Tag Archives: Chaos Computer Club

August 5, 2025 · 23:31

By German standards

That is at time the saying, it isn’t always ‘meant’ in a positive sight and it is for you to decide what it is now. The Deutsche Welle gave me yesterday an article that made me pause. It was in part what I have been saying all along. This doesn’t mean it is therefor true, but I feel that the tone of the article matches my settings. The article (at https://www.dw.com/en/german-police-expands-use-of-palantir-surveillance-software/a-73497117) giving us ‘German police expands use of Palantir surveillance software’ doesn’t seem too interesting for anyone but the local population in Germany. But that would be erroneous. You see, if this works in Germany other nations will be eager to step in. I reckon that The Dutch police might be hopping to get involved from the earliest notion. The British and a few others will see the benefit. Yet, what am I referring to?

It sounds that there is more and there is. The article’s byline gives us the goods. The quote is “Police and spy agencies are keen to combat criminality and terrorism with artificial intelligence. But critics say the CIA-funded Palantir surveillance software enables “predictive policing.”” It is the second part that gives the goods. “predictive policing” is the term used here and it supports my thoughts from the very beginning (at least 2 years ago). You see, AI doesn’t exist. What there is (DML and LLM) are tools, really good tools, but it isn’t AI. And it is the setting of ‘predictive’ that takes the cake. You see, at present AI cannot make real jumps, cannot think things through. It is ‘hindered’ by the data it has and that is why at present its track record is not that great. And there are elements all out there, there is the famous Australian case where “Australian lawyer caught using ChatGPT filed court documents referencing ‘non-existent’ cases” there is the simple setting where an actor was claimed to have been in a movie before he was born and the lists goes on. You see, AI is novel, new and players can use AI towards the blame game. With DML the blame goes to the programmer. And as I personally see “predictive policing” is the simple setting that any reference is made when it has already happened. In layman’s terms. Get a bank robber trained in grand theft auto, the AI will not see him as he has never done this. The AI goes looking in the wrong corner of the database and it will not find anything. It is likely he can only get away with this once and the AI in the meantime will accuse any GTA persona that fits the description. 

So why this?
The simple truth is that the Palantir solution will safe resources and that is in play. Police forces all over Europe are stretched thin and they (almost desperately) need this solution. It comes with a hidden setting that all data requires verification. DW also gives us “The hacker association Chaos Computer Club supports the constitutional complaint against Bavaria. Its spokesperson, Constanze Kurz, spoke of a “Palantir dragnet investigation” in which police were linking separately stored data for very different purposes than those originally intended.” I cannot disagree (mainly because I don’t know enough) but it seems correct. This doesn’t mean that it is wrong, but there are issues with verification and with the stage of how the data was acquired. Acquired data doesn’t mean wrong data, but it does leave the user with optional wrong connections to what the data is seeing and what the sight is based on. This requires a little explanation.

Lets take two examples
In example one we have a peoples database and phone records. They can be matched so that we have links.

Here we have a customer database. It is a cumulative phonebook. All the numbers from when Herr Gothenburg got his fixed line connection with the first phone provider until today, as such we have multiple entries for every person, in addition to this is the second setting that their mobiles are also registered. As such the first person moved at some point and he either has two mobiles, or he changed mobile provider. The second person has two entries (seemingly all the same) and person moved to another address and as such he got a new fixed line and he has one mobile. It seems straight forward, but there is a snag (there always is). The snag is that entry errors are made and there is no real verification, this is implied with customer 2, the other option is that this was a woman and she got married, as such she had a name change and that is not shown here. The additional issue is that Müller (miller), is shared by around 700,000 people in Germany. So there is a likelihood that wrongly matched names are found in that database. The larger issue is that these lists are mainly ‘human’ checked and as such they will have errors. Something as simple as a phonebook will have its issues. 

