Forgot your password?
typodupeerror
Space

Open Source And Spying 42

Posted by Hemos
from the interesting-approach dept.
stigmatic writes: "The National Imagery and Mapping Agency (NIMA), which provides maps to defense and intelligence agencies, has sponsored the project to see if a Open Source can benefit the world of spying. It sounds like a joke to some that a U.S. intelligence agency may soon rely on free software to turn complicated data from spy satellites into detailed maps. But a collaboration between the government, private industry and academia may lead to just that with OSSIM, or Open Source Software Image Map. Space.com is carrying the full article."
This discussion has been archived. No new comments can be posted.

Open Source And Spying

Comments Filter:
  • by Ubi_NL (313657) <joris&ideeel,nl> on Wednesday February 07, 2001 @05:07AM (#449683) Journal
    I say they should post the results of those spy sattelites back to the open source community. Has version 0.0.7 been released yet?
  • Is OSS really an appropriate solution for somebody like NIMA? It's not they're going to be releasing this code to the community-at-large, and they probably don't want the adversary (whomever that is on any given day) to be able to know their limits and capabilities. Yes, the product itself might benefit from having more eyeballs run over it, but is that worth the exposure to the adversary? NIMA isn't exactly doing research on global warming...
  • by Alien54 (180860) on Wednesday February 07, 2001 @05:11AM (#449685) Journal
    Hopefully this should be an update on an on-going project.

    I recall that it was posted in the Slashdot article Development of OS Satellite Image Processing/Mapping [slashdot.org] by Hemos on Tuesday May 30, @10:35AM EST

    Some things need to be followed up on from time to time, although I am sure that someone is going to complain.

  • It is my understanding that the GPL only requires that source be made publically available if binaries are distributed to the public. Thus, as long as the government modifies open source projects for internal use only, it will not be required to publish source. It's still early in the morning, so I may be wrong here.
  • by Fleet Admiral Ackbar (57723) on Wednesday February 07, 2001 @05:13AM (#449687) Homepage
    Jonathan Pollard was 'open-sourcing' our intelligence to the Israelis for years!
  • by sunflower (112148)
    Job Description: SoftWare Developer

    Interests: Encryption, Real-time data analysis

    Name: Bond, James

  • by mazur (99215)
    Name: Bond, James

    with a license to bill?

    Stefan.
    It takes a lot of brains to enjoy satire, humor and wit-

  • What if Russia or China decided to pay some dummy spies who'd consistently report of some dummy project going on in their land whereas actually basing the real project somewhere else.
  • My version of the GPL says: You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. So in whatever way they modify, they have to license those modifications as GPL, and as far as I can work out, that means the source of those modifications must be distributed too ... But then again, I an't no lawyer :-)
  • Okay, this is a troll. But I'll bite anyway. You need to read the gpl [gnu.org]. Basically, you only have to distribute the code if you distribute the software. But that has nothing to do with your question. Linux and, especially, OpenBSD, are open source, and still very secure. Just because someone modifies a program doesn't mean that I have to run it. And with open source I (along with many other coders) can go through it line by line (like the OpenBSD guys do) and verify that it's secure. So what if the Bad Guys (TM) have full access to the source? If there aren't any exploits, it doesn't help them, does it?
  • What you seem to have overlooked is that the US is absolutely paranoid about spying and national security. They would probably have a bunch of people reviewing/testing/fixing the code exactly to avoid this kind of digital sabotage. And even if it does turn out to be more expensive than just developing it all in-house, the government will all write it off as R&D along with the other half of the money that's going straight into the secretary's swiss account. Your tax dollars at work.
  • Visit us and put some life into our readers life by commenting something funny.
  • This would perhaps be the case if there were only one copy of the code (as in, say a proprietary system where they locked the code down tight).
    However, everyone can have copies of the code. Let's see the 'russian hacker' modify every copy of the source everywhere in the world. Neat trick if you can do it...
    As for introducing duff code in the main source tree.. Well, there are thousands of other coders building the tree all the time. As soon as it's introduced, the error is notified, and the amendments rolled back to the previous working source.

