diff --git a/11-Surveillance/11-Surveillance.md b/11-Surveillance/11-Surveillance.md new file mode 100644 index 0000000..76117a1 --- /dev/null +++ b/11-Surveillance/11-Surveillance.md @@ -0,0 +1,1383 @@ +11. Surveillance, Privacy, And Intelligence Agencies + + 11.1. copyright + THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, + 1994-09-10, Copyright Timothy C. May. All rights reserved. + See the detailed disclaimer. Use short sections under "fair + use" provisions, with appropriate credit, but don't put your + name on my words. + + 11.2. SUMMARY: Surveillance, Privacy, And Intelligence Agencies + 11.2.1. Main Points + 11.2.2. Connections to Other Sections + 11.2.3. Where to Find Additional Information + - Bamford ("The Puzzle Palace"), Richelson (several books, + including "U.S. Intelligence Agencies"), Burrows ("Deep + Black," about the NRO and spy satellites), Covert Action + Quarterly + 11.2.4. Miscellaneous Comments + + 11.3. Surveillance and Privacy + 11.3.1. We've come a long way from Secretary of State Stimpson's + famous "Gentlemen do not read other gentlemen's mail" + statement. It is now widely taken for granted that Americans + are to be monitored, surveilled, and even wiretapped by the + various intelligence agencies. The FBI, the National Security + Agency, the CIA, the National Reconnaissance Office, etc. + (Yes, these groups have various charters telling them who + they can spy on, what legalities they have to meet, etc. But + they still spy. And there's not an uproar--the "What have you + got to hide?" side of the American privacy dichotomy.) + 11.3.2. Duncan Frissell reminds us of Justice Jackson's 1948 + dissenting opinion in some case: + - "The government could simplify criminal law enforcement by + requiring every citizen "to keep a diary that would show + where he was at all times, with whom he was, and what he + was up to." [D.F. 1994-09-06, from an article in the WSJ] + - (It should be noted that tracking devices--collars, + bracelets, implantable transmitters--exist and are in use + with prisoners. Some parents are even installing them in + children, it is rumored. A worry for the future?) + 11.3.3. "What is the "surveillance state"?" + - the issue with crypto is the _centralization_ of + eavesdropping...much easier than planting bugs + + "Should some freedom be given up for security?" + + "Those who are willing to trade freedom for security + - deserve neither + + freedom nor security + - Ben Franklin + - the tradeoff is often illusory--police states result when + the trains are made to run on time + - "It's a bit ironic that the Administration is crying foul + so loudly + over the Soviet/Russian spy in the CIA -- as if this was + unfair -- + while they're openly proclaiming the right to spy on + citizens + and foreigners via Clipper." [Carl Ellison, 1994-02-23] + + Cameras are becoming ubiquitous + + cheap, integrated, new technologes + - SDI fisheye lens + - ATMs + - traffic, speed traps, street corners + - store security + - Barcodes--worst fear of all...and not plausible + + Automatic recognition is still lacking + - getting better, slowly + - neural nets, etc. (but these require training) + 11.3.4. "Why would the government monitor _my_ communications?" + - "Because of economics and political stability....You can + build computers and monitoring devices in secret, deploy + them in secret, and listen to _everything_. To listen to + everything with bludgeons and pharmaceuticals would not + only cost more in labor and equipment, but also engender a + radicalizing backlash to an actual police state." [Eric + Hughes, 1994-01-26] + - Systems like Digital Telephony and Clipper make it much too + easy for governments to routinely monitor their citizens, + using automated technology that requires drastically less + human involvement than previous police states required. + 11.3.5. "How much surveillance is actually being done today?" + + FBI and Law Enforcement Surveillance Activities + - the FBI kept records of meetings (between American + companies and Nazi interests), and may have used these + records during and after the war to pressure companies + + NSA and Security Agency Surveillance Activities + - collecting economic intelligence + - in WW2, Economic Warfare Council (which was renamed Board + of Economic Warfare) kept tabs on shipments of petroleum + and other products + + MINARET, code word for NSA "watch list" material + (intercepts) + - SIGINT OPERATION MINARET + - originally, watch list material was "TOP SECRET + HANDLE VIA COMINT CHANNELS ONLY UMBRA GAMMA" + + NSA targeting is done primarily via a list called + Intelligence Guidelines for COMINT Priorities (IGCP) + - committe made up of representatives from several + intelligence agencies + - intiated in around 1966 + + revelations following Pentagon Papers that national + security elsur had picked up private conversations (part + of the Papers) + - timing of PP was late 1963, early 1964...about time UB + was getting going + + F-3, the NSA's main antenna system for intercepting ASCII + transmissions from un-TEMPESTed terminals and PCs + - signals can be picked up through walls up to a foot + thick (or more, considering how such impulses bounce + around) + + Joint FBI/NSA Surveillance Activities + + Operation Shamrock was a tie between NSA and FBI + - since 1945, although there had been earlier intercepts, + too + - COINTELPRO, dissidents, radicals + + 8/0/45 Operation Shamrock begins + - a sub rosa effort to continue the monitoring + arrangements of WW II + - ITT Communications agreed to turn over all cables + + RCA Communications also turned over all cables + - even had an ex-Signal Corps officer as a VP to + handle the details + - direct hookups to RCA lines were made, for careful + monitoring by the ASA + - cables to and from corporations, law firms, + embassies, citizens were all kept + + 12/16/47 Meeting between Sosthenes Behn of ITT, + General Ingles of RCA, and Sec. of Defense James + Forrestal + - to discuss Operation Shamrock + - to arrange exemptions from prosecution + + 0/0/63 Operation Shamrock enters a new phase as RCA + Global switches to computerized operation + - coincident with Harvest at NSA + - and perfect for start of UB/Severn operations + + 1/6/67 Hoover officially terminates "black bag" + operations + - concerned about blowback + - had previously helped NSA by stealing codes, ciphers, + decrypted traffic, planting bugs on phone lines, etc. + - from embassies, corporations + - unclear as to whether these operations continued + anyway + + Plot Twist: may have been the motivation for NSA and + UB/Severn to pursue other avenues, such as the use of + criminals as cutouts + - and is parallel to "Plumbers Unit" used by White + House + + 10/1/73 AG Elliot Richardson orders FBI and SS to + stop requesting NSA surveillance material + - NSA agreed to stop providing this, but didn't tell + Richardson about Shamrock or Minaret + - however, events of this year (1973) marked the end of + Minaret + + 3/4/77 Justice Dept. recommends against prosecution + of any NSA or FBI personnel over Operations Shamrock + and Minaret + - decided that NSCID No. 9 (aka No. 6) gave NSA + sufficient leeway + - 5/15/75 Operation Shamrock officially terminated + - and Minaret, of course + + Operation Shamrock-Details + + 8/0/45 Operation Shamrock begins + - a sub rosa effort to continue the monitoring + arrangements of WW II + - ITT Communications agreed to turn over all cables + + RCA Communications also turned over all cables + - even had an ex-Signal Corps officer as a VP to + handle the details + - direct hookups to RCA lines were made, for careful + monitoring by the ASA + - cables to and from corporations, law firms, + embassies, citizens were all kept + + 12/16/47 Meeting between Sosthenes Behn of ITT, + General Ingles of RCA, and Sec. of Defense James + Forrestal + - to discuss Operation Shamrock + - to arrange exemptions from prosecution + + 0/0/63 Operation Shamrock enters a new phase as RCA + Global switches to computerized operation + - coincident with Harvest at NSA + - and perfect for start of UB/Severn operations + + 8/18/66 (Thursday) New analysis site in