Craig: I think it was a red herring last night, but as an issue it probably needs to be taken in the context of the entire rest of the dotcom case, trying to explain it on 15sec sound bites on TV during an election is not the way to address it. It's hard enough to do the GCSB thing 1 week out from the election (personally I'd have started it a week earlier) - because this election is about John Key and his veracity, not Dotcom's (he's not even running for office)
you can tap fibre leads by simply bending them
and collecting the light that doesn’t reflect...
Who knew light cornered so badly?
What happens to the data totality?
Do they just capture the particle,
and the full wave carries on?
Information isn't holographic at that point is it?
I thought it was still basically binary
'on/off, light/dark' at the signal's heart...
<warning recycled pun ahead>
What becomes of the broken data?
Not even Richard Nixon would write something as incriminating or stupid as that.
While I don't know if the e-mail is a fake or not it is unwise to assume that the people purported to write the e-mail are intelligent or act intelligently. There is ample evidence that people can be ridiculously stupid, even people such as senior executives.
Ian: each bit consists of many billions of photons taking half doesn't remove the information carried by the rest.
To be fair the only well know example of how this was done was the prism (probably many prisms) that was installed in the AT&T switch room in San Francisco - it probably did disrupt service when it was done but essentially copies all the information passing through it to a secondary fibre
There is ample evidence that people can be ridiculously stupid, even people such as senior executives.
Prime Ministers even.
I also think that if one feels in control, one doesn't have to worry about what language ,what information is used and who to. I believe Nicky Hager has shown many examples of when emails seem extraordinary and unbelievable even but are true and I believe those in power will say they are fake or forgeries even, Collins , Slug and our PM all come to mind. It's dirty Politics and the U.S of A are the experts
Notice that 'Cortex' was all Ryan would talk about in her 'interview' with Ferguson this morning on RNZ. She never mentioned Speargun even though this was the explicitly stated and presented evidence from Snowden.
I was also disappointed with Ryan. She's capable of conducting much better interviews than this. Ferguson is able to trot out the 'nothing like this happened in my time' line with a straight face, because he left the GCSB in 2010.
Nothing to see here, folks. Movin' right along.
And what did happen to Jason Ede?
What other way would the e-mail be written? Remember Key has basically opened up the shop and said “help yourself”. To the execs eye's he’s bona fide, a 5Eyes player that has the right connections and wants, so desperately, to be part of the gang that he’ll give up all autonomy (and remember, just yesterday Key showed us by releasing the top secret Cortex docs that he regards NZ and it’s people as just a system to reinforce his own personality, especially when under threat) and will conform to any shape the United Corporations of America want.
Crooks do all sorts of incredibly dumb things. They film themselves, incriminate through boasting, get so cocky that they believe they’re hidden in plain sight.
The e-mail may well be real because it is so explicit in its craven glee. Key guaranteed there was no-one home, no-one above the shop. They could steal all the lollys they wanted. He was their new best friend. It was going to be the coolest sleepover ever.
He was their new best friend.
It was going to be the coolest sleepover ever.
Isn't that the premise for Gremlins ?
(or was it Ferris Bueller?)
And just because we don’t like it, doesn’t mean the public at large don’t like it: judging by the (extraordinarily!) blase reaction of many New Zealanders, wholesale metadata scrubbing would probably not be politically controversial.
I can’t believe the public at large would be comfortable with the police recording (as a matter of course) all of their phone conversations, txts, letters, and the details of every trip they took outside their home. We’re talking about the digital equivalent of that. Except it’s worse because it’s not the police, it’s a shadowy government organisation with little or no oversight. I think the problem is that many people don’t quite understand what’s at stake or don’t have the knowledge necessary to judge the conflicting claims.
Isn’t that the premise for Gremlins ?(or was it Ferris Bueller?):- )
Hollywood has them all! Think of any crooked Government anywhere in the world and Hollywood has a movie. Why , TV has The Black list, House of Cards, Person of Interest.Scandal, all the NCIS'es, about it's own lot. Goes to show how creative thems lot are.
Further to a few tweets between you and Dylan Reeve,
I think there's a decent sized clue into the nature of CORTEX when we look at the how Cabinet approached the funding to establish it. The most relevant part is the first cabinet document CAB Min (14) 25/9, which outlines the resources being devoted to CORTEX.
