
Big Data Firm Says It Can Link Snowden Data To Changed Terrorist Behavior - santoriv
http://www.npr.org/blogs/thetwo-way/2014/08/01/336958020/big-data-firm-says-it-can-link-snowden-data-to-changed-terrorist-behavior
======
lectrick
1) There is nothing that indicates that this "encryption upgrade" wasn't
planned for some time. Correlation ≠ causation, and all that.

2) The very word "terrorist" is disputed, and depends on your side in any
given dispute. It is the "high treason" of the 20th and 21st century, an
accusation or insinuation used mainly for political reasons and not for actual
utility:
[http://en.wikipedia.org/wiki/Terrorism](http://en.wikipedia.org/wiki/Terrorism)
"In the international community, terrorism has no legally binding, criminal
law definition."

3) The fact that 21st century treason is being casually associated with open
source is DEEPLY disconcerting to me. I would go to war for a very few things,
but any attack on open source is a direct attack on me AFAIC.

~~~
tptacek
The idea that al Qaeda might not be a terrorist group is a false controversy,
as is the idea that participating in open source might be treason.

~~~
atmosx
I think it's safe to assume that a 15 year old kid in Palestine is much more
_terrorised_ at the sight of Benjamin Netanyahu than Bin Laden.

It's also safe to assume that a kid in Ukraine is terrorised by Russians or by
US/EU depending on which side of the country was he lives.

So, to you Al Qaeda is a terrorist group and I totally get that (to me too).
But you have to understand that to Afghans (and a huge load of populations
worldwide) the USA/NATO is the terrorist group. That's why what @lectrick said
is right I'm afraid.

So either we can assume that all of these parties are terrorists since they
indulge in _actions of terrorism_ ?

~~~
bkmartin
Is it? Which part of Palestine? Gaza or the West Bank? I guess that maybe it
is true, since Bin Laden is dead and Netanyahu is alive...you got me there...

Ukrainian kids terrorized by US/EU? Really? What are you talking about? Even
in the rebel held areas, how has the US/EU EVER terrorized them?

To some Afghans, we could be seen that way, but most of the population in
Afghanistan would rather not take their chances with the Taliban (A terrorist
group).

Actions of Terrorism. What exactly are they? Admittedly, we have caused more
collateral casualties than I'm comfortable with at times in our fight against
terror. But innocent civilians are NEVER OUR TARGET. And that is the
differentiating factor here. Terrorists aim to take down societies, not
governments. Everyone in that society is considered the enemy. Look at
Afghanistan... Taliban goes around beheading people of a different sect of
their own faith, they behead non-believers as well as government officials. If
you aren't for us, then you are against us mentality.

Bin Laden finds a way to fly 2 planes into the twin towers in NYC, killing
thousands of innocent people. Not to mention all the previous attempts to blow
up those buildings in years prior, lest you forget that.

So yes, there is a difference in what we are doing in the war on terror. Have
we executed perfectly? No way. Have we overreached and done things that I
disagree with? Yep. But one thing is damn certain, the motivations of our
actions are not the same as the terrorists.

~~~
celticninja
The motivation behind the attacks don't matter, the effect on the population
being attacked does. The US is/was terrorised by Al-Qaeda and afghans and
Pakistanis are being terrorised by the US (e.g drone warfare).

This is a site with predominantly US and Western users so Al-Qaeda will always
be the terrorists and America the freedom fighters but change the geographic
location of the people you are asking and you change the labels being applied.

------
x1798DE
Even assuming it's true and these leaks made it harder to catch terrorists (I
would be surprised if it made a _huge_ difference), I have to say I really
don't care. Terrorism is not a very significant real risk to people living in
the first world (compared to the risk of fatal lightning strike or drowning in
a bathtub, for example), but pervasive mass surveillance is.

In general, it's kinda absurd to imagine that anything that helps terrorists
is something we don't want to do. Terrorist operations are probably helped by
lots of things like cheap availability of computer and communications
equipment, low travel costs, access to clean drinking water and food, etc.

~~~
localhost3000
"Terrorism is not a very significant real risk..." ...I get what you're saying
but tell that to anyone who was living in or near NYC in 2001. Or anyone in or
near Copley square last year. (I qualify for both...) the "More people die
from [insert ridiculous thing like bee stings]!" argument doesn't work for me
because there's not much you can do about bees/lightning/the existence of
bathtubs but there's plenty to be done about bombs/guns/jihadists/etc. Not
advocating NSA-esque tactics just reacting to the oft-used "this isn't a
significant risk so why bother" argument, which I think is BS.

~~~
x1798DE
There's something you can do for all of those things. You can avoid beestings
by always wearing a beekeeper's outfit. You can avoid lightning strikes by
always keeping yourself grounded. You can avoid dying in a bathtub by never
taking a bath. These are actually _way_ easier deaths to prevent than stopping
terrorism, where you have an active adversary who, without your intervention,
will work to attack you. There's always a cost-benefit tradeoff with every
risk you take.

