Re: PRISM: NSA/FBI Internet data mining project
On 06/09/13 11:10 -0500, Dan White wrote: Let me put my gold tipped tinfoil hat on in response to your statement. http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant If accurate, this is extremely concerning: Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information inadvertently collected from domestic US communications without a warrant. The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used. ...However, alongside those provisions, the Fisa court-approved policies allow the NSA to: • Keep data that could potentially contain details of US persons for up to five years; Retain and make use of inadvertently acquired domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity; All protections afforded by the fourth amendment have essentially been thrown into the (rather large) bit bucket by the FISA court, when it comes to any bits which leave your premise. -- Dan White
Re: PRISM: NSA/FBI Internet data mining project
I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrent. If the purpose was to actually collect data on you, in the event you do something , they can simply run a query against this data post court order...then that's crossing the line. I personally think there is nothing wrong with monitoring US communications - big difference between monitoring US communications and monitoring US persons communications. On Fri, Jun 21, 2013 at 8:56 AM, Dan White dwh...@olp.net wrote: On 06/09/13 11:10 -0500, Dan White wrote: Let me put my gold tipped tinfoil hat on in response to your statement. http://www.guardian.co.uk/**world/2013/jun/20/fisa-court-** nsa-without-warranthttp://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant If accurate, this is extremely concerning: Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information inadvertently collected from domestic US communications without a warrant. The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used. ...However, alongside those provisions, the Fisa court-approved policies allow the NSA to: • Keep data that could potentially contain details of US persons for up to five years; Retain and make use of inadvertently acquired domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity; All protections afforded by the fourth amendment have essentially been thrown into the (rather large) bit bucket by the FISA court, when it comes to any bits which leave your premise. -- Dan White -- Phil Fagan Denver, CO 970-480-7618
Re: PRISM: NSA/FBI Internet data mining project
On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. If the purpose was to actually collect data on you, in the event you do something , they can simply run a query against this data post court order...then that's crossing the line. Indeed, they don't even seem to be required to bother with the court order any more. The standing FISA order seems to pretty much allow them to do all the required line crossing without any additional court order. I personally think there is nothing wrong with monitoring US communications - big difference between monitoring US communications and monitoring US persons communications. It's pretty clear that they are likely monitoring both. Owen On Fri, Jun 21, 2013 at 8:56 AM, Dan White dwh...@olp.net wrote: On 06/09/13 11:10 -0500, Dan White wrote: Let me put my gold tipped tinfoil hat on in response to your statement. http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant If accurate, this is extremely concerning: Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information inadvertently collected from domestic US communications without a warrant. The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used. ...However, alongside those provisions, the Fisa court-approved policies allow the NSA to: • Keep data that could potentially contain details of US persons for up to five years; Retain and make use of inadvertently acquired domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity; All protections afforded by the fourth amendment have essentially been thrown into the (rather large) bit bucket by the FISA court, when it comes to any bits which leave your premise. -- Dan White -- Phil Fagan Denver, CO 970-480-7618
Re: PRISM: NSA/FBI Internet data mining project
Good point; apparently the doctorine does protect against the case whereby any collected data would have been found anway with a court order. On Fri, Jun 21, 2013 at 9:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. If the purpose was to actually collect data on you, in the event you do something , they can simply run a query against this data post court order...then that's crossing the line. Indeed, they don't even seem to be required to bother with the court order any more. The standing FISA order seems to pretty much allow them to do all the required line crossing without any additional court order. I personally think there is nothing wrong with monitoring US communications - big difference between monitoring US communications and monitoring US persons communications. It's pretty clear that they are likely monitoring both. Owen On Fri, Jun 21, 2013 at 8:56 AM, Dan White dwh...@olp.net wrote: On 06/09/13 11:10 -0500, Dan White wrote: Let me put my gold tipped tinfoil hat on in response to your statement. http://www.guardian.co.uk/**world/2013/jun/20/fisa-court-** nsa-without-warranthttp://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant If accurate, this is extremely concerning: Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information inadvertently collected from domestic US communications without a warrant. The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used. ...However, alongside those provisions, the Fisa court-approved policies allow the NSA to: • Keep data that could potentially contain details of US persons for up to five years; Retain and make use of inadvertently acquired domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity; All protections afforded by the fourth amendment have essentially been thrown into the (rather large) bit bucket by the FISA court, when it comes to any bits which leave your premise. -- Dan White -- Phil Fagan Denver, CO 970-480-7618 -- Phil Fagan Denver, CO 970-480-7618
Re: PRISM: NSA/FBI Internet data mining project
On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. For a fun read, check out the Ilustrated Guide to Criminal Law: http://lawcomic.net/guide/?p=18 Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: PRISM: NSA/FBI Internet data mining project
I guess the moral here isdon't do anything wrong. :-D On Fri, Jun 21, 2013 at 12:31 PM, William Herrin b...@herrin.us wrote: On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. For a fun read, check out the Ilustrated Guide to Criminal Law: http://lawcomic.net/guide/?p=18 Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Phil Fagan Denver, CO 970-480-7618
Re: PRISM: NSA/FBI Internet data mining project
The United States Constitution* *See Terms and Conditions for details, not all citizens apply, void where prohibited, subject to change at any time. On 6/21/13 11:42 AM, Phil Fagan philfa...@gmail.com wrote: I guess the moral here isdon't do anything wrong. :-D On Fri, Jun 21, 2013 at 12:31 PM, William Herrin b...@herrin.us wrote: On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. For a fun read, check out the Ilustrated Guide to Criminal Law: http://lawcomic.net/guide/?p=18 Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Phil Fagan Denver, CO 970-480-7618
Re: PRISM: NSA/FBI Internet data mining project
Hah! On Fri, Jun 21, 2013 at 1:10 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: The United States Constitution* *See Terms and Conditions for details, not all citizens apply, void where prohibited, subject to change at any time. On 6/21/13 11:42 AM, Phil Fagan philfa...@gmail.com wrote: I guess the moral here isdon't do anything wrong. :-D On Fri, Jun 21, 2013 at 12:31 PM, William Herrin b...@herrin.us wrote: On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. For a fun read, check out the Ilustrated Guide to Criminal Law: http://lawcomic.net/guide/?p=18 Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Phil Fagan Denver, CO 970-480-7618 -- Phil Fagan Denver, CO 970-480-7618
Re: PRISM: NSA/FBI Internet data mining project
On Jun 21, 2013, at 8:31 PM, William Herrin b...@herrin.us wrote: On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. True… The question here, however, is whether these are really lawful searches. If we eliminate the need for any sort of check and balance and allow gross general permanent wiretapping, then there pretty much isn't a fourth amendment. I would argue that the FISA court has far overstepped its mandate (or at least failed to uphold its oversight role) and that the searches are, in fact, still unconstitutional. Owen
Re: PRISM: NSA/FBI Internet data mining project
http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communica tions-nsa I suppose they really are tapping all of the fiber.. Huh? On 6/21/13 11:42 AM, Phil Fagan philfa...@gmail.com wrote: I guess the moral here isdon't do anything wrong. :-D On Fri, Jun 21, 2013 at 12:31 PM, William Herrin b...@herrin.us wrote: On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. For a fun read, check out the Ilustrated Guide to Criminal Law: http://lawcomic.net/guide/?p=18 Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Phil Fagan Denver, CO 970-480-7618
Re: PRISM: NSA/FBI Internet data mining project
On 6/10/13, Rob McEwen r...@invaluement.com wrote: On 6/9/2013 2:26 PM, Rob McEwen wrote: I should mention... there also exceptions to the exceptions. While it is totally legal and ethical for a boss to snoop on his employee's e-mails (in a business), I would think it would be very unethical and The organization as a legal entity has the legal and moral right, but that right does not necessarily flow to any individual responsible for the daily activities in that organization, or to any individual manager or officer. Only if done in a manner that is consistent with the organization's policies and internal controls: and employees have to be informed if their private email might be discovered and shared, and under what conditions, so they can understand that e-mail has a reduced expectation of privacy. If it wasn't explained to employees, and employees are allowed to use e-mail for personal purposes or very sensitive purposes; then under some circumstances, it is questionable if it is ethical. In the most extreme case; some organization could require a vote of the board to approve administrative snooping on a mailbox.Then a boss snooping without the proper authorization, where the org has such rules, could be subject to being sued by the organization. In some organization, there may be employees whose 1st line manager or boss has no right whatsoever to snoop on mail; the organization may have internal procedures that have to be followed, for an investigation or discovery of content from email, which might require a CEO signature, not just a request from some boss to see what's in bob's inbox. In some organizations, there might be signatures from a legal department and a security department required.There might be highly sensitive information in some employee's mailbox that is legally privileged or subject to NDA, that could place the organization at risk, if improperly disclosed to a boss or manager that did not have the need to know or security clearance for the technical details, when the boss' role is administrative. There might be encrypted mailbox content requiring multiple departments to be involved to provide the backup keys to get the decrypted version. illegal, for example, for the executive branch to snoop on a congressional aide's e-mail, to gain intel on political opponents Hopefully, the federal government had the foresight to require senior congressional reviews, before a request to discover a congressional aide's e-mail could be performed by a member of the executive branch... The government itself has a right to any employee's e-mail. That doesn't mean that right flows to individual people, or that senior members of the executive have a right to circumvent whatever procedures are established to ensure proper use. even if that congressional aide were a government employee and the e-mail was a .gov address. But I'm not sure where those lines are drawn with regards to the US Federal Government. -- Rob McEwen -- -JH
Re: PRISM: NSA/FBI Internet data mining project
I would add opportunistic STARTTLS to all SMTP processing devices. --Kauto On Mon, Jun 10, 2013 at 12:23 AM, William Herrin b...@herrin.us wrote: On Thu, Jun 6, 2013 at 9:28 PM, Leo Bicknell bickn...@ufp.org wrote: While there's a whole political aspect of electing people who pass better laws, NANOG is not a political action forum. However many of the people on NANOG are in positions to affect positive change at their respective employers. - Implement HTTPS for all services. - Implement PGP for e-mail. - Implement S/MIME for e-mail. - Build cloud services that encrypt on the client machine, using a key that is only kept on the client machine. - Create better UI frameworks for managing keys and identities. - Align data retention policies with the law. - Scrutinize and reject defective government legal requests. - When allowed by law, charge law enforcement for access to data. +1 Very few of you work in jobs where the external requirements are so well and rigidly defined that you lack the leeway to include these sorts of efforts. You may not control the feature list but you control the components which compose the features tasked to you. Write it in to the things you do and give the next guy an opportunity to follow your lead. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Kauto Huopio - ka...@huopio.fi Hansakallionkuja 12 A 1, 02780 Espoo, Finland Tel. +358 40 5008774
Re: PRISM: NSA/FBI Internet data mining project
On Mon, Jun 10, 2013 at 11:10:57AM +0300, Kauto Huopio wrote: I would add opportunistic STARTTLS to all SMTP processing devices. What we actually need is working opportunistic encryption in IPv6, something like http://www.inrialpes.fr/planete/people/chneuman/OE.html
RE: PRISM: NSA/FBI Internet data mining project
Happily, none of the companies listed are transport networks: I believe it's logical that government turned to biggest US based ISPs with request to help monitoring communication channels after 2001 events, as back in those days facebook was not around and google was not as prevalent. But to be frank I don't know what was the nature of monitoring, phone calls, internet communication, ... adam
RE: PRISM: NSA/FBI Internet data mining project
How would you tap a few TBit/s so that you can filter it down to where you can look it at layer 7 in ASICs, and filter out something to a more manageable data rate? Well lawful-intercept is on by default. And you don't get to worry about the L7 and filtering/parsing -that's done by the black boxes. adam
RE: PRISM: NSA/FBI Internet data mining project
Funny, sort of. The guy was residing in Hawaii. Apologies for the long URLs... Report: NSA contract worker is surveillance source: http://thegardenisland.com/news/state-and-regional/report-nsa-contract-worker-is-surveillance-source/article_2a88ec60-f99c-54a7-8c13-13f6852ccca6.html Hawaii real estate agent: Snowden left on May 1: http://thegardenisland.com/news/state-and-regional/hawaii-real-estate-agent-snowden-left-on-may/article_099ec0db-a823-56a0-8471-af8d7ef16e1b.html funny as well! NSA claims know-how to ensure no illegal spying: http://thegardenisland.com/news/state-and-regional/nsa-claims-know-how-to-ensure-no-illegal-spying/article_ec623964-d23a-53c6-aeb0-14bf325a7f3c.html scott
Re: PRISM: NSA/FBI Internet data mining project
On Mon, Jun 10, 2013 at 04:36:32PM -0700, Scott Weeks wrote: NSA claims know-how to ensure no illegal spying: http://thegardenisland.com/news/state-and-regional/nsa-claims-know-how-to-ensure-no-illegal-spying/article_ec623964-d23a-53c6-aeb0-14bf325a7f3c.html scott We're the government. Trust us! --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
RE: PRISM: NSA/FBI Internet data mining project
On Thu, 6 Jun 2013, Alex Rubenstein wrote: I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. So, you are comfortable just giving up your right to privacy? It's just the way it is? If you're sending it across the internet in the clear, it's not private. If you want privacy, use reasonable encryption. Even with that though, unless you take other precautions, they know who [IP] you're talking to, if they want. -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: PRISM: NSA/FBI Internet data mining project
To be fair, the reporting (initially) claimed the providers were granting the USG access directly to their servers. It's understandable and appropriate that the providers pushed back against that apparently erroneous reporting. Jason On Jun 8, 2013, at 22:44, ku po cciehe...@gmail.com wrote: What is the point to argue whether they have the capacity to process all the data? They DON'T need to build expensive systems. They just need to make sure when they ask your company for information, these information are available for them and fast enough. So the statement that saying we don't give them direct access means nothing!!! The right question is IS THERE A DIRECT CHANNEL for them to ask you for information without providing all the evidence( how could they show you all the evidence when it is security related??), which you can't deny their access. On Sun, Jun 9, 2013 at 8:20 AM, James Harrison ja...@talkunafraid.co.ukwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/06/2013 16:31, William Herrin wrote: On Fri, Jun 7, 2013 at 1:25 AM, jamie rishaw j...@arpa.com wrote: Just wait until we find out dark and lit private fiber is getting vampired. Why wait? http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0 -Bill In a similar vein, a new PRISM slide was released by the Guardian this morning: http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google Doesn't specifically say private fiber - just fiber cables and infrastructure. May just refer to fiber to/from/within complying company infrastructure, ofc, not necessarily anything else. They also apparently have a web 2.0 compliant dashboard with a catchy name and pop-ups with big numbers in: Boundless Informant. http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining Speaking from the other side of the pond it's interesting to see where this is going. GCHQ (the UK NSA equivalent) are being asked stern questions by the government about their involvement and if they've been asking the NSA for UK citizens' data (since they're not allowed to collect it themselves). Cheers, James Harrison -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAlGzyl4ACgkQ22kkGnnJQAwVfQCePSYz9p5P95bnWYbp4YA2SeQD HeQAn0AOnReV6DQC0Y3k5P046BbFnBUJ =auDI -END PGP SIGNATURE-
RE : Re: PRISM: NSA/FBI Internet data mining project
Yet appears a certain lack of transparency, no? mh Message d'origine De : Jason L. Sparks jlspa...@gmail.com Date : A : ku po cciehe...@gmail.com Cc : NANOG nanog@nanog.org Objet : Re: PRISM: NSA/FBI Internet data mining project To be fair, the reporting (initially) claimed the providers were granting the USG access directly to their servers. It's understandable and appropriate that the providers pushed back against that apparently erroneous reporting. Jason On Jun 8, 2013, at 22:44, ku po cciehe...@gmail.com wrote: What is the point to argue whether they have the capacity to process all the data? They DON'T need to build expensive systems. They just need to make sure when they ask your company for information, these information are available for them and fast enough. So the statement that saying we don't give them direct access means nothing!!! The right question is IS THERE A DIRECT CHANNEL for them to ask you for information without providing all the evidence( how could they show you all the evidence when it is security related??), which you can't deny their access. On Sun, Jun 9, 2013 at 8:20 AM, James Harrison ja...@talkunafraid.co.ukwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/06/2013 16:31, William Herrin wrote: On Fri, Jun 7, 2013 at 1:25 AM, jamie rishaw j...@arpa.com wrote: Just wait until we find out dark and lit private fiber is getting vampired. Why wait? http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0 -Bill In a similar vein, a new PRISM slide was released by the Guardian this morning: http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google Doesn't specifically say private fiber - just fiber cables and infrastructure. May just refer to fiber to/from/within complying company infrastructure, ofc, not necessarily anything else. They also apparently have a web 2.0 compliant dashboard with a catchy name and pop-ups with big numbers in: Boundless Informant. http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining Speaking from the other side of the pond it's interesting to see where this is going. GCHQ (the UK NSA equivalent) are being asked stern questions by the government about their involvement and if they've been asking the NSA for UK citizens' data (since they're not allowed to collect it themselves). Cheers, James Harrison -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAlGzyl4ACgkQ22kkGnnJQAwVfQCePSYz9p5P95bnWYbp4YA2SeQD HeQAn0AOnReV6DQC0Y3k5P046BbFnBUJ =auDI -END PGP SIGNATURE-
RE: PRISM: NSA/FBI Internet data mining project
On Saturday, June 08, 2013 6:44 PM, Ryan Malayter [mailto:malay...@gmail.com] wrote: Speaking from the content provider dide here, but we've always run IPsec on DCIs and even private T1s/DS3s back in the day. Doesn't everyone do the same these days? I find it hard to imagine passing any audit/compliance process without doing so. Private lines or dedicated fiber always pass through much public, unmanaged, and unmonitored space infrastructure. And we know better than to trust our providers to never screw up and mis-route traffic. I see that there is actually a beast that will do encryption of multiple 10G waves between Cisco ONS boxes - https://www.cisco.com/en/US/prod/collateral/optical/ps5724/ps2006/at_a_glance_c45-728015.pdf How many people are actually doing this?
