Passive E-Mail Monitoring Leads To Arrest

www.2advanced.net writes "The world's first arrest resulting from passive monitoring of electronic communications is being reported by Globe Technology. In the article, sources reveal that 'an e-mail message intercepted by NSA spies precipitated a massive investigation by intelligence officials in several countries that culminated in the arrest of nine men in Britain and one in suburban Orleans, Ont. -- 24-year-old software developer Mohammed Momin Khawaja, who has since been charged with facilitating a terrorist act and being part of a terrorist group.'"

Orleans

[dolo666]

For those of you who have no idea where Orleans is in Ontario, its very close to Ottawa [mapquest.com] (minutes away), and about 2 hours from Montreal and 3.5 hrs from Toronto, making it an ideal spot to plan terrorist action in Canada. Ottawa is a couple hours from the US/Canadian border [mapquest.com], and for those of you who have never driven the distance, it's a very somber drive, with extremely easy access into the United States. I knew a rum-runner once who would move liquor out of the states at an alarming rate through the St. Lawrence River border; a hardly monitored area concerned more with tourism than security, then. Today, it's a different story, I'm told.

Today it's a different Story

[rwiedower]

Today, we must FEAR those EVIL Canadians and their rum-running abilities. In fact, we have to use our "army of cryptographers, chaos theorists, mathematicians and computer scientists" to defeat just one of those crazy canuck masterminds.

The US should watch the Canadian border

[Baron_Yam]

There is no need to fear evil Canadians. There is a very significant need to fear apathetic Canadians.

Our politicians still don't think we have a terrorist problem. Our politicians think the Americans are the cause of all their terrorist problems. Our politicians think that if the Americans would just be nice to everyone all the time, everything would be just fine.

So, while we raise taxes for 'anti-terrorism' the money actually goes into a big pot and is spent on anything but solutions that the governm

Apathetic...

[Allen Zadr]

Apathetic Canadians are no worse than apathetic US Citizens. US politicians have no problem with terrorists, as it only creates more jobs (defense spending == jobs). More jobs means less to complain about, and (finally) less to complain about leads to apathetic citizens. The US voting system allows far more control and granularity on whom we put in office, and frankly I think US citizens (in general) are far less likely to pay attention to important issues and vote along issue lines.

Already the US presi

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Jobs

[FredThompson]

Boy, is that way off-base.

Land Mines have a military use. Did you forget that? Until there is a reliable method for smart mine or other area suppresion weapon like FireStorm, they are the most effective way to prevent an adversary from moving across land.

The idea that politicians want to keep land mines to ensure jobs is ridiculous. Upon what facts do you base that statement? Do you have any idea how few people are actually employed making them?

Regarding the Kyoto treaty, have you ever read it? American factories were to be restricted with regard to their emissions yet Chinese, Indian and Eastern European factories were not. When was the last time you visited an industrial complex in one of those areas? They're horrible with all kinds of unfiltered liquid and gaseous emissions. How long have you been reading Slashdot? Haven't you ever seen the articles about disassembly of circuit boards in China?

Kyoto hid under the cloak of global warming which is really just a political thing. Sure, people can affect the environment to some extent but thinking we are destroying the environment is not only scientifically invalid, it's almost unspeakably arrogant and naive. We live in the middle of a planet-sized filter which recycles virtually everything within itself. We can't predict the weather 5 days in advance yet global warming zealots claim to understand environmental cycles?!?! Riiiight.

The Kyoto accord was NOT ratified by the non-U.S. countries who tried to get the U.S. to commit to follow it. Would American companies have been forced to shut down or move operations overseas? Yes. Think, where would they have moved manufacturing? Probably to countries which were exempted from the accord. How, exactly, would moving production from the U.S. to areas which were to be exempt from environmental limitations contribute to a cleaner environment?

The Kyoto accord was an attempt to hobble American industry by countries which are not able to match the U.S. level of productivity because of their political environments.

As much as possible, producers of any product or service want to be as physically close to their customers as possible. Transportation and time differences cost money, real money.

Your comments were pure socialist rhetoric. THey have no basis in the reality of our physical world which is subject to the law of diminishing returns.

Re:+1 Ane

[mwood]

Um, so newborns should be part of the unemployment figure because they don't have jobs? That's what "the unemployed" ought to mean, strictly speaking, but the result would be a strikingly useless number.

The phrase usually means "people who are seeking employment but haven't found it." That is a very useful number. Those who aren't seeking, don't get counted. If you want to be counted, show up where they're counting.

Re:The US should watch the Canadian border!

[A55M0NKEY]

Fess up! Canada's insideous evil OOZES down over the border like Maple Syrup!

Re:The US should watch the Canadian border

[pcb]

Why do Canadians always talk to Americans with that pathetic tone. We are, who we are. Don't be such an apologist...it makes everybody look bad. Canada, like every other country, is just a bunch of people trying to get through life as best they can. Sometimes we make mistakes, sometimes we get it right. There is nothing to apologize for.

-PCB

Re:The US should watch the Canadian border

[jwthompson2]

...this was about oil, not terrorism...

Then why do gas prices continue to increase, if we wanted oil we would have gone after Saudi since that's where the majority of the 9/11 terrorists came from and they finance terrorist 'charities', justification present. Or we could have simply lifted sanctions and Iraq would have been more then happy to sell us some. I do agree that the war wasn't much about terrorism since the links are weak between Saddam and Al-Qaeda, I think it was more personal/family grudge

Re:The US should watch the Canadian border

[aastanna]

If the war was about liberating people they should have had enough forces to protect all the hospitals, police stations, museums, and generally keep law and order enforced. It was extreamly irresponsible to invade with any less than that, and as a result has cost many innocent lives.

Further, it has greatly reinforced perceptions that the US invaded a muslim country for oil, and that the US does not care about the lives of anyone other than it's own citizens. This is exactly what terrorist leaders have been saying about the US for years. Now they have proof, and as a result, far more support.

From a World Islamic Front statement [fas.org], 1998:

First, for over seven years the United States has been occupying the lands of Islam in the holiest of places, the Arabian Peninsula, plundering its riches, dictating to its rulers, humiliating its people, terrorizing its neighbors, and turning its bases in the Peninsula into a spearhead through which to fight the neighboring Muslim peoples.

If some people have in the past argued about the fact of the occupation, all the people of the Peninsula have now acknowledged it. The best proof of this is the Americans' continuing aggression against the Iraqi people using the Peninsula as a staging post, even though all its rulers are against their territories being used to that end, but they are helpless.

Second, despite the great devastation inflicted on the Iraqi people by the crusader-Zionist alliance, and despite the huge number of those killed, which has exceeded 1 million... despite all this, the Americans are once against trying to repeat the horrific massacres, as though they are not content with the protracted blockade imposed after the ferocious war or the fragmentation and devastation.

So here they come to annihilate what is left of this people and to humiliate their Muslim neighbors.

Third, if the Americans' aims behind these wars are religious and economic...

Probably the worst thing I've ever seen a US leader do on an international stage was when Bush painted the war on terror as good versus evil. By doing this he did not have to examine the motivation behind the "evildoers", and he could simply say that they are evil and are attacking the US because the US is "good". This is exactly the same mindset that terrorists have, and exactly the same mindset that has led to some of the worst atrocities that human beings have ever committed.

