tag:blogger.com,1999:blog-2620598440410897214.comments2023-07-09T09:38:52.684-04:00Belaboring the ObviousBrad Coxhttp://www.blogger.com/profile/00051961447398492858noreply@blogger.comBlogger26125tag:blogger.com,1999:blog-2620598440410897214.post-56772095068587809422012-04-27T07:12:12.414-04:002012-04-27T07:12:12.414-04:00Schnitz, we've no immediate plans to publish t...Schnitz, we've no immediate plans to publish this more widely. Government (especially contractors) attitude to open source is that its great to use it but not nearly so great to contribute back. Like it or not, that's the reality in this world.Anonymoushttps://www.blogger.com/profile/07709542211770944125noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-75028228938845261492011-07-01T16:48:03.546-04:002011-07-01T16:48:03.546-04:00Is this, or will this be, available outside the Do...Is this, or will this be, available outside the DoD firewall?schnitzhttps://www.blogger.com/profile/07888883649138917956noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-26146939754142256912010-10-20T14:27:46.129-04:002010-10-20T14:27:46.129-04:00Hi,
I recently came across your blog and have bee...Hi,<br /><br />I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. <br /><br />Nice blog. I will keep visiting this blog very often.<br /><br />-<br /><a href="http://pulse.yahoo.com/_K356SKCHOQLHUGUKF2O2QN7PCU/blog/articles/190576?listPage=index&bb=0" rel="nofollow">Delphi Consulting Services</a>Unknownhttps://www.blogger.com/profile/11792734064946339783noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-82679116291157049572009-11-13T07:05:22.918-05:002009-11-13T07:05:22.918-05:00Thanks Kraig; re: the choosing trick, did you see ...Thanks Kraig; re: the choosing trick, did you see http://bradjcox.blogspot.com/2009/04/mud-brick-enterprise-architecture-and.html?Brad Coxhttps://www.blogger.com/profile/00051961447398492858noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-90591678857048943692009-11-12T21:14:16.690-05:002009-11-12T21:14:16.690-05:00Your brick analogy is apt. We charge our employers...Your brick analogy is apt. We charge our employers an enormous amount for building these bricks over and over. Each employer gets a shiny new component, along with its many warts, and owns it outright; and they have no hope of selling it on to anyone else. Nor would they want to in the present world, because it's so tightly integrated with the rest of the software and because, if it's the least bit clever, someone probably already has a patent on it.<br /><br />All this is a problem crying out for a solution, but most of us have no incentive to solve it, since doing so will put us out of work! We write the same pieces over and over again, multiplied by tens of thousands of us...imagine if the marketing people could specify the behaviors they want and choose from a catalog of available components! A group of them would only need one software expert, instead of the other way around.<br /><br />This choosing, of course, would be a trick; it's orders of magnitude more complex than going to the building supply to choose appropriate bricks and mortar. However, it can be solved, and (as with the components themselves) only needs to be done once.Unknownhttps://www.blogger.com/profile/10421203706899936723noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-14598983453701855512009-07-24T14:16:24.401-04:002009-07-24T14:16:24.401-04:00Thanks, Dylan. Actually more than dabbled, but nev...Thanks, Dylan. Actually more than dabbled, but never managed to get it with Haskel. I'm OK with functional but lost it with monads and finally just gave up. Happy to swap stories; just email. Its on the web.Brad Coxhttps://www.blogger.com/profile/00051961447398492858noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-85695004876424732252009-07-24T13:36:16.224-04:002009-07-24T13:36:16.224-04:00This is an interesting analysis of trust architec...This is an interesting analysis of trust architectures. The company I work for, Galois, is working on building trusted components. We're using Haskell, and its rich type system to develop one level of trust, (mostly limited by the complexity of a garbage-collected runtime). We're also using Isabelle-HOL (higher order logic) to construct programs whose entire behavior can be formally reasoned about.<br><br />We've developed a cross-domain file storage system (based on the WebDAV protocol), called the TSE, which uses Haskell to build "medium assurance" front-ends to a "high assurance" cross-domain component constructed in C, with a formal proof that it enforces a Bell LaPadula information flow policy.<br> <br />I saw in this month's MacTech that you've dabbled in Haskell -- I'd love an opportunity to exchange stories about our experiences in this realm.Dylan McNameehttps://www.blogger.com/profile/16590476622723903877noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-51649428570704530692009-04-23T17:57:00.000-04:002009-04-23T17:57:00.000-04:00Following the Guidon is a more advanced technique ...