Skip to main content

11. Surveillance, Privacy, And Intelligence Agencies

HE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666, 1994-09-10, Copyright Timothy C. May. All rights reserved. See the detailed disclaimer. Use short sections under "fair use" provisions, with appropriate credit, but don't put your name on my words.

11.2. SUMMARY: Surveillance, Privacy, And Intelligence Agencies .2.1. Main Points

11.2.2. Connections to Other Sections

11.2.3. Where to Find Additional Information

  • Bamford ("The Puzzle Palace"), Richelson (several books, including "U.S. Intelligence Agencies"), Burrows ("Deep Black," about the NRO and spy satellites), Covert Action Quarterly

11.2.4. Miscellaneous Comments

11.3. Surveillance and Privacy

11.3.1. We've come a long way from Secretary of State Stimpson's famous "Gentlemen do not read other gentlemen's mail" statement. It is now widely taken for granted that Americans are to be monitored, surveilled, and even wiretapped by the various intelligence agencies. The FBI, the National Security Agency, the CIA, the National Reconnaissance Office, etc. (Yes, these groups have various charters telling them who they can spy on, what legalities they have to meet, etc. But they still spy. And there's not an uproar--the "What have you got to hide?" side of the American privacy dichotomy.)

11.3.2. Duncan Frissell reminds us of Justice Jackson's 1948 dissenting opinion in some case:

  • "The government could simplify criminal law enforcement by requiring every citizen "to keep a diary that would show where he was at all times, with whom he was, and what he was up to." [D.F. 1994-09-06, from an article in the WSJ]
  • (It should be noted that tracking devices--collars, bracelets, implantable transmitters--exist and are in use with prisoners. Some parents are even installing them in children, it is rumored. A worry for the future?)

11.3.3. "What is the "surveillance state"?"

  • the issue with crypto is the centralization of eavesdropping...much easier than planting bugs
  • "Should some freedom be given up for security?"
    • "Those who are willing to trade freedom for security
      • deserve neither
      • freedom nor security
        • Ben Franklin
  • the tradeoff is often illusory--police states result when the trains are made to run on time
  • "It's a bit ironic that the Administration is crying foul so loudly over the Soviet/Russian spy in the CIA -- as if this was unfair - while they're openly proclaiming the right to spy on citizens and foreigners via Clipper." [Carl Ellison, 1994-02-23]
    • Cameras are becoming ubiquitous
      • cheap, integrated, new technologes
        • SDI fisheye lens
      • ATMs
      • traffic, speed traps, street corners
      • store security
    • Barcodes--worst fear of all...and not plausible
    • Automatic recognition is still lacking
      • getting better, slowly
      • neural nets, etc. (but these require training)

11.3.4. "Why would the government monitor my communications?" - "Because of economics and political stability...You can

build computers and monitoring devices in secret, deploy them in secret, and listen to everything. To listen to everything with bludgeons and pharmaceuticals would not only cost more in labor and equipment, but also engender a radicalizing backlash to an actual police state." [Eric Hughes, 1994-01-26]

  • Systems like Digital Telephony and Clipper make it much too easy for governments to routinely monitor their citizens, using automated technology that requires drastically less human involvement than previous police states required.

11.3.5. "How much surveillance is actually being done today?"