Re: PRISM: NSA/FBI Internet data mining project
On 06/07/13 18:20 -0700, Owen DeLong wrote: While the government has no responsibility to protect my data, they do have a responsibility to respect my privacy. While you are correct in that proper personal security procedures to protect my data from random crackers would, in fact, also protect it from the government, that's a far cry from what is at issue here. The question here is whether or not it should be considered legitimate for the US Government to completely ignore the fourth and fifth amendments to the constitution and build out unprecedented surveillance capabilities capturing vast amounts of data without direct probable cause for that snooping. I'm not so much concerned about them gaining access to data I don't want them to access. I am far more disturbed by the trend which reflects a government which increasingly considers itself unrestrained by the laws it is in place to support and implement. Let me put my gold tipped tinfoil hat on in response to your statement. Suppose the following are true: * Meta data for emails sent to and from most US citizens can be captured on a government scale budget * Meta data for all phone calls and skype sessions can also * Cell phone location data - which cell towers your device associates with, over a long period of time - can be captured in log form or stored in a database * Social data can be analyzed to determine who your acquaintances are, and when you communicate with them over time. Now suppose that the NSA contracts with a private company to collect information about terrorist entities, who in turn privately contracts with the top X telecom providers and Y social media companies to obtain all available information that it can, via TAP ports or direct database access. That private organization, through analysis, knows a lot about you, such as every place you've physically been in the last 10 years, what your political leanings are, what criminals you have associated with in that time period, what the likelyhood is that you are a future criminal and of which crimes, how many guns you own, your browsing history and what you like to do in your free time, and insert your own creative idea here. Have your 4th Amendment rights been abridged in this scenario? If you think they have, how confident are you that the court system will agree with you? -- Dan White
Re: PRISM: NSA/FBI Internet data mining project
On 08/06/2013 8:05 AM, Matthew Petach wrote: On Sat, Jun 8, 2013 at 4:12 AM, Jimmy Hess mysi...@gmail.com wrote: On 6/7/13, Måns Nilsson mansa...@besserwisser.org wrote: Subject: Re: PRISM: NSA/FBI Internet data mining project Date: Fri, Jun 07, 2013 at 12:25:35AM -0500 Quoting jamie rishaw (j...@arpa.com): tinfoilhat Just wait until we find out dark and lit private fiber is getting vampired. /tinfoilhat I'm not even assuming it, I'm convinced. In Sweden, we have a law, that makes what NSA/FBI did illegal while at the same time legalising, Perhaps strong crypto should be implemented on transceivers at each end of every link, so users could be protected from that without having to implement the crypto themselves at the application layer? :) Would you really trust crypto applied by someone else on your behalf? sure, your data's safe--I triple rot-13'd it myself! ;P Matt . At least that was an odd number of rotations :)
Re: PRISM: NSA/FBI Internet data mining project
On Jun 9, 2013, at 7:20 AM, R. Benjamin Kessler ben.kess...@zenetra.com wrote: I see that there is actually a beast that will do encryption of multiple 10G waves between Cisco ONS boxes - https://www.cisco.com/en/US/prod/collateral/optical/ps5724/ps2006/at_a_glance_c45-728015.pdf How many people are actually doing this? Not sure why you would want the massive fail that is layer-2 DCI in the first place, but you certainly don't need this sort of ridiculously expensive gear. Packet encryption is embarrassingly parallel when you have lots of flows, and best distributed throughout the infrastructure to many endpoints. One big expensive box is one big bottleneck and one big SPOF. We actually use cluster-to-cluster and even host-to-host IPsec SAs in certain cases.
RE: PRISM: NSA/FBI Internet data mining project
Of course the access isn't direct -- there is a firewall and a router in between. The access is indirect. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message- From: Jason L. Sparks [mailto:jlspa...@gmail.com] Sent: Sunday, 09 June, 2013 04:24 To: ku po Cc: NANOG Subject: Re: PRISM: NSA/FBI Internet data mining project To be fair, the reporting (initially) claimed the providers were granting the USG access directly to their servers. It's understandable and appropriate that the providers pushed back against that apparently erroneous reporting. Jason On Jun 8, 2013, at 22:44, ku po cciehe...@gmail.com wrote: What is the point to argue whether they have the capacity to process all the data? They DON'T need to build expensive systems. They just need to make sure when they ask your company for information, these information are available for them and fast enough. So the statement that saying we don't give them direct access means nothing!!! The right question is IS THERE A DIRECT CHANNEL for them to ask you for information without providing all the evidence( how could they show you all the evidence when it is security related??), which you can't deny their access. On Sun, Jun 9, 2013 at 8:20 AM, James Harrison ja...@talkunafraid.co.ukwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/06/2013 16:31, William Herrin wrote: On Fri, Jun 7, 2013 at 1:25 AM, jamie rishaw j...@arpa.com wrote: Just wait until we find out dark and lit private fiber is getting vampired. Why wait? http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0 -Bill In a similar vein, a new PRISM slide was released by the Guardian this morning: http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server- collection-facebook-google Doesn't specifically say private fiber - just fiber cables and infrastructure. May just refer to fiber to/from/within complying company infrastructure, ofc, not necessarily anything else. They also apparently have a web 2.0 compliant dashboard with a catchy name and pop-ups with big numbers in: Boundless Informant. http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant- global-datamining Speaking from the other side of the pond it's interesting to see where this is going. GCHQ (the UK NSA equivalent) are being asked stern questions by the government about their involvement and if they've been asking the NSA for UK citizens' data (since they're not allowed to collect it themselves). Cheers, James Harrison -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAlGzyl4ACgkQ22kkGnnJQAwVfQCePSYz9p5P95bnWYbp4YA2SeQD HeQAn0AOnReV6DQC0Y3k5P046BbFnBUJ =auDI -END PGP SIGNATURE-
Re: PRISM: NSA/FBI Internet data mining project
Dan, I doubt anyone can answer your question easily because you seem to have contradictions in your scenario. At one point you say: private company to collect information about terrorist entities, who in turn privately contracts with the top X telecom providers and Y social media companies but then you continue: to obtain all available information that it can, via TAP ports or direct database access. and then: That private organization, through analysis, knows a lot about you I'm confused, in your scenario, is the data collection limited to terrorist entities, or does your statement, all available information that it can mean that it gets everyone's info, and then does their filtering later? Additionally, one would hope that by terrorist entities, you would be referring to those who plan on hurting or killing innocent people, whether that be an Islamofactist terrorist planning to blow up a government building, or a right wing terrorist planning to do the same (for different reasons), or a environmentalists planning to sink a legal whaling boat, or a anti-abortionist planning to blow up an abortion clinic... take your pick. The point being that mass-killing of innocent people is the common thread... NOT the politics. And I hope that you haven't downward defined this to someone that could be easily used to pick off political opponents, right? Have your 4th Amendment rights been abridged in this scenario Sorry if this comes across as rude or snobby, but I think you just need to read the 4th Amendment about 20 times to yourself and let it all soak in. TO ANSWER YOUR QUESTION: If the Federal Government is paying a private entity to do the snooping, then they are a defacto agent of the state. That doesn't make the 4th amendment apply any less applicable. Even then, to abide by the 4th amendment, there should be SPECIFIC persons/orgs AND specific info/items that are being searched where that search is SPECIFICALLY approved by a judge or court IN ADVANCE (no super wide blanket approvals, no broad fishing expeditions)... only THEN does the searching for the information meet 4th amendment requirements. The fact that the search was of your e-mail or phone records doesn't make the 4th amendment apply any less than if they were looking inside the drawer in the nightstand next to your bed! There are notable exceptions... for example, an employer is really the owner of the mailbox, not their employee. Therefore, there is an argument that government employees don't have privacy rights from the government for their official work e-mail accounts. There are probably several other exceptions like that. But such exceptions are a tiny percentage of the whole. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: PRISM: NSA/FBI Internet data mining project
On Fri, Jun 07, 2013 at 04:17:14PM -0700, Eric Brunner-Williams wrote: http://www.guardian.co.uk/world/2013/jun/07/obama-china-targets-cyber-overseas the headline may be misleading. Presidential Policy Directive 20 defines OCEO as operations and related programs or activities ? conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks. effects outside United States government networks. now there's an interesting phrase. OCEO == Offensive Cyber Effects Operations. No more so than describing NSA operations as research in communications phenomena, which used to be the (UNCLAS) party line. -- Mike Andrews, W5EGO mi...@mikea.ath.cx Tired old sysadmin
Re: PRISM: NSA/FBI Internet data mining project
On Thu, Jun 6, 2013 at 9:28 PM, Leo Bicknell bickn...@ufp.org wrote: While there's a whole political aspect of electing people who pass better laws, NANOG is not a political action forum. However many of the people on NANOG are in positions to affect positive change at their respective employers. - Implement HTTPS for all services. - Implement PGP for e-mail. - Implement S/MIME for e-mail. - Build cloud services that encrypt on the client machine, using a key that is only kept on the client machine. - Create better UI frameworks for managing keys and identities. - Align data retention policies with the law. - Scrutinize and reject defective government legal requests. - When allowed by law, charge law enforcement for access to data. +1 Very few of you work in jobs where the external requirements are so well and rigidly defined that you lack the leeway to include these sorts of efforts. You may not control the feature list but you control the components which compose the features tasked to you. Write it in to the things you do and give the next guy an opportunity to follow your lead. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: PRISM: NSA/FBI Internet data mining project
Le 09/06/2013 20:26, Rob McEwen a écrit : Dan, I doubt anyone can answer your question easily because you seem to have contradictions in your scenario. At one point you say: private company to collect information about terrorist entities, who in turn privately contracts with the top X telecom providers and Y social media companies but then you continue: to obtain all available information that it can, via TAP ports or direct database access. and then: That private organization, through analysis, knows a lot about you I'm confused, in your scenario, is the data collection limited to terrorist entities, or does your statement, all available information that it can mean that it gets everyone's info, and then does their filtering later? Additionally, one would hope that by terrorist entities, you would be referring to those who plan on hurting or killing innocent people, whether that be an Islamofactist terrorist planning to blow up a government building, or a right wing terrorist planning to do the same (for different reasons), or a environmentalists planning to sink a legal whaling boat, or a anti-abortionist planning to blow up an abortion clinic... take your pick. The point being that mass-killing of innocent people is the common thread... NOT the politics. And I hope that you haven't downward defined this to someone that could be easily used to pick off political opponents, right? Have your 4th Amendment rights been abridged in this scenario Sorry if this comes across as rude or snobby, but I think you just need to read the 4th Amendment about 20 times to yourself and let it all soak in. TO ANSWER YOUR QUESTION: If the Federal Government is paying a private entity to do the snooping, then they are a defacto agent of the state. That doesn't make the 4th amendment apply any less applicable. Even then, to abide by the 4th amendment, there should be SPECIFIC persons/orgs AND specific info/items that are being searched where that search is SPECIFICALLY approved by a judge or court IN ADVANCE (no super wide blanket approvals, no broad fishing expeditions)... only THEN does the searching for the information meet 4th amendment requirements. The fact that the search was of your e-mail or phone records doesn't make the 4th amendment apply any less than if they were looking inside the drawer in the nightstand next to your bed! There are notable exceptions... for example, an employer is really the owner of the mailbox, not their employee. Therefore, there is an argument that government employees don't have privacy rights from the government for their official work e-mail accounts. There are probably several other exceptions like that. But such exceptions are a tiny percentage of the whole. Right. And among these exceptions we (still) find, at least in some European countries, the notion of a private sphere also in your professional role. Summing up to that a reasonable amount and type of private communications (for instance, with your bank, childcare, tax office, family, friends, and other with whom you may share urgency as well as office hours and inability of relying efficiently on end-to-en encryption) are likely to happen, and expected to be honored as private, also via your professional communication channels. I think that, in France for instance, you flag these communications by tagging them 'private/perso' or similar and legally expect them to be treated as such. I may stand corrected? A word about a small, yet significant I think, piece in a quite complex puzzle... Cheers, mh
Re: PRISM: NSA/FBI Internet data mining project
On 6/9/2013 2:26 PM, Rob McEwen wrote: There are notable exceptions... for example, an employer is really the owner of the mailbox, not their employee. Therefore, there is an argument that government employees don't have privacy rights from the government for their official work e-mail accounts. There are probably several other exceptions like that. But such exceptions are a tiny percentage of the whole. I should mention... there also exceptions to the exceptions. While it is totally legal and ethical for a boss to snoop on his employee's e-mails (in a business), I would think it would be very unethical and illegal, for example, for the executive branch to snoop on a congressional aide's e-mail, to gain intel on political opponents even if that congressional aide were a government employee and the e-mail was a .gov address. But I'm not sure where those lines are drawn with regards to the US Federal Government. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: PRISM: NSA/FBI Internet data mining project
On 6/7/13, Måns Nilsson mansa...@besserwisser.org wrote: Subject: Re: PRISM: NSA/FBI Internet data mining project Date: Fri, Jun 07, 2013 at 12:25:35AM -0500 Quoting jamie rishaw (j...@arpa.com): tinfoilhat Just wait until we find out dark and lit private fiber is getting vampired. /tinfoilhat I'm not even assuming it, I'm convinced. In Sweden, we have a law, that makes what NSA/FBI did illegal while at the same time legalising, Perhaps strong crypto should be implemented on transceivers at each end of every link, so users could be protected from that without having to implement the crypto themselves at the application layer? :) -- -JH
Re: PRISM: NSA/FBI Internet data mining project
On Sat, Jun 8, 2013 at 4:12 AM, Jimmy Hess mysi...@gmail.com wrote: On 6/7/13, Måns Nilsson mansa...@besserwisser.org wrote: Subject: Re: PRISM: NSA/FBI Internet data mining project Date: Fri, Jun 07, 2013 at 12:25:35AM -0500 Quoting jamie rishaw (j...@arpa.com): tinfoilhat Just wait until we find out dark and lit private fiber is getting vampired. /tinfoilhat I'm not even assuming it, I'm convinced. In Sweden, we have a law, that makes what NSA/FBI did illegal while at the same time legalising, Perhaps strong crypto should be implemented on transceivers at each end of every link, so users could be protected from that without having to implement the crypto themselves at the application layer? :) Would you really trust crypto applied by someone else on your behalf? sure, your data's safe--I triple rot-13'd it myself! ;P Matt
Re: PRISM: NSA/FBI Internet data mining project
On 8 June 2013 12:12, Jimmy Hess mysi...@gmail.com wrote: On 6/7/13, Måns Nilsson mansa...@besserwisser.org wrote: Subject: Re: PRISM: NSA/FBI Internet data mining project Date: Fri, Jun 07, 2013 at 12:25:35AM -0500 Quoting jamie rishaw (j...@arpa.com): tinfoilhat Just wait until we find out dark and lit private fiber is getting vampired. /tinfoilhat I'm not even assuming it, I'm convinced. In Sweden, we have a law, that makes what NSA/FBI did illegal while at the same time legalising, Perhaps strong crypto should be implemented on transceivers at each end of every link, so users could be protected from that without having to implement the crypto themselves at the application layer? :) -- -JH Encrypted wifi doesn't help if the access point is the one doing the sniffing. How often are 'wiretaps' done by tapping in to a physical line vs simply requesting a switch/router copy everything going through it to another port? the CIA might use physical taps to monitor the russian governments traffic, but within the US I imagine they normally just ask the targets ISP to copy the data to them. To be automatic and 'just work' would also mean not having to configure the identity of the devices at the other end of every link. In this case you'll just negotiate an encrypted link to the CIAs sniffer instead of the switch you thought you were talking to. End to end encryption with secure automatic authentication is needed, it's taking a while to gain traction but DANE looks like the solution. When SSL requires the overhead of getting a CA to re-sign everything every year you only use it when you have a reason to. When SSL is a single copy/paste operation to set it up and no maintenance it becomes much harder to justify why you're not doing it. Unfortunately I haven't come across any good ideas yet for p2p type applications were you don't have anywhere to securely publish your certificates. - Mike
