Senator Feinstein Admits the NSA Taps the Internet Backbone

We know from the Snowden documents (and other sources) that the NSA taps the Internet backbone through secret agreements with major US telcos., but the US government still hasn't admitted it.

In late August, the Obama administration declassified a ruling from the Foreign Intelligence Surveillance Court. Footnote 3 reads:

The term 'upstream collection' refers to NSA's interception of Internet communications as they transit [LONG REDACTED CLAUSE], [REDACTED], rather than to acquisitions directly from Internet service providers such as [LIST OF REDACTED THINGS, PRESUMABLY THE PRISM DOWNSTREAM COMPANIES].

Here's one analysis of the document.

On Thursday, Senator Diane Feinstein filled in some of the details:

Upstream collection…occurs when NSA obtains internet communications, such as e-mails, from certain US companies that operate the Internet background [sic, she means "backbone"], i.e., the companies that own and operate the domestic telecommunications lines over which internet traffic flows.

Note that we knew this in 2006:

One thing the NSA wanted was access to the growing fraction of global telecommunications that passed through junctions on U.S. territory. According to former senator Bob Graham (D-Fla.), who chaired the Intelligence Committee at the time, briefers told him in Cheney's office in October 2002 that Bush had authorized the agency to tap into those junctions. That decision, Graham said in an interview first reported in The Washington Post on Dec. 18, allowed the NSA to intercept "conversations that . . . went through a transit facility inside the United States."

And this in 2007:

[The Program] requires the NSA, as noted by Rep. Peter Hoekstra, "to steal light off of different cables" in order to acquire the "information that’s most important to us" Interview with Rep. Peter Hoekstra by Paul Gigot, Lack of Intelligence: Congress Dawdles on Terrorist Wiretapping, JOURNAL EDITORIAL REPORT, FOX NEWS CHANNEL (Aug. 6, 2007) at 2.

So we knew it already, but now we know it even more. So why won't President Obama admit it?

EDITED TO ADD (9/28): Another article on this.

EDITED TO ADD (9/30): Also, there's Mark Klein's revelations from 2006.

Posted on September 28, 2013 at 6:10 AM • 112 Comments

Comments

@GuessingSeptember 28, 2013 7:53 AM

@Bruce "So why won't President Obama admit it ?"

NSA might have misinformed and/or blackmailed President Obama. After all, NSA knows 99% of private details of everyone.

GweihirSeptember 28, 2013 8:40 AM

I especially like how she now is a traitor and criminal by her own standards. The hardliners are often the most stupid ones...

WaelSeptember 28, 2013 9:19 AM

My turn to borrow the devils' advocate hat to instantly metamorphosis into an official NSA sauce...

Given the history and goals of the internet, DARPA/ARPA, why are some (avoiding generalizations) surprised at this behavior? Shouldn't that be expected? Jeeeeez, you guys are a bunch of whiners! You want to get something for nothing? The NSA taps the internet? Holly crap, what a shocker! You want privacy? Go live in a cave!

Taking the hat off, quickly, before I get pounded...

dbCooperSeptember 28, 2013 11:16 AM

As to the question "So why won't President Obama admit it", I believe George F. Will summed it up nicely in a sentence from his Sept 26 column.

"Nevertheless, Obama remains mesmerized by himself. He has not noticed that many objects of his rhetorical support -- the ACA; scores of Democratic candidates; his gun-control agenda; his plan to attack Syria -- have not become popular."

Mr. Will was writing on a topic different from the NSA shenanigans, but his point applies here: Obama is afflicted with Hubris.

AvayaSeptember 28, 2013 11:29 AM

why won't President Obama admit it?
Maybe he has received a National Security Letter about it...

NobodySpecialSeptember 28, 2013 11:34 AM

You don't even need to assign any ulterior motives to the NSA etc.
Their mission is to protect, they do that by intelligence gathering - therefore to protect better you gather more. It would be immoral and even traitorous not to.

It's the same logic that says if the navy can protect America with a 50,00ton aircraft carrier it can protect it better with a 100,000ton one. If 10 battle fleets are good the navy are failing in their duty not to demand 12. A mach3 stealth fighter is better to protect us against Al Queda than a mere mach2 stealth fighter.

The government, secret services and the military simply work on the same principle as anyone buying a new truck and deciding how many cup holders they need

HermanSeptember 28, 2013 11:56 AM

I don't care about the whys and the wherefors. The NSA is simply doing what Congress told them to do and they are doing a pretty good job it seems. Ditto for the GCHQ.

What I am interested in is how to frustrate them, since I'm not a US or a UK citizen.

TheTowerSeptember 28, 2013 12:41 PM

Best way to frustrate the NSA's data collection effort is to use non-commercial endpoint encryption. It won't stop them, and they have near indefinite retention policy for encrypted communications, but it's less convenient for them.

Andy DownsSeptember 28, 2013 12:45 PM

I have not read, nor hear any discussion on the issue of attorney client privilege that has been breached by the federal government.

The idea that a client can communicate with their attorney in confidence is now a myth, unless it is face to face.

Is anyone working on this part of the story? We know the FBI has access to NSA data. So if the FBI is prosecuting someone all they have to do is pull up the attorney or client info and use it. No one will ever know if it happens.

Any thoughts?

Mike the goatSeptember 28, 2013 12:45 PM

I can personally attest to the presence of mass surveillance equipment in a very prominent data center. I have seen the racks - populated with Narus equipment and two high end Cisco routers. Only a single fiber goes into the RX side of the ATM cards and the TX side was plugged.

I was escorted through this area by a Verizon Business network tech when one of our 1000 base interfaces were playing up. He opened a rack and proceeded to swap out a mini-GBIC which had gone to that great bit bucket in the sky and I pottered around and looked at what was in some of the racks (the ones with plastic panels on the front, some were full metal doors and I couldn't see I inside).

We got to know the guy who worked with them since UUNET/MCI days quite well and he even used to come to our office Xmas parties. He openly admitted the equipment was for "legal interception" but that's all he knew (or was willing to admit). It was an open secret in the telco industry that beam splitters were used to sniff traffic.

That said there was no indication that MITM attacks were possible. Indeed the devices I saw had only one fiber connected (no TX fiber). All single mode yellow colored fiber.

When Verizon started serving up our data on 1000base Ethernet rather than ATM (a pain as we had to support jumbo frames for the DSL tails that were l2tp tunneled in) they installed a media converter in our rack. We were quite happy to dispense with the OMC and just have them plug straight into an appropriate GBIC on our switch (figured it was an unnecessary additional piece of equipment) they insisted it was necessary to provide a "demarcation point". So perhaps they upgraded their capabilities then to allow more active attacks.

Funnily enough we (as an ISP) had to provide legal interception capabilities so law enforcement could get a mirror of a target's traffic. There was an iOS build with LI support with the idea being that even the ISP wouldn't know which customers were targeted. In practice we knew and the feature was only used on three occasions in ten years and we were briefed by law enforcement and given copies of judicial documents authorizing the wiretap. We actually stopped running our transparent cache as we felt retaining logs for months represented an unacceptable risk to our customer's privacy as retrospective data could be gained (although we were never asked - funnily enough on one occasion in the late 90s we had to provide ANI data for a specific dialup user who had his laptop stolen and used in an illegal activity. Turned out their home phone number was in there and they thought using the callerid block prefix would block ANI on our primary rate interfaces).

Anyway the point I am making is that this shit has been in the making for a long time and I can back my claims up as other network techs saw similar things at different telco colo facilities.

DBSeptember 28, 2013 12:54 PM

Since Senator Diane Feinstein is now, on her own, deciding to publicly release those little bits of redacted (and therefore still "classified"!!) pieces of information... shouldn't she now be thrown in prison just as surely as Edward Snowden? What's good for the goose is good for the gander... She should be calling herself a "traitor" now right?

name.withheld.for.obvious.reasonsSeptember 28, 2013 1:01 PM

Thursday's Intelligence committee with the chair Diane Feinstein and Chamblis was a joke.

The witnesses Alexander and Clapper were nothing more than an excuse to occupy 2x24sq ft of epidermis.

Senator Wyden did not get an opportunity to ask a second question during the hearing. The question he did ask of Alexander, and I paraphrase; "Has the NSA ever collected cell site data?" The answer was comical, he basically fumbled and then indicated that his answer was Clapper's answer--then he changed it again to "No."

The witnesses called were a joke--it was obvious staged to provide the public with a vision of way the programs must be continued...there was no significant adversarial witness. Too bad Bruce had not been called to testify, or Marc from Epic. The hearing represents a true sham.

WIntelAgencySeptember 28, 2013 1:14 PM

Imagine the insight they have if they do indeed have access to most antivirus and firewall providers! Access to our computers and inside. If they provided incentives to Google, Yahoo, et al. how does the buck stop at these large Oligarch antivirus and firewall companies?

DBSeptember 28, 2013 1:24 PM

@NobodySpecial: But having more cup holders in my truck doesn't break the constitution. All these unconstitutional laws and acts of congress need to be rolled back, and these programs redone to fit within the constitution and international human rights standards. Note: not JUST the constitution, but ALSO basic international human rights!

After all, surely tossing every single person into padded cells "for their own protection" would reduce crime a lot, right? That doesn't make it the right thing to do... Neither does ultimately (someday) removing any possibility of any two humans anywhere on earth ever communicating privately ever again (currently only electronic and postal means has been mostly removed, I think, not face-to-face). You can't deny that that's the direction things are going with total omniscience surveillance. It's oppressive and it's wrong. And the more it's allowed to grow, the more totalitarian and oppressive our government becomes.

