Forgot your password?
typodupeerror
News

Spies in the Forests 119

Posted by Nathan
from the Big-Brother dept.
Adam Jenkins writes "More info on the NSA patent has been reported in The Independent. Specifically they have been lab-testing software that can sift through calls and e-mails in search of key phrases." Can you say 'Echelon'? Anyone who still harbors any doubts about whether the network could exist should read this.
This discussion has been archived. No new comments can be posted.

Spies in the Forests

Comments Filter:
  • You have no idea how many people named Jesus are out there committing crimes right now... But probably none the NSA would be interested in.

  • let's keep as close a watch on these guys as we can, shall we?

    Echelon Watch [aclu.org]

  • by Crixus (97721)
    It's not clear to me why the NSA would need to patent such a technology. If some other entity (Lucent or some such tech company) got to the patent first, is this going to stop the NSA from performing this kind of intelligence?

    I think not.

    If they were ever to be asked they would simply deny that they're doing it, and if some sort of legal pursuit occurred it would be deflected by the veil of NATIONAL SECURITY.

    I saw Phil Zimmerman speak in Syracuse NY many years ago when the US Gov't was still pursuing their investigation of him, and he spoke about the potential collision of technology, and privacy rights.

    At that time (1993-ish) Phil mentioned that the NSA had just released some of their speech recognition code into the public domain, and it was several generations ahead of what the best civilian code looked like.

    What does this say about the code that they're actually using.

    The NSA's motto is to be 5 years ahead of EVERYONE else's technology, and I believe they are.

    Bottom line:

    The NSA HAS BEEN developing and using speech recognition software for more than 10 years, and will continue to do so regardless of what congress attempts to do to curtail their trampling of people's privacy rights, and regardless of who patents what.

  • Or to keep MS from patenting it. It' the new MS Revolution they're trying to forstall!!!!! (The above post was inspired by Monty Python. Tread Warily.....)
  • What makes you think that Allah is a word that the NSA would need to listen for? He's the God we believe in. Almost every Muslim mentions his name numerous times throughout the day, and good luck to NSA if they are actually monitoring for any phrase containing his holy name. They will need boatloads of signal processing power.

    Get over this, guys. Smart people do not have racial stereotypes and prejudices. Slashdot is all about smart people and free exchange of opinions. The word "Allah" has no more relation to terrorism or anything illegal than, say, "Jesus", or "Jehovah".

    I doubt that the poster meant to imply that Muslims are terrorists, just that the NSA might think they are. Such religious stereotyping would not be at all unprecedented for our government. In the 1950s, for example, atheism was strongly associated with communism. Of course, as you correctly point out, filtering conversations for "Allah" would be useless because it would flag most conversations by Muslims.

  • "I'm going to kill the president with help from my new friends in the terrorist group."

    I suspect that if you try this, it'll get noticed the first time and then, after you've been looked at manually and deemed to be un-dangerous, a killfile of sorts will be set to ignore your pet phrases.

    That is, of course, assuming nothing strange happens to you in the meantime...
  • there must be at least half a billion Muslims in the world.

    I'd like to see the NSA keep track of them all. hehe...

  • Looks like one of those John Dvorak Notes and Asides columns.
  • Speech-recognition technology can't do this job even now (1993), and almost certainly won't in this millennium, either.

    Back in the early 1980s - I don't recall the exact year, call it 1983ish - I played briefly with a speech recognition system one of the profs at Concordia U (where I worked at the time) was developing. It ran on a VAX 11/780 (under VMS), input was via an A/D converter (I used the D/A side of it for sound effects for the game I programmed). It could recognize and parse continuous speech from a random speaker. The catch was that it couldn't do it in realtime, it took about fifteen minutes of processing for about five seconds of speech. Taking out the overhead of printing out all the steps it was taking in the analysis might have shaved a couple of minutes off of that.

    But that was fifteen years ago, on a one MIPS machine. Modern machines with some preprocessing of the signal via DSP could do better than realtime. Add in the neural net system that can recognize certain keywords from the background noise even better than humans (mentioned on /. a couple of months ago) to flag specific conversations for analysis and the problem becomes downright simple.

    Screening text messages by comparison is a piece of cake. A bit more of a challenge is the high volume of binary packets on the net -- most of them probably jpeg fragments from pr0n sites -- but those will have characteristic formats/patterns that distinguish them from, say, encrypted text. (Of course, steganography is becoming popular...)
  • They are figuring the cover on the eCheLOn project will be blown open soon, so they will patent everything related to it to prevent everyone else from using it after the technologies are exposed in a Senate investigation. I wouldn't be suprised if patents on technological foils for their systems exist too. (Inaccessable due to "National Security").

  • what was I thinking ..... all I can say was it was 2am ..... I'd been hacking all nite ....
  • by jafac (1449)
    So, this Echelon scanning system, it relies on boldface text to trigger?

    I wish I had a nickel for every time someone said "Information wants to be free".
  • very wishful thinking:

    Perhaps NSA knows that a conservative congress will pry open the secrets, and make it all public, and the NSA just wants to protect what it can before the end.

    HAW! HAW! HAW!!!

    I wish I had a nickel for every time someone said "Information wants to be free".
  • A recent article in the German magazine Der Spiegel detailed how the German NSA-equivalent agency intercepted data traffic originating from Liechtenstein banks, and how this data apparently reveals the big-time money laundering connections of this countrylet. Quite a coup, it seems.

    There is no doubt that concern about the increasing invasion of privacy is appropriate, especially when it is unclear which information is intercepted by whom for what purpose. Credit ratings, AIDS, credit card nos. are just the tip of the iceberg.

    To put this into perspective, though,
    remember that all the electronic sophistication of the NSA and all the president's CIA men failed miserably in predicting, for example, Saddam's invasion of Kuweit in 1990. Similar intelligence failures abound, e.g. the Nairobi/Daressalaam and the Atlanta bombings.

    Most telling of all is the case of East Germany, where the Stasi had unlimited powers inside the country, had a spy in every house plus spys spying on spys, had innumerable sleepers and moles in various Western governments -- and yet the state collapsed in a miserable heap anyway, simply because no amount of spying on your own people saves a bad system in the long run.

