NSA Hooking Up Ominously Named 'Perfect Citizen' To Watch The Internet

from the not-so-perfect dept

Recalling the old plans for the "Total Information Awareness" system from nearly a decade ago (which eventually was scrapped -- at least publicly -- after widespread outrage), apparently the NSA is setting up a top secret new internet surveillance program with the ominously creepy name "Perfect Citizen." The NSA, of course, is quick to claim that the program is just for "research" purposes, to assess vulnerabilities and capabilities, but not everyone is buying that explanation.

Part of the problem, of course, is the tremendous secrecy around it. Jim Harper does a good job making the case that much of this program should be public, and blames Congress for falling prey to "cyberwar" hype in not forcing the details of this program to be publicly scrutinized:
If there is to be a federal government role in securing the Internet from cyberattacks, there is no good reason why its main components should not be publicly known and openly debated. Small parts, like threat signatures and such--the unique characteristics of new attacks--might be appropriately kept secret, but no favor is done to any potential attackers by revealing that there is a system for detecting their activities.

A cybersecurity effort that is not tested by public oversight will be weaker than ones that are scrutinzed by private-sector experts, academics, security vendors, and watchdog groups.

Benign intentions do not control future results, and governmental surveillance of the Internet for "cybersecurity" purposes may warp over time to surveillance for ideological and political purposes.
Harper's points are worth repeating. He's not saying saying that the government shouldn't be looking for potential threats or vulnerabilities, but that many of the details should be public. It's fine to keep some aspects secret, but keeping the entire program secret inevitably means that it will be less effective. On top of that, even if it's officially just for "assessment" at this time, we've all seen how government programs morph and change over time (especially to political will) -- especially when it comes to monitoring. Or do we need to remind everyone how often the feds have admitted to violating the law with wiretaps?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Pickle Monger (profile), Jul 9th, 2010 @ 7:26am

    A perfect name choice?


    "NSA Hooking Up Ominously Named 'Perfect Citizen' To Watch The Internet"


    I guess they didn't want to be sued for copyright infringement and get a DMCA for using the name "Big Brother"...

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Dark Helmet (profile), Jul 9th, 2010 @ 7:46am

    A couple of things...

    1. Am I starting to lose some of that "you're just a crazy conspiracy theorist" venere?

    2. Does it make sense that, given how much secrecy surrounds Perfect Citizen, the fact that we've now heard about it means it's likely already in operation?

    3. What relation does this program and/or technology have to the Echelon SIG/INT project?

    4. What are the data retention policies? If they're housing personal information or private communications at Ft. Meade, how long do they keep it?

    5. The key to our Democratic principles has ALWAYS been public oversight of government and military institutions. Given that NSA (No Such Agency) employee records are classified, they're budget is classified, they're director is a military General, they report to the DoD, that they've participated in warrantless wiretaps dating back to the Nixon administration, that they do public transaction data mining, what public oversight is there over the NSA?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jul 9th, 2010 @ 8:37am

    " and governmental surveillance of the Internet for "cybersecurity" purposes may warp over time to surveillance for ideological and political purposes"

    This is the true purpose for this cybersecurity nonsense. and as evidence look how coerced the MSM outside the Internet is.

    Important information gets censored and often times only one side of various issues gets presented, despite the indefensible nature of those positions. It was even much worse before the current prominence of the Internet, to the extent that the MSM doesn’t blatantly lie to us now it’s only because the Internet will no longer let them get away with it. Even NPR is a joke.

    I don't trust our government and I have many very good reasons not to. The laws in this country ensure that the American public is constantly lied to, brainwashed, not told the whole story, is only told one side of the story, and has tons of important information censored from them.

    America is the government granted monopoly capital of the world and yet the mainstream media constantly proclaims it to be a free market capitalistic society.Do you want these lies to continue?

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    weneedhelp (profile), Jul 9th, 2010 @ 8:37am

    Re: A couple of things...

    "Am I starting to lose some of that "you're just a crazy conspiracy theorist" venere?"

    Yes.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jul 9th, 2010 @ 8:39am

    http://techdirt.com/articles/20100706/23322610092.shtml

    considering what you left out on that story, would you care to mention some of the things you forgot in this story too?

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    weneedhelp (profile), Jul 9th, 2010 @ 8:40am

    Perfect Citizen

    1984 came a little late.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    iamtheky (profile), Jul 9th, 2010 @ 8:42am

    I cant believe they will cast a very large net, with tons of analysis and retention with a 100mil contract. I'd bet a dollar after about 5 years you result with a proof of concept for a NIPS that is effective in both function and cost, much moreso than a database full your internets.