  • FBI and Law Enforcement Surveillance Activities
  • the FBI kept records of meetings (between American companies and Nazi interests), and may have used these records during and after the war to pressure companies
    • NSA and Security Agency Surveillance Activities
      • collecting economic intelligence
  • in WW2, Economic Warfare Council (which was renamed Board of Economic Warfare) kept tabs on shipments of petroleum and other products
  • MINARET, code word for NSA "watch list" material (intercepts) - SIGINT OPERATION MINARET
  • originally, watch list material was "TOP SECRET HANDLE VIA COMINT CHANNELS ONLY UMBRA GAMMA"
  • NSA targeting is done primarily via a list called Intelligence Guidelines for COMINT Priorities (IGCP)
  • committe made up of representatives from several intelligence agencies
  • intiated in around 1966
  • revelations following Pentagon Papers security elsur had picked up private of the Papers) was late 1963, early 1964...about time UB going main antenna system for intercepting ASCII from un-TEMPESTed terminals and PCs
  • signals can be picked up through walls up to a foot thick (or more, considering how such impulses bounce around)
    • Joint FBI/NSA Surveillance Activities
      • Operation Shamrock was a tie between NSA and FBI
  • since 1945, although there had been earlier intercepts, too - COINTELPRO, dissidents, radicals + 8/0/45 Operation Shamrock begins
  • a sub rosa effort to continue the monitoring arrangements of WW II
  • ITT Communications agreed to turn over all cables
  • RCA Communications also turned over all cables
  • even had an ex-Signal Corps officer as a VP to handle the details
  • direct hookups to RCA lines were made, for careful monitoring by the ASA
  • cables to and from corporations, law firms, embassies, citizens were all kept
  • 12/16/47 Meeting between Sosthenes Behn of ITT, General Ingles of RCA, and Sec. of Defense James Forrestal
  • to discuss Operation Shamrock
  • to arrange exemptions from prosecution
  • 0/0/63 Operation Shamrock enters a new phase as RCA Global switches to computerized operation
  • coincident with Harvest at NSA
  • and perfect for start of UB/Severn operations
  • 1/6/67 Hoover officially terminates "black bag" operations
  • concerned about blowback
  • had previously helped NSA by stealing codes, ciphers, decrypted traffic, planting bugs on phone lines, etc.
  • from embassies, corporations
  • unclear as to whether these operations continued anyway
  • Plot Twist: may have been the motivation for NSA and UB/Severn to pursue other avenues, such as the use of criminals as cutouts
  • and is parallel to "Plumbers Unit" used by White House
  • 10/1/73 AG Elliot Richardson orders FBI and SS to stop requesting NSA surveillance material
  • NSA agreed to stop providing this, but didn't tell Richardson about Shamrock or Minaret
  • however, events of this year (1973) marked the end of Minaret
  • 3/4/77 Justice Dept. recommends against prosecution of any NSA or FBI personnel over Operations Shamrock and Minaret
  • decided that NSCID No. 9 (aka No. 6) gave NSA sufficient leeway - 5/15/75 Operation Shamrock officially terminated - and Minaret, of course
    • Operation Shamrock-Details
      • 8/0/45 Operation Shamrock begins
  • a sub rosa effort to continue the monitoring arrangements of WW II
  • ITT Communications agreed to turn over all cables
  • RCA Communications also turned over all cables
  • even had an ex-Signal Corps officer as a VP to handle the details
  • direct hookups to RCA lines were made, for careful monitoring by the ASA
  • cables to and from corporations, law firms, embassies, citizens were all kept
  • 12/16/47 Meeting between Sosthenes Behn of ITT, General Ingles of RCA, and Sec. of Defense James Forrestal
  • to discuss Operation Shamrock
  • to arrange exemptions from prosecution + 0/0/63 Operation Shamrock enters a new phase as RCA Global switches to computerized operation
  • coincident with Harvest at NSA
  • and perfect for start of UB/Severn operations
  • 8/18/66 (Thursday) New analysis site in New York for Operation Shamrock
  • Louis Tordella meets with CIA Dep. Dir. of Plans and arranges to set up a new listening post for analysis of the tapes from RCA and ITT (that had been being shipped to NSA and then back)
  • Tordella was later involved in setting up the watch list in 1970 for the BNDD, (Operation Minaret)
  • LPMEDLEY was code name, of a television tape processing shop (reminiscent of "Man from U.N.C.L.E."
  • but NSA had too move away later - 5/15/75 Operation Shamrock officially terminated + 10/1/73 AG Elliot Richardson orders FBI and SS to stop requesting NSA surveillance material
  • NSA agreed to stop providing this, but didn't tell Richardson about Shamrock or Minaret
  • however, events of this year (1973) marked the end of Minaret
  • Abzug committee prompted by New York Daily News report, 7/22/75, that NSA and FBI had been monitoring commercial cable traffic (Operation Shamrock)
  • 6/30/76 175 page report on Justice Dept. investigation of Shamrock and Minaret
  • only 2 copies prepared, classified TOP SECRET UMBRA, HANDLE VIA COMINT CHANNELS ONLY + 3/4/77 Justice Dept. recommends against prosecution of any NSA or FBI personnel over Operations Shamrock and Minaret
  • decided that NSCID No. 9 (aka No. 6) gave NSA sufficient leeway
  • the NSA program, begun in August 1945, to monitor all telegrams entering or leaving the U.S.
  • reminiscent of Yardley's arrangements in the 1920s (and probably some others)
  • known only to Louis Tordella and agents involved
  • compartmentalization
  • many links, from secrecy, compartmentalization, and illegality to the methods used and the subversion of government power
  • "Shamrock was blown...Ultra Black burrowed even deeper."
    • NSA, FBI, and surveillance of Cuban sympathizers
      • "watch list" used
  • were there links to Meyer Lansky and Trafficante via the JFK-Mafia connection? - various Watergate break-in connections (Cubans used) - Hoover ended black-bag operations in 1967-8
  • NSA, FBI, and Dissenters (COINTELPRO-type activities) + 10/20/67 NSA is asked to begin collecting information related to civil disturbances, war protesters, etc.
  • Army Intelligence, Secret Service, CIA, FBI, DIA were all involved
  • arguably, this continues (given the success of FBI and Secret Service in heading off major acts of terrorism and attempted assassinations)
    • Huston Plan and Related Plans (1970-71)
  • 7/19/66 Hoover unofficially terminates black bag operations
  • 1/6/67 Hoover officially terminates black bag operations
  • fearing blowback, concerned about his place in history
  • 6/20/69 Tom C. Huston recommends increased intelligence activity on dissent
  • memo to NSA, CIA, DIA, FBI
  • this later becomes basis of Huston Plan
  • 6/5/70 Meeting at White House to prepare for Huston Plan; Interagency Committee on Intelligence (Ad Hoc), ICI
  • Nixon, Huston, Ehrlichman, Haldeman, Noel Gayler of NSA. Richard Helms of CIA, J. Edgar Hoover of FBI, Donald V. Bennett of DIA
  • William Sullivan of FBI named to head ICI
  • NSA enthusiastically supported ICI
  • PROD named Benson Buffham as liaison
  • sought increased surreptitious entries and elimination of legal restrictions on domestic surveillance (not that they had felt bound by legalisms)
  • recipients to be on "Bigot List" and with even more security than traditional TOP SECRET, HANDLE VIA COMINT CHANNELS ONLY + 7/23/70 Huston Plan circulated
  • 43 pages, entitled Domestic Intelligence Gathering Plan: Analysis and Stategy
  • urged increased surreptitious entries (for codes, ciphers, plans, membership lists)
  • targeting of embassies + 7/27/70 Huston Plan cancelled
  • pressure by Attorney General John Mitchell
  • and perhaps by Hoover
  • Huston demoted; he resigned a year later
  • but the Plan was not really dead...perhaps Huston's mistake was in being young and vocal and making the report too visible and not deniable enough
  • 12/3/70 Intelligence Evaluation Committee (IEC) meets (Son-of-Huston Plan)
  • John Dean arranged it in fall of '70
  • Robert C. Mardian, Assistant AG for Internal Security headed up the IEC
  • Benson Buffham of NSA/PROD, James Jesus Angleton of CIA, George Moore from FBI, Col. John Downie from DOD
  • essentially adopted all of Huston Plan
  • 1/26/71 NSA issues NSA Contribution to Domestic Intelligence (as part of IEC)
  • increased scope of surveillance related to drugs (via BNDD and FBI), foreign nationals
  • "no indication of origin" on generated material
  • full compartmentalization, NSA to ensure compliance
  • 8/4/71 G. Gordon Liddy attends IEC meeting, to get them to investigate leaks of Pentagon Papers
  • channel from NSA/PROD to Plumber's Unit in White House, bypassing other agencies + 6/7/73 New York Times reveals details of Huston Plan
  • full text published
  • trials of Weatherman jeopardized and ultimately derailed it
  • 10/1/73 AG Elliot Richardson orders FBI and SS to stop requesting NSA surveillance material
  • NSA agreed to stop providing this, but didn't tell Richardson about Shamrock or Minaret
  • however, events of this year (1973) marked the end of Minaret
    • FINCEN, IRS, and Other Economic Surveillance
  • set up in Arlington as a group to monitor the flows of money and information
  • eventually these groups will see the need to actively hack into computer systems used by various groups that are under investigation - ties to the death of Alan Standorf? (Vint Hill) - Casolaro, Riconosciutto

11.3.6. "Does the government want to monitor economic transactions?"

  • Incontrovertibly, they want to. Whether they have actual plans to do so is more debatable. The Clipper and Digital Telephony proposals are but two of the indications they have great plans laid to ensure their surveillance capabilities are maintained and extended.
    • The government will get increasingly panicky as more Net commerce develops, as trade moves offshore, and as encryption spreads.

11.3.7. A danger of the surveillance society: You can't hide

  • seldom discussed as a concern
  • no escape valve, no place for those who made mistakes to escape to
  • (historically, this is a way for criminals to get back on a better track--if a digital identity means their record forever follows them, this may...)
  • A growing problem in America and other "democratic" countries is the tendency to make mandatory what were once voluntary choices. For example, fingerprinting children to help in kidnapping cases may be a reasonable thing to do voluntarily, but some school districts are planning to make it mandatory.
    • This is all part of the "Let's pass a law" mentality.

