Schneier on Security
A blog covering security and security technology.
« Details of an Internet Scam |
| Cat Smuggler »
January 8, 2013
DHS Gets to Spy on Everyone
This Wall Street Journal investigative piece is a month old, but well worth reading. Basically, the Total Information Awareness program is back with a different name:
The rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure from past practice, which barred the agency from storing information about ordinary Americans unless a person was a terror suspect or related to an investigation.
Now, NCTC can copy entire government databases -- flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited. Data about Americans "reasonably believed to constitute terrorism information" may be permanently retained.
Note that this is government data only, not commercial data. So while it includes "almost any government database, from financial forms submitted by people seeking federally backed mortgages to the health records of people who sought treatment at Veterans Administration hospitals" as well lots of commercial data, it's data the corporations have already given to the government. It doesn't include, for example, your detailed cell phone bills or your tweets.
See also this supplementary blog post to the article.
Posted on January 8, 2013 at 6:28 AM
• 54 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"It doesn't include, for example, your detailed cell phone bills or your tweets."
If you aren't guilty, don't worry! We'll keep digging and eventually you'll be guilty of something.
Orwell was only about 30 years off.
Actually, since the Library of Congress has a deal with Twitter to receive an archive of everyone's tweets, doesn't that mean it COULD contain your tweets? Or is LOC not considered a govt agency?
Your data belongs to Amerikaaaa Today
With regards to multiple references stating "innocent U.S. citizens". The articles are silent on who is making this determination and what criteria is innocence based upon.
It was always my understanding that the judicial branch is responsible for this determination. Times have changed however, the executive branch now makes this call in numerous situations without due process.
The founding fathers of the USA had solid reasoning behind defining the three branches of government, along with clearly defined separation of powers.
I consider it highly presumptuous that the current executive branch inhabitants believe they have more wisdom than those old boys back in the 1700's.
For centuries people in civilised countries have enjoyed the presumption of innocence; we should all mourn the loss of it - it is the death of the civilisation our ancestors fought for.
There are no '"innocent U.S. citizens".
There are only underinvestigated.
That is bitter joke which could be attributed to almost any LEO/prosecutor's vision of reality and that is key to how they get cheap disposable snitches.
I just want to remind all respected bloggers statement of Willie Stark -Governor in 'All Kings Men'. He asked Jack Burden not to fabricate negative facts about judge Irvin, but to 'dig' his past claiming that anybody is sinner from the birth to the death.
Government know that men are not angels and was created because of that (Madison). The problem is that punishment applied not uniformly for the same actions, but rather selectively: for friends everything, for others - law/blacklists/data bases/jail time, etc. under pretext of discretion power.
Lots of resignation in the comments today.
I think it's funny how everyone is complaining about "innocent US citizens'" data being collected, yet noone gave a shit when only foreigners were affected. A great example for this fucked up mindset were the NSA whistleblowers who gave presentations at the Chaos Communication Camp a week ago. "Imagine this, the US is spying on its citizens!" Not one of them said he was sorry for doing exactly the same on the rest of the world.
You guys got exactly the kind of government you deserve.
If your worried about being hacked, stop worrying, you already have been.
"NCTC can copy entire government databases"
- Hello, NSA. You'll get our data if we get yours. Deal? Ok, you'll get ours by tomorrow.
--Give a reason for some optimism. There's an armed officer at my gym, my sister's school has its own police department, and my generation has been born into more debts than the nation's GDP.
"The founding fathers of the USA had solid reasoning behind defining the three branches of government, along with clearly defined separation of powers."
The separation of government into the legislative, executive and judicial branches is due to Montesquieu, a French philosopher from the first half of the 18th century, no doubt known to the Founders.
Make no mistake, the Founding Fathers were giants upon whose shoulders we continue to stand today, not just in America but in other democratic nations throughout the world, but they didn't come up with everything on their own. Other men came before them and laid the foundations upon which they built.
I don't like it either. I hope you'll agree, though, that we would be better served by discussion of responses to spying, than by comments saying how boned we are. Time and energy can be used for either.
The whole "suspicious patterns of behavior" is infuriating. That translates as: "things we don't like, which are legal; 'cause otherwise, that'd be crime."
