Re: [PLUG] groan

[Thomas Delrue <delrue.thomas@gmail.com>]

On 05/25/2018 09:20 AM, Rich Freeman wrote:
> On Fri, May 25, 2018 at 8:56 AM LeRoy Cressy <rev.cressy@protonmail.com>
> wrote:
> 
>> The NSA has a huge computer in Utah storing everything you Say, Do, and
>> Go.  They know where you are at at all times, what you are doing, and etc.
> 
> If your threat model is the NSA you might as well give up now unless you're
> willing to put a LOT of effort into evading them.  Not that you'll need to,
> since their model is basically siphoning a little bit of everything to
> figure out who they need a lot of data for.

First of, your threat model shouldn't have to include our good friends
over at Fort Meade, MD/Bluffdale, UT. Sadly we find ourselves in a world
where they have made themselves our adversary through their demonstrated
behavior, and so here we are...
There used to be laws and regulations that were enforced and checked and
the NSA /wasn't/ listening in on anyone and everyone in the world
including those they're not supposed to (i.e. "US Persons"). That we
find ourselves in a world where intelligence collection is blanket-based
instead of target-centric, is a different problem, but a problem
nonetheless.

> The problem is that even if you don't have a smart TV, all your friends do,
> so if the NSA is listening in they get to hear your friends talking about
> you.  Add in Facebook/SMS, and for that matter basically all the internet
> traffic there is, and a lot of off-internet private line traffic for the
> major cloud providers, and any cooperative data feeds they get...

Or as you keep repeating in most of these types of threads: "Why
continue fighting? The terrorists have won this battle anyways. You
stand no chance of winning so what's the point to keep fighting?
Besides, they /want/ their panem et circenses..."

I find that type of fatalism hidden under a thin veil of "practicality"
or misplaced "reasonableness" tiresome and damaging. I think that it's
nothing more than hiding behind the status quo or "fait accompli".
That facebook is (or other companies are) collecting a (shadow) profile
on me is a problem. They have no right to do so and are violating me and
my person by doing that. In many cases, I'm not even given a reasonable
or real option not to play the game.
The problem is not /how/ these things are collected or through whom, the
problem is that the information is collected at all! Please don't try to
mask one with the other.

This isn't even an attempt at the "slippery slide" argument anymore,
because I'm not telling you that we 'could' go down a bad path. We've
gone down that stupid slide over and over and over again, time and time
again. Every single time someone tried to retort with "don't be daft,
that'll never happen" and then what we warned about happened exactly
like that. And then I find myself or someone else playing chess with a
pigeon.

> If the NSA decides they care about you in particular then you have to deal
> with much more sophisticated attacks (zero days, hardware/firmware-level
> attacks, physical attacks, RF attacks, interception of mail/etc).

If the NSA (i.e. the USG) really cares about you as an individual, then
chances are the things you mention above are not a threat. A hellfire
missile from above is what you will have to worry about. But that's
really besides the point of this discussion. We're talking about
privacy invasion (by corporations, and nations which got dragged into
the discussion by GP's post) here...

> Obviously they're picky about who they can spend that kind of time on,
> which is why they skim for more accessible data.

OK, fine, I'll entertain governmental surveillance I guess...
Are they? Are they really picky though?
Rich, I respect you, but I still think you don't quite fully get the
threat model.
You're absolutely right that when you're an NSA /target/, you have
bigger problems. But I don't think anyone on this list is one of their
targets. Yet we're all in their system and passively on their radar and
for what reason or purpose? What is a reasonable justification for this
state of affairs?

As a simple example for why this particular thing is a problem: There
are so many laws that on average, you're breaking a handful every single
day through your normal activities. If I have a record of every single
thing you've ever done, when and where you've done it, and if I have
that stored in an easily searched format, then once I decide to throw
the book at you, because you just went 5 over in a school zone and
that's the big boogie-man of the day, I can now throw everything and
anything at you, going back as far as the statute of limitations allows
for each one of those things you've done over the years. And everything
I find is just one other squeeze of the thumb screws that I will apply
to you.
If for some reason, you become a real nuisance to the current power of
the day, for whatever reason or whichever accidental or intentional
association you have, you will now find yourself charged with multiple
hundreds of accounts of tiny little and bigger things, each of which
carries enough cumulative time to put you away for ever & destroy the
remainder of your life. I could also selectively release 'interesting'
information to assassinate your character in the press/public and make
sure that you'll never live anywhere nice again. And because I know you
and your person deeply, I know what you consider "nice" and I'll
optimize for minimizing that.
It's not about whether you are /currently/ on their radar, it's about
whether or not you will ever be on their radar because then they will
throw the book at you: what is legal/acceptable today, may not be tomorrow.
And when, FSM forbid, you do get on their radar, your adversary will
recall *exactly* what you did on May 27th, 2002 since they have a record
of it, but you won't & you will tell them something inaccurate; and
lying to a law enforcement officer is illegal in this country and
carries a harsh prison sentence so you just got an extra charge with
prison time on top of everything else just for that.