11.3.8. "Should I refuse to give my Social Security Number to those who ask for it?"

  • It's a bit off of crypto, but the question does keep coming up on the Cypherpunks list.
  • Actually, they don't even need to ask for it anymore...it's attached to so many other things that pop up when they enter your name that it's a moot point. In other words, the same dossiers that allow the credit card companies to send you "preapproved credit cards" every few days are the same dossiers that MCI, Sprint, AT&T, etc. are using to sign you up.

11.3.9. "What is 'Privacy 101'?"

  • I couldn't think of a better way to introduce the topic of how individuals can protect their privacy, avoid interference by the government, and (perhaps) avoid taxes.
  • Duncan Frissell and Sandy Sandfort have given out a lot of tips on this, some of them just plain common sense, some of them more arcane.
  • They are conducting a seminar, entitled "PRIVACY 101" and the archives of this are available by Web at:
    • http://www.iquest.com/~fairgate/privacy/index.html

11.3.10. Cellular phones are trackable by region...people are getting phone calls as they cross into new zones, "welcoming" them

  • but it implies that their position is already being tracked

11.3.11. Ubiquitous use of SSNs and other personal I.D.

11.3.12. cameras that can recognize faces are placed in many public places, e.g., airports, ports of entry, government buildings

  • and even in some private places, e.g., casinos, stores that have had problems with certain customers, banks that face robberies, etc.

11.3.13. speculation (for the paranoids)

  • covert surveillance by noninvasive detection methods...positron emission tomography to see what part of the brain is active (think of the paranoia possibility!)
    • typically needs special compounds, but...

11.3.14. Diaries are no longer private

  • can be opened under several conditions
    • subpoena in trial
  • discovery in various court cases, including divorce, custody, libel, etc.
    • business dealings
  • psychiatrists (under Tarasoff ruling) can have records opened; whatever one may think of the need for crimes confessed to shrinks to be reported, this is certainly a new era
  • Packwood diary case establishes the trend: diaries are no longer sacrosanct
  • An implication for crypto and Cypherpunks topics is that diaries and similar records may be stored in encrypted forms, or located in offshore locations. There may be more and more use of offshore or encrypted records.

11.4. U.S. Intelligence Agencies: NSA, FinCEN, CIA, DIA, NRO, FBI

11.4.1. The focus here is on U.S. agencies, for various reasons. Most Cypherpunks are currently Americans, the NSA has a dominant role in surveillance technology, and the U.S. is the focus of most current crypto debate. (Britain has the GCHQ, Canada has its own SIGINT group, the Dutch have..., France has DGSE and

so forth, and...)

11.4.2. Technically, not all are equal. And some may quibble with my calling the FBI an "intelligence agency." All have surveillance and monitoring functions, albeit of different flavors.

11.4.3. "Is the NSA involved in domestic surveillance?"

  • Not completely confirmed, but much evidence that the answer is "yes":
  • previous domestic surveillance (Operation Shamrock, telegraphs, ITT, collusion with FBI, etc.)
    • reciprocal arrangements with GCHQ (U.K.)
  • arrangements on Indian reservations for microwave intercepts
    • the general technology allows it (SIGINT, phone lines)
  • the National Security Act of 1947, and later clarifications and Executive Orders, makes it likely
    • And the push for Digital Telephony.

11.4.4. "What will be the effects of widespread crypto use on intelligence collection?"

  • Read Bamford for some stuff on how the NSA intercepts overseas communications, how they sold deliberately- crippled crypto machines to Third World nations, and how much they fear the spread of strong, essentially unbreakable crypto. "The Puzzle Palace" was published in 1982.. .things have only gotten worse in this regard since.
  • Statements from senior intelligence officials reflect this concern.
  • Digital dead drops will change the whole espionage game. Information markets, data havens, untraceable e-mail...all of these things will have a profound effect on national security issues.
  • I expect folks like Tom Clancy to be writing novels about how U.S. national security interests are being threatened by "unbreakable crypto." (I like some Clancy novels, but there's no denying he is a right-winger who's openly critical of social trends, and that he believes druggies should be killed, the government is necessary to ward off evil, and ordinary citizens ought not to have tools the government can't overcome.)

11.4.5. "What will the effects of crypto on conventional espionage?"

  • Massive effects; watch out for this to be cited as a reason to ban or restrict crypto--however pointless that may be.
    • Effects:
      • information markets, a la BlackNet
  • digital dead drops -- why use Coke cans near oak trees when you can put messages into files and post them worldwide, with untraceably? (but, importantly, with a digital signature!)
    • transparency of borders
    • arms trade, arms deals
    • virus, weaponry

11.4.6. NSA budget

  • $27 billion over 6 years, give or take
  • may actually increase, despite end of Cold War
  • new threats, smaller states, spread of nukes, concerns about trade, money-laundering, etc.
    • first rule of bureaucracies: they always get bigger
    • NSA-Cray Computer supercomputer
  • press release, 1994-08-17, gives some clues about the capabilities sought by the surveillance state
  • "The Cray-3/SSS will be a hybrid system capable of vector parallel processing, scalable parallel processing and a combination of both. The system will consist of a dual processor 256 million word Cray-3 and a 512,000 processor 128 million byte single instruction multiple data (SIMD) array...SIMD arrays of one million processors are expected to be possible using the current version of the Processor-In-Memory (PIM) chips developed by the Supercomputing Research Center once the development project is completed. The PIM chip contains 64 single-bit processors and 128 kilobyte bits of memory. Cray Computer will package PIM chips utilizing its advanced multiple chip module packaging technology. The chips are manufactured by National Semiconductor Corporation."
  • This is probably the supercomputer described in the Gunter Ahrendt report

11.4.7. FINCEN, IRS, and Other Economic Surveillance

  • Financial Crimes Enforcement Network, a consortium or task force made up of DEA, DOJ, FBI, CIA, DIA, NSA, IRS, etc.
  • set up in Arlington as a group to monitor the flows of money and information
  • eventually these groups will see the need to hack into computer systems used by various groups that are under investigation
    • Cf. "Wired," either November or December, 1993

11.4.8. "Why are so many computer service, telecom, and credit agency companies located near U.S. intelligence agency sites?"

