Social Media Monitoring: A Rubric for Control
Tuesday, February 21, 2012
Contributed By: Scot Terban
http://www.infosecisland.com/blogview/20437-Social-Media-Monitoring-A-Rubric
-for-Control.html
Monitoring Social Media: Open Communications vs. Secret Operations and Big
Brother
It seems that things are coming to a head in the strange world of government
surveillance for "our" protection.
Of course I see the expeditious rise in this kind of activity due to the
likes of Anonymous and Lulzsec/Antisec coming to the scene and forcing the
hands of those in charge.
This is not to say that the legislation and skulduggery would not have
happened without the Anon's but it may have been more of a frog in a pot of
water scenario as opposed to getting zapped in a flash.
So, in a way, you can thank Anonymous for speeding up the process as well as
perhaps creating the environment for really poor ideas to be floated in a
hurry to "protect" us all from the bad people.
Dealers choice there I suppose.
All this aside though, we now are faced with DHS wanting to be in charge (or
at least pay General Dynamics to do the work) of monitoring "Social Media"
on the internet. First off, let me assure you all that DHS monitoring Social
Media is akin to a severely autistic individual being assigned as a
babysitter for an infant. This is one of the worst ideas I could ever
conceive of as these types of things go.
Even with GD doing all of the grunt work, the actual evaluation of any
product would be carried out by analysts from DHS, and boy, they are so
ill-equipped to handle this. Remember, these are the same bunch of folks
that brought you that classic fiasco of "Russia is hacking our water system
in Illinois!"
Suffice to say, that I do not think this will go well and that the idea in
and of itself, to monitor Facebook and Twitter will only lead to more of the
same old false reports of doom and attacks that the Bush administration
brought out every few weeks with the terror color coded chart.
In short, FEAR FEAR FEAR! All the while, they will only target people who
happen to say things in a tweet that will be overblown and have them tossed
out of the country (i.e. blowing up America by the Brit recently). FUD.
Just Who Will Be Monitored Really?
Aside from the lowest of low level jiahdi's or Anonymous, just who will be
really monitored by this program do you suppose? Why, you and I of course! I
mean, it's really just open source isn't it? The real targets are the stupid
and the public here really and one must face this fact and accept it.
This is no program that will actually end up with real terrorists being
caught and cells disrupted you know. See it for what it is, a means to an
end to have a simulacrum of control over the internet and the people using
it.
But Krypt3ia... They are doing this to catch the bad men," you say?
Sure, you can believe that if you want to, and there may be factions within
the community that think this is the case, but overall you have to look at
the pool being harvested from here. Since the advent of the Patriot Act, we
have seen the FBI and others over-use and subvert the law to effect
warrantless searches for domestic cases much more than terrorism, the thing
that the Patriot was created for.
What this really is, is a drift net approach to law enforcement because
technically, the government and the LEO's are not capable of keeping up with
the crime, never mind the terrorism really. So, they fall back to the idea
of we can monitor everything and after the fact go back and look at data for
"anyone" to make a case.
Easy as pie.
I am not inclined to believe that these measures are to be proactive either.
Predictive maybe to an extent, but in prediction, we get another whiff of
control do we not? After all, the predictive nature of this type of
monitoring is what the CIA and other countries do to assess when there may
be an outbreak of civil disobedience or perhaps insurrection might be a word
for it?
Either way, this is a means of control as well as a means to detect and
perhaps deter depending the use of the owner.
It's a tool, and it is up to the user what they will do with it. In the case
of other states such as Syria, well, you can see how the technology is being
used. Here in the US, I am not saying that this will be 1984 all over again,
but, do you really believe that you, the citizen, in the current environment
will be able to know what is going on? Will you be able to FOIA the results
of the testing and the monitoring to tell if its being misused?
If you think that this will be in fact the case, I think you will be sorely
surprised when you find that it's all been classified and out of reach when
you have questions. Frankly, I just see this as the next iteration of "Total
Information Awareness"... You know, John Poindexter's baby? Yeah, fun fact,
it never really went away, it just went into the black budgets and or
changed names.
