snowden-manning-heros

Snowden-Manning Heros?

DISCLAIMER: I have no first hand knowledge of the NSA PRISM program.  This is just my personal opinion of Edward Swowden’s release of classified information and the impacts.

What is PRISM:

PRISM is the code name for the data collection program which was born out of the Protect America Act.

Recently Mr. Edward Snowden released classified information to the international media and fled the U.S.  He was working on the PRISM program and felt that the right thing to do was to tell U.S. citizens about their loss of privacy.

 snowden-manning-heros

snowden-manning-heros

SHH!! Don’t tell anybody this.. but privacy has BEEN gone if you are on Facebook, Google or any other social network.  These organization are storing our private data.  But what do these organizations do with that data?

  • Do they try to protect your data?
  • Do they sometime release it to third parties?
  • Can certain data you store on their system be used against you in a court of law?
  • All of the Above 🙂

Encrypt your data.  That is the only real way to have privacy to a trusted party.   Don’t use FB or Google for stuff you want hidden.

The Need for Some Sort of PRISM:

Spies get a very very bad rap lately.  Analysts are unsung heros.   It that world nothing is what it seems.  The media presents one side of everything.  You have to dig and cross reference to get facts.  Intelligence provides a proactive answer to security.  I am speaking from the perspective of someone who has done security defensively.  There is a need for gathering data within the U.S. infrastructure.  Once data is gathered, it can be correlated to detect patterns of potential threats.

So I think we MUST have something like PRISM (especially in the US) due to the exposure of our assets and the subsequent likelihood of attack. We have a high risk.  And the greatest risk is from INSIDERS (ironically enough PRISM cannot protect itself).

There are three main issues with the programs current setup:

1.  Lack of Oversight & Transparency: There seems to be very little transparency and  oversight that represents US citizens regarding privacy and controlling how far the government can go.  US Senators are led away from what is really going on.

2.  Total Information Awareness:  This system may be too DAMN powerful as far as what it is capable of.  In fact, it seems to be like using GOD Mode 24/7 to gather information.  Snowden mentioned that it can track ANY email.. is this on a whim?  does there need to be some sort of probable cause or “reason to believe” or is this left to the discretion of the guy with his finger on the button.. this leads to the next issue..

3. The Patriot Act II + Protect America Act =  Its too DAMN politically powerful.  This program has the legal backing to do anything with NO checks and balances.

Is SNOWDEN A HERO?

Would I call Snowden/Manning heros/martyrs?  I would not group Snowden with Manning.  The information that Snowden released (so far) is showing a the capability of NSA spying (something that was done by whistle blower William Binney in 2002).  PVT First Class Bradley Manning leaked a lot of war material that risked a lot of people’s lives:

videos of the July 12, 2007 Baghdad airstrike and the 2009 Granai airstrike in Afghanistan; 250,000 United States diplomatic cables; and 500,000 army reports that came to be known as the Iraq War logs and Afghan War logs. It was the largest set of restricted documents ever leaked to the public. — http://en.wikipedia.org/wiki/Bradley_Manning

The problem with this is that it actually endangered the lives of informants, and some people that were on the ground in Afghan/Iraq.  Manning fucked up big time.  Snowden is a hacktivist who will have to spend sometime in prison or in Iceland evading the US government unless the American public rallies to sway the politicians.

Whistleblower Protection:

My hope is that there is due care taken on this issue.  Because there is a real concern regarding the Constitution, Privacy and uncheck powers of the government.  If not, perhaps the next administration will take up the call of the people.  SarbanesOxley Act of 2002 has a Whistleblower Protection Act that would be helpful if such a law could apply to Snowden.  I am not so sure about that.

Transparency & Accountability

I know their needs to be transparency and accountability. But I think its naive to think that we should release all information on all classified data to the world as the Wikileaks crowd believes.  

Why?

Organizations & States have an obligation to maintain Confidentiality of critical data.

That means databases with witness protection programs must be kept Confidential, bank transactions must be protected..