  • For example, the cluster of telecom and credit reporting agencies (TRW Credit, Transunion, etc.) in and around the McLean/Langley area of Northern Virginia (including Herndon, Vienna, Tyson's Corner, Chantilly, etc.)
  • same thing for, as I recall, various computer network providers, such as UUCP (or whatever), America Online, etc.
  • The least conspiratorial view: because all are located near Washington, D.C., for various regulatory, lobbying, etc. reasons
  • The most conspiratorial view: to ensure that the intelligence agencies have easy access to communications, direct landlines, etc.
  • credit reporting agencies need to clear identities that are fabricated for the intelligence agencies, WitSec, etc. (the three major credit agencies have to be complicit in these creations, as the "ghosts" show up immediately when past records are cross-correlated)
  • As Paul Ferguson, Cypherpunk and manager at US Sprint, puts it: "We're located in Herndon, Virginia, right across the street from Dulles Airport and a hop, skip & jump down the street from the new NRO office....,-)" [P.F., 1994-08-18]

11.4.9. Task Force 157, ONI, Kissinger, Castle Bank, Nugan Hand Bank, CIA

11.4.10. NRO building controversy

  • and an agency I hadn't seen listed until August, 1994: "The Central Imagery Office"

11.4.11. SIGINT listening posts

  • possible monkeywrenching?
  • probably too hard, even for an EMP bomb (non-nuclear, that is)

11.4.12. "What steps is the NSA taking?"

  • besides death threats against Jim Bidzos, that is
  • Clipper a plan to drive competitors out (pricing, export laws, harassment)
    • cooperation with other intelligence agencies, other nations
      • New World Order
  • death threats were likely just a case of bullying...but could conceivably be part of a campaign of terror--to shut up critics or at least cause them to hesitate

11.5. Surveillance in Other Countries

11.5.1. Partly this overlaps on the earlier discussion of crypto laws in other countries.

11.5.2. Major Non-U.S. Surveillance Organizations

  • BnD -- Bundesnachrichtendienst
    • German security service
  • BND is seeking constitutional amendment, buy may not need it, as the mere call for it told everyone what is already existing
    • "vacuum cleaner in the ether"
    • Gehlen...Eastern Front Intelligence
    • Pullach, outside Munchen
  • they have always tried to get the approval to do domestic spying...a key to power
    • Bundeskriminalamt (BKA) -- W. German FBI
      • HQ is at Wiesbaden
  • bomb blew up there when being examined, killing an officer (related to Pan Am/Lockerbie/PFLP-GC)
    • sign has double black eagles (back to back)
    • BVD -- Binnenlandse Veiligheids Dienst, Dutch Internal Security Service
    • SDECE
  • French intelligence (foreign intelligence), linked to Greepeace ship bombing in New Zealand?
  • SDECE had links to the October Surprise, as some French agents were in on the negotiations, the arms shipments out of Marseilles and Toulon, and in meetings with Russbacher and the others
  • DST, Direction de la Surveillance du Territoire, counterespionage arm of France (parallel to FBI)
    • DSGE, Direction GZnZrale de la SZcuritZ ExtZriere
  • provides draft deferments for those who deliver stolen information
    • Sweden, Forsvarets Radioanstalt ("Radio Agency of the Defense")
  • cracked German communications between occupied Norway and occupied Denmark
    • Beurling, with paper and pencil only
    • Mossad, LAKAM, Israel
      • HQ in Tel Aviv, near HQ of AMAN, military intelligence
        • doesn't HQ move around a lot?
  • LAKAM (sp?), a supersecret Israeli intelligence agency...was shown the PROMIS software in 1983
  • learned of the Pakistani success in building an atom bomb and took action against the Pakistani leadership: destruction of the plane carrying the President (Zia?) and some U.S. experts
  • Mossad knew of DIA and CIA involvement in BCCI financing of Pakistani atom bomb efforts (and links to other arms dealers that allowed triggers and the like to reach Pakistan)
  • revelations by Vanunu were designed to scare the Arab and Muslim world-and to send a signal that the killing of President Zia was to be the fate of any Pakistani leader who continued the program

11.5.3. They are very active, though they get less publicity than do the American CIA, NSA, FBI, etc.

11.6. Surveillance Methods and Technology

11.6.1. (some of this gets speculative and so may not be to everyone's liking)

11.6.2. "What is TEMPEST and what's the importance of it?"

  • TEMPEST apprarently stands for nothing, and hence is not an acronym, just a name. The all caps is the standard spelling.
    • RF emission, a set of specs for complying
    • Van Eyck (or Van Eck?) radiation
  • Mostly CRTs are the concern, but also LCD panels and the internal circuitry of the PCs, workstations, or terminals.
  • "Many LCD screens can be read at a distance. The signal is not as strong as that from the worst vdus, but it is still considerable. I have demonstrated attacks on Zenith laptops at 10 metres or so with an ESL 400 monitoring receiver and a 4m dipole antenna; with a more modern receiver, a directional antenna and a quiet RF environment there is no reason why 100 metres should be impossible." [Ross Anderson, Tempest Attacks on Notebook Computers ???, comp.security.misc, 1994-08-31]

11.6.3. What are some of the New Technologies for Espionage and Surveillance

  • Bugs
  • NSA and CIA have developed new levels of miniaturized bugs
  • e.g., passive systems that only dribble out intercepted material when interrogated (e.g., when no bug sweeps are underway)
  • many of these new bugging technologies were used in the John Gotti case in New York...the end of the Cold War meant that many of these technologies became available for use by the non-defense side
  • the use of such bugging technology is a frightening development: conversations can be heard inside sealed houses from across streets, and all that will be required is an obligatory warrant
  • DRAM storage of compressed speech...6-bit companded, frequency-limited, so that 1 sec of speech takes 50Kbits, or 10K when compressed, for a total of 36 Mbits per hour-this will fit on a single chip
  • readout can be done from a "mothership" module (a larger bug that sits in some more secure location) - or via tight-beam lasers
    • Bugs are Mobile
  • can crawl up walls, using the MIT-built technology for microrobots - some can even fly for short distances (a few klicks)
    • Wiretaps
      • so many approaches here
      • phone switches are almost totally digital (a la ESS IV)
      • again, software hacks to allow wiretaps
    • Vans equipped to eavesdrop on PCs and networks
      • TEMPEST systems
  • technology is somewhat restricted, companies doing this work are under limitations not to ship to some customers
  • no laws against shielding, of course
  • these vans are justified for the "war on drugs" and weapons proliferation controle efforts (N.E.S.T., antiIraq, etc.)
    • Long-distance listening
      • parabolic reflectors, noise cancellation (from any off- axis sources), high gain amplification, phoneme analysis
  • neural nets that learn the speech patterns and so can improve clarity
    • lip-reading
      • with electronically stabilized CCD imagers, 3000mm lenses
  • neural net-based lip-reading programs, with learning systems capable of improving performance
  • for those in sensitive positions, the availability of new bugging methods will accelerate the conversion to secure systems based on encrypted telecommunications and the avoidance of voice-based systems

