×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Use Tor, Get Targeted By the NSA

Soulskill posted about 10 months ago | from the hop-online-and-disappoint-some-intelligence-agents dept.

Communications 451

An anonymous reader sends this news from Ars Technica: "Using online anonymity services such as Tor or sending encrypted e-mail and instant messages are grounds for U.S.-based communications to be retained by the National Security Agency, even when they're collected inadvertently, according to a secret government document published Thursday. ...The memos outline procedures NSA analysts must follow to ensure they stay within the mandate of minimizing data collected on U.S. citizens and residents. While the documents make clear that data collection and interception must cease immediately once it's determined a target is within the U.S., they still provide analysts with a fair amount of leeway. And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown—which more often than not is the case when someone uses anonymity software from the Tor Project—"will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person," the secret document stated.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

451 comments

Good for the economy. (5, Funny)

nospam007 (722110) | about 10 months ago | (#44070963)

So we just need to write a Spam Generator that sends out billions of encrypted stuff to US-citizens to create government jobs?

Nice!

Re:Good for the economy. (1, Interesting)

roc97007 (608802) | about 10 months ago | (#44070981)

I'm thinking of torrenting NPR.

Re:Good for the economy. (1)

Anonymous Coward | about 10 months ago | (#44071103)

TOR != torrent

Re:Good for the economy. (0)

Anonymous Coward | about 10 months ago | (#44071213)

TOR != torrent

Perhaps GP meant he would torrent NPR over tor?

Re:Good for the economy. (-1, Redundant)

H0p313ss (811249) | about 10 months ago | (#44071067)

So we just need to write a Spam Generator that sends out billions of encrypted stuff to US-citizens to create government jobs?

Nice!

As noble as that might seem, you will be undermining national security and wasting your own tax money.

Re:Good for the economy. (0)

Anonymous Coward | about 10 months ago | (#44071133)

Was this a reason to _not_ do it? LMAO...

Re:Good for the economy. (4, Funny)

Anonymous Coward | about 10 months ago | (#44071251)

So we just need to write a Spam Generator that sends out billions of encrypted stuff to US-citizens to create government jobs?

Nice!

As noble as that might seem, you will be undermining national security and wasting your own tax money.

As if I could EVER fuck that up more than the current regime. Try again, 'cause that bullshit sure as hell ain't a deterrent for our government.

Re:Good for the economy. (5, Insightful)

Dunbal (464142) | about 10 months ago | (#44071255)

Undermining national security. LOL. What does it feel like to see a threat in every shadow? Everyone is out to get you huh? Careful, the Democratic Republic of the Congo might just get the upper hand and de-stabilize the US before invading it!

Seriously, by fundamentally changing what the US stands for over the last 20-30 years, you have undermined your own national security. There isn't anything left worth fighting for.

Re:Good for the economy. (5, Insightful)

PrivacyXpert (2959307) | about 10 months ago | (#44071541)

What is human right and human freedom that USA Government have been actively accusing other countries of lacking whereby they are spying on their own people in their own backyard? Its a disgraceful joke

Re: Good for the economy. (0)

Anonymous Coward | about 10 months ago | (#44071363)

If their net is cast too wide more I do will help narrow it... Bad management will confuse the issue more... It's not like the "bad guys" are gonna go easy on them!

Re:Good for the economy. (0)

Anonymous Coward | about 10 months ago | (#44071425)

As long as he doesn't doubt the quality of tab water...

Re:Good for the economy. (1)

wmac1 (2478314) | about 10 months ago | (#44071555)

Not my tax money! and no, I don't trust your government like they ask for.

Please tell them to stop spying on me.

Re:Good for the economy. (-1)

ron_ivi (607351) | about 10 months ago | (#44071095)

Isn't that mostly what Tor already is?

A bunch of people downloading music and movies to hid from the RIAA and MPAA despite being told Tor's a bad tool for the job?

Re:Good for the economy. (0)

Anonymous Coward | about 10 months ago | (#44071331)

Torrenting through TOR is too slow.

Re:Good for the economy. (5, Interesting)

Virtucon (127420) | about 10 months ago | (#44071357)

Uhm, No
Actually TOR is many things including downloading (AFAIK you can't do torrents though but maybe you can) but it's also for folks who fear reprisals from their governments or for people who don't want their activity tracked for whatever reason. The people who set up TOR do it to promote the freedom and anonymity in the use of the Internet. Yes it's that tool for all those dirty old men out there looking for hookups on Craigslist while at work.

There was an incident last year where an unsuspecting TOR exit node host was charged for the activities of their anonymous users in his local country. [arstechnica.com] So the folks who support TOR (financially, hardware or act as hosts) don't take it lightly so people who use it shouldn't take it lightly either.