In the end, if you have a twitter account, Facebook, MySpace, blog, etc...
you will be monitored... Especially if you speak your mind or use key words
that trigger an analysts attention.
Kinda like the NARUS STA's in the MAE's out there siphoning data too.
Oh, Don't You Worry, No Matter What They Say, YOU Will Be Monitored
In the interim though, Congress has had a meeting over the privacy concerns
over this little project by DHS. The congress-critters got all up in DHS's
face about the issue and said they are not comfortable with the program/laws
around this. Now, that the congress acted on this, one might think that it
would stop the program... I am not so sure it will in fact do so.
I think that the case will be made and assurances given that only those who
are evil doer's will be audited and that no privacy will be breached by such
measures... "We're here to protect you"
It's an old argument really, but in today's digital world, the issue is that
instead of say, a black chamber opening mail in a secret building by hand,
you instead have machines collecting everyone's data and sifting through it
all for key words, phrases, meme's and other data. This then spits out the
alerts and an analyst then looks at it to see if it warrants being passed
along to others in the food chain.
What also may occur here is that even if it's not terrorism, they may in
fact pass data on to others who may start investigations on those hits, even
out of context, as you might be an agitator or show a tendency that they
feel uncomfortable about.
Today, if you buy a coffee at a Starbucks with cash AND you use WIFI AND you
use encryption, YOU might be marked as suspect due to the fliers recently
put out by the DOJ and the FBI on how to tell if one is a terrorist. God
forbid you have a missing finger(s) as well... Then SURELY you are a jihadi
or a militant. *snicker*
Oh well, fear not gentle reader... Because all of what I have said above
about this one program, means nothing really. Why? Because this one program
is only "one" of many out there being used by the government(s) out there to
trawl the internet for data. I have mentioned a few others above and you can
go look up the terms and see for yourselves.
Post 9/11, we have truly become a watched commodity via the internet and all
other means of communication we can buy. All of these programs have been put
together with the veneer of being in place to protect us from another 9/11
and perhaps some of them were made with the best of intentions, but this
idea of monitoring social media, well, it's a little half baked really I
think.
In the end, only the stupid will be caught. I mean really, look at what
lengths OBL went to with cell phones and runners with messages, do you
really think that much of the global jihad is being carried out over open
communications lines like Twitter and Facebook?
Sure, maybe people congregate there and THAT is useful information, but, to
monitor the traffic of everyone to get targeted data on "some" users is just
useless if your goal is only to go after the terrorists.
Remember... Above all it's just a drift net to make it easy.
Making Your Own Privacy Because You Soon Will Have NONE
I guess what this whole rant is boiling down to is this, and its something I
have said before on many occasions: "You alone can make the privacy that you
need to prevent such monitoring" Encryption is the key to all of this.
Whether that crypto be something along the lines of PGP or Vigenere is up to
you but what counts is that you are taking the pains to protect the
communication that will pass over the wire. You can't trust the owner of the
wire and you certainly cannot trust that the government or, hackers for that
matter, aren't watching or monitoring you either. So, it's up to you to make
the privacy happen.
With the onset of all of this, this week we also saw the first (I assume of
many) solutions for encrypted tweets come along. I for one, would love to
see this solution work and be used by many on Twitter to protect their
privacy, but, then again, this is kind of an oxymoron huh?
As I said earlier in the post here, who would use open lines to commit
crime? So, once again, we are back to the level of what privacy can one
expect as well as if one wants to be private, use a means to protect that
communication. *shakes head*
After that little turn, it really becomes clear that the monitoring of
twitter and the like really comes down to a privacy violation by the
government to feel as though they are in control. The smart people will not
be talking on twitter about blowing things up and everyone else who may say
such things are doing it in jest, but will end up being investigated for
their poor choice of words (140 characters at a time).
