Forgot your password?
'Echelon Study' Released by European Parliament
Privacy Posted by Hemos on Wednesday February 23, @02:16PM
from the you're-being-watched dept.
ckolar writes, "Duncan Campbell's report on Echelon has been delivered to the European Parliament's committee for Justice and Home Affairs and is available online. " This is the study that was commisioned by the EU - very interesting reading.

Rewriting 'Blame Canada' | Men Playing as Women  >

 
Slashdot Login
Nickname:

Password:

Don't have an account yet? Go Create One. A user account will allow you to customize all these nutty little boxes, tailor the stories you see, as well as remember your comment viewing preferences.

Related Links
  • ckolar
  • Echelon
  • available online
  • More on Privacy
  • Also by Hemos
  • Your Rights Online
  • Richard Smith, Privacy Crusader
  • Master Of Your Domain
  • Trademarks and What's In a Name
  • Clinton Frowns on Anonymity
  • Using The Web to Fight Bad Legislation
  • CIOs Worried About UCITA
  • DoubleClick DoublesBack
  • Music Piracy/Copy Protection
  • Utah About to Sign Library Filtering Law
  • Poet Patents Her Genes
  • This discussion has been archived. No new comments can be posted.
    sprs (Score:2, Interesting)
    by meighan (meighan at meighan dot com) on Wednesday February 23, @02:23PM EST (#4)
    (User Info)
    interesting. anyone have anymore information on the speech pattern recognition software thought to be used on phone lines?

    --
    It is no measure of health to be well adjusted to a profoundly sick society.

    [OT] Any good noise recognition SW for Linux? (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:00PM EST (#34)
    Not looking for anything so fancy as speech recognition, but just want to be able to train a Linux box to recognize a few canned phrases, claps (Linux Clapper), whistles, etc. Preferably that reads /dev/audio at a low sample rate continuously (say 8khz) so as not to bog down the machine and performs continuous pattern recognition (of selectable quality) on the samples. I already have the festival speech synthesizer and would like to be able to query my linux box for stats.

    "Uptime"
    74 days, 3 hours, 18 minutes

    "Mail status"
    "3 new messages"

    etc.

    Re:[OT] Any good noise recognition SW for Linux? (Score:1)
    by notsoanonymouscoward (mandraker00t@hotmail.com) on Wednesday February 23, @04:46PM EST (#118)
    (User Info)
    from one of my past postings:

    Well lets see... take a peek at kvoicecontrol for KDE, compliments of Daniel Kiecza.
    I haven't checked in a while (may a bit outdated), but heres some linux speech apps
    For those that really wanna play, check out IS IP 's ASR project.
    For those that are interested in aquiring speech corpa (training data) check out The LDC-online. Get the free guest account, use your perl skills and your imagination, and suddenly the TIMIT corpus is yours :) Granted for non profit use only...

    Email me if you're interested in this kinda stuff (or want my timitgrab.pl script)... its not my primary address, but I check it from time to time.

    You`d probably be interested in kvoicecontrol for your particular demands.
    Oh yeah for my email, the 00 in r00t is two zeros.
    - end of line

    Re:sprs (Score:2)
    by karb (karbatfordashpresidentdotcom) on Wednesday February 23, @03:01PM EST (#36)
    (User Info)
    When the brits used to have that tower to listen to all the traffic between ireland and england, they didn't have workable speech recognition, but used what I thought was a pretty cool hack.

    Speech recognition is hard. However, taking a voice print is really really easy. So they (british intel or whoever) would automatically take a voice-print of every call, and tape the calls that matched voice-prints of criminals, or whoever they listened to (I'll give them the benefit of the doubt).

    C is like Jedi C++ : There is no try

    Re:sprs (Score:0)
    by Anonymous Coward on Wednesday February 23, @04:27PM EST (#103)
    These guys here are working on some great speech pattern recognition software that is much faster than anything else out there. check them out.
    I don't get it (Score:0)
    by Anonymous Coward on Thursday February 24, @12:15AM EST (#183)
    These guys here are working on some great speech pattern recognition software that is much faster than anything else out there. check them out.

    Was that supposed to be funny? You wasted my time.
    Re:I don't get it (Score:0)
    by Anonymous Coward on Thursday February 24, @10:18AM EST (#209)
    That was the point bitch. I know I laughed when I read it. Haha.

    gunslinger carves another notch on his belt...
    Echelon Study Reports Mirrored (Score:1)
    by Eruantalon on Wednesday February 23, @05:17PM EST (#129)
    (User Info) http://rush.baked.net/~jerbel/
    OK, I know www.cryptome.org has these same articles, but I thought I'd mirror them just for the hell of it.

    DEVELOPMENT OF SURVEILLANCE TECHNOLOGY AND RISK OF ABUSE OF ECONOMIC INFORMATION (An appraisal of technologies of political control)
    Part 2 of the article above
    Part 3 of the article above
    Interception Capabilities 2000, or Part 4 of the article above

    Also:
    AN APPRAISAL OF TECHNOLOGIES OF POLITICAL CONTROL , or the working copy of the above article

    Enjoy reading - there's a lot of it :)

    Eruantalon
    The Annals of Middle-earth
    Goddamn F*** Echelon! (Score:1)
    by weird007ja (lennybruce@zdnetonebox.com) on Thursday February 24, @12:27AM EST (#184)
    (User Info)
    Holy shit! We're being monitored! It scares the shit outta me, and it's a real pain in the ass, I tell you for sure!
    Re:sprs (Score:0)
    by Anonymous Coward on Thursday February 24, @10:49AM EST (#212)
    Look at the patents database for the NSA patent that explains how to scan text with a window of a few letters to identify the topic of said text. That will work with phonemes. Use some Hidden-Markov model to generate a sequence of phonemes and feed that into a comparable software. Voila. Speech Topic Identificaion. AC
    Re:sprs (Score:1)
    by kashko on Thursday February 24, @01:20PM EST (#218)
    (User Info)
    I bookmarked the report this morning. This afternoon it is no loger on line.
    Re:sprs (Score:1)
    by BMIComp on Sunday February 27, @10:12PM EST (#224)
    (User Info)
    Well, the NSA applied for a
    patent , for a device... or mechanism, that takes conversations, and basically summarizes the topics of those coversations. Now, the significance of this is that they can basically use highly advanced speech recogition software(are you saying the NSA wouldn't be able to attain/develop such a thing!?!... much more developed than any commercial software) to catalog coversations, use this device that has been patented to summarize the topic of the conversation, and if it has anything to do with bomb, terrorism, or any other keywords, then it would notify the proper authorities.

    Of course, my whole view on the NSA-Echelon situation is... my life is pretty boring... so if the NSA wants to spy on me and others to prevent terrorism, so be it.

    Oh, and by the way, the website i found the link for the patent is ACLU's Echelonwatch.... i still think there should be a ACLUWatch though =).

    What company do you want to steal today?
    Hmm, it's not there... (Score:1)
    by DoomHaven (DoomHavenNO@SPAMlicensedtokill.com) on Wednesday February 23, @02:28PM EST (#6)
    (User Info)
    I can't seem to access the page, which begs the question: Government cover-up, or /. effect gone awry? *YOU* decide!

    Just to note: while I *am* in Canada, most of my traffic gets routed through the States by default <SIGH>. Maybe, one day, Canada will have its own link to Europe...
    Re:Hmm, it's not there... (Score:0)
    by Anonymous Coward on Wednesday February 23, @02:51PM EST (#23)
    We'll see it eventually if it's being silenced. The whack-a-mole machine is just getting warmed up.
    Re:Hmm, it's not there... (Score:1)
    by tve (--- t.erven # chello.nl ---) on Wednesday February 23, @02:53PM EST (#28)
    (User Info)
    I'm trying to access the site from The Netherlands and it's just *very* slow. I've got the title already:

    Hearing THE EUROPEAN UNION AND DATA PROTECTION

    Brussels, 22-23 February 2000

    Anyone got more?

    There was an 'unknown error' when I tried to post this. I'm trying not to get paranoid. Please tell me this happens all the time...

    What I throw at you is only my mental waste.
    Re:Hmm, it's not there... (Score:1)
    by Eruantalon on Wednesday February 23, @03:19PM EST (#54)
    (User Info) http://rush.baked.net/~jerbel/
    That's all I can get as well. I tried the main page, and it stopped with a few non-loaded image links. I clicked on the English tab, and am waiting........and waiting.........and waiting.

    There was an 'unknown error' when I tried to post this. I'm trying not to get paranoid. Please tell me this happens all the time...

    Well, I got that once, but while I had lynx & 2 netscape windows trying to access the europarl site, netscape's links decided to stop working. Of course, the sparc5 I'm on could be to blame for that.... Stupid work computers.

    Eruantalon
    The Annals of Middle-earth
    Re:Hmm, it's not there... (Score:1)
    by DoomHaven (DoomHavenNO@SPAMlicensedtokill.com) on Wednesday February 23, @04:48PM EST (#121)
    (User Info)
    Didn't get the Unknown error; maybe you should be paranoid. That's all I get, too: the title and the date.

    The truth is out...of sytle.
    Yes, it is (was Re:Hmm, it's not there...) (Score:1)
    by 0x0000 on Thursday February 24, @08:07AM EST (#200)
    (User Info)
    It is incredibly slow! Also, they are using Javascript.

    The actual document links come up in a JS pop-window (why? I dunno... and why PDF? Obviously, this *is* a conspiracy :)

    Here they are: http://www.europarl.eu.int/dg4/stoa/en/publi/pdf/98-14-01-1en.pdf http://www.europarl.eu.int/dg4/stoa/en/publi/pdf/98-14-01-2en.pdf http://www.europarl.eu.int/dg4/stoa/en/publi/pdf/98-14-01-3en.pdf http://www.europarl.eu.int/dg4/stoa/en/publi/pdf/98-14-01-4en.pdf http://www.europarl.eu.int/dg4/stoa/en/publi/pdf/981401-5en.pdf

    The links seem to connect, but am still waiting for a download... ~200b/s with lots of stalling...
    This is from the US.

    0x0000

    Re:Yes, it is (was Re:Hmm, it's not there...) (Score:1)
    by 0x0000 on Thursday February 24, @08:10AM EST (#201)
    (User Info)
    Here is the URL of the doc that gets loaded in the JS popup, fwiw:

    http://www.europarl.eu.int/dg4/stoa/en/publi/pop-up.htm


    0x0000

    Elisp Macro: Spook - is there a modern version? (Score:0)
    by Anonymous Coward on Thursday February 24, @09:33AM EST (#207)
    Remembering waaaayyy back.. We used to use EMACS as a mail program (a funny little CMU app called BatMail.) Anyway, because BatMail ran on Emacs, there were all of these cool Lisp programs that enhanced the value of Emacs and BatMail. My favorite of which was called Spook. Spook would insert a paragraph of "NSA Hot-Words" into your email header before sending the email out. The obvious implication being that all of your quite trivial messages would eventually congest the NSA's computers. Has anyone seen a Spook macro for Outlook or Eudora? Bringing that up to the present times might be fun; now that we know they are indeed listening.... -drew
    Real-deal PDFs are here... (Score:1)
    by shub (brad@shub-internet.org) on Wednesday February 23, @08:25PM EST (#173)
    (User Info) http://www.shub-internet.org/brad/
    I have links to the PDFs at the bottom of my page at http://www.shub-internet.org/.

    Alternatively, go straight to http://www.shub-internet.org/eu/ and download them all for yourselves.


    Please mirror these files widely, so that my poor little server isn't slashdotted out of existence!
    --
    Brad Knowles
    http://daily.daemonnews.org/ -- if you're not reading it daily, you're not up-to-date

    Mirror? (Score:0)
    by Anonymous Coward on Wednesday February 23, @02:29PM EST (#7)
    They have been either slashdotted or silenced. Anyone dare to mirror the report?
    Re:Mirror? (Score:0)
    by Anonymous Coward on Thursday February 24, @10:21AM EST (#210)
    Troll???? Stupid moderators. Someone tries to do a service and he gets castrated... idiots.
    Got pulled off of AP Wire (Score:2, Interesting)
    by Anonymous Coward on Wednesday February 23, @02:31PM EST (#8)
    I saw this story briefly on the wire this morning, but it appears to have been pulled. Maybe the MIB phoned the AP and said "We would be so much happier if you would show a little more discretion in running stories of this nature..."
    Don't Complain Here (Score:5, Informative)
    by 348 (beeoch22@nospamplease.hotmail.com) on Wednesday February 23, @02:33PM EST (#9)
    (User Info)
    Whining and bitching about big brother will achieve nothing. I you are interested in having more of their mission etc. made public, curbed completely or audited, the way to make a little noise and get heard is to write your representative. On the Echelon Watch site, they have an e-mail, letter, and fax engine that all you do is add your name, address etc. and something like this will get mailed.

    As your constituent, I'm writing to ask for your support for a congressional inquiry into a threat to the privacy and civil liberties of all residents of the United States. I've read several credible reports that suggest that the global electronic communications surveillance system -- frequently known by the code name ECHELON -- presents an extreme threat to my privacy and that of other people around the world.

    If you want to free hand your correspondence, get your senator or representatives name, address etc, from their wed site, and send the letter. Complaining on forums such as Slashdot, Attrition or HNN will not accomplish anything in bringing this stuff into the light. Whining on Slashdot only increases your Karma.

    Logic is a systematic method of coming to the wrong conclusion with confidence.

    Re:Don't Complain Here (Score:3, Insightful)
    by Kaa (subdimensiondotcom!kaa) on Wednesday February 23, @02:48PM EST (#19)
    (User Info)
    Whining and bitching about big brother will achieve nothing.

    Truth. It's the path of least resistance, however.

    I you are interested in having more of their mission etc. made public, curbed completely or audited, the way to make a little noise and get heard is to write your representative.

    I think the key word here is "little". I estimate the chances of governments of the world giving up spying on their own citizens and everybody else to be precisely zero.

    The cypherpunks way is more to my liking. Encrypt. Encrypt all messages. Tell your friends to encrypt all messages. Laugh at the very expensive hardware collecting a lot of apparently random noise (but keep yourself up to date on the latest crypto techniques).

    Whining on Slashdot only increases your Karma.

    But isn't it the goal of existence? Better karma is the ultimate goal of life, isn't it? :-)

    Karma... must have karma... more... more... MORE!!!

    Kaa
    Kaa's Law: In any sufficiently large group of people most are idiots.
    Re:Don't Complain Here (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:05PM EST (#39)
    If you trully believed what you said about Karma, you would have posted it without the +1... That gets you more, as some people (Sig....Sig.... Sig.... DAMN, can't say it!) have pointed out....
    Re:Don't Complain Here (Score:2)
    by 348 (beeoch22@nospamplease.hotmail.com) on Wednesday February 23, @03:09PM EST (#43)
    (User Info)
    I think the key word here is "little". I estimate the chances of governments of the world giving up spying on their own citizens and everybody else to be precisely zero.
    I don't know. A year ago, they denied its very existence, seems like the walls are coming down somewhat. Spying is one thing, the subset being interception of traffic is quite a bit smaller, and easier to exploit. I think that with the "New Age" of e-business in whatever flavor brings big dollar corporations into the mix now. They will have a huge impact on Echelon. Business is building and supporting the net now and they want their say. Enough pressure in the right places will make a difference in how they operate.

    The cypherpunks way is more to my liking. Encrypt. Encrypt all messages. Tell your friends to encrypt all messages. Laugh at the very expensive hardware collecting a lot of apparently random noise (but keep yourself up to date on the latest crypto techniques).
    Depends on what battle your fighting. Encrypting everything will generate much noise, but at what expense, for what purpose. If you really have something to say/write whatever and didn't want to take the chance of anyone else possibly seeing/hearing it, would you really send it over the net, or over some unsecured copper pair? I wouldn't.

    Logic is a systematic method of coming to the wrong conclusion with confidence.

    Re:Don't Complain Here (Score:2, Insightful)
    by Kaa (subdimensiondotcom!kaa) on Wednesday February 23, @03:20PM EST (#55)
    (User Info)
    If you really have something to say/write whatever and didn't want to take the chance of anyone else possibly seeing/hearing it, would you really send it over the net, or over some unsecured copper pair? I wouldn't.

    I would. Two reasons.

    One: Q: "Where does a wise man hide a fish?" A: "In the ocean".

    Two: It seems highly unlikely that NSA or (insert your favorite bogeyman here) can break correctly-used publicly available encryption with reasonable key size (e.g. >=2048 bit for public key, or >=128 bits for symmetric).

    Kaa
    Kaa's Law: In any sufficiently large group of people most are idiots.
    Re:Don't Complain Here (Score:1)
    by Spoing on Wednesday February 23, @04:33PM EST (#109)
    (User Info)

    One: Q: "Where does a wise man hide a fish?" A: "In the ocean".

    If your ocean is big enough, that's wise advice...for non-digital devices, and as long as you no longer want the fish.

    Two: It seems highly unlikely that NSA or (insert your favorite bogeyman here) can break correctly-used publicly available encryption with reasonable key size (e.g. >=2048 bit for public key, or >=128 bits for symmetric).

    Agreed...for now.... :)


    Hold it, nobody said anything about three books.

    Re:Don't Complain Here (Score:1)
    by Bad Mojo (mojo@nospam.rps.net) on Wednesday February 23, @03:22PM EST (#57)
    (User Info) http://www.rps.net/mojo
    "I think the key word here is "little". I estimate the chances of governments of the world giving up spying on their own citizens and everybody else to be precisely zero."

    Translation: We can't convince Nazi's to be peaceful, so why try?

    "The cypherpunks way is more to my liking. Encrypt. Encrypt all messages. Tell your friends to encrypt all messages. Laugh at the very expensive hardware collecting a lot of apparently random noise (but keep yourself up to date on the latest crypto techniques)."

    Translation: Let's let them have what they want and when the finally get around to banning crypto inside my country, then I'll ... look for another way to have my cake and eat it to.

    Bad Mojo
    "If trees could scream, would we be so cavalier about cutting them down? We might, if they screamed all the time, for no good reason."
    Good karma the goal of life? (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:36PM EST (#67)
    > But isn't it the goal of existence? Better karma is the ultimate goal
    > of life, isn't it? :-)
    I think the Jainists believe this, but some might interpret the goals of Buddhism and Taoism (in different ways) as the ceasing or slowing of karma; of bringing peace to the Tao through inaction and lack of desire. ("Doing good", especially having a burning lust to do good, is seen in these contexts as, to use Lao-tze's term, "degredation of the great Way.")

