The Cyphernomicon

11. Surveillance, Privacy, And Intelligence Agencies

11.1. copyright
THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666,
1994-09-10, Copyright Timothy C. May. All rights reserved.
See the detailed disclaimer. Use short sections under «fair
use» provisions, with appropriate credit, but don’t put your
name on my words.

11.2. SUMMARY: Surveillance, Privacy, And Intelligence Agencies
11.2.1. Main Points
11.2.2. Connections to Other Sections
11.2.3. Where to Find Additional Information

Bamford («The Puzzle Palace»), Richelson (several books,
including «U.S. Intelligence Agencies»), Burrows («Deep
Black,» about the NRO and spy satellites), Covert Action
Quarterly
11.2.4. Miscellaneous Comments

11.3. Surveillance and Privacy
11.3.1. We’ve come a long way from Secretary of State Stimpson’s
famous «Gentlemen do not read other gentlemen’s mail»
statement. It is now widely taken for granted that Americans
are to be monitored, surveilled, and even wiretapped by the
various intelligence agencies. The FBI, the National Security
Agency, the CIA, the National Reconnaissance Office, etc.
(Yes, these groups have various charters telling them who
they can spy on, what legalities they have to meet, etc. But
they still spy. And there’s not an uproar–the «What have you
got to hide?» side of the American privacy dichotomy.)
11.3.2. Duncan Frissell reminds us of Justice Jackson’s 1948
dissenting opinion in some case:

