There are still people warning us of sleepwalking into a Stasi or “1984” society. They missed the boat by a long shot: we are already far, far past the point of Stasi or “1984”. The apparatus that governments have built to trace, track, and record citizens is the stuff of nightmares.
The scene-setting paragraph in George Orwell’s 1984 is still something that gives you chills, even as the book has so old it has come out of the copyright monopoly in Australia:
Behind Winston’s back the voice from the telescreen was still babbling away about pig-iron and the overfulfilment of the Ninth Three-Year Plan. The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it, moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live–did live, from habit that became instinct–in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.
We’re far, far beyond this point. Replace “Thought Police” above with the more general “Government”, and you could fit this story into the United Stasi’s NSA story, the Swedish FRA story, or any similar one.
The government agencies’ claim of “we’re not watching everybody all the time, we target different people” is exactly what is written above – for “at any rate, they could plug into your wire whenever they wanted to”.
Oh yes, the cameras? The government doesn’t have cameras installed in every home, right? Well, no. But we do, and the government has taken itself the right to use them to watch us, breaking into our computers to use our webcams. Germany was famous for this a couple of years back with its so-called Bundestrojaner. The primary difference between this scene from 1984 and today, in terms of the cameras, is that we installed them ourselves.
So far, we’re only at the 1984 or Stasi level. But things have become much worse.
Our movements as we walk about in the city are traced, tracked and recorded – almost down to the footstep level. Every step you take, they’ll be watching you. If you deviate more than 100 meters from your usual path, that can be noted and flagged. The first time you see your own movement maps, and realize that somebody else is gather this information to use it against you, sends shivers down your spine. Where were you on April 17, 2012, at 13:21 European time? You were on the move, but at what speed? Whence and whither? Somebody has an answer to that question, and it’s not you.
This leads us to the key difference between the Stasi horror dystopia and the worse society today. Those of us who have read or seen 1984 recall that if the government didn’t catch what you were saying at the time you said it, you had gotten away. Words disappeared as fast as they were spoken and heard, or not heard.
That’s different today. In those dystopias, anything you said could and would be used against you. In our today, anything you say can and will be used against you, today or decades into the future. Everything is recorded. Everything.
If you’re redflagged for some stupid reason one year from today, what you were saying just five minutes ago will come under scrutiny, and whom you spoke them to. If the laws or social norms change to make the things you do right now suspicious in a decade, you’re going to be seen as a suspicious individual if somebody finds out – for everything is recorded.
Stasi couldn’t record what newspaper articles you were reading. For how long. And in what order. That, along with pretty much every thought you have ever explored while sitting at a computer, is now part of your permanent record – even if you never told a single human being.
So you use encryption, you say? Mumble, Redphone, PGP? How nice for you. But a particular encryption has a shelf life. What’s breakable today wasn’t breakable a decade ago, and the NSA is saving every piece of encrypted communications, too. What’s not breakable today may be so in a decade. If you’re encrypting things with the intent of keeping them safe forever, that’s not what today’s reality looks like. Oh, and when did you last change your key? Wait, you do encrypt in the first place, don’t you?
We tend to think of a lost cryptokey as needing to change that key before we make any future communications, kind of like a lost housekey needs replacement. It’s much worse than that. If we lose the key, we just decrypted everything we had ever sent encrypted – for somebody had saved it on the odd chance that such an event could happen.
A lost housekey doesn’t mean your home immediately gets broken into a year ago, but that’s the case with today’s cryptokeys.
