Forum Settings
       
Reply To Thread

Expectation of privacy was nice while it lastedFollow

#177 Jul 19 2016 at 7:10 PM Rating: Good
Avatar
*****
13,240 posts
Quote:
The video below demonstrates choosing to randomly grab millions and millions of files over specifically targeting people that you have leads on.


It's doesn't have to be instead of.

Standard policy already scoops 2-3 degrees of separation on suspected leads, picking up possibly 100's of unaffiliated per terror suspect. Those emails are actually looked at, by the way. Often discarded, but the point is it's generally warrant-less seizure of private communications.

Examples of abuse in our "slow expensive and must be targeted data collection scheme":

And remember, this is a programs with little to no oversight by the public, and in most of the cases the suspect confessed after repeated offenses, so it's highly likely that this is a small fraction, perhaps 0.1-1% of the true volume of abuses. In many of the cases no disciplinary action was taken.
____________________________
Just as Planned.
#178 Jul 19 2016 at 7:11 PM Rating: Good
Avatar
*****
13,240 posts
Quote:
Yes, the command. I can present a command that will scan the entire subnets. It's one sentence. I'm asking you to logically speak what type of command (commands) would you use to get this done. What would you scan? What would be your parameters? I'm curious to know what type of scan would present you results in a timely fashion and go unnoticed. When I scan my VMware, my actual PC picks up the IP and blocks it.


...Don't you work in this field? Did you miss the day where they went over the PRISM slides?
____________________________
Just as Planned.
#179 Jul 19 2016 at 7:14 PM Rating: Good
Avatar
*****
13,240 posts
Quote:
Again, according to the logic that you have provided, we should never give anyone any power ever, because those people will abuse it and society will be unable to do anything about it. That is literally your argument. "Don't use banks because the CEOs will run off with your money and buy mansions". "Better not get Internet, because the ISP will steal all of your information". "Better not use cloud service, because the provider will steal and sell your information".


In the olden days if you traveled by road, bandits might attack you, steal your jewelry and coins, and leave you bleeding in a ditch.

The solution, oddly enough, was not "this is just what happens on roads".
____________________________
Just as Planned.
#180 Jul 19 2016 at 7:36 PM Rating: Default
The All Knowing
Avatar
*****
10,265 posts
TLW wrote:
It's doesn't have to be instead of.

Standard policy already scoops 2-3 degrees of separation on suspected leads, picking up possibly 100's of unaffiliated per terror suspect. Those emails are actually looked at, by the way. Often discarded, but the point is it's generally warrant-less seizure of private communications.

Examples of abuse in our "slow expensive and must be targeted data collection scheme":

And remember, this is a programs with little to no oversight by the public, and in most of the cases the suspect confessed after repeated offenses, so it's highly likely that this is a small fraction, perhaps 0.1-1% of the true volume of abuses. In many of the cases no disciplinary action was taken.
Again, you are arguing about something completely different than the discussion I'm having with Gbaji. You're arguing about the possibility of gaining 100s of unaffiliated information while targeting a suspect. Gbaji is arguing about intentionally grabbing millions of unaffiliated information just because the capability exist.

TLW wrote:
In the olden days if you traveled by road, bandits might attack you, steal your jewelry and coins, and leave you bleeding in a ditch.

The solution, oddly enough, was not "this is just what happens on roads".
Read above. Two different discussions. I've already told you that I'm not discussing the legal, ethical or moral grounds of collecting data. I'm stating that Gbaji's prediction is not feasible and completely stupid.
#181 Jul 19 2016 at 7:56 PM Rating: Good
Avatar
*****
13,240 posts
Sure, if you refuse to actually discuss this, fine. I'll engage you on the discussion you are having with gbaji.

The NSA doesn't actually need to use a scanning program, the fiber taps are pretty effective at pulling massive amounts of communications.

Quote:
its system vacuums up all data indiscriminately, regardless of who it belongs too or what the content of that data is.
“If you had the choice, you should never send information over British lines or British servers,” stated Snowden


Edited, Jul 19th 2016 9:58pm by Timelordwho
____________________________
Just as Planned.
#182 Jul 19 2016 at 7:58 PM Rating: Default
The All Knowing
Avatar
*****
10,265 posts
Gbaji wrote:

Dude. 1975 called and wants its telecommunications technology back.

Seriously? You obviously have absolutely no clue how advanced data searches have become. How do you think google works?
Wait? Google is an automated system that takes all data from everyone to store for future use? Then why are you upset about what the government *might* do? Shouldn't you be upset at Google?

