My Thoughts on the Prism Flap June 8, 2013
Not Happy
Okay, the it's official, the US Government is collecting all data communication metadata. This is not what a government that cares about its citizens does.
Also, apparently, the NSA/FBI is running queries on cloud data in a program called Prism. Once again, not something that a Constitutional Democracy does.
Yes, we all suspected something like this was happening... but knowing that the US Government is behaving unconstitutionally makes me sick.
Why the Leaks Now?
My guess is that the Chinese knew what the US was doing. Given that Obama and China's Xi Jinping are meeting in California this week... and Obama was supposed to get tough on China about Internet freedoms. I'm thinking that the Chinese timed the leak so that it cuts the legs out from under Obama. Thanks, guys.
Why the Sweeps Now?
The Verizon meta-data sweeps I think are an attempt to roll up Anonymous.
I'm just guessing, but I think when Anonymous went nuclear on the US Government, someone said, "okay... let's get tough" and tough they got.
What's this got to do with Metadata?
Patterns, baby.
Basically, if you know who called who, and from where (this is the information that the metadata provides), then you can figure out a network.
Even if people are using burner phones, most humans are creatures of habit. So, they take the battery out of their burner when they are not using it. But they use the burner from 4 or 5 locations.
So, what kind of metadata do you look for? Basically, you look for new phones popping up in a given set of locations (we know that @dpp uses his burner cell from Golden Gate Park, the SF Zoo, and near Whole Foods in SOMA, so let's look for brand new cell phone usage from those locations that are connecting with brand new cell phones (ones we've never seen before) in other locations. Especially if the new use is periodic (new set of phones every 10 days).
So, if' the government is watching me, they can look at my patterns and then they can roll up my network using the location and call information from my burner phones.
If you watch The Wire, you'll see some of this. But if you give me the cell towers, the IMEA numbers from the phones, the phone numbers, and activation dates and locations for the phones, I can tell you which ones are used as burners. Connect that with a little bit of physical intelligence (we suspect @dpp of being part of Anonymous [no, I'm not] and we know @dpp's physical locations because we've been tailing him... now we know @dpp's network.) Oh, I can can run this correlation for less than $20M... although I would not conspire with the government on this for any amount.
It doesn't matter if the government is listening in or not. It's all about the (dare I say it), big data. And quite frankly, unless the government has convinced a judge that they suspect I'm doing something wrong, then it's none of their business if I come and go, who I call, if I have a burner cell, who I associate with (online or in the real world) or any of that other stuff. I am presumed to be innocent and must be treated that way... as is everyone else on American soil.
The AP Leaks as a By-Product
Another guess... I'm guessing that with the metadata, the nominal Justice Department can continue to look for the network of whistle-blowers. This is basically a was for the US Government to figure out who's talking to whom and to harass these people into not "getting too bold."
Saving Lives
One of the lame excuses used by some idiot Republican is that the Prism program may have found one terrorist plot and may have saved an American life. At what cost?
Want to save 19,000 lives a year, stop blocking ObamaCare.
Or inspect fertilizer plants regularly.
Yep... take three days cost of fighting the "War on Terror" and spend that same amount taking care of Americans who are down on their luck and you'll save a whole ton more American lives.
Risks
I lost friends in 9/11. I've also lost friends to private plane accidents, cancer, heart attacks. I lost my father to over-prescription of antibiotics. We live in a risky world. It's about managing risks.
So, what's the risk of the Government knowing every that we do? What's the risk of the Government tracking our movements... knowing our friends?
How about we ask Robert Bork. The idea that someone would leak his video rental history led to a Federal law on the subject. Even the Supreme Court does not look kindly on tracking citizens via GPS. And of course, we all have something to hide.
But if Obama and Holder and Congress and the CIA and the NSA think that law abiding citizens should not worry about surveillance, how about they all disclose their phone records and bank accounts and whereabouts? How about they all publish all of their emails for everyone to see? Think they will. "There are national security issues at stake" they will say. So, they are in a different class from the rest of the citizens of the US…
What's the risk of the government knowing that someone had dinner with an old girlfriend? Well, as leverage against that person, it's powerful. "Please do a less than optimal thing for us or we'll tell your wife that you had dinner with an ex-girlfriend." Once the person does the bad thing, the government owns them.
Have we seen this recently? Yeah... take a look at what happened to David Petraeus. What do you think the chances of Petraeus getting taken down was an inside job from some other folks in the Government? I think the chances are pretty high. And keep in mind that this is just the tip of the of iceberg.
And of course, if you refuse the NSA, you get put in jail. And the Government is now in the business of trumping up terrorist charges against nuns
We've seen this movie before
Keep in mind that we're having a discussion about handing over our communications and whereabouts to the same idiots who brought us Osama bin Laden.