New York for + Operation Shamrock + + Louis Tordella meets with CIA Dep. Dir. of Plans and + arranges to set up a new listening post for analysis + of the tapes from RCA and ITT (that had been being + shipped to NSA and then back) + - Tordella was later involved in setting up the watch + list in 1970 for the BNDD, (Operation Minaret) + - LPMEDLEY was code name, of a television tape + processing shop (reminiscent of "Man from U.N.C.L.E." + - but NSA had too move away later + - 5/15/75 Operation Shamrock officially terminated + + 10/1/73 AG Elliot Richardson orders FBI and SS to + stop requesting NSA surveillance material + - NSA agreed to stop providing this, but didn't tell + Richardson about Shamrock or Minaret + - however, events of this year (1973) marked the end of + Minaret + - Abzug committee prompted by New York Daily News report, + 7/22/75, that NSA and FBI had been monitoring + commercial cable traffic (Operation Shamrock) + + 6/30/76 175 page report on Justice Dept. + investigation of Shamrock and Minaret + - only 2 copies prepared, classified TOP SECRET UMBRA, + HANDLE VIA COMINT CHANNELS ONLY + + 3/4/77 Justice Dept. recommends against prosecution + of any NSA or FBI personnel over Operations Shamrock + and Minaret + - decided that NSCID No. 9 (aka No. 6) gave NSA + sufficient leeway + + the NSA program, begun in August 1945, to monitor all + telegrams entering or leaving the U.S. + - reminiscent of Yardley's arrangements in the 1920s + (and probably some others) + - known only to Louis Tordella and agents involved + - compartmentalization + + Plot Links of Operation Shamrock to Operation Ultra + Black + - many links, from secrecy, compartmentalization, and + illegality to the methods used and the subversion of + government power + - "Shamrock was blown...Ultra Black burrowed even + deeper." + + NSA, FBI, and surveillance of Cuban sympathizers + - "watch list" used + - were there links to Meyer Lansky and Trafficante via + the JFK-Mafia connection? + - various Watergate break-in connections (Cubans used) + - Hoover ended black-bag operations in 1967-8 + + NSA, FBI, and Dissenters (COINTELPRO-type activities) + + 10/20/67 NSA is asked to begin collecting information + related to civil disturbances, war protesters, etc. + - Army Intelligence, Secret Service, CIA, FBI, DIA were + all involved + - arguably, this continues (given the success of FBI + and Secret Service in heading off major acts of + terrorism and attempted assassinations) + + Huston Plan and Related Plans (1970-71) + - 7/19/66 Hoover unofficially terminates black bag + operations + + 1/6/67 Hoover officially terminates black bag + operations + - fearing blowback, concerned about his place in + history + + 6/20/69 Tom C. Huston recommends increased + intelligence activity on dissent + - memo to NSA, CIA, DIA, FBI + - this later becomes basis of Huston Plan + + 6/5/70 Meeting at White House to prepare for Huston + Plan; Interagency Committee on Intelligence (Ad Hoc), + ICI + - Nixon, Huston, Ehrlichman, Haldeman, Noel Gayler of + NSA. Richard Helms of CIA, J. Edgar Hoover of FBI, + Donald V. Bennett of DIA + - William Sullivan of FBI named to head ICI + + NSA enthusiastically supported ICI + - PROD named Benson Buffham as liaison + - sought increased surreptitious entries and + elimination of legal restrictions on domestic + surveillance (not that they had felt bound by + legalisms) + - recipients to be on "Bigot List" and with even more + security than traditional TOP SECRET, HANDLE VIA + COMINT CHANNELS ONLY + - + + 7/23/70 Huston Plan circulated + - 43 pages, entitled Domestic Intelligence Gathering + Plan: Analysis and Stategy + - urged increased surreptitious entries (for codes, + ciphers, plans, membership lists) + - targeting of embassies + + 7/27/70 Huston Plan cancelled + - pressure by Attorney General John Mitchell + - and perhaps by Hoover + - Huston demoted; he resigned a year later + - but the Plan was not really dead...perhaps Huston's + mistake was in being young and vocal and making the + report too visible and not deniable enough + + 12/3/70 Intelligence Evaluation Committee (IEC) meets + (Son-of-Huston Plan) + - John Dean arranged it in fall of '70 + - Robert C. Mardian, Assistant AG for Internal Security + headed up the IEC + - Benson Buffham of NSA/PROD, James Jesus Angleton of + CIA, George Moore from FBI, Col. John Downie from DOD + - essentially adopted all of Huston Plan + + 1/26/71 NSA issues NSA Contribution to Domestic + Intelligence (as part of IEC) + - increased scope of surveillance related to drugs (via + BNDD and FBI), foreign nationals + - "no indication of origin" on generated material + - full compartmentalization, NSA to ensure compliance + + 8/4/71 G. Gordon Liddy attends IEC meeting, to get + them to investigate leaks of Pentagon Papers + - channel from NSA/PROD to Plumber's Unit in White + House, bypassing other agencies + + 6/7/73 New York Times reveals details of Huston Plan + - full text published + - trials of Weatherman jeopardized and ultimately + derailed it + + 10/1/73 AG Elliot Richardson orders FBI and SS to + stop requesting NSA surveillance material + - NSA agreed to stop providing this, but didn't tell + Richardson about Shamrock or Minaret + - however, events of this year (1973) marked the end of + Minaret + + FINCEN, IRS, and Other Economic Surveillance + - set up in Arlington as a group to monitor the flows of + money and information + + eventually these groups will see the need to actively + hack into computer systems used by various groups that + are under investigation + - ties to the death of Alan Standorf? (Vint Hill) + - Casolaro, Riconosciutto + 11.3.6. "Does the government want to monitor economic transactions?" + - Incontrovertibly, they _want_ to. Whether they have actual + plans to do so is more debatable. The Clipper and Digital + Telephony proposals are but two of the indications they + have great plans laid to ensure their surveillance + capabilities are maintained and extended. + - The government will get increasingly panicky as more Net + commerce develops, as trade moves offshore, and as + encryption spreads. + 11.3.7. A danger of the surveillance society: You can't hide + - seldom discussed as a concern + - no escape valve, no place for those who made mistakes to + escape to + - (historically, this is a way for criminals to get back on a + better track--if a digital identity means their record + forever follows them, this may...) + + A growing problem in America and other "democratic" + countries is the tendency to make mandatory what were once + voluntary choices. For example, fingerprinting children to + help in kidnapping cases may be a reasonable thing to do + voluntarily, but some school districts are planning to make + it mandatory. + - This is all part of the "Let's pass a law" mentality. + 11.3.8. "Should I refuse to give my Social Security Number to those + who ask for it?" + - It's a bit off of crypto, but the question does keep coming + up on the Cypherpunks list. + - Actually, they don't even need to ask for it + anymore....it's attached to so many _other_ things that pop + up when they enter your name that it's a moot point. In + other words, the same dossiers that allow the credit card + companies to send you "preapproved credit cards" every few + days are the same dossiers that MCI, Sprint, AT&T, etc. are + using to sign you up. + 11.3.9. "What is 'Privacy 101'?" + - I couldn't think of a better way to introduce the topic of + how individuals can protect their privacy, avoid + interference by the government, and (perhaps) avoid taxes. + - Duncan Frissell and Sandy Sandfort have given out a lot of + tips on this, some of them just plain common sense, some of + them more arcane. + + They are conducting a seminar, entitled "PRIVACY 101" and + the archives of this are available by Web at: + - http://www.iquest.com/~fairgate/privacy/index.html + 11.3.10. Cellular phones are trackable by region...people are getting + phone calls as they cross into new zones, "welcoming" them + - but it implies that their position is already being tracked + 11.3.11. Ubiquitous use of SSNs and other personal I.D. + 