Re: PRISM: NSA/FBI Internet data mining project
They use those very regularly.. There is a widely used model called the KV. Sent from my Mobile Device. Original message From: Jimmy Hess mysi...@gmail.com Date: 06/08/2013 4:14 AM (GMT-08:00) To: Måns Nilsson mansa...@besserwisser.org Cc: goe...@anime.net,NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project On 6/7/13, Måns Nilsson mansa...@besserwisser.org wrote: Subject: Re: PRISM: NSA/FBI Internet data mining project Date: Fri, Jun 07, 2013 at 12:25:35AM -0500 Quoting jamie rishaw (j...@arpa.com): tinfoilhat Just wait until we find out dark and lit private fiber is getting vampired. /tinfoilhat I'm not even assuming it, I'm convinced. In Sweden, we have a law, that makes what NSA/FBI did illegal while at the same time legalising, Perhaps strong crypto should be implemented on transceivers at each end of every link, so users could be protected from that without having to implement the crypto themselves at the application layer? :) -- -JH
Re: PRISM: NSA/FBI Internet data mining project
On Fri, Jun 7, 2013 at 1:25 AM, jamie rishaw j...@arpa.com wrote: Just wait until we find out dark and lit private fiber is getting vampired. Why wait? http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0 -Bill -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: PRISM: NSA/FBI Internet data mining project
On Fri, Jun 7, 2013 at 2:05 PM, valdis.kletni...@vt.edu wrote: On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. Convince me the *real* number doesn't have another zero. If they're just crunching CDRs as claimed in the news reports, all it takes is a stack of Netezzas (they were originally designed to crunch detail data for utility billing), an automated etl task for the daily telco dumps, a web interface for the agents to submit analysis jobs that's an abstraction of the sql layer and a couple specialists to write queries for more complex analysis requests. I do more complicated work for the government for less money; $20m/year is easily believable. -Bill -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: PRISM: NSA/FBI Internet data mining project
You can keep a hacker out, true, but you cannot keep the government out. When the force of law can be used to compell you to act against your wishes or your own best interests, all bets are of. Hackers sneak in through the back door. The govt just breaks the front door down and demands entry and that is what appears to have happened here. Remember that part of the issue is the fact that, thanks to the Patriot Act and FISA, not only can you be given a warrant that does not proceed through normal channels, you are forbidden from even acknowledging its very existence or risk prison. That's ideal conspiracy fodder. Add to that the ignorance of the common man combined with the fact that no one here should have any doubt that the NSA is capable of things you and I haven't even imagined yet, and what are you likely to end up with when a snooping story breaks? Nothing short of the NSA being remained to the National Surveilance Administration. My gripe is that they should not have this sort of power to begin with. Power will be abused, pure and simple. The only way to prevent the abuse of power by government entities is to deny them that power in the first place. So I don't buy the whole thing because as an engineer, I know it's a lot more difficult than people think but, as an engineer, I also know the value of the right technology in just the right place. Do I believe they're snooping my waves and watching my keyboard? No, but with access to the right point (email servers and proxies near the eyeballs) they really don't have to. Besides, if they *DID* want to monitor someone that closely, we all know how easy it is for a somewhat more skilled hacker to get access to a desktop. So I'm up for about half of what is out there with just a touch of skepticism. Even without the whole kit and kaboodle, the information they have access to already is pretty frightening. With it, you can reverse engineer and acquire much more information through indirect means when the right search parameters are used and the right correlations made. Ever made a campaign contribution or a donation to a group like the NRA or CATO? Membership information is not private when they can just go back and look for the credit/debit transaction and compile the list that way. How often do you phone your congresscritter? Easy to identify the politically active by seeing who is placing/receiving calls from a given group. This whole system is just ripe for abuse. The statement the president made on this issue, as I heard it, really boils down to 5 words: We're the government. Trust us. *shudder* -Wayne On Fri, Jun 07, 2013 at 06:20:28PM -0700, Owen DeLong wrote: Dan, While the government has no responsibility to protect my data, they do have a responsibility to respect my privacy. While you are correct in that proper personal security procedures to protect my data from random crackers would, in fact, also protect it from the government, that's a far cry from what is at issue here. The question here is whether or not it should be considered legitimate for the US Government to completely ignore the fourth and fifth amendments to the constitution and build out unprecedented surveillance capabilities capturing vast amounts of data without direct probable cause for that snooping. I'm not so much concerned about them gaining access to data I don't want them to access. I am far more disturbed by the trend which reflects a government which increasingly considers itself unrestrained by the laws it is in place to support and implement. Owen On Jun 7, 2013, at 8:42 AM, Dan White dwh...@olp.net wrote: On 06/07/13 11:11 -0400, Rob McEwen wrote: On 6/7/2013 9:50 AM, Dan White wrote: OpenPGP and other end-to-end protocols protect against all nefarious actors, including state entities. I'll admit my first reaction yesterday after hearing this news was - so what? Network security by its nature presumes that an insecure channel is going to be attacked and compromised. The 4th Amendment is a layer-8 solution to a problem that is better solved lower in the stack. That is JUST like saying... || now that the police can freely bust your door down and raid your house in a fishing expedition, without a search warrant, without court order, and without probable cause... the solution is for you to get a stronger metal door and hide all your stuff better.|| Hiding stuff better is generally good security practice, particularly in the absence of a search warrant. How effective those practices are is really what's important. From a data standpoint, those security procedures can be highly effective, even against law enforcement. But it's not law enforcement that I worry about the most (understandably, you may have a differing opinion); It's the random anonymous cracker who isn't beholden to any international laws or courts. I design my personal security procedures for him. That's
Re: PRISM: NSA/FBI Internet data mining project
I was just thinking.. Why go after all of these network based information type? Why not just approach dell about some secret iDRAC system for Agent X? Sent from my Mobile Device. Original message From: Wayne E Bouchard w...@typo.org Date: 06/08/2013 9:10 AM (GMT-08:00) To: Owen DeLong o...@delong.com Cc: nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project You can keep a hacker out, true, but you cannot keep the government out. When the force of law can be used to compell you to act against your wishes or your own best interests, all bets are of. Hackers sneak in through the back door. The govt just breaks the front door down and demands entry and that is what appears to have happened here. Remember that part of the issue is the fact that, thanks to the Patriot Act and FISA, not only can you be given a warrant that does not proceed through normal channels, you are forbidden from even acknowledging its very existence or risk prison. That's ideal conspiracy fodder. Add to that the ignorance of the common man combined with the fact that no one here should have any doubt that the NSA is capable of things you and I haven't even imagined yet, and what are you likely to end up with when a snooping story breaks? Nothing short of the NSA being remained to the National Surveilance Administration. My gripe is that they should not have this sort of power to begin with. Power will be abused, pure and simple. The only way to prevent the abuse of power by government entities is to deny them that power in the first place. So I don't buy the whole thing because as an engineer, I know it's a lot more difficult than people think but, as an engineer, I also know the value of the right technology in just the right place. Do I believe they're snooping my waves and watching my keyboard? No, but with access to the right point (email servers and proxies near the eyeballs) they really don't have to. Besides, if they *DID* want to monitor someone that closely, we all know how easy it is for a somewhat more skilled hacker to get access to a desktop. So I'm up for about half of what is out there with just a touch of skepticism. Even without the whole kit and kaboodle, the information they have access to already is pretty frightening. With it, you can reverse engineer and acquire much more information through indirect means when the right search parameters are used and the right correlations made. Ever made a campaign contribution or a donation to a group like the NRA or CATO? Membership information is not private when they can just go back and look for the credit/debit transaction and compile the list that way. How often do you phone your congresscritter? Easy to identify the politically active by seeing who is placing/receiving calls from a given group. This whole system is just ripe for abuse. The statement the president made on this issue, as I heard it, really boils down to 5 words: We're the government. Trust us. *shudder* -Wayne On Fri, Jun 07, 2013 at 06:20:28PM -0700, Owen DeLong wrote: Dan, While the government has no responsibility to protect my data, they do have a responsibility to respect my privacy. While you are correct in that proper personal security procedures to protect my data from random crackers would, in fact, also protect it from the government, that's a far cry from what is at issue here. The question here is whether or not it should be considered legitimate for the US Government to completely ignore the fourth and fifth amendments to the constitution and build out unprecedented surveillance capabilities capturing vast amounts of data without direct probable cause for that snooping. I'm not so much concerned about them gaining access to data I don't want them to access. I am far more disturbed by the trend which reflects a government which increasingly considers itself unrestrained by the laws it is in place to support and implement. Owen On Jun 7, 2013, at 8:42 AM, Dan White dwh...@olp.net wrote: On 06/07/13 11:11 -0400, Rob McEwen wrote: On 6/7/2013 9:50 AM, Dan White wrote: OpenPGP and other end-to-end protocols protect against all nefarious actors, including state entities. I'll admit my first reaction yesterday after hearing this news was - so what? Network security by its nature presumes that an insecure channel is going to be attacked and compromised. The 4th Amendment is a layer-8 solution to a problem that is better solved lower in the stack. That is JUST like saying... || now that the police can freely bust your door down and raid your house in a fishing expedition, without a search warrant, without court order, and without probable cause... the solution is for you to get a stronger metal door and hide all your stuff better.|| Hiding stuff better is generally good security practice, particularly in the absence of a search warrant. How effective those practices are is really
RE: PRISM: NSA/FBI Internet data mining project
Yahoo does not provide the government with direct access to its servers, systems, or network. Ah, so you admit that you provide indirect access by interposing a firewall and router between your datacenter network and the transport link to the NSA. That is just normal sound security practice when permitting third-party network connections. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message- From: Matthew Petach [mailto:mpet...@netflight.com] Sent: Friday, 07 June, 2013 10:33 Cc: NANOG Subject: Re: PRISM: NSA/FBI Internet data mining project On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach mpet...@netflight.comwrote: On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth j...@baylink.com wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: http://www.washingtonpost.com/investigations/us-intelligence-mining- data-from-nine-us-internet-companies-in-broad-secret- program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. Much less stress in life that way. ^_^ Matt When I posted this yesterday, I was speaking somewhat tongue-in-cheek, because we hadn't yet made a formal statement to the press. Now that we've made our official reply, I can echo it, and note that whatever fluffed up powerpoint was passed around to the washington post, it does not reflect reality. There are no optical taps in our datacenters funneling information out, there are no sooper-seekret backdoors in the software that funnel information to the government. As our formal reply stated: Yahoo does not provide the government with direct access to its servers, systems, or network. I believe the other major players supposedly listed in the document have released similar statements, all indicating a similar lack of super-cheap government listening capabilities. Speaking just for myself, and if you quote me on this as speaking on anyone else's behalf, you're a complete fool, if the government was able to build infrastructure that could listen to all the traffic from a major provider for a fraction of what it costs them to handle that traffic in the first place, I'd be truly amazed--and I'd probably wonder why the company didn't outsource their infrastruture to the government, if they can build and run it so much more cheaply than the commercial providers. ;P 7 companies were listed; if we assume the burden was split roughly evenly between them, that's 20M/7, about $2.85M per company per year to tap in, or about $238,000/month per company listed, to supposedly snoop on hundreds of gigs per second of data. Two ways to handle it: tap in, and funnel copies of all traffic back to distant monitoring posts, or have local servers digesting and filtering, just extracting the few nuggets they want, and sending just those back. Let's take the first case; doing optical taps, or other form of direct traffic mirroring, carrying it untouched offsite to process; that's going to mean the ability to siphon off hundreds of Gbps per datacenter and carry it offsite for $238k/month; let's figure a major player has data split across at least 3 datacenters, so about $75K/month per datacenter to carry say 300Gbps of traffic. It's pretty clearly going to have to be DWDM on dark fiber at that traffic volume; most recent quotes I've seen for dark fiber put it at $325/mile for already-laid-in-ground (new builds are considerably more, of course). If we figure the three datacenters are split around just the US, on average you're going to need to run about 1500 miles to reach their central listening post; that's $49K/month just to carry the bitstream, which leaves you just about $25K/month to run the servers to digest that data; at 5c/kwhr, a typical server pulling 300 watts is gonna cost you $11/month to run; let's assume each server can process 2Gbps of traffic, constantly; 150 servers for the stream of 300Gbps means we're down to $22K for the rest of our support costs; figure two sysadmins getting paid $10k/month to run the servers (120k annual salary), and you've got just $2k for GA overhead. That's a heck of an efficient operation they'd have to be running to listen in on all the traffic for the supposed budget number claimed. I'm late for work; I'll follow up with a runthrough of the other model, doing on-site
Re: PRISM: NSA/FBI Internet data mining project
- Original Message - From: Matthew Petach mpet...@netflight.com Would you really trust crypto applied by someone else on your behalf? sure, your data's safe--I triple rot-13'd it myself! ;P Oh, do we need triple now? I've been double-ROT13'ing my data for *years*. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: PRISM: NSA/FBI Internet data mining project
- Original Message - From: Wayne E Bouchard w...@typo.org Remember that part of the issue is the fact that, thanks to the Patriot Act and FISA, not only can you be given a warrant that does not proceed through normal channels, you are forbidden from even acknowledging its very existence or risk prison. So, who is that that posts a Warrant Canary? Is it still up to date? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: PRISM: NSA/FBI Internet data mining project
On 06/08/2013 01:47 PM, Jay Ashworth wrote: - Original Message - From: Wayne E Bouchard w...@typo.org Remember that part of the issue is the fact that, thanks to the Patriot Act and FISA, not only can you be given a warrant that does not proceed through normal channels, you are forbidden from even acknowledging its very existence or risk prison. So, who is that that posts a Warrant Canary? Is it still up to date? Cheers, -- jra rsync.net? Current as of 2013-06-03 http://www.rsync.net/resources/notices/canary.txt -DMM
Re: PRISM: NSA/FBI Internet data mining project
On Jun 7, 2013, at 12:25 AM, jamie rishaw j...@arpa.com wrote: tinfoilhat Just wait until we find out dark and lit private fiber is getting vampired. /tinfoilhat Speaking from the content provider dide here, but we've always run IPsec on DCIs and even private T1s/DS3s back in the day. Doesn't everyone do the same these days? I find it hard to imagine passing any audit/compliance process without doing so. Private lines or dedicated fiber always pass through much public, unmanaged, and unmonitored space infrastructure. And we know better than to trust our providers to never screw up and mis-route traffic.
