I've said it before and I'll say it again: anonymity online and encrypted communications are one of the most important problems we're going to going to face in the coming decades. Hackers should be working on those, not clever ways to serve ads or geolocating your latest locally-sourced coffee.
If you don't believe the US is already permanently archiving vast swaths of communication, it's not a big leap of imagination to picture it happening in five or ten years. Likewise the government might not have the computer power to analyze those archives today, but in five or ten years, I'd bet on it.
Some people don't mind that the government stores their emails. "I'm fine with it because I know they're going to catch the bad guys" or "I'm fine with it because I have nothing to hide". Those are certainly powerful (though flawed) arguments for the situation today. Those people are perhaps picturing filing cabinets in some dank warehouse filled with paper printouts of their emails, which due to space constraints will be shredded or forgotten in ten years. The reality is that thanks to technology, what we say today is being stored and archived for-ev-er and can be indexed and retrieved easily and indefinitely. Why does that make a difference? Because today, what you say and do might be lawful. But laws and societies change over time, and the government will still be able to go back and dig up what you said decades ago and use it against you.
That's really what scares me--because today, I, like most people, don't have much to hide. But who knows what laws or culture will be like in 20 years, and what can be used against me that I said so very long ago? Can you imagine working at the WTC and having a bad day, and jokingly sending an email to a coworker about bombing the place because you're so mad. 9/11 happens a year later, the government looks in its archives for the email you sent, and in a post-9/11 frenzy sends you to Guantanamo to "await trial". Or it doesn't even have to go that far; some government spokesperson lets your name slip in an interview as a "suspect" and the media attention you'll get will forever ruin your life even if the government does nothing.
> I've said it before and I'll say it again: anonymity online and encrypted communications are one of the most important problems we're going to going to face in the coming decades. Hackers should be working on those, not clever ways to serve ads or geolocating your latest locally-sourced coffee.
Are you currently putting code behind that yourself? We could always use contributions and help with new and ongoing OSS projects at Open Whisper Systems.
> Or it doesn't even have to go that far; some government spokesperson lets your name slip in an interview as a "suspect" and the media attention you'll get will forever ruin your life even if the government does nothing.
Unless the government gets out of the business of handling birth certificates, driver's licenses, etc. they're simply going to have your name.
Secure communications channels is certainly an important topic though, but given what happened to Sunil Tripathi in the aftermath of the Reddit swarm to find the Boston Marathom bomber(s), perhaps it's possible that your biggest "online threat" in the future won't be part of the government at all.
You get the wrong Google, Facebook, or random datacenter sysadmin upset and you could find yourself in hot water with even less of a legal recourse. It's just as easy to imagine roving bands of vigilantes in that dystopian future as it is to imagine Big Brother, is it not?
I get why this (COMSEC) is an important problem; what I don't get is why so many otherwise very intelligent persons focus on the government as the sole problem area. The government is mostly staffed by either those who are actually idealistic, or those who are too incompetent to hack it in the private sector. Certainly Google and Facebook have better IT infrastructure than 99% of the government.
P.S. The U.S. Constitution forbids "ex post facto" laws that make previously legal behavior illegal after-the-fact. If you believe that the Constitution actually means anything you shouldn't worry about currently legal things being held against you in 20 years. If you believe the Constitution won't hold up in 20 years then it's kind of pointless to worry about any of the other laws, they'd be just as shredded.
I'm not saying you should not watch what the government knows about you. It is that you should also watch what everyone else knows about you.
I always get confused in these threads because I cannot separate those who are worried about the privacy of their data from those who simply hate the government (or even the idea of government).
If you're trying to deploy a cryptosystem that relies on popularity to be really useful, then you'll need to get "average Joe" to buy into it, and I suspect the best way to do that is to point out all of the possible Big Brothers out there, not just rabble-rabble about the gubbmint alone.
Using something said in the past to embarrass in the present is one thing. It is often justified, like with "mission accomplished" or the "the fundamentals of the economy are strong."
