ATS: AT&T Narus Collaboration Sent Your Private Internet Communications to The NSA

Stock up on manila envelopes and postage. Starting to look like the good ole' postal service is your most secure link.

Why doesn't the general public get up in arms about this? Look how the pc industry markets its products. As entertainment and media devices. In the huge majority of homes, the pc has roughly the same status as the television. It's my experience that most email and Internet users have no clue about the technology, and describing it simply causes a blank stare.

Maybe there can be a useful application for spam? Given that a tremendous amount of spam is opened simply out of curiousity...How about some type of spam that carries a truly useful message...Could it be an effective means to alter opinions and awareness?

Keep in mind, I have a tendency to brainstorm out loud....

PGP or, GnuPGP.......

NC

[edit on 11-4-2006 by NotClever]

Originally posted by Astronomer68
the last time this topic came up I advised you and everyone else to start using encryption for all their e-mails. NSA can still read encrypted traffic, but not at the node point installations.

What type of encryption are you talking about? Do you mean specific software to encrypt text at user end or do you mean encryption over the network level like IPsec, SSL etc ? What about if I am already in a VPN?
Also if the NSA is pulling stuff off the network they would still have to contend with a large amount of encrypted traffic already and still manage to sift through this with ease, how would increasing the traffic retard their surveillance ?

Also what I want to know is how the NSA is able to divert traffic to its systems without affecting packet integrity and how do they manage socket interruption on an SSH stream ??

Here's a quick suggestion.

addons.mozilla.org...

NC

Originally posted by IAF101

Originally posted by Astronomer68
the last time this topic came up I advised you and everyone else to start using encryption for all their e-mails. NSA can still read encrypted traffic, but not at the node point installations.

What type of encryption are you talking about? Do you mean specific software to encrypt text at user end or do you mean encryption over the network level like IPsec, SSL etc ? What about if I am already in a VPN?
Also if the NSA is pulling stuff off the network they would still have to contend with a large amount of encrypted traffic already and still manage to sift through this with ease, how would increasing the traffic retard their surveillance ?

Also what I want to know is how the NSA is able to divert traffic to its systems without affecting packet integrity and how do they manage socket interruption on an SSH stream ??

Okay guys. Translation please.

Like many, I am into the Zen but not the maintenance. And I can't go there.

Can you talk about this in ways and with language that us neophytes can understand? How about a how-to encryptation pamphlet?

Please?

Originally posted by NotClever
Stock up on manila envelopes and postage. Starting to look like the good ole' postal service is your most secure link.

Why doesn't the general public get up in arms about this? Look how the pc industry markets its products. As entertainment and media devices. In the huge majority of homes, the pc has roughly the same status as the television. It's my experience that most email and Internet users have no clue about the technology, and describing it simply causes a blank stare.

Maybe there can be a useful application for spam? Given that a tremendous amount of spam is opened simply out of curiousity...How about some type of spam that carries a truly useful message...Could it be an effective means to alter opinions and awareness?

Keep in mind, I have a tendency to brainstorm out loud....

PGP or, GnuPGP.......

NC

[edit on 11-4-2006 by NotClever]

Well, of chorse not. If people want to stay in business; your best chance is to make sure the general public either 1, knows all about the "product/service" it uses. Or 2, has no clue at all. Even people who understand electronics don't understand computers.

Originally posted by soficrow
Okay guys. Translation please.

What I am talking about is two different places where encryption is used, one at the user end and the other in the network side. The topic is a bit detailed but here is a 101 of what I'm talking about.

User end would be a software that can encrypt your data first on your PC by using any one of the dozen popular algorithms or you could create your own algorithm/ modify an existing one to improve your user end encryption. Send this over a network and have the recipient decrypt it either by single key or through standard decryption algorithms.

Network encryption is already in place in all networks today, every time you type a password and username in Gmail, Yahoo etc, use your credit card, etc you see a small lock appear at the bottom of your page. That means it is using a high level of network encryption. Network encryption is done over the network on the data packets travelling over the network. This is basically done by encrypting the data at the server side of the network so that only the user and the recipient get the un-ciphered data while all intermediaries receive only packets of encrypted data. Level of encryption is again of various levels and depends on the type of traffic. You have credit card, password details moving over an SSH network encryption while generally web pages are surfed with 'IPsec' protocols.

