And they do all this for $20M a year. If nothing else, the NSA should win a prize for efficiency.
The cheap $20m price tag also is a big clue that the project didn't do as much as reporters say.
From what I've read (and can guess from my MI / ASA background), it's probably more like each company is required to save all the data where NSA can access it... but NSA doesn't constantly look at all of it.
Instead, they probably just do targeted searches on words, names and phone numbers that they suspect of being foreign nationals (*) engaged in terrorism planning. This would be done with the oversight of a Congressional committee and/or secret judicial panel.
To me, the major thing is that I'd like a guarantee that all general search terms become public after the minimum default classified document review period (ten years). That way, we all get to see what they were using for searches.
(*) NSA's executive charter prohibits it from general spying on American activities inside the USA. This has always been taken very seriously by the agency, partly because internal investigations are the FBI's domain.) A legal loophole being used now is the argument that this restriction doesn't apply if the person in the USA is communicating with someone outside the USA, since they CAN spy on foreign nationals.
You know he worked for NSA because he doesn't say 'the NSA', he just says 'NSA'.
"He described as formative an incident in which he claimed CIA operatives were attempting to recruit a Swiss banker to obtain secret banking information. Snowden said they achieved this by purposely getting the banker drunk and encouraging him to drive home in his car. When the banker was arrested for drunk driving, the undercover agent seeking to befriend him offered to help, and a bond was formed that led to successful recruitment."
I wonder if that was Relic - he works for UBS in Switzerland.
Judging from the video here, it really seems like they would rather this info hadn't been released. I love how they say, it's something we have to decide as a society, obviously forgetting the issue of asking beforehand not after they started the data mining:
"An intelligence source with extensive knowledge of the National Security Agency's systems told the Guardian the US complaints again China were hypocritical, because America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information.
Provided anonymity to speak critically about classified practices, the source said: "We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world."
The US likes to haul China before the international court of public opinion for "doing what we do every day", the source added."
Eric Schmidt made his position on these matters quite clear:
"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place"
so they could easily be handing over info to the intelligence agencies. I imagine the social networks and search engines will provide more info than Apple. What would they even get from Apple - popular terrorist apps and playlists? (edit: maybe iCloud data, emails etc - perhaps why their involvement was more recent)
I think the reason this NSA guy went public was for his safety rather than it being a risk. The Intelligence agencies are very dangerous organisations to cross. Even if they do as little as a setup, step out the way and a clean up. He said he knew about every member of NSA and their operations from being a systems admin. As Mission Impossible 1 showed, that's some pretty classified info they don't want to get in the open and pretty much everyone dies in the process of keeping it under wraps.
As noted in the following audio:
there is no easy answer to the balance of security and privacy. This level of surveillance has proven to be useful in stopping very bad events from taking place. At the same time, it requires a lack of certain kinds of regulation to prevent compromising security and that lack of regulation (public or mass scrutiny) creates the possibility of abuse.
The decision in finding the right balance can often be found by weighing up the extremes of the worst that can happen without it and the worst that can happen in its worst implementation. What are the abuses that can take place from an intelligence agency monitoring your every digital move and what would they miss if they didn't? For the vast majority of people, it would be nothing because posting a picture of a lolcat isn't a threat to national security (well, maybe if they have communist connotations:
for the record - hello NSA, testing, testing, I am merely presenting these for the purposes of satire, not communist affiliation)
Also, there's only so much information that can be processed and stored. The guy mentioned that storage capacity goes up rapidly but so does the volume of information.
If it's even made clear to the public what's being monitored, the people who don't want to get caught will hide where they can't be monitored as many already do.
The NSA guy obviously felt they were overstepping a boundary and recording info that could be used against people at a later date - profiles of more people than they have reason to keep - and that they have too much access to information. One of the largest dangers, as the financial services industry and intelligence agencies have demonstrated over the years is that governments come and go but the people with most of the power can stay the same. Abuses can easily go unchecked from one administration to another and even be instrumental in the change of management.
The people responsible for the global economic problems should be held accountable as everyone else would be, the people responsible for any abuses in global security should be too. But who determines the abuse and who holds them accountable? When you control money and information, it seems to be the case that you aren't accountable to anyone as history has shown.
