The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

Q6/17: The U.N. is watching you poop

EchoEcho ski-bapba-dapModerator, Administrator admin
edited March 2009 in Debate and/or Discourse
Q6/17. A U.N. project surrounded ty so much secrecy that it makes ACTA look like an exhibitionist.

The short version of Q6/17: The United Nations are working on a standard for how every single bit of traffic on the internet should be able to be traced back to its sender, killing any and all possibility of anonymity.

This project was initiated by China, that shining beacon of personal freedom and democratic due process. NSA (yes, that NSA) was quick to hop aboard.
A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous.

The U.S. National Security Agency is also participating in the "IP Traceback" drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public.

sauce

China, NSA and the UN behind closed doors. Surely anything that comes out of there must be for the good of all mankind! When China and NSA are two of the tone-setting agencies you can't help but wonder how much of this project is actually about security and how much is about intrusive mass-surveillance.

Since September 2008 there hasn't been much news about Q6/17, except for this document, that also adds climate policies as a reason to control public access to the internet.

In a leaked Q6/17 document this is used as an example:
A political opponent to a government publishes articles putting the government in an unfavorable light. The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so protecting the anonymity of the author.

This is being stated as a problem by Q6/17. Political opposition is a problem that needs to be solved, they outright state. Does China get to ghostwrite everything in this project?

Political opposition, leaks to media, critical reporting, investigating journalism, deviating opinions and loud-mouthed citizens with uncomfortable opinions - are these also problems to be solved that Q6/17 will try to find a solution for? Though of course, they'll hide it behind "fighting terrorism, drugs, filesharing and child porn", as it is popular to do when censoring the internet.

Echo on
«1

Posts

  • RentRent I'm always right Fuckin' deal with itRegistered User regular
    edited March 2009
    Holy
    Holy fucking shit
    No

    Rent on
  • SpeakerSpeaker Registered User regular
    edited March 2009
    Rent wrote: »
    Holy
    Holy fucking shit
    No

    Speaker on
  • DaedalusDaedalus Registered User regular
    edited March 2009
    Echo wrote: »
    A political opponent to an administration publishes articles casting the administration in a negative light. The administration, having a law against all opposition, try to identify the source of the articles but these have been published via a proxy server. The administration cannot trace the source and the author's identity is protected.

    This is being stated as a problem by Q6/17. Political opposition is a problem that needs to be solved, they outright state. Does China get to ghostwrite everything in this project?

    Political opposition, leaks to media, critical reporting, investigating journalism, deviating opinions and loud-mouthed citizens with uncomfortable opinions - are these also problems to be solved that Q6/17 will try to find a solution for? Though of course, they'll hide it behind "fighting terrorism, drugs, filesharing and child porn", as it is popular to do when censoring the internet.

    Yeah, that smells like China, all right.

    Any link to the technical information? I'm wondering how long before widespread workarounds are found, or if it will start out vulnerable to one or more existing workarounds.

    Daedalus on
  • zeenyzeeny Registered User regular
    edited March 2009
    Where is the leaked document? Did I miss the link?
    I'm wondering how long before widespread workarounds are found, or if it will start out vulnerable to one or more existing workarounds.

    A plausible deniability workaround would be shockingly simple.
    Also, this would lead to a 99.98% encryption adoption for any web communication and fuck the overhead.

    zeeny on
  • ReznikReznik Registered User regular
    edited March 2009
    Fuck this. Everyone working on this bullshit can go fuck themselves. Idiots.

    How the fuck do we even stop this?

    Reznik on
    Do... Re.... Mi... Ti... La...
    Do... Re... Mi... So... Fa.... Do... Re.... Do...
    Forget it...
  • Fallout2manFallout2man Vault Dweller Registered User regular
    edited March 2009
    I wonder how any sort of reliably secure or trustworthy trace back method could even work without the U.N. essentially seize control of all thirteen root DNS servers and all of the Tier 1 ISPS then forcing a mandatory shutdown of all TCP/IP/DNS communication and instead implementing some new protocol.

    Fallout2man on
    On Ignorance:
    Kana wrote:
    If the best you can come up with against someone who's patently ignorant is to yell back at him, "Yeah? Well there's BOOKS, and they say you're WRONG!"