11.6.4. Digital Telephony II is a major step toward easier surveillance

11.6.5. Citizen tracking

  • the governments of the world would obviously like to trace the movements, or at least the major movements, of their subjects
    • makes black markets a bit more difficult
  • surfaces terrorists, illegal immigrants, etc. (not perfectly)
    • allows tracking of "sex offenders"
  • who often have to register with the local police, announce to their neighbors their previous crimes, and generally wear a scarlet letter at all times--I'm not defending rapists and child molesters, just noting the dangerous precedent this is setting
  • because its the nature of bureaucracies to want to know where "their" subjects are (dossier society = accounting society...records are paramount)
  • Bill Stewart has pointed out that the national health care systems, and the issuance of social security numbers to children, represent a way to track the movements of children, through hospital visits, schools, etc. Maybe even random check points at places where children gather (malls, schools, playgrounds, opium dens, etc.)
  • children in such places are presumed to have lesser rights, hence...
  • this could all be used to track down kidnapped children, non-custodial parents, etc.
  • this could be a wedge in the door: as the children age, the system is already in place to continue the tracking (about the right timetable, too...start the systme this decade and by 2010 or 2020, nearly everybody will be in it)
  • (A true paranoid would link these ideas to the child photos many schools are requring, many local police departments are officially assisting with, etc. A dossier society needs mug shots on all the perps.)
  • These are all reasons why governments will continue to push for identity systems and will seek to derail efforts at providing anonymity
    • Surveillance and Personnel Identification
  • cameras that can recognize faces are placed in many public places, e.g., airports, ports of entry, government buildings
  • and even in some private places, e.g., casinos, stores that have had problems with certain customers, banks that face robberies, etc.
    • "suspicious movements detectors"
  • cameras that track movements, loitering, eye contact with other patrons
  • neural nets used to classify behvaiors

11.6.6. Cellular phones are trackable by region...people are getting phone calls as they cross into new zones, "welcoming" them

  • but it implies that their position is already being tracked

11.6.7. coming surveillance, Van Eck, piracy, vans

  • An interesting sign of things to come is provided in this tale from a list member: "In Britain we have 'TV detector Vans'. These are to detect licence evaders (you need to pay an annual licence for the BBC channels). They are provided by the Department of Trade and Industry. They use something like a small minibus and use Van Eck principles. They have two steerable detectors on the van roof so they can triangulate. But TV shops have to notify the Government of buyers - so that is the basic way in which licence evaders are detected. ... I read of a case on a bulletin board where someone did not have a TV but used a PC. He got a knock on the door. They said he appeared to have a TV but they could not make out what channel he was watching! [Martin Spellman, mspellman@cix.compulink.co.uk, 19940703]
  • This kind of surveillance is likely to become more and more common, and raises serious questions about what other information they'll look for. Perhaps the software piracy enforcers (Software Publishers Association) will look for illegal copies of Microsoft Word or SimCity! (This area needs more discussion, obviously.)

11.6.8. wiretaps

  • supposed to notify targets within 90 days, unless extended by a judge
  • Foreign Intelligence Surveillance Act cases are exempt from this (it is likely that Cypherpunks wiretapped, if they have been, for crypto activities fall under this case...foreigners, borders being crossed, national security implications, etc. are all plausible reasons, under the Act)

11.7. Surveillance Targets

11.7.1. Things the Government May Monitor

  • besides the obvious things like diplomatic cable traffic, phone calls from and to suspected terrorists and criminals, etc.
    • links between Congressmen and foreign embassies
  • claims in NYT (c. 9-19-91) that CIA had files on Congressmen opposing aid to Contras
    • Grow lamps for marijuana cultivation
  • raids on hydroponic supply houses and seizure of mailing lists
    • records of postings to alt.drugs and alt.psychoactive
    • vitamin buyers clubs
    • Energy consumption
      • to spot use of grow lamps
  • but also might be refined to spot illegal aliens being sheltered or any other household energy consumption "inconsistent with reported uses" - same for water, sewage, etc.
    • raw chemicals
  • as with monitors on ammonium nitrate and other bomb materials
  • or feedstock for cocaine production (recall various seizures of shipments of chemicals to Latin America)
    • checkout of books, a la FBI's "Library Awareness Program" of around 1986 or so
  • attendance at key conferences, such as Hackers Conference (could have scenes involving this), Computer Security Conference

11.7.2. Economic Intelligence (Spying on Corporations, Foreign and Domestic)

  • "Does the NSA use economic intelligence data obtained in intercepts?"
  • Some of us speculate that this is so, that this has been going on since the 1960s at least. For example, Bamford noted in 1982 that the NSA had foreknowledge of the plans by the British to devalue the pound in the late 1970s, and knowledge of various corporate plans.
  • The NSA clears codes used by the CIA, so it seem impossible for the NSA not to have known about CIA drug smuggling activities. The NSA is very circumspect, however, and rarely (or never) comments.
    • there have been calls for the government to somehow help American business and overall competitiveness by "levelling the playing field" via espionage
  • especially as the perceived threat of the Soviet bloc diminishes and as the perceived threat of Japan and Germany increases
  • leaders of the NSA and CIA have even talked openly about turning to economic surveillance
    • Problems with this proposal:
      • illegal
      • unethical
  • who gets the intelligence information? Does NSA just call up Apple and say "We've intercepted some message from Taiwan that describe their plans for factories. Are you interested?"
  • the U.S. situation differs from Japan and MITI (which is often portrayed as the model for how this ought to work) in that we have many companies with little or no history of obeying government recommendations
  • and foreign countries will likely learn of this espionage and take appropriate measures - e.g., by increasing encryption

11.7.3. War on Drugs and Money Laundering is Causing Increase in Surveillance and Monitoring

  • monitoring flows of capital, cash transactions, etc.
  • cooperation with Interpol, foreign governments, even the Soviets and KGB (or whatever becomes of them)
  • new radar systems are monitoring light aircraft, boats, etc.

11.8.1. "Can my boss monitor my work?" "Can my bankruptcy in 1980 be used to deny me a loan?" etc.

  • Libertarians have a very different set of answers than do many others: the answer to all these questions is mostly "yes," morally (sorry for the normative view).

11.8.2. Theme: to protect some rights, invasion of privacy is being justified

  • e.g., by forcing employer records to be turned over, or of seizing video rental records (on the grounds of catching sexual deviants)
    • various laws about employee monitoring

11.8.3. Government ID cards, ability to fake identities

  • The government uses its powers to forge credentials, with the collusion of the major credit agencies (who obviously see these fake identities "pop into existence full-blown."
    • WitSec, FINCen, false IDs, ties to credit card companies
  • DEA stings, Heidi in La Jolla, Tava, fake tax returns, fake bank applications, fake IDs
  • the "above it all" attitude is typical of this...who guards the guardians?
    • WitSec, duplicity

11.8.4. Legalities of NSA surveillance

  • read Bamford for some circa 1982 poinra
  • UK-USA
  • ECPA
  • national security exemptions
  • lots of confusion; however, the laws have never had any real influence, and I cannot imagine the NSA being sued!