TOR is a great tool but you can also set yourself up with a SOCKs proxy very easily say on Amazon AWS (or any other cloud service) meaning, your encrypted traffic would go to their data center and exit out whatever local network pipe they use. It's not as sophisticated as TOR, where multiple hops are used but at least with Amazon's recent statement, they may resist secret demands for your info. You could also set up cascading tunnels of tunnels but meh, I'm already probably in some file somewhere with the FBI or the NSA just for saying you can do this. I guess I shouldn't mention I have a copy of the "The Anarchist Cookbook" should I? Crap I better burn it now. Oh crap, you can get it on Amazon anyway, so I guess they're now suspects. [amazon.com]

Re:Good for the economy. (3, Insightful)

Anonymous Coward | about 10 months ago | (#44071417)

Isn't that mostly what Tor already is?

A bunch of people downloading music and movies to hid from the RIAA and MPAA despite being told Tor's a bad tool for the job?

No, Tor doesn't run fast enough most of the time to make torrents worthwhile. Most people use Tor as an anoymous proxy, and that's all.
The Onion-based sites themselves mostly contain illegal activity such as child porn, drugs (Silk Road), hacking hangouts, credit card trading forums, and other stuff that is likely to get you in trouble with various governments around the world.

Re:Good for the economy. (0)

Anonymous Coward | about 10 months ago | (#44071121)

So we just need to write a Spam Generator that sends out billions of encrypted stuff to US-citizens to create government jobs?

Nice!

Make sure everything is randomly seeded with the word bomb. Talk about the bomb concert you went too all the time too. Maybe even talk about the bomb taco truck you stood an hour in line for one time...

Re:Good for the economy. (5, Funny)

drfred79 (2936643) | about 10 months ago | (#44071249)

I'm intending to write BOMB a script that will add random Red Flag words to my emails OBAMA at random intervals in bold so NUKE everyone can continue to read my emails normally TERRORIST but the government will start getting inundated with my AL QAEDA schemes.

Re:Good for the economy. (5, Funny)

ArcadeX (866171) | about 10 months ago | (#44071307)

you forgot the truly evil words like REDUCE TAXES, CIVILIAN OVERSIGHT, BALANCED BUDGET, NEW IDEAS, and everything else that scares the gooberment

Re:Good for the economy. (0)

Anonymous Coward | about 10 months ago | (#44071377)

You used both "REDUCE TAXES" and "BALANCED BUDGET". Were you dropped on your head as a child?

Re:Good for the economy. (1, Offtopic)

Darkness404 (1287218) | about 10 months ago | (#44071449)

If we just stopped most of the welfare programs and started using the military only for defense rather than "nation building" and killing Pakistani civilians we could very easily reduce taxes and balance the budget.

Indeed if we rolled back government spending to early 1990s levels we could eliminate the income tax entirely.

You can't have the welfare, warfare and nanny state though.

Re:Good for the economy. (1)

Maxo-Texas (864189) | about 10 months ago | (#44071543)

Just keep in mind that a government at 1990's prices would provide half the defense and services that it did in the 1990's due to 20 years worth of inflation.

Also- if you don't pay the promised social security bills you are going to have a lot of starving and dying old people. Some might get violent.

I could see means testing social security more (we already means test it some). Then you only take it away from people who have so much savings or such good pensions that they don't need it (it's just a cherry on top of their retirement income).

And I could definitely see cutting defense ALL the way back to inflation adjusted 2001 levels (it would still be more than the next 15 nations combined).

However, without estate taxes and rolling back the bush tax cuts we are going to become an oligarchy even faster than we are now. And that path always ends badly for the countries that went down it. (if you are worried, the oligarchs usually get away just fine with all the money-- they don't care about the country anyway).

Re:Good for the economy. (0)

Anonymous Coward | about 10 months ago | (#44071299)

Or the bomb chick with the huge ASSSSSSSSassin, who I suspect is a terrorrorrorrorrist.

Re:Good for the economy. (4, Interesting)

AmiMoJo (196126) | about 10 months ago | (#44071147)

Why does it matter if someone is a "us person"? Fuck off spying on me America.

Re:Good for the economy. (0)

Anonymous Coward | about 10 months ago | (#44071185)

Some Guy in Florida is already working on this. As a side business he sells "Enhancment Tools" ;)

Re:Good for the economy. (-1)

Anonymous Coward | about 10 months ago | (#44071387)

compress /dev/random > /dev/eth0

Re:Good for the economy. (0)

beelsebob (529313) | about 10 months ago | (#44071461)

I don't really get it... The entire reason you might use Tor is because you want to hide what you're doing from the authorities... Why on earth would the authorities not consider it interesting what you're hiding if you're doing so?

It's like suggesting that a cop shouldn't go and investigate a guy handing a package to another guy in a back alley because back allies are common places for drug deals to take place.

They have suspicion that something dodgy is going on, and they're investigating it, that's what we pay them to do.