Re: PRISM: NSA/FBI Internet data mining project
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/06/2013 16:31, William Herrin wrote: On Fri, Jun 7, 2013 at 1:25 AM, jamie rishaw j...@arpa.com wrote: Just wait until we find out dark and lit private fiber is getting vampired. Why wait? http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0 -Bill In a similar vein, a new PRISM slide was released by the Guardian this morning: http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google Doesn't specifically say private fiber - just fiber cables and infrastructure. May just refer to fiber to/from/within complying company infrastructure, ofc, not necessarily anything else. They also apparently have a web 2.0 compliant dashboard with a catchy name and pop-ups with big numbers in: Boundless Informant. http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining Speaking from the other side of the pond it's interesting to see where this is going. GCHQ (the UK NSA equivalent) are being asked stern questions by the government about their involvement and if they've been asking the NSA for UK citizens' data (since they're not allowed to collect it themselves). Cheers, James Harrison -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAlGzyl4ACgkQ22kkGnnJQAwVfQCePSYz9p5P95bnWYbp4YA2SeQD HeQAn0AOnReV6DQC0Y3k5P046BbFnBUJ =auDI -END PGP SIGNATURE-
Re: PRISM: NSA/FBI Internet data mining project
What is the point to argue whether they have the capacity to process all the data? They DON'T need to build expensive systems. They just need to make sure when they ask your company for information, these information are available for them and fast enough. So the statement that saying we don't give them direct access means nothing!!! The right question is IS THERE A DIRECT CHANNEL for them to ask you for information without providing all the evidence( how could they show you all the evidence when it is security related??), which you can't deny their access. On Sun, Jun 9, 2013 at 8:20 AM, James Harrison ja...@talkunafraid.co.ukwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/06/2013 16:31, William Herrin wrote: On Fri, Jun 7, 2013 at 1:25 AM, jamie rishaw j...@arpa.com wrote: Just wait until we find out dark and lit private fiber is getting vampired. Why wait? http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0 -Bill In a similar vein, a new PRISM slide was released by the Guardian this morning: http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google Doesn't specifically say private fiber - just fiber cables and infrastructure. May just refer to fiber to/from/within complying company infrastructure, ofc, not necessarily anything else. They also apparently have a web 2.0 compliant dashboard with a catchy name and pop-ups with big numbers in: Boundless Informant. http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining Speaking from the other side of the pond it's interesting to see where this is going. GCHQ (the UK NSA equivalent) are being asked stern questions by the government about their involvement and if they've been asking the NSA for UK citizens' data (since they're not allowed to collect it themselves). Cheers, James Harrison -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAlGzyl4ACgkQ22kkGnnJQAwVfQCePSYz9p5P95bnWYbp4YA2SeQD HeQAn0AOnReV6DQC0Y3k5P046BbFnBUJ =auDI -END PGP SIGNATURE-
Re: PRISM: NSA/FBI Internet data mining project
I don't need any wire tapping or decrypting. Let's say I want to see all NANOG emails, I just need to call Larry Page's CSO office and someone will send me a copy. of course I can't give you any evidence, how could I? Does it make sense? On Sun, Jun 9, 2013 at 10:44 AM, ku po cciehe...@gmail.com wrote: What is the point to argue whether they have the capacity to process all the data? They DON'T need to build expensive systems. They just need to make sure when they ask your company for information, these information are available for them and fast enough. So the statement that saying we don't give them direct access means nothing!!! The right question is IS THERE A DIRECT CHANNEL for them to ask you for information without providing all the evidence( how could they show you all the evidence when it is security related??), which you can't deny their access. On Sun, Jun 9, 2013 at 8:20 AM, James Harrison ja...@talkunafraid.co.ukwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/06/2013 16:31, William Herrin wrote: On Fri, Jun 7, 2013 at 1:25 AM, jamie rishaw j...@arpa.com wrote: Just wait until we find out dark and lit private fiber is getting vampired. Why wait? http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0 -Bill In a similar vein, a new PRISM slide was released by the Guardian this morning: http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google Doesn't specifically say private fiber - just fiber cables and infrastructure. May just refer to fiber to/from/within complying company infrastructure, ofc, not necessarily anything else. They also apparently have a web 2.0 compliant dashboard with a catchy name and pop-ups with big numbers in: Boundless Informant. http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining Speaking from the other side of the pond it's interesting to see where this is going. GCHQ (the UK NSA equivalent) are being asked stern questions by the government about their involvement and if they've been asking the NSA for UK citizens' data (since they're not allowed to collect it themselves). Cheers, James Harrison -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAlGzyl4ACgkQ22kkGnnJQAwVfQCePSYz9p5P95bnWYbp4YA2SeQD HeQAn0AOnReV6DQC0Y3k5P046BbFnBUJ =auDI -END PGP SIGNATURE-
Re: PRISM: NSA/FBI Internet data mining project
On Jun 6, 2013, at 10:25 PM, jamie rishaw j...@arpa.com wrote: tinfoilhat Just wait until we find out dark and lit private fiber is getting vampired. /tinfoilhat well, that's exactly and the only thing what would not surprise me, given the eff suit and mark klein's testimony about room 421a full of narus taps. mark klein is an utterly convincing and credible guy on this subject of tapping transit traffic. but the ability to assemble intelligence out of taps on providers' internal connections would require reverse engineering the ever changing protocols of all of those providers. and at least at one of the providers named, where i worked on security and abuse, it was hard for us, ourselves, to quickly mash up data from various internal services and lines of business that were almost completely siloed -- data typically wasn't exposed widely and stayed within a particular server or data center absent a logged in session by the user. were these guys scraping the screens of non-ssl sessions of interest in real time? with asymmetric routing, it's hard to reassemble both sides of a conversation, say in IM. one side might come in via a vip and the other side go out through the default route, shortest path. only *on* a specific internal server might you see the entire conversation. typically only the engineers who worked on that application would log on or even know what to look for. and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. and pretty much denials all around. so at the moment, i don't believe it. (and i hope it's not true, or i might have to leave this industry in utter disgust because i didn't notice this going on in about 8 years at that provider and it was utterly contrary to the expressed culture. take up beekeeping, or alcohol, or something.). -- Jamie Rishaw // .com.arpa@j - reverse it. ish. arpa / arpa labs
Re: PRISM: NSA/FBI Internet data mining project
The oh well, it happens, who cares, guess you need PGP comments on this thread are idiotic. Some of you would benefit from reading the text of the 4th Amendment: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized The Washington Post mentioned some safeguards... but those were pathetic. Why? They seemed to be similar to the following analogy: we'll keep that video camera in your home, recording your every move, and we promise we'll close our eyes when reviewing the tape whenever it shows you naked. THAT is essentially what they're saying. The access described by both the Washington Post and The Guardian is essentially unfettered/unmetered/unmonitored. Just as a doctors take the hippocratic oath to maintain decent standards which are to the benefit of modern civilization... shouldn't IT/Networking/Internet professionals (NANOG readers!!!) have standards that, hopefully, distinguishes us from... say... the State-run ISP of North Korea. And if these allegations are true... then... I have a difficult time believing that there was no quid pro quo involved. Especially since such companies risk a backlash and huge loss of customers if/when this gets out. So I don't think they'd do this without some kind of return in favor. Did they get special tax treatment? Tarp money of any kind (maybe to a parent company)? Easing of regulation enforcement? If there was quid pro quo, then what a bunch of F'ing whores, selling their own customers down the river... to make a buck... and potentially contributing to a future tyranny. Sure, the US government probably only use this to catch the bad guys today... but what would a *corrupt* adminstration do with such data in the future... stick the IRS on their political enemies? (oh, wait, that just happened... h) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-932
Re: PRISM: NSA/FBI Internet data mining project
Subject: Re: PRISM: NSA/FBI Internet data mining project Date: Fri, Jun 07, 2013 at 12:25:35AM -0500 Quoting jamie rishaw (j...@arpa.com): tinfoilhat Just wait until we find out dark and lit private fiber is getting vampired. /tinfoilhat I'm not even assuming it, I'm convinced. In Sweden, we have a law, that makes what NSA/FBI did illegal while at the same time legalising, after some scrutiny, the practice of tapping traffic that passes Sweden and is not both originated by and destined to Swedes. . We're pretty good at selling transit abroad. Eastward. Go figure. Combine that with our NSA buddy, the FRA (http://www.fra.se) actively attempting to hire WDM experience and there is enough circumstantial data that I'm convinced it's being done. Also, what agencies like NSA, GCHQ and FRA have done for ages is listening to a broad spectrum of RF data with their aerials. Moving it into fiber is just keeping pace with the technology. Another historical fact is that the FRA has its roots in a extremely successful wiretapping operation in WW2, where the German teleprinter traffic between Norway (occupied) and Germany was passed on leased lines through western Sweden. Cross-border wiretap. In conclusion; I'm convinced. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 I'm having an emotional outburst!! signature.asc Description: Digital signature
Re: PRISM: NSA/FBI Internet data mining project
On Thu, Jun 06, 2013 at 08:07:57PM -0400, Alex Rubenstein wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. So, you are comfortable just giving up your right to privacy? It's just the way it is? If you want to exercise your right to privacy, use end to end encryption and onion remixing networks to hamper traffic analysis. Everything else is for the hopelessly gullible. I'm sorry, I am not as accepting of that fact as you are. I am disappointed and disgusted that this is, and has been, going on. Our government is failing us. What government is this, kemo sabe? Nanog has a global audience.
Re: PRISM: NSA/FBI Internet data mining project
On Fri, Jun 07, 2013 at 12:25:35AM -0500, jamie rishaw wrote: tinfoilhat Just wait until we find out dark and lit private fiber is getting vampired. /tinfoilhat Approaches like http://www.wired.com/science/discoveries/news/2006/04/70619 obviously don't scale to small time operators. But if you can vaccuum up close to the core at full wire speed (and there is no reason to think you can't, since there are switches which deal with that) you don't have to deal with periphery that much. How would you tap a few TBit/s so that you can filter it down to where you can look it at layer 7 in ASICs, and filter out something to a more manageable data rate? Would you use a dedicated fibre to forward that to a central facility, or do it with storage that is periodically picked up via sneakernet?
RE: PRISM: NSA/FBI Internet data mining project
Approaches like http://www.wired.com/science/discoveries/news/2006/04/70619 obviously don't scale to small time operators. But if you can vaccuum up close to the core at full wire speed (and there is no reason to think you can't, since there are switches which deal with that) you don't have to deal with periphery that much. Remember, there is no core. I say that half-jokingly. Sniffing at the core will only net you a small set of potentially asymmetrical traffic flow.
Re: PRISM: NSA/FBI Internet data mining project
On 06/07/13 02:34 -0400, Rob McEwen wrote: The oh well, it happens, who cares, guess you need PGP comments on this thread are idiotic. Some of you would benefit from reading the text of the 4th Amendment: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized OpenPGP and other end-to-end protocols protect against all nefarious actors, including state entities. I'll admit my first reaction yesterday after hearing this news was - so what? Network security by its nature presumes that an insecure channel is going to be attacked and compromised. The 4th Amendment is a layer-8 solution to a problem that is better solved lower in the stack. The Washington Post mentioned some safeguards... but those were pathetic. Why? They seemed to be similar to the following analogy: we'll keep that video camera in your home, recording your every move, and we promise we'll close our eyes when reviewing the tape whenever it shows you naked. THAT is essentially what they're saying. The access described by both the Washington Post and The Guardian is essentially unfettered/unmetered/unmonitored. Just as a doctors take the hippocratic oath to maintain decent standards which are to the benefit of modern civilization... shouldn't IT/Networking/Internet professionals (NANOG readers!!!) have standards that, hopefully, distinguishes us from... say... the State-run ISP of North Korea. And if these allegations are true... then... I have a difficult time believing that there was no quid pro quo involved. Especially since such companies risk a backlash and huge loss of customers if/when this gets out. So I don't think they'd do this without some kind of return in favor. Did they get special tax treatment? Tarp money of any kind (maybe to a parent company)? Easing of regulation enforcement? I assume these taps were put in place under the auspices of (by order of) homeland security or some such. If there were some financial incentive involved, I'd be surprise. -- Dan White
RE: PRISM: NSA/FBI Internet data mining project
So, you are comfortable just giving up your right to privacy? It's just the way it is? If you want to exercise your right to privacy, use end to end encryption and onion remixing networks to hamper traffic analysis. Whoa. These are two completely separate issues. I concur with you whole-heartedly; if you have something to keep private or something that is sensitive, protect it. That is your right, it is legal, and you should do it. I do. But that DOES NOT, UNDER ANY CIRCUMSTANCES, in any way make it OK for the USG to ignore the fourth amendment. I should not have to hamper traffic analysis that is analyzing my traffic illegally. That is the bigger point here. Everything else is for the hopelessly gullible. You mean, Everything else is for the people who are OK with being snooped on by the government. I'm sorry, I am not as accepting of that fact as you are. I am disappointed and disgusted that this is, and has been, going on. Our government is failing us. What government is this, kemo sabe? Nanog has a global audience. Fair enough, but I think we all know what I am talking about.
Re: PRISM: NSA/FBI Internet data mining project
On Fri, Jun 7, 2013 at 1:57 AM, Mark Seiden m...@seiden.com wrote: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. agreed, that 20m seems extraordinarily low for such an effort... hell, for 6 yrs time transport costs along would have exceeded that number.
Re: PRISM: NSA/FBI Internet data mining project
On 6/7/2013 9:50 AM, Dan White wrote: OpenPGP and other end-to-end protocols protect against all nefarious actors, including state entities. I'll admit my first reaction yesterday after hearing this news was - so what? Network security by its nature presumes that an insecure channel is going to be attacked and compromised. The 4th Amendment is a layer-8 solution to a problem that is better solved lower in the stack. That is JUST like saying... || now that the police can freely bust your door down and raid your house in a fishing expedition, without a search warrant, without court order, and without probable cause... the solution is for you to get a stronger metal door and hide all your stuff better.|| You're basically saying that it is OK for governments to defy their constitutions and trample over EVERYONE's rights, and that is OK since a TINY PERCENTAGE of experts will have exotic means to evade such trampling. But to hell with everyone else. They'll just have to become good little subjects to the State. If grandma can't do PGP, then she deserves it, right? Yet... many people DIED to initiate/preserve/codify such human rights... but I guess others just give them away freely. What a shame. Ironically, many who think this is no big deal have themselves benefited immensely from centuries of freedom and prosperity that resulted from rule of law and the U.S. Constitution/Bill of Rights. I assume these taps were put in place under the auspices of (by order of) homeland security or some such. If there were some financial incentive involved, I'd be surprise. Some of the authors of the laws that were used to justify these are already starting to come forward saying, it wasn't suppose to go that far. And to the extent that some laws were followed correctly, any such laws that do not conform to the 4th Amendment are suppose to be invalid, and eventually, officially invalidated. I think what has happened here is that stuff like this was nudging the 4th amendment aside... and little-by-little, kept getting worse... just like the Frog in the slowly heating water who doesn't know that he is now boiling to death. Does ANY REASONABLE person on this list REALLY think that the government snooping through your e-mail without warrant or court order is DIFFERENT in nature than the government sneaking into your home and snooping through your desk? Yes, it is easier. Yes, we ought to know that mail is less secure (from the BAD guys!!!). Otherwise, there really isn't any difference. This is a flagrant violation of the 4th amendment. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: PRISM: NSA/FBI Internet data mining project
This is one of these Save the forest by burning it situations that don't have any logic. To save a forest firefighters often cut a few tree. Don't cut all the trees in a forest to save it from a fire. Exceptions must be made for police forces to violate rights (like privacy). Exceptions can't be the norm. A exception can't be we have accesss to all emails all the time. Thats cutting all the forest. If you give police forces the ability to violate personal rights all the time (not as exceptions) what this cause is people running away from the police forces. And turn the police forces in some type of criminal, the only difference is better organized and backed by the law. -- -- ℱin del ℳensaje.