    So, I would not overrate the effectiveness even of a technologically advanced system. Technology is just one of many factors, including the overall state of the economy and the intelligence of the intelligence gatherers.

  • I will admit, there is a potential for abuse of such a system.

    The American Government is based on a system of checks and balances to prevent one branch from gaining too much power. I have yet to realize how an intelligence agency is monitored. I think this might fall under the auspices of the National Security Council. You can't just come right out and say, "I'm Joe Spy. I work for the NSA. I'm spying on the radio signals coming out of the Blahovian Embassy in Washington." In order to supervise the efforts of such an organization, you have to be in the system.

    Self-Monitoring has proven easy to circumvent, and is reflective of the current administration of an organization.

    Point is, there is no clear, black and white answer to these issues.

  • Something to think about:

    There is a whole industry based on surveilance, selling technology to the following groups:

    Bosses who spy on employees to increase productivity
    School Boards who spy on students to keep them safe
    Prisons who spy on inmates to keep the dirtbags in
    Local law enforcement who want to arrest and convict criminals

  • Actually, here's a scenario which could explain their patenting an item: Control.


    By patenting it, they guarantee themselves exclusive control of the ideas in the patent for the next couple decades. It prevents somebody else from coming up with and using it on their own.


    Why would they need to prevent this? I honestly don't know. But it's a thought, at least.

  • Every day, you are spied on to some extent.

    It might be the guy next to you on the bus who does the "Shoulder Shuffle" to see what you're reading.

    It might be the receptionist at the office who looks up your personnel file to see what your wife's name is because they met at a party and she can't remember what it was.

    It might be the anti-social geek that you picked on in High School who vowed that he would one day get even, so he stalks you and sharpens his knife collection.

    Everything you do is being watched. If the government is doing it, that's another thing. Unless you sell all your worldly possessions and hike to the northern wilderness to live in isolation in a log cabin built by yourself out of hand-felled timber, you are in the public eye.

    The problem is, technology has progressed to the point that it is relatively easy to spy on anyone else.

    Do I feel that I should just sit back and live the life of a naive person while the government violates my privacy? No. I just think that most people are not the targets of intelligence operations.

    A major part of risk management is identifying control measures to reduce the bigger risks. If you feel that you might be held accountable for what you say later, get involved in cryptology. Come up with a crypto system for telephone conversations. Rely on your own private system of messenger pigeons.

    Computer network security is very similar to electonic eavesdropping in that you do what you can to minimize the holes for exploitation, but you can't get them all. If you want to communicate and exist as a member of society, you have to take risks, and there is a point where safety precautions get ridiculous.

    I would just love to live in a world without weapons of mass destruction, armies, and politicians. However, we are stuck in a world with these and more. The National Intelligence community is entrusted with the protection of our national interests. They do a very good job of that. The catch is, where is the dividing line between ethical and unethical? If I am listening to personal phone conversations between US Citizens, that's a pretty wrong (and illegal) thing. However, if one of them starts talking about stockpiling arms and explosives to overthrow the government (not just a hypothesis, look at some of the militia groups out there), then most people would say that I have a duty to report that. It's a very gray issue.

    Yes, there is a big potential for abuse of such great power. "Power Corrupts, Absolute Power Corrupts Absolutely." I'm not really sure who watches the Intelligence Community to check for abuses. That's a little scary for me. Hoover was unchecked. However, at the time, he was almost in-line with the popular thought that only criminals would be investigated by the FBI. It was a different time. As a result of these and other abuses, it is now illegal for US Citizens to be monitored. There are loopholes, but not too many.

  • by Morgaine (4316) on Monday November 22, 1999 @10:32PM (#1511319)
    I think you may be missing the point here. Just because the vast majority of us "have nothing to worry about" personally, this doesn't mean that we should not worry about the issue generally. It's very similar to the burning down of rain forrests and 10 million other such areas of concern. Is it sensible that we ignore them just because the effect on us is not personal and immediate?

    Snooping by three-letter agencies does indeed seem fairly innocuous (as long as you lay undistinguished and hence unseen among the teeming masses), but what if you have larger ambitions than to live and die unwitnessed? Whatever you do, even if it's totally legal, you're bound to annoy somebody sometime, and it's not beyond the bounds of possibility that the snooped info will pop up to haunt you, because *all* information is for sale to someone at some price. You'll feel different about it then than you do now.

    And longer term, what about the Terminator, Matrix, or even Borg scenarios? A system that knows everything about what's going on is a system that can kill you in the end, no matter how benign it is at the start. Don't dismiss it as "just SF". It'll be too late to say "Oops, I was wrong" when it happens.
  • Amen!
  • You think you won the Cold War?... Geez the American government really does tell you nothing.
  • Wish I had some moderators points to moderate this up.


    --
  • Has anyone been able to track down further references to this project? I did a brief scout around but didn't turn up anything. The referenced papers would be nice :-)
  • A lot of people have asked why NSA would have any reason to patent any technology. Morality ? Profit ? Nah.

    The reason (a partial one, at least) for many other patents is to keep others from patenting the same thing. This is exactly why NSA is doing it too. The catch here is that NSA has a special position with the patent office: the patent doesn't come public until someone else tries to patent the same thing.

    As it was stated, this kind of technology is not new, certainly not for NSA. For all we know, the patent may have lain dormant for years - or a decade. Given what we know about Echelon (or rather, the rumors we've heard about it) suggest that it has been around for a long time. And you can rest assured that no matter how sophisticated the technology in the patent may sound, it does not compare to what NSA has now. Because the patent is now public, it means that regarding this particular technology, the rest of the world (well, ok, the US), collectively, is where NSA was years ago.

  • Ah, but if i simply add a key sentence somewhere in my email, say,

    "I'm going to kill the president with help from my new friends in the terrorist group."

    instead of adding a huge list of key-words at the end.. would that throw them off? And if everyone did that? Wouldn't that create quite the ruckus?

