
NSA classifies Linux Journal readers as extremists - jtsagata
http://www.techspot.com/news/57316-nsa-classifies-linux-journal-readers-tor-and-tails-linux-users-as-extremists.html
======
noir_lord
The depressing part for me is that I've started to consider what I search for
on a daily basis and how that might look...essentially they are starting to
make me paranoid.

Over the last few months I've googled

Numerous Weapon Systems (I have a fascination with WW1, WWII and Cold War
history - stuff like Black Arrow etc).

Insurgencies during the British Empire

Electronics (want to get back into and saw a fun project to make on reddit the
other day) -
[http://www.youtube.com/watch?v=movVFYWheGM](http://www.youtube.com/watch?v=movVFYWheGM)

Linux stuff (settings, security, the usual stuff a developer/system
administrator would look at).

Programming stuff (relating to security, encryption etc)

NSA related material (following the story closely).

Setting up a VPN (so I can access Netflix US because Netflix UK is basically
crap).

The US constitution and some case law.

NSA Report: "User noir_lord has an interest in privacy, weapons, insurgencies
and excellent technical skills, user noir_lord should be monitored"

Where in reality I'm a 34 year old web developer from the North of England who
enjoys history, techy stuff and playing with my cats.

~~~
rdtsc
That is one way that thought control works.

Religion uses this, "don't think naughty thoughts, God will record it and
you'll pay for it later". NSA is God except that NSA exists and is real.

Here your search is a bit like your thoughts. Any of those things you listed,
possibly could have landed you on the "naughty list". So now you start to
really worry about what you search for. If you can't research or find info
about, well might as well not think about things at all at some point.

Before you used to go to the library. Except that they can monitor that too
and it is terribly inefficient.

I grew up in Soviet Union and I remember being told by my parents not to
mention or talk about certain things (criticizing the party, telling jokes
about politics around strangers, ..., and so on). But at least you knew, if
you are in the country side with your family you could crack jokes at the
stupidity of bureaucracy. And then when I came here the big "selling" point of
the country was "you have all this freedom, and this is something you really
need, want and is the best thing in the world". But just like you, I started
in the last 3-5 years to kind of think for a second before searching for
things. Or when I write an email to a friend, I am careful if I am a bit too
sarcastic or making a joke about the president or whatnot.

Not saying we'll end up in a labor camp anytime soon, but the tragedy is that
this kind of control and monitoring so disturbing vis-a-vis propaganda and the
expectations of what this country should be. In totalitarian regimes at least
it is clear and understandable what is going on and what is expected of
people. Here it is "freedom, dreams, realize yourself, pursue your happiness"
but effectively what we think about is restricted.

~~~
noir_lord
Thanks for the interesting post, as I mentioned in the first post I have a
fascination for 19th and 20th century history and the parallels to some of it
are horribly stark (so stark in fact I can't believe that the people in power
haven't spotted them which leaves me with "this is what they want").

Secret courts, no right to due process, no right to face your accuser, the
presumption of guilt on political grounds, secret warrants, an out of control
security apparatus, extra judicial killings, curtailing on the right to free
protest, right to free speech...

Thanks to our reliance on modern communications and technology the state
apparatus can assemble data warehouses that the most optimistic of STASI
operatives wouldn't have even dreamed possible and we seem to be sleep walking
into a police state more pervasive and insidious than anything we've ever
seen.

"If you want a picture of the future, imagine a boot stamping on a human face
— forever."

~~~
throwawaykf05
But if you delve into that history even more, you'll note that it was
accompanied by a pervasive sense of dread and fear even amongst those who were
not being persecuted. In Nazi Germany, for instance, it was not just the Jews
who lived in terror of the Stasi (edit: mixed up my history, not Stasi, but
the "death squads" \-- the Stasi came after the war, but even more feared),
but all German citizens in general. The reason was probably that the Stasi
made no attempts to hide their activities, just as the various Islamic groups
and Mexican drug gangs don't today. Publicity of their acts to spread terror
is the very tool these folks rely on to exert their control.

People who draw parallels between the actions of today's intelligence agencies
and the agencies of oppression of yesteryear uniformly miss out on this key
difference.