11.9. Dossiers and Data Bases

11.9.1. "The dossier never forgets"

  • any transgressions of any law in any country can be stored indefinitely, exposing the transgressor to arrest and detention anytime he enters a country with such a record on him
    • (This came up with regard to the British having quaint ideas about computer security, hacking, and data privacy; it is quite possible that an American passing through London could be detained for some obscure violation years in the past.)
  • this is especially worrisome in a society in which legal codes fill entire rooms and in which nearly every day produces some violation of some law

11.9.2. "What about the privacy issues with home shopping, set-top boxes, advertisers, and the NII?"

  • Do we want our preferences in toothpaste fed into databases so that advertisers can target us? Or that our food purchases be correlated and analyzed by the government to spot violations of the Dietary Health Act?
  • First, laws which tell people what records they are "allowed" to keep are wrong-headed, and lead to police state inspections of disk drives, etc. The so-called "Data Privacy" laws of several European nations are a nightmare. Strong crypto makes them moot.
  • Second, it is mostly up to people to protect what they want protected, not to pass laws demanding that others protect it for them.
  • In practice, this means either use cash or make arrangements with banks and credit card companies that will protect privacy. Determining if they have or not is another issue, but various ideas suggest themselves (John Gilmore says he often joins groups under variants of his name, to see who is selling his name to mailing lists.)
  • Absent any laws which forbid them, privacy-preserving credit card companies will likely spring up if there's a market demand. Digital cash is an example. Other variants abound. Cypherpunks should not allow such alternatives to be banned, and should of course work on their own such systems.

11.9.3. credit agencies

  • TRW Credit, Transunion, Equifax
  • links to WitSec

11.9.4. selling of data bases, linking of records...

  • several states have admitted to selling their driver's license data bases

11.10. Police States and Informants

11.10.1. Police states need a sense of terror to help magnify the power or the state, a kind of "shrechlichkeit," as the Nazis used to call it. And lots of informants. Police states need willing accomplices to turn in their neighbors, or even their parents, just as little Pavel Morozov became a Hero of the Soviet People by sending his parents to their deaths in Stalin's labor camps for the crime of expressing negative opinions about the glorious State.

  • (The canonization of Pavel Morozov was recently repudiated by current Russian leaders--maybe even by the late-Soviet era leades, like Gorbachev--who pointed out the corrosive effects of encouraging families to narc on each other...something the U.S. has forgotten...will it be 50 years before our leaders admit that having children turn in Daddy for using "illegal crypto" was not such a good idea?)

11.10.2. Children are encouraged in federally-mandated D.A.R.E. programs to become Junior Narcs, narcing their parents the cops and counselors who come into their schools.

11.10.3. The BATF has a toll-free line (800-ATF-GUNS) for neighbors who one thinks are violating the federal gun

out of tips by spouses and ex-spouses...they have the inside dope, the motive, and the means - a sobering thought even in the age of crypto

  • the U.S. is increasing a society of narcs and stool pigeons, with "CIs" (confidential informants), protected witnesses (with phony IDs and lavish lifestyles), and with all sorts of vague threats and promises
  • in a system with tens of thousands of laws, nearly all behavior breaks at least some laws, often unavoidably, and hence a powerful sword hangs over everyone's head
  • corrosion of trust, especially within families (DARE program in schools encourages children to narc on their parents who are "substance abusers"!)

11.11. Privacy Laws

11.11.1. Will proposed privacy laws have an effect?

  • I suspect just the opposite: the tangled web of laws-part of the totalitarian freezeout-will "marginalize" more people and cause them to seek ways to protect their own privacy and protect themselves from sanctions over their actions
  • free speech vs. torts, SLAPP suits, sedition charges, illegal research, etc.
  • free speech is vanishing under a torrent of laws, licensing requirements, and even zoning rules
    • outlawing of work on drugs, medical procedures, etc.
  • against the law to disseminate information on drug use (MDMA case at Stanford), on certain kinds of birth control
  • "If encrytion is outlawed, only outlaws will have encryption."
  • privacy laws are already causing encryption ("file protection") to be mandatory in many cases, as with medical records, transmission of sensitive files, etc.
  • by itself this is not in conflict with the government requirement for tappable access, but the practical implementation of a two-tier system-secure against civilian tappers but readable by national security tappers-is a nightmare and is likely impossible to achieve

11.11.2. "Why are things like the "Data Privacy Laws" so bad?"

  • Most European countries have laws that limit the collection of computerized records, dossiers, etc., except for approved uses (and the governments themselves and their agents).
  • Americans have no such laws. I've heard calls for this, which I think is too bad.
  • While we may not like the idea of others compiling dossiers on us, stopping them is an even worse situation. It gives the state the power to enter businesses, homes, and examine computers (else it is completely unenforceable). It creates ludicrous situations in which, say, someone making up a computerized list of their phone contacts is compiling an illegal database! It makes e-mail a crime (those records that are kept).
    • they are themselves major invasions of privacy
  • are you going to put me in jail because I have data bases of e-mail, Usenet posts, etc.?
  • In my opinion, advocates of "privacy" are often confused about this issue, and fail to realize that laws about privacy often take away the privacy rights of others. (Rights are rarely in conflict--contract plus self-privacy take care of 99% of situations where rights are purported to be in conflict.)

11.11.3. on the various "data privacy laws"

  • many countries have adopted these data privacy laws, involving restrictions on the records that can be kept, the registration of things like mailing lists, and heavy penalties for those found keeping computer files deemed impermissable
    • this leads to invasions of privacy...this very Cypherpunks list would have to be "approved" by a bureaucrat in many countries...the oportunites (and inevitabilities) of abuse are obvious
  • "There is a central contradiction running through the dabase regulations proposed by many so-called "privacy advocates". To be enforceable they require massive government snooping into database activities on our workstatins and PCs, especially the activities of many small at-home businesses (such as mailing list entrepreneurs who often work out of the home). "Thus, the upshot of these so-called "privacy" regulations is to destroy our last shreds of privacy against government, and calm us into blindly letting even more of the details of our personal lives into the mainframes of the major government agencies and credit reporting agenices, who if they aren't explicitly excepted from the privacy laws (as is common) can simply evade them by using offshore havesn, mutual agreements with foreign investigators, police and intelligence agencies." [Jim Hart, 1994-09-08]

11.11.4. "What do Cypherpunks think about this?"

  • divided minds...while no one likes being monitored, the question is how far one can go to stop others from being monitored
  • "Data Privacy Laws" as a bad example: tramples on freedom to write, to keep one's computer private

11.11.5. Assertions to data bases need to be checked (credit, reputation, who said what, etc.)

  • if I merely assert that Joe Blow no longer is employed, and this spreads...

11.12. National ID Systems

11.12.1. "National ID cards are just the driver's licenses on the Information Superhighway." [unknown...may have been my coining]

11.12.2. "What's the concern?"

