In a police raid, Cali cocaine cartel leader José Santacruz Londono was found
to have assembled a database that contained both the office and residential
telephone numbers of U.S. diplomats and agents based in Colombia, along with
the entire call log for the phone company in Cali, which was leaked by
employees of the utility.
A $1.5 million IBM AS400 mainframe was loaded with custom-written data-mining
software. It cross-referenced the Cali phone exchange's traffic with the
phone numbers of American personnel and Colombian intelligence and law
enforcement officials. The computer was essentially conducting a perpetual
internal mole-hunt of the cartel's organizational chart. Santacruz could
see if any of his lieutenants were spilling the beans.
They were. A top Colombian narcotics security adviser says the system
fingered at least a dozen informants -- and that they were swiftly
assassinated by the cartel.
Longer story here: http://cocaine.org/cokecrime/index.html
Protecting the Hemisphere program is a formidable challenge.
We have taken the following steps to try and keep the program
under the radar...
The fact that our government creates and then goes to such great lengths to hide programs that it knows the public (and most likely the courts) will vehemently object to shows the level of contempt that government officials and employees have for the very people they were hired to serve. I don't know that it can be fixed, but it is a very serious problem.
(1) Have freedom of the press so that
the press can put out the information
needed for an informed citizenry.
(2) Have freedom of speech and assembly
so that the citizens can learn, discuss,
(3) Have the Bill of Rights so that
the government can't just run roughshod
over the citizens.
(4) Have three branches of government
so that there can be checks and
balances and keep, say, the Executive
Branch from becoming dictatorial,
(5) Have the President and the Congress
elected by the citizens, directly or
nearly so and, thus, have them elected
out'a there when the citizens don't
Then, presto, to solve the problems, citizens
just need to become informed and, then,
behind some curtains pull some levers.
Done. All the powerful, wealthy, connected,
crooked dirt bags in government float
belly down down the Potomac River.
Net, we just need to become informed and
pull the levers.
And, there's another way: Bring law
suits, e.g., citing the Fourth Amendment.
Q. Go to war in Syria?
A. Not without money voted by Congress.
Q. Implement ObamaCare?
A. Not if the citizens and/or courts
don't like it.
Q. NSA spying on US citizens?
A. Not if citizens vote to stop that
stuff and/or court cases get brought
and are successful.
Q. The spying on US citizens as in the
A. Not if citizens don't like it
and/or there are suitable court cases.
Q. US Customs taking mobile electronic
devices of US citizens and extracting
and keeping all the data?
A. Not if, right, the usual, citizens
and courts stop it.
At the time the bill of rights was written, the term "press" did not refer to any sort of news organization. It meant a literal press - the idea was that publication by anyone with the means to publish was not to be restricted.
Nowadays everyone has the modern equivalent of a press so it is unfortunate that the meaning of "press" has been narrowed to a poorly-defined set of semi-official news distributing organizations.
Interesting! Where was this mentioned -- in their personal correspondence, or a more public document?
The militia was intended to be the primary form of military organization.
Fundamentally, an armed citizenry was to be the final check against the abuse of power by the state.
"Governments should not have this capacity. But governments will use whatever technology is available to them to combat their primary enemy -- which is their own population,"
The simplicity of implementing such programs combined with the near impossibility of identifying and eliminating them makes this an insurmountable problem. Our government seems to have adopted the mantra of the criminals they claim to dislike so much: If you don't get caught, it's not illegal.
What world are you living in? Do you think these guys deal weed? Have you seen what (crack) cocaine does to people?
These cocaine pushers are in the business of destroying people, and they certainly should be apprehended.
Care to cite any reasons here? See, when it comes to cocaine, Congress has not revisited the debate since people said these sort of things:
Yeah, you read that correctly. Black guys who use cocaine become more accurate with a gun and will attack white women! Also, Jews are selling it. Cocaine also makes it nearly impossible to kill a black man using a standard issue handgun, so let's upgrade the caliber.
