Amy Zegart on Spycraft in the Internet Age

Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. Wired has an excerpt:

In short, data volume and accessibility are revolutionizing sensemaking. The intelligence playing field is leveling­ — and not in a good way. Intelligence collectors are everywhere, and government spy agencies are drowning in data. This is a radical new world and intelligence agencies are struggling to adapt to it. While secrets once conferred a huge advantage, today open source information increasingly does. Intelligence used to be a race for insight where great powers were the only ones with the capabilities to access secrets. Now everyone is racing for insight and the internet gives them tools to do it. Secrets still matter, but whoever can harness all this data better and faster will win.

The third challenge posed by emerging technologies strikes at the heart of espionage: secrecy. Until now, American spy agencies didn’t have to interact much with outsiders, and they didn’t want to. The intelligence mission meant gathering secrets so we knew more about adversaries than they knew about us, and keeping how we gathered secrets a secret too.

[…]

In the digital age, however, secrecy is bringing greater risk because emerging technologies are blurring nearly all the old boundaries of geopolitics. Increasingly, national security requires intelligence agencies to engage the outside world, not stand apart from it.

I have not yet read the book.

Posted on February 8, 2022 at 10:52 AM32 Comments

Comments

Ted February 8, 2022 2:02 PM

I really enjoy reading well-researched books. Every author has their own approach, materials, and something valuable to share.

I went ahead and picked up the audiobook. 11 hours and 54 minutes can go fast depending on what you’re doing. Actual reading is great too, especially if there’s a lot of detail.

I’ve been reading another book on intelligence services. It’s interesting because William Colby supposedly helped ‘open the kingdom’ to the author. The book has covered programs operated in Vietnam, Latin America, Afghanistan, etc.

There have been more than a few times in reading, I’ve wondered how does this kind of thing even happen? It probably means I need to read more. Thanks for sharing this book!

Carl February 8, 2022 2:06 PM

I find the irony too thick when those new (author) don’t innerstand DARPA created the whole platform (i.e., public interweb) and its largest search and social applications (e.g., google, facebook, etc.) for the purpose of collection and surveillance.
If you remember the old dial-up telephony bulletin-board information services (e.g., CompuServe) of yesteryear, while communications could be monitored individually, such was simply NOT convenient for those three letter agencies…they wanted and achieved mass surveillance when the global internet was born [a rapidly deployment].
And if that wasn’t enough, we’ve witnessed over the last decade+ the push to move all those individual data silos to the cloud allowing those unseen packets of “protected” information to also be captured and viewed as never before. As you know, if one doesn’t physically poses the information, they can’t secure it!
The idea of “Spycraft in the Internet Age” is a laughable huge JOKE, it was built in from its inception. D’oh!

John February 8, 2022 2:22 PM

Hmm….

Seems to me the basic lesson is simple:

“International transportation of people and goods is not a safe thing for
the longevity of mankind.”

https://www.aljazeera.com/news/2022/2/7/jordanian-initiative-fighting-for-food-sovereignty

Wheat blessing: Jordan’s grassroot movement for food sovereignty

The farming initiative promotes food independence in the country with
the world’s oldest bread by converting unused urban land into
productive wheat fields.

Fukuoka – One Straw Revolution,

various authors – Restoration of the Peasantry.

et cetera

John

Frank Wilhoit February 8, 2022 3:18 PM

“…government agencies are drowning in data….” (Needless word omitted, in accordance with Strunk’s Rule 13.)

This is not a new phenomenon. Surveillance states have suffered from it for centuries. The only difference is one of scale. More subjects, more data, more “analysts”. Well, maybe also more tools — that looks like another difference, but hold that thought.

It always plays out the same way. The “analysts” do not analyze; they fabricate, according to their personal prejudices and/or what they think their bosses want. And if they don’t “deliver” fast enough, then it neatly turns out that their input wasn’t really needed.

This is why the tools don’t matter, because the “analysts” don’t use them to analyze, which really means that they don’t use them at all. Today it is approaching the point where the tools can use themselves, which creates the appearance that value for cost is being delivered; but the costs are perceived as non-discretionary to begin with, so that doesn’t matter either.

Clive Robinson February 8, 2022 4:01 PM

@ carl,

don’t innerstand DARPA created the whole platform

Sorry, no they did not.