2 Noted that in March 2012, the Cabinet Committee on State Sector Reform and Expenditure Control noted that Budget Ministers had agreed to set aside a tagged contingency of $XXX million over five years, including $XXX million for, capital expenditure, to counter advanced cyber threats ISEC Min. (12) 4/11
3 Noted that in December 2013, the Minister Responsible forthe GCSB wrote to the Minister of Finance with a proposal for use of the tagged contingency referred to above, and that it was agreed that the Government Communications Security Bureau (GCSB) would prepare a business case for the proposal. (project. CORTEX), in accordance with Treasury guidelines;
The cabinet document goes on in the Resourcing section
noted that $XXX million capital and $XXXmillion operating expenditure can be met from GCSB baselines
So a Cortex is a novel system that interrogates every data packet coming into NZ and checks it against a known database of malware in real time. Capex is to be funded from an existed tagged fund, and the operating costs for this standalone total data interception and sniffing are to be absorbed within baseline GCSB funding.
There are only two possible ways for this to be so - 1. Either the GCSB are the most frugal and efficient IT experts in whole of Government and can sniff our whole IT infrastructure with a figurative piece of no8 wire, or 2. CORTEX is relatively cheap to set up and run as it is piggybacking off other GCSB infrastructure.
There is no way that a Government department in the year of our lord 2014 has the spare capacity to build and run a brand-new Intercept and Sniff Everything Program without any distress to an existing budget. It simply isn't credible.
Matt, I would definitely agree with your thinking. Government agencies are universally creaking under the lack of funding, and there is almost no way that whole new capabilities can be absorbed within baselines, unless they can be piggybacked on an existing functionality.
It is worth noting that those redacted figures look to be in the single millions (normal convention is discuss $millions to at least 1 decimal place), not tens of millions. The redacted sections don’t look to be big enough to suggest $10.0million plus, which reinforces your point even further.
devil's advocate: what if the kit is developed by a different source and only needs to be implemented? that would be still be capex, and opex would be BAU for the agency.
There are only two possible ways for this to be so – 1. Either the GCSB are the most frugal and efficient IT experts in whole of Government and can sniff our whole IT infrastructure with a figurative piece of no8 wire, or 2. CORTEX is relatively cheap to set up and run as it is piggybacking off other GCSB infrastructure.
Very good analysis, Matt. And they're good, but they're not that good.
The paper would probably need to discuss the source of the kit, and note the fiscal savings offered by taking that course of action compared with another option. Really it depends on how tightly the PMs bods are held to the normal cabinet office and treasury cabinet paper standards.
Yes. This (from the business case):
41. GCSB is not proposing to procure or develop bespoke systems. No material level of software development is required of GCSB or a second party. The proposal is to procure then integrate capability components already available and tested, [redacted]. The hardware and software components range from widely available commercial-off-the-shelf (COTS) systems, through to single-source COTS, to systems only available through government-to-government agreement. All of the technology has been in use for some time, [redacted].
There are documented cases of routers being intercepted and modified: http://blogs.cisco.com/news/internet-security-necessary-for-global-technology-economy
This proves that tapping the southern cross cable is a serious possibility.
From the latest Herald story by Trevett:
"He defended his decision to release Cabinet papers setting out the so-called 'Speargun' protection, which would have allowed the GCSB to tap into the Southern Cross Cable to monitor cyber traffic to New Zealand. That was scrapped in the middle of last year and instead a more targeted programme was set in place - Cortex - over government departments and some critical companies which agreed to it."
But the papers released by Key don;t mention/refer to Speargun at all, correct?
There’s another issue here too. If Key had declassified and released documents that showed that Speargun never went ahead, or that NZ wasn’t part of X-Keyscore, I would almost accept that as being justified rebuttal of a serious accusation, rather than simply declassification for political ends. But declassifying the Cortex papers as a misdirect IS declassification for political ends, because it doesn't rebut the accusation, it only misdirects.
Also, if something like Speargun were to go ahead, it wouldn’t be described to Cabinet. It might go to the Intelligence and Security Committee, but more likely just to the PM, and it would certainly be classified higher than “Secret”.
devil’s advocate: what if the kit is developed by a different source and only needs to be implemented? that would be still be capex, and opex would be BAU for the agency.
I'm guessing you mean some benign third party develops the kit and donates it to the GCSB? Yeah, right. Actually, I'm not sure what your point is.
I wonder what the Telco's response down under will be?
There are assumptions that any NZ data that may have been witnessed by Snowden must have been collected in NZ (or on its way in or out). However, as I understand it, data that travels internationally becomes subject to the legislation of the land through which it travels or where it is hosted (or at least the delivery and hosting mechanisms of that data does). In the same way that international travellers are subjected to the relevant travel security legislation etc of different countries. And plenty of NZ data travels internationally. So it seems to me if that is the case - vested and political interests and spin aside - entirely plausible that most if not all of the parties involved in this may be telling the truth.
yes the basic assumption here is that they can hack any router (including your home DSL/fibre gateway and your phone company's cell tower) to see the devices located behind it