~~~
polymatter
The time to stop a totalitarian police state is _before_ it becomes a
totalitarian police state. It gets a lot harder to stop afterwards.

~~~
gaius
As Bruce Schneieir says, it is poor civic hygiene to even let the systems be
built in the first place. Unfortunately we are well past that point.

------
kps
Another repeat of
[https://news.ycombinator.com/item?id=7983124](https://news.ycombinator.com/item?id=7983124)

And to repeat: the config file available from
[http://daserste.ndr.de/panorama/xkeyscorerules100.txt](http://daserste.ndr.de/panorama/xkeyscorerules100.txt)
says:

    
    
      /*
      These variables define terms and websites relating to the TAILs (The Amnesic
      Incognito Live System) software program, a comsec mechanism advocated by
      extremists on extremist forums.
      */
    

Linux Journal is listed there, as a ‘website relating to TAILS’, not as an
‘extremist forum’.

~~~
krapp
specifically:

    
    
        // START_DEFINITION
        /*
        These variables define terms and websites relating to the TAILs (The Amnesic
        Incognito Live System) software program, a comsec mechanism advocated by
        extremists on extremist forums.
        */
    
        $TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') and word('linux'
        or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or ' tor ');
        $TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*');
        // END_DEFINITION
    

... assuming this file is even what it purports to be.

I understand Hacker News users aren't likely to think critically when it comes
to stories about the NSA but you would expect more of them could actually read
code.

~~~
kps
Really that should be

    
    
      TAILS_terms=(word('tails')
                   and word('linux' or ' USB ' or ' CD'
                            or 'secure desktop' or ' IRC '
                            or 'truecrypt' or ' tor '))
               or word('Amnesiac Incognito Live System');
    

because (1) you need to disambiguate the common word 'tails' but surely not
the specific name 'Amnesiac Incognito Live System', and (2) you don't want to
miss [tails CDROM].

See how important code review is?

------
userbinator
"the agency is targeting anyone who is interested in online privacy" \- not so
surprising, is it. I wonder what other similar criteria there are for being
considered an "extremist"? No Facebook or other social networking accounts?
Uses Linux? Makes certain types of comments online that support privacy (like
this one)? ... It's really unsettling.

On the other hand, now that this is out, I think the NSA will suddenly have a
ton more "extremists" to look at.

~~~
Zigurd
> _NSA will suddenly have a ton more "extremists" to look at._

Let's say that in NSA's dictionary, extremist means "Anyone with even a small
potential to alter the course of society, the economy, or technology."

Those people, plus a comfortable margin, might be 5% of the population. The
NSA probably has the resources to examine all the electronic communications
and do high-quality transcription of verbal communications of that 5%.

Even trying to make that targeting more selective would be, in the NSA's
worldview "counterproductive."

~~~
moron4hire
I'm always curious to hear people talk about "alter the course of society" or
"change culture" or whatever, what they think that means. What does the NSA
think is the "course" of things? Because ultimately, I see it as a tautology:
the course is whatever it is, it is whatever the aggregate of its constituents
make it. So please, tell us NSA, what prescience do you have to know what it
should and shouldn't be?

~~~
userbinator
To the NSA, the course of society is what the government wants.

~~~
bostik
Consider this. NSA are the ones who are providing intelligence reports to the
different parts of the government. They very likely employ a number of
psychologist and sociologists. (I can not verify this, it's just a morbid
hunch.)

What is there to prevent them from biasing (or slanting) the intelligence so
that they continously keep nudging the perceptions of those reading the
reports? The names for this are numerous; thought influence, advertising, even
brain washing in extreme cases.

Or in other words - for the NSA, the course of society may well be what they
can _make_ the government want.

------
srean
What I am really keen to know is whether revelations like these have any
impact on the "would love to work for the NSA fanboy". Do they continue to be
just as keen and rationalize these things away, or does it make them ponder a
bit.

Things have indeed been getting scarier by the minute. Interest in Linux is
not treason, yet, but I cannot/dont rule out that it could be, for some value
of 'Linux'.

Several trends in political/informatic/economic structures does seem to be
headed towards the medieval side.

~~~
Double_Cast
I briefly met a guy who worked for US intelligence (can't remember specifics).
I asked him about the NSA. First, he told me he couldn't say much. Then he
said "Well I don't wanna brag, but the NSA _really has_ caught a lot of
terrorists, and is way more competent than the media makes them out to be."
This leads me to believe that either: all these press articles paint a
distorted picture; or the level of rationalization is pretty high.

~~~
ollysb
It also makes you wonder what those "terrorists" had actually done to warrant
being captured.

~~~
srean
Being stupid suckers for set up set pieces, or searching for pressure cooker
based recipes for quinoa (not enough to be arrested, sorry, gitmo'ized, but
enough to be questioned)[0].

