11.1 copyright
THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666,
1994-09-10, Copyright Timothy C. May. All rights reserved.
See the detailed disclaimer. Use short sections under "fair
use" provisions, with appropriate credit, but don't put your
name on my words.
11.2 - SUMMARY: Surveillance, Privacy, And Intelligence Agencies
11.2.1. Main Points
11.2.2. Connections to Other Sections
11.2.3. Where to Find Additional Information
- Bamford ("The Puzzle Palace"), Richelson (several books,
including "U.S. Intelligence Agencies"), Burrows ("Deep
Black," about the NRO and spy satellites), Covert Action
Quarterly
11.2.4. Miscellaneous Comments
11.3 - Surveillance and Privacy
11.3.1. We've come a long way from Secretary of State Stimpson's
famous "Gentlemen do not read other gentlemen's mail"
statement. It is now widely taken for granted that Americans
are to be monitored, surveilled, and even wiretapped by the
various intelligence agencies. The FBI, the National Security
Agency, the CIA, the National Reconnaissance Office, etc.
(Yes, these groups have various charters telling them who
they can spy on, what legalities they have to meet, etc. But
they still spy. And there's not an uproar--the "What have you
got to hide?" side of the American privacy dichotomy.)
11.3.2. Duncan Frissell reminds us of Justice Jackson's 1948
dissenting opinion in some case:
- "The government could simplify criminal law enforcement by
requiring every citizen "to keep a diary that would show
where he was at all times, with whom he was, and what he
was up to." [D.F. 1994-09-06, from an article in the WSJ]
- (It should be noted that tracking devices--collars,
bracelets, implantable transmitters--exist and are in use
with prisoners. Some parents are even installing them in
children, it is rumored. A worry for the future?)
11.3.3. "What is the "surveillance state"?"
- the issue with crypto is the _centralization_ of
eavesdropping...much easier than planting bugs
+ "Should some freedom be given up for security?"
+ "Those who are willing to trade freedom for security
- deserve neither
+ freedom nor security
- Ben Franklin
- the tradeoff is often illusory--police states result when
the trains are made to run on time
- "It's a bit ironic that the Administration is crying foul
so loudly
over the Soviet/Russian spy in the CIA -- as if this was
unfair --
while they're openly proclaiming the right to spy on
citizens
and foreigners via Clipper." [Carl Ellison, 1994-02-23]
+ Cameras are becoming ubiquitous
+ cheap, integrated, new technologes
- SDI fisheye lens
- ATMs
- traffic, speed traps, street corners
- store security
- Barcodes--worst fear of all...and not plausible
+ Automatic recognition is still lacking
- getting better, slowly
- neural nets, etc. (but these require training)
11.3.4. "Why would the government monitor _my_ communications?"
- "Because of economics and political stability....You can
build computers and monitoring devices in secret, deploy
them in secret, and listen to _everything_. To listen to
everything with bludgeons and pharmaceuticals would not
only cost more in labor and equipment, but also engender a
radicalizing backlash to an actual police state." [Eric
Hughes, 1994-01-26]
- Systems like Digital Telephony and Clipper make it much too
easy for governments to routinely monitor their citizens,
using automated technology that requires drastically less
human involvement than previous police states required.
11.3.5. "How much surveillance is actually being done today?"
+ FBI and Law Enforcement Surveillance Activities
- the FBI kept records of meetings (between American
companies and Nazi interests), and may have used these
records during and after the war to pressure companies
+ NSA and Security Agency Surveillance Activities
- collecting economic intelligence
- in WW2, Economic Warfare Council (which was renamed Board
of Economic Warfare) kept tabs on shipments of petroleum
and other products
+ MINARET, code word for NSA "watch list" material
(intercepts)
- SIGINT OPERATION MINARET
- originally, watch list material was "TOP SECRET
HANDLE VIA COMINT CHANNELS ONLY UMBRA GAMMA"
+ NSA targeting is done primarily via a list called
Intelligence Guidelines for COMINT Priorities (IGCP)
- committe made up of representatives from several
intelligence agencies
- intiated in around 1966
+ revelations following Pentagon Papers that national
security elsur had picked up private conversations (part
of the Papers)
- timing of PP was late 1963, early 1964...about time UB
was getting going
+ F-3, the NSA's main antenna system for intercepting ASCII
transmissions from un-TEMPESTed terminals and PCs
- signals can be picked up through walls up to a foot
thick (or more, considering how such impulses bounce
around)
+ Joint FBI/NSA Surveillance Activities
+ Operation Shamrock was a tie between NSA and FBI
- since 1945, although there had been earlier intercepts,
too
- COINTELPRO, dissidents, radicals
+ 8/0/45 Operation Shamrock begins
- a sub rosa effort to continue the monitoring
arrangements of WW II
- ITT Communications agreed to turn over all cables
+ RCA Communications also turned over all cables
- even had an ex-Signal Corps officer as a VP to
handle the details
- direct hookups to RCA lines were made, for careful
monitoring by the ASA
- cables to and from corporations, law firms,
embassies, citizens were all kept
+ 12/16/47 Meeting between Sosthenes Behn of ITT,
General Ingles of RCA, and Sec. of Defense James
Forrestal
- to discuss Operation Shamrock
- to arrange exemptions from prosecution
+ 0/0/63 Operation Shamrock enters a new phase as RCA
Global switches to computerized operation
- coincident with Harvest at NSA
- and perfect for start of UB/Severn operations
+ 1/6/67 Hoover officially terminates "black bag"
operations
- concerned about blowback
- had previously helped NSA by stealing codes, ciphers,
decrypted traffic, planting bugs on phone lines, etc.
- from embassies, corporations
- unclear as to whether these operations continued
anyway
+ Plot Twist: may have been the motivation for NSA and
UB/Severn to pursue other avenues, such as the use of
criminals as cutouts
- and is parallel to "Plumbers Unit" used by White
House
+ 10/1/73 AG Elliot Richardson orders FBI and SS to
stop requesting NSA surveillance material
- NSA agreed to stop providing this, but didn't tell
Richardson about Shamrock or Minaret
- however, events of this year (1973) marked the end of
Minaret
+ 3/4/77 Justice Dept. recommends against prosecution
of any NSA or FBI personnel over Operations Shamrock
and Minaret
- decided that NSCID No. 9 (aka No. 6) gave NSA
sufficient leeway
- 5/15/75 Operation Shamrock officially terminated
- and Minaret, of course
+ Operation Shamrock-Details
+ 8/0/45 Operation Shamrock begins
- a sub rosa effort to continue the monitoring
arrangements of WW II
- ITT Communications agreed to turn over all cables
+ RCA Communications also turned over all cables
- even had an ex-Signal Corps officer as a VP to
handle the details
- direct hookups to RCA lines were made, for careful
monitoring by the ASA
- cables to and from corporations, law firms,
embassies, citizens were all kept
+ 12/16/47 Meeting between Sosthenes Behn of ITT,
General Ingles of RCA, and Sec. of Defense James
Forrestal
- to discuss Operation Shamrock
- to arrange exemptions from prosecution
+ 0/0/63 Operation Shamrock enters a new phase as RCA
Global switches to computerized operation
- coincident with Harvest at NSA
- and perfect for start of UB/Severn operations
+ 8/18/66 (Thursday) New analysis site in New York for
Operation Shamrock
+ Louis Tordella meets with CIA Dep. Dir. of Plans and
arranges to set up a new listening post for analysis
of the tapes from RCA and ITT (that had been being
shipped to NSA and then back)
- Tordella was later involved in setting up the watch
list in 1970 for the BNDD, (Operation Minaret)
- LPMEDLEY was code name, of a television tape
processing shop (reminiscent of "Man from U.N.C.L.E."
