Dolphins in the NSA Dragnet

There's an old quote from Jamie Zawinkski that goes: "Some people, when confronted with a problem, think ‘I know, I'll use regular expressions.’ Now they have two problems." Even people like me who like regular expressions laugh at the truth in that quote, because we've seen the consequences when someone doesn't think through the implications of a poorly written pattern. When some people write a bad pattern, they end up with extra lines in a log file. When the NSA does it, they capture and retain Internet traffic on untold numbers of innocent people.

As I mentioned in "NSA: Linux Journal is an ‘extremist forum’ and its readers get flagged for extra surveillance”, the NSA has been flagging certain Internet traffic as extremist based on specific patterns. Alongside patterns that match anyone who was searching for information about the Tor and Tails projects was the following pattern:*

While the general consensus seems to be that all of these patterns were overreaching, even if you think it's reasonable to label people who are curious about Tor or Tails as extremist, you would have a hard time lumping Linux Journal in the same category. A number of news outlets have speculated that the above pattern was intended to match the following URL:…

This link goes to a short blog post by Michael Reed in 2011 that provides a brief overview of Tails. The blog post wasn't even intended as a HOWTO, and it instead links to the official Tails Web site if you want more details on how to download or install the distribution. Although that article is innocent enough (I can only imagine what they must think of my more in-depth Tor and Tails HOWTOs we recently published), to catch that post they flagged 186 other posts along the way.

At the end of this article, I have posted the complete list of 187 posts on that match the pattern, but I figured I'd pick out a few articles to give you a sense of the depth and breadth of the content swept up in this dragnet, like this one:

"Linux Foundation Collaboration Summit - Austin, Texas - April 8th to 10th, 2008" published February 13, 2008 by Jon maddog Hall…

This is one of the older articles in the list and one of many about the Linux Foundation. This post announces a summit sponsored by the Linux Foundation that aimed to bring together "leaders of the development, ISV, distro, end user, non-profit and vendor discuss the present and future directions of Free and Open Source Software." This is only one of the many articles in the list about Linux conferences (as you might imagine, many Linux conferences and articles about them tend to start with the word Linux). This means anyone who might have been interested in Linux World, LinuxCon or was also caught in the dragnet.

On the other side of the date spectrum is this recent article:

"Linux Containers and the Future Cloud" published June 10, 2014 by Rami Rosen

This article is less than a month old and discusses the recent trend of Linux containers. This is a big topic these days with the growing popularity of Docker to help package up software into a self-contained filesystem without the overhead associated with para-virtualization solutions like Xen and KVM. The article starts with the history of Linux containers, then describes a few container projects and explains how to use Docker to create LXC containers. So readers who wanted to get more information on this new container technology they keep hearing about presumably end up under deep surveillance.

The last article I want to highlight signaled a turning point in the history of Linux Journal itself:

"Linux Journal Goes 100% Digital" published August 19, 2011 by Doc Searls

This article announced the incredibly controversial decision that Linux Journal was to stop the publication of a physical magazine and go all-digital. Although I imagine some readers thought the decision itself was extreme, they probably never thought reading the article would make them extremists. What's more, this article made big news across the tech sector with a number of other popular news outlets linking to it. While by this point Linux Journal regulars were already caught in the dragnet, the wide exposure of this story brought a whole new wave of visitors into our growing extremist club.

As you can see with the handful of articles I picked out of the list, and with the complete list below, the articles that would flag you for extra surveillance are representative of the wide range of ordinary Linux coverage you would find in every issue of Linux Journal. If extremists interested in a short blog post about Tails were truly the tuna the NSA wanted to catch, they sure dragged in a lot of Linux-using dolphins in the process.

Are you an extremist? Get the shirt!…—-strange-place-find-penguin………………………………………………………………………………………………………’s-end-user-collaboration-summit……………………”free-penguins”-virtualization-schools-initiative………………

Kyle Rankin is a Tech Editor and columnist at Linux Journal and the Chief Security Officer at Purism. He is the author of Linux Hardening in Hostile Networks, DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, Knoppix Pocket Reference, Linux Multimedia Hacks and Ubuntu Hacks, and also a contributor to a number of other O'Reilly books. Rankin speaks frequently on security and open-source software including at BsidesLV, O'Reilly Security Conference, OSCON, SCALE, CactusCon, Linux World Expo and Penguicon. You can follow him at @kylerankin.

Load Disqus comments