CSC and SAIC, not surprised at all. On Thu, Apr 26, 2012 at 10:53 PM, Dana <[email protected]> wrote:
> > not that this is surprising but assuming that any of the following is > true, here's the answer to my last question. It sounds plausible but > I'd normally check when Alternet is a source. No time right now > though. > > > http://www.alternet.org/story/154977/revealed%3A_cispa_--_internet_spying_law_--_pushed_by_for-profit_spy_lobby?page=entire > > On Thu, Apr 26, 2012 at 11:35 AM, Dana <[email protected]> wrote: > > I was around. Although they would not need to monitor the list > > specifically, just set up some google alerts.... > > > > I think that the legislators trying to pass the bill may in good faith > > believe that they are improving security. Why do they think that, is > > my question and why are they being encouraged to think that by people > > who should know better? > > > > On Thu, Apr 26, 2012 at 8:49 AM, LRS Scout <[email protected]> wrote: > >> > >> Well we know for a fact that this list is monitored, from past events > >> involving the Secret Service, not sure if you were around back then. > >> > >> Like I said earlier, I don't see CISPA adding anything to useful to the > >> mix, but I would hazard to guess they think that through filtering and > >> other data mining techniques they will get hits on useful information, > >> patterns and the like, that they can turn into actionable intelligence. > >> > >> With the increase of computing power, and the ability to search not just > >> text but sound and visual stimuli, I imagine that they think they will > make > >> us safer both in terms of IT security and physical security. the thing > is, > >> we really aren't all that threatened, and I personally don't want to > give > >> up my civil rights for safety. It's a losing bet. Terror groups are > going > >> to find new attack vectors, new communications lines, that will then be > >> outside the scope of these provisions. > >> > >> I don't know what the answer is, but it isn't CISPA. > >> > >> Obama is making a lot of noise that he's going to veto it, so we'll see. > >> He said the same about the NDAA, said the same about renewing the > expiring > >> provisions of the Patriot Act, and we saw what happened in both of those > >> instances. The man cannot keep his word about anything. His campaign > >> promises meant nothing. He has continued so many of the programs of the > >> Bush administration that he vowed to do away with. We're still in > >> Afghanistan, still have Gitmo open. We still have forces in Iraq, even > >> though we claim we don't. > >> > >> Redonka-donk. > >> > >> On Thu, Apr 26, 2012 at 11:35 AM, Dana <[email protected]> wrote: > >> > >>> > >>> Sticking to the CISPA topic for a moment -- ok, it makes sense that > >>> they would scrub the classified parts of the data. So what capability > >>> does CISPA give anyone that they did not have before? > >>> > >>> Try as I might, I keep coming back to the idea that you'd draw > >>> attention to yourself by discussing certain topics. That seems, > >>> superficially, like it might be ok. Superficially, if someone is > >>> saying "let's hijack an airliner and fly it into a building," seems > >>> like you would want to know. But won't all of the other hits drown out > >>> any useful information? It's like looking at results from a network > >>> sniffer, I suspect. There is data there but unless your capture is > >>> narrowly focused where the problem is definitely occurring, you can > >>> spend days sifting through nonsense. > >>> > >>> And how do you trigger the intelligence attention? Since I said the > >>> sentence myself above, does that mean that the members of this list > >>> get scrutinized? I think we can all agree that this would not only be > >>> an invasion of our privacy -- it would also be a huge waste of time. > >>> The list skews fairly conservative on the whole, fairly happy with the > >>> status quo, and even the exceptions to that are definitely not > >>> plotting anything. Lots and lots and lots of noise for no signal. > >>> > >>> I am going to go off and digest your comments about intelligence > >>> agencies which are probably well-taken, and a little outside my > >>> current scope of knowledge. I got into network security at the > >>> corporate end. > >>> > >>> > >>> > >>> On Thu, Apr 26, 2012 at 8:14 AM, LRS Scout <[email protected]> wrote: > >>> > > >>> > The way OSAC worked was that we, the Gov't side, had the clearance. > >>> > > >>> > We would scrub, or clean, the data that we wanted to distribute, to > >>> ensure > >>> > it didn't contain anything that could point to sources or methods. > >>> > > >>> > It's a balancing act. You don't want to disclose the source, human > or > >>> > technical, but if you can't use the information then whats the point > in > >>> > having it. Tom Clancy dealt with this heavily in the novel the Bear > and > >>> > the Dragon. > >>> > > >>> > I will say this much though, that I think our entire defense and > >>> > intelligence and law enforcement industries need to be revamped. > There > >>> are > >>> > 17 federal agencies listed as members of "intelligence community" > >>> > http://www.intelligence.gov/about-the-intelligence-community/ > >>> > > >>> > That doesn't include the newly formed DCS, defense clandestine > service, > >>> nor > >>> > does it seem to include the JSOC SMUs like the ISA (Orange) or CAG > (1st > >>> > SFOD-D) which has it's own intelligence arm. Even in the aftermath > of > >>> > Sept. 11th, information sharing is a nightmare from just an > institutional > >>> > perspective alone. > >>> > > >>> > Nor does that include all the various state and local law enforcement > >>> > intelligence agencies and units, of which there are many. It's > unwieldy > >>> > and it leads to abuses. Government employees all want to see their > piece > >>> > of the pie increase, bigger budgets and more employees, empire > building > >>> is > >>> > the norm among high level government employees. We need a way out. I > >>> think > >>> > it should really be paired down to three organizations. The R&I of > the > >>> > U.S. Department of State should get a huge influx of money and > personnel > >>> > for strategic international intelligence missions, the Defense > Department > >>> > should solidify it's management of all it's intelligence assets (both > >>> > tactical and strategic) under a single roof that can only operate > abroad, > >>> > and the FBI should handle all domestic intelligence activities > (primarily > >>> > focusing on terrorism and counter-intelligence). I don't think that > >>> local > >>> > law enforcement should be allowed to conduct intelligence operations > >>> > against people. Their job isn't to prevent crime, it really isn't, > it's > >>> to > >>> > assist in the prosecution of crimes that have been committed. I > mean we > >>> > talk about balanced budgets, civil rights, privacy, all of these > things > >>> can > >>> > be worked on by slashing budgets and doing away with huge swaths of > >>> > personnel, whole agencies. > >>> > > >>> > The same kind of thing should be done for Law Enforcement as well. > There > >>> > are just too many agencies out there, too many agents, to have > positive > >>> > control. Secret service, Marshall's Service, BATFE, DEA, FBI, IRS, > >>> > Customs, ICE, TSA, it's ridiculous and out of control. They don't > talk > >>> to > >>> > each other anymore than their cousins in the intelligence community > and > >>> > things get missed, slip through the cracks. We are also continuing > to > >>> > prosecute things that shouldn't be crimes. Conspiracy, no actions > taken, > >>> > no crime committed, but we talked about doing something, is a crime. > The > >>> > thought police are here and they are well armed and well funded. > >>> > > >>> > Our deficit has increased by 5 Trillion dollars during the Obama > >>> > administration, more than any other president even when accounting > for > >>> > inflation. Our individual liberties which have been slowly > decreasing > >>> for > >>> > as long as we've had a government, have lately been subject to an > all out > >>> > assault, started under Bush, continued under Obama. Hell I'm > nostalgic > >>> for > >>> > the Clinton era, even though at the time I thought it could hardly > have > >>> > been worse. > >>> > > >>> > I don't know, I'm just a high school drop out with a GED, and a shady > >>> > past. Very few people are going to give what I have to say any > credence, > >>> > but I have been lucky. I've had friends and associates in all the > major > >>> > arms of the Defense and Intelligence communities, and I've seen a lot > >>> over > >>> > the years. I had spent most of my adult life working in these > domains, > >>> and > >>> > to be honest was scared and amazed at the incompetency, the self > >>> interest, > >>> > and the lack of a singular vision or or goal within them. > >>> > > >>> > I don't know what the answer is. People are talking about it at all > >>> > levels, but nothing is going to change without some very painful and > deep > >>> > cuts. People need to lose their jobs and be censured. Some people > >>> > probably need to go to prison. I doubt it's going to happen though. > >>> > > >>> > On Thu, Apr 26, 2012 at 10:23 AM, Dana <[email protected]> > wrote: > >>> > > >>> >> > >>> >> Yes. I thought the part about needing to crowdsource to even > identify > >>> >> the language was interesting too. I see your point, Tim, that > >>> >> something like stuxnet might require a source to be protected -- > >>> >> except that stuxnet is widely discussed at security conferences and > >>> >> apparently is not classified. Of course since I don't have a > clearance > >>> >> perhaps I am just displaying my ignorance, but I don't think it's ok > >>> >> to meekly accept assertions of a national security need either. We > see > >>> >> how that worked out with the Patriot Act, right? > >>> >> > >>> >> I am still struggling with a use case for CISPA here. So, just as a > >>> >> thought experiment, are we saying that the CIA or the NSA or > somebody > >>> >> might get information in some way where a source needs to be > >>> >> protected, so they classify the information, but but but they still > >>> >> share the information with businesses? Except it's classified. So > are > >>> >> they going to require that companies have someone with a clearance? > Or > >>> >> are they disclosing anyway? That's the way it reads to me. So what > >>> >> about protecting sources? I just don't get it and it feels like they > >>> >> are trying to baffle us with bullshit. > >>> >> > >>> >> On Wed, Apr 25, 2012 at 8:40 PM, LRS Scout <[email protected]> > wrote: > >>> >> > > >>> >> > Yeah it's slick as shit. > >>> >> > > >>> >> > Somebody's got some sharp people on the pay roll. > >>> >> > > >>> >> > On Wed, Apr 25, 2012 at 11:33 PM, Judah McAuley < > [email protected] > >>> >> >wrote: > >>> >> > > >>> >> >> > >>> >> >> That's interesting, I had not heard of Duqu. Looks like it might > be a > >>> >> >> recon virus to analyze targets for future attacks. Out of all the > >>> >> >> signatures, the fact that it removes itself after a configurable > >>> >> >> number of days is the scariest to me. The authors obviously want > to > >>> >> >> get it, find things out, then get out without being detected. > Classic > >>> >> >> espionage and recon. > >>> >> >> > >>> >> >> Judah > >>> >> >> > >>> >> >> On Wed, Apr 25, 2012 at 7:57 PM, LRS Scout <[email protected]> > >>> wrote: > >>> >> >> > > >>> >> >> > Duqu is likely the same sort of situation. > >>> >> >> > > >>> >> >> > Good example. > >>> >> >> > > >>> >> >> > >>> >> >> > >>> >> > > >>> >> > > >>> >> > >>> >> > >>> > > >>> > > >>> > >>> > >> > >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:350289 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