«The government could simplify criminal law enforcement by
requiring every citizen «to keep a diary that would show
where he was at all times, with whom he was, and what he
was up to.» [D.F. 1994-09-06, from an article in the WSJ]
(It should be noted that tracking devices–collars,
bracelets, implantable transmitters–exist and are in use
with prisoners. Some parents are even installing them in
children, it is rumored. A worry for the future?)
11.3.3. «What is the «surveillance state»?»
the issue with crypto is the centralization of
eavesdropping…much easier than planting bugs
«Should some freedom be given up for security?»
- «Those who are willing to trade freedom for security
- deserve neither
- freedom nor security
  - Ben Franklin
- the tradeoff is often illusory–police states result when
  the trains are made to run on time
«It’s a bit ironic that the Administration is crying foul
so loudly
over the Soviet/Russian spy in the CIA — as if this was
unfair —
while they’re openly proclaiming the right to spy on
citizens
and foreigners via Clipper.» [Carl Ellison, 1994-02-23]
Cameras are becoming ubiquitous
- cheap, integrated, new technologes
- SDI fisheye lens
- ATMs
- traffic, speed traps, street corners
- store security
Barcodes–worst fear of all…and not plausible
Automatic recognition is still lacking
- getting better, slowly
- neural nets, etc. (but these require training)
  11.3.4. «Why would the government monitor my communications?»
«Because of economics and political stability….You can
build computers and monitoring devices in secret, deploy
them in secret, and listen to everything. To listen to
everything with bludgeons and pharmaceuticals would not
only cost more in labor and equipment, but also engender a
radicalizing backlash to an actual police state.» [Eric
Hughes, 1994-01-26]
Systems like Digital Telephony and Clipper make it much too
easy for governments to routinely monitor their citizens,
using automated technology that requires drastically less
human involvement than previous police states required.
11.3.5. «How much surveillance is actually being done today?»
FBI and Law Enforcement Surveillance Activities
- the FBI kept records of meetings (between American
  companies and Nazi interests), and may have used these
  records during and after the war to pressure companies
NSA and Security Agency Surveillance Activities
- collecting economic intelligence
- in WW2, Economic Warfare Council (which was renamed Board
  of Economic Warfare) kept tabs on shipments of petroleum
  and other products
- MINARET, code word for NSA «watch list» material
  (intercepts)
- SIGINT OPERATION MINARET
- originally, watch list material was «TOP SECRET
  HANDLE VIA COMINT CHANNELS ONLY UMBRA GAMMA»
- NSA targeting is done primarily via a list called Intelligence Guidelines for COMINT Priorities (IGCP)
  - committe made up of representatives from several
    intelligence agencies
  - intiated in around 1966
- revelations following Pentagon Papers that national
  security elsur had picked up private conversations (part
  of the Papers)
- timing of PP was late 1963, early 1964…about time UB
  was getting going
- F-3, the NSA’s main antenna system for intercepting ASCII
  transmissions from un-TEMPESTed terminals and PCs
- signals can be picked up through walls up to a foot
  thick (or more, considering how such impulses bounce
  around)
Joint FBI/NSA Surveillance Activities
- Operation Shamrock was a tie between NSA and FBI
- since 1945, although there had been earlier intercepts,
  too
- COINTELPRO, dissidents, radicals
- 8/0/45 Operation Shamrock begins
  - a sub rosa effort to continue the monitoring
    arrangements of WW II
  - ITT Communications agreed to turn over all cables
  - RCA Communications also turned over all cables
  - even had an ex-Signal Corps officer as a VP to
    handle the details
  - direct hookups to RCA lines were made, for careful
    monitoring by the ASA
  - cables to and from corporations, law firms,
    embassies, citizens were all kept
  - 12/16/47 Meeting between Sosthenes Behn of ITT, General Ingles of RCA, and Sec. of Defense James Forrestal
    - to discuss Operation Shamrock
    - to arrange exemptions from prosecution
- 0/0/63 Operation Shamrock enters a new phase as RCA Global switches to computerized operation
  - coincident with Harvest at NSA
  - and perfect for start of UB/Severn operations
- 1/6/67 Hoover officially terminates «black bag» operations
  - concerned about blowback
  - had previously helped NSA by stealing codes, ciphers,
    decrypted traffic, planting bugs on phone lines, etc.
  - from embassies, corporations
  - unclear as to whether these operations continued
    anyway
  - Plot Twist: may have been the motivation for NSA and
    UB/Severn to pursue other avenues, such as the use of
    criminals as cutouts
  - and is parallel to «Plumbers Unit» used by White
    House
- 10/1/73 AG Elliot Richardson orders FBI and SS to stop requesting NSA surveillance material
  - NSA agreed to stop providing this, but didn’t tell
    Richardson about Shamrock or Minaret
  - however, events of this year (1973) marked the end of
    Minaret
- 3/4/77 Justice Dept. recommends against prosecution of any NSA or FBI personnel over Operations Shamrock and Minaret
  - decided that NSCID No. 9 (aka No. 6) gave NSA
    sufficient leeway
- 5/15/75 Operation Shamrock officially terminated
- and Minaret, of course
- Operation Shamrock-Details
- 8/0/45 Operation Shamrock begins
  - a sub rosa effort to continue the monitoring
    arrangements of WW II
  - ITT Communications agreed to turn over all cables
  - RCA Communications also turned over all cables
  - even had an ex-Signal Corps officer as a VP to
    handle the details
  - direct hookups to RCA lines were made, for careful
    monitoring by the ASA
  - cables to and from corporations, law firms,
    embassies, citizens were all kept
  - 12/16/47 Meeting between Sosthenes Behn of ITT, General Ingles of RCA, and Sec. of Defense James Forrestal
    - to discuss Operation Shamrock
    - to arrange exemptions from prosecution
- 0/0/63 Operation Shamrock enters a new phase as RCA Global switches to computerized operation
  - coincident with Harvest at NSA
  - and perfect for start of UB/Severn operations
- 8/18/66 (Thursday) New analysis site in New York for Operation Shamrock
  - Louis Tordella meets with CIA Dep. Dir. of Plans and
    arranges to set up a new listening post for analysis
    of the tapes from RCA and ITT (that had been being
    shipped to NSA and then back)
  - Tordella was later involved in setting up the watch
    list in 1970 for the BNDD, (Operation Minaret)
  - LPMEDLEY was code name, of a television tape
    processing shop (reminiscent of «Man from U.N.C.L.E.»
  - but NSA had too move away later
- 5/15/75 Operation Shamrock officially terminated
- 10/1/73 AG Elliot Richardson orders FBI and SS to stop requesting NSA surveillance material
  - NSA agreed to stop providing this, but didn’t tell
    Richardson about Shamrock or Minaret
  - however, events of this year (1973) marked the end of
    Minaret
- Abzug committee prompted by New York Daily News report,
  7/22/75, that NSA and FBI had been monitoring
  commercial cable traffic (Operation Shamrock)
- 6/30/76 175 page report on Justice Dept. investigation of Shamrock and Minaret
  - only 2 copies prepared, classified TOP SECRET UMBRA,
    HANDLE VIA COMINT CHANNELS ONLY
- 3/4/77 Justice Dept. recommends against prosecution of any NSA or FBI personnel over Operations Shamrock and Minaret
  - decided that NSCID No. 9 (aka No. 6) gave NSA
    sufficient leeway
- the NSA program, begun in August 1945, to monitor all telegrams entering or leaving the U.S.
  - reminiscent of Yardley’s arrangements in the 1920s
    (and probably some others)
  - known only to Louis Tordella and agents involved
  - compartmentalization
- Plot Links of Operation Shamrock to Operation Ultra Black
  - many links, from secrecy, compartmentalization, and
    illegality to the methods used and the subversion of
    government power
  - «Shamrock was blown…Ultra Black burrowed even
    deeper.»
- NSA, FBI, and surveillance of Cuban sympathizers
- «watch list» used
- were there links to Meyer Lansky and Trafficante via
  the JFK-Mafia connection?
- various Watergate break-in connections (Cubans used)
- Hoover ended black-bag operations in 1967-8
- NSA, FBI, and Dissenters (COINTELPRO-type activities)
- 10/20/67 NSA is asked to begin collecting information related to civil disturbances, war protesters, etc.
  - Army Intelligence, Secret Service, CIA, FBI, DIA were
    all involved
  - arguably, this continues (given the success of FBI
    and Secret Service in heading off major acts of
    terrorism and attempted assassinations)
- Huston Plan and Related Plans (1970-71)
- 7/19/66 Hoover unofficially terminates black bag
  operations
- 1/6/67 Hoover officially terminates black bag operations
  - fearing blowback, concerned about his place in
    history
- 6/20/69 Tom C. Huston recommends increased intelligence activity on dissent
  - memo to NSA, CIA, DIA, FBI
  - this later becomes basis of Huston Plan
- 6/5/70 Meeting at White House to prepare for Huston Plan; Interagency Committee on Intelligence (Ad Hoc), ICI
  - Nixon, Huston, Ehrlichman, Haldeman, Noel Gayler of
    NSA. Richard Helms of CIA, J. Edgar Hoover of FBI,
    Donald V. Bennett of DIA
  - William Sullivan of FBI named to head ICI
  - NSA enthusiastically supported ICI
  - PROD named Benson Buffham as liaison
  - sought increased surreptitious entries and
    elimination of legal restrictions on domestic
    surveillance (not that they had felt bound by
    legalisms)
  - recipients to be on «Bigot List» and with even more
    security than traditional TOP SECRET, HANDLE VIA
    COMINT CHANNELS ONLY
    –
- 7/23/70 Huston Plan circulated
  - 43 pages, entitled Domestic Intelligence Gathering
    Plan: Analysis and Stategy
  - urged increased surreptitious entries (for codes,
    ciphers, plans, membership lists)
  - targeting of embassies
- 7/27/70 Huston Plan cancelled
  - pressure by Attorney General John Mitchell
  - and perhaps by Hoover
  - Huston demoted; he resigned a year later
  - but the Plan was not really dead…perhaps Huston’s
    mistake was in being young and vocal and making the
    report too visible and not deniable enough
- 12/3/70 Intelligence Evaluation Committee (IEC) meets (Son-of-Huston Plan)
  - John Dean arranged it in fall of ’70
  - Robert C. Mardian, Assistant AG for Internal Security
    headed up the IEC
  - Benson Buffham of NSA/PROD, James Jesus Angleton of
    CIA, George Moore from FBI, Col. John Downie from DOD
  - essentially adopted all of Huston Plan
- 1/26/71 NSA issues NSA Contribution to Domestic Intelligence (as part of IEC)
  - increased scope of surveillance related to drugs (via
    BNDD and FBI), foreign nationals
  - «no indication of origin» on generated material
  - full compartmentalization, NSA to ensure compliance
- 8/4/71 G. Gordon Liddy attends IEC meeting, to get them to investigate leaks of Pentagon Papers
  - channel from NSA/PROD to Plumber’s Unit in White
    House, bypassing other agencies
- 6/7/73 New York Times reveals details of Huston Plan
  - full text published
  - trials of Weatherman jeopardized and ultimately
    derailed it
- 10/1/73 AG Elliot Richardson orders FBI and SS to stop requesting NSA surveillance material
  - NSA agreed to stop providing this, but didn’t tell
    Richardson about Shamrock or Minaret
  - however, events of this year (1973) marked the end of
    Minaret
FINCEN, IRS, and Other Economic Surveillance
- set up in Arlington as a group to monitor the flows of
  money and information
- eventually these groups will see the need to actively
  hack into computer systems used by various groups that
  are under investigation
- ties to the death of Alan Standorf? (Vint Hill)
- Casolaro, Riconosciutto
  11.3.6. «Does the government want to monitor economic transactions?»
Incontrovertibly, they want to. Whether they have actual
plans to do so is more debatable. The Clipper and Digital
Telephony proposals are but two of the indications they
have great plans laid to ensure their surveillance
capabilities are maintained and extended.
The government will get increasingly panicky as more Net
commerce develops, as trade moves offshore, and as
encryption spreads.
11.3.7. A danger of the surveillance society: You can’t hide
seldom discussed as a concern
no escape valve, no place for those who made mistakes to
escape to
(historically, this is a way for criminals to get back on a
better track–if a digital identity means their record
forever follows them, this may…)
A growing problem in America and other «democratic» countries is the tendency to make mandatory what were once voluntary choices. For example, fingerprinting children to help in kidnapping cases may be a reasonable thing to do voluntarily, but some school districts are planning to make it mandatory.
- This is all part of the «Let’s pass a law» mentality.
  11.3.8. «Should I refuse to give my Social Security Number to those
  who ask for it?»
It’s a bit off of crypto, but the question does keep coming
up on the Cypherpunks list.
Actually, they don’t even need to ask for it
anymore….it’s attached to so many other things that pop
up when they enter your name that it’s a moot point. In
other words, the same dossiers that allow the credit card
companies to send you «preapproved credit cards» every few
days are the same dossiers that MCI, Sprint, AT&T, etc. are
using to sign you up.
11.3.9. «What is ‘Privacy 101’?»
I couldn’t think of a better way to introduce the topic of
how individuals can protect their privacy, avoid
interference by the government, and (perhaps) avoid taxes.
Duncan Frissell and Sandy Sandfort have given out a lot of
tips on this, some of them just plain common sense, some of
them more arcane.
They are conducting a seminar, entitled «PRIVACY 101» and the archives of this are available by Web at:
- http://www.iquest.com/~fairgate/privacy/index.html
  11.3.10. Cellular phones are trackable by region…people are getting
  phone calls as they cross into new zones, «welcoming» them
but it implies that their position is already being tracked
11.3.11. Ubiquitous use of SSNs and other personal I.D.
11.3.12. cameras that can recognize faces are placed in many public
places, e.g., airports, ports of entry, government buildings
and even in some private places, e.g., casinos, stores that
have had problems with certain customers, banks that face
robberies, etc.
11.3.13. speculation (for the paranoids)
covert surveillance by noninvasive detection
methods…positron emission tomography to see what part of
the brain is active (think of the paranoia possibility!)
typically needs special compounds, but…
11.3.14. Diaries are no longer private
can be opened under several conditions
- subpoena in trial
- discovery in various court cases, including divorce,
  custody, libel, etc.
- business dealings
- psychiatrists (under Tarasoff ruling) can have records
  opened; whatever one may think of the need for crimes
  confessed to shrinks to be reported, this is certainly a
  new era
Packwood diary case establishes the trend: diaries are no
longer sacrosanct
An implication for crypto and Cypherpunks topics is that
diaries and similar records may be stored in encrypted
forms, or located in offshore locations. There may be more
and more use of offshore or encrypted records.