    'But master, I'm not afraid of the NSA.'
    'Oh? You will be. You will be.'
    --
  • Maybe because nobody in their right mind gives a sack of batshit about UN Conventions?
  • Ummm, no.

    If you're a known member of the Abu Nidal Fan Club, Black September, Islamic Jihaad, Hizbollah... they're going to have a vested interest in monitoring you even if you're ostensibly discussing your favorite laundry detergent.
  • All of us geeks (and nerds) should program our modems and our phones to call each other and constantly say the "key phrases" and set off the buzzers. If we all keep doing this their system will become overloaded. It's the passive DoS attack, since everything is on your own computers on a legal phone service that you are paying for, they can't do anything. You didn't hear it from me, this post never took place.
  • UN (as any other democratic institution) works as long as its members permit it to work. On the other hand, if majority of people supports the UN and minority does not it may result in a political isolation of the minority (I mean US).

    The first sentence is just an empty tautology that ignores whether or not the UN can ever "work" by either its own or any other definition of the word. Your second assertion assumes the US would not be isolated politically if we went along with the "majority". Even then, who cares if the US is politically isolated in the UN? It is simply a fact that UN conventions are whispy nothings. Little pieces of paper. For example, do you think the Cold-War era Soviet Union ever honored the UN Declaration on Human Rights? Did China? More importantly, name a UN resolution or convention that has had some real impact in the policies of a majority, or even a minority, of member nations.

  • Hope I'm not bursting anyone's bubble here, but this sort of software existed years ago -- a co-worker of mine worked on some part or another of it. The software was/is capable of sorting through various communications for key phrases, and it did/does so IN CONTEXT.
  • Heh heh heh. I wonder if anyone could try to sue the NSA due to "prior art". Then the NSA would have to admit that no, they had prior art that was unpatented, but classified. I mean, how can the government patent anything they want to keep secret? And if you reinvent it and patent it, do you own it? Or would the USPTO be able to tell?
    ---
    pb Reply or e-mail rather than vaguely moderate [152.7.41.11].
  • Folks:

    Two years ago reasonable and informed people could (and did) doubt Echelon's existence. But today if you doubt Echelon's existence, then clearly you haven't been paying attention. Duncan Campbell [apc.org] is the man who blew the lid off Echelon, and his report in all of its detailed and independently substantiated glory is available for free on his web page.

    The EchelonWatch [echelonwatch.org] page by the ACLU [aclu.org] is another good source with current news.

    Regards,
    Zooko

  • Last year I met a guy who was doing post-graduate research at the speech lab of a European university. He said he had worked on this project in the US. According to him, the US government routinely monitors international phone calls that originate or terminate in the US. (It's illegal to tap calls that originate and terminate in the US, but apparently it's OK to tap calls that originate or terminate elsewhere.) The use speaker-independent speech recognition to transcribe voices to text; the text can be scanned for key words.

    He seemed credible. He described the mundaneness of most of the calls, and how little information content most of them contained. For example:

    • Hi mom, how are you?
    • Good, how are you?
    • Good. I miss you.
    • I miss you too.
    • I went to a museum today, mom.
    • ...
  • Ignoring for a minute the exact patent....

    I'm a little confused about the consequences of a government agency, which uses the citizens' money, patenting anything. Do the citizens and that country's companies get free licenses then since it was publicly funded? eh? What about the case of a, again, public school holding a patent?

    Any ideas?

  • If I may point /.ers in the right direction. 1. Intelligence (Mil, Pol, Eco, etc) is NOT collected as you seem to think - It is the product of analysis and other processes. Information/Data is collected and some of it is processed. 2. Take only the connected PCs on the Internet even without any form of encryption on transmissions and try to think of the math(s) involved in just intercepting the HTML formated data, excluding graphics, etc and Fermats last theorem begins to look like 4th grade stuff. 3. When it comes to analysis and 'other processes' all the computer processing power available to any organisation you care to mention cannot do pattern recognition like the human brain - not yet anyway - just wait a while! 4. The realy important questions governments ask of their intelligence agencies precludes idle interest in J. Doe - there is just not the time or resources to waste on such trivia (that is trivia to Govt - not to the individual perhaps), unless J Doe is the Deputy Director having an affair with the Second Secretary of embassy 'X'. 5. If J. Doe's personal information (not the one having an affair with the second secretary) is anywhere in a government department can you imagine how difficult it would be to get. It is difficult enough to get information to which citizens are lawfully entitled out of Government. 6. I would suggest, of much greater concern to J. Doe is the profiling and other methods commercial organisations, etc collect on each and everyone of us. That information is not only NOT protected it is actually sold to anyone with the $$s. 7. Perhaps concern should be expressed at the refusal of the Chairman of the FCC to even consider a 'Privacy Statute', which would at least make it a requirement for personal information to be protected from unauthorized access. The question all of us must ask without appropriate legislation is do we trust commercial organisations with our personal details - Real Networks amongst many thousands! 8. Until there is adequate protection of personal information in the USA there will be continuing difficulties with the EU on eCommerce matters and this may be raised at the upcomming WTO meeting. We generally get the governments and laws we deserve?

  • I agree with you that encryption must be really easy to use before it becomes standard. As mentioned, the way public keys work is that you encrypt something with someone's public key, and then only that person can decrypt it. So even if email software automatically grabbed keys, if clueless users did not have public keys there is no way they could receive encrypted email.

    I think the real solution is to add encryption to the underlying mail protocols. This probably won't happen for a while. The idea would be that to have an email address, you must have a public key.

    When clueless Joe User signs onto the Internet via his local ISP, he wants an email account. To get his email account, he must enter a passphrase into his computer. This becomes his private key (which he can remember and use anywhere). His computer then computes the corresponding public key, and sends it to his ISP. The ISP then creates his mail account, and sends his address plus public key to the nearest trusted keyserver.