    Those more schooled in religion will see many holes in this argument, and will now flame me. Bring it on!
    Re:Good karma the goal of life? (Score:0)
    by Anonymous Coward on Wednesday February 23, @04:15PM EST (#96)
    He He. .

    Ya know you used "Lack of Desire" and burning lust in the same paragraph. Sounds like my marriage.

    Re:Don't Complain Here (Score:0)
    by Anonymous Coward on Wednesday February 23, @04:08PM EST (#90)
    Encrypt; and don't accept cookies! :Ž
    Re:Don't Complain Here (Score:1)
    by Dirtside (matt@SPAMTASTIC.waggoner.com) on Wednesday February 23, @05:28PM EST (#134)
    (User Info) http://matt dot waggoner dot com
    Wouldn't this make you a Kaarma whore? :)

    --- Dirtside | That's strange, this was a first post when I started writing it.
    Re:Don't Complain Here (Score:2)
    by noeld on Wednesday February 23, @02:51PM EST (#24)
    (User Info) http://rootprompt.org
    Is it true that those who complain about ECHELON get on special government monitoring lists? ;)

    I remember when it was cool to have a sig file with NUKE, FUSION etc in it to make big brother read your mail. Now people want privacy. ;) Go figure :)

    Noel

    RootPrompt.org -- Nothing but Unix
    News and information for Unix Sysadmins

    Re:Don't Complain Here (Score:1)
    by Corydon76 (teknoweenie@hotmail.com) on Wednesday February 23, @03:21PM EST (#56)
    (User Info)
    I remember when it was cool to have a sig file with NUKE, FUSION etc in it to make big brother read your mail. Now people want privacy. ;)
    Go figure :)

    Figure that the reason that we put such incriminating words in our .sig's was not that we wanted Big Brother to read our mail; it's because we wanted to throw so much crap into the wheels of the big machine that it would become quite useless as a means to filter.

    It's still done. Remember the attempt to crash Echelon a few months ago?


    The next thing from Microsoft will be object-oriented assembly.

    Re:Don't Complain Here (Score:1)
    by 348 (beeoch22@nospamplease.hotmail.com) on Wednesday February 23, @04:21PM EST (#101)
    (User Info)
    Yeah, but in the big picture, it has little or no effect on overloading their systems. Reminds me of the old radio gag of having everyone flush their toilets at the same time to protest high water prices. Not even a measurable impact.

    Logic is a systematic method of coming to the wrong conclusion with confidence.

    Superbowl Flush and Echelon Flush (Score:2)
    by dattaway (dattaway@soho.attaway.org) on Wednesday February 23, @04:46PM EST (#117)
    (User Info) http://www.rickscafe.net
    Reminds me of the old radio gag of having everyone flush their toilets at the same time to protest high water prices.

    Speaking of flooding national systems, a friend of mine worked at a water treatment plant (sewage.) I joked to him about the "Superbowl Flush" effect that I heard about in the late 70's and asked if he could comment on it. The theory went something like when America would all get together on Superbowl Sunday to drink beer and watch the barbaric game of football up until halftime, at which time thier urinary bladders exceeded maximum capacity. The concern was that everyone and thier brother made a dash for the toilet, whizzed, and flushed at the same time, overloading the sewer systems and rivers across the country, possibly causing mass flooding, etc...

    He stated it was no joke and described the incoming rush of water was real.

    So, I guess we could all flush our crap at the same time and jam echelon in the same way. Whoooohooooo!
    Don't JUST complain here (Score:3, Insightful)
    by drox (drox@hotmail.com) on Wednesday February 23, @02:59PM EST (#31)
    (User Info)
    Whining and bitching about big brother will achieve nothing.

    If that's ALL you do, then that's true. You're preaching to the converted. But if you write (yes, with paper and stamps, because it's so much more effective than email that our benighted representatives seldom even hear about) to your representatives and THEN get onto a public forum like Slashdot and tell others what you did and why, it might get others to follow in your footsteps.

    But please be polite. These people have to slog through bureaucratic BS all day. You won't win any friends in high places by venting your spleen at them. Just explain logically why this is a Bad Thing.

    And while you're at it, write to your local newspaper. There you'll be preaching to many who are not yet converted. Spread the word!
    Re:Don't JUST complain here (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:16PM EST (#50)
    Mod this up!

    You're right. The senators and congress do not respond well to mail bombs, spam or flames. Take a lesson from the Linux Advocacy Guide (Too lazy to Link) , BE POLITE. This area is embarrassing and sensitive as any they deal with, having to respond is painfull enough, make it easier for them to respond, basically don't be an asshole, state your case clearly, quickly and professionally and the letter will get a response.

    For you information (Score:1)
    by clyons (clyons@crasher2.ttgcitn.com) on Wednesday February 23, @03:33PM EST (#64)
    (User Info)
    This is sorta off topic, but...

    I recently used one of those e-mail engines to send correspondance to my two state senators (Sen. Chuck Grassley [R] and Sen. Tom Harkin [D], of Iowa), and *BOTH* sent me a snail mail response.

    FYI, it was concerning the Know Your Customer Sunset Act.


    "There's too many men, too many people, making too many problems"--Genesis, "World of Confusion"

    Re:Don't JUST complain here (Score:1)
    by Wah (Hello!?thewah@uswest.netWhat?!) on Wednesday February 23, @04:07PM EST (#88)
    (User Info) http://wahcentral.net
    (yes, with paper and stamps, because it's so much more effective than email that our benighted representatives seldom even hear about)

    pen and paper are great but a printer and a signature make the same point. Just print an e-mail before you send it, sign it, address it, stamp it, and make a bigger difference. Hmm, now I remember why I liked e-mail so much...

    --
    Is it just me or is everyone smoking crack 24 hours a day?
    The Truth (Score:0)
    by Anonymous Coward on Thursday February 24, @09:09AM EST (#206)
    Actually, there is NOTHING you can do that will have any effect. Whine, bitch, moan, write, etc. At most you'll get a few people fired, the system 'restructured' (oh my!), and it will continue as before. The press and people enjoy the illusion that they bring about change, but they do not.

    You (the people) are not in a position of power. They are. Until you realize that and become fully aware of its depth you're just playing into their hands with your little protests.

    As for encryption, it annoys them, and there's some they probably can't crack. That's why they enlist Microsoft, IBM, Intel, etc to install backdoors, why they use Van Eck freaking (tempest), etc.

    Don't lose hope, but don't convince yourself you're free when you're not, as that's a true loss of freedom.

    Accept that govt won't change. Use crypto for all! (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:17PM EST (#51)
    All remote access is done over SSH. gpg handles individual files. All the important data is hidden inside blowfish encrypted filesystems, drive partitions routed through a loop device with crypto (kernel 2.2.12, with int patch, linux-utils patch, get 'em here) so if feds bust in and rip out all my linux boxen they will be unable to mount most filesystems without the passparagraph (not merely a password, but a whole paragraph with a few key typos, easy to remember for me, impossible to guess or bruteforce) The extra secure filesystems are routed through two or three loop devices each with a different crypto method (blowfish+serpent+idea). Oddly enough, things don't run all that slowly on the 450MHz AMD K6-2. Many failed attempts to crack root or user accounts or other detected cracking attempts will auto umount the crypto filesystems in case they try to 'get the data while its still mounted'. There's also huge files of random data in there too which don't decode to anything. Or files with two file systems inside. One 'fake' one, which I grudgingly give up the password for after cracking under the lights (which contain minor offenses stuff like some warez or banking info), and the real one offset after that.

    The lesson is that someone is always monitoring you. You can never stop them, or get the to stop, or even know they all stopped even if they did. So use crypto everywhere and then you won't have to worry. After all, feds never deciphered Mitnicks encrypted files, did they?

    Just because you're paranoid doesn't mean they really aren't all out to get you.

    Note: the above is probably all just made up fiction.

    Re:Accept that govt won't change. Use crypto for a (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:58PM EST (#83)
    hahahah! He said "impossible"
    Re:Accept that govt won't change. Use crypto for a (Score:0)
    by Anonymous Coward on Wednesday February 23, @04:09PM EST (#92)
    hahahah! He said "impossible"

    Fine. How about, unless I live to be several hundred or several thousand years old or more, I won't live to see my crypto cracked by 3rd parties. That's good enough for me.

    Re:Don't Complain Here (Score:4, Insightful)
    by G27 Radio on Wednesday February 23, @03:35PM EST (#66)
    (User Info) http://g27.org
    Complaining on forums such as Slashdot, Attrition or HNN will not accomplish anything in bringing this stuff into the light. Whining on Slashdot only increases your Karma.

    Not to disagree with your point about being proactive, but I've noticed a lot of people of people seem to disregard the importance of actually having the discussion. Most of the whining and bitching I read contains at least one element of interest, whether intended by the author or not.

    Also keep in mind that not everyone that reads HNN, attrition, slashdot, etc, is predisposed to getting involved or reading discussions like this.

    Even the things that could be considered "preaching to the choir" have some educational value for me. Reading other's thoughts on here reinforces ideas that I may have already had, but never thought to articulate or couldn't articulate as well as they did. Later on I can, and occasionally do, use these arguments effectively in day to day conversation. I'd dare say that I learn more from the bitching and preaching than I do from the original articles.

    Bitch on brothers!

    numb

    This is my pet penguin, Tux. And here is my pet donkey, Bill Gates. --Slashdot Man
    Re:Don't Complain Here (Score:1)
    by caesarlinux on Wednesday February 23, @03:46PM EST (#74)
    (User Info)
    Amen!! Bitch on! :-) "Don't lead me to temptation... I will find it myself!"
    Stand up and be counted (Score:0, Flamebait)
    by Anonymous Coward on Wednesday February 23, @03:45PM EST (#73)
    Bitching to your congressman or senator or president is not gonna do jack shit. We live in a time when politicians are OWNED by corporations and run a corrupt government. Corporations who benefit from Echelon, a corrupt government than benefits from Echelon. Complaining will do nothing. It's time to stand up for ourselves and fight the fascist pigs. Obviously we can not fight them with violence, they have the guns but we have the numbers. And even more important, we have the technological know-how.
    Re:Stand up and be counted (Score:0)
    by Anonymous Coward on Wednesday February 23, @04:06PM EST (#86)
    Don't forget, they also have the black helicoptors. Oops, there goes my tin-foil hat! Must... go... buy... Catcher... intheRye....
    Re:Stand up and be counted (Score:0)
    by Anonymous Coward on Wednesday February 23, @04:18PM EST (#99)
    OK! You lead the way!. . . We'll be right behind you!
    It's tax time again (Score:1)
    by shepd (moc.liamtoh@rezulaer) on Wednesday February 23, @04:41PM EST (#112)
    (User Info)
    and it seems to be showing...
    (My email address is reversed...)
    Writing to your Congress is effective! (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:57PM EST (#82)
    Several years ago when the first in depth documents about ECHELON started circulating (at that time in the security mailing lists and groups) I forwarded a rather lengthy and in depth study done by a fellow who had been running a similar system for a large Wall Street investment firm to Senator Conrad Burns of Montana.

    I am not living in Montana, but I am from there and knew him to be a fair and reasonable person who was also at the time putting up a good fight against encryption restrictions.

    I did receive a response from Senator Burns that indicated that he had read it and considered it interesting. I have no idea how far he went with it.

    The point is that if you are reasonable congress is willing to listen. They may not act, but you can at least put the seed into their head, and get them to at least consider your point of view.

    Chris Pugrud
    chris@pugrud.net
    -- not anonymous, not a coward

    Alternate link!! http://www.gn.apc.org/duncan/stoa.htm

    SO WHAT ?!?!?!?! (Score:1)
    by the31337lc (browne AT marietta.edu) on Wednesday February 23, @06:40PM EST (#154)
    (User Info) http://marietta.edu/~browne
    Look, people, who cares if NSA is reading your stupid email? Do they care? Are they gonna do anything about it? I mean, seriously, they can read everything I have, it doesn't matter to them. Nobody ever takes the other viewpoint, that they are actually doing this to PROTECT US. They our not our enemies, they are trying to PROTECT us! They are on YOUR SIDE and they don't CARE about your email. It's not like they are stealing your credit card info or spamming you!
    Re:SO WHAT ?!?!?!?! (Score:0)
    by Anonymous Coward on Thursday February 24, @05:38AM EST (#191)
    Thank you. I choose to take care of my own problems. I also choose my friends and masters carefully.
    PROTECT US??? from what? (Score:1)
    by bartok on Thursday February 24, @06:15AM EST (#194)
    (User Info) http://www.citeweb.net/montreal/
    PROTECT US??? from what? From ourselves? Is it not a principle in this country that we are innocent until we are proven guilty?

    And considering the diversity of opinion and political choices in this country, what exactly does "on OUR SIDE" mean? Who's side? The people's? The government's? Big buisiness? Democrats? Republicans? Socialists? Anarchists?

    Re:SO WHAT ?!?!?!?! (Score:0)
    by Anonymous Coward on Thursday February 24, @11:34AM EST (#214)
    ...and they'll always be good and always tuck us in at night and read us happy stories.
    Q: Who's your daddy? A: the NSA.
    Slashdot effect. (Score:2)
    by fingal (alex.fiennes@sStPyArMaNx.cOoTm) on Wednesday February 23, @02:40PM EST (#13)
    (User Info)
    Anybody else in Belgium? Anybody know why the network is so fscked up at the moment? Can't even traceroute to the europarl server at present. Its been like this for a bit now. Surely it can't be a slashdot effect on the level to take out complete pipes? (although I can't imagine that /.ers are the only people trying to download it).

    Does anybody know what format the report is in, what size it is and precisely what time the link went live? I'd like to read it, but I'd also like to get my connection back at some point...

    Re:Slashdot effect. (Score:1)
    by um... Lucas (lk@caralis.com) on Wednesday February 23, @03:03PM EST (#37)
    (User Info) http://www.caralis.com/us/lucas/
    My traceroute can make it 16 of the 17 steps i need to get there... It seems the problem is solely with their server (?).

    With things like this, since it's a government site that in no way needs advertisers or anything, ROb and Hemos should without a doubt mirror this stuff PRIOR to posting it... Now the discussion is pure drivel. Mostly trolls, and a few general comments about Echelon, rather than one about what this paper has to say.
    Re:Slashdot effect. (Score:1)
    by olddoc on Wednesday February 23, @07:19PM EST (#164)
    (User Info)
    Yes! Everytime there is a story that will lead to some server flooding due to the /. effect, the story should be mirrored! Anybody have a spare OC192 they aren't using?
    Re:Slashdot effect. (Score:1)
    by shub (brad@shub-internet.org) on Wednesday February 23, @03:04PM EST (#38)
    (User Info) http://www.shub-internet.org/brad/
    Yeah, I'm in Belgium too.

    So far, it looks like traceroutes die at pool02b-194-7-41-145.uunet.be (194.7.41.145). I'm guessing that their leased line has rolled over and died, or perhaps is so congested that it just can't possibly deal with the traffic.

    Tracerouting from an account I have in the US (with an ISP that is an Above.Net customer), it looks like packets die at the same place -- pool02b-194-7-41-145.uunet.be (194.7.41.145).

    I'll see if I can find some information for them at RIPE that might tell me more about who their provider is and perhaps what alternate routes might be.

    Nope. It looks like Uunet is their only provider in Belgium, and they don't appear to have a backup route that I can find. I wonder if perhaps they might be interested in a backup from the largest residential ISP in the country? ;-)
    --
    Brad Knowles
    http://daily.daemonnews.org/ -- if you're not reading it daily, you're not up-to-date
    They havent had that much traffic for years :-) (Score:1)
    by nikolas (Nikolas.Biasin@ruhr-uni-bochum.de) on Wednesday February 23, @03:28PM EST (#62)
    (User Info)
    Poor guys, on their europarl server they“ve probably got a few requests from students every day, but apart from that... And being a EU employee the admin probably went home 18:00 MET :-)

    What is that eu.int-domain, anyway? I want one of these .int domains for myself...
    Re:Slashdot effect. (Score:1)
    by mrfunnypants (fakeaccount69@hotmail.com) on Wednesday February 23, @05:19PM EST (#131)
    (User Info)
    Well I finally manage to get there, the problem is this isn't a small little report lots of pdf files small in size but seperated, anyway it took me forever and I still haven't accessed an actually document yet, I just got to the links to the actually report, past the main page. explain this to me real quick: the number of visitors on the site is said to only be 2028 yet they are having this many problems with their servers? Why? anyone have an idea, anyway if I can actually access some of the info I will try to mirror it so you can all read it, yay!
    "Real knowledge is to know the extent of one's ignorance" -Confucius
    related links (Score:5, Informative)
    by ATKeiper on Wednesday February 23, @02:46PM EST (#16)
    (User Info) http://www.tecsoc.org/
    Some links relating to the technology related to Echelon can be found in a recent edition of Crypto-Gram.

    Also, there are several related links on the Personal Security page of the Center for the Study of Technology and Society.

    Finally, if you want the wire version of the story, click here.

    Yours,
    A. Keiper
    The Center for the Study of Technoloy and Society

    Re:related links (Score:2, Informative)
    by shub (brad@shub-internet.org) on Wednesday February 23, @03:15PM EST (#48)
    (User Info) http://www.shub-internet.org/brad/
    See also the "Interception Capabilities 2000" report at http://www.cyber-rights.org/interception/stoa/interception_capabilities_2000.htm and http://www.gn.apc.org/duncan/ic2kreport.htm.
    --
    Brad Knowles
    http://daily.daemonnews.org/ -- if you're not reading it daily, you're not up-to-date
    Re:related links (Score:1)
    by shub (brad@shub-internet.org) on Wednesday February 23, @03:39PM EST (#69)
    (User Info) http://www.shub-internet.org/brad/
    The actual "Echelon Study" itself is supposedly at http://www.europarl.eu.int /dg4/stoa/en/publi/default.htm.

    If I can manage to download a copy of it, I'll try to put a mirror up in the US. And then I'll try to explain the traffic to my ISP. ;-)
    --
    Brad Knowles
    http://daily.daemonnews.org/ -- if you're not reading it daily, you're not up-to-date

    Re:related links (Score:1)
    by shub (brad@shub-internet.org) on Wednesday February 23, @04:10PM EST (#94)
    (User Info) http://www.shub-internet.org/brad/
    It would appear that these documents are actually PDFs, when you drill all the way down through the various web pages.

