• Great articles on other sites
  • RSS Great articles on other sites

  • Analysis, Digital Rights, Internet, Security - Written by on Friday, August 2, 2013 13:06 - 2 Comments

    XKeyscore + NSA surveillance leaks:
    Australian expert reaction


    This article is by Paul Dalgarno, Section Editor, Science + Technology The Conversation. It first appeared on The Conversation.

    analysis XKeyscore is an online surveillance tool run by America’s National Security Agency (NSA) that allows analysts to search contents of chats, emails and browsing histories without warrants, according to leaked slides from CIA whistleblower Edward Snowden.

    The slides, published in The Guardian yesterday, seem to support claims XKeyscore can search “nearly everything a typical user does on the internet” and in one 30-day period in 2012, collected and stored nearly 42 billion records. The NSA slides declare some 300 terrorists were caught using XKeystroke technology by 2008. Australian experts respond below.

    Philip Branch
    Senior Lecturer in Telecommunications at Swinburne University of Technology

    The program appears to be a datamining tool especially designed for intelligence gathering. In the same way as businesses are getting into “big data” in order to understand their customers, consumer trends and the like, the US intelligence community appear to have been doing much the same thing.

    We know that they see a big chunk of the world’s internet traffic. They have access points around the world to access other forms of electronic communication. This program seems to be a system for scanning for markers that may identify potential terrorists. If, as they claim, it has identified 300 or more potential terrorists it would seem to have been a success.

    The way it appears to work is similar to other datamining techniques. It looks at content, probably for keywords, and at metadata such as source and destination addresses, or phone numbers. To identify potential threats it looks for anomalies. Examples given are language unusual for that region, looking for dubious material on the internet, and, very intriguingly, the use of encryption.

    It appears that they have taken to heart the saying that “if you have nothing to hide, you have nothing to worry about” and reinterpreted it as “if you have something to hide, perhaps you do have something we should worry about”.

    One of the very interesting things is that they can identify individual devices. This is perhaps not as dramatic as might appear at first. It’s well known that financial institutions have been tracking individuals for a long time. Even though IP addresses change, there is enough other information to identify most machines.

    If you are using a browser, there’s a lot of information about how it is configured. Often the configuration is unusual enough to identify uniquely the individual. The browser you use, the plug-ins, the cookies that are set, are all able to identify a user, in the sense that it is the same user we saw before. So, again, the latest revelations are interesting but not necessarily unexpected. We know businesses have been using these techniques for some time. It would be remarkable if the intelligence agencies weren’t.

    Sean Rintel
    Lecturer in Strategic Communication at University of Queensland and board member of Electronic Frontiers Australia

    It is clearer now than ever that, since we can’t retrospectively change these surveillance technologies, and indeed there may be valid uses of them, citizens of all countries need to stand together to demand three new kinds of digital rights.

    1. We must have rights to personal data control. Knowing what, when, and how much of our personal data has been collected, and which agencies have access it to it.
    2. We must have rights to transparent security institution oversight. Parliamentary and legal procedures must be in place to ensure that all searches of such data require strictly evidenced belief that a search is necessary, that searches are narrowly targeted, and that citizens have methods to access the details of such proceedings.
    3. We must have rights to meaningful checks and responses to abuses. If there is any kind of problem with the use or integrity of data in such systems (such as overreach of searches, searches for non-security/law-enforcement purposes, data breaches) then citizens must have the right to meaningful civil and legal recourse. News website Mashable is currently running a campaign to crowdsource a digital bill of rights.

    Australians should be involved in that because some of our traffic relies on US services and, as such, US laws. Australians should also engage with their political parties and civil society groups, such as Electronic Frontiers Australia (of which I am a board member) and its Citizens Not Suspects campaign.

    With an election looming, now is the time for meaningful action. Whether or not one trusts our government or others, trusts security services/law enforcement or not, or believes that it is or is not reasonable to trade privacy for security, new digital rights to choice, control, and transparency will ensure our civil security.

    John Lenarcic
    Lecturer in Business IT and Logistics at RMIT University

    The genie may already be out of the bottle with respect to privacy. Way back in 1999, the then-CEO of Sun Microsystems Scott McNealy infamously proclaimed:

    “You have zero privacy anyway. Get over it.”

    The social media revolution, while diminishing privacy in some respect to users, made it the salient issue of our era. And the NSA deployment of systems such as XKeyscore has once again brought the security versus privacy debate to the fore. But security and privacy are needs that co-exist at times in an inverse relationship to each other. If eavesdropping on telecommunications leads to terrorists being nabbed then what’s the hassle, according to the NSA?

    This is a NSA-brand of utilitarianism whereby the ends justifies the means. The strict (or even not so rigid) Kantians among us, though, may gasp in horror at the antics of the NSA if we believe in protecting privacy. Indeed, this is a moral dilemma that is rapidly unfurling before our very eyes. As they say in the classics, life wasn’t meant to be easy …

    James Hamlyn-Harris
    Lecturer in Information & Communication Technologies at Swinburne University of Technology

    We can infer from the name and the terminology used in the slides that XKeyscore is a search engine which uses search terms and filters to narrow the search field. The more information you give it, the fewer (and more relevant) hits will be returned.

    Rather than returning a specific result, it will return a ranked list of results (ranked by “keyscore”) depending on how many search terms and filters matched each searched entry.

    This means that searching for an email address (mostly unique) will return a very relevant list of entries, but searching a set of vague search terms or filters (such as traffic on this domain, between these dates, containing these words send by this user agent, or browser, with these plug-ins) will return a big list of hits ranked by relevance. A human will look at the results and make judgements about which results are useful or actionable.