Uhm, guys? (5, Insightful)

waddgodd (34934) | about 10 months ago | (#44071031)

Given the recent revelations about the NSA dragnets of literally every single email, call, text, and pretty much any other form of electronic communication, it's pretty much a given that the best way to attract the NSA's attention is fog a mirror.

non-issue (5, Informative)

TCM (130219) | about 10 months ago | (#44071033)

You are supposed to use HTTPS only over Tor anyway and transmit no identifying data in other cases, respectively. Tor already assumes the existence of such an adversary as the NSA, so what's the story here?

Re:non-issue (4, Insightful)

Errol backfiring (1280012) | about 10 months ago | (#44071119)

Tor already assumes the existence of such an adversary as the NSA, so what's the story here?

That TOR is right. Even in countries that are not a far-from-my-bed dictatorship.

Re:non-issue (2)

Jartan (219704) | about 10 months ago | (#44071501)

The story here is that if you use Tor you might be flagging yourself as a "valid US target".

Re:non-issue (4, Insightful)

flappinbooger (574405) | about 10 months ago | (#44071563)

You are supposed to use HTTPS only over Tor anyway and transmit no identifying data in other cases, respectively. Tor already assumes the existence of such an adversary as the NSA, so what's the story here?

The way I see it, if you use the internet without TOR or VPN etc then everything is out in the open and the NSA logs everything and keeps everything IF OR UNTIL they determine you are a US citizen.

Or, you can use TOR or VPN or whatever and the NSA will log everything and keep everything - and consider your actions suspicious.

Moral of the story - If you use TOR or VPN for anything interesting you better make sure you do it right. If you don't use TOR or VPN then don't do anything interesting.

Read article on TOR, get targeted (2)

techsimian (2555762) | about 10 months ago | (#44071037)

Aren't they violating the millennium act? I suppose that's only if they try to circumvent an encryption scheme....

Re:Read article on TOR, get targeted (4, Informative)

jamstar7 (694492) | about 10 months ago | (#44071193)

Aren't they violating the millennium act? I suppose that's only if they try to circumvent an encryption scheme....

It's the government doing this. That makes it legal, sorta. At least it is sorta legal if you wanna bag them terrorrorrorrorrists.

Personally, I think the terrorrorrorrorrists already won.

Re:Read article on TOR, get targeted (1)

pr0fessor (1940368) | about 10 months ago | (#44071497)

It would be like scaring a bull to get it out of a china shop. They may run but I doubt that you could consider that a win.

Re:Read article on TOR, get targeted (1)

Virtucon (127420) | about 10 months ago | (#44071507)

Shit, use the T-word now and you can get rid of all sorts of annoying problems. It's like that scene from "Cheech and Chong's Next Movie" where Paul Rubens (of Pee Wee Herman fame) is on the phone trying to get the police to come and arrest 'Los Guys' because they are doing a B&E to get the luggage.. (Funny Scene) anyway the cops are paying him lip service and he finally says "Look I think they're Iranians!" [youtube.com] .. All of a sudden SWAT shows up with dozens of squad cars, megaphones blaring.... This was 1980, the embassy hostage situation was front page news everyday... Man, we're still having problems with Iran, after over 30 years, WTF. Anyway...

The point here is that I just read this Article [dailycaller.com] today and it's about a local water official who at a meeting where customers were vetting complaints about the quality of their drinking water (cloudy, yucky, filthy shit) he blurts out and repeats to a stunned crowed:

“But you need to make sure that when you make water quality complaints you have a basis, because federally, if there’s no water quality issues, that can be considered under Homeland Security an act of terrorism.”

So our society has now determined, or this poor misguided retard, that complaining about your water is a possible act of Terrorism? WTF.. We now treat common criminal as Terrorist acts now, if you live in New York it seems. [nytimes.com] I'm sorry I'm going to do a Farnsworth [youtube.com] and get the fuck off this planet!

Anyone else notice a pattern? (5, Insightful)

spacepimp (664856) | about 10 months ago | (#44071041)

They keep stretching the parameters and scope of what they can do. Of course that is only after they have been caught lying about the scope to begin with. Does anyone still believe them? I imagine quite soon they will start declaring that they need to have a back door to all encryption just in case you might do something wrong.

Re:Anyone else notice a pattern? (5, Insightful)

OffTheLip (636691) | about 10 months ago | (#44071083)

Are you sure they "keep stretching the parameters and scope" or are we just learning the scope and depth of what they have already been doing?

Re:Anyone else notice a pattern? (1)

ganjadude (952775) | about 10 months ago | (#44071197)

of course they are stretching it. I mean they tell us what we can deal with, then we find out more,, so they justify that, but down the road we find out even more so they justify that. Where does it actually end is what id like to know

Re:Anyone else notice a pattern? (0)

Anonymous Coward | about 10 months ago | (#44071343)

There's no new revelations here. There have been numerous court rulings saying this stuff isn't protected. These exact programs were leaked in 2006, but no one seemed to care. About the only thing that changed is that the companies used to give this data voluntarily and now they give it under a FISA court order. Maybe you personally couldn't deal with the truth before and now you've finally accepted it, but the story hasn't changed. There hasn't been any stretching, these are the exact rules the NSA has always publicly claimed to use. If you didn't assume they were going to the full extent allowed by law, then that's your foolishness.

Re: Anyone else notice a pattern? (0)

Anonymous Coward | about 10 months ago | (#44071419)

Just cause WE FOUND OUT about one scheme doesn't mean they aren't THREE schemes ahead. Which means all this "grief" means absolutely nothing to day-to-day operations.

Re:Anyone else notice a pattern? (0)

vettemph (540399) | about 10 months ago | (#44071219)

Both. ...Mohammed jihad triple dirka rocket launcher!

Re:Anyone else notice a pattern? (0)

Anonymous Coward | about 10 months ago | (#44071317)

triple dirka rocket launcher!

Sounds like a Borderlands 2 Legendary weapon.

Re:Anyone else notice a pattern? (2)

robinsonne (952701) | about 10 months ago | (#44071181)

Unfortunately, apart from the ones that are anti-government all the time, yes...a great many people believe them. Hook, line, & sinker.

Re:Anyone else notice a pattern? (4, Insightful)

dkleinsc (563838) | about 10 months ago | (#44071265)

Does anyone still believe them?

Yes. And they're a part of the problem.

Re:Anyone else notice a pattern? (1)

ArcadeX (866171) | about 10 months ago | (#44071323)

They're only a problem if that vote or reproduce.... not much danger of the first one.

Re:Anyone else notice a pattern? (1)

Princeofcups (150855) | about 10 months ago | (#44071427)

They keep stretching the parameters and scope of what they can do. Of course that is only after they have been caught lying about the scope to begin with. Does anyone still believe them? I imagine quite soon they will start declaring that they need to have a back door to all encryption just in case you might do something wrong.

Are you new to the world, or is this sarcasm?

Re:Anyone else notice a pattern? (0)

Anonymous Coward | about 10 months ago | (#44071485)

I imagine quite soon they will start declaring that they need to have a back door to all encryption just in case you might do something wrong.

You can imagine all you lie, but they already have a quantum computer which makes it
trivially easy to crack all known encryption schemes.

If you want to keep a secret, you don't send it electronically, period.

It's Worse Than You Thought (5, Insightful)

Anonymous Coward | about 10 months ago | (#44071045)

Combining the fragments of leaked information that are now public related to the NSA's programs and the legal authorities affirmed by the FISA courts and Attorney General Eric Holder, it's clear that the US government's surveillance apparatus has the potential to monitor a significant portion of US citizens' communications.

Several reputable reports, including PBS' Frontline and NOW, have detailed the construction and operation of telecommunication interception facilities such as Room 641A. These types of facilities, which were deployed by 2003 and revealed to the general public by 2006, provide the NSA with the opportunity to access a large volume of telecommunications traffic. To use an analogy, imagine that several major mail sorting hubs in the US had "secret" rooms controlled by the NSA that all mail passed through.

A significant portion of Internet traffic is encrypted. Online banking, Facebook, Twitter, Gmail, etc. utilize standard SSL encryption to provide security. To continue the analogy, while some internet traffic is unencrypted in much the same way that postcards are mailed all the time with their messages clearly visible, many "sensitive" online communications such as the aforementioned banking and social networking services encrypt communications, similar to the way that sensitive mail communications like bank statements are usually sent in envelopes and not on postcards.

It is not politically palatable to suggest that US government agencies can and should surveil US citizens' telecommunications in any indiscriminate fashion, and there is no clear legal authority that would permit them to do so. In an interview with Charlie Rose that aired June 17, 2013, President Barack Obama said "...if you're a U.S. person then NSA is not listening to your phone calls and it's not targeting your e-mails unless it's getting an individualized court order."

Under the original provisions of the 1978 Foreign Intelligence Surveillance Act (FISA), the US government does have authority to conduct surveillance of communications without a court order if the parties communicating are not United States persons. More recent amendments to FISA since September 11, 2001 have expanded the government's authority to conduct surveillance.

It can be difficult to identify the geographic origin of telecommunications traffic. Tor, Virtual Private Networking, and Internet proxies provide ways for Internet users to "hide" their return addresses. There are all sorts of legal, legitimate uses for these technologies. For example, the 1996 Health Insurance Portability and Accountability Act (HIPAA) is widely interpreted to require hospitals to use encryption technologies such as Virtual Private Networks to protect confidential medical information if it is transmitted electronically between medical facilities.

It is also incredibly difficult to determine the nationality of a user of a telecommunications network. For example, two non-US persons could be visiting the US and using a telecommunications network in the country or a US citizen could utilize a telecommunications network when traveling outside the US.

There's an area where it helps to extend the envelopes vs. postcards analogy a bit: encryption is, in some ways, more like mailing a letter in a combination safe where only the sender, receiver, and safe company know the combination. The whole point of encryption is that it secures communications in such a way that even if someone intercepted an encrypted message, they couldn't read it unless they knew the secret combination to decode it.

