machine learning classification algorithm to identify possible 'terrorists' or what have you, but I doubt real 'terrorists' would be routinely sending possibly incriminating information in the clear so, as digitalprimate said, it probably means that they will just be identifying people using PGP or tor and focussing their efforts on them.

>I would imagine anyone using TOR or encryption such as PGP on a regular basis would be regularly monitored.

Like, say, anyone doing any online shopping or banking?

There is a pretty big difference between using HTTP over SSL and using tor or PGP.. It's also pretty clear to me that someone connected to the https port of bankofamerica.com isn't connected to send secret messages to their terrorist buddies.
posted by kiskar at 2:02 AM on October 4, 2012 [1 favorite]


The wikileaks manifesto cuts both ways

The best hope for the proles is to encrypt communications to the point of critical mass, then act.

the NSA is trying to store everything to the point that quantum computing can computationally reverse engineer every encrypted message so that time captured becomes irrelevant.

So, the race is on between the proles and the rulers. The 99% can encrypt and communicate, but can they keep their key secret long enough to reach a critical mass?

That then begs the question, is encryption even relevant, or is the shear number of bullshit messages enough to cloud the "interesting traffic" the NSA is looking for?
posted by roboton666 at 2:03 AM on October 4, 2012


Kiskar: applications can encrypt inside the data payload. If you use a RSA-type token, you can encrypt the data at a layer above the OSI stack, so all you see is binary data inside of a typical network frame on a normal port that is undecipherable unless you have access to the client and host machines.
posted by roboton666 at 2:09 AM on October 4, 2012 [2 favorites]


It's also pretty clear to me that someone connected to the https port of bankofamerica.com isn't connected to send secret messages to their terrorist buddies.

What about banks conducting business transactions for customers in terrorist states? In any case, there is no technical requirement for HTTP SSL traffic to go over port 443. Any type of (encrypted) traffic can go over that pipe or any other, if the client and server agree on it.
posted by Blazecock Pileon at 2:13 AM on October 4, 2012


In any case, there is no technical requirement for HTTP SSL traffic to go over port 443

Think of them this way. The NSA was handling Google scale problems well before Google was even a lab project. They're not going to assume that only traffic on 443 is encrypted. They're going to do deep packet inspection, they're going to reassemble flows. Why do you think they wanted their taps at the Tier 1 facilities?

Theoretically, using end-to-end encryption (which secures everything from your computer to the remote host) *and* TOR, which hides the connection by making sure that source and destination are never on the same packet, would make it secure.

However, this assumes that the client host and the server host are not compromised. That is, frankly, a horrible assumption. And, indeed, if I'm the NSA, and I see lots of traffic going to a known TOR node (what, you don't think they track that?) that's also encrypted (so I'm not even able to read it going into or coming out of the TOR network), then compromising those machine becomes job #1.

The NSA has one weakness. They work on comm networks. So, you either never communicate over them, or you only do so in deniable ways. This is even harder, but not impossible. If you can keep from getting flagged so that all of your comms are automatically analyzed fully, then simple innocent messages* can send some information without the NSA realizing it was sent.



* Example. You have an agreement with conspirator that every week, you will talk about, say, the last Monday Night Football game. 'Hey, dude, what do you think of the Cowboys Game last Monday' What's the code. Simple. If you refer to the game by the home team, it means one thing. If you refer to the game by the road team, it means another. Talk about the game in real terms -- indeed, it helps if you're both gridiron football fans. The message isn't anything about the game, it's the reference to it. Even something as simple as a subject of "Goddamn Cowboys" if you have a history of being a Cowboys fan, or "BEARS WERE AWESOME!!!1!" if you have a history of being a Bears fan is enough to pass a simple, agreed message, but if you don't, you talk about that interesting Cowboys or Bears game.

Important -- you need to talk about what everyone else is talking about. So, if you were in Canada, talking about the last Hockey Night in Canada game good. If you're in Nairobi, less good, unless you have a plausible reason, such as being from Canada and having a history of talking about that game. Don't make up false stories, those can be triggers. If you talk about last Monday's Rams/Browns game, that's a big red flag. There was no Rams/Browns game. But there *was* a Cowboys/Bears game last Monday, and a lot of people will be talking about it that week, esp, on Tuesday.

And, note, there's a third message. That would be, of course, that you haven't gotten a mail from your "football buddy" about the game. So, you can either assume the worst and run, or you have a confirmation message that says "Please answer this," say, "I can't believe $PLAYER was hurt", and if you don't get a message back, then you RUN. If you get a message saying "Dude, yeah, WTF? BTW, can you believe how bad the Cowboys were Monday Night..." then you get a confirm that, oh, it didn't get through.

Of course, there's a big weakness to this. If the NSA, or whatever bad guy, realizes that you are of interest, you just might find yourself being "persuaded" to give up the code. And, of course, there's very little you can send. But, done right, you could send a "go" message without anybody ever realizing you'd done so. Doubly so if you can *keep* talking in that code after the action, even if it's now meaningless, until you have a plausible reason to stop talking. Say, oh, the end of the season.
posted by eriko at 3:06 AM on October 4, 2012 [2 favorites]


Example. You have an agreement with conspirator that every week, you will talk about, say, the last Monday Night Football game.

My facebook is full of spies!
posted by dubold at 3:21 AM on October 4, 2012 [6 favorites]


The trick is to encrypt your application data to local disk with a tokenized system and copy that the tokenized binary disk image up to a cloud-based storage service.

Send they key to wherever.

(key could written down on paper and mailed, stored in a GIF, or some other out-of-band message)

Download the disk image, open the app, apply the key, and there you have it.

compartmentalization cuts both ways!
posted by roboton666 at 3:45 AM on October 4, 2012


*hears faint buzzing sound, grabs emergency patriotism kit, dons flag shirt, fastens flag pin, picks up Sam Adams, flicks on light switch for Inflatable Lawn Jesus (tm), removes shoes and belt, runs outside and does inoffensive, silly jig until the silver drone passes out of sight. Goes inside, slumps wearily into kitchen chair, begins to remove flag pin before noticing the little green monitor light on the TerrorSafe (tm) kitchen security camera is blinking. Glances at clock and blanches, noticing it is two minutes past the hourly FDA-recommended healthy pledge of allegiance. Even over the enthusiastic recitation, hears faint buzzing sound return and grow louder. Trails off mid-pledge, closes eyes, rests head on table, allowing something like relief to wash gently across face. Buzzing grows louder, nearly overhead now.*
posted by Salvor Hardin at 3:46 AM on October 4, 2012 [10 favorites]


Just fyi, the Guardian Project has good open source crypto software for Android, like Tor.   Also, TorChat rocks!
posted by jeffburdges at 4:33 AM on October 4, 2012


Contrarian alert....

Well, not really. I hate all the surveillance. And the lack of government transparency. And the invasive/pervasive/ubiquitous tech. More than just about anyone.

However.... I pause when I consider that Obama wasn't a friend of this when he went into office. He campaigned on opposition to it, lightly. He's a lawyer. He taught consitutional law. His administration is packed with some smart dudes, many of whom share my political beliefs. Presumably, he's sensitive to the privacy issues raised if ANYONE is. (e.g, compare him to W.)

And yet, he flipped into the opposite state. I wonder, based on a valid presumption that he has some info I don't, that he thinks the good outweighs the bad and in what can only be called speculation, his questionably competent predecessor came to the same conclusion?

It could be this stuff is used for trends and chatter as much as individual targeting. It did take a decade to locate and perforate Osama bin Laden and he WAS the subject of a focused search. My sympathies for the OWS kids seem like small potatoes by comparison. (YES! I ADMIT I LOVE THOSE GUYS!!! FukU GOV!!!)
posted by FauxScot at 4:58 AM on October 4, 2012 [2 favorites]


"Links", "associations" and "relationships" are going to be the keywords ...

Awhile back I asked a question on AskMefi about how to circumvent the growing bot-centric nature of the surveillance state. I found another book that relates to this aspect about links/associations. It is called The Exploit by Galloway and Thacker. It is mostly continental philosophy, but there is an interesting part in the book talking about "tactics of nonexistence" that has applications to thwarting intelligence-led social network analysis. Quote from book:
But you still ask: how is it possible not to exist? When existence becomes a measurable science of control, then nonexistence must become a tactic for any thing wishing to avoid control. "A being radically devoid of any representable identity," Agamben wrote, "would be absolutely irrelevant to the state." Thus we should become devoid of any representable identity. Anything measurable might be fatal. These strategies would consist of nonexistent action (nondoing); unmeasurable or not-yet-measurable human traits; or the promotion of measurable data of negligible importance. Allowing to be measured now and again for false behaviors, thereby attracting incongruent and ineffective control responses, can't hurt.
That last line is the aspect I thought may thwart it, insofar a person could create several identities on the Internet that are "linked" to you, but aren't really linked to you in meatspace. Kinda like a personalized Jam Echelon Day, but in this case aimed directly at screwing with the social network analysis. Of course, the problem with all this, is that it would take up a lot of time to create all those profiles. Plus it might be easy to trace you doing this, if you weren't using proxies or a vpn. And also corroborating evidence from meatspace might make the fake profiles superfluous. But it makes me wonder, if this was done on a large-scale (hundreds of thousands of facebook, twitter, and other social network accounts created, then linking many of them together), how much it would screw with their network analysis, especially if you started linking the large networks of fakes with existing real networks.