- but NSA had too move away later
- 5/15/75 Operation Shamrock officially terminated
+ 10/1/73 AG Elliot Richardson orders FBI and SS to
stop requesting NSA surveillance material
- NSA agreed to stop providing this, but didn't tell
Richardson about Shamrock or Minaret
- however, events of this year (1973) marked the end of
Minaret
- Abzug committee prompted by New York Daily News report,
7/22/75, that NSA and FBI had been monitoring
commercial cable traffic (Operation Shamrock)
+ 6/30/76 175 page report on Justice Dept.
investigation of Shamrock and Minaret
- only 2 copies prepared, classified TOP SECRET UMBRA,
HANDLE VIA COMINT CHANNELS ONLY
+ 3/4/77 Justice Dept. recommends against prosecution
of any NSA or FBI personnel over Operations Shamrock
and Minaret
- decided that NSCID No. 9 (aka No. 6) gave NSA
sufficient leeway
+ the NSA program, begun in August 1945, to monitor all
telegrams entering or leaving the U.S.
- reminiscent of Yardley's arrangements in the 1920s
(and probably some others)
- known only to Louis Tordella and agents involved
- compartmentalization
+ Plot Links of Operation Shamrock to Operation Ultra
Black
- many links, from secrecy, compartmentalization, and
illegality to the methods used and the subversion of
government power
- "Shamrock was blown...Ultra Black burrowed even
deeper."
+ NSA, FBI, and surveillance of Cuban sympathizers
- "watch list" used
- were there links to Meyer Lansky and Trafficante via
the JFK-Mafia connection?
- various Watergate break-in connections (Cubans used)
- Hoover ended black-bag operations in 1967-8
+ NSA, FBI, and Dissenters (COINTELPRO-type activities)
+ 10/20/67 NSA is asked to begin collecting information
related to civil disturbances, war protesters, etc.
- Army Intelligence, Secret Service, CIA, FBI, DIA were
all involved
- arguably, this continues (given the success of FBI
and Secret Service in heading off major acts of
terrorism and attempted assassinations)
+ Huston Plan and Related Plans (1970-71)
- 7/19/66 Hoover unofficially terminates black bag
operations
+ 1/6/67 Hoover officially terminates black bag
operations
- fearing blowback, concerned about his place in
history
+ 6/20/69 Tom C. Huston recommends increased
intelligence activity on dissent
- memo to NSA, CIA, DIA, FBI
- this later becomes basis of Huston Plan
+ 6/5/70 Meeting at White House to prepare for Huston
Plan; Interagency Committee on Intelligence (Ad Hoc),
ICI
- Nixon, Huston, Ehrlichman, Haldeman, Noel Gayler of
NSA. Richard Helms of CIA, J. Edgar Hoover of FBI,
Donald V. Bennett of DIA
- William Sullivan of FBI named to head ICI
+ NSA enthusiastically supported ICI
- PROD named Benson Buffham as liaison
- sought increased surreptitious entries and
elimination of legal restrictions on domestic
surveillance (not that they had felt bound by
legalisms)
- recipients to be on "Bigot List" and with even more
security than traditional TOP SECRET, HANDLE VIA
COMINT CHANNELS ONLY
-
+ 7/23/70 Huston Plan circulated
- 43 pages, entitled Domestic Intelligence Gathering
Plan: Analysis and Stategy
- urged increased surreptitious entries (for codes,
ciphers, plans, membership lists)
- targeting of embassies
+ 7/27/70 Huston Plan cancelled
- pressure by Attorney General John Mitchell
- and perhaps by Hoover
- Huston demoted; he resigned a year later
- but the Plan was not really dead...perhaps Huston's
mistake was in being young and vocal and making the
report too visible and not deniable enough
+ 12/3/70 Intelligence Evaluation Committee (IEC) meets
(Son-of-Huston Plan)
- John Dean arranged it in fall of '70
- Robert C. Mardian, Assistant AG for Internal Security
headed up the IEC
- Benson Buffham of NSA/PROD, James Jesus Angleton of
CIA, George Moore from FBI, Col. John Downie from DOD
- essentially adopted all of Huston Plan
+ 1/26/71 NSA issues NSA Contribution to Domestic
Intelligence (as part of IEC)
- increased scope of surveillance related to drugs (via
BNDD and FBI), foreign nationals
- "no indication of origin" on generated material
- full compartmentalization, NSA to ensure compliance
+ 8/4/71 G. Gordon Liddy attends IEC meeting, to get
them to investigate leaks of Pentagon Papers
- channel from NSA/PROD to Plumber's Unit in White
House, bypassing other agencies
+ 6/7/73 New York Times reveals details of Huston Plan
- full text published
- trials of Weatherman jeopardized and ultimately
derailed it
+ 10/1/73 AG Elliot Richardson orders FBI and SS to
stop requesting NSA surveillance material
- NSA agreed to stop providing this, but didn't tell
Richardson about Shamrock or Minaret
- however, events of this year (1973) marked the end of
Minaret
+ FINCEN, IRS, and Other Economic Surveillance
- set up in Arlington as a group to monitor the flows of
money and information
+ eventually these groups will see the need to actively
hack into computer systems used by various groups that
are under investigation
- ties to the death of Alan Standorf? (Vint Hill)
- Casolaro, Riconosciutto
11.3.6. "Does the government want to monitor economic transactions?"
- Incontrovertibly, they _want_ to. Whether they have actual
plans to do so is more debatable. The Clipper and Digital
Telephony proposals are but two of the indications they
have great plans laid to ensure their surveillance
capabilities are maintained and extended.
- The government will get increasingly panicky as more Net
commerce develops, as trade moves offshore, and as
encryption spreads.
11.3.7. A danger of the surveillance society: You can't hide
- seldom discussed as a concern
- no escape valve, no place for those who made mistakes to
escape to
- (historically, this is a way for criminals to get back on a
better track--if a digital identity means their record
forever follows them, this may...)
+ A growing problem in America and other "democratic"
countries is the tendency to make mandatory what were once
voluntary choices. For example, fingerprinting children to
help in kidnapping cases may be a reasonable thing to do
voluntarily, but some school districts are planning to make
it mandatory.
- This is all part of the "Let's pass a law" mentality.
11.3.8. "Should I refuse to give my Social Security Number to those
who ask for it?"
- It's a bit off of crypto, but the question does keep coming
up on the Cypherpunks list.