    I am now in the process of downloading what I believe to be the PDFs for the report in question, and if/when these files are downloaded, I will upload them in other places and let you folks know where they are.
    --
    Brad Knowles
    http://daily.daemonnews.org/ -- if you're not reading it daily, you're not up-to-date
    Echelon (Score:0)
    by Anonymous Coward on Wednesday February 23, @02:46PM EST (#17)
    Echelon is just another indication that the constitution has been suspended.
    Time to go home now.
    Re:Echelon (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:43PM EST (#72)
    Echelon is just another indication that the constitution has been suspended

    Would it be more accurate to say that the constitution is constipated?
    I'll mirror it! (Score:2)
    by dattaway (dattaway@soho.attaway.org) on Wednesday February 23, @02:47PM EST (#18)
    (User Info) http://www.rickscafe.net
    Someone mail the text of the report and I'll mirror it or just post it here. Something. I can't stand the suspense! :O
    Re:I'll mirror it! (Score:0)
    by Anonymous Coward on Wednesday February 23, @02:49PM EST (#20)
    Someone posted the wire version here
    Enjoy! (Score:3, Informative)
    by dattaway (dattaway@soho.attaway.org) on Wednesday February 23, @09:02PM EST (#176)
    (User Info) http://www.rickscafe.net
    I hate it when sites go down and disappear. Here is a mirror of one of the reports complete with pretty pictures.
    Mirror (Score:4, Informative)
    by brunes69 (nighthawk@n2.com) on Wednesday February 23, @02:50PM EST (#22)
    (User Info) http://irc.cjb.net

    The linked site appears to be slashdotted. I believe this is a valid mirrorof the report:

    ht tp://www.cyber-rights.org/interception/stoa/interception_capabilities_2000.htm

    ---The fool who knows his foolishness is wise at least so far... But a fool who thinks himself wise, he is a fool indeed---
    Re:Mirror (Score:3, Informative)
    by Spoing on Wednesday February 23, @03:08PM EST (#42)
    (User Info)
    It's not a mirror of the same thing; from what little I was able to read from the original link, the two aren't even similar.

    Hold it, nobody said anything about three books.

    Re:Mirror (Score:2)
    by Cato (rdonkin@SPAMLESSbigfoot.com) on Thursday February 24, @09:49AM EST (#208)
    (User Info) http://www.bigfoot.com/~rdonkin/
    The report IS identical, it's just the front page that is different - clicking on the Report link from the front page presented at http://www.echelonwatch.org/ gives you the same report as at this URL.
    "Echelon Study" next to "Blame Canada" (Score:2, Interesting)
    by ufojoe on Wednesday February 23, @02:52PM EST (#25)
    (User Info)
    Interesting how the "Echelon Study" article is posted next to a "Blame Canada" article. After all the operating principle of Echelon just ahppends to be "Blame Canada" (The UK blames Australia... and so on) Coincidence these articles ended up next to each other... I don't think so.
    SYJ: "Blame Canada" is satirical. (Score:0, Offtopic)
    by addison on Wednesday February 23, @03:11PM EST (#45)
    (User Info)
    (Surely/Shirley you Jest).

    "Blame Canada" was a joke about exactly that.

    Sarcasm detector registered 0 reading your post.

    Addison

    Re:SYJ: "Blame Canada" is satirical. (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:50PM EST (#79)
    Dickhead!

    thank you.
    Europe is pissed off (Score:5, Interesting)
    by spaceorb (spaceorb(@)hushmail.com) on Wednesday February 23, @02:53PM EST (#27)
    (User Info)
    And it seems that France in particular has a taste for the fantastic. Microsoft is the NSA's largest customer, and IBM was forced into using DOS by the government?

    France allegedly has its own Echelon, and no doubt that the UK does also. So if they're doing it themselves, why are they so pissed at the US?
    Re:Europe is pissed off (Score:2, Interesting)
    by Idrach (matthewatidrachdotspam_notdotcom) on Wednesday February 23, @03:11PM EST (#44)
    (User Info)
    Yup, the French have their own version of Echelon but, due to lobbying by the Academie Francaise, it doesn't have an English language translator built in ...

    On a more serious note, we (the UK) don't need our own Echelon, we're part of yours (like Canada, Australia, and, when they're not complaining about US nuclear powered warships, the Kiwis.) It is called the "Five Power Agreement" and regularly gets an mention in Mr Campbell's articles.

    Just like the NSA aren't supposed to spy on US citizens, our Intelligence services aren't supposed to spy on us without either a warrant or ministerial permission (with our equivalent of a Congressional committee overseeing the whole thing.) Interestingly, they manage to get around this in a number of ways, but nowhere near as well as when we all had analogue mobile phones and it could just be plucked out of the ether.

    Please don't either confuse the national governments of European nations with the EU (much as certain people would like them to be the same organisation) or (and this is a much more fundamental error) underestimate the hypocrisy of the modern politician.
    Re:Europe is pissed off (Score:2, Interesting)
    by kinkie (kinkie@kame.DOT.usr.DOT.dsi.DOT.unimi.DOT.it) on Wednesday February 23, @05:03PM EST (#125)
    (User Info) http://kinkie.dhs.org
    Europe is rightfully pissed off, I might add (yes, I am european, as you might guess).
    The point you seem to be missing is that the echelon is outside Europe's control, and this pisses me off greatly (well, it just adds to the fact that being spied upon pisses me off a great deal too).
    Let's put this thing in another perspective: while you probably occasionally check your back lawn to keep it clean and tidy, wouldn't you be pissed if your neighbor pointed some hidden surveillance camera to your lawn without telling you, without asking for your permission, without being accountable, and possibly selling videos of your lifemate sunbathing nude to his friends in the neighborhood? Because this is exactly what echelon does.

    /kinkie
    Re:Europe is pissed off (Score:3, Insightful)
    by Weezul (weasel@havoc.spam.gtf.org) on Wednesday February 23, @05:42PM EST (#141)
    (User Info) http://havoc.gtf.org/weasel
    Technically, the reason most European governments are pissed is because the U.S. uses Echelon to steal contracts from French buisnesses. I just hope that they sell it to their common people as "those evil Americans are spying on our you" because then they will have a hard time defending their own programs when they come under attack. It may be to our advantage to take these programs down one at a time so that the people in charge do not think about protecting their own program when they attack someone else's.

    What we need to do is make it clear to European politicians that they can gain political power (in the internet community) by talking about how evil it is to go arround spying on people. This meme will survie and they will not think their own spy's are as importent at budget time or when scandals come up in the future. Discrediting one at a time is the way to disarm the spys.

    The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
    Re:Europe is pissed off (Score:0)
    by Anonymous Coward on Thursday February 24, @10:36AM EST (#211)
    I can remember 12 or more years ago when it became apparent to business competing for contracts in Europe, and in France in particular, that somebody was using technology way beyond commercial capabilities to spy on them and giving the info to French competitors. There were several events where construction contracts in France were lost to French competitors by a few hundred dollars on projects bid out in the high 10's of millions. There was obviously some electronic eavesdropping/intercept going on in some of the cases because the way the bidding was done made it impossible for anyone to look at the contents of the other's sealed envelope prior to the bidding ceremony. Hotel rooms were bugged, telephones wiretapped, and probably computer screens read remotely (from moderately screened rooms, so the Radio Shack kit wouldn't cut it). Encryption was cracked that was of a nature a private party of that day would have found difficult, even if no big deal with today's CPU power.

    The French are pissed off now that we are more capable at this sort of thing than they are! (Whether we are in fact helping our businesses compete in Europe, I have no idea, but it would serve the French right--they were totally unrepentant at the time.)
    Re:Europe is pissed off (Score:0)
    by Anonymous Coward on Thursday February 24, @11:21AM EST (#213)
    The importent thing is not who did what to who first, but can discredit the NSA and cut their funding now. I'm an American and I do not really care about the NSA spying on FRench companies, but I do care very much about the NSA spying on me.. and I'm willing to let a few large companies loose contracts to French companies to stop it. Plus, once the NSA is hurt we can use the "intelegence agency == bad" meme's that would be created to take on the French agency.

    Plus, If the French want to ban Windows or something I'm happy to see them do it.

    Re:Europe is pissed off (Score:1)
    by Lowther on Thursday February 24, @06:57AM EST (#197)
    (User Info)
    This places the UK government in an uncomfortable situation.

    On the one hand, as one of their stated goals is to be at the 'heart of Europe', they should be alarmed. On the other, as a signatory to the original UKUSA COMINT agreement, they are partly responsible for ECHELON (but perhaps not for its misuse).A bit of a dilemma, I'd say....

    Also, when you consider the introduction by the UK government of the Regulation of Investigatory Powers Act alongside ECHELON, it is interesting. Under the new act, failure to hand over your encryption key to the police on demand may result in imprisonment. At the risk of being a conspiracy theorist, are they scared that all their investment in COMINT technology will go down the pan if everyone starts using encryption ?
    Semper in faecibus sumus, sole profundum variat
    Re:Europe is pissed off (Score:1)
    by Sri Lumpa (rousseauj1SP@Myahoo.com) on Friday February 25, @06:36PM EST (#223)
    (User Info) http://www.opendvd.org
    This places the UK government in an uncomfortable situation. On the one hand, as one of their stated goals is to be at the 'heart of Europe'

    The UK really wanting to be part of Europe? Let me laugh, they probably would prefer to ba a new American State than being a part of Europe, otherwise they wouldn't help the US screw other European countries.

    I guess De Gaulle was right when he said "L'Angleterre est le porte-avion de l'amerique en Europe" which means (lousely translated) "England is the plane-carrier of America in Europe".


    "The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers." Bill Gates, The Road Ahead, Viking Penguin (1995)

    web resources (slightly OT) (Score:1)
    by general_re (generalre@netscape.net) on Wednesday February 23, @05:32PM EST (#136)
    (User Info)
    Just as a quick aside, for those who don't already know, the second link in spaceorb's post is from John Young's really excellent "Cryptome" site at jya.com/crypto.htm
    The site is primarily devoted to the technological and political aspects of law enforcement and intelligence agencies around the world, and is a great resource for those of you out there interested in things like echelon, TEMPEST, wiretapping, etc. Very cool and highly recommended...
    Re:Europe is pissed off (Score:0)
    by Anonymous Coward on Wednesday February 23, @07:41PM EST (#167)
    yeah, but they're still french so what good will it do them?
    Re:Europe is pissed off (Score:0)
    by Anonymous Coward on Thursday February 24, @06:54AM EST (#196)
    France is one of the countries that hava banned use of encryption algorithms in radiolinks of GSM portable phones..and suppresses use of encryption in other ways too. Might it just be that every other spy agency is doing this stuff, the american /w brits etc. were just so stupid that they got caught?

    After having said this I might add: this is not a reason for stop trying to put an end to this kind of activity. It will never cease to exist but it must be kept possible to at least try to cover one's ass.

    Huh? (Score:1)
    by Sadiq on Wednesday February 23, @02:59PM EST (#32)
    (User Info) http://www.free-services.com
    It might just be me, but it said that they monitor all email/fax/telephone conversations in Europe.. but doesn't that require the co-operation of the other European telcos? What about email? wouldn't that require something somewhere along the line sorting out all the email stuff? If so.. where is it? Do our ISPs know about it? (I'm in the UK) or is everything based at the telcos.. (which'd make slight sense.. fax/email/phone all go through them.. one way or another..).. It just seems wierd that something of this power and complexity isn't completely out in the open if it could do what it is supposed to do..

    "Everyone has the same amount of misfortunes and successes.. the great are the ones who exploit their successes and cut their losses on their misfortunes.."
    Re:Huh? (Score:1)
    by burris on Wednesday February 23, @03:23PM EST (#58)
    (User Info)
    What they do is setup giant antennas (dishes) in close proximity to the phone company's, pointing at the same satellites. They receive the same signals as the telcos.

    The difference is that the NSA's dishes are surrounded by electrified fences and guards armed with automatic weapons.

    Burris

    Re:Huh? (Score:0)
    by Anonymous Coward on Wednesday February 23, @05:40PM EST (#139)
    All you have to do really is put taps at the highest-level connections of some country, eg. where the data gets out via some big backbone. (Is this why it's called Echelon, as in "hierarchy"?)

    Hint: there aren't that many big telecommunications companies... But who knows if this is known at some very high level throughout governments of the world. The 10 million dollar question becomes: what exactly are they monitoring?
    It's still there... (Score:1)
    by Eruantalon on Wednesday February 23, @02:59PM EST (#33)
    (User Info) http://rush.baked.net/~jerbel/
    I think. At least I've so far gotten what looks to be the header to the document. Maybe everyone with Internet access all went to this page at once.

    Eruantalon
    The Annals of Middle-earth
    The problem with Echelon (Score:5, Informative)
    by jd on Wednesday February 23, @03:01PM EST (#35)
    (User Info)
    The biggest problem with Echelon is the people that it's monitoring.

    How so? Well, I've seen several posts suggesting writing to representitives. What good is that going to do? The NSA has refused to even say if the name even means anything to them, under Client - Lawyer privilage. Have you seen Congress push them into saying anything further? One try, and they seem satisfied they've done their part.

    Ok, what about this jamming? As I've said on a number of occasions, NOBODY does interception by keywords. Even IDS systems use pattern-recognition and context-sensitive detectors. Why would one of the largest, most advanced, most brilliant collection of programmers and mathematicians use a simple 'tcpdump | grep'? It makes no sense.

    Ok, so "conventional" jamming won't work, complaining gets nowhere, what CAN you do?

    I'm not going to say people are powerless, because they're not. However, they DO need to be unorthodox. You can't break encryption, if you don't know the algorithm, or possible set of algorithms. Even then, your probability of a false positive goes up considerably, the greater the number of keys and/or algorithms.

    There are a GREAT many encryption algorithms out there, some stronger than others but that's not really the point. If nobody can really tell which algorithm you're using, your effective keylength is equal to the key length of the -LONGEST- key possible, PLUS log2(number of algorithms).

    eg: PGP/GPG uses RSA to encrypt a secret key, but uses a simple secret cypher to encrypt the message itself, using that secret key. If someone modified PGP/GPG to allow you to pick (or have it randomly select) one of, oh, 16 algorithms for the secret encryption, then your effective keylength is equal to 128 + 4 = 132. That's a lot tougher to crack (it'll take 16 times as long) and might well prove too difficult for a real-time system, such as Echelon.

    Even so, I =can= tell you that Echelon is complex. My understanding is that it includes vast arrays of DSP chips embedded in the physical network, for pre-processing. The only hope is to make systems such as IPSec and PGP/GPG sufficiently advanced that one-size-fits-all solutions can't be used effectively.

    Re:The problem with Echelon (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:25PM EST (#60)
    'tcpdump | grep'?

    You mean their not? What's not plausible? Most of the government operators I know couldn't grep their way out of a wet paper bag. But hey, What do you expect for 22K a year. On the other end, in Colorado Springs at Peterson, you have 6-10 year enlisted guys working because they had to re-up because they had no real marketable skills on the outside. To top it off, they're working for some Frank Burns type guy who doesn't understand his job to begin with.

    Re:The problem with Echelon (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:49PM EST (#78)
    ...experiments with neural nets for decryption in the 70's...
    whoa there a second! (Score:3, Interesting)
    by Savage Henry Matisse (auto20356@DELETEMEhushmail.com) on Wednesday February 23, @04:15PM EST (#97)
    (User Info) http://www.geocities.com/HotSprings/2244/
    I'm a little confused by some of the assertions made above:

    1) There seems to be an assumption that part of Echelon is the ability to compromise a 128-bit key in a negligible amount of time (i.e. instantly.) Now, I'm not super-duper-hardcore up to date on my Echelon readings, but I haven't seen any indication that anyone actually has the capability to brute force a 128 bit key in real-time. If I've just been living in a cave (not far from the truth) and simply failed to hear about this advance, someone please post a link/reference, or e-mail me (above address, minus the DELETME), or something-- I'd be really interested in such news.

    2)PGP/GPG uses RSA to encrypt a secret key, but uses a simple secret cypher to encrypt the message itself, using that secret key.

    Maybe I'm reading this wrong, but it sounds like you're saying that PGP/GPG use a proprietary algo for their symmetrical crypto. At least with PGP, this is not the case. PGP (I think) currently uses IDEA, and used to use DES. While the latter is somewhat shady, these are hardly secret, and aren't that simple, either.

    3) In the above set-up (with the PGP/GPG system which randomly selects the private-key algo to be used on a message-by-message basis) how do you securely communicate this to the recipient? Is the selected algo package with the key inside the public-key encrypted portion of the transmission, or do they just guess? (Not that having them just guess is such a bad idea-- it's sorta like those first versions of Public Key systems, the ones that used numeric puzzles for the keys. If the recipient just has the key, it'll take a more-or-less negligible amount of time for her to decrypt the message under each algo and see which version isn't gibberish.) Still, I'm not seeing the need for this, as per #1 I mean, if they can brute-force a 128-bit key in more-or-less no time, is making this time 16X longer gonna put that much of a knot in their britches? If 128-bit keys aren't secure, then this sort of arrangement is just a Band-Aid.

    Again, it's possible that I'm just totally mis-reading the above. Sorry if all of this is out-of-left-field.
    -"S"HM

    Re:whoa there a second! (Score:1)
    by Slak on Wednesday February 23, @04:37PM EST (#111)
    (User Info)
    I think your comments are on-target. According to current published technology, 128-bit encryption (and by this I mean TwoFish and other 'strong' algorithms) is tough. Who's to say what the NSA has cooked up, though. Mr. Schneier is far more qualified to comment. I would recommend http://www.counterpane.com/pitfalls.html for his assessment.

    Your understanding of #2 is correct, I believe.

    I'm pretty sure that all Public Key Crypto systems work the same way. A session key is generated (if this isn't random, it's a place to attack) and encrypted using public key crypto. The message itself is encrypted using a symetric algorithm. Thus you can do 2 things to try to read the message:

    1. Brute force the key for the symetric algorithm.
    2. Try to crack the public key/private key pair. This will then allow you to decrypt the session key for all communications, not that particular conversation.

    Ideally the determining the private key is much harder than brute forcing the symetric algorithm (since it allows you to decrypt *all* messages).

    Cheers,
    Slak

    Re:whoa there a second! (Score:2)
    by jd on Wednesday February 23, @04:48PM EST (#119)
    (User Info)
    1) 128-bit keys are hard to brute-force, but the NSA isn't objecting strenuously to the export of RSA, which implies they have solved the problem of finding the prime factors of large numbers. If that -is- the case, then RSA is useless, as the NSA can read any encrypted message effectively instantly.

    2) A secret cypher, also called a symmetric cypher, is simply one in which the encryption key and decryption key are the same. It's inherently weaker than a public key/private key pair, but it is much faster, which is why PGP uses it for the actual message itself.