<I>Following the Guidon</I> is a more advanced technique than one I learned as an undergrad, Follow the Holy Pole.<br /><br /> I learned it in a philosophy/religion course. The professor told of a nomadic tribe (either sub Sharain Africa or Arabian peninsula) that rather than argue about directions, carried a 10 foot long holy pole with them from oasis to oasis. When they had fed their flock and needed to move on, the elders would raise the pole on its end, stand around and pray. Then they would back off and it would fall.<br /><br />The tribe would follow the direction pointed to by the holy pole. No arguments, no politics. Sometimes in tech projects, its OK to follow the holy pole, even if it is just a random walk.<br /><br />-- PatAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-48590831807938538752009-04-21T12:42:00.000-04:002009-04-21T12:42:00.000-04:00That's exactly the thought that got me onto this. ...That's exactly the thought that got me onto this. I'd put it more that there's a prevalent <I>illusion</I> that EA is predominately centrally planned. In reality the enterprise is really governed top-down, bottom-up and middle-out. Russia collapsed when the top valued "glorious worker" monuments more than bread, until the middle and bottom had enough of that.<br /><br />Which Pat is this? I'm not sure even superdistribution is really up to making sense of EA. ;)Brad Coxhttps://www.blogger.com/profile/00051961447398492858noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-6629235959901847302009-04-21T10:59:00.000-04:002009-04-21T10:59:00.000-04:00I'm not convinced that Agile Enterprise Architectu...I'm not convinced that Agile Enterprise Architecture is a meaningful concept. While I completely agree that central planning's failure was predicted by the Austrian Economists, the very term "enterprise" which is half of Enterprise Architecture, means centrally planned.<br /><br />At least until superdistribution gets popular.<br /><br />PatAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-3479743731097097212009-04-19T06:36:00.000-04:002009-04-19T06:36:00.000-04:00Yeah, I should change the heading, or something. T...Yeah, I should change the heading, or something. The real point here is why intermediate-level components are needed for SOA security. I eventually backed out of JBI for the reasons you said and adopted a much simpler solution based on plain java threads and queues. No NMR; still don't see why you need that.Brad Coxhttps://www.blogger.com/profile/00051961447398492858noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-21316370274253530692009-04-18T23:09:00.000-04:002009-04-18T23:09:00.000-04:00I guess my issue with your post is that using prop...I guess my issue with your post is that using proper design patterns, ensuring data and logic are properly separated and encapsulated will result in the same testable, portlable component based system. XML based 'engines' are way over used these days in the Java environment. The simple inclusion of half a dozen interfaces coupled with a bunch of XML only creates an enormous amount of infrastructure code and a brittle production environment where runtime bugs are hard to track down. Even after reading your post I am still asking my self "WHY JBI?"...I agree with the post overall and what JBI is intending to achieve but I don't agree that all the overhead involved with getting a JBI component does anything more then turn a project into an XML nightmare and does very little to ensure developers are writing portable, well encapsulated code.Frederick Brockhttps://www.blogger.com/profile/13886241899500902844noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-19276402707881647352009-04-18T22:17:00.000-04:002009-04-18T22:17:00.000-04:00Agile works well when there is close communication...Agile works well when there is close communication so that requirements can be iterated. That means the customer has to talk directly to the developers, and vice versa. That is impossible in any large scale Federal contract.<br /><br />If you apply agile in a world where there are many layers of folks on both sides (contractor and agency) then you are doomed.<br /><br />I've been exploring a concept for a year or so: that its impossible to do large scale commercial software anymore. I was thinking of the commercial space, say a Fannie Mae accounting system developed by IBM, or BearingPoint, etc. I think they are impossible. And they have a much higher chance of working than a typical Federal agency effort.<br /><br />See Charles Rossotti's book: Many Unhappy Returns, about his failures at the IRS. Charles ran AMS for 25+ years, successfully delivering complex systems to customers. He failed as the Commissioner of the IRS, from the inside.