    Whenever email is sent, the appropriate keyserver is queried and the email is automatically encrypted. This way encryption is the default, not plain text. Of course this way there are problems with people forgetting their passphrase, etc. This would also rely on the keyserver's accuracy. So someone could put up an insincere keyserver that always responds, "Yes, I know the public key for that address, it is 0xdeadbeef" where 0xdeadbeef is the public key of the owner of the keyserver.

    Widespread encryption is inevitable given the way people (and governments) abuse the situation now. I predict that within 3-5 years most computer-savvy people with use PGP or something equivalent for their normal correspondence. Within 8 years encryption will be the default, and it will be harder to send an email without encryption than with encryption.

    -Nathan Whitehead

  • by Anonymous Coward
    Oh that's was a really smart first post. If you don't care about it, at least put some effort into explaining why! Keep the Peace in the Middle East!
  • Computer networks and e-mail are a god-send for government spy agencies. It's much easier to spy on people if they are exchanging data in clear-text, over public networks. I figure it's only a matter of time before anything and everything we do on the net is tracked and cataloged. Sending sensitive data through unencrypted e-mail is just plain stupid nowadays, even if you aren't worried about the government reading it someone else will.
  • Every time there is an article mentioning super computers, parallel computers, quantum computers etc. someone has the very smart, original, and funny hey, lets hook up a Beowulf out of these post.

    I don't know if the poster(s) think that their comments are funny or intelligent, but either way, please stop, because I doubt anyone else does.

  • by [bog-oh] (34246) on Monday November 22, 1999 @08:19PM (#1511354)
    Now I don't mean to talk about nuclear war with anyone, but Iraq may eventually warrant it. Of course, importing narcotics from Cuba would be wrong, but one needs to avoid the government policies trying to prevent illegal action. I suggest we reveal our secrets to the chinese while purchasing arms for a mighty uprising against Democracy.
    -
    THIS IS PRE-ALPHA PRIVATE RELEASE CODE!!!
    DO NOT USE IT UNLESS YOU ARE A DEVELOPER.
    ALL IT DOES IS CRASH!
  • I hate to date myself (but I will) but way back when, we got to add lines to feed the line-eater on our posts, and filled them with all sorts of vague (and not so vague) references to selling drugs, bombing buildings, etc. in the belief that there was some computer somewhere snarfing down all our messages.

    Now I find out it's true. I am not sure if I should be happy or sad. From The Jargon Dictionary

    NSA line eater n. The National Security Agency trawling program sometimes assumed to be reading the net for the U.S. Government's spooks. Most hackers describe it as a mythical beast, but some believe it actually exists, more aren't sure, and many believe in acting as though it exists just in case. Some netters put loaded phrases like `KGB', `Uzi', `nuclear materials', `Palestine', `cocaine', and `assassination' in their sig block [slashdot.org]s in a (probably futile) attempt to confuse and overload the creature. The GNU [slashdot.org] version of EMACS [slashdot.org] actually has a command that randomly inserts a bunch of insidious anarcho-verbiage into your edited text.

    There is a mainstream variant of this myth involving a `Trunk Line Monitor', which supposedly used speech recognition to extract words from telephone trunks. This one was making the rounds in the late 1970s, spread by people who had no idea of then-current technology or the storage, signal-processing, or speech recognition needs of such a project. On the basis of mass-storage costs alone it would have been cheaper to hire 50 high-school students and just let them listen in. Speech-recognition technology can't do this job even now (1993), and almost certainly won't in this millennium, either. The peak of silliness came with a letter to an alternative paper in New Haven, Connecticut, laying out the factoids of this Big Brotherly affair. The letter writer then revealed his actual agenda by offering --- at an amazing low price, just this once, we take VISA and MasterCard --- a scrambler guaranteed to daunt the Trunk Trawler and presumably allowing the would-be Baader-Meinhof gangs of the world to get on with their business.

    NSA_LINE.HTML [bilkent.edu.tr]

  • by Ridge (37884) on Monday November 22, 1999 @08:22PM (#1511356)
    The NSA (DoD) paper on Semantic Forrests is available at: http://trec.nist.gov/pubs/trec7/papers/nsa-rev.pdf
  • This kind of technology is not new, and the NSA is not the only group developing it.

    For example, The Informedia Project at Carnegie Mellon (can't find a working link, but try http://informedia.cs.cmu.edu/) tries to find information about "interesting topics" from a feed of worldwide TV news broadcasts. They have even put a nice voice-command interface on their system, so you can query it by saying things like, "Tell me about last night's Bull's game."

    Another example, the WebKB project [cmu.edu], also out of Carnegie Mellon, has shown some success in deriving meaningful information by web-crawling -- where the signal:noise ratio is probably even lower than in phone calls.

    The NSA could build a pretty good system for this kind of stuff without doing much original research. Developing the technology isn't that questionable. The application is a little spooky, though.

  • The thing that gets me the most about the whole Echelon thing is the sheer hubris of the NSA and the US Government to take upon themselves the right to invade the whole world's privacy by intercepting telephone calls, faxes, and emails - and still insist that the Right to Free Speech is enshrined in the US Constitution. I suppose what this really means is "You can say whatever you want, but if we don't like it you may disappear".

    Luckily for the US they are the biggest and nastiest dog in the junkyard, so other countries in the world cannot afford to complain. Sadly, Might does make right it seems.

  • That's Independent to you, mister.

    Bothered to check the website to see what the article actually says?

    As far as other papers over in Blighty are concerned, give it a couple of days.

    The Independent is located in London and is considered one of the weaker (circulation-wise) centrist/centre-left papers in the UK. Its main competition is the Guardian. Much of this has been covered in some considerable detail by the Guardian and its sister Sunday paper, the Observer. Other broadsheets, in ideological leanings increasing to the right-wing, are the Times, the Financial Times, and the Daily Telegraph (often called the Torygraph by wags). Tabloids include the Sun, the Mirror, and the Daily Star.

    I'd embed the URLs in the above paragraph, but I reckon you can check that yourself.
  • I don't know what the "Independant News" is, but they don't mention any sources. The papers talked about exist, however, as stated in an earlier post. What seems interesting to me, however, is that this goes beyond simply searching for words or phrases, but can actually parse quesions and find data related to the answer in an accurate manner. Soem sample questions might be

    How many Americans are pro communist?
    What individuals or oganizations want to assassinate the President?
    What's the answer to the ultimate quesions of life, the universe, and everything?