11.12.3. Insurance and National Health Care will Produce the "National ID" that will be Nearly Unescapable

  • hospitals and doctors will have to have the card...cash payments will evoke suspicion and may not even be feasible

11.12.4. National ID Card Arguments

  • "worker's permit" (another proposal, 1994-08, that would call for a national card authorizing work permission)
    • immigration, benefit
  • possible tie-in to the system being proposed by the US Postal Service: a registry of public keys (will they also "issue" the private-public key pair?)
    • software key escrow and related ideas
  • "I doubt that one would only have to "flash" your card and be on your way. More correctly, one would have to submit to being "scanned" and be on your way....This would also serve to be a convienient locator tag if installed in the toll systems and miscellaneous "security checkpoints". Why would anyone with nothing to hide care if your every move could be monitored? Its for your own good, right? Pretty soon sliding your ID into slots in everyplace you go will be common." [Korac MacArthur, comp.org.eff.talk, 1994-0725]

11.12.5. "What are some concerns about Universal ID Cards?"

  • "Papierren, bitte! Schnell!
  • that they would allow traceability to the max (as folks used to say)... tracking of movements, erosion of privacy
  • that they would be required to be used for banking transactions, Net access, etc. (As usual, there may be workarounds, hacks, ...)
  • "is-a-person" credentially, where government gets involved in the issuance of cryptographic keys (a la the USPS proposal), where only "approved uses" are allowed, etc.
    • timestamps, credentials

11.12.6. Postal Service trial balloon for national ID card

  • "While it is true that they share technology, their intent and purpose is very different. Chaum's proposal has as its intent and purpose to provide and protect anonymity in financial transactions. The intent and purpose of the US Postal Service is to identify and authenticate you to the government and to guarantee the traceability of all financial transactions." [WHMurray, alt.privacy, 1994-0704]

11.12.7. Scenario for introduction of national ID cards

  • Imagine that vehicle registrations require presentation of this card (gotta get those illegals out of their cars, or, more benignly, the bureaucracy simply makes the ID cars part of their process).
  • Instantly this makes those who refuse to get an ID card unable to get valid license tags. (Enforcement is already pretty good...I was pulled over a couple of times for either forgetting to put my new stickers on, or for driving with Oregon expired tags.)
  • The "National Benefits Card," for example, is then required to get license plate tags.and maybe other things, like car and home insurance, etc. It would be very difficult to fight such a card, as one could not drive, could not pay taxes ("Awhh!" I hear you say, but consider the penalties, the tie-ins with employers, etc. You can run but you can't hide.)
  • the national ID card would presumably be tied in to income tax filings, in various ways I won't go into here. The Postal Service, aiming to get into this area I guess, has floated the idea of electronic filing, ID systems, etc.

11.12.8. Comments on national ID cards

  • That some people will be able to skirt the system, or that the system will ultimately be unenforceable, does not lessen the concern. Things can get real tough in the meantime.
  • I see great dangers here, in tying a national ID card to transactions we are essentially unable to avoid in this society: driving, insurance (and let's not argue insurance...I mean it is unavoidable in the sense of legal issues, torts, etc.), border crossings, etc. Now how will one file taxes without such a card if one is made mandatory for interactions with the government? Saying "taxes are not collectable" is not an adequate answer. They may not be collectible for street punks and others who inhabit the underground economy, but they sure are for most of us.

11.13. National Health Care System Issues

11.13.1. Insurance and National Health Care will Produce the "National ID" that will be Nearly Unescapable

  • hospitals and doctors will have to have the card...cash payments will evoke suspicion and may not even be feasible

11.13.2. I'm less worried that a pharmacist will add me to some database he keeps than that my doctor will be instructed to compile a dossier to government standards and then zip it off over the Infobahn to the authorities.

11.13.3. Dangers and issues of National Health Care Plan

  • tracking, national ID card
  • "If you think the BATF is bad, wait until the BHCRCE goes into action. "What is the BHCRCE?" you ask. Why, it the Burea of Health Care Reform Compliance Enforcement - the BATF, FBI, FDA, CIA and IRS all rolled into one." [Dave Feustel, talk.politics.guns, 1994-08-19]
  • Bill Stewart has pointed out the dangers of children having social security numbers, of tracking systems in schools and hospitals, etc.

11.14. Credentials

11.14.1. This is one of the most overlooked and ignored aspects of cryptology, especially of Chaum's work. And no one in Cypherpunks or anywhere else is currently working on "blinded credentials" for everyday use.

11.14.2. "Is proof of identity needed?"

  • This question is debated a lot, and is important. Talk of a national ID card (what wags call an "internal passport") is in the air, as part of health care, welfare, and immigration legislation. Electronic markets make this also an issue for the ATM/smart card community. This is also closely tied in with the nature of anonymous reamailers (where physical identity is of course generally lacking).
    • First, "identity" can mean different things:
  • Conventional View of Identity: Physical person, with birthdate, physical characteristics, fingerprints, social security numbers, passports, etc.--the whole cloud of "identity" items. (Biometric.)
  • Pseudonym View of Identity: Persistent personnas, mediated with cryptography. "You are your key."
  • Most of us deal with identity as a mix of these views: we rarely check biometric credentials, but we also count on physical clues (voice, appearance, etc.). I assume that when I am speaking to "Duncan Frissell," whom I've never met in person, that he is indeed Duncan Frissell. (Some make the jump from this expectation to wanting the government enforce this claim, that is, provided I.D.)
  • It is often claimed that physical identity is important in order to:
    • track down cheaters, welchers, contract breakes, etc.
  • permit some people to engage in some transactions, and forbid others to (age credentials, for drinking, for example, or---less benignly--work permits in some field)
  • taxation, voting, other schemes tied to physical existence
  • But most of us conduct business with people without ever verifying their identity credentials...mostly we take their word that they are "Bill Stewart" or "Scott Collins," and we never go beyond that.
  • this could change as digital credentials proliferate and as interactions cause automatic checks to be made (a reason many of us have to support Chaum's "blinded credentials" idea--without some crypto protections, we'll be constantly tracked in all interactions).
  • A guiding principle: Leave this question of whether to demand physical ID credentials up to the parties involved. If Alice wants to see Bob's "is-a-person" credential, and take his palmprint, or whatever, that's an issue for them to work out. I see no moral reason, and certainly no communal reason, for outsiders to interfere and insist that ID be produced (or that ID be forbidden, perhaps as some kind of "civil rights violation"). After all, we interact in cyberspace, on the Cypherpunks list, without any such external controls on identity.
  • and business contracts are best negotiated locally, with external enforcement contracted by the parties (privately- produced law, already seen with insurance companies, bonding agents, arbitration arrangements, etc.)
  • Practically speaking, i.e., not normatively speaking, people will find ways around identity systems. Cash is one way, remailers are another. Enforcement of a rigid identitybased system is difficult.

11.14.3. "Do we need "is-a-person" credentials for things like votes on the Net?"