It's a sad world we live in. I hope that congress denies the DHS their wish,
but, I am also certain that if they do, DHS will only hire out again to the
likes of GD to do it anyway off the books so to speak.
In the interim, I will continue to encrypt love notes to DHS and others in
hopes of making their day..
OOH LOOK ENCRYPTED MESSAGES! TERRORIST! WATCH EM!
K.
Sources:
http://www.pcmag.com/article2/0,2817,2400429,00.asp
http://www.huffingtonpost.com/2012/02/16/dhs-monitoring-of-social-media_n_12
82494.html
Cross-posted from Krypt3ia
==========================================
(F)AIR USE NOTICE: All original content and/or articles and graphics in this
message are copyrighted, unless specifically noted otherwise. All rights to
these copyrighted items are reserved. Articles and graphics have been placed
within for educational and discussion purposes only, in compliance with
"Fair Use" criteria established in Section 107 of the Copyright Act of 1976.
The principle of "Fair Use" was established as law by Section 107 of The
Copyright Act of 1976. "Fair Use" legally eliminates the need to obtain
permission or pay royalties for the use of previously copyrighted materials
if the purposes of display include "criticism, comment, news reporting,
teaching, scholarship, and research." Section 107 establishes four criteria
for determining whether the use of a work in any particular case qualifies
as a "fair use". A work used does not necessarily have to satisfy all four
criteria to qualify as an instance of "fair use". Rather, "fair use" is
determined by the overall extent to which the cited work does or does not
substantially satisfy the criteria in their totality. If you wish to use
copyrighted material for purposes of your own that go beyond 'fair use,' you
must obtain permission from the copyright owner. For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
THIS DOCUMENT MAY CONTAIN COPYRIGHTED MATERIAL. COPYING AND DISSEMINATION IS
PROHIBITED WITHOUT PERMISSION OF THE COPYRIGHT OWNERS.
Contributed By: Scot Terban
http://www.infosecisland.com/blogview/20437-Social-Media-Monitoring-A-Rubric
-for-Control.html
Monitoring Social Media: Open Communications vs. Secret Operations and Big
Brother
It seems that things are coming to a head in the strange world of government
surveillance for "our" protection.
Of course I see the expeditious rise in this kind of activity due to the
likes of Anonymous and Lulzsec/Antisec coming to the scene and forcing the
hands of those in charge.
This is not to say that the legislation and skulduggery would not have
happened without the Anon's but it may have been more of a frog in a pot of
water scenario as opposed to getting zapped in a flash.
So, in a way, you can thank Anonymous for speeding up the process as well as
perhaps creating the environment for really poor ideas to be floated in a
hurry to "protect" us all from the bad people.
Dealers choice there I suppose.
All this aside though, we now are faced with DHS wanting to be in charge (or
at least pay General Dynamics to do the work) of monitoring "Social Media"
on the internet. First off, let me assure you all that DHS monitoring Social
Media is akin to a severely autistic individual being assigned as a
babysitter for an infant. This is one of the worst ideas I could ever
conceive of as these types of things go.
Even with GD doing all of the grunt work, the actual evaluation of any
product would be carried out by analysts from DHS, and boy, they are so
ill-equipped to handle this. Remember, these are the same bunch of folks
that brought you that classic fiasco of "Russia is hacking our water system
in Illinois!"
Suffice to say, that I do not think this will go well and that the idea in
and of itself, to monitor Facebook and Twitter will only lead to more of the
same old false reports of doom and attacks that the Bush administration
brought out every few weeks with the terror color coded chart.
In short, FEAR FEAR FEAR! All the while, they will only target people who
happen to say things in a tweet that will be overblown and have them tossed
out of the country (i.e. blowing up America by the Brit recently). FUD.
Just Who Will Be Monitored Really?
Aside from the lowest of low level jiahdi's or Anonymous, just who will be
really monitored by this program do you suppose? Why, you and I of course! I
mean, it's really just open source isn't it? The real targets are the stupid
and the public here really and one must face this fact and accept it.