Yep... the whole CIA/NSA "we can't tell you what we're doing, but we're keeping you safe" bunch of fools are the same ones that gave bin Laden weapons and trained him and his forces to fight against "The Soviet Threat."
Come on... these guys get it wrong every single time. They are not going to get it right this time.
They are complete idiots
The TSA... those honest, hard working folks who are supposed to protect us and our travel networks can't even secure their own data and routinely hire thieves.
Do you think, for a moment, that the aggregated communications data that the Government is collecting is safe? I don't. The Chinese probably already own that information. Anonymous? Yeah, them too. Probably a bunch of people who are selling the data for nice, convenient blackmail purposes.
Meanwhile, if you want to be secret
So, people who expect privacy like we used to have on phone calls are not going to go through extraordinary measures to keep their communications safe. But people who care, can.
Documents
If you want to distribute documents securely, you can use BitTorrent Sync. Yes, there's a key exchange problem... but that's easily solved with a USB key in a dead drop or a Steganography image on a web site.
And if you don't trust BTSync, there's Freenet which was designed from the ground up to be a secure network for distributing documents.
Want to distribute a secret plan via documents, use BTSync or Freenet. No need to send via email or use a shared email account and draft messages. No, the average person who is having an affair might not choose these technologies, but any terrorist who can read will.
Browsing
Want to keep your browsing secure, use Tor. Yep, you too can download a tool to make it a whole lot harder to figure out who is browsing to what web page. Want to open an anonymous web mail account and be sure nobody can tell where it's being used from, use Tor. This is even something that someone having an affair can do... especially if she's sending threatening emails to people.
Voice
Secure untraceable voice communications is a whole lot more difficult. Yes, you can set up your own SIP server. But the audio channels for SIP are not encrypted by default. Want to crack a SIP network? There's an app for that Plus, you've got the hub and spoke problem. What's the problem? Assume one party has been compromised. Then they engage in a SIP-based call. We now know where the SIP server is and we can trace traffic to/from that server and get an idea of who is signaling via that SIP server. And SIP audio is point-to-point so all we need to do is figure out where the SIP UDP packets are going.
Oh, and Skype is owned.
Plus, burner cell phones are pretty much useless.
I don't think there's a usable real-time voice technology that can't be traced... although I'd love to be wrong about that.
IRC
I don't know how Anonymous does their secure IRC chat... but they seem to be doing it successfully... so we can do secure text-based chat.
Don't trust anonymizers
But don't trust anonymizer services. They are probably all just owned by the CIA or other governments. Kinda like honey pots. Unless it's open source and you can review the code and build it yourself, don't trust it.
Anyone who wants to keep a secret...
So, anyone who wants to keep a secret can. The only folks who this massive sweep will hurt are the not-terrorists. We can assume the terrorists are smart... like the organized criminals are smart. It's only the folks with low-level secrets who don't really think they are being watched who will get caught up in a Prism/Verizon Metadata style sweep.
Put another way, if you're smart enough to be planning a nuclear attack on the US, then you can spend a couple of days in a bunch of coffee shops with a Tor browser researching how to keep stuff secret and then use those protocols to communicate.
The loners...
But a massive sweep isn't going to find the next Sandy Hook shooter, the next Columbine wackos, or the next group of fools with gun powder and a pressure cooker. Nothing is going to stop someone who wants to kill 1 to 50 people. Folks, it's easy if you've got the will to do it (that's the hard part). These sick and demented needles will never be found in the haystack, even if we burn the haystack down.
What do I Think Should be Done?
I think:
- A long time ago, encryption was considered munitions. If we think that, encryption should be protected by the Second Amendment and be given the same regard by the courts and the legislature as the rights we afford to carrying firearms.
- The Fourth Amendment came about because King George was evil and created 'writs of assistance'. He was evil in the way the US Government is being evil today and writs of assistance sound a whole lot like the open-ended data vacuuming warrants issued by the FISA Court. No, the Government isn't breaking down our doors and riffling though our papers... they are being more subtle, but just as destructive. This is a replay of history and our strict constructionist judges should be taking note.
- We should impeach Obama, Holder, Judge Vinson, and anyone else who is participating in the "we're notifying the Congress but swearing them to secrecy so they can't legislate on the issue" re-balancing of power away from the legislature and the people. While I'm a huge anti-fan of impeachment, I think what's going on is why we have impeachment. I think what Obama is doing (and what George W. Bush did) is far worse than what Nixon did.
- We should make all laws open. Period. No secret laws. None.
- We should, as a country, remember that we win by being patient and behaving right.