Dienstag, 10. September 2013

Countering the surveillance

The extent of the recently exposed world wide surveillance by the USA and the UK --- and probably by all the other nations as well --- is not very surprising to those who do have a certain technical knowledge. But it seemed to have surprised those who lack this knowledge. And to be honest, the extent to which we are all snooped on did surprise me somewhat.

OK, there we are now, we're watched for, we're terrorists until proven otherwise. What can we do about that?


Image of a Cataract by Rakesh Ahuja, MD, CC BY SA


Snooping

I'll first cover the necessities to be successful with snooping, then I'll go into what we could do to mitigate the snooping power of big multi-billion-dollar agencies like the NSA or the GCHQ.
Anyone and any agency who/which snoops relies on basic properties of the data and assumptions about the data. These basic properties and assumptions are:
  • Technical assumptions
    • the data can be retrieved
    • the data can be read and its information can be extracted
    • the signal in the data can be separated from noise
    • all this can be done with the available capacities 
  • Legal properties
    • either there exists the legal permission to do the snooping
    • or there is no entity which has the power to check and enforce the compliance 


Data retrieval

Data retrieval seems to be well under control by NSA and GCHQ and their befriended intelligence agencies. Data is gathered directly from the providers and from submarine cables as well as from satellites. This should cover most of the data especially if the most important hubs are controlled. 

Reading and extracting the information

The requirements to be able do this are, that data (or at least parts of it, such as metadata) are not encrypted or can be decrypted. Nowadays most of the data is not encrypted and the the few data which is encrypted might potentially be decrypted by NSA etc. (nobody knows if there exist non-published attack vectors against the usual encryption techniques and tools). We can assume here, that except in very special circumstances where persons want to explicitly keep information secret the intelligence agencies can read the data and gather the information.


Separation of signal from noise


What is the signal?

Of all the data which is collected it is the signal which is of major interest. And typically each piece of signal is hidden within vast amounts of noise. The first question to ask is "what is the signal?". Whilst in official statements it is always insisted on the signal being terrorists, there is very much reason to doubt this. Why that? Because the first thing in data analysis is to search for signal in data sets where it is likely to find signal in. But most of the data sets in which intelligence acencies are snooping is citizens' and companies interactions, countries which are "friends" and "allies" (I put these words in parenthesis, because friends and allies would normally not be spied on), politicians of trade "partners", the UN, the EU. These are all places where it is highly unlikely to find terrorists. That leads to the question of why are the mentioned data sources used? Well, governments and institutions like the UN and the EU are targeted most likely to commit industrial espionage, and to have a leading edge in negotiations of treaties like the currently negotiated ones (TPP etc.). The citizens are snooped on to discover people with dissenting opinions. If within all the data and analysis some terrorists are found then be it, but I'd reckon, that this happens mostly by accident and is not at all the top priority.

What is the difference between signal and noise?

Once it has been established what the signal is, the data analyst can go on searching for the differences between signal and noise. Let's for a moment assume, that signal is "dissenting voices". If all those people would use a site like dissentingvoices.com (I made this up) for chatting, emailing, videoconferencing etc., then it would be easy as long the site is publicly accessible. Just take all these people and snoop on them. Then crack down on these people and you've eliminated the opposition. But real life is not that easy. Services like facebook and google are used by all types of people. Within them some which might have opposing views. All together the separation of signal and noise will probably be based on what sites you've visited, what comments you've written, what sites you're looking at, what sites you are posting and what your friends are doing. If some of your friends are visiting football sites frequently, you might be into football as well. If friends send around a party invitation, you might go to this party as well. If some of your friends oppose fracking and pipelines, you might oppose fracking and pipelines as well. If you are, then you are signal. If you actually are not opposed fracking and pipelines, you are noise from the point of view of data analysis. You might be flagged as signal, but actually you are not. You are a false positive. Obviously there are true positives (opposition in our example), then there are true negatives (people you've identified as not dissenting and who are wholeheartly in favor of fracking and pipelines) but there are as well false positives (people who your data analysis would put into the "opposition" bin, but which are not there) and false negatives (people who oppose these things, but which your algorithm didn't catch). And often there's not just true and false, but there will be a lot of gray area. You might be against fracking, but only if it is near your house.

Signal efficiency and purity

If you'd like to catch all the signal you just say, that every communication is "signal" and you, for sure, get all the signal. But you're swamped with data which you --- even with big data centers --- cannot dig through and you certainly cannot follow up on all the data because there you are limited by manpower. I presume, that take all the data they can work on with their available capacity and try to get this data as pure as possible. Still, the NSA (and their befriended snooping services) will get false positives (communications flagged as suspicious, but which in reality isn't) and false negatives (communications which are flagged as OK, but which should be signal).


What can be done to counter snooping

Encryption

Encrypting all the signal (chat, email, web-surfing, voice, etc.) by anyone would an obvious response that worked. Encryption can be done on the service provider level and/or on a personal level.