So your data is already encrypted over the network but still can be siphoned off to the NSA for a semantic search. How to achieved credible encryption is a whole different ball game which has to weigh efficiency vs privacy. Just like how you use a proxy now. The greater your anonymity the lesser your bandwidth, unless of course you have something similar to JAP running on your ISP. Here is a small yet informative article on Network security and its drawbacks:
www.sans.org...

There are many programs that offer personal/OTF encryption, here is an excellent link to some free encryption software but be forewarned they are all not easy to use and to use encryption effectively the person you are sending the data to should be able to decrypt this data.
www.thefreecountry.com...

Remember you are paying the very best to spy on you, they will always find a way no matter how hard you try. They only way to make them stop is if the govt asks them to stop. No class action suit will cripple the NSA.

why is it that every time i look in the news, titor seems less and less crazy.

its hard to watch all this happen, but like i said, it your own faults. dont think so? how many of you are proactively out there, protesting and going out doing everything possible? how many are out there buying these corporate america products, rather then educating people about them? because when it comes down to it thats the truth, its your own faults for letting this happen. i get to sit here and grow up in this world that you gave us. this world you dumped on us, full of destruction and fear. you let this happen, and if my generation dare make it to see past this we will hold the highest contempt for you because of what you did, or more like didnt do.

why is it that every time i look in the news, titor seems less and less crazy.

its hard to watch all this happen, but like i said, it your own faults. dont think so? how many of you are proactively out there, protesting and going out doing everything possible? how many are out there buying these corporate america products, rather then educating people about them? because when it comes down to it thats the truth, its your own faults for letting this happen. i get to sit here and grow up in this world that you gave us. this world you dumped on us, full of destruction and fear. you let this happen, and if my generation dare make it to see past this we will hold the highest contempt for you because of what you did, or more like didnt do.

Originally posted by IAF101
Network encryption is already in place in all networks today, every time you type a password and username in Gmail, Yahoo etc, use your credit card, etc you see a small lock appear at the bottom of your page. That means it is using a high level of network encryption. Network encryption is done over the network on the data packets travelling over the network. This is basically done by encrypting the data at the server side of the network so that only the user and the recipient get the un-ciphered data while all intermediaries receive only packets of encrypted data. Level of encryption is again of various levels and depends on the type of traffic. You have credit card, password details moving over an SSH network encryption while generally web pages are surfed with 'IPsec' protocols.

Hey there IAF101. I am not an expert, but isn't SSH or socket based web encryption really only as secure as the vendor whose key is being used? I'd like to hear apc's comments on this, but when a website gets a SSH account, I am pretty sure that can be spoofed by someone and that intercepted packets could be decrypted. Basically if the key is not private and owned by you, I don't think the protection is valid, especially against a determined interloper.

sofi, the way I understand it is that when two floating point primes (that's a prime # with 16 digits) are multiplied by one another, the numerical product of that calculation is a large number. It's thought to be very hard to determine the two primes which created that product digit, and so when that product digit is used for encryption, it is thought to be safe. The two original primes used, are known as your public key and your private key. Your private key must be kept secure on your computer whereas your public key is made public. This is what PGP and other private-key programs do. This is why Phil Zimmerman and his team who made PGP, are hated by the defense department. Zimm is seen as one of the worst criminals ever, by those who hate privacy.

The problem with private-key is that users need a third party program to do it and that's a hassle, as is most privacy thinking. There's cognitive dissonance which happens. So they need to have the process automated for them. So then companies make plugins for mail programs like Outlook and other email programs but then these plugins are buggy and easily defeated without the user knowing. Also, any PC based email software is inherently flawed and insecure. I use only web-based email, but so far, there hasn't been anybody who has merged web-based email with private key encryption that I know of.