It came about from work carried out at Bletchly Park during WWII carried out by Gordon Welchman, who also developed what we now call “Traffic Analysis.

He went to work for a well known US think tank and the design which is still in use world wide was designed to be resistant to Traffic Analysis and other techniques.

If you look things up you will discover that the “anti-surveillance” features took up resources, and so were deemed an unnecessary expense when the networks went public.

The reason for this is “capacity planing” the military worked on either a no or low contention ratio so anti-surveillance techniques had next to no effect on the cost of links.

In the commercial networks contention ratios of fifty to one or greater are very very common. So there is no room for anti-surveillance techniques.

In turn it’s also one of the reasons Tor is best avoided if you have real security needs because for the same reason it precludes the use of most forms of anti-surveillance techniques, especially those against Traffic Analysis.

You need to study Traffic Analysis and all it’s little wrinkles, it is perhaps one of the most powerfull techniques available.

Thankfully though, currently Traffic Analysis is not realy acceptable as evidence in a court of law, so it’s not something law Enforcment can hand to prosecutors.

It’s why the notion of “Parallel Construction” is mentioned.

That is it is fairly certain LEO’s can use Traffic Analysis and some very probably do. However with the intel it produces being not admissable, it has to some how be covered another way.

Criminals make mistakes such as large takeaway orders that ordinarily would not be an issue. But because Traffic Analysis has revealed the highly probable “where and what” then giving the prosecutor “suspicious order reported” as the reason to investigate passes muster as the tip supposadly came from a “concerned citizen” thus is alowable for the LEO’s to follow up.

We’ve seen this nonsense carried out by the FBI over telephone gamvling carried out from a hotel room…

They aranged for the cable TV etc to fritz then sent in a member of hotel staff to check it. The member of staff reported what they had seen so the FBI could then “legitimately” bust in.

Such “work arounds” and the consequent lying to prosecutors and courts, might get FBI agents quick results, thus promotions etc, but they have a habit of backfiring and “costing big” later on. But that’s a different budget so who cares?..

humdee February 8, 2022 4:28 PM

“Intelligence used to be a race for insight where great powers were the only ones with the capabilities to access secrets. Secrets still matter, but whoever can harness all this data better and faster will win.”

I haven’t read the book either. How does the author address the issue of systemic risk? To my mind that’s the biggest bug in the race to make sense of all the data.

Beatrix Willius February 8, 2022 11:57 PM

What does the last paragraph of the excerpt mean? Why should the alphabet soup agencies have to engage more with the world because of the surveillance?

The single 1 start review on Amazon is amazing. According to the review the author doesn’t see the Deep State which the reviewer finds in “under-performing, arrogant Civil Servants”.

Winter February 9, 2022 1:35 AM

@John
“The farming initiative promotes food independence in the country with
the world’s oldest bread by converting unused urban land into
productive wheat fields.”

“Food independence” as in North Korea?

Without international trade in food, most people will have to die, or move to the countries producing the food, which would take up agricultural area.

JonKnowsNothing February 9, 2022 8:40 AM

@ Winter, @John

re: Food Independence – a nice buzz word

Food insecurity is a serious problem even in societies that have large amounts of food available. 2 primary issues: cost and distribution.

Food Famines are a continuous problem globally when entire crops or ecosystems collapse from climate changes of all types: heat, cold , rain, dry. Timing of these events is a factor too.

Human induced Food Famines from wars, conflicts and scorched earth tactics create the same effect but are derived from different sources and contexts.

Rain and Landmines are not equivalent but have the same famine results.

Urban Farming, Victory Gardens, Backyards, Unused City or Lands can be set up for production and many people are able to use to grow their own supplemental food.

Urban Farming has a significant cost factor. The vast majority of urban gardens cost far more to build, maintain, plant and harvest that larger commercial farms. There are many reasons why an urban garden is preferable to commercially grown food but cheaper cost is not one of them.

In USA, some cities have allowed experiments with different gardening techniques, some unofficial but tolerated or ignored and others with some inputs from city management. Abandoned lot reclaiming or repurposing has been tried with varying success. Often abandoned lots contain significant contamination and are not really suitable as the land has been poisoned by previous usage.