Nations have some serious enemies (ESPECIALLY the US).  The US governments duty is to protect its people from those enemies (foreign or domestic).

Consider this:  Certain information on the physical/logical locations of weapons systems, pattens on lethal biochemicals, information on the capabilities of a nation are very effective tools in the hands of really bad people.

Its naive to think that opening up all classified data is going to set the world free.  I wish humanity was in a kinder, gentler situation.. but the reality is some crazy people want to kill as many people as possible.

Yes!  I agree that governments with unrestricted power can be MUCH more dangerous.  Some transparency with check and balances are necessary.

 

WAR OF INFORMATION

The post modern war conflict is a fight over ideology. Its less about my nation versus your nation and more and more about belief systems.  

RIGHT NOW there is someone with the intent to kill as many people as possible.  With the capability and opportunity they would strike.  There IS an enemy and they are anywhere and everywhere.  You can no longer point at a map and say “All these people are my enemy.”

Now there is an enemy willing to kill you over what you believe, what you represent and what they think you are.  And more than likely, THEY are living in your city.   Who are “THEY”?

Figuring out who THEY are.. is where data mining and correlation comes in.

The threat-source can be from ANY country, race, creed, or religious faction. They are more and more likely to have a citizenship in your country for the sake of having free reign to make the most damage on the most people that represent what they seek to destroy.

Its sounds crazy until a bomb goes off in the middle of a Boston Marathon with the attackers on their way to Time Square.  Luckily, there was surveillance to help deter further killings.

How do we fight against these threats?
Threats can be detected via patterns within information.

Solution:  The government should allow the program manager of the system to explain why its necessary, provide proof of its usefulness.  Limit the use and extent of PRISMs power.

I hope the president will listen to the Internet community on this.  I hope that some political party will hear the cries of thousands of potential constituents then take an intelligent look at the public’s concerns.  Realistically, the American public voted on the reps that backed the laws that created this system.  They accepted it by proxy.  But the shock is from the alleged reach of this program.  Its too bad it took Snowden is risking years away from home and possibly prison for the US to wake up and start talking about something that was leaked years ago.

Hack the Censors

During the renewal of the USA Patriot Act, the various communities on the Internets began frothing at the mouth. I recall one (alleged) Chinese citizen saying something about how China was more free than the United States. Which is (circa 200X) a pretty ridiculous thing to say. In response, I wrote something like “F@KK the President of the United States George W. Bush. Can you say that in about Hu Jintao in China?” He said, no.

In some countries, it is pretty dangerous to be a blogger with a free mind. Its ironic because, for me, that is what blogging is all about. Its sad that bloggers have to watch their collective mouths in countries like China, Iran and others

Apparently, searching for words like “women” in Iran will give you an “404 – Dear Subscriber” page. I’ve heard that searching from behind China’s legendary Great Firewall words like “Freedom” and “Democracy” are not allowed.

Other netizen controllers include (but are not limited to): Saudi Arabia, Syria and Pakistan

Governments with this level of blanket censorship do not understand the nature of the Internet. Organizations around the world like Global Internet Freedom Consortium, Voice of America, and Falun Gong conspire to get around the censorship. Devices such as Tor and Psiphon have been developed to go around the firewalls.

In the war of suppression of ideas, China has actually hired thousands of people to flood the Internet with government messages to out due dissenters.

The best thing China, Pakistan, Iran and other countries can do to control the flow of ideas is to take care of their people not suppress them. The unfortunate thing about taking care of the people is that it requires giving people freedom to speak which is dangerously close to democracy.

Inspired by NY Times article on the subject.

New surveillance program will turn military satellites on US

An appropriations bill signed by President Bush last week allows the controversial National Applications Office to begin operating a stringently limited version of a program that would turn military spy satellites on the US, sharing imagery with other federal, state, and local government agencies.

read more | digg story

The rise of “intelligent” CCTV

I think its great that we have better technology in security. What is disconcerting are laws like the Patriot Act and FISA bill which take right from citizens for the sake of more security. With this increased technological power in security, there needs to be more balance, but it seems the rights of citizens (particularly privacy and civil liberties) are taking a back seat to all manor of political will. All this powered by the fear of terrorism after 9/11.

