

Foreign regimes use spyware against journalists, even in U.S. - RougeFemme
http://www.washingtonpost.com/business/technology/foreign-regimes-use-spyware-against-journalists-even-in-us/2014/02/12/9501a20e-9043-11e3-84e1-27626c5ef5fb_story.html

======
throwaway_yy2Di
" _The trade in spyware itself is almost entirely unregulated, to the great
frustration of critics._ "

Not for long!

 _" Cyber war technology to be controlled in same way as arms"_

[http://www.ft.com/intl/cms/s/2903d504-5c18-11e3-931e-00144fe...](http://www.ft.com/intl/cms/s/2903d504-5c18-11e3-931e-00144feabdc0.html)

[http://www.exportlawblog.com/archives/5599](http://www.exportlawblog.com/archives/5599)

It's so thoughtful of the WaPo to stir up moral panic to push this all
forward. Because major powers want to rewrite software law, in a military
arms-control framework, in undemocratic and secretive treaty institutions: and
_yes_ , the purpose of this is to "protect journalists"; why do you ask?

~~~
sehugg
I kind of figured where this story was going when I saw the word "regimes" in
the headline.

------
gmuslera
“To invade the privacy of American citizens and legal residents, violating the
sovereignty of the United States and European countries, is mind-boggling,”

Do what i say, not what i do, said the elephant in the room.

~~~
anologwintermut
To be fair, the NSA mass surveillance probably did not violate various
european countries' sovereignties since they all appeared to be in on it. It
probably being illegal in those countries is a different story (and certainly
being illegal when applied domestically).

------
wavefunction
Man, if only there were a national agency in the US that had infiltrated
absolutely every aspect of every networked computer system anywhere and worked
to provide security and investigate netcrimes against its citizens and others
rather than commit its own crimes.

Wishful thinking, I guess...

------
zimbatm
I wonder what the NSA could do to protect the US public and companies from
hacking. Public safety is a role the government is supposed to participate in
after all. Instead of obsessing over secrets people might have, what sort of
counter-measure could they deploy to help in that effort ?

~~~
dragontamer
[http://en.wikipedia.org/wiki/Security-
Enhanced_Linux](http://en.wikipedia.org/wiki/Security-Enhanced_Linux)
[http://en.wikipedia.org/wiki/Advanced_Encryption_Standard](http://en.wikipedia.org/wiki/Advanced_Encryption_Standard)

You forget, part of the NSA's mission is defense of the nation. They have
actually contributed major portions of defense to the cyberworld, including
SELinux and verification of AES.

NSA expertise was called in on the recent Nasdaq and Google hacks as well.
[http://www.wired.com/threatlevel/2011/03/nsa-investigates-
na...](http://www.wired.com/threatlevel/2011/03/nsa-investigates-nasdaq-hack/)

~~~
zimbatm
True but that's a rather passive approach (no to dismiss their efforts!). I
was thinking what kind of active role they could play for example to help fend
of DDoS attacks or intercept ongoing hacking attempt. After all they seem to
have the infrastructure in place :p

~~~
mpyne
This is related to something I'm researching. To be blunt the intersection of
government and civilian infrastructure is all muddled up.

The theory is that DHS helps defend the civilian Internet (where "helps" seems
to be as directive as it gets, since so much of the affected infrastructure is
in private hands).

In the meantime NSA and DoD are looking at cyber security very seriously, but
through the military-tinted lens.

It is a lot easier to differentiate a law enforcement problem from a military
problem domestically when in the meatspace, especially without the attribution
and jurisdictional issues that pop up with cybersecurity.

It doesn't help when laws intended to clarify the process by which private and
government entities cooperate for the security of the Internet get muddled
with RIAA IP protection laws and subsequently get angrily tossed out of
Congress. As it stands it all seems to be still quite foggy.

~~~
zimbatm
Are you operating in an official capacity ? If you have any links or materials
I would be interested.

~~~
mpyne
Semi-official. I'm in a student status so it's a personal research project but
under the aegis of a government institute.

Presidential Policy Directive 21 is where the White House tries to set policy
and agency "swim lanes" for critical civilian infrastructure (including
cyber). Reading it is amazing just seeing the number of agencies that are
involved in some fashion with IT/cyber/etc.

DHS themselves handle this function under the term "Critical Infrastructure
and Key Resource" (CIKR) support.

There's also various national strategy documents relating to cyberspace.

As for the military side DoD has a bunch of strategies as well. Anything
operational or tactical is probably classified but you can certainly Google
for "DoD Instruction" \+ cyber (and likewise for "DoD Directive") and find
their public governing policies.

The problem of ensuring there is a formal way for government to work together
with private entities to secure cyberspace was intended to be fixed by the
CISPA law that had been proposed in Congress but as I mentioned that had
issues (some real, some a "taint" from SOPA/PIPA). AFAIK there is still no
clarity here, and the White House can't simply give out a dictat via Executive
Order for all of this.

------
microcolonel
In the U.S. at least they threaten and spy on journalists more directly.

Curse those foreign regimes and their easily-avoidable spyware.

------
joe_the_user
"All regimes" ... "do whatever they can do" ... "against whoever they find
significant" ... "anywhere they can"

News at eleven

~~~
mpyne
Apparently it actually is news though. "NSA spies overseas on whatever they
can grab. Develops advanced capabilities to complete its assigned SIGINT
mission. Also tries to semantically understand data." has taken over 2013
after all.