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-14967025722653045462009-04-18T20:13:00.000-04:002009-04-18T20:13:00.000-04:00However I don't see agile as a fad, although I do ...However I don't see agile as a fad, although I do get tired of all the hype. I see it as the goal to which we're striving, government included. Problem is, agile practices work best when the end-user is actively involved to answer requirements questions. This is almost always impossible in government work, where contractors can only talk with contractual staff, not with actual users. If anyone knows of ways to solve that, I'm all ears.Brad Coxhttps://www.blogger.com/profile/00051961447398492858noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-54939872875993283412009-04-18T19:47:00.000-04:002009-04-18T19:47:00.000-04:00Although I agree govt's record is hardly inspiring...Although I agree govt's record is hardly inspiring, I'm actually an optimist and see FEA as a sign of improvement. Problem is, FEA imposes a huge documentation burden on project managers who are now forced to project detailed architectural information up the chain to decision makers, who use this information to decide which projects will get funded. The components-based approach I outlined here can help by reducing the documentation burden (trusted components don't need to be designed, documented and implemented). That leaves a fundamental problem I see no easy solution to. The tangible construction industry uses distributed decision-making by folks in direct contact with each construction site. The government uses central planning, which failed in Russia with such catastrophic results. I don't see ready solutions because digital components are made of bits, which don't abide by the conservation laws that mediate distributed decision making. And the belief in central planning persists in govt circles in spite of its consistently poor results. I have no solution for that.Brad Coxhttps://www.blogger.com/profile/00051961447398492858noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-54070822226296279352009-04-18T17:23:00.000-04:002009-04-18T17:23:00.000-04:00More than just the meaning of components is missin...More than just the meaning of components is missing. Far too many people think that an "architect" is the person who architects a building. No, an architect designs the building, or perhaps more properly the general design, look and feel. The verb is "design".<br /><br />The Government's track record on software projects is worse than terrible. In the 90s, the DoD had less than a 10% success rate with software. I see no evidence that they are getting much better.<br /><br />On the contrary, the agile software fad has made people think you can build anything in four months. Its getting harder to find people who understand the exponential complexity of large systems.<br /><br />Keep pushing, Brad, but I'm not seeing much improvement in process, communications, or execution.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-11970878267217638002008-09-17T16:56:00.000-04:002008-09-17T16:56:00.000-04:00Jesse, I have researched the issue; that's exactly...Jesse, I have researched the issue; that's exactly what's causing the concern. Not how seriously intelligence agencies take the laws, but the laws themselves. All this compounded every way you look, from border security confiscating laptops to TSA confiscating nail clippers. All things that annoy honest citizens will having no discernable impact on bad guys who are likely to travel on container ships anyway. Yes, I'm aware of the bill to reign in the laptop snoopers, and find it small comfort that that bill is even needed. Remember, Naziism was perfectly legal too. That didn't make it right.Brad Coxhttps://www.blogger.com/profile/00051961447398492858noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-19566369116096766642008-09-17T14:31:00.000-04:002008-09-17T14:31:00.000-04:00Brad - Then your argument is that you don't trust ...Brad - Then your argument is that you don't trust the government, and that's as far as it goes. And that's fine. We should NEVER give government a warrant to do anything it wants. But because you don't trust the government doesn't mean you should make claims about what the government is doing without having researched the issue and the rules the IC operates under. What Das said is exactly correct. The IC is extremely strict (read the Intelligence Oversight requirements!) on what can be collected when it comes to US persons. The IC is not using open sources (e.g., newspapers, radio, etc.) to condcut research Americans. They are using it to learn about foreign countries, their leaders, intentions, etc. The mission of the IC is to bring understanding to policymakers so they can make better decisions. That is a noble mission, that does not involve spying on Americans.Jessehttps://www.blogger.com/profile/15281195959556929552noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-79703755747463540692008-09-17T07:28:00.000-04:002008-09-17T07:28:00.000-04:00deichmans, its precisely those "executive orders" ...deichmans, its precisely those "executive orders" that scare me so much, and the very reason I called this a "police state". That's not mere rhethoric, its precisely the way I (and most of the world now it seems) actually see it.Brad Coxhttps://www.blogger.com/profile/00051961447398492858noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-36160365156571062232008-09-16T21:22:00.000-04:002008-09-16T21:22:00.000-04:00Accusing the U.S. government of "police state tact...Accusing the U.S. government of "police state tactics" is a bold claim, especially when there are laws that prevent the abuse of intelligence systems. I recommend you review <A HREF="http://www.archives.gov/federal-register/codification/executive-order/12333.html" REL="nofollow">Executive Order 12333</A>, in particular Section 2.<BR/><BR/>The professionals in the intelligence community take "Intelligence Oversight" very seriously. If you have evidence of abuse of position or authority, I urge you to bring it to the attention of your Congressional representatives and the Attorney General.<BR/><BR/>However, if you don't, then I ask that you ease up on the rhetoric.deichmanshttps://www.blogger.com/profile/13358324721299617982noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-23638259025806442162008-09-16T15:14:00.000-04:002008-09-16T15:14:00.000-04:00das and I kicked this to death via chat this am wi...das and I kicked this to death via chat this am without either side convincing the other. He trusts govt to do the right thing and I find what what they're doing deeply disturbing. What it is or isn't "open source" is peripheral to that, which boils down to an issue of trust.Brad Coxhttps://www.blogger.com/profile/00051961447398492858noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-56748798165414470652008-09-16T11:52:00.000-04:002008-09-16T11:52:00.000-04:00Yeah, Open Source Intelligence is distinct from op...Yeah, <A HREF="http://en.wikipedia.org/wiki/Open_Source_Intelligence" REL="nofollow">Open Source Intelligence</A> is distinct from <A HREF="http://en.wikipedia.org/wiki/Open_source_software" REL="nofollow">open source software</A>. <BR/><BR/>And Das is right -- open source intelligence comes from open sources (e.g. newspapers on the Internet), not closed sources. But I'm just an anonymous Internet person, so you probably don't believe me either. Oh well.Unknownhttps://www.blogger.com/profile/07272671261464997874noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-12620951053199406812008-09-16T11:46:00.000-04:002008-09-16T11:46:00.000-04:00No, that's not a "misconfiguration", but that is a...No, that's not a "misconfiguration", but that is also not open source intelligence. Open source intelligence represents unclassified collection methods from open, publicly accessible sources. The idea here is rooted in the notion that upwards of 80% — some say 90% — of the information needed to inform policy decisions can be obtained from open sources.<BR/><BR/>The monitoring issue is another issue altogether, and has obviously been steeped in controversy to varying degrees.<BR/><BR/>It was never as clear cut as being "legal" or "illegal". Court decisions have cast doubt on some issues, but those who claimed that it was clearly "illegal" before any such decisions were rendered did so largely for political reasons. The other mistake is equating "traffic that <I>could be</I> listened to" with "traffic that <I>is</I> listened to" — unfortunately, they are not at all the same. This also ignores that to even determine whether traffic is subject to legal collection, it must — to be blunt — actually be able to be collected.<BR/><BR/>Having the capability to instantaneously examine traffic of international origin, where one or both endpoints of a communication are international, necessitates such wholesale monitoring capability. However, such capability being present does not imply its use for all traffic.<BR/><BR/>There are two issues here:<BR/><BR/>1. Monitoring the contents of a communication<BR/><BR/>2. Monitoring the metadata or "envelope" (source and destination information) of a communication<BR/><BR/>The first is allowable without a warrant or court oversight when one or both endpoints of the communication are international, and when the target of such monitoring is a non-US Person outside of the United States. Such foreign signals intelligence collection does not require a warrant or court oversight.<BR/><BR/>The second point above has multiple functions. One is using advanced data mining techniques to look for troubling patterns in communications.<BR/><BR/>The other critical function of the second point above is determining whether one or both endpoints are international in origin, and is related to the support of initial and ongoing monitoring of a non-US Person outside of the United States. This is important.