CIA Researching Automated IRC Spying 413
Iphtashu Fitz writes "CNet News is reporting that the CIA has been quietly investing in research programs to automatically monitor Internet chat rooms. In a two year agreement with the National Science Foundation, CIA officials were involved with the selection of recipients for research grants to develop automated chat room monitors. Researchers at Rensselaer Polytechnic Institute received $157,673 from the CIA and NSF for their proposal of 'a system to be deployed in the background of any chat room as a silent listener for eavesdropping ... The proposed system could aid the intelligence community to discover hidden communities and communication patterns in chat rooms without human intervention.' How soon until all IM conversations are monitored by Big Brother? The abstract of the proposal is available on the NFS website."
It wont really be any good... (Score:5, Insightful)
Now's a good time... for SSL (Score:3, Insightful)
Juristiction? (Score:3, Insightful)
Not the government's fault (Score:5, Insightful)
Re:Ahhh, IRC (Score:2, Insightful)
Re:It wont really be any good... (Score:3, Insightful)
I'd think anyone planning crimes on IRC would be a complete moron, but then, many criminals tend to be complete morons.
Echelon - already done (Score:5, Insightful)
The NSF might lack the tools, but I sincerely doubt that the CIA are developing these sorts of very basic tools. More likely, the NSF aren't given access or information on the extent of CIA information gathering.
Also, I imagine such a news article makes the public likely to believe that the technology isn't already in active use.
Re:No expectation of privacy (Score:4, Insightful)
threat models (Score:4, Insightful)
This surpasses basic monitoring of clear text protocols like irc but it still doesn't have the ability to monitor where you must actually be a part of a community. If you use irc over SSL, you're in the clear from passive and undetectable monitoring. This obviously gets around that but it means that they will have some interesting people poking around with people who normally do the poking on networks.
The rand corp goes one step further and seeks to hire people to become members of groups by being an outright spy. Pretty interesting stuff. It was on cypherpunks a while back.
It should be assumed that if you don't use encryption, it can be monitored. If you use encryption (irc over ssl, silc, etc) in a broadcast medium (for an entire room), you should assume it's monitored also. It would just have to be monitored by an agent of some sort.
It's all about the threat model you're up against.
Re:That's easy to beat... (Score:3, Insightful)
Re:It wont really be any good... (Score:4, Insightful)
Open source IRC daemon running on open source OS.
An invite only channel, with key, now where does CIA plan to step in?
And it's obvious no valuable information will be exchanged via popular IMs. I once though it would, as there is so much traffic, that no one is able to comprehend it, bu as soon as I wanted to relay sth valuable, let's say a password or whatever, delicious cookie recipe, I used secure channels.
Now why would they want to spy on 14 year olds, I don't know.
How can they differntate what's real, I remeber that somwhere out there there is this Echelon system working, recording all my phone call and checking for 'special' words. I try to use 'nuke', 'osama', 'chemical weapons' in few languages, but the black suits still refuse to come.
In general I'm not so paranoid, I don't think that we're facing Orwellian times. The main reason for that, there are not enough human resources to have it working. Let's say we wanted every person in the world to be spied on by another person, the way it is done now, is in shifts, at least two people involved, usually much more. Now technology helps with this problem, let's say we can record every minute of a man's life, there still has to be someone to watch all that footage, if we go on, we could probably end up with only half of the population in the BigBrother business, I think with current economy it is not possible.
I could elaborate on this subject a bit more, but I hope you get my point.
Of course, but... (Score:2, Insightful)
They'll probably announce in a couple of months that IRC monitoring was not feasible due to the super-complicated technical problems inherent in logging plain text.
give me your money, slave. (Score:5, Insightful)
It's easy to understand why I'm upset. You might understand the next time you pay your taxes. Remember that a fraction of your hard work is going to pay for your government to listen in on your conversations. Many people are making a living at it. I think they and my government have better uses for my money. I did not ask for it, I don't like it and I don't want to pay for it. it's also well-known that your IP address is exposed to all those on the server.
If you don't mind that kind of thing, perhaps I can interest you in a few personal services. For the low price of $50/hr, I'll log all of the communications from your "exposed" IP address, cull what I want, damage your reputation by questioning your peers if I note anything suspicious and even charge you with crimes if you happen to say the wrong thing. Most of the work will be automated but I take no responsibility for the information being stolen by insurance companies, employers and other organizations that have a direct impact on your quality of life. By freedom of information, I'll be sure to let people know that I'm investigating you but I'll tell them that I'm an official government agency, so they won't question my motives and will instead turn their suspicions onto you. Sound like a good deal?