Prosecuting for something that was legally done in the past is a whole different issue.
Government sponsored embarrassment isn't the same as putting someone in jail, you are right.
However, taking away someone's ability to make a living (see the Hollywood blacklist, etc.) is leverage that can be used to control behavior. The HUAC hearings were a big bad thing that was done. It wasn't as bad as slavery, for example, but it is something that happened very recently and I think we want to avoid.
Strongly agree. Aside from the first-order benefits of encryption becoming ubiquitous (government can't read my) stuff, there are side effects that may be even more important.
If everyone is using Tor, for example, there is a lower probability that any given Tor user is engaging in activity the government does not approve of. And the more "legitimate" users there are, the harder it is to criminalize users.
My recollection of the NSA's legal interpretation is that they feel they don't need a warrant to record everyone's traffic; they only need a warrant for a human to subsequently access those recordings.
The twist this puts on "having nothing to hide" is that it means you have to trust everything you say now will forever be considered benign, rather than just at this particular moment in history.
It's not a completely ridiculous legal interpretation. The 4th amendment is implemented via the exclusionary rule, which excludes evidence from a court case obtained from an unreasonable search. As a matter of history and practice (the exclusionary rule predates the Constitution), the 4th amendment is in many ways a rule governing criminal procedure more than it is a privacy rule per se.
Now, today the prevailing view is that the 4th amendment is that illegal searches are unconstitutional even if the exclusionary rule can't be invoked (see, Bivens v. Six Unknown Named FBI Agents), but there is still this contour in the law that distinguishes collecting data from trying to bring it into evidence.
The argument here is probably wrong, but not ridiculous.
To be clear, I don't actually think it's worth trying to influence what is or isn't the legal interpretation that we might desire.
We can't blame power for establishing systems of control, just as we can't blame a tiger for mauling a zoo keeper: it's the nature of the thing. It's what we should expect, no matter how much time we spend coaxing or training it.
I'd much rather invest energy into developing solutions that allow us to communicate securely, rather than investing energy into asking those with power not to monitor our insecure communication.
But the thing is that this power of which you speak is supposed to be ours, per our form of government.
We are so far off the reservation that we have given up on trying to reclaim our government and instead, must now find ways to protect ourselves from our government.
That's a powerful statement about the plight of our nation.
Trouble is, the government represents 300 million people. You can't "reclaim your government" when the angered party consists of a couple thousand people.
I'm not sure what you mean by "the angered party", but my point was specifically that our government has been co-opted by interest groups that are not the people.
The fact that we have 300 million citizens and majority will cannot be expressed is exactly a symptom of this condition. The government is no longer the people, but a separate entity with its own agendas. Agendas which frequently run counter to the interests of the people.
The critical difference is one is a tiger with limited reasoning ability and the other is a human being. So, I can and should be pissed at people in power when they overstep their bounds.
And this being "pissed" achieves what exactly? Does your level of pissitude work as leverage to affect the reasoned-out behavior of these other human beings? If so, through what mechanism?
It's asinine to suggest that we remove vocal outrage from our political dialog. It is one of the finest tools of change. Just look at all the faux outrage over "high unemployment" under Bush 43 (average of around 5%), and compare it to the lack of outrage in today's economy. No, I think outrage is not something I'll give up to please supposedly enlightened people like yourself.
>The critical difference is one is a tiger with limited reasoning ability and the other is a human being.
No it's not, it's a system of human beings. Systems make "decisions" quite differently than individuals do. In some cases they have what we might consider far superior reasoning ability compared to the individual, but in others they're even more limited than the tiger.
It is ridiculous because the 4th AM was used to legalize abortion. So in point of fact, there is nothing that is not ridiculous about the entire thing.
Liberal democracies don't particularly care about principles. I guess they are just a rhetorical device with which the masses beat the government upside the head. The government officials are numb to this.
