It is pretty amazing that nearly all of the western first world nations agree on one thing...they are pretty ok with KGB style spying or monitoring of their citizens. It doesn't seem to matter if they are on-the-fence-socialists, outright socialists, or dyed-in-the-wool capitalists.
And that they cooperate to avoid legal difficulties of spying on your own citizens.
ECHELON was a group of 5 nations. The US couldn't spy on Americans, so the US would give a list of names to the other four nations who would do the spying on those people.
The industrial espionage that happened because of ECHELON is amazing too.
Really? I'm curious about what countries allow this kind of thing, since I haven't heard of it outside of the US, Britain, Russia, and only a select few other countries. Can you really generalize it to "nearly all western first-world nations"?
I've come to think of it in economic terms. Some incredibly valuable companies -- Google and Facebook come to mind -- are built around nothing more than the economics of your personal information and mine. Seemingly innocuous information has proven to have great commercial value, and that's also why the government is so interested in accumulating it. If your preferences, vital statistics, purchases, and opinions were valueless, Google and Facebook wouldn't want to know anything about them, and neither would Uncle Sam.
1.7 billion per day is a fraction of US texts and phone calls. Rough numbers I can find are:
* 5B texts / day
* 3B phone calls / day
(better numbers appreciated)
I would have expected the fraction to be either less than 1% (because they're targeting intelligently) or more than 95% (because they store almost everything).
The strangest thing about the NSA is how dependent they have become on contractors (just like the rest of the military, and government), especially for IT/ops stuff. The actual cryptographers and cryptanalysts are GS employees, but most of the computer systems used by the NSA seem to now be run by contractors.
I trust GS employees a lot more, in the long run, to have US national interest as the highest goal. Sure, they're less efficient in a lot of ways, and get great benefits, but I think that's an acceptable price to pay.
Interesting post/numbers, but I have to say that honestly, I don't care that much about surveillance. I've resigned to the fact that on a statistic level, I'm being watched. I don't care. I have nothing to hide, and if I did, I'd use SSL/Tor...problem solved.
People forget that the interwebzzzz is a public network. Anybody can connect, and it's fairly easy to set up a sniffer and grab info from people. You don't need to be the NSA. Also, cell phones are sending their signals through the air. You don't even have to splice a cord. If you want private calls, use a landline.
People want to have the comfort of complete anonymity but also have the conveniences that comes with using the least private forms of communication. Pick one or the other, and understand the trade-offs.
Another thing, the NSA doesn't give a rats ass about you. They're looking for specific patterns/keywords that set off "hmm we should listen more closely to that call" triggers. They don't care what you had for dinner or that your grandpa just had a heart attack. In fact, very few people do.
People want to feel special and unique, which I feel like is the main source of the sensationalism around privacy issues, but honestly, nobody but your close friends/family cares about your secrets or what's going on in your life. I guarantee the NSA doesn't either.
>I have nothing to hide, and if I did, I'd use SSL/Tor
The NSA is probably the one agency TOR wouldn't protect you from. I would be very surprised to learn they weren't operating or had compromised, if not a majority of the TOR exit nodes, then at least enough to render it vulnerable. They have the resources, the know-how, the mandate, and the motivation.
Isn't that what HTTPS if for? I guess you'd probably want to make sure the server was using perfect forward secrecy too but even without it you are significantly safer.
As for patterns and keywords, your "guarantee" is pretty shallow and baseless. A reasonable time i guess to quote Niemöller:
First they came for the communists,
and I didn't speak out because I wasn't a communist.
Then they came for the trade unionists,
and I didn't speak out because I wasn't a trade unionist.
Then they came for the Jews,
and I didn't speak out because I wasn't a Jew.
Then they came for me
and there was no one left to speak out for me.
Sorry, I don't quite understand how sending data over public networks and expecting to be monitored (either by government or corporate entities) equates to the rise of the nazis.
Kinda sad to see parallels made between these two on HN.