If cost is removed from factoring, there are many ways urban farmers can grow their own food. Small spaces can use bucket gardens and dirt-less gardens can be used in special woven hampers or baskets.

Urban small plots are not sufficient to feed a family or remove food insecurity but are more than sufficient to grow supplemental food.

Other problems that can interfere are costs of materials, plants, water, electricity, heat, Organic vs Non-Organic and pest controls, food storage, and tools are also factors in production.

Growing wheat in a 5×5 plot isn’t going to produce enough flour for bread; growing herbs maybe more successful at improving taste but not enough nutritional value; zucchini baseball bats are the result of over production and under consumption.

Many things can be mitigated but nearly everything has a cost to do so. Places with serious food insecurity are often subjected to human induced food security impacting whether the food gets to be eaten by the growers, stolen, or despoiled.

One or two hens can provide eggs for a family but in urban areas this may not be permitted. It still costs money for feed, care, purchase, veterinary care and a suitable place to house them. The eggs are not necessarily cheaper than store eggs but you don’t have to go to the store to get them. (1)

Urban laws and restrictions also impact what you can and cannot have or grow.

In California, contaminated water is becoming more common. Residues of manufacturing and older agricultural pesticides have seeped into the ground water systems. Wells and water sources can be polluted with sewage and waste water by products.

Contaminated soils from the same sources render the dirt unusable. Bucket gardens or no-in ground gardens can work but have their own difficulties keeping soil moisture levels even.

Growing indoors can have humidity issues with mold and mildew inside the building.

Over tapping of the ground water system and surface water allocation and water usages all interplay with urban gardening as well as commercial gardening.

There are drought protocols to “reduce water uses” that do not consider backyard gardens a legitimate use. These are considered the same as ornamental lawns. Houses are give a water allocation that barely covers normal domestic uses. Watering a garden may generate a serious penalty or fines.

Grey water use and Roof Rain catchments are highly variable and may not be a good water source for food crops. Grey water is lightly contaminated and maybe OK for the lawn. Roof Rain depends on the type of roof and material composition.

===

1) Not too long ago, there was a kerfuffle whether the cost-benefit of “donating a goat or cow” to people with food insecurity was good or bad.

The goat-cow increased the wealth base, provided food and milk and offspring provided a source of cash. The recipient had to have space or collect forage for the animal and to share part of the wealth with others in the program.

The counter was 1 goat soon becomes a herd. A herd of goats eat more than 1 goat. Goats eat lots of different plants including rare ones. Herds of goats eat too many plants and damage the ecosystem.

It became A Goat Too Far …

ResearcherZero February 9, 2022 10:11 PM

If there is one criticism I’d make, it would be that all are equal in their lack of responsibility in the matter of foreign interference. Many politicians that are quick to point the finger at China, for example, have been complicit in allowing the kind of environment that allows foreign interference, through opening themselves to compromise through corruption and misbehaviour.

As a further example, here is a real case of compromise allowed to continue for 30 years due to an unwillingness to address the problem, and also a failure to reform the law and process which allowed it to happen.

Paul Whyte faced the court in the 1990’s for exactly the same behaviour he was jailed for, and worse, but was never sentenced. He and others were completely and utterly compromised. The health system and the victims now bare the burden of that failure of process, and the further failure to reform the law to prevent it happening again.

Those 30 years could have been better spent. Getting our own house in order is how we could address public anger and dissent.
https://www.abc.net.au/news/2021-11-19/disgraced-public-servant-paul-whyte-sentencing/100630840

Integrity is a paramount! Yet the willingness to enforce it is well a truly lacking…

“In particular, there are significant limitations on the powers in the proposed “public sector division”, covering most of the public service, parliamentarians, higher education providers and research bodies.”

https://www.abc.net.au/news/2022-02-10/fact-check-commonwealth-integrity-commission-royal-commission/100815740

Paul Whyte was head of the Department of Communities, an important “public sector division”. He held significant powers over the “public sector division”, thoroughly abused them, and thus was seriously compromised.

Addressing such problems in future may help earn the public’s respect, and importantly, trust.