    DES is trivial to break. The record for a hobbyist computer is 3 days, I believe. A transputer net could realistically reduce this total to under 3 minutes, without costing very much more. Dedicated, custom-built military-grade hardware, designed for this specific task, and cooled to obtain maximum performance, could probably crack DES within a matter of a few seconds, possibly less.

    IDEA isn't much better. There are a lot of weaknesses known for it.

    Actually, breaking a 128-bit key is probably irrelevent, as DES uses 56-bits. It's much quicker to ignore the 128-bit encryption, and derive the key by cracking the message. By doing so, you've reduced a slow, 128-bit cypher to a fast 56-bit one.

    By using multiple algorithms, though, you can't do that. You don't know how long the key is, therefore you don't know where the message is. This means you =HAVE= to break the header. You don't get the choice. No shortcuts, anymore.

    Sixteen times as long IS a significant amount, if you've a lot of encrypted traffic. It means that you can only crack 1/16th as many messages, within the same timespan, for a start. As this would have to be a real-time system, that means you've 1/16th the intelligence-gathering capacity.

    BUT, the problem is so much worse than that. Because the crackers can't use the shortcut, anymore, the problem isn't simply one of 128-bits to 132-bits, but 56-bits to 132-bits. THAT will take them 2^76 times as long, which would definitely saturate the system, no matter HOW powerful it was.

    Re:whoa there a second! (Score:1)
    by Slak on Wednesday February 23, @05:09PM EST (#126)
    (User Info)
    I'll agree with you on point 1.

    I'll agree that DES isn't secure (note: not the same as trivial to break). I find 3 minutes difficult to swallow.

    I'm not so sure that I would throw IDEA into the lo, though surely the AES candidates are stronger.

    I don't see your jump to ...breaking a 128-bit key is probably irrelevent, as DES uses 56-bits. I think you're confused; PGP uses IDEA with a session key. The session key is encrypted using RSA and the message is encrypted with IDEA using the session key.

    At this point, your math really confuses me. Why does one have to break the header? You could just brute force the IDEA (or whatever) keyspace. In fact, one hopes that this is easier to do than break the header. If you can break the header for 1 message, you can now recover all session keys and read all messages. Once you have the session key, all you have to do is plug it into 16 or 32 symetric algorithms and you've got the message.

    The problem is if the NSA can find public/private key pairs. This means they can:
    1. Decrypt messages intended for me.
    2. Sign messages in my name (spoof being me).

    Cheers,
    Slak
    No clue... (was Re:whoa there a second!) (Score:2, Informative)
    by burris on Wednesday February 23, @05:22PM EST (#132)
    (User Info)
    1) 128-bit keys are hard to brute-force, but the NSA isn't objecting strenuously to the export of RSA, which implies they have solved the problem of finding the prime factors of large numbers. If that -is- the case, then RSA is useless, as the NSA can read any encrypted message effectively instantly.
    How do you know the NSA doesn't strenuously object to the export of RSA? Care to point to some NSA press releases? In any event, it's the Commerce department, specifically the Buereau of Export Administration (BXA) that controls export. They have relaxed controls because everyone is screaming at them and they know it's a lost cause anyway (genie is out of the bottle). There is no indication that the NSA has any extraordinary factoring capability or has built working quantum computers large enough to factor typical public keys.
    DES is trivial to break.
    DES is NOT trivial to break. 56-bit keys are trivial to break. There are no practical attacks to DES that are faster than complete trial and error. That's why triple-DES is currently the most trusted cipher around.
    IDEA isn't much better. There are a lot of weaknesses known for it.
    This is utter nonsense. Care to point to some references? The only really damning thing about IDEA is the patent issue. That's why it's not an AES contender.
    Actually, breaking a 128-bit key is probably irrelevent, as DES uses 56-bits.
    Not irrelevant, as DES has been proven to be a group. So 3-key EDE triple-DES has an effective keylength of 168-bits. All good encryption software supports triple-DES. Nobody seriously uses single-DES anymore.
    It's much quicker to ignore the 128-bit encryption, and derive the key by cracking the message. By doing so, you've reduced a slow, 128-bit cypher to a fast 56-bit one.
    More nonsense. You are also confusing symmetric block ciphers with asymmetric ciphers, which have totally different security properties and key length requirements.
    By using multiple algorithms, though, you can't do that. You don't know how long the key is, therefore you don't know where the message is. This means you =HAVE= to break the header. You don't get the choice. No shortcuts, anymore.
    Anyone who knows anything at all about crypto and security in general knows that "Security through obscurity is no security at all." All good cryptosystems are designed under the assumption that the attacker has complete details to the system and the only thing secret is the key. A properly designed system can withstand this assumption and has no need for obscurity. You don't really get 4 more bits under that assumption and 4 bits isn't worth much anyway.

    Dr. Burris T. Ewell

    Re:No clue... (was Re:whoa there a second!) (Score:1)
    by Xenu on Wednesday February 23, @06:08PM EST (#146)
    (User Info)
    Not irrelevant, as DES has been proven to be a group.

    I thought that DES was proven not to be a group.

    K. Campbell and M. Wiener, "DES is not a group", Advances in Cryptology -- CRYPTO '92, pages 512-520.

    Re:No clue... (was Re:whoa there a second!) (Score:2)
    by MindStalker (johnlar@tfn.spam.net) on Wednesday February 23, @06:21PM EST (#147)
    (User Info) http://www.how-toresource.com/index.html
    He accually did have an interesting point about the header bit, and that isn't obsurity. Basically say I have a huge list of possible encryption methods using secret keys, which are encryped in the header. Also in the header is the desription of which algoritym I'm using. Now assuming this header is rather small, one could encrypt the heading at a very high bit, say 4096. And the message in a much lower bit say 56, now if there was no knowledge of which encryption method was used it would cause them to brute it for each and every possible method.
    ~A nerd is someone whose life revolved around computers and technology. A geek is someone whose life revolves around computers and technology, and likes it
    Re:No clue... (was Re:whoa there a second!) (Score:1)
    by Slak on Wednesday February 23, @06:47PM EST (#158)
    (User Info)
    Yes, but the point is that there aren't a significant number of possible algorithms. There are about 5 candidates for AES from a field of about 10. At best, you have 2^4 (roughly) possibities. Some are less strong than others (DES/Triple DES) and you can have dedicated hardware for those (US$100,000).

    Please remember that public key algorithms and symmetric key algorithms have very different contexts as far as what key-length is required for 'security'. Pulling numbers out of my ass, it could take the same amount of time to crack a symmetric algorithm's 64 bit key as it does to crack an asymmetric algorithm's 1024 bit key.

    Cheers,
    Slak
    Re:No clue... (was Re:whoa there a second!) (Score:2)
    by jd on Thursday February 24, @08:34AM EST (#203)
    (User Info)
    Yes, but if you don't know the algorithm, you don't know the key-length, either. So, if your header could be EQUALLY a symmetric algorithm with a 64-bit key OR an aymmetric algorithm with 1024 bit key, you'd have to try every possible combination of both.

    As for the number of algorithms, here is a short list of what's out there that -could- be used for something like this:

    Serpent, Rijndael, Square, IDEA, MARS, RC5, RC6, GOST, Skipjack, 3DES, Twofish, Blowfish, Safer+, TEA, DEAL and CAST.

    You can then insert -any- of these into an ellipitic curve algorithm, such as Pegwit. This essentially doubles the total range of algorithms you can use.

    This gives you a total range of 32 algorithms, which is sufficiently large to make brute-force decryption a much more complex process, with a much higher liklihood of getting apparently meaningful, but totally incorrect, output.

    Re:whoa there a second! (Score:1)
    by um... Lucas (lk@caralis.com) on Wednesday February 23, @05:31PM EST (#135)
    (User Info) http://www.caralis.com/us/lucas/
    DES is probably irrelevant to this discussion. It's completely outdated at this point in time. That's why there's the whole AES submission process going on.

    Triple DES is probably more relevant these days, and it's effectively 112 bits... Even that's probably good enough for today and the next few years.

    The whole thing about crypto has been there is no security through obscurity. If you have a sufficiently strong algorithm, you can just hand the cipher text to whomever you'd like and the only way they can decode it is by bruteforcing the message. I'd think it'd be much simpler to implement a reliable system using keys that are 4 bits longer than to integrate 16 separate cryptosystems into one application.

    Remember, for every 1,000 lines of code programmers introduce how many bugs?

    The key to a reliable security solution would be to use an extremely well tuned application... Not a piece of bloatware with tons of interconnected parts.
    Re:whoa there a second! (Score:1)
    by Ralph Wiggam (barry@no-meat-in-a-can.summex.com) on Wednesday February 23, @05:49PM EST (#142)
    (User Info) http://www.redmeat.com
    I haven't seen any indication that anyone actually has the capability to brute force a 128 bit key in real-time.
    The NSA doesn't exactly mail out press releases saying "We can now crack 128 bit keys in 0.3 seconds. We rock."
    I'm no crypto fanatic, but I do find the whole situation interesting, specifically the human side more than the math. My reasons for believing that the NSA can crack just about anything out there are based on two things: money and brains. They have more of both than just about any other department in the government. We sit here and make fun of stupid things our govenment as a whole does, but of the three best programmers I know, all three have worked for the government at some point. Also, the ammount of money that the NSA has at thier disposal is pretty much outside the comprehension of the average person. When you're talking about computers, money buys you the biggest toys and the biggest toys do the coolest stuff.

    -B
    This is my sig...or something
    Re:The problem with Echelon (Score:2, Insightful)
    by Slak on Wednesday February 23, @04:22PM EST (#102)
    (User Info)
    Slashdot reported http://slashdot.org/articles/99/ 11/14/058247.shtml that the NSA holds various patents for sifting through transcripts.

    As far as PGP/GPG go, you assume that the NSA has no shortcuts on cracking IDEA, Blowfish, etc. The solution space for algorithms is so small as to not effect the workload. Don't count on "Security through obscurity (of algorithm)". Need I remind you that "when you assume, you make and ass out of you and me" :)

    The problem with Echelon is the lack of oversight. How can the NSA claim client/attorney privileges? What is being done to verify that ECHELON breaks no laws?

    As the saying goes, the first step to dictatorship is secrecy.

    Cheers,
    Slak
    Re:The problem with Echelon (Score:1)
    by um... Lucas (lk@caralis.com) on Wednesday February 23, @04:27PM EST (#104)
    (User Info) http://www.caralis.com/us/lucas/
    GPG i thought didn't use RSA because of patent concerns?

    There also seems to be not much point in using random algorithm selection between 16 different ciphers. You get the same benefit by increasing your symetric keylength by 4 bits. Yay.

    By all accounts I've read 128 bits is just too hard to feasibly attempt these days... look at distributeds progress with their 64 bit project.
    Re:The problem with Echelon (Score:2)
    by jd on Wednesday February 23, @04:34PM EST (#110)
    (User Info)
    Many algorithms have a limited number of possible bit lengths at which they're any good. Too long or too short, and they become easily broken.

    Increasing the number of algorithms has two benefits. First, you're -guaranteed- a safe increase in effective bit-length, WITHOUT weakening the algorithm(s). Second, you increase the liklihood of a false positive, on the part of the cracker. This makes it harder for a cracker to be sure they have the right message.

    "false positive"? (Score:1)
    by Savage Henry Matisse (auto20356@DELETEMEhushmail.com) on Wednesday February 23, @04:45PM EST (#116)
    (User Info) http://www.geocities.com/HotSprings/2244/
    Just wanted to make sure that I'm on the same page as everyone else: By "false positive" we mean "a text which appears to be the original plaintext really but is not"? So a "false positive" (in the sense we're using here) would be, for example, if I encrypted my plans to buy all of the choco-donuts and, when my nefarious enemy attempted to decrypt the plans, he ended up holding what looked like a transcript of a radio morning show out of Fargo? Is this the sort of situation we're talking about? What are the odds of this, really? I respect that doing thing A, B or C can make this more likely to occur, but how likely is it to begin with?

    -"S"HM
    Re:"false positive"? (Score:2)
    by jd on Wednesday February 23, @04:59PM EST (#124)
    (User Info)
    Yes. A "false positive" is any "valid" output, resulting from a decryption attempt, that is not the actual original message.

    As for the probability - this depends on the algorithm you're using. If you're using a straight XOR, nothing fancy, and a key of equal length to the message, then the message cannot be cracked by going through every possible key, because you will get every possible plain-text message of equal length.

    I don't know if there's any "formal analysis" of the liklihood of one encrypted message (algorithm unknown) "decrypting" to >1 "valid" plain-text, but it would seem reasonable that the longer the key-length and the greater the range of potential algorithms, the greater the liklihood of false positives.

    The main thing you'd have to watch for, though, is having two or more algorithms where a1(key1) generated the same output as a2(key2). Let's say you were using XOR, for example, as your encryption algorithm. Using XOR (256-key) as a second algorithm would be a big mistake, as you've gained no strength in doing so. (It's not made it any worse, either, but there may well be cases where it would.)

    Re:"false positive"? (Score:2)
    by sjames (sjames@nospam.gdex.net) on Wednesday February 23, @06:32PM EST (#150)
    (User Info) http://www.members.gdex.net/sjames

    Let's say you were using XOR, for example, as your encryption algorithm. Using XOR (256-key) as a second algorithm would be a big mistake, as you've gained no strength in doing so. (It's not made it any worse, either, but there may well be cases where it would.)

    Actually, that would make the crypto considerably worse!! Since 256-x where x

    It's still a pain to brute, and there are still more than one possable decryption, but the space is vastly reduced. A 1k message will only have 8^1024 possable plaintexts rather than 256^1024.


    Re:"false positive"? (Score:2)
    by sjames (sjames@nospam.gdex.net) on Wednesday February 23, @06:47PM EST (#157)
    (User Info) http://www.members.gdex.net/sjames

    OOOPS, that damned less than! Let's try that again!

    Using XOR (256-key) as a second algorithm would be a big mistake, as you've gained no strength in doing so. (It's not made it any worse, either, but there may well be cases where it would.)

    Actually, that would make the crypto considerably worse!! if key = x XOR (256-x), each char of plaintext is effectively XORed with 1 of eight possable bytes rather than 1 of 256. Furthermore, the 8 choices are all very neatly arranged so that it will start with 1s and end with 0s (in binary). To make matters worse, the distribution is screwed and heavily favors 11111110b so that the majority of characters have all but the last bit flipped.


    Re:The problem with Echelon (Score:1)
    by um... Lucas (lk@caralis.com) on Wednesday February 23, @05:14PM EST (#128)
    (User Info) http://www.caralis.com/us/lucas/
    Blowfish scales from 32 to 448 bits. That's one example. I just popped by the counterpane website to find that... That's a LOT of scalability in one algorithm.

    With PKI, it really seems that all you can do is shift the bottleneck from one point to another... Either it's the RSA component, the symetric component, the RNG, or the key servers themselves...

    By the way, PGP 6.5 offers a choice of

    RSA or Diffie Hellman for key exchange and
    IDEA CAST or Triple DES as the symetetric component.
    tcpdump | grep is probably the *1st* thing they do (Score:1)
    by divec on Wednesday February 23, @06:59PM EST (#159)
    (User Info)
    Since most communications aren't encrypted, including a surprising amount of sensitive stuff, tcpdump | grep probably gets more data than any subsequent analysis. After that it'll be diminishing returns on computing time.
    effectiveness of echelon (Score:4, Informative)
    by mistral (mistral@pantheon.yale.edu) on Wednesday February 23, @03:06PM EST (#40)
    (User Info) http://pantheon.yale.edu/~mistral
    how effective do slashdotters think echelon really is? and do you think they feed any data to U.S. commercial concerns? I've been thinking a bit about this recently; some simple calculations demonstrate that the amount of material they have to look through is simply phenomenal. The rumors say that the system has links to telephone lines, faxes, email systems, satellite links, and who knows what else. So, some extremely quick and dirty estimates:

    I live in Boston with three other people and their respective girlfriends; most of us have cell phones. Our house has two phone lines, DSL, and ten computers hooked up behind a firewall. My roommate has a Palm V with an omnisky. That's eight or nine voice streams and as many data streams. The data streams are going all the time, and are all multiplexed through our single DSL connection. Now, admittedly we're a little more wired than most. So we'll scale this down a bit. Assume the government only is interested in monitoring large cities and a few out of the way enclaves dotted around the map. Maybe the ten largest US cities and 150 known subversive groups. Including the greater metro area, each city has maybe 4 million people on average, implying about 1.6 million families per city, giving 16 million
    families total. We can guess that (plus or minus a few kooks) nearly every family has at least one phone line and 2 out of 5 have at least one cell phone. Probably 60% have an internet connection.
    This gives us 32 million data streams, to monitor in real time, and at odd hours. Now given the current state of speech-to-text software, and assuming the NSA is 15-20 years ahead of the state-of-the-art (a very dubious assumption, these days), we'll also figure that with their software they can decrypt 200 voice streams per second with a pentium III. That still implies that they need the equivalent computing power of 160,000 high-end workstations.

    Ok, this is not outside the realm of possibility. But it's right on the edge! Add in the complexity of understanding and dealing with different accents and different languages, static, spread spectrum cell phones, demultiplexing LANs, tapping who knows how many
    switches, debugging the monitoring software and releasing (secret!) updates into the field, dealing with code words and both simple and complex black box and white box encryption, and dealing with the noise of slashdotters putting in things like "kill the president" and "natalie portman is trafficking in hot grits disguised as cocaine to pay off communist subversives," and we see that if Echelon exists, it's probably close to useless. And a horrible waste of taxpayers'
    money. Though I guess developing such a omprehensive system could be valuable for use in targeted situations, like focusing on transmissions in a limited geographic area during high-tension conflicts.

    These estimates are very much back-of-the-envelope, but does anybody see anything fundamentally wrong with them?

    --
    neil

    -- neil inala
    Re:effectiveness of echelon (Score:2)
    by Bearpaw on Wednesday February 23, @03:34PM EST (#65)
    (User Info)
    These estimates are very much back-of-the-envelope, but does anybody see anything fundamentally wrong with them?

    I'm not sure I follow your reasoning, but I think I see a few issues.

    1) Few people so far have always-on data streams.

    2) Practically nobody has always-on voice streams.

    3) There's no need to do deep analysis on everything. Assuming that this system exists in some form, there's no doubt some sort of funneling effect. 99.9etc percent can be safely ignored after a quick keyword skim. The stuff taken off the top can be skimmed a little more slowly, as a first-pass context check. The cream of that can be skimmed still more carefully. And so on.