Re:The US should watch the Canadian border

[mi]

Our politicians think that if the Americans would just be nice to everyone all the time, everything would be just fine.

Maybe because this is mostly true.

It is impossible. A weak country can do this. A strong country can not. Sooner or later someone will ask for help against someone else. A weak country can say: "We can't". A strong one will have to take sides...

You can't be nice to Palestinians and Israelis at once, for example -- the want each other dead. Even a weaker country like Canada can't do so honestly...

considering a large portion of the world hates them enough to want the entire country obliterated. I truly feel sorry for the 55% of the population who voted against Bush and his lunacy.

The hatred started well before "Bush and his lunacy". Your trolling flamebait conveniently forgets, that "9/11" happened only 9 months into Bush's presidency -- after 8 years under Clinton...

According to bin Laden's ravings, "9/11" was our punishment for deploying in the holy land of Saudi Arabia, which we did to protect Kuwait -- a Muslim nation, BTW. Was that war also "a lunacy" to you?

You can not justify this hatred and you can not negotiate with such people.

So stop your pitiful preaching -- there are better ways to attack Bush.

BTW, Clinton/Gore did not get the majority vote either, AFAIK.

Re:The US should watch the Canadian border

[The Vulture]

It was most definitely about the oil. But not necessarily the United States getting the oil. The U.S. just needed to stop Iraq from selling oil in Euros [cnn.com] and devaluing the U.S. currency even further.

Not from the "mainstream" press, but excellent articles detailing of how Iraq switching from the U.S. dollar (approved by OPEC in the early 70's as the official currency for oil) to the Euro for oil could seriously harm the U.S. economy.

Not Oil, but Dollars vs. Euros [globalpolicy.org]
Iraq, the Dollar and the Euro [theglobalist.com]

Re:The US should watch the Canadian border

[JohnnyCannuk]

Easy buddy, he's suggesting no such thing.

What he is suggesting is don't be surprised that groups of people around the world grow to hate the US so much that they WILL fly airplanes into buildings. Not because of the actions of individual Americans, but because of the ongoing actions of every American Government for 50 years. How many despots do they have to put in power (or return to power, like in Iran) before the common people of the country start hating them? How many death squads and murderous rebel groups should they support and fund (Nicaragua and El Salvador) before the regular folks stop believing the "peace and freedom" tripe they claim to espouse.

Do you know what day today is, sparky? It is the 10th anniversary of the start of the genocide in Rawanda. 800 000 people killed in 100 days. That's faster than the Nazis did it at Auchwitz and Treblinka. You know what else? Canadian General Romeo Dalaire had been begging the UN, the US and the other major powers for more troops and more equipment for 3 months prior to this infamous date because he had been tipped off of the impending genocide. He was even forbidden to use the troops and equipment he had to confiscate the weapons he had found, which probably would have prevented the genocide. And do you know what the US did to help? They (along with Britain and France) VETOED a UN Security Council resolution that would have sent the troops and equipment to Rawanda and allowed General Dalaire to conduct opperations. The US signed the death warrant of 800 000 innocent civilians, because preventing genocide is not in the best interests of the US. Why aren't you crying for them? They most certainly did not diserve to die. Too bad there wasn't oil in Kigali, the 1st Marine Expiditionary Force would have been in there in a heart beat....

It is the selfish actions of your government that make people hate the US so much they want to fly planes into buildings. The policies of the US government kill and enslave far more people on a daily basis than all the terrorist attacks they have ever suffered combined. Why aren't you upset by that?

No one deserves to die like your friend Amy. Nor do they deserve to be hacked to death with machetes, or murdered and dumped at El Playon because the voted for the wrong party. Don't pretend that the US government condoning the latter has nothing to do with the former. Until you realize that, expect a lot more 9/11-type attacks in your future.

Re:The US should watch the Canadian border

[JohnnyCannuk]

Somalia - did the right thing, but buggered off when the heat was turned up. As a result, Osama bin Laden and his ilk saw that the US would cut and run if attacked. So, OBL decided to attack the US. Result: September 11, 2001. Guess you shoulda stuck it out and done the right thing, huh?

The Baltics - by this you mean Kosovo, of course, where the US had to be convinced to do anything by the NATO allies - the US was almost dragged kicking and screaming into that one, so I wouldn't hold it up as an example of the US doing the right thing of it's own accord. Did you know that the Serbs had been doing the same nasty things that they were doing in Kosovo to deserve getting bombed in places like Bosnia and Croatia for about 6 years before Kosovo? Ever heard of Srebeniza? Did you miss all the rape camps and mass graves in Bosnia long before Kosovo? The US role in Kosovo is a matter of "about time" in the rest of the world.

Haiti - amazing how fast the US will react when something is close to home. Personally I'm glad they are there. They should do more of this. Maybe they sent troops to Haiti so thousands of Haitians wouldn't show up on the shores of Florida AGAIN. The only diffeence between Haiti and Rawanda is about 5000 km. So tell me again why they didn't react when they knew a genocide was about to take place?

As for my "whining" well you are entitled to your opinion. Just remember, when it comes to Saddam, who gave him the money, who sold him the weapons and who is on film shaking his hand. If Iraq didn't have oil, the US wouldn't be anywhere near the place, and it is just that simple. If Iraq didn't have oil, Saddam would not have become the butcher he was, since he wouldn't had all those US dollars to by the weapons with.

I will "whine" about the selfish and inconsistant way the US acts in the world all I want, thank you. They invade Iraq to free the people from a vicious dictator, yet let 800 000 die in a preventable genocide. They push China to respect human rights, yet help overthrow a democratically elected leader and replace him with military despot who killed thousands (Chile - the Other September 11). They install puppet regimes all over the world because they will be their "friends" against the Soviets, or Al Queda, or whomever is the enemy du jour, rather than trusting the people of those countries decide for themselves.

They claim to be about justice, yet opt out of the world criminal court in the Hague. You know, the ones trying war crimes and crimes against humanity committed Bosnia, Kosovo and Rawanda.

But of course, don't listen to me. I'm just a whiner. No one else in the world could possibly share these opinions. All that terrorism is just the result of "evil" or jealousy or something...

Re:The US should watch the Canadian border

[bckrispi]

My friend, I understand your passions, and I know that you are not the only one who shares them. However, you are severely misinformed on some of your points.

Somalia - did the right thing, but buggered off when the heat was turned up. As a result, Osama bin Laden and his ilk saw that the US would cut and run if attacked. So, OBL decided to attack the US. Result: September 11, 2001. Guess you shoulda stuck it out and done the right thing, huh?

True, OBL saw our withdrawl as a sign of weakness. But it in no way resulted his decision to launch 9/11. If we stayed, he would have used our presence in a Moslem nation as another "saber rattling" point. Had we stuck it out and "done the right thing" you would probabally would accuse us of installing a "puppet regime" to keep the peace. Damned if we do, damned if we don't.

If Iraq didn't have oil, Saddam would not have become the butcher he was, since he wouldn't had all those US dollars to by the weapons with.

