Telecoms Helped Iran Spy On the Net; Same Technology Used Here
By Susie Madrak Wednesday Jun 24, 2009 6:00pmI know we'd all like to think there are ways to protect our privacy online, but there really aren't any - at least, any we have access to. And as long as Congress is too afraid of seeming "soft on terror," it's unlikely that legislation protecting our privacy will be passed. From Democracy Now!:
Welcome to Democracy Now!, Josh. Explain what they’re doing in Iran and then how the same technology is being used here.
JOSH SILVER: Well, yesterday, the Wall Street Journal reported that the Iranian government had secured this system from a German and Finnish company that will look through everything, both land line telephones, mobile telephones, email, websites, looking for keywords and actually monitoring the entire traffic going through one chokepoint in Iran. It’s been disputed by the European company, but the validity of the report seems solid.
What’s scary about this is that this technology that monitors everything that goes through the internet is something that works, it’s readily available, and there’s no legislation in the United States that prevents the US government from employing it. And that’s what’s really the cautionary tale here.
AMY GOODMAN: Your report is called “Deep Packet Inspection: The End of the Internet as We Know It.” Why does it threaten the internet, overall?
JOSH SILVER: Well, the problem is, is that, you know, if you look back to the 1930s, when telephone service became ubiquitous around the United States, lawmakers realized then that there was this new communications infrastructure and there needed to be consumer protections so that the government and others could not unlawfully or unethically monitor and listen in to the private conversations of American citizens. They established laws that prevented that from happening. In those laws, it made it so that the government requires a legitimate warrant, issued by a judge, that lets them do such monitoring.
Now we don’t have that. So what we have is this sort of free-for-all, where the policy that governs the internet has not caught up with the technology. So you have these incredible systems, built primarily by companies like Cisco out in California, that have the ability to do this. Now, we’re not saying that AT&T, Verizon and Comcast are like the Iranian government, but we do see a problem where even our own president, with his progressive internet policy agenda, last year flipped on this issue and actually supported a Bush administration law that granted immunity to the largest phone and cable companies for turning over citizens’ private records to the government, which was illegal at the time.
JUAN GONZALEZ: Your organization, a couple of years ago, raised questions about what Comcast was doing, in terms of this issue. Could you explain that?
JOSH SILVER: Sure. Last year, we filed a suit at the Federal Communications Commission and actually sanctioned Comcast Cable, for the first time any major carrier being punished for blocking so-called network neutrality. That is, they were discriminating against certain internet content over others. And the reason these issues are so important is that all communications—phone service, web service, radio—is all moving towards an online connection, all going through the internet. So this is really about the future of all communication in America.
JUAN GONZALEZ: And how does packet inspection work?
JOSH SILVER: The way deep packet inspection works is that you have sophisticated equipment that literally watches the entire internet, and it watches for every piece of data, voice, video that goes through and pulls out key words, it pulls out key—both written and spoken, and looking for things like “rebel” or “grenade” or what have you. And then it will trigger that, and that will go to the NSA version, in this case, in the country of Iran.
But the potential of this technology to give government this sort of Big Brother monitoring ability, which goes way beyond any of the constitutional protections that are in our original Constitution, are really a cautionary tale and should have everyone in this country on notice. It is notable that there’s been very little follow-up coverage of this issue since yesterday’s Wall Street Journal piece.
AMY GOODMAN: What’s happening in China, Josh Silver?
JOSH SILVER: Well, China has very similar systems. What’s a little bit interesting about what happened yesterday is that Iran seems to be—and again, this has not been completely proven—but according to the Wall Street Journal, it appears that Iran is actually monitoring this web traffic in one single chokepoint on the web, whereas China does it in many different locations. That’s not a big difference, but everyone knows that the Chinese government is terrible on protecting the privacy of their citizens. But we do have a situation where this is starting to become ubiquitous in countries with bad human rights records, and it’s one that we have to get some legislation on, both internationally and in the US Congress, if we’re going to sort of stem this.