"Have you seen what (crack) cocaine does to people?"
Yes: I have seen the children of the wealthy doing cocaine at college parties, then going on to get high-paying jobs on Wall St. Truly ruinous, truly!
How about we drop the boogeyman and drop the anecdotes and start citing some sources? You claim that cocaine destroys people; let's see the proof.
You can't forbid people being stupid by law. Also, abuse of narcotics is a side-effect for bigger problems, ones that is easier to ignore. Will we get there when we are able to speak about it, I wonder, I wonder my friend.
You think you're protecting people with that attitude but you're actually supporting a system that kills even more.
Sanctimonious nanny-staters like you are the ones that let the madness continue. You should be ashamed of your ignorance and complicity.
One of the more pernicious effects of making the sale and purchase of drugs illegal is that people who sell and purchase drugs are sent to prison. Most people sent to prison for these offenses are themselves addicts either trying to feed their habit, or to pay for it. These are the people that the drug laws are intended to protect, no? But as a result of going to prison they:
* are frequently denied effective treatment for their illness, and therefore continue as addicts inside and outside of prison;
* are effectively exiled from the legitimate economy, becoming a burden on society both before and after incarceration, and increasing the likelihood of continued drug use;
* cannot take care of their families, increasing the burden that we all carry that we would not otherwise carry;
* are mixed with a violent element, whose influence will certainly cause many to commit non-drug crimes that they otherwise would not have.
The prisons turn users into addicts and addicts into career criminals.
Some people seem to believe that we need these harsh laws in order to catch, as you put it, "cocaine pushers" who are "in the business of destroying people". In fact, narcotraffickers are entirely the creation of US "Drug War" policies. Decades of supply-side enforcement has made these people so wealthy that they can purchase entire governments. The government of Mexico, the world's 14th largest economy, is populated in some percentage at almost every level by agents of the cartels. It is "Drug War" policies that create the profits to pay for this corruption.
Demand-side policies along with controlled and regulated distribution of drugs in the US will decimate the narcotraffickers. Without customers willing to pay ridiculous margins for their product, they will simply go out of business. Although some former narcos will attempt to leach off of society through kidnapping and other crimes, a lack of local community support, money and political cover will mean that aggressive policing will finally be able to stomp them out in time.
Also consider the case of Oxycontin, a legal narcotic manufactured by Perdue Pharma, "a privately held pharmaceutical company founded by physicians and now located in Stamford, Connecticut". Oxycontin is among the most destructive drugs today. Oxycontin is primarily acquired by addicts either by getting doctors to legally prescribe it, or by purchasing excess pills from individuals to whom it was legally prescribed.
"Drug War" policies are entirely ineffective a combating this kind of practice; as a result, prescription drug abuse is growing at a faster rate than nearly all other forms of drug abuse. However, it is almost certain that addiction-treatment regimes instituted to reduce the use of currently-illegal drugs will also be effective at reducing the illicit use of currently-legal drugs.
And if for some reason you think that education and treatment programs can't have a significant (if not massive) effect on addiction rates, I would ask you to take a look at the following two data points:
If every penny spent on enforcing drug laws and incarcerating drug sellers and buyers were spent on education, treatment, and poverty programs, drug use would fall in the United States by orders of magnitude.
One of the more pernicious effects of making the sale and purchase of drugs illegal is that people who sell and purchase drugs are sent to prison.
The prisons turn users into addicts and addicts into career criminals.
It is not the war on drugs that is destroying the U.S's lower class, it's the ridiculous prison sentences. No country in Europe has as many drug related problems as the U.S., and in no country in Europe drugs are legal (except maybe portugal?)
You are absolutely right in everything you say. But legalizing crack cocaine does not sound like an optimal solution to me, sure perhaps you'll succeed in overthrowing the drug cartels. But then you have the issue of regulating or even organizing the legal (private) distribution of drugs. I don't see that ending well at all.
The prisons and the U.S.'s messed up legal system are the problem they are what should be fixed.