Then we get the second database which is a list of fixed line connections, the place where they are connected and which provider. So we get additional errors introduced for example, customer 2 is seemingly assumed to be a woman who got married and had her name changed. When was that, in addition there is a location change, something that the first database does not support as well as she changed her fixed line to another provider. So we have 5 issues in this small list and this is merely from 8 connected records. Now, DML can be programmed to see through most of this and that is fine. DML is awesome. But consider what some called AI and it is done on unverified (read: error prone) records. It becomes a mess really fast and it will lead to wrong connections and optionally innocent people will suddenly get a request to ‘correct’ what was never correctly interpreted. 

As such we get a darker taint of “predictive policing” and the term that will come to all is “Guilty until proven innocent” a term we never accepted and one that comes with hidden flaws all over the field. Constanze Kurz makes a few additional setting, settings which I can understand, but also hindered with my lack of localised knowledge. In addition we are given “One of these was the attack on the Israeli consulate in Munich in September 2024. The deputy chairman of the Police Union, Alexander Poitz, explained that automated data analysis made it possible to identify certain perpetrators’ movements and provide officers with accurate conclusions about their planned actions.” It is possible and likely that this happens and there are intentional settings that will aide, optionally a lot quicker than not using Palantir. And Palantir can crunch data 24:7 that is the hidden gem in this. I personally fear that unless an accent to verification is made, the danger becomes that this solution becomes a lot less reliable. On the other hand data can be crushed whilst the police force is snoring the darkness away and they get a fresh start with results in their inbox. There is no doubt that this is the gain for the local police force and that is good (to some degree). As long as everyone accepts and realizes that “predictive policing” comes with soft spots and unverifiable problems and I merely am looking at the easiest setting. Add car rental data with errors from handwritings and you have a much larger problem. Add the risk of a stolen or forged drivers license and “predictive policing” becomes the achilles heel that the police wasn’t ready for and with that this solution will give the wrong connections, or worse not give any connection at all. Still, Palantir is likely to be a solution, if it is properly aligned with its strengths and weaknesses. As I personally see it, this is one setting where the SWOT solution applies. Strengths, Weaknesses, Opportunities, and Threats are the settings any Palantir solution needs and as I personally see it, Weakness and Threats require its own scenario in assessing. Politicians are likely to focus on Strength and Opportunity and diminish the danger that these other two elements bring. Even as DW gives us “an appeal for politicians to stop the use of the software in Germany was signed by more than 264,000 people within a week, as of July 30.” Yet if 225,000 of these signatures are ‘career criminals’ Germany is nowhere at present. 

Have a great day. People in Vancouver are starting their Tuesday breakfast and I am now a mere 25 minutes from Wednesday.

Leave a comment

Filed under IT, Law, Media, Politics, Science

Tagged as , , , , , , , , , , , , , , , ,

July 20, 2017 · 16:14

When the trust is gone

In an age where we see an abundance of political issues, an overgrowing need to sort things out, the news that was given visibility by the Guardian is the one that scared and scarred me the most. With ‘Lack of trust in health department could derail blood contamination inquiry‘ (at https://www.theguardian.com/society/2017/jul/19/lack-of-trust-in-health-department-could-derail-blood-contamination-inquiry), we need to hold in the first stage a very different sitting in the House of Lords. You see, the issues (as I am about to explain them), did not start overnight. In this I am implying that a sitting with in the dock Jeremy Hunt, Andrew Lansley, Andy Burham and Alan Johnson is required. This is an issue that has grown from both sides of the Isle and as such there needs to be a grilling where certain people are likely to get burned for sure. How bad? That needs to be ascertained and it needs to be done as per immediate. When you see “The contamination took place in the 1970s and 80s, and the government started paying those affected more than 25 years ago” the UK is about to get a fallout of a very different nature. We agree that this is the term that was with Richard Crossman, Sir Keith Joseph, Barbara Castle, David Ennals, Patrick Jenkin, Norman Fowler, and John Moore. Yet in that instance we need to realise that this was in an age that was pre computers, pre certain data considerations and a whole league of other measures that are common place at this very instance. I remember how I aided departments with an automated document system, relying on 5.25″ floppy’s, with the capability that was less than Wordstar or PC-Write had ever offered. And none of those systems had any reliable data storage options.