We are far, far beyond the point of Stasi or “1984”. Isn’t it time to at least stop, look and listen to what we’ve created?
it is definitely time for that, Rik. the trouble is, those with the money and the power will do whatever they have to to stop you from doing anything. people think about conspiracy theories as just that. they dont realise that sometimes they are real and not just imagined or dreamed. they dont realise what ‘evidence’ can be planted, what speech can be manufactured to make you appear to be the worst person ever, to make you appear to have committed the worst crimes imaginable. you only have to look at the most classic recent example of how Dotcom was completely stitched up by the US DoJ, with help from the US government and the entertainment industries. if he had not had the fortitude and the backing, he would be in some prison somewhere for 100years, just because a particular US industry didn’t like what he was doing or that he was making money. the fact that those responsible had high ranking governmental assistance through friendship, shows how bad it got for him. for any ordinary mortal, they wouldn’t have stood a chance! i was going to say ‘what a world we have created’ but that would be wrong. it should be ‘what a world we have allowed to be created’. it has happened because those that have done so are in the position to use lethal force against anyone opposing them and they wouldn’t hesitate to use it, own countrymen or not. we have seen perfect examples of that just this week in Turkey. when the person in charge is put into the position of perhaps not being in charge any more, anything necessary comes out of the closet, including using ultimate violence!!
When you sit back and think about it, if this article was published say 1 year ago or even 2 months ago, people would think that you were some conspiracy theorist nut. However, how can people truly understand what’s happening to them when they don’t fully understand what they’re losing? Right now, people don’t feel different and, for the most part, nothing “bad” has happened to them.
So, to answer your question, sure it’s time to stop and re-evaluate what we’ve created. However, I don’t think most people know where to start because technological advancement has far outpaced popular understanding.
Thank you for this article, it was an eye-opener.
I never thought about it like that, despite my love for the hardest and bitterest truths…
I guess that’s why I found 1984 under the ‘facts’ section at akademibokhandeln.
That and a self help guide at improving your elemental aura of zen happiness.
You should qualify your assertion. Even infinite amount of surveillance is merely necessary, not sufficient, for a 1984 kind of dystopia. Unlike in 1984, our governments haven’t outlawed fun (yet).
Depends on the definition of “fun”. Some types of fun are already outlawed. Some people would love to outlaw some other types of fun.
They don’t want to outlaw fun, because they want to be able to monitor the fun and then let social mechanisms have their way. There are so many dirty ways you can destroy someone’s reputation with various types of “fun” they are having.
Some of the funniest things in our world are not very fun anymore if you can’t keep them exclusively for yourself and those close to you.
Guns are attempting to be outlawed. People use them for recreational purposes all the time. If they do become harder to own or illegal, then the government would have just outlawed fun for many individuals.
I think the claims about crypto misses the point.
Yes, cryptanalysis does advance. The old NSA saying is “attacks don’t get worse over time”, meaning that the efficacy of a cryptosystem degrades over time. Most cryptanalytic attacks are not devastating, but reduce the work factor needed to break the cipher. By building in significant protection, the risk of advances in computing allowing plaintext access through an attack on the algorithm alone is a low one.
But this doesn’t matter, because the assurance levels of most cryptographic software is so low that you wouldn’t bother. And there are always “rubber hose attacks”, or their “legal” version, which are coercive key disclosure laws. Those laws also represent the sad movement of Western legal systems away from the right to silence, which should deeply trouble everyone. Sadly, in almost everything related to law enforcement and “justice”, it is the UK which seems to be “leading” the way with these retrograde changes.
And one more comment, or food for thought. There is a perception that the forces supporting free use of cryptography won the crypto wars of the late 90’s. I wonder if that’s true. I wonder, instead, if the NSA et al simply changed tactics, and red threaded (trojanized) EVERYTHING they could, while we were all crowing about our “victory”. So you might be using crypto, but the PRNG generating the keys (a la the Crypto AG trojanization) is predictable, it doesn’t matter. There are so many ways to red thread software and hardware, and most can be made to look deniable if discovered (“oh really, our RSA implementation leaks key bits due to a code timing issue? Oh… that’s a BUG. Sorry.”)
I can’t point to hard public evidence supporting this assertion, but there is circumstantial evidence aplenty.