AMY GOODMAN: Josh, can you talk more about how this can be deployed here at home, how it’s done without our knowledge, and what you feel can be done about it?
JOSH SILVER: Well, it’s widely known that the major carriers, particularly AT&T and Verizon, were being asked by the NSA, by the Bush administration, during the last seven, eight years, since 9/11 particularly, where they were asked to deploy sort of off-the-shelf technology made by some of these companies like Cisco that would do what I just described, that would listen to monitor content moving across the web and across the voice lines across this country. It was found that they did it, and a law was introduced in the Congress that would actually—would grant them immunity. It was written by telephone lobbyists. Again, Obama came out against that law and said we must punish these carriers for doing this, because it’s illegal, and then he flipped, under enormous pressure from the lobbies.
The technology is there. It’s going to get better. It’s very—relatively very easy for phone, cable companies, and thus the government, to monitor and listen and watch what we do every day on the web and on our phones. The only thing that’s going to protect us is hard, concrete laws passed by the US Congress that will make it illegal, and then effective watchdogging by the government to make sure that those laws are upheld. So, in order to do that, people need to pay attention. People need to talk to their members of Congress about it. They have to go to our website, freepress.net, and get involved and make sure that these basic protections are upheld.
Login or Register to post comments.
the telecom lobby" (i.e. deciding corporate money was more important than US civil rights and laws), we still don't know what how the intercepted information was used. However, there have been reports that journalists' and politicians' electronic communications were monitored. Anyone want to bet that Bushco, and now perhaps Obama, used that information for blackmail and extortion?
As reported by Democracy Now. Keywords were used 24/7 for tracking Journalists after 9-11 and after the Aproval of the PATRIOT ACT.
Russell Tice: “In one of the operations that I was in, we looked at organizations just supposedly so that we would not target them, so that we knew where they were, as not to have a problem with them. Now, what I was finding out, though, is that the collection on those organizations was 24/7 and, you know, 365 days a year, and it made no sense. And that’s—I started to investigate that. That’s about the time when they came after me to fire me. But an organization that was collected on were US news organizations and reporters and journalists.”
Video:
http://www.democracynow.org/2006/1/3/exclusiv...
Young turks
http://www.youtube.com/watch?v=icJNzHxTGOw
What kind of terrorist attack reporters and Journalists can do?
Why were the Neocons afraid of the Journalists, reporters and Newspapers?
and the rest is history...
... In response to concerns that emerging technologies such as digital and wireless communications were making it increasingly difficult for law enforcement agencies to execute authorized surveillance, Congress enacted CALEA on October 25, 1994. CALEA was intended to preserve the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities.
Um, what? Public key encryption is free, easy, and secure. If you're really worried, just educate yourself. I haven't sent a cleartext email since 1995. Even though the NSA knew about it decades before the public, I still sincerely doubt that they know how to factor nonprimes efficiently.
You mean using programs like this?
http://lifehacker.com/software/top/how-to-enc...
Yup, PGP was the first of the easy encryption packages. I worked with Zimmerman briefly on the first implementation. Since then it has evolved and become almost a no-brainer to use.
These days, it's ridiculously easy to get a free signed certificate to use for encryption of virtually anything, from email to VOIP. That people are still worrying about this horrific "Deep Packet Inspection" just astounds me.
puts people on lists, which is useful to certain types of gov employees.
You're making no sense, Ferro. How does me getting a certificate, or signing my own, put me on a list?
your computer identifies itself. All new computers, as I'm told, now include key loggers that that regularly "report in"; it makes public key encryption, like PPG moot. The following link is on earlier versions. From what I hear, the functions are now part of motherboards, etc, instead of factory add-ons:
http://www.********.com/articles/bb/gov_caugh...
All printers now print dot codes identifying the make serial number, etc. If you send in warranty information on computers and printers, the data bases in which warrenty information is kept are available for data mining. Same for digital cameras and video devices. Computer and software manufacterers are required to provide all of their means of encryption to the government.