ScratchSeptember 28, 2013 1:26 PM

This has been going on for a lot longer than has been discussed. See the news on the purchase of American data hosting company Verio by Japanese telecom NTT in 2000. Although the party that stepped forward in negotiations was the FBI instead of NSA, the effect on wiretapping activities was the issue raised.

The Clinton administration has struggled for months to allay worries that the NTT purchase of Verio could present a foreign-espionage risk by giving the Japanese-government-controlled company access to U.S. wiretapping activity.

... [T]his is the first time they have weighed an Internet deal for national-security implications.

The NTT negotiations highlight growing law-enforcement fears that the entry of foreign companies into the booming U.S. telephone and Internet markets could undermine the FBI's ability to investigate criminals by tapping into their digital communications.

DBSeptember 28, 2013 1:33 PM

What's wrong with everyone? Years ago, Nixon bugs a few offices and impeachment proceedings start happening.... Today, Bush/Obama bug.. well... EVERYONE... worldwide... and they are completely above the law? Oh, they just rewrote a few laws to make it fine? They didn't rewrite the constitution though... forgot that one, and it's supposed to be the "supreme law of the land" is it not? This world is so going down the tubes if people don't do something about it to fix it and pronto...

FigureitoutSeptember 28, 2013 2:01 PM

So why won't President Obama admit it?
Bruce
--Because all politicos are insincere; and all the processes are a sham and parade. So if the solution is "political" I say there is none.

The solution will be teaching people how to use cryptography on a trusted platform that can't be subverted and has a single purpose: send a message. And overflowing the system w/ crap data and leading agents on like butt-sniffing mutts.

FigureitoutSeptember 28, 2013 2:05 PM

Bruce
--I left the public affairs arena b/c I saw just how utterly hopeless the situation was. Well, that and all my ideas and beliefs would get me an awkward moment and shunned. I figured get an engineering degree and either make something useful or sustain existing systems before the entire system collapses and we're bankrupt; and martial law sets in.

NobodySpecialSeptember 28, 2013 4:10 PM

@Andy Downs - In a case where the police bugged interview rooms where a suspect was talking to their lawyer - the British House of Lords (equivalent to the Supreme court) ruled in 2009:

"If it were not possible to exercise covert surveillance of legal consultations where it is suspected on sufficiently grounds that the privilege was being abused, the law would confer an unjustified immunity on dishonest lawyers,"

If this is allowed by regular police in a regular court case you can bet that the NSA/FBI/MI5/KGB do so to fight against terrorism'

Bauke Jan DoumaSeptember 28, 2013 7:14 PM

Wouldn't an admission by Obama amount to an admission
to breaking the law? -- I stand to be informed, not being
from the US.


bjd

Nick PSeptember 28, 2013 8:03 PM

@ Bauke Jan Douma

"Wouldn't an admission by Obama amount to an admission
to breaking the law? -- I stand to be informed, not being
from the US."

Probably not. My position is that these programs are "legal enough" in that the goals (and some specifics) had backing from numerous Congress and courts. So, if the activities are legal, then from that point on it's a matter of LEO's, military and intelligence agencies executing the law to support their goal of "national security." Highly classified programs can be legally lied about for their security. So, the President could simply say it was a matter of national security and he had to keep the programs secret to keep them effective. The TLA's are arguing that angle already so hence my prediction that the President could cover his ass similarly.

Our current President is just extremely image conscious and likes to be seen as a President of the people. One of his campaign promises was to stop things like warrantless wiretapping, if I recall correctly. I think such image issues factor into how he talks to the public about these things. He's looking after himself. He can't get re-elected President but he still has a long-term future in politics (esp paid speeches a la Clinton) if he maintains his image.

PeterSeptember 28, 2013 10:30 PM

Additional to the story of Mike the goat: Cisco has an extensive and detailed guide for its lawful intercept equipment: http://www.cisco.com/en/US/docs/routers/7600/ios/...

It says that legislation and regulations require service providers and Internet service providers to implement their networks to explicitly support authorized electronic surveillance, but also that this lawful interception is to perform electronic surveillance on an individual as authorized by a judicial or administrative order.

So it seems all providers have these intercept capabilities for wiretapping individual people when FBI or police comes with a warrant. It's not clear whether the same equipment is used for the collection of the bulk metadata by NSA, which is of course different from the individual content collection done by FBI and police.

SkepticalSeptember 28, 2013 11:57 PM

@Figureitout

What trusted platforms? There are none. NSA has backdoors everywhere and it will take years to even begin to figure out where to look, much less find them.

SchneieronSecurityFanSeptember 29, 2013 12:03 AM

At this rate, by then end of 2013, the public will know that the NSA has everything.

FigureitoutSeptember 29, 2013 12:48 AM

Skeptical
--You're right, there are none currently (that I trust). This is a challenge for my generation of the 21st century. We will make the platforms and if I need to start traveling the country to find all the agents, so be it. If someone pays me, I'll do it. I've got a decent group of people who will not be on the list for creating this platform.

Open-source die hards like Richard Stallman-etc. need to take over the fab labs and we need our own means of component production. This is the next step in the movement, and it needs to happen. As it stands, getting my parts from backdoored companies sucks a......

FigureitoutSeptember 29, 2013 12:53 AM

Skeptical
--This means, if you want, provide some identifying info, and by radio waves we can conduct secure comms after an initial meeting. Solving the problem of purely anonymous comms is something I don't want to think about at this time and I don't trust the protocols.

65535September 29, 2013 2:25 AM

@Andy D. This is one of grave concern. I think Snowden was touching upon it with his “parallel construction” theory. It also tilts the legal playing field. And, it tilts the business field all the way down to small-business customer’s lists and other competitive and proprietary parts of most business and banking.

@n.w.f.o.r. I agree. I listened to the entire 2.9 hour tape. I was surprised at how stunningly slanted Senator Diane Feinstein was in her opening remarks (I can only guess at how she slanted the parliamentary procedures in the hearing).

I took some brief notes. At about 01:27.19 into the tape some senator asked Gen. Alexander three blunt questions.

To paraphrase Gen. Alexander: 1. There is no or should be no upper limit on the number of phone records collected. 2. All American phone records should be kept in a “lock box” [I guess this mean All phone records retained for and undetermined amount of time in the NSA "lock box"]. 3. All “business records” or other bulk records should be collected.

My other notes include: Rockefeller made a slip calling metadata “Megadata” and hinted about Data Broker’s being a bigger collector of bulk data for resale (which leads me to think CDN’s are a leading seller of data to the NSA because most CDN's rent on-site server space from big companies like Giggle).

Gen. Alexander side-stepped the question on how many times NSA collects “Cell Site Location” data (he referred to his general counsel and classified briefings to stonewalled the issue). That touches upon the sensitive geolocation issue and safety issues (plus privacy issues).

Gen. Alexander did a two-step dance by trying to separate NSA foreign spying with local criminal cases. He indicated that after a selector “hit” on a foreign terrorist (phone number or other selector) the case was handed off to the FBI with “enhanced” speed for further surveillance under criminal wire tap rules.

Lastly, Alexander and his counsel hinged most of the 702 and 215 items on Smith v. Maryland Supreme Court ruling and a series of executive orders. Thus, I assume the NSA seems to think vacuuming up vast quantities of American data is deemed legal.


See C-span


Mike the goatSeptember 29, 2013 4:38 AM

Peter: I think I spoke of this previously but we ran most of our core networks on x86 based systems. Our core switches were the only bits of Cisco equipment we owned. They'd take the various fiber types (e.g. we had a peering agreement with another telco for traffic between our networks to bypass the backbone and they were only a room away and we had their interface coming into one of our racks on multimode fiber, our MCI supplied IP also came in as copper on two 1000baseT channels, our secondary IP provider came in as 1000baseLX on single mode from their facility about five blocks down the road and we had our DSL tails being delivered via two redundant ATM interfaces which terminated on an ATM card in both our core routers, unfortunately they were delivered as many thousands of layer 2 tunnels and we needed several Linux boxen running l2tpns to terminate them all) tag each one with a VLAN ID and aggregate it onto two 10 gigabit Ethernet interfaces that connected to both our core routers. We had two switches bonded together and we had them distributed across the two so that should one switch die we would still have partial connectivity. This worked quite well in practice especially when we had to update catos/ios on the switches or do hardware maintaintance on one of the two FreeBSD routers. The failovers worked pretty much perfectly.

Anyway I am rambling. We were basically an almost completely FOSS ISP and were proud of it.

When all the LI shit came in we had to buy a Cisco 7600 series just to give them their proprietary legal interception capability. It had a funny side effect as when traffic was being pushed through the Cisco their TTL was changed and a few ms latency added.