David February 10, 2022 3:12 AM

It’s about 20 years since Richard Hunter published his book “World without secrets”, and many of the concepts he put forward in it seemed a bit out there at the time, not least the amount of computing power needed to make use of all of the data that was then available.
Step forward those 20 years and the amount of information now out there and the processing power available to analyse it have increased exponentially and what seemed improbable then is BAU now.
I fear that train left the station a long time ago, and we have to accept that we truely live in a world without secrets.

ResearcherZero February 11, 2022 12:07 AM

Human Collection

The dealer records the transaction, makes the hand-off to the handler.
The foreign agent then asks the MP,
“Tell us about the submarines.”
or,
“You are going to add this person to your staff.”
“We also have the videos from your rendezvous.”

Parliament drug use claims to be raised with police this week.
https://www.bbc.co.uk/news/uk-politics-59539589

Integrity bodies are an important step to protecting PEPs (politically exposed persons).

ResearcherZero February 11, 2022 5:27 AM

“Attempts at political interference are not confined to one side of politics, and you’d be surprised by the range of countries involved,”

Burgess made it clear in an interview a year ago that he did not want Asio to be drawn into domestic political debate and revealed he sometimes had a quiet word telling politicians to cease and desist. That makes Dutton’s invocation of Asio particularly egregious.
https://www.theguardian.com/australia-news/audio/2021/mar/20/asio-chief-no-direct-lessons-from-christchurch-but-this-can-happen-to-us

“We now see evidence, Mr Speaker, that the Chinese Communist party, the Chinese government, has also made a decision about who they’re going to back in the next federal election, Mr Speaker, and that is open and that is obvious, and they have picked this bloke as that candidate,” Dutton said.

This was by no means an accidental line. Morrison used similar but vaguer language when stating “those who are seeking to coerce Australia” knew that “their candidate” in the election was “the leader of the Labor party”. The implication of these carefully crafted statements was clear – Labor would go soft on China and had Beijing’s backing.

And then Dutton dropped the head of Asio, Mike Burgess, into the domestic political fray. “Mine was a reflection on what has been publicly reported and commented on by the director general of Asio and … there are media reports today in relation to these serious matters,” he said.
https://www.theguardian.com/australia-news/2022/feb/10/peter-dutton-has-plumbed-new-and-dangerous-depths-by-suggesting-china-is-backing-labor

There have been attempts to influence all political parties by a number of countries including China and Russia. Mr Morrison and Mr Dutton should be careful with their language as they are both not immune from approaches by undeclared foreign intelligence officers.

There are still operations which remain active.

Ted February 11, 2022 2:06 PM

@Quantry

I’m switching threads on us to respond to your post.

It seems like we agree. It could be perilous if interrogators can’t ascertain the extent of one’s knowledge – especially if those interrogators aren’t restrained.

You might really enjoy Amy Zegart’s book. Chapter 8 is on Congressional Oversight of intelligence. From her book:

“This chapter asks four questions: (1) What does good congressional intelligence oversight look like? (2) How well has Congress overseen intelligence throughout history? (3) What makes congressional oversight of intelligence different from, and harder than, other policy areas? (4) What does the future hold?”

Maybe you know a lot about this already, but a lot of it was new to me. I thought it was an awesome, awesome chapter.

I know these issues are not limited to one point of engagement, but it’s still a fascinating milieu to read about.

vas pup February 11, 2022 3:12 PM

Lawmakers allege ‘secret’ CIA spying on unwitting Americans
https://www.bbc.com/news/world-us-canada-60351768

===>”Two US senators have raised concerns that the Central Intelligence Agency (CIA) is again spying upon unwitting Americans.

The agency has “secretly” conducted warrantless surveillance through a newly disclosed program, Senators Ron Wyden and Martin Heinrich alleged.

In a letter to intelligence officials, the two Democrats called for declassifying details of the program.

Government data collection has been the subject of much controversy in the US.

Officially, the CIA and National Security Agency (NSA) have a foreign surveillance mission and domestic spying is prohibited by the CIA’s 1947 charter.

But in 2013, a program of data collection using extensive internet and phone surveillance by American intelligence was disclosed to the public by Edward Snowden, a CIA contractor-turned whistle-blower.

A Washington Post analysis of the Snowden leak found some 90% of those being monitored were ordinary Americans “caught in a net the National Security Agency had cast for somebody else”.

