Well we know for a fact that this list is monitored, from past events involving the Secret Service, not sure if you were around back then.
Like I said earlier, I don't see CISPA adding anything to useful to the mix, but I would hazard to guess they think that through filtering and other data mining techniques they will get hits on useful information, patterns and the like, that they can turn into actionable intelligence. With the increase of computing power, and the ability to search not just text but sound and visual stimuli, I imagine that they think they will make us safer both in terms of IT security and physical security. the thing is, we really aren't all that threatened, and I personally don't want to give up my civil rights for safety. It's a losing bet. Terror groups are going to find new attack vectors, new communications lines, that will then be outside the scope of these provisions. I don't know what the answer is, but it isn't CISPA. Obama is making a lot of noise that he's going to veto it, so we'll see. He said the same about the NDAA, said the same about renewing the expiring provisions of the Patriot Act, and we saw what happened in both of those instances. The man cannot keep his word about anything. His campaign promises meant nothing. He has continued so many of the programs of the Bush administration that he vowed to do away with. We're still in Afghanistan, still have Gitmo open. We still have forces in Iraq, even though we claim we don't. Redonka-donk. On Thu, Apr 26, 2012 at 11:35 AM, Dana <[email protected]> wrote: > > Sticking to the CISPA topic for a moment -- ok, it makes sense that > they would scrub the classified parts of the data. So what capability > does CISPA give anyone that they did not have before? > > Try as I might, I keep coming back to the idea that you'd draw > attention to yourself by discussing certain topics. That seems, > superficially, like it might be ok. Superficially, if someone is > saying "let's hijack an airliner and fly it into a building," seems > like you would want to know. But won't all of the other hits drown out > any useful information? It's like looking at results from a network > sniffer, I suspect. There is data there but unless your capture is > narrowly focused where the problem is definitely occurring, you can > spend days sifting through nonsense. > > And how do you trigger the intelligence attention? Since I said the > sentence myself above, does that mean that the members of this list > get scrutinized? I think we can all agree that this would not only be > an invasion of our privacy -- it would also be a huge waste of time. > The list skews fairly conservative on the whole, fairly happy with the > status quo, and even the exceptions to that are definitely not > plotting anything. Lots and lots and lots of noise for no signal. > > I am going to go off and digest your comments about intelligence > agencies which are probably well-taken, and a little outside my > current scope of knowledge. I got into network security at the > corporate end. > > > > On Thu, Apr 26, 2012 at 8:14 AM, LRS Scout <[email protected]> wrote: > > > > The way OSAC worked was that we, the Gov't side, had the clearance. > > > > We would scrub, or clean, the data that we wanted to distribute, to > ensure > > it didn't contain anything that could point to sources or methods. > > > > It's a balancing act. You don't want to disclose the source, human or > > technical, but if you can't use the information then whats the point in > > having it. Tom Clancy dealt with this heavily in the novel the Bear and > > the Dragon. > > > > I will say this much though, that I think our entire defense and > > intelligence and law enforcement industries need to be revamped. There > are > > 17 federal agencies listed as members of "intelligence community" > > http://www.intelligence.gov/about-the-intelligence-community/ > > > > That doesn't include the newly formed DCS, defense clandestine service, > nor > > does it seem to include the JSOC SMUs like the ISA (Orange) or CAG (1st > > SFOD-D) which has it's own intelligence arm. Even in the aftermath of > > Sept. 11th, information sharing is a nightmare from just an institutional > > perspective alone. > > > > Nor does that include all the various state and local law enforcement > > intelligence agencies and units, of which there are many. It's unwieldy > > and it leads to abuses. Government employees all want to see their piece > > of the pie increase, bigger budgets and more employees, empire building > is > > the norm among high level government employees. We need a way out. I > think > > it should really be paired down to three organizations. The R&I of the > > U.S. Department of State should get a huge influx of money and personnel > > for strategic international intelligence missions, the Defense Department > > should solidify it's management of all it's intelligence assets (both > > tactical and strategic) under