Re: PRISM: NSA/FBI Internet data mining project
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/06/2013 16:02, Christopher Morrow wrote: On Fri, Jun 7, 2013 at 1:57 AM, Mark Seiden m...@seiden.com wrote: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. agreed, that 20m seems extraordinarily low for such an effort... hell, for 6 yrs time transport costs along would have exceeded that number. Does seem cheap. Still, here's an update from the horse's mouth: http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/868-dni-statement-on-recent-unauthorized-disclosures-of-classified-information Cheers, James Harrison -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAlGx970ACgkQ22kkGnnJQAz8swCgjwv821xxn+B4wBVOCE069x6q hJ0An3wMSQ4K3DPzakhKEfPRuTnTgpAv =w9js -END PGP SIGNATURE-
Re: PRISM: NSA/FBI Internet data mining project
On 06/07/13 11:11 -0400, Rob McEwen wrote: On 6/7/2013 9:50 AM, Dan White wrote: OpenPGP and other end-to-end protocols protect against all nefarious actors, including state entities. I'll admit my first reaction yesterday after hearing this news was - so what? Network security by its nature presumes that an insecure channel is going to be attacked and compromised. The 4th Amendment is a layer-8 solution to a problem that is better solved lower in the stack. That is JUST like saying... || now that the police can freely bust your door down and raid your house in a fishing expedition, without a search warrant, without court order, and without probable cause... the solution is for you to get a stronger metal door and hide all your stuff better.|| Hiding stuff better is generally good security practice, particularly in the absence of a search warrant. How effective those practices are is really what's important. From a data standpoint, those security procedures can be highly effective, even against law enforcement. But it's not law enforcement that I worry about the most (understandably, you may have a differing opinion); It's the random anonymous cracker who isn't beholden to any international laws or courts. I design my personal security procedures for him. That's why I don't, say, send passwords in emails. I don't trust state entities to protect the transmission of that data. I don't wish to place that burden on them. You're basically saying that it is OK for governments to defy their constitutions and trample over EVERYONE's rights, and that is OK since a TINY PERCENTAGE of experts will have exotic means to evade such trampling. But to hell with everyone else. They'll just have to become good little subjects to the State. If grandma can't do PGP, then she deserves it, right? I believe it's your responsibility to protect your own data, not the government's, and certainly not Facebook's. Yet... many people DIED to initiate/preserve/codify such human rights... but I guess others just give them away freely. What a shame. Ironically, many who think this is no big deal have themselves benefited immensely from centuries of freedom and prosperity that resulted from rule of law and the U.S. Constitution/Bill of Rights. Freedom is very important to me, as well as the laws that are in place to protect them. -- Dan White
Re: PRISM: NSA/FBI Internet data mining project
On 6/7/2013 11:42 AM, Dan White wrote: I believe it's your responsibility to protect your own data, not the government's, and certainly not Facebook's. Dan, I agree with everything you said in your last post. Except this part misses the point. Yes, it may not be their job to protect the data, but they do have certain responsibilities to not enable the snooping/sharing of my data beyond what is either obviously expected and/or what is clearly found in licensing/terms. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: PRISM: NSA/FBI Internet data mining project
- Original Message - From: Robert Mathews (OSIA) math...@hawaii.edu On 6/6/2013 7:35 PM, Jay Ashworth wrote: [ . ] Happily, none of the companies listed are transport networks: [ ] Cheers, -- jra Could you be certain that TWC, Comcast, Qwest/CenturyLink could not be involved? No, nor L3, GBLX, or the others. But you'd assume their names would get mentioned... Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: PRISM: NSA/FBI Internet data mining project
- Original Message - From: Robert Mathews (OSIA) math...@hawaii.edu On 6/6/2013 9:22 PM, valdis.kletni...@vt.edu wrote: Pay attention. None of the ones *listed* are transport networks. Doesn't mean they're not involved but unlisted (as of yet). *Vladis: * /sarcasm on I thank you for waking me up in class! I am impressed - your finely tuned language hair has picked-up the distinctions. Further, I am quite certain that the listing will be more inclusive/explicative in the next round. /sarcasm off With all due respect, Dr Mathews, I *know* Valdis[1]' reputation; he's a regular participant here. Who are you again? Cheers, -- jra [1] Note proper spelling of his name[2]. [2] Note that I spelled your name correctly as well. -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: PRISM: NSA/FBI Internet data mining project
- Original Message - From: Robert Mathews (OSIA) math...@hawaii.edu Being an AGENT or AGENCY of Change is not an activity most are CAPABLE of effectively thinking about, let alone acting upon. [ ... ] Laziness aside, permit me to humbly note that emphasis on COMPLIANCE (with sane or insane laws) alone, neither ENSURES, nor ASSURES security for oneself or one's customers. UN-altered REPRODUCTION and DISSEMINATION of this IMPORTANT Information is ENCOURAGED, ESPECIALLY to COMPUTER BULLETIN BOARDS. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: PRISM: NSA/FBI Internet data mining project
- Original Message - From: Mark Seiden m...@seiden.com but the ability to assemble intelligence out of taps on providers' internal connections would require reverse engineering the ever changing protocols of all of those providers. and at least at one of the providers named, where i worked on security and abuse, it was hard for us, ourselves, to quickly mash up data from various internal services and lines of business that were almost completely siloed -- data typically wasn't exposed widely and stayed within a particular server or data center absent a logged in session by the user. Jamie makes an excellent point here: Least Privilege should apply within carrier's cores and data centers, just as much as within corporate and organizational ones. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: PRISM: NSA/FBI Internet data mining project
On 6/7/13 8:28 AM, tei'' wrote: This is one of these Save the forest by burning it situations that don't have any logic. To save a forest firefighters often cut a few tree. Don't cut all the trees in a forest to save it from a fire. Seasonal work, many solar obits past. Well, actually, standard practice is to scratch a line and burn out from the line to reduce fuel proximal to the line. Scrach can take the form of a crew with hand tools scratching a width-of-tool reduction in fine fuel to tandem tractors scratching width-of-blade, followed by walked drip torches. Trees don't really burn and cutting trees to make line is only useful when attempting to limit crown fires more effectively dealt with by retreat to a discontiguous canopy and firing out to reduce propagation over fine fuels. Modernly, fire is recognized as a natural phenomena and past fire suppression doctrine has elevated fuel load and fire intensity, with deleterious effect, and suppression goals modified to structure defense, and identified resource defense, as well as the ongoing timber sales value defense. -e
Re: PRISM: NSA/FBI Internet data mining project
On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach mpet...@netflight.comwrote: On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth j...@baylink.com wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. Much less stress in life that way. ^_^ Matt When I posted this yesterday, I was speaking somewhat tongue-in-cheek, because we hadn't yet made a formal statement to the press. Now that we've made our official reply, I can echo it, and note that whatever fluffed up powerpoint was passed around to the washington post, it does not reflect reality. There are no optical taps in our datacenters funneling information out, there are no sooper-seekret backdoors in the software that funnel information to the government. As our formal reply stated: Yahoo does not provide the government with direct access to its servers, systems, or network. I believe the other major players supposedly listed in the document have released similar statements, all indicating a similar lack of super-cheap government listening capabilities. Speaking just for myself, and if you quote me on this as speaking on anyone else's behalf, you're a complete fool, if the government was able to build infrastructure that could listen to all the traffic from a major provider for a fraction of what it costs them to handle that traffic in the first place, I'd be truly amazed--and I'd probably wonder why the company didn't outsource their infrastruture to the government, if they can build and run it so much more cheaply than the commercial providers. ;P 7 companies were listed; if we assume the burden was split roughly evenly between them, that's 20M/7, about $2.85M per company per year to tap in, or about $238,000/month per company listed, to supposedly snoop on hundreds of gigs per second of data. Two ways to handle it: tap in, and funnel copies of all traffic back to distant monitoring posts, or have local servers digesting and filtering, just extracting the few nuggets they want, and sending just those back. Let's take the first case; doing optical taps, or other form of direct traffic mirroring, carrying it untouched offsite to process; that's going to mean the ability to siphon off hundreds of Gbps per datacenter and carry it offsite for $238k/month; let's figure a major player has data split across at least 3 datacenters, so about $75K/month per datacenter to carry say 300Gbps of traffic. It's pretty clearly going to have to be DWDM on dark fiber at that traffic volume; most recent quotes I've seen for dark fiber put it at $325/mile for already-laid-in-ground (new builds are considerably more, of course). If we figure the three datacenters are split around just the US, on average you're going to need to run about 1500 miles to reach their central listening post; that's $49K/month just to carry the bitstream, which leaves you just about $25K/month to run the servers to digest that data; at 5c/kwhr, a typical server pulling 300 watts is gonna cost you $11/month to run; let's assume each server can process 2Gbps of traffic, constantly; 150 servers for the stream of 300Gbps means we're down to $22K for the rest of our support costs; figure two sysadmins getting paid $10k/month to run the servers (120k annual salary), and you've got just $2k for GA overhead. That's a heck of an efficient operation they'd have to be running to listen in on all the traffic for the supposed budget number claimed. I'm late for work; I'll follow up with a runthrough of the other model, doing on-site digestion and processing later, but I think you can see the point--it's not realistic to think they can handle the volumes of data being claimed at the price numbers listed. If they could, the major providers would already be doing it for much cheaper than they are today. I mean, the Utah datacenter they're building is costing them $2B to build; does anyone really think if they're overpaying that much for datacenter space, they could really snoop on provider traffic for only $238K/month? More later--and remember, this is purely my own rampant speculation, I'm not speaking for anyone, on behalf of anyone, or even remotely authorized or acknowledged by any entity on this rambling, so
Re: PRISM: NSA/FBI Internet data mining project
On 6/7/2013 11:58 AM, Jay Ashworth wrote: With all due respect, Dr Mathews, I *know* Valdis[1]' reputation; he's a regular participant here. Who are you again? Cheers, -- jra [1] Note proper spelling of his name[2]. [2] Note that I spelled your name correctly as well. I am no one particularly important, or of great reputation! .. and, I shall make it a point to avail myself to a nearby English class... meanwhile, please carry on with the cultivated and wonderful discussions on what a government can, cannot, or indeed may do Cheers to you as well.
Re: PRISM: NSA/FBI Internet data mining project
Five days ago anyone who would have talked about the government having this capability would have been issued another tin foil hat. We think we know the truth now, but why hasn't echelon been brought up? I'm not calling anyone a liar, but isn't not speaking the truth the same thing? Sent from my Mobile Device. Original message From: Matthew Petach mpet...@netflight.com Date: 06/07/2013 9:34 AM (GMT-08:00) To: Cc: NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach mpet...@netflight.comwrote: On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth j...@baylink.com wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. Much less stress in life that way. ^_^ Matt When I posted this yesterday, I was speaking somewhat tongue-in-cheek, because we hadn't yet made a formal statement to the press. Now that we've made our official reply, I can echo it, and note that whatever fluffed up powerpoint was passed around to the washington post, it does not reflect reality. There are no optical taps in our datacenters funneling information out, there are no sooper-seekret backdoors in the software that funnel information to the government. As our formal reply stated: Yahoo does not provide the government with direct access to its servers, systems, or network. I believe the other major players supposedly listed in the document have released similar statements, all indicating a similar lack of super-cheap government listening capabilities. Speaking just for myself, and if you quote me on this as speaking on anyone else's behalf, you're a complete fool, if the government was able to build infrastructure that could listen to all the traffic from a major provider for a fraction of what it costs them to handle that traffic in the first place, I'd be truly amazed--and I'd probably wonder why the company didn't outsource their infrastruture to the government, if they can build and run it so much more cheaply than the commercial providers. ;P 7 companies were listed; if we assume the burden was split roughly evenly between them, that's 20M/7, about $2.85M per company per year to tap in, or about $238,000/month per company listed, to supposedly snoop on hundreds of gigs per second of data. Two ways to handle it: tap in, and funnel copies of all traffic back to distant monitoring posts, or have local servers digesting and filtering, just extracting the few nuggets they want, and sending just those back. Let's take the first case; doing optical taps, or other form of direct traffic mirroring, carrying it untouched offsite to process; that's going to mean the ability to siphon off hundreds of Gbps per datacenter and carry it offsite for $238k/month; let's figure a major player has data split across at least 3 datacenters, so about $75K/month per datacenter to carry say 300Gbps of traffic. It's pretty clearly going to have to be DWDM on dark fiber at that traffic volume; most recent quotes I've seen for dark fiber put it at $325/mile for already-laid-in-ground (new builds are considerably more, of course). If we figure the three datacenters are split around just the US, on average you're going to need to run about 1500 miles to reach their central listening post; that's $49K/month just to carry the bitstream, which leaves you just about $25K/month to run the servers to digest that data; at 5c/kwhr, a typical server pulling 300 watts is gonna cost you $11/month to run; let's assume each server can process 2Gbps of traffic, constantly; 150 servers for the stream of 300Gbps means we're down to $22K for the rest of our support costs; figure two sysadmins getting paid $10k/month to run the servers (120k annual salary), and you've got just $2k for GA overhead. That's a heck of an efficient operation they'd have to be running to listen in on all the traffic for the supposed budget number claimed. I'm late for work; I'll follow up with a runthrough of the other model, doing on-site digestion and processing later, but I think you can see the point--it's not realistic to think they can handle the volumes of data being claimed at the price numbers listed
Re: PRISM: NSA/FBI Internet data mining project
On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. Convince me the *real* number doesn't have another zero. Remember - the $20M number came from a source that has *very* good reason to lie as much as it can right now about the true extent of this. pgpafw5KXXlBt.pgp Description: PGP signature
Re: PRISM: NSA/FBI Internet data mining project
i have talked with a dozen people about this who ought to know if there were something more creepy than usual going on. and nobody in engineering knows of anything. but hm, people in compliance said no comment. that, and the $20M annual number, suggests that what they actually did was set up a portal for intel agency people to use to request business records of the members (service providers). (maybe PRISM stands for something like Portal to Request Intelligence Service Materials, or somesuch.) of course, under patriot, the legal concept of business records was greatly expanded, and the kinds of approvals needed to get them reduced. i really wonder if the FISC has a pki. i.e. as a technical matter can a FISC judge electronically approve a NSL or FISA warrant? if i'm right, now they're following the letter of the new law electronically, rather than using paper and fax. which would increase timeliness, accuracy and efficiency for all parties concerned. this would only affect compliance activities at the providers, who would continue receiving and handling individual requests just as previously and supplying the same data as before. (and i suppose now the providers could actually supply the returned records electronically also…) (i am actually in favor of this kind of thing for both law enforcement requests and for intel agency requests. the amount of time and money wasted and delays in handling perfectly legal and necessary investigative requests was kind of shocking to me. i repeatedly heard complaints about cases where compliance would not respond to LE in long enough that the data provided was stale for judicial purposes, and the same search warrant would have to be reissued. (or where they would take a very long time to reject a request for a technical or legal reason.) (there's an interesting gray area in this request handling: there were several times as an internal investigator at a provider when i wanted to be able to convey to LE that they *should go through the trouble* of doing all the paperwork of going to a judge, or even worse, through the MLAT which means a foot of paper and a man-month of work. there were even more times when i wanted to say don't bother to even ask, you'd just be wasting your time). but my lawyers would not allow that sort of communication. On Jun 7, 2013, at 11:05 AM, valdis.kletni...@vt.edu wrote: On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. Convince me the *real* number doesn't have another zero. Remember - the $20M number came from a source that has *very* good reason to lie as much as it can right now about the true extent of this.
