Re: NSA Update

Re: NSA Update

What we think we know about the NSA makes politics and even forms of government look like an illusion.

Re: NSA Update

Quote of the decade...

That's right up there with Roger Goodell talking about the "integrity of the game" when he talks about the utterly corrupt NFL machine.

Bottom line, we live in a fishbowl, and that was one of the primary objectives of this global network from it's earliest ideations. This recent media frenzy is comedic when framed in proper historical context. But I guess then that this media frenzy's primarly objective is to perpetrate fear, loss of hope, and chaos.

Re: NSA Update

is like fixing the problem through partisan politics . . .

Re: NSA Update

a novel idea, if nothing else . . .


Cory Doctorow



The more we learn about the breadth and depth of the NSA and GCHQ's programmes of spying on the general public, the more alarming it all becomes. The most recent stories about the deliberate sabotage of security technology are the full stop at the end of a sentence that started on 8 August, when the founder of Lavabit (the privacy oriented email provider used by whistleblower Edward Snowden) abruptly shut down, with its founder, Ladar Levison, obliquely implying that he'd been ordered to secretly subvert his own system to compromise his users' privacy.

It doesn't really matter if you trust the "good" spies of America and the UK not to abuse their powers (though even the NSA now admits to routine abuse, you should still be wary of deliberately weakened security. It is laughable to suppose that the back doors that the NSA has secretly inserted into common technologies will only be exploited by the NSA. There are plenty of crooks, foreign powers, and creeps who devote themselves to picking away patiently at the systems that make up the world and guard its wealth and security (that is, your wealth and security) and whatever sneaky tools the NSA has stashed for itself in your operating system, hardware, applications and services, they will surely find and exploit.

One important check against the NSA's war on security is transparency. Programmes published under free/open software licenses can be independently audited are much harder to hide secret back doors in. But what about the services that we use – certificate providers, hosted email and cloud computers, and all the other remote computers and networks that we entrust with our sensitive data?

Ultimately these are only as trustworthy as the people who run them. And as we've seen with Lavabit, even the most trustworthy operators may face secret orders to silently betray you, with terrible penalties if they speak out.

This is not a new problem. In 2004, American librarians recoiled at the FBI's demands to rummage through their patrons' reading habits and use them to infer terroristic intent, and at the FBI's gag orders preventing librarians from telling their patrons when the police had come snooping.

Jessamyn West, a radical librarian, conceived of a brilliant solution, a sign on the wall of her library reading "THE FBI HAS NOT BEEN HERE (watch very closely for the removal of this sign)." After all, she reasoned, if the law prohibited her from telling people that the FBI had been in, that wasn't the same as her not not telling people the FBI hadn't been in, right?

I was reminded of this last week on a call with Nico Sell, one of the organisers of the annual security conference Defcon (whose founder, Jeff Moss, told the NSA that it would not be welcome at this year's event). Nico wanted me to act as an adviser to her company Wickr, which provides a platform for private messaging. I asked her what she would do in the event that she got a Lavabit-style order to pervert her software's security.

She explained that her company had committed to publishing regular transparency reports, modelled on those used by companies like Google, with one important difference. Google's reports do not give the tally of secret orders served on it by governments, because doing so would be illegal. Sell has yet to receive a secret order, so she can legally report in each transparency report: "Wickr has received zero secret orders from law enforcement and spy agencies. Watch closely for this notice to disappear." When the day came that her service had been served by the NSA, she could provide an alert to attentive users (and, more realistically, journalists) who would spread the word. Wickr is designed so that it knows nothing about its users' communications, so an NSA order would presumably leave its utility intact, but notice that the service had been subjected to an order would be a useful signal to users of other, related services.

This gave me an idea for a more general service: a dead man's switch to help fight back in the war on security. This service would allow you to register a URL by requesting a message from it, appending your own public key to it and posting it to that URL.

Once you're registered, you tell the dead man's switch how often you plan on notifying it that you have not received a secret order, expressed in hours. Thereafter, the service sits there, quietly sending a random number to you at your specified interval, which you sign and send back as a "No secret orders yet" message. If you miss an update, it publishes that fact to an RSS feed.

Such a service would lend itself to lots of interesting applications. Muck-raking journalists could subscribe to the raw feed, looking for the names of prominent services that had missed their nothing-to-see-here deadlines. Security-minded toolsmiths could provide programmes that looked through your browser history and compared it with the URLs registered with the service and alert you if any of the sites you visit ever show up in the list of possibly-compromised sites.