Without our support, he wouldn't have had the weapons to attack Iran. And yes, supplying him with Chemical Weapon technology was a mistake. But it didn't take American technology to make him a butcher. Look at his torture chambers: nothing more sophisticated than rope, iron, wooden poles and electric current. How do you apply the Oil + America = brutal dictator argument here? Yes, WMD was used against his own people, but just as many died through small arms fire or other "low cost" means.

They claim to be about justice, yet opt out of the world criminal court in the Hague. You know, the ones trying war crimes and crimes against humanity committed Bosnia, Kosovo and Rawanda.

This is where you are the most misinformed. We opted out of the WCC for a damn good reason. Plain and simple: An American soldier charged by the World Criminal Court would have fewer rights and due process than he would through the U.S. Military Justice System Please read that again, very slowly, and digest it. We opted out not because we don't care about war crimes, or because we're imperialistic nation-building tyrants bent on world domination, or just because we're assholes. We did it to guarantee that American Military justice is not superceeded by a foreign system that provides fewer rights to the accused. Period!!!

All that terrorism is just the result of "evil" or jealousy or something...

In a word, well, yes. What is it that Bin Laden wants? Listen to his tapes so generously provided by Al-Jazeera:

1. The destruction of the Zionists and their supporters (the US) and a free Palestinian state.
2. Removal of US troops from the Land of the Prophet
   and.. oh yes..
3. (paraphrased) We will continue our Jihad until every nation of the world declares "There is No god but Allah, and Mohammed is his Prophet".

There you have it sparky. Al-Qaida exists to further the cause of a militant ultra-radical pan-islamic state. There can be peace in Israel and a Free Palestine - They'll still hate us. The U.S. can shed it's dependancy on foreign oil (something I'm 100% in favor of) and never step foot into a Moslem nation again - They'll still hate us. Until I (and 300m other Americans) start shouting "Ahllau Akbar!", cover our wives with burlap potato sacks, overthrow our government and replace it with some whacko Imam, they will continue to hate us. And I can guarantee that the first fatwah that will come out of Washington is to overthrow the Infidel, Secular, Satanist nation to the north of us. Better start studying your Koran.

Re:Today it's a different Story

[general_re]

So, did the NSA have a warrant for this?

Highly unlikely.

If not, why won't these arrests be thrown out of court?

They weren't arrested by US authorities, nor are they being prosecuted in US courts - the agencies that arrested them, presumably the RCMP and MI5, are not bound by the US constitution, and operate under the laws of their own nations, not those of the United States. Even if they were being extradited to the United States, the law is quite clear - non-resident aliens not within the United States and/or its territories and possesions are not entitled to the protections of the Bill of Rights, specifically, the Fourth Amendment [findlaw.com].

Or don't Canadian and Brittish courts care about search warrants?

The RCMP and MI5 undoubtedly conducted their own investigation, and didn't simply run off to arrest people just because NSA said so. During the course of that investigation, those agencies were bound by whatever laws were in effect in their respective nations. Canada does, IIRC, recognize an exclusionary rule similar to that of the United States, but the UK does not. IIRC, of course - detailed questions should be directed to qualified experts in the laws of those nations. ;)

Or don't warrants apply in international law?

Not the way you apparently think they do, anyway. Had the subjects been American citizens, a warrant for any sort of extended surveillance would have been in order for the NSA, if there were plans to prosecute in the US. The RCMP and MI5 operate according whatever the laws of Canada and the UK say about warrants and surveillance.

Re:Orleans

[irix]

For those of you who have no idea where Orleans is in Ontario, its very close to Ottawa

Orleans is part of Ottawa [ottawa.on.ca] actually - one of the east end suburbs.

Also, the guy alledgedly was planning something in the UK, not the US, so the proximity to the US border isn't really an issue. Besides, something like 90% or our population is within a few hours of the US border.

Re:Orleans

[the real darkskye]

maybe those are 3.5 canadian hours, given the current exchange rates that could translate to 12 US hours.

Its funny, laugh

Doh...

[Mysticalfruit]

All your base are belong to NSA

Though it really surprises me that the NSA would actually take responsibility for passing along tips.

Generally they just pass stuff to the other three letter organizations and they take it from there.

Re:Doh...

[pjt33]

It isn't plausibly deniable that it was NSA who obtained the information. May as well be straight about it, because that will bolster denials on other subjects in the future.

Re:Doh...

[Dun Malg]

Though it really surprises me that the NSA would actually take responsibility for passing along tips.

Generally they just pass stuff to the other three letter organizations and they take it from there.

I suspect that with all the attention being paid to the traditional lack of cooperation between the various TLA orgs, they're probably falling all over themselves now to show how cooperative they can be. NSA has always been a little better than the others, as this is its primary function-- it doesn't use (ahem) "field operatives" to the same degree that the FBI and CIA does. The real head-butting goes on between the FBI and CIA. The culture of "cops" vs. that of "spooks" creates a lot of friction. They've never worked well together.

Shouldn't this be YRO?

[Xshare]

It seems like YRO, I mean, they were monitoring his email, they probably are monitoring ours!

Re:Shouldn't this be YRO?

[andy1307]

Come to think of it, spam makes the job of the NSA more difficult. Must be hard finding an e-mail about a terrorist plot among all the mail for a larger. Shouldn't the government do something about spam: It's a national security issue. OTOH, if the NSA has a good spam filter they use before reading my mail, i'd be happy if they could share the technology with the rest of the world.

Come on now dude.

[Lord Kano]

OTOH, if the NSA has a good spam filter they use before reading my mail, i'd be happy if they could share the technology with the rest of the world.

Just look at this guy's name.

Mohammed Momin Khawaja

Consider the number of known Al-Queda operatived who have the first name Mohammed. It wouldn't surprise me in the least if the NSA, FBI, and CIA routinely monitored the communications of everyone in the western hemisphere who has an Arabic name.

They can't have that much spam to weed through.

LK

Re:Come on now dude.

[Greedo]

Consider the number of Arabic people who have the first name Mohammed and who aren't conncted to a terrorist organization.

Re:Shouldn't this be YRO?

[adamofgreyskull]

That is a simply amazing idea...you sir are a genius. How many spam e-mails are there floating around the internet purporting to be from some spurious e-mail at hotmail.com (anna342ds3421@hotmail.com)?

If you wanted to communicate something to a person without the message being picked up, you get the person to sign up to porn and spam lists with their e-mail.

When you want them to launch their attack, or to come over for some hawt loving behind their husband's back, you register an e-mail as anonymously

Re:Shouldn't this be YRO?

[fbform]

Shouldn't the government do something about spam: It's a national security issue. OTOH, if the NSA has a good spam filter they use before reading my mail, i'd be happy if they could share the technology with the rest of the world.

Consider this steganographic method:

1. Take a brief secret message you want to send (less than about 12 characters).
2. Take a standard spam email.
3. Set i to 0.
4. Search for the next occurrence of (the ith character of the secret message) in the spam email.
5. Replace that letter in the spam email with something else, such that the new word which is formed is NOT in the dictionary.
6. Increment i and repeat for the whole secret message.
7. Send the new spam email (with the grotesque misspellings) to intended recipient.

