Friday, June 07, 2013

Don't Panic

Maybe it's because I used to be a professional hacker.
Maybe it's because I understand the truth of data
Actually, it's probably because I'm a paranoid hacker and a anti-government libertarian.

But this is my surprised face that the fedgov has been tracking all phone calls, all facebook/youtube/skype/google/apple interactions, all locations from which you use these services.

If you weren't already operating under this assumption you haven't been paying attention.

But don't worry, here's a few reasons why you're not already in jail for thought crimes!


1. Too much raw data

Good news: My suspicions were somewhat confirmed here that they can't process all the data yet. At the moment, they're just storing it. It's just a numerically indexed amorphous blob of data.

Now if you have an indexing point, such as "Dzhokhar Tsarnaev" then, there's TONS of data you can review, and new branches on the connection tree you can investigate off that one leaf of data. But you need a starting point.

Bad news: Computing power is getting to the point where the amount of data is trivial. They're saving it not because they intend to go through all of it, but because they intend to, one day, have the technology to do so automatically.

2. Too many cooks, no one follows the recipes

Good news: If you go to recipe.com and myrecipe.com and search for wild rice gumbo on each, and your friendly neighborhood Big Brother FISA warrants all the information from those websites, there would not be a way to combine that data to output: "Times searched for wild rice gumbo=2" automatically.

Recipe.com and Myrecipe.com store their data differently, so no matter how similar they are, you won't be able to lock the data together like to lego bricks.

However, if they knew they wanted data on your IP address, and you connected to both sites from home using the same IP address, a person, not a computer, but a PERSON could review the data from both web sites, apply brainpower, and say, "It appears this person searched for wild rice gumbo from both sites."

But what if CableCo refreshed your IP address between the time that you went to recipe.com and myrecipe.com? Well then BB would need a FISA warrant for all of CableCo's data, and then a PERSON would have to review that data, and figure out how to connect a subscriber to a certain IP address for a certain block of time.

This problem becomes exponential because the more data you try to connect, the more complexity you add.

Bad news: There are new heuristics engines that can take a pretty solid guess at what things are, and how they might connect. They're not perfect, and a slight imperfection at the second generation means a HUGE imperfection at the twentieth generation, but they're getting better. Or worse, they might get data wrong and implicate or single you out simply due to a mistake.


3. Analog recognition

Good news: If I upload a video to youtube, youtube would love to be able to scan it automatically and return, "This video is about a cat that appears to be playing the keyboard. However, as this is unlikely, the owner is probably controlling the cat's arms. Additionally, the cat seems disinterested." But to a computer, a video is just a bunch of flickering lights. It can tell you technical things about it, the date it was recorded, the size of the file, the metadata, but it can't interpret the flickering lights.

Similarly, a phone call is a series of electronic modulations. Some are static, some are speech, some are background noise, some are all of those things together. Interpreting those warbles into actual speech can be very difficult.

The other difficulty is the sheer size of the data. Because each frame or millisecond of analog data may be important, you can't skip any of it. A high quality recording of me farting into the air intake of your central air system is a huge file. If BB could wave a magic wand and turn that waste of space and processing effort into "ET farts in vent lol" that's much easier to process and store.

Bad news: Speech to text recognition is pretty darn good, and getting better every day. Each time you use google's voice recognition or chat idly with Siri, you make their systems (and therefore, BB's systems) better at turning analog data into text or metadata that they can store and process at a tiny fraction of the computing/storage cost.

Facial recognition is up and coming, but far from where it needs to be. It still relies on old hardware and requires certain conditions. Sounds good right? Well, if you can control the hardware and conditions, like inside an airport terminal, or at the sidewalk outside a government building, they work just fine for exposed faces.


4. The noise to signal ratio

Good news: What percentage of all the data they're gather do you think they're actually interested in? It's nowhere near as high as 0.0001%

The sheer volume of data is gargantuan... no, monumental... no, unfathomable... no, galactic! Yes, the amount of data is GALACTIC. Think of every fart joke on twitter, every racist youtube comment, every "Lol LeIk YoU KaRe aBot Mi tRbL dAy OMGWTFBBQ" post on the faces book, all screaming in your face while you try to find where John Doeson saved a draft email reading, "These reasons and more are why I will strike back against The West for its crimes against my people."

Noise data is being created every day, it's unstoppable. The more of it there is, the harder it is to sift through. No matter the computing power.

A computer that processes all data instantly using unicorns is still limited by the pipes that feed that computer data.

