Original image

Is the Government Reading Your Email?

Original image

The National Security Agency is the primary cryptographic and signals-intelligence agency of the United States. To spy on foreign communications, it operates data collection platforms in more than 50 countries and uses airplanes and submarines, ships and satellites, specially modified trucks, and cleverly disguised antennas. It has managed to break the cryptographic systems of most of its targets and prides itself on sending first-rate product to the president of the United States.

Inside the United States, the NSA’s collection is regulated by the Foreign Intelligence Surveillance Act, passed in 1978 to provide a legal framework for intercepting communications related to foreign intelligence or terrorism where one party is inside the United States and might be considered a “U.S. person.”

Three bits of terminology: The NSA “collects on” someone, with the preposition indicating the broad scope of the verb. Think of a rake pushing leaves into a bin. The NSA intercepts a very small percentage of the communications it collects. At the NSA, to “intercept” is to introduce to the collection process an analyst, who examines a leaf that has appeared in his or her computer bin. (An analyst could use computer software to assist here, but the basic distinction the NSA makes is that the actual interception requires intent and specificity on behalf of the interceptor.) A “U.S. person” refers to a U.S. citizen, a legal resident of the United States, or a corporation or business legally chartered inside the United States.

So the big question everyone wonders is: does the NSA read my e-mail? Based on the public statements of the former director of the National Security Agency, Justice Department attorneys, and others involved in NSA operations—as well as confidential information provided to the authors and verified independently by officials read in to the programs—here is how to tell if the NSA spies on you:

1. If you regularly call people in Afghanistan, Pakistan, or Yemen, your telephone records have probably passed through an NSA computer. Most likely, however, if you’ve been calling rug merchants or relatives, no one at the NSA knew your name. (A computer program sanitizes the actual identifying information.) Depending on the time, date, location, and contextual factors related to the call, a record may not have been created.

2. If you’ve sent an e-mail from an IP address that has been used by bad guys in the past (IP addresses can be spoofed), your e-mail’s metadata—the hidden directions that tell the Internet where to send it (that is, the To and From lines, the subject line, the length, and the type of e-mail) probably passed through a server. The chances of an analyst or a computer actually reading the content of an e-mail are very slim.

3. If you are or were a lawyer for someone formally accused of terrorism, there is a good chance that the NSA has or had—but could not or cannot access (at least not anymore)—your telephone billing records. (N.B.: A Senate Select Committee on Intelligence report notes that the FISA Amendments Act does not require material erroneously collected to be destroyed.)

4. If you work for a member of the “Defense Industrial Base” on sensitive projects and your company uses Verizon and AT&T, your e-mail has likely been screened by NSA computers for malware.

5. Before 2007, if you, as an American citizen, worked overseas in or near a war zone, there is a small chance that you were “collected on” by a civilian NSA analyst or a member of the NSA’s Central Security Service (the name given to the military service elements that make up a large part of the NSA’s workforce).

6. If you, from September 2001 to roughly April 2004, called or sent e-mail to or from regions associated with terrorism and used American Internet companies to do so, your transaction records (again, without identifying information) were likely collected by your telecommunications company and passed to the NSA. The records were then analyzed, and there is a tiny chance that a person or a computer read them or sampled them. The NSA would ask telecommunications companies for tranches of data that correlated to particular communities of interest, and then used a variety of classified and unclassified techniques to predict, based on their analysis, who was likely to be associated with terrorism. This determination required at least one additional and independent extraneous piece of evidence.

7. There is a chance that the NSA passed this data to the FBI for further investigation. There is a small chance that the FBI acted on this information.

8. If you define “collection” in the broadest sense possible, there is a good chance that if the NSA wanted to obtain your transactional information in real time and knew your direct identity (or had a rough idea of who you are), they can do so, provided that they can prove to a FISA judge within seventy-two hours that there is probable cause to believe you are a terrorist or associated with a terrorist organization.

9. If the NSA receives permission from a judge to collect on a corporation or a charity that may be associated with terrorism, and your company, which is entirely separate from the organization in question, happens to share a location with it (either because you’re in the same building or have contracted with the company to share Internet services), there is a chance that the NSA incidentally collects your work e-mail and phone calls. It is very hard for the agency to map IP addresses to their physical locations and to completely segregate parts of corporate telephone networks. When this happens, Congress and the Justice Department are notified, and an NSA internal compliance unit makes a record of the “overcollect.”

10. If any of your communications were accidentally or incidentally collected by the NSA, they probably still exist somewhere, subject to classified minimization requirements. (The main NSA signals-intelligence database is code-named PINWALE.) This is the case even after certain collection activities became illegal with the passage of the 2007 FISA Amendments Act, the governing framework for domestic collection. The act does not require the NSA to destroy the data.

11. If you are of Arab descent and attend a mosque whose imam was linked through degrees of association with Islamic charities considered to be supporters of terrorism, NSA computers probably analyzed metadata from your telephone communications and e-mail.

12. Your data might have been intercepted or collected by Russia, China, or Israel if you traveled to those countries. The FBI has quietly found and removed transmitters from several Washington, D.C.–area cell phone towers that fed all data to wire rooms at foreign embassies.

13. The chances, if you are not a criminal or a terrorist, that an analyst at the NSA listened to one of your telephone conversations or read one of your e-mail messages are infinitesimally small given the technological challenges associated with the program, not to mention the lack of manpower available to sort through your irrelevant communications. If an unintentional collection occurred (an overcollect), it would be deleted and not stored in any database.

What safeguards exist today?