    Then honestly you're not coming out of this looking great either.
  • EchoEcho ski-bap ba-dapModerator, Administrator admin
    edited March 2009
    Good article

    That leaked document isn't 100% verified, but the sources sound solid enough for me.

    Echo on
  • NocturneNocturne Registered User regular
    edited March 2009
    Can I Godwin-esque on page 1 by saying this should be called Q19/84?

    This is the type of shit that makes some conspiracy theories actually scary instead of ludicrous.

    Also makes me doubt that we might have actually reached a level of civility in first world nations where violent revolution won't ever be necessary.

    Fuckin A.

    Nocturne on
  • NocturneNocturne Registered User regular
    edited March 2009
    I wonder how any sort of reliably secure or trustworthy trace back method could even work without the U.N. essentially seize control of all thirteen root DNS servers and all of the Tier 1 ISPS then forcing a mandatory shutdown of all TCP/IP/DNS communication and instead implementing some new protocol.

    The UN wouldn't have to seize control of anything. It wouldn't take a whole lot for the NSA to monitor existing ISPs.

    Nocturne on
  • Fatty McBeardoFatty McBeardo Registered User regular
    edited March 2009
    to make it even worse, one can't legitimately bitch about the UN without sounding like a turner diaries reading loon, thanks to so many years of crazy conspiracy theories.

    Fatty McBeardo on
  • FencingsaxFencingsax It is difficult to get a man to understand, when his salary depends upon his not understanding GNU Terry PratchettRegistered User regular
    edited March 2009
    1984 isn't Godwin.

    Fencingsax on
  • NocturneNocturne Registered User regular
    edited March 2009
    Fencingsax wrote: »
    1984 isn't Godwin.

    That's why I said "Godwin-esque."

    It's often overused in a hyperbolic sense, so I was comparing the two.

    Nocturne on
  • Fallout2manFallout2man Vault Dweller Registered User regular
    edited March 2009
    Nocturne wrote: »
    The UN wouldn't have to seize control of anything. It wouldn't take a whole lot for the NSA to monitor existing ISPs.

    You mean monitor the entire internet in real time? Is the NSA outsourcing their mainframes to the machine city now?

    As it exists there technically is a way for finding the source of data, but it can't account for spoofed IP addresses, highly anonymous proxies, or services like TOR. To be able to actually, and truly stop those you'd have to take down the existing internet protocols and build new ones. You can't just expect to be able to firewall off services you don't like, the great firewall may work decently but even it isn't truly effective. To be effective, you'd basically need a new internet, and it'd have to be the only internet available.

    Fallout2man on
    On Ignorance:
    Kana wrote:
    If the best you can come up with against someone who's patently ignorant is to yell back at him, "Yeah? Well there's BOOKS, and they say you're WRONG!"

    Then honestly you're not coming out of this looking great either.
  • NocturneNocturne Registered User regular
    edited March 2009
    Nocturne wrote: »
    The UN wouldn't have to seize control of anything. It wouldn't take a whole lot for the NSA to monitor existing ISPs.

    You mean monitor the entire internet in real time? Is the NSA outsourcing their mainframes to the machine city now?

    As it exists there technically is a way for finding the source of data, but it can't account for spoofed IP addresses, highly anonymous proxies, or services like TOR. To be able to actually, and truly stop those you'd have to take down the existing internet protocols and build new ones. You can't just expect to be able to firewall off services you don't like, the great firewall may work decently but even it isn't truly effective. To be effective, you'd basically need a new internet, and it'd have to be the only internet available.

    Something tells me they're not planning on going that in-depth. What percentage of the existing population uses highly anonymous proxies or spoofed IPs? Now what percentage of those would try to circumvent a firewall preventing those services?

    I don't think this policy is worried about that 0.000001% of the population.

    Nocturne on
  • EchoEcho ski-bap ba-dapModerator, Administrator admin
    edited March 2009
    This is supposed to prevent the possibility of spoofing. Possibly using pixie dust.