Gbaji wrote:

Since this is the second time you mentioned it in this thread, do I really have to repeat the same response? Fine: There's a difference between public and private spaces. Those other searches were occurring in public spaces. Totally different thing.
Are you saying that your pockets aren't private spaces? So does this mean that you believe that conservatives were full of BS when they claimed that the IRS was targeting their groups? You know, since those groups were open for audits by their existence?

SPG wrote:
Obviously can't speak for him, but I think the point is even if it's trivial to do there's still no point in doing it. Starting from a targeted point (say visits to a terrorist website) will always be more likely to yield "good" terrorist candidates than a broad and blind search/hack/whatever. Given they have limited resources to follow up on leads there's no point to generating more candidates for closer monitoring as there's never going to be the resources to do anything useful with that information.

The only way you'd ever start with a blind search through a database is if you had absolutely no idea where to start looking, in which case you probably have bigger problems than the ethical concerns that come from mass surveillance.
This.

Edited, Jul 20th 2016 4:06am by Almalieque
#183 Jul 19 2016 at 8:05 PM Rating: Default
The All Knowing
Avatar
*****
10,265 posts
TLW wrote:
Sure, if you refuse to actually discuss this, fine. I'll engage you on the discussion you are having with gbaji.
I'm not refusing to discuss it, I'm differentiating the two, since you aren't.

TLW wrote:
its system vacuums up all data indiscriminately, regardless of who it belongs too or what the content of that data is.
“If you had the choice, you should never send information over British lines or British servers,” stated Snowden
Given that Snowden is a liar and a traitor, it's difficult to believe anything he says at face value. However, let's pretend that what he says were true and effective. That would mean that there would be NO criminal activity on the Internet, because everyone would all be jailed, right? If you're not jailed for doing criminal activity on tapped servers, then what exactly is the benefit of the surveillance in the first place? What's the point of spending time and resources just to watch people commit crimes if you're not going to do anything about it?
#184 Jul 19 2016 at 8:09 PM Rating: Decent
Encyclopedia
******
35,568 posts
someproteinguy wrote:
gbaji wrote:
That assumes they're looking for terrorists.
It doesn't have to, you could apply the same logic to just about any other situation. Blindly searching a vast database is a poor way to do things just in general if you have any way to at all filter down the information first.


When did I ever say anyone would "blindly search" though a database? What I said is that you first build the database by collecting every single bit of information you can obtain about anything and everything. Once you have that database, then you do directed searches for whatever you want to look for. Which can include searching for patterns that indicate possible terrorist activity. But it could also include searching for any other behavior patterns you want as well. Once you have the data, you can search it using any criteria you want.

Which is why it's somewhat important that we make a distinction between data collected from public sources versus private ones.

Quote:
Now that's probably of little solace if one someone with harmful motives gains illegal access to the information and starts searching for dirt on people starting with a short list of "Republican Party donors" or similar. Assuming there's useful information to be gained by doing that, of course. TLW obviously already hinted at the issue that a database of information that's relevant to a terrorist investigation isn't necessarily good for other things.


Again, and I think that this is the point some people aren't getting, there's no such thing as a "database of information that's relevant to a terrorist investigation". You don't just collect information you think might be relevant to a given search. You collect everything. Every accessible social media site. Every post on every blog. Every single news article. Every post on every forum site. Every paper submitted online. Every resume entered online. Every DMV record. Every tax record. Every application for any kind of license. Every property record. Every tweet. Every silly cat video. Everything. You put it in a big gigantic indexed database. You then run searches on that database looking for patterns in the data that indicates some behavior that you are searching for.

The exact same database that you might use to look for terrorist activity can be used to search for anything. You want a complete list of all left handed midgets with blond hair and a lisp? You can find that. You want to know every restaurant in which someone named Steve with a license plate number ending in 5 ate at in the last month in which another customer named Mark ate at within 2 days of the date Steve ate there? You can get that information. It's just a matter of programming your search parameters. That's it.

Quote:
Given we don't know for sure what information the government keeps saved and accessible we're left speculating about the prospects.


You use google every day right? That should give you a decent idea of the starting point of what the government could do in terms of rapid searches on massive amounts of data.

Quote:
Whether or not it's worthwhile to hack into that for marketing information, political advantage, monetary gain, etc is a whole different concern. One we can't really address and we're more or less forced to take the word of people who say it's secure and not of concern to us. Which, of course, doesn't sit well with many people.