    "to detect cyber attacks on private companies running critical infrastructure like the electricity grid or nuclear plants. All companies have to do is let the NSA deploy a bunch of sensors within their networks..."

    - sounds nothing like capturing all your traffic for some Big Brother action.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Reed, Jul 9th, 2010 @ 8:53am

    Re: A couple of things...

    Be careful with that "democratic" word as our government really is a true republic with a few democratic ideals sprinkled here and there.

    Since we are a Republic the sign of a responsible government is the redressability of its citizens with the structures that have power. As you rightly point out we have no oversight in the NSA but it doesn't stop there.

    Try our say in the Pentagon, which is probably the most powerful organization on Earth. The FBI, CIA, EPA, the list of governing agencies with complete power over our lives is staggering. Something is broken within our Republic and that is without a doubt our ability to question what all these organizations are really doing and then making changes if we discover it necessary.

    As long as we are missing that redressability the common citizen will remain a pawn of the wealthy and powerful.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Jul 9th, 2010 @ 8:59am

    Re:

    total information awareness might have made that post better.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Jul 9th, 2010 @ 9:08am

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jul 9th, 2010 @ 9:09am

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Jul 9th, 2010 @ 9:14am

    Re:

    Are you now incapable of trolling more than one post at a time, TAM? Your weakness is showing.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    that_id, Jul 9th, 2010 @ 9:30am

    This is ridiculous.
    1. What the hell is Raytheon doing with an INFOSEC contract?

    2. This isn't public internet monitoring, this is a much needed seperate internet grid for vital national utilities which provides monitoring across that grid.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Jul 9th, 2010 @ 9:35am

    Re:

    What did he leave out on the other story? Something you should know, or something you could find out on a simple search?

    You have the name of the poster. Do a "#%!* search and make your own conclusions. Or is this blog your only source of information?

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    Bruce Ediger (profile), Jul 9th, 2010 @ 9:41am

    Re:

    What the hell is Raytheon doing with an INFOSEC contract?

    I can only guess, as I don't work for Raytheon, or indeed, in the Defence Contracting business at all, but...
    My guess is that only one of the Big 3 defense contractors can stomach the cost of the paperwork to get a DoD contract these days. I'd also guess that the secrecy requirements of any such contract would overwhelm anybody else. The Big 3 defense contractors have had 50 or 60 years of "boiling frog" experience with secrecy and compartmentalization, and have become accustomed to working in a near vacuum.

    At another level, part of me wants to say that the DoD is nothing more than an unauditable way to funnel money to some new ruling elite, and that the Big 3 defense contractors can do this sort of thing without raising very many eyebrows due to their already existing HR departments that are used to doing clearances, and hiring "qualified" people to do what amounts to hourly work.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jul 9th, 2010 @ 2:18pm

    at then of the day, security measures need to have some level of secrecy about them, otherwise the people who it intends to track down, monitor, whatever, will just change their patterns not to get caught. it would be the virtual version of writing your pin code on your bank card, and leaving it in public places. you defeat the very thing you are trying to secure.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Mike Masnick (profile), Jul 9th, 2010 @ 3:18pm

    Re:

    at then of the day, security measures need to have some level of secrecy about them, otherwise the people who it intends to track down, monitor, whatever, will just change their patterns not to get caught. it would be the virtual version of writing your pin code on your bank card, and leaving it in public places. you defeat the very thing you are trying to secure.

    Security through obscurity works *so* well after all.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Jul 9th, 2010 @ 3:26pm

    Re:

    From a cryptographic point of view, this is wrong.

    Many cryptographic protocols are open and public, and yet, no (serious) vulnerabilities have been found. The fact that they are open is actually a good thing. It means that many more people will try to crack it. If they succeed, at least you know you can scrap that protocol (since it is not secure). If you hide it, you'll never know if the protocol is actually secure.

    Your pin number analogy is also wrong. What they are hiding is the method (in banking terms, it would be the DES algorithm, the most commonly used cryptographic algorithm in bank transactions...at least that's what I was told). The PIN is what they are trying to protect (i.e., you). At least, that's what they claim.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    rad, Jul 9th, 2010 @ 4:52pm

    I agree with Mike Masnick

    I agree with Mike and the crypto guy above. Security by obscurity is a terrible defense. Anyone in the information security field will most certainly agree.