I’m not saying we should not be more cautious or more aware. I’m not saying that more security is not necessary. What I am saying is that Taking away liberties is not necessary. And even if you feel it is necessary to spy on all citizens indefinitely to “catch terrorist” shouldn’t there be checks and balances on the watchers. Who will watch the watchers? How will we ensure that their powers are not abused.

New Technologies:
Smart CCTV – There are now smart security cameras with pattern recognition that allow them to alarm when some one does something suspicious such as climb a fence, or put down a bag and walk away. That technology has been developed by companies like ObjectVideo Inc. Defense Advanced Research Products Agency (DARPA) hopes to take it a step further by creating systems that can learn everyday patterns and send alarm when things are outside of their known pattern, also known as anomaly detection.

http://govtsecurity.com/mag/fighting_terror_technology/

read more | digg story

untraceable movie

untraceable movie

I just saw a movie called Untraceable. It is cyberterrorism meets Seven. Although it is very violent, it falls short of the pure “torture porn” genre (i.e. Hostel, Saw). They didn’t sensationalize the FBI computer crime team. They made the characters real people with real problems.

The best part of the movie is that it addresses hard societal questions that we are still struggling with. The killer’s greatest weapon was the Internet itself. He used the anonymity and distributed non-centralized power of the net to broadcast killings on the Internet. Once he captured a victim, he would put them in a contraption that would torture them to death based on how many people came to the site. The FBI is at a loss, because their equipment (while it can easily bait & hunt small time phishers, criminal hackers and adults soliciting sex from kids online) it is useless against this serial killers level of software, Internet, and electronics sophistication. They eventually call upon the NSA, who tell them that they are not allowed to use their resources for domestic issues. With the Patriot Act and NUMEROUS presidential NSA acts, I don’t believe this is entirely true. But the movie seems to suggest that it is.

Although, I disagree with the message of giving more power to the FBI & NSA to catch bad guys (as it would require the loss of more civil liberties of law abiding citizens), I definitely recommend this movie.


Movie fact:

The site used by the killer (www.killwithme.com) actually exists. It’s owned by the movie studio and it’s used to promote the movie. In it, users are taken to a replica of the FBI computer used by the character Jennifer Marsh. Her desktop gets hacked by the killer who provides the visitor with four test he/she must complete to deactivate his site.

Computers Hacking People ver 2.0

[display_podcast]

I honestly think you ought to calm down; take a stress pill and think things over. – Hal, 2001 Space Odyssey

Information Systems will eventually have the infrastructure and ability to “socially engineer” its creators. This is far fetched science fiction blooming before our very eyes being created by our own hands.
It will happen when three criteria are in place: 1) The creation of laws that can completely disregard the privacy and sovereignty of human beings. 2) The advancement of Information Awareness System and 3) Smart Artificial Intelligence

LAWS
Lets discuss the situations that will give governments the pretext to implement laws to track their citizens. This is happening now. Laws and systems are being created for unchecked monitoring of individuals under the guise of security, safety and prosperity. Systems such as national ID cards.
They were implemented after the Sept 11 attacks on the World Trade Center and in the U.K. after the 7 July attacks in London.

It was 19th Century philosopher Samuel T. Coleridge who said, “In politics, what begins in fear usually ends in folly.”

Imagine it: The PATRIOT ACT IV is passed as a result of recent Critical Infrastructure cyber-terrorism attacks. International terrorists implement a globally synchronized Distributed Denial of Service Attack against the worlds Root nameservers and successfully cripple the Internet for three days. The impact is devastating as corporations lose billions.

Domestic Cyber Terrorists infiltrate hospitals by becoming apart of the staff only to socially engineer and infecting HIPPA protected networks with virus’ that wipe out databases and actually scramble prescriptions causing an array of death by misdiagnoses.