The System/36 was flexible and powerful for its time:

  • It allowed 80 monitors (see below for IBM’s description of a monitor) and printers to be connected. All users could access the system’s hard drive or any printer.
  • It provided password security and resource security, allowing control over who was allowed to access any program or file.
  • Devices could be as far as a mile from the system unit.
  • Users could dial into a System/36 from anywhere in the world and get a 9600 baud connection (which was very fast in the 1980s) and very responsive for connections which used only screen text and no graphics.
  • It allowed the creation of databases of very large size. It supported up to about 8 million records, and the largest 5360 with four hard drives in its extended cabinet could hold 1.453 gigabytes.
  • The S/36 was regarded as “bulletproof” for its ability to run many months between reboots (IPLs).

Now, why am I going to this specific system, as the precise issues were not yet known? You see in those days, any serious level of data competency was pretty much limited to IBM, at that time Hewlett Packard was not yet to the level it became 4 years later and the Digital Equipment Corporation (DEC) who revolutionised systems with VAX/VMS and it became the foundation, or better stated true relational database foundations were added through Oracle Rdb (1984), which would actually revolutionise levels of data collection.

Now, we get two separate quotes (not from the article) “Dr Jeremy Bradshaw Smith at Ottery St Mary health centre, which, in 1975, became the first paperless computerised general practice“, as well as “It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use“, the second one comes from the Oracle Rdb SQL Reference manual. The second part seems a bit of a stretch; consider the original setting of this. When we see Oracle’s setting of data integrity, consider the elements given (over time) that are now commonplace.

System and object privileges control access to application tables and system commands, so that only authorized users can change data.

  • Referential integrity is the ability to maintain valid relationships between values in the database, according to rules that have been defined.
  • A database must be protected against viruses designed to corrupt the data.

I left one element out for the mere logical reasons.

now, in those days, the hierarchy of supervisors and system owners was nowhere near what it is now (and often nowhere to be seen), referential integrity was a mere concept and data viruses were mostly academic, that is until we get a small presentation by Ralf Burger in 1986. It was in the days of the Chaos Computer Club and my trusty CBM-64.

These elements are to show you that data integrity existed in academic purposes, yet the designers who were in their data infancy often enough had no real concept of rollback data events, some would only be designed too long later, and in all this, the application of databases to the extent that was needed. It would not be until 1982 when dBase II came to the PC market from the founding fathers of what would later be known as Ashton-Tate, George Tate and Hal Lashlee would create a wave that would get us dBase III and with the creation of Clipper by the Nantucket Corporation, which would give a massive rise to database creations as well as the growth of data products that had never been seen before, as well as being the player that in the end propelled data quality towards the state it is nowadays. In this product databases did not just grow with the network abilities within this product nearly any final year IT person could have its portfolio of clients all with custom based products all data based. Within 2-3 years (which gets us to 1989), a whole league of data quality, data cleaning and data integrity base issues would surface for millions of places, all requiring solutions. It is my personal conviction that this was the point where data became adult, where data cleaning, data rollback as well as data integrity checks became actual issues that were seriously dealt with. So, here in 1989 we are finally confronted with the adult data issues that for the longest of times were only correctly understood by more than a few niche people who were often enough disregarded (I know that for certain because I was one of them).

So the essential events that could have prevented only to some degree the events we see in the Guardian with “survivors initially welcomed the announcement, while expressing frustration that the decades-long wait for answers had been too long. The contamination took place in the 1970s and 80s“, certain elements would not come into existence until a decade later.

So when we see “Liz Carroll, chief executive of the Haemophilia Society, wrote to May on Wednesday saying the department must not be involved in setting the remit and powers of an inquiry investigating its ministers and officials. She also highlighted the fact that key campaigners and individuals affected by the scandal had not been invited to the meeting“, I am not debating or opposing her in what could be a valid approach, I am merely stating that to comprehend the issues, the House of Lords needs to take the pulse of events and the taken steps forward from the Ministers who have been involved in the last 10 years.