"If your worried about being hacked, stop worrying, you already have been."
"Lots of resignation in the comments today."
I think we see resignation here because this is nothing new. As I was reading this post I asked the resident PFY if she knew that the NSA can now see all government data. She responded "Don't they already do that?"
The younger generation lives in an Orwellian society already, we are too dull to realize it. They know that everything the do or say can be recorded and posted and tweeted and retweeted and memed about for ever. These kids know that any time they are online there is a watchdog looking over their transactions.
But they are not stupid. They carry cash to buy illegal substances or underage alcohol. They wear hoodies and sunglasses and hats to hide their faces from CCTV. They use ATM's with caution. They never trust the police.
We are the ones who are blinded by our own assumptions of "legal" and "fair". The younger generation are more protective of their privacy because they have so little of it.
No one (law enforcement or criminals) cares about the legality of surveillance. there are only two questions they ask before doing it: Can it be done? Will I get away with it? We all know that the answer to question number 1 is usually "Yes" so we need to make sure that the answer to Question number 2 is "No"
"Make no mistake, the Founding Fathers were giants upon whose shoulders we continue to stand today."
I disagree. Once we stood on their shoulders, but somewhere in the last century or so we fell off and now grovel in the mud.
Ask your local PFY if she has a Facebook, et al, account, and I'll bet she does. I'm in that generation that is at least as old as her father, and I do not have a "social media" account because of the huge privacy loss it presents. Some of us oldsters are more privacy savvy than the younger crowd who are born into the "everything online" world.
On another topic...
Every wonder why the government buys up all that data from the "Big Data" firms? Because it is still the property of the big data collectors, so the government cannot legally show you any of it, even under a FOIA request.
I wonder where the creators of the Canadian science fiction series "Continuum" have drawn their inspiration from, and if Bruce without a beard would look anything like Liber8 leader Edouard Kagame.
The future of 2077 is a dystopian one in which world governments have collapsed and corporations now dominate the planet, instituting a high-surveillance, technically advanced police state and removing certain social freedoms, specifically criticism against the Corporate Congress. The society seems relatively free, with a working class that enjoys a high standard of living in contrast with scenes of severe prosecution upon a downtrodden people who cannot afford food.
I guess they put it in 2077 for the time travel plot, but if you substitute food by privacy or health care, 2015 might have been spot-on had the series aired in 1984. For X-Files afficionados: William B. Davis, the cigarette smoking man, stars as Alec Sadler, the head of Corporate Congress. As for the Founding Fathers - I'll say it again -, they're probably spinning in their graves faster than the centrifuges at Natanz after Stuxnet.
I thought the global war on terror (GWoT) was dismissed with, and "man-caused disasters" weren't a huge issue. Wasn't Obama going to do the opposite of the surveillance state everyone accused Bush of creating?
U.S. Spy Law Authorizes Mass Surveillance of European Citizens: Report
The FISA Amendments Act was introduced in 2008, retroactively legalizing a controversial “warrantless wiretapping” program initiated following 9/11 by the Bush administration. Late last month, it was renewed through 2017. During that process, there was heated debate over how it may violate Americans’ privacy. But citizens in foreign jurisdictions have even greater cause for concern, says the report’s co-author, Caspar Bowden, who was formerly chief privacy adviser to Microsoft Europe.
Fuck you, USA, and fuck all of you who whine about the privacy of US citizens only.
@ anonymous coward
Now, now. We don't use the F-word here. It's generally considered rude and adds nothing to the discussion.
As most folks on this forum are painfully aware of, the practice of mass surveillance - legalised or not - by both corporations and governments is not a US thing only. It's happening all over the globe and you can rest assured that China, Russia and the like are on par with the US and don't really respect national borders either. Australia is all but a safe haven either, and if you're a regular visitor surely you must have seen more than one piece passing by here of how the governments involved in Arab Spring uprisings feel about the digital (and other) rights of their citizens. Neither would I get my hopes up too high for the UK or Europe, as many spineless leaders are only too eager for the US to lead a dance they can happily follow.
As a matter of fact, I'm actually curious in how many countries this forum is blocked or where readers don't dare to comment on or criticise whatever is happening over there in fear of retribution for speaking their mind.