This leads to a couple of questions:

  1. If the US government is trying its best to restrict its surveillance to non-US persons, what does it do if it accidentally intercepts and reads communications from a US person?
  2. If a large volume of telecommunications traffic, particularly traffic that is of interest to the US government, is encrypted (e.g., in opaque envelopes/combination safes without return addresses), how is it possible for the government to even determine whether a communication can be legally surveilled until after it has already deciphered it?
  3. How is it even possible for the US government to surveil the large volume of encrypted communications since decrypting those communications is often equivalent to time-consuming safe cracking?

Regarding question #1, a key revelation in a leaked document titled "Minimization Procedures Used By The National Security Agency In Connection With Acquisitions Of Foreign Intelligence Information Pursuant To Section 702 Of The Foreign Intelligence Surveillance Act Of 1978, As Amended" published by The Guardian on June 20, 2013 is that, even for "communication[s] identified as domestic," the "Director (or Acting Director) of NSA" can "specifically determine[s], in writing, that" (Section 5) "...all communications that are enciphered or reasonably believed to contain secret meaning..." can be retained for "...any period of time during which encrypted material is subject to, or of use in, cryptanalysis" (Section 5.3a).

Any and all encrypted communication is enciphered. Any and all encrypted communication is subject to cryptanalysis forever.

By the above standard, the NSA has the legal authority to decide to indefinitely retain all encrypted communications for all US citizens. Banking transactions, medical records, private emails, etc. could all be legally intercepted and retained under this authority.

Regarding question #2, it is simply impossible to determine whether encrypted communication can be legally surveilled until after it has been decoded. An encrypted message with plans for a criminal action communicated by non-US persons inside the US via a private Facebook message is essentially indistinguishable from a "good morning" private Facebook message between two US citizens before they are decrypted.

Examining question #3 is the hardest since not much is known in this area and any technologies the NSA is using are highly classified. The problem boils down to safe-cracking: even if the NSA had the legal authority (which it believes it does) to decrypt and store all encrypted traffic, how does it solve the complex, time consuming and expensive problems of decoding and storing all those messages?

Returning to the combination safe analogy, it's possible to "build your own safe," to transmit a message in. This would ensure that only the safe builder and those he/she shared the secret combination with would know the code. This type of encryption would require the NSA to somehow crack the safe if they intercepted it. All current Internet security is predicated on the idea that "cracking the safe" is really hard and time consuming to do. There's the potential that the NSA is utilizing advanced technologies like quantum computers to accelerate this process. It's also likely that they'd need to develop this sort of technology at some point since right now it's way easier to build your own safe than to break into one, so criminals will be increasingly likely to use more secure encryption to try to evade surveillance efforts, even if such encryption methods aren't commonplace now.

On the other hand, and this is not an original observation, many encryption schemes like SSL use central authorities to authenticate and protect communications. Companies like Symantec/VeriSign are the ubiquitous "Master Locks" of the encryption industry: many, many websites use encryption from a small group of companies. Instead of cracking each encoded message they intercept, it would be much easier for the NSA to simply obtain the decryption codes directly from the central authorities like Symantec/VeriSign. This would greatly simplify the problem and would allow the NSA to instantly decode much of the encrypted communication it intercepts.

There's circumstantial evidence to suggest that this may indeed be happening. In responses to the recent leaks about the NSA's programs, several high ranking officials have insisted that the number of specific surveillance requests to the FISA court is small and that these few requests that have been submitted are essentially always approved and have frequently led to important, actionable intelligence. As President Obama said in his interview with Charlie Rose "...the number of requests are surprisingly small, number one. Number two, folks don't go with a query unless they've got a pretty good suspicion."

This overwhelmingly suggests pre-screening is going on. Given the government's posture in trying to maintain national security and prevent criminal actions, it would seem that the government would err on the side of having more false positives versus being too cautious and failing to discover and disrupt actions that threaten safety and security. Even by the government's own standards, if every time you really try to get the bad guys you catch them, but sometimes you don't try and something like the Boston bombing happens, shouldn't you try more often? Alternatively, if the government's spending a fortune and taking liberties with laws and regulations all in the name of safety and security but they're just lowering the signal to noise ratio by scrutinizing everything and they still can't prevent terrible acts, shouldn't they reconsider their actions?

The constant attempts to calm, explain, and allay concerns continue to have the opposite effect.

Re:It's Worse Than You Thought (2)

crunchygranola (1954152) | about 10 months ago | (#44071529)

... If the US government is trying its best to restrict its surveillance to non-US persons, what does it do if it accidentally intercepts and reads communications from a US person?

Probably the same thing the Police and Federal Agencies do when they falsely arrest you. They say "Oops! So you didn't do anything wrong. But we are keeping all of your info in our database of criminals forever, just in case."

