Shadowy Tech Brokers Deliver Data To the NSA 35
An anonymous reader notes an article about a group of companies whose business is to wiretap various ISPs (with permission) to gather data in response to federal subpoenas. Many smaller ISPs don't have the resources to deal with the flood of data requests from agencies like the NSA, so they outsource compliance and collection in order to keep costs down. The article profiles one of these companies, called Neustar:
Neustar can in many cases execute the warrant from anywhere within the U.S., keeping within the bounds of the country's surveillance law. But when a wiretap device is needed, they are not hard to come by. Most networking equipment makers sell devices that can be used to collect data, or used to inspect data — so-called deep-packet inspection devices, which can also be used to prevent piracy, the spread of malware, and website access, all at the Internet provider level. Once a FISA warrant is issued, so-called "tasking" orders, which contain selectors — like a phone number or an email address — are often sent electronically to the ISP. These tell the ISP or phone company, or third-parties like Neustar, exactly where to wiretap and what data to collect to hand back to the requesting authority.
Remember folks! (Score:2, Interesting)
It's not censorship when it's not the government doing it.
It's not oppression when it's not the government doing it.
It's not fascism when it's not the government doing it.
It's not a Constitutional violation when it's not the government doing it.
Re: (Score:1)
Shut up dick, I'm watching "Ow, my balls!"
Re:Remember folks! (Score:5, Insightful)
Man. Just think HOW MUCH WORSE it would have been, if the Nazis or the Communists won. We'd have to watch everything we say, not sure if our innocent statements were being permanently recorded - only to be retrieved and used against us, years later.
Oh, wait...
Well I'm sure glad that the people spying on us are also the one's reassuring us that Russia is evil, and all the other dangers we are protected from.
Re: (Score:1)
Wasn't the saying, "Better dead than red?"
In this case, I'm confused.
Re: (Score:1)
Pondering... (Score:4, Funny)
Funny title, if read too quickly (Score:3, Funny)
Full Packet Capture (Score:4, Informative)
so-called deep-packet inspection devices, which can also be used to prevent piracy, the spread of malware, and website access, all at the Internet provider level....
Er, no, that is not what full packet capture devices are used for AT ALL.
Full packet capture devices are typically used for digital forensics. For example, your company gets hacked using an APT and you know that probably data was exfiltrated, but you don't know exactly what data was taken and you don't know how these guys got into your system. A full packet capture device can help here. Another way they are typically used is to produce evidence for court cases where employees steal company data and so forth, or browse child porn at work, etc.
They are NOT typically used to "prevent piracy" or "spread of malware" or "website access", I don't even see the use case here. I think the OP is confusing full packet capture with layer 7 application state firewalls, which ARE used for the above.
Re:Full Packet Capture (Score:4, Informative)
They are NOT typically used to "prevent piracy" or "spread of malware" or "website access", I don't even see the use case here. I think the OP is confusing full packet capture with layer 7 application state firewalls, which ARE used for the above.
Um, wrong.
Deep-packet inspection was used routinely by the large ISPs to throttle certain kinds of traffic, until the FCC made them stop. This was just a couple of years ago.
Maybe not "full" packet inspection, but it was deep packet inspection, so they could distinguish, for example, packets of BitTorrent traffic from packets containing streamed video from YouTube.
Small ISP (Score:2)
What "smaller ISPs"? Are there many left? Haven't most merged into competition-free oligopolies already?
Re: (Score:1)
She's a drag, a well-known drag. We turn the sound down on her and say rude things.
Exactly where to wiretap? (Score:4)
By "where", I assume the article means San Francisco [wikipedia.org]. And "whom" (if it were mentioned) would mean everyone in the damn country.
NSA, I hope you die badly in a fire.
kinda/sorta like red-light cameras (Score:2)
Everybody misses the point with the NSA (Score:4, Informative)
The real dark nightmare isn't the NSA as a government agency.
It's the fact that the NSA is really a cartel of private companies that, as private companies do, work for the good of their bottom line first, and everything else second. They will do everything they can do to get them more business. When their business is undermining your right to privacy guess what the fuck is going to happen?
Welcome to the "Security Services Complex" - Dark budgets. Secret courts. No oversight. They make money and you lose. It's a gigantic scam and nobody, not even Congress or the President really has the ability to audit them.