To decrypt:
1. Search the spam email for the first misspelled word and suggest replacements from the dictionary (knowing that exactly one letter was misspelled). Compare with the misspelled word and get all possible candidate letters for that position.
2. Repeat for all such misspelled words.
3. You will now have a (hopefully small) number of possible letters for each position. Do an exhaustive permutation of them all (hopefully it will not be larger than about 10^7) and search for messages with sequences of letters which DO exist in the dictionary.
4. You will now have a small number of candidate decrypted messages. Decide for yourself (context-based) what the intended message was.

I personally know someone who implemented this exact scheme and tried it with a few individual words (he wanted to send one word of secret message per spam email to keep the combinatorial explosion within bounds). Unfortunately most his fake spam emails were deleted by his spam filters. But it's an intriguing idea nonetheless.

My point is: how would you keep track of all that spam and analyze them for such stunts? God knows we have enough spam with intentional misspellings to defeat Bayesian filtering already. Just add strong crypto to the plaintext message before embedding it in the fake spam and we now have much harder problems. Is there even a theoretical way to detect (leave alone decrypt) such messages?

Re:I don't give a shit.

[Anonymous Coward]

So when they start caring about something you are doing then you will give a shit, but it will be too late.

They came for the blahs, but I'm not a blah so I did nothing.
They came for the foos, but I'm not a foo so I said nothing.
Then they came for me, and no one was left to do anything.

Or something along those lines.
So yeah, terrorists today, guys named Jason Straight tomorrow.

You've been warned.

Yeah right...

[bcmm]

Yeah right, like any terrorists would use unencrypted email.

Re:Yeah right...

[arc.light]

These guys aren't accused of being geniuses, just violent thugs.

Re:Yeah right...

[meringuoid]

Not all terrorists are dumb, but the suicide variety are by definition fucking stupid.

Remember Richard Reid, he of the explosive footwear? Caught when a passenger noticed him trying to set light to his shoes? Anyone with intelligence greater than or equal to that of a bag of hammers would have gone to the toilet and THEN tried to detonate their payload...

The people who plan the operations might be smart, as may the people who instruct the bombers. But sooner or later you've got to communicate with the moron you're exploiting and persuading to blow himself up. At that point you're vulnerable, because he's stupid and easily led and all in all a liability.

Suicide bombers are not stupid

[tehanu]

Actually, if you look at the Palestinian suicide bombers a lot of them are well-educated and middle class (by Palestinian standards). Some were not even particularly religious. In fact I believe some of them were even university students studying subjects like law. The 9/11 suicide bombers - quite a few of them were well educated and came from relatively rich families. Despite the hatred they nutured for the West they spent years studying in Western universities, getting Western friends and even girlfriends. This takes as much intelligence as any good spy in a foreign country. To hide your true self, blend in, become one of the enemy. They even learnt how to fly planes. A suicide bomber has to be smart to succeed. They have to be someone who can act on their own. Once they are set loose they are on their own. They have to negotiate their way to the target. They have to be able to act well enough to blend in to the crowd to do the maximum damage. If something goes wrong they have to negotiate the obstacles by themselves with no one to help them. Of course there is a lot of psychological preparation as well (brainwashing) but that's nowhere near the same thing as stupidity.

Of course there are stupid ones as well but that's true for everything.

Re:Yeah right...

[andy1307]

Encrypted to you perhaps, but really encrypted to the NSA? I don't think so..

I don't know where i read this. A terrorist group was using hotmail to plot terrorist attacks. One terrorist in Pakistan would compose a message and save it in the drafts folder without sending it. The other terrorist across the world would log into the same account and read the message from the drafts folder.

Re:Yeah right...

[bcmm]

Yes, the NSA can decode most stuff if they want to. But decypher every encrypted email? It would take too long.

Re:Yeah right...

[trix_e]

what the article says is that they inspect the headers and IP addresses as well, if they get something they deem suspicious, they get a subpoena to get the rest of the message, then they can work on decrypting it...

I'm guessing they're not quite to the place where they are cracking codes on the fly... yet.

Re:Yeah right...

[3waygeek]

Well, the NSA is 200 years ahead of the rest of the world in maths theory [milk.com].

Re:Yeah right...

[davejenkins]

Yeah right, like any terrorists would use unencrypted email

Hey, these are the same dipshits that confused AM/PM on their bomb in Spain, and blew themselves up in Gaza because they didn't account for daylight savings time.

I am sure that some of them try to use encryption, but:
1. I would guess a mojroity of the traffic is in the clear, "security through nonchalance and obfuscation"

2. What makes you think that the encryption systems available to the general public aren't easily cracked by the boys in Virginia and Maryland?

Re:Yeah right...

[wishus]

2. What makes you think that the encryption systems available to the general public aren't easily cracked by the boys in Virginia and Maryland?

Mathematics.

Re:Yeah right...

[meringuoid]

And the huge fuss they made when Phil Zimmermann released PGP on the net. If they could crack it easily, why would they have cared?

Re:Yeah right...

[rjelks]

Okay, tinfoil hat time: I'm not saying I believe this, but why couldn't the NSA develop a great encryption scheme like PGP, release it to the public under the guise of an individual, then scream bloody murder? Everyone grabs it up because they think it can't be cracked, and the NSA sits back decrypting what they want? Misinformation seems kind of easy. No offense to Phil.

-

Mathematics is generally no guarantee.

[expro]

There are in many key types, such as RSA which relies on prime number factoring difficulties, where there is no published proof on how hard it has to be to crack the keys, (and no proof on how hard it has to be to find a previously-unknown weakness).

No one has published how to easily crack RSA for long key lengths. A smart mathematician working for NSA could have solved the problem years ago if they can keep a good secret.

And quantum computing seems to be on the horizon as well, and I would not put it pa

Re:Mathematics is generally no guarantee.

[arevos]

Yes, RSA is potentially insecure, as there is no mathematical proof guarenteeing that there is no polynomial-time algorithm for solving NP-complete problems.

However, what makes you think that terrorists would use public key encryption? Presumably, these people meet in person, in secret, to discuss illegal activities. In such a scenario, they could give each other their passphrase by word of mouth. Public key encryption is only relevant when the medium for transmitting your keys is insecure.

If I remember r

Re:Yeah right...

[imsabbel]

Make it a few billion years and you are right on the spot.
Remember: Rc64 needed over 2 YEARS on 200k+ pcs.
128 bit needs 2^64 as much time. Even with asics, future technology and a billion$ budget you cant brute force it.

Algorithm weaknes is another matter, but the general algorithms are open, and hundreds of mathmematicans have scanned them for years and havend found any (of course those with errors are no longer in use).

Re:Yeah right...

[meringuoid]

It's down to a thousand years? That has me worried. I felt comfortable when we were talking 'given every computer on earth in parallel, you'd need about a billion times the age of the universe' - now we're down to a paltry millennium? Give NSA a couple of factors of ten to err on the side of caution, that puts them in the decade range. Moore's law being what it is, we're buggered.

A few reasons...

[Kjella]

2. What makes you think that the encryption systems available to the general public aren't easily cracked by the boys in Virginia and Maryland?

1. You can not brute force a 256+ bit encryption. It'd be like every atom of earth (2^171) solving at 1THz (2^40) for a million years (2^45). So it must be an algorithm attack.

