The dangers of our new normal...

[GG]

http://www.nytimes.com/2015/06/05/us/hunting-for-hackers-nsa-secretly-expands-internet-spying-at-us-border.html?rref=homepage&module=Ribbon&version=origin&region=Header&action=click&contentCollection=Home%20Page&pgtype=Multimedia&_r=0

 

Any particular reason you picked those quotes and not the ones in favor of that program, especially the ones which talk about the program looking for agents of foreign governments?

 

Since you're smart, who's supposed to be tracking infiltration of private US Internet accounts that were hacked by foreigners?

 

Good timing by NYT especially in light of a big hack by the Chinese yesterday.

[Rob's House]

Wasn't an answer, it was an observation.

 

We will have robots in a decade or so. I imagine someone will be charged with the crime of having their robot murder someone. Just a thought

Oh, an observation. Who the !@#$ are you, man; Isaac Newton?

[Deranged Rhino]

Oh, an observation. Who the !@#$ are you, man; Isaac Newton?

Either Newton or Will Smith based on his iRobot plot-line rip off he tried to pass off as a deep intellectual thought.

[ICanSleepWhenI'mDead]

Any particular reason you picked those quotes and not the ones in favor of that program, especially the ones which talk about the program looking for agents of foreign governments?

 

TBD moderators will edit down posts if you quote too much of a copyrighted source, so I picked a few that seemed most pertinent to this thread (which focuses mainly on N$A collection of data on US citizens). I did however, bold the word "international" in one paragraph to emphasize that in this instance, the data collection on US citizens was an indirect consequence of N$A activity.

 

The link allowed you and others to read the entire article if you wished.

Edited June 5, 2015 by ICanSleepWhenI'mDead

[GG]

 

TBD moderators will edit down posts if you quote too much of a copyrighted source, so I picked a few that seemed most pertinent to this thread (which focuses mainly on N$A collection of data on US citizens). I did however, bold the word "international" in one paragraph to emphasize that in this instance, the data collection on US citizens was an indirect consequence of N$A activity.

 

The link allowed you and others to read the entire article if you wished.

You decided to pick five quotes, and they all were from the same point of view.

 

Just an observation

[ICanSleepWhenI'mDead]

You decided to pick five quotes, and they all were from the same point of view.

 

Just an observation

 

 

Fair enough. My general point of view is that we have to guard against giving up civil liberties in the name of seeking more security. That's how you eventually wind up with things like the Japanese internment camps in WWII. Not a good trade-off if the increased security winds up being illusory. Debatable if it's a good trade-off even if the increased security is real but the avoided danger would not have been fatal to the nation.

 

OTOH, there's clearly a place for N$A monitoring of the activities of foreigners in the name of national security, and I don't have any easy answers for how to handle the issues that arise when data on American citizens who are minding their own business gets scooped up in the process of trying to identify and protect against foreign hackers, some of whom are agents of foreign governments.

 

I follow this thread in part because I want to be more informed about how to evaluate the civil liberties/security trade-offs that we face as a nation. I suspect that the country is strong enough so that if we initially err on the side of too little security, we can go blow the *!%@ out of our enemies if need be. But if we err on the side of giving up too many civil liberties, we risk never getting them back, especially if the government encroachment on those liberties occurs in secret.

 

If that's bias, then I'm biased.

 

How do you feel about the current balance between civil liberties and security, and where the biggest dangers lie?

[....lybob]

You decided to pick five quotes, and they all were from the same point of view.

 

Just an observation

Oh, an observation. Who the !@#$ are you, man; Isaac Newton?

[Deranged Rhino]

The Elephant in the Room:

 

 

“Because of Edward Snowden, there’s a perception -- which is not true -- but there’s a perception that we’re invading people’s privacy,” Sen. Bill Nelson (D-Fla.), explained last month. “This would presumably take care of that,” he added, referring to the USA Freedom Act, which he voted against in 2014 but now supports as a better alternative to a complete lapse of the Patriot Act.