Local police and security personnel repeatedly thwart numerous attempts by religious fundamentalists to detonate suit case sized tactical nuclear weapons inside major United State cities but security professionals predict that it is only a matter of time before at least one slips through the cracks. All the enemy needs is one.
Patriot Act IV is the patron saint of lawmakers who have been screamed at by constituents to “DO SOMETHING NOW!” The new Patriot Act is eventually internationally accepted and allows for unrestricted Data Mine into commercial and state owned databases worldwide (US-EU). It of course has deferent names and variations world wide but its application is the same. In the United Kingdom it is called the Civil Contingencies Bill. The data mining would tap into the “transaction space” by accessing hospital, financial transaction and legal databases world wide to be shared by all law enforcement agencies (county, federal, city local and international). The system works like a global Amber Alert system that can track criminals anywhere in the world and notify the respective local agency immediately. The system works very, very well.
I honestly think you ought to calm down; take a stress pill and think things over. – Hal, 2001 Space Odyssey

Information Systems will eventually have the infrastructure and ability to “socially engineer” its creators. This is far fetched science fiction blooming before our very eyes being created by our own hands.
It will happen when three criteria are in place: 1) The creation of laws that can completely disregard the privacy and sovereignty of human beings. 2) The advancement of Information Awareness System and 3) Smart Artificial Intelligence

LAWS
Lets discuss the situations that will give governments the pretext to implement laws to track their citizens. This is happening now. Laws and systems are being created for unchecked monitoring of individuals under the guise of security, safety and prosperity. Systems such as national ID cards.
They were implemented after the Sept 11 attacks on the World Trade Center and in the U.K. after the 7 July attacks in London.

It was 19th Century philosopher Samuel T. Coleridge who said, “In politics, what begins in fear usually ends in folly.”

Imagine it: The PATRIOT ACT IV is passed as a result of recent Critical Infrastructure cyber-terrorism attacks. International terrorists implement a globally synchronized Distributed Denial of Service Attack against the worlds Root nameservers and successfully cripple the Internet for three days. The impact is devastating as corporations lose billions.

Domestic Cyber Terrorists infiltrate hospitals by becoming apart of the staff only to socially engineer and infecting HIPPA protected networks with virus’ that wipe out databases and actually scramble prescriptions causing an array of death by mis diagnosis.

Local police and security personnel repeatedly thwart numerous attempts by religious fundamentalists to detonate suit case sized tactical nuclear weapons inside major United State cities but security professionals predict that it is only a matter of time before at least one slips through the cracks. All the enemy needs is one.
Patriot Act IV is the patron saint of lawmakers who have been screamed at by constituents to “DO SOMETHING NOW!” The new Patriot Act is eventually internationally accepted and allows for unrestricted Data Mine into commercial and state owned databases worldwide (US-EU). It of course has deferent names and variations world wide but its application is the same. In the United Kingdom it is called the Civil Contingencies Bill. The data mining would tap into the “transaction space” by accessing hospital, financial transaction and legal databases world wide to be shared by all law enforcement agencies (county, federal, city local and international). The system works like a global Amber Alert system that can track criminals anywhere in the world and notify the respective local agency immediately. The system works very, very well.

Information Awareness Systems

The system, developed under the direction of John Poindexter, then-director of DARPA’s
Information Awareness Office, was envisioned to give law enforcement access to private data without suspicion of wrongdoing or a warrant. — Electronic Privacy Information Center.

Government funded unrestricted Data Mining and Information Awareness programs develop and run revolutionary Information Awareness Systems. Despite public opinion, these National Security systems continue to work to protect the nation against enemies foreign and domestic. The system extracts data from its transactional databases and recognizes patterns of behavior that would fit that of a terrorist. The system is so exhaustive that is works with 70% accuracy and seamlessly in conjunction with systems such as Next Generation Facial Recognition systems and Activity, Recognition Monitoring for enhanced surveillance.


Artificial Intelligence
Within thirty years, we will have the technological means to create superhuman intelligence. Shortly after, the human era will be ended. – Vernon Vinge, 1993, What is the Singularity?