    4) Other forms of intelligence -- and results from the system itself -- can be used to focus the "attention" of the system more efficiently.

    5) I'm not sure using a "number of workstations" yardstick is meaningful for the kind of analysis they may be doing. (Specific-purpose hardware could give them a big edge.)

    Re:effectiveness of echelon (Score:1)
    by mistral (mistral@pantheon.yale.edu) on Wednesday February 23, @03:47PM EST (#75)
    (User Info) http://pantheon.yale.edu/~mistral
    well, it is of course true that few people have always on data and voice streams. this reduces the amount of data-to-filter considerably. but your comments on deep analysis and other forms of intelligence are less obviously correct, to me. certainly a filtering process can be used to bring the most interesting candidates to the top, but the basic lowest-level scanning process still has to be done to convert the continuous speech to text, overcome encryption, etc. and this is definitely not an easy task. the number-of-workstations idea is just to give an idea of the kind of computing power needed. special purpose DSPs could probably help out a lot on the voice processing part, but there is still a huge amount of higher level processing going on just to convert the digitized voice to phonemes and recognizable words. i don't know how much of this could be optimized for special purpose hardware. again, this is all very generalized to give us an idea of the feasibility of such a thing. most variations and specific exceptions can be swept under the rug of -this-is-an-average-estimate-and-i-hope-it-doesn't-suck-too-bad-. it still seems orders of magnitude too much work to be worthwhile...
    -- neil inala
    Re:effectiveness of echelon (Score:4, Interesting)
    by adimarco (adimarco@spam.me.and.die.gwi.net) on Wednesday February 23, @03:48PM EST (#77)
    (User Info) http://www.lies.org
    Specific-purpose hardware could give them a big edge.

    Funny you should say that.

    I was interviewing for a job the other day with a Genetic Engineering firm, and about half way through the series of interviews, their sysadmin gave me a tour of the server room.

    Amongst scary Enterprise Servers the likes of which I have only read about, they have a box with cool-looking (OSX-Aqua-esque in its sheer sleekness) blue lights which they apparently got from the NSA.

    This box basically consists of 7000 simple, massively parallel processors specifically designed to do 1 thing: pattern matching from huge amounts of data. This has obvious benefits for the Genetic Engineering firm (genomic info is all just strings), and perhaps even more obvious benefits to the NSA.

    Just thought it was interesting...

    Anthony
    It was on Slashdot only a couple of months ago.. (Score:0)
    by Anonymous Coward on Wednesday February 23, @10:12PM EST (#182)
    about the neural net that was more accurate than humans in reconizing words in noisy environments. I'm too lazy to look, but it only required something like 11 ANN's for near perfect recongnition of 4 words. I wonder if it scales and if so that would be the way to filter through the noise on voice lines. Probably could be adapted to scan other data too.

    scary!

    Re:effectiveness of echelon - easy (Score:1)
    by Lumpy (spamsucks.timgray@lambdanet.com) on Wednesday February 23, @03:40PM EST (#70)
    (User Info) http://www.lambdanet.com
    Why do you think the net is so slow. It's really simple... we actually run your data streams through a compartmentalizer and slow it down by.. I've said too much.... and who is that guy in the black suit wiht a black shirt and black tie? dont he know that black ties are out? Nice sunglasses though... Aaaarrrrgghh...

    CARRIER LOST
    --- I'll take 30 tacos, extra cheese and a diet coke. ---
    Re:effectiveness of echelon (Score:2)
    by jd on Wednesday February 23, @03:42PM EST (#71)
    (User Info)
    One quick correction. According to information I've been given (reliability uncertain), the NSA uses massively parallel arrays of bleeding-edge DSP chips to do signal processing, not classic (but slow) CPUs.

    And one other point - the problem with noise would be correct, if they did keyword recognition, which is exactly why I'm convinced they don't. Rather, I believe they use sophisticated pattern recognition and context recognition.

    (A bunch of drunk students typing stupid, but blatently fake, trolls on Slashdot will produce radically different patterns than cold, unfeeling gangsters talking about some illegal activity. However skilled either group is, they'll never be able to exactly match the style and characteristics of the other. An advanced enough system should, therefore, be able to filter by style first, then context, and finally by pattern, and thereby eliminate the noise almost entirely. Yes, there'll be some, especially from Wargamers, but that'll almost certainly be all filterable by hand, and there'll be sufficiently little left to be practical to filter by hand.)

    Re:effectiveness of echelon (Score:1)
    by penguinicide (I frequently change my email.) on Wednesday February 23, @04:06PM EST (#87)
    (User Info)
    Actually thats not very hard to reach. Intel's ASCI Red has 9632 processors, and IIRC there are publicly known supercomputers that are at least 3 times as fast as it now.

    Add special purpose processors and the efficiency and speed goes through the roof.


    penguinicide... when jumping out a window just won't do.

    Re:effectiveness of echelon (Score:1)
    by Idrach (matthewatidrachdotspam_notdotcom) on Wednesday February 23, @04:09PM EST (#91)
    (User Info)
    1. Don't assume they're stupid just because they work for the NSA.

    2. Please don't assume that they use wintel / linux / solaris sparc for anything more than writing reports up about /. haven't read the EFF "Cracking DES" book.

    3. Specific targetting (ie Saddam, Bill C's girlfriends, Jamie after the Holland victory - well done) isn't Echelon's problem. They have other kit to target you once you are a known subversive (they, you, known and subversive all having very different meanings depending on precisely where you live)

    4. 160,000 workstations. Assume they have a quality factor of 10, 'cause they are better at this than us (allow them practise, if not expertise.) My Black Box catalogue has a $100 per port controller that can run up to 3000 workstations (Sun, Wintendo & Mac). Therefore, assuming it's all linked with something better than NT User Mangler for Domains, you could control the boxes from 6 terminals.

    Okay, the math doesn't allow for human committed time but hell, call it 500 controllers. Bet you there are more than 500 techies per shift at Fort Meade.
    Re:effectiveness of echelon (Score:0)
    by Anonymous Coward on Wednesday February 23, @07:00PM EST (#160)
    by tomtomtomtom, who has forgotten his password, and whose email is down, so in as A/C.

    You are quite right to think of the targetting. Imagine a protest of some kind e.g. environmental - or in fact anything, the only detail is that it is something that the US government is interested in. It could be terrorists - a legitimate target. Or it could be people protesting against some foreign dictatorship that the US supports/has an economic interest in.

    For example's sake, lets say that the govt knows that there is a pro-democracy protest against (purely for example) Saudi Arabia, that is going to occur soon, but it is hazy on the details. It could use the Echelon system to focus in on known leaders. You can cast your net very wide with Echelon, and concentrate on a very large number of phone lines simultaneously. You don't need to listen to all the conversations in the country - just a subset of land-lines, mobiles, internet connections... This is the only way to combat the dispersed nature of many of the groups taking advantage of the internet and it is fundamentally undemocratic. Who decides who should be bugged? The government. It could be for their commercial interests e.g. against environmental protestors or bugging the transatlantic conversations of a foreign company. It could be related to foreign policy, as in the Saudi example above. In fact, it could be anything they choose - the choice lies with the NSA and their masters, driven by their political/economic interests. This is wrong and people should be made more aware of the danger it represents to democracy, not just in the US/UK, but around the world.

    Echelon in the news (Score:2, Informative)
    by Majix on Wednesday February 23, @03:12PM EST (#46)
    (User Info)
    One of the main news items on Finnish TV tonight was about Echelon. In brief, Tony Blair told the EU commission today that Britain hasn't betrayed Europe by participating in the US spy network also known as Echelon. Interesting was also the mention of that Echelon probably started as early as 1940.

    Those who can understand Finnish can read a pretty good article summarizing the news here. Finland is one of the biggest supporters of privacy and protection of the individual in the EU.
    Re:Echelon in the law (Score:1)
    by SEWilco on Wednesday February 23, @04:48PM EST (#120)
    (User Info) http://www.wilcoxon.org/~sewilco
    Doesn't The Official Secrets Act require Blair to lie when necessary to hide secrets which he knows?
    Re:Echelon in the news (Score:1)
    by Ray Yang on Wednesday February 23, @07:47PM EST (#168)
    (User Info) http://www.princeton.edu/~ray
    I think that Echelon has become synonymous (for many of us) with the NSA's collection systems, and the NSA (as well as the UKUSA group of signalst intelligence agencies) was formed back in the 1940s. Cooperation between American and British codebreakers goes back a bit further -- I don't remember when exactly (for more info, read James Bamford's The Puzzle Palace). However, I think that Echelon as it's mentioned in government circles refers to the collection of signals intelligence by monitoring communications satellites, and that probably dates from the 1970s (when communications satellites went into use).
    How to really jam Echelon (Score:5, Informative)
    by burris on Wednesday February 23, @03:14PM EST (#47)
    (User Info)
    If you control a Linux box that sits on the net, go right now and get FreeS/WAN and install it. This is a free, open-source implementation of the IP/SEC protocols. Funded by John Gilmore (of Sun, Cygnus, EFF, and DEEP-CRACK fame), this software gives you secure Virtual Private Network support in Linux.

    Set it up and create secure connections between your peers. Very soon it will support automatic keying using DNS-SEC (public keys kept in the DNS database).

    Echelon makes little difference if everyone is using end-to-end transport level strong encryption.

    Burris

    Re:How to really jam Echelon (Score:2)
    by Weezul (weasel@havoc.spam.gtf.org) on Wednesday February 23, @05:34PM EST (#138)
    (User Info) http://havoc.gtf.org/weasel
    I would like to see a concerted effort to get encryption products like IPsec installed as protest. We should get venders to distribute Linux boxes with this stuff preinstalled and we should get them preload PGP onto windows boxes. The Irish should definitly do this to protest the UK's draconian cryptography laws, but really we all should be doing it. (I'd love to see some of those "patriotic" Irish buisness men who funded the IRA start funding PGP-phone sales in Irland too. It would be a lot cheeper and win a lot more political sympathy)

    The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
    Re:How to really jam Echelon (Score:1)
    by sufi (ben at spods.net) on Thursday February 24, @05:56AM EST (#192)
    (User Info) http://www.spods.net
    "(I'd love to see some of those "patriotic" Irish buisness men who funded the IRA start funding PGP-phone sales in Irland too. It would be a lot cheeper and win a lot more political sympathy)"

    How do you figure this one out?? Most people don't give a flying f**k about this issue, where does the political sympathy come from? And why should the Irish be the ones complaining about the UK crypto laws? Why not the english too???

    I am from England, and I have no problem with the laws here, they are not ideal but at least they gave up the escrow idea. There are other unrelated laws which scare me a lot more.

      I also wonder why there is such a big outrage about echelon, yes there are issues with it for trade and industry (anti-competetive behaviour etc), but to your average Joe it means nothing (unless you are really paranoid about big brother). Monitoring has been happening since long distance communications began, it's nothing new and it wont be stopped. It's only the ways and means that have changed.

    Deal with it.


    Re:How to really jam Echelon (Score:0)
    by Anonymous Coward on Thursday February 24, @06:25PM EST (#221)
    I also wonder why there is such a big outrage about echelon, yes there are issues with it for trade and industry (anti-competetive behaviour etc), but to your average Joe it means nothing (unless you are really paranoid about big brother).

    It dose not really take being paranoid. Most of these newer ways for police to get a list of suspects tend to increase the number of innocent people who get accused and convicted. The toll both monitoring has tended to accuse innocent people. The DNA banks have tended to accuse innocent people. The reasons for this are: as your sample gets realy large your chances of a false positive gets really large too. This is why the cops MUST be restrcted from doing searches with this technology and MUST have a warent obtained through good old fashion police work before they can access your records. I do not really know but from what I have heard England has some really fucked up laws regarding this stuff and it would not be a place I would want to live in.

    Re:How to really jam Echelon (Score:3, Insightful)
    by pesc on Wednesday February 23, @06:22PM EST (#148)
    (User Info)
    Echelon makes little difference if everyone is using end-to-end transport level strong encryption

    Excuse me, but I think this is clueless.

    Sure, seeing the actual messages is interesting too, but there is lots of information to be gathered just by monitoring who is talking to who and when. Build graphs of that info, and you see the "communities" on the net and how they interact and relate to each other.

    This information is much easier to refine automatically (by computer) than actually understanding what you say in your messages, encrypted or not.

    So when they have identified some arms traders (for example), they just do some data mining in their databases, builds the communication graphs, and if you have ever dealt with these people (by phone or internet), you will be found! Then they can correlate your communication patterns with other data (flight travels, bank deposits, etc). They got you now. At this stage, they might want to select a few strategic communications that you have encrypted and send them to the code breaking computers, but I don't think it is critical for what they are doing. They could just as well use other means at this stage if needed.

    The purpose of Echelon is allowing them to do this on a global scale.

    Re:How to really jam Echelon (Score:2)
    by Ralph Bearpark on Friday February 25, @12:29PM EST (#222)
    (User Info)
    see the "communities" on the net and how they interact and relate to each other.

    Hmm, so to really hide from Echelon you'd have to maintain a constant background noise of plausible looking traffic to a wide variety of (random?) other sites. The "real" traffic would be hidden in the smog.

    Of course, for privacy for the whole community it would be ideal if this random traffic was being generated from just about everywhere at the same time.

    I guess the DDoS code could be a useful basis for this. Does anyone know if stacheldraht is Open Source?

    Regards, Ralph.

    copy of the report (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:16PM EST (#49)
    Report Details Vast Spy Network Updated 9:50 AM ET February 23, 2000 Current quotes (delayed 20 mins.) MSFT 94 1/4 7/16 (0.47%) By CONSTANT BRAND, Associated Press Writer BRUSSELS, Belgium (AP) - A U.S.-led communications monitoring network is intercepting "billions of messages per hour" including telephone calls, fax transmissions and private e-mails, according to a European Parliament report made public Wednesday. "We are not talking about a trivial thing here ... we cannot stop them, they will continue," said Ducan Campbell, author of the special parliament-commissioned report on the Echelon spy-network. Campbell said that the intelligence network monitors and intercepts sensitive European-wide commercial communications. "The level of use is getting out of control," he told a packed hearing of the Parliament's Committee for Justice and Home Affairs. He said Canada, Britain, Australia and New Zealand are also involved in Echelon. Other nations including France and Germany also participate in a lower level in the spy-network which dates back 50 years to the beginning of the Cold War. "The capacity of the filtering systems is enormous," Campbell said. He added that most international internet communications are being routed through the United States and through nine known U.S. National Security Agency interception sites. Intelligence facilities located in the five countries can intercept fax, e-mail or telephone communications easily he said. Campbell urged the European Union to take action to protect against unwanted interception of communications, which he said were violations of human rights. Committee chairman Graham Watson said he wanted to be sure the international surveillance system was not abusing its powers. Campbell said Microsoft, IBM, and a certain "large American microchip maker" were providing certain product features which allow the interception of information flow. Campbell said he did not know whether the U.S. corporations were benefitting from the information gathering but said previous commercial espionage resulted in the collapse of several European contracts in the airline industry - both military and commercial.
    Big Freakin' Deal (Score:3, Interesting)
    by karb (karbatfordashpresidentdotcom) on Wednesday February 23, @03:19PM EST (#52)
    (User Info)
    I hate to be inflammatory, but lets suppose that all the folks at the NSA do all day is invade our (U.S. citizen's) privacy, despite the fact that they say they don't, and intelligence agencies usually don't lie (the correct response to any question is to Say Nothing).

    Is someone actually reading our mail? With terrorists, hostile governments, nuclear weapons, chemical weapons and biological weapons, does the government really care about anything you say?

    If they are thoroughly reading your mail (suppose), are you suggesting that men in black suits come and oppress you? Because if not...

    You must be suggesting that this evidence will be used in a court case against you. However, since it was obtained illegally, and the way in which it was obtained is classified (there was a case like this a while back), there is no way it can be used against you in a court of law.

    As for the industrial espionage allegations, I could see someone doing that, but would suggest that it isn't commonplace. The government keeps a Very tight rein on its contractors, in terms of what they are allowed and not allowed to do, and it seems unlikely that it would make a *habit* of breaking similar rules itself, with the complicity of one of its contractors.

    Also, do you think that microsoft and the nsa could slip something like that under our noses? Under several hundred million of our noses?

    C is like Jedi C++ : There is no try

    Re:Big Freakin' Deal (Score:3, Insightful)
    by Admiral Burrito on Wednesday February 23, @03:37PM EST (#68)
    (User Info)

    Is someone actually reading our mail? With terrorists, hostile governments, nuclear weapons, chemical weapons and biological weapons, does the government really care about anything you say?

    No, but we should not be so naive as to think that they aren't interested in interfering with the politicians who do have an impact on our lives.

    Remember J. Edgar Hoover? He ran the FBI for half a century until he finally died. The general public thought of him and his "G-Men" as heros of law and order. After he died the truth came out- he was able to stay in power for so long by illegally using his surveillance capabilities to get dirt on his political enemies. He had blackmail material on the vast majority of the federal elected representatives and used that to influence policy.

    Ever wonder why a democratically elected and accountable government would use our hard-earned tax dollars for things that the voters would never approve of (like Echelon)?


    Re:Big Freakin' Deal (Score:2)
    by karb (karbatfordashpresidentdotcom) on Wednesday February 23, @03:53PM EST (#80)
    (User Info)
    Because J. Edgar Hoover existed, or because the government stepped beyond its bounds (perhaps -- I don't pay much attention) at ruby ridge and waco, and killed thousands of native americans up to and including the last century, etc. does not logically infer that these things will continue to happen, nor that they are exceptions rather than the rule of government operation.

