[clug] Offline snooping

Keith Sayers spinifex at iprimus.com.au
Wed Feb 5 03:24:48 MST 2014

Wow - this started something!

Chris Smart enquired :
> Have you got the source code to your system's firmware?

      Not sure - Kubuntu 12.04 on a home computer - I have that - whence would 
I get the firmware?

A level-headed Scott Ferguson added :

> If you're concerned about your boxes being infected by NSA type spying
> devices - don't be.

     More or less my thinking.  Nothing particularly critical in my systems 
but a good deal of personal stuff such as genealogy.

> give Mr Stallman and Coreboot some more respect and attention.

     Who are they, please?

Steve Jenkin gave us a financial aspect :

> Those sophisticated exploits/intrusions cost a lot of money...
> Think $5,000 per radio device and once installed, they have to be managed   
> and data collected. You can't do that for less than $5,000/week per         
> intercept station.

     And just how big is the CIA budget again?

> Do you qualify as a high value target to them? I can't answer that, but I    
> can guess "NO".

     Actually I tend to think from the other side - (first rule in debating - 
prepare the oposing case before you prepare your own).  Suppose I were the CIA 
finance director with all that money pouring in through the door - how to 
dispose of it before the next lot comes pouring in?  The obvious targets first 
- Russia, China, the Middle East (_all_ of it), the old stomping grounds south 
of the Rio Grande (still thought of as the backyard), probably the new ones in 
Africa, then what?  Still an awful lot of money to spend.  Have to start 
working on the 'friendlies' - Europe, Far East, Australasia - what can we pick 
up from their pollies?  Might be something useful there........

> You have nothing to worry about from the NSA, but should be actively working 
> to keep your banking and financial access details secure.

     They are offline ........    Except for occasional (usually overseas) 
credit card transactions.

Scott (and his mum?)  'put the phone down'

     Much what I do do - and I notice that they usually call around teatime so 
I leave them to the answering machine.  Surprising how many ring off when they 
hit that.

Alex Satrapa broadened the discussion a bit :

> The world of electronic intelligence gathering has grown far past the       
> trivial issues such as “who is a target.”

> Pervasive surveillance is not about “targets” anymore. They’re not hunting  
> someone they already know to be a criminal, they're trying to filter out the 
> things they’re interested in finding.

> They want to collect “all the data” and then interpret it at their leisure. 
> It’s no longer about “am I a target” it’s, “am I a victim.”

     Now then a GOTBO - and here is the possible comfort.  They may garner it 
all in but how to process it?  Start with keywords but I can imagine young 
yahoos getting on to that pretty quickly and flooding the 'net.  Onto the more 
sophisticated - which needs human brain power - and intelligent brains are in 
limited supply - so bottle necks - so set parameters and study only what falls 
within.  I was once told that that was why the Antarctic Ozone Hole was not 
detected sooner.  It actually _was_ detected, or at least the data was 
collected but as that fell outside the parameters of what had been deemed 
realistic it was ignored.  They may have the resources to gather in my 
metadata but are unlikely to process it - unless at some future point my - or 
one of my namesakes' - names turns up in some other context and they search 

> The sky isn't falling yet.  :)

     Err - just a minute and I will go out and check.

Paul Wayper neatly tied it up :

> We merely add to the vast quantity that the NSA sifts through looking for
> something - fundamentally - to justify its existence.  And that's what I    
> fear.

And the invaluable Scott again ;

> I take NSA's "it's only metadata" with a big bucket of salt. Very
> likely an ally or outsourcing company keeps the raw data.

     _Exactly!_  _Any_ political statement, if parsed carefully, can be found
 to have loopholes.

     A small story to finish - when Freedom of Information first came in in the 
USA one consequence was that people who had been refused credit cards were 
able to find out why - and apparently in a good many cases it was due to 
mistaken identity.

Keith Sayers                                           spinifex at iprimus.com.au
6 Clambe Place
Australia                                         http://www.keithsayers.id.au

More information about the linux mailing list