You can help yourself by paying cash for equipment and listing "Cash" as customer infor. don't send in warranty info. Write you own encryption algorithms.
As the government(s) become more intrusive, it ends up only abusing the citizens, because terrorists are increasingly abandoning high tech and returning to archaic means to plot whatever it is they plot: couriers, letters, staying off-line and so on.
Measure/countermeasure.
I was just reading how they are getting very good and cracking encryption in child porn cases. They got it down to a science and can break most commercial encryption in less than 2 hours. This was reported on the CBC.
I guess if everyone makes it a policy to include words like "anthrax" or "bomb" or whatever a good trigger word might be into every email and every phone conversation, pretty soon the filters would have way too much stuff to look at.
If they're hoping to comb through the data and find certain magical words, well, then: let's not disappoint.
Is there any way I can send a "private" email to Iran telling the government to fuck themselves?
They'll catch it I'm sure. I call my friend Dale in the states and I always say "Allah Ahkbar" and "Durka Durka Akhmed Jihad" Occasionally throwing in the word "Bomb" and "President" to make sure they waste their time.
"Durka Durka Akhmed Jihad"
That shit is so disrespectful...but SOOOO damn funny...
I will lay the blame squarely on the shoulders of the Southpark guys if this country is ever invaded!
};)>
For what it's worth, DPI is mostly unrelated to intelligence gathering. This article is mostly about fear-mongering. I'm sure that intelligence agencies are rabidly farming as much information as they can from cleartext messages, but DPI as a technological approach is completely different from what is portrayed in the NPR article. Given that anyone can easily use strong encryption to completely subvert any DPI approaches, this is more the sort of article I'd expect to read on Fox News, not NPR or Crooks'n'Liars.
Internet speeds in Iran have dropped to a tenth of normal, this would help their DPI greatly.
Um, .. what? What does bandwidth have to do with processing power as it relates to factoring nonprimes? The drop in bandwidth from Iran has more to do with up-to-date information getting out than with trying to analyze packets, and it's almost surely done by Iran, not the US.
Put it in perspective. Factoring a large nonprime - and hence cracking an encrypted packet - only requires one packet. Bandwidth is irrelevant.
About messages between groups inside Iran, easier to inspect everything flowing if everything is traveling slowly.
And they will be doing traffic analysis too.
You're right, the government there is worried, but they're idiots. The people themselves are smart. Anyone with a brain who has anything controversial to relay is using encryption which is immune to traffic analysis.
innocents (to the slaughter) thinking that change is coming will be plain texting, and the Basij and other religious political maniacs will be reading it and acting on the info. Witness the incident where they raided that female dormitory and took some off for execution.
Yes, that's horrifying, Ferro. And you're probably right in your assessment.
What I debate is both the entire premise of the NPR article as well as Susie Madrak's statement that "I know we'd all like to think there are ways to protect our privacy online, but there really aren't any - at least, any we have access to." That is not true, and hasn't been true for 20+ years. People need to wake the hell up. As such, this CnL article is really just ... uninformed crap.
need to encrypt our communications in the US; we used to have a constitution that made that kind of hiding unnecessary, at least theoretically. And it's an extremely valid point. The people who really need to hide their communications from government spying can easily do so. So why are they spying on the rest of us?
that we will organize and force them to find employment in unrelated fields.
on innocent people. People who have sinister motives use substitutional word codes and other more sophisticated encryption. They don't catch those. Oh and Larry: You're rug is repaired and ready for shipment.
Political groups and civil/human rights protesters, these are the 'evil' people governments fear the most.
Your terrorist when they commit an outrage actually benefits the gov, people get all scared and rights get restricted.
And your average dumb local terrorist is lacking in money and resource crippled and generally are bad planners, to do anything big or noticeable. Only state sponsored groups have the resources and training to do big events.
You mean like when Rush Limbaugh would ask his housemaid to go get his drugs for him?
why this country is F**KED. I'm not sure when this country will have another republican president, not really sure it will matter, but this country is circling the drain. A republican president will only speed up the process. As was seen on this site a few days ago, I agree completely with Bill Maher, this country needs a true progressive party soon or our demise will be assured.