If you'd like to see where your phone calls will likely be stored analyzed then check out the new NSA Data Center currently under construction in Utah. This thing is going to be huge! And I live just down the street...
Re: Whisper Systems, do you have an iOS version available or in the works? The icons you used seem to imply it, but I see the source and all examples are for Android only. A quick search for "Whisper Systems iOS" (which was a suggested string) only turns up results about the Twitter acquisition.
Yes, iOS versions of both RedPhone and TextSecure are in the works. The former has been under development for a few months now, while the latter started as a project at the "Spring Break Of Code" event that we organized in Maui.
The first question that comes to my mind - is this technically and economically possible?
How many minutes does the average person spend on the phone per day? I found some numbers in the range from 6 to 28 minutes per day. Let's just pick 15 minutes. This times the population of the states (313.9 million) divided by two yields 39,237,500 hours per day. Storing this at 8 kbps requires about 128.5 TiB per day or 45.8 PiB per year.
At $40 per TiB this is less than 2 million dollars per year. So technically and economically this should actually be possible. But that is just storing. Performing speech recognition, analyzing the data and extracting information is probably the much harder task and I would guess that it is still infeasible to do this with all phone calls.
http://en.wikipedia.org/wiki/Utah_Data_Center -- 'alleged to be able to capture "all forms of communication, including the complete contents of private emails, cell phone calls, and Internet searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital 'pocket litter'."'.
That page talks about being able to store (hypothetically) 1 trillion TB.
No doubt that intelligent processing on that scale will be feasible in time, and most likely soon. Opinion surveillance at the scale of a nation is too strategically important.
And when it will start happening, it will also apply to today's data.
Yes, that seems to be no question - population growth is mostly linear or even sublinear and nobody is able to produce more than 24 hours of speech per day. If computational power keeps growing exponentially and algorithms keep getting better and better, it is only a question of time.
I kind of doubt that they have every phone conversation recorded and archived for all time. But I'm not sure what exactly the incentive is to tell people that they do. If they said, "no, we can't get any of that", it would encourage criminals to be sloppy (and us citizens to not scrutinize them too much). But they say, "yeah, we have everything", which encourages the criminals to use strong cryptography. (And if they've broken AES, they're probably not going to publicly reveal that to our enemies by using it against you in your drug possession case.)
If the government is already recording everything, why do they have to reach out and reprogram cards to get access to specific people? [1] I think the illegal things the government does to get more access is evidence they don't have total access at this time.
That just shows that the FBI don't have access to everything all the time, which is probably true. I've worked for groups before where you'd know that someone else in the same group had the data you were interested in but it was less bother to go and get it yourself than it was to make a freedom of information request and wait a month for that to process.
One of the few advantages that smaller groups have against big systems is that big systems don't totally trust other people in their own systems. Even the police classify their information hierarchically - maybe this bit of information only needs to be known by inspectors in firearms units, etc ,etc.
Just because they ask for access doesn't mean they don't already have it. It just means they haven't collected it in a way that can be used in a court case.
If it is happening, it might some day be culturally accepted. There are steps after that. Are you allowed access to your own history? One big business aspect of gmail is that - easy searchability of your whole email history.
It will contain stuff written by other people as well. Will there be some policy of email expiration?
In the end we get to something like in science fiction. Hannu Rajaniemi's Quantum Thief has externalized common memory and also your private memories that can be recovered. Also pieces of them that can be shared directly. Such centralized systems have a whole host of new security problems.
I don't give a shit if they investigate me or not. One can't live one's entire life in fear, damnit. Either principles mean something and we need to stand up for and defend them, or not.
This thing is always coming up, will someone show me some actual evidence and I am not talking some crack pot agent turned whistle blower saying "THAT DO THIS AND THAT", not ECHELON and not the base they are building. I am talking evidence. Logging every single thing? Everything? The data storage that would be required for that is insane. All of these "whistle blowers" have something in common, they are making money off of this, from books to interviews. I am not about to trust them any more than I am their previous employers. Why is it I am ment to question everything the US does but I am ment to blindly trust anyone who says they are doing something like this?
