Title ........................... Twenty Reasons Why Mass Surveillance Is Dangerous
Author .......................... cwade12c, with revision from LycanDarko
Site  ........................... https://haxme.org/
Description ..................... A bipartisan whitepaper examining less of the politics and more of the
                                  technical impacts of mass surveillance (specifically, NSA surveillance). 
                                  The attack on the Right to Privacy does not affect competant computer 
                                  users. It affects society.

[:: =========> Twenty Reasons Why Mass Surveillance Is Dangerous <=========::]

Dedicated to: Dianne from Westpoint, Georgia, and anyone that agrees with her view: "We need all of the surveillance that we can get. Going back to 9/11, that is what ticked it off or started it. We have people who are here who are crazy! If they are listening in on my conversation, I am not a criminal and do not care. If they were watching me or looking at me through my TV, I would probably have some opposition to that. Other than that, I'm perfect with it. And Snowden? I don't understand. We are talking about a topic that he is introducing. If there is so much surveillance, how did they miss him? He left with all of this information. We have, uh, such high tech, you know, observation. How did he go under the radar?"

Shouts to: My God, my family, my country, and my fellow security enthusiasts.





1. Surveillance changes behavior

Consider the thought that some people might act differently in the privacy of their own home, as opposed to how they act in the public and professional world. That does not make them criminals, it makes them human. When we come across other people, we act a certain way so that we are not portrayed in the light that we do not want to be portrayed under. When you begin to introduce surveillance into areas that are expected to be private, you are bringing that public forum with you everywhere. Having a lack of access to true privacy damages thought and character. Consider an era of McCarthyism, in that accusations of political disloyalty or treason are made against people solely based upon information that they possess, like a book. In a free society, how are we supposed to mature, blossom, and grow, if we cannot explore different political, economic, and spiritual theories within the privacy of our home and mind? People should be free to study Communism or Capitalism without having the fear of being judged or politically attacked by those who survey you. What if one wanted to run for public office 30 years later and their views have radically evolved over time? What if this candidate publicly opposed the NSA and gathered massive support from their constituents to reduce their budget, just to have their 30 year old, private past, "leaked" somehow?





2. The collection of bulk data allows for extensively intrusive profiles to be created

NSA information gathering allows for extensively intrusive profiles to be created on anyone. Consider these basic maltego profiles:

[img]http://i.imgur.com/h3QzMao.png[/img]

[img]http://i.imgur.com/zribMfy.png[/img]

[img]http://i.imgur.com/dJfOXxH.png[/img]

These basic profiles can reveal an astonishingly large amount of information, including, but not limited to:

    [*]IP Addresses
    [*]Website Owners
    [*]Email Addresses
    [*]Social Networks
    [*]First, Middle, Last Name
    [*]Health information (does this person have an embarrassing disease?)
    [*]DOB
    [*]Last four digits of SSN
    [*]Criminal History
    [*]Pictures

And then, all of that info can be used to search your relatives, creating branched out profiles off of your profile. So even if you don't care about privacy, what of the privacy of your children? Do you feel comfortable with strangers having pictures of your children, nephews, nieces and grand-kids? This information can be used for bribery/extortion, nevertheless, sold off to disgusting pedophiles on the dark net.

Now, take that and multiply it by one-thousand. If such ideas could be quantified, the resulting product would represent the power that the NSA has at their disposal. The intelligence community is running an immensely powerful information gathering operation, storing extremely intensive and sensitive profiles of more than just terrorists in databses--in fact, not one terrorist has been stopped with these surveillance programs(see point #18).

So while you may not care about someone knowing what TV show you are watching, you might care when someone with malicious intent uses their profile on you to rob your house when they know you will be out-of-town. Or, say, socially engineer your mother, claiming to be an old-friend looking for you. "Might I be able to stop by your house and drop off an old baseball card of individual X that I found out was worth a lot of money?"





3. It is well known in information security that databases are often compromised

It is well known in infosec that databases are often compromised, regardless of how "secure" a system is. This is why any competent programmer/site admin stores each user password as a salted hash. They do this because they expect to get hacked at some point. Hashing user passwords protects users from a compromised database, assuming that the cryptographic hash function is not broken and that the password is of a length that is beyond the scope of a brute-force.