Nelson isn’t the only Washington lawmaker who has struggled to articulate Snowden’s influence on the debate that has kept senators up late and away from home for two weekends now. It’s hard to give credit to someone you want imprisoned. But on Sunday night, as tempers frayed, vote-counters strategized, and Rand Paul talked, senators could no longer avoid talking about the ex-NSA contractor’s disclosures.

“It’s why we’re here,” Bob Corker (R-Tenn.), the chair of the Senate foreign relations committee and a fierce NSA defender, said of the Snowden disclosures. “People began creating a myth around it. That did occur. The public discourse around it created a myth about what this program is and what it isn’t.”

http://www.huffingtonpost.com/2015/06/01/snowden-nsa-patriot-act_n_7485702.html?ir=technology&ncid=fcbklnkushpmg00000042

[DC Tom]

The Elephant in the Room:

 

 

http://www.huffingtonpost.com/2015/06/01/snowden-nsa-patriot-act_n_7485702.html?ir=technology&ncid=fcbklnkushpmg00000042

 

They want to pass the "USA Freedom Act" to pass the "USA Patriot Act?"

 

That is the most pandering thing I've ever seen.

[GG]

 

 

Fair enough. My general point of view is that we have to guard against giving up civil liberties in the name of seeking more security. That's how you eventually wind up with things like the Japanese internment camps in WWII. Not a good trade-off if the increased security winds up being illusory. Debatable if it's a good trade-off even if the increased security is real but the avoided danger would not have been fatal to the nation.

 

OTOH, there's clearly a place for N$A monitoring of the activities of foreigners in the name of national security, and I don't have any easy answers for how to handle the issues that arise when data on American citizens who are minding their own business gets scooped up in the process of trying to identify and protect against foreign hackers, some of whom are agents of foreign governments.

 

I follow this thread in part because I want to be more informed about how to evaluate the civil liberties/security trade-offs that we face as a nation. I suspect that the country is strong enough so that if we initially err on the side of too little security, we can go blow the *!%@ out of our enemies if need be. But if we err on the side of giving up too many civil liberties, we risk never getting them back, especially if the government encroachment on those liberties occurs in secret.

 

If that's bias, then I'm biased.

 

How do you feel about the current balance between civil liberties and security, and where the biggest dangers lie?

 

As my signature indicates, I'm far more concerned about the actual abuses of power that are emanating from DC than the hypothetical ones. Unfortunately, the press is far more concerned about the potential abuses and totally ignores the actual ones.

 

I'm not exorcised about NSA's metadata collection program because to me, collecting routing data is similar to the government taking pictures & videos of roads. The government has a far greater collection of my actual habits by storing EZ-Pass data and pictures of my car & license plate crossing bridges, tunnels & roads. That is far more intrusive than my phone number being part of hundreds of millions of phone calls that are thrown into a correlation matrix to see if there's a pattern.

[Tiberius]

 

As my signature indicates, I'm far more concerned about the actual abuses of power that are emanating from DC than the hypothetical ones. Unfortunately, the press is far more concerned about the potential abuses and totally ignores the actual ones.

 

I'm not exorcised about NSA's metadata collection program because to me, collecting routing data is similar to the government taking pictures & videos of roads. The government has a far greater collection of my actual habits by storing EZ-Pass data and pictures of my car & license plate crossing bridges, tunnels & roads. That is far more intrusive than my phone number being part of hundreds of millions of phone calls that are thrown into a correlation matrix to see if there's a pattern.

But what about the argument that social movements will never get going because the government will crush them with this?

[Deranged Rhino]

 

As my signature indicates, I'm far more concerned about the actual abuses of power that are emanating from DC than the hypothetical ones. Unfortunately, the press is far more concerned about the potential abuses and totally ignores the actual ones.

 

I'm not exorcised about NSA's metadata collection program because to me, collecting routing data is similar to the government taking pictures & videos of roads. The government has a far greater collection of my actual habits by storing EZ-Pass data and pictures of my car & license plate crossing bridges, tunnels & roads. That is far more intrusive than my phone number being part of hundreds of millions of phone calls that are thrown into a correlation matrix to see if there's a pattern.