The still-classified program operates under the authority of a Reagan-era executive order and is therefore “entirely outside the statutory framework that Congress and the public believe govern this collection,” they said.

The American Civil Liberties Union (ACLU) non-profit said: “These reports raise serious questions about what information of ours the CIA is vacuuming up in bulk and how the agency exploits that information to spy on Americans”.

Are You surprised? I am not. They are working as a state within the state with low or almost zero responsibility/oversight under pretext of protecting their freaking activity which is more fit into N Korea and other authoritarian governments. Sorry.

ResearcherZero February 12, 2022 11:32 PM

A data pipeline is a means of moving data from one place (the source) to a destination (such as a data warehouse). Along the way, data is transformed and optimized, arriving in a state that can be analyzed and used to develop business insights.

A data pipeline essentially is the steps involved in aggregating, organizing, and moving data. Modern data pipelines automate many of the manual steps involved in transforming and optimizing continuous data loads. Typically, this includes loading raw data into a staging table for interim storage and then changing it before ultimately inserting it into the destination reporting tables.
https://www.snowflake.com/guides/data-pipeline

One of the first tasks performed when doing data analytics is to create clean the dataset you’re working with. The insights you draw from your data are only as good as the data itself, so it’s no surprise that an estimated 80% of the time spent by analytics professionals involves preparing data for use in analysis.
https://towardsdatascience.com/cleaning-and-transforming-data-with-sql-f93c4de0d2fc

Data transformation is data preprocessing technique used to reorganize or restructure the raw data in such a way that the data mining retrieves strategic information efficiently and easily. Data transformation include data cleaning and data reduction processes such as smoothing, clustering, binning, regression, histogram etc.
https://binaryterms.com/data-transformation.html

Hadley Wickham, outlines split-apply-combine strategy as one of the most common strategies in data analysis.
https://www.jstatsoft.org/article/view/v040i01

In a typical exploratory data analysis, we approach the problem by dividing the data set at some granular level and then aggregating the data at that granularity in order to understand the central tendency. Be it Marketing Segmentation, or any Behavioral Research, we use this technique at some point during our analysis.
https://medium.com/analytics-vidhya/split-apply-combine-strategy-for-data-mining-4fd6e2a0cc99

“Utilising the data we collectively hold and allowing it to be maximised properly will have economic benefits. Data sharing that engenders trust in how personal data is being used is a driver of innovation, competition, economic growth and greater choice for consumers and citizens. This is also true in the sphere of public service delivery where efficient sharing of data can improve insights, outcomes and increase options for recipients.”

“This code demonstrates that the legal framework is an enabler to responsible data sharing and busts some of the myths that currently exist. But we cannot pretend that a code of practice is a panacea to solve all the challenges for data sharing. Or that targeted ICO engagement and advice will solve everything. There are other barriers to data sharing, including cultural, technical and organisational factors. Overcoming these will require more than just the ICO; it will require a collective effort from practitioners, government and the regulator.”
https://ico.org.uk/for-organisations/guide-to-data-protection/ico-codes-of-practice/data-sharing-a-code-of-practice/

In this blog, well help you understand why data exchange agreements are essential and how to create an agreement thats right for your business needs.
https://www.gmsssrk.co.in/2022/02/09/data-sharing-agreement-ico/

On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers.
https://www.cnil.fr/fr/transmission-des-donnees-des-partenaires-commerciaux-ou-des-courtiers-de-donnees-quels-sont-les

Protecting the country from ever-evolving, transnational threats requires a strengthened homeland security enterprise that shares information across traditional organizational boundaries.
https://www.dhs.gov/information-sharing

Clive Robinson February 13, 2022 12:15 AM

@ ResearcherZero,

A data pipeline is a means of moving data from one place (the source) to a destination (such as a data warehouse). Along the way, data is transformed and optimized, arriving in a state that can be analyzed and used to develop business insights.

You forgot to mention the most important attribute of the process,

Data Pipelining is a business process, as such the result should be clearly “value added”.

It’s something that gets rather forgotten these days under the mantra that has arisen under the mistaken belief that a large enough dataset contains hidden treasure that can be extracted like blood from a stone, if only you just squeeze it hard enough.

Sometimes some data sets held in any form are just “radioactive” and thus always detrimental and thus best treated as highly toxic “hazardous waste”.