    Echo on
  • DashuiDashui Registered User regular
    edited March 2009
    Dashui on
    Xbox Live, PSN & Origin: Vacorsis 3DS: 2638-0037-166
  • EchoEcho ski-bap ba-dapModerator, Administrator admin
    edited March 2009
    Dashui wrote: »

    It warms my cynical little heart that they couldn't even get past the first paragraph without invoking terrorism as the main reason for massive intrusive surveillance.
    "We have no way of knowing whether Osama bin Laden is chatting to Abu Hamza on Facebook. Or terrorists could be having a four-way chat on Skype," he said.

    Nor will they until after the terrorist attacks and they start pussling the pieces together. Hindsight is 20/20 and all that.

    Echo on
  • NocturneNocturne Registered User regular
    edited March 2009
    Echo wrote: »
    Dashui wrote: »

    It warms my cynical little heart that they couldn't even get past the first paragraph without invoking terrorism as the main reason for massive intrusive surveillance.

    Wait, but that is the UK... not the US

    Does Not Compute


    Edit: Now I need to start an Al-Qaeda facebook group.

    Nocturne on
  • kdrudykdrudy Registered User regular
    edited March 2009
    Nocturne wrote: »
    Nocturne wrote: »
    The UN wouldn't have to seize control of anything. It wouldn't take a whole lot for the NSA to monitor existing ISPs.

    You mean monitor the entire internet in real time? Is the NSA outsourcing their mainframes to the machine city now?

    As it exists there technically is a way for finding the source of data, but it can't account for spoofed IP addresses, highly anonymous proxies, or services like TOR. To be able to actually, and truly stop those you'd have to take down the existing internet protocols and build new ones. You can't just expect to be able to firewall off services you don't like, the great firewall may work decently but even it isn't truly effective. To be effective, you'd basically need a new internet, and it'd have to be the only internet available.

    Something tells me they're not planning on going that in-depth. What percentage of the existing population uses highly anonymous proxies or spoofed IPs? Now what percentage of those would try to circumvent a firewall preventing those services?

    I don't think this policy is worried about that 0.000001% of the population.

    If the point is to scare the average person you don't keep it a secret though. It's like what Strangelove said about the doomsday device, it's not a deterrent if no one knows about it. I think you try to keep something like this a secret because you do want to catch the people doing those things, as those are the ones doing things you want to stop, like being political dissidents or sharing information you don't want shared.

    That said this seems like a pipe dream, there would be too much change to the current system needed to correctly implement this or far too much computing power needed to try and do it with the current system.

    kdrudy on
    tvsfrank.jpg
  • RichyRichy Registered User regular
    edited March 2009
    Ah, guys? We can already trace any packet on the internet. The sender's IP address is part of the packet's header. It's necessary since IP communication relies on sharing information and sending acknowledgements. Any action you do on the internet, be it posting a message, FTPing a file, or simply viewing a website, requires you to send out packets with your IP address and details of that action to the target server. To quote one of my profs, going on the internet is like walking through wet concrete - there's no way the steps can't be traced back to you.

    Tracing from an IP address to an individual computer cannot be done automatically because the computer doesn't have a unique ID. The internet system assumes that the IP address is the unique ID. And of course, a regular user logging in through a corporate internet provider receives a different, dynamically-allocated IP address each time. However, you log in to that provider using a unique login and password, and the provider keeps track of which IP address it gives to each user each session. So, while we cannot automatically trace an IP address to an individual computer directly, we can trace it manually by getting the information from the internet provider. And all we need to do that is a court order.

    Richy on
    sig.gif
  • EchoEcho ski-bap ba-dapModerator, Administrator admin
    edited March 2009
    Richy wrote: »
    And all we need to do that is a court order.

    Too much hassle for NSA and China.

    Echo on
  • Fallout2manFallout2man Vault Dweller Registered User regular
    edited March 2009
    Nocturne wrote: »
    Something tells me they're not planning on going that in-depth. What percentage of the existing population uses highly anonymous proxies or spoofed IPs? Now what percentage of those would try to circumvent a firewall preventing those services?

    I don't think this policy is worried about that 0.000001% of the population.