    The answers could be reasonably estimated from logs of phone calls and plaintext internet communications. Obviously, this has advantages for national security, but could easily be abused.

  • Are you seriously suggesting that America the great would use the bomb?

    I don't think that is the case. The days of MAD and stockpiling are over, and the future of warfare is economic, socio-political, electronic and small-scale mobile tactical units.

    Get a life, other countries would be doing the same things if they had the same power

    Well, isn't America so all-powerful and wise. It may be that the states is the richest nation on earth, but take a look at the violent crime statistica, or the level of income inequality, or educational inequality. America should be spending its money sorting out its social problems for all the new immigrants that you mention, before blanket spying on foreign nationals in their own countries.

    Oh yeah, just because other nations are worse offenders (China), doesn't mean that privacy abuse is right. And I have lived in America, and it definitely wasn't as nice as Morocco, Germany, Thailand or the UK.

  • What is the effect of a government, tax financed patent? Can the NSA dictate terms for use of this technology for the next 25 years or so and charge licensing fees? The technology is useful for many information filtering tasks besides Echelon style eavesdropping. The general technique should no more be patented than other software algorithms.

    On the privacy thing I have assumed for quite some time now that as technology advances there is no such thing as real privacy. I am afraid we need to get use to that idea and work to insure there will not be ensuing abuse of other rights when almost all details of our lives are semi-public.
  • Its funny how most zealots forget the whole idea of this spy system. It's to protect the people.

    Yes. When the feds spied on Dr. Martin Luther King, it was to protect people.

    When the NSA broke into the Watergate hotel to bug the DNC, it was to protect people too.

    When the FBI delivers their files on Republicans to Bill Clinton, that too is to protect people.

    Most people won't really catch the eye of Big Brother. It's only important people, people who really are bad, and a few false positives who have to worry. Most people can go about their day to day lives without ever being touched by Big Brother, because most people are insignificant.

    So go do your little business as usual. You'll be fine.

    Don't worry that the government is corrupt. They're after some other guy, not you.

    Don't worry that what you say might make them angry. You don't have anything to say that matters.

    Move along people.

    There's nothing to see here.


    (The above has high sarcasm content, in case you haven't noticed.)

  • I agree with you that a more immediate concern to me is spying done by employers. I know people who have browsed job sites during their lunch hour only to get called into their bosses office to explain why they were doing so. I suppose it is naive to expect any privacy when you are at work, but I find it extremely unsettling.
  • I totally agree. And, if you think about it - they have no interest in patenting their current technology. That should make you realize that they are really much more advanced than this. If they are patenting this, they are releasing it to the world. You can surmise that this is already old hat to them.
  • Perhaps this should be entered in bugzilla or whatever the bug reporting system for Mozilla is. Although it is extremely unlikely that it would be included with Mozilla (barring US policy changes on crypto export), it would be feasible to implement a general mail plugin filter, that would not have crypto specific hooks, but which would allow such a beast.

    Then the main stumbling block would be establishment of a central database of keys that would be publicly accessible. Of course one would have to deal with all those tricky authentification issues.

    Definitely a worthy project, perhaps some folks in countries with enlightened crypto laws could work on it.
  • I'm not a US citizen and am not very familiar with the rules governing the operation of organisations such as the NSA, but I would not have thought that other people's patents mattered to the NSA. I find it highly improbable that the NSA would let a patent stop it from using whatever technology it desired without licensing it from the patent holder. I also find it highly improbable that anyone could fault them for it. I even find it rather improbable that anyone who would sue them for patent infringement would ever learn that they were infringing on his patent. They are the national security agency after all.

    Am I wrong?

    If not, and the NSA doesn't need patents to protect its right to use the techgnology, then the question stands (slightly altered): Why does the NSA care about other people patenting their technology?
    --

  • The Independent is one of the UK's leading broadsheet papers. It's pretty reliable. In the UK is articles in paper's such as the Daily Sport (~Weekly World News) that you never ever believe.
  • There was a Cold War?
  • In short, just because the NSA, FBI, CIA, and others can spy on you doesn't mean that they will, or that they even want to.

    Even if people aren't in fact generally being surveilled, there is a definite effect when people feel that they could be being surveilled at any time. It has a chilling effect on democracy -- people become afraid to say things that may be controversial or unpopular when it's possible that Big Brother could use those statements against them in some way. When public discourse is stunted like this, democracy suffers.

    And what about when the surveillance goes beyond public policy matters and becomes a tool to give force to the prejudices and petty hatreds of the men who control the cameras? J. Edgar Hoover made a career out of using intelligence collected under official auspices to destroy the lives of people he just happened not to like, for whatever reason. Does it have any bearing on the public good whether, for example, Martin Luther King, Jr. cheated on his wife? Hoover thought so. Hoover decided that any black man who talked about freedom for his long-suffering people was a Communist by definition, and spent untold taxpayer dollars spying on King's private life in order to find some silver bullet that he could use against him. And this wasn't an isolated case -- Hoover kept tabs on anyone and everyone who he could use some leverage over. And anyone who dared speak out against this could count on having Hoover's cameras pointed at them next. This gave Hoover great power -- and his power knew no bound, no accountability. Secret government by its nature is un-democratic government.

    Your main point seems to be that people should shut up and sit down because they're not important enough for anyone to pay attention to, and even if they were nobody's being dragged away in Black Marias yet. But "security through obscurity" only works when you're willing to forfeit your right to participate in public life, a right which no free man or woman who wishes to make a difference in society should be asked to surrender. And the fact that we have what freedoms we enjoy today springs from the efforts and sacrifices of people who knew that if you wait until the secret police are at your door to protest the loss of your freedom, you've waited too long.


