Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Cybersecurity and Government Surveillence

  1. #1
    Senior Member
    Join Date
    Oct 2011
    Posts
    1,951

    Default Cybersecurity and Government Surveillence

    In the hearings about surveillence certain questions weren't asked. They weren't asked due to ignorance of computer capability, ignorance of law and ignorance of the uses to which the surveilled data (telephone and internet metadata) can be put.

    Starting this essay with the "privacy" issue because other than uncovering possible criminal or terrorist activity it is missunderstood as uncovering political or sexualy emabarrasing data and illustrates broader issues of capability and civil security and function, other than uncovering political or sexualy emabarrasing data, that can be adversly impacted by the missuse of the data.

    To illustrate here a ficticious scenario based on the movie "Wall Street". Sir Wildman, an investment banker, makes contacts with Anaconda Steel. By following Wildman the stock analist, Bud Fox, was able to conclude that Wildman is taking over Anaconda Steel. With this inside information the Raider, Gordon Gekko, buys a lot of Anaconda Steel foiling Wildman's takeover of Anaconda Steel. Wildman has to pay Gekko a premium price for the stock to complete his takeover costing him more to do business. With the extra money Gekko cost him Wildman could have modernized the company and it cost the company jobs.

    To get the inside information Bud Fox followed Wildman on a motorcycle and asked some airport personel about where Wildman's plane was going. With the surveillence data collected by the government a bad actor could do the same thing.

    Reliance on the privacy of this "private" information is crucial to the functioning of our economy. Since there is no way for this information to be kept private under government surviellence once collected the only options are; to stop the collection of the data, or make penalties for misuse of the data so severe that private reliance on the security of inside information is reassured.

    A model of penalties can be drawn from the penalty considerations regarding railroad security or postal security. Since our economy and industry is reliant on the low cost of rail and postal transport and since rail and postal transport is physicaly vulnerable to piracy the penalties for breaking security of said transport is greater than breaking security of other secured places. Such should be the model for breaking security of phone and internet communications. Since the government has the legal power to break said security as part of its broader security arrangements the penalties for misuse of government collected data should be higher than for misuse of secure data collected by other means.
    Last edited by astrotech; 06-15-2013 at 12:45 PM.
    Lies have the stench of death and defeat.

  2. #2
    Senior Member
    Join Date
    Oct 2011
    Posts
    1,951

    Default Re: Cybersecurity and Government Surveillence

    There is another way in our hands to undermine the use of phone and internet information for nefarious puposes by bad actors.

    It's based on concepts of the old email bomb. Simply overwhelm the system with false, and out dated financial, personal, political, and sexually emabarrasing messages. This raises the signal to noise ratio of those types of messages so that no bad actor can be sure of the reliability of intercepted data of those sorts. If that was being done Anthony Wiener's twittered chotch shots would not have made news. Terrorist messages will not be affected because there are not as many people available to supply false or misleading messages to overwhelm the system, and those who try to do so will be flagging themselves as terrorists or terrorist sympathisers.
    Last edited by astrotech; 06-15-2013 at 03:31 PM.
    Lies have the stench of death and defeat.

  3. #3
    Senior Member astromark's Avatar
    Join Date
    Feb 2010
    Location
    Wanganui New Zealand
    Posts
    1,194
    Blog Entries
    1

    Default Re: Cybersecurity and Government Surveillence

    ~ another interesting subject.. Good on you 'astrotech'...

    I am of the view that none of this can hurt me.

    I am almost nobody. as in that I do not have a following.

    Am not a cult leader, not a politically motivated person., and I do not have aspirations to lead.

    I also have the view that the govt., agency that is responsable for our safty does need to know things.

    What sort of and how they attain ( obtain ) information that could be revalent to the securrity of us all.

    I have no interest in making the gathering of information diffacult.

    For the safty of us all I am a open book. I trust that information will not be used without due respect.

    My own past was punctuated by a war, and my views of some are mine.. I keep it that way. Mark Lee.

  4. #4
    Senior Member
    Join Date
    Oct 2011
    Posts
    1,951

    Default Re: Cybersecurity and Government Surveillence

    Given the nature of the data we know has been collected, "contact information", and the nature of the desires of the enemy, expensive weapons and activities, Then there should be significant "contact information" that points to and amongst money, weapons and bad actors.

    Do we see much terrorist enforcement along money lines? Like with drugs we know the money men are seldom busted and are involved in corrupting drug enforcement. So drugs and drug violence are still common on the street. Absent enforcement on the terrorist money men we still see terrorist violence common on the street.

    And we still see Anthony Wiener's weinner on the news. Just saw it mentioned on Jon Stewart the other day.
    Last edited by astrotech; 06-16-2013 at 01:33 PM.
    Lies have the stench of death and defeat.

