• Great articles on other sites
  • RSS Great articles on other sites

  • Renai's other site: Sci-fi + fantasy book news and reviews
  • RSS Renai LeMay

  • Analysis, Digital Rights, Internet, Security - Written by on Friday, August 2, 2013 13:06 - 2 Comments

    XKeyscore + NSA surveillance leaks:
    Australian expert reaction


    This article is by Paul Dalgarno, Section Editor, Science + Technology The Conversation. It first appeared on The Conversation.

    analysis XKeyscore is an online surveillance tool run by America’s National Security Agency (NSA) that allows analysts to search contents of chats, emails and browsing histories without warrants, according to leaked slides from CIA whistleblower Edward Snowden.

    The slides, published in The Guardian yesterday, seem to support claims XKeyscore can search “nearly everything a typical user does on the internet” and in one 30-day period in 2012, collected and stored nearly 42 billion records. The NSA slides declare some 300 terrorists were caught using XKeystroke technology by 2008. Australian experts respond below.

    Philip Branch
    Senior Lecturer in Telecommunications at Swinburne University of Technology

    The program appears to be a datamining tool especially designed for intelligence gathering. In the same way as businesses are getting into “big data” in order to understand their customers, consumer trends and the like, the US intelligence community appear to have been doing much the same thing.

    We know that they see a big chunk of the world’s internet traffic. They have access points around the world to access other forms of electronic communication. This program seems to be a system for scanning for markers that may identify potential terrorists. If, as they claim, it has identified 300 or more potential terrorists it would seem to have been a success.

    The way it appears to work is similar to other datamining techniques. It looks at content, probably for keywords, and at metadata such as source and destination addresses, or phone numbers. To identify potential threats it looks for anomalies. Examples given are language unusual for that region, looking for dubious material on the internet, and, very intriguingly, the use of encryption.

    It appears that they have taken to heart the saying that “if you have nothing to hide, you have nothing to worry about” and reinterpreted it as “if you have something to hide, perhaps you do have something we should worry about”.

    One of the very interesting things is that they can identify individual devices. This is perhaps not as dramatic as might appear at first. It’s well known that financial institutions have been tracking individuals for a long time. Even though IP addresses change, there is enough other information to identify most machines.

    If you are using a browser, there’s a lot of information about how it is configured. Often the configuration is unusual enough to identify uniquely the individual. The browser you use, the plug-ins, the cookies that are set, are all able to identify a user, in the sense that it is the same user we saw before. So, again, the latest revelations are interesting but not necessarily unexpected. We know businesses have been using these techniques for some time. It would be remarkable if the intelligence agencies weren’t.

    Sean Rintel
    Lecturer in Strategic Communication at University of Queensland and board member of Electronic Frontiers Australia

    It is clearer now than ever that, since we can’t retrospectively change these surveillance technologies, and indeed there may be valid uses of them, citizens of all countries need to stand together to demand three new kinds of digital rights.

    1. We must have rights to personal data control. Knowing what, when, and how much of our personal data has been collected, and which agencies have access it to it.
    2. We must have rights to transparent security institution oversight. Parliamentary and legal procedures must be in place to ensure that all searches of such data require strictly evidenced belief that a search is necessary, that searches are narrowly targeted, and that citizens have methods to access the details of such proceedings.
    3. We must have rights to meaningful checks and responses to abuses. If there is any kind of problem with the use or integrity of data in such systems (such as overreach of searches, searches for non-security/law-enforcement purposes, data breaches) then citizens must have the right to meaningful civil and legal recourse. News website Mashable is currently running a campaign to crowdsource a digital bill of rights.

    Australians should be involved in that because some of our traffic relies on US services and, as such, US laws. Australians should also engage with their political parties and civil society groups, such as Electronic Frontiers Australia (of which I am a board member) and its Citizens Not Suspects campaign.

    With an election looming, now is the time for meaningful action. Whether or not one trusts our government or others, trusts security services/law enforcement or not, or believes that it is or is not reasonable to trade privacy for security, new digital rights to choice, control, and transparency will ensure our civil security.

    John Lenarcic
    Lecturer in Business IT and Logistics at RMIT University

    The genie may already be out of the bottle with respect to privacy. Way back in 1999, the then-CEO of Sun Microsystems Scott McNealy infamously proclaimed:

    “You have zero privacy anyway. Get over it.”

    The social media revolution, while diminishing privacy in some respect to users, made it the salient issue of our era. And the NSA deployment of systems such as XKeyscore has once again brought the security versus privacy debate to the fore. But security and privacy are needs that co-exist at times in an inverse relationship to each other. If eavesdropping on telecommunications leads to terrorists being nabbed then what’s the hassle, according to the NSA?