2. A lot of encryption theory is developed outside the US or in academia as theoretical mathematics. They do not have a monopoly on intelligence, or on trying to crack them.

3. Most encryption protocols rely on well published, well researched topics, like difficulty of factorization as opposed to multiplication. For them to have it would imply that a) such a solution exists and b) that they, but not anyone outside of their community would find it.

4. Most encryption protocols are vastly overengineered compared to the threats. Like, e.g. an opponent with a million times more computing power (-20 bits) or capable of instantly rejecting 99% of the keys (-7 bits) would have nearly no influence on the difficulty.

In short, there's every reason to believe that your favorite three-letter agency will capture the input before encryption or after decryption, due to a flawed implementation, unsecure handshake or through a man-in-the-middle attack than breaking the encryption/algorithm itself.

Kjella

Re:Yeah right...

[Coryoth]

Think about the amount of time you spend having to clean spam out of your mailbox. Now imagine the amount of time required to clean the spam out of everyones mailbox as you try to find any useful content. In theory you don't need encryption if you're lost in the noise. Or, at least, I imagine that would have been their thinking.

Jedidiah.

Re:Yeah right...

[jfengel]

At this point, using encrypted mail makes you stand out as somebody with something to hide. I don't believe that the NSA can easily break commercially-encrypted email, but I believe that if you give them cause to concentrate enough effort on your mail, they'll find a way. Especially since they can probably use various guessed-plaintext attacks. End every email with "Allah be praised" and you're pretty much toast.

Even if they can't break the encryption, the traffic analysis allows them to figure out who is talking to whom, and that allows them to direct other forms of intelligence gathering.

I've heard of small efforts to confuse and annoy the NSA by the regular use of encrypted email by people with nothing to hide, but such things are difficult to use at the moment, what with the key exchanges, the requirements to use particular mailers, and the fact that many people don't particularly want to participate in that little game, especially since it does leave you open to scrutiny.

Combine that with a previous poster's observation that terrorists are more thugs than criminal masterminds, and yeah, I suspect that most of these efforts (at least at the low levels) do in fact use plaintext email.

Not that that makes the NSA's life easy. There's an awful lot of email out there, and just looking for words like "bomb" in an email is going to be worthless.

This case, I suspect, probably started with one email address that they suspected to be used by a terrorist through some other form of intelligence. That allows them to narrow down the search space.

In other words, I doubt they have any techniques that allow them to take the entire firehose of email and sip out a manageable amount based just on the text. Which means that they're almost certainly not really reading your email, and you can include "I'm going to blow up the President" all you like without incurring the slightest notice, unless they've got some other bead on you already.

Which doesn't mean that they couldn't read your email, if they so chose. They're not allowed to, if you're in the United States, but the capability certainly exists. Which is the remarkable part of this story: them admitting the capability. I really don't know why.

Nice to hear

[neoform]

That the NSA can just listen in to any/all communications like that. Makes me wonder if they're listening to me right now.

Re:Nice to hear

[I confirm I'm not a]

Possibly not - obviously the various PATRIOT acts have changed the landscape somewhat, but hasn't it traditionally been against the law for the US government to monitor US citizens without a warrant? Echelon was established in the aftermath of the 2nd World War, and basically provided a mechanism for spying on your own citizens: Canada spies on US citizens, and alerts the US authorities, and vice verca. Insert any combination of UK, Australia and NZ governments here for the full horror.

In other words - the NSA probably don't need to monitor you. They'll find out the naughty things you're plotting, regardless!

Re:Nice to hear

[MORTAR_COMBAT!]

there was a research project which apparently was successful in reading some unspoken thoughts, by "listening" to the nerve synapses near the vocal chords.

Hurray for the good guys!

[ichthus]

EOF

Somebody forgot to use encryption!

[Rectal Prolapse]

Would the NSA investigate if PGP or similar encryption was used?

Whatever the NSA is doing to monitor all the traffic, I'm sure the RIAA and MPAA are drooling at the prospect of using this technology to catch so-called copyright violators. Civilian applications for a military technology, natch!

Re:Somebody forgot to use encryption!

[masouds]

Sure they can. Check your congress' budget book and try to look for those 'missing' numbers. NSA is known to try to implant backdoors inside commercial algorithms or prodcuts, with certain '3rd party' experts coming to your office and asking to help you 'strenghten' your algorithm. For a real life example of Cryto AG surrendering: Look here [mediafilter.org] or Lotus notes [cypherspace.org]. It just makes it harder, not impossible. Remember, PGP/SSL/GnuPG is part of the solution to a secure communication channel. If your Private key is co

Re:Somebody forgot to use encryption!

[Tackhead]

> Erm... am I missing something? The only instance I am aware of where the NSA gave some advice to "strengthen" a cryptographic algorithm did actually strengthen it, when an attack was found for the algorithm a decade or so later.
>
> Anyone remember what algorithm it was? I think it might have been RSA.

It was DES. NSA suggested that IBM make some modifications to the S-boxes that made DES more resistant to differential cryptanalysis.

At the time, nobody (but NSA) knew about differential cryptanalysis. NSA basically told IBM to make the changes, and that it couldn't tell IBM why the changes were required.

At the time (1980s), "informed speculation" in the crypto community was that NSA had weakened DES. When differential cryptanalysis was "discovered" publicly, a lot of smart people with a lot of math degrees under their belts... wound up looking like they had a fair bit of tinfoil on their heads :)

Re:Somebody forgot to use encryption!

[MissMarvel]

Military technology indeed! What would the Internet be without the military's efforts on the original DOD backbone on which the Internet was founded?

Re:Somebody forgot to use encryption!

[javatips]

With the state of current encryption systems, it is very unlikely... The best approach to break encryption is by breaking the weakest link in the protocol, not the encryption algorithm.

Once they suspect illegal activities and start an investigation, there is a lot of way to access the plain text without having to break the encryption algorithm. One easy way, is to break into the target computer and install a key logger. This requires a lot less efforts.

Note that to suspect illegal activities, they can just do some traffic analysis. If they find some pattern (an e-mail is sent from A in CA to B in the UK, then shortly after another e-mail is sent from B in the UK to C in Pakistan, then you have the same path in reverse and the pattern repeat a lot) that trigger their alert, they will monitor A, B and C a little more closely and dig a little deeper to see if it looks suspucious enough for an investigation. Then they start to do active spying and they build their case.

The passive monitoring in that case does not requires an breaking of encryption... it does not even requires to know the plaintext (if the traffic is encrypted).

Re:Somebody forgot to use encryption!

[Tackhead]

> > Would the NSA investigate if PGP or similar encryption was used?
>
> Surely the guys from the NSA reading this now can answer that for us...

The guys from the FBI probably could answer that, and might answer it without even knowing they'd done so. The guys from CIA could, but probably wouldn't, answer it. The guys from NSA definitely can answer that, but are smart enough not to. :)

Clue hierarchy is as follows: NSA > CIA > FBI. Not sure where the UK and Russian Federation int

Terrorism & spam

[Dr_Ish]

Although this news is probably bad for YRO issues, there may be an upside. If the NSA is packet-sniffing e-mail traffic, then maybe they will be motivated to find a way of reducing the amount of Nigerean printer cartridge enlargement spam messages. If we are really lucky, they may even share the solution with us all. Of course, it is also possible that the guys at the NSA may all suddenly become hung like donkeys, NOT!