 

The bulk collection is collecting far more than just your phone calls. Far more. Every email, every text, every search engine query, where you shop, how much you spend, all of your banking habits -- it's not just phone calls.

[Rob's House]

But what about the argument that social movements will never get going because the government will crush them with this?

If you spent half as much time trying to understand the point as you did actively trying to misunderstand it you'd be utterly humiliated by your contributions to this thread. Although you did make it very entertaining for the rest of us.

[GG]

 

The bulk collection is collecting far more than just your phone calls. Far more. Every email, every text, every search engine query, where you shop, how much you spend, all of your banking habits -- it's not just phone calls.

 

This is the first I'm hearing of this. Link, proof?

[Deranged Rhino]

 

This is the first I'm hearing of this. Link, proof?

 

They are scattered throughout this thread. There are pages devoted to it.

Give me some time I'll give you a list of the most pertinent when I'm done w work today.

[OCinBuffalo]

For the last time: "Bulk" collection can be defined as any more than 1 record. Thus, it's a cliched, nonsense argument. Why are people with no clue how data warehouses are constructed, never mind used, pretending they are authoritative on this issue. Snowden is certainly no authority.

 

I am. When I tell you that "bulk" isn't nearly as important as the data model, what touched the data, and NSA's methodology, that's the definitive answer, period. And, of course it isn't "just phone calls". Collecting just phone calls is called: incompetent. When looking for patterns, often we have to include dimension after dimension of seemingly unrelated data, from many sources. The right way IS calls, texts, bank, credit, whatever we think will produce a pattern.

 

That's the point of the entire F'ing exercise: we don't care about the raw data itself, except when it produces a pattern that we can process into information, or in this case "actionable intelligence". Only then do we look at the specific fields within the records that fit the pattern. Up until that point its just a bunch of records, and we only care about their IDs.The very last thing we want is inspecting field values out of turn. That leads to bias.

 

Verizon has ALL call and text meta-data. It had it before the Patriot Act, now, and they will still have it if 100% repealed, so WTF? If I'm the NSA guy doing this, I don't need garbage cluttering up my warehouse that I use to find the bad guys. Doubly so if I can go get a clean set of raw data from Verizon, with a FISA warrant, whenever I need. If I am incompetent/stupid/compromised by another agenda, then yeah...I want all the records now and forever. That's where professional IT management, Congressional oversight, and Executive oversight come in, and fire me.

 

Also, once you get past 10k records in most tables/collections, if your "algorithms"(used for simplicity here) are terrible, it doesn't matter of there's 10k or 10mil. You are going to have a slow, ****ty system, that produces 0 results, or worse, false ones. So once again, the amount of "bulk" is irrelevant when compared to: competence.

 

Garbage goes in the trash. If you NEVER took the garbage out at home? Sooner or later you can't even make it to the bathroom. Ever seen a "hoarders" show? Data works the same way. Yes, some dopey clients begin as "hoarders" who want everything. I can totally envision some jagoff ordering the NSA to do that. But, over time even the biggest jagoff always learns their lesson: Usually only takes 1, 500+ page report, and delivering it in front of their peers, to condition their behavior.

 

Moving on, attempting to watch all things at all times == FAIL. By definition, you can't establish patterns if you never narrow the raw data result set beyond "all calls in North America every day, all the time". That's not how this works at all. In fact, that kind of data is practically guaranteed to give you nothing, or false patterns. All the extra garbage causes higher propensity for errors, and error margins, which can easily cause a pattern to be obfuscated.

 

Seriously, I'm quite tired of hearing incompetence run the show in this thread. There is a right way to do targeted data collection, extraction, transformation, loading, and then analysis. We do NOT KNOW if they NSA is doing it right. And they shouldn't tell us, because doing so compromises their methods, the terrorist change what they do, and it's back to square one. Prattling about "bulk" is a distortion, and a waste of time.

[Deranged Rhino]

 

This is the first I'm hearing of this. Link, proof?