    As for the whole "democratically elected and accountable government..." This is crap. Would you want intelligence agencies run by popular vote? There is professional government, and political government. Compare your borough manager and your mayor. There's a place for both, but perhaps what I'm trying to say is that the people that best understand the intelligence game are *in* the intelligence game. Not politicians, voters, or even geeks. :)

    C is like Jedi C++ : There is no try

    Re:Big Freakin' Deal (Score:1)
    by TheCodeMaster on Wednesday February 23, @07:54PM EST (#170)
    (User Info)
    Actually, because history shows that powerful people with lots of resources and the ability to keep their activities secret (either through complete obscurity or through intimidating knowing parties) tend to act with impunity, it's seems perfectly logical to inger that these things will continue to happen. The fact that they keep happening seems a clear indication of this. As for intelligence run by popular vote, sort of. I want an intelligence agency that serves a government by command, not by what it perceives as the best interests of the state. The best interests of my political state are the preservation of open and transparent actions on the part of my government, the general freedom of its citizens to live free from oversight and as they see fit. I see no point in protecting america if we do so at the expense of making everything everyone writes, says, or otherwise commits to expression outside of their heads subject to review by an agency with opaque methods, goals, and intent. In other words, if the preservation of liberty is gained at its own expense, what's the point?
    Re:Big Freakin' Deal (Score:2)
    by Steve B (steveb@NoPinkStuff.Radix.Net) on Thursday February 24, @08:50AM EST (#204)
    (User Info) http://www.radix.net/~steveb
    Because J. Edgar Hoover existed, or because the government stepped beyond its bounds (perhaps -- I don't pay much attention) at ruby ridge and waco, and killed thousands of native americans up to and including the last century, etc. does not logically [imply] that these things will continue to happen

    It is certainly possible that a thug will suddenly become a saint, or vice versa. However, it is much more likely that future behavior will follow past patterns unless some modifying force (in this case, supervision by elected officials and courts) is applied.
    /.
    If the government wants us to respect the law, it should set a better example.

    Re:Big Freakin' Deal (Score:0)
    by Anonymous Coward on Thursday February 24, @11:34AM EST (#215)
    I remember not only J Edgar Hoover's excesses, I remeber the A List and the B List--the lists of American citizens to be rounded up in the event of war and "extreme national emergency", and the reception center for them in Montana (which very well may still exist). Now you can get your name on a list electronically, just by visiting web sites, sending or receiving e-mail, or making telephone calls, and perhaps by being talked about in certain quarters (what if one of my arab students is on a possible terrorists list and talks about my class or me in an e-mail to somebody else in the class, especially someone else who may also be on a list of "suspects"?)

    Although I never filed a FOA request for government info on myself back in the late '70's after all this came out and the secrecy was supposed to have been lifted, I have little doubt I may have been on one or the other of the A and B lists because of certain technical competencies I have (I made fireworks as a hobby back then and was aware of FBI interest in this), notwithstanding that at the time I also possessed a TopSecret clearance at work. The people who put those kinds of lists together are overwhelmed by a sense of duty and motivated to err on the side of thoroughness because the consequences of a mistake are too horrible to think about (recall the nursery in Oklahoma City?). If they can put everybody through their electronic profiler, and list all the suspects, they will--period. The risk comes that that shabbily prepared list will be used to commit some outrage against perfectly innocent American citizens.

    The very existence of Echelon (or whatever it's current buzzword is) scares the hell out of me, quite reasonably I think given recent American history in domestic surveillance. It is quite obvious they are using our other 4 allies in this so snoop on American citizens (so NSA will not have to break American law), and there is reciprocity. There was a Canadian on (I think) 60 minutes recently who virtually said as much--a man with credible credentials and a conscience, who may have in fact been telling the truth (who knows?).

    NSA will maintain this indefinitely, since they are undoubtedly doing some legitimately useful work with this--monitoring the cell phones of the leaders of a lot of unfriendly countries, etc. And the Brits will be willing to cooperate/reciprocate from their end, so long as there is an IRA, and the Canadians probably appreciate the help with the Quebec problem and will continue to reciprocate. What NSA does at this end disappears into a maze of secrecy--that's the scary part, since it is totally unknown and apparently without oversight (not that oversight in the days of Nixon was very comforting to civil libertarians).
    Re:Big Freakin' Deal (Score:3, Insightful)
    by G27 Radio on Wednesday February 23, @04:28PM EST (#106)
    (User Info) http://g27.org
    karb, you said:

    As for the industrial espionage allegations, I could see someone doing that, but would suggest that it isn't commonplace. The government keeps a Very tight rein on its contractors, in terms of what they are allowed and not allowed to do, and it seems unlikely that it would make a *habit* of breaking similar rules itself, with the complicity of one of its contractors.

    From the summary: (emphasis added)

    7. Key findings concerning the state of the art in Comint include :

    Comprehensive systems exist to access, intercept and process every important modern form of communications, with few exceptions (section 2, technical annexe);

    Contrary to reports in the press, effective "word spotting" search systems automatically to select telephone calls of intelligence interest are not yet available, despite 30 years of research. However, speaker recognition systems - in effect, "voiceprints" - have been developed and are deployed to recognise the speech of targeted individuals making international telephone calls;

    Recent diplomatic initiatives by the United States government seeking European agreement to the "key escrow" system of cryptography masked intelligence collection requirements, and formed part of a long-term program which has undermined and continues to undermine the communications privacy of non-US nationals, including European governments, companies and citizens;

    There is wide-ranging evidence indicating that major governments are routinely utilising communications intelligence to provide commercial advantage to companies and trade.


    Keep in mind the part about voice-printing when you read Admiral Burrito's response to your post. Also, keep these in mind: Who does the NSA report to? Where do their loyalties lie? Is it part of their charter (or whatever they call it) to make sure that the information they collect is used only for ethical purposes? Who's the watchdog that makes sure the NSA doesn't do anything it's not supposed to? Don't look at me--I don't know.

    numb

    This is my pet penguin, Tux. And here is my pet donkey, Bill Gates. --Slashdot Man
    Re:Big Freakin' Deal (Score:1)
    by karb (karbatfordashpresidentdotcom) on Thursday February 24, @01:29PM EST (#219)
    (User Info)
    Actually, a lot more (even-handed, I think) reports are coming out about this today.

    Although no one may read this, I had to post it because I thought it was humorous.

    About the Airbus incident : I guess the U.S. government has kind of admitted it eavesdropped on negotiations. *BUT* (this is the funny part) they overheard Airbus Offering Bribes to Saudi Officals. So good ole' U.S. intelligence said to the saudi government "Oh, by the way, that company competing with that U.S. company is offering your guys bribes." And whoops, Airbus lost the deal.

    So, it might be kind of unethical that they (U.S. intel) were eavesdropping, but it does appear that the french are complaining largely due to circumstances resulting from their own pants being down. (U.S. government contractors have to pay huge fines if they get caught offering bribes to foreign governments -- I know because my company got caught once a couple years before I started. I and every other employee have to take special training as part of the sentence.)

    The ex-head of the CIA has some comments about it in this nytimes article right here. Mostly that they couldn't tell a U.S. company that they were about to lose, but could inform other governments if someone was cheating. Hee hee.

    C is like Jedi C++ : There is no try

    Well, it seems pretty clear it does matter (Score:1)
    by nels_tomlinson on Wednesday February 23, @06:39PM EST (#152)
    (User Info)
    First, the report tells us that the Government has been doing commercial espionage for years. "The Government makes the laws", is not the same as "the government obeys the laws". What does their treatment of their contractors have to do with it? The cops won't let you steal donuts or weasle out of traffic tickets, but they do it all the time. This commercial espionage stuff is common knowlege in Europe. I'm not saying it's true, but rather that the average guy in Europe has heard about it often enough, from respectable enough sources, that it's yet another reason why we Americans are unpopular overseas.

    Now, about the Government reading your mail: by that logic, you wouldn't mind if I read it, too, would you? I couldn't legally use it (in any way that you could find out about). So why should you mind? You shouldn't be worried that I would make some illegal use of your personal information. After all, I'm just as reliable as the guys who get hired by the Government! Maybe more so; they usually aren't held personally liable for their illegal acts, while I would be.

    I agree that the Government is more interested in terrorists than the likes of you or me. But you should remember that when the terrorists are having a holiday, they've got to watch somebody! More to the point, what if you are politically active? What if somebody with connections (or enough bucks to rent Clinton for an evening) decides he wants to screw you up? Sound ridiculous? How about that Norwegian kid who's getting pushed around by the movie industry? What about an environmental activist who really embarrases a big corporation (the movie "Silkwood" claimed to be based on a true story)? I guess I've made my point: you don't have to think you're important to be made an example of.

    wow (Score:1)
    by karb (karbatfordashpresidentdotcom) on Thursday February 24, @08:03AM EST (#199)
    (User Info)
    Yeah, you seem to have a lot of good points.

    Governments doing corporate espionage is probably a bad thing.

    However, I would expect that some of these reports are fallacious. The one french guy (look at that reference -- that's why I'm a programmer and not a journalist) who claimed all these corporate espionage things also claimed that the NSA collaborated with a large american chipmaker (a veiled reference to intel's ID #'s on chips, which seems unlikely to be inspired by anybody other than worth .3 something trillion dollars intel), has hidden traps in microsoft software (although, somehow, several hundred million users of microsoft products have been unable to find these), and forced IBM to use microsoft products (?)

    Yeah, that's kind of faulty logic. My brain is still reeling from the effects of loss of sleep from reading hitchikers guide (for the first time, man) and too much raspberry mocha.

    I guess my point is that just because the allegations are made doesn't mean they are true. And just because allegations are made doesn't mean that intelligence agencies will respond to them. It is impossible for them to prove their innocence anyway. And I would suspect that they don't answer any questions about their operations if they can help it.

    C is like Jedi C++ : There is no try

    Re:Big Freakin' Deal (Score:1, Interesting)
    by Anonymous Coward on Wednesday February 23, @06:41PM EST (#155)
    this is from tomtomtomtom, who has completely forgotten his password... so down as A/C. sorry

    The point isn't that individuals should be afraid of the govt spying on them - it is true that many have nothing to worry about, as they don't actually do anything that the govt cares about. But what about the democratic movements that have benefitted most from the Internet? e.g. environmentalists, human rights activists...

    These people have learnt to mobilise public opinion and cooperate around the world in ways previously only available to extremely well-funded political organisations. Governments such as the UK and US hate this kind of thing, as it tends to get in the way of their well-laid plans. They don't like being told to change their foreign policy, and the guys funding the politicians don't like having their industries lobbied against. There are huge political/capital interests who don't like what these people do.

    Here in the UK, environmental protestors who sabotage property during protest (e.g. anti-roads protestors sabotaging diggers) are about to be brought under the umbrella of the anti-terrorism laws originally invented to combat the IRA and other *real* terrorist organisations. (OK, maybe you don't agree with the agenda of these activists, but they don't blow people up!). How do these activists frustrate the efforts of the police, intelligence services to track them? They are dispersed, yet well-organised using phones and the Internet. Difficult to keep tabs on that way. So laws are passed in the UK making it an prison-offence to not hand over encryption keys that you may not have (see YRO section).

    What about oppressive regimes that are backed by the US and UK? There are organisations that fight for democracy in these countries - both from within and abroad. Increasingly they use the phone and the internet to stay ahead. They can avoid the intelligence services by encrypting membership lists, running anonymised mailing lists... When a dictatorship backed by one of our govts (and over the years, the list has been long) wants information on democracy activists, it only needs to ask the intelligence services... who run Echelon. It doesn't have to be information that leads to the death of some activist, just enough to frustrate their efforts. Think of all the horrible (evil?) dictatorships backed by our countries over the decades. One that jumps to mind is Indonesia - a lovely country that the UK bent over backwards to help avoid becoming a proper democracy. If we were willing to sell them arms and torture devices (just go to Amnesty International for the reports) I'm sure that a little bit of intelligence info would not be begrudged, and with Echelon it's so easy.

    The point is, Echelon is a threat to all of the democratic movements that have benefited so greatly from the internet, both within our coutries and abroad.

    Re:Big Freakin' Deal (Score:2)
    by karb (karbatfordashpresidentdotcom) on Thursday February 24, @08:13AM EST (#202)
    (User Info)
    Here in the UK, environmental protestors who sabotage property during protest (e.g. anti-roads protestors sabotaging diggers) are about to be brought under the umbrella of the anti-terrorism laws originally invented to combat the IRA and other *real* terrorist organisations.

    Yeah, that stinks. In the states racketeering charges originally invented for the sake of fighting organized crime are being brought to bear against pro-life groups. (whether you love them or hate them, think of the affect this kind of thinking might have had on the civil rights movement).

    About encryption keys, I would suggest that they should be permitted to be handed over with a warrant, but pretty much not otherwise. UK probably says hand it over regardless (don't know if that'd go over in the states) ... and of course this brings up problems if the proof's in the pudding (the only incriminating evidence is encrypted). Oh well. Cops not being able to arrest a party they know is guilty isn't new, and I suppose it will exist forever :P . Silly innocence.

    C is like Jedi C++ : There is no try

    Re:Big Freakin' Deal (Score:1)
    by bungo on Thursday February 24, @06:06AM EST (#193)
    (User Info)
    > hate to be inflammatory, but lets suppose that all the folks at the NSA do all day is invade our
    >(U.S citizen's) privacy, despite the fact that they say they don't, and intelligence agencies

    > Is someone actually reading our mail? With terrorists, hostile governments, nuclear weapons, chemical
    >weapons and biological weapons, does the government really care about anything you say?

    Well, everything is all fine then. The good old US Govt isn't going to be really snooping on it's citizens. There's nothing to worry about.

    Hang on... damn! I'm not a US citizen, and I'm not in the US, but in Belgium (a little country also in the EU), and the US Govt is spying on me - even though I haven't done anything wrong.

    Yeah, ok it isn't a "Big Freakin' Deal" is it, I mean, it doesn't affect the good ol US of A.

    And anyway, the US can wip my country's ass in any war, so I shouldn't complain then.

    Hell, what's the email address of the NSA, I might just as well email them all of my encryption keys, passwords and pass on any company secrets to them now and same them some time.

    Just because it isn't improtant to YOU, doesn't mean it isn't important to the rest of the slashdot community!

    Re:Big Freakin' Deal (Score:1)
    by karb (karbatfordashpresidentdotcom) on Thursday February 24, @07:48AM EST (#198)
    (User Info)
    Well, I kind of left foreign citizens out for a reason.

    There is nothing I'm aware of that keeps the NSA from spying on you. Nothing that protects your privacy...

    Except your unimportance. If the NSA tried to track the 5.75 billion people in the world they would no doubt do a lousy job. There are lots of terrorists and foreign governments to surveil. Of course, if for some errant reason they think you are a terrorist when you aren't, it is reasonable to assume they might spy on you. However, it isn't in their best interest to assume you are a terrorist if you, in fact, aren't.

    Therefore, we can assume logically that they probably won't spy on you. And, even if they did, for what purpose? Unless you suggest that CIA hitmen run around killing europeans? (not that they don't, I would just hate to have to try and prove it.)

    C is like Jedi C++ : There is no try

    ""echelon""?? - noi fara ;-) (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:19PM EST (#53)
    peradi fuenaya, cara ""echelon"", ho į ferragarba alo terina buada!! bena, la soyana garosa perola ""l33t 5k1llZ"" !!! ho!
    Re:""echelon""?? - noi fara ;-) (Score:0)
    by Anonymous Coward on Wednesday February 23, @04:16PM EST (#98)
    ENGLISH!!!
    After actually looking at the report, (Score:3, Interesting)
    by nels_tomlinson on Wednesday February 23, @03:25PM EST (#59)
    (User Info)
    I think that the most interesting part is in the technical annexe. First, he tells us that it seems that they can't yet do much with speech, but they can pick out your voice to record. Second, he tells us that the NSA (and probably other country's agencys, as well) have managed to subvert most closed-source software. He mentions CryptoAG, a Swiss company, and Lotus Notes. What can we learn from this? Yes, open source does matter!

    I think this also points up the reason the government has fought PGP so fiercely. Even if they subvert the author, they can't do anything very obvious or easy, and you or I are quite likely to break anything they hide in the code, while rooting about in it.

    Perhaps the most important question now is: what do the new crypto rules imply, in light of this? If we can really just give the no-goods at NSA a heads-up and export freely, does this mean that they're giving up? Or could it be that they can do an end run around the crypto if they have to (as in Tempest, bounce a laser off your window, intimidate your neighbor, et cetera)? Perhaps the best answer is: don't do anything bad, and encrypt everything, just in case.

    Re:After actually looking at the report, (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:48PM EST (#76)
    I seem to recall that Lotus Notes export edition had a so-called Work Factor Reduction Field included in all messages. This contained all the bits in the encrytion key above the then legal limit of 40 bits. I also recall something regarding Lotus Notes putting the entire encryption key into the messages, but I'm not too sure about that.

    At any rate, Lotus Notes is used by a lot of European government bodies who presumably are not aware of the snoopability Lotus thoughtfully put into it for the benefit of the NSA. Hmmmm...


    Wingnut
    Re:After actually looking at the report, (Score:1)
    by nels_tomlinson on Wednesday February 23, @05:18PM EST (#130)
    (User Info)
    I think that's covered in there, and after this report, you can bet they all know about it!
    EU isn't privacy friendly, either (Score:2, Interesting)
    by rgmoore (glandauer@worldnet.att.net) on Wednesday February 23, @03:26PM EST (#61)
    (User Info)

    One thing that deeply bothers me about this report is that it seems to focus primarily on purely economic problems associated with Echelon. The EU ministers seem to be worried that their businesses are going to lose market share because NSA is passing their plans on to their American competitors. This seems both dangerous and hypocritical to me. It's dangerous because they seem to be downplaying or ignoring the (IMO) much more significant damage to personal privacy that is inherent in the NSA's pawing through everyone's communications.

    It's hypocritical because EU countries have been as vigorous as anyone in using government intelligence to benefit their commercial sector. Interestingly, two of the specific examples of intelligence alleged to have come from Echelon were about EU companies offering bribes in pursuit of contracts. I don't want to compare the significance of offering bribes to that of reading people's mail, but it find it pretty hypocritical of the EU to bitch about others' reading of their mail turning up illegal and immoral behavior.

    What if there were no hypothetical questions?

    It is too (Score:0)
    by Anonymous Coward on Wednesday February 23, @05:33PM EST (#137)
    Like you said, bribing or attempts to bribe is a bit different than maintaining an intercontinental system designed to stick your nose in stuff which does not belong to you. Losing money is just one aspect, not the whole picture.

    Personal privacy is at stake too, naturally. But so is the sovereignty of the countries being spied on. And so is the question of trust between certain countries.

    If this had been Europe spying on the USA, we'd have 3 movies and 12 books portraying it as an invasion of the constitutional rights/democracy/freedom of speech/whatever, a trade embargo, endless talk shows, a nuclear war and God knows what else.

    If you are seriously suggesting that US companies don't use bribes... wake up.

