Interesting People mailing list archives
worth reading -- loophole in FISA?
From: David Farber <dave () farber net>
Date: Sat, 24 Dec 2005 15:12:48 -0500
Begin forwarded message: From: Ridgely Evers <revers () evers org> Date: December 24, 2005 12:25:40 PM EST To: "'David Farber'" <dave () farber net> Subject: RE: worth reading -- loophole in FISA? Dave, David Reed is right on the money in terms of the false positive issue. Actually, the "more hay" methodology has been shown to be ineffective inother, related fields, and even worse has been shown to be an effective tool
for _evading_ detection.Simply put, it is relatively easy for an attacker to determine the kinds of
things that trigger alerts, and to flood the detection system with thosetypes of events. Intrustion detection systems on networks are classic cases
in point: they are so overwhelmeed by false positives that in very shortorder the people monitoring the systems stop paying attention. A "boy who
cried wolf" problem, exacerbated by the fact that the marginal cost ofcreating a false positive is many orders of magnitude less than the cost of
responsing to one.Ultimately, the IDS systems end up being used either (a) to show uninformed management that "we're doing something", and/or (b) as part of the forensic process _after_ a breach has occurred to try to see if the attacker left any
useful footprints (hint: the answer is "no"). There's a trend to watch for, as well. The follow-on technology to IDS,optimistically referred to as Intrusion Prevention Systems, has been touted
as a tool to actually stop attacks in progress. Essentially, it's a combination of detection capability coupled with 'drop the connection'capability. It came into existence because security people thought it would be cool, and because customers were complaining about the overload on human resources that the IDS technologies imposed. The theory was that technology could operate with sufficient speed to prevent bad things from happening.
The real world response (as noted in a recent Network World review of IPS) has been that the systems are getting deployed, but without the 'P' feature enabled. It seems that users are not willing to take the risk of shutting off a good connection (the 99.9999% case) in order to prevent an attack (the
0.0001% case). But I expect that the next layer of proposals out of the NSA data miningmess will be to create and deploy some magic system that can operate at the
speed of the technology being monitored. <Insert massive (unsuccessful) budget here.> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Ben Franklin, ~1784 --Ridge -----Original Message----- From: David Farber [mailto:dave () farber net] Sent: Thursday, December 22, 2005 3:40 PM To: Ip Ip Subject: worth reading -- loophole in FISA? Begin forwarded message: From: "David P. Reed" <dpreed () reed com> Date: December 22, 2005 5:47:25 PM EST To: dave () farber net Cc: ip () v2 listbox com Subject: Re: [IP] worth reading -- loophole in FISA? Well, Dave, here's a couple of relevant personal thoughts regarding vacuum-cleaner-like data gathering... 1) there's a saying I heard recently that the NSA's approach to intelligence is like trying to find a needle in the haystack by sending tractors in the field to gather more hay. Based on my understanding of the reliability of inference-making I suspect the problem is that and worse. So these so-called vacuum-cleaner technologies probably won't improve the ability to predict terrorism that much, but the elimination of checks and balances will almost certainly result in lots of "false positives" that can be used as presumptive reasons to harass both US citizens and foreigners for "inferences" that are little more than wild-ass intuitions about what kind of activity might be correlated with bad actors. Of course there are lots of technology companies who sell stuff to the intelligence community who are full of hyperbolic claims about the wonders of mass data collection and analysis, but if they were so good, why don't they predict the stock market instead and make money the old fashioned way? Predicting the stock market is a trivial problem compared to predicting and preventing terrorism, but in the market there is actually a measure of success, whereas the measure of success in the beltway intelligence technology business is getting another, bigger contract. (that's what comes from outsourcing to a military-industrial complex that is so big it can buy members of Congress, lock stock and barrel, as we saw with Duke Cunningham). 2) what the NSA does outside the US may be legal under US law, but by no means is it either legal or a source of pride when viewed in other countries or in international law. The grand glorious endeavor of spying is fundamentally anti-social and anti-humanity. Apparently, part of the standard CIA induction briefing is being reminded that humint is just another word for fraud, deception, burglary, and other things that we do not tolerate in civilized societies. If agents carrying out such acts are discovered in our country they can be executed, and by symmetry most countries can and will execute our spies if caught. (this may be cruel and unusual, because theft of information inside a country is usually punished by more lenient methods). Sigint (though the hands *seem* cleaner) is legally and morally just wire fraud and peeping-tomism etc. by another name, and again, agents who listen in on radio or wire conversations in other countries are violating their laws, just as agents doing that in the US would be guilty of espionage and subject to execution or harsh penalties. So by any "golden rule" standard of justice we should be careful. One can argue that, just as war is sometimes thought to be necessary to deal with threats to the citizens of our nation, intelligence gathering, however illegal, might also be sometimes necessary. But it's not a "good" at any level, and hardly something we should be proud of. However, the thrill of hanging out with the codebreakers shouldn't be used to glamorize what is, at its core, just a government-sanctioned form of antisocial behavior. It's practitioners cannot be trusted to decide what is appropriate, because they are by definition able to carry out acts that are antisocial and illegal. ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- worth reading -- loophole in FISA? David Farber (Dec 22)
- <Possible follow-ups>
- worth reading -- loophole in FISA? David Farber (Dec 24)