Case in point, the NSA is collecting as much as 27TB of cell-phone information every single day to add to their databases [13]. It will only take one compromise of their database(s) to reveal a lot of sensitive information about Americans that should have been private in the first place. Assuming that the average email sent is about 75KB [11], if 1 million emails were to be collected by the NSA, this would not even equal one terabyte [12].





4. There is no such thing as 100% security

You can throw all the money you want at security and you still won't have 100% security. Look at Sony, whose PlayStation Network was compromised, resulting in downtime. Look at Adobe, who was recently compromised, resulting in millions of their customers' personal information being exposed to hackers, alongside the source code of Adobe Acrobat being stolen. Look at Target, whose compromise resulted in millions of customers' credit cards being stolen. There is not one network on the planet Earth that is redundant enough to withstand a powerful enough distributed denial of service attack. DDoS can only be mitigated, not prevented. So what makes the government more secure than all of these companies, who arguably have a greater interest in security due to profit motive? doj.gov has been hacked plenty of times [14].





5. Undermining cryptographic methods, in an effort to conduct mass surveillance, allows anyone
   with malicious intent to exploit the vulnerability

Even if we were to give the NSA the benefit of the doubt relating to point #4, and were to assume that the NSA was storing our information in an encrypted manner, it is troubling to know that the NSA has purposefully undermined cryptography. They have worked with RSA to place bias within a pseudo-random prime number generator [15], alongside having influenced the security practices of other companies, like Google and Microsoft. Weakening cryptography to then say you are using cryptography to securely store our information is a bit of a Catch-22.





6. No 0day stays secret forever

A vulnerability within a system that is not known within the mainstream is considered a 0day. For example, the hacker who successfully exploited Facebook to post on any user's wall [16], at the time, possessed a 0day. As history has shown, a 0day never remains a secret, generally for one of three reasons:

a) The hacker shares the 0day with the public (intention varies)

b) Some other hacker finds the 0day that the other hacker knew about

c) The hacker uses the 0day on a company, alerting them of the vulnerability

The goal of the NSA in undermining certain security practices is to create 0days, in which they can use to exploit their opposition via  TAO (Tailored Access Operations). Because 0days do not remain a secret forever, the NSA is actually damaging national security, allowing for a deadly cyber-attack by an enemy of the United States to occur. A cyber-attack might be used to justify war. I recall the time when the head of DoD said to me in person, "the next Pearl Harbor will be that on a cyber-level."





7. Privacy is one of the two major pillars in any healthy democracy

Political Scientist Edward Greenberg states, "two common measures of freedom are the right to free speech and the right to privacy" [01]. A democracy is to rule by the people. An oligarchy is to rule by the few. A monarchy is to rule by one. We have seen restricted speech and privacy is oligarchies (China) and monarchies (North Korea) alike. It appears that you cannot have one common measure of freedom without the other. If you do not have free speech, you don't have privacy, otherwise there is no way for the government to tell if you are exercising "oppressive" speech or not. If you don't have privacy, you do not have free speech, as an individual is no longer free to express their thoughts in closed forum. It therefore follows that the privacy violations by the NSA should be of a major concern to anyone who is interested in protecting the democratic ideals of the United States' republic.





8. Profiles containing sensitive information about individuals, like their browser's
   pornographic history, can be used for purposes of blackmail

Many of us might have committed harmless actions that could be considered shameful in a public forum. In a society where everything is monitored, this information could be used for purposes of blackmail. The intelligence community loves "dirty data" for this very reason. Documents released by The Guardian and WashingtonPost have revealed that the NSA is engaging in such practices, for purposes of blackmail [02]. Pair this with Edward Snowden's chilling account of how he, as a selector, could monitor even the president of the United States [03], and it may generate some warranted concern.





9. Systems of mass surveillance are often abused, for example, to spy on one's ex-partner

James Madison said, "if men were angels, we would not need government." Men are not angels. It follows that even with a majority of carefully screened and selected NSA operators, there will always be individuals who will abuse their power. This is reflected through documents illustrating LOVEINT operations, in which mass surveillance tools were used to spy on love interests [04]. Knowing that this potential exists, combined with scandals of sexual abuse [05] and child pedophilia within the highest levels of government, might generate concern.

