Schneier on Security
A blog covering security and security technology.
« Movie Clip Mistaken for Al Qaeda Video |
| Cheating on Tests »
May 25, 2006
Winkler on NSA Spying
Ira Winkler on why the NSA spying hurts security.
Posted on May 25, 2006 at 8:30 AM
• 11 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Swamping the FBI with NSA 'leads' -- all positives, which will be virtually all false positives -- will so overload the Bureau that they will have no choice but to pencil-whip the items into the bit bucket as 'unfounded', never having time to give any of them honest consideration. Thus no real positives will be found, and it won't make a difference if they are present or absent.
The FBI should kick them all back to the NSA, charging the NSA with winnowing the wheat from the chaff.
If the FBI is to be stuck with them, then they should get most of the NSA's budget. Applying that principle will put a stop to this nonsense quickly.
"None of those investigations turned up a legitimate lead. I have spoken to about a dozen agents, and they all roll their eyes and indicate disgust with the man-years of wasted effort being put into physically examining NSA "leads." "
Sooner or later, one of those factitious "leads" is going to look good enough to pursue, and some innocent person is going to acquire detailed personal knowledge of the criminal justice system.
Anyone who thinks this couldn't happen to them should google "Richard Jewell". If he'd found that bomb after 9/11 instead of before, he'd be in a Navy Brig today.
Be thankful we're not getting all the government we're paying for.
Quantity is antithetical to quality. This assertion cannot be made strong and loud enough. In this case, I would call to question exactly what data the government is getting from the phone companies: actual switch records (CDRs) or records processed (or even touched) by the phone companies. What's the error rate in these records? We all know it's not zero (ever get billed for a call you didn't make). Given the sheer volume of errors that will be present in this type of large data set, isn't the only thing we'll be sure of is to be wasting huge amounts time and resources?
Lou the troll
There is one area Ira Winkler has not touched on that is "terorist evolution".
Put simply if it becomes known that certain types of people attract attention of the authorities the terorists will get to find out about it irespective of publicity. Then assuming they are even half way intelegent they will take defensive countermeasures to ensure they do not fall under suspicion.
An example of this actually in progress is the number of western born Muslims chosing to go and receive an education in Pakistan. Since it has become fairly widely known that such people will automatically attract the attention of the security services the number of young men going has droped.
So you average citizen let alone terorist has become aware that some lawfal activities are bringing them under suspician and have evolved into a different pattern of behaviour that either attracts less attention or no attention.
How long before they modify there other behaviour such as speaking to their relatives in "suspect countries" by phone, or other relatives who might be targeted and instead use good old fashioned letters for instance?
All tools blunt or otherwise become less effective with use. This is esspecially true of mass eavesdroping which cannot help but become known to the terorists within a very short time.
At best this type of behaviour provides vague pointers that need to be qualified by other means. This is true of all Elint activities, in fact the US reliance on SatTech and not on Human Intelagence on the ground has had some spectacular failiers of recent times...
"All tools blunt or otherwise become less effective with use."
Apparently this applies to spell checkers too. ;-) Good points as always, tho [sic].
From the article:
"Congress is not exercising any backbone at all, and neither are its constituents -- a.k.a., you. "
This is a real problem. I'm not the type to march in the streets, and I think most of the non-extremist, law-abiding Americans who vehemently disagree with this policy are similarly unfamiliar and uncomfortable with protests stronger than a letter to their Senator.
Mine promised to safeguard our civil liberties, and then promptly recommended Gen. Hayden be confirmed for DCI as a man who will "speak truth to power".
There is disbelief at the utter lack of accountability in the face of each new scandal, and the rising cynicism is paralyzing.
But if there were a nonviolent protest organized by sane "normal" people happening tomorrow, I'd be there, because this needs to stop right now.
The NSA broke the law because the President does not believe the law applies to him.
The King willfully and knowingly broken the FISA law under the logic that since the law was created by the Congress it does not apply to the Executive.
The King operates under the logic that any law that Congress makes that hampers his power is void.
All hail his Majesty George the Second
I've been gnashing my teeth about this model since they proposed TIA - that the flood of data would make efficient collection/investigation more difficult, AND that the terrorists can develop methods to social engineer any pattern-based detection system.
Sen. Dianne Feinstein has lost my vote, permanently. She opined that a war over the 4th Amendment was brewing, but then voted to confirm a man who doesn't know what it says, and circumvented law by changing the standard from probable cause to reasonable belief.
Witness the madness of King George.
'To date, FBI agents have been sent out to do thousands of investigations based on this warrantless wiretapping. '
Isn't this how the brooklyn bridge plot was discovered?
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.