11.4. U.S. Intelligence Agencies: NSA, FinCEN, CIA, DIA, NRO, FBI
11.4.1. The focus here is on U.S. agencies, for various reasons. Most
Cypherpunks are currently Americans, the NSA has a dominant
role in surveillance technology, and the U.S. is the focus of
most current crypto debate. (Britain has the GCHQ, Canada has
its own SIGINT group, the Dutch have…., France has DGSE and
so forth, and…)
11.4.2. Technically, not all are equal. And some may quibble with my
calling the FBI an «intelligence agency.» All have
surveillance and monitoring functions, albeit of different
flavors.
11.4.3. «Is the NSA involved in domestic surveillance?»

Not completely confirmed, but much evidence that the answer is «yes»:
- previous domestic surveillance (Operation Shamrock,
  telegraphs, ITT, collusion with FBI, etc.)
- reciprocal arrangements with GCHQ (U.K.)
- arrangements on Indian reservations for microwave
  intercepts
- the general technology allows it (SIGINT, phone lines)
- the National Security Act of 1947, and later
  clarifications and Executive Orders, makes it likely
And the push for Digital Telephony.
11.4.4. «What will be the effects of widespread crypto use on
intelligence collection?»
Read Bamford for some stuff on how the NSA intercepts
overseas communications, how they sold deliberately-
crippled crypto machines to Third World nations, and how
much they fear the spread of strong, essentially
unbreakable crypto. «The Puzzle Palace» was published in
1982…things have only gotten worse in this regard since.
Statements from senior intelligence officials reflect this
concern.
Digital dead drops will change the whole espionage game.
Information markets, data havens, untraceable e-mail…all
of these things will have a profound effect on national
security issues.
I expect folks like Tom Clancy to be writing novels about
how U.S. national security interests are being threatened
by «unbreakable crypto.» (I like some Clancy novels, but
there’s no denying he is a right-winger who’s openly
critical of social trends, and that he believes druggies
should be killed, the government is necessary to ward off
evil, and ordinary citizens ought not to have tools the
government can’t overcome.)
11.4.5. «What will the effects of crypto on conventional espionage?»
Massive effects; watch out for this to be cited as a reason
to ban or restrict crypto–however pointless that may be.
Effects:
- information markets, a la BlackNet
- digital dead drops — why use Coke cans near oak trees
  when you can put messages into files and post them
  worldwide, with untraceably? (but, importantly, with a
  digital signature!)
- transparency of borders
- arms trade, arms deals
- virus, weaponry
  11.4.6. NSA budget
$27 billion over 6 years, give or take
may actually increase, despite end of Cold War
new threats, smaller states, spread of nukes, concerns
about trade, money-laundering, etc.
first rule of bureaucracies: they always get bigger
NSA-Cray Computer supercomputer
- press release, 1994-08-17, gives some clues about the
  capabilities sought by the surveillance state
- «The Cray-3/SSS will be a hybrid system capable of
  vector parallel processing, scalable parallel
  processing and a combination of both. The system will
  consist of a dual processor 256 million word Cray-3 and
  a 512,000 processor 128 million byte single instruction
  multiple data (SIMD) array……SIMD arrays of one
  million processors are expected to be possible using
  the current version of the Processor-In-Memory (PIM)
  chips developed by the Supercomputing Research Center
  once the development project is completed. The PIM chip
  contains 64 single-bit processors and 128 kilobyte bits
  of memory. Cray Computer will package PIM chips
  utilizing its advanced multiple chip module packaging
  technology. The chips are manufactured by National
  Semiconductor Corporation.»
- This is probably the supercomputer described in the
  Gunter Ahrendt report
  11.4.7. FINCEN, IRS, and Other Economic Surveillance
Financial Crimes Enforcement Network, a consortium or task
force made up of DEA, DOJ, FBI, CIA, DIA, NSA, IRS, etc.
set up in Arlington as a group to monitor the flows of
money and information
eventually these groups will see the need to hack into
computer systems used by various groups that are under
investigation
Cf. «Wired,» either November or December, 1993
11.4.8. «Why are so many computer service, telecom, and credit agency
companies located near U.S. intelligence agency sites?»
For example, the cluster of telecom and credit reporting agencies (TRW Credit, Transunion, etc.) in and around the McLean/Langley area of Northern Virginia (including Herndon, Vienna, Tyson’s Corner, Chantilly, etc.)
- same thing for, as I recall, various computer network
  providers, such as UUCP (or whatever), America Online,
  etc.
The least conspiratorial view: because all are located near
Washington, D.C., for various regulatory, lobbying, etc.
reasons
The most conspiratorial view: to ensure that the intelligence agencies have easy access to communications, direct landlines, etc.
- credit reporting agencies need to clear identities that
  are fabricated for the intelligence agencies, WitSec,
  etc. (the three major credit agencies have to be
  complicit in these creations, as the «ghosts» show up
  immediately when past records are cross-correlated)
- As Paul Ferguson, Cypherpunk and manager at US Sprint,
  puts it: «We’re located in Herndon, Virginia, right
  across the street from Dulles Airport and a hop, skip &
  jump down the street from the new NRO office. ,-)»
  [P.F., 1994-08-18]
  11.4.9. Task Force 157, ONI, Kissinger, Castle Bank, Nugan Hand Bank,
  CIA
  11.4.10. NRO building controversy
and an agency I hadn’t seen listed until August, 1994: «The
Central Imagery Office»
11.4.11. SIGINT listening posts
possible monkeywrenching?
- probably too hard, even for an EMP bomb (non-nuclear,
  that is)
  11.4.12. «What steps is the NSA taking?»
besides death threats against Jim Bidzos, that is
Clipper a plan to drive competitors out (pricing, export
laws, harassment)
cooperation with other intelligence agencies, other nations
- New World Order
death threats were likely just a case of bullying…but
could conceivably be part of a campaign of terror–to shut
up critics or at least cause them to hesitate