[0] HN comments on "Pressure cookers, backpacks, and quinoa, oh my"
[https://news.ycombinator.com/item?id=6140545](https://news.ycombinator.com/item?id=6140545)

EDIT: @csandreasen I did not mean to imply that the quinoa incident was NSA
related, but to give an example of what could happen as we veer deeper and
deeper into a culture of surveillance and assumption of bad faith.
Criminalization of sarcasm is another thing that will happen / has happened.

~~~
csandreasen
The "surveillance state looking for pressure cooker searches" ended up being
complete paranoia and shoddy journalism. Yes, a New York man was visited by
the police and questioned by local police regarding his Google searches for
"pressure cookers" and "backpacks". It turned out that it was not an Orwellian
surveillance state that tracked him down, but rather that the local police
were following up when his employer viewed its own network logs, became
suspicious and alerted the authorities.

[http://www.slate.com/blogs/the_slatest/2013/08/02/michele_ca...](http://www.slate.com/blogs/the_slatest/2013/08/02/michele_catalano_pressure_cooker_search_was_not_due_to_nsa_surveillance.html)

------
IgorPartola
Oh shit. I had two articles published in it last year. What does that make
me?!

On a LUG mailing list I belong to we started using the term "command line
extremist". I rather like it.

------
wyck
What about SELinux [http://en.wikipedia.org/wiki/Security-
Enhanced_Linux](http://en.wikipedia.org/wiki/Security-Enhanced_Linux)

"The SELinux project was merged into the Linux Kernel back in 2003"

It's still listed on the NSA website in several areas:
[http://www.nsa.gov/research/_files/selinux/papers/x/x.shtml](http://www.nsa.gov/research/_files/selinux/papers/x/x.shtml)

To be honest though, if someone was downloading tails from region of know
terrorist activity and such systems are actively promoted amongst terrorist
sites then it obviously makes for a good target. But the Linux Journal
..comon.

------
GHFigs
Nowhere in the evidence is there any indication that the NSA classifies Linux
Journal as an extremist forum, or that it considers the readers extremists.

~~~
mhurron
You're right, they just monitor and log everything and everyone on Linux
Journals forums.

We really should stop saying the NSA's targets are considered extremists. They
watch everyone.

~~~
GHFigs
_You 're right, they just monitor and log everything and everyone on Linux
Journals forums._

That's a contradiction. If you believe the latter, you don't think I'm right.

------
esbonsa
if I was the NSA I probably would target my own employees first as they have
the most power to take me down

~~~
contingencies
Your employees have probably already been screened as risk averse nerds
without a social life outside of the near area. Sure, you'd monitor their
movements and those of their family members, but statistically it'd be
unlikely they'd move too far from a pretty boring norm. After all, they're
prohibited from visiting interesting countries and are probably watched or
flagged if they visit even other US states. Is it unlikely that their
movements are not routinely monitored by cellular site presence and/or
numberplate recognition?

I think you would target high ranking politicians... because the option to
blackmail them ensures you an uninterrupted and growing black budget.

You would target communications businesses... because compromising a properly
placed employee grants you access to the sum total of customer and peer
communications through their networks.

You would target media... because a jump on a popular change in public
sentiment is very actionable intelligence, both to multiply funding (through
investments prior to predictable market response), and to further control
politics.

You would target diplomats... both for tradition's sake, and because borders
are the most easily grasped us-and-them (divisive) tool in the post 20th
century semantic playground, giving you options for powerful public sentiment
manipulation through selective media generation. However, realistically for
most embassies worth their salt you'd know these groups are largely not going
to do anything remotely surprising that you can pin to them through pervasive
communications intelligence gathering.

Probably also, you would target multinationals, because almost all of them are
doing something dodgy, somewhere, and that gives you tremendous leeway for
behavioral modification.

But in reality, the majority of these can be monitored very effectively on an
automated basis with near zero effort once you have full visibility of various
domestic financial networks, the SWIFT international financial network, credit
and debit card networks, electronic information on intended travel (passenger
name records) and border crossing (whoops! I-lost-my ... new passport number,
anyone?), and the public switched telephone network.

Email, social network and general web use are cute extras, and probably
greatly useful just for delving in to people's character and actions,
communicative profiling (grammar, typing style, languages known), interest
profiling, waking hour and social network profiling (beyond just phones), etc.
But I don't think it's necessary to go to that point most of the time ... the
broad metrics are already available and probably extremely reliable unless
people are making a concerted effort to bypass dragnet surveillance activity.
(eg. By avoiding all of the above networks... damn hard these days, it would
seem, for any length of time)

------
javert
> While there is no word about how the source code was obtained, security
> experts aren't sure whether it was leaked by Snowden.