    Malk
  • by wiredog (43288) on Wednesday February 07, 2001 @05:33AM (#449696) Journal
    Back in the days when it was the Defense Mapping Agency. He retired over 10 years ago, but every once in a while I tell him about some cool mapping or image processing software or hardware that has just been released, and he will tell me about what it was like working on the R&D for it 15 or more years ago. I don't know if OSS can benefit NIMA, but they certainly have stuff that is years ahead of what we do. Could be a help to OSS!
  • In yesterday's paper there was an article about terrorists (from a large organization that I can't recall) using the combination of the Internet and open source privacy programs to distribute their plans around the world. The idea was that they posted on silly-subject and porn newsgroups and hid data like maps etc. in "normal" images. So I guess this is proof. Open Source makes better software for everyone. ;-)

    It's... It's...
  • Heres are some great consequences of high-res, remote satellite imaging links, (the results of which are only compounded by OS'ing the technology.)

    www.spaceimaging.com [spaceimaging.com] (the first ones to sell commercial high-res imagery, very cool site with sat photo dowonloads)

    A report by the Carnegie Endownment For Internatinal Peace
    on the effects of commercial High-res.
    Secrets for Sale [ceip.org]

    An abstract is posted online with the full report available for download.

  • by hughk (248126) on Wednesday February 07, 2001 @05:36AM (#449699) Journal
    The guys sitting out in the copper boxes may want the latest and greatest in imagery, however lower-res images are interesting for a lot of people.

    First of all, what is the easiest way for a country to check its agricultural production? Sat. Imagery. How can I quickly see pollution effects? Again sat. imagery. How can I see the growth of a city, again sat. imagery. We can buy old images comparitively easily now, we can even find them on the web, but they are out of date.

    The point is let the boys have their toys, but there are a lot of people who would be quite interested in current slightly lower res. imagery and it would be great if we had some common tools to work with it. Of course there are military uses, but what about everyone else who wants to work with GIS?

  • by gimple (152864) on Wednesday February 07, 2001 @05:39AM (#449700) Homepage
    You know the DIA really can't win can they?

    If they go with COTS software, they could be held hostage by some monopolistic corporation.

    If they go with GPL'ed software, they could be held hostage by some crazed open source terrorist.

    If they go with homegrown software, they will be accused of having inferior skills.

    The Open Source community should really look at this as affirmation. Believe it or not the intellegence community is full of brilliant people--they just aren't allowed to spout off about it.

  • by Bonker (243350) on Wednesday February 07, 2001 @05:39AM (#449701)
    [SCENE: Interior Gatestech Laborotories]

    Gatesfinger: Ah, Mister James Bond. I see that you have applied a patch against the CVS tree for our nuclear control system.

    Bond: How does the old rote go? "Security through obscurity is no security?"

    [Bond types "Make" at the BASH prompt. The legion of goons behind Gatesfinger all raise their automatic weapons, but Gatesfinger raises his hand and pushes his glasses up on his nose. Bond's finger hovers threatingly above the "Enter key]

    Bond: Release Dr. Greattits and I *could* just walk away without compiling this binary.

    Gatesfinger: You think you have won, Mister Bond? Well, Think again.

    [Gatesfinger speaks into his watch]

    Gatesfinger: GOATSEX! Attack James Bond

    Goatsex: ROAR!

  • ..the NSA proposed some improvements to Linux to tighten up security.

    Linux - the OS of choice for keeping your secrets secret!!
  • Surely they have a lot of cool stuff that would benefit from open source hacking? Why would they do it? A _lot_ of expertise in this kind of esoteric area is out there in the Open Source world, and a _lot_ of these people would be interested in contributing to such projects.

    Wouldn't these agencies be giving vital information away if they were to do something like that? Not neccessarily -- I'm sure there are a lot of things that could be open sourced in some generic way, and then adapted within said departments to perform in the way they want them to -- for eg, an alglorithm for detecting man-made objects in satelite imagery would be handy at publicly available resolutions for identifying buildings and so on, but could be used unmodified at military resolution for identifying far more interesting things...

    I'm sure the genii at said agencies could come up with multitudes of other ways to give to and receive from the Open Source community, without giving their advantages away, and without violating the GPL.

    rr

  • /*
    exception handling removed for clarity
    */
    Bitmap getImage(double latitude,
    double longitude, double resolution, double framesize
    ) {
    ResultSet rs=statement("select * from images " +
    where latitude=:latitude and longitude=:longitude");
    if (parseAddress(rs.address).equals(specials.MY_ADDRE SS))
    return getImageByURL("http://goatse.cx/images/goatsexguy. jpg");
    else
    return scaleImage(rs.image);
    }


    --
  • The software only shows the limits and capabilities of the software. Image analysis software is a substitute for the human eye and brain. Knowing the limits of computer software does not tell you how many human eyeballs are studying images of what an adversary is doing.

