March 04, 2005

NSA gets data mined - not the right crowd to steal a payment system from

I'm jacking into net in some random office in downtown Vienna, and I'm introduced to the payment-system-in-a-jar. Paper and tokens and IOUs thrown in a big vase serves to manage coordination on an office wide scale of coffee, beer and juice. For my talk on community currencies I thought this would make a great example of a payment system on a local basis, so I lifted the entire thing, and carried the 40cm high jar, money, tokens, and paper included to the presentation.

This payment system (as I presented) can be stolen. It can be broken. Nice good Internet ones don't have that problem. It was a nice example, it worked and my audience enjoyed the huge jar of purloined coffee money. But as I walked back to the office I wondered whether they'd mind me purloining their payment system.

I needn't have worried. There was a party in progress, the local technical community was in a happy mood. As I pulled the huge jar out of my laptop bag, luckily unbroken, there were smiles and laughter, and I had to explain what I wanted it for.

And then, as I was explaining, I detected a complete lack of interest... with austrian lingo and one word sneaking through repeatedly: NSA. After some confusion, I found out that I was at the post-success party of the group that had just data mined the NSA.

How this happened was gathered in scattered conversations slipped between explanations of payment systems and crypto cert systems. People had signed up for a semi-secret mailing list, and when the archives were put online, they'd been downloaded. Now they're up online in some fashion, and there is discussion on what to do next. The next phases were explained ... but in some sense this was subject to change, so I'll skip that part.

It looks like the NSA made a few mistakes in migration of internal forums to external availability. That's not a bad thing; but they left a lot of internal stuff in the archives. Also, it looks to me like the stories that are being discussed are really a bad use of secrecy - the sort of political manouvering that was discovered on the lists should not have been secret, but subject to public review. It is after all the money of the taxpayer that is being abused in this debate.

The one story I did hear was a bureaucratic fight among the FBI, NSA and the Brits over who gets to set the biometrics standard. According to the mail list, the FBI is based on fingerprints so they want that. The NSA loves voice recognition, so that's their baby. But the Brits are all hot on iris recognition and they have the world wide patent.

Good one guys - this is the sort of debate that really needs to be conducted in the open, not under secrecy. We follow with interest, and now, I must go use the local payment system again to mine some more beers.

Posted by iang at March 4, 2005 08:01 PM | TrackBack

Secret should come first last and always, but having failed this test maybe there are other reasons. So the unofficial line was followed rather than the official as to what should be availible and what should not be availible. Perhaps with all eyes glued to the mistakes the real effort has been won. Like Iraq this mistake focused attention on an area that can be considered a throw away set of information creating a center or vortex to drain the enemies resources by focusing them on an unimportant target. The enemy is now identified and it resources can be checked and probed and this provides a means of examining ones own shortcomings and improvements made. Reverse engineering a fake piece of information is a mistake in the spy versus spy game. Perhaps they have agreed upon brain waves and failed to leave a trail or some other form of id? In the end the whole thing might be presented to flush the prey into the open and locate enemies or potential enemies. The Spy versus Spy goes on yet there is no end to terror. I suspect even after an id system is established that the real work of documenting by id will remain undone. These are government employees a form of parasite that care nothing for what works. The security/intellegence world is different from the military in that one really has to produce results for all the failures of the super powers s/i in the end it is the military that pays the price a very high one at that. So there is the political plus the s/i equal military lives. The score can be easily observed the greater the number of ml is a function of the failures of p+s/i. In the end it is our lives embroiled in this debacle of standards since failure to id will eventually allow for any group of distatisfied reactionaries to hold us hostage. Why bother since we are already held hostage by government employees leaving secret information for all to see. Since none of the political entities and their s/i folks really cares about us they have no need to account for the ml. This has nothing to do with super powers most governments act as if the lives of their people where capital to be spent to purchase their ideals or comfort. A private secret id method to id friend or foe needs to be determined. The early Catholics developed secret codes to determine meeting places and friends. The id must determine the heart of the entity not just vital stats. If the classification based on id is not coordinated with a gathering method it is all hot air. Since small groups of interested parties are revealing the short comings perhaps the id determining should go to them as well. Since government employees have already failed the secret test how can we trust them to determine the id issue. Terror is special and different from SPY versus SPY and should not be left to the agencies that have so strictly determined their mandate as to avoid providing security and intel prompting a military lives scenario. The need to determine a state based terror takes too much time labeling an axis of evil is slow. Creating an overall id system is slow and mandates a slower process to back fill the data to establish potential terrorist. I think these little mistakes might be the attempt to create vortexes of potential targets kind of like baiting the trail for deer. Of course this failure could mean a dark age of government induced failure arrival as if 9/11 were not enough. So small secret groups that work to form their own ids to determine friend or foe is the answer a monastry of civilized activity against the failed government and invading hordes of terror.

Posted by: Jimbo at March 5, 2005 07:48 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.