Black Hat USA 2009: Realistic probabilities in modern signals intelligence[1] attempts to provide a more realistic prediction of what could be possible. The paper is structured in a similar way to how Physics and Technology for Future Presidents[2] arrives at the physical limits of remote sensing satellites.
comScore qSearch reports that US Internet search traffic to the top 5 search engines (Google, Yahoo, Bing, Ask, AOL) is on the order of 20 billion per month or 7,600 searches per second averaged across the day[3].
You'd only need a few cheap off-the-shelf servers to process and store all of that information for eternity. See [4] for example performance figures for inserting data to a PostgreSQL database on a single server (not even using fancy sharding techniques). The C10K problem[5] is also worth noting in this context.
The reason I use search traffic as an example is that it is very high value -- it doesn't just capture what people are reading or doing, it captures what they're seeking to read and do (motivations, desires). It's also a very compact data stream and requires little or no processing and analysis. DNS query traffic, registers of source and destination phone numbers, etc also provide cheap, valuable data.
Whether or not the NSA is looking at this kind of data is of little concern when compared to what the commercial world could use this data for. The NSA has a strong incentive not to use their power too widely or they will tend to lose any advantage gained. The commercial world has a similar incentive to act with restraint -- they want to avoid being regulated by new privacy laws. The ACLU's stance fails to make consideration towards these incentives for restraint.
> Whether or not the NSA is looking at this kind of data is of little concern when compared to what the commercial world could use this data for.
And don't most privacy laws protect citizens against spying by the government, but not against spying by the 3rd parties (companies, other citizens). So isn't there an obvious loophole -- the govt just relies on commercial companies to provide it all the captured information. They wouldn't even need special "patriot act" laws for that. Isn't that what ChoicePoint is doing?
Fun facts about the NSA:
1). There were limits imposed on teaching encryption techniques by the NSA. These limits were taken away in the early 90's. I have read this in military technology books at my school, but sadly I can't find any online sources. I'm pretty sure they were legit (they were in the military science section) but my failure to find other support is making me question myself.
2). The existence of _NSAKEY
3). Differential cryptanalysis was withheld by/from academia (but NSA strengthened DES against it)
4). The NSA has made severe investments into probabilistic CPU's, and enjoys tricking others into believing they are focusing on quantum computers. NTRU and other encryption standards most likely exist that are already strong against Shor's algorithm. The benefits and cost of a qc make it a very big in-joke.
In no way do I doubt that the NSA has the best intentions for the USA. But, I do have doubts about whether or not their beliefs, and how they impose their beliefs, might be actively discriminating against things that could rise the tide for everyone. I think that sharing technology will always be seen as a form of dissidence and aiding the enemy, while I guess I'm stuck believing that transparency and the sharing of knowledge are all we can do to help others question themselves. The need for security and the desire to predict the moves of others can make one scared of stepping openly and boldly towards what is best for all. I hope they are sleepless not out of fear of the enemy but out of fear of becoming their own enemy. I don't doubt most already are, but I have a habit of getting quite sad when I think about what wonders they hold from us all.
But who am I but another armchair idiot with an internet connection.
This reminds me of an amusing anecdote from PGP's Wikipedia article:
"Zimmermann challenged these regulations in a curious way.
He published the entire source code of PGP in a hardback
book,[12] via MIT Press, which was distributed and sold
widely. Anybody wishing to build their own copy of PGP could
buy the $60 book, cut off the covers, separate the pages, and
scan them using an OCR program, creating a set of source code
text files. One could then build the application using the
freely available GNU Compiler Collection. PGP would thus be
available anywhere in the world. The claimed principle was
simple: export of munitions—guns, bombs, planes, and
software—was (and remains) restricted; but the export of
books is protected by the First Amendment. The question was
never tested in court with respect to PGP. In cases
addressing other encryption software, however, two federal
appeals courts have established the rule that cryptographic
software source code is speech protected by the First
Amendment (the Ninth Circuit Court of Appeals in the
Bernstein case and the Sixth Circuit Court of Appeals in the
Junger case)."
The subject, however, isn't looked at enough in America. I remember being shocked the first time I read about what the NSA does in this New Yorker piece: http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_...
I highly recommend reading it if you're at all interested in this. Fantastic reporting.