Original image

Is the Government Reading Your Email?

Original image

The National Security Agency is the primary cryptographic and signals-intelligence agency of the United States. To spy on foreign communications, it operates data collection platforms in more than 50 countries and uses airplanes and submarines, ships and satellites, specially modified trucks, and cleverly disguised antennas. It has managed to break the cryptographic systems of most of its targets and prides itself on sending first-rate product to the president of the United States.

Inside the United States, the NSA’s collection is regulated by the Foreign Intelligence Surveillance Act, passed in 1978 to provide a legal framework for intercepting communications related to foreign intelligence or terrorism where one party is inside the United States and might be considered a “U.S. person.”

Three bits of terminology: The NSA “collects on” someone, with the preposition indicating the broad scope of the verb. Think of a rake pushing leaves into a bin. The NSA intercepts a very small percentage of the communications it collects. At the NSA, to “intercept” is to introduce to the collection process an analyst, who examines a leaf that has appeared in his or her computer bin. (An analyst could use computer software to assist here, but the basic distinction the NSA makes is that the actual interception requires intent and specificity on behalf of the interceptor.) A “U.S. person” refers to a U.S. citizen, a legal resident of the United States, or a corporation or business legally chartered inside the United States.

So the big question everyone wonders is: does the NSA read my e-mail? Based on the public statements of the former director of the National Security Agency, Justice Department attorneys, and others involved in NSA operations—as well as confidential information provided to the authors and verified independently by officials read in to the programs—here is how to tell if the NSA spies on you:

1. If you regularly call people in Afghanistan, Pakistan, or Yemen, your telephone records have probably passed through an NSA computer. Most likely, however, if you’ve been calling rug merchants or relatives, no one at the NSA knew your name. (A computer program sanitizes the actual identifying information.) Depending on the time, date, location, and contextual factors related to the call, a record may not have been created.

2. If you’ve sent an e-mail from an IP address that has been used by bad guys in the past (IP addresses can be spoofed), your e-mail’s metadata—the hidden directions that tell the Internet where to send it (that is, the To and From lines, the subject line, the length, and the type of e-mail) probably passed through a server. The chances of an analyst or a computer actually reading the content of an e-mail are very slim.

3. If you are or were a lawyer for someone formally accused of terrorism, there is a good chance that the NSA has or had—but could not or cannot access (at least not anymore)—your telephone billing records. (N.B.: A Senate Select Committee on Intelligence report notes that the FISA Amendments Act does not require material erroneously collected to be destroyed.)

4. If you work for a member of the “Defense Industrial Base” on sensitive projects and your company uses Verizon and AT&T, your e-mail has likely been screened by NSA computers for malware.

5. Before 2007, if you, as an American citizen, worked overseas in or near a war zone, there is a small chance that you were “collected on” by a civilian NSA analyst or a member of the NSA’s Central Security Service (the name given to the military service elements that make up a large part of the NSA’s workforce).

6. If you, from September 2001 to roughly April 2004, called or sent e-mail to or from regions associated with terrorism and used American Internet companies to do so, your transaction records (again, without identifying information) were likely collected by your telecommunications company and passed to the NSA. The records were then analyzed, and there is a tiny chance that a person or a computer read them or sampled them. The NSA would ask telecommunications companies for tranches of data that correlated to particular communities of interest, and then used a variety of classified and unclassified techniques to predict, based on their analysis, who was likely to be associated with terrorism. This determination required at least one additional and independent extraneous piece of evidence.

7. There is a chance that the NSA passed this data to the FBI for further investigation. There is a small chance that the FBI acted on this information.

8. If you define “collection” in the broadest sense possible, there is a good chance that if the NSA wanted to obtain your transactional information in real time and knew your direct identity (or had a rough idea of who you are), they can do so, provided that they can prove to a FISA judge within seventy-two hours that there is probable cause to believe you are a terrorist or associated with a terrorist organization.

9. If the NSA receives permission from a judge to collect on a corporation or a charity that may be associated with terrorism, and your company, which is entirely separate from the organization in question, happens to share a location with it (either because you’re in the same building or have contracted with the company to share Internet services), there is a chance that the NSA incidentally collects your work e-mail and phone calls. It is very hard for the agency to map IP addresses to their physical locations and to completely segregate parts of corporate telephone networks. When this happens, Congress and the Justice Department are notified, and an NSA internal compliance unit makes a record of the “overcollect.”

10. If any of your communications were accidentally or incidentally collected by the NSA, they probably still exist somewhere, subject to classified minimization requirements. (The main NSA signals-intelligence database is code-named PINWALE.) This is the case even after certain collection activities became illegal with the passage of the 2007 FISA Amendments Act, the governing framework for domestic collection. The act does not require the NSA to destroy the data.

11. If you are of Arab descent and attend a mosque whose imam was linked through degrees of association with Islamic charities considered to be supporters of terrorism, NSA computers probably analyzed metadata from your telephone communications and e-mail.

12. Your data might have been intercepted or collected by Russia, China, or Israel if you traveled to those countries. The FBI has quietly found and removed transmitters from several Washington, D.C.–area cell phone towers that fed all data to wire rooms at foreign embassies.

13. The chances, if you are not a criminal or a terrorist, that an analyst at the NSA listened to one of your telephone conversations or read one of your e-mail messages are infinitesimally small given the technological challenges associated with the program, not to mention the lack of manpower available to sort through your irrelevant communications. If an unintentional collection occurred (an overcollect), it would be deleted and not stored in any database.

What safeguards exist today?