    -- Jason A. Lefkowitz

  • er ... and what's to stop the NSA program lifting the same PGP key from the key server the same way and decrypting your mail ...... then running it thru the scanner ...... the only difference is THEY WILL KNOW IT REALLY WAS YOU :-)
  • ...in which case the best way to hide really subversive email would be to add a huge list of keywords at the end. Oh, this spying is such a fun game...

    Rupert.
  • Australia's statements make it very clear that an internationally-run electronic surveilence network of some kind does exist.

    CND's website documents an amazing amount of information about Menworth Hill and the NSA base there, including their programs for monitoring satellite-based communications, and their plans for linking their interception capability with spy satellite systems.

    Whilst I have no means of verifying the claims, I have talked with a person who claimed to be familiar with Echelon. He didn't go into details (no great surprise, either way), but his description of extremely massive arrays of very fast DSP systems certainly sound a technically feasable approach.

    I agree with other posters - Echelon won't be using keywords. If conventional search engines abandoned that approach as useless, you can be sure that the Intelligence community would have reached the same conclusion, eventually. They almost certainly use some kind of basic "expert system", either as an inclusive or exclusive filter.

    Menworth Hill alone, of the 5 countries known to be involved, intercepts hundreds, if not thousands, of hours of communications, every day. If the guys there had to sort through spam and false hits, from a basic keyword search, they'd need an army the size of England just to cope.

  • Well, great. From now on all terrorists add "bombs iraq nuclear assasination" to their .sig's, and nobody notices them.
  • Does the fact that certain others not respect human rights make it right for YOU to ignore human rights?

    "Well.. my neighbour once raped a kid, so it's alright for me to do so too."

    //rdj
  • Yes, I was in no way implying that Muslims are terrorists. I'm just saying that the government probably scans for that word as well because they have religious stereotypes.
  • Yes, there are a lot of Muslims in the world, but far less of them live in the United States. They could monitor those calls much easier.

  • I have worked in government secure areas and I have worked for companies that sold this sort of email sniffing technology to companies who had to guard against insider trading.

    I realize most of you are freaking out over the idea that the government could be reading your personal email without your consent, but there ARE commercial applications of this sort of snooping that are a godsend. If you've ever waited on an auditor to clear the release of some boneheadedly trivial email you want to send, you'd probably rather have a computer quickly and anonymously clear your stuff than wait for some person who might be busy to clear it.

    Just a thought.
    Scrappy
  • Now this is an interesting discussion.

    First, I happen to be one of the people who believes Echelon doesn't exist. This actually helps my case. For instance, most of the "information" I have read on Echelon indicates that the system has been in place for a number of years. The information in the article referenced indicates that the US had an accuracy if 25% in 1998. For conversations that were already transcribed. Filtering through even a large portion of phone conversations is unlikely.

    And Email? Take a look at that web site that shows the internet connections. Tell me where they're going to hook into the net to keep track of messages? And keep in mind that there are more connections than those graphs show. Not likely either.

    On the other hand, the fact is that we don't really KNOW what these people are doing. If the Gov/NSA decides they want to know all about you, they can do so. This I do not argue. I think that we should definitely know what these people are doing, and we should definitely be putting limits on their power.

    >>>>>>>>>> Kvort
  • Yes, there are a lot of Muslims in the world, but far less of them live in the United States. They could monitor those calls much easier.

    Good point. I wouldn't put it past the NSA to do point.

  • Hard to tell from the brief precis [wired.com] in Wired, but it looks like Dragon Systems has come out with speech-grepping software on the open market (demoed at Comdex).

    Of course, hooking your laptop up to a radio scanner modified to get the wireless-phone channels and using this software to look for keywords related to, say, Congressional graft, as you stroll through downtown Washington at lunchtime, would be totally illegal. I certainly don't advocate any such thing; it would be wrong.

    Might goose the folks putting barriers in the path of widespread crypto adoption, though. And maybe cast the Justice Department's calls for expanded wiretapping powers-- "because technology is eroding away our ability to lawfully intercept communications" -- in a slightly more skeptical light.

  • To both of my responders.......GET A SENSE OF HUMOR, it was funny, you people take life way too seriously.
  • you forgot PRESIDENT and ALLAH :)
  • I'm a little confused why No Such Agency would even bother with patenting things. They're not for profit, so they obviously have no vested interest in protecting intellectual property. Furthermore, they've only screwed the pooch more; as soon an Barr and his cronies get ahold of this it'll just add fuel to the fire for congressional hearings on Echelon. As far as I can tell, all they've done is inform the public more as to what they're doing.
    --
    "Some people say that I proved if you get a C average, you can end up being successful in life."

  • Can we be sure that the DoD and NSA are really working together on these issues? Perhaps there is a bit of competition going on within the American government here.

    After all, we were all wondering why the NSA would effectively comfirm that this is what they were doing by taking out that patent. But if they saw that the DoD were working on technology like it, they may have felt that that was reason enough to get a patent.

    It also seems to make sense, in light of the cludged up nature of governments that makes it very hard to believe that they are keeping anything really secret. Thank god for profit motives huh :-).

    -
    We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
  • What makes you think that Allah is a word that the NSA would need to listen for? He's the God we believe in. Almost every Muslim mentions his name numerous times throughout the day, and good luck to NSA if they are actually monitoring for any phrase containing his holy name. They will need boatloads of signal processing power.

    Get over this, guys. Smart people do not have racial stereotypes and prejudices. Slashdot is all about smart people and free exchange of opinions. The word "Allah" has no more relation to terrorism or anything illegal than, say, "Jesus", or "Jehovah".
    --

    BluetoothCentral.com [bluetoothcentral.com]
    A site for everything Bluetooth. Coming in January 2000.
  • ""You can say whatever you want, but if we don't like it you may disappear""

    I'd rewrite this to.

    You can say whatever you want, but we are listening.

    Still allows for free speech, but kinda puts a damper on free expression. IMHO free expression is much more important than free speech as free speech is only a subset of free expression.

  • by Anonymous Coward on Monday November 22, 1999 @09:25PM (#1511395)

    I've already seen several posts implying that you can fool NSA technology by simply including key phrases in your documents. Thus the "spook" command in emacs, etc.