11.5. Surveillance in Other Countries
11.5.1. Partly this overlaps on the earlier discussion of crypto laws
in other countries.
11.5.2. Major Non-U.S. Surveillance Organizations

BnD — Bundesnachrichtendienst
- German security service
- BND is seeking constitutional amendment, buy may not need
  it, as the mere call for it told everyone what is already
  existing
- «vacuum cleaner in the ether»
- Gehlen…Eastern Front Intelligence
- Pullach, outside Munchen
- they have always tried to get the approval to do domestic
  spying…a key to power
Bundeskriminalamt (BKA) — W. German FBI
- HQ is at Wiesbaden
- bomb blew up there when being examined, killing an
  officer (related to Pan Am/Lockerbie/PFLP-GC)
- sign has double black eagles (back to back)
BVD — Binnenlandse Veiligheids Dienst, Dutch Internal
Security Service
SDECE
- French intelligence (foreign intelligence), linked to
  Greepeace ship bombing in New Zealand?
- SDECE had links to the October Surprise, as some French
  agents were in on the negotiations, the arms shipments
  out of Marseilles and Toulon, and in meetings with
  Russbacher and the others
DST, Direction de la Surveillance du Territoire,
counterespionage arm of France (parallel to FBI)
DSGE, Direction Gnrale de la Scurit Extriere
- provides draft deferments for those who deliver stolen
  information
Sweden, Forsvarets Radioanstalt («Radio Agency of the Defense»)
- cracked German communications between occupied Norway and
  occupied Denmark
- Beurling, with paper and pencil only
Mossad, LAKAM, Israel
- HQ in Tel Aviv, near HQ of AMAN, military intelligence
- doesn’t HQ move around a lot?
- LAKAM (sp?), a supersecret Israeli intelligence
  agency…was shown the PROMIS software in 1983
- learned of the Pakistani success in building an atom bomb
  and took action against the Pakistani leadership:
  destruction of the plane carrying the President (Zia?)
  and some U.S. experts
- Mossad knew of DIA and CIA involvement in BCCI
  financing of Pakistani atom bomb efforts (and links to
  other arms dealers that allowed triggers and the like
  to reach Pakistan)
- revelations by Vanunu were designed to scare the Arab and
  Muslim world-and to send a signal that the killing of
  President Zia was to be the fate of any Pakistani leader
  who continued the program
  11.5.3. They are very active, though they get less publicity than do
  the American CIA, NSA, FBI, etc.

11.6. Surveillance Methods and Technology
11.6.1. (some of this gets speculative and so may not be to
everyone’s liking)
11.6.2. «What is TEMPEST and what’s the importance of it?»

TEMPEST apprarently stands for nothing, and hence is not an
acronym, just a name. The all caps is the standard
spelling.
RF emission, a set of specs for complying
Van Eyck (or Van Eck?) radiation
Mostly CRTs are the concern, but also LCD panels and the internal circuitry of the PCs, workstations, or terminals.
- «Many LCD screens can be read at a distance. The signal
  is not as strong as that from the worst vdus, but it is
  still considerable. I have demonstrated attacks on Zenith
  laptops at 10 metres or so with an ESL 400 monitoring
  receiver and a 4m dipole antenna; with a more modern
  receiver, a directional antenna and a quiet RF
  environment there is no reason why 100 metres should be
  impossible.» [Ross Anderson, Tempest Attacks on Notebook
  Computers ???, comp.security.misc, 1994-08-31]
  11.6.3. What are some of the New Technologies for Espionage and
  Surveillance
Bugs
- NSA and CIA have developed new levels of miniaturized
  bugs
- e.g., passive systems that only dribble out intercepted
  material when interrogated (e.g., when no bug sweeps
  are underway)
- many of these new bugging technologies were used in the
  John Gotti case in New York…the end of the Cold War
  meant that many of these technologies became available
  for use by the non-defense side
- the use of such bugging technology is a frightening
  development: conversations can be heard inside sealed
  houses from across streets, and all that will be
  required is an obligatory warrant
- DRAM storage of compressed speech…6-bit companded,
  frequency-limited, so that 1 sec of speech takes
  50Kbits, or 10K when compressed, for a total of 36 Mbits
  per hour-this will fit on a single chip
- readout can be done from a «mothership» module (a
  larger bug that sits in some more secure location)
- or via tight-beam lasers
- Bugs are Mobile
- can crawl up walls, using the MIT-built technology for
  microrobots
- some can even fly for short distances (a few klicks)
Wiretaps
- so many approaches here
- phone switches are almost totally digital (a la ESS IV)
- again, software hacks to allow wiretaps
Vans equipped to eavesdrop on PCs and networks
- TEMPEST systems
- technology is somewhat restricted, companies doing this work are under limitations not to ship to some customers
  - no laws against shielding, of course
- these vans are justified for the «war on drugs» and
  weapons proliferation controle efforts (N.E.S.T., anti-
  Iraq, etc.)
Long-distance listening
- parabolic reflectors, noise cancellation (from any off-
  axis sources), high gain amplification, phoneme analysis
- neural nets that learn the speech patterns and so can
  improve clarity
lip-reading
- with electronically stabilized CCD imagers, 3000mm lenses
- neural net-based lip-reading programs, with learning
  systems capable of improving performance
for those in sensitive positions, the availability of new
bugging methods will accelerate the conversion to secure
systems based on encrypted telecommunications and the
avoidance of voice-based systems
11.6.4. Digital Telephony II is a major step toward easier
surveillance
11.6.5. Citizen tracking
the governments of the world would obviously like to trace the movements, or at least the major movements, of their subjects
- makes black markets a bit more difficult
- surfaces terrorists, illegal immigrants, etc. (not
  perfectly)
- allows tracking of «sex offenders»
- who often have to register with the local police,
  announce to their neighbors their previous crimes, and
  generally wear a scarlet letter at all times–I’m not
  defending rapists and child molesters, just noting the
  dangerous precedent this is setting
- because its the nature of bureaucracies to want to know
  where «their» subjects are (dossier society = accounting
  society…records are paramount)
Bill Stewart has pointed out that the national health care systems, and the issuance of social security numbers to children, represent a way to track the movements of children, through hospital visits, schools, etc. Maybe even random check points at places where children gather (malls, schools, playgrounds, opium dens, etc.)
- children in such places are presumed to have lesser
  rights, hence…
- this could all be used to track down kidnapped children,
  non-custodial parents, etc.
- this could be a wedge in the door: as the children age,
  the system is already in place to continue the tracking
  (about the right timetable, too…start the systme this
  decade and by 2010 or 2020, nearly everybody will be in
  it)
- (A true paranoid would link these ideas to the child
  photos many schools are requring, many local police
  departments are officially assisting with, etc. A dossier
  society needs mug shots on all the perps.)
These are all reasons why governments will continue to push
for identity systems and will seek to derail efforts at
providing anonymity
Surveillance and Personnel Identification
- cameras that can recognize faces are placed in many
  public places, e.g., airports, ports of entry, government
  buildings
- and even in some private places, e.g., casinos, stores
  that have had problems with certain customers, banks
  that face robberies, etc.
- «suspicious movements detectors»
- cameras that track movements, loitering, eye contact with other patrons
  - neural nets used to classify behvaiors
  - legal standing not needed, as these systems are
    used only to trigger further surveillance, not to
    prove guilt in a court of law
  - example: banks have cameras, by 1998, that can
    identify potential bank robbers
  - camera images are sent to a central monitoring
    facility, so the usual ploy of stopping the silent
    alarm won’t work
- airports and train stations (fears of terrorists),
  other public places
  11.6.6. Cellular phones are trackable by region…people are getting
  phone calls as they cross into new zones, «welcoming» them
but it implies that their position is already being tracked
11.6.7. coming surveillance, Van Eck, piracy, vans
An interesting sign of things to come is provided in this
tale from a list member: «In Britain we have ‘TV detector
Vans’. These are to detect licence evaders (you need to pay
an annual licence for the BBC channels). They are provided
by the Department of Trade and Industry. They use something
like a small minibus and use Van Eck principles. They have
two steerable detectors on the van roof so they can
triangulate. But TV shops have to notify the Government of
buyers – so that is the basic way in which licence evaders
are detected. … I read of a case on a bulletin board
where someone did not have a TV but used a PC. He got a
knock on the door. They said he appeared to have a TV but
they could not make out what channel he was watching!
[Martin Spellman, mspellman@cix.compulink.co.uk, 1994-
0703]
This kind of surveillance is likely to become more and more
common, and raises serious questions about what other
information they’ll look for. Perhaps the software piracy
enforcers (Software Publishers Association) will look for
illegal copies of Microsoft Word or SimCity! (This area
needs more discussion, obviously.)
11.6.8. wiretaps
supposed to notify targets within 90 days, unless extended
by a judge
Foreign Intelligence Surveillance Act cases are exempt from
this (it is likely that Cypherpunks wiretapped, if they
have been, for crypto activities fall under this
case…foreigners, borders being crossed, national security
implications, etc. are all plausible reasons, under the
Act)