While a third party hacking into this sort of government database is also a concern, I was merely talking about restrictions on data collection methodologies the government should legally be allowed to use to create and maintain said database in the first place. Again, I'm not talking about searches on the database once created, since that's like trying to put the toothpaste back in the tube. I'm talking about whether the government can create some kind of automated tools that pull data out of large numbers of people's home computers without any warrant and add that to the database. What they do with publicly sourced data is a concern, but it's not illegal. I'm just trying to draw a line in terms of legality here.
____________________________
King Nobby wrote:
More words please
#185 Jul 19 2016 at 8:27 PM Rating: Good
Avatar
*****
13,240 posts
Quote:
Given that Snowden is a liar and a traitor, it's difficult to believe anything he says at face value. However, let's pretend that what he says were true and effective. That would mean that there would be NO criminal activity on the Internet, because everyone would all be jailed, right? If you're not jailed for doing criminal activity on tapped servers, then what exactly is the benefit of the surveillance in the first place? What's the point of spending time and resources just to watch people commit crimes if you're not going to do anything about it?


Because while technically challenging to do (apparently they have used subs to tap undersea cable lines), once you have a link set up it's not that much more work to grab all data throughput rather than some, and then put it in a database to search through. Which is what is done.

They don't catch other crimes because it, at present, takes a lot of work to sift through it, and thus not worth pursuing from this angle. But they absolutely could. They could create a list of all people who misspell words and send it off to the wordcrime division if they wanted to. Really, the only thing stopping them is the lack of incentive to do so, and the cases I laid out previously show that agents have in the past used such systems to solve personal vendettas and relationship problems, and generally gotten away with it. Now, lets say any single analyst who is internally or externally motivated to grab data on some group of people for reasons unrelated to "national security". It's not something that can't happen. In fact, based on the apparent controls, it's a wonder it hasn't happened already.
____________________________
Just as Planned.
#186 Jul 19 2016 at 8:37 PM Rating: Default
The All Knowing
Avatar
*****
10,265 posts
TLW wrote:
They don't catch other crimes because it, at present, takes a lot of work to sift through it, and thus not worth pursuing from this angle. But they absolutely could.
So, like I said, not effective. I'm glad that you finally agree with me.

TLW wrote:
They could create a list of all people who misspell words and send it off to the wordcrime division if they wanted to
Judges could force you to perform s3xual favors in order to prevent you from going to jail or pay fines.


#187 Jul 19 2016 at 8:47 PM Rating: Good
Avatar
*****
13,240 posts
Almalieque wrote:
TLW wrote:
They don't catch other crimes because it, at present, takes a lot of work to sift through it, and thus not worth pursuing from this angle. But they absolutely could.
So, like I said, not effective. I'm glad that you finally agree with me.


Yet, As I said, Not effective yet.

Almalieque wrote:
TLW wrote:
They could create a list of all people who misspell words and send it off to the wordcrime division if they wanted to
Judges could force you to perform s3xual favors in order to prevent you from going to jail or pay fines.


No, they can't, as the statute against cruel and unusual punishment prevents this. As does the fact that these are public trials so there is oversight.

Protection against search and seizure should be preventing this broad data collection, however the public (including many members of congress) was kept in the dark about these programs, so they had no way of preventing this from occurring.

Again, if the only data that was being collected and disseminated was that of suspected criminals who had warrants issued against them, we wouldn't be having this conversation.
____________________________
Just as Planned.
#188 Jul 19 2016 at 8:52 PM Rating: Decent
Encyclopedia
******
35,568 posts
Almalieque wrote:
That's only if you consider "efficient" as being dumb.


Something can be both efficient *and* dumb.

Quote:
Now provide me real life scenarios where this is CURRENTLY a need where it would be worth the resources to create. That's the logic part you're not grasping.


Huh? You've never seen those coin collection machines that you dump a bunch of loose coins into, it sorts them, calculates how much money it adds up to, and then spits out that money (with a fee subtracted) in the form of paper currency? That's a real world example where someone found value in creating a machine that can count coins far faster than a human could by hand. WTF?

Same deal here. It takes a ton of time for a human to rummage through someone's data (much less a large number of people's data) to look for patterns that might indicate some criminal or terrorist activity. Thus, prior to the arrival of very large very fast datastorage, it was infeasible to collect vast amounts of data and try to look through it for such patterns. Intelligence agencies did do what you are saying: They start with suspects and leads and clues, and then follow them to wherever they lead. Today? They can just dump massive amounts of data into a database and then do arbitrary searches on that data after the fact. Because it's now efficient and fast to do it that way.

I've explained this several times. Are you actually just flat out denying that the technology exists to do this? Or are you arguing that it does, but for some strange reason, no one would bother to use it? To follow the analogy, someone has already invented a machine you can dump a bucket of coins into and count it for you, but we continue to do it by hand anyway? That's... dumb.