When we see “We and our members universally reject meeting with the Department of Health as they are an implicated party. We do not believe that the DH should be allowed to direct or have any involvement into an investigation into themselves, other than giving evidence. The handling of this inquiry must be immediately transferred elsewhere“, we see a valid argument given, yet when we would receive testimonies from people, like the ministers in those days, how many would be aware and comprehend the data issues that were not even decently comprehended in those days? Because these data issues are clearly part of all of these events, they will become clear towards the end of the article.

Now, be aware, I am not giving some kind of a free pass, or give rise that those who got the bad blood should be trivialised or ignored or even set to a side track, I am merely calling for a good and clear path that allows for complete comprehension and for the subsequent need of actual prevention. You see, what happens today might be better, yet can we prevent this from ever happening again? In this I have to make a side step to a non-journalistic source, we see (at https://www.factor8scandal.uk/about-factor/), “It is often misreported that these treatments were “Blood Transfusions”. Not True. Factor was a processed pharmaceutical product (pictured)“, so when I see the Guardian making the same bloody mistake, as shown in the article, we see and should ask certain parties how they could remain in that same stance of utter criminal negligence (as I personally see it), but giving rise to intentional misrepresentation. When we see the quote (source: the Express) “Now, in the face of overwhelming evidence presented by Andy Burnham last month, Theresa May has still not ordered an inquiry into the culture, practice and ethics of the Department of Health in dealing with this human tragedy” with the added realisation that we have to face that the actual culprit was not merely data, yet the existence of the cause through Factor VIII is not even mentioned, the Guardian steered clear via the quote “A recent parliamentary report found around 7,500 patients were infected by imported blood products from commercial organisations in the US” and in addition the quote “The UK Public Health Minister, Caroline Flint, has said: “We are aware that during the 1970s and 80s blood products were sourced from US prisoners” and the UK Haemophilia Society has called for a Public Inquiry. The UK Government maintains that the Government of the day had acted in good faith and without the blood products many patients would have died. In a letter to Lord Jenkin of Roding the Chief Executive of the National Health Service (NHS) informed Lord Jenkin that most files on contaminated NHS blood products which infected people with HIV and hepatitis C had unfortunately been destroyed ‘in error’. Fortunately, copies that were taken by legal entities in the UK at the time of previous litigation may mean the documentation can be retrieved and consequently assessed“, the sources the Express and the New York Times, we see for example the quote “Cutter Biological, introduced its safer medicine in late February 1984 as evidence mounted that the earlier version was infecting hemophiliacs with H.I.V. Yet for over a year, the company continued to sell the old medicine overseas, prompting a United States regulator to accuse Cutter of breaking its promise to stop selling the product” with the additional “Cutter officials were trying to avoid being stuck with large stores of a product that was proving increasingly unmarketable in the United States and Europe“, so how often did we see the mention of ‘Cutter Biological‘ (or Bayer pharmaceuticals for that matter)?

In the entire Arkansas Prison part we see that there are connections to cases of criminal negligence in Canada 2006 (where Canadian Red Cross fell on their sword), Japan 2007 as well as the visibility of the entire issue at Slamdance 2005, so as we see the rise of inquiries, how many have truly investigated the links between these people and how the connection to Bayer pharmaceuticals kept them out of harm’s way for the longest of times? How many people at Cutter Biological have not merely been investigated, but also indicted for murder? When we get ‘trying to avoid being stuck with large stores of a non-sellable product‘ we get the proven issue of intent. Because there are no recall and destroy actions, were there?

Even as we see a batch of sources giving us parts in this year, the entire visibility from 2005-2017 shows that the media has given no, or at best dubious visibility in all this, even yesterday’s article at the Guardian shows the continuation of bad visibility with the blood packs. So when we look (at http://www.kpbs.org/news/2011/aug/04/bad-blood-cautionary-tale/), and see the August 2011 part with “This “miracle” product was considered so beneficial that it was approved by the FDA despite known risks of viral contamination, including the near-certainty of infection with hepatitis“, we wonder how the wonder drug got to be or remain on the market. Now, there is a fair defence that some issues would be unknown or even untested to some degree, yet the ‘the near-certainty of infection with hepatitis‘ should give rise to all kinds of questions and it is not the first time that the FDA is seen to approve bad medication, which gives rise to the question why they are allowed to be the cartel of approval as big bucks is the gateway through their door. When we consider the additional quote of “By the time the medication was pulled from the market in 1985, 10,000 hemophiliacs had been infected with HIV, and 15,000 with hepatitis C; causing the worst medical disaster in U.S. history“, how come that it took 6 years for this to get decent amounts of traction within the UK government.