ResearcherZero February 13, 2022 2:29 AM

@Clive Robinson

Disposal being the optimal solution.

They should at least encrypt the hazardous waste, and patch gaping holes allowing access to these huge databases.

“Let me tell you how this breach and so many others have affected my life. I’m sure you can sympathize, because no amount of free credit monitoring is going to make up for the incessant scam and sham telephone calls, text messages and emails.”

“I regularly get calls to extend the manufacturer’s car warranty I never had, or I receive intimidating voice-mail messages that the IRS is going to have me arrested for an overdue tax bill I don’t owe.”

“Then there are the aggravating phishing emails — hundreds every week. It’s like playing whack-a-mole at a carnival. You delete them, but more keep popping into your inbox.”

“I don’t believe for a second some clinical research project is going to pay me up to $1,125. I don’t need a cheap cure for erectile dysfunction. UPS isn’t trying to reach me. Samsung, Lowe’s, Dollar General and Apple are not giving me $90.”

“And AOL/Verizon is not updating my email account. This last one is a con, and it’s snaring a lot of victims.”

In a 2019 complaint, the Federal Trade Commission alleged that Equifax had failed to make a patch in its network after being alerted to the security vulnerability.

Equifax, without admitting guilt, agreed that year to a settlement with the FTC, the Consumer Financial Protection Bureau and 50 states and territories. Part of that settlement was providing credit monitoring.

Because of appeals, the settlement was not finalized until last month. Now millions of people who filed a claim are getting an email from the settlement administrator asking them to sign up for free credit monitoring for four years, which covers their files at all three credit bureaus — Equifax, Experian and TransUnion.
https://www.washingtonpost.com/business/2022/02/11/equifax-data-breach-settlement-free-credit-monitoring/

A critical software vulnerability in the web application software was publicly disclosed on March 7, 2017. The vulnerability had not yet been updated or fixed by Equifax two months later, when US authorities say Chinese hackers were actively using it to break into Equifax’s networks and computers to steal sensitive data including names, birth dates, and Social Security numbers.

The indictment, the result of a two-year investigation, details how these Chinese operatives worked to access, steal, and make off with the mountains of data.
https://www.technologyreview.com/2020/02/10/349004/the-us-says-the-chinese-military-hacked-equifax-heres-how/

Equifax had failed to renew one of their certificates nearly 10 months previously — which meant that encrypted traffic wasn’t being inspected.
https://www.thesslstore.com/blog/the-equifax-data-breach-went-undetected-for-76-days-because-of-an-expired-certificate/

By providing full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers, it provided most of the information banks, insurance companies, and other businesses use to confirm consumers are who they claim to be. The theft, by criminals who exploited a security flaw on the Equifax website, opens the troubling prospect the data is now in the hands of hostile governments, criminal gangs, or both and will remain so indefinitely.

more than half of all US residents who rely the most on bank loans and credit cards are now at a significantly higher risk of fraud and will remain so for years to come.
https://arstechnica.com/information-technology/2017/09/why-the-equifax-breach-is-very-possibly-the-worst-leak-of-personal-info-ever/

“Equifax has been directing victims to a fake phishing site for weeks”
https://krebsonsecurity.com/2017/09/equifax-or-equiphish/

The indictment suggests the hack was part of a series of major data thefts organized by the People’s Liberation Army and Chinese intelligence agencies. China can use caches of personal information and combine them with artificial intelligence to better target American intelligence officers and other officials.

The newly unsealed indictment names Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei as the responsible hackers, identifying them as members of the Chinese People’s Liberation Army’s 54th Research Institute.
https://www.justice.gov/opa/press-release/file/1246891/download

The information stolen from Equifax, which is based in Atlanta, could reveal whether any American officials are under financial stress and thus susceptible to bribery or blackmail.
https://www.nytimes.com/2020/02/10/us/politics/equifax-hack-china.html

Equifax, established in Georgia, US in 1899. Credit references were its core business from the beginning, as well as providing data to insurance companies to assess risk and set premiums. In the 1970s, the company was criticized based on a perception that it was selling data on personal behavior such as sexual orientation, playing along with a theory that such characteristics could predict the likelihood of people repaying their loans. Today Equifax is said to hold information on 800 million individuals around the world.