We have been very successful at regulating tobacco and alcohol. Yes, you can find moonshine if you look really hard, but that's just the point -- almost nobody wants moonshine, people prefer regulated liquor. Sure there is black market, unregulated tobacco and teenagers manage to buy it, but the vast majority of people who smoke buy their tobacco legally.
For that matter we have also been overwhelmingly success at regulating pharmaceutical drugs, to the point where a black market exists for them as replacements for illegal drugs. There is a reason recreational opiate users want pills: the regulations on purity, dosage, etc. Even methamphetamine is available by prescription (for narcolepsy, obesity, and ADHD treatment), and the pharmaceutical stuff is a lot safer, because of regulations.
In reality we know how to regulate drugs, including extremely dangerous drugs like alcohol and tobacco, and even "hard" drugs like methamphetamine. Maintaining a regulatory system is not the problem here. The real problem is that the war on drugs is profitable. One of the most ironic facts of lobbying in today's world is that "The Partnership for a Drug-Free America" receives money from alcohol, tobacco companies, and pharmaceutical companies. There is also the matter of politicians having figured out that they can always portray themselves as "tough on crime" by pushing for drug arrests. Police officers unions are fighting for their members jobs by lobbying for maintaining or even expanding the effort. The executive branch has also figured out that the war on drugs is a great excuse for expanding executive power -- even to the point of the attorney general's office having gained the authority to declare drugs to be illegal (and then prosecute people for possessing those drugs).
Legalization and regulation are the answers our society really needs. We need to disband the DEA, repeal the controlled substances act, pass a constitutional amendment that forbids all such prohibitions, and set up a regulatory framework. It is not likely to happen, for the reasons outlined above and because we have had so many decades of propaganda that people have trouble with the idea of alcohol being drug or of methamphetamine having medicinal use.
Out of curiosity, what is it about crack cocaine that has you so terrified? There are far more dangerous drugs out there...
Out of curiosity, what is it about crack cocaine that has you so terrified? There are far more dangerous drugs out there...
The combination of accessibility, addictiveness and health effects. I live opposite to an addiction treatment center and see crack addicts every day. It's addictive like tobacco is, has stronger mental health effects than alcohol and because of its low cost is more accessible than any other hard drug.
I know alcohol is very dangerous too, but 99% of alcohol users manage their addiction in a way they can still manage their lives adequately. With crack and other hard drug addictions you will find the odds reversed.
I don't see these two things as separable.
> But then you have the issue of regulating or even organizing the legal (private) distribution of drugs. I don't see that ending well at all.
Perhaps you are right, but it is my opinion that it is the very illegality of drug abuse that makes it so difficult to treat, especially for the harder drugs. If you read the Portugal study you find that addicts that are not threatened with jail time or other criminal sanction are more likely to seek and pursue treatment. And Portugal has a small fraction of the funds for treatment available as the US would have if it repurposed it's "Drug War" budgets for treatment, so you could imagine that such policies would be more effective here.
One key additional concept from Greenwald's report is that individuals who choose to avoid hard drugs are not dissuaded by their illegality just as they are not dissuaded by the harm that these drugs cause. Furthermore, individuals who would otherwise choose not to do drugs don't change their minds because the criminal sanction disappears. Choosing to do hard drugs involves a decision-making process that requires a person to disregard signifiant harm to their person. This insensitivity towards risk on the part of the addict means that criminal sanction simply does not have the deterrent effect one would expect; inversely, non-drug users are deterred primarily by the ill effects to their health and wellbeing, so drug's illegality barely enters into the equation.
>I don't see these two things as separable.
That's the entire problem of the US in a nutshell I guess :)
You don't call a spy's disguise security through obscurity.
Note that I'm not condoning mass government surveilance, only objecting to its criticism on the grounds of "security through obsecurity".
The danger in this line of thought is that security breaches only have to happen once for real damage to ensue. For software companies, when it happens, I always expect to see a clear explanation for why it did happen and in case of stupid architectural problems, I tend to avoid that company in the future.
