No Such Agency (NSA) Teams With Providers To Monitor Your Email

NSA logoSurely they were doing this anyway? Ellen Nakashima reports for the Washington Post:

The National Security Agency is working with Internet service providers to deploy a new generation of tools to scan e-mail and other digital traffic with the goal of thwarting cyberattacks against defense firms by foreign adversaries, senior defense and industry officials say.

The novel program, which began last month on a voluntary, trial basis, relies on sophisticated NSA data sets to identify malicious programs slipped into the vast stream of Internet data flowing to the nation’s largest defense firms. Such attacks, including one last month against Bethesda-based Lockheed Martin, are nearly constant as rival nations and terrorist groups seek access to U.S. military secrets.

“We hope the . . . cyber pilot can be the beginning of something bigger,” Deputy Defense Secretary William J. Lynn III said at a global security conference in Paris on Thursday. “It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security.”

The prospect of a role for the NSA, the nation’s largest spy agency and a part of the Defense Department, in helping Internet service providers filter domestic Web traffic already had sparked concerns among privacy activists. Lynn’s suggestion that the program might be extended beyond the work of defense contractors threatened to raise the stakes.

James X. Dempsey, vice president for public policy at the Center for Democracy & Technology, a civil liberties group, said that limiting the NSA’s role to sharing data is “an elegant solution” to the long-standing problem of how to use the agency’s expertise while avoiding domestic surveillance by the government. But, he said, any extension of the program must guarantee protections against government access to private Internet traffic.

“We wouldn’t want this to become a backdoor form of surveillance,” Dempsey said…

, , , ,

  • Mamagriff50

    America is no longer “Land of the Free”….Sad to say. All your rights and privacy are being taken away. Might as well live in China……

  • Mamagriff50

    America is no longer “Land of the Free”….Sad to say. All your rights and privacy are being taken away. Might as well live in China……

  • Rex Vestri

    Big.Brother.Is.Watching.

  • Rex Vestri

    Big.Brother.Is.Watching.

  • Nunzio X

    Here’s a fun suggestion.

    Encrypt EVERY email you send to friends and family, no matter how innocuous.

    Give your friends the decryption password.

    Send encrypted emails to random people even if they don’t know the decryption password. This, to generate thousands and then millions of encrypted communiques.

    Flood the NSA, FBI, etc. with encrypted email, essentially inviting them to start sorting through it all.

    No doubt there’ll come a time when transmitting encrypted information across the Interwebs becomes illegal, but until then, why not flood them with the shit? I mean, since they like snooping anyway.

    • Yith

      what makes you think they can’t break it very easily?  NSA, FBI, etc.?  Try IDA and CCR.  

      • Nunzio X

        The idea would be to flood them with the shit, giving them an enormous pile to sift through.

        • Yith

          The NSA handles zettabytes and yottabytes of data already (according to public sources); in the ballpark of Avogadro’s number, in other words.  A few million, billion or even trillion extra emails a day isn’t even a drop in the bucket compared to what they sift through; and anyways, a not insignificant fraction of this data is already encrypted anyways.  Whether they already know how to break the encryption is hard to discern; and if they DO know how to do it, I would guess it wasn’t THEY who figured it out, but that it was rather some of their sister organizations that have the requisite super-human talent.

          But I like your idea.  ;>

        • Yith

          Here’s an addendum to my posting.  I would have just edited my first comment, except that I don’t have an account set up to do this (so I have to try not to write anything stupid the first time!).

          I guess that 1 trillion emails a day WOULD probably be too much for the NSA to handle, depending on whether they can decrypt them quickly or not. However,  1 billion per day probably would be within reach.  Also, most of that data storage and sifting is probably devoted to satellite imagery of various “countries of interest”.  If the images have a resolution of 1 pixel per square foot of ground, then, for example, 10 million square miles (about 3,000 miles x 3,000 miles) of ground would consume (10 million)*(5280)*(5280) = about 3 x 10^14 pixels-worth of data.  If that image data were refreshed once per second, and if 1 pixel = 1 byte of storage, then a year’s-worth of images (using no compression) would eat up about 10^22 bytes. 

          One might think that because the most powerful supercomputers on earth right now (publicly acknowledged) can only manage a few petaflops (1 petaflop = 10^15 floating point operations per second) that it would not be able to sort through this 10^22 bytes of data.  However, note that this is computational strength PER SECOND — such a machine could perform around  10^20 floating point operations in a day, and around 10^22 FLOPS in a year.  And second, note that this assumes one is doing traditional computing, where the machine executes a program loaded up in software and where the hardware doesn’t undergo any physical changes during execution.  If one uses something like a “field programmable gate array” computer (which reconfigures the hardware at runtime), or even a computer whose “program” is coded up in hardware, it may be possible to push the computational power up a few more orders of magnitude, achieving 10^25 operations per year or more.   There are also some more exotic possibilities like graphene chips, quantum computers, light computers, genetic computers, etc. that I’m sure an agency like the NSA, with its billions and billions per year in funding, has looked into.