Re: PRISM: NSA/FBI Internet data mining project
- Original Message - From: Valdis Kletnieks valdis.kletni...@vt.edu On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. Convince me the *real* number doesn't have another zero. Remember - the $20M number came from a source that has *very* good reason to lie as much as it can right now about the true extent of this. Indeed. Luckily, the press is all over this like a bad smell. I mentioned The Story in a new posting just now; they have, surprisingly, already managed to dig at this spot, a pretty quick response for them: http://www.thestory.org/stories/2013-06/americans-spying-americans Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: PRISM: NSA/FBI Internet data mining project
I'm cool with technology to catch bad guys, I just don't know that catching everything for some kind of dragnet is the right approach. There will be a time where Americans realize they are actually not in control of their governence, perhaps that time is now? On the upside, Holder now has another leak (reason) to subpoena a journalist.. ;) As a side note.. I don't know how many of you have been on major government projects, but 20MM was spent in the first 20 minutes.. Much of the gear can be developed by another organization on another (massive) budget. Look at Groom Lake*.. What's their budget?Government contracting is murky territory, especially when things are critically needed and a General says go. *Groom Lake (area 51) was confirmed to be the facility that developed the stealth helicopter used in the Bin Laden raids. Sent from my Mobile Device. Original message From: Mark Seiden m...@seiden.com Date: 06/07/2013 12:11 PM (GMT-08:00) To: valdis.kletni...@vt.edu Cc: goe...@anime.net,NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project i have talked with a dozen people about this who ought to know if there were something more creepy than usual going on. and nobody in engineering knows of anything. but hm, people in compliance said no comment. that, and the $20M annual number, suggests that what they actually did was set up a portal for intel agency people to use to request business records of the members (service providers). (maybe PRISM stands for something like Portal to Request Intelligence Service Materials, or somesuch.) of course, under patriot, the legal concept of business records was greatly expanded, and the kinds of approvals needed to get them reduced. i really wonder if the FISC has a pki. i.e. as a technical matter can a FISC judge electronically approve a NSL or FISA warrant? if i'm right, now they're following the letter of the new law electronically, rather than using paper and fax. which would increase timeliness, accuracy and efficiency for all parties concerned. this would only affect compliance activities at the providers, who would continue receiving and handling individual requests just as previously and supplying the same data as before. (and i suppose now the providers could actually supply the returned records electronically also…) (i am actually in favor of this kind of thing for both law enforcement requests and for intel agency requests. the amount of time and money wasted and delays in handling perfectly legal and necessary investigative requests was kind of shocking to me. i repeatedly heard complaints about cases where compliance would not respond to LE in long enough that the data provided was stale for judicial purposes, and the same search warrant would have to be reissued. (or where they would take a very long time to reject a request for a technical or legal reason.) (there's an interesting gray area in this request handling: there were several times as an internal investigator at a provider when i wanted to be able to convey to LE that they *should go through the trouble* of doing all the paperwork of going to a judge, or even worse, through the MLAT which means a foot of paper and a man-month of work. there were even more times when i wanted to say don't bother to even ask, you'd just be wasting your time). but my lawyers would not allow that sort of communication. On Jun 7, 2013, at 11:05 AM, valdis.kletni...@vt.edu wrote: On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. Convince me the *real* number doesn't have another zero. Remember - the $20M number came from a source that has *very* good reason to lie as much as it can right now about the true extent of this.
Re: PRISM: NSA/FBI Internet data mining project
Has anyone found out if this system is actually based on Narus? I associated this program as a super version of the ATT thing, and if I recall it was understood that was Narus and Co via NSA/FBI? Sent from my Mobile Device. Original message From: Jay Ashworth j...@baylink.com Date: 06/07/2013 12:16 PM (GMT-08:00) To: NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project - Original Message - From: Valdis Kletnieks valdis.kletni...@vt.edu On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. Convince me the *real* number doesn't have another zero. Remember - the $20M number came from a source that has *very* good reason to lie as much as it can right now about the true extent of this. Indeed. Luckily, the press is all over this like a bad smell. I mentioned The Story in a new posting just now; they have, surprisingly, already managed to dig at this spot, a pretty quick response for them: http://www.thestory.org/stories/2013-06/americans-spying-americans Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: PRISM: NSA/FBI Internet data mining project
I assume the unclassified word Prism (which is found everywhere on IC resumes and open job descriptions) refers to Palantir's Prism suite. Could be wrong, but seems logical. On Fri, Jun 7, 2013 at 4:28 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Has anyone found out if this system is actually based on Narus? I associated this program as a super version of the ATT thing, and if I recall it was understood that was Narus and Co via NSA/FBI? Sent from my Mobile Device. Original message From: Jay Ashworth j...@baylink.com Date: 06/07/2013 12:16 PM (GMT-08:00) To: NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project - Original Message - From: Valdis Kletnieks valdis.kletni...@vt.edu On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. Convince me the *real* number doesn't have another zero. Remember - the $20M number came from a source that has *very* good reason to lie as much as it can right now about the true extent of this. Indeed. Luckily, the press is all over this like a bad smell. I mentioned The Story in a new posting just now; they have, surprisingly, already managed to dig at this spot, a pretty quick response for them: http://www.thestory.org/stories/2013-06/americans-spying-americans Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: PRISM: NSA/FBI Internet data mining project
On Jun 7, 2013, at 10:02 AM, Christopher Morrow morrowc.li...@gmail.com wrote: On Fri, Jun 7, 2013 at 1:57 AM, Mark Seiden m...@seiden.com wrote: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. agreed, that 20m seems extraordinarily low for such an effort... hell, for 6 yrs time transport costs along would have exceeded that number. Obligatory Independence Day quote: President Thomas Whitmore: I don't understand, where does all this come from? How do you get funding for something like this? Julius Levinson: You don't actually think they spend $20,000 on a hammer, $30,000 on a toilet seat, do you? Andy Ringsmuth a...@newslink.com News Link – Manager Technology Facilities 2201 Winthrop Rd., Lincoln, NE 68502-4158 (402) 475-6397(402) 304-0083 cellular
Re: PRISM: NSA/FBI Internet data mining project
I've been trying to find details to the contrary but as far as I see, there's no indication that the constitutional (or otherwise) rights of any US citizens (or anyone, anywhere, for that matter) are being overtly (or otherwise) trampled which would seem to be the pertinent objection. The somewhat obvious ... - the NSA are authorized by congress (i.e. the American people) under the National Security Act of 1947 to deal with foreign signals intelligence and they've been doing this for some time. http://www.nsa.gov/about/mission/index.shtml - specifically the NSA has powers under the Foreign Intelligence Surveillance Act and amendments. http://www.intelligence.senate.gov/laws/pl110261.pdf - co-operating parties are under direction to follow NSA guidelines about disclosure. http://www.intelligence.senate.gov/laws/pl95-511.pdf The NSA are collecting SIGINT from commercial enterprise without disclosing specifics. This is lawful and to be expected. Your government is doing it too and has been for probably most of your nation's existence by whatever means available. Pertinent things we know here ... - there's a program called PRISM under NSA auspices. - the slides specifically reference extra-territorial communications. - there's discussion of providers and what type of information can be retrieved. - the infrastructure or procedures are established and have been for some time. Taking the few slides and relevant quotes (i.e. factual points) provided by the Washington Post and the Guardian and others and drawing a straight line on those, i.e. ignoring supposition and whatever, I don't see any news here other than somebody from NSA has leaked a powerpoint presentation that seemingly is an internal, hyperbolic, morale-boosting show. The Guardian has verified the authenticity of the document ... which was apparently used to train intelligence operatives on the capabilities of the program. http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data Here's the result of an ACLU FOI request dated 10/2/2009 ... http://www.aclu.org/files/pdfs/natsec/faafoia20101129/FAAFBI0536.pdf I don't see anything surprising or new. Is .gov is overstepping it's mandate and abusing any of this? History tells us there should be concerns. Is there any evidence to support such an assertion here? No. Later, I noticed this: http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/869-dni-statement-on-activities-authorized-under-section-702-of-fisa They contain numerous inaccuracies. James R. Clapper, Director of National Intelligence I've skimmed this: http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/868-dni-statement-on-recent-unauthorized-disclosures-of-classified-information I might read it carefully later but it looks to describe sensible paradigms for understanding this leak. If there's an abuse of process going on can somebody point it out to me? If there is something un-constitutional going on, it's not PRISM per se, but the Act (FISA) which authorizes it. Right? If that's the case it doesn't require evidence of a program to point to the problem.
Re: PRISM: NSA/FBI Internet data mining project
Lol.. I think the 20k hammer is probably a result of the contract vehicle. Firm fixed tend to have trouble with change orders so they bury costs within the project. The real cheap stuff comes from the indefinite quantity type of contracts, where they are buying consumables regularly at a discounted rate (and change orders are non issues). I used to wonder why the air force would run close to full burner on a training departure towards to the end of the month. I was told by someone who had an understanding of these things if you didn't use your fuel in a given month it impacted the next months delivery. It was necessary waste to ensure regular fuel quantities. The government entity was buying fuel on an indefinite basis, and the contract made the fuel cheaper as they were burning more. It's a total shit show in government contracting, which is I'm surprised they consider this system to be so wildly successful. If it was some anti jihad box, why did it not detect the Boston guys (who were not US citizens and likely would have been subject to monitoring by the anti jihad box)? Sent from my Mobile Device. Original message From: Andy Ringsmuth a...@newslink.com Date: 06/07/2013 1:38 PM (GMT-08:00) To: NANOG list nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project On Jun 7, 2013, at 10:02 AM, Christopher Morrow morrowc.li...@gmail.com wrote: On Fri, Jun 7, 2013 at 1:57 AM, Mark Seiden m...@seiden.com wrote: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. agreed, that 20m seems extraordinarily low for such an effort... hell, for 6 yrs time transport costs along would have exceeded that number. Obligatory Independence Day quote: President Thomas Whitmore: I don't understand, where does all this come from? How do you get funding for something like this? Julius Levinson: You don't actually think they spend $20,000 on a hammer, $30,000 on a toilet seat, do you? Andy Ringsmuth a...@newslink.com News Link – Manager Technology Facilities 2201 Winthrop Rd., Lincoln, NE 68502-4158 (402) 475-6397(402) 304-0083 cellular
Re: PRISM: NSA/FBI Internet data mining project
Wink wink http://www.forbes.com/sites/andygreenberg/2013/06/07/startup-palantir-denies-its-prism-software-is-the-nsas-prism-surveillance-system/ Sent from my Mobile Device. Original message From: Jason L. Sparks jlspa...@gmail.com Date: 06/07/2013 1:31 PM (GMT-08:00) To: Warren Bailey wbai...@satelliteintelligencegroup.com Cc: Jay Ashworth j...@baylink.com,NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project I assume the unclassified word Prism (which is found everywhere on IC resumes and open job descriptions) refers to Palantir's Prism suite. Could be wrong, but seems logical. On Fri, Jun 7, 2013 at 4:28 PM, Warren Bailey wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com wrote: Has anyone found out if this system is actually based on Narus? I associated this program as a super version of the ATT thing, and if I recall it was understood that was Narus and Co via NSA/FBI? Sent from my Mobile Device. Original message From: Jay Ashworth j...@baylink.commailto:j...@baylink.com Date: 06/07/2013 12:16 PM (GMT-08:00) To: NANOG nanog@nanog.orgmailto:nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project - Original Message - From: Valdis Kletnieks valdis.kletni...@vt.edumailto:valdis.kletni...@vt.edu On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. Convince me the *real* number doesn't have another zero. Remember - the $20M number came from a source that has *very* good reason to lie as much as it can right now about the true extent of this. Indeed. Luckily, the press is all over this like a bad smell. I mentioned The Story in a new posting just now; they have, surprisingly, already managed to dig at this spot, a pretty quick response for them: http://www.thestory.org/stories/2013-06/americans-spying-americans Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.commailto:j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274tel:%2B1%20727%20647%201274
Re: PRISM: NSA/FBI Internet data mining project
Le 07/06/2013 19:10, Warren Bailey a écrit : Five days ago anyone who would have talked about the government having this capability would have been issued another tin foil hat. We think we know the truth now, but why hasn't echelon been brought up? I'm not calling anyone a liar, but isn't not speaking the truth the same thing? ;-) mh Sent from my Mobile Device. Original message From: Matthew Petach mpet...@netflight.com Date: 06/07/2013 9:34 AM (GMT-08:00) To: Cc: NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach mpet...@netflight.comwrote: On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth j...@baylink.com wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. Much less stress in life that way. ^_^ Matt When I posted this yesterday, I was speaking somewhat tongue-in-cheek, because we hadn't yet made a formal statement to the press. Now that we've made our official reply, I can echo it, and note that whatever fluffed up powerpoint was passed around to the washington post, it does not reflect reality. There are no optical taps in our datacenters funneling information out, there are no sooper-seekret backdoors in the software that funnel information to the government. As our formal reply stated: Yahoo does not provide the government with direct access to its servers, systems, or network. I believe the other major players supposedly listed in the document have released similar statements, all indicating a similar lack of super-cheap government listening capabilities. Speaking just for myself, and if you quote me on this as speaking on anyone else's behalf, you're a complete fool, if the government was able to build infrastructure that could listen to all the traffic from a major provider for a fraction of what it costs them to handle that traffic in the first place, I'd be truly amazed--and I'd probably wonder why the company didn't outsource their infrastruture to the government, if they can build and run it so much more cheaply than the commercial providers. ;P 7 companies were listed; if we assume the burden was split roughly evenly between them, that's 20M/7, about $2.85M per company per year to tap in, or about $238,000/month per company listed, to supposedly snoop on hundreds of gigs per second of data. Two ways to handle it: tap in, and funnel copies of all traffic back to distant monitoring posts, or have local servers digesting and filtering, just extracting the few nuggets they want, and sending just those back. Let's take the first case; doing optical taps, or other form of direct traffic mirroring, carrying it untouched offsite to process; that's going to mean the ability to siphon off hundreds of Gbps per datacenter and carry it offsite for $238k/month; let's figure a major player has data split across at least 3 datacenters, so about $75K/month per datacenter to carry say 300Gbps of traffic. It's pretty clearly going to have to be DWDM on dark fiber at that traffic volume; most recent quotes I've seen for dark fiber put it at $325/mile for already-laid-in-ground (new builds are considerably more, of course). If we figure the three datacenters are split around just the US, on average you're going to need to run about 1500 miles to reach their central listening post; that's $49K/month just to carry the bitstream, which leaves you just about $25K/month to run the servers to digest that data; at 5c/kwhr, a typical server pulling 300 watts is gonna cost you $11/month to run; let's assume each server can process 2Gbps of traffic, constantly; 150 servers for the stream of 300Gbps means we're down to $22K for the rest of our support costs; figure two sysadmins getting paid $10k/month to run the servers (120k annual salary), and you've got just $2k for GA overhead. That's a heck of an efficient operation they'd have to be running to listen in on all the traffic for the supposed budget number claimed. I'm late for work; I'll follow up with a runthrough of the other model, doing on-site digestion and processing later, but I think
Re: PRISM: NSA/FBI Internet data mining project