Originally posted by IAF101
Remember you are paying the very best to spy on you, they will always find a way no matter how hard you try. They only way to make them stop is if the govt asks them to stop. No class action suit will cripple the NSA.

I couldn't agree more. Well said. Further, the NSA is going to percieve any attacks (verbal or otherwise) on them as purely un-American, and "actionable".




[edit on 11-4-2006 by smallpeeps]

AT&T asks judge to order documents alleging wiretaps returned

www.mercurynews.com...

By Elise Ackerman
Mercury News

Attorneys for AT&T have asked a federal judge to order a San Francisco civil liberties group to return "highly confidential'' documents that allegedly show that the telecommunications giant provided detailed records of millions of its customers to a government intelligence agency.

In documents filed on Monday, AT&T's attorneys also asked Judge Vaughn Walker to order the Electronic Frontier Foundation to refrain from referencing the documents in its lawsuit.

The EFF filed a lawsuit against AT&T in January alleging that AT&T had collaborated with the National Security Agency in a "massive and illegal program to wiretap and data-mine Americans' communications.''

This is going to get interesting.

IAF101 either type of encryption will work, but for ease of use, I think std encryption at the user end is probably preferable. Your are right when you say they can still read it, but as I pointed out earlier, not at the node point installations they currently use to sort through the traffic. What that means is that they have to transmit it back to a different facility and then run it through a decryption sequence and then scan the traffic--of course they can still see the header, etc. The bottom line is that they need about a thousand times as much effort (or more) to read the traffic. Now if you increase the number of encrypted messages past a very small percentage over what it is now you can see they will quickly run out of resources to do what they are currently doing.

Personally, I don't intend to encrypt unless something far more threatning starts to happen. I kind of like the idea of them scanning traffic to identify the bad guys & girls in our midst. The likelihood of NSA actually reading anything I have to send is extremely remote and they would not get anything they want anyway since I'm a pretty patriotic, law-abiding guy.

While I applaud the technical abilities of the last couple of posters....A question comes to mind.

Is this hot-button topic over? Is this it? Now that the opinions are aired and the social conscience is assuaged, it's back to the job and family, watching for the next outrage to stir up the Internet savvy community?

I read a lot of well written posts expressing indignation, disgust, and outrage, but I apparently missed the socially conscience part of the text. The part that offers a strategy to spread the scandal beyond this community. The part that attempts to alter what many see as inevitable and unchangeable.

ATS is a global community. AT&T is a global mega-corporation. And, the United States Constitution is a global document. It doesn't apply to American citizens only...it is considered to be applicable to all of the people on this planet. If you're in the UK, Australia, New Zealand, South Africa, China, Iran, Aruba, and you correspond with friends, family, and acquaintances anywhere, you must be concerned. This isn't strictly an American issue.

Internet traffic isn't particularly bound by geography...Internet traffic worldwide may be routed through AT&T routers anywhere on the North American Continent.

It doesn't seem right to me to raise socially, culturally, and politically important issues and do nothing more than post indignant rhetoric.

There are no party lines on this issue. It can be discussed completely without regard to ideologies.

My previous post threw out the idea of useful spam...I'm an idea person, so sue me....It may be completely ludicrous, unpopular, and ultimately useless...at least it's an idea. Yeah, I agree, "they" will continue to work behind the scenes and sneak around, but I believe it has to be more difficult with more people paying attention.

I work in the fifth largest school district in Missouri, I'm starting right there.

NC

Originally posted by NotClever
While I applaud the technical abilities of the last couple of posters....A question comes to mind.

Is this hot-button topic over? Is this it? Now that the opinions are aired and the social conscience is assuaged, it's back to the job and family, watching for the next outrage to stir up the Internet savvy community?

NC, I sympathize with your well written post here.

But then, ATS has a fragile foundation called the free and open Internet. This free and open Internet is in the crosshairs obviously, and so is ATS and other places of free discussion.

The MilitaryIndComplex paid smart people to think up packet-switched networks so they think they own the Internet. All us people who are using it, are squatters to them.