- Actually, they don't even need to ask for it
anymore....it's attached to so many _other_ things that pop
up when they enter your name that it's a moot point. In
other words, the same dossiers that allow the credit card
companies to send you "preapproved credit cards" every few
days are the same dossiers that MCI, Sprint, AT&T, etc. are
using to sign you up.
11.3.9. "What is 'Privacy 101'?"
- I couldn't think of a better way to introduce the topic of
how individuals can protect their privacy, avoid
interference by the government, and (perhaps) avoid taxes.
- Duncan Frissell and Sandy Sandfort have given out a lot of
tips on this, some of them just plain common sense, some of
them more arcane.
+ They are conducting a seminar, entitled "PRIVACY 101" and
the archives of this are available by Web at:
- http://www.iquest.com/~fairgate/privacy/index.html
11.3.10. Cellular phones are trackable by region...people are getting
phone calls as they cross into new zones, "welcoming" them
- but it implies that their position is already being tracked
11.3.11. Ubiquitous use of SSNs and other personal I.D.
11.3.12. cameras that can recognize faces are placed in many public
places, e.g., airports, ports of entry, government buildings
- and even in some private places, e.g., casinos, stores that
have had problems with certain customers, banks that face
robberies, etc.
11.3.13. speculation (for the paranoids)
- covert surveillance by noninvasive detection
methods...positron emission tomography to see what part of
the brain is active (think of the paranoia possibility!)
- typically needs special compounds, but...
11.3.14. Diaries are no longer private
+ can be opened under several conditions
- subpoena in trial
- discovery in various court cases, including divorce,
custody, libel, etc.
- business dealings
- psychiatrists (under Tarasoff ruling) can have records
opened; whatever one may think of the need for crimes
confessed to shrinks to be reported, this is certainly a
new era
- Packwood diary case establishes the trend: diaries are no
longer sacrosanct
- An implication for crypto and Cypherpunks topics is that
diaries and similar records may be stored in encrypted
forms, or located in offshore locations. There may be more
and more use of offshore or encrypted records.
11.4 - U.S. Intelligence Agencies: NSA, FinCEN, CIA, DIA, NRO, FBI
11.4.1. The focus here is on U.S. agencies, for various reasons. Most
Cypherpunks are currently Americans, the NSA has a dominant
role in surveillance technology, and the U.S. is the focus of
most current crypto debate. (Britain has the GCHQ, Canada has
its own SIGINT group, the Dutch have...., France has DGSE and
so forth, and...)
11.4.2. Technically, not all are equal. And some may quibble with my
calling the FBI an "intelligence agency." All have
surveillance and monitoring functions, albeit of different
flavors.
11.4.3. "Is the NSA involved in domestic surveillance?"
+ Not completely confirmed, but much evidence that the answer
is "yes":
* previous domestic surveillance (Operation Shamrock,
telegraphs, ITT, collusion with FBI, etc.)
* reciprocal arrangements with GCHQ (U.K.)
* arrangements on Indian reservations for microwave
intercepts
* the general technology allows it (SIGINT, phone lines)
* the National Security Act of 1947, and later
clarifications and Executive Orders, makes it likely
- And the push for Digital Telephony.
11.4.4. "What will be the effects of widespread crypto use on
intelligence collection?"
- Read Bamford for some stuff on how the NSA intercepts
overseas communications, how they sold deliberately-
crippled crypto machines to Third World nations, and how
much they fear the spread of strong, essentially
unbreakable crypto. "The Puzzle Palace" was published in
1982...things have only gotten worse in this regard since.
- Statements from senior intelligence officials reflect this
concern.
- Digital dead drops will change the whole espionage game.
Information markets, data havens, untraceable e-mail...all
of these things will have a profound effect on national
security issues.
- I expect folks like Tom Clancy to be writing novels about
how U.S. national security interests are being threatened
by "unbreakable crypto." (I like some Clancy novels, but
there's no denying he is a right-winger who's openly
critical of social trends, and that he believes druggies
should be killed, the government is necessary to ward off
evil, and ordinary citizens ought not to have tools the
government can't overcome.)
11.4.5. "What will the effects of crypto on conventional espionage?"
- Massive effects; watch out for this to be cited as a reason
to ban or restrict crypto--however pointless that may be.
+ Effects:
- information markets, a la BlackNet
- digital dead drops -- why use Coke cans near oak trees
when you can put messages into files and post them
worldwide, with untraceably? (but, importantly, with a
digital signature!)
- transparency of borders
- arms trade, arms deals
- virus, weaponry
11.4.6. NSA budget
- $27 billion over 6 years, give or take
- may actually increase, despite end of Cold War
- new threats, smaller states, spread of nukes, concerns
about trade, money-laundering, etc.
- first rule of bureaucracies: they always get bigger
+ NSA-Cray Computer supercomputer
+ press release, 1994-08-17, gives some clues about the
capabilities sought by the surveillance state
- "The Cray-3/SSS will be a hybrid system capable of
vector parallel processing, scalable parallel
processing and a combination of both. The system will
consist of a dual processor 256 million word Cray-3 and
a 512,000 processor 128 million byte single instruction
multiple data (SIMD) array......SIMD arrays of one
million processors are expected to be possible using
the current version of the Processor-In-Memory (PIM)
chips developed by the Supercomputing Research Center
once the development project is completed. The PIM chip
contains 64 single-bit processors and 128 kilobyte bits
of memory. Cray Computer will package PIM chips
utilizing its advanced multiple chip module packaging
technology. The chips are manufactured by National
Semiconductor Corporation."
- This is probably the supercomputer described in the
Gunter Ahrendt report
11.4.7. FINCEN, IRS, and Other Economic Surveillance
- Financial Crimes Enforcement Network, a consortium or task
force made up of DEA, DOJ, FBI, CIA, DIA, NSA, IRS, etc.
- set up in Arlington as a group to monitor the flows of
money and information
- eventually these groups will see the need to hack into
computer systems used by various groups that are under
investigation
- Cf. "Wired," either November or December, 1993
11.4.8. "Why are so many computer service, telecom, and credit agency
companies located near U.S. intelligence agency sites?"
+ For example, the cluster of telecom and credit reporting
agencies (TRW Credit, Transunion, etc.) in and around the
McLean/Langley area of Northern Virginia (including
Herndon, Vienna, Tyson's Corner, Chantilly, etc.)
- same thing for, as I recall, various computer network
providers, such as UUCP (or whatever), America Online,
etc.
- The least conspiratorial view: because all are located near
Washington, D.C., for various regulatory, lobbying, etc.
reasons
+ The most conspiratorial view: to ensure that the
intelligence agencies have easy access to communications,
direct landlines, etc.
- credit reporting agencies need to clear identities that
are fabricated for the intelligence agencies, WitSec,
etc. (the three major credit agencies have to be
complicit in these creations, as the "ghosts" show up
immediately when past records are cross-correlated)
- As Paul Ferguson, Cypherpunk and manager at US Sprint,
puts it: "We're located in Herndon, Virginia, right
across the street from Dulles Airport and a hop, skip &
jump down the street from the new NRO office. ,-)"
[P.F., 1994-08-18]
11.4.9. Task Force 157, ONI, Kissinger, Castle Bank, Nugan Hand Bank,
CIA
11.4.10. NRO building controversy
- and an agency I hadn't seen listed until August, 1994: "The
Central Imagery Office"
11.4.11. SIGINT listening posts
+ possible monkeywrenching?