Yes. As with many things open source… What protects open-source software from being trojanized by a bunch of interests (private or govt or whatever). And as you say.. backdoors/trojans can be made on the hardware level too. How do you protect against that?
Open sources opens the possibility of detecting the red thread, but:
1) Who has looked?
2) How comprehensively have they looked?
3) How deep down the stack do you go?
Many readers will remember that there WAS an attempt, by persons unknown, to introduce a backdoor into the Linux kernel a few years ago. The change was simply the removal of a single equals sign, turning a test that the current user was superuser (==) into making the current user superuser (=).
Luckily, someone noticed. Not because of a code review, but because of an unexpected check-in into the OS.
My point here is that just because someone CAN look, doesn’t mean they HAVE. But you’re still better off that you can.
Then there is point (3). What about:
1. The libraries
2. The compiler (see “Reflections on Trusting Trust”
3. The hardware, and…
a. The CPU
b. The CPU’s microcode
c. The CPU microcode updates that are pushed every boot
d. The OS drivers
e. The BIOS (host and peripherals)
f. Every piece of hardware which can do DMA into the device, and it’s hardware/software stack? (Including external devices like firewire.)
For example, a common ethernet controller used in many PC’s has a MIPS CPU inside it running it’s own little OS. It can issue a DMA request for any part of memory, and fetch that memory? Sounds like a great place to put some spying code to me.
My point here is that the attack surface of modern desktop PC’s is HUGE. Absolutely enormous. And we’re only just starting to think about protecting against that, whereas I know the spooks have been playing there for over a decade.
I did not even know that the microcodes were updated on every boot on modern CPUs..
“For example, a common ethernet controller used in many PC’s has a MIPS CPU inside it running it’s own little OS. It can issue a DMA request for any part of memory, and fetch that memory? Sounds like a great place to put some spying code to me.”
Wait WHAT. Can they even do that? I thought they were supposed to have access to a restricted subset of memory only.
g) add to this “men in the middle” at ISP level handing over modified drivers when the most common driver updates over the internet are being fetched. Not only drivers but of course any software package / OS update where “men in the middle” attacks are possible…
h) the router in your own home could be hacked / designed to redirect update requests for OS:es / drivers / software packages to someone unintended.
This is a response to goostaff, but we seem to have reached maximum recursion so I am forced to reply to my own post.
> I did not even know that the microcodes were updated on every boot on modern CPUs..
http://inertiawar.com/microcode/
https://downloadcenter.intel.com/Detail_Desc.aspx?lang=eng&DwnldID=14303
http://www.securiteam.com/securityreviews/5FP0M1PDFO.html
> Wait WHAT. Can they even do that? I thought they were supposed to have access to a restricted subset of memory only.
They’re PCI devices which can initiate DMA requests. What shocked me is that Firewire devices can too:
http://arstechnica.com/tech-policy/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government/
http://en.wikipedia.org/wiki/DMA_attack
As to your (g), you’re absolutely correct that this is a risk. The question I keep asking is why people aren’t asking the next obvious question: whether the NSA and other 5EYES agencies have compromised the PKI infrastructure underpinning SSL, code signing, and so forth.
(h) They don’t need to. Go check out a protocol called CWMP or TR-069, which is enabled by a lot (the majority of) telcos in the world who give their customers equipment. This allows a telco to order your CPE (eg. your modem/access point) to upload a new build, and install it, all without your knowledge and authorization.
There’s a backdoor in plain site. Thanks to the 29C3 who did an excellent session on it:
http://events.ccc.de/congress/2012/Fahrplan/events/5112.en.html
Oh, and don’t forget that almost all telco equipment features “Lawful Intercept” features.
Sorry to depress you, but the closer you look at all of this, you realize that the attack surface on any modern device is so huge it’s absurd.
I doubt that any agency has the energy to “go after everyone” – today since they’re busy hunting the really bad people. Ya know, terrorists and what not.