          As far as getting around the encryption problem to analyze the emails, it isn’t really necessary to “break” the encryption scheme itself to be able to read encrypted messages.  For example, if one encrypts the same message multiple times with different keys, it might be possible to use this extra information to quickly decrypt the message.  Another well-known technique is to predict the decryption keys that the random number generator produces — often, the keys are generated by a mathematical algorithm that imitates true randomness, but is in fact deterministic, and therefore predictable (if one knows the `seed’). 

          Of course, as I said, it may be the case that many of the commonly-used encryption methods are easy to break.  I would guess that at least some of them are and that TPTB know about them.
           

  • Nunzio X

    Here’s a fun suggestion.

    Encrypt EVERY email you send to friends and family, no matter how innocuous.

    Give your friends the decryption password.

    Send encrypted emails to random people even if they don’t know the decryption password. This, to generate thousands and then millions of encrypted communiques.

    Flood the NSA, FBI, etc. with encrypted email, essentially inviting them to start sorting through it all.

    No doubt there’ll come a time when transmitting encrypted information across the Interwebs becomes illegal, but until then, why not flood them with the shit? I mean, since they like snooping anyway.

  • Yith

    what makes you think they can’t break it very easily?  NSA, FBI, etc.?  Try IDA and CCR.  

  • Nunzio X

    The idea would be to flood them with the shit, giving them an enormous pile to sift through.

  • Yith

    The NSA handles zettabytes and yottabytes of data already (according to public sources); in the ballpark of Avogadro’s number, in other words.  A few million, billion or even trillion extra emails a day isn’t even a drop in the bucket compared to what they sift through; and anyways, a not insignificant fraction of this data is already encrypted anyways.  Whether they already know how to break the encryption is hard to discern; and if they DO know how to do it, I would guess it wasn’t THEY who figured it out, but that it was rather some of their sister organizations that have the requisite super-human talent.

    But I like your idea.  ;>

  • bruce

     they have no real power over you, dont be scared! we out number them 1000 fold !! they cannot do what they think they can do. dont empower them by even changing one thing you  do . be strong, smart and trust your god given right to be you! phuck there holier than thou poo-poo ! we, the good people, are co-creators with god and all the spirit beings and angels etc. they,the sick ones with all the money and political power, are cooking their own evil gooses!  trust me, I am with the high command! 

  • bruce

     they have no real power over you, dont be scared! we out number them 1000 fold !! they cannot do what they think they can do. dont empower them by even changing one thing you  do . be strong, smart and trust your god given right to be you! phuck there holier than thou poo-poo ! we, the good people, are co-creators with god and all the spirit beings and angels etc. they,the sick ones with all the money and political power, are cooking their own evil gooses!  trust me, I am with the high command! 

  • Yith

    Here’s an addendum to my posting.  I would have just edited my first comment, except that I don’t have an account set up to do this (so I have to try not to write anything stupid the first time!).

    I guess that 1 trillion emails a day WOULD probably be too much for the NSA to handle, depending on whether they can decrypt them quickly or not. However,  1 billion per day probably would be within reach.  Also, most of that data storage and sifting is probably devoted to satellite imagery of various “countries of interest”.  If the images have a resolution of 1 pixel per square foot of ground, then, for example, 10 million square miles (about 3,000 miles x 3,000 miles) of ground would consume (10 million)*(5280)*(5280) = about 3 x 10^14 pixels-worth of data.  If that image data were refreshed once per second, and if 1 pixel = 1 byte of storage, then a year’s-worth of images (using no compression) would eat up about 10^22 bytes. 

    One might think that because the most powerful supercomputers on earth right now (publicly acknowledged) can only manage a few petaflops (1 petaflop = 10^15 floating point operations per second) that it would not be able to sort through this 10^22 bytes of data.  However, note that this is computational strength PER SECOND — such a machine could perform around  10^20 floating point operations in a day, and around 10^22 FLOPS in a year.  And second, note that this assumes one is doing traditional computing, where the machine executes a program loaded up in software and where the hardware doesn’t undergo any physical changes during execution.  If one uses something like a “field programmable gate array” computer (which reconfigures the hardware at runtime), or even a computer whose “program” is coded up in hardware, it may be possible to push the computational power up a few more orders of magnitude, achieving 10^25 operations per year or more.   There are also some more exotic possibilities like graphene chips, quantum computers, light computers, genetic computers, etc. that I’m sure an agency like the NSA, with its billions and billions per year in funding, has looked into.

    As far as getting around the encryption problem to analyze the emails, it isn’t really necessary to “break” the encryption scheme itself to be able to read encrypted messages.  For example, if one encrypts the same message multiple times with different keys, it might be possible to use this extra information to quickly decrypt the message.  Another well-known technique is to predict the decryption keys that the random number generator produces — often, the keys are generated by a mathematical algorithm that imitates true randomness, but is in fact deterministic, and therefore predictable (if one knows the `seed’). 

    Of course, as I said, it may be the case that many of the commonly-used encryption methods are easy to break.  I would guess that at least some of them are and that TPTB know about them.