Here's the catch, (5, Informative)

Anonymous Coward | about 10 months ago | (#44071053)

" Where the NSA has no specific information on a person's location, analysts are free to presume they are overseas, the document continues."

http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant [guardian.co.uk]

Re:Here's the catch, (1)

vettemph (540399) | about 10 months ago | (#44071397)

So ....guilty until proven innocent.

I wouldn't work quite as well if everyone was consider a US citizen until proven otherwise, comrades.

Re:Here's the catch, (1)

Isaac Remuant (1891806) | about 10 months ago | (#44071537)

It would work even better if non US citizens were not considered as subhuman.

It's becoming a trend that every time the US government strips your rights they find a way to deny your citizenship (anwar al-waki & son) so that no one can complain.

If you are american, you should stop excusing injustices if they don't seen to happen to "proper US citizens".

encryption (5, Funny)

Anonymous Coward | about 10 months ago | (#44071085)

use TOR to send copies of 1984

What country are you talking about? (-1)

Anonymous Coward | about 10 months ago | (#44071097)

Let Kim Jong Un and his buddies do their job. It for you own good.
People are generally dump and only government can protect you.

aw fuck (0)

Anonymous Coward | about 10 months ago | (#44071107)

Aw fuck. First I get blocked from Slashdot, now this..

That's the point of Tor. (5, Insightful)

Hatta (162192) | about 10 months ago | (#44071109)

Yes, using Tor is going to attract attention. That's why we need as many people as possible to use Tor, to decrease the signal to noise ratio. If you have nothing to hide, you should be using Tor to help protect those who do.

Re:That's the point of Tor. (2)

ndixon (184723) | about 10 months ago | (#44071175)

I think this is the trigger that'll make me start using Tor as a matter of routine. I am Spartacus and all that.

Re:That's the point of Tor. (-1)

Anonymous Coward | about 10 months ago | (#44071269)

So you want us to use tor specifically to help the pedophiles and terrorists? Go to hell.

Re:That's the point of Tor. (0)

Anonymous Coward | about 10 months ago | (#44071367)

Nobody has nothing to hide. The people who say they have nothing to hide aren't very likely to consciously help others hide. They're either lying or delusional about what privacy means [ssrn.com] .

Re:That's the point of Tor. (1)

SJHiIlman (2957043) | about 10 months ago | (#44071553)

And they probably also think that their government is composed of perfect beings who could never abuse their powers or make mistakes. After all, if the government is not made up of perfect beings, the rules could change and suddenly that thing you do that you believed was harmless becomes illegal. Or maybe an individual in the government makes a mistake or decides to abuse the data?

Yeah, everyone has something to hide, and that's especially true when you take into account the fact that governments are made up of human beings.

TOR exit node locations (4, Interesting)

steelfood (895457) | about 10 months ago | (#44071125)

I think this is reasonable in the context of communications monitoring. TOR exit nodes are often not in the U.S., and it's reasonable to expect that traffic coming out of a TOR exit node may not originate from the U.S. I don't support this massive data collection in general, but I don't see why TOR traffic wouldn't be expected to raise red flags.

That having been said, I'm not sure where the fire is. Unless you're stupid enough to log into your own accounts (which contain identifying information) via TOR, they can collect all they want, but they'll never tie it back to you.

Now, could they theoretically track your traffic back to its origin if they have a complete picture of the network? It's possible, but they can only do a positive ID when there's not much TOR traffic, especially near your physical location, to begin with. That's where security by obscurity comes into play.

Re:TOR exit node locations (4, Interesting)

joe_frisch (1366229) | about 10 months ago | (#44071289)

If the NSA is operating the majority of TOR nodes does that make it easier for them to identify your location? Remember that they have a rather large computer budget.

Re:TOR exit node locations (0)

Anonymous Coward | about 10 months ago | (#44071551)

How many TOR nodes are there? How many are run by NSA [wikipedia.org] or any of the other UKUSA members [wikipedia.org] ? Given the cost of running a node and the budget of the NSA, how would you spend your money?

As an aside, if the US wants to spy on US citizens, it doesn't do so directly. It asks GCHQ [wikipedia.org] or one of the other UKUSA members to do it for them. This gets around those pesky FISA rules in a hurry. The other members use the same technique to get around any similar laws on their home soil. This has been SOP since the days of ECHELON: http://www.tysknews.com/Depts/Big_Brother/echelon_spy_in_the_sky.htm [tysknews.com]

Exist, get targeted by the NSA (0)

Anonymous Coward | about 10 months ago | (#44071131)

They want to know everything about everyone, which according to their dictionary somehow does not qualify as "indiscrimately".

Captcha: justice
LOL

The darkest place is under the lamp (2)

arf_barf (639612) | about 10 months ago | (#44071143)

It's always true. Just send your communications directly to NSA and a bunch of other people (from a SPAM list) and ask to have it forwarded to the final recipient. It's unlikely that it will get flagged as a potential threat....