a single roof that can only operate abroad, > > and the FBI should handle all domestic intelligence activities (primarily > > focusing on terrorism and counter-intelligence). I don't think that > local > > law enforcement should be allowed to conduct intelligence operations > > against people. Their job isn't to prevent crime, it really isn't, it's > to > > assist in the prosecution of crimes that have been committed. I mean we > > talk about balanced budgets, civil rights, privacy, all of these things > can > > be worked on by slashing budgets and doing away with huge swaths of > > personnel, whole agencies. > > > > The same kind of thing should be done for Law Enforcement as well. There > > are just too many agencies out there, too many agents, to have positive > > control. Secret service, Marshall's Service, BATFE, DEA, FBI, IRS, > > Customs, ICE, TSA, it's ridiculous and out of control. They don't talk > to > > each other anymore than their cousins in the intelligence community and > > things get missed, slip through the cracks. We are also continuing to > > prosecute things that shouldn't be crimes. Conspiracy, no actions taken, > > no crime committed, but we talked about doing something, is a crime. The > > thought police are here and they are well armed and well funded. > > > > Our deficit has increased by 5 Trillion dollars during the Obama > > administration, more than any other president even when accounting for > > inflation. Our individual liberties which have been slowly decreasing > for > > as long as we've had a government, have lately been subject to an all out > > assault, started under Bush, continued under Obama. Hell I'm nostalgic > for > > the Clinton era, even though at the time I thought it could hardly have > > been worse. > > > > I don't know, I'm just a high school drop out with a GED, and a shady > > past. Very few people are going to give what I have to say any credence, > > but I have been lucky. I've had friends and associates in all the major > > arms of the Defense and Intelligence communities, and I've seen a lot > over > > the years. I had spent most of my adult life working in these domains, > and > > to be honest was scared and amazed at the incompetency, the self > interest, > > and the lack of a singular vision or or goal within them. > > > > I don't know what the answer is. People are talking about it at all > > levels, but nothing is going to change without some very painful and deep > > cuts. People need to lose their jobs and be censured. Some people > > probably need to go to prison. I doubt it's going to happen though. > > > > On Thu, Apr 26, 2012 at 10:23 AM, Dana <[email protected]> wrote: > > > >> > >> Yes. I thought the part about needing to crowdsource to even identify > >> the language was interesting too. I see your point, Tim, that > >> something like stuxnet might require a source to be protected -- > >> except that stuxnet is widely discussed at security conferences and > >> apparently is not classified. Of course since I don't have a clearance > >> perhaps I am just displaying my ignorance, but I don't think it's ok > >> to meekly accept assertions of a national security need either. We see > >> how that worked out with the Patriot Act, right? > >> > >> I am still struggling with a use case for CISPA here. So, just as a > >> thought experiment, are we saying that the CIA or the NSA or somebody > >> might get information in some way where a source needs to be > >> protected, so they classify the information, but but but they still > >> share the information with businesses? Except it's classified. So are > >> they going to require that companies have someone with a clearance? Or > >> are they disclosing anyway? That's the way it reads to me. So what > >> about protecting sources? I just don't get it and it feels like they > >> are trying to baffle us with bullshit. > >> > >> On Wed, Apr 25, 2012 at 8:40 PM, LRS Scout <[email protected]> wrote: > >> > > >> > Yeah it's slick as shit. > >> > > >> > Somebody's got some sharp people on the pay roll. > >> > > >> > On Wed, Apr 25, 2012 at 11:33 PM, Judah McAuley <[email protected] > >> >wrote: > >> > > >> >> > >> >> That's interesting, I had not heard of Duqu. Looks like it might be a > >> >> recon virus to analyze targets for future attacks. Out of all the > >> >> signatures, the fact that it removes itself after a configurable > >> >> number of days is the scariest to me. The authors obviously want to > >> >> get it, find things out, then get out without being detected. Classic > >> >> espionage and recon. > >> >> > >> >> Judah > >> >> > >> >> On Wed, Apr 25, 2012 at 7:57 PM, LRS Scout <[email protected]> > wrote: > >> >> > > >> >> > Duqu is likely the same sort of situation. > >> >> > > >> >> > Good example. > >> >> > > >> >> > >> >> > >> > > >> > > >> > >> > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:350270 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