Of course there's a difference between software and real world undercover operations performed by government agencies. Placing an agent undercover is both a gamble and a race against the clock. The government knows the risks involved, the agent knows the risks involved, human casualties can happen but that's part of the contract so to speak. Nobody willingly enters such operations without knowing the risks involved.
But if you're gambling with customer's data, be prepared to explain that to the angry customers when the shit hits the fan.
But, so far, this property has also been pretty much irrelevant: almost all the things we want to do by passing along a secret are time-sensitive, and breaking the secret 20 years after the fact doesn't really buy you anything. Being able to impersonate the SSL key of Microsoft.com-as-it-was-in-1993 doesn't let you do anything to Microsoft.com-as-it-is-today.
This policy scales down, of course: in military comsec terms, you only need the encryption on operational details to last until the day after the operation is carried out. After that, your "secret" has become "plain" (something quite obviously blew up, etc.) and so the enemy breaking the encryption on the orders won't tell them anything they didn't already realize by hearing the explosion.
This is why the military keeps multiple different kinds of ciphers for different levels of secrecy, by the way: they assume that the more things they use a particular crypto algorithm for--the more signals the enemy gets to intercept that use that algorithm--the more enemy sigint folks will be put to the task of breaking that algorithm. So "top secret" encryption isn't meant to withstand any more scrutiny than "secret" encryption; it's just generally a bunch of orthogonal crypto primitives to the ones in the merely-secret crypto, and only used rarely, for the kinds of orders that need to stay secret long after execution (e.g. covert ops on allies.) Thus, enemy nations will have comparatively little reason to have analyzed and broken it--and breaking the secret-level ciphers won't help them, because of the orthogonal implementations.
First of all there's the issue of how strong is an encryption algorithm. For example RSA is based on the problem of factoring large numbers, a problem that's generally considered to be hard as we know of no efficient algorithm for solving it. But we haven't proved that factoring large numbers will remain a hard to solve problem in the future. The NSA could very well have custom hardware for efficiently factoring 1024-bit primes by now and the upcoming quantum computing is a real threat. If they haven't done it by now, 1024-bit keys will become breakable in the future, however 2048-bit keys are another issue entirely and 4096-bit keys will probably stay unbreakable.
But, even if breakthroughs in solving the integer factorization problem will be made in the future, as long as P != NP then perfect encryption is possible. In fact, we already know of encryption schemes that are provably unbreakable even with unlimited hardware at disposal, the problem being that they are also hard to implement, so we ended up with making tradeoffs.
Second, it's far easier to attack a particular implementation, to bypass the encryption algorithm entirely, e.g. attacks against the key generation system, side-channels, the protocol of the software system we are talking about, etc ... because software always has bugs, as in zero-day exploits that one could make use of.
For this reason - if indeed the military is using different encryption algorithms for different security levels, algorithms that aren't used in the wild, then to me that's a pretty bad idea, as far more often than not it's the implementation that's broken, not the algorithm. And in case of inside leaks, the implementation is always easier to get a hold of, compared to the key.
The implementations can be upgraded in the field when a flaw is found, as with any firmware (and frequently an implementation will be cycled out for a different one even if it is thought to be unbroken, just to put any time that's been put into breaking it to waste.) But enemy governments are precisely the people with enough resources, and reason, to want to break entire algorithms.
The thing is, it is a hard problem--so they only bother to break algorithms where they know they'll get big rewards for doing so ("top secret" doesn't usually mean more valuable to enemies, after all; usually it just means "fewer people should know this ever happened.") A standard secure phone will have all the Suite A and Suite B ciphers built into it, but since so many more transmissions will be using Suite B ciphers, there'll be comparatively less strategic advantage in cracking the currently-used Suite A cipher before it's cycled out for the next one. So Suite B ciphers sometimes do get cracked during their "useful shelf-life" and have to be immediately switched, while Suite A ciphers are usually left alone.
 http://en.wikipedia.org/wiki/NSA_Suite_A_Cryptography, http://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography
Also DES has never been `broken'---only brute-forced.