In the end, the harsh reality is that we are all being tracked ans spied upon in ways many folks deem inappropriate or unreasonable. How to deal with that is a question everyone has to answer for him/herself.
@Bruce Schneier: It doesn't include, for example, your detailed cell phone bills or your tweets.
What fanciful reasons might you have to believe that this information is not routinely captured by the government via that little room at AT&T? The 20TB/minute (28PB/day) stated by Alexander's congressional testimony is a lot of data: For scale I estimated that a compressed recording of all US phone calls should take only 1-3PB/day (based on 2G call-seconds from 1999).
I hope you'll agree, though
--I do; most won't give up technical solutions for free. I'm messing around with passive IR now (and if the time's right give my setup) and want to either make or more likely buy some wide[r]band receivers; but it's easier to attack and turn off your obscure freq. I'm also planning on having a little "shock" for intruders (which I have detected in the past) as well as some other mechanical surprises for the overly curious who won't leave me alone.
Not too long ago, an article describing DHS frustration w/ "crap" data really tickled me as I've been taking digital laxatives for at least a couple years now and they can have fun parsing some value from garbage.
I assume, then, that government lists known to be arbitrary or utterly flawed, e.g. the terror watchlists, will be among this data. Also anything the gov't decides you need a permit for (handgun ownership, land tenancy, property tax records).
Thus, this is essentially carte blanche.
"- Hello, NSA. You'll get our data if we get yours. Deal? Ok, you'll get ours by tomorrow."
I was under the impression that the NSA already has a backup of all the data of the NCTC. As well as everything AT&T et al. store in their computers.
I hope you'll agree, though
The really simple non-technical solution would be to poison all of your digital communications and activities : add a signature to your email traffic containing words like Al Quaeda, Osama bin Laden, bomb, martyr, jihad, kill infidels and the like. Update it regularly with keywords found in Evan Kohlmann's Twitter feed (@IntelTweet). Mention the same when talking to people on the phone. Schedule a cron job to have wget retrieve random pages from known islamist websites. Use encryption to inform imaginary correspondents about your recent purchase of 5 tons of fertilizer. Write passionate blog entries about the fantastic people you have met on your visits to Pakistan and Saoudi Arabia. Send communications to your local Venezuelan embassy wishing Hugo Chavez a speedy recovery. Donate to Wikileaks. Create a Twitter persona that does nothing but retweet messages from known Anonymous accounts. Tell the world on your Facebook page that you are actively pursueing Chinese citizenship and have taken up the study of nuclear physics.
Then write a program that automates all of this stuff and open-source it so that others can use it too. Encourage everyone in your network to do the same. It will be just a matter of time before LEA's all over the place drown in false positives and their operators succomb to demotivation and despair.
@Dirk Praet re: surveilance poisoning
I am pretty sure you don't want to be a precursor of this tactic :-P
poison all of your digital communications
RMS automates this with M-x spook: http://www.opensource.apple.com/source/emacs/...
Here are the first few lines from my spook.lines file in Emacs 23:
$400 million in gold bullion
[Hello to all my friends and fans in domestic surveillance]
64 Vauxhall Cross
9705 Samford Road
@ Peter A.
As with many activist things, succes is achieved by numbers (cfr. DDoS). I was just talking about the idea to some other people and it's not even that silly. Imagine some of the developers behind Tor, Cryptocat and the like picking up on it and creating a stand-alone tool or even browser plug-in that does nothing else but poisoning your tracks and communications. Widespread adoption could be achieved by handing out free iPads sponsored by the EFF and similar organisations in a weekly random lottery for those using it.
Some more hilarious suggestions that came out of our brainstorm were:
- Apply for membership of any redneck or extreme right-wing organisation available in your area. Bolster your application by putting pictures of yourself wearing a Michigan Militia t-shirt and holding a Bushmaster acquired at the toy store on your Facebook and Tumblr accounts. Alternatively, photoshop such images. Make sure they have cool captions such as "Vengeance is mine, sayeth the Lord".
- At the gunstore around the corner, show up wearing Joker make-up and fill out an application form for a real Bushmaster and a couple of similar assault rifles with large amounts of ammunition. Inquire for semtex too.