That last quote also has other ramifications, like creating fake facebook "likes" or fake last.fm scrobbles to screw with corporate data mining profiles.
posted by ollyollyoxenfree at 5:13 AM on October 4, 2012 [2 favorites]


My facebook is full of spies!

I think what you meant to say is: My facebook is a spying mechanism.
posted by AElfwine Evenstar at 5:21 AM on October 4, 2012 [4 favorites]


And yet, he flipped into the opposite state. I wonder, based on a valid presumption that he has some info I don't, that he thinks the good outweighs the bad and in what can only be called speculation, his questionably competent predecessor came to the same conclusion?

Or the watchers and listeners have so much dirt on everyone that they can no longer be stopped. It's been done before by an American spy agency.

Also remember what recently happened to a certain NY governor 'coincidentally' caught by anti-terrorism bank reporting laws.
posted by srboisvert at 5:23 AM on October 4, 2012 [3 favorites]


...he thinks the good outweighs the bad...

I do not buy it. If the "good outweighed the bad", i.e. if there were a genuine "security" reason for mass surveillance, then keeping that reason secret, when the extent of the surveillance is widely known (and when the surveillance is probably overwhelmingly unpopular among those aware of it), seems like a shitty PR move.

It's perhaps more likely that the justificatory threat to "security" is known to the NSA but not to anyone else in the government, and overwhelmingly more likely that the justificatory threat is not real, or threatens powerful organizations but does not pose an especially great threat to the public the government ostensibly serves, etc.

But it makes me wonder, if this was done on a large-scale (hundreds of thousands of facebook, twitter, and other social network accounts created, then linking many of them together), how much it would screw with their network analysis, especially if you started linking the large networks of fakes with existing real networks.

I love the idea of the DecoyNet, and also the idea of billions of automated 75-kilobyte daily emails about SCARY THINGS sent between accounts that don't belong to anyone.
posted by kengraham at 6:27 AM on October 4, 2012 [2 favorites]


This isn't freedom.
posted by yonega at 6:42 AM on October 4, 2012 [3 favorites]


It would be against their brief to destroy anybody's life.

You might want to talk to Thomas Drake and Bill Binney about that.
posted by ryanshepard at 6:58 AM on October 4, 2012 [1 favorite]


Artificial intelligence and automated drones? What could possibly go wrong?
posted by entropicamericana at 7:40 AM on October 4, 2012


ELINT and SIGINT trawling efforts on these scales simply don't seem to scale correctly. If you already have a known suspect and can identify him on the net then you can probably suss out other people that individual talks to and try to develop a web of connections in order to roll up a criminal conspiracy but in terms of being able to automatically trigger on a random terrorist conspiracy from a single email in the multitudes of emails travelling around the net everyday seems like a massive challenge even with an organization with the resources of the NSA.

Maybe they do have the processing power to scan and analyze that volume of data but it seems like you still have to refine that into a form that intelligence analysts can actually cognitively process and associate before you can actually do anything useful with that information such as pass it on to law enforcement or military units for action.

Yeah they seem to catch people every so often but they are almost always linked to other known terrorist suspects there doesn't seem to be a massive downturn in the number of leaks of classified materials which seems to indicate that they can't always isolate that sort of thing in the ocean of data.
posted by vuron at 7:49 AM on October 4, 2012


Nah, they'll just store stuff until you piss them off. Then they'll trawl through your backlog.

What's that phrase--this, a thousand times? Because this. This a thousand times.

The storage of endless reams of information which cannot be adequately monitored before the fact is a method of control and intimidation. The background of any serious civil rights proponent or whistleblower will be examined meticulously in order to apply pressure on them when they make too many waves. This has always been the case, and I see no reason to believe any particular president would have enough control over the agencies beneath them to actually change that aspect of the agencies' culture and practices if they even wanted to. Which they won't.

It's not that the all-seeing eye sees everything all the time. It's that when it turns in your direction, there is no hiding from it. This creates a constant pressure to conform and toe the line even though you are almost always free from observation at any particular moment. It places the entire society, with the possible exception of elites willing and able to act to protect themselves, within a panopticon, which is perhaps history's creepiest idea.