11.3.12. cameras that can recognize faces are placed in many public + places, e.g., airports, ports of entry, government buildings + - and even in some private places, e.g., casinos, stores that + have had problems with certain customers, banks that face + robberies, etc. + 11.3.13. speculation (for the paranoids) + - covert surveillance by noninvasive detection + methods...positron emission tomography to see what part of + the brain is active (think of the paranoia possibility!) + - typically needs special compounds, but... + 11.3.14. Diaries are no longer private + + can be opened under several conditions + - subpoena in trial + - discovery in various court cases, including divorce, + custody, libel, etc. + - business dealings + - psychiatrists (under Tarasoff ruling) can have records + opened; whatever one may think of the need for crimes + confessed to shrinks to be reported, this is certainly a + new era + - Packwood diary case establishes the trend: diaries are no + longer sacrosanct + - An implication for crypto and Cypherpunks topics is that + diaries and similar records may be stored in encrypted + forms, or located in offshore locations. There may be more + and more use of offshore or encrypted records. + + 11.4. U.S. Intelligence Agencies: NSA, FinCEN, CIA, DIA, NRO, FBI + 11.4.1. The focus here is on U.S. agencies, for various reasons. Most + Cypherpunks are currently Americans, the NSA has a dominant + role in surveillance technology, and the U.S. is the focus of + most current crypto debate. (Britain has the GCHQ, Canada has + its own SIGINT group, the Dutch have...., France has DGSE and + so forth, and...) + 11.4.2. Technically, not all are equal. And some may quibble with my + calling the FBI an "intelligence agency." All have + surveillance and monitoring functions, albeit of different + flavors. + 11.4.3. "Is the NSA involved in domestic surveillance?" + + Not completely confirmed, but much evidence that the answer + is "yes": + * previous domestic surveillance (Operation Shamrock, + telegraphs, ITT, collusion with FBI, etc.) + * reciprocal arrangements with GCHQ (U.K.) + * arrangements on Indian reservations for microwave + intercepts + * the general technology allows it (SIGINT, phone lines) + * the National Security Act of 1947, and later + clarifications and Executive Orders, makes it likely + - And the push for Digital Telephony. + 11.4.4. "What will be the effects of widespread crypto use on + intelligence collection?" + - Read Bamford for some stuff on how the NSA intercepts + overseas communications, how they sold deliberately- + crippled crypto machines to Third World nations, and how + much they fear the spread of strong, essentially + unbreakable crypto. "The Puzzle Palace" was published in + 1982...things have only gotten worse in this regard since. + - Statements from senior intelligence officials reflect this + concern. + - Digital dead drops will change the whole espionage game. + Information markets, data havens, untraceable e-mail...all + of these things will have a profound effect on national + security issues. + - I expect folks like Tom Clancy to be writing novels about + how U.S. national security interests are being threatened + by "unbreakable crypto." (I like some Clancy novels, but + there's no denying he is a right-winger who's openly + critical of social trends, and that he believes druggies + should be killed, the government is necessary to ward off + evil, and ordinary citizens ought not to have tools the + government can't overcome.) + 11.4.5. "What will the effects of crypto on conventional espionage?" + - Massive effects; watch out for this to be cited as a reason + to ban or restrict crypto--however pointless that may be. + + Effects: + - information markets, a la BlackNet + - digital dead drops -- why use Coke cans near oak trees + when you can put messages into files and post them + worldwide, with untraceably? (but, importantly, with a + digital signature!) + - transparency of borders + - arms trade, arms deals + - virus, weaponry + 11.4.6. NSA budget + - $27 billion over 6 years, give or take + - may actually increase, despite end of Cold War + - new threats, smaller states, spread of nukes, concerns + about trade, money-laundering, etc. + - first rule of bureaucracies: they always get bigger + + NSA-Cray Computer supercomputer + + press release, 1994-08-17, gives some clues about the + capabilities sought by the surveillance state + - "The Cray-3/SSS will be a hybrid system capable of + vector parallel processing, scalable parallel + processing and a combination of both. The system will + consist of a dual processor 256 million word Cray-3 and + a 512,000 processor 128 million byte single instruction + multiple data (SIMD) array......SIMD arrays of one + million processors are expected to be possible using + the current version of the Processor-In-Memory (PIM) + chips developed by the Supercomputing Research Center + once the development project is completed. The PIM chip + contains 64 single-bit processors and 128 kilobyte bits + of memory. Cray Computer will package PIM chips + utilizing its advanced multiple chip module packaging + technology. The chips are manufactured by National + Semiconductor Corporation." + - This is probably the supercomputer described in the + Gunter Ahrendt report + 11.4.7. FINCEN, IRS, and Other Economic Surveillance + - Financial Crimes Enforcement Network, a consortium or task + force made up of DEA, DOJ, FBI, CIA, DIA, NSA, IRS, etc. + - set up in Arlington as a group to monitor the flows of + money and information + - eventually these groups will see the need to hack into + computer systems used by various groups that are under + investigation + - Cf. "Wired," either November or December, 1993 + 11.4.8. "Why are so many computer service, telecom, and credit agency + companies located near U.S. intelligence agency sites?" + + For example, the cluster of telecom and credit reporting + agencies (TRW Credit, Transunion, etc.) in and around the + McLean/Langley area of Northern Virginia (including + Herndon, Vienna, Tyson's Corner, Chantilly, etc.) + - same thing for, as I recall, various computer network + providers, such as UUCP (or whatever), America Online, + etc. + - The least conspiratorial view: because all are located near + Washington, D.C., for various regulatory, lobbying, etc. + reasons + + The most conspiratorial view: to ensure that the + intelligence agencies have easy access to communications, + direct landlines, etc. + - credit reporting agencies need to clear identities that + are fabricated for the intelligence agencies, WitSec, + etc. (the three major credit agencies have to be + complicit in these creations, as the "ghosts" show up + immediately when past records are cross-correlated) + - As Paul Ferguson, Cypherpunk and manager at US Sprint, + puts it: "We're located in Herndon, Virginia, right + across the street from Dulles Airport and a hop, skip & + jump down the street from the new NRO office. ,-)" + [P.F., 1994-08-18] + 11.4.9. Task Force 157, ONI, Kissinger, Castle Bank, Nugan Hand Bank, + CIA + 11.4.10. NRO building controversy + - and an agency I hadn't seen listed until August, 1994: "The + Central Imagery Office" + 11.4.11. SIGINT listening posts + + possible monkeywrenching? + - probably too hard, even for an EMP bomb (non-nuclear, + that is) + 11.4.12. "What steps is the NSA taking?" + * besides death threats against Jim Bidzos, that is + * Clipper a plan to drive competitors out (pricing, export + laws, harassment) + * cooperation with other intelligence agencies, other nations + - New World Order + * death threats were likely just a case of bullying...but + could conceivably be part of a campaign of terror--to shut + up critics or at least cause them to hesitate + + 11.5. Surveillance in Other Countries + 11.5.1. Partly this overlaps on the earlier discussion of crypto laws + in other countries. + 11.5.2. Major Non-U.S. Surveillance Organizations + + BnD -- Bundesnachrichtendienst + - German security service + - BND is seeking constitutional amendment, buy may not need + it, as the mere call for it told everyone what is already + existing + - "vacuum cleaner in the ether" + - Gehlen...Eastern Front Intelligence + - Pullach, outside Munchen + - they have always tried to get the approval to do domestic + spying...a key to power + + Bundeskriminalamt (BKA) -- W. German FBI + - HQ is at Wiesbaden + - bomb blew up there when being examined, killing an + officer (related to Pan Am/Lockerbie/PFLP-GC) + - sign has double black eagles (back to back) + - BVD -- Binnenlandse Veiligheids Dienst, Dutch Internal + Security Service + + SDECE + - French intelligence (foreign intelligence), linked to + Greepeace ship bombing in New Zealand? + - SDECE had links to the October Surprise, as some French + agents were in on the negotiations, the arms shipments + out of Marseilles and Toulon, and in meetings with + Russbacher and the others + - DST, Direction de la Surveillance du Territoire, + counterespionage arm of France (parallel to FBI) + + DSGE, Direction GŽnŽrale de la SŽcuritŽ ExtŽriere + - provides draft deferments for those who deliver stolen + information + + Sweden, Forsvarets Radioanstalt ("Radio Agency of the + Defense") + - cracked German communications between occupied Norway and + occupied Denmark + - Beurling, with paper and pencil only + + Mossad, LAKAM, Israel + + HQ in Tel Aviv, near HQ of AMAN, military intelligence + - doesn't HQ move around a lot? + - LAKAM (sp?), a supersecret Israeli intelligence + agency...was shown the PROMIS software in 1983 + + learned of the Pakistani success in building an atom bomb + and took action against the Pakistani leadership: + destruction of the plane carrying the President (Zia?) + and some U.S. experts + - Mossad knew of DIA and CIA involvement in BCCI + financing of Pakistani atom bomb efforts (and links to + other arms dealers that allowed triggers and the like + to reach Pakistan) + - revelations by Vanunu were designed to scare the Arab and + Muslim world-and to send a signal that the killing of + President Zia was to be the fate of any Pakistani leader + who continued the program + 11.5.3. They are very active, though they get less publicity than do + the American CIA, NSA, FBI, etc. + + 11.6. Surveillance Methods and Technology + 11.6.1. (some of this gets speculative and so may not be to + everyone's liking) + 11.6.2. "What is TEMPEST and what's the importance of it?" + - TEMPEST apprarently stands for nothing, and hence is not an + acronym, just a name. The all caps is the standard + spelling. + - RF emission, a set of specs for complying + - Van Eyck (or Van Eck?) radiation + + Mostly CRTs are the concern, but also LCD panels and the + internal circuitry of the PCs, workstations, or terminals. + - "Many LCD screens can be read at a distance. The signal + is not as strong as that from the worst vdus, but it is + still considerable. I have demonstrated attacks on Zenith + laptops at 10 metres or so with an ESL 400 monitoring + receiver and a 4m dipole antenna; with a more modern + receiver, a directional antenna and a quiet RF + environment there is no reason why 100 metres should be + impossible." [Ross Anderson, Tempest Attacks on Notebook + Computers ???, comp.security.misc, 1994-08-31] + 11.6.3. What are some of the New Technologies for Espionage and + Surveillance + + Bugs + + NSA and CIA have developed new levels of miniaturized + bugs + - e.g., passive systems that only dribble out intercepted + material when interrogated (e.g., when no bug sweeps + are underway) + - many of these new bugging technologies were used in the + John Gotti case in New York...the end of the Cold War + meant that many of these technologies became available + for use by the non-defense side + - the use of such bugging technology is a frightening + development: conversations can be heard inside sealed + houses from across streets, and all that will be + required is an obligatory warrant + + DRAM storage of compressed speech...6-bit companded, + frequency-limited, so that 1 sec of speech takes + 50Kbits, or 10K when compressed, for a total of 36 Mbits + per hour-this will fit on a single chip + - readout can be done from a "mothership" module (a + larger bug that sits in some more secure location) + - or via tight-beam lasers + + Bugs are Mobile + - can crawl up walls, using the MIT-built technology for + microrobots + - some can even fly for short distances (a few klicks) + + Wiretaps + - so many approaches here + - phone switches are almost totally digital (a la ESS IV) + - again, software hacks to allow wiretaps + + Vans equipped to eavesdrop on PCs and networks + + TEMPEST systems + + technology is somewhat restricted, companies doing this + work are under limitations not to ship to some + customers + - no laws against shielding, of course + - these vans are justified for the "war on drugs" and + weapons proliferation controle efforts (N.E.S.T., anti- + Iraq, etc.) + + Long-distance listening + - parabolic reflectors, noise cancellation (from any off- + axis sources), high gain amplification, phoneme analysis + - neural nets that learn the speech patterns and so can + improve clarity + + lip-reading + - with electronically stabilized CCD imagers, 3000mm lenses + - neural net-based lip-reading programs, with learning + systems capable of improving performance + - for those in sensitive positions, the availability of new + bugging methods will accelerate the conversion to secure + systems based on encrypted telecommunications and the + avoidance of voice-based systems + 11.6.4. Digital Telephony II is a major step toward easier + surveillance + 11.6.5. Citizen tracking + + the governments of the world would obviously like to trace + the movements, or at least the major movements, of their + subjects + - makes black markets a bit more difficult + - surfaces terrorists, illegal immigrants, etc. (not + perfectly) + + allows tracking of "sex offenders" + - who often have to register with the local police, + announce to their neighbors their previous crimes, and + generally wear a scarlet letter at all times--I'm not + defending rapists and child molesters, just noting the + dangerous precedent this is setting + - because its the nature of bureaucracies to want to know + where "their" subjects are (dossier society = accounting + society...records are paramount) + + Bill Stewart has pointed out that the national health care + systems, and the issuance of social security numbers to + children, represent a way to track the movements of + children, through hospital visits, schools, etc. Maybe even + random check points at places where children gather (malls, + schools, playgrounds, opium dens, etc.) + - children in such places are presumed to have lesser + rights, hence... + - this could all be used to track down kidnapped children, + non-custodial parents, etc. + - this could be a wedge in the door: as the children age, + the system is already in place to continue the tracking + (about the right timetable, too...start the systme this + decade and by 2010 or 2020, nearly everybody will be in + it) + - (A true paranoid would link these ideas to the child + photos many schools are requring, many local police + departments are officially assisting with, etc. A dossier + society needs mug shots on all the perps.) + - These are all reasons why governments will continue to push + for identity systems and will seek to derail efforts at + providing anonymity + + Surveillance and Personnel Identification + + cameras that can recognize faces are placed in many + public places, e.g., airports, ports of entry, government + buildings + - and even in some private places, e.g., casinos, stores + that have had problems with certain customers, banks + that face robberies, etc. + + "suspicious movements detectors" + + cameras that track movements, loitering, eye contact + with other patrons + + neural nets used to classify behvaiors + - legal standing not needed, as these systems are + used only to trigger further surveillance, not to + prove guilt in a court of law + - example: banks have cameras, by 1998, that can + identify potential bank robbers + - camera images are sent to a central monitoring + facility, so the usual ploy of stopping the silent + alarm won't work + - airports and train stations (fears of terrorists), + other public places + 11.6.6. Cellular phones are trackable by region...people are getting + phone calls as they cross into new zones, "welcoming" them + - but it implies that their position is already being tracked + 11.6.7. coming surveillance, Van Eck, piracy, vans + - An interesting sign of things to come is provided in this + tale from a list member: "In Britain we have 'TV detector + Vans'. These are to detect licence evaders (you need to pay + an annual licence for the BBC channels). They are provided + by the Department of Trade and Industry. They use something + like a small minibus and use Van Eck principles. They have + two steerable detectors on the van roof so they can + triangulate. But TV shops have to notify the Government of + buyers - so that is the basic way in which licence evaders + are detected. ... I read of a case on a bulletin board + where someone did not have a TV but used a PC. He got a + knock on the door. They said he appeared to have a TV but + they could not make out what channel he was watching! + [Martin Spellman, , 1994- + 0703] + - This kind of surveillance is likely to become more and more + common, and raises serious questions about what _other_ + information they'll look for. Perhaps the software piracy + enforcers (Software Publishers Association) will look for + illegal copies of Microsoft Word or SimCity! (This area + needs more discussion, obviously.) + 11.6.8. wiretaps + - supposed to notify targets within 90 days, unless extended + by a judge + - Foreign Intelligence Surveillance Act cases are exempt from + this (it is likely that Cypherpunks wiretapped, if they + have been, for crypto activities fall under this + case...foreigners, borders being crossed, national security + implications, etc. are all plausible reasons, under the + Act) + + 11.7. Surveillance Targets + 11.7.1. Things the Government May Monitor + - besides the obvious things like diplomatic cable traffic, + phone calls from and to suspected terrorists and criminals, + etc. + + links between Congressmen and foreign embassies + - claims in NYT (c. 9-19-91) that CIA had files on + Congressmen opposing aid to Contras + + Grow lamps for marijuana cultivation + - raids on hydroponic supply houses and seizure of mailing + lists + - records of postings to alt.drugs and alt.psychoactive + - vitamin buyers clubs + + Energy consumption + - to spot use of grow lamps + + but also might be refined to spot illegal aliens being + sheltered or any other household energy consumption + "inconsistent with reported uses" + - same for water, sewage, etc. + + raw chemicals + - as with monitors on ammonium nitrate and other bomb + materials + - or feedstock for cocaine production (recall various + seizures of shipments of chemicals to Latin America) + - checkout of books, a la FBI's "Library Awareness Program" + of around 1986 or so + - attendance at key conferences, such as Hackers Conference + (could have scenes involving this), Computer Security + Conference + 11.7.2. Economic Intelligence (Spying on Corporations, Foreign and + Domestic) + + "Does the NSA use economic intelligence data obtained in + intercepts?" + - Some of us speculate that this is so, that this has been + going on since the 1960s at least. For example, Bamford + noted in 1982 that the NSA had foreknowledge of the plans + by the British to devalue the pound in the late 1970s, + and knowledge of various corporate plans. + - The NSA clears codes used by the CIA, so it seem + impossible for the NSA not to have known about CIA drug + smuggling activities. The NSA is very circumspect, + however, and rarely (or never) comments. + + there have been calls for the government to somehow help + American business and overall competitiveness by "levelling + the playing field" via espionage + - especially as the perceived threat of the Soviet bloc + diminishes and as the perceived threat of Japan and + Germany increases + - leaders of the NSA and CIA have even talked openly about + turning to economic surveillance + + Problems with this proposal: + - illegal + - unethical + + who gets the intelligence information? Does NSA just call + up Apple and say "We've intercepted some message from + Taiwan that describe their plans for factories. Are you + interested?" + - the U.S. situation differs from Japan and MITI (which + is often portrayed as the model for how this ought to + work) in that we have many companies with little or no + history of obeying government recommendations + + and foreign countries will likely learn of this espionage + and take appropriate measures + - e.g., by increasing encryption + 11.7.3. War on Drugs and Money Laundering is Causing Increase in + Surveillance and Monitoring + - monitoring flows of capital, cash transactions, etc. + - cooperation with Interpol, foreign governments, even the + Soviets and KGB (or whatever becomes of them) + - new radar systems are monitoring light aircraft, boats, + etc. + + 11.8. Legal Issues + 11.8.1. "Can my boss monitor my work?" "Can my bankruptcy in 1980 be + used to deny me a loan?" etc. + - Libertarians have a very different set of answers than do + many others: the answer to all these questions is mostly + "yes," morally (sorry for the normative view). + 11.8.2. Theme: to protect some rights, invasion of privacy is being + justified + - e.g., by forcing employer records to be turned over, or of + seizing video rental records (on the grounds of catching + sexual deviants) + - various laws about employee monitoring + 11.8.3. Government ID cards, ability to fake identities + - The government uses its powers to forge credentials, with + the collusion of the major credit agencies (who obviously + see these fake identities "pop into existence full-blown." + - WitSec, FINCen, false IDs, ties to credit card companies + - DEA stings, Heidi in La Jolla, Tava, fake tax returns, fake + bank applications, fake IDs + - the "above it all" attitude is typical of this...who guards + the guardians? + - WitSec, duplicity + 11.8.4. Legalities of NSA surveillance + - read Bamford for some circa 1982 poinra + - UK-USA + - ECPA + - national security exemptions + - lots of confusion; however, the laws have never had any + real influence, and I cannot imagine the NSA being sued! + + 11.9. Dossiers and Data Bases + 11.9.1. "The dossier never forgets" + + any transgressions of any law in any country can be stored + indefinitely, exposing the transgressor to arrest and + detention anytime he enters a country with such a record on + him + - (This came up with regard to the British having quaint + ideas about computer security, hacking, and data privacy; + it is quite possible that an American passing through + London could be detained for some obscure violation years + in the past.) + - this is especially worrisome in a society in which legal + codes fill entire rooms and in which nearly every day + produces some violation of some law + 11.9.2. "What about the privacy issues with home shopping, set-top + boxes, advertisers, and the NII?" + - Do we want our preferences in toothpaste fed into databases + so that advertisers can target us? Or that our food + purchases be correlated and analyzed by the government to + spot violations of the Dietary Health Act? + - First, laws which tell people what records they are + "allowed" to keep are wrong-headed, and lead to police + state inspections of disk drives, etc. The so-called "Data + Privacy" laws of several European nations are a nightmare. + Strong crypto makes them moot. + - Second, it is mostly up to people to protect what they want + protected, not to pass laws demanding that others protect + it for them. + - In practice, this means either use cash or make + arrangements with banks and credit card companies that will + protect privacy. Determining if they have or not is another + issue, but various ideas suggest themselves (John Gilmore + says he often joins groups under variants of his name, to + see who is selling his name to mailing lists.) + - Absent any laws which forbid them, privacy-preserving + credit card companies will likely spring up if there's a + market