NationStates Jolt Archive


Yay the NSA makes another illegal “Mistake”

UpwardThrust
29-12-2005, 15:34
http://www.msnbc.msn.com/id/10629515/



Yay the NSA makes another illegal “Mistake” :rolleyes: by placing tracking cookies on web visitors computers.
Tactical Grace
29-12-2005, 15:36
It has already been posted, and frankly if anyone browses US Government sites expecting not to have illegal pr0n backdoored into their computer, they are being naive in the extreme.
UpwardThrust
29-12-2005, 15:38
In 2002, the CIA removed cookies it had inadvertently placed at one of its sites after Brandt called it to the agency's attention.

Just noticed this ...
"inadvertently" yeah right, any web programmer can tell you how much work can go into crafting a cookie (depending on application)
There is nothing "inadvertent" about it, it takes deleberate programming to create this sort of cookie
This is not just a point and click mistake
UpwardThrust
29-12-2005, 15:38
It has already been posted, and frankly if anyone browses US Government sites expecting not to have illegal pr0n backdoored into their computer, they are being naive in the extreme.
Ahhh sorry I had not seen it off hand in the first few pages ... my apologies
Deep Kimchi
29-12-2005, 16:36
I find it odd that everyone is so startled by revelations that the government is data mining our credit cards, plane tickets, phone calls, etc., for patterns and indications of who is talking and funding bad guys.

Invasion of privacy, yes. But aren't we at war?

And don't bring up fighting terrorism using law enforcement - in addition to renditions, we assassinate people overseas - it was public policy nearly immediately after 9-11, and Congress approved.

All we need to know is who and where - and at least overseas, with foreign nationals, extrajudicial killing is the order of the day unless there's some need to "render" them first.
UpwardThrust
29-12-2005, 16:44
I find it odd that everyone is so startled by revelations that the government is data mining our credit cards, plane tickets, phone calls, etc., for patterns and indications of who is talking and funding bad guys.

Invasion of privacy, yes. But aren't we at war?

And don't bring up fighting terrorism using law enforcement - in addition to renditions, we assassinate people overseas - it was public policy nearly immediately after 9-11, and Congress approved.

All we need to know is who and where - and at least overseas, with foreign nationals, extrajudicial killing is the order of the day unless there's some need to "render" them first.
There are still right and wrong ways to go about these things

This was a wrong way
An illegal way

Obviously they understood that as they tried to play it off as a “mistake”
Deep Kimchi
29-12-2005, 16:53
There are still right and wrong ways to go about these things

This was a wrong way
An illegal way

Obviously they understood that as they tried to play it off as a “mistake”

One thing I'm wondering about:

If I'm going to do pattern recognition (to analyze spending patterns, or communication patterns) and data mining, I don't need to know real names - I can use artificial keys (the phone numbers themselves) and plow through all the voice and data and circuit paths - and pull out a small number of phones that would be of interest - a small number of credit cards that would be of interest.

Then I could ask for the names associated with those, and then get a warrant.

But warrants don't cover data mining. How much privacy is lost in data mining the whole bag of transactions? The private sector is data mining just like that as we speak - in order to figure out how to market products to selected individuals, or to detect credit card fraud. They do that without a warrant, and you're forced to give them permission - if you don't like it, you can stop using your phone or credit card.

While I can see insisting on a warrant for individual cases that are planned to be presented as evidence in court, I don't see the need for a warrant for wholesale data mining.
UpwardThrust
29-12-2005, 16:57
One thing I'm wondering about:

If I'm going to do pattern recognition (to analyze spending patterns, or communication patterns) and data mining, I don't need to know real names - I can use artificial keys (the phone numbers themselves) and plow through all the voice and data and circuit paths - and pull out a small number of phones that would be of interest - a small number of credit cards that would be of interest.

Then I could ask for the names associated with those, and then get a warrant.

But warrants don't cover data mining. How much privacy is lost in data mining the whole bag of transactions? The private sector is data mining just like that as we speak - in order to figure out how to market products to selected individuals, or to detect credit card fraud. They do that without a warrant, and you're forced to give them permission - if you don't like it, you can stop using your phone or credit card.

While I can see insisting on a warrant for individual cases that are planned to be presented as evidence in court, I don't see the need for a warrant for wholesale data mining.

But participation in the private sector companies (lets say credit card) is optional and you agree to it by contract when you choose to get and use said credit card. And they usualy can only do it with information you provide or is public doman (so they could not force you to turn over other private information)

That does not make it right for the public sector to do the same
Deep Kimchi
29-12-2005, 16:59
But participation in the private sector companies (lets say credit card) is optional and you agree to it by contract when you choose to get and use said credit card. And they usualy can only do it with information you provide or is public doman (so they could not force you to turn over other private information)

That does not make it right for the public sector to do the same

Try living without any phones, any computer, any Internet, and any credit cards or debit cards or bank accounts in the US.

When you sign those agreements with companies for service, they have you.