Pay up!
Re:Juristiction? (Score:5, Insightful)
This means that there is no law stopping the US government from spying on Europeans, or for that matter European governments from spying on people in the US. A government can even use this to bypass its own privacy regulations by having a friendly government spy on its citizens and getting that information.
If you want to stop wiretapping, use encryption. Do not assume that a legal barrier is going to stop a secretive organization with little oversight into its activities.
public vs private in cyberspace (Score:5, Insightful)
Of course, cynics (like me
Re:No expectation of privacy (Score:3, Insightful)
IRC is more like a bar. You're talking to a bunch of people, and people come and go freely. Of course people can record what you're saying in a bar, just as they can record a log of what's said in an IRC channel, but would you go to a bar with the expectation of your every word being recorded?
And, if you were in a bar and there was a high probability that your every word was being monitored, wouldn't you choose your words more carefully? For example, wouldn't you think twice about talking about your new supply of weed, that movie or that album you downloaded last night or that time you ripped off a bunch of stuff from work?
Of course, you're right that you shouldn't have a complete expectation of privacy in just about everything you do online but there's a difference between having no expectation of privacy and your every conversation actually being monitored.
There's a name for the country where everything is recorded and nothing goes unseen. It's called Oceania.
Re:Heh (Score:1, Insightful)
The Patriot Act was never going to give the government access to terrorists' library records, either. It was to find people in the United States who are "dissident". If people are talking about things (other than terrorism) that the government doesn't like, this IRC parser is an easy way to find them. Bolster the lists of people to watch. (They must be bored.)
This is the CIA? (Score:2, Insightful)
Re:It wont really be any good... (Score:3, Insightful)
A common misconception, considering we only know about the criminals that have been caught. Of the intelligent ones we can only speculate...
Re:Not the government's fault (Score:1, Insightful)
Let them monitor.... (Score:2, Insightful)
"They hate us for our freedom!" (Score:3, Insightful)
Until we can control our govts, something like this is just a bad thing.
Re:It wont really be any good... (Score:1, Insightful)
So many things wrong with this post! (Score:3, Insightful)
Good luck (Score:3, Insightful)
Or good luck to listening to my Skype conversations. Although, knowing that Skype is closed source and proprietary, I have absolutely no guarantee, that their claim of AES encryption gives me any protection/privacy. Just recently there was thread on
Or couple of years ago, I've had to convince my boss that "security" of MDaemon on Windows does not exist. I sat to its password files, noticed something peculiar about them and broke the "secret algorithm" in about 4hrs. Passwords were not even xored, they were summed[1] with "secret" and encoded with base64. The secret was "The setup process could not create the necessary system accout MDaemon".
Robert
[1] you know: (passwd[n] + secret[n]) & 0xff
Encryption isn't Immunity (Score:2, Insightful)
If you are relying on SSL and consider yourself immune to spying, you are in for a suprise. If they want to spy on you badly enough, they can. It just takes more work with encryption.
Re:Encryption isn't Immunity (Score:2, Insightful)
If "certain time period" > my_life_span then Encryption_will_protect_me = True.
Re:Encryption isn't Immunity (Score:2, Insightful)
more important:
if it takes too long for the feds to break the scheme, then the terrorist attack (what they are claiming this technology is for) will still go through, and the public will only become more frustrated when they find out that the FBI of CIA or whatever ACTUALLY had records of people planning the attack (even more trouble for the feds).
My Concern (Score:1, Insightful)
How long before it's used to monitor for dissenting comments towards the nationalist regime?
"We are at war with terrorist states Winston and we have always been at war with terrorist states; is that correct Winston?"
Re:Encryption isn't Immunity (Score:2, Insightful)
No, there isn't.
Any cyphertext can be decoded given enough time. This is why keysize is important. For each bit you add to the key, you double the time needed to brute force it.
It *IS* the government's fault (Score:3, Insightful)
No, the only reason they get technology like this is because we allow them to ask for it. You think that if they offered enough money (say $157,673) that some company wouldn't jump to make this same product for them? Should we boycott IBM because they sell computers to the government which they then use to crack codes or monitor the Internet (Carnivore, etc)? Should we boycott Smith and Wesson because they make guns for agents to use? No, we should tell our government that they are not allowed to do these things. Making of tools should not be punished; commiting bad/wrong acts should be disallowed, especially in a government "by the people, of the people and for the people".