demand. Digital cash is an example. Other variants + abound. Cypherpunks should not allow such alternatives to + be banned, and should of course work on their own such + systems. + 11.9.3. credit agencies + - TRW Credit, Transunion, Equifax + - links to WitSec + 11.9.4. selling of data bases, linking of records... + - several states have admitted to selling their driver's + license data bases + +11.10. Police States and Informants + 11.10.1. Police states need a sense of terror to help magnify the + power or the state, a kind of "shrechlichkeit," as the Nazis + used to call it. And lots of informants. Police states need + willing accomplices to turn in their neighbors, or even their + parents, just as little Pavel Morozov became a Hero of the + Soviet People by sending his parents to their deaths in + Stalin's labor camps for the crime of expressing negative + opinions about the glorious State. + - (The canonization of Pavel Morozov was recently repudiated + by current Russian leaders--maybe even by the late-Soviet + era leades, like Gorbachev--who pointed out the corrosive + effects of encouraging families to narc on each + other...something the U.S. has forgotten...will it be 50 + years before our leaders admit that having children turn in + Daddy for using "illegal crypto" was not such a good idea?) + 11.10.2. Children are encouraged in federally-mandated D.A.R.E. + programs to become Junior Narcs, narcing their parents out to + the cops and counselors who come into their schools. + 11.10.3. The BATF has a toll-free line (800-ATF-GUNS) for snitching on + neighbors who one thinks are violating the federal gun laws. + (Reports are this is backfiring, as gun owners call the + number to report on local liberal politicians and gun- + grabbers.) + 11.10.4. Some country we live in, eh? (Apologies to non-U.S. readers, + as always.) + 11.10.5. The implications for use of crypto, for not trusting others, + etc., are clear + 11.10.6. Dangers of informants + + more than half of all IRS prosecutions arise out of tips by + spouses and ex-spouses...they have the inside dope, the + motive, and the means + - a sobering thought even in the age of crypto + + the U.S. is increasing a society of narcs and stool + pigeons, with "CIs" (confidential informants), protected + witnesses (with phony IDs and lavish lifestyles), and with + all sorts of vague threats and promises + - in a system with tens of thousands of laws, nearly all + behavior breaks at least some laws, often unavoidably, + and hence a powerful sword hangs over everyone's head + - corrosion of trust, especially within families (DARE + program in schools encourages children to narc on their + parents who are "substance abusers"!) + +11.11. Privacy Laws + 11.11.1. Will proposed privacy laws have an effect? + + I suspect just the opposite: the tangled web of laws-part + of the totalitarian freezeout-will "marginalize" more + people and cause them to seek ways to protect their own + privacy and protect themselves from sanctions over their + actions + + free speech vs. torts, SLAPP suits, sedition charges, + illegal research, etc. + - free speech is vanishing under a torrent of laws, + licensing requirements, and even zoning rules + + outlawing of work on drugs, medical procedures, etc. + - against the law to disseminate information on drug use + (MDMA case at Stanford), on certain kinds of birth + control + - "If encrytion is outlawed, only outlaws will have + encryption." + + privacy laws are already causing encryption ("file + protection") to be mandatory in many cases, as with medical + records, transmission of sensitive files, etc. + - by itself this is not in conflict with the government + requirement for tappable access, but the practical + implementation of a two-tier system-secure against + civilian tappers but readable by national security + tappers-is a nightmare and is likely impossible to + achieve + 11.11.2. "Why are things like the "Data Privacy Laws" so bad?" + - Most European countries have laws that limit the collection + of computerized records, dossiers, etc., except for + approved uses (and the governments themselves and their + agents). + - Americans have no such laws. I've heard calls for this, + which I think is too bad. + - While we may not like the idea of others compiling dossiers + on us, stopping them is an even worse situation. It gives + the state the power to enter businesses, homes, and examine + computers (else it is completely unenforceable). It creates + ludicrous situations in which, say, someone making up a + computerized list of their phone contacts is compiling an + illegal database! It makes e-mail a crime (those records + that are kept). + - they are themselves major invasions of privacy + - are you going to put me in jail because I have data bases + of e-mail, Usenet posts, etc.? + - In my opinion, advocates of "privacy" are often confused + about this issue, and fail to realize that laws about + privacy often take away the privacy rights of _others_. + (Rights are rarely in conflict--contract plus self-privacy + take care of 99% of situations where rights are purported + to be in conflict.) + 11.11.3. on the various "data privacy laws" + - many countries have adopted these data privacy laws, + involving restrictions on the records that can be kept, the + registration of things like mailing lists, and heavy + penalties for those found keeping computer files deemed + impermissable + - this leads to invasions of privacy....this very Cypherpunks + list would have to be "approved" by a bureaucrat in many + countries...the oportunites (and inevitabilities) of abuse + are obvious + - "There is a central contradiction running through the + dabase regulations proposed by many so-called "privacy + advocates". To be enforceable they require massive + government snooping into database activities on our + workstatins and PCs, especially the activities of many + small at-home businesses (such as mailing list + entrepreneurs who often work out of the home). + + "Thus, the upshot of these so-called "privacy" regulations + is to destroy our last shreds of privacy against + government, and calm us into blindly letting even more of + the details of our personal lives into the mainframes of + the major government agencies and credit reporting + agenices, who if they aren't explicitly excepted from the + privacy laws (as is common) can simply evade them by using + offshore havesn, mutual agreements with foreign + investigators, police and intelligence agencies." [Jim + Hart, 1994-09-08] + 11.11.4. "What do Cypherpunks think about this?" + + divided minds...while no one likes being monitored, the + question is how far one can go to stop others from being + monitored + - "Data Privacy Laws" as a bad example: tramples on freedom + to write, to keep one's computer private + 11.11.5. Assertions to data bases need to be checked (credit, + reputation, who said what, etc.) + - if I merely assert that Joe Blow no longer is employed, and + this spreads... + +11.12. National ID Systems + 11.12.1. "National ID cards are just the driver's licenses on the + Information Superhighway." [unknown...may have been my + coining] + 11.12.2. "What's the concern?" + 11.12.3. Insurance and National Health Care will Produce the "National + ID" that will be Nearly Unescapable + - hospitals and doctors will have to have the card...cash + payments will evoke suspicion and may not even be feasible + 11.12.4. National ID Card Arguments + - "worker's permit" (another proposal, 1994-08, that would + call for a national card authorizing work permission) + - immigration, benefit + - possible tie-in to the system being proposed by the US + Postal Service: a registry of public keys (will they also + "issue" the private-public key pair?) + - software key escrow and related ideas + - "I doubt that one would only have to "flash" your card and + be on your way. More correctly, one would have to submit + to being "scanned" and be on your way. This would also + serve to be a convienient locator tag if installed in the + toll systems and miscellaneous "security checkpoints". Why + would anyone with nothing to hide care if your