ResearcherZero February 13, 2022 2:37 AM

@Clive Robinson

I’d try and describe what I think of politicians and those making decisions around the handling of data, but it would sound incredibly offensive.

Clive Robinson February 13, 2022 1:19 PM

@ ResearcherZero,

but it would sound incredibly offensive.

But would it be unfair?

To say “an ally cat has no morals” might be offensive but is it either untrue or unfair?

I joke that,

“The only time the truth passes a politicians lips is at dinner when some one leans across them to ask another diner on the other side of the politician to pass the salt.”

It’s not vulgar, most would say it was not even rude, some might say there is the odd honest politician so it is unfair in their case.

In the UK we have a topical news program with a small quiz element called “Have I got news for you” one of the regular team captins is Ian Hislop, who is also editor of the satirical paper “Private Eye” that dishes “honest dirt” against amongst others dishonest politicians and those in positions of trust (and the antics of maby many supposed Main Stream Media journalists editors and the outlets owners).

The TV program goes out live, thus escapes to a certain extent editorial control. One evening Ian Hislop –also called “sperm of the devil”– observed that politicians were more criminal than the voring public… He went on to note that in the UK they were four times more likely to be not just be found guilty but go to jail. This shocked the question master who asked if Ian was sure. Ian replied yes he had calculated it from the [official] figures and that it was not dificult maths.

Apparantly this bit of “truth” was found quite offensive by some who picked up their pens and wrote to various people who might effectively censor not just Ian but the program and the Broadcaster the BBC.

Apparently Ian’s math was verified by others, so the writings were made by either the ignorant or those with bias be it cognative or otherwise. The latter I suspect having a high degree of probability based on what is now probably a century of observation that after a relatively short period of time gave rise to Upton Sinclair observing in his book that of people and politics,

“It is difficult to get a man to understand something, when his salary depends on his not understanding it.”

I suspect many in Australia currently are coming to a similar opinion about their current incumbent, and many others in positions of power/privilege of public office.

ResearcherZero February 13, 2022 6:46 PM

@Clive Robinson

It would be completely fair, but polling suggests that politeness and the right facial gestures are far more important than the ugly truth.

In Australia at the moment they are currently going to conduct reviews into legal reform (for grooming, child abuse and rape) that was recommended 30 years ago.

“Just wait another two years while we have the reviews, and please be polite, don’t upset the feelings of the rapists, kidnappers and politicians during this process.”

“The politicians have tried hard to pursue their own agendas for the last few decades, this issue repeatedly has bogged down their ambitions.”

“Coercion is an unfortunate business, but it carries with it the awful stench of scandal.”

“What is worse is the unfounded claims of espionage. Any claims of coercion, and any targeting of children as part of any foreign espionage activities will be strongly refuted.”

“You may not be aware, but I’ve heard claims of a journalist…”

ResearcherZero February 13, 2022 6:52 PM

Surveillance is way cheaper than addressing physical problems or pursuing timely and expensive legal procedures. It is also very helpful for dealing with those ever so annoying human rights advocates.

“To stop the surveillance, the mobile networks would have to get their equipment suppliers to make changes; they would have to change their own back-office systems; they would have to reformulate customer contracts so they would not rely on the data being available in case of disputes; and so on.

Even ignoring the fact that lawmakers have generally made the collection of surveillance data a requirement for mobile network licenses, it would cost the telcos more money to stop the surveillance of their customers than to continue doing it.

That is quite literally what “surveillance too cheap to meter” means.

The fact that telcos have subsequently found other customers for their surveillance data—for example, customers presenting themselves as “market researchers” but often fronting for private or public intelligence agencies—only makes matters worse.

On the other side of the wireless connection, there are only two games in town: Either you are Apple, or you put Google’s Android smartphone software on your product. Both platforms are architected on an economy of surveillance.”

https://queue.acm.org/detail.cfm?id=3511661

Clive Robinson February 13, 2022 10:00 PM

@ ResearcherZero, ALL,

With regards,

“Both platforms are architected on an economy of surveillance.”

And the “third party business records” of the telcos, some might conclude any kind of Privacy by mobile phone is impossible.

Especially now politicians are pushing for “on device surveillance” under the claim of CSAbuse etc.