But – and it’s a huge ass – what will they do with the teraflops of data flowing into their data centers when there are no more terrorists to go hunt? Stop collecting data? Fire the hundreds of thousands of “analysts” they hired to get the terrorists? Doubtful.
They’ll then have to find a new boogie man. They had one a while back; people who did not lean to the right. I believe they were collectively called “Communists”.
I guess that leaves us with a sad, sad truth: Regular, run-of-the-mill citizens who go to work every day, pay their taxes on time and fuck their wives on friday, NEED terrorists in order to not be followed digitally.
Dystopic? I think not.
It’s not people that go through these vast amounts of data, it’s software, and software gets better and more efficient by the minute. When they “hunt the really bad people” they actually scan those mountains of data with software to find them, or someone that acts like them enough to be suspicious.
This can mean for example that if you are merely scholarly interested in something that is illegal (or about to become illegal) you will be put under surveillance. If you search information about terrorist organizations because you’re interested in how and why people do things like that, then in the eyes of the surveillance you act just as the guy who searches information about them to find out how to join them: you go to the same web pages, you borrow the same books from the library and so on.
As far as I know, they still lack the equipment to get inside your head, so they’ll just have to assume what’s going on in there. So they’ll assume the worst. So what if some poor curious bastard ends up in Guantanamo or whatever for the rest of his life for just wanting to learn something completely innocent? Safety first!
Well governments will hopefully use the mining “only” to fight crime, companies however, will certainly sell the service of keeping a watch out for competition in various businesses. If an established business can find potential “threats” such as future competition early on, then they have a better chance to “deal” with them before they start taking market shares. Thus.. increased risk of monopolies on various markets.
When comes to monopolies enabled by law, of course “fighting crime” and “keeping watch for competition” is exactly the same thing. For instance the cases of copyright and patents.
You’re not honestly that gullible about governments, are you? My country (Finland) has enabled laws that basically put everyone on a leash and under a microscope if the “need” for that arises. While Finland is still a peaceful and fairly pleasant place to live in and “If you’ve got nothing to hide, you’ve got nothing to fear” seems to hold true for the most part, times will change for the worse at some point, that’s the unbreakable law of history.
Already, Finnish companies are selling spy technology to countries like Iran, where mere opinions can get you heavily oppressed and even killed. Here, it’s already in full operation. What if Finland is more like Iran one day? The technology will not have gone anywhere.
Yes I know Telia ( or TeliaSonera ) have been busted selling surveillance equipment / knowledge to at least Belarus.
Most people have nothing to fear (personally), because most people are neither aspiring politicians or entrepreneurs who could pose a threat to established businesses by new technology, new inventions or new politics which add competition or rip down their the old businesses lawful privileges.
Surveillance is about protecting income streams for established businesses. If you have “nothing to fear” just means you don’t risk making any important difference ( on the markets ).
I’m quite aware that machines are the ones doing the dirty work, I wasn’t born yesterday 🙂 In fact, I’ve designed quite a few algorithms to mine data – nothing as advanced as they use of course and for a lot smaller data sets.
My point was merely that when we run out of terrorists is when “normal people” get hunted. We’re not being hunted at the moment.
But you’re right in that the systems and the information-gathering for hunting normal people, is being set up right now.
Well… Would not surprise me at all if almost no “terrorists” are being hunted today… but the efforts are rather used to identify “threats” to established businesses.
If you (as an established business) can find the right people early on you could try and either hire them earlier than other established actors on the markets or if the new guys try to start competition (own company), you could focus your efforts on saboutaging their work to protect your position on the market from their influence.
This has nothing to do with “hunting terrorists”. It is all about established businesses trying to find and stop competition before they outsmart you and your business.
Communists were the scape goats during the cold war to get surveillance up and running to fend off competition by established businesses. Today “terrorists” are the new threat. Of course there is no real threat.. they just need an excuse to establish lookout towers for competition. It IS difficult to stay in business long-term without cheating on a free market.