    If that's the case they can just copy China and go great firewall, because that's what it sounds like. You can't expect to have a decently effective firewall with current protocols. You can't expect to reliably track all connections to said proxies because if you don't want to require absolutely obscene amounts of data retention and analysis, the likes of which we've never even dreamed of before, then you'd need to go one step further than China and base your firewall around a whitelist versus a blacklist. This would require either insane amounts of manpower to properly maintain, or require you effectively banish the free internet as we know it and state that only businesses registered with the government may have any sort of web presence, and must all conform with strict government regulations. Which, if you're going to go that far, you might as well just do what I said above and just redo the whole damn thing from scratch, protocols and all.

    Again, the solution is either ineffective, horribly costly, or requires a brand new internet, complete with that new internet smell.....or possibly all of the above!

    Fallout2man on
    On Ignorance:
    Kana wrote:
    If the best you can come up with against someone who's patently ignorant is to yell back at him, "Yeah? Well there's BOOKS, and they say you're WRONG!"

    Then honestly you're not coming out of this looking great either.
  • EchoEcho ski-bap ba-dapModerator, Administrator admin
    edited March 2009
    Again, the solution is either ineffective, horribly costly, or requires a brand new internet, complete with that new internet smell.....or possibly all of the above!

    As much as I'm politically and morally opposed to this shit, the tech geek in me is really interested in how they plan to solve this technically. :P

    Echo on
  • nexuscrawlernexuscrawler Registered User regular
    edited March 2009
    For those of us in developed nations it'd be an annoyance and a hindrance.

    In nations under totalitarian regimes this idea becomes downright frightening. Political rivals, journalists and protesters lives could easily be in danger if their identities are revealed.

    nexuscrawler on
  • DaedalusDaedalus Registered User regular
    edited March 2009
    Richy wrote: »
    Ah, guys? We can already trace any packet on the internet. The sender's IP address is part of the packet's header. It's necessary since IP communication relies on sharing information and sending acknowledgements. Any action you do on the internet, be it posting a message, FTPing a file, or simply viewing a website, requires you to send out packets with your IP address and details of that action to the target server. To quote one of my profs, going on the internet is like walking through wet concrete - there's no way the steps can't be traced back to you.

    Tracing from an IP address to an individual computer cannot be done automatically because the computer doesn't have a unique ID. The internet system assumes that the IP address is the unique ID. And of course, a regular user logging in through a corporate internet provider receives a different, dynamically-allocated IP address each time. However, you log in to that provider using a unique login and password, and the provider keeps track of which IP address it gives to each user each session. So, while we cannot automatically trace an IP address to an individual computer directly, we can trace it manually by getting the information from the internet provider. And all we need to do that is a court order.

    Except if you don't care to receive a response, you can write bullshit into the IP field of the packet header and it will work for some protocols. If you have a proxy, you can route traffic through it and the IP address in the packet header will belong to the proxy rather than to you. (There are many anonymizing proxies that will not keep records of what IP address sent and received what data for long enough for a court order to be used.) Then you get into the really neat networks like Tor and Freenet where you just use other people's computers on the network as proxies several layers deep, et cetera et cetera.

    The point of this project is to plug these loopholes, which I'm not sure can be feasibly done without replacing IP entirely, but it's still sort of distressing that it's being attempted.

    Daedalus on
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited March 2009
    Richy wrote: »
    Ah, guys? We can already trace any packet on the internet. The sender's IP address is part of the packet's header. It's necessary since IP communication relies on sharing information and sending acknowledgements. Any action you do on the internet, be it posting a message, FTPing a file, or simply viewing a website, requires you to send out packets with your IP address and details of that action to the target server. To quote one of my profs, going on the internet is like walking through wet concrete - there's no way the steps can't be traced back to you.

    Tracing from an IP address to an individual computer cannot be done automatically because the computer doesn't have a unique ID. The internet system assumes that the IP address is the unique ID. And of course, a regular user logging in through a corporate internet provider receives a different, dynamically-allocated IP address each time. However, you log in to that provider using a unique login and password, and the provider keeps track of which IP address it gives to each user each session. So, while we cannot automatically trace an IP address to an individual computer directly, we can trace it manually by getting the information from the internet provider. And all we need to do that is a court order.

