Prism and Verizon surveillance discussion thread

Faust · August 12, 2013, 12:56:27 PM

Quote from: Carlos Danger on August 12, 2013, 11:44:44 AM
We've known for a while that UK law enforcement has basic tracking abilities which are linked to mobile phones. Even as far back as the early 2000s, I remember a police spokesperson letting slip that they could track someone's movements due to their phone (it was regarding a murder case, IIRC).

I think the initial way it worked was triangulation via different mobile phone towers in an area, whereas this is obviously a more sophisticated update. Either way - if you're up to mischief, you should be turning your phone off and leaving it at home.

Yeah, the triangulation of mobile phones is pretty decent, apart from the GPS data which now gives you down to fifty feet, back in the late 90's you could get a mile radius of someone and cumulatively average the position until its down to a short distance if the phone is stationary.

Telarus · August 12, 2013, 08:51:22 PM

Yup, I actually saw a Nextel rep demo this when I worked at their call-center in '03 (before the sprint buy-out).

Random Probability · August 12, 2013, 09:50:38 PM

Actually, I'd say the spying program is just a little bit more bad than anyone imagines.

Personal anectdote: I worked at a company that did secret squirrel stuff for the gu'mint, mostly hardware. One day one of the engineers I worked with (who was close friends with my supervisor) paraphrased something oddball I had written on my computer; a file I probably hadn't accessed in at least a year and had never published on the internet.

Since then I've pretty much given up on any possibility of "security" on the internet. Unless you write the code yourself, it's pretty much a given that it's compromised. And those "proxy" services are ALL honeypots by now (if they ever weren't).

Doktor Howl · August 12, 2013, 09:53:38 PM

Quote from: Random Probability on August 12, 2013, 09:50:38 PM
Actually, I'd say the spying program is just a little bit more bad than anyone imagines.

Personal anectdote: I worked at a company that did secret squirrel stuff for the gu'mint, mostly hardware. One day one of the engineers I worked with (who was close friends with my supervisor) paraphrased something oddball I had written on my computer; a file I probably hadn't accessed in at least a year and had never published on the internet.

Since then I've pretty much given up on any possibility of "security" on the internet. Unless you write the code yourself, it's pretty much a given that it's compromised. And those "proxy" services are ALL honeypots by now (if they ever weren't).

For me, proxies exist so I can troll the 700 Club a million times.

I have always assumed that anything I say on the internuts is NOT private.

Cain · August 13, 2013, 10:06:51 PM

FOX News, but ignore that:

http://www.foxnews.com/opinion/2013/08/13/spy-chief-clapper-to-run-independent-review-us-spy-program/

QuoteLess than three days after President Obama announced an "independent review" of the nation's surveillance technologies, the White House has appointed James Clapper, the director of national intelligence, to run the panel.

The Good Reverend Roger · August 13, 2013, 10:14:55 PM

Quote from: Carlos Danger on August 13, 2013, 10:06:51 PM
FOX News, but ignore that:

http://www.foxnews.com/opinion/2013/08/13/spy-chief-clapper-to-run-independent-review-us-spy-program/

QuoteLess than three days after President Obama announced an "independent review" of the nation's surveillance technologies, the White House has appointed James Clapper, the director of national intelligence, to run the panel.

Holy shit.

Junkenstein · August 13, 2013, 11:29:13 PM

QuoteIn March, Clapper was at a congressional hearing where he was asked point blank by U.S. Sen. Ron Wyden, (D-Ore.), about whether the National Security Agency collects "any type of data at all on millions or hundreds of millions of Americans."
"No, sir," said Clapper.
That statement now appears to be untrue.

You couldn't make this shit up. Thinking about it, who else would you appoint to the task? No one else likely has clearance and he will undoubtedly be unable to discuss any findings, but I'm sure he'll find that everything is AOk, just a bad apple. Barrels fine. I'm sure he can prove it with evidence he can't show you.

The Good Reverend Roger · August 13, 2013, 11:29:53 PM

Quote from: Junkenstein on August 13, 2013, 11:29:13 PM
QuoteIn March, Clapper was at a congressional hearing where he was asked point blank by U.S. Sen. Ron Wyden, (D-Ore.), about whether the National Security Agency collects "any type of data at all on millions or hundreds of millions of Americans."
"No, sir," said Clapper.
That statement now appears to be untrue.

You couldn't make this shit up. Thinking about it, who else would you appoint to the task? No one else likely has clearance and he will undoubtedly be unable to discuss any findings, but I'm sure he'll find that everything is AOk, just a bad apple. Barrels fine. I'm sure he can prove it with evidence he can't show you.

Your post made me GRIN.

Cain · August 14, 2013, 11:23:30 AM

Meanwhile, the NSA is taking sensible precautions to prevent future leaks:

http://www.businessinsider.com/nsa-firing-sysdadmins-2013-8

QuoteUsing technology to automate much of the work now done by employees and contractors would make the NSA's networks "more defensible and more secure," as well as faster, he said at the conference, in which he did not mention Snowden by name.