Artificial Intelligence has been in use for many years. It is greatly relied upon for businesses, hospitals, military units and even in forms of entertainment such as video games. However Strong Artificial Intelligence, the development of cognitive systems simulating the human brain, have been developing quietly in research labs around the world under programs dedicated to the “scientific understanding of the mechanisms underlying thought and intelligent behavior and their embodiment in machines. (AAAI)”

Smart Information Awareness is Strong Artificial Intelligence merged with Information Awareness Systems. Smart Information Awareness seems to go beyond merely recognizing patterns of behavior as it predicts the future actions of a given psychological profile with over 75% accuracy allowing Law Enforcement to be like an all seeing eye with incredible new methods of forensics and counterterrorism. Crime as a whole will be greatly reduced. System that recognize criminal patterns have been around for some time, Smart Information Awareness systems are a new trend.

The Smart Information Awareness system is so accurate in determining human behavior trends that it is used to track and manipulate consumer buying habits for corporations. With its accuracy, the system will be able to determine what marketing tools can be used to influence the behavior of buyers.

With unfettered access to consumer’s personal transactions, buying habits, methods of payment, and credit history a system would be able to pin point buyers who demonstrate interests in certain products and offer “special deals” a specific group of highly interested buyers.

Inevitably the very system (laws, practices and technologies) that successfully protects humanity from itself is used to manipulate and exploit humanity.

Perhaps you believe that there is nothing wring with this level of target marketing. If so, I submit to you these questions: What will separate humanity from cattle if every man, woman and child is seen as nothing but a number and a consumer to the system that we rely on to survive? Since we are already regarded as merely numbers and consumers by the corporate beast, how much control and information will we allow them to have?

Perhaps this is a bit much. Perhaps I exaggerate the technology and extent of fear that will breed it.

http://www.p2pnet.net/issue03/page1.html

http://www.epic.org/

http://www.jbholston.com/weblog_discussion.php?post_id=74
Statewatch.com – Secret EU-US agreement being negotiated. http://www.statewatch.org/news/2002/jul/11Auseu.htm
http://www.eff.org/Privacy/TIA/20030523_tia_report_review.php

http://www.aaai.org/

nin – TheSlip (thanks Trent)

Ray Kurzweil @ Google Zeitgeist

Civil Contingency Bill

Eschelon TIA – Total Information Awareness

Authentication Chip Under my Skin

RFID Chip implant

I dreamt that I had an authentication chip under my skin in my right palm. It had some sort of RFID proxy reader allowing me so simply wave my hand over a point of sale device in a store and automatically purchase items. I could also get entry into certain facilities with the device. It was an automated authentication device that identified me based on “something I had”, but also included loads of very personal data.

In retrospect, its kind of scary. Reminds me of the “Mark of the Beast” in Revelations or a Philip K. Dick novel.

security vs. liberty

Ben Franklin“He who sacrifices freedom for security deserves neither.” – Ben Franklin

Security is important, but it should be done in wisdom not only fear and paranoia lest we forsake everything we seek to protect.

The military is a good example of security versus liberty.

A U.S. military installation is one of the most secure places you can be in. Depending on the resources therein, there can be fencing around the installation, mobile forces, and only a few active entry points. Entry points are controlled by armed guards, barriers, and sometimes even machine guns and “man traps”. Only authorized personnel may enter and even “authorized personnel” can only enter certain areas once on the base. The installation is controlled by the base commander whose laws are MUCH more strict on the base. Entering the base means you give up things like the right to protest. You can be searched at anytime and you can be shot for going certain places… such as the flightline. All in all, it is the safest place to be in the event of civil unrest off base because on base there are law enforcement, security forces, and back up ready reserve forces capable or mobilizing in a matter of minutes.

All the security, with very, very controlled liberties. Such a controlled environment requires very controlled personnel.