Quote:
Gbaji wrote:
And despite you claims, that's exactly how it would be done. I get that you don't actually understand the technology. And that's fine. But please, for the love of all that is holy, stop making claims about how a hypothetical attempt to obtain mass private information by the government might be done.
Again, according to the logic that you have provided, we should never give anyone any power ever, because those people will abuse it and society will be unable to do anything about it. That is literally your argument. "Don't use banks because the CEOs will run off with your money and buy mansions". "Better not get Internet, because the ISP will steal all of your information". "Better not use cloud service, because the provider will steal and sell your information".


I honestly have no clue why you think that is a response to what I wrote. I'm talking about how mass data collection would be performed and you respond with... a screed about whether people will abuse power? Did you just quote the wrong statement? I'm not seeing the connection.

Quote:
If this is what you do for a living, then you must understand that PEOPLE are involved. So, quit acting like a person wouldn't be involved in an automated scenario.


Yes. I'm one of those people. One of the things I do is write automation scripts for a whole host of different things. And yes, there's a process involved. For those of us who are actually involved in developing said processes, we first figure out all the steps needed to accomplish some task. We document those steps. We follow those steps again (repeating said process until complete) until we know it works every time. Then we automate the steps in code. Then we hand it to someone to use, so that they don't have to take 500 steps to do something, but can just type one command (or click one button, plug it into some automated trigger based service, etc).

You're asking me what "command" I use to do that. Which is like asking an engineer what tool he uses to build a car. It's... nonsense.


Quote:
Quote:
The command?
Yes, the command. I can present a command that will scan the entire subnets. It's one sentence. I'm asking you to logically speak what type of command (commands) would you use to get this done. What would you scan? What would be your parameters? I'm curious to know what type of scan would present you results in a timely fashion and go unnoticed. When I scan my VMware, my actual PC picks up the IP and blocks it.


Why the heck did you trim out the rest of that paragraph where I listed off like 5 different commands that are used to collect different types of information on a network? I honestly have no clue what you are asking for here because I don't know what operating system you're using, or what level of experience you have using it and thus what "command" you might be thinking of. I'm not going to play 20 questions here. For all I know, you're waiting for me to say "ping".

And I'll point out (again) that a hacker is not going to use standard tools and commands (well, a good one wont). He's going to piggy back his hacks on other normal looking network traffic. So a standard http query that looks all normal and whatnot, will contain some extra code that'll do something else. Or what looks like a dhcp broadcast is really a cover for a subnet scan. There's as many different ways to do this as there are packet types. I already mentioned a simple way to listen into a subnet for broadcast traffic (which is sufficient to find most if not all systems on your subnet, even if they have a complete firewall in place, since it merely waits for the system to do a broadcast routing request). There are a host of other more obvious and invasive tools as well.

And I also told you an easy way to get, not just every single ip address on a subnet, but the mac addresses of every system as well (pinging the broadcast address and grabbing the arp table). Useful if, for example, you've turned on a device that uses dhcp to grab an IP, but that has no local interface (like, say ancient jet direct cards you'd attach to a serial printer to turn it into a lan printer). You scan the subnet for mac addresses that match the vendor code for the device (first 3 hex pairs usually work), and can usually find it (assuming in this case, you don't have too many lan printers on one subnet).

I'll repeat that I've probably forgotten more network tricks than you will ever know. I'm not even getting into things like editing TCP packets to modify their behavior. Or just changing datagram sizes to allow for arbitrarily large packets (which may overrun your subnet MTU size, which can do some "interesting" things). Or tricking routers into breaking up packets into different sizes to change header start points (often in conjunction with other tricks). There's a ton of ways to do things on IP based network, and many more ways to disguise what you are doing (and a bunch that put out big glaring alarms as well).

Scanning your VMWare? Really?

Edited, Jul 19th 2016 7:53pm by gbaji
____________________________
King Nobby wrote:
More words please
#189 Jul 19 2016 at 9:00 PM Rating: Default
The All Knowing
Avatar
*****
10,265 posts
TLW wrote:
Yet, As I said, Not effective yet.
As long as there exist much more efficient solutions (targeting, i.e., choosing the boat as opposed to choosing the mystery box, hoping to find the boat), it will always be ineffective.