- probably too hard, even for an EMP bomb (non-nuclear,
that is)
11.4.12. "What steps is the NSA taking?"
* besides death threats against Jim Bidzos, that is
* Clipper a plan to drive competitors out (pricing, export
laws, harassment)
* cooperation with other intelligence agencies, other nations
- New World Order
* death threats were likely just a case of bullying...but
could conceivably be part of a campaign of terror--to shut
up critics or at least cause them to hesitate
11.5 - Surveillance in Other Countries
11.5.1. Partly this overlaps on the earlier discussion of crypto laws
in other countries.
11.5.2. Major Non-U.S. Surveillance Organizations
+ BnD -- Bundesnachrichtendienst
- German security service
- BND is seeking constitutional amendment, buy may not need
it, as the mere call for it told everyone what is already
existing
- "vacuum cleaner in the ether"
- Gehlen...Eastern Front Intelligence
- Pullach, outside Munchen
- they have always tried to get the approval to do domestic
spying...a key to power
+ Bundeskriminalamt (BKA) -- W. German FBI
- HQ is at Wiesbaden
- bomb blew up there when being examined, killing an
officer (related to Pan Am/Lockerbie/PFLP-GC)
- sign has double black eagles (back to back)
- BVD -- Binnenlandse Veiligheids Dienst, Dutch Internal
Security Service
+ SDECE
- French intelligence (foreign intelligence), linked to
Greepeace ship bombing in New Zealand?
- SDECE had links to the October Surprise, as some French
agents were in on the negotiations, the arms shipments
out of Marseilles and Toulon, and in meetings with
Russbacher and the others
- DST, Direction de la Surveillance du Territoire,
counterespionage arm of France (parallel to FBI)
+ DSGE, Direction GŽnŽrale de la SŽcuritŽ ExtŽriere
- provides draft deferments for those who deliver stolen
information
+ Sweden, Forsvarets Radioanstalt ("Radio Agency of the
Defense")
- cracked German communications between occupied Norway and
occupied Denmark
- Beurling, with paper and pencil only
+ Mossad, LAKAM, Israel
+ HQ in Tel Aviv, near HQ of AMAN, military intelligence
- doesn't HQ move around a lot?
- LAKAM (sp?), a supersecret Israeli intelligence
agency...was shown the PROMIS software in 1983
+ learned of the Pakistani success in building an atom bomb
and took action against the Pakistani leadership:
destruction of the plane carrying the President (Zia?)
and some U.S. experts
- Mossad knew of DIA and CIA involvement in BCCI
financing of Pakistani atom bomb efforts (and links to
other arms dealers that allowed triggers and the like
to reach Pakistan)
- revelations by Vanunu were designed to scare the Arab and
Muslim world-and to send a signal that the killing of
President Zia was to be the fate of any Pakistani leader
who continued the program
11.5.3. They are very active, though they get less publicity than do
the American CIA, NSA, FBI, etc.
11.6 - Surveillance Methods and Technology
11.6.1. (some of this gets speculative and so may not be to
everyone's liking)
11.6.2. "What is TEMPEST and what's the importance of it?"
- TEMPEST apprarently stands for nothing, and hence is not an
acronym, just a name. The all caps is the standard
spelling.
- RF emission, a set of specs for complying
- Van Eyck (or Van Eck?) radiation
+ Mostly CRTs are the concern, but also LCD panels and the
internal circuitry of the PCs, workstations, or terminals.
- "Many LCD screens can be read at a distance. The signal
is not as strong as that from the worst vdus, but it is
still considerable. I have demonstrated attacks on Zenith
laptops at 10 metres or so with an ESL 400 monitoring
receiver and a 4m dipole antenna; with a more modern
receiver, a directional antenna and a quiet RF
environment there is no reason why 100 metres should be
impossible." [Ross Anderson, Tempest Attacks on Notebook
Computers ???, comp.security.misc, 1994-08-31]
11.6.3. What are some of the New Technologies for Espionage and
Surveillance
+ Bugs
+ NSA and CIA have developed new levels of miniaturized
bugs
- e.g., passive systems that only dribble out intercepted
material when interrogated (e.g., when no bug sweeps
are underway)
- many of these new bugging technologies were used in the
John Gotti case in New York...the end of the Cold War
meant that many of these technologies became available
for use by the non-defense side
- the use of such bugging technology is a frightening
development: conversations can be heard inside sealed
houses from across streets, and all that will be
required is an obligatory warrant
+ DRAM storage of compressed speech...6-bit companded,
frequency-limited, so that 1 sec of speech takes
50Kbits, or 10K when compressed, for a total of 36 Mbits
per hour-this will fit on a single chip
- readout can be done from a "mothership" module (a
larger bug that sits in some more secure location)
- or via tight-beam lasers
+ Bugs are Mobile
- can crawl up walls, using the MIT-built technology for
microrobots
- some can even fly for short distances (a few klicks)
+ Wiretaps
- so many approaches here
- phone switches are almost totally digital (a la ESS IV)
- again, software hacks to allow wiretaps
+ Vans equipped to eavesdrop on PCs and networks
+ TEMPEST systems
+ technology is somewhat restricted, companies doing this
work are under limitations not to ship to some
customers
- no laws against shielding, of course
- these vans are justified for the "war on drugs" and
weapons proliferation controle efforts (N.E.S.T., anti-
Iraq, etc.)
+ Long-distance listening
- parabolic reflectors, noise cancellation (from any off-
axis sources), high gain amplification, phoneme analysis
- neural nets that learn the speech patterns and so can
improve clarity
+ lip-reading
- with electronically stabilized CCD imagers, 3000mm lenses
- neural net-based lip-reading programs, with learning
systems capable of improving performance
- for those in sensitive positions, the availability of new
bugging methods will accelerate the conversion to secure
systems based on encrypted telecommunications and the
avoidance of voice-based systems
11.6.4. Digital Telephony II is a major step toward easier
surveillance
11.6.5. Citizen tracking
+ the governments of the world would obviously like to trace
the movements, or at least the major movements, of their
subjects
- makes black markets a bit more difficult
- surfaces terrorists, illegal immigrants, etc. (not
perfectly)
+ allows tracking of "sex offenders"
- who often have to register with the local police,
announce to their neighbors their previous crimes, and
generally wear a scarlet letter at all times--I'm not
defending rapists and child molesters, just noting the
dangerous precedent this is setting
- because its the nature of bureaucracies to want to know
where "their" subjects are (dossier society = accounting
society...records are paramount)
+ Bill Stewart has pointed out that the national health care
systems, and the issuance of social security numbers to
children, represent a way to track the movements of
children, through hospital visits, schools, etc. Maybe even
random check points at places where children gather (malls,
schools, playgrounds, opium dens, etc.)
- children in such places are presumed to have lesser
rights, hence...