Just saw a program on the history channel detailing the crumbling status of our infrastructure. From our roads and bridges, to our levees and dams, and our water and sewage systems. All these things are falling apart
but has anyone heard when the ABC/Obama townhall meeting is supposed to start?
I just finished the Obama Town Hall Meeting on ABC. It started at 10 pm on the East Coast.
The silly Albany news is on right now then apparently Obama will be back with more Q&A on "Nightline".
I was hoping Crooksandliars would do an open thread on the "Town Hall" meeting but I guess maybe we can make our comments in a little while??
To sum up what you missed: Obama says, "If you like your current private insurance, you'll be able to keep it." "We need to control costs. We need to control costs. We need to control costs."
Diane Sawyer: "Off to commercial!!!"
I'm on the west coast. Thank you.
Now, with encryption above, and with stronger tools.
https://www.torproject.org/index.html.en
Tor + Firefox + Torbutton-plug-in + Keyscramble plug-in + encryption = a good start
If you don't think things like Tor are being used, go to their metrics on new users from Iran during this crisis. https://blog.torproject.org/blog/measuring-tor-and-iran
I've been running a Tor relay & end-point since the weekend. I have been periodically scanning for activity from Iran to be sure I haven't been "made" as endpoint is one of the visible parts of a Tor network, and if identified my IP would be blocked. I have seen at least one Iranian connection every time I've looked, sometimes over half a dozen at once.
There is also Freegate.
While Freegate was mainly formed to help with China's censorship, they opened to Iran before the election and were quickly taken to capacity from Iran this week. There is also an underground proxy and VPN network to help Iran right now.
If you can support Tor, please do. We may need it sometime here. Like the OP says, they have all the equipment to censor and inspect here. If you can set up and run a relay or bridge, consider it too. Directions are on the site. It is a volunteer network. But be warned you need a good internet connection.
If you can't run a Tor node, consider donating to Tor, or Freegate or the EFF. The EFF fights to make sure it is still legal to run encryption and Tor here. I'm not affiliated with them. I'm one of the unemployed, on limited income, and wondering how I will fund the extra bandwidth connection I am going to need to keep the node up for more than a couple of months.
We the people are fighting back, as volunteers, and in open-source communities to get around the censors. I'm running a Tor node now, despite the fact it means I can't really do anything fast on my net connection. But, if the situations were reversed, I'd hope that someone, somewhere, who knows maybe even in Iran in the future, would start a few extra nodes for us if we needed them.
http://irevolution.wordpress.com/2009/06/15/d...
iRevolution
protecting privacy. The government agencies who spy on citizens are lawless and couldn't care less what the laws are. They'll do what they want, when they want it and cover their crimes behind secret classifications.
It's fundamentally unAmerican. They don'y care.
But the People are not without power. One thing that can be done is to toss key words into every conversation, every email document and to use encryption. Make up stories to include in every document. Flood the system with "work". If billions of documents and conversations are triggering scrutiny, and if most of that must be passed through code breaking decruption (no matter how easy it is to devrypt) it's all extra work on the the Cray computer systems. More, all the extra material must then be reviewed by an air breathing human in order to insert human judgement into the matrix. It doesn't take too many billions of individual items before things start slowing down and crashing. It's alredy happened, and there's no way that these agencies can higher 200 million or so employees to sift through all the hits that the computers spew out.
Since these agencies no longer work for the People or the good of the Nation., screw 'em.
I used to have a class 1 digital ID by Verisign. The government can't break that one. Bush wanted legislation demanding that companies like Verisign give the government a master key to decrypt everything, but congress said no. The reason I no longer have the digital ID is because the people I was emailing would have to have one also, and they were to cheap to spend $14/year to keep their emails private.
nowhere do i see in the body of the story or the comments the names Nokkia and Siemens the two companies who hate democracy and do tyrannts bidding.