<BR/><BR/>Federal law and executive order define a US Person as:<BR/><BR/>- a citizen of the United States<BR/>- an alien lawfully admitted for permanent residence<BR/>- an unincorporated association with a substantial number of members who are citizens of the US or are aliens lawfully admitted for permanent residence<BR/>- a corporation that is incorporated in the US<BR/><BR/>In order to reasonably determine that one or both ends of a communication is outside the United States and to be able to affirm that one or both international ends also do not constitute US Persons, with any degree of certainty as is required by law, having such communication metadata available for examination in support of foreign intelligence collection is critical.<BR/><BR/>What FISA covers is foreign intelligence collection within the US, traditionally on foreign persons or entities within the US. The difference today is that increasing levels of traffic that ordinarily are not subject to court oversight travel physically through the United States — but even that traffic is beginning to trend away from the US.<BR/><BR/>The now-sunset Protect America Act of 2007 explicitly allowed such monitoring, but in its haste made some provisions too ambiguous. Democratic Congressional leaders proposed the RESTORE Act, now known as the <A HREF="http://www.govtrack.us/congress/bill.xpd?bill=h110-3773" REL="nofollow">FISA Amendments Act of 2008</A> (HR 3773), sponsored by Rep. John Conyers (D-MI) and cosponsored by 7 other Democratic colleagues, which:<BR/><BR/>1. Clarifies that no court warrant is required to intercept communications of non-United States Persons when both ends of the communications are outside the United States. (Even when the interception occurs within the US.)<BR/><BR/>2. Requires an individualized court warrant from the FISA Court when targeting persons in the United States. (Same as current law.)<BR/><BR/>The FISA court will review targeting and so-called "minimization" procedures for such surveillance. But to be clear, this bill explicitly reiterates that no warrant is required for the monitoring of communications where the target is a non-US Person outside of the United States — even when the interception happens within the United States. The FISA Amendments Act of 2008 has been passed by the House and Senate, and is now playing amendments tag to resolve some final differences.<BR/><BR/>While it seems that some are convinced that such collection is clearly illegal or unconstitutional, the facts are that monitoring communications of non-US Persons outside of the US is allowable under the Constitution and under the law, albeit with some legal gray areas, some of which are being resolved in current legislation. However, the mechanisms must necessarily be in place to support such legal collection of data traffic. The prospect of traffic shifts away from the United States is <A HREF="http://www.nytimes.com/2008/08/30/business/30pipes.html" REL="nofollow">worrying from an intelligence perspective</A>.<BR/><BR/>But all of this has nothing to do with open source intelligence. The methods used to gain open source intelligence are unclassified, and the information obtained is the result of collection from publicly accessible sources. Neither of these fundamentals are shared with covert/classified SIGINT monitoring. But even those capabilities are more important that you might imagine, and aren't intended to supplant other disciplines, e.g., HUMINT.dashttps://www.blogger.com/profile/11502825698995362359noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-74024303631015025642008-09-16T11:37:00.000-04:002008-09-16T11:37:00.000-04:00No, that's not a "misconfiguration", but that is a...No, that's not a "misconfiguration", but that is also not open source intelligence. Open source intelligence represents unclassified collection methods from open, publicly accessible sources. The idea here is rooted in the notion that upwards of 80% — some say 90% — of the information needed to inform policy decisions can be obtained from open sources.<BR/><BR/>The monitoring issue is another issue altogether, and has obviously been steeped in controversy to varying degrees.<BR/><BR/>It was never as clear cut as being "legal" or "illegal". Court decisions have cast doubt on some activities, but those who claimed that it was clearly "illegal" before any such decisions were rendered did so largely for political reasons. The other mistake is equating "traffic that *could be* listened to" with "traffic that *is* listened to" — unfortunately, they are not at all the same. This also ignores that to even determine whether traffic is subject to legal collection, it must — to be blunt — actually be able to be collected.<BR/><BR/>Having the capability to instantaneously examine traffic of international origin, where one or both endpoints of a communication are international, necessitates such wholesale monitoring capability. However, such capability being present does not imply its use for all traffic.