every move + could be monitored? Its for your own good, right? Pretty + soon sliding your ID into slots in everyplace you go will + be common." [Korac MacArthur, comp.org.eff.talk, 1994-07- + 25] + 11.12.5. "What are some concerns about Universal ID Cards?" + - "Papierren, bitte! Schnell! + - that they would allow traceability to the max (as folks + used to say)... tracking of movements, erosion of privacy + - that they would be required to be used for banking + transactions, Net access, etc. (As usual, there may be + workarounds, hacks, ...) + - "is-a-person" credentially, where government gets involved + in the issuance of cryptographic keys (a la the USPS + proposal), where only "approved uses" are allowed, etc. + - timestamps, credentials + 11.12.6. Postal Service trial balloon for national ID card + - "While it is true that they share technology, their intent + and purpose is very different. Chaum's proposal has as its + intent and purpose to provide and protect anonymity in + financial transactions. The intent and purpose of the US + Postal Service is to identify and authenticate you to the + government and to guarantee the traceability of all + financial transactions." [WHMurray, alt.privacy, 1994-07- + 04] + 11.12.7. Scenario for introduction of national ID cards + - Imagine that vehicle registrations require presentation of + this card (gotta get those illegals out of their cars, or, + more benignly, the bureaucracy simply makes the ID cars + part of their process). + - Instantly this makes those who refuse to get an ID card + unable to get valid license tags. (Enforcement is already + pretty good....I was pulled over a couple of times for + either forgetting to put my new stickers on, or for driving + with Oregon expired tags.) + + The "National Benefits Card," for example, is then required + to get license plate tags.and maybe other things, like car + and home insurance, etc. It would be very difficult to + fight such a card, as one could not drive, could not pay + taxes ("Awhh!" I hear you say, but consider the penalties, + the tie-ins with employers, etc. You can run but you can't + hide.) + - the national ID card would presumably be tied in to + income tax filings, in various ways I won't go into here. + The Postal Service, aiming to get into this area I guess, + has floated the idea of electronic filing, ID systems, + etc. + 11.12.8. Comments on national ID cards + - That some people will be able to skirt the system, or that + the system will ultimately be unenforceable, does not + lessen the concern. Things can get real tough in the + meantime. + - I see great dangers here, in tying a national ID card to + transactions we are essentially unable to avoid in this + society: driving, insurance (and let's not argue + insurance...I mean it is unavoidable in the sense of legal + issues, torts, etc.), border crossings, etc. Now how will + one file taxes without such a card if one is made mandatory + for interactions with the government? Saying "taxes are not + collectable" is not an adequate answer. They may not be + collectible for street punks and others who inhabit the + underground economy, but they sure are for most of us. + +11.13. National Health Care System Issues + 11.13.1. Insurance and National Health Care will Produce the "National + ID" that will be Nearly Unescapable + - hospitals and doctors will have to have the card...cash + payments will evoke suspicion and may not even be feasible + 11.13.2. I'm less worried that a pharmacist will add me to some + database he keeps than that my doctor will be instructed to + compile a dossier to government standards and then zip it off + over the Infobahn to the authorities. + 11.13.3. Dangers and issues of National Health Care Plan + - tracking, national ID card + - "If you think the BATF is bad, wait until the BHCRCE goes + into action. "What is the BHCRCE?" you ask. Why, it the + Burea of Health Care Reform Compliance Enforcement - the + BATF, FBI, FDA, CIA and IRS all rolled into one." [Dave + Feustel, talk.politics.guns, 1994-08-19] + - Bill Stewart has pointed out the dangers of children having + social security numbers, of tracking systems in schools and + hospitals, etc. + +11.14. Credentials + 11.14.1. This is one of the most overlooked and ignored aspects of + cryptology, especially of Chaum's work. And no one in + Cypherpunks or anywhere else is currently working on "blinded + credentials" for everyday use. + 11.14.2. "Is proof of identity needed?" + - This question is debated a lot, and is important. Talk of a + national ID card (what wags call an "internal passport") is + in the air, as part of health care, welfare, and + immigration legislation. Electronic markets make this also + an issue for the ATM/smart card community. This is also + closely tied in with the nature of anonymous reamailers + (where physical identity is of course generally lacking). + + First, "identity" can mean different things: + - Conventional View of Identity: Physical person, with + birthdate, physical characteristics, fingerprints, social + security numbers, passports, etc.--the whole cloud of + "identity" items. (Biometric.) + - Pseudonym View of Identity: Persistent personnas, + mediated with cryptography. "You are your key." + - Most of us deal with identity as a mix of these views: we + rarely check biometric credentials, but we also count on + physical clues (voice, appearance, etc.). I assume that + when I am speaking to "Duncan Frissell," whom I've never + met in person, that he is indeed Duncan Frissell. (Some + make the jump from this expectation to wanting the + government enforce this claim, that is, provided I.D.) + + It is often claimed that physical identity is important in + order to: + - track down cheaters, welchers, contract breakes, etc. + - permit some people to engage in some transactions, and + forbid others to (age credentials, for drinking, for + example, or---less benignly--work permits in some field) + - taxation, voting, other schemes tied to physical + existence + + But most of us conduct business with people without ever + verifying their identity credentials...mostly we take their + word that they are "Bill Stewart" or "Scott Collins," and + we never go beyond that. + - this could change as digital credentials proliferate and + as interactions cause automatic checks to be made (a + reason many of us have to support Chaum's "blinded + credentials" idea--without some crypto protections, we'll + be constantly tracked in all interactions). + + A guiding principle: Leave this question of whether to + demand physical ID credentials up to the *parties + involved*. If Alice wants to see Bob's "is-a-person" + credential, and take his palmprint, or whatever, that's an + issue for them to work out. I see no moral reason, and + certainly no communal reason, for outsiders to interfere + and insist that ID be produced (or that ID be forbidden, + perhaps as some kind of "civil rights violation"). After + all, we interact in cyberspace, on the Cypherpunks list, + without any such external controls on identity. + - and business contracts are best negotiated locally, with + external enforcement contracted by the parties (privately- + produced law, already seen with insurance companies, + bonding agents, arbitration arrangements, etc.) + - Practically speaking, i.e., not normatively speaking, + people will find ways around identity systems. Cash is one + way, remailers are another. Enforcement of a rigid identity- + based system is difficult. + 11.14.3. "Do we need "is-a-person" credentials for things like votes + on the Net?" + - That is, any sysadmin can easily create as many user + accounts as he wishes. And end users can sign up with + various services under various names. The concern is that + this Chicago-style voting (fictitious persons) may be used + to skew votes on Usenet. + - Similar concerns arise elsewhere. + - In my view, this is a mighty trivial reason to support "is- + a-person" credentials. + 11.14.4. Locality, credentials, validations + + Consider the privacy implications of something so simple as + a parking lot system. Two main approaches: + - First Approach. Cash