    This is a NSA-brand of utilitarianism whereby the ends justifies the means. The strict (or even not so rigid) Kantians among us, though, may gasp in horror at the antics of the NSA if we believe in protecting privacy. Indeed, this is a moral dilemma that is rapidly unfurling before our very eyes. As they say in the classics, life wasn’t meant to be easy …

    James Hamlyn-Harris
    Lecturer in Information & Communication Technologies at Swinburne University of Technology

    We can infer from the name and the terminology used in the slides that XKeyscore is a search engine which uses search terms and filters to narrow the search field. The more information you give it, the fewer (and more relevant) hits will be returned.

    Rather than returning a specific result, it will return a ranked list of results (ranked by “keyscore”) depending on how many search terms and filters matched each searched entry.

    This means that searching for an email address (mostly unique) will return a very relevant list of entries, but searching a set of vague search terms or filters (such as traffic on this domain, between these dates, containing these words send by this user agent, or browser, with these plug-ins) will return a big list of hits ranked by relevance. A human will look at the results and make judgements about which results are useful or actionable.

    Further reading:
    For The Conversation’s coverage on the NSA leaks and their aftermath, click here. This article was originally published at The Conversation. Read the original article.

    The Conversation

    Print Friendly


    You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    1. Claire Bridges
      Posted 02/08/2013 at 2:07 pm | Permalink |

      As we contemplate the liberty-for-security bargain we’re being offered by our governments, our human brains are wired to make a terrible miscalculation:
      –>”This is Your Brain on Terrorism” http://bit.ly/162DtWE

      • BuildFTTP
        Posted 02/08/2013 at 7:19 pm | Permalink |

        Very good peice. I particularly like this part:
        “Just how small is the terror threat? Consider your annual odds of perishing by terror compared to two alternatives:

        Dying in a car accident: 1 in 19,000
        Dying in a bathtub: 1 in 800,000
        Dying in a terror attack: 1 in 3.5 million

        With bathtubs posing a substantially greater danger than terrorists, why are politicians silent on this menace? Why don’t they accuse rivals of being “weak on bathtubs”? Where are the recurring TV news segments? Why is there no Bureau of Bathtub Security with a $4 billion headquarters and an accompanying array of intrusive, government-mandated safety measures?”

  • Get our weekly newsletter

    All our stories, just one email a week.

    Email address:

    Follow us on social media

    Use your RSS reader to subscribe to our articles feed or to our comments feed.

  • Enterprise IT stories

    • Govt blows $14.4m on Windows XP, Server 2003 support nadella-1

      The Federal Government has paid Microsoft more than $14.4 million for custom support of the outdated Windows XP and Windows Server 2003 operating systems, in a costly move which further demonstrates the extreme cost of running operating systems which are no longer formally supported by their vendors.

    • [ad] Tatts Group optimises business performance with StruxureWare software schneider

      Tatts Group is one of Australia’s largest lottery and gaming companies, operating the majority of lotteries within Australia, as well as wagering, telephone betting and online transactions. Their online transactions make them one of the highest trafficked sites in the country.

    • Legacy health software lands SA Govt in court doctor

      In which the South Australian Government comes up with complex legal arguments as to why it should be able to continue to use a 1980’s software package.

    • Microsoft wants to win you back with Windows 10 windows-10

      The latest version of Microsoft’s Windows operating system will begin rolling out from Wednesday (July 29). And remarkably, Windows 10 will be offered as a free upgrade to those users who already have Windows 7 and 8.1 installed.

    • Qld Govt Depts have no disaster recovery plan brisvegas2

      Two sizable Queensland Government departments have no central disaster recovery plan, the state’s Auditor-General has found, despite the region’s ongoing struggles with extreme weather conditions that have previously knocked out telecommunications and data centre infrastructure.

    • ASD releases Windows 8 hardening guide windows-8-1

      The Australian Signals Directorate appears to have released a guide to hardening Microsoft’s Windows 8 operating system, three years after the software was released for use by corporate customers, and as Microsoft is slated to release its next upgrade, Windows 10.

    • ASG picks up $35m CIMIC IT services deal money

      Perth-headquartered IT services group ASG this week revealed it had picked up a deal worth at least $35 million over five years with CIMIC Group — the massive construction and contracting group previously known as Leighton Holdings.

  • News, Policy + Politics - Aug 4, 2015 16:12 - 16 Comments

    Turnbull revises history on NBN satellite demand

    More In Policy + Politics

    Enterprise IT, News - Aug 3, 2015 16:03 - 4 Comments

    Govt blows $14.4m on Windows XP, Server 2003 support

    More In Enterprise IT

    Industry, News - Aug 4, 2015 16:52 - 1 Comment

    Posse group picks up $5m in funding

    More In Industry

    Consumer Tech, News - Jul 29, 2015 17:14 - 11 Comments

    Telstra integrates Netflix, Stan, Presto into re-badged Roku box

    More In Consumer Tech