US Law?

[l33t-gu3lph1t3]

Foreign traffic that comes through the U.S. is subject to U.S. laws, and the NSA has a perfect right to monitor all Internet traffic," said Mr. Farber

Yeah...no. Am I the only person here who finds this incredibly objectionable? Internet traffic is/should not be subject to any law except for the laws governing the sending/receiving points for it. Under their reasoning, they can apply their own laws to almost the entire Internet, since so much of the Internet is routed through the US's pipes.

Apply American laws to events occuring in America. The United States is big, but it's not everything in the world. How DARE they presume to police the world and its communications.

Re:US Law?

[Ieshan]

Eh.

It's a big country with a big military and big economic weight. That's how they Dare it.

I'm not saying I agree with their policy, I just don't neccessarily degree on the grounds you've described. How is the NSA supposed to tell where a particular X is heading before it gets there without reading it?

Your arguement seems to make sense, but it's not quite logical.

Re:US Law?

[l33t-gu3lph1t3]

US law applies to Americans and those who commit offenses within America. Unless the USA *is* the world, I object to it thinking it may police the world. If you want to change the world, first change yourself. If you don't like that idea, then close your eyes and ears and live in solitude.

Re:US Law?

[espo812]

US law applies to Americans and those who commit offenses within America. Unless the USA *is* the world, I object to it thinking it may police the world.

Every country has a right to defend itself. Part of an effective national defense is to monitor potential attackers and discover their identities and plans before they are carried out. Thus, we actively spy on the rest of the world to keep our country safe. Every country does the same and that's life.

That said, police are mainly historians. They go to crime scenes, piece together evidence, and figure out what happened after the fact. That's all well and good, but I would much rather be proactive with threats to the nation and our people and stop attacks before they happen than be "investigators" sifting through dead bodies.

Oh, good

[0x0d0a]

Well, I've probably got a ton of fans at the NSA due to discussion of privacy issues, security, and how to design systems that disallow monitoring that I've send through AIM/ICQ/mailing lists and other non-secured messaging systems.

Seriously, I'd say that it's a pretty reasonable bet that AIM/ICQ/MSN/Yahoo are routinely monitored. They're easy to data-mine (heck, the commercial data from that *alone* is phenomenal -- if people hear on a show that "Debora Mullins and Sandra Walker will be possibly starring in 'Shredded Metal 2', and there's a mass of messages saying "Debora Mullins sucks", that'd be awfully useful to the production company.

As for the NSA/CIA/FBI, messaging services are frequently used, easy to log and data-mine (no speech recognition necessary) systems that provide no end-to-end encryption that pass through a single point -- in the United States.

Jabber is the only reasonably well-designed IM system I've seen, and nobody *uses* Jabber, sadly enough.

Before putting on your tinfoil hat...

[dmoore]

I know this story is probably going to get a lot of people riled up. However, it is still my understanding that the NSA goes to great pains to avoid intercepting any communication that comes from a U.S. citizen. They are strictly prohibited from doing so.

If you are a U.S. citizen, your main privacy concerns should be with the FBI and the DoJ with their powers granted by the Patriot Act.

Re:Before putting on your tinfoil hat...

[applemasker]

History of the NSA and its various pre-911 ops can be found in The Puzzle Palace and Body of Secrets, both by James Bamford. The story of Glomar Explorer in those books alone is worth the read.

Although NSA is technically prohibited from performing incercepts on U.S. citizens, they do not shy away from operating against non-citizens here in the U.S. An interesting tale in those books is how, back in the day that Western Union was the only way to transmit internationally, NSA leaned on them to in effect "Bcc" the U.S. Gov't on all incoming / outgoing faxes from the U.N. without the knowledge of our friends or allies. Sweet.

Officially, yes; however...

[parvenu74]

One of the big pushes after 9-11 was for all of the intelligence agencies to "cooperate."

When I was in the navy we conducted counter narcotics patrols off the coast of Colombia and Panama. Since the military is not allowed to engage in law enforcement (that pesky Constitution and all) we simply had a Coast Guard team (they're Dept of Transportation and not Defense, so they *can* do law enforcement) that took care of the actual boarding of vessles and law enforcement. In fact, it had to be the Coast Guard person on watch who initiated the request to investivate/board a vessle. There was no "official" cooperation between the military and the Coast Guard on this, but when you get orders on the secure circuit to "think about getting to these coordinates in exactly 12 hours" which result in the Coastie on watch saying "Oh hey -- there's a boat... let's board him!" can you deny that there is unofficial cooperation going on?

(There were further stories about SEALS and other special forces folks who were officially discharged from the military and transferred to "another agency" for two weeks at a time in order to engage in "direct action law enforcement" before "deciding to reenter the military." It's call "sheep-dipping" and is just one more thing for the tin-foil-hatters to worry about...)

I suspect that this is probably what's going on with the NSA et al. If the agency in question either thinks/knows they're looking at a US citizen, they can just drop a pointer to the intel in the inbox of an agency who *can* legally handle it (Oh geez -- I wonder where *that* lead came from?). Or there are teams of "not officially NSA folks" who just happen to be working at NSA alongside the others who are legally allowed to investigate US citizens (similar to Coasties on US Naval vessles for counter-narc activities).

Take your pick as to the method in use or make up another, but I am pretty sure it's going on and will not be going away anytime soon.

Re:Before putting on your tinfoil hat...

[AnotherBlackHat]

. However, it is still my understanding that the NSA goes to great pains to avoid intercepting any communication that comes from a U.S. citizen.

I'm sure that's a great comfort to the people living in England, France, China, Japan, Israel, Italy, Macedonia, Comoros, The Philippines, Cyprus, Antigua, Nicaragua, Haiti, Kazakhstan, Germany, Serbia, Cuba, Belize, Peru, Lesotho, Hungary, Barbados, Mali, Ecuador, Chile, Romania, Gabon, Mauritania, Greece, Laos, Seychelles, Korea, Tanzania, Russia, Argentina,

Re: Passive E-Mail Monitoring Leads To Arrest

[manavendra]

The quoted article seems kinda wierd to me.

The article starts off with a diabolically, highlighting the boast of a mysterious hacker who works as NSA. No names are quoted. The whole thing is given a hollywood-esque charm (the hacker known only as "Mudhen" (mud hen? duh!), a charming pseudonym for NSA - Puzzle Palace).

After adding sufficient soundbites to attract reader's attention, besides making one thing is it one of those devious secrets about NSA, it suddenly changes tone and highlights the achievement of NSA "spies". Charming. Other gems:

"army of cryptographers, chaos theorists"

"that may have pulled in the first piece of evidence"

"massive investigation in several countries "

And then finally a quick rundown on TCP/IP.

One could almost mistake it for communistic propaganda, if only it hailed the fatherland (or the motherland) as well...

ps: don't forget, there are no facts or figures mentioned anywhere in it well.

New Spam Solution

[mackman]

We need a group of people to start discussing how cheap Viagra, a larger penis, and low-interest home mortages can be used for terrorism. Blip! Suddenly all the spam vanishes off the internet. I always hoped the NSA could be used for good as well as evil.