Standardized tests in K-12 should be replaced with yearly viewings of The Lives of Others.
posted by jsturgill at 8:45 AM on October 4, 2012 [6 favorites]


eriko: "* Example. You have an agreement with conspirator that every week, you will talk about, say, the last Monday Night Football game. 'Hey, dude, what do you think of the Cowboys Game last Monday' What's the code. Simple. ..."


So the NSA communicates the same way people text their drug dealers?

"Hey R, I heard the ski slopes are real nice this time of year. How much do you think a cab ride per mile would cost? Also, heard Lucy and Molly are in town?"
posted by wcfields at 9:02 AM on October 4, 2012 [2 favorites]


Global information flow is very roughly 1000 petabytes a day, or 1 exabyte/day, not including mobile traffic, handwritten letters, word of mouth, or any other form of information transmission. [...] Humanity can store 295 exabytes of data, so that whole idea that we can just store the data and mine it later has its own problems.

The article citing a total storage capability of 295 exabytes of data was difficult for me to parse (and from 2007), but I can assure you that we've exceeded that by now. The NSA alone is intending its new datacenter to store yottabytes of data - 1 million exabytes. Also consider that the total data flow is often redundant - chain e-mails, etc. Block-based deduplication can provide an effective 2-10x increase in effective data storage capability (depending on the nature of the data).

Like, say, anyone doing any online shopping or banking?

Have you ever tried to do banking through a proxy? Most websites I've tried will not allow me to pay for a shipment to my house in the USA when my connection is coming from Russia. I mean, yes, encryption is involved in https, but it's identifiably different from a network analysis standpoint.

the NSA is trying to store everything to the point that quantum computing can computationally reverse engineer every encrypted message so that time captured becomes irrelevant.

Aaaand it looks like they got one of the first quantum computers.

Nah, they'll just store stuff until you piss them off. Then they'll trawl through your backlog.

For me, this is the real issue - even if these capabilities are being used responsibly now (which we have no way of knowing) that doesn't prevent them from being used irresponsibly in the future.
posted by nTeleKy at 9:39 AM on October 4, 2012


Everyone should go read Poe's Man of the Crowd.

Today's criminal is the man of the crowd. It is the man who spends his time off the computer, not reading, not consuming, never communicating much except in person. The fellow who always hangs around with friends, at bars, at parties, at dinners. He lives off gifts and the kindness of people. He is the life of every social circle, and people always buy him his drinks. He now is the suspicious one.

The public man is the new private man.

A nice modern update to Poe's story would be to rewrite the protagonist as a government agent with full access pass to everyone's data. He passes his free time stalking strangers on the internet and categorizing them by their Facebook updates, emails, purchases, behavior. The crisis strikes when he comes across the same face in countless photos, never alone, always in a crowd . . .
posted by TwelveTwo at 10:14 AM on October 4, 2012 [2 favorites]


If we accept that the NSA has taps on several Tier 1 providers, wouldn't using TOR significantly raise the probability that your data WILL pass over an NSA taps?

Your encryption's only good for so long...

Combine that with "store until offended" and suddenly silk road and bitcoins don't look so anonymous.
posted by fragmede at 10:40 AM on October 4, 2012


The NSA alone is intending its new datacenter to store yottabytes of data - 1 million exabytes.

Correction: My bad, did not read until the very, very end of the article when they update it with the proper figures. Here (pdf) is the actual report that's cited, which guesstimates hundreds of petabytes. Thank you to BlackLeotardFront for that. And come, on, techcruch, is it really that hard to edit your articles?

If we accept that the NSA has taps on several Tier 1 providers, wouldn't using TOR significantly raise the probability that your data WILL pass over an NSA taps?

Possibly. From "Practical Vulnerabilites in the TOR Anonymity Network"
"Lesson one is that Tor guards against traffic analysis not traffic confirmation.
If there is reason to suspect that a client is talking to a destination over Tor,
it is trivial to confirm this by watching them both. [...]

Lesson two is that the current Tor network is not by itself sufficient to pro-
tect against all of the significant adversaries that may oppose law enforcement
or defenders of national security. [...]

Lesson three is an extension of lesson two. For correlation vulnerability, the
communication links between the relays matter as much as the relays themselves,
if not more. An adversary that can observe even a small number of strategic
Internet links can do end-to-end correlation on a large fraction of the traffic that
passes over Tor."