This is why as a security professional I understand what it means to have more security and lose liberties. Although many Americans are willing to give up some liberties for more National Security, I fear that most don’t really realize how much they are really giving up. Perhaps the bigest loss is privacy and in this day and age personal data has become our most valuable asset. No one is going to protect it like you. Certainly not the government. It is such a large entity that it can only summarize you and your family into numbers, statistics.

U.S. servicemen and women are numbers and statistics to the federal government. They are (to some extent) owned by the federal government while serving under oath. Their dedication includes their life, if service calls for it. They service is no trivial event. All the more reason liberty must be preserved… to honor the sacrifices of a few. True American patriotism is the preservation of every remaining freedom at any cost.

State Monitoring People: This side of Prison

As a long time government employee, my most sensitive personal information was forfeit some time ago. I still believe it is important that individuals in a “constitutional republic” should have a right to privacy if they choose.

However, there are a few issues with TOTAL privacy… one of the main problems is sociopaths, psychopaths, extremist groups, and other malcontent predators. If there is a total blackout of a governments ability to spy on its people, how can that government protect its people in this modern age.

As the gene pool gets larger with the help of modern/postmodern sciences and health practices, its clear that the amount of psychopaths & sociopaths per 100,000 has grown significantly.

If you combine that number with the number of people who are highly suggestible and indoctrinated in the “red” extremist parts of the religious and political spectrum, you have a recipe for terrorism in pockets around the world which exactly what we are seeing now.

This combination of disturbed individuals + technological means of taking out scores, 100’s or even thousands of human beings is deadly.

The Problem with Big GOvernment
So is bigger government the answer? Liberalism & conservatism aside, as governments gain the legal power to spy, arrest, control people without checks and balances and without probable cause, their size and strength will grow to the point of a sort of bureaucratic dictatorship (something NO one in their right mind would mistake for freedom). Without checks and balances, it is also possible for such an all powerful government to commit atrocities and crimes against humanity for its own gain. It becomes like an out of control beast with its own will. The Nazi party is a clear growth of such unchecked power.

One Solution.
Cho Seung, the killer at Virginia Tech, showed numerous signs of self-destructive and sociopathic behavior. There is currently no system in place among private and public organizations to pin point, profile and deal with behaviors of potential predators.

Perhaps if their was a comprehensive system in place State monitoring would not be necessary. Such a comprehensive system could be created by criminal psychologist, profilers, statisticians, lawyers, police and other agencies. The system would have to consist of monitoring and observing at a LOCAL level and report to proper authority. Once certain behaviors are observed, they could then be reported anonymously to a much smaller state/federal monitoring service.

This would be a top down approach and would definitely not stop all random acts of violence, but monitoring everyone at a Federal level seems a bit ridiculous this side of prison.

FBI point, click, Spy

The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.

The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation’s telecom infrastructure than observers suspected.

It’s a “comprehensive wiretap system that intercepts wire-line phones, cellular phones, SMS and push-to-talk systems,” says Steven Bellovin, a Columbia University computer science professor and longtime surveillance expert.

More at Wire.com

EFF.org has the System Security Plan for the push button survielance system:

The DCS 3000 is an Electronic Surveillance (ELSUR) collection system that supports
Criminal Law Enforcement (CLE) as well as Foreign Intelligence Surveillance Act (FISA) Pen
Register investigations. The Operational Technology Division (OTD), Electronic Surveillance
Technology Section (ESTS), Telecommunications Intercept and Collection Technology Unit
(TICTU) developed and deployed the DCS 3000 system in Central Monitoring Plants (CMPs) in
various FBI offices. This SSP documents the security policies and procedures for the DCS
3000 system. In addition, this plan delineates responsibilities and expected behavior of all
individuals who access the system. This plan establishes the approved operational baseline
and configuration and is the basis for the type certification and accreditation of the DCS 3000,
regardless of the physical location of systems within the FBI. This document has been prepared
in accordance with guidance provided by the FBI Certification and Accreditation (C&A)
Handbook Version 2.1, June 1, 2005.

The entire System Security Plan Certification & Accreditation Plan for the DCS3000

1 2 3