 

Apologies for the delay, under a deadline so I'm scattered. As I said, there are many, many other links and videos in these 38 pages that have more proof and discussion about exactly what the NSA has been collecting and why. I tried to find one that hasn't been linked in here already. Sadly it's from the Washington Post, but it's sourced and verified by other reports in this thread. (Long quote coming)

 

 

 

Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.

In order to allow time for analysis and outside reporting, neither Snowden nor The Post has disclosed until now that he obtained and shared the content of intercepted communications. The cache Snowden provided came from domestic NSA operations under the broad authority granted by Congress in 2008 with amendments to the Foreign Intelligence Surveillance Act. FISA content is generally stored in closely controlled data repositories, and for more than a year, senior government officials have depicted it as beyond Snowden’s reach.

The Post reviewed roughly 160,000 intercepted e-mail and instant-message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts.

The material spans President Obama’s first term, from 2009 to 2012, a period of exponential growth for the NSA’s domestic collection.

Taken together, the files offer an unprecedented vantage point on the changes wrought by Section 702 of the FISA amendments, which enabled the NSA to make freer use of methods that for 30 years had required probable cause and a warrant from a judge. One program, code-named PRISM, extracts content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other leading Internet companies. Another, known inside the NSA as Upstream, intercepts data on the move as it crosses the U.S. junctions of global voice and data networks.

No government oversight body, including the Justice Department, the Foreign Intelligence Surveillance Court, intelligence committees in Congress or the president’s Privacy and Civil Liberties Oversight Board, has delved into a comparably large sample of what the NSA actually collects — not only from its targets but also from people who may cross a target’s path.

Among the latter are medical records sent from one family member to another, résumés from job hunters and academic transcripts of schoolchildren. In one photo, a young girl in religious dress beams at a camera outside a mosque.

Scores of pictures show infants and toddlers in bathtubs, on swings, sprawled on their backs and kissed by their mothers. In some photos, men show off their physiques. In others, women model lingerie, leaning suggestively into a webcam or striking risque poses in shorts and bikini tops.

“None of the hits that were received were relevant,” two Navy cryptologic technicians write in one of many summaries of nonproductive surveillance. “No additional information,” writes a civilian analyst. Another makes fun of a suspected kidnapper, newly arrived in Syria before the current civil war, who begs for employment as a janitor and makes wide-eyed observations about the state of undress displayed by women on local beaches.

By law, the NSA may “target” only foreign nationals located overseas unless it obtains a warrant based on probable cause from a special surveillance court. For collection under PRISM and Upstream rules, analysts must state a reasonable belief that the target has information of value about a foreign government, a terrorist organization or the spread of nonconventional weapons.

Most of the people caught up in those programs are not the targets and would not lawfully qualify as such. “Incidental collection” of third-party communications is inevitable in many forms of surveillance, but in other contexts the U.S. government works harder to limit and discard irrelevant data. In criminal wiretaps, for example, the FBI is supposed to stop listening to a call if a suspect’s wife or child is using the phone.

There are many ways to be swept up incidentally in surveillance aimed at a valid foreign target. Some of those in the Snowden archive were monitored because they interacted directly with a target, but others had more-tenuous links.

If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, regardless of subject, as well as every person who simply “lurked,” reading passively what other people wrote.

 

*Emphasis added so you can search some of the programs online and see for yourself what they're used for. Just collecting records and duration of phone calls is not what this issue is about. It's never been what this issue is about. They've been collecting EVERYTHING they can, for over a decade, completely illegally.

http://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html

[GG]

 

 

Apologies for the delay, under a deadline so I'm scattered. As I said, there are many, many other links and videos in these 38 pages that have more proof and discussion about exactly what the NSA has been collecting and why. I tried to find one that hasn't been linked in here already. Sadly it's from the Washington Post, but it's sourced and verified by other reports in this thread. (Long quote coming)

 

 

*Emphasis added so you can search some of the programs online and see for yourself what they're used for. Just collecting records and duration of phone calls is not what this issue is about. It's never been what this issue is about. They've been collecting EVERYTHING they can, for over a decade, completely illegally.

http://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html

 

 

The data provided illegally under the auspices of FISA and subsequent amendments?

