Is blasterisk NSA-proof?
Page 1 of 1

Author:  UnWorldly [ Thu Dec 22, 2005 2:11 am ]
Post subject:  Is blasterisk NSA-proof?

Has anyone else seen these recent ars techica articles that make some inferences about the NSA's surveillence technology?

It is entirely possible that the NSA technology at issue here is some kind of high-volume, automated voice recognition and pattern matching system. Now, I don't at all believe that all international calls are or could be monitored with such a system, or anything like that. Rather, the NSA could very easily narrow down the amount of phone traffic that they'd have to a relatively small fraction of international calls with some smart filtering. First, they'd only monitor calls where one end of the connection is in a country of interest. Then, they'd only need the ability to do a roving random sample of a few seconds from each call in that already greatly narrowed pool of calls. As Zimmermann describes above, you monitor a few seconds of some fraction of the calls looking for "hits," and then you move on to another fraction. If a particular call generates a hit, then you zero in on it for further real-time analysis and possible human interception. All the calls can be recorded, cached, and further examined later for items that may have been overlooked in the real-time analysis.

So I am wondering if such a device would be able to detect such 'hits' through the blasterisk system (not that I am planning anything, really big brother this is just hypothetical conversation!). A 'hit' might be something like saying the word "Allah" (to quote my favorite will smith movie, enemy of the state). I am not sure how blag's phone network works, but I imagine the NSA cant detect hits going through the internet channels, and I imagine you aren't paying telco's to make international calls.

I ask this because I question whether this surveillence technology can ever be affective against any real threat. I think people can talk in code and always be a step ahead of surveillence, congress only recently learned the definition of the word "skeet" for example. I also wonder if terrorist could just circumvent this whole problem by using a phone system similar to blasterisk, granted there are endless amounts of switches in these networks that can be listened in on, but if this was only for international calls then it wouldn'y be listening in on all of those switches between the caller and the internet node.

Any thoughts on this?

Author:  jebba [ Thu Dec 22, 2005 2:27 am ]
Post subject: 

Well, i personally think a huge chunk of international calls are recorded.

BLASTERISK is certainly not NSA-proof or anything near it. It is not encrypted.

Also, considering BLASTERISK has already taken calls from anti-torture protestors outside of Guantanamo Bay, Cuba I'd think it's already on someone's list. (Can you believe we're at the point where we're discussing pro- versus anti-torture and the president admits and defends on national news that he's listening in on gringo's phone calls!)

I don't know what skeet is either.

The NSA likely uses a system similar to bayesian spam filtering. They don't just come up with some list of words they think are dodgy, they feed known dodgy calls into their system and look for similar ones. This is just speculation on my part of course, but they certainly use some far more powerful data mining than just a word blacklist....

Just think how powerful google is. Then picture a google 10x more powerful with access to all your bills, your phone calls, your credit card charges, your travel details, your tax returns, driving record, criminal record, fingerprints, school records, etc. They got something like that with a nice cute web interface, methinks. Want to start recording all calls to/from a number? 1) enter "1-555-555-5555", 2) click <submit>, 3) done.

I just assume all my phonecalls and emails are recorded. ;)


Author:  rblee [ Thu Dec 22, 2005 1:07 pm ]
Post subject: 

jebba wrote:
Well, i personally think a huge chunk of international calls are recorded.

I just assume all my phonecalls and emails are recorded. ;)

It used to be that 100% of international calls to and from Blighty were recorded, although a relatively small proportion were actually listened to. I would guess the same is true today, except the volume of calls will have increased dramatically, and the sophistication of the techniques used to home in on "interesting" calls will have been massively improved as well.

To a large extent, analysis of the content of communications is a zero sum game though, as serious criminals, terrorists, financiers, businessmen, and other enemies of the people, will use pre-arranged but unnoticable codes to actually transmit the information, with the rest of the message being just innocuous camoflage to hide the fact that a message is being sent at all.

This is why the Forces Of Law And Order are so keen to order the retention of metadata surrounding communications - Even though you may have no idea whether a hidden message has been passed between two individuals, the fact that a communication path between them can be established means that you can start to focus your resources on more, rather than less, likely targets. This also, unfortunately, means that you need a legal framework that allows the investigation of individuals on no better pretext than they both have, say, friends who have a friend in common. If the theory of 6 degrees of separation is anywhere near accurate, you can see why the paranoid amongst the FOLAO quickly rationalise that they need untramelled access to any and all data on everyone. How they will distil this vast mountain of irrelevence into actionable data is a question I have yet to see any vaguely credible attempt to answer.

Where this starts to fall apart is when use is made of emergent properties of the data. For example, there is an embryonic plan in Britain to monitor the movements of all vehicles, all the time. This is ostensibly to allow vehicle taxation by road usage. All fine and dandy, until you notice that it will be possible to deduce from the road usage data (simple case) whether a given vehicle has been exceeding the speed limit, or (more sinisterly) whether a given vehicle has been co-proximate with a vehicle thought to have been used for "terrorism". In the first case, any government proposing to fine the hell out of people for playing with their favorite toys isn't going to be the government for long, and in the second case... Well, they can lock people up for 28 days without charge, or even a shred of evidence, already, already... All under the guise of keeping us safe!

Ever seen the film Brazil? :(



"What crime is it to rob a bank, compared to that of founding one?"

-- Bertold Brecht

Author:  UnWorldly [ Thu Dec 22, 2005 1:31 pm ]
Post subject: 

I don't doubt that they are easily capable of recording us, I was more wondering if the specific device that the article was guessing about would be capable of intersepting the blasterisk conversations. I know a couple classmates who got internships with the NSA then completely dissapeared from everybody that knew them, and they were really smart people capable of helping to make a machine like this. I imagine they have a really clever way of detecting hits rather than just trigger phrases.

Skeet is a dirty word used in some rap songs, somebody brought it up in a debate in congress recently, but most urban kids knew what the word meant for at least a year before the gov't got wind of it, had they learned the definition earlier they probably wouldnt have allowed it to play on the radio. I was just using it as an example to show that people are always ahead of security if they are smart enough to be dangerous, and I think our biggest threats are easily capable of masking their messages, especially if rappers can do it with a single word.

Author:  jebba [ Thu Dec 22, 2005 3:15 pm ]
Post subject: 

UnWorldly wrote:
I was more wondering if the specific device that the article was guessing about would be capable of intersepting the blasterisk conversations.

Oh, I would think that the NSA has taken VoIP into consideration. To a large extent the digitizing of phone calls (not just VoIP) has made it easier for them to record.

The way to protect against people (not just the NSA) spying would be to encrypt phone calls. SIP and IAX2, two common protocols for asterisk, currently cannot encrypt calls. Even if asterisk could, the large telcos around the world don't run asterisk so it would only help in asterisk to asterisk calls. The large telcos are required to allow people to tap the phones too.

Phil Zimmerman, of PGP fame, has been working on zPhone, which is an encrypted telephone system of some sort that works with VoIP. I know few details about it except he said he was going announce something about it last summer. So far, nada. With luck he'll announce something at an O'Reilly conference he's speaking at in January.


Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group