Privacy advocates resign over facial recognition plans

[Mirimir]

On 08/11/2015 08:41 PM, Juan wrote:
> On Tue, 11 Aug 2015 19:56:10 -0600
> Mirimir <mirimir at riseup.net> wrote:
> 
> 
>> I have no problem with calling bullshit. Not at all. But if nothing is
>> workable, government criminals have won, and we're fucked.
> 
> 	If that's the case, shooting the messenger will solve nothing.
> 	But that's not even what I said.
> 
> 	Somebody asked about a particular idea and I commented on it.

I was commenting more on your aggregate output. But who am I to judge?

>>> 	What information is out there?
>>
>> Methods, exploits, vulnerabilities, account credentials, passwords,
>> etc, etc, etc. I'm not into that shit, but I know that it's out there.
> 
> 
> 	Governments have point-and-click wiretapping capabilies for
> 	instance. Are you saying that any script kiddy has the
> 	'passwords'  to those systems? 

If they do, they're not sharing ;)

But maybe somebody does?

>>> 	Are you missing the point on purpose? The networks are
>>> 'owned' by the government and friends, and there obviously is no
>>> 	fucking way for joe six pack to use their infrastructure to
>>> 	'watch' his masters. 
>>
>> Yes, the networks are owned by governments and their friends. But that
>> doesn't mean that they're unusable.
> 
> 
> 	Usable/unusable for what? It seems quite obvious that
> 	'network administrators' can spy on users whereas users can't
> 	spy on networks administrators. The system is hierarchical by
> 	nature and design.

Spying on traffic, sure. But end-to-end encryption can provide some
privacy. And it's possible to anonymize the metadata. If I care to, I
can work through chains of proxies, using anonymously leased VPS with
minimal desktops, and remote X via ssh from one to the next, routed
through nested chains of VPNs and/or Tor. Latency gets huge, but it's
usable.

> 	And a rogue system administrator switching sides is not the same
> 	thing as users having power. 

How do you imagine that users would have power? Even if you and your
friends built your own private Internet, I can't imagine that you've
give too much power to other random users. You'd be hosed all too soon.

>> Free agents do get pwned, for
>> sure. But all too often, it's bad OPSEC that gets them. Loose lips,
>> mostly.
>>
>> And yes, "joe six pack" isn't doing that. But once stuff has been put
>> online, anyone can check it out.
> 
> 
> 	And before the internet, people read the newspapers.
> 	Newspapers that 99% of the time worked (and work) for the
> 	powers that be. 

True. But the Internet is far less manageable than that.

> 	I don't think the discussion was about publishing information
> 	but about surveillance anyway. There may be some overlap but
> 	it's two different things. 

I was talking about publishing results of surveillance. Have you checked
out any of the Sony or Hacking Team data dumps?

>>>> But it doesn't get posted on open mail
>>>> lists. Results are put online, via WikiLeaks, Cryptome, pastebins,
>>>
>>> 	Not what I was getting at, not to mention, the amount of
>>> stuff that gets posted is (pretty) small.

Manning's dump was huge, Juan!

>> What were you getting at? We've seen some amazing shit from Snowden.
>> It's too bad that he was too patriotic to just drop the whole wad
>> somewhere, however. So it goes.
> 
> 
> 	That's fine and dandy, but getting and publishing some secrets
> 	doesn't counter the surveillance capabilities of the system. 

Yes, but it does help us improve our OPSEC.

> 	Also, there were (many) people who correctly assumed that the
> 	'programs' that Snowden leaked information about, were already
> 	in place.  You know, people who wore tin foil hats...

I've followed this stuff for 20 years, and I'm a fairly technical guy,
so broadly speaking, there weren't many surprises. Indeed, although the
NSA has immense resources, Google is far more technical. According to
Silicon Jungle, the NSA hired Google to build the search component of
XKeyscore ;)

> 	But now that the information is 'officialy' public, has the
> 	nature of the surveillance mechanisms changed? 

Maybe the nature hasn't changed, but the effectiveness has. For example,
Google encrypted its data center interlinks. I'm sure that others are
locking down their shit too.

> 	Can we now track the movements of the millions of state
> 	employees? Listen to their calls? Browse their 'metadata'? Read
> 	their mails? I don't think so. 

Well, the NSA certainly can. And China is coming up fast.

But individuals lack structures for cooperation. That's a hard problem.

>>> 	Oh, and let me know when the nsa really gets 'hacked'  as
>>> 	opposed as having one employee betray them.
>>
>> They've been betrayed several times, that we know of. Mostly it's for
>> money, and we rarely hear about that, even when people get busted.
>> Have you read James Bamford's books on the NSA?
>>
> 
> 	No. I'll see if I get a copy. 

The Puzzle Palace: Inside the National Security Agency, America's
Most Secret Intelligence Organization
by James Bamford (Sep 29, 1983)

Body of Secrets: Anatomy of the Ultra-Secret National Security Agency
by James Bamford (Apr 30, 2002)

A Pretext for War: 9/11, Iraq, and the Abuse of America's
Intelligence Agencies
by James Bamford (Jun 8, 2004)

The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America
by James Bamford (Jul 14, 2009)

I recommend reading them in that order.