TLW wrote:
No, they can't, as the statute against cruel and unusual punishment prevents this. As does the fact that these are public trials so there is oversight.
Gbaji's argument is that as long as the capability exists, it will happen. I countered to say that not only is that stupid and ineffective, people wouldn't allow that to happen. Again, Congress knew about the program in discussion and that program isn't what Gbaji is arguing against. He's arguing about a potential NEW program that grabs random stuff from everyone. Furthermore, our laws don't prevent judges from being crooked in the dark. Anyone can commit crime in the dark.



Edited, Jul 20th 2016 5:36am by Almalieque
#190 Jul 19 2016 at 9:34 PM Rating: Default
The All Knowing
Avatar
*****
10,265 posts
Gbaji wrote:

Something can be both efficient *and* dumb.
Hence what I said. Some people will consider driving to work as "lazy", while others will consider it as "efficient".

Gbaji wrote:
Huh? You've never seen those coin collection machines that you dump a bunch of loose coins into, it sorts them, calculates how much money it adds up to, and then spits out that money (with a fee subtracted) in the form of paper currency? That's a real world example where someone found value in creating a machine that can count coins far faster than a human could by hand. WTF?
Which is the exact reason why I said MILLIONS of pennies at a time. Now, go try again.


Gbaji wrote:

I honestly have no clue why you think that is a response to what I wrote. I'm talking about how mass data collection would be performed and you respond with... a screed about whether people will abuse power? Did you just quote the wrong statement? I'm not seeing the connection.
Of course you have no clue, that's why I keep saying it. Your concern is the "inevitable" misuse of power, as if that concern doesn't already exist throughout society in everything else.

Gbaji wrote:
Yes. I'm one of those people. One of the things I do is write automation scripts for a whole host of different things. And yes, there's a process involved. For those of us who are actually involved in developing said processes, we first figure out all the steps needed to accomplish some task. We document those steps. We follow those steps again (repeating said process until complete) until we know it works every time. Then we automate the steps in code. Then we hand it to someone to use, so that they don't have to take 500 steps to do something, but can just type one command (or click one button, plug it into some automated trigger based service, etc).

You're asking me what "command" I use to do that. Which is like asking an engineer what tool he uses to build a car. It's... nonsense.
Not when I say to logically say what you would do. Given the fact that a single sentence can scan an entire subnet of IPs, I'm not quite sure why you think logically explaining it would be difficult to do.


Gbaji wrote:
Why the heck did you trim out the rest of that paragraph where I listed off like 5 different commands that are used to collect different types of information on a network? I honestly have no clue what you are asking for here because I don't know what operating system you're using, or what level of experience you have using it and thus what "command" you might be thinking of. I'm not going to play 20 questions here. For all I know, you're waiting for me to say "ping".

And I'll point out (again) that a hacker is not going to use standard tools and commands (well, a good one wont). He's going to piggy back his hacks on other normal looking network traffic. So a standard http query that looks all normal and whatnot, will contain some extra code that'll do something else. Or what looks like a dhcp broadcast is really a cover for a subnet scan. There's as many different ways to do this as there are packet types. I already mentioned a simple way to listen into a subnet for broadcast traffic (which is sufficient to find most if not all systems on your subnet, even if they have a complete firewall in place, since it merely waits for the system to do a broadcast routing request). There are a host of other more obvious and invasive tools as well.

And I also told you an easy way to get, not just every single ip address on a subnet, but the mac addresses of every system as well (pinging the broadcast address and grabbing the arp table). Useful if, for example, you've turned on a device that uses dhcp to grab an IP, but that has no local interface (like, say ancient jet direct cards you'd attach to a serial printer to turn it into a lan printer). You scan the subnet for mac addresses that match the vendor code for the device (first 3 hex pairs usually work), and can usually find it (assuming in this case, you don't have too many lan printers on one subnet).

I'll repeat that I've probably forgotten more network tricks than you will ever know. I'm not even getting into things like editing TCP packets to modify their behavior. Or just changing datagram sizes to allow for arbitrarily large packets (which may overrun your subnet MTU size, which can do some "interesting" things). Or tricking routers into breaking up packets into different sizes to change header start points (often in conjunction with other tricks). There's a ton of ways to do things on IP based network, and many more ways to disguise what you are doing (and a bunch that put out big glaring alarms as well).

Scanning your VMWare? Really?
I would consider myself below "script kiddie" and I know the answer to that question is to scan by ranges for particular open ports on different OS that can be exploited. You just threw out random routing/switching terminology as if the two were related.

You mention MAC addresses (as an alternate to IP addresses), broadcast address, arp tables, dhcp, etc., but none of those things assist you with popping a box. That information might be useful afterwards, but none of that matters if you're doing an automated massive scan of everything. You clearly have no clue what you are talking about.