- this could all be used to track down kidnapped children,
non-custodial parents, etc.
- this could be a wedge in the door: as the children age,
the system is already in place to continue the tracking
(about the right timetable, too...start the systme this
decade and by 2010 or 2020, nearly everybody will be in
it)
- (A true paranoid would link these ideas to the child
photos many schools are requring, many local police
departments are officially assisting with, etc. A dossier
society needs mug shots on all the perps.)
- These are all reasons why governments will continue to push
for identity systems and will seek to derail efforts at
providing anonymity
+ Surveillance and Personnel Identification
+ cameras that can recognize faces are placed in many
public places, e.g., airports, ports of entry, government
buildings
- and even in some private places, e.g., casinos, stores
that have had problems with certain customers, banks
that face robberies, etc.
+ "suspicious movements detectors"
+ cameras that track movements, loitering, eye contact
with other patrons
+ neural nets used to classify behvaiors
- legal standing not needed, as these systems are
used only to trigger further surveillance, not to
prove guilt in a court of law
- example: banks have cameras, by 1998, that can
identify potential bank robbers
- camera images are sent to a central monitoring
facility, so the usual ploy of stopping the silent
alarm won't work
- airports and train stations (fears of terrorists),
other public places
11.6.6. Cellular phones are trackable by region...people are getting
phone calls as they cross into new zones, "welcoming" them
- but it implies that their position is already being tracked
11.6.7. coming surveillance, Van Eck, piracy, vans
- An interesting sign of things to come is provided in this
tale from a list member: "In Britain we have 'TV detector
Vans'. These are to detect licence evaders (you need to pay
an annual licence for the BBC channels). They are provided
by the Department of Trade and Industry. They use something
like a small minibus and use Van Eck principles. They have
two steerable detectors on the van roof so they can
triangulate. But TV shops have to notify the Government of
buyers - so that is the basic way in which licence evaders
are detected. ... I read of a case on a bulletin board
where someone did not have a TV but used a PC. He got a
knock on the door. They said he appeared to have a TV but
they could not make out what channel he was watching!
[Martin Spellman, , 1994-
0703]
- This kind of surveillance is likely to become more and more
common, and raises serious questions about what _other_
information they'll look for. Perhaps the software piracy
enforcers (Software Publishers Association) will look for
illegal copies of Microsoft Word or SimCity! (This area
needs more discussion, obviously.)
11.6.8. wiretaps
- supposed to notify targets within 90 days, unless extended
by a judge
- Foreign Intelligence Surveillance Act cases are exempt from
this (it is likely that Cypherpunks wiretapped, if they
have been, for crypto activities fall under this
case...foreigners, borders being crossed, national security
implications, etc. are all plausible reasons, under the
Act)
11.7 - Surveillance Targets
11.7.1. Things the Government May Monitor
- besides the obvious things like diplomatic cable traffic,
phone calls from and to suspected terrorists and criminals,
etc.
+ links between Congressmen and foreign embassies
- claims in NYT (c. 9-19-91) that CIA had files on
Congressmen opposing aid to Contras
+ Grow lamps for marijuana cultivation
- raids on hydroponic supply houses and seizure of mailing
lists
- records of postings to alt.drugs and alt.psychoactive
- vitamin buyers clubs
+ Energy consumption
- to spot use of grow lamps
+ but also might be refined to spot illegal aliens being
sheltered or any other household energy consumption
"inconsistent with reported uses"
- same for water, sewage, etc.
+ raw chemicals
- as with monitors on ammonium nitrate and other bomb
materials
- or feedstock for cocaine production (recall various
seizures of shipments of chemicals to Latin America)
- checkout of books, a la FBI's "Library Awareness Program"
of around 1986 or so
- attendance at key conferences, such as Hackers Conference
(could have scenes involving this), Computer Security
Conference
11.7.2. Economic Intelligence (Spying on Corporations, Foreign and
Domestic)
+ "Does the NSA use economic intelligence data obtained in
intercepts?"
- Some of us speculate that this is so, that this has been
going on since the 1960s at least. For example, Bamford
noted in 1982 that the NSA had foreknowledge of the plans
by the British to devalue the pound in the late 1970s,
and knowledge of various corporate plans.
- The NSA clears codes used by the CIA, so it seem
impossible for the NSA not to have known about CIA drug
smuggling activities. The NSA is very circumspect,
however, and rarely (or never) comments.
+ there have been calls for the government to somehow help
American business and overall competitiveness by "levelling
the playing field" via espionage
- especially as the perceived threat of the Soviet bloc
diminishes and as the perceived threat of Japan and
Germany increases
- leaders of the NSA and CIA have even talked openly about
turning to economic surveillance
+ Problems with this proposal:
- illegal
- unethical
+ who gets the intelligence information? Does NSA just call
up Apple and say "We've intercepted some message from
Taiwan that describe their plans for factories. Are you
interested?"
- the U.S. situation differs from Japan and MITI (which
is often portrayed as the model for how this ought to
work) in that we have many companies with little or no
history of obeying government recommendations
+ and foreign countries will likely learn of this espionage
and take appropriate measures
- e.g., by increasing encryption
11.7.3. War on Drugs and Money Laundering is Causing Increase in
Surveillance and Monitoring
- monitoring flows of capital, cash transactions, etc.
- cooperation with Interpol, foreign governments, even the
Soviets and KGB (or whatever becomes of them)
- new radar systems are monitoring light aircraft, boats,
etc.
11.8 - Legal Issues
11.8.1. "Can my boss monitor my work?" "Can my bankruptcy in 1980 be
used to deny me a loan?" etc.
- Libertarians have a very different set of answers than do
many others: the answer to all these questions is mostly
"yes," morally (sorry for the normative view).
11.8.2. Theme: to protect some rights, invasion of privacy is being
justified
- e.g., by forcing employer records to be turned over, or of
seizing video rental records (on the grounds of catching
sexual deviants)
- various laws about employee monitoring
11.8.3. Government ID cards, ability to fake identities
- The government uses its powers to forge credentials, with
the collusion of the major credit agencies (who obviously
see these fake identities "pop into existence full-blown."
- WitSec, FINCen, false IDs, ties to credit card companies
- DEA stings, Heidi in La Jolla, Tava, fake tax returns, fake
bank applications, fake IDs
- the "above it all" attitude is typical of this...who guards
the guardians?
- WitSec, duplicity
11.8.4. Legalities of NSA surveillance
- read Bamford for some circa 1982 poinra
- UK-USA
- ECPA
- national security exemptions
- lots of confusion; however, the laws have never had any
real influence, and I cannot imagine the NSA being sued!
11.9 - Dossiers and Data Bases
11.9.1. "The dossier never forgets"
+ any transgressions of any law in any country can be stored
indefinitely, exposing the transgressor to arrest and
detention anytime he enters a country with such a record on
him
- (This came up with regard to the British having quaint
ideas about computer security, hacking, and data privacy;
it is quite possible that an American passing through
London could be detained for some obscure violation years
in the past.)