    Do you... do you not know what a proxy server does?

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • Fatty McBeardoFatty McBeardo Registered User regular
    edited March 2009
    Feral wrote: »
    Richy wrote: »
    Ah, guys? We can already trace any packet on the internet. The sender's IP address is part of the packet's header. It's necessary since IP communication relies on sharing information and sending acknowledgements. Any action you do on the internet, be it posting a message, FTPing a file, or simply viewing a website, requires you to send out packets with your IP address and details of that action to the target server. To quote one of my profs, going on the internet is like walking through wet concrete - there's no way the steps can't be traced back to you.

    Tracing from an IP address to an individual computer cannot be done automatically because the computer doesn't have a unique ID. The internet system assumes that the IP address is the unique ID. And of course, a regular user logging in through a corporate internet provider receives a different, dynamically-allocated IP address each time. However, you log in to that provider using a unique login and password, and the provider keeps track of which IP address it gives to each user each session. So, while we cannot automatically trace an IP address to an individual computer directly, we can trace it manually by getting the information from the internet provider. And all we need to do that is a court order.

    Do you... do you not know what a proxy server does?

    Or NAT.

    Fatty McBeardo on
  • RichyRichy Registered User regular
    edited March 2009
    The proxy itself logs your IP address. It would need to, so that when it gets a reply to your request, it can forward it to your computer rather than one of the others connected to it. As Daedalus pointed out, some proxies can delete those logs quickly afterwards. But my point stands: while you're using it and until the logs are deleted, there's a clear chain tracing the packets back to you. One that's harder to follow and might disappear soon after you're done, granted, but it exists nonetheless.

    Richy on
    sig.gif
  • EchoEcho ski-bap ba-dapModerator, Administrator admin
    edited March 2009
    Richy wrote: »
    The proxy itself logs your IP address. It would need to, so that when it gets a reply to your request, it can forward it to your computer rather than one of the others connected to it.

    Stateless proxy.

    Echo on
  • RichyRichy Registered User regular
    edited March 2009
    Echo wrote: »
    Richy wrote: »
    The proxy itself logs your IP address. It would need to, so that when it gets a reply to your request, it can forward it to your computer rather than one of the others connected to it.

    Stateless proxy.
    Alright, you got me. What do those do? I've googled up some documentation from IBM, but...
    IBM wrote:
    Stateless SIP proxy service

    The SIP proxy service is considered stateless because it performs minimal logical processing of the incoming SIP messages before multiplexing the data and forwarding it to the SIP container.

    The SIP proxy service also maintains and monitors affinity relationships between SIP containers and their clients so that inbound and outbound messages can be routed to the clients. This functionality ensures that messages are routed correctly to users who are connected to different SIP servers in a network deployment environment.

    ...well, it doesn't sound all that different from a regular proxy to me.

    Richy on
    sig.gif
  • EchoEcho ski-bap ba-dapModerator, Administrator admin
    edited March 2009
    A stateful transaction remembers the state of previous transactions. A stateless transaction tosses the data about the transaction as soon as it's complete.

    Short version: A stateless proxy will only keep info about your connection for as long as it takes to load a web page.

    edit: and now that I have more than 30 seconds... you initiate the connection behind the proxy, the proxy connects the web server, the web server ponders and sends response back through the same connection. Then the proxy forgets it all when that connection is closed.

    Echo on
  • RichyRichy Registered User regular
    edited March 2009
    Echo wrote: »
    A stateful transaction remembers the state of previous transactions. A stateless transaction tosses the data about the transaction as soon as it's complete.

    Short version: A stateless proxy will only keep info about your connection for as long as it takes to load a web page.

    edit: and now that I have more than 30 seconds... you initiate the connection behind the proxy, the proxy connects the web server, the web server ponders and sends response back through the same connection. Then the proxy forgets it all when that connection is closed.
    So basically, just a proxy that deletes the client information after each transaction?

    That wouldn't really contradict my previous post, where I said the chain exists, if only temporarily, tracing back to you. And for as long as the transaction is going on, the packets can be traced through the proxy to you. Granted, at this point it can only be traced to you for less than a second, so it's nearly impossible to do in practise, for now.