    PS. I've been thinking too. What is it that the Echelon system is really used to spy on? What issue is so dangerous that all communications relating to it has to be monitored on a planetary scale? Any ideas (aside from the usual space alien colonies and looney cults)...?
    They ARE doing something (Score:0)
    by Anonymous Coward on Wednesday February 23, @03:32PM EST (#63)
    The europarl link is down, so who must be responsible? ECHELON. Remember, they'll trace all those hits back to YOU. No seriously, this is a problem. Is there some legitimation to this type of large scale espionage and data gathering? Did the americans, canadians and english just decide to collectivelly have themselves and their neighbours under constant surveillance? Are they calling themselves democracies when they do anything they want without asking? so we should better start complaining before one beaurocratic monolith goes after the other one( i mean the european commission going after the echelon project). This is really scary... BOMB NUCLEAR FISSION.. ooops shouldn't have said that.. go catch me... -Go do some CREATIVE journalism-
    Re:They ARE doing something (Score:1)
    by ImpintheBox on Wednesday February 23, @04:14PM EST (#95)
    (User Info)
    Probably just overwhelmed by slashdots trying to access the site. I went there no problem and read a large portion of the summary when this was first posted.

    By the way, does anyone know the Arabic word for "detonator"? What would happen if it was included in every posting on the net?


    Yawn, boring, encrypt your stuff (Score:4, Interesting)
    by rcromwell2 on Wednesday February 23, @03:56PM EST (#81)
    (User Info)
    Come on, what's with this echelon stuff? Have none of you read The CodeBreakers or The Puzzle Palace? Don't you realize this has been going on since the telegraph?

    The wrong thing to do is to focus on "Echelon" Look, *ANYONE* can listen in on you, not just the NSA. Use a cell-phone? Use a cordless phone? Your neighbors will soon be able to buy or create scanners to decode digital transmissions. Use the internet? A hacker hacking into an ISP or wherever your mail is located can easily read it. How about cable modems? Opps, anyone can sniff your packets.

    If you don't want to install window blinds or curtains on your windows, don't cry when someone uses a telescope to watch you getting undressed.

    The only solution to the privacy problem is to use encryption. If your broadcast data in the clear over any medium, you are relying on security through obscurity.

    Has anyone noticed how EU centric these articles are? Who's Echelon? Anyone not in mainland Europe apparently. US, Canada, Australia, New Zealand, UK, etc. (the GMO controversy also follows the same sort of dividing line, with the mainland Europeans being the most vocally opposed)

    Of course, France, that moral and highly cultured "you don't even know what culture is you Americans", would never engage in something as distasteful as industrial espionage? Would they?

    It's patently obvious that the world's spy agencies have been intercepting all the traffic they could, even since World War II and before. Echelon is nothing new, except a "ooh scary" code word.

    Well, of course it's Eurocentric! (Score:1)
    by nels_tomlinson on Wednesday February 23, @05:41PM EST (#140)
    (User Info)
    Look who it was delivered to(and presumably paid for it): the EU Parliment. It's only natural that the author adopted their view point. Why am I indignant about Echelon? Those scumbags in Washington are hiding behind our good names, so to speak. We are associated with the evil they do.

    This government in Washington is a terrible embarrasment to America, I think. I suppose it's better than most, but that's not the appropriate comparison. Most other governments exist explicitly to screw the governed for the benefit of the governors (e.g., think about the history of the English government). That's not supposed to be how it works here.

    Re:Well, of course it's Eurocentric! (Score:2, Interesting)
    by vik on Wednesday February 23, @09:39PM EST (#178)
    (User Info) http://olliver.penguinpowered.com
    Do you know the author? I've met the guy a few times. He's been involved with investigating government espionage activities for a long time, and consequently has been raided by the spooks on several occasions. Anyone remember Project Zircon?

    He, like many people, is concerned with what governments are getting away with. It's becoming far too much an 'us' and 'them' situation. 'They' are supposed to be working for 'us', not against us. But somewhere it has gone wrong. Many people can't see it getting better, and it seems to be one of those self-promoting systems that can only get worse.

    It's not euro-centric so much as someone on the outside looking in. More non-US-centric as it were.

    Vik :v)
    The solution (Score:2)
    by Weezul (weasel@havoc.spam.gtf.org) on Wednesday February 23, @05:53PM EST (#143)
    (User Info) http://havoc.gtf.org/weasel
    The problem is that the NSA & Ignorance has been pretty effective at preventing people from using crypto. We need a campaign to get the Linux distributions to come with this stuff preinstalled. Actually, we need a campaign to get PGP preinstalled on Windows boxes too. Debian dose some stuff to make it easyer, but we really need it to be a standard part of using a computer.

    Actually, the most effective thinkg would be to get propper use of public key cryptography to be tought in every CS101 class (i.e. first class a CS student takes). Perhaps going so far as to require all their assignments to be digitally signed and encrypted for the recipiant (with GPG) when turnned in via computer. A strong case can be made for this being an essential part of a computer education.

    I suppose you could also go to high schools and teach the kids how to keep their emails secret with PGP, but that takes a little more work then just convincing collage profesors to teach it.

    The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
    Re:Yawn, boring, encrypt your stuff (Score:0)
    by Anonymous Coward on Wednesday February 23, @07:14PM EST (#162)
    from tomtomtomtom, who has forgotten his password and whose email is down, hence A/C.

    What has curtailed the activities of intelligencies until recently is the relative cost of spying on people. As you rightly point out, anyone can spy on someone else, for (relatively) little money. But to really scale it up to enable a system to keep tabs on huge numbers of people - until recently that has been prohibitively expensive. What's different with Echelon is that it allows monitoring of more people than ever. Previously, intelligence agencies were limited by the cost of getting so many bugs/phone taps put in. Not with Echelon. And as for the comment that France are doing it too: well probably nothing like on the scale of US/UK/Australia/NZ and anyway, all that this means is that people in France should protest against such a similar system. It is a threat to democracy, as too often it is misused.

    "I Listen : A Document of Digital" by Spacewurm (Score:2)
    by cpeterso on Wednesday February 23, @07:25PM EST (#165)
    (User Info)
    Check out I Listen : A Document of Digital Voyeurism by The Spacewurm. It's a book of transcribed cell phone conversatsions:

    Since 1993, electronic music artist The Spacewurm has used specially modified digital scanning equipment to secretly (and illegally) record the cellular and portable phone calls of everyday people all over the country. The stories, confessions, and intimate conversations of these unwitting participants are described in I LISTEN.


    chris
    Re:Yawn, boring, encrypt your stuff (Score:1)
    by ATKeiper on Wednesday February 23, @08:13PM EST (#172)
    (User Info) http://www.tecsoc.org/
    You've got it exactly right, and your point about the parallel between the Echelon story and the GMO debate is extremely insightful.

    Thanks,
    A. Keiper

    Alternate link (Score:0)
    by Anonymous Coward on Wednesday February 23, @04:02PM EST (#85)
    an alternate link to the report (via echelonwatch.org)

    http://www.gn.apc.org/duncan/stoa.htm

    Chris Pugrud
    chris@pugrud.net
    --Not anonymous, not a coward

    Re:Alternate link (old) (Score:1)
    by CrusadeR (crusader@linuxgames.com) on Wednesday February 23, @04:07PM EST (#89)
    (User Info) http://www.linuxgames.com
    This is the 1999 report, not the one issued today.
    :wq
    Re:Alternate link (old) (Score:1)
    by Bastiaan on Wednesday February 23, @04:45PM EST (#115)
    (User Info)
    FYI, the document mentioned on the Europarliament page (entitled "Development of surveillance technology and risk of abuse of economic information") is dated October 1999. The document itself is not available there however :-( My guess is that the document on the mirror site is a draft version of the same report. If not, it's worth a read anyway!
    Sure it's nothing new, but thats not the issue: (Score:1)
    by Delboy on Wednesday February 23, @04:19PM EST (#100)
    (User Info)
    What people seem to be missing when they're saying that it's nothing new and that we should just use stronger encrytion if we have issues with Echelon, is that systems like this are wide open for abuse by superpowers like the US who want to be market leaders in technology, banking and any other such markets.

    Sure us geeks can use strong encryption to hide our pr0n from prying eyes, but ego's aside we're the minority!, what about the other 95% of people out there who don't have enough knowledge to use systems such as PGP, or frankly have no idea of what they are or why they exist?

    How many upcoming international companies have gone under because information about their new products has been leaked from surveillance?

    How do we know that Micro$oft's dominance hasn't been influenced by Echelon leaked information?

    It sure makes me wonder sometimes...

    Jeremy.


    Windows reminds me a lot of HAL, it keeps telling me what it can't do!

    Re:Sure it's nothing new, but thats not the issue: (Score:0)
    by Anonymous Coward on Wednesday February 23, @05:11PM EST (#127)
    Im not sure about the validity but check out this report on the news wire - http://www.smh.com.au/breaking/0002/19/A27800-2000Feb19.shtml This report cites French intellegence in claiming that microsoft has employed people from the NSA. the same people that have their hand in Echelon.
    Re:Sure it's nothing new, but thats not the issue: (Score:2)
    by rcromwell2 on Wednesday February 23, @08:12PM EST (#171)
    (User Info)
    The industrial espionage angle is a *RED HERRING* It's a neat little excuse for why the European economy is falling behind in the digital age. It will do nothing but promote nationalism or continentalism "see, now we finally know why Europe's economy is lagging. It isn't our over-regulated socialist consensus-decision-based markets, it's those damn Americans stealing our contracts through NSA listening posts."

    In the 80s, when America felt threatened by Japan, there was a similar sort of whining. Americans were complaining about Japanese interns in American companies copying designs and taking them back to Tokyo. Americans made much of the fact that all Japan did was go to Comdex, copy American inventions, and then mass produce them.

    Echelon is the new scapegoat to explain the poor French economy. But what is not mentioned is that French Intelligence has been doing this for years.

    You don't even need listening posts. Just H1-B VISAs.

    The Europeans are basically trying to find some illegitimate/unfair tactic behind the US economy's success. It couldn't possibly be that American venture capital markets are superior, or that American is brain-draining Europe by influencing all the smart/ambitious people comin here to work, or because the US just has a better climate to conduct business.

    Oh no... it must be because Microsoft/IBM/Yahoo/Amazon/Boeing/GE/whatever are actually being secretly helped by the NSA.

    My suggestion is if you care about your privacy, stop sending private information out in the clear.

    You should worry more about the masses of minature hidden $10 webcams exploding on the market, monitoring your every move, and being installed in public bathrooms, so perverts can put you on their web page.

    By comparison, your next door neighbor is going to do far more harm to you in the near future.


    Re:Sure it's nothing new, but thats not the issue: (Score:1)
    by Delboy on Wednesday February 23, @09:00PM EST (#175)
    (User Info)
    You seem to be entirely missing my point, but maybe it's because you're an American and you don't understand where they're coming from?

    I am not worried about my privacy, I thought I made that clear in my post when I was talking about the non geek population, I take appropriate precautions when I wish to protect my privacy, like any geek should, but what about those who don't know how to protect themselves, surely they should be granted protection by the state / law / whatever, I know I know whinge whinge whinge it's not a perfect world, blah blah blah, but something should be done.

    I notice from a number of your earlier posts on other topics that it's entirely not worth my while to argue with you further so I shall cease and desist.

    Have a groovy day and watch out for big brother ;-) Jeremy.
    Windows reminds me a lot of HAL, it keeps telling me what it can't do!

    partial mirror (Score:1)
    by ckolar on Wednesday February 23, @04:27PM EST (#105)
    (User Info) http://www.kolar.org
    I am putting some of the report PDFs that I have around in my cache on my web site at www.kolar.org/echelon.
    Not the co-host of The Linux Show. A private citizen.
    HEY FRENCH/GERMAN OPEN-CODERS! (Score:0)
    by Anonymous Coward on Wednesday February 23, @04:31PM EST (#108)
    I'm no joking!

    This is a golden key for open source to establish itself as the security and privacy guard of the EU institutions.

    p>

    Do you think a french minister trusts his Windoze laptop? I think not... Or a German director trust the central site mainframe ... s/he should think twice before saying "I do".

    We are in the unique position to say "if you don't trust my code THEN READ IT!

    Can you, at the center of the continent use this door to offer a reliable, worthy and verifiable platform solution to our governments? Do we have the sense (and the ability) to make our administrations to listen to the reason?

    We should! We must!

    Re:HEY FRENCH/GERMAN OPEN-CODERS! (Score:1)
    by Maurice (williamgates3@hotmail.com) on Wednesday February 23, @07:18PM EST (#163)
    (User Info) http://people.cornell.edu/pages/tis3
    How do you know that they don't have the compiler bugged? Thompson-style hack, right? Open source won't help in this case.
    Re:HEY FRENCH/GERMAN OPEN-CODERS! (Score:0)
    by Anonymous Coward on Wednesday February 23, @09:36PM EST (#177)

    Just bootstrap with a compiler that you trust!

    This process of using a "lego" of compiler compilers is vastly covered in the literature. I'm not saying that GCC couldn't be "infected" to have a trap door inserted by a "comprised" compiler but this process is used for each new release of the GNU compiler. You compile a new version with a previous running GCC (or EGCS) or whatever C compiler you have as long it is capable of doing the job.

    It's enough for you to think how can we write a compiler for a brand new processor. The first step would be to write a tiny one that would compile the real compiler (or a intermediate compiler that would do it afterwards) ... ok, there are several compiler tools to do this that could be "tainted" but we can always go back to the glorious assembly (for an assembler that we wrote also) further down to the metal if you wanted to with a binary loader.

    Re:HEY FRENCH/GERMAN OPEN-CODERS! (Score:1)
    by Maurice (williamgates3@hotmail.com) on Wednesday February 23, @10:08PM EST (#180)
    (User Info) http://people.cornell.edu/pages/tis3
    Which makes me wonder... Do you trust your hardware? OK, I'll write my assembler in machine code, then write my compiler using my assembler, and so on. But what if they bugged my hardware? This is harder to solve, because chip production is not exactly something you can do in your backyard. It could be a chip in your modem, or your ethernet card, or maybe even the BIOS. You can never be sure. I'm not saying that we should be paranoid, just that we can never be sure. If you have some very sensitive information, don't keep it on a computer. Also, any other digital device. Tape or microfilm is probably safer. Don't even wordprocess it.
    Study Has A Few Surprises (Score:1, Redundant)
    by ATKeiper on Wednesday February 23, @04:42PM EST (#113)
    (User Info) http://www.tecsoc.org/
    Anybody remotely familiar with ordinary intelligence collection techniques should not be overly surprised by Mr. Campbell's report. Intelligence collection, particularly COMINT and SIGINT (communications and signals intelligence) have become extraordinarily difficult for intelligence agencies, what with the proliferation of new communications technologies. So much effort has been poured into these two areas that intelligence of other types is faltering. Reams of satellite data are collected every day, but only a fraction of it is ever analyzed. HUMINT (human, or "spy," intelligence) is sometimes left dangerously undervalued, which is sad because it often provides the best advance data. And the nascent field of MASINT (measurement and signature intel) is not getting the attention or the funding it deserves.

    So what are the biggest revelations in this report, for those already familiar with intelligence collection? And for those who are new to the field and just worried about Echelon, what are the most important facts to remember?

    1. Nobody is spying on you unless they already have reason to suspect you.

    "The geographical and processing difficulties of collecting messages simultaneously from all parts of the globe suggest strongly that the tasking of these satellites [and other resources, as the report states] will be directed towards the highest priority national and military targets."

    2. NSA has a much better grasp of Internet communications than would at first seem possible. The sheer immensity of Internet traffic and its global reach would seem to handicap NSA intelligence collection efforts. Not so, according to the report.

    "Since the early 1990s, fast and sophisticated Comint systems have been developed to collect, filter and analyse the forms of fast digital communications used by the Internet... [A] large proportion of international communications on the Internet will by the nature of the system pass through the United States and thus be readily accessible to NSA... Although the quantities of data involved are immense, NSA is normally legally restricted to looking only at communications that start or finish in a foreign country. Unless special warrants are issued, all other data [like domestic U.S. e-mail] should normally be thrown away by machine before it can be examined or recorded... Much other Internet traffic (whether foreign to the US or not) is of trivial intelligence interest or can be handled in other ways [and usually reached by OSINT, "open source" intelligence]."

    3. U.S. companies like Microsoft have purportedly cooperated in these intelligence collection efforts. This is unorthodox, to say the least. The following claims made in the report are allegations without a great deal of substantiation.

    "According to a former employee, NSA had by 1995 installed "sniffer" software to collect such traffic at nine major Internet exchange points (IXPs). [A list follows.] ... The same article alleged that a leading US Internet and telecommunications company had contracted with NSA to develop software to capture Internet data of interest, and that deals had been struck with the leading manufacturers Microsoft, Lotus, and Netscape to alter their products for foreign use... The companies agreed to adapt their software to reduce the level of security provided to users outside the United States. In the case of Lotus Notes, which includes a secure e-mail system, the built-in cryptographic system uses a 64 bit encryption key. This provides a medium level of security, which might at present only be broken by NSA in months or years... [In 1995, the] companies agreed to adapt their software to reduce the level of security provided to users outside the United States. [Actually, this was not so much an agreement as a direct government requirement for exports.] In the case of Lotus Notes, which includes a secure e-mail system, the built-in cryptographic system uses a 64 bit encryption key. This provides a medium level of security, which might at present only be broken by NSA in months or years.

    4. They don't tap your phones.

    "Effective voice 'wordspotting' systems do not exist are not in use, despite reports to the contrary," according to the report. "Fax messages and computer data (from modems) are given priority in processing because of the ease with which they are understood and analysed." The only special phone technology the NSA has are systems that identify speakers by their voiceprint, which "have been in use since at least 1995."

    5. The FBI may know more than it should. Collaboration between the intelligence community and FBI is seriously frowned upon, especially since it is occasionally the FBI's job to investigate breaches of protocol by the intelligence community. Yet, according to the report, the International Law Enforcement Telecommunications Seminar (ILETS) was set up by the FBI in 1993, and has served as a guiding body for much of the COMINT work that fits under the name "Echelon."

    "The work of ILETS has proceeded for 6 years without the involvement of parliaments, and in the absence of consultation with the industrial organisations whose vital interests their work affects."

    Why is it important to keep the NSA (collection of intelligence) and the FBI (domestic crimes) separate? "Any failure to distinguish between legitimate law enforcement interception requirements and interception for clandestine intelligence purposes raises grave issues for civil liberties. A clear boundary between law enforcement and 'national security' interception activity is essential to the protection of human rights and fundamental freedoms."

    6. The study has no real proof of corporations inappropriately benefiting from collected intelligence.

    Businesses do not get help from intelligence agencies - governments do. The study admits this: "There is no evidence that companies in any of the UKUSA countries are able to task Comint collection to suit their private purposes."