- this is especially worrisome in a society in which legal
codes fill entire rooms and in which nearly every day
produces some violation of some law
11.9.2. "What about the privacy issues with home shopping, set-top
boxes, advertisers, and the NII?"
- Do we want our preferences in toothpaste fed into databases
so that advertisers can target us? Or that our food
purchases be correlated and analyzed by the government to
spot violations of the Dietary Health Act?
- First, laws which tell people what records they are
"allowed" to keep are wrong-headed, and lead to police
state inspections of disk drives, etc. The so-called "Data
Privacy" laws of several European nations are a nightmare.
Strong crypto makes them moot.
- Second, it is mostly up to people to protect what they want
protected, not to pass laws demanding that others protect
it for them.
- In practice, this means either use cash or make
arrangements with banks and credit card companies that will
protect privacy. Determining if they have or not is another
issue, but various ideas suggest themselves (John Gilmore
says he often joins groups under variants of his name, to
see who is selling his name to mailing lists.)
- Absent any laws which forbid them, privacy-preserving
credit card companies will likely spring up if there's a
market demand. Digital cash is an example. Other variants
abound. Cypherpunks should not allow such alternatives to
be banned, and should of course work on their own such
systems.
11.9.3. credit agencies
- TRW Credit, Transunion, Equifax
- links to WitSec
11.9.4. selling of data bases, linking of records...
- several states have admitted to selling their driver's
license data bases
11.10 - Police States and Informants
11.10.1. Police states need a sense of terror to help magnify the
power or the state, a kind of "shrechlichkeit," as the Nazis
used to call it. And lots of informants. Police states need
willing accomplices to turn in their neighbors, or even their
parents, just as little Pavel Morozov became a Hero of the
Soviet People by sending his parents to their deaths in
Stalin's labor camps for the crime of expressing negative
opinions about the glorious State.
- (The canonization of Pavel Morozov was recently repudiated
by current Russian leaders--maybe even by the late-Soviet
era leades, like Gorbachev--who pointed out the corrosive
effects of encouraging families to narc on each
other...something the U.S. has forgotten...will it be 50
years before our leaders admit that having children turn in
Daddy for using "illegal crypto" was not such a good idea?)
11.10.2. Children are encouraged in federally-mandated D.A.R.E.
programs to become Junior Narcs, narcing their parents out to
the cops and counselors who come into their schools.
11.10.3. The BATF has a toll-free line (800-ATF-GUNS) for snitching on
neighbors who one thinks are violating the federal gun laws.
(Reports are this is backfiring, as gun owners call the
number to report on local liberal politicians and gun-
grabbers.)
11.10.4. Some country we live in, eh? (Apologies to non-U.S. readers,
as always.)
11.10.5. The implications for use of crypto, for not trusting others,
etc., are clear
11.10.6. Dangers of informants
+ more than half of all IRS prosecutions arise out of tips by
spouses and ex-spouses...they have the inside dope, the
motive, and the means
- a sobering thought even in the age of crypto
+ the U.S. is increasing a society of narcs and stool
pigeons, with "CIs" (confidential informants), protected
witnesses (with phony IDs and lavish lifestyles), and with
all sorts of vague threats and promises
- in a system with tens of thousands of laws, nearly all
behavior breaks at least some laws, often unavoidably,
and hence a powerful sword hangs over everyone's head
- corrosion of trust, especially within families (DARE
program in schools encourages children to narc on their
parents who are "substance abusers"!)
11.11 - Privacy Laws
11.11.1. Will proposed privacy laws have an effect?
+ I suspect just the opposite: the tangled web of laws-part
of the totalitarian freezeout-will "marginalize" more
people and cause them to seek ways to protect their own
privacy and protect themselves from sanctions over their
actions
+ free speech vs. torts, SLAPP suits, sedition charges,
illegal research, etc.
- free speech is vanishing under a torrent of laws,
licensing requirements, and even zoning rules
+ outlawing of work on drugs, medical procedures, etc.
- against the law to disseminate information on drug use
(MDMA case at Stanford), on certain kinds of birth
control
- "If encrytion is outlawed, only outlaws will have
encryption."
+ privacy laws are already causing encryption ("file
protection") to be mandatory in many cases, as with medical
records, transmission of sensitive files, etc.
- by itself this is not in conflict with the government
requirement for tappable access, but the practical
implementation of a two-tier system-secure against
civilian tappers but readable by national security
tappers-is a nightmare and is likely impossible to
achieve
11.11.2. "Why are things like the "Data Privacy Laws" so bad?"
- Most European countries have laws that limit the collection
of computerized records, dossiers, etc., except for
approved uses (and the governments themselves and their
agents).
- Americans have no such laws. I've heard calls for this,
which I think is too bad.
- While we may not like the idea of others compiling dossiers
on us, stopping them is an even worse situation. It gives
the state the power to enter businesses, homes, and examine
computers (else it is completely unenforceable). It creates
ludicrous situations in which, say, someone making up a
computerized list of their phone contacts is compiling an
illegal database! It makes e-mail a crime (those records
that are kept).
- they are themselves major invasions of privacy
- are you going to put me in jail because I have data bases
of e-mail, Usenet posts, etc.?
- In my opinion, advocates of "privacy" are often confused
about this issue, and fail to realize that laws about
privacy often take away the privacy rights of _others_.
(Rights are rarely in conflict--contract plus self-privacy
take care of 99% of situations where rights are purported
to be in conflict.)
11.11.3. on the various "data privacy laws"
- many countries have adopted these data privacy laws,
involving restrictions on the records that can be kept, the
registration of things like mailing lists, and heavy
penalties for those found keeping computer files deemed
impermissable
- this leads to invasions of privacy....this very Cypherpunks
list would have to be "approved" by a bureaucrat in many
countries...the oportunites (and inevitabilities) of abuse
are obvious
- "There is a central contradiction running through the
dabase regulations proposed by many so-called "privacy
advocates". To be enforceable they require massive
government snooping into database activities on our
workstatins and PCs, especially the activities of many
small at-home businesses (such as mailing list
entrepreneurs who often work out of the home).
"Thus, the upshot of these so-called "privacy" regulations
is to destroy our last shreds of privacy against
government, and calm us into blindly letting even more of
the details of our personal lives into the mainframes of
the major government agencies and credit reporting
agenices, who if they aren't explicitly excepted from the
privacy laws (as is common) can simply evade them by using
offshore havesn, mutual agreements with foreign
investigators, police and intelligence agencies." [Jim
Hart, 1994-09-08]
11.11.4. "What do Cypherpunks think about this?"
+ divided minds...while no one likes being monitored, the
question is how far one can go to stop others from being
monitored
- "Data Privacy Laws" as a bad example: tramples on freedom
to write, to keep one's computer private
11.11.5. Assertions to data bases need to be checked (credit,
reputation, who said what, etc.)
- if I merely assert that Joe Blow no longer is employed, and
this spreads...
11.12 - National ID Systems
11.12.1. "National ID cards are just the driver's licenses on the
Information Superhighway." [unknown...may have been my
coining]
11.12.2. "What's the concern?"