There has been publicised information (by major news outlets) that points to this for a long time. And Echelon is also not some crackpot's dream. What's to doubt? Even the CIA CTO said at some point that the "record everything they can and keep it forever":
The CIA Chief Tech Officer. What more proof do you need? As if they're gonna let you have a peak at their data centers! If you don't believe they do it at whatever scale it's possible at this point, then you're delusional.
And, no, "The data storage that would be required for that" (logging every call) is not insane by any means. Even a medium-sized corporation could afford it nowadays, and we're talking about the government here.
Are skype calls being recorded now too? They had pretty good security until recently. The independent security review they posted on their site is like.. 8 years old now.
The more data they have the less they know. Most people with extreme voiced opinions will do nothing. Thinking doesn't mean doing and doing doesn't mean thinking.
The problem is that if you ever cross them, they have over 10 years worth of every type of your electronic communications to sift through for dirt. Not only do they have all that on you, which gives them some unknown but extremely worrisome level of insight about you, but also on all your friends and family and colleagues. And the likelihood of crossing them keeps growing.
They have finite funding and finite manpower. The hypothetical scenario in which half of America has "crossed" them, will not come to pass. When everyone is crossing them, they will be forced to triage.
The point is that you do deal with them, you just don't know about it. You also have to factor in the odds that there will be a false positive affecting you.
Your name might be on a no-fly list, even though you aren't "crossing them." There might be "100% verified" data which links you to some event, as there was with Brandon Mayfield's fingerprints, even though that connection is 100% wrong.
These are all low-probability events. Odds are, you don't have to worry. But every time you have to wait in line for security screening, remember that it's a false positive because they are worrying about you crossing them.
And that's why I have not traveled in years. You're going to harass me, I am not going to play. It's going to hurt the economy, but that's your fault, not mine.
but then you're not really free are you? free in the sense that you self-impose restrictions on travel. do you feel free? (honest question, cause your stance is intriguing)
Prosecutors in the states are known to withhold exculpatory evidence. It's not about knowing, it's not even about what you can prove, it's about what they can pin on you - what they can get people to believe about you.
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
- attributed to Richelieu, Cardinal De
That's the fear - (or a large part of it anyway.)
You don't even have to cross them for them to do it - not in any significant way. Maybe you slight a cop and he decides to screw you if he can. Maybe you're just a figure on someone's KPIs. You don't have to cross someone - not really - for your desires to conflict.
If you don't believe the US is already permanently archiving vast swaths of communication, it's not a big leap of imagination to picture it happening in five or ten years. Likewise the government might not have the computer power to analyze those archives today, but in five or ten years, I'd bet on it.
Some people don't mind that the government stores their emails. "I'm fine with it because I know they're going to catch the bad guys" or "I'm fine with it because I have nothing to hide". Those are certainly powerful (though flawed) arguments for the situation today. Those people are perhaps picturing filing cabinets in some dank warehouse filled with paper printouts of their emails, which due to space constraints will be shredded or forgotten in ten years. The reality is that thanks to technology, what we say today is being stored and archived for-ev-er and can be indexed and retrieved easily and indefinitely. Why does that make a difference? Because today, what you say and do might be lawful. But laws and societies change over time, and the government will still be able to go back and dig up what you said decades ago and use it against you.
That's really what scares me--because today, I, like most people, don't have much to hide. But who knows what laws or culture will be like in 20 years, and what can be used against me that I said so very long ago? Can you imagine working at the WTC and having a bad day, and jokingly sending an email to a coworker about bombing the place because you're so mad. 9/11 happens a year later, the government looks in its archives for the email you sent, and in a post-9/11 frenzy sends you to Guantanamo to "await trial". Or it doesn't even have to go that far; some government spokesperson lets your name slip in an interview as a "suspect" and the media attention you'll get will forever ruin your life even if the government does nothing.