This: “We tend to think of a lost cryptokey as needing to change that key before we make any future communications, kind of like a lost housekey needs replacement. It’s much worse than that. If we lose the key, we just decrypted everything we had ever sent encrypted – for somebody had saved it on the odd chance that such an event could happen.”
Is important. I think most people doesn’t think about that.
The worst thing about all this surveillance is that the first ones to be targeten when (not if, WHEN) someone or someones with less good intentions come to power and begin chasing people with the “wrong” opinions, are us who oppose mass surveillance.
Also, I wonder if the intentions of the current elected (and in certain cases “elected”) governments really are good. Is it possible to build such a system in the belief that it will only be used for good purposes – ever? Or even that the good purposes outweigh the possible bad purposes?
My understanding is that when efficient quantum computing becomes reality, it will crack ALL regular cryptography in very short time. There are solutions: https://en.wikipedia.org/wiki/Post-quantum_cryptography which Zacqary Adam Green talked about in a reply to me in this comment field: http://falkvinge.net/2013/06/08/4-ux-problems-holding-back-crypto-and-anti-wiretapping-technology/
The problem is of course, that with all the saving going on, those technologies need to be implemented 5-20 years ago, depending on how long it’s been going on. But better late than never – If you who read this is an expert in the field, GET PROGRAMMING!
Also, it is propably a good idea to nest it inside regular cryptography – cryptography is hard, but knowing is is uncrackable is even harder, maybe impossible.
The article is excellent. It should be published in every newspaper in the world.
Check out OTR (off the record) communications. As far as I know, it has some features to deal with lost / stolen cryptokeys.
[…] puntos de vista consideran que esto es mucho peor que el libro 1984, por George […]
Cryptography is good now. Snowden has said that; and so given what I know of it, and that, I trust it. In the future not as much – although there are cryptographic forms that are believed to be essentially immune to quantum attacks.
But cryptography, and its value in keeping us safe from our own governments, is a distraction. We need different governments, and different people in them. The Pirate Party may be a valid long-term solution. I don’t know. Power corrupts. And changing our governments will take a long time, if it isn’t already too late.
In the short term though, we need something else – a way to render the information being collected statistically meaningless. A way to overload the information gathering infrastructure of governments. I wish I were a programmer – but consider:
Think of thousands, or tens of thousands of AI bots roaming the internet, creating millions of messages every hour. Messages using variable levels of crackable encryption, and containing all the words in the lists that red-flag our communications: ‘nuclear’, ‘bomb’, ‘disease’, ‘drone’, and all the myriad others. These bots could exchange messages amongst themselves, but also transmit to selected real humans whose emails, Twitters, and so on were known: Palestinian diplomats; politically involved aid workers, politicians, and etc. These bots could even create voice communications from recordings, and flood the picture sites with steganographically encrypted photos. They could get pay-only accounts, funded anonymously (difficult but possible) with Bitcoin donations.
Software has no numerical limits. What would it take to overload the information-gathering capacity of the world’s governments? It would take one good program. Just one, released into the wild…
Sounds like a job for Satoshi Nakamoto.
It won’t work. NSA’s software will soon learn how messages from the spammer software look, and ignore them. Also, there’s no way of knowing if it works.
I think cryptography for short term and replacing government for long term are the only working solutions.
But as long as the _IDIOTS_ that make up the vast majority of the population go “we have nothing to hide and nothing to fear” and the like, that’s not going to happen, and we who are against totalitarian fascism, and others who annoy the authorities, are most likely headed for prison. Or worse.
Cryptography could protect information and communications and cryptocurrencies could starve the oppressive govt. of it’s income ( taxes ).
Yeah physical imprisonment is one possibility but that is both expensive and makes the crime statistics look bad…
Social tactics such as defamation and ridicule… those are much easier to get more effective now when social media have become so popular. Expose all embarrasing surfs you ever done to people around you so that your friends will start abandoning you and people won’t listen to what you have to say any more.