- Get in touch with your local imam and have lengthy email correspondences with him about converting to Islam and sponsoring his mosque.
- Use your eBay account to make bogus bids on all sorts of Third Reich paraphernalia.
- On Amazon, conduct extensive inquiries into the works of Marx, Lenin, Kropotkin and Bakunin.
- Submit an application for political asylum to the nearest North Korean or Iranian embassy.
- Strongly encrypt massive amounts of totally useless data to fill up all of your free cloudspace (Google Drive, Sky Drive, Dropbox etc.). Give them ominous sounding names like Project_Armageddon or Apocalypse.
Again: strength is in numbers. You're pretty much dooming yourself when you do this just on your own, but creating a hell of an intel nightmare if there's millions doing exactly the same thing.
@Dirk Praet: But the endgame there is that your "terrorist cell" will be sent to Gitmo and DHS will chalk it up as a victory for the Patriot act and proof that we need more spying. You seem to be under the mistaken belief that the system is unable to turn a false positive into a true positive by fiat.
This kind of data collection can allow for selective law enforcement, which removes the separation of executive and judicial power.
@ Dirk Praet
The really simple non-technical solution would be to poison all of your digital communications and activities
ALL? I can't imagine I would last too long at my job if I sent an email like this to an email distribution list at work :)
Status is good. everything on track, ready to ship... It's all good!
Nuclear china citizenship
blah blah blah...
This would be one good CLE (career limiting email).
@Dirk Praet/ spook
--That was great but @No One raises the backhand slap counter point. It would be super easy to frame me, but they've always been able to vaporize randoms that get on their nerves. Sniffers better readjust their filters.
--No not all, just your boss. You were hacked by a scriddy and don't know how that got in your work email. Apologies sir/madam, hope it doesn't happen again. Get creative. Oh and psss, 谢谢 for the shipment. :)
A valid point. As with most projects, a decent requirements definition and some serious functional analysis are necessary to mitigate undesired side-effects and other potential collateral damage.
@ No one, @ Figureitout
You seem to be under the mistaken belief that the system is unable to turn a false positive into a true positive by fiat
There is no doubt in my mind that they can and they will. On the other hand - and contrary to popular belief - I do not take all intelligence agencies for morons. Any supervisor with half a brain cannot but frown at a sudden and inexplicable rise in alerts about people that for some reason simultaneously start exhibiting characteristics of jihadi terrorists, nazis, communists, hacktivists and lunatics alike. As poisoning techniques improve and proliferate, the surveillance industry will have to adapt either for the better by refining their modus operandi or for the worse by demanding progressively increasing budgets and civil liberties eroding legislation to the point that more and more people will turn against them. Ultimately, you can consider this an act of civil disobedience, and frankly as a EU citizen I would be kinda surprised to be subpoenad by a US court for wasting the precious time some LEA spent on decrypting my Google Drive files that turned out to be a Unix swap partition and those Facebook pictures of myself with Mr. Ahmadinejad at Natanz a really good fake.
That would make me look bad in front of my boss too!
@ Dirk Praet
Disinformation works and is used by both sides.
As per the article, Homeland provided their entire DB to NCTC on disks (not clear what kind) and when Homeland checked 30 days later NCTC still hadn't 'uploaded' all the data to their systems...
WTF are they using, VB macros in XL?
Or is this the usual govt-in-inaction routine where they didn't do the input to database mapping and a sample run before requesting the entire dataset?
@ Dirk Preat, Wael, figuritout, spook, No One,
The only think realy wrong with Dirk's plan is the lack of deniability that will stand up in court.
The solution to this is obviously malware of some appropriate type.
As we know there have been several botnets that have had more than a million zombies/botted computers under their control.
Likewise some other types of malware have claimed well in excess of 5million or so computers if the claaims made by AV firms are even fractionaal (ie 1or2%) true.
Now what should this malware do?
Well the first thing is it should in no way harm the users data files.
The second is it should "lock the back door" to stop other malwar getting in etc.
Thirdly whatever it should do it should it it randomly and sparingly, so the spooks only get a slow trickle of hits that slowly accumulate.
Fourthly whatever it does it should onnly effect outbound traffic to social media Email etc.