    But NSA technology is far more sophisticated than this. In fact, if you've used a variety of search engines, you've seen such such technology in use. The better search engines do a good job of rejecting key-phrase laden documents and returning only good hits.

    Of course, eveybody who's used a search engine and gotten some bogus site hit knows that the technology is far from perfect. But remember, the NSA has been throwing millions of dollars at the problem basically since computers existed. They're likely to be well ahead of current search engine technology.

    In other words, you can continue to use spook-mode in emacs (I do, it's fun), but you should be aware that it's probably not fooling anybody. The private sector already has technology that can eliminate that sort of spoofing, and the military is probably years ahead of the game. Trust No One.

  • The Independent is a very high quality UK broadsheet paper; it's about as credible as any mainstream news source can be. What's more, *all* the people cited in the article know what they're talking about: people like (from memory) Brian Gladman, Julian Assange, Caspar Bowden, and Bruce Schneier.

    I think this article is a pretty impressive bit of cluefulness.
    --
  • America.. ok.. it may be decent.. but the best??? minors getting the death-penalty, spawners of microsoft. yup. The best. Never mind what other countries think. Don't say the US is the best until you've seen all other contenders. (ever BEEN to the netherlands? germany? china? If not, then you are making the same mistake you accuse others of). BTW.. those immigration figures you talk about.. is that the plain number of immigrants? number of immigrants related to landsize? current population? It just doesn't say much. It's statistics. Oh.. just for the record, I don't want to live in the US with its violations of human rights and pompous, selfrighteous world-police attitude. Now go ahead and flame me.

    //rdj

    P.S. Did you know that the United States is the only country in the world that has not ratified the U.N. Convention on the Rights of the Child? Including China and all the other big bad red commie states?
  • by Anonymous Coward
    This content analysis is just an extension of some work I did in the mid 80's on determining if a mention of a stock or industry group in an article was positive, negative or neutral. For input I was using the text of a few columns from the Wall Street Jurnal. I could get accuracies of greater than 90% and it took very little processor time on an 10Mhz 68000.
  • I think you misunderstand the purpose of the keys available on keyservers.

    Only public keys are stored on keyservers, and they're used by a message sender to encrypt messages destinated for the corresponding recipients who are the only people that can decrypt them because they alone hold the corresponding private keys. The NSA can't get the private keys from the keyservers because they aren't there.

    Recipients of incoming messages don't grab public keys from keyservers in order to decrypt the messages, but only to authenticate their signatures. For message signing, keys are used in reverse, ie. the sender signs his message with his private key and then recipients can check that it really came from him with the help of his public key.

    Needless to say, even a non-clueful user has to generate his own keypair and place his public key on a default keyserver, but that operation can be completely hidden from him by being done at the time his email system is installed, configured, or just run for the first time. Sensible crypto users go to great lengths to select a good and long passphrase to protect their private key, but this is not necessary if the only goal is to defeat the snoops: the passphrase can be left completely empty by default, so the mailreader can decrypt incoming mail (which has been encrypted by the senders using the recipient's public key obtained from a keyserver) without bothering the user with a request for a passphrase. [Not ideal of course, but at least it would make the operation transparent.]
  • While I believe this has been said before, I am afraid the only solution is "All encryption, all the time". Projects like S/WAN, OpenSSH, OpenBSD and others are already available, and they are our only chance to protect everyone's privacy in the future.

    A few random ideas... Consider this my "wishlist":

    • Encrypted IP traffic: communications between your ISP and your computer are always protected by some sort of S/WAN, OpenSSH, or a "real" PPPTP with strong, open-source encryption using peer-reviewed algorithms.
    • IP Telephony and IP Fax become widely-used and are protected with the above solutions. PGPFone already exists and there are already commercial solutions for encrypted fax. GPGFone/Fax anyone?
    • (To be designed) Encrypted and optimized file systems are systematically used on all servers and workstations -- protecting privacy with a minimal performance hit.
    • Cracking contest (distributed.net-style) are always held in order to deduce best key size and security offered by a crypto system.
    • (To be designed) E-Mail programs that automatically attach either your public key or a pointer (finger/URL) to your public key. Automatic duplication of public key on designated regional/local/corporate reference servers if/when an e-mail message goes through them, with auto-replication every month (for instance).
    • (To be designed) E-Mail program that automagically use encryption to protect your correspondence and encrypt everything by default. Auto signature and authentication should also be enabled by default.
    • (To be designed) IP protocol to automatically request and exchange public keys. Auto-storage of public keys in e-mail system database to be used while sending e-mail.
    • (To be designed) TEMPEST countermeasures!!! There has to be a way to stop snoops from spying on CRT/CPU radio emissions!
    • Auto-SLL with strong crypto for all e-mail based on the web.
    • Etc...


    If most of these points are actually implemented, we may be protected from Echelon, depending on the sophistication of the cracking techniques of the NSA. What you write in a forum like /. would be the only non-protected form of speech -- even though we may imagine a cryptographically strong Slashdot, where we would all be ACs!! =)

    On a side note: "The Independent" is a very well-known and accurate newspaper in the UK. You can have a fair amount of trust in this paper -- it's not called "The Independent" for nothing.

    Of course this opinion is worth exactly what you paid for it... =)
  • There is no need for a central database of keys, nor indeed for a new database of any sort. The PGP "database" is an already existing widely implemented distributed repository of public PGP keys which is well supported worldwide.
    • What is the effect of a government, tax financed patent?

    An interesting question, for certain.

    I was given to understand that, in the US, Governments can't hold copyrights. Why can they hold patents but not copyrights? Are such patents defensive in nature?

  • Anyone who sends unencrypted text or audio over satellite transponders or radio/microwave links should not be surprised that other people are listening.

    The NSA, KGB, GCHQ and other intelligence agencies have been doing this for decades. They are not going to stop just because some people have the illusion that their email and conversations are private.

    European countries have been intercepting and reading paper mail in "black chambers" for hundreds of years.

  • start kite flying...