This is no program that will actually end up with real terrorists being
caught and cells disrupted you know. See it for what it is, a means to an
end to have a simulacrum of control over the internet and the people using
it.
But Krypt3ia... They are doing this to catch the bad men," you say?
Sure, you can believe that if you want to, and there may be factions within
the community that think this is the case, but overall you have to look at
the pool being harvested from here. Since the advent of the Patriot Act, we
have seen the FBI and others over-use and subvert the law to effect
warrantless searches for domestic cases much more than terrorism, the thing
that the Patriot was created for.
What this really is, is a drift net approach to law enforcement because
technically, the government and the LEO's are not capable of keeping up with
the crime, never mind the terrorism really. So, they fall back to the idea
of we can monitor everything and after the fact go back and look at data for
"anyone" to make a case.
Easy as pie.
I am not inclined to believe that these measures are to be proactive either.
Predictive maybe to an extent, but in prediction, we get another whiff of
control do we not? After all, the predictive nature of this type of
monitoring is what the CIA and other countries do to assess when there may
be an outbreak of civil disobedience or perhaps insurrection might be a word
for it?
Either way, this is a means of control as well as a means to detect and
perhaps deter depending the use of the owner.
It's a tool, and it is up to the user what they will do with it. In the case
of other states such as Syria, well, you can see how the technology is being
used. Here in the US, I am not saying that this will be 1984 all over again,
but, do you really believe that you, the citizen, in the current environment
will be able to know what is going on? Will you be able to FOIA the results
of the testing and the monitoring to tell if its being misused?
If you think that this will be in fact the case, I think you will be sorely
surprised when you find that it's all been classified and out of reach when
you have questions. Frankly, I just see this as the next iteration of "Total
Information Awareness"... You know, John Poindexter's baby? Yeah, fun fact,
it never really went away, it just went into the black budgets and or
changed names.
In the end, if you have a twitter account, Facebook, MySpace, blog, etc...
you will be monitored... Especially if you speak your mind or use key words
that trigger an analysts attention.
Kinda like the NARUS STA's in the MAE's out there siphoning data too.
Oh, Don't You Worry, No Matter What They Say, YOU Will Be Monitored
In the interim though, Congress has had a meeting over the privacy concerns
over this little project by DHS. The congress-critters got all up in DHS's
face about the issue and said they are not comfortable with the program/laws
around this. Now, that the congress acted on this, one might think that it
would stop the program... I am not so sure it will in fact do so.
I think that the case will be made and assurances given that only those who
are evil doer's will be audited and that no privacy will be breached by such
measures... "We're here to protect you"
It's an old argument really, but in today's digital world, the issue is that
instead of say, a black chamber opening mail in a secret building by hand,
you instead have machines collecting everyone's data and sifting through it
all for key words, phrases, meme's and other data. This then spits out the
alerts and an analyst then looks at it to see if it warrants being passed
along to others in the food chain.
What also may occur here is that even if it's not terrorism, they may in
fact pass data on to others who may start investigations on those hits, even
out of context, as you might be an agitator or show a tendency that they
feel uncomfortable about.
Today, if you buy a coffee at a Starbucks with cash AND you use WIFI AND you
use encryption, YOU might be marked as suspect due to the fliers recently
put out by the DOJ and the FBI on how to tell if one is a terrorist. God
forbid you have a missing finger(s) as well... Then SURELY you are a jihadi
or a militant. *snicker*
Oh well, fear not gentle reader... Because all of what I have said above
about this one program, means nothing really. Why? Because this one program
is only "one" of many out there being used by the government(s) out there to
trawl the internet for data. I have mentioned a few others above and you can
go look up the terms and see for yourselves.
Post 9/11, we have truly become a watched commodity via the internet and all
other means of communication we can buy. All of these programs have been put
together with the veneer of being in place to protect us from another 9/11
and perhaps some of them were made with the best of intentions, but this
idea of monitoring social media, well, it's a little half baked really I
think.