I wonder if that was Relic - he works for UBS in Switzerland.
Isn't Relic a she?
Quote:
Judging from the video here, it really seems like they would rather this info hadn't been released. I love how they say, it's something we have to decide as a society, obviously forgetting the issue of asking beforehand not after they started the data mining:
FWIW, it's apparently not constant data mining. It's data collection, with the option to mine later on.
From his position as someone who could use the system, it might've seemed like it was constant, but that was his end user perception, from being able to request anything.
Quote:
I think the reason this NSA guy went public was for his safety rather than it being a risk. The Intelligence agencies are very dangerous organisations to cross.
Despite some silly TV shows, NSA isn't dangerous in that way. Now, the CIA can be, and if they wanted him to have an accident, going public isn't going to save him. However, that is not the American way in these cases. They'd rather get him into a closed court, find out what else he did / knew, and then throw him into prison forever.
Quote:
If it's even made clear to the public what's being monitored, the people who don't want to get caught will hide where they can't be monitored as many already do.
Yes, the last thing you want to do is give the bad guys details on how to evade detection, or even that they need to do so. Such information can be very damaging to national security.
Quote:
The NSA guy obviously felt they were overstepping a boundary and recording info that could be used against people at a later date - profiles of more people than they have reason to keep - and that they have too much access to information.
There are tens of thousands of current and past Intelligence workers who do/did their job diligently, professionally, and with an understanding of what lines not to cross even with incredible power at their disposal.
It sounds like this guy had too much easy access, and was worried by it. He sounds confused about the difference between being given powerful tools to use when necessary, and the limits he was supposed to impose on himself with those tools.
All that said, I think we really need a serious national debate on this topic, and on what we're all willing to cooperate with or not. At the least, we need more detailed information on what authorities and oversight are involved when a request is made.
FWIW, it's apparently not constant data mining. It's data collection, with the option to mine later on.
Surely there would have to be some real-time analysis (likely computerised) to flag suspect information, which would lead to a few false positives. Interestingly, Julian Assange said this 1.5 years ago (1:55):
Despite some silly TV shows, NSA isn't dangerous in that way. Now, the CIA can be, and if they wanted him to have an accident, going public isn't going to save him.
I think it would look pretty suspicious if an 'accident' happened shortly after this guy went public. He must know how the system works given that he's holed up in Hong Kong. The CIA could make it look like suicide I suppose: drug the breakfast, bypass the lock, set it up, make sure not to leave a trace.
It sounds like this guy had too much easy access, and was worried by it. He sounds confused about the difference between being given powerful tools to use when necessary, and the limits he was supposed to impose on himself with those tools.
Yeah, he sounds a bit like a lost the plot. Maybe too much covert activity drove him crazy. Pillows against the door, wearing a hood when typing passwords and he'll run out of money stuck in a hotel eventually. His job sounded pretty nice though, $200k a year of taxpayer money, living in Hawaii. There's obviously a vacancy now too.
All that said, I think we really need a serious national debate on this topic, and on what we're all willing to cooperate with or not. At the least, we need more detailed information on what authorities and oversight are involved when a request is made.
I reckon it would be difficult for the public to make a rational decision unless all the details are known and who's involved. The public might say they are happy with public data being searched like Facebook but not private emails, which might contain intimate photos but that would make illegal activity much easier. This is one of those issues where there isn't really an obvious harm to individuals who aren't doing something wrong but where the idea of being watched is unsettling and there isn't an easy answer because the ideal is both security and privacy.
At the end of the day, people are being persuaded to trust faceless organisations but they're only faceless because we don't get to see who's involved. There are always people behind the scenes that the public don't know and can't determine if they are trustworthy. I don't see how the government can assure the public they can be trusted without making the whole operation largely ineffective.
Maybe that's his cover to avoid detection. Pretty effective. It was a bit of a long shot, I imagine Switzerland has quite a few bankers.
Surely there would have to be some real-time analysis (likely computerised) to flag suspect information, which would lead to a few false positives. Interestingly, Julian Assange said this 1.5 years ago (1:55):
I think it would look pretty suspicious if an 'accident' happened shortly after this guy went public. He must know how the system works given that he's holed up in Hong Kong. The CIA could make it look like suicide I suppose: drug the breakfast, bypass the lock, set it up, make sure not to leave a trace.