Technicalities (4, Insightful)

organgtool (966989) | about 10 months ago | (#44071151)

In other words, since they don't know who you are and can't positively confirm that you are a U.S. citizen, then they claim they are not bound to uphold your Fourth Amendment rights despite the fact that they are likely able to confirm that you are currently located in the U.S. I'm not sure that logic would hold up in court and I hope they are challenged on this.

Re:Technicalities (1)

intermodal (534361) | about 10 months ago | (#44071407)

The difficulty is going to be finding a plaintiff who can make a significant enough case to actually get it into court and take it to high enough levels without setting a bad precedent.

Re:Technicalities (2)

crunchygranola (1954152) | about 10 months ago | (#44071469)

Does this technicality allow the U.S. government to open sealed First Class mail whenever it likes? Sure its a domestic delivery but we haven't confirmed that both the sender and the intended recipient are U.S. citizens.

Uhhhh.... (0)

Anonymous Coward | about 10 months ago | (#44071163)

So, don't use Tor to encrypt your traffic (to avoid NSA snooping) because they will store your encrypted traffic?

Interesting Firefox/Chrome plugin idea (1)

MikeRT (947531) | about 10 months ago | (#44071203)

Attach an email sig line that is the ciphertext of some small paragraph from Google News.

Awesome! (1)

drfred79 (2936643) | about 10 months ago | (#44071207)

Now if we all just start using Tor we'll give the government something to do. The message from the NSA is if you use Tor you are a criminal. Great Constitutional argument. BTW, this message was sent with TOR AND a anonomizing proxy.

US Citizens Only (0)

Anonymous Coward | about 10 months ago | (#44071221)

"we only target people outside of the US"

Because people outside of the US are non-persons and as such should have no expectations of privacy when their data is held inside the US. Does no one actually think about what they are saying?

Re:US Citizens Only (1)

Nutria (679911) | about 10 months ago | (#44071375)

Don't tell me you're as Stupid as you are Cowardly.

They're not US Citizens and therefore don't fall under the protection of the US Constitution.

I'd be disappointed if the FSB, "MI5" and Chinese MSS aren't trying to do the same to the US.

Um, so... (0)

Anonymous Coward | about 10 months ago | (#44071231)

Leaving the argument aside for the moment of whether what the NSA is doing is legal, if they are collection all foreign communication, what else should they do when they don't know where it comes from ? Aside from that, using Tor and encryption properly may get your data collected, but the NSA still won't be able to read it. Far better than trusting them not to look at your unencrypted domestic conversations.

Fine! (1)

Anonymous Coward | about 10 months ago | (#44071235)

Back in the late-80's/early-90's, there was suspicion that the gov't was watching all Usenet traffic for suspicious keywords. So, people would purposely include things like: "Food for the FBI scanners: bomb weapons nuclear". The aim was to overwhelm the scanners with false-positives.

So, they're going to pay extra attention to TOR traffic? Okay... excuse my while I configure my mom's PC to use it. The sooner we overwhelm them with the backlog for their cracking efforts, the better. In fact, here's my vote for Google to convert their web-crawler to use TOR... that ought to give them some content to chew on.

Completely Off the Rail at Section 5.2 (5, Informative)

bill_mcgonigle (4333) | about 10 months ago | (#44071275)

yeah, the encrypted data bit is interesting (who doesn't use opportunistic TLS on SMTP these days?) but here's the bigger problem:

Section 5 -- Domestic Communications (U)

A communication identified as a domestic communication will be destroyed upon.
recognition unless the Director (or Acting Director) of NSA specifically determines, in writing, that: (S) ...

(2) the communication does not contain foreign intelligence information but is
reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed such communication may be disseminated (including United States person identities) to appropriate Federal law enforcement authorities, in accordance with 50 U.S.C. l806(b) and l825(c), Executive Order No. 12333, and, where applicable, the crimes reporting procedures set out in the August 1995 "Memorandum of Understanding: Reporting of Information Concerning Federal Crimes," or any successor document. Such communications may be retained by NSA for a reasonable period of time, not to exceed six months unless extended in writing by the Attorney General, to permit law enforcement agencies to determine whether access to original recordings of such is required for law enforcement purposes; (8)

That's it, no questions left, the NSA is involved in domestic surveillance of US Citizens for law enforcement purposes. It's as if the Church Committee never existed.

Considering the ease of writing those two required letters and the current state of law breaking in the United States [amazon.com] , it's easy to see how bureaucrats could take the guidelines as written and 'reasonably determine' that all domestic communications need to be stored in perpetuity.

Assuming anything else is to assume a level of generosity and restraint on the part of the intelligence agencies that each day we find ourselves more foolish to do.

Re:Completely Off the Rail at Section 5.2 (0)

Anonymous Coward | about 10 months ago | (#44071395)

Humm ... so if they reasonable believe I'm committing a federal crime, such as violating the ToS of a website .... say, using foul language on G+ ... then that's all the excuse they need?

P.S. --- I'm Canadian, so by reading this post you American's are exposing yourself to an extra level of potentially irreversible scrutiny ... Good Luck with that.