    Encryption on the provider level

Encryption on the provider level can be organized to be reasonably convenient for the user, just as more secure authentication methods like two way authentic authentication are not at all difficult to use and are barely noticed once set up. Encryption on a provider level is for sure a good thing, but whilst it helps against petty criminals it has been shown that it doesn't help against government backed snooping. It has made their quest for snooping more difficult, but it certainly hasn't stopped it. The service providers are either bought, coerced or forced into cooperating with the intelligence agencies. With the encryption happening on the providers' side all the data will find its way to the snooping agencies.

    Encryption on the personal level

Encryption on a personal level is less convenient. A major hurdle for encryption is the adaption rate. As long as only the a couple of geeks use encryption it is practically useless except to keep very specific data secret. To any person without public key one cannot send encrypted emails. That's it with encryption to spoil surveillance. But *if* we all did use encryption and *if* the NSA could decrypt at least some encryption techniques (which is probable), their computers still would have to work more on each message. Working more means more computing time spent and the results would be obtained more slowly. This is like hitting the breaks of the NSA. Yes, they wouldn't be stopped completely, but they could not analyse so much data. 


Be noisy

The snooping analysis can be screwed up by adding noise to the data. This makes distinguishing signal from background harder. More data has to be sifted through and less of the valuable data is found.

Adding noise means transforming ordinary messages from ones which are analyzed thoroughly by the NSA into messages which have to be analyzed, thus "stealing" the NSAs computing time. An easy way is to just add a couple of keywords to each email, maybe just put it into the signature. Something like

"Dear NSA, This email is important! That's why I want you to read this carefully:
Exposure to so much knowledge over social media is infectious–one of life's great joys. I am so enriched."
This page helps you to pick nice phrases: http://nsa.motherboard.tv/

Adding noise means adding random connections and communications. Imagine for every email you'd send another email with a suspicious message (containing probable NSA keywords) to a random email-address around the globe. The NSA would have to dig through double the amount of emails and they would have to filter out all these messages. They couldn't just throw them out, because there would be all the keywords in there which they are searching for. They would have to add and analyze tons of new connections between people which do not have any real connection.

It would even better to add non-random noise. If all the messages would have senders and receivers which would follow a bigger pattern (i.e. look like a network of people exchanging suspicious messages) it would be even more difficult for the NSA to filter that out and not take it for the real thing.

Of course nobody will do the hassle and send random emails to random people. But imagine if there were a computer virus which did that. Instead of sending spam advertising for crappy products the virus would send suspicious emails from imaginary people to imaginary people.

No email left behind

My emails are important. Period. My fear is, that the importance of my emails (e.g. "Hey Tom, how about cinema tonight?") is underrated by the NSA and thus this email is thrown out instantly and never gets to see a decent data analyst. I think this is deeply unfair. Maybe the importance could be enhanced (further to adding keywords) by sending the email directly (BCC or CC) to the indendet recipients at the NSA or the politicians which are in favor of snooping. I mean, if they wouldn't want to read my emails, they would oppose total surveillance. Hence, they want to read the emails and that's they should read my emails. The nice side effect of this is, that if I were a bad person (translation: identified target of the NSA because of some reason) I'd add a connection to the politician or NSA worker. If the NSA goes two to three layers of separation deep, they would find this person now already in the first layer. Great! 
Politicians probably get a lot of email and therefore the politicians are probably soon taken out of the equation. The same is true for the NSA boss. But NSA employees (and GCHQ employees or those of any other of the implicated snooping agencies) would add a nice angle into the agency itself. And it would be very justified, because my emails should be seen by a human data analyst. It's disrespectful if my emails are seen by software alone. 

"Encrypt" the data for computers, not for people


The NSA can filter emails and messages if they are easily readable by a computer. If there were a plugin for the email program which would transform the text you just wrote into a jpeg-image with a nice flower background, your recipient still could read the email. But the NSA could not. A single analyst could, and they could employ OCR programs to read the text, but they can't do that for all the emails because it would cost them too much computing time. The drawback would be, that you couldn't search in your emails for text and your email program couldn't do intelligent filtering by the message. That makes emails less convenient. But on the other hand, your less snooped on.


Use surveillance against politicians


What if all the surveillance capacity would be used to track politicians and discover corrupt behavior. If we'd track where the 1000 most important politicians of a country, whom they are talking to, what they are talking, what emails they are writing, what websites they are watching, whom they are talking by telephone, etc. Well then, we could ensure that none of their behavior is related to corruption. It is certainly easier and cheaper to watch the steps of politicians than to watch the steps of all the people of the world. And I presume, that it would be much more efficient in order to maintain freedom of the people and democracy. We could even include the 1000 most wealthy persons of a country into the mandatory surveillance list.

If such laws would be enacted, imagine how fast politicians would work on crippling the snooping capability of the NSA and other intelligence agencies. I predict that within four weeks, there would be laws and an efficient oversight entity which would limit the NSAs reach and data retention.



You are very welcome to leave your comments! Let me know what you think.


Creative Commons License
Countering the surveillance by Peter Speckmayer is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.


