Re: PRISM: NSA/FBI Internet data mining project

[Warren Bailey <wbailey () satelliteintelligencegroup com>]

I was just thinking.. Why go after all of these network based information type? Why not just approach dell about some 
secret iDRAC system for Agent X?


Sent from my Mobile Device.


-------- Original message --------
From: Wayne E Bouchard <web () typo org>
Date: 06/08/2013 9:10 AM (GMT-08:00)
To: Owen DeLong <owen () delong com>
Cc: nanog () nanog org
Subject: Re: PRISM: NSA/FBI Internet data mining project


You can keep a hacker out, true, but you cannot keep the government
out. When the force of law can be used to compell you to act against
your wishes or your own best interests, all bets are of. Hackers sneak
in through the back door. The govt just breaks the front door down and
demands entry and that is what appears to have happened here.

Remember that part of the issue is the fact that, thanks to the
Patriot Act and FISA, not only can you be given a warrant that does
not proceed through normal channels, you are forbidden from even
acknowledging its very existence or risk prison. That's ideal
conspiracy fodder. Add to that the ignorance of the common man
combined with the fact that no one here should have any doubt that the
NSA is capable of things you and I haven't even imagined yet, and what
are you likely to end up with when a snooping story breaks? Nothing
short of the NSA being remained to the "National Surveilance
Administration". My gripe is that they should not have this sort of
power to begin with. Power will be abused, pure and simple. The only
way to prevent the abuse of power by government entities is to deny
them that power in the first place.

So I don't buy the whole thing because as an engineer, I know it's a
lot more difficult than people think but, as an engineer, I also know
the value of the right technology in just the right place. Do I
believe they're snooping my waves and watching my keyboard? No, but
with access to the right point (email servers and proxies near the
eyeballs) they really don't have to. Besides, if they *DID* want to
monitor someone that closely, we all know how easy it is for a
somewhat more skilled hacker to get access to a desktop. So I'm up for
about half of what is out there with just a touch of skepticism.

Even without the whole kit and kaboodle, the information they have
access to already is pretty frightening. With it, you can reverse
engineer and acquire much more information through indirect means when
the right search parameters are used and the right correlations made.
Ever made a campaign contribution or a donation to a group like the
NRA or CATO? Membership information is not private when they can just
go back and look for the credit/debit transaction and compile the list
that way. How often do you phone your congresscritter? Easy to
identify the politically active by seeing who is placing/receiving
calls from a given group. This whole system is just ripe for abuse.
The statement the president made on this issue, as I heard it, really
boils down to 5 words: "We're the government. Trust us."

*shudder*

-Wayne

On Fri, Jun 07, 2013 at 06:20:28PM -0700, Owen DeLong wrote:
> Dan,
>
> While the government has no responsibility to protect my data, they do have a responsibility to respect my privacy. 
> While you are correct in that proper personal security procedures to protect my data from random crackers would, in 
> fact, also protect it from the government, that's a far cry from what is at issue here.
>
> The question here is whether or not it should be considered legitimate for the US Government to completely ignore the 
> fourth and fifth amendments to the constitution and build out unprecedented surveillance capabilities capturing vast 
> amounts of data without direct probable cause for that snooping.
>
> I'm not so much concerned about them gaining access to data I don't want them to access. I am far more disturbed by 
> the trend which reflects a government which increasingly considers itself unrestrained by the laws it is in place to 
> support and implement.
>
> Owen
>
> On Jun 7, 2013, at 8:42 AM, Dan White <dwhite () olp net> wrote:
>
> > On 06/07/13 11:11 -0400, Rob McEwen wrote:
> > > On 6/7/2013 9:50 AM, Dan White wrote:
> > > > OpenPGP and other end-to-end protocols protect against all nefarious
> > > > actors, including state entities. I'll admit my first reaction yesterday
> > > > after hearing this news was - so what? Network security by its nature
> > > > presumes that an insecure channel is going to be attacked and
> > > > compromised.  The 4th Amendment is a layer-8 solution to a problem that
> > > > is better solved lower in the stack.
> > >
> > > That is JUST like saying...
> > >
> > > || now that the police can freely bust your door down and raid your
> > > house in a "fishing expedition", without a search warrant, without court
> > > order, and  without "probable cause"... the solution is for you to get a
> > > stronger metal door and hide all your stuff better.||
> >
> > Hiding stuff better is generally good security practice, particularly in
> > the absence of a search warrant. How effective those practices are is
> > really what's important.
> >
> > From a data standpoint, those security procedures can be highly
> > effective, even against law enforcement. But it's not law enforcement that
> > I worry about the most (understandably, you may have a differing opinion);
> > It's the random anonymous cracker who isn't beholden to any international
> > laws or courts. I design my personal security procedures for him.
> >
> > That's why I don't, say, send passwords in emails. I don't trust state
> > entities to protect the transmission of that data. I don't wish to place
> > that burden on them.
> >
> > > You're basically saying that it is OK for governments to defy their
> > > constitutions and trample over EVERYONE's rights, and that is OK since a
> > > TINY PERCENTAGE of experts will have exotic means to evade such
> > > trampling. But to hell with everyone else. They'll just have to become
> > > good little subjects to the State.  If grandma can't do PGP, then she
> > > deserves it, right?
> >
> > I believe it's your responsibility to protect your own data, not the
> > government's, and certainly not Facebook's.
> >
> > > Yet... many people DIED to initiate/preserve/codify such human rights...
> > > but I guess others just give them away freely. What a shame. Ironically,
> > > many who think this is no big deal have themselves benefited immensely
> > > from centuries of freedom and prosperity that resulted from "rule of
> > > law" and the U.S. Constitution/Bill of Rights.
> >
> > Freedom is very important to me, as well as the laws that are in place to
> > protect them.
> >
> > --
> > Dan White

---
Wayne Bouchard
web () typo org
Network Dude
http://www.typo.org/~web/