No one's ever tested this approach in court, and I can't say whether a judge would be able to distinguish between "not revealing a secret order" and "failing to note the absence of a secret order", but in US jurisprudence, compelling someone to speak a lie is generally more fraught with constitutional issues than compelled silence about the truth. The UK is on less stable ground – the "unwritten constitution" lacks clarity on this subject, and the Regulation of Investigatory Powers Act allows courts to order companies to surrender their cryptographic keys (for the purposes of decrypting evidence, though perhaps a judge could be convinced to equate providing evidence with signing a message).

When the NSA came up with codenames for its projects to sabotage security products, it chose "BULLRUN" and "MANASSAS", names for a notorious battle from the American civil war in which the public were declared enemies of the state. GCHQ's parallel programme was called "EDGEHILL", another civil war battle where citizens became enemies of their government. Our spies' indiscriminate surveillance programmes clearly show an alarming trend for the state to view everyday people as adversaries.

Our world is made up of computers. Our cars and homes are computers into which we insert our bodies; our hearing aids and implanted defibrillators are computers we insert into our bodies. The deliberate sabotage of computers is an act of depraved indifference to the physical security and economic and intellectual integrity of every person alive. If the law is perverted so that we cannot tell people when their security has been undermined, it follows that we must find some other legal way to warn them about services that are not fit for purpose.

Re: NSA Update

Doctorow has a number of interesting takes on privacy - here's one from before Snowden (bS):

http://www.theguardian.com/technolog...h-surveillance

Re: NSA Update

Fascinating perspective. There's precedence for treating acts of state as a public health issue, mostly in terms of state-sponsored violence. A PubMed search is instructive here. Only I can't see the good people who go into public health as having much of a stomach for going up against the more "action oriented" elements of the state, least of all within their own boundaries.

Re: NSA Update

Okay, I see one direction this is headed now. This is going to be used to justify legislation that makes it a crime to destroy computer equipment, even your own equipment, especially hard disk drives.

Information will be considered a separate entity, with its own set of rights and protections. Read "How We Became Posthuman: Virtual Bodies in Cybernetics" (The University of Chicago Press, 1999), N. Katherine Hayles (professor and Director of Graduate Studies in the Program in Literature at Duke University)

http://www.amazon.com/How-Became-Pos.../dp/0226321460

Re: NSA Update

meanwhile back to what's really going down . . .


The agreement for the US to provide raw intelligence data to Israel was reached in principle in March 2009, the document shows. Photograph: James Emery

The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.

Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.

The disclosure that the NSA agreed to provide raw intelligence data to a foreign country contrasts with assurances from the Obama administration that there are rigorous safeguards to protect the privacy of US citizens caught in the dragnet. The intelligence community calls this process "minimization", but the memorandum makes clear that the information shared with the Israelis would be in its pre-minimized state.

The deal was reached in principle in March 2009, according to the undated memorandum, which lays out the ground rules for the intelligence sharing.

The five-page memorandum, termed an agreement between the US and Israeli intelligence agencies "pertaining to the protection of US persons", repeatedly stresses the constitutional rights of Americans to privacy and the need for Israeli intelligence staff to respect these rights.

But this is undermined by the disclosure that Israel is allowed to receive "raw Sigint" – signal intelligence. The memorandum says: "Raw Sigint includes, but is not limited to, unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content."

http://www.theguardian.com/world/201...rael-documents

Re: NSA Update

I'd say this is a feature. Much like the use of other nations for 'extraordinary rendition' - access to illegally obtained information on US citizens can be 'analyzed' by foreign nations to come up with probable cause, then cleaned up and re-acquired for legal use in the US.

Re: NSA Update

aka "a cutout"

Re: NSA Update

from Zero Hedge . . .

While the investing community this morning is focused squarely on the very disappointing iPhone 5 relaunch and the lack of a cemented China Mobile deal, which has resulted in a $20 billion loss in market cap in early trading for the second most widely held hedge fund stock, a thing that we find more curious in the aftermath of the latest revalations of an implicit, if not explicitly voluntary, joint venture between Apple and the US government and specifically its NSA uberspies, is just how much of Apple's product suite is derived thanks to developments by the US government. As the following Goldman breakdown of various components used by Apple in its products over the ages shows, one can understand why the NSA felt it was owed a little kickback by Apple and its "zombie" clients. After all, without the US government's technological innovation, Apple as we know it, would not exist.



Is it any wonder that the NSA believes it is entitled to a little crowdfunded effort by Apple and its zombies clients when it comes to building its next generation fingerprint database?

Re: NSA Update

And more importantly - how many terrorists use iPhones/iDevices?

Re: NSA Update

Ours or theirs?