11.7. Surveillance Targets
11.7.1. Things the Government May Monitor

besides the obvious things like diplomatic cable traffic,
phone calls from and to suspected terrorists and criminals,
etc.
links between Congressmen and foreign embassies
- claims in NYT (c. 9-19-91) that CIA had files on
  Congressmen opposing aid to Contras
Grow lamps for marijuana cultivation
- raids on hydroponic supply houses and seizure of mailing
  lists
- records of postings to alt.drugs and alt.psychoactive
- vitamin buyers clubs
Energy consumption
- to spot use of grow lamps
- but also might be refined to spot illegal aliens being
  sheltered or any other household energy consumption
  «inconsistent with reported uses»
- same for water, sewage, etc.
raw chemicals
- as with monitors on ammonium nitrate and other bomb
  materials
- or feedstock for cocaine production (recall various
  seizures of shipments of chemicals to Latin America)
checkout of books, a la FBI’s «Library Awareness Program»
of around 1986 or so
attendance at key conferences, such as Hackers Conference
(could have scenes involving this), Computer Security
Conference
11.7.2. Economic Intelligence (Spying on Corporations, Foreign and
Domestic)
«Does the NSA use economic intelligence data obtained in intercepts?»
- Some of us speculate that this is so, that this has been
  going on since the 1960s at least. For example, Bamford
  noted in 1982 that the NSA had foreknowledge of the plans
  by the British to devalue the pound in the late 1970s,
  and knowledge of various corporate plans.
- The NSA clears codes used by the CIA, so it seem
  impossible for the NSA not to have known about CIA drug
  smuggling activities. The NSA is very circumspect,
  however, and rarely (or never) comments.
there have been calls for the government to somehow help American business and overall competitiveness by «levelling the playing field» via espionage
- especially as the perceived threat of the Soviet bloc
  diminishes and as the perceived threat of Japan and
  Germany increases
leaders of the NSA and CIA have even talked openly about
turning to economic surveillance
Problems with this proposal:
- illegal
- unethical
- who gets the intelligence information? Does NSA just call
  up Apple and say «We’ve intercepted some message from
  Taiwan that describe their plans for factories. Are you
  interested?»
- the U.S. situation differs from Japan and MITI (which
  is often portrayed as the model for how this ought to
  work) in that we have many companies with little or no
  history of obeying government recommendations
- and foreign countries will likely learn of this espionage
  and take appropriate measures
- e.g., by increasing encryption
  11.7.3. War on Drugs and Money Laundering is Causing Increase in
  Surveillance and Monitoring
monitoring flows of capital, cash transactions, etc.
cooperation with Interpol, foreign governments, even the
Soviets and KGB (or whatever becomes of them)
new radar systems are monitoring light aircraft, boats,
etc.

11.8. Legal Issues
11.8.1. «Can my boss monitor my work?» «Can my bankruptcy in 1980 be
used to deny me a loan?» etc.

Libertarians have a very different set of answers than do
many others: the answer to all these questions is mostly
«yes,» morally (sorry for the normative view).
11.8.2. Theme: to protect some rights, invasion of privacy is being
justified
e.g., by forcing employer records to be turned over, or of
seizing video rental records (on the grounds of catching
sexual deviants)
various laws about employee monitoring
11.8.3. Government ID cards, ability to fake identities
The government uses its powers to forge credentials, with
the collusion of the major credit agencies (who obviously
see these fake identities «pop into existence full-blown.»
WitSec, FINCen, false IDs, ties to credit card companies
DEA stings, Heidi in La Jolla, Tava, fake tax returns, fake
bank applications, fake IDs
the «above it all» attitude is typical of this…who guards
the guardians?
WitSec, duplicity
11.8.4. Legalities of NSA surveillance
read Bamford for some circa 1982 poinra
UK-USA
ECPA
national security exemptions
lots of confusion; however, the laws have never had any
real influence, and I cannot imagine the NSA being sued!

11.9. Dossiers and Data Bases
11.9.1. «The dossier never forgets»

any transgressions of any law in any country can be stored indefinitely, exposing the transgressor to arrest and detention anytime he enters a country with such a record on him
- (This came up with regard to the British having quaint
  ideas about computer security, hacking, and data privacy;
  it is quite possible that an American passing through
  London could be detained for some obscure violation years
  in the past.)
this is especially worrisome in a society in which legal
codes fill entire rooms and in which nearly every day
produces some violation of some law
11.9.2. «What about the privacy issues with home shopping, set-top
boxes, advertisers, and the NII?»
Do we want our preferences in toothpaste fed into databases
so that advertisers can target us? Or that our food
purchases be correlated and analyzed by the government to
spot violations of the Dietary Health Act?
First, laws which tell people what records they are
«allowed» to keep are wrong-headed, and lead to police
state inspections of disk drives, etc. The so-called «Data
Privacy» laws of several European nations are a nightmare.
Strong crypto makes them moot.
Second, it is mostly up to people to protect what they want
protected, not to pass laws demanding that others protect
it for them.
In practice, this means either use cash or make
arrangements with banks and credit card companies that will
protect privacy. Determining if they have or not is another
issue, but various ideas suggest themselves (John Gilmore
says he often joins groups under variants of his name, to
see who is selling his name to mailing lists.)
Absent any laws which forbid them, privacy-preserving
credit card companies will likely spring up if there’s a
market demand. Digital cash is an example. Other variants
abound. Cypherpunks should not allow such alternatives to
be banned, and should of course work on their own such
systems.
11.9.3. credit agencies
TRW Credit, Transunion, Equifax
links to WitSec
11.9.4. selling of data bases, linking of records…
several states have admitted to selling their driver’s
license data bases

11.10. Police States and Informants
11.10.1. Police states need a sense of terror to help magnify the
power or the state, a kind of «shrechlichkeit,» as the Nazis
used to call it. And lots of informants. Police states need
willing accomplices to turn in their neighbors, or even their
parents, just as little Pavel Morozov became a Hero of the
Soviet People by sending his parents to their deaths in
Stalin’s labor camps for the crime of expressing negative
opinions about the glorious State.

(The canonization of Pavel Morozov was recently repudiated
by current Russian leaders–maybe even by the late-Soviet
era leades, like Gorbachev–who pointed out the corrosive
effects of encouraging families to narc on each
other…something the U.S. has forgotten…will it be 50
years before our leaders admit that having children turn in
Daddy for using «illegal crypto» was not such a good idea?)
11.10.2. Children are encouraged in federally-mandated D.A.R.E.
programs to become Junior Narcs, narcing their parents out to
the cops and counselors who come into their schools.
11.10.3. The BATF has a toll-free line (800-ATF-GUNS) for snitching on
neighbors who one thinks are violating the federal gun laws.
(Reports are this is backfiring, as gun owners call the
number to report on local liberal politicians and gun-
grabbers.)
11.10.4. Some country we live in, eh? (Apologies to non-U.S. readers,
as always.)
11.10.5. The implications for use of crypto, for not trusting others,
etc., are clear
11.10.6. Dangers of informants
more than half of all IRS prosecutions arise out of tips by spouses and ex-spouses…they have the inside dope, the motive, and the means
- a sobering thought even in the age of crypto
the U.S. is increasing a society of narcs and stool pigeons, with «CIs» (confidential informants), protected witnesses (with phony IDs and lavish lifestyles), and with all sorts of vague threats and promises
- in a system with tens of thousands of laws, nearly all
  behavior breaks at least some laws, often unavoidably,
  and hence a powerful sword hangs over everyone’s head
corrosion of trust, especially within families (DARE
program in schools encourages children to narc on their
parents who are «substance abusers»!)

11.11. Privacy Laws
11.11.1. Will proposed privacy laws have an effect?

I suspect just the opposite: the tangled web of laws-part
of the totalitarian freezeout-will «marginalize» more
people and cause them to seek ways to protect their own
privacy and protect themselves from sanctions over their
actions
- free speech vs. torts, SLAPP suits, sedition charges,
  illegal research, etc.
- free speech is vanishing under a torrent of laws,
  licensing requirements, and even zoning rules
- outlawing of work on drugs, medical procedures, etc.
- against the law to disseminate information on drug use
  (MDMA case at Stanford), on certain kinds of birth
  control
- «If encrytion is outlawed, only outlaws will have
  encryption.»
privacy laws are already causing encryption («file
protection») to be mandatory in many cases, as with medical
records, transmission of sensitive files, etc.
- by itself this is not in conflict with the government
  requirement for tappable access, but the practical
  implementation of a two-tier system-secure against
  civilian tappers but readable by national security
  tappers-is a nightmare and is likely impossible to
  achieve
  11.11.2. «Why are things like the «Data Privacy Laws» so bad?»
Most European countries have laws that limit the collection
of computerized records, dossiers, etc., except for
approved uses (and the governments themselves and their
agents).
Americans have no such laws. I’ve heard calls for this,
which I think is too bad.
While we may not like the idea of others compiling dossiers
on us, stopping them is an even worse situation. It gives
the state the power to enter businesses, homes, and examine
computers (else it is completely unenforceable). It creates
ludicrous situations in which, say, someone making up a
computerized list of their phone contacts is compiling an
illegal database! It makes e-mail a crime (those records
that are kept).
they are themselves major invasions of privacy
are you going to put me in jail because I have data bases
of e-mail, Usenet posts, etc.?
In my opinion, advocates of «privacy» are often confused
about this issue, and fail to realize that laws about
privacy often take away the privacy rights of others.
(Rights are rarely in conflict–contract plus self-privacy
take care of 99% of situations where rights are purported
to be in conflict.)
11.11.3. on the various «data privacy laws»
many countries have adopted these data privacy laws,
involving restrictions on the records that can be kept, the
registration of things like mailing lists, and heavy
penalties for those found keeping computer files deemed
impermissable
this leads to invasions of privacy….this very Cypherpunks
list would have to be «approved» by a bureaucrat in many
countries…the oportunites (and inevitabilities) of abuse
are obvious
«There is a central contradiction running through the
dabase regulations proposed by many so-called «privacy
advocates». To be enforceable they require massive
government snooping into database activities on our
workstatins and PCs, especially the activities of many
small at-home businesses (such as mailing list
entrepreneurs who often work out of the home). «Thus, the upshot of these so-called «privacy» regulations
is to destroy our last shreds of privacy against
government, and calm us into blindly letting even more of
the details of our personal lives into the mainframes of
the major government agencies and credit reporting
agenices, who if they aren’t explicitly excepted from the
privacy laws (as is common) can simply evade them by using
offshore havesn, mutual agreements with foreign
investigators, police and intelligence agencies.» [Jim
Hart, 1994-09-08]
11.11.4. «What do Cypherpunks think about this?»
divided minds…while no one likes being monitored, the
question is how far one can go to stop others from being
monitored
- «Data Privacy Laws» as a bad example: tramples on freedom
  to write, to keep one’s computer private
  11.11.5. Assertions to data bases need to be checked (credit,
  reputation, who said what, etc.)
if I merely assert that Joe Blow no longer is employed, and
this spreads…