What happened to all that data?

You see, this is not merely about the events, I believe that if any old systems (a very unlikely reality) could be retrieved, how long would it take for digital forensics to find in the erased (not overwritten) records to show that certain matters could have been found in these very early records? Especially when we consider the infancy of data integrity and data cleaning, what other evidence could have surfaced? In all this, no matter how we dig in places like the BBC and other places, we see a massive lack of visibility on Bayer Pharmaceuticals. So when we look (at http://pharma.bayer.com/en/innovation-partnering/research-focus/hemophilia/), we might accept that the product has been corrected, yet their own site gives us “the missing clotting factor is replaced by a ‘recombinant factor’, which is manufactured using genetically modified mammalian cells. When administered intravenously, the recombinant factor helps to stop acute bleeding at an early stage or may prevent it altogether by regular prophylaxis. The recombinant factor VIII developed by Bayer for treating hemophilia A was one of the first products of its kind. It was launched in 1993“, so was this solution based on the evolution of getting thousands of people killed? the sideline “Since the mid-1970s Bayer has engaged in research in haematology focusing its efforts on developing new treatment options for the therapy of haemophilia A (factor VIII deficiency)“, so in all this, whether valid or not (depending on the link between Bayer Pharmaceuticals UK and Cutter Biological. the mere visibility on these two missing in all the mentions, is a matter of additional questions, especially as Bayer became the owner of it all between 1974 and 1978, which puts them clearly in the required crosshairs of certain activities like depleting bad medication stockpiles. Again, not too much being shown in the several news articles I was reading. When we see the Independent, we see ‘Health Secretary Jeremy Hunt to meet victims’ families before form of inquiry is decided‘, in this case it seems a little far-fetched that the presentation by Andy Burham (as given in the Express) would not have been enough to give an immediate green light to all this. Even as the independent is hiding behind blood bags as well, they do give the caption of Factor VIII with it, yet we see no mention of Bayer or Cutter, yet there is a mention of ‘prisoners‘ and the fact that their blood was paid for, yet no mention of the events in Canada and Japan, two instances that gives rise to an immediate and essential need for an inquiry.

In all this, we need to realise that no matter how deep the inquiry goes, the amount of evidence that could have been wiped or set asunder from the eyes of the people by the administrative gods of Information Technology as it was between 1975 and 1989, there is a dangerous situation. One that came unwillingly through the evolution of data systems, one that seems to be the intent of the reporting media as we see the utter absence of Bayer Pharmaceuticals in all of this, whilst there is a growing pool of evidence through documentaries, ad other sources that seem to lose visibility as the media is growing a view of presentations that are skating on the subject, yet until the inquiry becomes an official part we see a lot less than the people are entitled to, so is that another instance of the ethical chapters of the Leveson inquiry? And when this inquiry becomes an actuality, what questions will we see absent or sidelined?