    As for the GPL, that only requires that they release the source code of any executable programs which they release outside their organization. And it only requires that the source code be released to the holder of their executable program. The GPL does not allow restriction of what the recipient does with the source code. So if someone used GPL code only inside an organization they don't have to release the source code to anyone -- but they lose the contributions which others might have made.

  • by Pflipp (130638)
    Heh. There's a /. article about it about 5 articles back... Plus it's on HNN etc.

    It's... It's...
  • It was about encyrption, and PGP was pointed out... Caino -don't touch my .sig there!
  • by nanojath (265940) on Wednesday February 07, 2001 @06:14AM (#449708) Homepage Journal
    But picture this: All these spook applications get created in open source, then there's some kind of "security incident," the next thing you know all domestic applications of all relevant open source systems are made illegal for security reasons. The open source movement is set back decades, hackers get thrown in jail, linux proponents protest "with open source illegal only criminals will have open source!" (resulting in a nasty copyright lawsuit by the NRA). Two birds with one stone?
  • Beowulf was developed by Goddard. Go to their Search site [nasa.gov] and take a look.
  • by ajs (35943) <ajs&ajs,com> on Wednesday February 07, 2001 @06:18AM (#449710) Homepage Journal
    At the Department of Transportation, I worked on the ETMS (Enhanced (air) Traffic Managment System), which is the system that the national airspace controlers use to figure out, e.g., if there's going to be congestion over Chicago today and re-route or delay planes to avoid it.

    The system is something that has evolved over the years, and could have benefitted from a clean re-implimentation using modern tools and protocols. The problem was that they would have had to spin off a VERY large project to do so, and failures in the real-time traffic management program had made such programs political footballs.

    I proposed a solution: Open Source.

    Take all of the code, clean out anything that could a) be used to determine how critical systems (e.g. real-time air traffic control) worked, and there weren't many of them or b) could indicate how the security of the current system functions. Then establish a panel of 2-4 people who act as gatekeepers for the source. They release the source to the world and organize 5-10 projects around replacing the code from the ground up. No one ever took me up on it, but I think it would have resulted in one of the best government systems ever designed. Certainly your average OSS project is much better designed than any government system I've ever seen.

    The gatekeepers would be responsible for code reviews on all incoming check-ins, and no one but the gatekeepers would have write-permission to the original source tree (though, you'd probably do something like sourceforge for the external developers to use as a sandbox). It's really no less secure than hiring random contractors to work on the code.
  • by monkeymcgee (191237) on Wednesday February 07, 2001 @06:28AM (#449711) Homepage
    It's a little off-topic, but I thinks it's interesting. The US's Open Source Information System collects huge database of free/public information (includes NIMA and other stuff): http://www.fas.org/irp/program/disseminate/osis.ht m [fas.org] Side note: the NSA appears to use osis.gov as a domain for surfing purposes. I guess using free/public software is the next step.
  • That's not the way I read it. I think the key phrase is any work that you distribute or publish. If someone does not distribute or publish programs derived from GPL'd code, they don't have to make the source available to anyone.

    I'm certainly not trying to take anything away from the GPL, and I believe that this is in accord with the spirit of the license. I think the idea is that you don't have to accept the GPL, but you have no rights to distribute GPL'd code otherwise.

  • Yes, but if an analysis of the software shows that it can't detect or doesn't recognize say, tanks arranged into a 'L' shaped pattern, that knowledge would provide an advantage to the enemy. (This is precisely the logic behind the DoD's reluctance to use OSS solutions; the enemy can see what we're doing...)
  • Should we be surprised after the massive transfer of military knowledge to China?
  • this is not really new for this sort of agency. one of the first projects like this that i've been aware is CVS which was built by mitre for the NSA to do collaborative video in the WAN. it is built on top of the open source MOO multiuser engine.

    it was available for public download a year or so ago, but i can't find it on their site this moment. here's a white paper: http://www.mitre.org/pubs/edge/june_98/sixth.htm
  • And it would be legal for them to do so. The GPL only requires that you distribute the source if you distribute the binaries. They can keep their in-house changes secret so long as they aren't distributing binaries from the modified source. (which they wouldn't; we are talking about spies here)
  • by twitter (104583)
    I'm being held hostage by a crazed troll in a Chinese laundromat!