payment. Car enters lot, driver pays + cash, a "validation" is given. No traceability exists. + (There's a small chance that one driver can give his + sticker to a new driver, and thus defraud the parking + lot. This tends not to happen, due to the inconveniences + of making a market in such stickers (coordinating with + other car, etc.) and because the sticker is relatively + inexpensive.) + - Second Approach. Billing of driver, recording of license + plates. Traceability is present, especially if the local + parking lot is tied in to credit card companies, DMV, + police, etc. (these link-ups are on the wish list of + police agencies, to further "freeze out" fugitives, child + support delinquents, and other criminals). + - These are the concerns of a society with a lot of + electronic payments but with no mechanisms for preserving + privacy. (And there is currently no great demand for this + kind of privacy, for a variety of reasons, and this + undercuts the push for anonymous credential methods.) + - An important property of true cash (gold, bank notes that + are well-trusted) is that it settles immediately, requiring + no time-binding of contracts (ability to track down the + payer and collect on a bad transaction) + +11.15. Records of all UseNet postings + 11.15.1. (ditto for CompuServe, GEnie, etc.) will exist + 11.15.2. "What kinds of monitoring of the Net is possible?" + - Archives of all Usenet traffic. This is already done by + commercial CD-ROm suppliers, and others, so this would be + trivial for various agencies. + - Mail archives. More problematic, as mail is ostensibly not + public. But mail passes through many sites, usually in + unencrypted form. + - Traffic analysis. Connections monitored. Telnet, ftp, e- + mail, Mosaid, and other connections. + - Filtered scans of traffic, with keyword-matched text stored + in archives. + 11.15.3. Records: note that private companies can do the same thing, + except that various "right to privacy" laws may try to + interfere with this + - which causes its own constitutional privacy problems, of + course + 11.15.4. "How can you expect that something you sent on the UseNet to + several thousand sites will not be potentially held against + you? You gave up any pretense of privacy when you broadcast + your opinions-and even detailed declarations of your + activities-to an audience of millions. Did you really think + that these public messages weren't being filed away? Any + private citizen would find it almost straightforward to sort + a measly several megabytes a day by keywords, names of + posters, etc." [I'm not sure if I wrote this, or if someone + else who I forgot to make a note of did] + 11.15.5. this issue is already coming up: a gay programmer who was + laid-off discussed his rage on one of the gay boards and said + he was thinking of turning in his former employer for + widespread copying of Autocad software...an Autodesk employee + answered him with "You just did!" + 11.15.6. corporations may use GREP and On Location-like tools to + search public nets for any discussion of themselves or their + products + - by big mouth employees, by disgruntled customers, by known + critics, etc. + - even positive remarks that may be used in advertising + (subject to various laws) + 11.15.7. the 100% traceability of public postings to UseNet and other + bulletin boards is very stifling to free expression and + becomes one of the main justifications for the use of + anonymous (or pseudononymous) boards and nets + - there may be calls for laws against such compilation, as + with the British data laws, but basically there is little + that can be done when postings go to tens of thousands of + machines and are archived in perpetuity by many of these + nodes and by thousands of readers + - readers who may incorporate the material into their own + postings, etc. (hence the absurdity of the British law) + +11.16. Effects of Surveillance on the Spread of Crypto + 11.16.1. Surveillance and monitoring will serve to increase the use of + encryption, at first by people with something to hide, and + then by others + - a snowballing effect + - and various government agencies will themselves use + encryption to protect their files and their privacy + 11.16.2. for those in sensitive positions, the availability of new + bugging methods will accelerate the conversion to secure + systems based on encrypted telecommunications and the + avoidance of voice-based systems + 11.16.3. Surveillance Trends + + Technology is making citizen-unit surveillance more and + more trivial + + video cameras on every street corners are technologically + easy to implement, for example + - or cameras in stores, in airports, in other public + places + - traffic cameras + - tracking of purchases with credit cards, driver's + licenses, etc. + - monitoring of computer emissions (TEMPEST issues, often a + matter of paranoid speculation) + + interception of the Net...wiretapping, interception of + unencrypted communications, etc. + - and compilation of dossier entries based on public + postings + + This all makes the efforts to head-off a person-tracking, + credentials-based society all the more urgent. + Monkeywrenching, sabotage, public education, and + development of alternatives are all needed. + - If the surveillance state grows as rapidly as it now + appears to be doing, more desperate measures may be + needed. Personally, I wouldn't shed any tears if + Washington, D.C. and environs got zapped with a terrorist + nuke; the innocents would be replaced quickly enough, and + the death of so many political ghouls would surely be + worth it. The destruction of Babylon. + + We need to get the message about "blinded credentials" + (which can show some field, like age, without showing all + fields, including name and such) out there. More + radically, we need to cause people to question why + credentials are as important as many people seem to + think. + - I argue that credentials are rarely needed for mutually + agreed-upon transactions + +11.17. Loose Ends + 11.17.1. USPS involvement in electronic mail, signatures, + authentication (proposed in July-August, 1994) + + Advantages: + - many locations + - a mission already oriented toward delivery + + Disadvantages: + - has performed terribly, compared to allowed compettion + (Federal Express, UPS, Airborne, etc.) + - it's linked to the goverment (now quasi-independent, but + not really) + - could become mandatory, or competition restricted to + certain niches (as with the package services, which + cannot have "routes" and are not allowed to compete in + the cheap letter regime) + - a large and stultified bureaucracy, with union labor + - Links to other programs (software key escrow, Digital + Telephony) not clear, but it seems likely that a quasi- + governemt agency like the USPS would be cooperative with + government, and would place limits on the crypto systems + allowed. + 11.17.2. the death threats + + An NSA official threatened to have Jim Bidzos killed if he + did not change his position on some negotiation underway. + This was reported in the newspaper and I sought + confirmation: + - "Everything reported in the Merc News is true. I am + certain that he wasnot speaking for the agency, but when + it happened he was quite serious, at least appeared to + be. There was a long silence after he made the threat, + with a staring contest. He was quite intense. + + "I respect and trust the other two who were in the room + (they were shocked and literally speechless, staring into + their laps) and plan to ask NSA for a written apology and + confirmation that he was not speaking for the agency. + We'll see if I get it. If the incident made it into + their trip reports, I have a chance of getting a letter." + [jim@RSA.COM (Jim Bidzos), personal communication, posted + with permission to talk.politics.crypto, 1994-06-28] + 11.17.3. False identities...cannot just be "erased" from the computer + memory banks. The web of associations, implications, rule + firings...all mean that simple removal (or insertion of a + false identity) produces discontinuities, illogical + developments, holes...history is not easily changed.