"unless such person can be positively identified" (1)

cervesaebraciator (2352888) | about 10 months ago | (#44071277)

So, guilty until proven innocent?

Re:"unless such person can be positively identifie (1)

intermodal (534361) | about 10 months ago | (#44071441)

That's how it works these days. I've been uncomfortable with it ever since I was on a bus in early 2001 (pre-9/11) in the Phoenix area and the Border Patrol or INS or whatever it was came through the bus asking if each of us was born in the United States. I briefly contemplated requesting a warrant and exercising my right to remain silent, but decided it would end badly.

How does this get fixed? (1)

schwit1 (797399) | about 10 months ago | (#44071309)

I don't see how with the current form of government that's been perverted and the people in power.

Will it take 20M people marching on DC or a coup or ???.

Re:How does this get fixed? (1)

ZombieBraintrust (1685608) | about 10 months ago | (#44071465)

I think your underestimating how popular it is to have the NSA looking at encrypted communication. Most Americans are just fine with the NSA spying on foriegners.

Steganography (0)

Anonymous Coward | about 10 months ago | (#44071335)

Time to just hide in plain site, then.

Greetings NSA Overlords (4, Funny)

HalcyonBlue (596712) | about 10 months ago | (#44071383)

-----BEGIN PGP MESSAGE----- wYwDnjZmSa5jm10BA/9tq+tFZW7ZTwWorCU2PJ5RWkhiefDCt0GCxVlg1MPa zkj6bUvN99JdyZZtbsQ3xxz7ugvNPL3cydtnX6Hwn9I/BGqZDYB7ki6UBaY1 uT1T5ZQd28WhLd5Bs4JRr5kc9WCuQf5KdZa9WCO/9UItlsmCakYglJxmVSNy 0XHuJrl3k9JiAR8cYQurOOe3LWKMf8Ytewx4iZquuh0wLwrUs14Zy8G+dkcP C66rRlOIw8S0TqeLd8CoHcEaYPu9osnR5+V3Nz31AoOTgYV5FbkRsV6c6HIs 7byyAyg87jk9Hfu9Zbajfec= =MgO6 -----END PGP MESSAGE-----

Hello, from the USA (1)

corando (2785235) | about 10 months ago | (#44071389)

"will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person," the secret document stated.'"

Which is why I start all my conversations with an un-encrypted "Hello fellow US citizen! Nice weather here in the US, where we both live and currently are, today huh?" ;-)

Time for this community to step up. (2)

conspirator23 (207097) | about 10 months ago | (#44071401)

Many moons ago, people used to stuff all kinds of ridiculous claptrap in their Usenet .sig lines to "clog the NSA monitors." Keywords like nuclear, communist, peace, soviet, blah blah blah blah. It was a fairly useless exercise whether the underlying suspicions were true or not.

The execution was amteurish, but today's news proves that the principle is worth exlporing further. Software developers need to stop talking the talk and make a more concerted effort to transparently encrypt all the network communication conducted by their applications, their mail systems, their social media platforms, whatever. The cypherpunk community has long pooh-poohed allowing "weak" encryption to become entrenched and create a false sense of security. But this "secutrity through purity" approach has resulted in the abject failure of the widespread adoption of encryption at all levels. Can we not find some sort of barely acceptable common standard and just start routinely implementing it and make the marketing people figure out how to describe it as a sexy feature?

"Inadvertent" (5, Insightful)

Vainglorious Coward (267452) | about 10 months ago | (#44071405)

NSA agents are not allowed to eat cookies. However, they may take items from the cookie jar and place them in their mouths to determine whether they are cookies. Any cookies which are inadvertently swallowed may be retained.

Same as Storing All Private Mail (1)

crunchygranola (1954152) | about 10 months ago | (#44071423)

Extended to the physical mails it is analogous to deeming all sealed letters and other private mail to be suspicious and in need of permanent archiving, and so create Postal Bots that open each letter, photocopies its contents, the reseals it it until the Government decides it wants to devote the resources to looking it up and reading it.

In the email case the saving is easier, and the reading is harder than with physical mail but they both accomplish the same task (treating private mail as government property) with manageable levels of effort.

THIS FP FOR GNAA (-1, Offtopic)

Anonymous Coward | about 10 months ago | (#44071437)

see. The number Mr. Raymond's would you like to culture of abuse clearly become that FreeBSD is JOIN THE GNAA!!

Blind Jimmy (1)

aoism (996912) | about 10 months ago | (#44071457)

Blind Jimmy Jackson, NSA Agent for 10 years, can't positively identify you as a US Citizen because he can't see the monitor. That gives us the right to retain your data. PS. Do you know any blind people? We're looking to fill many positions here at the NSA!

be reasonable douche-bag (-1)

Anonymous Coward | about 10 months ago | (#44071503)

This is hardly a stretch. Are we to presume that all the world are US Citizens unless we're sure their not? Get off your high-horse people and folks will be more likely to listen when you have legitimate issues to raise.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...