#191 Jul 19 2016 at 9:44 PM Rating: Good
Avatar
*****
13,240 posts
Almalieque wrote:
TLW wrote:


Yet, As I said, Not effective yet.
As long as there exist much more efficient solutions (targeting, i.e., choosing the boat as opposed to choosing the mystery box, hoping to find the boat), it will always be ineffective.


TLW wrote:
No, they can't, as the statute against cruel and unusual punishment prevents this. As does the fact that these are public trials so there is oversight.
Gbaji's argument is that as long as the capability exists, it will happen. I countered to say that not only is that stupid and ineffective, people wouldn't allow that to happen. Again, Congress knew about the program in discussion and that program isn't what Gbaji is arguing against. He's arguing about a potential NEW program that grabs random stuff from everyone. Furthermore, our laws don't prevent judges from being crooked in the dark. Anyone can commit crime in the dark.

Edited, Jul 20th 2016 5:01am by Almalieque


Clifton, it's like you don't want to understand.
____________________________
Just as Planned.
#192 Jul 19 2016 at 10:31 PM Rating: Good
*******
50,767 posts
gbaji wrote:
Modern communication technology merely allows people to be dumb even faster and to a wider audience than ever before.
You don't say.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#193 Jul 19 2016 at 11:00 PM Rating: Excellent
Meat Popsicle
*****
13,666 posts
gbaji wrote:
What I said is that you first build the database by collecting every single bit of information you can obtain about anything and everything. Once you have that database, then you do directed searches for whatever you want to look for. Which can include searching for patterns that indicate possible terrorist activity. But it could also include searching for any other behavior patterns you want as well. Once you have the data, you can search it using any criteria you want.
Okay, call it whatever you want, but what you wrote there seems like a bad idea.

Why? Because it's going to have a horrendous false-positive rate. You're going to be returning matches to college students taking classes on the middle east, people with similar names, journalists, etc. etc. regardless of how stringent you make it. If you have information in the database on 300 million people, there are only going to be a small fraction of a fraction of a percent of those that are relevant to your query, and plenty of people who are going to get hit randomly who have absolutely nothing to do with terrorism, or whatever it is you're looking for. The more people you search, the more people are going to pass all your criteria by random chance.

Whereas if you start with useful information, say people who have usernames and passwords to some darknet message board where you know a couple of high-quality targets have been passing information, well now you're starting with maybe a couple hundred data points instead of a potential 300 million, and a sizeable percentage of them can yield useful information. The chances for one of those 200 or so names to pass your same multiple criteria simply by random chance is much lower, by several orders of magnitude. Meaning you can have that much more confidence you're actually chasing useful targets.

That's a lot less potential for wasted man hours, less potential for a public relation fiasco from putting the wrong person on a 'no-fly' list, less potential to have a failed court case, etc. etc.

Quote:
Again, and I think that this is the point some people aren't getting, there's no such thing as a "database of information that's relevant to a terrorist investigation". You don't just collect information you think might be relevant to a given search. You collect everything. Every accessible social media site. Every post on every blog. Every single news article. Every post on every forum site. Every paper submitted online. Every resume entered online. Every DMV record. Every tax record. Every application for any kind of license. Every property record. Every tweet. Every silly cat video. Everything. You put it in a big gigantic indexed database. You then run searches on that database looking for patterns in the data that indicates some behavior that you are searching for.
Why?

The vast vast majority of that information is useless, a potential invitation for misuse, and an attractive target for theft. You're wasting time searching a database that has very little useful information. Why not just pick out the remotely relevant parts of it and throw away the other 99.9999% of the data? It's not like you can't reacquire most of it later anyway. Especially if companies have their own reasons to retain it. It becomes their problem, not yours.

Quote:
You use google every day right? That should give you a decent idea of the starting point of what the government could do in terms of rapid searches on massive amounts of data.
Surely you've noticed the limitations of these automated search engines at some point right? When you're looking for a more obscure piece of information perhaps? There's only so much an automated anything can do for you. There's a point automated scripts need to give way to a person doing detective work, and that's the precious time you don't want to waste on what's simply an interesting correlation.

Quote:
I'm talking about whether the government can create some kind of automated tools that pull data out of large numbers of people's home computers without any warrant and add that to the database. What they do with publicly sourced data is a concern, but it's not illegal. I'm just trying to draw a line in terms of legality here.
It just seems like a rather remote possibility is all. The risk vs reward just doesn't seem to be there in this case. In the end any information needs people to act on it for it to be useful, and there's only so many people who would be willing to do that. It's an interesting thought experiment I suppose, if nothing else.