There’s a simple way of making the cameras and microphones useless for authorities and other hackers. Disabling them in your operating system may work, but don’t trust it. Instead unplug your stationary webcam and microphone when they are not in use. It’s harder with laptops, the camera can be taped over with black tape, but for the microphone you will need a short-circuit plug to put in the microphone jack. If you know anyone with a soldering iron and even the least bit of electronics skill, they can make one from a pair of headphones, even broken ones.
This will of course not prevent spying on you when you re-enable and use those peripherals, but unless your voice and video chats are encrypted, you are essentially giving it away anyway.
With regards to encryption, I’d like to compare it to the US’ history of owning a gun:
It was said that if people owned guns, they could fend off the government if they ever again started to clamp down on the peoples freedom. Well, sure, great idea. But, the government has napalm, cruise missiles and a lot of trained personell to use them.
Encryption is out ‘defence’ of today, as far as that takes you. It doesn’t protect you against pinpointing, but at least it keeps your communications safe. That is, until either A) Quantum Computing becomes a reality, or B) the government has teraflops/ns processing power. ‘The’ government will then have the computing power equivalent of a nuke, and we’ll be stuck with our crappy handguns.
Speaking of encryption… Why is this site not run on https? 🙂
It is. However, WordPress is kind of anal about having one and the same protocol as the “site base”, and so I can’t easily vary http/https links depending on entry point. But it works for people who use HttpsEverywhere (like myself).
Also, it’s currently kind of a weak SSL (it’s not end-to-end), so I wouldn’t want to advertise it.
The concern is mainly broken links if I ever should decide to not use https in the future. Perhaps that’s a rather weak argument.
Cheers,
Rick
“and a lot of trained personell to use them.”
Well, I may be naiive.. but is it really obvious that the american military would napalm or even “just” attack it’s own population? Hopefully they would just disobey order if ordered to fight against the own population.
Https is still vulnerable to certificate forging and man in the middle attacks and also not so long ago a critical vulnerability in secure sockets layer, SSL was discovered in some major web browsers.
In addition, protest movements and activists are infiltrated by undercover police officers. Both in Orwells dystopia and for real (se below):
The Guardian:
“McLibel leaflet was co-written by undercover police officer Bob Lambert,
Exclusive: McDonald’s sued green activists in long-running David v Goliath legal battle, but police role only now exposed”
http://www.guardian.co.uk/uk/2013/jun/21/mclibel-leaflet-police-bob-lambert-mcdonalds
[…] How Today’s NSA Is Much, Much Worse Than Stasi Or Orwell’s “1984” […]
It’s actually a cool and useful piece of info.
I am happy that you shared this helpful information
with us. Please stay us up to date like this. Thank
you for sharing.
[…] somebody is seen naked, but that anything everybody says and thinks is recorded – and that it can and will be used against them, decades from now, when laws and values have […]
Everyone loves what you guys are usually up too.
This kind of clever work and reporting! Keep up the
amazing works guys I’ve you guys to blogroll.
Maintain a firm budget during the course of the year on video games.
The buyers can choose from the most extensive list of products.
Sometimes this is the best place to find cheats and other perks for video games, without paying for a cheat
book.
Place the calendar piece on it and rotate it until it fits.
From their very name, you get paid for every survey you take.
For instance, many newbies are lulled in to
a a sense of false security, through the beginners’ protection they receive.
Soundscapes played out by means of an MP3 or CD player. Elderly patients
tend to benefit from this treatment program but it can cover the gaps that are
left by the alternatives which are unable to restore hearing.
That in essence is why it is essential users of such
machinery wear protection suitable to the noisy conditions.
Our team worked as a chef hard on finding the easiest method
to get Gold and Digi Point free of charge and make it safe for you personally.