  • That is, any sysadmin can easily create as many user accounts as he wishes. And end users can sign up with various services under various names. The concern is that this Chicago-style voting (fictitious persons) may be used to skew votes on Usenet.
    • Similar concerns arise elsewhere.
  • In my view, this is a mighty trivial reason to support "isa-person" credentials.

11.14.4. Locality, credentials, validations

  • Consider the privacy implications of something so simple as a parking lot system. Two main approaches:
  • First Approach. Cash payment. Car enters lot, driver pays cash, a "validation" is given. No traceability exists. (There's a small chance that one driver can give his sticker to a new driver, and thus defraud the parking lot. This tends not to happen, due to the inconveniences of making a market in such stickers (coordinating with other car, etc.) and because the sticker is relatively inexpensive.)
  • Second Approach. Billing of driver, recording of license plates. Traceability is present, especially if the local parking lot is tied in to credit card companies, DMV, police, etc. (these link-ups are on the wish list of police agencies, to further "freeze out" fugitives, child support delinquents, and other criminals).
  • These are the concerns of a society with a lot of electronic payments but with no mechanisms for preserving privacy. (And there is currently no great demand for this kind of privacy, for a variety of reasons, and this undercuts the push for anonymous credential methods.)
  • An important property of true cash (gold, bank notes that are well-trusted) is that it settles immediately, requiring no time-binding of contracts (ability to track down the payer and collect on a bad transaction)

11.15. Records of all UseNet postings

11.15.1. (ditto for CompuServe, GEnie, etc.) will exist

11.15.2. "What kinds of monitoring of the Net is possible?"

  • Archives of all Usenet traffic. This is already done by commercial CD-ROm suppliers, and others, so this would be trivial for various agencies.
  • Mail archives. More problematic, as mail is ostensibly not public. But mail passes through many sites, usually in unencrypted form.
  • Traffic analysis. Connections monitored. Telnet, ftp, email, Mosaid, and other connections.
  • Filtered scans of traffic, with keyword-matched text stored in archives.

11.15.3. Records: note that private companies can do the same thing, except that various "right to privacy" laws may try to interfere with this

  • which causes its own constitutional privacy problems, of course

11.15.4. "How can you expect that something you sent on the UseNet to several thousand sites will not be potentially held against you? You gave up any pretense of privacy when you broadcast your opinions-and even detailed declarations of your activities-to an audience of millions. Did you really think that these public messages weren't being filed away? Any private citizen would find it almost straightforward to sort a measly several megabytes a day by keywords, names of posters, etc." [I'm not sure if I wrote this, or if someone else who I forgot to make a note of did]

11.15.5. this issue is already coming up: a gay programmer who was laid-off discussed his rage on one of the gay boards and said he was thinking of turning in his former employer for widespread copying of Autocad software...an Autodesk employee answered him with "You just did!"

11.15.6. corporations may use GREP and On Location-like tools to search public nets for any discussion of themselves or their products

  • by big mouth employees, by disgruntled customers, by known critics, etc.
    • even positive remarks that may be used in advertising (subject to various laws)

11.15.7. the 100% traceability of public postings to UseNet and other bulletin boards is very stifling to free expression and becomes one of the main justifications for the use of anonymous (or pseudononymous) boards and nets

  • there may be calls for laws against such compilation, as with the British data laws, but basically there is little that can be done when postings go to tens of thousands of machines and are archived in perpetuity by many of these nodes and by thousands of readers
  • readers who may incorporate the material into their own postings, etc. (hence the absurdity of the British law)

11.16. Effects of Surveillance on the Spread of Crypto

11.16.1. Surveillance and monitoring will serve to increase the use of encryption, at first by people with something to hide, and

then by others
  • a snowballing effect
  • and various government agencies will themselves use encryption to protect their files and their privacy

11.16.2. for those in sensitive positions, the availability of new bugging methods will accelerate the conversion to secure systems based on encrypted telecommunications and the avoidance of voice-based systems

11.16.3. Surveillance Trends

  • Technology is making citizen-unit surveillance more and more trivial
  • video cameras on every street corners are technologically easy to implement, for example
  • or cameras in stores, in airports, in other public places
    • traffic cameras
  • tracking of purchases with credit cards, driver's licenses, etc.
  • monitoring of computer emissions (TEMPEST issues, often a matter of paranoid speculation)
  • interception of the Net...wiretapping, interception of unencrypted communications, etc.
  • and compilation of dossier entries based on public postings
  • This all makes the efforts to head-off a person-tracking, credentials-based society all the more urgent. Monkeywrenching, sabotage, public education, and development of alternatives are all needed.
  • If the surveillance state grows as rapidly as it now appears to be doing, more desperate measures may be needed. Personally, I wouldn't shed any tears if Washington, D.C. and environs got zapped with a terrorist nuke; the innocents would be replaced quickly enough, and the death of so many political ghouls would surely be worth it. The destruction of Babylon.
  • We need to get the message about "blinded credentials" (which can show some field, like age, without showing all fields, including name and such) out there. More radically, we need to cause people to question why credentials are as important as many people seem to think.
  • I argue that credentials are rarely needed for mutually agreed-upon transactions

11.17. Loose Ends

11.17.1. USPS involvement in electronic mail, signatures, authentication (proposed in July-August, 1994)

  • Advantages:
    • many locations
    • a mission already oriented toward delivery
  • Disadvantages:
  • has performed terribly, compared to allowed compettion (Federal Express, UPS, Airborne, etc.)
    • it's linked to the goverment (now quasi-independent, but not really)
  • could become mandatory, or competition restricted to certain niches (as with the package services, which cannot have "routes" and are not allowed to compete in the cheap letter regime)
    • a large and stultified bureaucracy, with union labor
  • Links to other programs (software key escrow, Digital Telephony) not clear, but it seems likely that a quasi- governemt agency like the USPS would be cooperative with government, and would place limits on the crypto systems allowed.

11.17.2. the death threats

  • An NSA official threatened to have Jim Bidzos killed if he did not change his position on some negotiation underway. This was reported in the newspaper and I sought confirmation:
  • "Everything reported in the Merc News is true. I am certain that he wasnot speaking for the agency, but when it happened he was quite serious, at least appeared to be. There was a long silence after he made the threat, with a staring contest. He was quite intense. "I respect and trust the other two who were in the room (they were shocked and literally speechless, staring into their laps) and plan to ask NSA for a written apology and confirmation that he was not speaking for the agency. We'll see if I get it. If the incident made it into their trip reports, I have a chance of getting a letter." [jim@RSA.COM (Jim Bidzos), personal communication, posted with permission to talk.politics.crypto, 1994-06-28]

11.17.3. False identities...cannot just be "erased" from the computer memory banks. The web of associations, implications, rule firings...all mean that simple removal (or insertion of a false identity) produces discontinuities, illogical developments, holes...history is not easily changed.

No Comments
Back to top