[media]https://www.youtube.com/watch?v=PgaJzGFg5tQ[/media]





10. The NSA is spying on everyone -- who receives the bill?

The NSA is spying on everyone. A constant theme found throughout all of the released NSA documents thus far has been to "collect it all,"  "know it all," and "observe it all" [06]. This is contrary to Obama's "confidence" that the NSA is not conducting domestic surveillance [10]. Now that we have established that the NSA is intentionally attempting to spy on everyone, an important question to ask is, who receives the bill? The answer: the people that they are spying on. A look at the Top Secret Intelligence Black Budget reveals that billions of dollars are branched out between the CIA, NSA, NRO, NGA, and GDIP, among other departments of the executive branch [17] for the very purpose of spying.





11. Mass surveillance creates more revolving door relationships between corporations
    and the Federal Government

Microsoft has openly opposed the NSA silencing them from speaking out. Gag orders "in the interest of national security" bar many corporations from speaking out about surveillance operations, unless they wish to break federal law. While many corporations showed outrage after the revelations (some may argue only in an attempt to keep profits from falling), a stronger relationship between corporations and the federal government has been created as a result of mass surveillance. We are seeing the NSA doing more private contracting (Booze Allen Hamilton, SAIC, etc.) in pair with working directly with companies like Microsoft. The NSA paid RSA $10 million to place a backdoor into their software [15].

Companies in bed with the federal government only promotes dishonesty through their ultimate motivation for money and power. A corporate state directly takes away from a democracy and free market, placing power with the few, rather than the kratein.





12. The NSA overreach threatens economic vitality

The NSA's overreach threatens America's economy. American companies do not live in a vacuum and must compete with foreign companies. Pair this with the billions of dollars that companies are already projected to lose and you see a threat to the economy's vitality. Boeing just lost a nearly $5 billion dollar plane contract, for example [07].





13. Undermined security has the potential to endanger lives

A highly intelligent criminal who wishes to inflict harm upon others is a danger to society. This is another reason why privacy (which *is* security) is important. We are supposed to have encrypted communication between cellular devices. Some police might expect an encrypted channel during a situation in which a criminal might be trying to listen in onto what they are saying. The lives of soldiers and exploited children also depend on secure, encrypted communication. 

What of the soldiers who need to communicate over the battlefield without their enemy intercepting strategy? What of the children in uncivilized nations where the internet is censored and they are used as sex slaves? Privacy tools like GPG, and anonymity tools like Tor, allow for these children to bypass government/ISP censorship and privately ask for help in another country, without being detected by those who survey them. It is sad that the NSA is hellbent on purposefully undermining Tor [08] and public-key cryptography [09].





14. The mass surveillance operations centralize power within government, contrary to 
    the United States' founding idea of separated powers with checks and balances

Because there has been a massive expansion in power within the executive branch, we are seeing more centralization within government, resulting in gridlock. This is contrary to the United States' founding principles of separated powers with checks and balances, nevertheless, an era of Congressional triumph. History has shown us that more centralized governments, like one found within a unitary system, have acted oppressively. In the name of individual freedom and internet freedom, it is important to monitor the power of a branch that is technically monitoring the entire world.





15. The surveillance and collection of financial information can lead to fraud

Documents reveal that the NSA has been storing financial transactions in a special database, codename "Tracfin" [18]. Further, a presentation entitled "Follow The Money" reveals that the NSA is also storing VISA transactions across multiple continents. Considering that databases are often compromised, as discussed in point #3, we can conclude that it is very dangerous for any government to be storing the financial transactions of millions of individuals. You only need the last four digits of a social security number, in pair with a first and last name, to make changes to a cell phone account. Even limited financial information in the wrong hands can be very dangerous.