Montag, 18. Februar 2013

Poached

Poaching is a major threat to wild animals. Drones would be a means to hunt down poachers and prevent them from killing animals from endangered species to harvest their horn, skin or other body parts. 
CC BY-ND 2.0, by Laurens from Crazy Creatures, flickr


He supported his rifle on a branch of the tree which had provided him with shadow for the last hours. His off-roader was parked just a few steps away beside him. He looked through the telescope and found the Rhino. He adjusted the rifle on his shoulder and put the animal into the cross-hair. He aimed for the shoulder blades and then a bit left towards the neck. 

One clean shot and he'll gonna make a little fortune. A good income. It was a great month so far. He had already gotten another Rhino ten days earlier. He'd cut the horn and he'd left all the rest to rot in the hot sun. It was useless to him. He wouldn't get any money from that. He sold the horn for a good price to a retailer who searched for international customers, mostly chinese TCM "doctors" or some rich guy who believed in TCM. Maybe he'd cut some skin off the animal which would be sold in small pieces as souvenirs to whomever had enough money left and got thrilled when seeing a piece of dead, nearly extinct animal. He'd heard, that the horn ---if crushed--- could make a better price than even gold. 

It would really be a great month. He felt the burst of excitation that always rose up shortly before the shot. Then there was a whirring sound. Panic! It seemed that it wouldn't be such a good month after all. There was only one chance left, a good shot, a master's shot. He turned around to where from he had perceived the whir. There he saw it, the drone was approaching. He lifted his rifle, shot - and missed. Then there was a little burst of fire below the drone. The small rocket left a trace of smoke. This was the last thing he perceived. He was dead before he could consciously feel the explosion. The car and the tree lit up as well. The explosion scared all the animals in the area and caused them to run fast. The rhino ran as well. 


Poaching the poachers

Violence is usually not an educated answer, but sadly sometimes it is the only answer which leads to viable results. Year after year species are brought close to extinction, some are extinct entirely. Reduction of zones on which animals like lions, tigers, elephants, rhinos many other species can roam, hunt, eat, mate without the interference of humans is an important contribution to the reductions in population sizes of these animals. The most senseless thing which is done and which brings the remaining small populations over the edge into extinction is poaching.

The best solution would be to go for those people who are the final buyers of the animal products coming from poaching and the retailers and thus eradicate the market. But those people are either rich, or in countries where the protection of animals is not on the top of the priorities. And there are many potential buyers. Hence, even if we could get a bunch of them, there would be still so many left who'd buy the horn, testicles, etc. The other place where poaching could be intercepted is at the place of origin of the animals. The problem there is the immense area which has to be monitored. The notorious lack of money and means for the protection of animals is countered by the large amount of money which can be gained by poaching these animals.

 A larger area has to be monitored, and it has to be done cheaper. That's where drones come into play. Compared to people, drones can be deployed much easier, they can watch large areas, they don't need pilots seated on the plane. Drones can be equipped with powerful weapons which are largely sufficient to counter the poacher's arms and they can stay a long time in the air. Given that about one third of all US military planes are already unmanned aerial vehicles (drones), using some of them for going after poachers would not decrease the usual military use significantly. The US could therefore help out the affected countries of there would be the political will. I urge to create the political will to take action!

You are very welcome to leave your comments! Let me know what you think.


Creative Commons License
Poaching by Peter Speckmayer is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

Donnerstag, 17. Januar 2013

Weakness

Weak !
(CC BY-SA 3.0 by PatriciaR , referenced here)


Nobody wants to be the weakling. Even less so the people in powerful positions. They feel comfortable with their perception that they can move initiatives, laws, policies and - of course - block them.


Powerful Positions of Big Companies

Positions hold by big multinational corporations are powerful positions, because those companies, and in some cases rich individuals, have the money to back these positions up with PR, limitless litigation, buying politicians, buying laws and whatever further unlawful extensions of their company toolbox.
These positions are most often oriented solely on the short term profits of the company and of their leaders. Hence if those positions align with human rights, sustainability, protection of biodiversity, climate change, etc. it is only because of lucky coincidence.


Interaction with Politicians

More often these big players want to preserve their unsustainable business model and trample over people and nature to maintain their way. Politicians who help to implement and preserve these positions and put them into law get rewarded with money from the companies, either to be used for their personal well being or to cement their power position in the political landscape.


Weak

These politicians will now mirror the wish list of the company which pays for them in the political arena. Being backed up by large amounts of money and a machinery which can crush everyone who dares to step in their way those politicians feel powerful. What they don't realize is, that they are actually quite weak. They are just a tiny  gear. They are used. They only walk the way of the least resistance. 


Tell them!


Maybe we should tell them more clearly. They are weaklings. The people admired in history are not those who went the easy way, but those who went the hard way. The people admired in history are not those who were focused on increasing their personal profit and personal wealth, but those who risked their personal interests to achieve freedom for the people who achieved the well being of the people and  who achieved a better protection of the nature. These people (sometimes politicians) were strong. 

The others are weaklings. They flow with the stream, Let's tell them that!


You are very welcome to leave your comments! Let me know what you think.

Creative Commons License
Weakness by Peter Speckmayer is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.