  5. #5
    Senior Member
    Join Date
    Oct 2011
    Posts
    1,951

    Default Re: Cybersecurity and Government Surveillence

    Quote Originally Posted by astrotech View Post
    Simply overwhelm the system with false, and out dated financial, personal, political, and sexually emabarrasing messages.
    The way the reciever of the messages knows that a message is really from you and not a noise message from you is that you title the message with some data that is personal and true and some data the reciever and sender know is not true. For instance I might send a message to Obama. I title the message "here is that info for Michelle"s beautiful blond hair". Only someone who knows Michelle and that she doesn't have blond hair would know that's a real message. Or "Here's that info for kegger's Corvette. We both know Kegger is my dog and rides a van.
    Lies have the stench of death and defeat.

  6. #6
    Senior Member
    Join Date
    Oct 2011
    Posts
    1,951

    Default Re: Cybersecurity and Government Surveillence

    Quote Originally Posted by astromark View Post
    I am of the view that none of this can hurt me.

    I am almost nobody. as in that I do not have a following.
    Well you know, since you are such a nobody, doing nothing, going nowhere, and saying less, you probably don't know this so it bears repeating. Cops aren't corrupt because criminals are rich. Cops are corrupt because cops are cheap.

    This from someone who's been there done that and made so many t shirts about it you probably have one.
    Lies have the stench of death and defeat.

  7. #7
    Senior Member
    Join Date
    Oct 2011
    Posts
    1,951

    Default Re: Cybersecurity and Government Surveillence

    I agree with the government's claim that a profile of the motives and activities of people can be built from an analysis of their internet usage. So what profile of the government's motives and activities can be built from their pattern of internet use. Since there have been few news worthy arrests or killings of terroroist or criminal money men and there has been little reduction of terrorist, criminal, and general military violence then the system they built to track contacts is either not really usable for that and is only usable against us, or it is intended not to be used against terrorism and crime and is intended to be used against us.

    In my not so humble opinion it is beyond credulity that the system really isn't usable to ferret out criminals and terrorists. I know I could do it with that system and I'm no expert. Since they're not doing that my conclusion is that they intend to and are using it against us.
    Last edited by astrotech; 06-18-2013 at 11:11 AM.
    Lies have the stench of death and defeat.

  8. #8
    Senior Member astromark's Avatar
    Join Date
    Feb 2010
    Location
    Wanganui New Zealand
    Posts
    1,194
    Blog Entries
    1

    Default Re: Cybersecurity and Government Surveillence

    Regarding this serveillence of the people.. It's worse than most know..

    In this country ( New Zealand.) there has been a flurry of media hype regarding what and who is being watched..

    and what happens to that information gained.. who sees it ?

    They made it illegal to spy on a NZ citizen.

    Only forigne or immigrated, and we all found that was just a lie.. stupid.

    Sure we can all understand that a need is real that for the security of the people

    somebody needs to know what is being said and done and planed and talked about by persons of interest..

    'Dodgy bastards' is the term used most commonly round here..

    They must be watched, and yes we do need to have a police or security branch of internal affairs.

    A bunch of spooks... spies. security forces.

    Also it has become known ( leaked ) that by law a bank must inform police of ANY bank transaction ( electronic or real ).

    Over $10,k and All forigne transacions are recorded. Big Brother is Watching.. All the time..

    It is conceevable that our TAX dept., might know you have had a lotto win before you do...

    Our govt., dept., Shares this information with our friends.. Australia and the USA.

    ~ and despite all of this. I am not a conspiracy thiery supporter. I actualy think this is fine.... We are safe because of it.
    Last edited by astromark; 06-19-2013 at 01:27 AM.

  9. #9
    Senior Member
    Join Date
    Oct 2011
    Posts
    1,951

    Default Re: Cybersecurity and Government Surveillence

    General Alexander lied through his teeth yesterday. Based on his parsing of the word "can't", based on his misleading statement that there was no technical capability to tap a phone or open an email with the flip of a switch. Did you see him twiching and blinking while he lied?

    He "can't" tap a phone or open an email...(now the truth) unless he has a court order. Then he can. Not with the flip of a switch. But with the flip of several switches. Eventually there is a switch that starts the phone tap or email opening.

    He lied to anyone with even a little computer savey. He was preaching to the choir. To the people who, even though they know he was lying, are willing to take his side, his word, and "trust" him in evading his lie on the basis of his parsing of the words and statements. The people who, and I'm sure you've met some, deny the truth no matter how you prove it, and make the now hacknied claim that it's just your opinion and yours is no better than theirs. He lied to congress.