So we don't really know if it's genuine. (Though it doesn't really matter
because it's not surprising at all.)

------
jl6
The NSA's problem is that new threats are a form of innovation, but that it's
hard to predict innovation, and harder to target surveillance towards people
planning a dangerous activity if nobody has seen that activity before. New
ideas are a threat.

So perhaps their method is to define Normal, and then monitor everybody
Abnormal, on the basis that dangerous innovation is more likely to come from
the Abnormal.

Enthusiasm for Linux isn't as abnormal as it used to be, but it definitely
puts you in the "dangerous 1%".

~~~
frankydp
I could see a group of analyst deducting that people interested in traffic
privacy fall into two groups. Technology intent and nefarious intent. If you
were looking for people with nefarious intent, then that would lead you to
monitor the tools that those in the nefarious group would use. This article
feels very much like link bait for the technology activist.

You don't put a DUI checkpoint outside the library you put it outside the pub.

My point being that they tasked intelligent people with finding "terrorist"
and this search pattern is a natural evolution of that task. Policy aside.

~~~
EthanHeilman
But what if they view the technologists as "incidentally" aiding the group
with "nefarious intent". Remember a US president in our lifetime said: "Either
you are with us, or you are with the terrorists."[1]

The treatment of Jacob Appelbaum[2] and David Miranda[3] suggests that members
of US/UK Government may believe that if one provides "incidental help" to the
current ideological enemies of the US you are a terrorist/extremist or at the
very least targetable under terrorism laws (Miranda was detained under
schedule 7 of the Terrorism Act).

[1]: [http://georgewbush-
whitehouse.archives.gov/news/releases/200...](http://georgewbush-
whitehouse.archives.gov/news/releases/2001/09/20010920-8.html)

[2]:
[http://en.wikipedia.org/wiki/Jacob_Appelbaum#Detention_and_i...](http://en.wikipedia.org/wiki/Jacob_Appelbaum#Detention_and_investigation)

[3]:
[http://en.wikipedia.org/wiki/Glenn_Greenwald#Detention_of_Da...](http://en.wikipedia.org/wiki/Glenn_Greenwald#Detention_of_David_Miranda)

~~~
GHFigs
Schedule 7 of the Terrorism Act of 2000 does not require a person to be a
"terrorist" or imply that anybody detained under its authority is thought to
be one.

[http://www.legislation.gov.uk/ukpga/2000/11/schedule/7](http://www.legislation.gov.uk/ukpga/2000/11/schedule/7)

~~~
EthanHeilman
Notice that I said, "Miranda was detained under schedule 7 of the Terrorism
Act", this statement does not contradict your statement.

I am not a lawyer and I am in no way familiar with UK law, but my reading of
the law is given below:

tdlr; Section 7 applies people that the officer wishes to determine are
terrorists defined in Section 40(1)(b)[1]. It does not require evidence, but
the purpose is to determine if the person is, in fact, a terrorist.

[1]:
[http://www.legislation.gov.uk/ukpga/2000/11/section/40](http://www.legislation.gov.uk/ukpga/2000/11/section/40)

Section 7 states: "For the purpose of satisfying himself whether there are any
persons whom he may wish to question under paragraph 2 an examining officer
may—"

Paragraph 2 states: "An examining officer may question a person to whom this
paragraph applies for the purpose of determining whether he appears to be a
person falling within section 40(1)(b)."

Section 40(1) (b) states: "In this Part “terrorist” means a person who— (a)has
committed an offence under any of sections 11, 12, 15 to 18, 54 and 56 to 63,
or (b)is or has been concerned in the commission, preparation or instigation
of acts of terrorism."

~~~
GHFigs
You also said that "members of US/UK Government may believe that if one
provides "incidental help" to the current ideological enemies of the US you
are a terrorist/extremist", which you haven't shown at all, and that "at the
very least targetable under terrorism laws", which is meaningless, because
_anybody_ crossing the border can be detained and questioned by that statute.

------
dm2
I didn't realize that he had actually leaked any code:
[http://daserste.ndr.de/panorama/xkeyscorerules100.txt](http://daserste.ndr.de/panorama/xkeyscorerules100.txt)

Is there a list of other code or rules files that were released?

Is this information legal to search for, store, or link to since it's now
public?

------
mariusz79
I guess the first issue of LJ I have on the bookshelf just doubled in value..

------
esbonsa
since their goal doesn't appear to be to stop "terrorists", is their goal to
stop unwanted politicians?