From what we could figure out, only three dozen or so people inside the NSA have the authority to read the content of FISA-derived material, all of which is now subject to a warrant. Can the NSA share FISA product on U.S. persons with other countries? By law it cannot and does not. (The FBI can, and does.) What is the size of the compliance staff that monitors domestic collection? Four or five people, depending on the budget cycle. How many people outside the NSA are privy to the full details of the program? More than one thousand. How can you find out if you’ve been accidentally or incidentally surveilled? You can’t. You can sue, but the government will invoke a state secrets privilege, and judges will probably agree—even when you can prove without any secret evidence that there is probable cause to believe that you were surveilled.

The NSA’s general counsel’s office regularly reviews the “target folders”—the identities of those under surveillance—to make sure the program complied with the instruction to surveil those reasonably assumed to have connections to al-Qaeda. They do this by sampling a number of the folders at random. How do we know the program isn’t expanding right now, pushing the boundaries of legality, spying not just on suspected terrorists but on American dissidents? We don’t. But if it is, and over a thousand people are involved, how much longer can that secret last?

Adapted from Deep State: Inside the Government Secrecy Industry, by Marc Ambinder and D.B. Grady. Grady is a regular contributor to mental_floss.

Original image
iStock // Ekaterina Minaeva
Man Buys Two Metric Tons of LEGO Bricks; Sorts Them Via Machine Learning
Original image
iStock // Ekaterina Minaeva

Jacques Mattheij made a small, but awesome, mistake. He went on eBay one evening and bid on a bunch of bulk LEGO brick auctions, then went to sleep. Upon waking, he discovered that he was the high bidder on many, and was now the proud owner of two tons of LEGO bricks. (This is about 4400 pounds.) He wrote, "[L]esson 1: if you win almost all bids you are bidding too high."

Mattheij had noticed that bulk, unsorted bricks sell for something like €10/kilogram, whereas sets are roughly €40/kg and rare parts go for up to €100/kg. Much of the value of the bricks is in their sorting. If he could reduce the entropy of these bins of unsorted bricks, he could make a tidy profit. While many people do this work by hand, the problem is enormous—just the kind of challenge for a computer. Mattheij writes:

There are 38000+ shapes and there are 100+ possible shades of color (you can roughly tell how old someone is by asking them what lego colors they remember from their youth).

In the following months, Mattheij built a proof-of-concept sorting system using, of course, LEGO. He broke the problem down into a series of sub-problems (including "feeding LEGO reliably from a hopper is surprisingly hard," one of those facts of nature that will stymie even the best system design). After tinkering with the prototype at length, he expanded the system to a surprisingly complex system of conveyer belts (powered by a home treadmill), various pieces of cabinetry, and "copious quantities of crazy glue."

Here's a video showing the current system running at low speed:

The key part of the system was running the bricks past a camera paired with a computer running a neural net-based image classifier. That allows the computer (when sufficiently trained on brick images) to recognize bricks and thus categorize them by color, shape, or other parameters. Remember that as bricks pass by, they can be in any orientation, can be dirty, can even be stuck to other pieces. So having a flexible software system is key to recognizing—in a fraction of a second—what a given brick is, in order to sort it out. When a match is found, a jet of compressed air pops the piece off the conveyer belt and into a waiting bin.

After much experimentation, Mattheij rewrote the software (several times in fact) to accomplish a variety of basic tasks. At its core, the system takes images from a webcam and feeds them to a neural network to do the classification. Of course, the neural net needs to be "trained" by showing it lots of images, and telling it what those images represent. Mattheij's breakthrough was allowing the machine to effectively train itself, with guidance: Running pieces through allows the system to take its own photos, make a guess, and build on that guess. As long as Mattheij corrects the incorrect guesses, he ends up with a decent (and self-reinforcing) corpus of training data. As the machine continues running, it can rack up more training, allowing it to recognize a broad variety of pieces on the fly.

Here's another video, focusing on how the pieces move on conveyer belts (running at slow speed so puny humans can follow). You can also see the air jets in action:

In an email interview, Mattheij told Mental Floss that the system currently sorts LEGO bricks into more than 50 categories. It can also be run in a color-sorting mode to bin the parts across 12 color groups. (Thus at present you'd likely do a two-pass sort on the bricks: once for shape, then a separate pass for color.) He continues to refine the system, with a focus on making its recognition abilities faster. At some point down the line, he plans to make the software portion open source. You're on your own as far as building conveyer belts, bins, and so forth.

Check out Mattheij's writeup in two parts for more information. It starts with an overview of the story, followed up with a deep dive on the software. He's also tweeting about the project (among other things). And if you look around a bit, you'll find bulk LEGO brick auctions online—it's definitely a thing!

Original image
Here's How to Change Your Name on Facebook
Original image

Whether you want to change your legal name, adopt a new nickname, or simply reinvent your online persona, it's helpful to know the process of resetting your name on Facebook. The social media site isn't a fan of fake accounts, and as a result changing your name is a little more complicated than updating your profile picture or relationship status. Luckily, Daily Dot laid out the steps.

Start by going to the blue bar at the top of the page in desktop view and clicking the down arrow to the far right. From here, go to Settings. This should take you to the General Account Settings page. Find your name as it appears on your profile and click the Edit link to the right of it. Now, you can input your preferred first and last name, and if you’d like, your middle name.

The steps are similar in Facebook mobile. To find Settings, tap the More option in the bottom right corner. Go to Account Settings, then General, then hit your name to change it.

Whatever you type should adhere to Facebook's guidelines, which prohibit symbols, numbers, unusual capitalization, and honorifics like Mr., Ms., and Dr. Before landing on a name, make sure you’re ready to commit to it: Facebook won’t let you update it again for 60 days. If you aren’t happy with these restrictions, adding a secondary name or a name pronunciation might better suit your needs. You can do this by going to the Details About You heading under the About page of your profile.

[h/t Daily Dot]