    He told the enemy that he is perfectly willing to baldly lie to congress, to us all, to pander to his choir, to the ignorant, to anyone willing to go along to get along. He told our enemy that he is also our enemy.

    Once I told a friend of a friend that I didn't trust him. He was offended. He asked me why I didn't trust him, what he had done. I told him that he had told me many times that he didn't care what was going on. That he didn't care what the truth is. I said; "You tell me you don't care what the truth is and I'm supposed to trust you?!" Well he understood my distrust then. He eventualy slithered out of that circle of friends. I don't play that game. Fortunately there are a lot of people in this world who don't. They are usualy good looking, and frequently unusually good looking, and fun. I don't want for good friends.

    I don't lie to people who can't handle the truth. I don't lie to people who don't want the truth. I lie to people who don't deserve the truth. I don't have to lie that much because, while vocal, those who don't deserve the truth are really very few. I lie. But I'm very well trusted.
    Last edited by astrotech; 06-19-2013 at 02:59 AM.
    Lies have the stench of death and defeat.

  10. #10
    Senior Member mugaliens's Avatar
    Join Date
    Sep 2008
    Location
    Colorado Springs, CO
    Posts
    1,333

    Default Re: Cybersecurity and Government Surveillence

    Quote Originally Posted by astrotech View Post
    In the hearings about surveillence certain questions weren't asked. They weren't asked due to ignorance of computer capability, ignorance of law and ignorance of the uses to which the surveilled data (telephone and internet metadata) can be put.
    As a networking security consultant, I'd like to touch briefly on these three issues, just to open people's eyes as to "what is." All too often, people mistake fiction for fact, and the fiction then becomes the basis of their arguments. All sources for the information I share below are found on several to many reputable Internet websites.

    1. Computer Capability.

    A. Telephonic interception: Yes, the government really does have the capability to listen in on every local and long-distance telephone call. No, they do not do this in real-time, unless you've somehow highlighted yourself as a credible threat with the likelihood of causing serious harm in the near future. Instead, they translate everything into a text file (think Dragon Naturally Speaking on steroids) that's a part of a database. Voice snippets are taken for potential future analysis, as well. For Phase II they have linguistic analysis programs which create various indices, such as overall threat level, how likely it is to occur in the near future, threat of bombing, threat of shooting, language, location, voice stress, anger, level of subterfuge (using code words which don't make sense in normal conversation), etc. Phase III cross-indexes the results with previous results from that number, and creates additional indices, such as whether the threat is increasing, decreasing, or changing in nature. Phase IV involves cleanup. If the threat is minimal or nonexistent, much of the data is wiped. They'll keep the indices, as they're tiny, yet provide good trend information should things change. Throughout, there's an overriding control program, which flags certain types of content, based largely on the indices, for further analysis, including, if necessary, human analysis. Even then, the vast majority of that just turns out to be people blowing off steam.

    If you want to encrypt telephone conversations, see this Forbes article entitled, "Encrypt Your Phone Calls" (Encrypt Your Phone Calls - Forbes). As they claim, "Code your phone calls and all the wiretap warrants in the world won’t allow the FBI to listen in." For a practical implementation, see the Zfone project: Zfone Project Home Page

    B. Internet interception: Most things are clear-text, so it's a no-brainer - f course they intercept traffic.

    C. HTTPS: More and more Internet traffic is going this way, even for regular e-mail. You can set up entire websites, even message forums, using SSL/TLS, too. The FBI refers to this as the "darkening of the Internet." No, HTTPS is NOT secure, but only if you're behind a proxy server over which you have no control. Steve Gibson explains how that's intercepted (https://www.grc.com/fingerprints.htm), along with what you can do about it.

    D. E-mail: If you want to secure your e-mail, your best bet is to use a proprietary system which employs a secure connection (SSL/TLS), digital signatures for sender/recipient authentication, message encryption (AES-256), and repudiation (mandatory received/read/trash receipts). I've set up my own e-mail server which does just that, not for trying to get around any government intrusion, but for specific financial matters involving family members, as we're spread out all over the U.S., and it beats the snot out of paying FedEx every time someone updates their will or trust documents. On top of all that, we encrypt documents before sending them as attachments.

    2. The Law.

    Put simply, the Fourth Amendment to the U.S. Constitution does indeed require a warrant, based "upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." Law enforcement agencies who have no respect for the Constitution or the principles upon which it was founded have tried to worm their way around this restriction for decades, but the courts have continually upheld it applies to electronic communication, regardless of whether or not that communication is encrypted. Their benchmark is a "reasonable expectation of privacy," and the way they figure, if a sender posts something on a public forum such as this, there is no reasonable expectation of privacy, but if the send sends an e-mail to a particularly receipient, there is a reasonable expectation of privacy. Same goes for phone calls. This is why nearly all state wiretapping laws require one party, if not both, to a communication of any type to know that it's being tapped or recorded before they're allowed to do so without a warrant. In all 50 States, all third-party interceptions require a warrant, even to merely peek or listen.