    So I'll admit the wet concrete analogy my prof used is no longer valid.

    Richy on
    sig.gif
  • saggiosaggio Registered User regular
    edited March 2009
    Thank god for freenet.

    saggio on
    3DS: 0232-9436-6893
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited March 2009
    Richy wrote: »
    Echo wrote: »
    A stateful transaction remembers the state of previous transactions. A stateless transaction tosses the data about the transaction as soon as it's complete.

    Short version: A stateless proxy will only keep info about your connection for as long as it takes to load a web page.

    edit: and now that I have more than 30 seconds... you initiate the connection behind the proxy, the proxy connects the web server, the web server ponders and sends response back through the same connection. Then the proxy forgets it all when that connection is closed.
    So basically, just a proxy that deletes the client information after each transaction?

    That wouldn't really contradict my previous post, where I said the chain exists, if only temporarily, tracing back to you. And for as long as the transaction is going on, the packets can be traced through the proxy to you. Granted, at this point it can only be traced to you for less than a second, so it's nearly impossible to do in practise, for now.

    So I'll admit the wet concrete analogy my prof used is no longer valid.

    Yeah, it's more like wet snow.

    During a snowstorm.

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • DaedalusDaedalus Registered User regular
    edited March 2009
    Again, you can spoof your IP address in the packet header for a number of fun purposes. Won't work if you need a response, of course, but for sending information out anonymously? Sure.

    Daedalus on
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited March 2009
    In any case, I support the hypothetical concept of reliable end-to-end identification.

    Such a system (if it worked... and that's a pretty big if) would make it significantly harder to send spam, perform hacking attempts, phishing attempts, certain forms of fraud, etc.

    However, I wouldn't trust these folks anywhere near it.

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • DaedalusDaedalus Registered User regular
    edited March 2009
    I dunno, Feral, I feel like the ability to reliably send information anonymously is important enough to deal with all the downsides you've listed.

    Daedalus on
  • FeralFeral MEMETICHARIZARD interior crocodile alligator ⇔ ǝɹʇɐǝɥʇ ǝᴉʌoɯ ʇǝloɹʌǝɥɔ ɐ ǝʌᴉɹp ᴉRegistered User regular
    edited March 2009
    Daedalus wrote: »
    I dunno, Feral, I feel like the ability to reliably send information anonymously is important enough to deal with all the downsides you've listed.

    All the arguments I've seen in favor of that position confuse personal anonymity with technical anonymity.

    Do you have an argument that doesn't?

    Feral on
    every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.

    the "no true scotch man" fallacy.
  • SavantSavant Simply Barbaric Registered User regular
    edited March 2009
    Nocturne wrote: »
    I wonder how any sort of reliably secure or trustworthy trace back method could even work without the U.N. essentially seize control of all thirteen root DNS servers and all of the Tier 1 ISPS then forcing a mandatory shutdown of all TCP/IP/DNS communication and instead implementing some new protocol.

    The UN wouldn't have to seize control of anything. It wouldn't take a whole lot for the NSA to monitor existing ISPs.

    I've heard indications that the NSA is hooked into the internet backbones already, based on leaks about the warrantless wiretapping system from Bush's years. The really scary/ingenious part is that they've figured out some ways to dig down in that unimaginably large amount of information to be able to figure out who to snoop on, using metadata analysis.

    That wouldn't be able to catch every last bit of IP communication, as there would be data that passes between devices with smaller subnetworks and ISPs that doesn't go out across the main routers, but it could get a whole hell of a lot of it.

    Being able to have a man in the middle on most of the major connections points of the internet makes this sort of thing sound a fair amount more feasible to me, but they would have to be a hell of a lot smarter and more dedicated than I am to figure out how to make it foolproof and be able to trace everything.

    Savant on
  • Jealous DevaJealous Deva Registered User regular
    edited March 2009
    I think it's far more likely that the NSA just does targeted surveilance on suspicious people and invented the whole "magic metadata" thing as a cover to launder anything they find into something that can actually legally be used to take action.

    Jealous Deva on
Sign In or Register to comment.