Which was just the way we wanted it. :-)

Mike the goatSeptember 29, 2013 5:00 AM

Peter: deja vu.. I just did a search, this is what I wrote on the blog on September 13 about exactly what we are speaking of now. Not many outside the ISP business would know about this. It surprised me as we knew there was wholesale collection of backbone traffic anyway, but in a way it is unsurprising given at least data obtained this way with a court order would be admissable.

remember we were required to support Cisco's lawful interception technology at OUR cost by a certain date. As a consequence of all our network equipment being x86 running FreeBSD this caused us some problems. Even our DSL tails were terminated by a few Linux boxes running l2tpns. As a consequence of this any 'targets' had to specifically be routed through a 7xxx series Cisco which provided them with the proprietary solution they so desired (I am certain LI has been standardized now). In an act of disobedience I setup packetfilter to slightly delay those routed to the capture router so that the net result was an additional 4ms on latency and a change in TTL. I told a few of my more paranoid enterprise customers that we were legally obliged to say nothing but told them to take notice of their ping times. Funnily enough you'd also see in a traceroute the reverse DNS name was revealing enough ;-)

CallMeLateForSupperSeptember 29, 2013 8:57 AM

To the readers who voiced their opinion that Sen. Feinstein should be jailed - like USG wants to do to Snowden for the same reason - I say have another look at what she said. Look closely at *her* words. She did not disclose that intercepts came
from the internet backbone (others put "backbone" in her statement); she said that the intercepts came from the internet **background**. She might as well have said "internet auspuffanlage". I think what we really have here is implausible deniability. :-)

CallMeLateForSupperSeptember 29, 2013 10:08 AM

I nearly choked on my coffee when I heard Gen. Alexander's "lock box" statement. First of all, the statement implies that NSA's data hoard is not now locked up (secured?). General, you da boss, so that is on you. Second, his statement transported me back to 2001(?) when a pair of Congress Critters - grown men, presumably - stood before TV cameras and ceremoniously closed and locked a small chest to illustrate how they would keep the Social Security program afloat. Um-hum.

General and Congress persons: Please do not talk down to us.

Anton SherwoodSeptember 29, 2013 2:55 PM

One would think that a politician has an interest in not openly showing either dishonesty or cluelessness. Maybe there are circumstances in which that's not true.

Green SquirrelSeptember 29, 2013 2:57 PM

Did everyone see this in the news a few days ago?

http://www.theguardian.com/world/2013/sep/27/...

"NSA employee spied on nine women without detection, internal file shows"

For me, this is good evidence that even if you do believe the patriotic flag waving which says we must monitor everyone in case something bad happens, this is still giving sensitive information to potentially bad people.

NobodySpecialSeptember 29, 2013 5:15 PM

@Green Squirrel - the differences between NSA and GCHQ.
James Bond never had to spy on women!

MikeASeptember 29, 2013 5:50 PM

If DiFi _ever_ had a plausible veneer of honesty and cluefullness (as opposed to honesty _or_ cluefullness), it disappeared long ago in the face of shameless pandering to LEOs, Hollywood studios, and the investments of her husband. If the California Republican party were to field a candidate who was not certifiably insane,... (Tom Campbell, please come back)

JeffSeptember 29, 2013 7:09 PM

Obama won't admit to anything, whether it be the IRS scandal, PRISM, illegal wiretapping of journalists etc. He has Eric Holder shop for judges that get kick backs for a rubber stamp.

Obama is a true narcississt. He is childish and couldn't make a tough decision if his life depended on it.

At least Bush stood towards his convictions, whether it was unpopular or not. The contrast as leaders betwen Bush and Obama is huge. Bush was a leader and Obama takes walks around the rose garden with advisors and has them make them call the shots. Yeah, Bush spent to much, but Obama takes the cake on spending.

How's that Obamacare workin out? Can I keep my Dr? It was all lies.

What president disappears during an attack on a consulate in Africa? I expect him to go in front of congress and explain all the laws he's broken because I've lost track. Yet, the media won't touch him.

If this was a republican, they would already be impeached.

Muddy RoadSeptember 29, 2013 7:54 PM

Based on what I see from tracerts, the backbone is not so much "tapped" but has been physically re-routed to various NSA facilities.

I could be wrong about that. But it seems there is no way to get an honest answer from the government.

I think the technical guys need to be more forthcoming about what they see and say something.

Dirk PraetSeptember 29, 2013 8:05 PM

So we knew it already, but now we know it even more. So why won't President Obama admit it?

Because every admittance he makes about this affair draws all stakeholders yet another step closer to a public debate that is not particularly high on his priorities list, or that of any of the other branches of government, for that matter.

In November, the US is going to hit the debt ceiling (currently at $US16.7 trillion) again, and the GOP has lined up for yet another battle, threatening to shut down the government and taking aims at Obamacare. This is the project he has bet his entire presidency and legacy on, and that's what he is going to stay focused on, no matter what. I expect this issue to dominate both Congress activities and US mainstream media headlines in the time to come, offering all a more than welcome break from these pesky NSA revelations. And Dianne Feinstein some time to read up on technical lecture explaining contemporary telecommunications technology.

Clive RobinsonSeptember 29, 2013 10:36 PM

@ Green Squirrel,

I am not surprised, back in the NI days some of Ronnie Flanagan's mob were caught evesdropping and worse on "good little Catholic Girls" for some reason their boss Jim Gamble (head of Anti-terror intel gathering at the time) did not follow up on the reports and those involved went unpunished.

As can be seen Jim Gamble went on to considerable noteriaty heading up "Operation Ore" and later "CEOP" where many proffessionals in Child Protection saw him as being "out of control" and doing considerably more harm than good. Which May have caused a UK Minister to make moves to stop his "free rein" and cause his resignation.

But an interesting point arises from the Guardian article, the way it's written suggests that some of these misbehaving analysts not just saw call metadata but also listened in on calls. Not just current calls but historic calls. Which if true confirms that the NSA are storing call content for some considerable period of time in a very insecure manner.

AvayaSeptember 29, 2013 11:24 PM

@Clive
But an interesting point arises from the Guardian article, the way it's written suggests that some of these misbehaving analysts not just saw call metadata but also listened in on calls. Not just current calls but historic calls. Which if true confirms that the NSA are storing call content for some considerable period of time in a very insecure manner.

The following is from a transcript on a recent CNN interview:

On Wednesday night, Burnett interviewed Tim Clemente, a former FBI counterterrorism agent, about whether the FBI would be able to discover the contents of past telephone conversations between the two. He quite clearly insisted that they could:

BURNETT: Tim, is there any way, obviously, there is a voice mail they can try to get the phone companies to give that up at this point. It's not a voice mail. It's just a conversation. There's no way they actually can find out what happened, right, unless she tells them?

CLEMENTE: "No, there is a way. We certainly have ways in national security investigations to find out exactly what was said in that conversation. It's not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out.

BURNETT: "So they can actually get that? People are saying, look, that is incredible.

CLEMENTE: "No, welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not."

Source:
Are All Telephone Calls Recorded And Accessible To The US Government?


Clive RobinsonSeptember 30, 2013 12:02 AM

@ Dirk Praet,

With regards Obama, aside from over-running the US Gov over-draft he might be counting on the non-visceral nature of the Ed Snowden revelations causing little interest in the general US public. After all it's not like the very visceral nature of war footage after a drone or chemical weapons missile strike with young obviously distressed children being attended to in stark and seemingly primative hospitals and medical facilities and distraught and inconsolable parents in the depths of grief over a small shrowded form, that was once a much loved child and their hope for a better future.

This article makes a similar point as well as giving examples from a trove of very recently declassified secret legal advise/rullings given to US Presidents which arguably have given rise to the current lamentable situation,

http://www.newrepublic.com/article/114795/...

CommutedSeptember 30, 2013 12:10 AM

How can this be secret? I've seen internet backbone maps from the mid 90s that that show the surveillance pipes going to Vienna Virginia to a Dept. of Navy site. Level3 and all the big players. I suspect this is common knowledge.

RobertTSeptember 30, 2013 12:10 AM

For me the biggest problem with these admissions is the high likelihood that their real targets will adopt more anonymous modes of communication, such as embedding hidden messages within a forum post like this one. They might still know what web sites to go to but the end-point metadata connection would be lost. This would leave us with a very expensive information collection tool. The tools masters would look for uses outside the scope of terrorism and that's the start of a very slippery slope leading eventually to a Stasi style state.

I find it interesting that many people still believe they can be somewhat anonymous by simply using a Gmail account that they created on a pubic computer, what's lost on them is that all accesses to all Gmail accounts log the mac-address and IP addresses of the access (for read or write), so it is a trivial task to link anonymous Gmail accounts to the accounts actual owner. This gives a "more-complete" picture of everyone's activities BUT it fundamentally violates the inherent rules of separation that humans build between themselves and the different aspects of their lives.

Clive RobinsonSeptember 30, 2013 12:25 AM

@ Avyer,

Thanks for the link, it certainly indicates that others are confirming the "record everything" view/policy. But perhaps more importantly the use to which the data is being put, ie,

    If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.

Attributed to Cardinal Richelieu, circ 1640.

AvayaSeptember 30, 2013 12:28 AM

@RobertT
For me the biggest problem with these admissions is the high likelihood that their real targets will adopt more anonymous modes of communication, such as embedding hidden messages within a forum post like this one.

Well one way around all of this is adopting a completely different language. It could be something that is spoken by very few (like Esperanto but that may be used by too many) or partially tailor made (e.g. create custom words to replace all nouns and verbs of interest, but to increase complexity other parts of grammar would have to be replaced/combined as well).

But in the end this would make semantic analysis rather useless.

AvayaSeptember 30, 2013 12:31 AM

@Commuted
I suspect this is common knowledge.
Surely. I think Bruce did not know because he's such a newbie.

Clive RobinsonSeptember 30, 2013 12:53 AM

@ RobertT,

    ... such as embedding hidden messages within a forum post like this one. They might still know what web sites to go to but the end-point metadata connection would be lost.

Yup, I've seen posts on various open blogs that look sufficiently odd that made me think along those lines and even joked with Bruce and others about it as they to noticed odd posts (though strangley it no longer feels funny).

It gave rise to me thinking about then working out a way to "de-couple" a command and control system for a botnet, such that there was "no head" to be blocked/lopped/chopped off. Basicaly using open-blogs and search engines like Google and their caches, and other places such as Squid Chaches for various ISPs/Universities/Mobile broadband suppliers etc.

For a very popular site, such as this one comments hit the Google cache very quickly (sometimes with less than an hour delay) and likewise these pages get pulled into Squid caches fairly quickly. In essence if you can see a Squid cache local to you then there is a reasonable chance that your reading of a page from it does not get logged.

However Squid caches don't work with HTTPS requests, so you could argue that turning on HTTPS has for some users weakened their security...

RobertTSeptember 30, 2013 1:03 AM

@Avaya
I'm not sure I get your point, a different language does not help at all with metadata connecting individuals and ideas into a larger matrix.

Also if some TLA comes knocking at 3 in the morning to search, a different language wont help at all Read the history of the decoding of the language "Linear B". Given sufficient text every human language is decipherable if only because of the extreme information redundancy present (and essential) to all human languages.

In the first instance the size of the character set tells you if it is a phonetic language or a symbolic language Even Chinese characters can be understood by analysis of the quadrant in which the strokes occur.

RobertTSeptember 30, 2013 2:12 AM

@Clive Robinson
Yea Metadata is a strange beast to try to fool.

If you cease to generate any metadata then you'll definitely become a target for intense study (cough cough keystroke virus)

If you try to downsize your metadata signature it'll raise immediate concerns (the Germans faced this problem when they suspected that the British had cracked the Enigma code, reducing its use would give the game away, implementing a new code would also give the game away)

If you selectively encrypt messages to "interesting parties" your back getting intense study!

this makes the only logical defense being to "bore it to death". Create so much noise that your connection matrix gets completely distorted. Mind you while it is easy to send an email to 100 people it is improbable that all but the intended recipients will respond, except maybe to berate you for spaming them.

The most bizarre anti-metadata comms recommendation I've seen was for parties to communicate through the access sequences of pictures and comments in certain fetish databases. The stated advantage of this method was that it created metadata links into multiple LEO databases guaranteeing that one of more LEO will act upon this information and thereby hamper the efforts of other TLA's


JonSeptember 30, 2013 3:59 AM

@ Nobody Special:

Vitamin A is essential. If you don't eat any, you will die. If you eat too much, you will die.

Drinking water is essential. If you don't drink any, you will die. If you drink too much, you will die.

Any argument that says 'Because a small amount of A is good, therefore more of A must be better' is just magnificently preposterous.

Jon

WinterSeptember 30, 2013 4:08 AM

@Robert T.
"this makes the only logical defense being to "bore it to death". Create so much noise that your connection matrix gets completely distorted."

Which brings us back to animal evolution.

A pack of lions can bring down any zebra. Always.

So what do zebras do? They move in herds. A pack of lions can still bring down any zebra. The point of the herd is that the lions cannot keep track of that one zebra they want to bring down. The hunting lions get confused and will run after a new zebra every few seconds. So, in the end, they will catch none.

People investigating African herd animals (I forgot which one) had the same problem and marked individual animals to be able to follow them. Every marked animal was taken down by predators without exception. Which brought the investigators to this gem of understanding.

So, to protect yourself on the internet, move in the herd. What a marvelous excuse to surf "unsafe for work" websites.

65535September 30, 2013 4:17 AM

Does anybody care to take a stab at the math of storing all American phone calls (including content), text messages, and emails for a month or a year?

Given the compression technology and the huge cloud storage available it could be possible. If so then things are not looking good.

GweihirSeptember 30, 2013 5:25 AM

@65535:

Assume 1h/day for everyone. (Really 2h/day as you need to store it only once). GSM is 1.5kB/sec per direction, call it 2.5 for both eliminating silences. Times 250 million, that is ~2000TB/day, or if you assume $500/TB for spinning disk (with overhead for the data-center, etc.) $1million/day. Now for longer-term storage, go to tape. Assume tape is 10x cheaper, and you end up with ~$40Million/year.

Not a problem, not even a major investment, I would say.

Clive RobinsonSeptember 30, 2013 6:15 AM

@ Commuted,

    I suspect this is common knowledge

No it was and still is "readily available information" which most people who saw it failed to turn into "knowledge".

Some of us did and said so, we were either ignored or treated as conspiracy theorists.

The reason is "group perception" and "confirmation bias". We think "we are the good guys" and don't open our eyes to the "reality" the facts paint, even though people quite bluntly tell us so (think back to Saudi Arabia and Blackberry keys, the Saudi Gov said very plainly they only wanted the same rights as the US Gov had and for exactly the same reason). We just regard the messenger as "one of the bad guys" and just make mental excuses for our "good guys" if and only if we think about it.

There is a saying about the "Three Sign Posts to Disaster",

The first sign post is only visable with hindsight.
The second sign post is only visable to the wise.
The third sign post is visable to all but those involved.

Further as we don't study history the way we should we get plenty of examples of almost identicle disasters happening over and over again.

I guess pointing out that unthinking conservatism in religion and politics is spawning neo-fascism especialy in Europe driven on by a continuing economic disaster in Southern Europe causing distinct deprevation and poverty for which many blaim Germany and "Mimi" who has just been re-elected. Perhaps the Greek authorities raid on "Golden Dawn" might be an indicator of a breaking of the cycle, perhaps not maybe it will be looked on in future times as the second sign post...

qwertyuiopSeptember 30, 2013 6:15 AM

One person who is surprisingly (?) missing from these comments is Rolf Weber who was so insistent - at great length! - in the blog entry on 27 September "Another Schneier interview" that the NSA didn't have direct access and private companies wouldn't acquiesce.

CointelproSeptember 30, 2013 7:05 AM

@qwertyuiop

This guy is still living and has not been fired.

He is posting here under a different identity (or identities).

zSeptember 30, 2013 8:56 AM

@NobodySpecial

This is not the same thing as the Navy getting new carriers. It's more like the Navy parking them in your swimming pool, just in case you're a terrorist.

WinterSeptember 30, 2013 9:04 AM

Has this already been mentioned? Is the NSA tweaking SHA-3?


What the heck is going on with NIST’s cryptographic standard, SHA-3?


In the name of increased performance (running faster in software and hardware), the security levels of Keccak were drastically reduced. The four versions of the winning Keccak algorithm had security levels of 224-bits, 256-bits, 384-bits, and 512-bits. However, from Kelsey’s slides, NIST intends to standardize only two versions, a 128-bit and a 256-bit version.

Some of the internals of the algorithm had been tweaked by NIST – some in cooperation with the team that submitted Keccak – to improve performance and allow for new types of applications.

Dirk PraetSeptember 30, 2013 9:40 AM

@ Cointelpro, @qwertyuiop

This guy is still living and has not been fired. He is posting here under a different identity (or identities).

I don't see any reason for scolding @ Rolf Weber or substantiated proof that he is sockpuppeting (unless @ Moderator says otherwise). There's nothing wrong with a person stating and defending an opinion that is somewhat out of tune with that of our host and that of others on this blog. The only thing he can possibly be accused of is poor research and calling Snowden a liar while offering no proof thereof. And for which he has drawn flak. But let's not become some Faux News-like outlet where dissonance by definition equals trolling and folks saying unpopular or uninformed things must be shot at. That's beneath us.

FilbySeptember 30, 2013 9:47 AM

@Dirk Praet
The only thing he can possibly be accused of is poor research and calling Snowden a liar while offering no proof thereof. And for which he has drawn flak. But let's not become some Faux News-like outlet where dissonance by definition equals trolling and folks saying unpopular or uninformed things must be shot at. That's beneath us.

That was well said Dirk Praet. I for one fully agree.

qwertyuiopSeptember 30, 2013 10:30 AM

@Dirk Praet, @Filby

I totally agree with you - there is nothing wrong in having an opinion and defending it.

However, he asked those who were defending the contrary (ie. majority) opinion where their proof was. Now that the proof is forthcoming, ie. basically a frank admission that this is happening and Snowden was right, it might have been nice if he'd come back and said "Hey guys, you know what, you were right and I was wrong". I would then have really respected him, instead of which I'm left suspecting he was a troll.

FPSeptember 30, 2013 11:25 AM

It is well accepted that everyone but US citizens is a legitimate target for the NSA. Sen. Feinstein's now clarifies that some communications are obtained from US companies. It does not change the "what", it only fills in a blank about the "how", and only one that wasn't very hard to guess.

It seems that many Americans are rather proud of the NSA's spying capabilities, as long as it targets the rest of the world.

FilbySeptember 30, 2013 11:32 AM

@qwertyuiop

It did seem to me like that the discussion would next have developed into the direction of "but do the documents _really_ prove a backdoor at Google?" and that he would have wanted to argue about the semantics next (e.g. what looked like a mistake made by some journalist in covering the slides, or some other minor thing).

That, and the emotional aspect in the arguments, did make it feel like it would be prudent to discontinue the discussion. It should be quite easy for him to do additional research based on the information that has been floating around here so far.

Best,

Filby

SlibeySeptember 30, 2013 1:01 PM

"...what's lost on them is that all accesses to all Gmail accounts log the mac-address..."

-RobertT


Correct me if I'm wrong, but don't MAC Addresses (Layer 2) end at the local segment gateway (router)? I don't think websites can get your MAC, without resorting to hacks like the FBI/Freedom Hosting one.


NobodySpecialSeptember 30, 2013 3:26 PM

@z @db @jon
I wasn't excusing their behavior - I was just supplying an explanation of why an agency feels that collecting so much data is "a good thing" - even though it actually reduces their operational value as any real terrorist data becomes hidden in the noise.

It's the same thing that happens whenever you have a generally unquantifiable evil" that you need to fight - drunk driving, terrorism, failing schools.....

If a blood alcohol of X is bad then reducing it to x/2 is better, or x/4 or x/10000000 shows your commitment to fighting drunk driving.

If you think liquid explosives are a risk you reduce the amount of liquid people can take on aircraft, and the more you reduce it - the safer people will be. The reduction in allowed volume is quantifiable, enforceable, and capable of being quoted in powerpoint - something the reduction in actual explosive attacks on airplanes isn't.

There was (reported here) a proposal for a new explosive detector in airports which could detect a single molecule of explosive in the air. A moments rational thought by a 5year old would show how useless this is - but if you have been measuring your agency's success by the reduction in detection limits then installing it is the only logical path.

RobertTSeptember 30, 2013 5:09 PM

@Slibey
"Correct me if I'm wrong, but don't MAC Addresses (Layer 2) end at the local segment gateway (router)? I don't think websites can get your MAC, without resorting to hacks like the FBI/Freedom Hosting one."

Not sure of the process exactly, I prefer to focus on the results and make conclusions about the process.
There was a high profile kidnap "collar bomb" case a few years ago in Sydney. Read the real-time reports published in various papers, at the time, and see how the Prep was traced.

There was no reason to believe that there wasn't any particular reason to assume anyone was tracking him or that any viruses had been loaded onto his computer.

The reports on the investigation process showed just how advanced "big data" and metadata are being combined by LEO's if the case becomes high profile.

DBSeptember 30, 2013 5:32 PM

@FP: It seems that many Americans are rather proud of the NSA's spying capabilities, as long as it targets the rest of the world.

Since the mass spying is against basic human rights, then that implies that "many Americans" think they are some sort of superior race, and the rest of the world only exists to be their slaves or barnyard animals, to be ridden, worked, whipped, sold, or slaughtered as they see fit.

Bauke Jan DoumaSeptember 30, 2013 6:35 PM

@ DB

I beg to differ. The average American is as decent a human being as the next guy,
wherever you are.

That's an important notion in all of this: that there is a class of the powerful waging
war against those mentioned above. What do those in power and the powerful fear
most? Those whom they have rendered power-less. What does get you? A self-
fullfilling circle, a spiral of paranoia and fear -- fear of the masses, that thus have to
be controlled at all costs. So you see control spiraling out of ... control?

Where subversion, sabotage, lying, cheating, breaking the law used to be attributed
to radical elements who where threatening the piece and quiet in a society, they are
now the traits of the state, which out of its paranoia has added to that immoral, socio-
pathic behavior. In short, what we see is the class of degenerates at the helm, the
class of ANYTHING GOES.

No, the average American is the one to set our hopes for. Like Noam Chomsky always
says: "it's a very free society" ("it"=USA), and that's where that hope lies -- still.

bjd

Clive RobinsonSeptember 30, 2013 7:07 PM

@ DB,

Whilst what you say is true, it's not the perception.

So an overly general explanation of the problem,

The US populous has an "isolationist" outlook and sub conciously believe they have the best nation in the world and everybody secretly wants to be an American and be "one of the good guys". Thus they also fear being invaded by forigners who must by definition be "bad guys".

Which when boild down is what the 24hour rolling News Channels with their "talking heads" engender/encorage.

It also does not help that the majority of US leaders for many years now have been from the South not the North of America.

Thus it is a matter of pride to have the "Lone Star State outlook" where everything has to be "bigger to be better", and the Alamo engendered "fortress mentality". So the biggest armed forces etc etc. The problem is when you have a large "standing army" what do you do with them.

Well since WWII and the German V-weapons the answer has been "invent enemies to have wars with". The wars can be "cold" or "ideological" as long as they can be seen to threaten "The American Way".

The reality as the rest of the world sees the US is that the US sends out "robber corporations to steal at the point of a gun" to take the resources to feed the delusional hedanistic "American Dream". Thus they see the US as "The Bad Guys"

So when the US populace do venture outside of the US they are generaly despised by those around them. This is especialy true where Americans "export America" so that "they can feel at home abroad" but are actually rubbing their hosts noses in it...

It engenders hostility big style and this re-enforces the issolationist viewpoint which quickly develops to a "Them or US" mentality with the attendant "For US or against US" attitude which just drives it in an ever decreasing spiral.

But thats OK because as Americans believe "we are the good guys" everyone else must be the "bad guys" and "we have the technology" so watching every move the "bad guys" make is prudent, and doing it well gives the "sense of pride" an "ego boost".

Whilst there are some Americans who don't believe this simplistic nonsense they find all to often their fellow Americans either do, or cann't be bothered to think otherwise.

The Ed Snowden revelations provided an easily visable test as to what individual American's held as their core beliefe's, the shock and out rage was from those that had the "We are the good guy" image and very briefly opened their eyes as to the realities of life are now in some form of denial. Those who realise that life is not simply "Good-v-Bad" were sadened by the fact it was happening but shocked by the scale of it and are now pressing for constraint. Even those who had read the signs correctly and knew it was going on were still suprised by the scale of it untill they started putting pen to paper to work out what was required, then acceptance of the facts sunk in for them, and realise that change is going to be close to impossible without a significant fight. You can see this on this blog if you go back a little while to where people were working out just what was required to record every phone call, SMS web page access and Email and if it could all fit in the Utah facility...

Clive RobinsonSeptember 30, 2013 7:44 PM

@ Slibey,

At the network level the MAC address should as you think not go off the local network.

However the MAC address is visable via all network aware MS OS's at the application layer. Supposadly as the MAC address is unique it is used as a serial number for software licencing etc. Many applications thus know the MAC address and quite a few applications (MS Office etc) embbed the MAC address into files and headers or as part of unique identifiers. Thus the MAC address leaks out across the network at the application layer.

As has recently been seen with the FBI TOR busting malware the MAC address is available to even (supposadly) "sandboxed" code from the Internet such as JavaScript.

But... Some home routers have their own DHCP servers built in as standard that "lease out" IP addresses based on MAC address. Due to a number of issues with the router software the MAC address is visable from the Internet side of the router (as some people have found on talking to ISP technicians when trying to "fault find").

Oh and on MS NT when used as a router it was possible to put the distant gateway IP address into all NT machines on the local network --as opposed to the local IP address of the gateway-- and still have traffic route. In essence it acted more as a "bridge" than a "router" and this would leak the local MAC addresses... The first time I saw this happen on a customers site I was "gob smacked" because it broke the rules and as a consiquence caused problems for correctly written software which the customer was claiming incorrectly was broken.

KurzlegSeptember 30, 2013 7:46 PM

@ Clive Robinson:

"It also does not help that the majority of US leaders for many years now have been from the South not the North of America."

I don't think that this is _wrong_ necessarily, but it's an oversimplification. The truth is that anyone who seeks the presidency can say what they like about national security matters. But once they attain the office, they're presented with a tidal wave of expectations on nat'l security that they're willing to take the word of the experts and "do what's necessary" to prevent anything from occurring on US soil.

I realize that this isn't your question/point. Given what's been revealed, why wouldn't a president just admit the reality? That's more complex. For one, I think they still cling to the notion that if they don't acknowledge a program/etc., then it's still secret. Also, they want to maintain a clean legacy even if re-election isn't at stake. One can't get around the human ego. In the end, by the time most presidents reach this point, they're sympathetic to the next person in line and don't want to "shit the bed" for them. It's a sort of professional courtesy.

Dirk PraetSeptember 30, 2013 8:02 PM

@ Bouke Jan Doume

Fryslander, I presume ?

The average American is as decent a human being as the next guy.

Nobody is saying the contrary, but from my own travelling experiences and dealing with colleagues, expats and tourists it would appear that many are tragically uninformed, uninvolved or even plain brainwashed by the nonsense their government and mainstream media are feeding them. And how agitated some can become when trying to explain stuff that does not correspond with their view on the world. Truth be said, it's generally the same with folks from other countries with similar Soviet Union-style media control.

@ RobertT, @ Slibey

Correct me if I'm wrong, but don't MAC Addresses (Layer 2) end at the local segment gateway (router)? I don't think websites can get your MAC, without resorting to hacks like the FBI/Freedom Hosting one.

That's correct. It can probably be done through a downloaded ActiveX/Java applet that has been granted specific access rights, or through a cunning Java script. If the latter, that's just another good reason to turn off JS/use NoScript because that's a security hole that really should be plugged. On Windows; IIRC, the MAC address also leaks from certain COM-applications. Another way to get it would be through telnet/ssh access to your ISP provided router, then ping/arp.

To avoid such intrusions, it is recommended to have an additional router under your own control behind that one, preferably based on an open 3rd party firmware stack. That is of course unless you are sure that your Linksys/Cisco, Huawei, D-Link or Motorola does not have any backdoors in it.

@ Clive

Obama might be counting on the non-visceral nature of the Ed Snowden revelations causing little interest in the general US public.

Exactly. That's why I have said before on this blog that what is really needed is a Snowden document with a similar emotional impact as the Milly Dowler case in the UK. Short of a real shocker with mass appeal, I'm afraid this entire affair is just going to die a slow death, leaving ripples in civil liberties and security communities only.

By now, it is pretty much clear that the general public in the US and the UK doesn't give a rat's *ss, and that politicos in Europe are probably just going to use it as collateral in trade and other talks. Same in South America, where undoubtedly state-of-the-art methods will be used to shut up the likes of Morales, Maduro and Rousseff if they don't back off. At which point the only net result will be that US based tech vendors and cloud service providers may yet be facing some tough times ahead dealing with international customers where confidentiality of data and communications is of the issue.