All this gets me back to the Guardian article as we see “The threat to the inquiry comes only a week after May ordered a full investigation into how contaminated blood transfusions infected thousands of people with hepatitis C and HIV“, so how about the events from 2005 onwards? Were they mere pharmaceutical chopped liver? In the linked ‘Theresa May orders contaminated blood scandal inquiry‘ article there was no mention of Factor VIII, Bayer (pharmaceuticals) or Cutter (biological). It seems that we need to give rise that ethical issues have been trampled on, so a mention of “a criminal cover-up on an industrial scale” is not a mere indication; it is an almost given certainty. In all that, as the inquiry will get traction, I wonder how both the current and past governments will be adamant to avoid skating into certain realms of the events (like naming the commercial players), and when we realise this, will there be any justice to the victims, especially when the data systems of those days have been out of time for some time and the legislation on legacy data is pretty much non-existent. When the end balance is given, in (as I personally see it) a requirement of considering to replace whatever Bayer Pharmaceuticals is supplying the UK NHS, I will wonder who will be required to fall on the virtual sword of non-accountability. The mere reason being that when we see (at http://www.annualreport2016.bayer.com/) that Bayer is approaching a revenue of 47 billion (€ 46,769M) in 2016, should there not be a consequence of the players ‘depleting unsellable stock‘ at the expense of thousands of lives? This is another matter that is interestingly absent from the entire UK press cycles. And this is not me just speculating, the sources give clear absence whilst the FDA reports show other levels of failing, it seems that some players forget that lots of data is now globally available which seems to fuel the mention of ‘criminal negligence‘.

So you have a nice day and when you see the next news cycle with bad blood, showing blood bags and making no mention of Factor VIII, or the pharmaceutical players clearly connected to all this, you just wonder who is doing the job for these journalists, because the data as it needed to be shown, was easily found in the most open of UK and US governmental places.

 

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

July 6, 2014 · 15:23

The hungry Journalist games

Another day and another article on Sky News!

This all started a long time ago, but it seems that this article (at http://news.sky.com/story/1293651/internet-firms-take-legal-action-against-gchq), opens up new avenues to explore, aqs it already had taken the cake as one might say. There are issues for certain, they are on both sides, but what is this about?

The seven countries involved are the UK, the US, Germany, the Netherlands, South Korea and Zimbabwe. Let’s start by stating that this is an interesting group of nations to begin with. It was an article in Der Spiegel that set them off. Most sources seem to have copied and pasted the same message (Reuters Journalism as I tend to call it), one source also had this: “Their complaint follows in the wake of articles about mass surveillance published in the Guardian based on material released by Snowden“.

So again this could be a ‘Snowden’ story, but I want to take a look at another side and the quote by Eric King spokesperson (deputy director) of Privacy International who stated “It completely cripples our confidence in the internet economy and threatens the rights of all those who use it. These unlawful activities, run jointly by GCHQ and the NSA, must come to an end immediately

Is that the truth, or should the correct quote be “It completely undermines our support of optional criminal activities and threatens the opportunity of economic abuse for all who desire it. Their unlawful activities, run jointly by GCHQ and the NSA, must come to an end immediately, so that we may again focus on possibly deniable illicit profit

That is quite the change, isn’t it? Consider the following two issues. First the prices, for example ‘Greenhost’ offers the following:

Webhosting 120 GB storage and 1.2 TB data traffic for 132.75 euro’s a month and virtual data servers containing 50 GB storage and 1 TB bandwidth a month for 215 euro’s a month. Basically, just one account would fit the web space for most the ENTIRE Forbes top 50, not just one or two.

So, in light of recent events, I thought I had something here, the Dutch provider fits the bill, but then I got to Riseup, which no longer seemed to be active and the Chaos Computer Club (CCC) which seemed highly ideologically to me. More important, it did not fit the bill either. So am I barking up the wrong tree? (I have been wrong before you know!)

I still believe that the ISP’s are all about not complying as it is not about freedom, but about bandwidth (which directly translates into revenue), which seemed to fit the first part, but the others are not about that, which makes me wonder what is in play. Do you actually think that the NSA and GCHQ are about wasting time? So, is the Chaos Computer Club a waste of time? No, as far as I can tell, they are not. Are they a threat? Well, that remains the issue. They are hackers after all. Is it that farfetched that some people would want to keep track of some of these members? Let’s not forget that someone is feeding organised crime the knowledge that they need to avoid prosecution, when considering the power that both the Triades and the Russian Mafia have in the digital age area, looking into the CCC to some extent seems to be a given. However, knowing their skills, doing it in the way it is implied to have been done seems a little over the top as most of these hackers are pretty proud of themselves and they are for the most not in hiding. Let us not forget, they voice themselves to be about the freedom of the German people and the utter privilege of their data remaining private.