16. Tailored Access Operations conducted by the NSA is classified as cyber-warfare.

A team of offensive hackers employed by the NSA are tasked with infiltrating, monitoring, and collecting intelligence from opposition systems. Through automated software, TAO harvest about 2.1PB each day [19], equivalent to 2,150TB or 2,202,009GB, which are stored in fusion centers. If you were to store that information on an iPod with 32GB, you would use over 68,000 iPods per day. Programs like XKeyScore allow for NSA analysts to search through these fusion centers with various patterns and filters, without having to have any prior authorization [20].

Consider, for a moment, that TAO operations have been conducted on American citizens who have not even received a court trial. Considering that TAO is classified as cyber-warfare intelligence gathering, who is the government at war with?





17. Spying on allies damages trust between nations

While many may agree with the notion that spying on other countries is nothing new, some might argue that spying on allies, specifically, damages trust between friends. In the United States' first inaugural speech, Thomas Jefferson stated that we should seek "equal and exact justice to all men, of whatever state or persuasion, religious or political; peace, commerce, and honest friendship with all nations, entangling alliances with none" [21]. How can an "honest friendship" be found between nations that spy on each other? The reasoning for spying, more times than not, is out of distrust. Mass surveillance is hindering friendship and entangling alliances. For example, the NSA spied on the United Nations [22], spied on British and Israeli allies [23], spied on Brazilian and Mexican presidents, and even had the Bolivian president's plane land, on the sole assumption that Edward Snowden was on board [24].





18. The NSA, nevertheless, President of the United States, cannot refer to one time
    that mass surveillance has stopped a terrorist attack

Contrary to the earlier belief that the NSA thwarted off 54 terrorist attacks, recent information has revealed that the NSA has not foiled one terrorist attack since September 11th, 2001. This might be reflected by the Boston Marathon Bombings of April 15, 2013. A law professor from the University of Chicago, who served on the White House review panel, found an astonishingly surprising lack of evidence to support the claim that the NSA foiled even one terrorist plot [25]. Even president Barrack Obama, when asked by Reuter's journalist Mark Felsenthal, could not cite evidence [26]. The NSA and their proponents continuously argue that the programs are necessary to combat the threat of terrorism, yet, no evidence has been provided to the public to illustrate any effectiveness in stopping terrorism.





19. It is naive to actually believe that a Congress with an 8% approval rating can
    effectively check and oversee the intelligence community

According to Gallup, Congress and its approval rating has hit as low as 8% [27]. Those who wish to keep the dragnet surveillance programs  offer that we just need proper oversight. How can the American people, much less, the rest of the world, expect the branch of government that is responsible for law-making and oversight to effectively do its job with such low approval ratings? It is simply wishful thinking to believe that the NSA can conduct surveillance in secrecy whilst being accountable to the public. This is another catch-22. Part of the reason why Edward Snowden released the NSA documents to journalists, rather than going to oversight committees within the government, was because even those who served on Intelligence Committees were prohibited from speaking to the public about classified information [27]. Even Senator Ron Wyden was barred from speaking out, and considered blowing the whistle on the Senate floor [28].





20. Mass surveillance is not only limited to the NSA

Even if we were to give the NSA the benefit of the doubt, we are seeing mass surveillance extend well beyond one department. We are seeing the Department of Homeland Security monitor controversial acts of free speech [29], State and local governments creating spy operations [30] and mesh networks [31], and databases being extended to the DEA, who in fact have a larger phone database than the NSA [32]. Some reports show that the FBI's spying might be more wide-ranging than the NSA in certain instances, taking upon tasks that the NSA might not have the power to do [33]. Even the IRS is salivating to look over emails without a warrant through the outdated Electronic Communications Privacy Act [34]. So, while some may claim that the NSA is only spying on foreign terrorists, the near endless amount of evidence shows that there are domestic spying operations occurring within the United States.





21. BONUS: Yes, Dianne, the intelligence community can watch you and look at you

There are some who hold the belief that monitoring audio is alright, but monitoring video is too invasive. You can't have your cake and eat it too. Reports have illustrated that the intelligence community can remotely activate mobile devices that are turned off [35], turn on web cameras [36], and record video through smart TVs [37].




[:: =========> Works Cited <=========::]

[01] - Page, Benjamin I. "Democracy and American Politics." Political Science: American Government. By Edward S. Greenberg. N.p.: Pearson, n.d. 1-27. Print.