I will be looking at you very skeptically if you're trying to tell me
that my little scenario above is not one of the drivers behind the FBI
requesting and getting that access on a policy basis.
If I were a prosecutor or accuser, getting more ammo to make my target
crack is never something I'm going to say no to. All I need is one more
straw for that poor little camel to make it sing like a little bird.

This is just a single, simple example of the criminal justice part of
the problem with this vast amount of data collection inside a small
sliver buried within the problem of the wider governmental surveillance
realm. I haven't even started on the corporate side or the psychological
side of this.
It appears to me that some folks read "1984" and thought that it was a
manual instead of a warning.

Since a good number of years, the NSA is no longer picky about whom or
what they collect data on. It's so cheap to do it on anyone, everyone
and everything that that is exactly what happens. Filtering it out is
too expensive and only happens at intel production time when they are
already focusing on their target. You gotta be pretty darn important for
them to NOT collect data on you, and neither you nor I are & never will
be that important.
Combined with the mentality of "we're so averse to risk that we don't
want to miss that one single needle in the haystack and so let's keep
everything and anything around because you never know" and you just got
yourself a very happy Storage Sales rep!

> Unless you have no friends/family/acquaintances you can't really stop the
> skimming.  And if you are really that isolated then you probably stand out
> even more (just run a query of all the living people that the NSA doesn't
> have a ton of data on - it is probably an interesting and small group).

I thought they were selective in who they keep data on? Now they have "a
ton of data" on almost anyone except a small group?
That "interesting and small group" *should* be any "US Citizen and US
Persons(*)". That "small group" should be a large group, it should be
the majority of everyone. (I realize that their job is intel collection
and that non US Persons & non US Citizens do not enjoy any protections
offered by US Law (barring treaties, etc...).)
Yet I'm pretty confident that (almost) everyone on this list is a US
Person and so we should not be represented in their dataset. Yet we are
and that's a problem.

> Personally I'm more concerned with identity theft/etc.  I don't care if the
> NSA can break bitlocker/etc.  I care that if I lose my laptop somebody
> isn't stealing all my cookies and credit card numbers.

Sure, that's a more pertinent threat, you're right to be concerned about
any one of these things. But that doesn't take any of the threats of
privacy invasion away, it just adds to them. You should still care that
the NSA can break bitlocker, because if they can, so can the DGSE, the
GRU&SVR, the MSS, the Mossad and pretty much any other intel service
worth their salt - of which there are more than you may think. And if
they can, then non-state actors aren't that far behind either.

The threat of privacy invasion and subsequent abuse of that information
has always been there and is real. What is different today is the power
multiplier. The ease at which this information can be collected &
exploited by those in a position of power has never been greater, the
barrier to entry is being lifted higher and higher and the abuses are
getting more and more numerous.
And if the Powers That Be, get their way, then encrypting your storage
medium to protect against identity theft just made you a target because
'clearly this dude got stuff to hide'.

For instance, once the powers of the day (governmental or corporate)
start using "social credit"
(https://en.wikipedia.org/wiki/Social_Credit_System) and use all this
data against you (and they will, because let's be honest, this is about
using data /against/ you, not in your favor), I'm sure someone (else?)
will spew 'unwise' things along the lines of "...but it's not that bad",
"I have nothing to hide so I should be fine", "it's so convenient" or
worse "they've gone this far, why fight them when they try to go further".

In the end, you're not a criminal, I'm not a criminal, as far as I know,
no-one on this list is a criminal (don't tell me if I'm wrong about that
because it's none of my business).
Neither you, I or anyone on this list have any intentions of breaking
the law. Why do you allow yourself to be treated like a convicted
criminal? Why do you defend helping others treat yourself, me and all of
your friends on this alias as convicted criminals?
By defending this type of surveillance, corporate and nation-state, and
participating in it, by not fighting it, you actively and directly are
harming me and mine. Your actions have consequences for me...
/That/ is why I have the reaction to this type of post(s) that I have.

The road to hell is paved with good intentions... and I'm not even sure
that in this case, the intentions are good at all. The intentions are
driven by profit and sod those to whom the effects apply.

On the subject of surveillance, here's a last thought: What have the
Powers That Be done that causes them to be so afraid, such that their
natural reaction is to create a total and complete surveillance state?

(*) The time windows any individual has been a US Person.

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug