
Core Secrets: NSA Saboteurs in China and Germany - patrickgokey
https://firstlook.org/theintercept/2014/10/10/core-secrets/
======
rl3
The document titled "ECI Compartments" is interesting:

 __* It 's possible work out the geographic region of certain compartments
based on the organizational code attached to it.

 __* The redactions in the "Control Authority" column are variable size,
possibly even proportionate to character length.

 __* The fact that document was merely classified "confidential" is odd.

 __* I was able to identify[0][1] all but one item listed in the
"Organization" column.

The sole item that eluded identification was "S0242". It is listed alone under
two compartments. I couldn't find anything on it; one can only surmise it is
something within the Signals Intelligence Directorate (probably something
boring, despite the mystique).

[0]
[http://en.wikipedia.org/wiki/National_Security_Agency#Struct...](http://en.wikipedia.org/wiki/National_Security_Agency#Structure)

[1] [http://www.matthewaid.com/post/58339598875/organizational-
st...](http://www.matthewaid.com/post/58339598875/organizational-structure-of-
the-national-security)

~~~
acqq
What could "NSA/CSS Commercial Solutions Center (NCSC)" (from [1]) actually
do? They write on their public web page:

[https://www.nsa.gov/business/programs/ncsc.shtml](https://www.nsa.gov/business/programs/ncsc.shtml)

"The NSA/CSS Commercial Solutions Center (NCSC) addresses the strategic needs
of NSA/CSS and the national security community by harnessing the power of U.S.
commercial technology."

~~~
EthanHeilman
Two pieces of information that add up to a larger story:

* The NSA/CSS Commercial Solutions Center (NCSC) is specifically built around Elliptic Curve Cryptography that they acquired from Certicom.

>The NCSC also manages the Elliptic Curve Cryptography (ECC) program on behalf
of the NSA/CSS. Elliptic curve provides greater security and more efficient
performance than first generation public key techniques currently in use.
NSA/CSS purchased a license that covers intellectual property in a restricted
field of use to assist in the implementation of elliptic curves to protect
U.S. and allied government information. -
[https://www.nsa.gov/business/programs/ncsc.shtml](https://www.nsa.gov/business/programs/ncsc.shtml)

* Certicom designed the Elliptic Curve DRBG (Dual_EC) algorithm including the backdoor (Certicom patented the backdoor functionality in 2005)[0]. The NSA then included this algorithm + backdoor into NIST standard and payed RSA 10 million dollars to make it the default DRBG.

Putting these two facts together suggests that the NCSC was responsible for
the Dual_EC backdoor.

[0]:
[http://en.wikipedia.org/wiki/Dual_EC_DRBG](http://en.wikipedia.org/wiki/Dual_EC_DRBG)

------
xnull2guest
“The facts contained in this program constitute a combination of the greatest
number of highly sensitive facts related to NSA/CSS’s overall cryptologic
mission,” the briefing document states. “Unauthorized disclosure…will cause
exceptionally grave damage to U.S. national security. The loss of this
information could critically compromise highly sensitive cryptologic U.S. and
foreign relationships, multi-year past and future NSA investments, and the
ability to exploit foreign adversary cyberspace while protecting U.S.
cyberspace.”

Maybe they could have not published this one.

I'm very much interested in the Snowden Documents and am a strong advocate for
civil liberties (look at some of my other posts, and the ones under the handle
'xnull').

I also repeatedly explain, on Hacker News, and other places, that there is a
global cyber intelligence war and that the Snowden Leaks showed us key
insights into what was going on, how it's not 'about terrorism' and a great
number of other things.

But I'm bewildered by this article. It seems really damaging, and like it
doesn't really add very much to the corpus they've already published.

Any ideas?

Edit: Glenn Greenwald, Laura Poitras, Edward Snowden, etc all decide what
material to publish and what material not to publish. Greenwald, by his own
admission, works with US officials to redact information and to choose which
stories make it out of the gate. He's also said that he isn't revealing
(paraphrasing) 'the most horrendous material in the Snowden documents, for
fear of the fallout'. My question should not be thought of a challenge to
revealing Snowden documents as a whole. Contrary to this I think it is of the
very highest service. My question is only 'why this document'?

~~~
fiatmoney
Because of this. It's likely the NSA is actively subverting American
companies.

"The most controversial revelation in Sentry Eagle might be a fleeting
reference to the NSA infiltrating clandestine agents into “commercial
entities.” The briefing document states that among Sentry Eagle’s most closely
guarded components are “facts related to NSA personnel (under cover),
operational meetings, specific operations, specific technology, specific
locations and covert communications related to SIGINT enabling with specific
commercial entities (A/B/C).”

It is not clear whether these “commercial entities” are American or foreign or
both. Generally the placeholder “(A/B/C)” is used in the briefing document to
refer to American companies, though on one occasion it refers to both American
and foreign companies. Foreign companies are referred to with the placeholder
“(M/N/O).” The NSA refused to provide any clarification to The Intercept."

~~~
meowface
This article seems a bit speculative. They don't seem to know for sure that
"(A/B/C)" means American companies in this case. Everything else just seems
like commentary from themselves and other security experts.

As for foreign companies, it's pretty obvious that NSA and CIA have been
conducting operations like these for many decades.

I'm not going to argue that the NSA has not subverted American companies
before (see DUAL_EC_DRBG), but this does not provide definitive proof that
they're actively infiltrating homeland companies with human spies.

~~~
xnull2guest
It's not all that speculative - it agrees what was in prior leaks that claim
that American companies are routinely infiltrated. Also remember that the
authors of these articles have read huge volumes of Snowden documents have
have not been publicly released and that the security experts (likely
referencing Schneier here) are not just guys working in private industry. If
you work in the security space you very quickly begin to interoperate with
past- and current- military and government personnel. Schneier testifies as an
expert witness on these things before congress and Greenwald is an ex-
Constitutional lawyer. In short they have the pedigree to make these
assertions.

For the record I don't agree with the parent. I think the important thing
about this document is that it lays out the broad tactical tools used in US
cyberintelligence strategy. It's handing off some major tactical playbook
material.

~~~
csandreasen
It looks pretty speculative to me. Directly from this article: _" The most
controversial revelation in Sentry Eagle might be a fleeting reference to the
NSA infiltrating clandestine agents into “commercial entities.”"_, _" It is
not clear whether these “commercial entities” are American or foreign or
both."_ and _" The document makes no other reference to NSA agents working
under cover. It is not clear whether they might be working as full-time
employees at the “commercial entities,” or whether they are visiting
commercial facilities under false pretenses."_

The author is also picking quotes from different programs and mashing them
together to come up with their speculation. Note how the commercial entities
are discussed under the "Sentry Owl" program on page 7, but the "covert or
under cover" quote comes from the "Sentry Osprey" section on the last page,
which appears to be talking about the NSA working with the CIA. If NSA
employees were working with the CIA on anything outside the US, it would make
sense that they'd be undercover. Maybe they are infiltrating companies, but
the source document doesn't support that assertion.

Schneier isn't name-dropped at all in the article. I find it odd that they
would quote Matt Green and Chris Soghoian by name, but mix in the opinions of
someone as well-known as Bruce Schneier without mentioning his name anywhere.

~~~
xnull2guest
It's not really speculative. Remember that previous leaks showed definitively
that the NSA had broken into Google and Yahoo, notwithstanding they had some
partnerships/participation from them.

Bruce Schneier was given an opportunity to meet and review a large collection
of documents but yes its true we don't really know.

~~~
XorNot
The previous leaks did not definitely show anything like that. In fact its not
clear they showed anything beyond an informational briefing on issues with
intercepting Google related data.

There's a Chinese whispers effect to all this where vague assertions are
repeated over and over until they become considered definite facts.

~~~
xnull
"This is a major leap forward in the NSA's ability to exploit Facebook using
FISA and FAA authorities" \- NSA

"...by exploiting inherent weaknesses in Facebook's security model." \- GCHQ

[http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPl...](http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-
Documents-Compressed.pdf)

That's Facebook. The Yahoo and Google stuff has been very widely reported and
are direct from Greenwald and the Snowden leaks. Other links (in particular
the PKH link) contain other information.

[http://www.washingtonpost.com/world/national-security/nsa-
in...](http://www.washingtonpost.com/world/national-security/nsa-infiltrates-
links-to-yahoo-google-data-centers-worldwide-snowden-documents-
say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html)

------
eyeareque
I read the entire article with the hopes that company names would be
mentioned. Let's see who took cash to weaken encryption. Let's see who helped
the government create back doors. That would have made this article stand out.
But alas it contained more of the same things we already knew or assumed was
going on.

Here's hoping for next time.

~~~
xnull2guest
All large corporations weaken encryption for the government. Some articles. If
you want more, I'm sure I can dig up a few.

[https://en.wikipedia.org/wiki/Communications_Assistance_for_...](https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act)

[http://www.foia.cia.gov/sites/default/files/DOC_0006231614.p...](http://www.foia.cia.gov/sites/default/files/DOC_0006231614.pdf)

~~~
declan
> All large corporations weaken encryption for the government

This is simply false. It is untrue to claim that all U.S. companies have
somehow "weakened" encryption or inserted backdoors in their products for the
Feds. I normally wouldn't waste my time correcting conspiracy theories, but
sometimes it's necessary to stop the more credulous from believing them.

Yes, the NSA has boasted of having a surveillance "partnership" with certain
U.S. companies, but those are _telecommunications carriers_ \-- AT&T, Verizon,
Sprint, etc., not Silicon Valley firms:
[http://www.cnet.com/news/surveillance-partnership-between-
ns...](http://www.cnet.com/news/surveillance-partnership-between-ns..).

For an additional indictment of AT&T, look at the sworn affidavit that EFF
obtained from local SF bay area whistleblower Mark Klein -- an AT&T technician
who revealed the existence of the NSA's fiber taps at the 2nd & Folsom Street
SF facility.

But the Silicon Valley companies that we know and more-or-less love have done
the opposite. Look at the announcements about device encryption by Google and
Apple in the last month (that have irked the Feds so much they're threatening
new laws). Look at Google's Adam Langley, Wan-Teh Chang, Ben Laurie, and Elie
Bursztein deploying a better TLS cipher suite in Chrome. Look at Twitter's
surveillance lawsuit this week against the Feds over, apparently, the legality
of a warrant canary.

And of course the two links in the conspiracy theory posted above prove the
_opposite_ of the "weaken encryption" claim. First, CALEA doesn't apply to web
companies. And even the carriers it does apply to are permitted to (at 47 USC
1002(b)(3)) provide _secure end-to-end encryption_ : "A telecommunications
carrier shall not be responsible for decrypting, or ensuring the government’s
ability to decrypt, any communication encrypted by a subscriber or customer,
unless the encryption was provided by the carrier and the carrier possesses
the information necessary to decrypt the communication."

Second, the FOIA'd doc was written in the late 1990s _before_ the Feds
liberalized encryption export controls. It's 15+ years out of date. You can
now freely export strong crypto. And even in the dark days of the 1990s, there
were no domestic controls on encryption use, though the TLAs did give it a
shot at one point.

A better argument for the conspiracy theory set is the very odd relationship
between EMC Corporation's RSA business unit and NSA. But even if allegations
of intentional security flaws are true, EMC is a Massachusetts company, not a
left coast firm, and a cozy relationship between the NSA and EMC/AT&T/VZ/etc.
certainly does not indict all companies and their founders.

~~~
xnull2guest
It's funny you call it a conspiracy theory. There's no conspiracy. And it is
not a theory. The NSA currently requires companies (like Microsoft, Apple) to
provide encryption keys corresponding to devices where pertinent. If you look
at Bush era legislation most of the pen register, tap-and-trace laws and
rulings were precisely pulling existing laws for telecommunication onto the
domain of the internet by arguing technical equivalence. It is also true today
that essentially all telecommunications are done over digital lines.

Finally Apple isn't a "web company", nor is Microsoft or the majority of
'large corporations'.

> "...unless the encryption was provided by the carrier and the carrier
> possesses the information necessary to decrypt the communication"

I don't think I need to say very much here.

Regarding Apple's encryption there's lots of good information about how very
little it actually does and can do. There was also a hacker news thread with
yours truly.
[https://news.ycombinator.com/item?id=8389365](https://news.ycombinator.com/item?id=8389365)

Regarding the 'antiquated' FOIA doc - you can export strong crypto but you
backdoor it, keep the keys, or provide other ways to access the data.
Blackberry's entire business model was secure communications and look where
they are today. RSA is now in a similar boat.

"Weaken encryption" does not mean 'lower the bit security under the standard
attacker model' here. In this case it means 'subvert encryption through design
or implementation flaws, key repositories, controlled PRNGs, side channel
access or designed-in systems level access to the data'. "Weaken encryption"
doesn't mean "choose smaller key sizes", it means "make the fact that
something is encrypted a weak guarantee of security and privacy."

> But the Silicon Valley companies that we know and more-or-less love have
> done the opposite

Image management, nothing more. Why the public showdown? That doesn't make any
sense at all. No sir, I'm certain that corporations would like to provide
security and privacy for their customers. And they do. But not against federal
law enforcement. There are no new laws that need passing right now. The
machinery is there and we've witnessed it in action multiple times. There is
no David and Goliath story here, no heroes to be heralded. It's romantic,
alright. I wish it were realistic.

Google (and others, that we are supposed to love) fought several battles that
made it to the highest levels of court in the United States but lost. They
were then forced to comply. The United States used extreme financial leverage
to get QWest to comply (and when they still wouldn't, let/forced them to go
bankrupt).

What's changed since then? Where there some new Supreme or Circuit Court
decisions that have depreciated the former?

~~~
declan
>NSA currently requires companies (like Microsoft, Apple) to provide
encryption keys corresponding to devices

Link, please?

~~~
xnull2guest
"They can promise strong encryption. They just need to figure out how they can
provide us plain text." \- FBI General Counsel Valerie Caproni, September 27,
2010

Didn't we already chat about key escrow requirements, CALEA, etc?