Terrorism is an insanely small risk - in 2012 33,000 people died in motor
vehicle accidents, which is about 2750 people each month. Compare to 9/11,
which was the worst terrorist attack in history, where 3000 people died.
Basically, there is accidental death on the scale of 9/11 happening _every
single month_ on US roads. And I'm not even saying we need to do something
about that - everyone's pretty comfortable with the level of risk they take
when driving. It's just not a big flashy risk like the kind that shows up on
the news.

Terrorism probably feels riskier because it happens in big clumps. If you were
anywhere except a very specific building in New York or a very specific
building in Washington, DC on 9/11, you were at pretty much zero risk of dying
of terrorism, but a huge fraction of the people in those two places were at
_extremely high_ risk for death by terrorism. By that logic, we should be
spending a whole lot more on near-earth asteroid defenses and research into
how to stop the Yellowstone caldera from exploding, because even though
neither of those things is particularly likely to be the thing that kills any
of us, if they do go off they'll kill a remarkably large number of people.

------
jfasi
This provides a useful way to frame people concerns' about Snowden's
revelations.

Every intelligence service exists at the intersection of two completely
opposite goals: in order to fulfill their mandate to protect their country
from its enemies, they need as much information about the actions of their
enemies as possible. On the other hand, in order to protect their country from
themselves, they need to have as light a touch as possible. There is no
solution; you have to compromise.

The thing about compromises is that even though they tend to kinda sorta
almost make sense when viewed in context, no one is every happy with them. Any
large agency is going to employ a substantial number of people who find these
compromises distasteful.

This report indicates that Al Qaeda, an organization that no one in their
right mind would say should be allowed to operate freely, benefits from these
sorts of disclosures. They learn what's vulnerable, they change their
behavior, and they become more difficult to fight. What's worse, it's
conceivable that the intelligence agency's response could be to _increase_ the
intensity of their activity, the better to capture the enemy's new behaviors.

Now imagine the quandary the intelligence agency faces. They try every day to
meet mandates that are _fundamentally_ unreconcilable. They employ people who
disagree with the compromises at which they've arrived, and each and every one
of them could potentially let the cat out of the bag and render their current
work useless.

I don't mean this argument to criticize of praise the actions of the NSA. I
only suggest that those (Americans) among you who demonize the NSA and
advocate for it's removal consider this reframing of the discussion.

~~~
samirmenon
Is a sustained lack of oversight (from Congress, or anyone else) a necessary
part of this compromise?

~~~
jfasi
No, and I should have address this in my initial comment. I expanded on this
in another comment:

[https://news.ycombinator.com/item?id=8119589](https://news.ycombinator.com/item?id=8119589)

------
higherpurpose
The NSA has been found to destroy the trust even US companies have, by spying
on _everything_. As a result _everyone_ is going to want to take their privacy
more seriously, now that they _know_ they can't trust US companies/government.

So I don't know why that's a surprise. It's not only the _expected_ outcome,
but the _desirable_ outcome.

NSA or not, Snowden has also showed "normal people" that stuff they do on the
Internet really isn't very private at all, even if when typing it on their
computers alone at home "feels private". So that's a great outcome, too, the
fact that people have learned the way the Internet _really_ works, and not
have a false perception about it anymore. If we all start using Signal and
TextSecure, we'll all be safer from _all_ bad actors.

~~~
happyscrappy
>now that they know they can't trust US companies/government

Or the rest of the West for that matter:

[http://en.wikipedia.org/wiki/Fourteen_Eyes#Future_enlargemen...](http://en.wikipedia.org/wiki/Fourteen_Eyes#Future_enlargement)

------
Already__Taken
It's wholesale surveillance, surely everyone has changed their behaviour by at
least a little.

------
stevekinney
Correlation does not equal causation.

I don't think it came as a surprise to terrorist organizations that the NSA
was working to break their encryption techniques—just as I'm sure it wouldn't
have been a surprise to the Soviets during the Cold War.

The group that was surprised and caught off-guard was the American people.

It's been just over a year since the Snowden leaks. Overhauling an entire
communication system likely took more than a year. Ground-up rewrites rarely
go that well.

This strikes me more as a publicity grab for this firm than any kind of
objective science.

------
jgrahamc
Seems pretty tenuous to me. The 'link' seems to be 'some months after Snowden,
those guys released new software with new capabilities'.

------
hoggle
People who don't want to get caught doing something change their communication
behaviour all the time. If anybody is interested in that kind of stuff I'd
recommend watching the surprisingly good TV show "The Wire".

Even if the press would loudly be agreeing over the "fact" that "SNOWDEN PUT
US ALL IN DANGER" it would be an instructive lesson in terms of freedom having
value by it having a price.

"I must not fear. Fear is the mind-killer. Fear is the little-death that
brings total obliteration. I will face my fear. I will permit it to pass over
me and through me. And when it has gone past I will turn the inner eye to see
its path. Where the fear has gone there will be nothing. Only I will remain."

\-- Litany against fear by the Bene Gesserit (Frank Herbert's Dune)

------
smoothgrips
This is a great example of the "Post hoc ergo propter hoc" logical fallacy:
[https://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc](https://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc)

------
belorn
There has been studies that linked the type of surveillance NSA do to behavior
changes which decreases calls to hot-lines, doctors, lawyers, and priests.
Since suicide is the second most common cause of death in adolescents, one
would think that tampering with the effectiveness of suicide prevention is
worse than blowing the whistle on the surveillance.

Now I don't doubt that this report that was made by a CIA funded company
include a somewhat unbiased view, but maybe in a few years time a independent
research group could look into the effect that the NSA surveillance and the
Snowden leaks had onto society.