Perhaps the Greek authorities raid on "Golden Dawn" might be an indicator of a breaking of the cycle, perhaps not maybe it will be looked on in future times as the second sign post...

You'd be surprised how much silent support Golden Dawn enjoys from many disenfranchised Greek citizens that have been hit hard by the economic crisis and subsequent austerity measures. The unspeakable incompetence and corruption of previous administrations and effectively of the entire political class has ruined the country beyond belief and is the prime feeding ground for such movements.

I don't believe for a minute that those in power in Greece give a toss about how many activists or immigrants are being assaulted or killed. They're only doing it because it's politically expedient to criminalise GD so they can be prevented from gaining even more seats in the next elections, potentially ousting them from their positions. The murder of rapper Pavlos Fyssas (AKA Killah P) just provided the right mediagenic excuse.

However much I applaud the crackdown on Golden Dawn, their rise was predictable because Greece totally failed at indicting, incarcerating and ostracising those whose incompetence led to the downfall of the country, leaving it at the mercy of the EU and the IMF.

Dirk PraetSeptember 30, 2013 8:13 PM

@ anon

How do you know that "mass spying is against basic human rights?" Prove it.

Universal Declaration of Human Rights, Article 12:
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

Read it. The US is a subscriber, by the way.

AnonSeptember 30, 2013 9:05 PM

@Dirk

That raises as many questions as it answers. What is privacy? Does it include metadata? Did the drafters of Article 12 ever state that it protected metadata? I find it doubtful that the US government thought the privacy of phone records in 1948 was a fundamental right. Since as you pointed out the US did sign the document, I'm inclined to believe that privacy does not include metadata or else the US wouldn't have signed the document.

name.withheld.for.obvious.reasonsSeptember 30, 2013 9:07 PM

@ Clive


It engenders hostility big style and this re-enforces the issolationist viewpoint which quickly develops to a "Them or US" mentality with the attendant "For US or against US" attitude which just drives it in an ever decreasing spiral.

When president dubbya declared in 2001 "You are either with us or against us!" I exclaimed "I'll have a Guinness."

@ Dirk, Nick

Here was the president of a democracy creating a demarcation between peoples with an implied "You are guilty if you are not one of us." I was so ashamed, but I did not stay silent. Seems the whole intelligentsia disappeared into a corner somewhere. Often I stood alone, a singular dissenter that couldn't understand the "group think" attraction. Whilst working in the UK the intelligentsia forgave the citizenry of the US for electing Bush the first time, it was when he was re-elected that Europeans gave up on us. I witnessed the crowds in London to protest the "wars without end".

FigureitoutSeptember 30, 2013 9:30 PM

Wile E Coyote
--That comments section was hilarious; but yeah I'd be interested in how he goes about the hardware aspect. If I had his money I'd be building something or actively looking for a trusted partner as we speak. I'm not buying one but I'm curious what makes him so confident. He seemed to have ran his own little operation in Belize so he knows some tactics...

My solutions definitely cost way more than $100 taking into consideration the time and inevitable mental damage you will take on following my methods.

AlexSeptember 30, 2013 10:36 PM

@Mike the Goat: FWIW, my ISP has a similar setup, although he introduces 15 ms delays + has a very specific name for that router (bigbrother.domain.com) , and the router clearly shows up in a traceroute if they are sending packets through it. The irony is that it's not a little mom & pop shop either. Just a group of people who strongly support privacy rights and generally wish to be left alone.

65535October 1, 2013 12:56 AM

@gweihir

I am in agreement with your basic conclusion that the storage is doable. I have to run through the numbers once more. Now, extracting the data from a SQL data base and making sense of it could also be doable but at a higher cost.

I don't like it but, it may be time to start cutting the NSA's budget.

CointelproOctober 1, 2013 2:40 AM

@Anon "How do you know that "mass spying is against basic human rights?" Prove it."
@Anon "That raises as many questions as it answers. What is privacy? Does it include metadata?"

It seems that Anon doesn't read Schneier's blog posts before commenting them: Shneier just blogged here that data is also collected by NSA.

More, his posts are examples of Rule #9 (Play Dumb) and Rule #2 (Become incredulous and indignant) of http://cryptome.org/2012/07/gent-forum-spies.htm hence look like they are actually payed by NSA.

For me, NSA only introduced the distinction between data and metadata for damage control.

@Dirk Praet "The only thing [Rolf Weber] can possibly be accused of is poor research and calling Snowden a liar while offering no proof thereof."

@Rolf Weber's posts were also repeatedly asking for proofs, following Rules #2 and #9. @Rolf Weber or @Anon may have posted such comments unintentionally: in this case we need to teach him/them that it is a nuisance to forums. Because otherwise, the web site schneier.com will slowly get more unusable for security-related discussions and link sharing between anonyms.

EthernetusbOctober 1, 2013 3:09 AM

@Wile E Coyote "Building a $100 Gadget to Block the NSA"

It won't block every backdoor NSA already put in your computers.

To help a bit, you may add an OS you are confident in (OpenBSD? www.scs.stanford.edu/histar ?), an Ethernet-over-USB connector (not likely to be IPMI-compatible), and, choose between:

- compile out USB-Keyboard support from kernel.
- patch the kernel to ask the user for confirmation when USB-Keyboard is inserted.
- fund a project to create an Ethernet-over-USB connector connector without backdoor.

The same ideas could be used to build a switch: add many Ethernet-over-USB connectors to a computer with many USB ports.

How ironic, these "Intel® inside" stickers on laptops and computers: they now may be understood as "intelligence-gathering inside".

Dirk PraetOctober 1, 2013 7:06 AM

@ anon

That raises as many questions as it answers. What is privacy? Does it include metadata? Did the drafters of Article 12 ever state that it protected metadata?

I'll indulge the question, but you're being intellectually lazy or dishonest here, and which will eventually get you ignored or banned. For starters, Art. 12 explicitly mentions correspondence next to privacy. Read it again.

In addition, the UDHR pre-dates the US metadata debate by several decennia. The NSA authority to capture metadata is granted by the FISC's interpretation of PA Section 215 (2001), which in its turn - and by their own admittance - primarily hinges on the 1979 SCOTUS verdict in Smith vs. Maryland, as well as a number of Executive Orders. This has been touched upon several times before on this blog, and can easily be found out about by other means as well.

Although as a General Assembly resolution the UDHR has no legally binding effect, regional treaties such as the 1953 European Convention on Human Rights (ECHR) and the 1978 American Convention on Human Rights (ACHR; also known as the San José Pact) both offer provisions for interpretation, application and enforcement of these rights. For the former, this goes through the permanent Commission and Court of Human Rights, for the latter there is the Inter-American Court of Human Rights and the Inter-American Commission on Human Rights.

Unless the UDHR is amended to explicitly differentiate between metadata and content, I believe the overall intention of Art. 12 to be clear. UDHR, ECHR nor ACHR AFAIK contain exceptions for wars on drugs and terror, just like the US Constitution and Bill of Rights don't contain any references to the pursuit of terror. If a nation state wishes to partially or wholly exempt itself because of national legislation/case law superseding these, they are free to withdraw themselves. Or at the very least stop preaching about human rights to other nations whenever it's politically expedient to do so (Syria) while at the same time blatantly violating these themselves (Guantanamo).

Mike the goatOctober 1, 2013 7:30 AM

Alex: I won't give you fqdn but if you were DSL you'd be terminated by lns[1-4] and your next hop would be gw1 or gw2. If you were tagged for LI you'd have an intermediate hop called wiretap-gw. Funnily enough we never got chided by TPTB regarding this. Seems they aren't a smart bunch.

Slibey/Dirk: some IPv6 implementations also leak MAC addresses in the host part of the address. The attack on Freedom Hosting was pretty crafty from what I read. A piece of JavaScript checked the User-Agent and would only continue if it matched a specific Mozilla header given by the 'tor browser bundle'. It'd then execute some win32 shellcode that did a CONNECT to an IP in MD, sent the MAC and then hung (exiting gracefully is difficult to do when doing these kind of exploits). I imagine that once they raided said property they would check the Ethernet adapter. A matching MAC would confirm that this was the machine they were looking for.

It surprised me that once this became public that someone with a botnet didn't flood said IP with random (but valid) info to increase their signal to noise ratio.

I suspect this didn't happen as most of the sites this guy hosted were of a particularly unsavory nature. That said he also hosted an anonymized webmail service called "tormail". So there is potential for law abiding users to get accused of browsing explotative material. One would hope that they wouldn't get a court order to invade one's home based solely off having connected to that IP but nothing would surprise me.

Mike the goatOctober 1, 2013 7:36 AM

Wile E Coyote: I am surprised that someone doesn't make a simple $20 appliance that has a green and a red LAN socket on it. All it should do is run a tor client (and a DHCP server of course) and forward everything into the for network. It would have prevented the Freedom Hosting shellcode decloak attack. Had the shellcode executed they would have got a MAC address but would not have got a tor exit node as a source IP. The MAC was for the hell of it - it was the uncloaked IP in the source that they were really after. Of course this device shouldn't make any crazy claims. There are still plenty of ways around it.

Dirk PraetOctober 1, 2013 8:19 AM

@ Mike the goat, @ Wile E Coyote

I am surprised that someone doesn't make a simple $20 appliance that has a green and a red LAN socket on it. All it should do is run a tor client (and a DHCP server of course) and forward everything into the for network.