11.12. National ID Systems
11.12.1. «National ID cards are just the driver’s licenses on the
Information Superhighway.» [unknown…may have been my
coining]
11.12.2. «What’s the concern?»
11.12.3. Insurance and National Health Care will Produce the «National
ID» that will be Nearly Unescapable

hospitals and doctors will have to have the card…cash
payments will evoke suspicion and may not even be feasible
11.12.4. National ID Card Arguments
«worker’s permit» (another proposal, 1994-08, that would
call for a national card authorizing work permission)
immigration, benefit
possible tie-in to the system being proposed by the US
Postal Service: a registry of public keys (will they also
«issue» the private-public key pair?)
software key escrow and related ideas
«I doubt that one would only have to «flash» your card and
be on your way. More correctly, one would have to submit
to being «scanned» and be on your way. This would also
serve to be a convienient locator tag if installed in the
toll systems and miscellaneous «security checkpoints». Why
would anyone with nothing to hide care if your every move
could be monitored? Its for your own good, right? Pretty
soon sliding your ID into slots in everyplace you go will
be common.» [Korac MacArthur, comp.org.eff.talk, 1994-07-
25]
11.12.5. «What are some concerns about Universal ID Cards?»
«Papierren, bitte! Schnell!
that they would allow traceability to the max (as folks
used to say)… tracking of movements, erosion of privacy
that they would be required to be used for banking
transactions, Net access, etc. (As usual, there may be
workarounds, hacks, …)
«is-a-person» credentially, where government gets involved
in the issuance of cryptographic keys (a la the USPS
proposal), where only «approved uses» are allowed, etc.
timestamps, credentials
11.12.6. Postal Service trial balloon for national ID card
«While it is true that they share technology, their intent
and purpose is very different. Chaum’s proposal has as its
intent and purpose to provide and protect anonymity in
financial transactions. The intent and purpose of the US
Postal Service is to identify and authenticate you to the
government and to guarantee the traceability of all
financial transactions.» [WHMurray, alt.privacy, 1994-07-
04]
11.12.7. Scenario for introduction of national ID cards
Imagine that vehicle registrations require presentation of
this card (gotta get those illegals out of their cars, or,
more benignly, the bureaucracy simply makes the ID cars
part of their process).
Instantly this makes those who refuse to get an ID card
unable to get valid license tags. (Enforcement is already
pretty good….I was pulled over a couple of times for
either forgetting to put my new stickers on, or for driving
with Oregon expired tags.)
The «National Benefits Card,» for example, is then required to get license plate tags.and maybe other things, like car and home insurance, etc. It would be very difficult to fight such a card, as one could not drive, could not pay taxes («Awhh!» I hear you say, but consider the penalties, the tie-ins with employers, etc. You can run but you can’t hide.)
- the national ID card would presumably be tied in to
  income tax filings, in various ways I won’t go into here.
  The Postal Service, aiming to get into this area I guess,
  has floated the idea of electronic filing, ID systems,
  etc.
  11.12.8. Comments on national ID cards
That some people will be able to skirt the system, or that
the system will ultimately be unenforceable, does not
lessen the concern. Things can get real tough in the
meantime.
I see great dangers here, in tying a national ID card to
transactions we are essentially unable to avoid in this
society: driving, insurance (and let’s not argue
insurance…I mean it is unavoidable in the sense of legal
issues, torts, etc.), border crossings, etc. Now how will
one file taxes without such a card if one is made mandatory
for interactions with the government? Saying «taxes are not
collectable» is not an adequate answer. They may not be
collectible for street punks and others who inhabit the
underground economy, but they sure are for most of us.

11.13. National Health Care System Issues
11.13.1. Insurance and National Health Care will Produce the «National
ID» that will be Nearly Unescapable

hospitals and doctors will have to have the card…cash
payments will evoke suspicion and may not even be feasible
11.13.2. I’m less worried that a pharmacist will add me to some
database he keeps than that my doctor will be instructed to
compile a dossier to government standards and then zip it off
over the Infobahn to the authorities.
11.13.3. Dangers and issues of National Health Care Plan
tracking, national ID card
«If you think the BATF is bad, wait until the BHCRCE goes
into action. «What is the BHCRCE?» you ask. Why, it the
Burea of Health Care Reform Compliance Enforcement – the
BATF, FBI, FDA, CIA and IRS all rolled into one.» [Dave
Feustel, talk.politics.guns, 1994-08-19]
Bill Stewart has pointed out the dangers of children having
social security numbers, of tracking systems in schools and
hospitals, etc.

11.14. Credentials
11.14.1. This is one of the most overlooked and ignored aspects of
cryptology, especially of Chaum’s work. And no one in
Cypherpunks or anywhere else is currently working on «blinded
credentials» for everyday use.
11.14.2. «Is proof of identity needed?»

This question is debated a lot, and is important. Talk of a
national ID card (what wags call an «internal passport») is
in the air, as part of health care, welfare, and
immigration legislation. Electronic markets make this also
an issue for the ATM/smart card community. This is also
closely tied in with the nature of anonymous reamailers
(where physical identity is of course generally lacking).
First, «identity» can mean different things:
- Conventional View of Identity: Physical person, with
  birthdate, physical characteristics, fingerprints, social
  security numbers, passports, etc.–the whole cloud of
  «identity» items. (Biometric.)
- Pseudonym View of Identity: Persistent personnas,
  mediated with cryptography. «You are your key.»
- Most of us deal with identity as a mix of these views: we
  rarely check biometric credentials, but we also count on
  physical clues (voice, appearance, etc.). I assume that
  when I am speaking to «Duncan Frissell,» whom I’ve never
  met in person, that he is indeed Duncan Frissell. (Some
  make the jump from this expectation to wanting the
  government enforce this claim, that is, provided I.D.)
It is often claimed that physical identity is important in order to:
- track down cheaters, welchers, contract breakes, etc.
- permit some people to engage in some transactions, and
  forbid others to (age credentials, for drinking, for
  example, or—less benignly–work permits in some field)
- taxation, voting, other schemes tied to physical
  existence
But most of us conduct business with people without ever verifying their identity credentials…mostly we take their word that they are «Bill Stewart» or «Scott Collins,» and we never go beyond that.
- this could change as digital credentials proliferate and
  as interactions cause automatic checks to be made (a
  reason many of us have to support Chaum’s «blinded
  credentials» idea–without some crypto protections, we’ll
  be constantly tracked in all interactions).
A guiding principle: Leave this question of whether to demand physical ID credentials up to the parties involved. If Alice wants to see Bob’s «is-a-person» credential, and take his palmprint, or whatever, that’s an issue for them to work out. I see no moral reason, and certainly no communal reason, for outsiders to interfere and insist that ID be produced (or that ID be forbidden, perhaps as some kind of «civil rights violation»). After all, we interact in cyberspace, on the Cypherpunks list, without any such external controls on identity.
- and business contracts are best negotiated locally, with
  external enforcement contracted by the parties (privately-
  produced law, already seen with insurance companies,
  bonding agents, arbitration arrangements, etc.)
Practically speaking, i.e., not normatively speaking,
people will find ways around identity systems. Cash is one
way, remailers are another. Enforcement of a rigid identity-
based system is difficult.
11.14.3. «Do we need «is-a-person» credentials for things like votes
on the Net?»
That is, any sysadmin can easily create as many user
accounts as he wishes. And end users can sign up with
various services under various names. The concern is that
this Chicago-style voting (fictitious persons) may be used
to skew votes on Usenet.
Similar concerns arise elsewhere.
In my view, this is a mighty trivial reason to support «is-
a-person» credentials.
11.14.4. Locality, credentials, validations
Consider the privacy implications of something so simple as a parking lot system. Two main approaches:
- First Approach. Cash payment. Car enters lot, driver pays
  cash, a «validation» is given. No traceability exists.
  (There’s a small chance that one driver can give his
  sticker to a new driver, and thus defraud the parking
  lot. This tends not to happen, due to the inconveniences
  of making a market in such stickers (coordinating with
  other car, etc.) and because the sticker is relatively
  inexpensive.)
- Second Approach. Billing of driver, recording of license
  plates. Traceability is present, especially if the local
  parking lot is tied in to credit card companies, DMV,
  police, etc. (these link-ups are on the wish list of
  police agencies, to further «freeze out» fugitives, child
  support delinquents, and other criminals).
These are the concerns of a society with a lot of
electronic payments but with no mechanisms for preserving
privacy. (And there is currently no great demand for this
kind of privacy, for a variety of reasons, and this
undercuts the push for anonymous credential methods.)
An important property of true cash (gold, bank notes that
are well-trusted) is that it settles immediately, requiring
no time-binding of contracts (ability to track down the
payer and collect on a bad transaction)