From what we could figure out, only three dozen or so people inside the NSA have the authority to read the content of FISA-derived material, all of which is now subject to a warrant. Can the NSA share FISA product on U.S. persons with other countries? By law it cannot and does not. (The FBI can, and does.) What is the size of the compliance staff that monitors domestic collection? Four or five people, depending on the budget cycle. How many people outside the NSA are privy to the full details of the program? More than one thousand. How can you find out if you’ve been accidentally or incidentally surveilled? You can’t. You can sue, but the government will invoke a state secrets privilege, and judges will probably agree—even when you can prove without any secret evidence that there is probable cause to believe that you were surveilled.

The NSA’s general counsel’s office regularly reviews the “target folders”—the identities of those under surveillance—to make sure the program complied with the instruction to surveil those reasonably assumed to have connections to al-Qaeda. They do this by sampling a number of the folders at random. How do we know the program isn’t expanding right now, pushing the boundaries of legality, spying not just on suspected terrorists but on American dissidents? We don’t. But if it is, and over a thousand people are involved, how much longer can that secret last?

Adapted from Deep State: Inside the Government Secrecy Industry, by Marc Ambinder and D.B. Grady. Grady is a regular contributor to mental_floss.

Original image
iStock // Ekaterina Minaeva
Man Buys Two Metric Tons of LEGO Bricks; Sorts Them Via Machine Learning
May 21, 2017
Original image
iStock // Ekaterina Minaeva

Jacques Mattheij made a small, but awesome, mistake. He went on eBay one evening and bid on a bunch of bulk LEGO brick auctions, then went to sleep. Upon waking, he discovered that he was the high bidder on many, and was now the proud owner of two tons of LEGO bricks. (This is about 4400 pounds.) He wrote, "[L]esson 1: if you win almost all bids you are bidding too high."

Mattheij had noticed that bulk, unsorted bricks sell for something like €10/kilogram, whereas sets are roughly €40/kg and rare parts go for up to €100/kg. Much of the value of the bricks is in their sorting. If he could reduce the entropy of these bins of unsorted bricks, he could make a tidy profit. While many people do this work by hand, the problem is enormous—just the kind of challenge for a computer. Mattheij writes:

There are 38000+ shapes and there are 100+ possible shades of color (you can roughly tell how old someone is by asking them what lego colors they remember from their youth).

In the following months, Mattheij built a proof-of-concept sorting system using, of course, LEGO. He broke the problem down into a series of sub-problems (including "feeding LEGO reliably from a hopper is surprisingly hard," one of those facts of nature that will stymie even the best system design). After tinkering with the prototype at length, he expanded the system to a surprisingly complex system of conveyer belts (powered by a home treadmill), various pieces of cabinetry, and "copious quantities of crazy glue."

Here's a video showing the current system running at low speed:

The key part of the system was running the bricks past a camera paired with a computer running a neural net-based image classifier. That allows the computer (when sufficiently trained on brick images) to recognize bricks and thus categorize them by color, shape, or other parameters. Remember that as bricks pass by, they can be in any orientation, can be dirty, can even be stuck to other pieces. So having a flexible software system is key to recognizing—in a fraction of a second—what a given brick is, in order to sort it out. When a match is found, a jet of compressed air pops the piece off the conveyer belt and into a waiting bin.

After much experimentation, Mattheij rewrote the software (several times in fact) to accomplish a variety of basic tasks. At its core, the system takes images from a webcam and feeds them to a neural network to do the classification. Of course, the neural net needs to be "trained" by showing it lots of images, and telling it what those images represent. Mattheij's breakthrough was allowing the machine to effectively train itself, with guidance: Running pieces through allows the system to take its own photos, make a guess, and build on that guess. As long as Mattheij corrects the incorrect guesses, he ends up with a decent (and self-reinforcing) corpus of training data. As the machine continues running, it can rack up more training, allowing it to recognize a broad variety of pieces on the fly.

Here's another video, focusing on how the pieces move on conveyer belts (running at slow speed so puny humans can follow). You can also see the air jets in action:

In an email interview, Mattheij told Mental Floss that the system currently sorts LEGO bricks into more than 50 categories. It can also be run in a color-sorting mode to bin the parts across 12 color groups. (Thus at present you'd likely do a two-pass sort on the bricks: once for shape, then a separate pass for color.) He continues to refine the system, with a focus on making its recognition abilities faster. At some point down the line, he plans to make the software portion open source. You're on your own as far as building conveyer belts, bins, and so forth.

Check out Mattheij's writeup in two parts for more information. It starts with an overview of the story, followed up with a deep dive on the software. He's also tweeting about the project (among other things). And if you look around a bit, you'll find bulk LEGO brick auctions online—it's definitely a thing!

Original image
Nick Briggs/Comic Relief
What Happened to Jamie and Aurelia From Love Actually?
May 26, 2017
Original image
Nick Briggs/Comic Relief

Fans of the romantic-comedy Love Actually recently got a bonus reunion in the form of Red Nose Day Actually, a short charity special that gave audiences a peek at where their favorite characters ended up almost 15 years later.

One of the most improbable pairings from the original film was between Jamie (Colin Firth) and Aurelia (Lúcia Moniz), who fell in love despite almost no shared vocabulary. Jamie is English, and Aurelia is Portuguese, and they know just enough of each other’s native tongues for Jamie to propose and Aurelia to accept.

A decade and a half on, they have both improved their knowledge of each other’s languages—if not perfectly, in Jamie’s case. But apparently, their love is much stronger than his grasp on Portuguese grammar, because they’ve got three bilingual kids and another on the way. (And still enjoy having important romantic moments in the car.)

In 2015, Love Actually script editor Emma Freud revealed via Twitter what happened between Karen and Harry (Emma Thompson and Alan Rickman, who passed away last year). Most of the other couples get happy endings in the short—even if Hugh Grant's character hasn't gotten any better at dancing.

[h/t TV Guide]