I remember a Tor spin-off project discussed on this blog in December 2010 that combined OpenWRT/Tor on a low-cost wireless router from Buffalo Technologies. I don't know if they're still working on it or if it has been abandoned.

nogovOctober 1, 2013 8:28 AM

I'm in a 5 eyes country and no surprise they closed parliament until next year to avoid questions about how shady and 1984like the state spying apparatus has become

AnonOctober 1, 2013 9:57 AM

@Dirk

I think you're being disingenuous if you think by signing the the UNDHR the US believed the article to be anything more than a more a restatement of our own 4th amendment or thought that they were committing to any change in the privacy protection afforded to their citizens. Historically in the US, opening a letter or seeing the contents required a warrant, but looking at the outside of the envelope or seeing metadata did not. Smith v. Maryland didn't invent a distinction between metadata and content, so much as it applied a long held legal principle to a new technology.

Dirk PraetOctober 1, 2013 9:30 PM

@ Anon

I think you're being disingenuous if you think by signing the the UNDHR the US believed the article to be anything more than a more a restatement of our own 4th amendment or thought that they were committing to any change in the privacy protection afforded to their citizens.

As a signatory party to the UDHR and the ACHR, the US under international law is to respect any legally binding treaties, irrespective of past, current or future domestic law on the subject. Interpretation and rulings fall under the authority of the entity described therein, in the case of the ACHR the Inter-American Court of Human Rights. If that's a problem - as in the US not recognising the authority of the International Criminal Court in The Hague - it can either withdraw from the treaty/resolution or follow the diplomatic protocols to change it. Both your and my interpretation of the reasoning behind or the consequences of the US signing those from a legal angle are completely irrelevant. Dura lex sed lex.

Historically in the US, opening a letter or seeing the contents required a warrant,

First-class letters and parcels are indeed protected under the 4th Amendment, and elaborated upon in e.g. 18 USC § 1702 and 18 USC § 1703.

A number of notable exceptions include G.W. Bush signing off on an executive order in 2007 allowing the USG to open mail without warrants in “emergencies or foreign intelligence cases.” Another one is 107 H.R. 3009 from 2002 that expands the Customs and Border Protection Service's ability to open international mail. This was also discussed on this blog on January 16th 2006.

FYI, there's about 200 or so federal statutes that deal with the United States Postal Service and the U.S. Mail.

but looking at the outside of the envelope or seeing metadata did not.

You are oversimplifying the issue by not providing context or references. The mostly unregulated USPS mail covers program allowing a LEA to make formal requests for such to the Postal Service has been around for quite a while. It was discussed on this blog on May 10th 2013. Last month, US Postmaster General Patrick R. Donahoe confirmed in an interview with AP the existence of another secret program called Mail Isolation Control and Tracking (MICT) that has been in place since 2001.

Although many consider both programs an invasion of privacy, court challenges have generally failed because judges ruled that there was no reasonable expectation of privacy for information contained on the outside of a letter. That is not to say that there haven't been quite some exceptions.

- The Church Committee faulted a 1950's New York program that used mail covers to trace and sometimes open mail going from the US to the Soviet Union.
- The practice was ruled unconstitutional by a New Jersey federal court in Paton vs. FBI in 1979.
- In 1988, NY judge Thomas Griesa rebuked the FBI in a suit brought in 1973 by a high school student in New Jersey.

So for as far as regular mail in the US is concerned, your statement is mostly correct.

Smith v. Maryland didn't invent a distinction between metadata and content, so much as it applied a long held legal principle to a new technology.

That's not the point. The real issue here is whether or not the ruling in Smith vs. Maryland is still applicable to today's mass surveillance that is much broader, longer term and way more revealing than that of a simple pen register on a single person’s phone line in 1976. The more you aggregate large quantities of metadata, the more you come to a point that you are starting to breach a reasonable expectation of privacy, the issue around which the entire Smith vs. Maryland case revolved. And it's on that ground that the ACLU in June filed suit, alleging the NSA's business records collection program under PA Section 215 violates both the 1st and the 4th Amendment.

Last but not least, I would like to point out that the content/metadata debate is an internal US issue only that doesn't stop the NSA from collecting and processing both from the rest of the world, and irrespective of countries making a similar distinction or not. And which is clearly a violation of basic human rights as defined in the UDHR, regional treaties based thereon as well as a number of other diplomatic protocols.

That said, I am done lecturing you on US and international law. The only reason I have gone through all this trouble is to show other people the logical flaws in your unsubstantiated challenges and assertions. At this point, I am lead to believe that you are either a college boy looking for someone to do his research for him, or a troll trying to lure people into wasting their time on rebutting strictly personal opinions he can't be bothered with to research or reference. I am ignoring you as from now.

Invisible ManOctober 1, 2013 9:46 PM

@Dirk Praet
At this point, I am lead to believe that you are either a college boy looking for someone to do his research for him, or a troll trying to lure people into wasting their time on rebutting strictly personal opinions he can't be bothered with to research or reference.

That is what "Anon" seems to me too. BTW when the government writes down information on:
A. who called whom and when and for how long
B. who emailed whom and when
C. what websites did the person visit
D. what locations the person visited (from cell phone tower data and other sources)
E. etc

This is all pretty obviously surveillance, whether it is obtained only from metadata or not.

In fact it much resembles the kind of 1950's anti-communistic surveillance.

AnonOctober 1, 2013 10:02 PM

@Dirk

You keep ignoring the main issue: the interpretation of any document, including the UNDHR is that of the people who wrote and ratified it. It clearly doesn't mean what you claim it means, because it's not historically plausible that it would have been ratified if it did. You obviously don't understand article 12 of the UNDHR because it clearly has a different meaning than you think it does.

As for Paton, you should actually read the district judge:

Assuming that a search was involved in the copying of Paton's return address,7 this court must consider her expectation of privacy in the return address information. As a matter of common sense, Paton's return address was visible to any number of postal workers. As a matter of law mail covers have been consistently declared legal in light of Fourth Amendment challenges both before8 and after9 Katz v. U. S., supra, culminating in the recent case of U. S. v. Choate, 576 F.2d 165 (9th Cir. 1978), cert. denied, ___ U.S. ___, 99 S.Ct. 350, 58 L.Ed.2d 344 (1978).10

Plaintiff Paton attempts to distinguish the cases upholding mail covers on the grounds that they deal with investigations of criminal activity rather than the national security investigation of the instant case. Although a pertinent distinction, it is not relevant on the Fourth Amendment issue. The weight of authority compels finding for the defendants on this issue.

AnonOctober 2, 2013 12:19 PM

@Invisible Man

I never claimed that metadata didn't amount to surveillance, only that it didn't amount to "an invasion of privacy" as understood by the ratifiers of the UNDHR in 1948. Thus far, neither your nor dirk have presented any evidence to the contrary.

AlexOctober 2, 2013 3:56 PM

@Mike the goat
If you were tagged for LI you'd have an intermediate hop called wiretap-gw. Funnily enough we never got chided by TPTB regarding this. Seems they aren't a smart bunch.

Having worked for some of the Federal agencies on data mining / data recovery, I can confirm your analysis of their intellect. Granted, these were data mining in the sense that we'd scarfed up all of the records of a company undergoing a criminal investigation, not the gathering of innocent people. Still, the feds' incompetence was glaring. Their ignorance of the laws was also rather glaring. Yes, you DO have to present evidence you plan on using during discovery.

As far as our ISP goes, I wish I could explain more, but can't in a public forum. Let's just say that the feds aren't likely to sniff it due to the ownership and some of its customers, a few other federal agencies would see such sniffing as a security leak/issue and would be objecting.

Terry in PhoenixOctober 2, 2013 4:24 PM

@Andy Downs
This has been my montra or months. The person sitting in the White House has the keys to the kingdom. First it was Bush but he is not Internet (or anything else) savvy. Now we have Obama who is tech savvy. Obama has access to every communication of every journalist, lawyer, Congress person, and every member of the Republican National Committee. How can his party lose? Did he use this data to get re elected last time? I have to say it but we have lost the Republic. Presently the Democrats own the keys to the kingdom. Data is power and the President has access to 100% of the data. Why is Congress OK with this? As far as I', concerned, the Republicans should just pack up and go home. We just need someone to turn the lights off.

Invisible ManOctober 2, 2013 7:58 PM

@Anon
I never claimed that metadata didn't amount to surveillance, only that it didn't amount to "an invasion of privacy" as understood by the ratifiers of the UNDHR in 1948. Thus far, neither your nor dirk have presented any evidence to the contrary.

Well, ok, although I am not sure how much it matters when so much of what NSA does is an invasion of privacy. As any large organization they probably also do other stuff that would not exactly classify as an invasion of privacy.

But if they stopped all their other data collection and collected only metadata to profile people and create relationship diagrams (as they are currently doing with metadata), most people should be concerned whether it classifies as invasion of privacy or not.

The reason for this concern are the checks and balances that should exist against government power. Humankind had a small taste of government abuse of technology in Nazi Germany. Interestingly most Germans back then did what their government told them to. Probably not surprising since even their "Bastions of Morality" (their churches) flew the Nazi flag and their clergy showed support to der Fuhrer through their behavior otherwise (by adoption of their salutes, through dinners with their high officials, etc).

What I mean with this is that if something should be stopped, it should be stopped before it becomes some kind of an accepted national thing.

fbOctober 3, 2013 8:27 AM

I am surprised that someone doesn't make a simple $20 appliance that has a green and a red LAN socket on it. All it should do is run a tor client (and a DHCP server of course) and forward everything into the for network.