In the end, only the stupid will be caught. I mean really, look at what
lengths OBL went to with cell phones and runners with messages, do you
really think that much of the global jihad is being carried out over open
communications lines like Twitter and Facebook?
Sure, maybe people congregate there and THAT is useful information, but, to
monitor the traffic of everyone to get targeted data on "some" users is just
useless if your goal is only to go after the terrorists.
Remember... Above all it's just a drift net to make it easy.
Making Your Own Privacy Because You Soon Will Have NONE
I guess what this whole rant is boiling down to is this, and its something I
have said before on many occasions: "You alone can make the privacy that you
need to prevent such monitoring" Encryption is the key to all of this.
Whether that crypto be something along the lines of PGP or Vigenere is up to
you but what counts is that you are taking the pains to protect the
communication that will pass over the wire. You can't trust the owner of the
wire and you certainly cannot trust that the government or, hackers for that
matter, aren't watching or monitoring you either. So, it's up to you to make
the privacy happen.
With the onset of all of this, this week we also saw the first (I assume of
many) solutions for encrypted tweets come along. I for one, would love to
see this solution work and be used by many on Twitter to protect their
privacy, but, then again, this is kind of an oxymoron huh?
As I said earlier in the post here, who would use open lines to commit
crime? So, once again, we are back to the level of what privacy can one
expect as well as if one wants to be private, use a means to protect that
communication. *shakes head*
After that little turn, it really becomes clear that the monitoring of
twitter and the like really comes down to a privacy violation by the
government to feel as though they are in control. The smart people will not
be talking on twitter about blowing things up and everyone else who may say
such things are doing it in jest, but will end up being investigated for
their poor choice of words (140 characters at a time).
It's a sad world we live in. I hope that congress denies the DHS their wish,
but, I am also certain that if they do, DHS will only hire out again to the
likes of GD to do it anyway off the books so to speak.
In the interim, I will continue to encrypt love notes to DHS and others in
hopes of making their day..
OOH LOOK ENCRYPTED MESSAGES! TERRORIST! WATCH EM!
K.
Sources:
http://www.pcmag.com/article2/0,2817,2400429,00.asp
http://www.huffingtonpost.com/2012/02/16/dhs-monitoring-of-social-media_n_12
82494.html
Cross-posted from Krypt3ia
==========================================
(F)AIR USE NOTICE: All original content and/or articles and graphics in this
message are copyrighted, unless specifically noted otherwise. All rights to
these copyrighted items are reserved. Articles and graphics have been placed
within for educational and discussion purposes only, in compliance with
"Fair Use" criteria established in Section 107 of the Copyright Act of 1976.
The principle of "Fair Use" was established as law by Section 107 of The
Copyright Act of 1976. "Fair Use" legally eliminates the need to obtain
permission or pay royalties for the use of previously copyrighted materials
if the purposes of display include "criticism, comment, news reporting,
teaching, scholarship, and research." Section 107 establishes four criteria
for determining whether the use of a work in any particular case qualifies
as a "fair use". A work used does not necessarily have to satisfy all four
criteria to qualify as an instance of "fair use". Rather, "fair use" is
determined by the overall extent to which the cited work does or does not
substantially satisfy the criteria in their totality. If you wish to use
copyrighted material for purposes of your own that go beyond 'fair use,' you
must obtain permission from the copyright owner. For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
THIS DOCUMENT MAY CONTAIN COPYRIGHTED MATERIAL. COPYING AND DISSEMINATION IS
PROHIBITED WITHOUT PERMISSION OF THE COPYRIGHT OWNERS.
--
Thanks for being part of "PoliticalForum" at Google Groups.
For options & help see http://groups.google.com/group/PoliticalForum
* Visit our other community at http://www.PoliticalForum.com/
* It's active and moderated. Register and vote in our polls.
* Read the latest breaking news, and more.
No comments:
Post a Comment