That's taking a bit far
by Jimmy Greystone - 3/9/08 4:42 PM
In Reply to: Good post John. by dhrwfan
You're taking things a bit far, and stretching them right up to the breaking point.
Example #1: Anything having to do with the GRC website is not a credible source. The guy behind that site, Steve Gibson, is NOT a security expert, he just fancies himself one. He does do the same thing as you, in that he takes some fairly innocuous thing and turns it into this giant convoluted conspiracy theory. One of his most recent blunders was claiming that some security flaw in I think it was the printer subsystem of Windows was evidence of some intentional back door. It wasn't, it was just your average run of the mill remotely exploitable security flaw, of which there have been scores, if not hundreds, in Windows. Why should this one be so special is the obvious question. Also, if you're going to put in a back door program, why install it in the printer subsystem? But I digress... Moral of the story here is, the GRC website is like Wikipedia... Anyone can claim to be an expert, but not everyone who claims to be an expert really is.
Example #2 is involving the FBI so it likely involves some sort of criminal investigation. Governments, and government agencies, will have the resources to do this sort of thing. Not so for your average marketing firm. And multi-billion dollar conglomerate companies are almost universally publicly traded, which means they're subject to SEC scrutiny. They have to make regular filings that accounts for pretty much every last penny spent and earned by the company. While not impossible, it would be pretty hard to hide such massive expenses, and then all it would take is one disgruntled accountant turn whistle-blower to create a huge scandal on the order of Enron and Arthur Anderson.
Example #3 is something to be concerned about, but there's been such public backlash about it, that AT&T has backed off the idea considerably.
Example #4 isn't exactly anything new, even in 2005. Of course it likely will involve the need for a warrant. Especially after all the flack the major telecos took for the NSA wiretapping scandal, most ISPs are likely going to insist on a warrant before they hand over such data. Of course ever since IRC was invented, you have to figure that someone's IRC client might be saving a log of everything said. Same with email and a lot of other things. These have been possible since the beginning of the Internet, it's just now a lot of the mainstream press is starting to catch up.
Example #5 I do believe was never passed into law, and with a democrat controlled congress, likely won't be for some time. Especially with all the political backlash the Bush admin has taken over the NSA wiretapping scandal.
Example #6 is easily thwarted by deleting cookies, preventing cookies from being set in the first place, etc. Even then, in the US at least, there are laws that prevent companies from matching that data to actual names of people. There have been occasional abuses... DoubleClick (now part of Google) was fined pretty heavily for doing that once.
Example #7 I am inclined to disbelieve until someone comes up with proof. I'm far from a Microsoft supporter, but they are a magnet for frivolous lawsuits and completely insane conspiracy theories. A few years back Microsoft was sued because when you typed in "monkey" to Word's clip art search thing, it came back with some image that apparently offended some black advocacy group. They then decided that this was some kind of intentional example of racism on the part of Microsoft and sued. I don't recall the outcome, but I certainly hope it was dismissed with prejudice and a fine was issued to the plaintiffs for wasting the time of the courts.
Example #8 is another case where people amaze me. The NSA was most likely working with Microsoft to improve the security in Windows. Something akin to their SELinux project, which can considerably harden the security on Linux. Not everything has to have some sinister intention behind it. The NSA likely has a number of computers that run Windows, and so they have a very clear and simple interest in ensuring that Windows is as secure as possible.
Example #9 I don't get either. First people are complaining that the random number generator in Vista can be predicted, and that's a security risk. So now they do something about it, and people get upset about that.
Example #10 is a repeat of #7 and even #8
Example #11 & 12 are the same basic issue and again, it's just a case of the mainstream press finally catching up to what should have been pretty obvious if you just think about it for a second.
Example #13 is yet another case of my wondering what people expected. Your ISP has all your info for billing purposes, and all of your requests for data go through their systems. I wouldn't be so worried about the data being collected as what's being done with it. Those logs can be invaluable tools for fixing service issues, and they can also be invaluable tools for tracking down criminals. They're also the sort of things that get marketers salivating like crazy, and something they would LOVE to get their hands on. So, it's a matter of how this collected data is used.
Examples #14 & 15 I think I've covered pretty well already. Just replace ISP with "employer" in the text above.
Example #16 strikes me as more of a red herring or some yellow journalism. Exaggerating the facts in an effort to get a few extra clicks.
Example #17 has very little credible evidence to back it up. When you think about the amount of power it would take to do everything Echelon is reportedly able to do... And not to mention that apparently the government has been able to crack perfect voice recognition, which no one else has come even close to doing... It smacks of someone's paranoid fantasy more than reality. There may be SOMETHING to the whole Echelon thing, but I highly doubt it's anywhere near as sophisticated as people report it to be. But let's just assume that it really can intercept every single email, phone call, instant message, etc, sent on the Internet. Let's further assume that there really is some massive computer system that can sift through all of that data, and flag specific messages to be reviewed by some analyst. For the sake of this example, let's say that a mere 1% of that data is flagged for further review. That would still be an absolutely overwhelming amount of data that would far exceed the NSA's abilities to process. What Echelon most likely is, is a repository for the electronic information they intercept while monitoring people suspected of something. So say they suspect Bob over in the UK of having ties to terrorists. They might get taps on his phones, and computer, then have that data funneled into Echelon where it waits for some NSA analyst to review.