    Generally, there is nothing ethically wrong with a country collecting economic intelligence about another country. If intelligence is to be useful in any way, we need to know important economic data so we can act on them if necessary. The only ethical problem would be if specific businesses got help, but other than a spurious hint of impropriety, the study doesn't really have any proof. All it has is this quotation from a Baltimore Sun article: "Former intelligence officials and other experts say tips based on spying ... regularly flow from the Commerce Department to U.S. companies to help them win contracts overseas."

    7. Echelon or not, the intelligence agencies are losing.

    Every day, U.S. intelligence collection agencies slip farther behind. They are in sorry shape right now, with huge input, and very limited analysis capabilities. And in the end, the study admits that "[t]he use of strong cryptography is slowly impinging on Comint agencies' capabilities... [I]n the absence of new discoveries in physics or mathematics, Moore's law favours codemakers, not codebreakers."

    Let me know if you think I've missed any of the study's major revelations.

    Thank you.

    Yours,
    A. Keiper
    The Center for the Study of Technology and Society

    minor error (Score:1)
    by ATKeiper on Wednesday February 23, @04:55PM EST (#123)
    (User Info) http://www.tecsoc.org/
    Well, I'm a bit of a retard. The analysis I just wrote was of Mr. Campbell's April 1999 report called Interception Capabilities 2000, which I had been led to believe was a mirror of today's report. That older report is still quite interesting, and well worth a read-through if you have the time. I look forward to seeing the latest report, which I assume supercedes the older one, when those EU servers are back online.

    Apologies,
    A. Keiper
    The Center for the Study of Technology and Society

    unless they already have a reason to suspect you (Score:1, Interesting)
    by Anonymous Coward on Wednesday February 23, @05:23PM EST (#133)

    They don't spy me unless they have a reason!

    And I'm wondering... who defines the reasons?

    For instance in the US, did Nixon had a good reason to spy the Democrats in Watergate? Certainly he did! They were planning to win elections from him ! Those bastards!

    If I am a political active citizen and I am against the current trend in power do they have a reason to spy my emails? According to your views it seems they do. I gave them a reason.

    And you know how it works in the real life... covered blackmail, hidden menaces, a working contract that is not renewed, etc

    I can hear you say "That cannot happen within the US!". Maybe not, maybe it only be "offered" to us silly and idiotic europeans, maybe that information will be passed to a company that I'm working for, maybe that company is american and I was idiotic enough to have opinions while working there, maybe, maybe... maybe I would loose my job, or ... , or somethig else if I have suspicious political views.

    That's why these "spy traps" scare everyone ... maybe.


    Re:unless they already have a reason to suspect yo (Score:1)
    by ATKeiper on Wednesday February 23, @06:00PM EST (#145)
    (User Info) http://www.tecsoc.org/
    Your objection seems to be against the entire notion of spying and intelligence collection generally, not Echelon in particular. After all, that's what intelligence collection is - countries secretly gathering information to prepare for situations which would otherwise surprise them and endanger their interests. If your objection is against spying and intelligence collection as a whole, well, you have a perfectly legitimate (or at least consistent) point.

    My argument in the main posting was merely that Echelon doesn't seem to be all that different from what we already publicly knew about ordinary intelligence collection.

    Yours,
    A. Keiper

    Maybe our efforts are better off elsewhere (Score:1)
    by Salant on Wednesday February 23, @04:54PM EST (#122)
    (User Info)
    Maybe I'm the only one but I don't really care that much about echelon.

    I just have this feeling that no matter what I do someone out there will be watching these days.
    Given that I'd rather put all my efforts into stopping something that is DEFINATELY harmful to
    you rather then annoying that someone somewhere is reading my email. If all the people
    who don't have any secrets that NEED to be protected put their efforts toward say stopping
    drunk drivers, or spam I believe our quality of life would go up much more than Echelon may be
    brining it down.

    I mean hell maybe they'll use this for good and stop the next two crazy guys who wanna blow up
    A building full of workers and their kids, or stop some guy from molesting that 12 year old
    girl who doesn't know not to give her address to people on the net.


    bzzzzt (Score:0)
    by Anonymous Coward on Wednesday February 23, @05:53PM EST (#144)
    From the report:

    33.TCP/IP. TCP/IP stands for Terminal Control Protocol/Internet Protocol.

    I've seen "transport control protocol" and "transmission control protocol" but never "terminal control protocol"...

    IP is the basic network layer of the Internet.

    Ummm... okay.


    Gettin' back... (Score:1)
    by Calmacil (wolak@uiuc.edu) on Wednesday February 23, @06:27PM EST (#149)
    (User Info)
    I was thinking...

              Collect a lot of pr0n, and put in national security type keywords in the comment section in the pictures.
              Encrypt them lightly, and send them to a friend in North Korea. Some poor schmuck sees a lot of traffic going to North Korea, and easily decrypts it. Boss-man walks in, sees the pr0n. "No, really! It has all these keywords, really!"


    Calmacil

    I can't seem to face up to the facts, I'm tense and nervous and I can't relax... --Talking Heads

    Links to porn sites??? WTF? (Score:0)
    by Anonymous Coward on Wednesday February 23, @06:39PM EST (#151)
    Okey who's messing around here? Post #107 is supose to be to a mirror of the report and it links to cuntlicker.com and #114 links to hardcoresex.com and #103 links to crackwhores.com... Are these people trying to get free advertiseing or what?
    Web based secure email (Score:0)
    by Anonymous Coward on Wednesday February 23, @06:39PM EST (#153)
    Ok, so this is a good time to mention it. I read an excite story (from drudge report) talking about this EU summary. Scary. So I do some looking for security. Email is when I say the most incriminating things. So I find hushmail.com Uses Blowfish to provided end to end encrypted email. Now, PGP is real pain for some people. My mom who needs Clip the office assistant to type a letter couldn't handle it. She can handle hushmail. I'm a huge fan, it's totally secure and it's from www.hushmail.com No affiliation, just a huge fan.
    Echelon == Urban Legend? I *wish* it weren't... (Score:1)
    by sansbury on Wednesday February 23, @06:44PM EST (#156)
    (User Info)
    Am I the only person here who does not think the NSA could really pull this off?

    To wit, they would have to be copying and routing packets from all over the Net to machines that process this traffic. Or they would have to maintain a huge network of snooping machines all over. If they do it the first way, then there are suspicious piles of traffic flowing off into dark corners. Do it the second way, and they increase the odds that someone will locate one of their spy machines and blow the lid off.

    A recent auditor's report found the NSA dangerously close to the edge in terms of their inability to keep up with the rising tide of Net traffic. The NSA might be the NSA, but it's still a gov't agency, and look at the mess that is the CIA. Talk about the gang who couldn't shoot straight.

    How then to explain this EU report?

    My theory is that this is just another brick in the wall of the rising tide of anti-American sentiment in Europe, a disappointing phenomenon for which the French seem largely responsible. Look also at their investigation of Microsoft, statements regarding which are often tinged with nationalist invective.

    This sort of thing is disappointing development, because the free world faces real potential threats in the form of Russia and China. A strong strategic partnership between the US and Europe is essential for our security in this new century.

    As for Echelon, I wish I could believe such a thing existed. Why? The world is a dark and dangerous place, populated with many characters who wish to harm our national interest, security, even plant bombs and bioweapons in our cities. Traditional SIGINT, which is what the NSA is good at, is no longer enough. Few people truly know how much this helped us in the past 50 years, and how many lives may have been saved because of it.

    But I don't think it's true. I think many people are simply having fantasies driven by "The Matrix" and too many Tom Clancy books and X-files episodes.

    -cwk.

    Re:Echelon == Urban Legend? I *wish* it weren't... (Score:1)
    by shub (brad@shub-internet.org) on Wednesday February 23, @08:35PM EST (#174)
    (User Info) http://www.shub-internet.org/brad/
    You've got two choices:

    1. Get an SCI clearance and learn the truth.

    2. Read this report and related books, and learn a reasonable facsimile that has been pieced together from various parts.
    --
    Brad Knowles
    http://daily.daemonnews.org/ -- if you're not reading it daily, you're not up-to-date
    Reuters on the subject (Score:0)
    by Anonymous Coward on Wednesday February 23, @07:08PM EST (#161)
    http://www.abcnews.go.com/wire/World/reuters20000223_3251.html
    Echelon Station (Score:0)
    by Anonymous Coward on Wednesday February 23, @07:28PM EST (#166)
    There is an Echelon Station in Herbert Rd, Artarmon, Sydney. It's on the SBS studio side of the road, about halfway between that and St Leonards, and is basically three huge warehouses lined up away from the road. It is officially a Telstra bill printing plant, and the security appears about right for that at first (open plan gates etc), but is just way too big and the 4 security cameras on the front left corner alone look a little suss. A friend has seen someone removed at gunpoint, and knew someone who did the pebblecreting who had his camer confiscated for photographing his work. Apparently the second warhouse contains Australia's Echelon computer processing power, which was more powerful that the British defense's when it was built ...
    Re:Echelon Station (Score:1)
    by tree_frog on Thursday February 24, @04:37AM EST (#189)
    (User Info)
    Anyone got any photos of this??
    What Good is Echelon? (Score:0)
    by Anonymous Coward on Wednesday February 23, @07:50PM EST (#169)
    The principal problem with SIGINT lies in breaking encryption. As with the breaking of Enigma, there is no need to solve an algorithm by brute force if users make mistakes (an all users will). The first mistake is not having your computer sealed in a faraday cage, allowing TEMPEST type options. Of course, this option means you have already made a series of big mistakes, and led them to your door.

    Echelon will have its greatest value in conflicts of a military nature, directing large ears at a known foe. Randomly listening to millions of conversations is more expensive and less useful than less sophisticated HUMINT options. The privacy issues are negated by using end-to-end encryption, especially in a personal code or argot. Better still if you post the message anonymously to a public forum. Then they can't track the recipient(s).

    The point is, protecting messages in path is easy. Keeping your neighbors quiet, hiding your trash, and guarding against break-ins is difficult. The people responding to this thread have their priorities in precisely the wrong order. Read the histories: directed SIGINT is valuable against a known foe. At other times, the expense and false positive rate will be apparent.

    Burn your trash. Let the crypto people worry about Echelon. You're already making big mistakes in keeping your privacy. Who is listening in on your phone sex conversations is the least of your problems.
    What about the name? Gotta be a joke. (Score:1)
    by ZikZak (zikzakATioDOTcom) on Thursday February 24, @01:08AM EST (#185)
    (User Info) http://www.io.com/~zikzak/

    Anyone else here read The Illuminatus Trilogy? Anyone else here recognize a joke when they hear one?

    Somewhere close by Robert Anton Wilson is laughing his ass off at another brilliant mass-cultural hack.


    Other economic info that echelon was used to nick (Score:1)
    by caolan (caolan.mcnamara@ul.ie) on Thursday February 24, @03:39AM EST (#186)
    (User Info) http://www.csn.ul.ie/~caolan
    Just two stories that point out just how echelon has been used in recent times

    Some suspiciouns German Thefts and closer to my heart is the story abount monitoring all Irish International Phonecalls, This one was pretty much suspected for some time, particularly by the IDA (Irish Development Agency in charge of convincing companies to invest in Ireland), they got terribly suspicious when a few large companies got slightly better bids to set up in Scotland, each time just a little better than the Irish bid. I believe that they ended up asking travelling diplomats to transfer their most valuable documents by diplomatic pouch rather than fax or email them. Though I can't find the story where I read this one, Sunday Tribune I believe but they don't have an online search engine

    C.

    Voice keyword monitoring systems. (Score:2)
    by Animats (slashdot-replies@animats.com) on Thursday February 24, @03:53AM EST (#187)
    (User Info) http://www.animats.com
    I note that the report indicates that keyword recognition for voice calls isn't yet available. This is incorrect. It's a standard feature of advanced prison phone systems. "The LazerVoice Keyword Recognition feature listens to all conversations and selects the call records that fit your customized keyword criteria creating faster and more cost efficient investigations." "Our top-selling product", says the manufacturer, Schlumberger. Order yours today.
    Echelon Study' Released by European Parliament (Score:1)
    by klavs on Thursday February 24, @04:36AM EST (#188)
    (User Info)
    This report made a lot of fuzz in Denmark 6 months ago, so the goverment had it translated. The danish version is available at The Danish Ministry of Research and Information Technology. Danish Broadcasting Coorporation also has a lot of related stuff here in danish and english.
    Thursday- Two more articles in NY Times (Score:1)
    by MacRonin on Thursday February 24, @04:53AM EST (#190)
    (User Info) http://www.PrivacyDigest.com/
    "New York Times" - free registration required Long History of Intercepting Key Words.

    The computers watch and listen for key words in telephone, fax and Internet communications and route intercepted messages on a topic requested by a country, the descendant of a decades-old electronic eavesdropping network set up by the United States with Australia, Britain, Canada and New Zealand.

    "New York Times" - free registration required An Electronic Spy Scare Is Alarming Europe.

    Fears that the United States, Britain and other English-speaking countries are using a cold-war eavesdropping network to gain a commercial edge roused passions across Europe today, even after Washington and London roundly denied the notion.

    The subject kept the European Parliament in Brussels entranced for hours and drew banner headlines across the continent. [...] The hubbub grew from a report prepared for the European Parliament that found that communications intercepted by a network called Echelon twice helped American companies gain an advantage over Europeans.


    http://www.PrivacyDigest.com/
    Encryption pointless in UK (Score:0)
    by Anonymous Coward on Thursday February 24, @06:34AM EST (#195)
    To all the people who suggest encrypting everything... Here in the UK, thanks to Herr Obengruppenfuhrer Jack Straw's draconian reign as Home Secretary, encryption is irrelevant.

    It doesn't matter how many bits you encrypt by, if they ask you for the key you must hand it over or be imprisoned...


    Re:Encryption pointless in UK (Score:0)
    by Anonymous Coward on Thursday February 24, @11:46AM EST (#216)
    Yeah, so you have to give them 'the key'. Does anything in the statute define that 'the key' actually has to work?

    What I'm getting at is just make something up rather than giving them the real key. Then when it doesn't work, tell them that it always worked for you so you don't know why it doesn't work for them... Blame it on the transportation of the computer - say the data must have been damaged in transport - due to THEIR actions, and that it's now unretrievable!

    There is a well-known "Law" in Computer Science which basically states that once you start a program running, you have absolutely NO idea what it's going to do. You HOPE that it will run in the manner which you programmed, but there's no way to ensure that it will. A random cosmic ray could pass thru your machine and flip a bit, and screw things up... Several bits could flip, pass the CRC/Checksum tests and not be detected... Encryption that does chanining depends on the prior blocks being decrypted properly - so it must have been a problem in the first block...

    To paraphrase: They'll get my crypto keys when they pry them from my cold, dead neurons...

    Even if they do a brute force and discover the true key - continue to blame it on the fact that the data was corrupted, and say "that wasn't ever my key..."... Let them conclusively PROVE that it was - and unless you open your yap, they can't!
    Echelon (Score:1)
    by h0tpant5 on Thursday February 24, @09:08AM EST (#205)
    (User Info)
    I replied to a similar article a while ago asking what people had to hide, I stick by that. The real issue here is that governments are selling the information, supposedly gained in the interests of national security, to businesses and indaviduals supporting their own personal interests, not national security.
    link (Score:1)
    by Clyde on Thursday February 24, @12:45PM EST (#217)
    (User Info)
    I think echelon has blocked that web site (http://www.europarl.eu.int/dg2/hearings/20000222/). We better watch out. They'll be blocking /. next.
    EU's being selfish, but it helps us all (Score:1)
    by Salis (hsalis@eden.rutgers.edu) on Thursday February 24, @01:40PM EST (#220)
    (User Info)
    While the EU is using their apparant economic disadvantage to the U.S as an excuse to release everything they know about Echelon, I'm all happily for it!

    This is the most information I've read on Echelon and I'm glad that the EU finally made it all public.

    I think the perception of what Echelon does (rather than what they have the potential to do) is made much more clear in the report. While Echelon can monitor most communication media available, they won't..because they don't care about it all. From reading the report, which can be considered at least non-biased towards the NSA since the EU is basically accusing the NSA of spying and wouldn't leave the more controversial info out, one can see that Echelon generally doesn't spy on American or British citizens. The problem arises when military + economic information interception accidentally collects private, non-related information. I see this as not a purposeful attack of personal liberties, but a failing of the technology.

    The NSA doesn't care about the latest hack you did against some web page. The NSA doesn't care about your kiddy porn.

    They're looking for the military and economic advantage over other countries..and they have so much information to process and disseminate that tracking foreign national security matters AND domestic 'small time crimes' would be a waste of resources.

    I think anyone who wishes to retain their privacy and is doing something they're afraid others will find out should use PGP. It's pretty simple. Elsewise, I don't think the NSA will care about your non-encrypted email to a domestic friend about your latest script kiddie prank.

    And if Echelon gives the U.S an economic advantage over others, I applaud it. If it allows the U.S to retain its edge over the IT industry, I think it's worth it. I forsee no 1984 scenario..that's just paranoia sweeping in.

                                                              Howard Salis

    Re:Bump in the night (Score:0, Offtopic)
    by Anonymous Coward on Wednesday February 23, @02:38PM EST (#11)
    do you mods have so many mod points that you could waste 5 on one post?

    I don't understand you mods at all!

    Moderation Totals:Troll=3, Funny=2, Total=5.
    Re:Bump in the night (Score:0)
    by Anonymous Coward on Wednesday February 23, @02:55PM EST (#30)
    Where can you see the Moderation Totals???
    Re:Bump in the night (Score:1)
    by Hammer on Wednesday February 23, @03:08PM EST (#41)
    (User Info)
    First you add &threshold=-10 to the URL to show the post (if less than -1) then just click the (#22) link (or whatever number the post has.
    This will list a buncha details about the post...
    Re:Bump in the night (Score:0)
    by Anonymous Coward on Wednesday February 23, @02:41PM EST (#15)
    -3 Troll??? WTF is going on here. Rob needs to prevent abuses like this, this is an evil thing to have happen. I browse @ -1 and it pains me not to read stuff like this!!!
    Re:My Echelong (Score:0)
    by Anonymous Coward on Wednesday February 23, @02:49PM EST (#21)
    You got it wrong - those are your knuckles dragging on the ground.
    Re:Bump in the night (Score:0)
    by Anonymous Coward on Wednesday February 23, @02:54PM EST (#29)
    if you add "&threshold=-10" to the end of the
    url it shows posts below -1

    We have a equal opportunity Calculus class -- it's fully integrated.

     



    Forgot your password?
    Working...