    Further reading:
    For The Conversation’s coverage on the NSA leaks and their aftermath, click here. This article was originally published at The Conversation. Read the original article.

    The Conversation

    submit to reddit


    You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

    1. Claire Bridges
      Posted 02/08/2013 at 2:07 pm | Permalink | Reply

      As we contemplate the liberty-for-security bargain we’re being offered by our governments, our human brains are wired to make a terrible miscalculation:
      –>”This is Your Brain on Terrorism” http://bit.ly/162DtWE

      • BuildFTTP
        Posted 02/08/2013 at 7:19 pm | Permalink | Reply

        Very good peice. I particularly like this part:
        “Just how small is the terror threat? Consider your annual odds of perishing by terror compared to two alternatives:

        Dying in a car accident: 1 in 19,000
        Dying in a bathtub: 1 in 800,000
        Dying in a terror attack: 1 in 3.5 million

        With bathtubs posing a substantially greater danger than terrorists, why are politicians silent on this menace? Why don’t they accuse rivals of being “weak on bathtubs”? Where are the recurring TV news segments? Why is there no Bureau of Bathtub Security with a $4 billion headquarters and an accompanying array of intrusive, government-mandated safety measures?”

    Leave a Comment


  • Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:

    Follow us on social media

    Use your RSS reader to subscribe to our articles feed or to our comments feed.

  • Most Popular Content

  • Enterprise IT stories

    • Super funds close to dumping $250m IT revamp facepalm2

      If you have even a skin deep awareness of the structure of Australia’s superannuation industry, you’ll be aware that much of the underlying infrastructure used by many of the nation’s major funds is provided by a centralised group, Superpartners. One of the group’s main projects in recent years has been to dramatically update and modernise its IT platform — its version of a core banking platform overhaul. Unfortunately, the $250 million project has not precisely been going well.

    • Qld’s Grant joins analyst firm IBRS peter-grant

      This week it emerged that Peter Grant, the two-time former Queensland Whole of Government CIO (pictured), has joined well-regarded analyst firm Intelligent Business Research Services (IBRS). We’ve long had a high regard for IBRS, and so it’s fantastic to see such an experienced executive join its ranks.

    • Westpac dumps desk phones for Samsung Android mobiles samsung-galaxy-ace-3

      The era of troublesome desk phones tied to physical locations is gradually coming to an end in many workplaces, with mobile phones becoming increasingly popular as organisations’ main method of voice telecommunications. But some groups are more advanced than others when it comes to adoption of the trend. One of those is Westpac.

    • Ministers’ cloud approval lasted just a year reverse

      Remember how twelve months ago, the Federal Government released a new cloud computing security and privacy directive which required departments and agencies to explicitly acquire the approval of the Attorney-General and the relevant portfolio minister before government data containing private information could be stored in offshore facilities? Remember how the policy was strongly criticised by Microsoft, Government CIOs and Delimiter? Well, it looks like the policy is about to be reversed.

    • WA Govt can’t fund school IT upgrades oops key

      In news from The Department of Disturbing Facts, iTNews revealed late last week that Western Australia’s Department of Education has run out of money halfway through the deployment of new fundamental IT infrastructure to the state’s schools.

    • Turnbull outlines Govt ICT vision turnbull-5

      Communications Minister Malcolm Turnbull has published an extensive article arguing that the Federal Government needed to do a better job of connecting with Australians via digital channels and that public sector IT projects needn’t cost the huge amounts that some have in the past.

    • NZ Govt pushes hard into cloud zealand

      New Zealand’s national Government announced a whole of government contract this morning for what it terms ‘Office Productivity as a Service’ services. This includes email and calendaring services, as well as file-sharing, mobility, instant messaging and collaboration services. The contract complements two existing contracts — Desktop as a Service and Enterprise Content Management as a Service.

    • CommBank reveals Harte’s replacement whiteing

      The Commonwealth Bank of Australia has promoted an internal executive who joined the bank in September after a lengthy career at petroleum giant VP and IT services group Accenture to replace its outgoing chief information officer Michael Harte, who announced in early May that he would leave the bank.

    • Jeff Smith quits Suncorp for IBM jeffsmith4

      Second-tier Australian bank and financial services group Suncorp today announced that its long-serving top technology executive Jeff Smith would leave to take up a senior role with IBM in the United States, in an announcement which marks the end of an era for the nation’s banking IT sector.

    • Small business missing the mobile, social, cloud revolution iphone-stock

      Most companies that live and breathe the online revolution are not tech startups, but smart smaller firms that use online tools to run their core business better: to cut costs, reach customers and suppliers, innovate and get more control. Many others, however, are falling behind, according to a new Grattan Institute discussion paper.

  • Blog, Enterprise IT - Jul 5, 2014 13:53 - 0 Comments

    Super funds close to dumping $250m IT revamp

    More In Enterprise IT

    Blog, Telecommunications - Jul 5, 2014 12:12 - 0 Comments

    What should the ACCC’s role be in guiding infrastructure spending?

    More In Telecommunications

    Analysis, Industry, Internet - Jun 23, 2014 10:33 - 0 Comments

    ‘Google Schmoogle’ – how Yellow Pages got it so wrong

    More In Industry

    Blog, Digital Rights - Jun 30, 2014 22:24 - 0 Comments

    Will Netflix launch in Australia, or not?

    More In Digital Rights