<BR/><BR/>There are two issues here:<BR/><BR/>1. Monitoring the contents of a communication<BR/><BR/>2. Monitoring the metadata or "envelope" (source and destination information) of a communication<BR/><BR/>The first is allowable without a warrant or court oversight when one or both endpoints of the communication are international, and when the target of such monitoring is a non-US Person outside of the United States. Such foreign signals intelligence collection does not require a warrant or court oversight.<BR/><BR/>The second point above has multiple functions. One is using advanced data mining techniques to look for troubling patterns in communications.<BR/><BR/>he other critical function of the second point above is determining whether one or both endpoints are international in origin, and is related to the support of initial and ongoing monitoring of a non-US Person outside of the United States. This is important.<BR/><BR/>Federal law and executive order define a US Person as:<BR/><BR/>- a citizen of the United States<BR/>- an alien lawfully admitted for permanent residence<BR/>- an unincorporated association with a substantial number of members who are citizens of the US or are aliens lawfully admitted for permanent residence<BR/>- a corporation that is incorporated in the US<BR/><BR/>In order to reasonably determine that one or both ends of a communication is outside the United States and to be able to affirm that one or both international ends also do not constitute US Persons, with any degree of certainty as is required by law, having such communication metadata available for examination in support of foreign intelligence collection is critical.<BR/><BR/>What FISA covers is foreign intelligence collection within the US, traditionally on foreign persons or entities within the US. The difference today is that increasing levels of traffic that ordinarily are not subject to court oversight travel physically through the United States — but even that traffic is beginning to trend away from the US.<BR/><BR/>he now-sunset Protect America Act of 2007 explicitly allowed such monitoring, but in its haste made some provisions too ambiguous. Democratic Congressional leaders proposed the RESTORE Act, now known as the <A HREF="http://www.govtrack.us/congress/bill.xpd?bill=h110-3773" REL="nofollow">FISA Amendments Act of 2008</A> (HR 3773), sponsored by Rep. John Conyers (D-MI) and cosponsored by 7 other Democratic colleagues, which:<BR/><BR/>1. Clarifies that no court warrant is required to intercept communications of non-United States Persons when both ends of the communications are outside the United States. (Even when the interception occurs within the US.)<BR/><BR/>2. Requires an individualized court warrant from the FISA Court when targeting persons in the United States. (Same as current law.)<BR/><BR/>The FISA court will review targeting and so-called "minimization" procedures for such surveillance. But to be clear, this bill explicitly reiterates that no warrant is required for the monitoring of communications where the target is a non-US Person outside of the United States — even when the interception happens within the United States. The FISA Amendments Act of 2008 has been passed by the House and Senate, and is now playing amendments tag to resolve some final differences.<BR/><BR/>While it seems that some are convinced that such collection is clearly illegal or unconstitutional, the facts are that monitoring communications of non-US Persons outside of the US is allowable under the Constitution and under the law, albeit with some legal gray areas, some of which are being resolved in current legislation. However, the mechanisms must necessarily be in place to support such legal collection of data traffic.<BR/><BR/>Having mechanisms in place to monitor such traffic is of paramount importance. The prospect of traffic shifts away from the United States is <A HREF="http://www.nytimes.com/2008/08/30/business/30pipes.html" REL="nofollow">worrying from an intelligence perspective</A>.<BR/><BR/>All of this has nothing to do with open source intelligence, of course. The methods used to gain open source intelligence are unclassified, and the information obtained is the result of collection from open sources. Neither of these fundamentals are shared with covert/classified SIGINT monitoring. But even those capabilities are more important that you might imagine, and aren't intended to supplant other disciplines, e.g., HUMINT.dashttps://www.blogger.com/profile/11502825698995362359noreply@blogger.comtag:blogger.com,1999:blog-2620598440410897214.post-62232691642451296982008-09-15T12:24:00.000-04:002008-09-15T12:24:00.000-04:00Is it a "misconfiguration" that my traff...Is it a "misconfiguration" that my traffic (as a US citizen) traverses AT&T servers that DNI/NSA/whoever can tap on the grounds that non-citizens use them?<BR/><BR/>And you didn't really address my main concern, that this smacks of police state tactics to gain reams of very poor quality intel.Brad Coxhttps://www.blogger.com/profile/00051961447398492858noreply@blogger.com