    ..one reason COULD be that there is a lot of interest in this field due to the increase in a desire to replace manned call centres with software, so key phrase recognition would be a neat trick. Software designed using this could help callers by recognising what they were talking about and acting accordingly


    ..end kite flying
  • Another site with the same idea is The Hunger Site [thehungersite.com]

    Visit and save a life!

  • This is weird, because in the early seventies I was hanging around a lot of comp sci grad students at Yale University in New Haven (where I grew up). And I got my first taste of the Internet (which at the time was refered to as 'ArpaNet' I believe) By a friend who was working in a lab way off the beaten track (away from the rest of Yale's facilities, actually in the middle of the downtown business district). The point? He was working on a reading machine, that would take a book (stack of pages) from a hopper, scan them and read them aloud. I know, you say, 'OCR. what's the big deal?' But remember, this was 1972. When did YOU first see OCR in action? Maybe I am off the track here but I think somehow it relates...
  • by razvedchik (107358) on Monday November 22, 1999 @09:31PM (#1511407)
    I am just amazed at the responses here on /. about any news related to the NSA. I am clinically paranoid, and you all exceed even my exploits.

    I will admit, though, it does sound like a blatant disregard for my personal privacy, so I'm going to attack the government back.

    It never fails that there is a score of posts containing supposedly keywords that would set of the "Echelon" buzzers deep inside some bunker in the DC area. Then, thugs come and raid your house while you sleep and drag you away hancuffed, naked, and screaming to their torture chambers, where you are given a showtrial and then sentenced to 8 years in a work camp in the frozen north.

    Wake up, people.

    As anybody with a rational mind can tell you. most people (99.99999%) have nothing to worry about. Just because someone can collect information on just about anything they want to (try it sometime--even use whois and a couple of internet search engines to see what you can come up with about yourself) doesn't mean that they will.

    Just about anybody who has experience in the intelligence field or law enforcement can tell you that true, valuable intelligence (or investigation, if you prefer) is the result of long-term collection and analysis. Just scanning traffic for keywords will not work. Pull up your favorite search engine and do a search for bomb. How many results do you get?

    If you want to collect intelligence, you need to set a specific goal or target. Usually, this is influenced by political means. It's just like a police investigation. In one very well-documanted book ("Inside the Aquarium") about Soviet intelligence collection, Victor Suvorov (former Spetznaz and GRU Major who defected to the west) talked about picking an area such as the US 7th Fleet in the Mediterranean. They focused on the question, "When and where are the major deployments of the Carrier Battle Groups?" Then, you identify the means to collect on that target. In our case, the spies ran a hotel in a major port town that served as a homebase for several fleet ships. They didn't just walk around town asking people for information, which is fairly comparable to scanning IP packets.

    In order for intelligence to be valuable, it has to be correct, timely, and actually useful to the guys who need it. It takes a concerted effort between many different organizations to accomplish this. Just because you "intercepted" an email containing a few keywords, that does not constitute an intelligence lead. Basically, it is as reliable as a rumor that you overheard in a seedy bar downtown. No police investigator would bet his reputation on such a piece of information.

    All the so-called 'experts" on Echelon are just speculating. They are conducting a very weak intelligence collection operation on the NSA. Alot of information is easily available, such as purchase contracts with suppliers. So, they collect all this information and then make a good guess. That's all it is. Unless you've been in the bunkers and fences, you have no idea what goes on inside.

    As far as invasion of privacy, yes, some intelligence agencies are more invasive in their techniques than other ones. Ever since they got their buttocks burned several decades ago (Vietnam and Mccarthy Eras), they have had to seriously rethink their policy concerning this. I think, just like the police, trying to conduct operations in as unintrusive means as possible is basically the policy. Honestly, I'm more worried about my boss tracking my keystrokes to find out if I'm jerking off at work, or my system administrator forking my mail through a buzzword filter to report me to my boss, and the adolescent who lives in the high-rise next to me who was given a 100x telescope for his birthday.

    In short, just because the NSA, FBI, CIA, and others can spy on you doesn't mean that they will, or that they even want to.

  • According to the US, all but them are terrorists.

    Whenever they feel like it, they blow up some hospitals or embassies in other countries and then say they "had" to do it to protect the world from terrorists.

    Guess what - the US of A is the biggest bully in the world, and you'd have to be an american not to see it.

  • Although the answer to electronic snooping is clearly encryption, anti-snooping and pro-privacy campaigners regularly bemoan the fact that encrypting one's email never really took off as the normal thing to do, despite a plethora of PGP wrappers.

    I think the reason for that is pretty clear, and consequently the solution is as well: the major mailreaders needs to automatically retrieve PGP keys from default keyservers and automatically decrypt incoming mail *by default* for electronic envelopes to catch on in any significant way. [This is even more important than encrypting outgoing mail.] If there is any manual configuration involved, or any hassle whatsoever, or (shock horror!) any knowledge required, then it just won't happen. Clued up computer users simply aren't around in sufficient numbers to form a critical mass in the email world. For encrypted email to take off, Joe Bloggs has to be part of the revolution, without even being aware of it. [Just like he sends WINMAIL.DAT attachments everywhere without being aware of it.]

    I guess this means that until Netscape and Microsoft implement the above in their respective products, nothing of any statistical significance will happen in this area.
  • Suggestion:
    Try at least to place words in context! narcotics^iraq^nuclear war will not fool this system-- it is unlikely that they have much to do with each other.

    It appears that context is very important. Try to use a *few* words *in context* in a short paragraph. Attach *that* to your regular email message and the system is more likely to be false positive.

    The paper referenced by another poster was interesting.
    http://trec.nist.gov/pubs/trec7/papers/nsa-rev.p df
    ( cute. "Iraq" was one of the example words.)

    Personally, I would have placed the keywords in a Binary tree based on alpha order for speed purposes. Perhaps this paper would describe an effective system for a *second* check of any messages flagged by an alpha tree system. Or maybe they have hardware of the gods and don't need to? ; )

    Bobzibub
    (The Happy Slacker)


I am the wandering glitch -- catch me if you can.

Working...