Freedom Box project. Goal is that it will work with any box converted to a server, especially a dedicated Linux wall wart server. Raspberry Pi's cost $35.

David ThornleyOctober 3, 2013 10:09 AM

@Dirk Praet:

I don't think the legal situation is as cut-and-dried as you think.

You mention the ACHR as governing the interpretation of the American treaty, but don't give us any relevant rulings from them. We can all speculate what they would do in any individual case (and feel fairly certain the US would ignore unfavorable rulings), but we don't know.

The difference between data and metadata has always been there. The police can, if they like, keep me under surveillance in public, but they can't rummage through my underwear drawer without a warrant. For my physical correspondence, there is a difference between something any postal worker might see in the course of his or her job, and something hidden in an envelope.

I don't consider the definition of privacy to be perfectly clear. Clearly, it's a violation of privacy for somebody to read my mail or take some sort of action about its contents. Is it a violation for the government to keep a copy of it as long as nobody looks at it or uses it as a reason for an action? That, IIRC, was the NSA position, and it's always possible that the NSA was telling the truth there. It makes it very easy for individuals working there to violate my privacy, but I'm not sure it's inherently a violation.

Therefore, I can construct a more or less plausible case that the NSA may not be violating individual privacy in the legal sense. The law is unclear here, and that's a big problem.

As anybody reading this should know, computerization has increased the scope of surveillance dramatically. It used to be that, if the police wanted to keep an eye on me, they'd have to devote officers to doing that. Nowadays, they have many ways to find out where I have been and some of what I've been doing without using valuable police time. There's a lot of public data out there, and anonymization efforts frequently do not work. The situation is qualitatively different from the late 1700s or 1940s, and the laws in place then allow things that sure seem to me like abuses.

We need new laws and legal principles, or at least new definitions.

Dirk PraetOctober 3, 2013 8:27 PM

@ David Thornley

I don't think the legal situation is as cut-and-dried as you think. You mention the ACHR as governing the interpretation of the American treaty, but don't give us any relevant rulings from them.

You're correct on both accounts. I cannot give you a single ruling in which mass collection of metadata for the US or wholesale collection for the rest of the world has been struck down as a violation of the UDHR (ius cogens), the ACHR, the International Covenant on Civil and Political Rights (ICCPR; ratified by 167 countries) or the American Declaration on the Rights and Duties of Man (ADRDM) as adopted by the Organizations of American States (OAS), to which the US is a State Party. Both ICCPR and ADRDM are binding treaties the US has a legal obligation to uphold. The right to privacy as reflected in UDHR Article 12 is set forth in Article 17 of the former, and Article 10 of the latter.

Note that in Statehood Solidarity Committee v. United States, the Inter-American Commission on Human Rights found the US responsible for violating Articles 2 and 20 of the ADRDM. This example effectively nullifies the preposterous allegation that interpretation of international treaties is at the sole discretion of the signatories and by definition constrained by the bounds of national law. It's actually the other way around, as defined in the Vienna Convention on the Law of Treaties that prohibits states from defeating the object and purpose of a signed treaty.

Underwriting a legally binding international treaty in general also means a commitment to translating its provisions into national law where applicable, and acknowledging the authority of and arbitration by supranational bodies. The US unfortunately has a very poor track record in doing so, as in refusing to acknowledge the authority of the International Criminal Court or in arguing hat the ICCPR does not have extraterritorial application. Needless to say that such an attitude defeats the entire purpose of international law. In any pact, either you're in or you're out ("pacta sunt servanda"), and that goes especially for those who make it a habit of lecturing other nations on human rights.

We need new laws and legal principles, or at least new definitions.

The proverbial nail on the head. The global surveillance dragnet Ed Snowden has revealed has no precedent in the history of mankind, so it's not really a surprise that there is little or no case law on the issue. Imagine the rogue nation of Elbonia building a secret Death Star and subsequently blowing Saturn to Kingdom Come in their pursuit of space aliens. That would surely not go down well with the rest of the solar system, but from a legal angle I don't see what charges could possibly be brought against them. (ex absurdo, I know.)

Although I don't know of any international statutory or case law that explicitly prohibits NSA-like global mass surveillance, I don't know of any that allows it either, leaving both opponents and proponents in a similar situation as to the question whether Snowden on the "direct access" issue is a liar or not. Neither side can positively prove that under international law it is either legal or illegal. But it would seem that the USG is entirely on its own in drawing its authority from the (until recently secret) FISC interpretations of PA 215 and FISA/FAA 702. Needless to say that it has zero authority to export those to the rest of the world.

Even within the US, the NSA's activities and the FISC's interpretation of PA 215 are under heavy legal fire, as e.g. shown in the federal lawsuit First Unitarian Church of Los Angeles v. NSA filed by 19 plaintiffs in the Federal District Court for the Northern District of California in San Francisco on July 16th this year. The grounds on which the case is based is that the NSA's domestic metadata program is violating the 1st, the 4th and the 5th Amendment to the US Constitution. By September 10th, six more organisations had joined in.

But it doesn't stop there. Last year, the Electronic Frontier Foundation (EFF) launched a collaborative process to draft a set of International Principles on Communications Surveillance and Human Rights for protection of human rights vis-a-vis surveillance laws. The final version of July 10th 2013 has 275 signatory organisations worldwide. In the preamble of the document, the first reference made is one to Article 12 of the UDHR, so it would seem that I am all but alone in interpreting this provision the way I do.

The framework was recently presented during an event on the right to privacy, hosted by the governments of Germany, Norway, Austria, Hungary, Liechtenstein and Switzerland, at the 24th session of the Human Rights Council in Geneva. Noteable speakers were UN Special Rapporteur Frank La Rue and Navi Pillay, the UN High Commissioner for Human Rights.

La Rue on June 4th also issued a UN report warning that unfettered state access to surveillance technologies could compromise human rights to privacy and freedom of expression, as protected by the UDHR and ICCPR. Specifically cautioning against the US's FISA, it equally warns against the use of "an amorphous concept of national security" as a reason to invade people's rights to privacy and freedom of expression, arguing that such an invasion potentially "threatens the foundations of a democratic society".

In conclusion, I think it's fair to say that the USG and its NSA surveillance dragnet both at home and on the world stage from a legal and human rights perspective are on very thin ice. Whether or not they'll fall through will entirely depend on the courage and determination of freedom loving people all over the world to stop them.

Dirk PraetOctober 4, 2013 6:27 AM

@ Anon

Since obviously you can't be stopped from trolling, I guess I'll just have to further expose you as one until such a time that @ Moderator sees fit to intervene.

The ADRDM is not a treaty.

Stricto sensu, the ADRDM is a declaration just like the UDHR. But from the link you posted: "Although strictly speaking a declaration is not a legally binding treaty, the jurisprudence of both the Inter-American Court of Human Rights and the Inter-American Commission on Human Rights holds it to be a source of binding international obligations for the OAS's member states." Which for all practical purposes makes it one.
The IACHR derives its mandate from the OAS Charter and the ACHR. And the ADRDM terms are still enforced with respect to those states that have not ratified the Convention, such as (drumroll ...) the United States.

The IACHR has ruled against the US in quite some cases, on one occasion even overruling SCOTUS. Feel free to do your own home work.


As for Paton, you should actually read the district judge: ... from your comment on October 1, 2013 10:02 PM in this thread

A deliberate misrepresentation of the final outcome of the case. Quoting the 1979 verdict as previously referenced (page 15): "... Defendants' motion for summary judgment on the constitutionality of the field investigation is denied. Plaintiff's motion for summary judgment on the issue of the constitutionality of the field investigation is granted".

I suppose you got yours from an earlier ruling leading up to the final verdict, but that you - as per your usual disregard for forum etiquette - conveniently couldn't be asked to reference.

Paton v. LaPrade (FBI) was one of two landmark cases that led to the federal Privacy Act. Plaintiff Lori Paton was heared on two occasions in Congressional hearings leading up to this act. But don't take my word for it. Read what former ACLU attorney and Rutgers Law Professor Frank Askin wrote on it in his book "Defending Rights: A Life in Law and Politics".


It's hard to see how Intel could be hurt by the Snowden documents from your comment on October 2, 2013 9:03 PM in Will Keccak = SHA-3?

I said no such thing. What I did say was that it would be a good thing for all companies in bed with the NSA to come clean, in absence of which the entire US ICT tech industry will risk suffering. And I didn't even mention AMD.


If the USG accepted your argument that "war on terror" should be ended, it would have no reason to care at all whether its diplomatic relations with other countries were seriously damaged. from your comment on October 2, 2013 9:17 PM in Will Keccak = SHA-3?

A most cynical vision on US foreign policy and international diplomacy which I highly doubt is the official USG line. But highly consistent with the visions of Otto Von Bismarck or Dick Cheney on the matter. I suppose you were just trying to elicit some rant against the US. Nice try.

AnonOctober 4, 2013 12:16 PM

@Dirk

This thread has mostly run its course, so I'll just add that you're incredibly naive if you think the USG, like many other countries, doesn't evaluate the significance of its diplomatic relations almost entirely on two criteria:

1) Does this help our economy?
2) Does this help our national security?

Regarding 1, the US economy is large enough that other countries will make trade agreements or not with the US, whenever they think they can make a profit, regardless of how much they dislike us.

NobodySpecial2October 16, 2013 4:19 PM

NobodySpecial is great example of the existence of a US 50-cent army equivalent

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..