However whilst individuals can not yet make their location unavailable to the telcos with mobile phones[1]. They can as I’ve described in the past secure their actual message content, by moving the security end point off of the mobile device.

The point is the “think of the children” is just a callous manipulation of peoples emotions by what are best described as psychopaths who will not stop untill they have every ordinary citizens electronic communications 100% recorded, for “future use”.

For reasons I suspect you are more than aware of so no need to mention them.

[1] They can however do so using older technology that is still available such as “pagers” as I’ve described in the past.

Quantry February 15, 2022 10:57 AM

@Ted, Thanks, re: your comment

It could be perilous if interrogators can’t ascertain the extent of one’s knowledge – especially if those interrogators aren’t restrained.

Seems my “sig-int / spy-craft’s use of a $5-wrench” comment got the axe anyway, despite being a thread mostly on “compelling the key”.

But these “restraint” issues aren’t only about the “uncertainty” about what a target knows. Its often about masking major inadequacies, and other “justified” motives, no matter what the cost:

Sometimes, even for a vendetta, its easier to slowly and variously destroy the target, over decades, especially using “deniable” back-channels.

How, except for a personal witness statement, can anyone so marginalized, give evidence against the woolfie gaurding the sheep? Keep samples of the coffee I get at the coffee shop? And send the to which law-fearing lab here? SNC-Lavalin???

Anyone monitoring my comms lately would see this rape with vivid clarity. Perhaps thats beyond the pay-grade of the moderator here, but isn’t even the likes of overseer Craig-Forcese also at least as compelled by mr. woolfie’s saber?

And do you seriously think my letters even reached Forcese?

Even on a good day, Overseer can only see with his own eyes, in front of him.
And its not a good day. And its not in front of him.

Cheers, thanks again Bruce.
Sometimes a little sand is needed on the rails for traction.

ResearcherZero February 15, 2022 10:59 PM

@Clive Robinson

Dealing with politicians and explaining not just technicalities, but also social engineering, was, and probably still is an infuriating process from an intelligence perspective.

Anything involving children still is a physical crime (popular with some foreign adversaries), and yet laws still leave open for coercion. There is too much data, physical policing improvements are needed. Trying to get that through to some of the politicians thick f’ing skulls, that their own children may (and have been) targets, is much harder than it should be, due to their individual ambitions and lack of empathy. There are points once crossed that trump protecting their interests, and they can be thrown under the bus. Scandal can be used to serve the public’s interests, and when politicians abuse national security to serve themselves, those interests align. Ding ding!

Praised be Shai-Hulud!

Bless the Maker and His water. Bless the coming and going of Him. May His passage cleanse the world. May He keep the world for His people.

“Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.”

“Social engineers manipulate human feelings, such as curiosity or fear, to carry out schemes and draw victims into their traps.”

“A perpetrator first investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break security practices, such as revealing sensitive information or granting access to critical resources.”
https://www.imperva.com/learn/application-security/social-engineering-attack/

It’s pretty simple stuff, yet it remains difficult for politicians to grasp, and increasingly so once they gain power.

ResearcherZero February 15, 2022 11:21 PM

@Clive Robinson

They believe it is all electronic, they do not grasp it is physical, person-to-person interaction.

I gather most of the w**kers (politicians) would have studied Aristotle

The Poetics is primarily concerned with drama, and the analysis of tragedy constitutes the core of the discussion.

Traditionally, the term poetics has been interpreted as an inquiry into the laws and principles that underlie a verbal work of art and has often carried normative and prescriptive connotations.

She was raised by beasts
And grabbed by vultures
Oh, here come the wolfman
The Abominable Snowman
Got a little poison
Got a little gun
Sitting in her bathtub
Waiting for the wolfman to come

You think your great big husband will protect you, you are wrong
You think your little wife will protect you, you are wrong
You think your children will protect you, you are wrong
You think your government will protect you, you are wrong

Or as the undeclared foreign intelligence officers so eloquently state it, “Give us what we want, or we will get your children!”

(Which they mean in the physical sense, NOT via the internet)

Petre Peter March 17, 2022 8:51 AM

‘In the intelligence community, people don’t have jobs, they have missions’. I really enjoyed reading it. Thank you for the recommendation.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.