So if this issue gets pressed, there will be blowback. It's the tip of the iceberg, as has been mentioned. Internet of today is a huge problem for tax collectors, warmongers and everyone else who want to keep information sealed away.

I agree with you smallpeeps, I think the internet is the best think to come along since the printing press. TV just about ruined America and the rest of the world, but the internet can bring everything back to normal. For you NWO haters out there the internet is about the worst thing that could happen as it will inevitably foster the NWO.

[edit on 11-4-2006 by Astronomer68]

Originally posted by NotClever
While I applaud the technical abilities of the last couple of posters....A question comes to mind.

Is this hot-button topic over? Is this it? Now that the opinions are aired and the social conscience is assuaged, it's back to the job and family, watching for the next outrage to stir up the Internet savvy community?

I read a lot of well written posts expressing indignation, disgust, and outrage, but I apparently missed the socially conscience part of the text. The part that offers a strategy to spread the scandal beyond this community. The part that attempts to alter what many see as inevitable and unchangeable.

ATS is a global community. AT&T is a global mega-corporation. And, the United States Constitution is a global document. It doesn't apply to American citizens only...it is considered to be applicable to all of the people on this planet. If you're in the UK, Australia, New Zealand, South Africa, China, Iran, Aruba, and you correspond with friends, family, and acquaintances anywhere, you must be concerned. This isn't strictly an American issue.

Internet traffic isn't particularly bound by geography...Internet traffic worldwide may be routed through AT&T routers anywhere on the North American Continent.

It doesn't seem right to me to raise socially, culturally, and politically important issues and do nothing more than post indignant rhetoric.

There are no party lines on this issue. It can be discussed completely without regard to ideologies.

My previous post threw out the idea of useful spam...I'm an idea person, so sue me....It may be completely ludicrous, unpopular, and ultimately useless...at least it's an idea. Yeah, I agree, "they" will continue to work behind the scenes and sneak around, but I believe it has to be more difficult with more people paying attention.

I work in the fifth largest school district in Missouri, I'm starting right there.

NC

While I find the concept of "spam" repugnent in all of its incarnations (canned meat..Eeewww!), I rather like the idea of "useful spam".

Perhaps concerned bloggers could be enticed to spread the word as a form of "Viral Advertising"?

One possibly very effective strategy would be to hit AT&T where it would hurt them the most; the corporate bottom line.

If your State, Province, or Country has a governing body regulating public utilities, as my state of California does, and if that body has regulations regarding customer privacy assurances, as California does; then by all means, file a complaint with the regulating board regarding the assumed violation of your privacy by AT&T's practices.

If the regulatory agencies are hectored by enough consumer complaints they will be forced, politically, to hold hearings....Public Hearings.

In this way, we the weak can force AT&T and the other co-conspiritor telecoms to squirm in the light of day, justify their actions and pay for their misdeeds. If they are forced to pay enough, The Telecoms themselves! , through their lobbyists, will push through changes.

Originally posted by SkepticOverlord

AT&T asks judge to order documents alleging wiretaps returned

www.mercurynews.com...

AH! Looks like that mass wiretap stunt has bit AT&T in the butt, now they want their proprietary manuals back. How ironic!

Don't get me wrong, I'm not condoning leakage of confidential documents, because I wouldn't want that to happen to me, but it's fun to see AT&T having a taste of their own medecine. I hope the judge will make that info public.

www.rinf.com...

Been doing a little digging. Apparently zfone is expected to be released for windows this month, but I don't know much about it. It's Zimmerman's private key VoIP app. This could be very effective. I recommend analysis of the above article and reviews by ATS users.

Originally posted by Benevolent Heretic

As Sandra Day O'Connor said, "we must be ever-vigilant against those who would strong-arm the judiciary into adopting their preferred policies. It takes a lot of degeneration before a country falls into dictatorship, but we should avoid these ends by avoiding these beginnings."

I have mixed feelings about Justice O'Connor. Her comments are similar to Eisenhower's. Each has contributed to the very problem they identify as worth opposing. Personal knowledge, I guess, provides a good perspective - as does guilt.