Also of interest: http://www.guardian.co.uk/world/2013/jun/07/nsa-prism-records-surveillance-questions - ferg On Fri, Jun 7, 2013 at 3:49 PM, Michael Hallgren m.hallg...@free.fr wrote: Le 07/06/2013 19:10, Warren Bailey a écrit : Five days ago anyone who would have talked about the government having this capability would have been issued another tin foil hat. We think we know the truth now, but why hasn't echelon been brought up? I'm not calling anyone a liar, but isn't not speaking the truth the same thing? ;-) mh Sent from my Mobile Device. Original message From: Matthew Petach mpet...@netflight.com Date: 06/07/2013 9:34 AM (GMT-08:00) To: Cc: NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach mpet...@netflight.comwrote: On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth j...@baylink.com wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. Much less stress in life that way. ^_^ Matt When I posted this yesterday, I was speaking somewhat tongue-in-cheek, because we hadn't yet made a formal statement to the press. Now that we've made our official reply, I can echo it, and note that whatever fluffed up powerpoint was passed around to the washington post, it does not reflect reality. There are no optical taps in our datacenters funneling information out, there are no sooper-seekret backdoors in the software that funnel information to the government. As our formal reply stated: Yahoo does not provide the government with direct access to its servers, systems, or network. I believe the other major players supposedly listed in the document have released similar statements, all indicating a similar lack of super-cheap government listening capabilities. Speaking just for myself, and if you quote me on this as speaking on anyone else's behalf, you're a complete fool, if the government was able to build infrastructure that could listen to all the traffic from a major provider for a fraction of what it costs them to handle that traffic in the first place, I'd be truly amazed--and I'd probably wonder why the company didn't outsource their infrastruture to the government, if they can build and run it so much more cheaply than the commercial providers. ;P 7 companies were listed; if we assume the burden was split roughly evenly between them, that's 20M/7, about $2.85M per company per year to tap in, or about $238,000/month per company listed, to supposedly snoop on hundreds of gigs per second of data. Two ways to handle it: tap in, and funnel copies of all traffic back to distant monitoring posts, or have local servers digesting and filtering, just extracting the few nuggets they want, and sending just those back. Let's take the first case; doing optical taps, or other form of direct traffic mirroring, carrying it untouched offsite to process; that's going to mean the ability to siphon off hundreds of Gbps per datacenter and carry it offsite for $238k/month; let's figure a major player has data split across at least 3 datacenters, so about $75K/month per datacenter to carry say 300Gbps of traffic. It's pretty clearly going to have to be DWDM on dark fiber at that traffic volume; most recent quotes I've seen for dark fiber put it at $325/mile for already-laid-in-ground (new builds are considerably more, of course). If we figure the three datacenters are split around just the US, on average you're going to need to run about 1500 miles to reach their central listening post; that's $49K/month just to carry the bitstream, which leaves you just about $25K/month to run the servers to digest that data; at 5c/kwhr, a typical server pulling 300 watts is gonna cost you $11/month to run; let's assume each server can process 2Gbps of traffic, constantly; 150 servers for the stream of 300Gbps means we're down to $22K for the rest of our support costs; figure two sysadmins getting paid $10k/month to run the servers (120k annual salary), and you've got just $2k for GA overhead. That's a heck of an efficient operation they'd have to be running to listen
Re: PRISM: NSA/FBI Internet data mining project
the palantir financial product named prism is useless for intelligence analysis. it's for timeseries financial data. my understanding is it's a completely different product, code base and market from the connect-the-dots product they sell as a competitor to i2's Analyst's Notebook product. these are not the droids you're looking for On Jun 7, 2013, at 2:21 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Wink wink http://www.forbes.com/sites/andygreenberg/2013/06/07/startup-palantir-denies-its-prism-software-is-the-nsas-prism-surveillance-system/ Sent from my Mobile Device. Original message From: Jason L. Sparks jlspa...@gmail.com Date: 06/07/2013 1:31 PM (GMT-08:00) To: Warren Bailey wbai...@satelliteintelligencegroup.com Cc: Jay Ashworth j...@baylink.com,NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project I assume the unclassified word Prism (which is found everywhere on IC resumes and open job descriptions) refers to Palantir's Prism suite. Could be wrong, but seems logical. On Fri, Jun 7, 2013 at 4:28 PM, Warren Bailey wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com wrote: Has anyone found out if this system is actually based on Narus? I associated this program as a super version of the ATT thing, and if I recall it was understood that was Narus and Co via NSA/FBI? Sent from my Mobile Device. Original message From: Jay Ashworth j...@baylink.commailto:j...@baylink.com Date: 06/07/2013 12:16 PM (GMT-08:00) To: NANOG nanog@nanog.orgmailto:nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project - Original Message - From: Valdis Kletnieks valdis.kletni...@vt.edumailto:valdis.kletni...@vt.edu On Thu, 06 Jun 2013 22:57:07 -0700, Mark Seiden said: and also, only $20m/year? in my experience, the govt cannot do anything like this addressing even a single provider for that little money. Convince me the *real* number doesn't have another zero. Remember - the $20M number came from a source that has *very* good reason to lie as much as it can right now about the true extent of this. Indeed. Luckily, the press is all over this like a bad smell. I mentioned The Story in a new posting just now; they have, surprisingly, already managed to dig at this spot, a pretty quick response for them: http://www.thestory.org/stories/2013-06/americans-spying-americans Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.commailto:j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274tel:%2B1%20727%20647%201274
Re: PRISM: NSA/FBI Internet data mining project
http://www.guardian.co.uk/world/2013/jun/07/obama-china-targets-cyber-overseas the headline may be misleading. Presidential Policy Directive 20 defines OCEO as operations and related programs or activities … conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks. effects outside United States government networks. now there's an interesting phrase. OCEO == Offensive Cyber Effects Operations. -e
Re: PRISM: NSA/FBI Internet data mining project
what a piece of crap this article is. the guy doesn't understand what sniffing can and can't do. obviously he doesn't understand peering or routing, and he doesn't understand what cdns are for. he doesn't understand the EU safe harbor, saying it applies to govt entitites, when it's purely about companies hosting data of EU citizens. he quotes a source who suggests that the intel community might have privileged search access to facebook, which i don't believe. he even says company-owned equipment might refer to the NSA, which i thought everybody calls the agency so to not confuse with the CIA. and he suggests that these companies might have given up their master decryption keys (as he terms them) so that USG could decrypt SSL. and the $20M cost per year, which would only pay for something the size of a portal or a web site, well, that's mysterious. sheesh. this is not journalism. On Jun 7, 2013, at 3:54 PM, Paul Ferguson fergdawgs...@gmail.com wrote: Also of interest: http://www.guardian.co.uk/world/2013/jun/07/nsa-prism-records-surveillance-questions - ferg On Fri, Jun 7, 2013 at 3:49 PM, Michael Hallgren m.hallg...@free.fr wrote: Le 07/06/2013 19:10, Warren Bailey a écrit : Five days ago anyone who would have talked about the government having this capability would have been issued another tin foil hat. We think we know the truth now, but why hasn't echelon been brought up? I'm not calling anyone a liar, but isn't not speaking the truth the same thing? ;-) mh Sent from my Mobile Device. Original message From: Matthew Petach mpet...@netflight.com Date: 06/07/2013 9:34 AM (GMT-08:00) To: Cc: NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach mpet...@netflight.comwrote: On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth j...@baylink.com wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. Much less stress in life that way. ^_^ Matt When I posted this yesterday, I was speaking somewhat tongue-in-cheek, because we hadn't yet made a formal statement to the press. Now that we've made our official reply, I can echo it, and note that whatever fluffed up powerpoint was passed around to the washington post, it does not reflect reality. There are no optical taps in our datacenters funneling information out, there are no sooper-seekret backdoors in the software that funnel information to the government. As our formal reply stated: Yahoo does not provide the government with direct access to its servers, systems, or network. I believe the other major players supposedly listed in the document have released similar statements, all indicating a similar lack of super-cheap government listening capabilities. Speaking just for myself, and if you quote me on this as speaking on anyone else's behalf, you're a complete fool, if the government was able to build infrastructure that could listen to all the traffic from a major provider for a fraction of what it costs them to handle that traffic in the first place, I'd be truly amazed--and I'd probably wonder why the company didn't outsource their infrastruture to the government, if they can build and run it so much more cheaply than the commercial providers. ;P 7 companies were listed; if we assume the burden was split roughly evenly between them, that's 20M/7, about $2.85M per company per year to tap in, or about $238,000/month per company listed, to supposedly snoop on hundreds of gigs per second of data. Two ways to handle it: tap in, and funnel copies of all traffic back to distant monitoring posts, or have local servers digesting and filtering, just extracting the few nuggets they want, and sending just those back. Let's take the first case; doing optical taps, or other form of direct traffic mirroring, carrying it untouched offsite to process; that's going to mean the ability to siphon off hundreds of Gbps per datacenter and carry it offsite for $238k/month; let's figure a major player has data split across at least 3 datacenters, so about $75K/month per datacenter
Re: PRISM: NSA/FBI Internet data mining project
Tax payer money.. :) On 6/7/13, Mark Seiden m...@seiden.com wrote: what a piece of crap this article is. the guy doesn't understand what sniffing can and can't do. obviously he doesn't understand peering or routing, and he doesn't understand what cdns are for. he doesn't understand the EU safe harbor, saying it applies to govt entitites, when it's purely about companies hosting data of EU citizens. he quotes a source who suggests that the intel community might have privileged search access to facebook, which i don't believe. he even says company-owned equipment might refer to the NSA, which i thought everybody calls the agency so to not confuse with the CIA. and he suggests that these companies might have given up their master decryption keys (as he terms them) so that USG could decrypt SSL. and the $20M cost per year, which would only pay for something the size of a portal or a web site, well, that's mysterious. sheesh. this is not journalism. On Jun 7, 2013, at 3:54 PM, Paul Ferguson fergdawgs...@gmail.com wrote: Also of interest: http://www.guardian.co.uk/world/2013/jun/07/nsa-prism-records-surveillance-questions - ferg On Fri, Jun 7, 2013 at 3:49 PM, Michael Hallgren m.hallg...@free.fr wrote: Le 07/06/2013 19:10, Warren Bailey a écrit : Five days ago anyone who would have talked about the government having this capability would have been issued another tin foil hat. We think we know the truth now, but why hasn't echelon been brought up? I'm not calling anyone a liar, but isn't not speaking the truth the same thing? ;-) mh Sent from my Mobile Device. Original message From: Matthew Petach mpet...@netflight.com Date: 06/07/2013 9:34 AM (GMT-08:00) To: Cc: NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach mpet...@netflight.comwrote: On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth j...@baylink.com wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. Much less stress in life that way. ^_^ Matt When I posted this yesterday, I was speaking somewhat tongue-in-cheek, because we hadn't yet made a formal statement to the press. Now that we've made our official reply, I can echo it, and note that whatever fluffed up powerpoint was passed around to the washington post, it does not reflect reality. There are no optical taps in our datacenters funneling information out, there are no sooper-seekret backdoors in the software that funnel information to the government. As our formal reply stated: Yahoo does not provide the government with direct access to its servers, systems, or network. I believe the other major players supposedly listed in the document have released similar statements, all indicating a similar lack of super-cheap government listening capabilities. Speaking just for myself, and if you quote me on this as speaking on anyone else's behalf, you're a complete fool, if the government was able to build infrastructure that could listen to all the traffic from a major provider for a fraction of what it costs them to handle that traffic in the first place, I'd be truly amazed--and I'd probably wonder why the company didn't outsource their infrastruture to the government, if they can build and run it so much more cheaply than the commercial providers. ;P 7 companies were listed; if we assume the burden was split roughly evenly between them, that's 20M/7, about $2.85M per company per year to tap in, or about $238,000/month per company listed, to supposedly snoop on hundreds of gigs per second of data. Two ways to handle it: tap in, and funnel copies of all traffic back to distant monitoring posts, or have local servers digesting and filtering, just extracting the few nuggets they want, and sending just those back. Let's take the first case; doing optical taps, or other form of direct traffic mirroring, carrying it untouched offsite to process; that's going to mean the ability to siphon off hundreds of Gbps per datacenter and carry it offsite for $238k/month; let's figure a major player has data split across at least 3 datacenters, so
Re: PRISM: NSA/FBI Internet data mining project
Sorry for the top post
Re: PRISM: NSA/FBI Internet data mining project
So when are we rioting? On Fri, Jun 7, 2013 at 7:14 PM, Nick Khamis sym...@gmail.com wrote: Tax payer money.. :) On 6/7/13, Mark Seiden m...@seiden.com wrote: what a piece of crap this article is. the guy doesn't understand what sniffing can and can't do. obviously he doesn't understand peering or routing, and he doesn't understand what cdns are for. he doesn't understand the EU safe harbor, saying it applies to govt entitites, when it's purely about companies hosting data of EU citizens. he quotes a source who suggests that the intel community might have privileged search access to facebook, which i don't believe. he even says company-owned equipment might refer to the NSA, which i thought everybody calls the agency so to not confuse with the CIA. and he suggests that these companies might have given up their master decryption keys (as he terms them) so that USG could decrypt SSL. and the $20M cost per year, which would only pay for something the size of a portal or a web site, well, that's mysterious. sheesh. this is not journalism. On Jun 7, 2013, at 3:54 PM, Paul Ferguson fergdawgs...@gmail.com wrote: Also of interest: http://www.guardian.co.uk/world/2013/jun/07/nsa-prism-records-surveillance-questions - ferg On Fri, Jun 7, 2013 at 3:49 PM, Michael Hallgren m.hallg...@free.fr wrote: Le 07/06/2013 19:10, Warren Bailey a écrit : Five days ago anyone who would have talked about the government having this capability would have been issued another tin foil hat. We think we know the truth now, but why hasn't echelon been brought up? I'm not calling anyone a liar, but isn't not speaking the truth the same thing? ;-) mh Sent from my Mobile Device. Original message From: Matthew Petach mpet...@netflight.com Date: 06/07/2013 9:34 AM (GMT-08:00) To: Cc: NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach mpet...@netflight.comwrote: On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth j...@baylink.com wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. Much less stress in life that way. ^_^ Matt When I posted this yesterday, I was speaking somewhat tongue-in-cheek, because we hadn't yet made a formal statement to the press. Now that we've made our official reply, I can echo it, and note that whatever fluffed up powerpoint was passed around to the washington post, it does not reflect reality. There are no optical taps in our datacenters funneling information out, there are no sooper-seekret backdoors in the software that funnel information to the government. As our formal reply stated: Yahoo does not provide the government with direct access to its servers, systems, or network. I believe the other major players supposedly listed in the document have released similar statements, all indicating a similar lack of super-cheap government listening capabilities. Speaking just for myself, and if you quote me on this as speaking on anyone else's behalf, you're a complete fool, if the government was able to build infrastructure that could listen to all the traffic from a major provider for a fraction of what it costs them to handle that traffic in the first place, I'd be truly amazed--and I'd probably wonder why the company didn't outsource their infrastruture to the government, if they can build and run it so much more cheaply than the commercial providers. ;P 7 companies were listed; if we assume the burden was split roughly evenly between them, that's 20M/7, about $2.85M per company per year to tap in, or about $238,000/month per company listed, to supposedly snoop on hundreds of gigs per second of data. Two ways to handle it: tap in, and funnel copies of all traffic back to distant monitoring posts, or have local servers digesting and filtering, just extracting the few nuggets they want, and sending just those back. Let's take the first case; doing optical taps, or other form of direct traffic mirroring
Re: PRISM: NSA/FBI Internet data mining project
I'd love to, but American Idle is on in 5 minutes. Maybe next time? Nick On Fri, Jun 7, 2013 at 8:57 PM, Ishmael Rufus sakam...@gmail.com wrote: So when are we rioting? On Fri, Jun 7, 2013 at 7:14 PM, Nick Khamis sym...@gmail.com wrote: Tax payer money.. :) On 6/7/13, Mark Seiden m...@seiden.com wrote: what a piece of crap this article is. the guy doesn't understand what sniffing can and can't do. obviously he doesn't understand peering or routing, and he doesn't understand what cdns are for. he doesn't understand the EU safe harbor, saying it applies to govt entitites, when it's purely about companies hosting data of EU citizens. he quotes a source who suggests that the intel community might have privileged search access to facebook, which i don't believe. he even says company-owned equipment might refer to the NSA, which i thought everybody calls the agency so to not confuse with the CIA. and he suggests that these companies might have given up their master decryption keys (as he terms them) so that USG could decrypt SSL. and the $20M cost per year, which would only pay for something the size of a portal or a web site, well, that's mysterious. sheesh. this is not journalism. On Jun 7, 2013, at 3:54 PM, Paul Ferguson fergdawgs...@gmail.com wrote: Also of interest: http://www.guardian.co.uk/world/2013/jun/07/nsa-prism-records-surveillance-questions - ferg On Fri, Jun 7, 2013 at 3:49 PM, Michael Hallgren m.hallg...@free.fr wrote: Le 07/06/2013 19:10, Warren Bailey a écrit : Five days ago anyone who would have talked about the government having this capability would have been issued another tin foil hat. We think we know the truth now, but why hasn't echelon been brought up? I'm not calling anyone a liar, but isn't not speaking the truth the same thing? ;-) mh Sent from my Mobile Device. Original message From: Matthew Petach mpet...@netflight.com Date: 06/07/2013 9:34 AM (GMT-08:00) To: Cc: NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach mpet...@netflight.comwrote: On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth j...@baylink.com wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. Much less stress in life that way. ^_^ Matt When I posted this yesterday, I was speaking somewhat tongue-in-cheek, because we hadn't yet made a formal statement to the press. Now that we've made our official reply, I can echo it, and note that whatever fluffed up powerpoint was passed around to the washington post, it does not reflect reality. There are no optical taps in our datacenters funneling information out, there are no sooper-seekret backdoors in the software that funnel information to the government. As our formal reply stated: Yahoo does not provide the government with direct access to its servers, systems, or network. I believe the other major players supposedly listed in the document have released similar statements, all indicating a similar lack of super-cheap government listening capabilities. Speaking just for myself, and if you quote me on this as speaking on anyone else's behalf, you're a complete fool, if the government was able to build infrastructure that could listen to all the traffic from a major provider for a fraction of what it costs them to handle that traffic in the first place, I'd be truly amazed--and I'd probably wonder why the company didn't outsource their infrastruture to the government, if they can build and run it so much more cheaply than the commercial providers. ;P 7 companies were listed; if we assume the burden was split roughly evenly between them, that's 20M/7, about $2.85M per company per year to tap in, or about $238,000/month per company listed, to supposedly snoop on hundreds of gigs per second of data. Two ways to handle
Re: PRISM: NSA/FBI Internet data mining project
Server maintenance at 00 on my end.