The fact is that this is an implied mess involving 7 countries, the next valid question becomes: ‘are they linked (beyond the accusation), or are they just a collection of elements?’

That question bares scrutiny, but should also indicate the view I have had of Snowden from the very beginning. I believe him to be a joke (and a bad one at that). Now, most of you will not believe this, but let us take a look at the EVIDENCE. I am not talking about some claim, but actual evidence partially on the common sense you and me hopefully tend to have.

1. The claims that he has made involves massive levels of access. Not the access a hacker will ever have, but the information from top level sources in the CIA, NSA and GCHQ. So were talking hacking into over dozens of top level secured servers, servers which are monitored 24/7. He, some hacker no one had ever heard from, did all that. These people behind the screens do NOT EVER give out passwords, do not give access, yet he had all the information and walked out of one of the most secure buildings in the world with all THAT data? This is a quote found in sources like ‘the Verge’ and ‘Wired’. I think we can agree that wired is a reputable source in regards to technology (at http://www.wired.com/2013/06/snowden-thumb-drive/) “‘There are people who need to use a thumb drive and they have special permission,’ an unnamed, ex-NSA official told the LA Times. ‘But when you use one, people always look at you funny.’” This is not unlike the view I have had for a year now. Let’s not forget, the NSA is the place where SELinux was developed, it was designed to keep close tabs on access control, specifically, who, where, how and with what. So ‘some’ technician, with the USB drive in the most secure server space on the planet is just not going to fly. The question I had from the very beginning is not how he did it, but what was actually at play here? The next part is assumption! Was it to give Booz Allan Hamilton more profit? That was my alleged first thought. If data was going to get ported to non-government institutions, this small caper could give BAH and whoever was getting oversight an easy and clean billion a year in revenue. That tactic, still ethically wrong, would have made perfect sense to me.

Here is how I see it and this is PURE assumption (I will get back to evidence in a minute for my next issue), consider the Microsoft disappointment with data collection plans for the Xbox One. We see some of the changes (at http://www.nytimes.com/2014/05/23/us/politics/house-votes-to-limit-nsas-collection-of-phone-data.html). The following quotes are essential here. The first one was from Jim Sensenbrenner, Republican of Wisconsin, “The N.S.A. might still be watching us, he added, but now we can be watching them“. It is a bold statement, but is it true; moreover, should they be watched? Yes, any intelligence operation needs oversight, which is fair enough in a democratic way of life, but how many should overlook this? Are the people in oversight not granted well above average powers and is it fair to any opposition party that they should have it?

2. What lies beneath this access is the amount of involvement. Prism is one of the named projects with supported links to Australia, the UK and the Netherlands, with Microsoft as a commercial partner. Really? One nation, known for clogs, cheeses, Hans Brinker and soccer is placed next to the NSA and the Commonwealth? It is a technological hub, no doubt about that, but it is the size of Maryland. So, this is just the first of several projects, involving secrecies that would be limited to the very top, most of it would not be written down and Snowden had it (as in having in past tense, details follow). The mention of projects like XKeyscore, Tempora, Project 6, Stateroom, Lustre and Muscular. They are not only different projects, but they are a scope of projects that would not ever be in one location to begin with. So, what is implied as ‘the top’ of data gathering and one IT person has it all? Is no one asking the questions the PRESS should have asked and openly doubted from the very beginning to begin with (a part that is not voiced in any way).

The funny part is that stateroom seems to be no more than the legal collection of information as EVERY government tends to collect diplomatic data and in his claim he made them ALL bitches to the NSA, they just do not know it. There is also a reference to Echelon, there are several references, but the one that matters is not named. A covert niche within the NSA and the name of the source is: Tom Clancy!

Is anyone starting to wake up now?