[02] - http://www.washingtonpost.com/world/national-security/nsa-reportedly-monitored-pornography-viewed-by-suspected-islamists/2013/11/27/5f4eac64-5778-11e3-ba82-16ed03681809_story.html

[03] - https://www.youtube.com/watch?v=5yB3n9fu-rM

[04] - http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/24/loveint-when-nsa-officers-use-their-spying-power-on-love-interests/

[05] - https://www.nytimes.com/2013/11/07/us/reports-of-military-sexual-assault-rise-sharply.html

[06] - http://www.theguardian.com/commentisfree/2013/jul/15/crux-nsa-collect-it-all

[07] - http://rt.com/news/brazil-nsa-defense-contract-454/

[08] - http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document

[09] - http://www.washingtonpost.com/world/national-security/nsa-has-made-strides-in-thwarting-encryption-used-to-protect-internet-communication/2013/09/05/0ec08efc-1669-11e3-a2ec-b47e45e6f8ef_story.html

[10] - http://washington.cbslocal.com/2013/12/20/obama-i-have-confidence-in-the-fact-that-the-nsa-is-not-engaging-in-domestic-surveillance/

[11] - http://email.about.com/od/emailstatistics/f/What_is_the_Average_Size_of_an_Email_Message.htm

[12] - http://www.wolframalpha.com/input/?i=75KB+*+1+million

[13] - http://m.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html

[14] - http://www.washingtonpost.com/business/economy/department-of-justice-site-hacked-after-megaupload-shutdown-anonymous-claims-credit/2012/01/20/gIQAl5MNEQ_story.html

[15] - http://www.reuters.com/article/2013/12/21/us-usa-security-rsa-idUSBRE9BJ1C220131221

[16] - http://techcrunch.com/2013/08/18/security-researcher-hacks-mark-zuckerbergs-wall-to-prove-his-exploit-works/

[17] - http://www.washingtonpost.com/wp-srv/special/national/black-budget/

[18] - http://www.ibtimes.com/edward-snowden-reveals-follow-money-tracfin-secret-nsa-surveillance-program-monitors-international

[19] - http://www.businessweek.com/articles/2013-05-23/how-the-u-dot-s-dot-government-hacks-the-world

[20] - http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data

[21] - http://www.inaugural.senate.gov/swearing-in/address/address-by-thomas-jefferson-1801

[22] - http://www.cbsnews.com/news/german-magazine-nsa-spied-on-united-nations/

[23] - http://www.nytimes.com/2013/12/21/world/nsa-dragnet-included-allies-aid-groups-and-business-elite.html

[24] - http://www.cnn.com/2013/07/02/world/americas/bolivia-presidential-plane/

[25] - http://investigations.nbcnews.com/_news/2013/12/20/21975158-nsa-program-stopped-no-terror-attacks-says-white-house-panel-member

[26] - http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/23/obama-cant-point-to-a-single-time-the-nsa-call-records-program-prevented-a-terrorist-attack/

[27] - http://www.gallup.com/poll/152528/congress-job-approval-new-low.aspx

[28] - http://www.thewire.com/politics/2013/08/wyden-considered-blowing-whistle-nsa-senate-floor/68391/

[29] - http://www.rollingstone.com/politics/blogs/national-affairs/exclusive-homeland-security-kept-tabs-on-occupy-wall-street-20120228

[30] - http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/

[31] - http://www.seattle.gov/council/harrell/attachments/City%20of%20Seattle%20Port%20Security%20Mesh%20Network.pdf

[32] - http://www.nytimes.com/2013/09/02/us/drug-agents-use-vast-phone-trove-eclipsing-nsas.html

[33] - http://slog.thestranger.com/slog/archives/2013/11/29/the-fbis-digital-surveillance-might-be-more-wide-ranging-than-the-nsas

[34] - https://www.cdt.org/blogs/mark-stanley/0512day-action-demand-ecpa-reform

[35] - http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html

[36] - http://nypost.com/2013/12/08/fbi-can-turn-on-your-web-cam/

[37] - http://www.foxnews.com/tech/2013/08/06/is-your-tv-watching/