| |
| http://www.schneier.com/blog/archives/2013/06/details_of_nsa.html Facebook (here), Apple (here), and Yahoo (here) have all released details of US government requests for data. They each say that they've turned over user data for about 10,000 people, although the time frames are different. The exact number isn't important; what's important is that it's much lower than the millions implied by the PRISM document.
Now the big question: do we believe them? If we don't, what would it take before we did believe them? | |
|
| http://www.schneier.com/blog/archives/2013/06/nsa_secrecy_and.html In an excellent essay about privacy and secrecy, law professor Daniel Solove makes an important point. There are two types of NSA secrecy being discussed. It's easy to confuse them, but they're very different.
Of course, if the government is trying to gather data about a particular suspect, keeping the specifics of surveillance efforts secret will decrease the likelihood of that suspect altering his or her behavior.
But secrecy at the level of an individual suspect is different from keeping the very existence of massive surveillance programs secret. The public must know about the general outlines of surveillance activities in order to evaluate whether the government is achieving the appropriate balance between privacy and security. What kind of information is gathered? How is it used? How securely is it kept? What kind of oversight is there? Are these activities even legal? These questions can't be answered, and the government can't be held accountable, if surveillance programs are completely classified.
This distinction is also becoming important as Snowden keeps talking. There are a lot of articles about Edward Snowden cooperating with the Chinese government. I have no idea if this is true -- Snowden denies it -- or if they're part of an American smear campaign designed to change the debate from the NSA surveillance programs to the whistleblower's actions. (It worked against Assange.) In anticipation of the inevitable questions, I want to change a previous assessment statement: I consider Snowden a hero for whistleblowing on the existence and details of the NSA surveillance programs, but not for revealing specific operational secrets to the Chinese government. Charles Pierce wishes Snowden would stop talking. I agree; the more this story is about him the less it is about the NSA. Stop giving interviews and let the documents do the talking.
Back to Daniel Solove, this excellent 2011 essay on the value of privacy is making the rounds again. And it should.
Many commentators had been using the metaphor of George Orwell's 1984 to describe the problems created by the collection and use of personal data. I contended that the Orwell metaphor, which focuses on the harms of surveillance (such as inhibition and social control) might be apt to describe law enforcement's monitoring of citizens. But much of the data gathered in computer databases is not particularly sensitive, such as one's race, birth date, gender, address, or marital status. Many people do not care about concealing the hotels they stay at, the cars they own or rent, or the kind of beverages they drink. People often do not take many steps to keep such information secret. Frequently, though not always, people's activities would not be inhibited if others knew this information.
I suggested a different metaphor to capture the problems: Franz Kafka's The Trial, which depicts a bureaucracy with inscrutable purposes that uses people's information to make important decisions about them, yet denies the people the ability to participate in how their information is used. The problems captured by the Kafka metaphor are of a different sort than the problems caused by surveillance. They often do not result in inhibition or chilling. Instead, they are problems of information processing -- the storage, use, or analysis of data -- rather than information collection. They affect the power relationships between people and the institutions of the modern state. They not only frustrate the individual by creating a sense of helplessness and powerlessness, but they also affect social structure by altering the kind of relationships people have with the institutions that make important decisions about their lives.
The whole essay is worth reading, as is -- I hope -- my essay on the value of privacy from 2006.
I have come to believe that the solution to all of this is regulation. And it's not going to be the regulation of data collection; it's going to be the regulation of data use.
EDITED TO ADD (6/18): A good rebutttal to the "nothing to hide" argument. | |
|
| http://www.schneier.com/blog/archives/2013/06/evidence_that_t.html Interesting speculation that the NSA is storing everyone's phone calls, and not just metadata. Definitely worth reading.
I expressed skepticism about this just a month ago. My assumption had always been that everyone's compressed voice calls is just too much data to move around and store. Now, I don't know.
There's a bit of a conspiracy-theory air to all of this speculation, but underestimating what the NSA will do is a mistake. General Alexander has told members of Congress that they can record the contents of phone calls. And they have the technical capability.
Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.
William Binney, a former NSA technical director who helped to modernize the agency's worldwide eavesdropping network, told the Daily Caller this week that the NSA records the phone calls of 500,000 to 1 million people who are on its so-called target list, and perhaps even more. "They look through these phone numbers and they target those and that's what they record," Binney said.
Brewster Kahle, a computer engineer who founded the Internet Archive, has vast experience storing large amounts of data. He created a spreadsheet this week estimating that the cost to store all domestic phone calls a year in cloud storage for data-mining purposes would be about $27 million per year, not counting the cost of extra security for a top-secret program and security clearances for the people involved.
I believe that, to the extent that the NSA is analyzing and storing conversations, they're doing speech-to-text as close to the source as possible and working with that. Even if you have to store the audio for conversations in foreign languages, or for snippets of conversations the conversion software is unsure of, it's a lot fewer bits to move around and deal with.
And, by the way, I hate the term "metadata." What's wrong with "traffic analysis," which is what we've always called that sort of thing? | |
|
| I've got some moles on my face that I want removed and as this isn't something the NHS offer I need to go private. Was just wondering if anyone here has any places to recommend or even to avoid? There are reviews for some places online but thought I'd ask here too.
It's pretty costly and not something I'm taking lightly so I want make sure I go to the best place possible.
Thanks! | |
|
| http://www.schneier.com/blog/archives/2013/06/blowback_from_t.html There's one piece of blowback that isn't being discussed -- aside from the fact that Snowden has killed the chances of any liberal arts major getting a DoD job for at least a decade -- and that's how the massive NSA surveillance of the Internet affects the US's role in Internet governance.
Ron Deibert makes this point:
But there are unintended consequences of the NSA scandal that will undermine U.S. foreign policy interests -- in particular, the "Internet Freedom" agenda espoused by the U.S. State Department and its allies.
The revelations that have emerged will undoubtedly trigger a reaction abroad as policymakers and ordinary users realize the huge disadvantages of their dependence on U.S.-controlled networks in social media, cloud computing, and telecommunications, and of the formidable resources that are deployed by U.S. national security agencies to mine and monitor those networks.
Writing about the new Internet nationalism, I talked about the ITU meeting in Dubai last fall, and the attempt of some countries to wrest control of the Internet from the US. That movement just got a huge PR boost. Now, when countries like Russia and Iran say the US is simply too untrustworthy to manage the Internet, no one will be able to argue.
We can't fight for Internet freedom around the world, then turn around and destroy it back home. Even if we don't see the contradiction, the rest of the world does. | |
|
| - Tags:crypto, cryptography, encryption, graph, link blog, mathematics, maths, matrix, metadata, nsa, paul revere, prism, social networks, software, surveillance, tools, tor
| |
|
| http://www.schneier.com/blog/archives/2013/06/sixth_annual_mo.html On April 1, I announced the Sixth Annual Movie Plot Threat Contest:
I want a cyberwar movie-plot threat. (For those who don't know, a movie-plot threat is a scare story that would make a great movie plot, but is much too specific to build security policy around.) Not the Chinese attacking our power grid or shutting off 911 emergency services -- people are already scaring our legislators with that sort of stuff. I want something good, something no one has thought of before.
Submissions are in, and -- apologies that this is a month late, but I completely forgot about it -- here are the semifinalists.
- Crashing satellites, by Chris Battey.
- Attacking Dutch dams, by Russell Thomas.
- Attacking a drug dispensing system, by Dave.
- Attacking cars through their diagnostic ports, by RSaunders.
- Embedded kill switches in chips, by Shogun.
Cast your vote by number; voting closes at the end of the month. | |
|
| |
brokenhut
comments.