    Thus, if a law enforcement agency is peeking or listening in without a warrant, they're breaking the law. This is WHY federal law requires all members of our federal government, department and agency heads, law enforcement officers, and members of the military to take an oath of office to "...support and defend the Constitution of the United States against all enemies, foreign and domestic..." It won't make them toe the line, but hopefully it both gives them pause for thought before commit a criminal action, and it instills checks and balances in the form of others who've taken the oath who would turn you in if you were committing crimes by violating people's Constitutional rights.

    3. Uses for illegally obtained data.

    I won't belabor this point, but I will say the most often cited reason as to why various agencies break the law is that "the ends justify the means." In response to that, our Founding Fathers would say "PHOOEY" and start loading their muskets. They, along with many Americans, were quite serious about keeping private matters private, regardless of who thought they might have a justifiable reason to know the information. In their estimation, along with mine and that of many Americans, if they don't have a warrant, based "upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized," they should not have any access to my computer or any electronic correspondence of any type between myself and others.

    The rest of my post is devoted to responses to your points.

    To illustrate here a ficticious scenario based on the movie "Wall Street". Sir Wildman, an investment banker, makes contacts with Anaconda Steel. By following Wildman the stock analist, Bud Fox, was able to conclude that Wildman is taking over Anaconda Steel. With this inside information the Raider, Gordon Gekko, buys a lot of Anaconda Steel foiling Wildman's takeover of Anaconda Steel. Wildman has to pay Gekko a premium price for the stock to complete his takeover costing him more to do business. With the extra money Gekko cost him Wildman could have modernized the company and it cost the company jobs.

    To get the inside information Bud Fox followed Wildman on a motorcycle and asked some airport personel about where Wildman's plane was going. With the surveillence data collected by the government a bad actor could do the same thing.
    Public activity is not considered private. For example, if I take pictures of people in the crowd at the Colorado Balloon Festival, so long as an individual isn't the principle subject of my picture, I do not need a release form from them. Similarly, videotaping a traffic stop made by policeman is not a violation of any law or the cops' rights, either, regardless of what they may tell you. They can require you to remain back a certain distance, but if they try to stop you from video-taping altogether, or worse, if they arrest you for video-taping, you can sue them, an action which most videographers have won in the courts.

    Reliance on the privacy of this "private" information is crucial to the functioning of our economy. Since there is no way for this information to be kept private under government surviellence once collected the only options are; to stop the collection of the data, or make penalties for misuse of the data so severe that private reliance on the security of inside information is reassured.
    The key is to stop the collection before it takes place. While it may not be a "piece of cake" to implement secure messaging systems, it's entirely doable, and using free tools, as well. For example, Mozilla's Thunderbird supports SSL/TLS and security certificates for encryption and authentication, as does the standard e-mail server associated with my domain. In addition, I can encrypt documents using a variety of methods, including methods it would take certain three-letter agencies trillions upon trillions of years to crack.

    For free. Well, except for the e-mail server. I pay a little more than $5 a month for the domain hosting which supplies that.

    As for penalties for misuse, I'm of the firm opinion that every leak from the government should be the one thing that is exempt from journalistic privilege (never revealing sources), and for good reason: It's become commonplace. The only way to stop the leaks is to criminalize them, including any cover-ups to hide the source of the leaks. The only ones with immunity should be those who pony up and say, "So and so leaked me the information." If they then turn around and print it, they should be held accountable, as well. It should be a felony, with a minimum 2-year prison term, maximum of 10, just for violating people's privacy. Those who initiated the leak should get the maximum.

    A model of penalties can be drawn from the penalty considerations regarding railroad security or postal security. Since our economy and industry is reliant on the low cost of rail and postal transport and since rail and postal transport is physicaly vulnerable to piracy the penalties for breaking security of said transport is greater than breaking security of other secured places. Such should be the model for breaking security of phone and internet communications. Since the government has the legal power to break said security as part of its broader security arrangements the penalties for misuse of government collected data should be higher than for misuse of secure data collected by other means.
    Agreed.
    My oath of office never expires. "God, who gave us life, gave us liberty. Can the liberties of a nation be secure when we have removed a conviction that these liberties are the gift of God?" - Thomas Jefferson. "I have far too long suffered fools. No longer will I tolerate the insufferable. Enjoy the vacuum." - Mugs

    PS: I scrambled my password, so no, I will not be responding. Get a clue.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •