Details of Cyber Shield Disclosed by White House

This bothers me not because of a desire to protect computer networks, but because it includes within it the use of NSA technology to monitor all internet communications.

It's basically using cyber-security as an excuse to engage in warrantless wiretapping.

URL: http://blogs.wsj.com/digits/2010/03...as-us-cyber-shield/?blog_id=100&post_id=11601

What are your opinions?

 

Opinions?...
Are not good. Are we to feel more reassured that it is being declassified? Are we to feel more secure that OUR democratically elected officially that allegedly are their to represent the citizens of this nation are keeping such a close tab on every thing we write, say, speak, sell, buy, listen, and see. Is their no recognition in our collected memory that would point to the idea that any of this over whelming control could and would be abused and used against the very citizens it was allegedly sold as to protect?

 

Eh. Sounds to me like they're more interested in types of traffic than traffic content. Any content analysis would by necessity be automated. Besides, if you want to protect your emails just use PGP or something similar and that's that.

 

Oh yeah.. encrypting emails when the NSA is looking into them. It's like throwing blood into the water when the sharks are already circling

I'm pretty sure that government agencies are already monitoring all kinds of communication (some of it they are not even denying) and if caught someone from the agency will take the bullet and on with business.

If such organisations as the NSA want a peek at your communications they will do so regardless of any law.. they will either find a loophole in the law to retroactively justify the intrusion or just use what they found to get you by other means (nobody has a clean vest).

This is the crux of secret organizations.. it's very easy to look away when they cross the law border and sometimes it's not even known that they have crossed it.

 

The NSA lacks the money, manpower, technology, and more importantly the mandate or the will to give a #### about you unless you're doing something both large enough and dangerous enough to warrant their attention. And if you don't know what would define "large and dangerous enough" then you're not capable of doing anything of that nature.

 

I believe the NSA is larger than the CIA or the FBI.. they just don't advertise that fact.

Manpower means shit when you have automated software that scans every item and has the ability to analyze spoken words and transcribe them (even commercial software is able to do that to a degree so imagine something custom programmed by highly skilled professionals with huge budgets).

So even you being insignificant now try doing something that's been flagged as potentially dangerous (like buying books about fertilizers and buying fertilizer in large quantities) you will get on their watchlist.

 

People encrypt emails all the time. It's no big deal. If anything I'm surprised it isn't a standard feature of email clients yet.

Precisely. The NSA isn't going to want to waste their time looking at false-positives generated by their software, so they're going to do everything in their power to make the software only invoke human attention when it finds something genuinely dangerous.

Which, unless there's something you are not telling us, isn't you.

Is it possible random people would be flagged for attention by such software? Sure. But that's a bug, not a feature, as far as the NSA is concerned.

As for what information could be used as inputs to such an algorithm, that's still governed by law. Any issues in that regard are a legal matter, not a technological one.

 

Shatinator,

I could not agree with what you said better myself


Lindley,

Doesn't matter, privacy violation is a privacy violation, it doesn't matter if a person does it or a computer does it. You could hook a camera up to a motion sensor pointing into a person's bedroom, leave for two weeks, come back, collect the camera and never look at the contents, the fact is that person who you spied on if he found out would feel pretty goddamned violated...


STR,

Are you serious? They have enormous amounts of money, enormous amounts of manpower, and all the technology they could ever need


FPAlpha,

That's correct

Also completely correct...

That's right, no matter how small you are they can track you.

 

See previous statement Re: Legal, not technological.

Bullshit. It doesn't matter how good your programmers are, or how much money you give them. If you don't have superior algorithms, your results aren't going to get any better. And while it's certainly true that some algorithms are developed in classified environments, the vast majority of the really useful ones come out of academia, which operates openly.

What's usually classified is parameters to algorithms, weaknesses of specific applications of them, or specific things they're going after. Small variations which might help defeat specific efforts. The algorithms themselves, in a general sense, are rarely classified; and you can be sure that if something new and really useful is developed unclass, a commercial interest will capitalize on it as soon as possible. So it's unreasonable to suppose that the NSA has "magic" technology decades beyond the commercial sector. Maybe months beyond, a year or so at most.

I left that bit alone because the intent behind it is valid; the NSA probably does have slightly better software than most others. But I just can't let you validate it with the adjective "completely" correct, sorry.

Sure, they can, but [Doctor]why[/Doctor]? Surely they have better things to do with all that money and capability you ascribe them than figure out what magazine you read on your lunch hour?

 

You have a fundamental misunderstanding of how the world works. Automated software are productivity enhancers, allowing an individual to sort through more data than he could before. An individual will always have a finite ability to filter information. An individuals are the only things that exist that can actually assign value to information. That is the bottleneck, not in collection of raw data.

If you read the reports from the USAF UAV programs, the CIA satellites and ground sources, you realize that these organizations are flooded by mountains of raw data that they cannot manage. Basically, the US government is struggling to keep on top of everything they have on Al Qaeda and what's happening in Iraq and Iran.

It hurts me as a ST fan to say this, but data is worthless. It's only when you piece data together into information that it has value. Right now, we have a world of infinite data, but we only have a finite amount of time to process that into usable information. That is only one reason why nobody is reading your email to your mom.

Another reason: the NSA doesn't give a #### what you say to your mom. Capability does not dictate action. I have a car, and I sure as hell could run you over if presented the opportunity. It doesn't mean I will, and I wouldn't, because I have NO DESIRE to. It doesn't make my life any easier, and in fact it wastes time, resources, and effort that I could have spent on not denting my vehicle.

 

And you didn't understand what i was saying. It's not about the volume of raw data but programs (algorithms) that sort through the raw data looking for key words and combinations that have been flagged as interesting.. interesting enough to warrant the attention of a live human who'll inspect the provided data.

I'm not talking about automation programs the industry uses where you pre-program certain tasks but "intelligent" software that's able to analyze communication to a degree and raise an alarm if certain criteria are met (the NSA is obviously not interested in your recipe exchange with a friend but may listen up if you talk about terrorism and how you think they may have a point).

And i believe the NSA has enough people to be effective data collectors and analysts.. just look at their huge parking lot to see how many people work there and Fort Meade is for sure not the only place the NSA has people who work for them.

 

You're both saying the same thing but drawing different conclusions from it. STR is saying that such a program would act as a capability multiplier increasing the amount of data that each human analyst could effectively process; but that there's still so much data out there that they'd have trouble covering all of it. And the amount coming in is increasing all the time.

Ever-more-capable anomaly detection algorithms will be required to effectively sort through ever-increasing data without generating too many false alarms or missing too many real threats, but at the end of the day, someone still needs to verify the program's findings, and there's a finite number of people available to do that.

 

Here's the difference between our two conclusions. I'm citing actual reports from people that have studied the problem. You're saying the NSA has a big parking lot.

...

Like I said, fundamental misunderstanding.

 

You do realize that if we get to the point where we start monitoring every piece of internet and telecommunications traffic, storing all of it and organizing it into detailed dossiers on everybody like AQUAINT, the government would know everything about everybody, even how we think, what we will and will not do in the future.

This is not in the spirit of what our Founding Fathers wanted; it's not in the spirit of The Constitution -- it isn't even remotely reasonable. If this is done our government will become more dangerous to it's own people than the terrorists, or even the Chinese.

You can't honestly believe that this kind of power wouldn't be predestined to be abused, it's virtually an inevitability!


CuttingEdge100

 

That's paranoia. It won't happen, for several reasons.

First, it would be political suicide. Second, computer science is at least 50 years away from even the capability you describe (AQUAINT is much more limited than you make it out to be, from what I've read). Third, the vast majority of that information is useless, so even if they *did* know enough to predict what people might do in the future, they wouldn't need to store all of it. (The hard part would be figuring out which parts are useful, but one assumes that's been solved if they can make reasonable predictions.)

Fourth, and most important......you're the one making all this information publicly available to start with. If you don't want computer programs analyzing your online activity, just get off the damn internet. It's really that simple.

 

I'm with STR on this one. I think most people have no clue how much data passes through the Internet--or even a small chunk of it--every second. Collecting even a tiny fraction of said data is prohibitive in terms of storage, which means you're limited to scanning the data passing through the network and only recording "interesting" packets for later review. As FPAlpha said, it's only the algorithms that matter in this case, but I think he might be overestimating how good any of them are at the moment. Data mining is still a very young field.

Nevertheless, if you are concerned about having privacy on the Internet, encrypt your data. It's absurd to have any expectation of privacy when you're transmitting all your data in plain text!

While I'm reluctant to say only those with something to hide should be worried, it's really the nature of the beast in this case. There is neither the storage, nor the infrastructure, nor the computational power, nor the manpower to sift through every packet passing through the Internet in the US. Unless you are drawing a lot of attention to yourself due to your Internet activities--constantly looking up instructions on bombmaking, cracking, staying in touch with suspected terrorists, etc.--you really have very little to worry about.

 

Lindley,

How would it be political suicide?


Robert Maxwell,

Are you serious? The NSA specializes in code-breaking, I'm pretty sure any encryption you could come up with would be easily crackable by them

 

Actually, no. If the encryption algorithm is strong (such as TripleDES or Rijndael), and you have a good key, no one can crack it with current hardware. As far as government intelligence goes, anything you can't crack immediately is pretty worthless, unless you're certain the encrypted data is valuable.

CuttingEdge, please don't take this the wrong way, but you seem to have a very "magical" attitude regarding computer technology, that absolutely anything is possible and that the government has no finite limits on what it can monitor.

There are forms of encryption that are currently uncrackable. Will they be cracked at some point in the future? Almost certainly. But if it takes 10, 20, or 100 years, it won't really matter to interested government agencies, will it?

And, as I said before, there are real physical limits to how much data the government--any government--can track, store, and analyze.

 

Seriously? Seriously?

If you can't understand that, then there's no point in explaining it.

 

Robert Maxwell,

I don't believe that computers are magical, I do know some very impressive things can be done with computers, but I don't think it is magical. I also am aware of the fact that the government develops all kinds of technology that is often far ahead of anything available in the public sphere, technology which is shrouded in secrecy, and not always used for ethical purposes.

This is no revelation; this is nothing new and is common knowledge by a great many people.