Really, though, take all this with a grain of salt when it comes to your communications. Security and privacy are important things to take into consideration on the internet, but don't let yourself be silenced or intimidated by fear. The government is large, bureaucracies are inefficient and often inept, and you are probably not "an important target" or whatever. What is more important, in my mind, is taking the government to task as much as we can for these rather flagrant violations of the rights we used to enjoy.

Also keep in mind the parable:
"When a bear attacks your campsite,
you need not run faster than the the bear,
only faster than the slowest honey-coated camper."
posted by nTeleKy at 10:58 AM on October 4, 2012 [2 favorites]


nTeleKy: What is more important, in my mind, is taking the government to task as much as we can for these rather flagrant violations of the rights we used to enjoy.

The rights we still have, even if the government is depriving us of them.
posted by Malor at 2:05 PM on October 4, 2012 [2 favorites]


The scary thing about this kind of surveillance is what could, in principle, be done with all of the resulting data. The ultimate lulz would be had by an NSA official who denied this information to any other government agency, citing its sensitivity, rendering it useless. Is anyone here an out-of-work, hitherto squeaky-clean, cryptographer who's willing to work their way up the NSA chain of command for lulz of this type? The mole who trolled me?
posted by kengraham at 2:07 PM on October 4, 2012


The House of Representatives last month re-approved the FISA bill, and the bill is now ready to pass in the Senate as well.

Members of Congress Who Reauthorized Warrantless Wiretapping Bill Don't Understand What It Does - Or they're ignoring the surveillance of US citizens it allows.
posted by homunculus at 2:54 PM on October 4, 2012


Look at the idea of fusion centers that Mitt Romney advocated when he was a governor and chairman of a national task force on intelligence sharing. All that concentration of information-gathering resulted in exactly zero terrorist threats exposed.

DHS Counterterror Centers Produce ‘a Bunch of Crap,’ Senate Finds
posted by homunculus at 2:57 PM on October 4, 2012 [1 favorite]




The NSA alone is intending its new datacenter to store yottabytes of data

That's mind-boggling. It's rare to see the metric prefix "yotta" come up in any kind of discussion.

If you have some kind of unit, a "yotta" of that unit is 1024 of those units. For example, if your unit is a meter, and the diameter of the known universe is, say, 156 billion light years, then that's roughly 1000 yottameters.

It's pretty hard to find a fairly ordinary context where you could even use that prefix, the way we routinely use prefixes like kilo- and mega-. The yotta is the largest named metric prefix. It's quite difficult to relate numbers of that magnitude to ordinary experience. But it might come up relatively soon when talking about information flow.

Currently we make do with mega- and giga- when talking about our home computers ("my computer stores 100 gigabytes!") If we assume a simplistic version of Moore's Law, where this stuff doubles every two years, then it only only takes about 20 years to go up by about a factor of 1000 (which is about 210.) So we go from giga- to tera- to peta- ... and so on, until we hit yotta- in about a hundred years. It's really mind-boggling to me now to think we could ever have laptops that could store yottabytes of data.

But I digress.

And don't hit yotta. The Force is with him.
posted by twoleftfeet at 9:35 PM on October 4, 2012 [2 favorites]


Twoleftfeet: The report of the NSA's storage capacity has been corrected to "hundreds of petabytes", not yottabytes.

Homunculus: I was mistaken, it probably won't pass the Senate, at least not in this congressional session. Ron Wyden is delaying it for now.
posted by Sleeper at 10:13 PM on October 4, 2012


Here's an interesting fact about the NSA: The NSA doesn't measure computers in computing power; it measures them in acres. That's how they talk about their computers: how many acres of computers they have.

This fact is interesting for a couple of reasons. First, an acre of computers is a really huge number of computers. An acre of land can hold about 15,000 laptops arranged in a rectangle, but if you stack the laptops, say, six in a column, then you can get about 100,000 laptops to the acre. The NSA doesn't use laptops for this, of course, but you get a rough feel for the physical dimensions of their computing power. They have many acres of computers; roughly enough laptops for everyone in a medium-sized city.

The other fact, far more troubling, is that it seems that the NSA is measuring land area in terms of acres, whereas most of the world now does that in terms of hectares.

So you have this enormous computing power tied to an increasingly irrelevant system of measurement.
posted by twoleftfeet at 12:19 AM on October 5, 2012










Meanwhile, in Australia: Govt censors pre-prepared data retention bills
posted by homunculus at 10:49 AM on October 11, 2012


« Older Sleeves designed by Peter Saville   |   Hey Billy, where d'you get those sunglasses? Newer »


This thread has been archived and is closed to new comments