And really, what incentive do they have? What happens if a headless, unaccountable NSA doesn't feel like having their budget slashed? They really could do anything they wanted to intimidate/blackmail/smear/disappear an inconvenient politician and no one would be the wiser.
Don't forget about Snowden. What's important about Snowden really isn't the leaked information. It's the fact he was just some flunky working for a private contractor. He was able to do what he did because he was walking out of an office building with flash drive. National security reduced to a run of the mills business IT security social engineering attack.
Re:Everybody misses the point with the NSA (Score:5, Insightful)
Motive just isn't that relevant. An organization brutalizing or blackmailing you for your own good is just not that different from one doing it to make a buck. Except that the latter would stop when things start to get unprofitable.
Open Many Doors (Score:2)
Re:Open Many Doors (Score:5, Insightful)
It is impossible to enforce the laws when you can catch all the violations.... What will happen when the slumbering public becomes aware that society gives some criminals a free pass?
I think the premise of your argument, (that the primary concern of Three Letter Agencies is stopping crimes of various kinds), is largely false. The prime directive of these agencies, (organisms if you will, because they have many characteristics of living entities), is to grow, to thrive, to gain power, and to become ever more robust and resistant to damage. For example, the last thing the NSA wants is an end to terrorism and various foreign threats. Too much money is at stake, and too many jobs, careers, and personal empires are on the line; if enough enemies don't exist in reality, they will be fabricated as required. (BTW, all that data they're gathering comprises a shitload of raw material for said fabrication). Ditto for the DEA, (that's why you'll never see legalization of drugs), the military, etc.
Wars of various kinds, (including NSA 'intelligence wars'), are simply too profitable to be 'won' or otherwise concluded; the agencies in question will continue to expand their power and reach so they can make damned sure that the wars will never end. As for the "slumbering public", your description of them answers the question you asked.
Re:Open Many Doors (Score:5, Insightful)
It is impossible to enforce the laws when you can catch all the violations
You're asking the wrong question - the correct question is this - how have we wound up in a situation where he have so many offenders, of so many laws, that there's not enough resources to lock them all up even if we knew every last one of them.
The answer is simple - if you create a job which comes with money and power, and where the job description is writing laws - you are going to have more laws. It's inevitable. And in a society where as a lawmaker you are rewarded for being "tough on crime", each subsequent law will be nitpickier and more punishing than the last.
That's it - our own system is going to bury us all in petty crime.
Freedom is the ability to break little rules. Rule of law is when you get caught when you break the big rules. A police state is when everyone is guilty, and it's up the police to decide who gets caught at what time.
As someone who was born behind the Iron Curtain, I promise you that the latter is very very scary.
Re: (Score:1)
Most petty crimes don't lead to imprisonment. The criminal system is dysfunctional but don't waste time with the parts that work.
Petty crime does little long-term damage to society. Hence, the name. Some of the things marked as petty are quite serious. The damage of someone doing 30 over the speed limit can be quite large, but the probability of causing a one-off accident is low. So a fine provides a cumulative punishment (as well as repeat-offender laws) and the police get paid to enforce the law. Th
Re: (Score:2)
Options: see where the cash goes and follow it up to the 'top' by offering all the lower people found "informant" status.
This builds insiders and providers open court parallel construction cover to hide mention
FISA directives are not warrants (Score:4, Insightful)
Please don't call FISA directives "warrants." They aren't issued upon probable cause of suspicion of a crime. NSA defenders love calling them that because it gives them a false veneer of legality.
I worked for a small ISP (Score:1)
Our CALEA vendor deployed their own router to create a VPN from the core of our ISP to their network. When a subpoena was issued, they had pre-configured access via SNMP to the core routers to enabled/disable "lawful intercept" duplication of interesting traffic which then flowed over the vpn to their data collection servers. From there, they parse and interpret and forward on to the requesting agency. SSL protected traffic? Useless...
"Lawful intercept" is a feature set built into all core router images
Ugh (Score:1)
http://en.wikipedia.org/wiki/N... [wikipedia.org]
Neustar also operates the authoritative directory for U.S. Common Short Codes, part of the short messaging service (SMS) relied upon by the U.S. wireless industry, and provides solutions used by mobile network operators to enable mobile instant messaging for their end users.