Yeah, he sounds a bit like a lost the plot. Maybe too much covert activity drove him crazy. Pillows against the door, wearing a hood when typing passwords and he'll run out of money stuck in a hotel eventually. His job sounded pretty nice though, $200k a year of taxpayer money, living in Hawaii. There's obviously a vacancy now too.
I reckon it would be difficult for the public to make a rational decision unless all the details are known and who's involved. The public might say they are happy with public data being searched like Facebook but not private emails, which might contain intimate photos but that would make illegal activity much easier. This is one of those issues where there isn't really an obvious harm to individuals who aren't doing something wrong but where the idea of being watched is unsettling and there isn't an easy answer because the ideal is both security and privacy.
At the end of the day, people are being persuaded to trust faceless organisations but they're only faceless because we don't get to see who's involved. There are always people behind the scenes that the public don't know and can't determine if they are trustworthy. I don't see how the government can assure the public they can be trusted without making the whole operation largely ineffective.
I think therein lies the rub.....
If you shine the light on it and inspect it closely....have public debate...and bring it all to the light of day.....then it will make it ineffective.
Has anyone see the TV show Elementary? I think some of the capability exist today.....i think there are supercomputers scanning all things and looking for keywords shapes pictures faces. If those things adhere to built in programmed triggers then more data is collected or investigated. Of course that is just my opinion with nothing to back that up.....
I work for fortune 500 investing firm. I work in data protection and access to data. We protect Non Public Information(NPI) through constant checking and scanning through analytics and various software. Every email....workstation....home drive.....every facet of an employees digital footprint and communication is included. Then based on triggers alerts are set to be followed up on....network data is quarantined access restricted.
If we have this ability on 10,000 servers and 5000 filers...then the government with unlimited resources can match this and then some....nothing is private....
Comments
Quote:
Originally Posted by DonPedro
When there is smoke - http://news.cnet.com/8301-13579_3-57507165-37/why-the-apple-fbi-and-antisec-udid-debacle-wont-go-away/
That massive UDID leak was't from the FBI. It turned out to be from an app company.
That sucks.
Quote:
Originally Posted by stelligent
And they do all this for $20M a year. If nothing else, the NSA should win a prize for efficiency.
The cheap $20m price tag also is a big clue that the project didn't do as much as reporters say.
From what I've read (and can guess from my MI / ASA background), it's probably more like each company is required to save all the data where NSA can access it... but NSA doesn't constantly look at all of it.
Instead, they probably just do targeted searches on words, names and phone numbers that they suspect of being foreign nationals (*) engaged in terrorism planning. This would be done with the oversight of a Congressional committee and/or secret judicial panel.
To me, the major thing is that I'd like a guarantee that all general search terms become public after the minimum default classified document review period (ten years). That way, we all get to see what they were using for searches.
(*) NSA's executive charter prohibits it from general spying on American activities inside the USA. This has always been taken very seriously by the agency, partly because internal investigations are the FBI's domain.) A legal loophole being used now is the argument that this restriction doesn't apply if the person in the USA is communicating with someone outside the USA, since they CAN spy on foreign nationals.
FANTASTIC interview with the ex-NSA guy who leaked the PRSIM program (Edward Snowden).
http://www.guardian.co.uk/world/video/2013/jun/09/nsa-whistleblower-edward-snowden-interview-video
You know he worked for NSA because he doesn't say 'the NSA', he just says 'NSA'.
"He described as formative an incident in which he claimed CIA operatives were attempting to recruit a Swiss banker to obtain secret banking information. Snowden said they achieved this by purposely getting the banker drunk and encouraging him to drive home in his car. When the banker was arrested for drunk driving, the undercover agent seeking to befriend him offered to help, and a bond was formed that led to successful recruitment."
I wonder if that was Relic - he works for UBS in Switzerland.
Judging from the video here, it really seems like they would rather this info hadn't been released. I love how they say, it's something we have to decide as a society, obviously forgetting the issue of asking beforehand not after they started the data mining:
http://www.guardian.co.uk/world/video/2013/jun/08/obama-internet-surveillance-video
http://www.guardian.co.uk/world/2013/jun/07/obama-china-targets-cyber-overseas
"An intelligence source with extensive knowledge of the National Security Agency's systems told the Guardian the US complaints again China were hypocritical, because America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information.