So the idea of insurting the occasional word is good, for EMail the best place to do it is by hiding it in the headers so it's not imediatly visable to either the sender or recipiet. One such way would be to put in a faux hop through some radical website domain so you gould have something likes
Thus the first two words trip the word filter and the domain name being some obvious terrorist name in a country like India, Packistan, Iran, Syria etc etc.
Another thing would be for people sending photos or whatever to a social media site, you put a logo of a couple of crossed AK47's or some such or one of the flags often draped in the background of suicide bomber "this is why I did it" videos. You could also "watermark" such things into the image so it's quite faint to the human eye but pops up to a computer search algorithm.
You could also fake stego the image with fake propaganda and movie plot suggestions for bomb plots etc etc etc. Then there are all those lovely MS and Adobe file formats just begging to have lots of hidden meta data messages, or with white text on a white backgroud etc
In other words don't hand it to "SpkooksRUs" without making them work a little bit they will just ignore it if it's to obvious. The trick is to hide the stuff so it's not visable to the casual user but is going to trip the kooks filters.
Then sit back and wait for the FBI to anounce that they have found an AQ cell etc etc before leaking information it's "hoxing malware" to the AV companies and then a short while later the general press saying the AV companies are in league with the Feebies to keep the fact those who have been arrested are innocent people hidden...
Another trick would be to make malware that checks the domain of the computer and if in one of the US gov sites actually randomly sends out a user data file of some kind to an online service using ROT13 or some such realy weak password like XORing with AQ or OBL over and over again.
The hours of fun you can have thinking up such schemes can be made better implementing them using old zero days and launching them from rented or compromised machines in other countries , we all know a large number of people don't patch their machines, why not explot them just as every other cyber-crook does.
Oh and just for the real fun, make the malware appear to use a sophisticated headless command and control system through the likes of google or any other major commercial organisation...
But... make sure you cover your tracks well "embarasing the man" tends to make him grumpy and spiteful and as we all suspect, they have no sense of humour because the bureaucratic mind takes it's self way way way to seriously.
@Anonymous Coward 'You get the country you deserve' and '*** America'
Very emotional comments, and something one of these automated systems would
be unable to parse. Readers can get the emotion behind those statements, but
these systems could not.
Problem with the logic there is assuming that, a, national interests are not
national interests. Do you care or complain about your country spying on
other countries? There are simply limits there on self-interest.
But, you miss a far bigger problem which is that if America truly goes police
state, that will absolutely effect the entire planet. America becoming a
Nazi Germany, a Soviet Russia, a Shinto Japan... would be a Very Bad Thing
for the world.
There are generally two forces working towards such a thing: one are the very
attackers. Two are the people in power. They work together. Even the wildest
conspiracy theorist can get this: this is the very reason they believe 911
was an "inside job"...
On the issue, in general:
I am a strong anti-communist, anti-nazi, anti-totalitarian. I study these sorts
of systems and get actively involved. When I see actions like these that the
DHS are doing I do see a lot of alarm bells going off... as do, of course,
I work in security so I am very familiar with the concept of over reacting.
People in power can argue that over reacting is being virtuous, which they
often call "patriotic". Yet, considering that totalitarianism has been the
enemy of the US, from my perspective they are crossing the line into being
one of the very bad guys they think they are fighting against.
This is a very true commonality and universal truth with all totalitarian
They all cross that line. Right now, they are just a little over that line.
But that is the direction they are going.
Excellent suggestions ! As you say, it would be great fun spending an evening with some like-minded spirits cooking up more of such schemes.
The only think realy wrong with Dirk's plan is the lack of deniability that will stand up in court.
I agree that sticking it to the man will probably backfire in more than one way and for the reasons you mention. Then again - and in absence of a solid legal background - it is not clear to me how poisoning one's telecommunication data would constitute a criminal offense. To the best of my knowledge, they're not a sworn testimony you could perjure yourself with. Obstruction of justice is probably hard to uphold if the offender is not aware that he/she is being investigated.
The only thing I can think of at this time is forgery if the poisoning is interpreted as a deliberate attempt at defrauding a 3rd party, in particular a spy agency or other organisation trying to exploit tele-communication activities.