11.12.3. Insurance and National Health Care will Produce the "National
ID" that will be Nearly Unescapable
- hospitals and doctors will have to have the card...cash
payments will evoke suspicion and may not even be feasible
11.12.4. National ID Card Arguments
- "worker's permit" (another proposal, 1994-08, that would
call for a national card authorizing work permission)
- immigration, benefit
- possible tie-in to the system being proposed by the US
Postal Service: a registry of public keys (will they also
"issue" the private-public key pair?)
- software key escrow and related ideas
- "I doubt that one would only have to "flash" your card and
be on your way. More correctly, one would have to submit
to being "scanned" and be on your way. This would also
serve to be a convienient locator tag if installed in the
toll systems and miscellaneous "security checkpoints". Why
would anyone with nothing to hide care if your every move
could be monitored? Its for your own good, right? Pretty
soon sliding your ID into slots in everyplace you go will
be common." [Korac MacArthur, comp.org.eff.talk, 1994-07-
25]
11.12.5. "What are some concerns about Universal ID Cards?"
- "Papierren, bitte! Schnell!
- that they would allow traceability to the max (as folks
used to say)... tracking of movements, erosion of privacy
- that they would be required to be used for banking
transactions, Net access, etc. (As usual, there may be
workarounds, hacks, ...)
- "is-a-person" credentially, where government gets involved
in the issuance of cryptographic keys (a la the USPS
proposal), where only "approved uses" are allowed, etc.
- timestamps, credentials
11.12.6. Postal Service trial balloon for national ID card
- "While it is true that they share technology, their intent
and purpose is very different. Chaum's proposal has as its
intent and purpose to provide and protect anonymity in
financial transactions. The intent and purpose of the US
Postal Service is to identify and authenticate you to the
government and to guarantee the traceability of all
financial transactions." [WHMurray, alt.privacy, 1994-07-
04]
11.12.7. Scenario for introduction of national ID cards
- Imagine that vehicle registrations require presentation of
this card (gotta get those illegals out of their cars, or,
more benignly, the bureaucracy simply makes the ID cars
part of their process).
- Instantly this makes those who refuse to get an ID card
unable to get valid license tags. (Enforcement is already
pretty good....I was pulled over a couple of times for
either forgetting to put my new stickers on, or for driving
with Oregon expired tags.)
+ The "National Benefits Card," for example, is then required
to get license plate tags.and maybe other things, like car
and home insurance, etc. It would be very difficult to
fight such a card, as one could not drive, could not pay
taxes ("Awhh!" I hear you say, but consider the penalties,
the tie-ins with employers, etc. You can run but you can't
hide.)
- the national ID card would presumably be tied in to
income tax filings, in various ways I won't go into here.
The Postal Service, aiming to get into this area I guess,
has floated the idea of electronic filing, ID systems,
etc.
11.12.8. Comments on national ID cards
- That some people will be able to skirt the system, or that
the system will ultimately be unenforceable, does not
lessen the concern. Things can get real tough in the
meantime.
- I see great dangers here, in tying a national ID card to
transactions we are essentially unable to avoid in this
society: driving, insurance (and let's not argue
insurance...I mean it is unavoidable in the sense of legal
issues, torts, etc.), border crossings, etc. Now how will
one file taxes without such a card if one is made mandatory
for interactions with the government? Saying "taxes are not
collectable" is not an adequate answer. They may not be
collectible for street punks and others who inhabit the
underground economy, but they sure are for most of us.
11.13 - National Health Care System Issues
11.13.1. Insurance and National Health Care will Produce the "National
ID" that will be Nearly Unescapable
- hospitals and doctors will have to have the card...cash
payments will evoke suspicion and may not even be feasible
11.13.2. I'm less worried that a pharmacist will add me to some
database he keeps than that my doctor will be instructed to
compile a dossier to government standards and then zip it off
over the Infobahn to the authorities.
11.13.3. Dangers and issues of National Health Care Plan
- tracking, national ID card
- "If you think the BATF is bad, wait until the BHCRCE goes
into action. "What is the BHCRCE?" you ask. Why, it the
Burea of Health Care Reform Compliance Enforcement - the
BATF, FBI, FDA, CIA and IRS all rolled into one." [Dave
Feustel, talk.politics.guns, 1994-08-19]
- Bill Stewart has pointed out the dangers of children having
social security numbers, of tracking systems in schools and
hospitals, etc.
11.14 - Credentials
11.14.1. This is one of the most overlooked and ignored aspects of
cryptology, especially of Chaum's work. And no one in
Cypherpunks or anywhere else is currently working on "blinded
credentials" for everyday use.
11.14.2. "Is proof of identity needed?"
- This question is debated a lot, and is important. Talk of a
national ID card (what wags call an "internal passport") is
in the air, as part of health care, welfare, and
immigration legislation. Electronic markets make this also
an issue for the ATM/smart card community. This is also
closely tied in with the nature of anonymous reamailers
(where physical identity is of course generally lacking).
+ First, "identity" can mean different things:
- Conventional View of Identity: Physical person, with
birthdate, physical characteristics, fingerprints, social
security numbers, passports, etc.--the whole cloud of
"identity" items. (Biometric.)
- Pseudonym View of Identity: Persistent personnas,
mediated with cryptography. "You are your key."
- Most of us deal with identity as a mix of these views: we
rarely check biometric credentials, but we also count on
physical clues (voice, appearance, etc.). I assume that
when I am speaking to "Duncan Frissell," whom I've never
met in person, that he is indeed Duncan Frissell. (Some
make the jump from this expectation to wanting the
government enforce this claim, that is, provided I.D.)
+ It is often claimed that physical identity is important in
order to:
- track down cheaters, welchers, contract breakes, etc.
- permit some people to engage in some transactions, and
forbid others to (age credentials, for drinking, for
example, or---less benignly--work permits in some field)
- taxation, voting, other schemes tied to physical
existence
+ But most of us conduct business with people without ever
verifying their identity credentials...mostly we take their
word that they are "Bill Stewart" or "Scott Collins," and
we never go beyond that.
- this could change as digital credentials proliferate and
as interactions cause automatic checks to be made (a
reason many of us have to support Chaum's "blinded
credentials" idea--without some crypto protections, we'll
be constantly tracked in all interactions).
+ A guiding principle: Leave this question of whether to
demand physical ID credentials up to the *parties
involved*. If Alice wants to see Bob's "is-a-person"
credential, and take his palmprint, or whatever, that's an
issue for them to work out. I see no moral reason, and
certainly no communal reason, for outsiders to interfere
and insist that ID be produced (or that ID be forbidden,
perhaps as some kind of "civil rights violation"). After
all, we interact in cyberspace, on the Cypherpunks list,
without any such external controls on identity.
- and business contracts are best negotiated locally, with
external enforcement contracted by the parties (privately-
produced law, already seen with insurance companies,
bonding agents, arbitration arrangements, etc.)
- Practically speaking, i.e., not normatively speaking,
people will find ways around identity systems. Cash is one
way, remailers are another. Enforcement of a rigid identity-
based system is difficult.
11.14.3. "Do we need "is-a-person" credentials for things like votes
on the Net?"