Re:New Spam Solution

[way2trivial]

Yea, you know all the spam that have unassociated keywords and whole sentances that appear randomly throughout the spam so they bypass mail filters designed to find repetitious emails

opensource this- a program designed to pass messages via spam, undetectable without the key...if 50,000 people get the message, and only one can read it....

release it.. BAM! the government (homeland security) will suddenly find a way to stop spam.

It's sad...

[waterford0069]

when the most interesting thing to you about the entire story is the fact that there is now an IT job open in Ottawa.

E-Mail is public?

[flogger]

Several years ago I taught some workshops to teachers to let them learn the joys of email. I made apoint to show them that email was not sure and anything written can be read by anyone with some knowledge. After sending some emails back and forth as a class, I logged into the mail server and showed them what they had written to each other. Even though they were upset that I could see the email, they walked away remembering the message:

Don't send anything in the email that you don't want printed in the classified ads of the local paper. Because sending email is like sending a postcard. Every postman between here and there can read what you've said.

What makes me wonder is that these "terrorist" were sending email that was unencrypted? [tinfoil hat] Or maybe, the NSA were able to get backdoors to encryption technology and that what what is passively being listened to. [/tinfoil]

You never know who is listening...

[zz99]

My favourite in devious encryption is currently Spam Mimic [slashdot.org]

If you were scanning all e-mails, would you put your resources on mails that looked encrypted or those that look like junk mail?

wardriving analogy

[WormholeFiend]

I find the slashdot reaction funny... when the NSA is sniffing packets that basically pass through their networks, it's bad, but some guy driving around with a computer and wireless gear is cool.

And that's on top of all the arguments about whether broadcasting information through the Internet is/should be/isnt/shouldnt be private.

Can you be accused of being a voyeur if the person you're looking at is walking around in public naked?

Scary. But, inevitable.

[ninejaguar]

This is the reason why most of my replies remain thoughts, and not posts.

= 9J =

Stenography

[pr0nbot]

Oh for ALLah's sake! I can't believe the waY OUR governments spy on us. Any AraB, AS Ever, is a suspect. This is going too fAR Even for Bush. It won't BE LONG before they'll be trawling slashdot looking for hidden messages. I certainly won't be moving TO the US any time soon.

Re:Stenography

[rcs1000]

Hmmm...

According to dictionary.co that means...

4 entries found for Stenography.
stenography ( P ) Pronunciation Key (st-ngr-f)
n.
The art or process of writing in shorthand.
The art or practice of transcribing speech with a stenograph machine.
Material transcribed in shorthand.

Do you perhaps mean Steganography

encryption probably makes it easier

[kakapo]

My guess is that encrypting your email makes it easier for the NSA -- only a tiny fraction of email traffic is encrypted. Outside of the tinfoil hat community, very, very few people bother to secure their email, so the simple act of sending an encrypted message (which can be spotted due to the low information content of cyphertext, or due to specific comments in the message header) probably flags you for attention.

And if that message is routed from an IP address in England to a cybercafe in Pakistan then so much the better. And if mail from the same address was sent to a known bad-guy last week then better still -- and before you know it, your door gets kicked in and several burly men are asking you questions about the half-tonne of fertilizer you just purchased.

Media coverage

[kbahey]

I do not know if the guy is guilty or not. A trial will tell us, in due time.

However, the media coverage of the whole thing sucks.

His father, Mahboob A. Khawaja, has been detained in Saudi Arabia, where he is a professor at some university. The media reports that the father wrote articles critical of the West's meddling with the Muslim World's affairs. He wrote a book called Muslims and the West [amazon.com].

How is that relevant to anything? Is it an attempt to tie genuine legitimate criticism to terrorism somehow?

I did some searching [google.ca] on the father, and found quite a few articles, most of it critical to the Arab rulers than anything else. Seems he places blame where it belongs, whether in the West or in the Arab world.

This reminds me of the terms "terrorism", "anti-Americanism", ...etc. all these are misused terms in these confusing times.

This whole thing about "guilt by association" got to stop.

net rules.

[medelliadegray]

1.) expect to be evesdropped on for EVERYTHING that is not encrypted, wether you're IN the US or outside of it. Use STRONG encryption whereever possible.

2.) expect weak encryption to be easily broken--it's prettymuch a given that the NSA has hardware *specifically designed* to break or brute force crypto. they employ many of the worlds greatest mathmatic savants out there, do not underestimate their capabilities.

3.) All your base ae belong to U.S.

Would it change the discussion

[HangingChad]

If we changed "Email" to "mail" and made the same statements? Do we grant ourselves the right to read every piece of postal mail that goes through the US? Why stop there? Why not search mail and packages? And luggage...oops, we already do that one. Where does it stop? The Supreme Court has never met an unreasonable search.

It's all well and good when the bad guys get caught...right up until the definition of "bad guys" gets changed. Yesterday there was an article about the DOJ labeling pornographers as "bad guys." There's no logical end. What's to stop someone being labeled as a bad guy for not going to church, or not supporting the government, or not going along with whatever intrusion-of-the-day on your privacy? It's not that big of a change from where we are now.

Some questions

[Ryu2]

I realize that the real answer may be classified, but I'm interested in informed speculation as well.

Is the monitoring with the cooperation of the ISPs who control the gateways/routers? Is it mandated that they have the monitoring taps? Or is it unknown to them (NSA are tapping into the signal unbeknownst to the ISPs)?

(I think this has a known answer.) Is is true that pretty much all intercontinental traffic goes through the USA? ARe there any routes eg, Europe to Asia, or other continents that are just direct routes not passing via the USA?

Alternate explanation

[Stavr0]

• Suspected terrorist, who's been watched by UK anti-terrorists for months, buys hundreds of kilograms of Ammonium Nitrate
• Task force raids suspect's home
• Suspect's computer found on premises
• Task force opens Outlook, looks in Inbox, Sent Items
• Incriminating email to or from Mohammed_Momin_Khawaja@?????.ca discovered.

Sounds to me like someone is trying to spin this as justification for email surveilance.

So what did he plan to do?

[KlausBreuer]

All I hear is "planning a terrorist act".

These days, planning a street party can be a 'terrorist act'. Handing out pamphlets in Washington, despicting GWB as a sheep, explaining why he's such a nut, could be a terrorist act.
Mooning the traffic on an interstate could be a terrorist act.

Anybody know?

some incorrect info in article

[Danny Rathjens]

Headers also pick up the numeric or Internet Protocol (IP) address of all the computers a packet touches as it travels from its originating machine all the way to its destination. Every computerized device connected to the Internet has its own unique IP number.

Evidently they are confusing packet headers(envelope, as they call it) with e-mail headers.
And the counterexample to the second statement is NAT(Network Address Translation).

Your ignorance is worse

[peter303]

It is so easy to monitor InterNet plain text communications, that I ALWAYS presume its been done since the start of the Net.

Re:Sigh

[rjelks]

I'm all for catching "terrorists", but I agree...scary.

"'Foreign traffic that comes through the U.S. is subject to U.S. laws, and the NSA has a perfect right to monitor all Internet traffic,' said Mr. Farber, who has also been a technical adviser to the U.S. Federal Communications Commission."