In the case of corporations, I'd say that poisoning your data can only be considered unacceptable behaviour if they are providing some kind of service and thay you have accepted accompanying ToS that prohibit you from doing so. Worst case scenario is that they can block you from further using their service. For government spy agencies, it's probably even harder to accuse you of anything. Not only are they not offering you any service in any way, it can also be argued that doing so - at least in the US - falls under the freedom of speech as guaranteed by the 1st amendment to the constitution.
If there are any legal folks still reading, I'd be happy to hear from you on this.
The author should write scripts for Hollywood. The article isn't close to reality.
@ Dirk Praet
It really all depends on what country you're in and the laws. In America, there's a catch-all they'll start with:
"Anything you say can and will be used against you in a court of law."
Add "do" to that for accuracy. A person's own testimony against themself is usually labeled a confession and has more weight than most eye witness testimony. So, their first technique will be showing up with a subset of your traffic that looks like a confession.
The next part is intent. They're going to argue you're a radical or subversive. They'll either use the traffic as evidence in itself combined with their own concoction. Or, more likely, they'll argue that almost nobody does this stuff except those hiding criminal activity. At that point, you're hoping the jury is on your side. They're quite wishy washy about this stuff.
You've mapped out quite a few ideas with regard to fraudulent information and TOS violations. The TOS violation made me recall that some countries, I think even Britain, have laws governing offensive content/statements in public. Might be used against people using this scheme.
Of course, in all of this, you've mostly assumed they'll attack you using both the court and focus on this act itself. Neither is necessarily true. Let's focus on the latter. In US, there are over 300,000 laws and regulations on the books. The Govt can't even tell us how many exactly b/c they lost count. One study said average American commits 3 felonies a day, technically. So, a side channel attack (crypto slang! uh oh!) on your scheme would be to notice any law you're breaking and hit you on a technicality.
Now for out of court. They can use the likes of IRS to investigate you, freeze your assets, etc. Maybe FBI executes a search warrant on your home with SWAT team, tears your stuff up, seizes important assets and you must sue to get them back. You might travel a lot for work, but you're on Do Not Fly list. That supposedly happened to journalists critical of Bush. Next step up, if they're REALLY gunning for you, is rendition: you just disappear at an airport one day and maybe return alive. If you've invoked ire of covert ops community, you get hit by a car, commit "suicide," your plane crashes or you die of natural causes. Or your house is "burglarized," your lab "fire bombed," etc.
(All of these have specific instances of them happening. I'm just throwing them in from what's at the tip of my mind.)
Add to it that the rest of the scheme's feasibility requires a volume of people. The risks (and costs) of running nodes in Tor, I2P and Freenet have led few to take it up. Most of the public is uninterested. People using techniques like this will likely forever stand out. All the intense data mining means they WILL get noticed and the observers will just store everything they can to target the schemers later. They'll periodically harass them by seizing their property/nodes for investigations. If any are deemed important, see the methods above.
@ Nick P,
"Anything you say can and will be used agains you in a court of law."
Cricky, your the cheery one so sing after me, in your best impersonation of Eric Idle,
Always look on the bright side of life,
te tum, te tum, te-tum, te-tum,
Always look on the bright side of life,
te tum, te tum, te-tum, te-tum...
Sadly though as the article I pointed to the other day shows, you can be doing something perfectly legal (designing and developing gambling software for the export only market) and get thirty odd cammo'ed up SWAT twats kicking your house down just because some prat of a DA or equivalent etc thinks that frightening you and your family half to death is a good way to get your co-operation in putting back doors into your own software and then acting as a "snitch" for the FEDs...
Thus not only potentionaly ruining your own business, putting you and your families life in danger but in the wider contect making it clear to every one else in the world that US origin software is not safe to use in a business because it's been APT'd...
Some times I think some people think with other peoples backsides...
@ Nick P.
There's many ways to skin a cat indeed, and unlike people such as Jacob Appelbaum (Tor) or Nadim Kobeissi (Cryptocat), I'd grow tired rapidly of the harassment they have to put up with for their work.
As I said, any individual even contemplating this on his own is very likely to hit a brick wall at some point. Therefor, the wait is probably on for the day of the locust, when the right conditions are met for solitary grasshoppers to change both morphologically and behaviourally into an unstoppable swarm.
