loading...

FBI, NSA and massive data collection

Dom on December 14, 2018

Hey there, I was reading an article about Aaron Swartz and the massive collection of private information the FBI has collected and continue to co... [Read Full]
markdown guide
 

Why are people allowing agencies like FBI and NSA to collect so many data about them?

I'm not sure what people generally know what to do about any of this. New scandals and propaganda every day seems to stifle any reasonable discourse. People still care, but they sort of just forget.

The Google hearings the other day also reinforced just how much technical ignorance we have in politics.

We have problems.

 

I get it, there are so many problems out there that sometimes is hard to stay focused on a particular one — given the other political and social issues you have — and Europe too.
We, Europeans, are familiar to this kind of issues (although as not critical as the Patriot Act), see Article 13: the majority of people don't know about it — because medias don't talk about it — or they genuinely don't care.

Nonetheless, as far as I understand, this is something which has gone on for years now. Just the idea that my emails, phone calls and other sensible information are collected without my authorization is awful. And the fact that they do it to US citizens is worrying because there is nothing which stops them to do the same to non-US citizens which use US-based services.

 

It's not only about Article 13 (but yes, it is an important article). We (in EU) have bastards like GCHQ, which are even more aggressive and offensive than NSA.

The good news is they will be (same as the NSA) lost in massive data collection. You can have petabytes of data, but if you do not understand them by context, you're lost at them (as data analytic guy).
The bad news is fast progress of AI and ML. High level AI will change this game forever, and the situation will only get worse.

So my advice will be, folks, use technologies like Tor as much as possible (and I'm not talking about poorly designed Tor Browser (from the security POV)), but setups like this one if you really care about your privacy.

Problem with this is that it becomes an arms race that you will not win - once the communication channels are sufficiently difficult to tap (cf: Signal, Tor maybe..) even for metadata analysis, the spooks head towards the edges where the humans have to interact in plain text with their technology - you are being monitored by your own equipment because that kit is common and readily subverted. Here's the NSA's head of tailored access operations (chief hacker) to provide an idea of who you will be up against :)

youtube.com/watch?v=bDJb8WOJYdA

If you really have a need for private communication, how about visiting a random pub, or taking a walk in the countryside, maybe a round of golf with that special person? If your communication MUST be remote/electronic, then you have a lot of work ahead to mitigate the risks in design, parts supply chain, assembly, distribution and operation of equipment (cf: Lorenz machines in WW2, Snowden details of modified Ethernet sockets, etc.).

Yeah, I got you and you're right. Tough everything depends on your threat model. For most of us, the common private communication channels will work. If you are targeted, well, that's another story - then you are f****d in most cases.

 

The Google hearings the other day also reinforced just how much technical ignorance we have in politics.

True that, but I also enjoyed an alternative point about what happened:

which is a response to this tweet:

So yes, senators with better tech knowledge but also things are so complex that should be regulated for that very reason.

From the article:

While Poe’s question was poorly framed, the reality is that Google probably is tracking the movements of many iPhone users, and a lot of them probably have no better understanding of how that works than Poe does.

Tempting as it is to mock members of Congress whose questions evinced confusion (Poe was not the last to mistake the iPhone for a Google product), the lesson here is not just that our lawmakers are old and out-of-touch. That neither Poe nor most Americans understand how Google’s vast digital surveillance network operates is not an indictment of them; it’s an indictment of Google.

It's an interesting point.

 

As I see it, politicians reflect their voters — and I'm not speaking in a negative sense (although Republicans are obsessed with the biased search results).
As a recent post said: “The most important aspect of programming technology is the [average] user”.
The average user technical knowledge is pretty limited so both politicians and technical people need to downgrade their discussions in order to let people understand.
I honestly feel sorry for Pichai, I had the feeling that he was honest but some answers were clearly PR-ish.

The average user technical knowledge is pretty limited so both politicians and technical people need to downgrade their discussions in order to let people understand.

I'm not the average user and I honestly don't know how vast is the advertising reach of Google, nor I know how much data they siphon out of my Google phone and what they do with it.

I don't think politicians need to be chemists or biologists to understand that you shouldn't put harmful substances in food, yet they pass laws about that. How? By hiring experts to help them find the perimeter of such laws.

So, if understanding what happens to the data is so complicated that the average user cannot get it, the burden is on us technologists, not the user :D

BTW three seconds ago I read the news about Facebook letting thousands of apps accessing users's private photographs. So it's not just about how technical the explanation is, is about what and how they do it that needs to be regulated. They can hire technologists to help them write those laws, like we've been doing since forever

I get what you mean, and you're right. These hearings to Google and Facebook are a waste of time, as of the current moment.

I don't know how these Congress hearings works in USA but I think — and excuse me here in advance if I'm about to say a lot of bs — their goal is to gather information about a specific topic or issue so they can proceed to think about regulating it and how to do so effectively.

I'm pretty cinic, so I feel like politicians need to make a good figure with their voters. So they speak a language that their voters can understand, at least in this phase. I hope that when they'll arrive at the policymaking part they'll consult experts and not their nephews.

I feel like you could have misunderstood me (and I apologise for that if so) because I was talking specifically about the hearing itself and the sometimes-stupid questions.

Do not mix companies like Google with government surveillance, please, these are two different topics (even if in some cases they use basically same technology). In case of Google, Facebook etc. you can opt out (although it is not easy path), in case of government surveillance you could only set different strategy - use technologies which provides you with privacy by design (as Tor) etc. In summary they are 2 different threat models.

Also I would't mix FBI with NSA; they have different measures, different scopes of interest and (of course) different budgets. I would say that globally (from the US context), NSA and CIA are the most offensive ones. You will not probably deal with the FBI surveillance / offensive intel if you're not targeted.

@ondrej23 not mixing anything, I replied to the part about Google hearings

Ok, sorry, I was probably wrongly interpreted your post.

 

The linked article is about the so-called "Google hearing". No mention of Swartz there. The national US spying also seems unrelated to Swartz. He had campaigned to make public information freely available to everyone. The FBI had investigated Swartz before, and he was probably on a watch list due to his "radical" activism. So it would be expected that they collected quite a bit of information on him. They definitely fought dirty (and illegally) when it came to his JSTOR prosecution. But I'm not sure how that relates to national spying unless I've missed something.

Why are people allowing it? Because we didn't know about it until it was too late. It starts off unbeknownst to us. Hidden behind government security clearances. When the laws are made, we don't understand the real capabilities that government agencies have or the plans of the ambitious few. It's like making laws restricting jetpack flights. If practical jetpacks seem like a pipe dream, who cares? If you think the govt doesn't have ways to spy on you, who cares what they do with collected information. It wasn't really until later that we collectively found out about the mass surveillance. Now getting it fixed is an uphill battle.

BTW, I can't believe it is a felony to violate electronic terms of service. Sharing your password isn't just bad security, it's prison time apparently. I doubt most of the people making the laws could get through a day without first sharing their passwords with their PAs to delegate tasks.

 

Sorry, had the wrong link in the clipboard (edited), here it is:

gizmodo.com/fbi-secretly-collected...

 

Ah, that makes more sense. Yeah, it is a known problem that the FBI will send data requests accompanied with a gag order. So they collect data on you and prevent you from being notified about it. I found out about only when I saw this. It sounds like with some of the data they are requesting, services would have to notify all their users. I imagine that would be a bit of a PR nightmare for the FBI.

code of conduct - report abuse