Personally, I don't have a problem with data mining.
UpwardThrust
29-12-2005, 17:03
Try living without any phones, any computer, any Internet, and any credit cards or debit cards or bank accounts in the US.

When you sign those agreements with companies for service, they have you.

Personally, I don't have a problem with data mining.
Not in general no but those companies are also bound by a set of rules ... my problem is not with the data mining that the government did per-se but the illegal method used to carry it out in this case
Deep Kimchi
29-12-2005, 17:06
Not in general no but those companies are also bound by a set of rules ... my problem is not with the data mining that the government did per-se but the illegal method used to carry it out in this case

I think that with the concept of probable cause, you could never get a warrant for data mining - because 99 percent of the data might not be applicable - but you'll never know that until you mine it.
Ravenshrike
29-12-2005, 17:07
For Firefox Users:
1. Click on Tools
2. Click on Options
3. Click on Privacy tab
4. Click Cookies tab
5. Click Clear Cookies Now.

For *shudders* IE users:
1. Click on Tools
2. Click on Internet Options
3. Click Delete Cookies
4. For good measure click Delete Files as well.


No more NSA cookies. That was arduous and complicated wasn't it.
UpwardThrust
29-12-2005, 17:08
I think that with the concept of probable cause, you could never get a warrant for data mining - because 99 percent of the data might not be applicable - but you'll never know that until you mine it.
Is tracking cookie placement legal even with a warrant?
As far as I know distribution like they did is not under any circumstances do to the easy abusability of the technical aspects of a tracking cookie
UpwardThrust
29-12-2005, 17:10
For Firefox Users:
1. Click on Tools
2. Click on Options
3. Click on Privacy tab
4. Click Cookies tab
5. Click Clear Cookies Now.

For *shudders* IE users:
1. Click on Tools
2. Click on Internet Options
3. Click Delete Cookies
4. For good measure click Delete Files as well.


No more NSA cookies. That was arduous and complicated wasn't it.


Which does not make their distributing it any better.

Do we go lighter on virus/worm makers just because there are a few easy settings on a firewall to stop that peticular one?
Achalika
29-12-2005, 17:11
Invasion of privacy, yes. But aren't we at war?


:headbang: gah when will people learn that just because everyone calls it the "war on terror" doesn't make it a legally defined war.

Actually, we are not at war, first off in order for a war to be declaired legal there must be another sovereign nation to attack (Terrorism/terrorists/fundamentalists is/are an Ideal) AND congress must pass a declaration of war.

I mean we haven't been at war since 1945...all those "wars" from then until now are little more than policing actions, since everything after WWII is either against an Ideal (the Cold War was an arms race against communism, Korea/Vietnam/"Gulf War" 1/"Gulf War" 2 are all policing actions)

so there we go.

besides I'd much rather have my personal freedom than give it up for a little temporary security.
Deep Kimchi
29-12-2005, 17:11
Is tracking cookie placement legal even with a warrant?
As far as I know distribution like they did is not under any circumstances do to the easy abusability of the technical aspects of a tracking cookie
Most users never truly give consent to the cookies on their machines - hell, most don't even know how many cookies are on their machine right now, or who those cookies belong to.

I think that the law isn't keeping up with technology. Our laws seem to be fine for an analog electronics society, where all phones were analog transmission over copper wire, and your data was kept on paper in filing cabinets.
UpwardThrust
29-12-2005, 17:15
Most users never truly give consent to the cookies on their machines - hell, most don't even know how many cookies are on their machine right now, or who those cookies belong to.

I think that the law isn't keeping up with technology. Our laws seem to be fine for an analog electronics society, where all phones were analog transmission over copper wire, and your data was kept on paper in filing cabinets.
But there is a difference between a normal cookie and a tracking cookie

Standard practice when writing a cookie is to assume that other websites or people have the ability to view it from the users machine, so association is done with a blind ID number to the database

So anything that is stored is stored on a secure server not in the cookie information itself

A tracking cookie can not do this, it not only contains secure potential information about the user (which people OTHER then the government can potentially access) But it provides a back door for other services to snoop in the same illegal method without having to worry about tracker creation or identification.
Deep Kimchi
29-12-2005, 17:17
But there is a difference between a normal cookie and a tracking cookie

Standard practice when writing a cookie is to assume that other websites or people have the ability to view it from the users machine, so association is done with a blind ID number to the database

So anything that is stored is stored on a secure server not in the cookie information itself

A tracking cookie can not do this, it not only contains secure potential information about the user (which people OTHER then the government can potentially access) But it provides a back door for other services to snoop in the same illegal method without having to worry about tracker creation or identification.

My point is that tracking cookies are covered more by Internet etiquette than law. If you're running a legitimate business, you don't want to get a reputation for giving your customers' credit card numbers to hackers through negligent website design.
UpwardThrust
29-12-2005, 17:32
My point is that tracking cookies are covered more by Internet etiquette than law. If you're running a legitimate business, you don't want to get a reputation for giving your customers' credit card numbers to hackers through negligent website design.
And the government should not be in the practice of compromising my system to those hackers either though their purposefully design.