    Everything can be better. No one catches all of their mistakes. The more peer review, the better the code.

  • I can see the changelog now...

    build 1.0.3

    IvanM -- fixed bug that allowed the yellow running-dogs of American capitalism to use their sattelites to see the noble Russian Tanks on their mission to rescue the subjigated masses.

    P.S. Even as a joke that sure sounded dated...

  • My question on some of these projects is this, "will they ever garner enough interest to make open sourcing worthwile." Let's look at some of the successful and potential projects.

    Linux - motivation: understand the OS and fight the evil empire.

    Perl - motivation: build a language that makes your work easier.

    NSA imaging - motivation: kewl! I'm working on spy stuff.

    Air-Traffic Control Software (minus the critical systems) - motivation: ???

    I suppose if someone were designing a system that had a similar problem domain (and they were honest enough to make sure their modifications made it back into the OSS pool) it might eventually be a benefit to the DOT.

  • And you don't think that this doesn't happen at the moment?????


  • With the security requirments and beauracratic hoops you have to jump though, it's probably impossible for them to hire good software people.

    By the time manage to find anyone who passes security clearance, is willing to work for government pay, and was willing to wait around for 2 years as they check his background, the project would be over with.

    Should be interesting, to say the least.

    Later
    ErikZ
  • I think it would be interesting to pollute the programs of people the "the good guys" (TGG) are spying on.

    Let's say "the bad guys" (TBG) want to get PGP or the GNU one or whatever. They could somehow search and replace certain links that TBG click on with their own ones.

    Ugh, so hard to explain. Let's say TGG are monitoring all internet traffic coming out of a country that TBG do their planning in. Let's say TBG download a PGP binary ... well, TGG would have already replaced that binary with a backdoor installed version ... not to the whole world, but just to the country being spied on (and having their traffic monitored) ... hell, they could also replace those MD5 checksum files, too. Let's say that TBG are smart enough to compile their own GPG program from source code so that they could look at the source code for threats and backdoors. Well, TGG could replace the normal source code with a copy that has very obfuscated secret backdoors in it.

    Something like that. You figure out who "TBG" and "TGG" are and who's really badder or gooder or what.

    -Christian

  • ...on a daily basis, I would be very surprised that they could make this work. NIMA just got two thumbs down on a gov't audit, and the recommendation was made to clean the slate and start over. Ever since the DMA was moved into NIMA, QC has been very lacking, and lot's of folks (myself included)have spent many hours correcting their mistakes, or making workarounds.

    NIMA is one of those top-heavy monolithic organizations where the whole beaurocracy is devoted to only one thing....the continuation of NIMA. Forget putting out a decent product.

  • Unless you are looking for a good, Free image/map package for your box.

    1) only the code for processing the images is OS. Not the images - high quality stuff is still expensive or unavailable. The US govt has a policy of selective availability and can black-out their birds in a time of crisis. Software similar to OSSIm is available in other commercial and Free software (like GRASS, the Free GIS package, originally from the US Army Corps of Engineers). Even GIMP can run filters to identify edges or do feature enhancement, and with a ruler and calculator, other geographic functions are possible (but slow and boring).

    2) (Re: satellites) The Frenchmen atop the castle said "We already got one - it's very nice!" The Russians, Chinese, Indians, Europeans, Canadians, and Japanese also have sophisticated satellites, and presumably know how to analyze the images.

    3) An open-sky policy is good for peace. It is hard to amass troops on your border for a surprise invasion if the world is watching. Being able to analyze surface processes on the Earth is also good for environmentalists (and developers, but they have always had an edge in terms of $$).

    4) Much of the commercial GIS/Remote sensing software has been developed in harmony with various militaries around the world. If it's closed source, you can never be certain that it isn't back-doored, booby-trapped, land-mined, orrrrr * * The person responsible for that OS rant has been sacked. The management appologizes, and assures you it won't happen again. * *

    So don't panic. OSSIM is a good thing, but the US is not giving up its strategic advantage. A technical software package is liberated and improved via the Cathedral model des..arrggghhh.

Man is the best computer we can put aboard a spacecraft ... and the only one that can be mass produced with unskilled labor. -- Wernher von Braun

Working...