- That is, any sysadmin can easily create as many user
accounts as he wishes. And end users can sign up with
various services under various names. The concern is that
this Chicago-style voting (fictitious persons) may be used
to skew votes on Usenet.
- Similar concerns arise elsewhere.
- In my view, this is a mighty trivial reason to support "is-
a-person" credentials.
11.14.4. Locality, credentials, validations
+ Consider the privacy implications of something so simple as
a parking lot system. Two main approaches:
- First Approach. Cash payment. Car enters lot, driver pays
cash, a "validation" is given. No traceability exists.
(There's a small chance that one driver can give his
sticker to a new driver, and thus defraud the parking
lot. This tends not to happen, due to the inconveniences
of making a market in such stickers (coordinating with
other car, etc.) and because the sticker is relatively
inexpensive.)
- Second Approach. Billing of driver, recording of license
plates. Traceability is present, especially if the local
parking lot is tied in to credit card companies, DMV,
police, etc. (these link-ups are on the wish list of
police agencies, to further "freeze out" fugitives, child
support delinquents, and other criminals).
- These are the concerns of a society with a lot of
electronic payments but with no mechanisms for preserving
privacy. (And there is currently no great demand for this
kind of privacy, for a variety of reasons, and this
undercuts the push for anonymous credential methods.)
- An important property of true cash (gold, bank notes that
are well-trusted) is that it settles immediately, requiring
no time-binding of contracts (ability to track down the
payer and collect on a bad transaction)
11.15 - Records of all UseNet postings
11.15.1. (ditto for CompuServe, GEnie, etc.) will exist
11.15.2. "What kinds of monitoring of the Net is possible?"
- Archives of all Usenet traffic. This is already done by
commercial CD-ROm suppliers, and others, so this would be
trivial for various agencies.
- Mail archives. More problematic, as mail is ostensibly not
public. But mail passes through many sites, usually in
unencrypted form.
- Traffic analysis. Connections monitored. Telnet, ftp, e-
mail, Mosaid, and other connections.
- Filtered scans of traffic, with keyword-matched text stored
in archives.
11.15.3. Records: note that private companies can do the same thing,
except that various "right to privacy" laws may try to
interfere with this
- which causes its own constitutional privacy problems, of
course
11.15.4. "How can you expect that something you sent on the UseNet to
several thousand sites will not be potentially held against
you? You gave up any pretense of privacy when you broadcast
your opinions-and even detailed declarations of your
activities-to an audience of millions. Did you really think
that these public messages weren't being filed away? Any
private citizen would find it almost straightforward to sort
a measly several megabytes a day by keywords, names of
posters, etc." [I'm not sure if I wrote this, or if someone
else who I forgot to make a note of did]
11.15.5. this issue is already coming up: a gay programmer who was
laid-off discussed his rage on one of the gay boards and said
he was thinking of turning in his former employer for
widespread copying of Autocad software...an Autodesk employee
answered him with "You just did!"
11.15.6. corporations may use GREP and On Location-like tools to
search public nets for any discussion of themselves or their
products
- by big mouth employees, by disgruntled customers, by known
critics, etc.
- even positive remarks that may be used in advertising
(subject to various laws)
11.15.7. the 100% traceability of public postings to UseNet and other
bulletin boards is very stifling to free expression and
becomes one of the main justifications for the use of
anonymous (or pseudononymous) boards and nets
- there may be calls for laws against such compilation, as
with the British data laws, but basically there is little
that can be done when postings go to tens of thousands of
machines and are archived in perpetuity by many of these
nodes and by thousands of readers
- readers who may incorporate the material into their own
postings, etc. (hence the absurdity of the British law)
11.16 - Effects of Surveillance on the Spread of Crypto
11.16.1. Surveillance and monitoring will serve to increase the use of
encryption, at first by people with something to hide, and
then by others
- a snowballing effect
- and various government agencies will themselves use
encryption to protect their files and their privacy
11.16.2. for those in sensitive positions, the availability of new
bugging methods will accelerate the conversion to secure
systems based on encrypted telecommunications and the
avoidance of voice-based systems
11.16.3. Surveillance Trends
+ Technology is making citizen-unit surveillance more and
more trivial
+ video cameras on every street corners are technologically
easy to implement, for example
- or cameras in stores, in airports, in other public
places
- traffic cameras
- tracking of purchases with credit cards, driver's
licenses, etc.
- monitoring of computer emissions (TEMPEST issues, often a
matter of paranoid speculation)
+ interception of the Net...wiretapping, interception of
unencrypted communications, etc.
- and compilation of dossier entries based on public
postings
+ This all makes the efforts to head-off a person-tracking,
credentials-based society all the more urgent.
Monkeywrenching, sabotage, public education, and
development of alternatives are all needed.
- If the surveillance state grows as rapidly as it now
appears to be doing, more desperate measures may be
needed. Personally, I wouldn't shed any tears if
Washington, D.C. and environs got zapped with a terrorist
nuke; the innocents would be replaced quickly enough, and
the death of so many political ghouls would surely be
worth it. The destruction of Babylon.
+ We need to get the message about "blinded credentials"
(which can show some field, like age, without showing all
fields, including name and such) out there. More
radically, we need to cause people to question why
credentials are as important as many people seem to
think.
- I argue that credentials are rarely needed for mutually
agreed-upon transactions
11.17 - Loose Ends
11.17.1. USPS involvement in electronic mail, signatures,
authentication (proposed in July-August, 1994)
+ Advantages:
- many locations
- a mission already oriented toward delivery
+ Disadvantages:
- has performed terribly, compared to allowed compettion
(Federal Express, UPS, Airborne, etc.)
- it's linked to the goverment (now quasi-independent, but
not really)
- could become mandatory, or competition restricted to
certain niches (as with the package services, which
cannot have "routes" and are not allowed to compete in
the cheap letter regime)
- a large and stultified bureaucracy, with union labor
- Links to other programs (software key escrow, Digital
Telephony) not clear, but it seems likely that a quasi-
governemt agency like the USPS would be cooperative with
government, and would place limits on the crypto systems
allowed.
11.17.2. the death threats
+ An NSA official threatened to have Jim Bidzos killed if he
did not change his position on some negotiation underway.
This was reported in the newspaper and I sought
confirmation:
- "Everything reported in the Merc News is true. I am
certain that he wasnot speaking for the agency, but when
it happened he was quite serious, at least appeared to
be. There was a long silence after he made the threat,
with a staring contest. He was quite intense.
"I respect and trust the other two who were in the room
(they were shocked and literally speechless, staring into
their laps) and plan to ask NSA for a written apology and
confirmation that he was not speaking for the agency.
We'll see if I get it. If the incident made it into
their trip reports, I have a chance of getting a letter."
[jim@RSA.COM (Jim Bidzos), personal communication, posted
with permission to talk.politics.crypto, 1994-06-28]
11.17.3. False identities...cannot just be "erased" from the computer
memory banks. The web of associations, implications, rule
firings...all mean that simple removal (or insertion of a
false identity) produces discontinuities, illogical
developments, holes...history is not easily changed.