BY BH Well, we did nothing in the face of those beginnings and now we're going to have to deal with the ends. A dictatorship. A ruling government that has it's eyes, ears and fingers in our everyday private life. And we can rest assured in the knowledge that we willingly turned our privacy over to them and we therefore do not deserve it.

I appreciate this thread. (The side-track regarding encoding is informative but a distraction.) As notclever suggests, the issue is how to respond. If we all begin encoding our messages won't that limit the ability of those not yet informed to gain the knowledge we wish them to have? In fact, I believe that there are many, many individuals within the NSA and other govt. agencies who are disgusted with the 'police state' mentality of their superiors and are near the breaking point. Witness those who came forward to expose AT&T's unlawful complicity. I wish I had a piece of that case!

First was the Drug War, which increased the public's tolerance for a restriction of individual rights and also increased the police (and FBI, NSA, etc., etc) willingness to break and enter and shoot to kill, etc. Prison space has exploded along with the numbers of incarcerated. Women now routinely give birth while serving prison sentences. More men are spending their entire lives in prison for petty crimes under three strikes laws. Slave labor through incarceration is back, and how!

Now is the War on Terror, the second phase of the plan and I need not digress into what has happened since they brought down the towers. Needless to say, we are challenged by their plan. However the reason the masses have yet to take to the streets in numbers is that the still booming real estate market has allowed most of the middle class to remain fairly contented. Let's face facts; if you're lifestyle is largely unaffected by an imprisonment, execution, war, etc., you are unlikely to have cause to object.

I am actually kind of amazed that Bush's approval ratings (and Congress's) is as low as it is. Nothing much has changed since we invaded. Oh sure, a few thousand US troops have died but really, in the vast scheme of warfare, that loss is fairly insignificant (with apologies to relatives and friends of the deceased) in the scheme of things.

The reason for the lower poll numbers is that the mask is finally slipping. The public is beginning to see these characters for the liars they are. And I disagree with the suggestion that we should keep politics out of the discussion. I believe Clinton had a healthy respect for the rule of law. I'm not saying that he wouldn't have spied. But he would have used FISA. He would have obtained warrants. This present gang is completely lawless. And IMO that will be there downfall. They cannot continue to play these games because the public sees the mask slipping.

The public will not allow this nation to slip into dictatorship unless there is another event like 911, but on a nuclear scale. Unfortunately, I don't put it past them. When the stuff really starts hitting the fan, look for another "al qaeda" attack on a major US city. This time the losses will be in the tens or hundreds of thousands.

But ultimately, we shall overcome.

The internet will help us do that. I say let them look. They should know what they're up against. They are human. Let them share the fear of their own creation.




[edit on 12-4-2006 by seattlelaw]

[edit on 12-4-2006 by seattlelaw]

NARUS SAYS IT WAS UNAWARE ITS TRACKING SOFTWARE AIDED THE NSA

TANGLED UP IN SPYING CONTROVERSY

By Elise Ackerman
Mercury News

The engineers at Narus weren't intending to create Big Brother's dream machine when they began writing software a decade ago to help phone companies send out more detailed bills.

But as the Mountain View company's code became more and more sophisticated, customers began to discover new uses for software that was originally designed to monitor and analyze network traffic.

Now Narus finds itself at the center of a legal fight over domestic spying.

Five months ago, President Bush confirmed he had signed a secret order in 2002 authorizing the National Security Agency to eavesdrop on Americans' international phone calls and e-mails.

Hrm...

Given this news release:
NARUS APPOINTS FORMER DEPUTY DIRECTOR OF THE NATIONAL SECURITY AGENCY TO ITS BOARD OF DIRECTORS

September 29, 2004, Mountain View, CA — Narus, Inc., the leading carrier-class IP platform software provider, announced it has appointed William P. Crowell to its board of directors. Crowell brings extensive knowledge of information technology and security systems.

How many really believe Narus had no designs on helping the NSA build its "dream machine"?

David Ensor, CNN National Security Correspondent, developed a segment for CNN on this story.

Flash Video Link

Thanks to the EFF public relations machine, national media is starting to pick up the story.