Sticking to the CISPA topic for a moment -- ok, it makes sense that they would scrub the classified parts of the data. So what capability does CISPA give anyone that they did not have before?
Try as I might, I keep coming back to the idea that you'd draw attention to yourself by discussing certain topics. That seems, superficially, like it might be ok. Superficially, if someone is saying "let's hijack an airliner and fly it into a building," seems like you would want to know. But won't all of the other hits drown out any useful information? It's like looking at results from a network sniffer, I suspect. There is data there but unless your capture is narrowly focused where the problem is definitely occurring, you can spend days sifting through nonsense. And how do you trigger the intelligence attention? Since I said the sentence myself above, does that mean that the members of this list get scrutinized? I think we can all agree that this would not only be an invasion of our privacy -- it would also be a huge waste of time. The list skews fairly conservative on the whole, fairly happy with the status quo, and even the exceptions to that are definitely not plotting anything. Lots and lots and lots of noise for no signal. I am going to go off and digest your comments about intelligence agencies which are probably well-taken, and a little outside my current scope of knowledge. I got into network security at the corporate end. On Thu, Apr 26, 2012 at 8:14 AM, LRS Scout <[email protected]> wrote: > > The way OSAC worked was that we, the Gov't side, had the clearance. > > We would scrub, or clean, the data that we wanted to distribute, to ensure > it didn't contain anything that could point to sources or methods. > > It's a balancing act. You don't want to disclose the source, human or > technical, but if you can't use the information then whats the point in > having it. Tom Clancy dealt with this heavily in the novel the Bear and > the Dragon. > > I will say this much though, that I think our entire defense and > intelligence and law enforcement industries need to be revamped. There are > 17 federal agencies listed as members of "intelligence community" > http://www.intelligence.gov/about-the-intelligence-community/ > > That doesn't include the newly formed DCS, defense clandestine service, nor > does it seem to include the JSOC SMUs like the ISA (Orange) or CAG (1st > SFOD-D) which has it's own intelligence arm. Even in the aftermath of > Sept. 11th, information sharing is a nightmare from just an institutional > perspective alone. > > Nor does that include all the various state and local law enforcement > intelligence agencies and units, of which there are many. It's unwieldy > and it leads to abuses. Government employees all want to see their piece > of the pie increase, bigger budgets and more employees, empire building is > the norm among high level government employees. We need a way out. I think > it should really be paired down to three organizations. The R&I of the > U.S. Department of State should get a huge influx of money and personnel > for strategic international intelligence missions, the Defense Department > should solidify it's management of all it's intelligence assets (both > tactical and strategic) under a single roof that can only operate abroad, > and the FBI should handle all domestic intelligence activities (primarily > focusing on terrorism and counter-intelligence). I don't think that local > law enforcement should be allowed to conduct intelligence operations > against people. Their job isn't to prevent crime, it really isn't, it's to > assist in the prosecution of crimes that have been committed. I mean we > talk about balanced budgets, civil rights, privacy, all of these things can > be worked on by slashing budgets and doing away with huge swaths of > personnel, whole agencies. > > The same kind of thing should be done for Law Enforcement as well. There > are just too many agencies out there, too many agents, to have positive > control. Secret service, Marshall's Service, BATFE, DEA, FBI, IRS, > Customs, ICE, TSA, it's ridiculous and out of control. They don't talk to > each other anymore than their cousins in the intelligence community and > things get missed, slip through the cracks. We are also continuing to > prosecute things that shouldn't be crimes. Conspiracy, no actions taken, > no crime committed, but we talked about doing something, is a crime. The > thought police are here and they are well armed and well funded. > > Our deficit has increased by 5 Trillion dollars during the Obama > administration, more than any other president even when accounting for > inflation. Our individual liberties which have been slowly decreasing for > as long as we've had a government, have lately been subject to an all out > assault, started under Bush, continued under Obama. Hell I'm nostalgic for > the Clinton era, even though at the time I thought it could hardly have > been worse. > > I don't know, I'm just a high school drop out with a GED, and a shady > past. Very few people are going to give what I have to say any credence, > but I have been lucky. I've had friends and associates in all the major > arms of the Defense and Intelligence communities, and I've seen a lot over > the years. I had spent most of my adult life working in these domains, and > to be honest was scared and amazed at the incompetency, the self interest, > and the lack of a singular vision or or goal within them. > > I don't know what the answer is. People are talking about it at all > levels, but nothing is going to change without some very painful and deep > cuts. People need to lose their jobs and be censured. Some people > probably need to go to prison. I doubt it's going to happen though. > > On Thu, Apr 26, 2012 at 10:23 AM, Dana <[email protected]> wrote: > >> >> Yes. I thought the part about needing to crowdsource to even identify >> the language was interesting too. I see your point, Tim, that >> something like stuxnet might require a source to be protected -- >> except that stuxnet is widely discussed at security conferences and >> apparently is not classified. Of course since I don't have a clearance >> perhaps I am just displaying my ignorance, but I don't think it's ok >> to meekly accept assertions of a national security need either. We see >> how that worked out with the Patriot Act, right? >> >> I am still struggling with a use case for CISPA here. So, just as a >> thought experiment, are we saying that the CIA or the NSA or somebody >> might get information in some way where a source needs to be >> protected, so they classify the information, but but but they still >> share the information with businesses? Except it's classified. So are >> they going to require that companies have someone with a clearance? Or >> are they disclosing anyway? That's the way it reads to me. So what >> about protecting sources? I just don't get it and it feels like they >> are trying to baffle us with bullshit. >> >> On Wed, Apr 25, 2012 at 8:40 PM, LRS Scout <[email protected]> wrote: >> > >> > Yeah it's slick as shit. >> > >> > Somebody's got some sharp people on the pay roll. >> > >> > On Wed, Apr 25, 2012 at 11:33 PM, Judah McAuley <[email protected] >> >wrote: >> > >> >> >> >> That's interesting, I had not heard of Duqu. Looks like it might be a >> >> recon virus to analyze targets for future attacks. Out of all the >> >> signatures, the fact that it removes itself after a configurable >> >> number of days is the scariest to me. The authors obviously want to >> >> get it, find things out, then get out without being detected. Classic >> >> espionage and recon. >> >> >> >> Judah >> >> >> >> On Wed, Apr 25, 2012 at 7:57 PM, LRS Scout <[email protected]> wrote: >> >> > >> >> > Duqu is likely the same sort of situation. >> >> > >> >> > Good example. >> >> > >> >> >> >> >> > >> > >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:350269 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
