Replies

The important thing to take away from that three-party interview posted by Chaquito’s is that all three NSA alum think that Snowden is in the right for how he revealed this information.

They tell their tales of trying to stay within the channels, to “do the right thing the right way” and having nothing come of it, or worse, being persecuted for it. To quote Weibe, on the subject of whistleblowing: “We failed...”

The summary judgement of these three former NSA employees is: “We told you so.”

Vendome’s assessment of the law is correct and tracks exactly with what I saw when I worked for cisco, the company that makes the boxes that connect the Internet together. This posting is probably going through at least a dozen cisco boxes between me and anyone else on FR.

The CALEA issue was a Big Deal, because we had to start designing interfaces into routers to allow the FBI (and then the NSA, of course) to be able to divert a copy of any IP flow off a router and out the “back door” as it were.

Go into any business and look at their telephone sets. Many of them are IP phones now. They say “cisco Systems” on them. They’re very attractively molded black/grey plastic. They’re very versatile widgets, allowing a small business to have PBX-like features without owning a PBX.

Want to know what the NSA told us cisco engineers in an open meeting?

The shape of the very first cisco IP phone’s handset (that unit would have been shipping in 1998) and cradle made it an “excellent” whole-room bug.

NSA employees told us that. In the open, with a straight face. Our reaction was to look at each other with a wary eye and keep our mouths shut. Later, our reaction with each other was “WTF-ing F!?”

In other words, people, there are those of us who have worked at the edges of this issue for years, and from the limited details we have of what’s been going on, Snowden is a) right, b) exercised sound judgement in how he went about this to wake people up, and c) oh, all those people who tell us that it is “technically impossible to capture/examine/scan the full traffic load of the Internet” because it would “take too much?”

Yea, they’re full of crap too. I worked on systems that could scan gigabytes of traffic per second for intrusion detection in 2002/2003... the capabilities have gotten only bigger and better today. Furthermore, it is a problem where parallel processing works quite well, and if you don’t have the CPU/memory bandwidth in one system to perform the scanning, you merely need add more CPU’s and memory pools (MIMD style multi-processing, or a “cluster”) and then use minimal packet inspection to break out a gigabit packet interface into multiple “streams” of IP traffic. Assign a few streams to each CPU, then add CPU’s as necessary.

Then the vast majority of people have no idea what kind of speed you can get if you decide to use either FPGA’s or you spin your own chip (ASIC) to break out packets for processing. It isn’t a difficult problem to put into an ASIC or FPGA, and the NSA has a very large budget. The entire budget to create a whole new CPU, fab line, etc at Intel is a few billion dollars over a couple/three years.

The NSA’s budget is well north of $30B/year now. It’s almost all “black,” meaning we can only assume how large the budget is, and it’s unaccountable. They could easily fund the development of custom silicon to make this problem even more scalable than it is now.

Here’s the assessment of an NSA employee agreeing with my assessment of Snowden’s abilities as a root access manager:

“Q: As he said, he could tap the president’s phone?

Binney: As a super-user and manager of data in the data system, yes, they could go in and change anything.”

Here’s the nut of the issue now:

The NSA (et al) don’t “place a tap” on the subject’s phone when they get a warrant. They’re recording and archiving everything, ALL THE TIME. When they get a warrant, then they can query the system and bring up what they want. The “protection” of the warrant is entirely procedural. There is no longer any physical protection of not having your phone or communications tapped until the issuance of a warrant. “Tapping the president’s private phone” is no more difficult than making the right database queries.

The holster-sniffers have lost the argument, set, game, match. What’s more, the agencies latest claims that they’ve stopped “dozens” of terrorist attack plans are suspect and without any proof. If they want to make extraordinary claims, they require extraordinary proof. Let’s see the names, dates, faces, plans, dates, times and the intercept data. Absent that, there’s no reason to trust the government ever again. They’ve been lying for years, the people in Congress are, quite frankly, too stupid to understand what the NSA tells them in executive session. If people who know WTF they’re talking about in these oversight committee hearings (eg, Vendome or myself or many others here on FR in the telecom/networking industry), we could get some actual oversight.

But the hard truth is that there is no one in Congress with an IQ higher than that of a potted plant overseeing these programs. They’re stupid enough to be lied to (by fact or omission) and not even know when.