60 million people processing this data day and night would never catch up to real time, so there MUST be limits on what data is deemed important enough to process, therefore, there are places where (barring some true stupidity) your data will be ignored.

Bad news: ... ? I guess if that unicorn computer existed, we could worry about faster pipes, but that just means more noise, faster. It's hard to get around this, even with quantum computing.

As terrible as it sounds, all the useless data on the internet does actually have a use... Be sure to thank a racist youtube commenter.


5. Data packages not partnership

Good news: All accounts I've read have indicated daily full data exports or individual requests. This is likely a function of legal requirements. BB may be able to subpoena X information between Y and Z date, but it cannot enforce a partnership.

Full data exports are giant blobs of data that must be transmitted, entered, and processed before something can be done with them. This means more overhead, and more difficulty. More importantly, this means BB has to conform and contort to work with THE COMPANY'S systems.

That means this data is not optimized, is subject to the company's limitations, and is affected by the company's data storage processes.

Your gmail notes how much free space you have available. What happens if you have 4 GB available, upload a 3.9 GB file of your manifesto (padded with 1080p recordings of bloggers farting into vents), then delete it, and upload a 3.9 GB file of 1080p recordings of paint drying? Does google "delete" the first 3.9 GB file, but secretly stores it forever? Good question.

Blogger keeps a history of posts I've made and drafts I've saved. If I delete a post, might Blogger keep it considering it's so small? Maybe. Multiply that by the tens of millions of users deleting posts every day, and there starts to be a serious cost to Blogger. But lets assume for a moment that they do.

What if I'm actively writing a post, and it's auto saving as I type, and I write "That's why we should kill the president and enforce sharia law" then erase it, and continue normally? Does blogger save all the iterations of my draft posts as they're automatically saved? Pretty unlikely. Maybe just the changes? But that requires more processing power to compare.

What if I delete my blog? Seems pretty likely that blogger might store the whole of my blog for some time in case I change my mind, or if BB requests the information I'm clearly trying to hide. But what if I overwrite ALL my blog posts with random bits of a book I downloaded from Project Gutenberg, THEN delete my blog?

Now you're thinking laterally!

Bad news: The real danger is data partnerships. This would be BB commanding all the company's data, in real time, be forwarded to them, in their own format, for processing. This is 100% connectivity from the company to BB. It eliminates thousands of man-hours, adds an instant update of all changes (ALL not just what the company keeps at the end of the day), and becomes limited only by processing power (which will become unlimited when they figure out that whole unicorn/CPU interface).

Companies may choose to interface in this way, but it's very unlikely. It is also unlikely BB may compel companies to interface in this way. But lots of things that have already happened were unlikely.


6. Your foe is a 20' foot 10,000lb dullard

Good news: At the end of the day, even backed by magical unicorn technology, the Federal Government just sucks at doing everything.

Categorically.

Bad news: There are individuals so zealous for statism and fascism that they work tirelessly to enforce their will upon you simply for their own personal satisfaction. You may be singled out by the dullard, and if he begins the paperwork to swing his fist at you, and you are in the same place long enough for that fist to hit you, it can destroy you.


So what do I do?

Treat all things that happen on networks you don't control as public information. Don't talk about your drug deal/tax evasion/murder over the phone, near your unused phone while under investigation, or with your onStar device tracking your every move and listening for "car accidents" (who owns GM again?).

Don't post things online that you don't want BB to see. (That includes this blog)

Use PGP for all electronic communications.

Obfuscate your meaning in messages.

Don't get on the radar. (I'm not talking about the "I'm a libertarian, Eff the fedgov" radar, I mean the "Plant the bomb on the first and third load bearing support in the parking garage of the federal building at 2am" kind of radar. The fedgov already knows ornery libertarians exist, and they certainly know they don't much care for the fedgov, but that only makes you one out of tens of millions of people.

Make your online persona fit one of BB's molds. Psychological profiles are excellent things to gather, and easy to extrapolate with "close enough" heuristics. Remember how the signal to noise ratio is so high that there must be things BB doesn't both to look at normally? Well there are certain personalities that BB is just not that interested in. Try to become one of those personalities filed under "loud but gutless" or "mostly harmless."

Poke holes in your online persona, and passingly embrace the stereotypes that others want to believe about you. Show that you are philosophically dishonest, and occasionally abandon your morals when convenient (at least, say you do online). "Yeah, I took that government aid, but it's only because it's my money anyways, I paid into the system, and it's not like it's stealing from someone else because it's my money too!" Become someone who doesn't stand out by fitting a stereotype.