Re: PRISM: NSA/FBI Internet data mining project
Dan, While the government has no responsibility to protect my data, they do have a responsibility to respect my privacy. While you are correct in that proper personal security procedures to protect my data from random crackers would, in fact, also protect it from the government, that's a far cry from what is at issue here. The question here is whether or not it should be considered legitimate for the US Government to completely ignore the fourth and fifth amendments to the constitution and build out unprecedented surveillance capabilities capturing vast amounts of data without direct probable cause for that snooping. I'm not so much concerned about them gaining access to data I don't want them to access. I am far more disturbed by the trend which reflects a government which increasingly considers itself unrestrained by the laws it is in place to support and implement. Owen On Jun 7, 2013, at 8:42 AM, Dan White dwh...@olp.net wrote: On 06/07/13 11:11 -0400, Rob McEwen wrote: On 6/7/2013 9:50 AM, Dan White wrote: OpenPGP and other end-to-end protocols protect against all nefarious actors, including state entities. I'll admit my first reaction yesterday after hearing this news was - so what? Network security by its nature presumes that an insecure channel is going to be attacked and compromised. The 4th Amendment is a layer-8 solution to a problem that is better solved lower in the stack. That is JUST like saying... || now that the police can freely bust your door down and raid your house in a fishing expedition, without a search warrant, without court order, and without probable cause... the solution is for you to get a stronger metal door and hide all your stuff better.|| Hiding stuff better is generally good security practice, particularly in the absence of a search warrant. How effective those practices are is really what's important. From a data standpoint, those security procedures can be highly effective, even against law enforcement. But it's not law enforcement that I worry about the most (understandably, you may have a differing opinion); It's the random anonymous cracker who isn't beholden to any international laws or courts. I design my personal security procedures for him. That's why I don't, say, send passwords in emails. I don't trust state entities to protect the transmission of that data. I don't wish to place that burden on them. You're basically saying that it is OK for governments to defy their constitutions and trample over EVERYONE's rights, and that is OK since a TINY PERCENTAGE of experts will have exotic means to evade such trampling. But to hell with everyone else. They'll just have to become good little subjects to the State. If grandma can't do PGP, then she deserves it, right? I believe it's your responsibility to protect your own data, not the government's, and certainly not Facebook's. Yet... many people DIED to initiate/preserve/codify such human rights... but I guess others just give them away freely. What a shame. Ironically, many who think this is no big deal have themselves benefited immensely from centuries of freedom and prosperity that resulted from rule of law and the U.S. Constitution/Bill of Rights. Freedom is very important to me, as well as the laws that are in place to protect them. -- Dan White
Re: PRISM: NSA/FBI Internet data mining project
Yeah... so when are we rioting? Because they'll just continue to make laws that circumvent the constitution. On Fri, Jun 7, 2013 at 8:20 PM, Owen DeLong o...@delong.com wrote: Dan, While the government has no responsibility to protect my data, they do have a responsibility to respect my privacy. While you are correct in that proper personal security procedures to protect my data from random crackers would, in fact, also protect it from the government, that's a far cry from what is at issue here. The question here is whether or not it should be considered legitimate for the US Government to completely ignore the fourth and fifth amendments to the constitution and build out unprecedented surveillance capabilities capturing vast amounts of data without direct probable cause for that snooping. I'm not so much concerned about them gaining access to data I don't want them to access. I am far more disturbed by the trend which reflects a government which increasingly considers itself unrestrained by the laws it is in place to support and implement. Owen On Jun 7, 2013, at 8:42 AM, Dan White dwh...@olp.net wrote: On 06/07/13 11:11 -0400, Rob McEwen wrote: On 6/7/2013 9:50 AM, Dan White wrote: OpenPGP and other end-to-end protocols protect against all nefarious actors, including state entities. I'll admit my first reaction yesterday after hearing this news was - so what? Network security by its nature presumes that an insecure channel is going to be attacked and compromised. The 4th Amendment is a layer-8 solution to a problem that is better solved lower in the stack. That is JUST like saying... || now that the police can freely bust your door down and raid your house in a fishing expedition, without a search warrant, without court order, and without probable cause... the solution is for you to get a stronger metal door and hide all your stuff better.|| Hiding stuff better is generally good security practice, particularly in the absence of a search warrant. How effective those practices are is really what's important. From a data standpoint, those security procedures can be highly effective, even against law enforcement. But it's not law enforcement that I worry about the most (understandably, you may have a differing opinion); It's the random anonymous cracker who isn't beholden to any international laws or courts. I design my personal security procedures for him. That's why I don't, say, send passwords in emails. I don't trust state entities to protect the transmission of that data. I don't wish to place that burden on them. You're basically saying that it is OK for governments to defy their constitutions and trample over EVERYONE's rights, and that is OK since a TINY PERCENTAGE of experts will have exotic means to evade such trampling. But to hell with everyone else. They'll just have to become good little subjects to the State. If grandma can't do PGP, then she deserves it, right? I believe it's your responsibility to protect your own data, not the government's, and certainly not Facebook's. Yet... many people DIED to initiate/preserve/codify such human rights... but I guess others just give them away freely. What a shame. Ironically, many who think this is no big deal have themselves benefited immensely from centuries of freedom and prosperity that resulted from rule of law and the U.S. Constitution/Bill of Rights. Freedom is very important to me, as well as the laws that are in place to protect them. -- Dan White
Re: PRISM: NSA/FBI Internet data mining project
I think we know now, that they will know we are organizing. Sent from my Mobile Device. Original message From: Ishmael Rufus sakam...@gmail.com Date: 06/07/2013 6:32 PM (GMT-08:00) To: Owen DeLong o...@delong.com Cc: NANOG nanog@nanog.org Subject: Re: PRISM: NSA/FBI Internet data mining project Yeah... so when are we rioting? Because they'll just continue to make laws that circumvent the constitution. On Fri, Jun 7, 2013 at 8:20 PM, Owen DeLong o...@delong.com wrote: Dan, While the government has no responsibility to protect my data, they do have a responsibility to respect my privacy. While you are correct in that proper personal security procedures to protect my data from random crackers would, in fact, also protect it from the government, that's a far cry from what is at issue here. The question here is whether or not it should be considered legitimate for the US Government to completely ignore the fourth and fifth amendments to the constitution and build out unprecedented surveillance capabilities capturing vast amounts of data without direct probable cause for that snooping. I'm not so much concerned about them gaining access to data I don't want them to access. I am far more disturbed by the trend which reflects a government which increasingly considers itself unrestrained by the laws it is in place to support and implement. Owen On Jun 7, 2013, at 8:42 AM, Dan White dwh...@olp.net wrote: On 06/07/13 11:11 -0400, Rob McEwen wrote: On 6/7/2013 9:50 AM, Dan White wrote: OpenPGP and other end-to-end protocols protect against all nefarious actors, including state entities. I'll admit my first reaction yesterday after hearing this news was - so what? Network security by its nature presumes that an insecure channel is going to be attacked and compromised. The 4th Amendment is a layer-8 solution to a problem that is better solved lower in the stack. That is JUST like saying... || now that the police can freely bust your door down and raid your house in a fishing expedition, without a search warrant, without court order, and without probable cause... the solution is for you to get a stronger metal door and hide all your stuff better.|| Hiding stuff better is generally good security practice, particularly in the absence of a search warrant. How effective those practices are is really what's important. From a data standpoint, those security procedures can be highly effective, even against law enforcement. But it's not law enforcement that I worry about the most (understandably, you may have a differing opinion); It's the random anonymous cracker who isn't beholden to any international laws or courts. I design my personal security procedures for him. That's why I don't, say, send passwords in emails. I don't trust state entities to protect the transmission of that data. I don't wish to place that burden on them. You're basically saying that it is OK for governments to defy their constitutions and trample over EVERYONE's rights, and that is OK since a TINY PERCENTAGE of experts will have exotic means to evade such trampling. But to hell with everyone else. They'll just have to become good little subjects to the State. If grandma can't do PGP, then she deserves it, right? I believe it's your responsibility to protect your own data, not the government's, and certainly not Facebook's. Yet... many people DIED to initiate/preserve/codify such human rights... but I guess others just give them away freely. What a shame. Ironically, many who think this is no big deal have themselves benefited immensely from centuries of freedom and prosperity that resulted from rule of law and the U.S. Constitution/Bill of Rights. Freedom is very important to me, as well as the laws that are in place to protect them. -- Dan White
Re: PRISM: NSA/FBI Internet data mining project
On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth j...@baylink.com wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274 I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. Much less stress in life that way. ^_^ Matt
RE: PRISM: NSA/FBI Internet data mining project
Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. So, you are comfortable just giving up your right to privacy? It's just the way it is? I'm sorry, I am not as accepting of that fact as you are. I am disappointed and disgusted that this is, and has been, going on. Our government is failing us.
Re: PRISM: NSA/FBI Internet data mining project
On Thu, 6 Jun 2013, Matthew Petach wrote: Much less stress in life that way. ^_^ complacency is always the easiest path. many abuse@ mailboxes follow the same policy. -Dan
Re: PRISM: NSA/FBI Internet data mining project
On Thu, 06 Jun 2013 17:04:43 -0700, Matthew Petach said: I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. Things like PGP, TrueCrypt, and Tor help a lot in leveling the playing field at least somewhat. But I'm sure you all knew that already. :) pgp0LOKsNCgNd.pgp Description: PGP signature
Re: PRISM: NSA/FBI Internet data mining project
Agreed. I can already pretty much just assume this widespread surveillance is going on. The Bluffdale, Utah facility isn't being built to store nothing. It's happening whether we like it or not. When I care about my privacy, I know that I have to take matters into my own hands. GnuPG and TLS are mine and your friends. Use them together. Use them in peace. Cheers, jof (0x8F8CAD3D) On Thu, Jun 6, 2013 at 5:07 PM, Alex Rubenstein a...@corp.nac.net wrote: Has fingers directly in servers of top Internet content companies, dates to 2007. Happily, none of the companies listed are transport networks: I've always just assumed that if it's in electronic form, someone else is either reading it now, has already read it, or will read it as soon as I walk away from the screen. So, you are comfortable just giving up your right to privacy? It's just the way it is? I'm sorry, I am not as accepting of that fact as you are. I am disappointed and disgusted that this is, and has been, going on. Our government is failing us.
Re: PRISM: NSA/FBI Internet data mining project
Knowing its going on, knowing nothing online is secret != OK with it, it mealy understand the way things are. -jim On Thu, Jun 6, 2013 at 9:16 PM, goe...@anime.net wrote: On Thu, 6 Jun 2013, Matthew Petach wrote: Much less stress in life that way. ^_^ complacency is always the easiest path. many abuse@ mailboxes follow the same policy. -Dan
Re: PRISM: NSA/FBI Internet data mining project
On 6/6/2013 7:35 PM, Jay Ashworth wrote: [ . ] Happily, none of the companies listed are transport networks: [ ] Cheers, -- jra Could you be certain that TWC, Comcast, Qwest/CenturyLink could not be involved?
Re: PRISM: NSA/FBI Internet data mining project
On Thu, 06 Jun 2013 21:12:35 -0400, Robert Mathews (OSIA) said: On 6/6/2013 7:35 PM, Jay Ashworth wrote: [ . ] Happily, none of the companies listed are transport networks: Could you be certain that TWC, Comcast, Qwest/CenturyLink could not be involved? Pay attention. None of the ones *listed* are transport networks. Doesn't mean they're not involved but unlisted (as of yet). pgprLg1r6Wxik.pgp Description: PGP signature
Re: PRISM: NSA/FBI Internet data mining project
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6/6/2013 9:22 PM, valdis.kletni...@vt.edu wrote: On Thu, 06 Jun 2013 21:12:35 -0400, Robert Mathews (OSIA) said: On 6/6/2013 7:35 PM, Jay Ashworth wrote: [ . ] Happily, none of the companies listed are transport networks: Could you be certain that TWC, Comcast, Qwest/CenturyLink could not be involved? Pay attention. None of the ones *listed* are transport networks. Doesn't mean they're not involved but unlisted (as of yet). Umm... CALEA. They've *already* had access for quite some time. Jeff -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iEYEARECAAYFAlGxNxQACgkQiwXJq373XhZ3eACgyBgsW1iG2o2Vzqt0+XKHqRcc YOgAoIAObRb9KxUcTXlTa3eAi+exIhRG =FMTZ -END PGP SIGNATURE-