[Dailydave] Words are hard.

Dave Aitel dave at immunityinc.com
Mon Jul 13 13:20:46 EDT 2015 

<interesting twitter conversation image goes here>

Ok, so I wanted to add some of that whole "reality" thing to the latest
breathless exposé from The Intercept. It's not a bad thing that there's
a "newspaper" writing about how force feeding prisoners is maybe wrong,
or maybe how the Govt isn't telling the whole truth and nothing but the
truth. But that's only effective if you haven't krazy glued your
newspaper's stun-beam of Righteous Indignation to 11. So, without
further ado, please get your tactical kilt
<http://pre14.deviantart.net/72e9/th/pre/i/2012/084/3/7/scottsman_in_tactical_kilt_with_ak47_by_jackryan224-d4tx899.jpg>
on, click through, and read the article, and then let's talk about SIGINT.
https://firstlook.org/theintercept/2015/07/09/spying-internet-orders-magnitude-invasive-phone-metadata/

Micah's Twitter question (for those of you using HTML compliant mail
readers, you can see it above) is pertinent. I said he got some facts
wrong. Maybe he got the facts right, but his interpretative dance of
outrage was wrong? Regardless, I think he probably missed out on an
important section in the regulation which he could have been more
breathless about, which I will paste below:

C2.3.3. Foreign Intelligence. Subject to the special limitation
contained in section C2.5., below, information may be collected about a
United States person if the information constitutes foreign
intelligence, provided the intentional collection of foreign
intelligence about United States persons shall be limited to persons who
are:
    C2.3.3.5. Corporations or other commercial organizations believed to
have some relationship with foreign powers, organizations, or persons.

Hey, that's a pretty big door! Nevertheless, ignoring that for now,
let's talk about "collection". Micah complains that when the
intelligence community uses the word "collection" they do so in a
special way. And that's true, because /SIGINT collection/ is not the
same as /seashell collection/ the exact way that /prime numbers/ are not
the same as /prime rib/. Those words are similar, but used in a
different context they can mean different things. This is upsetting, but
a fact of our language and our life.

Let me tell you how it really works in the head of the IC: "US data is
like toddler poo. It's icky and gross and all over the place and if I
absolutely have to I will touch it with a paper towel and throw it in
the trash, but mostly I just want to avoid stepping in it or smearing it
on reports that I send to people who wear suits for a living." That's
the full direct meaning of /minimization/.

To be more technical: There are good operational security reasons that I
am imagining as a non-Lawyer or IC member for gathering a whole
mailspool, and then, on a computer that you control, filtering out the
data that you are not legally allowed to store or have your analysts
look at to create reports. Let's take the top few reasons and just chew
on them, like the fat Cuban cigar I imagine every Intercept employee is
issued upon hiring, but never allowed to light until Snowden returns to
the Homeland on the back of a giant bald eagle to save us all. Here's
some scenarios and let's see what issues they're trying to solve with
their definition of /collection/, from a hacker's perspective:

 1. If you don't grab US Data from a mail server, you are obviously the
    Americans. This may have some pretty bad follow-on effects. For
    example, if you are the Americans using a stolen Chinese RAT to
    pretend to be the Chinese while hacking a Russian system, now the
    Chinese AND Russians know that you have stolen that RAT and
    toolchain, and can go find out when and where, and you are losing
    sources and methods in a big way all over the place.
 2. Filtering out American data can take some time and CPU cycles, and
    may be impossible on un-intelligible data (which is why that whole
    clause about the data being intelligible is in there). So, as an
    example, you are downloading a 5 gig /personaldata.tar.bz2/ that has
    some emails from Americans on a SparcStation last updated in 2001
    when Sun was a company that sold computers. You are not going to
    untar that bad boy on the target system, because BZ2 was written by
    trolls who hated spare CPU cycles, and designed their algorithm to
    use as many as possible and if that SparcStation was to do so it
    would overheat and send an alert to the bored Russian private trying
    to watch porn on it. So you bring the file down, decompress it
    locally, filter things out, then move on with life. 
 3. The list of "Americans" you know about might be private. Best to
    filter things out privately then, rather than trying to push that
    list out to random machines, eh?

In addition, let's break it down with some some additional fun facts!

 1. If your mom sends you unencrypted email and it happens to be going
    over a fiber cable or sat link unencrypted, it's going to be stored
    and read by the Chinese and Russians and so forth. They don't do
    minimization at all. Sometimes they like to edit the data "in
    transit" to add funny videos to unencrypted emails and web pages
    which is why the whole "RickRoll" thing happens. Americans never do
    that.
 2. http://icontherecord.tumblr.com/ppd-28/2015/privacy-civil-liberties
    <--read here to see how the US is the only country with an official
    minimization policy that applies to foreign nationals. It ain't
    much, but let's just say you could in subjective time watch all the
    Nicholas Sparks  movies and still be waiting for any policy
    whatsoever from China, Russian, or France when it comes to
    non-citizens.

Hopefully this email provided some food for thought, because to be
honest, you don't have to dress the USG's position on stuff up to find
things that maybe should be changed. It actually weakens your position.
Anyways,

-dave

 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150713/06bc2569/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: some_facts_wrong.JPG
Type: image/jpeg
Size: 67399 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150713/06bc2569/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150713/06bc2569/attachment-0001.sig>

More information about the Dailydave mailing list