Edited, Jul 19th 2016 10:13pm by someproteinguy
____________________________
That monster in the mirror, he just might be you. -Grover
#194 Jul 19 2016 at 11:13 PM Rating: Good
Avatar
*****
13,240 posts
Quote:
The vast vast majority of that information is useless, a potential invitation for misuse, and an attractive target for theft. You're wasting time searching a database that has very little useful information. Why not just pick out the remotely relevant parts of it and throw away the other 99.9999% of the data? It's not like you can't reacquire most of it later anyway. Especially if you're making companies to retain it in the interest of national security. It becomes their problem, not yours. You don't even need to know all of it at that point, just what's necessary for your investigation.


That's the point. They do not, and should not need this, and yet they are collecting and using it.
____________________________
Just as Planned.
#195 Jul 19 2016 at 11:23 PM Rating: Excellent
Meat Popsicle
*****
13,666 posts
Timelordwho wrote:
Quote:
The vast vast majority of that information is useless, a potential invitation for misuse, and an attractive target for theft. You're wasting time searching a database that has very little useful information. Why not just pick out the remotely relevant parts of it and throw away the other 99.9999% of the data? It's not like you can't reacquire most of it later anyway. Especially if you're making companies to retain it in the interest of national security. It becomes their problem, not yours. You don't even need to know all of it at that point, just what's necessary for your investigation.


That's the point. They do not, and should not need this, and yet they are collecting and using it.
Do we actually know what they're retaining and how they're using it though? I mean, we know it's been collected obviously, there's been plenty of information on that. We also know at least some of that information sticks around in some form.

But, just to use an example you had up above, when the guy looked up information on his 6 ex-girlfriends on his first day Seriously? Smiley: oyvey, do we know what kind of information he was able to obtain from doing that? Or only that he was able "to spy on the e-mail addresses" which is rather vague and could mean just about anything. Was this part of a database, or did he have to request the information from google (or wherever)? I mean obtaining a list of phone numbers dialed in the last 5 years is a lot different than obtaining 5 years of recorded phone conversations, as an other example from above.

This is actually a serious question by the way, not trying to pull your leg here. I'm a bit in the dark, and the devil is, of course, in the details.

Edited, Jul 19th 2016 10:27pm by someproteinguy
____________________________
That monster in the mirror, he just might be you. -Grover
#196 Jul 20 2016 at 12:11 AM Rating: Good
Avatar
*****
13,240 posts
someproteinguy wrote:
Timelordwho wrote:
Quote:
The vast vast majority of that information is useless, a potential invitation for misuse, and an attractive target for theft. You're wasting time searching a database that has very little useful information. Why not just pick out the remotely relevant parts of it and throw away the other 99.9999% of the data? It's not like you can't reacquire most of it later anyway. Especially if you're making companies to retain it in the interest of national security. It becomes their problem, not yours. You don't even need to know all of it at that point, just what's necessary for your investigation.


That's the point. They do not, and should not need this, and yet they are collecting and using it.
Do we actually know what they're retaining and how they're using it though? I mean, we know it's been collected obviously, there's been plenty of information on that. We also know at least some of that information sticks around in some form.

But, just to use an example you had up above, when the guy looked up information on his 6 ex-girlfriends on his first day Seriously? Smiley: oyvey, do we know what kind of information he was able to obtain from doing that? Or only that he was able "to spy on the e-mail addresses" which is rather vague and could mean just about anything. Was this part of a database, or did he have to request the information from google (or wherever)? I mean obtaining a list of phone numbers dialed in the last 5 years is a lot different than obtaining 5 years of recorded phone conversations, as an other example from above.

This is actually a serious question by the way, not trying to pull your leg here. I'm a bit in the dark, and the devil is, of course, in the details.

Edited, Jul 19th 2016 10:27pm by someproteinguy


Based on Storage rules, at minimum he would have access to metadata, which means he could trace back all incoming and outgoing calls for a year, listen to any within stored within iirc 3 months, and probably have access to a complete repository of emails since the inception of the program, all without ever filing a warrant. It's been a while since this was released and it might have been changed to longer or shorter collection windows based on storage space and law changes.

This is assuming bulk collection and non-targeted, which would be stickier. It also assumes that no other sources are used, no TAO teams, no DROPOUTJEEP etc.. Do however, note that metadata for cell does include location data, which could by highly useful if one were trying to see if their significant other was going somewhere improper, which could be crossed with call data to provide a fairly clear picture of which calls you should check in on.