 

As was discussed at the time, there is a valid argument that FISA itself is illegal. But until that ruling is handed down, how is activity that is sanctioned by FISA with full acknowledgement of Congressional intelligence committees, be considered illegal?

[DC Tom]

For the last time: "Bulk" collection can be defined as any more than 1 record. Thus, it's a cliched, nonsense argument. Why are people with no clue how data warehouses are constructed, never mind used, pretending they are authoritative on this issue. Snowden is certainly no authority.

 

I am. When I tell you that "bulk" isn't nearly as important as the data model, what touched the data, and NSA's methodology, that's the definitive answer, period. And, of course it isn't "just phone calls". Collecting just phone calls is called: incompetent.

 

You're better at IT than you are at SIGINT. Phone call metadata can tell you a hell of a lot if you use it right.

[OCinBuffalo]

 

 

Apologies for the delay, under a deadline so I'm scattered. As I said, there are many, many other links and videos in these 38 pages that have more proof and discussion about exactly what the NSA has been collecting and why. I tried to find one that hasn't been linked in here already. Sadly it's from the Washington Post, but it's sourced and verified by other reports in this thread. (Long quote coming)

 

 

*Emphasis added so you can search some of the programs online and see for yourself what they're used for. Just collecting records and duration of phone calls is not what this issue is about. It's never been what this issue is about. They've been collecting EVERYTHING they can, for over a decade, completely illegally.

http://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html

 

1. Again, if what they are doing produced nothing but garbage, that is incompetence, and whoever "they" are should be fired. Not the mooks who do the daily stuff, but the bosses and designers of the "system". The question here is NOT whether the effort ever produces garbage, at all. Rather, it's whether it ever produces actionable intelligence, and how often it does. This kind of work is always going to produce garbage. So, lets quit being shocked when it does, mkay?

 

If they are keeping the garbage for no apparent reason, as this quote states, then yeah, that is stupid, and they should be canned. There are ways, I'm not going to get into because that is a very long post, for determining if current garbage will always be garbage, or if at some point it may be useful. Once again, competence is required to do that.

 

2. Again, we have to collect lots of seemingly unrelated data for patterns to emerge. Enough of the OUTRAGE! over the fact that lots of data/pics/whatever are collected from disparate sources. Calls, texts, posts, pics: collecting datat of all stripes...This is the F'ing job!

 

We don't need any of this, if we could do everything with Gibbs and his team from NCIS: magically hacking 512 encryption in minutes , and amazingly, only ever receiving and working with the small, perfectly targeted data sets that have a 90% confidence level of producing results and always magically appear on demand with minimal "computer work". All of this, while none of the irrelevant/failed data sets ever show up. Yes, it only takes minutes to do my job! Especially if done by a hipster chick forensic scientist, with no formal education or experience in data warehousing, or God F'ing forbid, yet another tool from MIT who thinks that being from MIT alone means they can do what we do(that is the only realism here).

 

When are we going to stop pretending that TV is reality? This work REQUIRES lots of disparate data. And, sometimes it fails to produce any results.

 

The question is how many "hits" are we getting, and how much garbage, that will always be garbage, we are retaining for reasons passing understanding.

 

(Hits are actually a horrible way to describe this, and if we are going after hits, we are doing it wrong. "Hits" are point in time. Patterns are over time. Like all point in time data, any "hit"'s usefulness expires as we move away from its point in time. A pattern shows us ongoing reality. Designing a system to produce hits, and not patterns, is idiotic. But, I've seen it plenty.)

 

You're better at IT than you are at SIGINT. Phone call metadata can tell you a hell of a lot if you use it right.

When did I say it couldn't? Wake up. I am saying that not ONLY phone call meta data, but texts, pics, posts, ALL of it, AND its meta data, is the PROPER way to do the job.

 

I'm rapidly tiring at the OUTRAGE over what is merely competently going about one's analytics business.

Edited June 11, 2015 by OCinBuffalo