This is not about anything but the warped imagination that is not even close to a reality. Consider that every government has embassies and consulates, the Dutch have them, the Australians have them, so do the Brits and the Germans, not to mention the French and they have them too. Consulates and Embassies represent their governments. Consulates tend to be specific for people and companies, so that they have backups. Like getting home when your passport is stolen, or to help a company with a list of people they should talk to for starting to do business. Trade will always remain important anywhere. Embassies are more about ‘governing’ opportunities as I see them. The Dutch want to get first dibs on building a reliable bridge, so their ambassador talks the great talk. People skills is what it is all about and talking to the right people. There are other sides too, they try to resolve issues, like a Dutchman committing a crime in Melbourne (for example) and the Embassy tries to ‘help’ the Dutch person to get home again, or to assist local government with their investigation if need be. These people do work that they sometimes like and sometimes hate, it is a job that needs to be done. To get the best results some things need to remain confidential and secret and as such whether through encrypted ways or through other ways messages go back and front between a government and its local representatives and that needs a little more security. Some is as simple as a message of a first insight as to build a bridge; to keep the advantage this goes encrypted. It is the cost of business, plain and simple. There is no hidden agenda (other than national pride in trying to score the job). So, they do they do their job and they are not the NSA bitch in the process.

It is simple approach and the lie hidden within a truth was stated as “They are covert, and their true mission is not known by the majority of the diplomatic staff at the facility where they are assigned” Part of the truth is that the encryption specialist is usually not known, it is not a secret either, he used to be the person, who had one extra book with cyphers, he opened each page and set the encryption box and transmitted the information, often a NCO of communication (often has NATO duty reference A00x0). That person had two extra tasks and most in the diplomatic staff might not know, or better stated, they absolutely do not care.

When we saw the statements by certain key people in Australia or the UK they spoke the absolute truth. The small explanation I gave is done by all, the DSD (AUS), GCHQ (UK) and as I said it the Dutch have it too. It is a simple legally valid and required job that needs to be done, nothing secret about it, it is the cost of doing business and sometimes, to keep a lead profitable it sometimes gets handed over more secured, just like they do it at Microsoft (they just get heaps better equipment).

Another issue is the XKeyscore reference. Does such a thing exist, most likely! Now consider the implications of the following, there are mentions of 700 servers in 150 locations. The fact that it needs to intercept without visibility and analyse at the same time as a person does many things at the same time. Even if the best of the best was used (which likely is the case), then we are looking at a very select group trying to get a handle on perhaps no more than the most dangerous 2000 people on the planet. Does anyone believe that a system like this remains a secret if 4 Australian bases are involved? The next part can also be taken as a fact. Can anyone even guess the amount of bandwidth this takes? Most routers nearby the monitored person will truly get a beating, so whatever this is, it will show up. It is the scope that is claimed that makes no sense. Some in the NSA might find it nice if it was true, but the weak link in all this is the actual internet.

The last part of this is the kicker in this joke. If his life depends on it all, do you actually think he would ever part with the information? This came from the NY Times from October 2013 (at http://www.nytimes.com/2013/10/18/world/snowden-says-he-took-no-secret-files-to-russia.html) “Mr Snowden said he gave all of the classified documents he had obtained to journalists he met in Hong Kong, before flying to Moscow, and did not keep any copies for himself“, so his life depends on a journalist, who now has the thousands of documents?

Perhaps we should look at a much more likely explanation, the man has no value, the press is stretching the value of events, as they would and Snowden has played his part, I still think that the Chinese saw in him what I saw from the very beginning, a simple joke! They walked away and he had to flee to Russia who is keeping him around for entertainment and to piss of the Yanks (which they also regard as good entertainment). My issue is not him, but the fact that I see more wasted time and energy on laughable cases that keep us all away from actually moving forward. In this economy, as we are so stretched thin, rebuilding an economy is a first need, not waste time on some feigned attack on the ‘confidence in the internet economy‘ as Eric King puts it.

And for the love of whomever, let’s not compare Snowden and Assange, I completely oppose Assange and his view, but at least he seemed to believe in that what he did was a just cause and acted accordingly.

In the end this is just my view, but no one seems to be asking the questions the press are supposed to be asking. The Guardian and Der Spiegel seem to get a ‘free’ hand in boasting tons of data and a simple stamp ‘Snowden said it was so’ seems enough for people to just accept it.

4 Comments

Filed under IT, Law, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,