Pi55ing off the DHS is a very bad idea I've had friends that got that EARLY morning door knock where some TLA's rushed in and seized everything and I mean everything! holiday snaps, PC backups, Movie DVD's, CD's any storage media. If you are very lucky they will return the stuff they took, but it'll take about 1 year.
Off-site backups are your friend...
I keep mine in multiple locations. And scans of all important documents.
The original plan was recovery from fire or a tornado, but it works for overly-exuberant warrants, black helicopters, and alien invasion too!
In other words don't hand it to "SpkooksRUs" without making them work a little bit they will just ignore it if it's to obvious.
--That's the point...at least mine. They need to watch me at all times if they think they're getting all my transmissions; and I waste their time and resources tracking a complete non-threat.
Or, more likely, they'll argue that almost nobody does this stuff except those hiding criminal activity.
--What you say is what's going to happen. But consider, someone who's been harassed, anyone he tells thinks he's crazy; and the mental damage done will be permanent. Meaning I can't make new friends almost at all anymore. I don't smile much anymore. As far as I'm concerned, all the folks at (X.X.X.) can go f*ck themselves and come blow my brains out b/c I don't care about their worthless agency.
"But consider, someone who's been harassed, anyone he tells thinks he's crazy; and the mental damage done will be permanent. Meaning I can't make new friends almost at all anymore. I don't smile much anymore. "
That part is a personal choice. I know plenty of people who have been through horrific stuff that manage to make new friends, smile, and have a good time in life. I've had my own share of it. You just have to make a choice to never let anything break your spirit and know you're ultimately in control of your thoughts.
@Clive, @Figureitout, @Nick P., @RobertT
The tragic suicide of Aaron Swartz seems to confirm that The Man is very grumpy and spiteful indeed, and will stop at nothing to stifle and eradicate dissent. Rest in peace, Aaron, and may The Force be with us all.
I've always thought the best way to get back at a someone for raiding your house would be to infect their systems with a new zeroday virus with air-gap jumping capability. Of course their testing, of the intentionally infected drive, would be the system infection vector, so I'm not sure that they could even prosecute. It would be interesting to direct the call home function to another TLA so that the infection finger would be pointing elsewhere. Knowing the way these agencies work internally it would be even more interesting to create a loop back to the raiding TLA's CI section.
Fortunately I'm not worth the effort so I can get away with these musings, but as I said earlier they really have no sense of humor, heck they even believe they are acting honorably. unbelievable!
@ Dirk Praet,
The tragic suicide of Aaron Swartz seems to confirm that The Man is very grumpy and spitefu indeed, and will stop at nothing to stifle and eradicate dissent
Sadly he was put in a position where he could not defend himself. It's technicaly known as "Stripping of Rights" and it's one of the nastier legal moves that the politicos and others are latching onto for their own very personal gain (In the UK POCA gives them 18% of recovered value as a nice little incentive for instance).
Stripping of rights is one of the major indicators of a country that has been "hollowed out" where the law is subverted by those who can purchase it for their own requirments. It is what you would expect of supposed third world dictatorships and banana republics, not supposed first world democracies.
What Aaron did was at best moraly questionable, but importantly no more moraly questionable than those who chose to lock up information belonging to others for their own profit.
The two cases in question where about what Aaron did to a Federal Database of judicial documents (PACER) and likewise to an Academic Database of academic papers (JSTOR).
Basicaly he used the databases for one of their functions which was to download documents, which was an alowable activity that were part of the terms and conditions of the databases.
What is in question is the quantity he downloaded the method he used and supposadly what he was going to do with them.
But before getting to that we need to take a step back and look not at the databases and their TOC's but what was in the records of the databases. Various descriptions have been used but one such is "a treasure trove of documents".
These documents many dating back sufficiently long to be outside of any copyright by their originators had been coraled by force either by statute law or by the unwritten law of academia of "publish or be damed" into collections that were continuously updated. Thus it's claimed that the database is "a work" in it's own right and as such because it is continuously updated has what is in effect a perpetual copyright over the constituant parts. Now many regard this userping of the intent of the original copyright law to protect the author not an aggrigator as a moraly indefensible crime perpetuated by vested interests in the failing publishing industry. Mainly because they bring no originality to their perpetual supposed work.