For all we know, the core Skype protocol may be perfectly implemented. The Wikipedia link states there's no peer-review.
As a corollary, just because you can't do a quick Google search for 0days in iOS or Windows doesn't mean they exist. In fact they do, and they're bought and sold on black markets or are kept secret by governments and the like.
You don't assume something is secure because you can't readily access documented flaws. You assume something is secure when it has undergone rigorous peer review, which, as you stated, does not exist.
Your argument seems to be that you can't simply find a laundry list of Skype flaws floating around. This is true. But it says positively nothing about the security or lack of security regarding Skype's protocol.
I agree that Skype's protocol may be terrible. But you cannot state that obscurity didn't help. "No one" is even able to connect to Skype, let alone break it, at this point.
Now, think about what adverse effects such old data could have on justice. For example, let's say a friend of mine from school, who I spent a lot of time talking to on the phone a decade ago, decided this year to become a drug dealer. The government could start investigating me based on this stale data, despite not having any reasonable suspicion that I was involved in any crime.
I think that what we really need is a privacy-oriented phone company built on the model of DuckDuckGo, which doesn't keep any data about customers beyond what's necessary for billing purposes. But maybe the U.S. already has laws that would make such an ethical phone company illegal.
Next time you're pulled over for a "random traffic stop" or some inexplicably-enforced minor violation (brake lights out, rolling thru a stop sign, singled out in a stream of traffic doing ~10 over on an interstate), I assume the words "parallel construction" will loom large in your mind – along with the memory of that old girlfriend's junkie ex, and your college room-mate's best pal who used to deal weed…
Theory #2 – The NSA (or it's predecessor or a related agency) have been paying them to store whatever they can since whenever it became possible. If you're prepared to ignore the privacy implications, it's obvious that some _tiny_ percentage of that data will become useful for law enforcement purposes. Unfortunately – when the "privacy implications" are considered in terms of "Is _your_ privacy more important than _my_ career?" – it's pretty clear that a very powerful cohort of law enforcement and intelligence agency decision makers say "Hell no! I just need one or two more big successes and I'll get that promotion I want! Of course it's worth monitoring every single person on the planet to give me a shot at the executive bathroom and an office with a door!" (or, less cynically but equal in consequence "Should I listen to every phone conversation in America, if it might possibly mean we can stop the next 9-11? Yeah, I think it might be…").
If you've got an age-based retention policy, and you've built in the capacity to delete the data, not really. Periodic purge. I'm not saying this is trivial, but it's not hard. The system was clearly designed not to delete the data.
Your theory #2 holds much more water.
Are you sure that 27 years worth of data storage within the bulk of that time frame was easier and/or more cost effective than deletion?
"Unlike the N.S.A. data, the Hemisphere data includes information on the locations of callers."
"Some four billion call records are added to the database every day"
No wonder phone number portability got pushed through.
Can you imagine any nontechnical organization doing something as complicated as passing a law just to cut down on database joins? Seriously?
This is a side effect and, as other people told it, completely not needed.
Even easier than that, people switch SIM cards but keep the same phone (this may not be very common in the US, still, it happens)
Basically, this is a private backyard deal the DEA made with AT&T. Apparently our laws have deteriorated to the point where AT&T lawyers believe they can do this legally.
We don't have to put up with them poking their fingers in our lives for much longer. We can build around them. We can make them irrelevant. It'll take a more concerted effort than building social networks for cats (where you spend four years of your life posturing about "changing the world" and "being successful" then the next day you cash out for big acquihire fake-success bucks).
Stop studying $FAD_OF_THE_WEEK and go back to your math and ML fundamentals. Play around with it. Build good things. Then build bigger good things. Build good things for good people.
It was only after investigative journalists brought the situation to the attention of regulatory agencies that the prisons clamped down on the security breaches within the prisons.