~~~
cthulhuhodor
link to said studies?

~~~
belorn
Sorry, meant to say a study. There are studies that look at the localized
effect of surveillance (in the work place, on the street, on a park...), but I
have not seen more than this study that try to look at the effect society gets
from ubiquitous surveillance.

link: [http://www.kreativrauschen.com/blog/2008/06/04/data-
retentio...](http://www.kreativrauschen.com/blog/2008/06/04/data-retention-
effectively-changes-the-behavior-of-citizens-in-germany/)

------
chrisbennet
When a reporter finds out that the police planted evidence to get a
conviction, is it the reporters fault if the criminal goes free?

When a reporter uncovers the story of rapes on campus, is it the reporter's
fault that the university's reputation is tarnished?

When Snowden exposed that the NSA was (unconstitutionally) spying on _every_
citizen, is it somehow Snoden's fault that terrorists gain an advantage?

~~~
Khaine
Snowden has leaked more then just that. Thats the fundamental difference. Most
of the revelations have nothing to do with constitutional vs unconstitutional
activities of the NSA, they relate to capabilities that the NSA has.

------
hbz
Did Snowden reveal anything about "Mujahideen Secrets" or whether the NSA was
able to unscramble communications made using that program? If it really was
using homebrew cryptography, one can imagine it was already vulnerable to the
types of attacks that programmers make when rolling their own security
schemes.

~~~
makomk
Snowden hasn't so far as I know. However, a number of security researchers
have published articles analyzing Mujahideen Secrets and criticising its
crypto based on publicly-available information. That probably has more to do
with why they redesigned it than anything else.

------
opendais
Correlation ≠ causation

"Whatever the reason, Schneier says, al-Qaida's new encryption program won't
necessarily keep communications secret, and the only way to ensure that
nothing gets picked up is to not send anything electronically. Osama bin Laden
understood that. That's why he ended up resorting to couriers."

That basically admits the reality of the situation. They knew all along that
the NSA and so on was watching/listening. It is why Osama used couriers.

I highly suspect that the answer is the obvious one:

Any _idiot_ knows not to invent your own crypto algorithms in isolation. They
moved from homebrew crypto to modern, widely used standards. This is
correcting a technical error they made, nothing more.

To be honest, if anything, this proves how inept the NSA is that they couldn't
even break the homebrew crypto in a meaningful way to provide useful
intelligence.

------
norlowski
Weird fact: Snowden leaks have changed behavior of NPR reporters and content
of news reports!

------
waterflame
It's like accusing Google of facilitating Terrorist attacks through Maps. The
NSA was unconstitutionally spying on everyone. If Snowden accused NSA without
releasing any Data, no one would've believed him.

------
abhv
The actual report is now linked here:

[https://www.recordedfuture.com/al-qaeda-encryption-
technolog...](https://www.recordedfuture.com/al-qaeda-encryption-technology-
part-2/)

First point: AlQ is now using well-studied encryption algorithms (possibly in
the correct way, but not investigated in this story)

Second point: Some claim about the software not being malware. Could not
deduce the technical point they want to make here.

But it is an embarrassing analysis that DOES NOT support their headline-
seeking claim.

------
ugk
I don't think that's terribly difficult. The NSA has obviously changed their
behavior. /snippy internet comment

------
csbrooks
"...for years, al-Qaida has used an encryption program written by its own
coders called Mujahideen Secrets."

Wow, that's crazy! I had no idea. Al-Qaida does their own software
development? So weird.

Using their own homebrew encryption algorithms is a terrible idea, though. The
NSA must have been all over this thing.

~~~
jacquesm
It's in this particular case, a great idea. And I hope this comment will
strengthen those responsible in their attitude that what they build is
absolutely unbreakable.

~~~
csbrooks
Sure, maybe we can talk them into using water pistols instead of real weapons,
too. :)

------
jacquesm
I think it would be much more surprising if they had not.

------
slashCJ
I wonder if this is the same sophisticated open source encryption recommended
by NIST which was revealed the NSA influenced policy in?...

------
Rapzid
If they can link it, why haven't they? Everything is linked by the passage of
time..

------
youngtaff
MRDA!