But in both cases there is a secondary point to be made, in most cases the original authors were payed for their labours from the public purse, and thus arguably the papers as a consiquence of their payed for employment are the property of the public. Thus it could be argued that the aggrigators had commited theft, or fraud by trying to claim and enforce a title over the works of others and payed for by the public that they had neither a legal or moral right to do.
Back In 2008, Aaron had thrown open the Fedaral PACER database, of judicial documents. The case was investigated but later dropped when it became clear that there were actually no charges to answer that a court would substantiate. The Database usually charges around 8cents a page, but Aaron downloaded about 20% of the database with a supposed value of 1.6million USD during a monthlong "Free Trial" period. So the best you could claim was he had made the best of the offer (something stores refere to as "Barnical behavior").
However in 2011 Aaron had a knock on the door over the 4.8 million academic papers and articles he had downloaded from JSTOR.
The sharks at the Feds had pounced and they scented blood in the water. Thus four parties were now involved Aaron, JSTOR, MIT and the vengful Feds. JSTOR took legal advice and we assume were advised that a civil case by them had no merit and thus should not be persued, they then wrote to the FEDS as the supposed injured party asking that the FEDS drop any case against Aaron. Apparently MIT were subject to preasure and prevaricated, even though Aaron was lawfully on their property and lawfully using their computer network. And this inacction by MIT gave the FEDs an opening to persue Aaron.
Now why do I say "vengeful" of the FEDs well it would apear based on legal president that what they were trying to do (turn conditions in a civil contract into a criminal prosecution) was at best not likely to succeed. Due to the split legal presidents in the various circuits in the US, it is something that should have been refered to the Supreme Court of the US but for some reason the Obama administration ensured that it did not get referred (which is something that should have further light thrown on it).
Now whilst the FEDs were alowed to shomooze the press and did their best to vilify Aaron in public with a PR campaign designed to look like he was a profit motivated criminal, Aaron was denied the right of reply by the behaviour of a District Judge. Thus from the outset Aaron had one arm tied behind his back. Further the FEDs kept changing the charges and in otherways delayed and prevaricated in a way that bled Aaron of any finances he had. Thus he was unable to speak publicaly to state his case to obtain public support, thus not just his other arm but his legs also were tied, and thus he was trussed up like a chicken to be taken to slaughter.
The FEDs attitude was that he had to be found guilty of something or they would put him away for 35years and fines of a million USD. When Aaron stated his innocence and refused the FEDs reworked the charges apparently inventing new ones so that it is possible Aaron was facing more than 50years in jail and more than 4million USD.
Back in September 2012 TechDirt did a piece but it did not raise the profile of the case sufficiently.
Without the resources to fight and possibly feeling that he had no hope, we can only guess at his mental state. Jacob Applebaum who knew Aaron well had also been subject to his own problems with the FEDs and said,
I don't fully understand the reasons that he [Aaron] took his own life, if it has to do with the thought of nearly endless pain of prison for working toward an open culture, I empathize with the goals and certainly with the stress.
He went on further to express his own feelings of such treatment as,
Such a jackboot on one's throat creates atomized people, which contributes to deep despair and depression.
But what of Aaron himself what were the aims and objectives of such a young and apparently gifted individual?
Perhaps his own words might stand as the best testimony to his spirit and sense of purpose,
And perhaps, it is these few words that made Aaron the target for the vengence of the FEDs and the Obham administration.
After all those self interested individuals who choral information that by all other reason should be free, for their own personal profit, also wine and dine politicians and Government employees and pay for fact finding confrences etc in what are otherwise considered holiday destinations, would see Aaron's words as a threat. As we know from the likes of the "Fritz Chip" and much proposed legislation since, such IP holders in effect bribe politicians to take the IP holders ready made prototype laws. Laws that favour the IP holders private interests over the rights of the public to that which they have already paid for. In turn there are many politicians for a handfull of scheckles will put it up such prototype laws with little or no modification for passing onto the statute books, in effect to make both their moral crimes and the IP holders effective fraud and theft legal.
At one time the IRS records could not shared with other governmental agencies and I wonder is this restriction has been eliminated.
Also there was a suggest that VA records could be used but would that not be a HIPAA violation?
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.