Appear to fall into their trap. After the next attack, have a "Come to Obama" moment, where you realize that these "turrists" are "just too dangerous" for us to continue being "free" anymore because "freedom" doesn't mean anything if you're suicide bombed with anthrax ball bearings pressure cooker box cutter TERRORISTS!!!!11 From then on, let your online persona be that of a statist and government apologist.

But don't change too much too fast. A drastic swing in the content of your online postings is more worrisome that you posting, "Someone otta kill dem gubmint offishils!" every day for years.


WARNING: DO NOT DEVIATE


Remember when I was talking about heuristics? Patterns are something computers are GREAT at figuring out and monitoring. A computer system can definitely detect variations in activity, and flag them for review! The sensitivity must be reduced so it doesn't flag every person who buys their Starbucks five minutes later than normal, so if you must change, gradual changes are the key! It would be better to maintain, if you can, what you were doing previously in conjunction with your new activites.

Don't go dark!

Refusing to use all online services and primary phone carriers may be more of a red flag than doing exactly what you're doing right now. Especially when BB thinks he has a bead on you.

Besides, why out the informant when he's more useful to you delivering counter-intelligence? Use these systems knowing they are specifically for BB.

Don't pull the onStar out of your car, wire it for battery power, and leave it in your garage on your special trip.

Don't stop using your debit card, use it to buy your groceries with your rewards card like normal. Then go back in, and buy what you want with cash and no customer card. Yes, the Jack Bauer 5000 license plate tracking system followed you to the store, and yes, Kroger's customer records show you bought X items for Y dollars, and yes, your debit card shows exactly Y dollars at that place in that time window. Do you think they're going to go through the trouble of pulling the security video tapes (if they're not overwritten!) to confirm that this was ALL you bought when they've already got so much data fitting their expectations?

Don't stop texting/calling your comrades! This is a huge indicator of some other form of communication, and will draw further scrutiny into how you might be communicating beyond BB's vision. Maybe a series of passive aggressive texts followed by a long shouting match over the phone, and some final four letter words exchanged via text? The ruse may fall apart when you buy Chinese food with your debit card at the place across the street from his house once a week.

Create digital alibis for your out of character actions. If you're going to meet someone at a book shop you've never been before, do a google search for a book you want, search for nearby bookstores, call the nearby book stores, do a google search for "book store inventory search online", call a couple more, then call your target book store, map directions to the place, text your wife that you're going to get the book and will be back soon, take your phone along, and buy gas on the way, actually buy the book, but not before going for a walk with your friend (with your phone in the car, and his phone at home so you're not on the same tower).

Provide a natural progression for your searches. Think of the murderers who google searched "How to kill someone" then after various searches searched "Where to buy trimetholpoisonate" and out-clicked to chemistrydirect.com. It wouldn't be much better for them to search, out of the blue, "trimetholpoisonate." But maybe if they were searching "My cat is constipated", then "diuretic", then "diuretic for cats", then "where to buy Shitty Kitty Drops", then "Shitty Kitty coupon", then "Shitty Kitty generic brand", then "Shitty Kitty active ingredient", then "trimetholpoisonate for cats", then "Where to buy trimetholpoisonate" and out-clicked to chemistrydirect.com. This stands out a lot less (assuming you actually have a cat... OR searched on google "craigslist free kittens [local city]", posted about your new cat on facebook, and used your debit card to buy cat food and kitty litter once a month)


Practice privacy

Make one or two everyday tasks completely private, just for practice.

Buy and use a prepaid cell phone or credit card with cash.

Turn on a netflix movie at home, then drive somewhere without your cell phone, and add the spent gas back to your car (with cash) before you get home.

Create an email account that you only access from a Starbucks on the other side of town. (Left your cell at home, and refilled your gas tank before you got back, right?)

Pull the battery out of your cell phone and have a private conversation, or put it in the bathroom with the exhaust fan running loudly, and flush before you pick it back up.

Work out codes with your friend, and text each other with unassuming messages that are actually code for other messages.

Keep track of all the "traffic" cameras at the intersections near you, practice plotting routes that pass few or no cameras (You probably shouldn't do this on Google Maps...)

Don't ever think BB is all knowing.




By the way, listen to Glenn Beck. He's the only one who has been putting these things together in an honest and measured way.

2 comments:

Davidwhitewolf said...

Looks like they broke ground on the processing plant, you know.

http://blog.joehuffman.org/2013/05/31/its-opening-now/

JP said...

been enjoying the hypocrisy of the people who were screaming when GWB's "Warrantless Wiretaps" got revealed are, for the most part, just perfectly fine with 0bama's vast expansion of the works.