If the government pays your salary and you are embedded in the DEA, you are a government employee. Saying these people work for AT&T is patently absurd.
It is no different than Booz Hamilton "contractors" working on site at NSA and other TLAs. If the money comes from the government and you take direction from the government, even indirectly, you are an agent of the government.
Yes, debts being the operative term here. You don't incur a debt until you receive the product. Airline tickets are paid for in advance so the customer never incurs a debt.
- legalizing drugs and
- selling them in a controlled environment,
- taxed and
- accompanied by a heavy investment in related education in schools nationwide
...instead of throwing billions at killing our most basic rights.
The example of Portugal: http://www.spiegel.de/international/europe/evaluating-drug-d...
What we need is a non-criminalized mental health system that actually functions (addiction neural wiring being a subset of mental illnesses that can be acquired through the victim's actions), and a poverty / diminished capacity safety net that tries to redress problems in the way of marginalized people rejoining civil society.
Essentially everything else would self-resolve after legalization.
Call it "corporate cronyism," or "corporate fascism," but whatever it's called, it's no land of the free anymore.
The privatization and collusion between government and private entities at the expense of We the People has brought the USA to a point where it's obviously become the land of the corporation and the home of the wage-slave.
Lobbyists with vast funding avail their corporate sponsors of representation which is denied to those who lack such deep-pockets.
Only those with similar vast funding are able to attain high level elected positions within our government, from whence they enact legislation which furthers the divide between the plebiscite and the proletariat, which falls right into line with Marxist "liberal-democratic" ideology, where the government becomes the tool of the Bourgeoisie at the expense of the Proles and the Plebes.
This socioeconomic stratification is quite visible in today's USA, and programs such as "Hemisphere" exemplify this situation.
I too find the exclusion of electronic communications from 4th Amendment protections to be an egregious failure of our Constitutional checks and balances, yet due to my own limited understanding of the situation I have always considered our electronic communications to be analogous to the "... papers and effects..." outlined in the 4th Amendment, but my motivations are different from those who have been appointed to interpret our legal structures.
The very notion of "Too big to fail/jail" is yet another example of holding those with vast resources to a different standard when compared to the average Joe Public who worries about how he's going to continue to feed his family as well as keep an acceptable roof over their head.
Where it leaves us is at an increasingly disadvantageous position, unless we are of the Bourgeoisie and able to purchase our way through the system on par with big banks who launder cartel drug profits with impunity; where political appointees can perjure themselves before Congress with impunity; and where every day words are redefined by our public servants as they maneuver their way through the system with similar impunity as relates to their questionable acts.
Unlike the publicly known N.S.A. data.
Also, as if call status matters.
"Representatives from Verizon, Sprint and T-Mobile all declined to comment on Sunday in response to questions about whether their companies were aware of Hemisphere or participated in that program or similar ones."
If they were not participating in Hemisphere or similar programs, I'd expect them to be quick to say so.
This is especially in light of the recent public/media PR confusion with technology companies around PRISM.
I'd like to know more about the "administrative subpoena" process. How often are innocent people's phone logs dumped? Why not just install cameras in the TVs and be done with it?
There may be a successor to Daytona by now, and "all the CDRs, ever" is not as impressive as it once was, but it is likely that joint telco/government projects like Daytona have been collecting and analyzing call data since there was call data to analyze.
I would not be surprised if they are still using Daytona's query language.
Where's the boycott of the PSTN? Why aren't we angry at AT&T for actually embedding staff in the government? Why aren't we encouraging people to switch off their services?
The irony of this, is that it's exactly the tactic used by drug dealers. In order to avoid the risk of possessing illegal substances, they coerce drug addicts to hold their stash. The courts call this 'constructive possession'.
For the P. Simon inclined, rather than just pointing to the obvious slope we've slipped down since Nixon:
Whoah God only knows, God makes his plan
The information's unavailable to the mortal man
We're workin' our jobs, collect our pay
Believe we're gliding down the highway, when in fact we're slip sliding away...