    What types of information are gathered and how long they are stored (and yes said information that is not involved in an investigation should be destroyed after a set amount of time) should definitely be among the things they tell the public about. We aren't asking to know what super secret technique the government is using (probably just shaking down the ISPs anyway), but it would be nice to know that mountains of our private information, belonging to innocent Americans no less, is sitting at the fingertips of the most power government on the planet with no expiration date, no controls on what data can be gathered, and no oversight. And this is just the start. When they boost their original budget of $100 mil into the billions range and open that data up to other purposes then it will be probably be too late. And when we get a super conservative republican in office... and maybe when the House and the Senate are controlled by conservative Republicans, what then?

    Who will guard the guards?

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Ross Wolf, Jul 9th, 2010 @ 11:37pm

    WIll NSA Need A Warrant To Admit Internet Infor to Court?

    NSA Illegally Wiretapped Your Phone, Fax and Private Email Communications? Now Your Internet?

    In 2008 Telecoms were granted government immunity after they helped U.S. Government spy on millions of Americans’ electronic communications. Since, Government has not disclosed what happened to NSA’s millions of collected emails, faxes and phone call information that belong to U.S. Citizens? Could those wiretaps perhaps illegal, become a problem for some Americans? Neither Congress nor the courts—determined what NSA electronic surveillance could be used by police or introduced into court by the government to prosecute Citizens.

    In 2004, former Attorney General John Ashcroft asked government prosecutors to review thousands of old intelligence files including wiretaps to retrieve information prosecutors could use in “ordinary” criminal prosecutions. That was shortly after a court case lowered a barrier that prior, blocked prosecutors from using illegal-wire tap evidence in Justice Dept. “Intelligence Files” to prosecute ordinary crimes. It would appear this information, may also be used by government to prosecute civil asset forfeitures.
    See: http://www.securityfocus.com/news/5452

    Considering that court case, it appears NSA can share its electronic-domestic-spying with government contractors and private individuals that have security clearances to facilitate the arrest and forfeiture of Americans’ property—-to keep part of the bounty. Police too easily can take an innocent person’s hastily written email, fax, phone call or web post out of context to allege a crime or violation was committed to cause an arrest or asset forfeiture.

    There are over 200 U.S. laws and violations mentioned in the Civil Asset Forfeiture Reform Act of 2000 and the Patriot Act that can subject property to civil asset forfeiture. Under federal civil forfeiture laws, a person or business need not be charged with a crime for government to forfeit their property. In the U.S., private contractors and their operatives, work so close with police exchanging information, to arrest Americans and or share in the forfeiture of their assets, they appear to merge with police.

    Rep. Henry Hyde’s bill HR 1658 passed, the “Civil Asset Forfeiture Reform Act of 2000” and effectively eliminated the “statue of limitations” for Government Civil Asset Forfeiture. The statute now runs five years from when police allege they “learned” that an asset became subject to forfeiture. With such a weak statute of limitations and the low standard of civil proof needed for government to forfeit property “A preponderance of Evidence”, it is problematic law enforcement and private government contractors will want access to NSA and other government wiretaps perhaps illegal and Citizens’ private information U.S. Government agencies glean monitoring the Internet, to arrest Americans and to seize their homes, inheritances and businesses under Title 18USC and other laws. Of obvious concern, what happens to fair justice in America if police and government contractors become dependent on “Asset Forfeiture” to pay their salaries and operating costs?

    Under the USA Patriot Act, witnesses including government contractors can be kept hidden while being paid part of the assets they cause to be forfeited. The Patriot Act specifically mentions using Title 18USC asset forfeiture laws: those laws include a provision in Rep. Henry Hyde’s 2000 bill HR 1658—for “retroactive civil asset forfeiture” of “assets already subject to government forfeiture”, meaning "property already tainted by crime" provided “the property” was already part of or “later connected” to a criminal investigation in progress" when HR.1658 passed. That can apply to more than two hundred federal laws and violations.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Scott, Jul 10th, 2010 @ 2:20am

    Are we that stupid?

    It's called Perfect Citizen, not Perfect Corporation. Who believes that this is to protect corporations? What a bunch of BS. This is the software/hardware solution to bring TIA finally online.

    Hey Obama - This isn't the change we voted for, this is just more of the same BS we got from the last moron in your office.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This