[clug] Offline snooping

Scott Ferguson scott.ferguson.clug at gmail.com
Sat Feb 1 19:49:25 MST 2014 

On 02/02/14 13:35, Paul Wayper wrote:
> On 02/02/14 12:23, Scott Ferguson wrote:
>> Yes it *is* paranoia [*1.]. It's unlikely 'they' are out to get you. If
>> anything what the Snowden revelations have confirmed it that:- ;'they'
>> are out to get certain people and organisations (targeted) ;'they' are
>> out to get certain hardware (targeted) ;'they' are demonstrably and
>> patently *not* doing a very good job of the former
> 
> I'd certainly agree that a lot of the NSA's wonderfully named operations and
> activities ("EGOTISTICALGIRAFFE", anyone?) are generally targetable -
> spyware on computers, intercepts in data centres and on landlines, etc etc
> etc that's all capable of being used to get data out of one particular
> person under surveillance.
> 
> Yet none of that is incapable of being used across wide swathes of
> information.  It doesn't matter how many of a suspect's phone calls you
> record and how many innocent conversations you listen to, sooner or later
> you're going to record the one that describes where the bomb is to be
> planted.  So if you just keep those other recordings around, sooner or later
> you can go back to them and concoct a bunch of conjecture that makes them
> look guilty - I mean, find some more evidence.  Right?

Yes. I strongly suspect that is the case. Views and opinions expressed
now should be considered "part of your permanent record". That movie you
are currently streaming, that innocent "hacking" research you undertook
- may all one day threaten your livelihood. History has a habit of
repeating and those sorts of things have happened in the past when
fascist regimes have gained power.

> 
> And then there's metadata. 

I take NSA's "it's only metadata" with a *big* bucket of salt. Very
likely an ally or outsourcing company keeps the raw data.

> You can find a lot out from metadata.  All sorts
> of useful patterns show up:
> 
> http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/
> 
> And, funnily enough, when people start looking for patterns - when people
> start looking for suspicious behaviour - surprise surprise they start
> finding it:
> 
> http://www.bbc.co.uk/blogs/adamcurtis/posts/BUGGER
> 
> This leads people with lots of resources and endless suspicion to find moles
> and spies where they don't exist, and miss the ones that are not just under
> their nose but have gigantic flags attached to them saying "Hey, I'm a spy!".
> 
> The NSA, to use the analogy, is building a gigantic haystack.  There's no
> way it can search through it using anything but the crudest of tools.  But
> there's needles in there somewhere!  They've got to be there.  And all the
> NSA needs to do is find enough things that look like needles - thin rocks,
> plant stems - to justify its continued acquisition of lots of hay and robots
> to sift through looking for anything that's small and thin and harder than a
> piece of straw.  If this thing looks enough like a needle, they can probably
> make it look enough like one to impress the public, or the senators, or
> eachother, or whoever they need to impress.
> 
> Statistically, the problem here is due to the base rate fallacy:
> 
> http://en.wikipedia.org/wiki/Base_rate_fallacy

See also:-
http://politicalscience.osu.edu/faculty/jmueller/NSAshane3.pdf

for a realistic cost:benefit analysis

> 
> Ethically, in my opinion, I call it Pulling A Cardinal Richelieu:
> 
> http://en.wikiquote.org/wiki/Cardinal_Richelieu
> 
> I.e. "If you give me six lines written by the hand of the most honest of
> men, I will find something in them which will hang him."  If you look at
> enough information about a person, with the right (suspicious) mindset you
> will find enough to find them guilty of something.  Then you start
> investigating further and find even more, and so on.

Yes. There is always that potential. A high noise to signal ratio also
increases what I call the "Tuttle" scenario (see Terry Gilliams
wonderful film Brazil) where a single letter is transformed by a fly in
a printer resulting in an innocent being seized. *But* it's important to
keep these things in perspective - like the risk of meteors falling on
our heads.

> 
> If your tools are automated, so that they just look for correlations, then
> it's entirely possible for any one of us to look suspicious enough to
> warrant further investigating.

Sure, and parts of the US get their major income from private prisons
(the same companies operate many of the private prisons here - and our
"illegal" immigrant "processing" centers).

There are resource limitations to holding and interrogating people too -
the tax for funding that has to come from somewhere. It's not just
citizens that can become paralyzed by fear (the NSA's frantic search for
automated sys admin is a case in point).

>  If you went to LCA 2012, your social network
> intersects with Jacob Appelbaum (and don't the NSA love watching him).  I'm
> sure the CLUG list has people who have ... experimented with network
> security systems in a somewhat darker than white hat manner.  MakeHackVoid
> is probably seething with malcontents and anarchists :-)  There's a good
> chance your phone list contains someone under surveillance (250,000 people
> watched by Federal police from memory from Simon Oxwell's statistics from
> 2012 - out of a population of less than less than 25 million that means one
> in a hundred people on average).
> 
> BUT:
> 
> To address the original post, and most of what's gone on in this
> conversation: yes, most of us have nothing to fear.  We may be looked at in
> passing due to our associations with other people, but we aren't involved in
> anything fundamentally wrong.  The eye of the security complex passes over
> us and moves on.  We need not fear these expensive bugging technologies that
> require lots of work to install and maintain - they are not for us.   We
> don't need to glue our computers together or encrypt everything or coat our
> studies in copper mesh.

And we have a duty to ourselves to publicly question the viability of
these programs - and their need for secrecy. Some things should be
secret - others are harder to justify (trade agreements).

> 
> We merely add to the vast quantity that the NSA sifts through looking for
> something - fundamentally - to justify its existence.  And that's what I fear.
> 
> Just play it safe, eh?
> 
> Have fun,
> 
> Paul
> 

Kind regards

More information about the linux mailing list