Provided anonymity to speak critically about classified practices, the source said: "We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world."
The US likes to haul China before the international court of public opinion for "doing what we do every day", the source added."
Eric Schmidt made his position on these matters quite clear:
"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place"
so they could easily be handing over info to the intelligence agencies. I imagine the social networks and search engines will provide more info than Apple. What would they even get from Apple - popular terrorist apps and playlists? (edit: maybe iCloud data, emails etc - perhaps why their involvement was more recent)
I think the reason this NSA guy went public was for his safety rather than it being a risk. The Intelligence agencies are very dangerous organisations to cross. Even if they do as little as a setup, step out the way and a clean up. He said he knew about every member of NSA and their operations from being a systems admin. As Mission Impossible 1 showed, that's some pretty classified info they don't want to get in the open and pretty much everyone dies in the process of keeping it under wraps.
As noted in the following audio:
there is no easy answer to the balance of security and privacy. This level of surveillance has proven to be useful in stopping very bad events from taking place. At the same time, it requires a lack of certain kinds of regulation to prevent compromising security and that lack of regulation (public or mass scrutiny) creates the possibility of abuse.
The decision in finding the right balance can often be found by weighing up the extremes of the worst that can happen without it and the worst that can happen in its worst implementation. What are the abuses that can take place from an intelligence agency monitoring your every digital move and what would they miss if they didn't? For the vast majority of people, it would be nothing because posting a picture of a lolcat isn't a threat to national security (well, maybe if they have communist connotations:
for the record - hello NSA, testing, testing, I am merely presenting these for the purposes of satire, not communist affiliation)
Also, there's only so much information that can be processed and stored. The guy mentioned that storage capacity goes up rapidly but so does the volume of information.
If it's even made clear to the public what's being monitored, the people who don't want to get caught will hide where they can't be monitored as many already do.
The NSA guy obviously felt they were overstepping a boundary and recording info that could be used against people at a later date - profiles of more people than they have reason to keep - and that they have too much access to information. One of the largest dangers, as the financial services industry and intelligence agencies have demonstrated over the years is that governments come and go but the people with most of the power can stay the same. Abuses can easily go unchecked from one administration to another and even be instrumental in the change of management.
The people responsible for the global economic problems should be held accountable as everyone else would be, the people responsible for any abuses in global security should be too. But who determines the abuse and who holds them accountable? When you control money and information, it seems to be the case that you aren't accountable to anyone as history has shown.
Quote:
Originally Posted by Marvin
I wonder if that was Relic - he works for UBS in Switzerland.
Isn't Relic a she?
Quote:
Judging from the video here, it really seems like they would rather this info hadn't been released. I love how they say, it's something we have to decide as a society, obviously forgetting the issue of asking beforehand not after they started the data mining:
FWIW, it's apparently not constant data mining. It's data collection, with the option to mine later on.
From his position as someone who could use the system, it might've seemed like it was constant, but that was his end user perception, from being able to request anything.
Quote:
I think the reason this NSA guy went public was for his safety rather than it being a risk. The Intelligence agencies are very dangerous organisations to cross.
Despite some silly TV shows, NSA isn't dangerous in that way. Now, the CIA can be, and if they wanted him to have an accident, going public isn't going to save him. However, that is not the American way in these cases. They'd rather get him into a closed court, find out what else he did / knew, and then throw him into prison forever.
Quote:
If it's even made clear to the public what's being monitored, the people who don't want to get caught will hide where they can't be monitored as many already do.
Yes, the last thing you want to do is give the bad guys details on how to evade detection, or even that they need to do so. Such information can be very damaging to national security.
Quote:
The NSA guy obviously felt they were overstepping a boundary and recording info that could be used against people at a later date - profiles of more people than they have reason to keep - and that they have too much access to information.
There are tens of thousands of current and past Intelligence workers who do/did their job diligently, professionally, and with an understanding of what lines not to cross even with incredible power at their disposal.