I've never been under the illusion that internet traffic was private, but could someone tell me what law give them this power? I'm not being sarcastic here, I'd really like the information.

-

Re:Sigh

[hazem]

Actually... it has apparently been declassified:

From http://www.interesting-people.org/archives/interes ting-people/200110/msg00157.html [interesting-people.org]

Out of curiosity I went hunting for info on the United States Signals
Intelligence Directives (USSIDs) I had to be aware of in a former line of work.

Much to my surprise, USSID 18, which outlines procedures for the NSA's
collection of data on "U.S. persons" was declassified just over a year ago.

I thought the document might be of interest to IPers, especially at this time.

An introduction, and links to the archives can be found at:

http://cipherwar.com/news/00/nsa_surveillance.htm

(From the site above:)

In the aftermath of revelations in the 1970s about NSA interception of the
communications of anti-war and other political activists new procedures
were established governing the interception of communications involving
Americans. The version of USSID 18 currently in force was issued in July
1993 and "prescribes policies and procedures and assigns responsibilities
to ensure that the missions and functions of the United States SIGINT
System (USSS) are conducted in a manner that safeguards the constitutional
rights of U.S. persons."

(And a bit from USSID 18, itself - any errors in transcription are my fault:)

SECTION 1 - PREFACE

1.1. (U) The Fourth Amendment ot the Unites States Constitution protects
all U.S. persons anywhere in the world and all persons within the United
States from unreasonable searches and seizures by any person or agency
acting on behalf of the U.S. Government. The Supreme Court has ruled that
the interception of electronic communications is a search and seizure
within the meaning of the Fourth Amendment. It is therefore mandatory that
signals intelligence (SIGINT) operations be conducted pursuant to
procedures which meet the reasonableness requirements of the fourth
amendment.

1.2. (U) In determining whether United States SIGING System (USSS)
operations are "reasonable," it is necessary to balance the U.S.
Government's need for foreign intelligence information and the privacy
interests of persons protected by the Fourth Amendment. Striking that
balance has consumed much time and effort by all branches of the United
States Government. The results of that effort are reflected in the
references listed in Section 2 below. Together, these references require
the minimization of U.S. person information collected, processed, retained
or disseminated by the USSS. The purpose of this document is to implement
these minimization requirements.

1.3. (U) Several themes run throughout this USSID. The most important is
that intelligence operation and the protection of constitutional rights are
not incompatible. It is not necessary to deny legitimate foreign
intelligence collection or suppress legitimate foreign intelligence
information to protect the Fourth Amendment rights of U.S. Persons.

1.4. (U) Finally, these minimization procedures implement the
constitutional principle of "reasonableness" by giving different categories
of individuals and entities different levels of protection. These levels
range from the stringent protection accorded U.S. citizens and permanent
resident aliens in the United States to provisions relating to foreign
diplomats in the U.S. These differences reflect yet another main theme of
these procedures, that is, that the focus of all foreign intelligence
operation is on foreign entities and persons.

Re:Sigh

[somethinghollow]

It's convenient that the first instance of e-mail "bugging" resulting in action is against a terrorist. Right now, for the most part, the Average American (tm) is totally commited to giving up freedom for security (which conjures up the quote about said person deserving neither). Basically, since it stopped a terrorist, it completely validated this breach of privacy. I'm pretty sure that new initiatives like Carnivore will be openly embraced by said Average American (tm). The damage the terrorists have done is far beyond the deaths of Americans.

Tricksy hobbitses tries to takes away our privacies! Must protect the precious...

Re:Sigh

[lamz]

It's convenient that the first instance of e-mail "bugging" resulting in action is against a terrorist.

Is it convenient, or does it make perfect sense? Email, which we all know is completely insecure, is monitored until they find something worthy. Some terrorists turn up, and they are arrested.

Basically, since it stopped a terrorist, it completely validated this breach of privacy.

Exactly.

Re:Sigh

[dasmegabyte]

Well, considering the public nature of all internet services, I'd have to say there probably isn't a law and probably shouldn't be. If any machine has to be able to deliver a packet to any other machine, that every router has to have the rights to read the information in that packet. It's trivial to put a sniffer to one of these routers and smell around for shit going down.

Of course, if what you're transmitting is encrypted data, it becomes harder to figure out what you're up to. If your encryption is b

Re:Sigh

[Rick.C]

From the article:

Headers also pick up the numeric or Internet Protocol (IP) address of all the computers a packet touches as it travels from its originating machine all the way to its destination. Every computerized device connected to the Internet has its own unique IP number.

Investigators could program their supercomputers to flag packets of information that met certain criteria, such as a certain IP number, a certain traffic pattern or a certain kind of content. As soon as a packet is flagged, investi

Re:Sigh

[lamz]

I'm not sure which part is worse, email monitoring (sure, they SAY it's passive...) or the terrorist activities.

You're not sure? I am. Terrorism is worse than reading someone else's email.

Re:yuck

[bobsled]

Right...we'd rather have it the other way around. Don't snoop, don't find bad crap like this going on, don't stop them before it happens... then when it does (because it will) have independent and congressional inquiries to determine blame - and ask "Why didn't you know about this beforehand?"

So this is the first thing we need. You want privacy? I want security more...

NSA is not the enemy - they are protectors. A bunch of dedicated professionals, even IF some of them need to get out into the sun more ofte

obligatory quote

[tuxette]

"They that would give up essential liberty for a little temporary safety deserve neither liberty nor safety."
-- Ben Franklin

Re:Yea

[Peyna]

The people that founded the US were not terrorists in the sense that these people are. They didn't go to England and kill thousands of citizens in order to scare the English into leaving them alone. It was also very well known who they were, as they acted quite publicly with their intentions, and even sent a nice note to England lining out their complaints and putting their names on the bottom.

Terrorists target civilians, remain anonymous as often as possible, and their goal is often annihilation rather than separation.

Re:Yea

[silas_moeckel]

They did attack civilian targets (Boston tea party being the most noteable) They did use privaters. They did not fight in the open as was part of war at that time. They were an unconventional force that did attack civilian targets. Granted modern terrorists are a lot worse. Rememebr I said could as in the English government could use that term to describe there opponent. A domestic terroist is only a terroist untill they win then they are liborators and patriots.

Thanks Lefty

[blunte]

Did you bother reading the somewhat brief article?

The people picked up were in Britain and Canada. It said nothing about them being US Citizens. It did, however, state that the nature of discussions was of terrorist activity (presumably against the US or US interests).

Conveying this to the Canadian and British authorities is a reasonable activity for our National Security Agency. If you want to talk about due process, perhaps you should watch to see what Canada and Britain do with them.

I've met jackasses like that

[sbma44]

Just go out on the town and keep an eye out for drunk, oily-looking guys wearing thinkgeek gear trying to use techspeak to pick up girls. The last one I ran into tried to pick up my girlfriend with the line "this may shock you, but I.... am a hacker" -- no joking. I introduced myself and eventually he explained to me at great length (and in greatly slurred speech) how he could take down the internet if he wanted. You just have to send fragmented packets to "the root server", apparently. Wonder why no on