Now you actually have targets to vent at or boycott.
because now the link doesn't work...
"Does anyone else think the internet's furor over Iran is largely the result of people who just don't like their own government, and idly dream of revolution while living vicariously through people who are experiencing unimaginable oppression and violence?"
http://www.oldamericancentury.org/r/politics/...
New link...
http://www.reddit.com/r/politics/comments/8vi...
There are a variety of methods of communicating in a secure fashion, as long as the sender and reciever are on the same page.
Example:
23458 7pijn 34pq3 443&G O*&& *V0)8 924j
AnAjA DUAAD hoFAo iAFoA hAFoA A863q
t783q bia37 8fWjk
looks like garbage because it is: I just bashed on my keyboard to make that. But, a multipage/multikey cipher generates stuff that looks like that, and if done in only short messages, it is nearly impossible to break. And if it is breakable, it takes a lot of processing power and time, and the authorities in question would have to have some specific interest in your communications to bother with it.
There is also Steganography where you just embed equally encrypted data in an image or some other common data file.
The gov't snooping isn't to catch spies. Spies use things that work.
It isn't to catch terrorists - they also use systems that work.
They are doing this as a way to buff their own armour and think they're doing something useful, and to act as Security Theatre so the teeming millions will think that the gov't is doing something to protect them from brown people / political opposition / threat du jour.
1-The US is proposing over 30 new nuclear power plants nationwide. ANY state which has a nuclear power plant has nearly unlimited snoop powers through the Atomic Energy Commission, which doesn't like ecological activists at all.
2-The primary builders of nuclear power plants in the US are General Electric and White-Westinghouse. One owns NBC, the other CBS. Both actively "prospect" for entertainment and bottom-feeder journalistic ideas. Additionally, White-Westinghouse founders were, and probably still are, employed in the highest levels of Bell South/Southern Bell Communications. The White family minions have employed ID theft, forged contracts, blacklisting, and numerous forms of unethical surveillance on those who criticize them and their corporate entities.
Tennessee Valley Authority, home of many nuclear power plants, has its own police force. You can bet your mortgage payment that future ownership of future plants will have theirs.
And don't count on their quality assurance to be top-notch. Go back into Columbia Journalism Review, US News and World Report, and good ol' Rolling Stone's archives on one nuclear power plant White Westinghouse tried to build in Jacksonville, FL on top of a small fault line and with many local political palms greased liberally. Then check Palatka, FL, where the concrete used to construct the power plant was so inferior that the plant had to be rebuilt.
Watts Bar Nuclear Power Plant employs a diagnosed schizophrenic who wears only long sleeves, rolled up to just below the elbow crease where the needle goes in--I worked as a temp in his former employer's company.
He's very computer-savvy, though.
So good that when I tried to transfer a file full of old doo-wop by a group with his nickname, my computer refused me administrative rights for this file on my own computer, where I am supposed to be the sole admin. A computer he's never touched, except apparently in virtual space, where he now owns some, if not all, of its contents.
The ISP's here in Canada are using DPI to battle P2P downloading, which is legal here. As soon as you start using Vuze, Bitorrent etc., your download speeds are "choked off" to a crawl, so that it takes about a week to get Dick Van **** or whatever downloaded. The claim is they are worried about overloading the network (near impossible), but they don't seem concerned when you go to their own video store to buy movies for download--at full speed.
I haven't heard of the terrorist-hunting application being used, but I'm reasonably sure folks are listening in.
My understanding of how this works in practice is that our (UK) spy network, at GCHQ in Cheltenham, listens in to all your (US) phones- emails and so on with this "deep packet inspection" software and then informs your Government security services of anything of interest. In return your (US) government listens into our (UK) e-mails -phone calls etc. and tells our (UK) government of anything they would want to know about. In that way both security services can truthfully claim that they are not spying on their own citizens. They get someone else to do it, so we can all sleep easier in our beds.
That is if "UK intelligence" is not an oxymoron.
Login or Register to post comments.