It sounds like this guy had too much easy access, and was worried by it. He sounds confused about the difference between being given powerful tools to use when necessary, and the limits he was supposed to impose on himself with those tools.
All that said, I think we really need a serious national debate on this topic, and on what we're all willing to cooperate with or not. At the least, we need more detailed information on what authorities and oversight are involved when a request is made.
Maybe that's his cover to avoid detection. Pretty effective. It was a bit of a long shot, I imagine Switzerland has quite a few bankers.
Surely there would have to be some real-time analysis (likely computerised) to flag suspect information, which would lead to a few false positives. Interestingly, Julian Assange said this 1.5 years ago (1:55):
[VIDEO]
I think it would look pretty suspicious if an 'accident' happened shortly after this guy went public. He must know how the system works given that he's holed up in Hong Kong. The CIA could make it look like suicide I suppose: drug the breakfast, bypass the lock, set it up, make sure not to leave a trace.
Yeah, he sounds a bit like a lost the plot. Maybe too much covert activity drove him crazy. Pillows against the door, wearing a hood when typing passwords and he'll run out of money stuck in a hotel eventually. His job sounded pretty nice though, $200k a year of taxpayer money, living in Hawaii. There's obviously a vacancy now too.
I reckon it would be difficult for the public to make a rational decision unless all the details are known and who's involved. The public might say they are happy with public data being searched like Facebook but not private emails, which might contain intimate photos but that would make illegal activity much easier. This is one of those issues where there isn't really an obvious harm to individuals who aren't doing something wrong but where the idea of being watched is unsettling and there isn't an easy answer because the ideal is both security and privacy.
At the end of the day, people are being persuaded to trust faceless organisations but they're only faceless because we don't get to see who's involved. There are always people behind the scenes that the public don't know and can't determine if they are trustworthy. I don't see how the government can assure the public they can be trusted without making the whole operation largely ineffective.
Quote:
Originally Posted by Marvin
Maybe that's his cover to avoid detection. Pretty effective. It was a bit of a long shot, I imagine Switzerland has quite a few bankers.
Surely there would have to be some real-time analysis (likely computerised) to flag suspect information, which would lead to a few false positives. Interestingly, Julian Assange said this 1.5 years ago (1:55):
I think it would look pretty suspicious if an 'accident' happened shortly after this guy went public. He must know how the system works given that he's holed up in Hong Kong. The CIA could make it look like suicide I suppose: drug the breakfast, bypass the lock, set it up, make sure not to leave a trace.
Yeah, he sounds a bit like a lost the plot. Maybe too much covert activity drove him crazy. Pillows against the door, wearing a hood when typing passwords and he'll run out of money stuck in a hotel eventually. His job sounded pretty nice though, $200k a year of taxpayer money, living in Hawaii. There's obviously a vacancy now too.
I reckon it would be difficult for the public to make a rational decision unless all the details are known and who's involved. The public might say they are happy with public data being searched like Facebook but not private emails, which might contain intimate photos but that would make illegal activity much easier. This is one of those issues where there isn't really an obvious harm to individuals who aren't doing something wrong but where the idea of being watched is unsettling and there isn't an easy answer because the ideal is both security and privacy.
At the end of the day, people are being persuaded to trust faceless organisations but they're only faceless because we don't get to see who's involved. There are always people behind the scenes that the public don't know and can't determine if they are trustworthy. I don't see how the government can assure the public they can be trusted without making the whole operation largely ineffective.
I think therein lies the rub.....
If you shine the light on it and inspect it closely....have public debate...and bring it all to the light of day.....then it will make it ineffective.
Has anyone see the TV show Elementary? I think some of the capability exist today.....i think there are supercomputers scanning all things and looking for keywords shapes pictures faces. If those things adhere to built in programmed triggers then more data is collected or investigated. Of course that is just my opinion with nothing to back that up.....
I work for fortune 500 investing firm. I work in data protection and access to data. We protect Non Public Information(NPI) through constant checking and scanning through analytics and various software. Every email....workstation....home drive.....every facet of an employees digital footprint and communication is included. Then based on triggers alerts are set to be followed up on....network data is quarantined access restricted.
If we have this ability on 10,000 servers and 5000 filers...then the government with unlimited resources can match this and then some....nothing is private....