Of course, it won't work. But the most hilarious end-case scenario is that the NSA's Skynet becomes horrified at American foreign policy and starts leaking data.

Ever tried putting an alogorithm in prison?

Junkenstein · August 14, 2013, 11:29:50 AM

More relevant HO HO:
http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE97409R20130805?feedType=RSS&feedName=topNews

QuoteA secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.

Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges.

The undated documents show that federal agents are trained to "recreate" the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant's Constitutional right to a fair trial. If defendants don't know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence - information that could reveal entrapment, mistakes or biased witnesses.

QuoteAfter an arrest was made, agents then pretended that their investigation began with the traffic stop, not with the SOD tip, the former agent said. The training document reviewed by Reuters refers to this process as "parallel construction."

The two senior DEA officials, who spoke on behalf of the agency but only on condition of anonymity, said the process is kept secret to protect sources and investigative methods. "Parallel construction is a law enforcement technique we use every day," one official said. "It's decades old, a bedrock concept."

A dozen current or former federal agents interviewed by Reuters confirmed they had used parallel construction during their careers. Most defended the practice; some said they understood why those outside law enforcement might be concerned.

"It's just like laundering money - you work it backwards to make it clean," said Finn Selander, a DEA agent from 1991 to 2008 and now a member of a group called Law Enforcement Against Prohibition, which advocates legalizing and regulating narcotics.

May have already been posted, but still nice to get further confirmation of things I've always suspected.

Cain · August 14, 2013, 11:38:16 AM

There's a whole thread here http://www.principiadiscordia.com/forum/index.php/topic,35133.0.html

Cain · August 14, 2013, 11:41:40 AM

Lavabit and Silent Circle, two security and privacy minded email services, have shut down:

http://lavabit.com/

QuoteI have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot....

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.

Although he does not, and legally cannot say it, it would be safe to bet that Ladar Levison has been sent a National Security Letter demanding his full cooperation with the NSA now and in the future. Especially since it has been revealed that Snowden, among others, has used Lavabit for communicating securely.

Silent Circle says they have not gotten any law enforcement requests, but they are shutting down now to forestall that ever happening:

http://silentcircle.wordpress.com/2013/08/09/to-our-customers/

QuoteWe see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.

Junkenstein · August 14, 2013, 12:07:41 PM

Quote from: Carlos Danger on August 14, 2013, 11:38:16 AM
There's a whole thread here http://www.principiadiscordia.com/forum/index.php/topic,35133.0.html

Ah. It's one of these days where my brain no work so good.

Junkenstein · August 14, 2013, 12:45:54 PM

Quote from: Carlos Danger on August 14, 2013, 11:41:40 AM
Lavabit and Silent Circle, two security and privacy minded email services, have shut down:

http://lavabit.com/

QuoteI have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot....

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.

Although he does not, and legally cannot say it, it would be safe to bet that Ladar Levison has been sent a National Security Letter demanding his full cooperation with the NSA now and in the future. Especially since it has been revealed that Snowden, among others, has used Lavabit for communicating securely.

Silent Circle says they have not gotten any law enforcement requests, but they are shutting down now to forestall that ever happening:

http://silentcircle.wordpress.com/2013/08/09/to-our-customers/

QuoteWe see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.

Looks like Silent Circle came to similar conclusions to you as to why Lavabit shut down. Would it be fairly safe to assume that anyone offering this kind of service will eventually be targeted? I'd guess those not explicitly tied to the US would eventually be subject to similar measures by their nation's equivalent.

Another nice little kick to whistleblowers to just make things that little bit more awkward, dangerous and exposed.

Junkenstein · August 14, 2013, 01:01:00 PM

Err
http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail?sdsrc=rel

QuoteLavabit may no longer be an option, but recent events have driven interest in email and other ways to communicate without exposing quite so much, quite so fast, to organizations like the NSA (and DEA, and other agencies). Kim Dotcom as usual enjoys filling the spotlight, when it comes to shuttling bits around in ways that don't please the U.S. government, and Dotcom's privacy-oriented Mega has disclosed plans to serve as an email provider with an emphasis on encryption. ZDNet features an interview with Mega's CEO Vikram Kumar about the complications of keeping email relatively secure; it's not so much the encryption itself, as keeping bits encrypted while still providing the kind of features that users have come to expect from modern webmail providers like Gmail:
"'The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side,' Kumar said. 'If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That's] not quite impossible but very, very hard. That's why even Silent Circle didn't go there.'"

Are people really going to trust Mega enough to use their secure private email service? I fucking doubt it. In fact, I'd guess them making something like this would be the little justification the need to go after all of them hard due to piracy concerns. With the fallout from the inital Mega debacle still ongoing and plenty of data destroyed/lost/in government hands/limbo I'd avoid this like the fucking plague.

Principia Discordia

News:

Prism and Verizon surveillance discussion thread

Faust

Telarus

Random Probability

Doktor Howl

Cain

The Good Reverend Roger

Junkenstein

The Good Reverend Roger

Cain

Junkenstein

Cain

Cain

Junkenstein

Junkenstein

Junkenstein