11.15. Records of all UseNet postings
11.15.1. (ditto for CompuServe, GEnie, etc.) will exist
11.15.2. «What kinds of monitoring of the Net is possible?»

Archives of all Usenet traffic. This is already done by
commercial CD-ROm suppliers, and others, so this would be
trivial for various agencies.
Mail archives. More problematic, as mail is ostensibly not
public. But mail passes through many sites, usually in
unencrypted form.
Traffic analysis. Connections monitored. Telnet, ftp, e-
mail, Mosaid, and other connections.
Filtered scans of traffic, with keyword-matched text stored
in archives.
11.15.3. Records: note that private companies can do the same thing,
except that various «right to privacy» laws may try to
interfere with this
which causes its own constitutional privacy problems, of
course
11.15.4. «How can you expect that something you sent on the UseNet to
several thousand sites will not be potentially held against
you? You gave up any pretense of privacy when you broadcast
your opinions-and even detailed declarations of your
activities-to an audience of millions. Did you really think
that these public messages weren’t being filed away? Any
private citizen would find it almost straightforward to sort
a measly several megabytes a day by keywords, names of
posters, etc.» [I’m not sure if I wrote this, or if someone
else who I forgot to make a note of did]
11.15.5. this issue is already coming up: a gay programmer who was
laid-off discussed his rage on one of the gay boards and said
he was thinking of turning in his former employer for
widespread copying of Autocad software…an Autodesk employee
answered him with «You just did!»
11.15.6. corporations may use GREP and On Location-like tools to
search public nets for any discussion of themselves or their
products
by big mouth employees, by disgruntled customers, by known
critics, etc.
even positive remarks that may be used in advertising
(subject to various laws)
11.15.7. the 100% traceability of public postings to UseNet and other
bulletin boards is very stifling to free expression and
becomes one of the main justifications for the use of
anonymous (or pseudononymous) boards and nets
there may be calls for laws against such compilation, as
with the British data laws, but basically there is little
that can be done when postings go to tens of thousands of
machines and are archived in perpetuity by many of these
nodes and by thousands of readers
readers who may incorporate the material into their own
postings, etc. (hence the absurdity of the British law)

11.16. Effects of Surveillance on the Spread of Crypto
11.16.1. Surveillance and monitoring will serve to increase the use of
encryption, at first by people with something to hide, and
then by others

a snowballing effect
and various government agencies will themselves use
encryption to protect their files and their privacy
11.16.2. for those in sensitive positions, the availability of new
bugging methods will accelerate the conversion to secure
systems based on encrypted telecommunications and the
avoidance of voice-based systems
11.16.3. Surveillance Trends
Technology is making citizen-unit surveillance more and more trivial
- video cameras on every street corners are technologically
  easy to implement, for example
- or cameras in stores, in airports, in other public
  places
- traffic cameras
- tracking of purchases with credit cards, driver’s
  licenses, etc.
- monitoring of computer emissions (TEMPEST issues, often a
  matter of paranoid speculation)
- interception of the Net…wiretapping, interception of
  unencrypted communications, etc.
- and compilation of dossier entries based on public
  postings
This all makes the efforts to head-off a person-tracking, credentials-based society all the more urgent. Monkeywrenching, sabotage, public education, and development of alternatives are all needed.
- If the surveillance state grows as rapidly as it now
  appears to be doing, more desperate measures may be
  needed. Personally, I wouldn’t shed any tears if
  Washington, D.C. and environs got zapped with a terrorist
  nuke; the innocents would be replaced quickly enough, and
  the death of so many political ghouls would surely be
  worth it. The destruction of Babylon.
- We need to get the message about «blinded credentials»
  (which can show some field, like age, without showing all
  fields, including name and such) out there. More
  radically, we need to cause people to question why
  credentials are as important as many people seem to
  think.
- I argue that credentials are rarely needed for mutually
  agreed-upon transactions

11.17. Loose Ends
11.17.1. USPS involvement in electronic mail, signatures,
authentication (proposed in July-August, 1994)

Advantages:
- many locations
- a mission already oriented toward delivery
Disadvantages:
- has performed terribly, compared to allowed compettion
  (Federal Express, UPS, Airborne, etc.)
- it’s linked to the goverment (now quasi-independent, but
  not really)
- could become mandatory, or competition restricted to
  certain niches (as with the package services, which
  cannot have «routes» and are not allowed to compete in
  the cheap letter regime)
- a large and stultified bureaucracy, with union labor
Links to other programs (software key escrow, Digital
Telephony) not clear, but it seems likely that a quasi-
governemt agency like the USPS would be cooperative with
government, and would place limits on the crypto systems
allowed.
11.17.2. the death threats
An NSA official threatened to have Jim Bidzos killed if he
did not change his position on some negotiation underway.
This was reported in the newspaper and I sought
confirmation:
- «Everything reported in the Merc News is true. I am
  certain that he wasnot speaking for the agency, but when
  it happened he was quite serious, at least appeared to
  be. There was a long silence after he made the threat,
  with a staring contest. He was quite intense. «I respect and trust the other two who were in the room
  (they were shocked and literally speechless, staring into
  their laps) and plan to ask NSA for a written apology and
  confirmation that he was not speaking for the agency.
  We’ll see if I get it. If the incident made it into
  their trip reports, I have a chance of getting a letter.»
  [jim@RSA.COM (Jim Bidzos), personal communication, posted
  with permission to talk.politics.crypto, 1994-06-28]
  11.17.3. False identities…cannot just be «erased» from the computer
  memory banks. The web of associations, implications, rule
  firings…all mean that simple removal (or insertion of a
  false identity) produces discontinuities, illogical
  developments, holes…history is not easily changed.

Descubre más desde Anonimato, Privacidad, Hacking & ++

Suscríbete y recibe las últimas entradas en tu correo electrónico.

11. Surveillance, Privacy, And Intelligence Agencies

Descubre más desde Anonimato, Privacidad, Hacking & ++

Relacionado