This is assuming that all other laws were being followed, of course, as we have no evidence to suggest otherwise, and we may as well grant the benefit of the doubt.
____________________________
Just as Planned.
#197 Jul 20 2016 at 1:59 AM Rating: Good
GBATE!! Never saw it coming
Avatar
****
9,957 posts
Timelordwho wrote:
Because while technically challenging to do (apparently they have used subs to tap undersea cable lines)
Or...one could use the handy-dandy building right there in San Diego to siphon up every damn thing coming across the Pacific (for instance).
TLW wrote:
Judges could force you to perform s3xual favors in order to prevent you from going to jail or pay fines.
Is that how gbaji got out of his tax-evasion sheme?

And here I thought it was boring old cash bribery. Silly me!!


Edited, Jul 20th 2016 2:00am by Bijou
____________________________
remorajunbao wrote:
One day I'm going to fly to Canada and open the curtains in your office.

#198 Jul 20 2016 at 5:46 AM Rating: Default
The All Knowing
Avatar
*****
10,265 posts
TLW wrote:
it's like you don't want to understand.
Provide me one career with power that is immune to misusing its power similar to the guy tracking down his ex girlfriends. You're applying irrational fear to a legitimate concern.
#199 Jul 20 2016 at 7:03 AM Rating: Good
Avatar
*****
13,240 posts
I don't think I am. I don't really care about a rogue analyst spying on his ex. My primary concern is that bulk data collection is unjustified, and a domestic threat to our personal freedom. It's not like this hasn't happened before in the history of this and other countries.

Additionally, the burden of proof should not be on the public to prove we shouldn't do this, but rather on the state to provide compelling rationale that it is necessarily to do so, and is not a threat to private citizens who are not suspected of a crime.
____________________________
Just as Planned.
#200 Jul 20 2016 at 7:34 AM Rating: Default
The All Knowing
Avatar
*****
10,265 posts
TLW wrote:
My primary concern is that bulk data collection is unjustified, and a domestic threat to our personal freedom.
So, to clarify ONCE AGAIN. Your concern is the everyday practice of bulk data collection. You're not concerned about the government one day being able to have an automated system that will grab everyone's information all at once? The two are very different, but you keep weaving in and out of the conversation as if they are the same.

TLW wrote:
Additionally, the burden of proof should not be on the public to prove we shouldn't do this,
Read above. The burden does rely on the public IF you are arguing not do "x" because the government will eventually do "y", when there is no evidence, rhyme or reason to ever do "y". On the other hand, if your main concern is simply "bulk data collection", something that the government is already doing, then yes, it would be the government's responsibility to argue that. The two are not the same.

Make up your mind.
#201 Jul 20 2016 at 9:59 AM Rating: Excellent
Meat Popsicle
*****
13,666 posts
Timelordwho wrote:
Based on Storage rules, at minimum he would have access to metadata, which means he could trace back all incoming and outgoing calls for a year, listen to any within stored within iirc 3 months, and probably have access to a complete repository of emails since the inception of the program, all without ever filing a warrant. It's been a while since this was released and it might have been changed to longer or shorter collection windows based on storage space and law changes.

This is assuming bulk collection and non-targeted, which would be stickier. It also assumes that no other sources are used, no TAO teams, no DROPOUTJEEP etc.. Do however, note that metadata for cell does include location data, which could by highly useful if one were trying to see if their significant other was going somewhere improper, which could be crossed with call data to provide a fairly clear picture of which calls you should check in on.

This is assuming that all other laws were being followed, of course, as we have no evidence to suggest otherwise, and we may as well grant the benefit of the doubt.
Which is kind of what I've been trying to get at. He doesn't necessarily have access to everything in a giant database. Viewing metadata and a database entry with location information and other related stuff isn't the same as immediately having access to everything about a person in a single database, and without a warrant. Having a subset of e-mails is more intrusive, but that still isn't "everything in a giant database."

It sounds more like what I've been suggesting, which is a whittled down subset of the information that may be relevant to an investigation with ways, one would assume via a warrant signed by a rubber-stamp judge, to get at whatever isn't included. One would hope that while the honorable Bob Rubberstamp probably doesn't stand in the way of anything deemed remotely legitimate he'd at least be able to deter people from looking up more intrusive information on ex-spouses and other things that would be an abuse of the system.

Of course, we have no real way of knowing whether or not he's an effective deterrent, which is a problem in and of itself, but probably a necessary evil to some degree.

Edited, Jul 20th 2016 9:10am by someproteinguy
____________________________
That monster in the mirror, he just might be you. -Grover
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 239 All times are in CST
Anonymous Guests (239)