The Clinton Administration's big thing was key escrow. Clipper, of course, and
as that policy failed the administration moved control of encryption from
Military/Exports and Munitions to the Department of Commerce under the
agreement that key escrow systems would be put in place where weak
cryptography had been previously. Major companies (including RSA, IBM, Apple,
Sun, HP, AOL, others) collaboratively drafted industry standard key escrow
systems (aside: crypto key escrow patents are a fun things to look up on
patent searches).

Additional pressure was exerted of course because the United States had seen a
very strong rise in geopolitical espionage and sabotage and strong crypto was
becoming a problem for the NSA.

That's where things were at the end of the Clinton Administration. During
Bush's administration we saw nothing but an expansion of powers and budgets
for intelligence agencies and reclassification of laws applying to other media
(for tap and trace/pen register) to the internet (although CALEA already
applies to broadband internet) and to computers, 'computer systems and
networks' and electronic equipment. Bush (and Clinton before him) warned of
rising international cyberwarfare, but couldn't get the populace concerned
about it. Anyway, you do NOT see a reversal on escrow requirements during the
Bush or the Obama administration - rather you see an expansion of escrow and
an expansion of hardware, software and standard backdoors as well as the leaks
from Snowden.

There are a number of ways that escrow is done (we're ignoring backdoors right
now). The TPM is one novel way that keys are stored in a way that gives access
for law enforcement. TPMs are in essentially every computer, 'spooks' showed
up at the standardization meetings for the chip, Germany announced they
provided backdoor access during diplomatic troubles (and have since 'rescinded
the announcement' whatever that means), China blocks all electronics with TPM
chips coming from the United States (and allies) and after a bunch of
international and technical/commercial problems the TPM 2.0 spec (again
attended by Five Eyes spooks) it was for the most part abandoned. And
honestly, does a low end consumer device ($650 laptop or $300 phone) require a
self destructing chip that can't be examined using standard equipment or at
room temperature? The TPM also almost always resides on the low pin count bus
(the spec does not specify where it needs to sit), which gives it DMA (TPMs do
NOT need DMA).

Or check out Microsoft's Cryptographic Service Provider (CSPs). This is where
you store, provision, can generate, access, and utilize your keys in a
Microsoft system. It's also famous for being where the NSAKEY gave access.
Microsoft will tell you that it keeps your keys secured, but it is well known
to any pentester that access to admin on a box can dump all of the keys,
including those that are so-called 'marked non-exportable'. From what I can
tell by the public MSDN articles on the subject contents of the CSPs can be
controlled via group policies, and interops with other management systems.

This isn't to mention that bitlocker keys are automatically synchronized with
Skydrive (Onedrive) accounts and that Onedrive was onboarded to PRISM for NSA
access. Well, that's only if you have a Microsoft Account. Oh, one is
automatically made for you and you're essentially required to sign up for an
account to use any new Microsoft OS.

Well, that and bitlocker keys are also backed up inside of organizations to
Active Directory (i.e. don't 'domain join' your personal computer).

Anyway.

Check the flurry of Apple news items recently. The narrative would like to use
that as some sort of David vs. Goliath story of the good guy capitalist
protecting his consumer. But check the details. The addition of encryption is
not new. What's new is that they are publicly claiming that with this
encryption system they will not have access to the private keys, and so can
not comply with requests. Now we don't have to believe them (I don't), but we
do have to acknowledge that -not having a facility for escrow- is their
'dangerous game'. Encryption is not a 'dangerous game'. Not providing escrow
is.

~~~
declan
Thanks for your reply. I'm aware of what the FBI was asking for (Val Caproni
is no longer there, FYI) four years ago. My reporting before I founded
recent.io was the first to disclose some elements of the bureau's demands and
strategy, in fact.

You're right that it's unreasonable to place blind trust in a closed
encryption system, even Apple's, that we're unable to review or audit. Even if
their intentions are pure, it could be poorly implemented.

But my point is simply this: there _is no U.S. law_ mandating key escrow for
Apple, Google, Microsoft, etc. One was proposed in the 1990s. It didn't pass.
One was proposed in the Going Dark era 4-5 years ago. It didn't pass. One is
being quasi-proposed now. It hasn't passed.

I actually think I'll agree with you on a lot of issues based on your post
above -- but it is nevertheless a conspiracy theory to claim that Silicon
Valley companies somehow engage in key escrow for the NSA or that there is a
legal requirement for them to do so. As I said before, if you claim otherwise,
URL, please.

>NSA currently requires companies (like Microsoft, Apple) to provide
encryption keys corresponding to devices

PS: ^^^ I'm still waiting for the link that backs up this claim too.

~~~
xnull2guest
AFAIK there is no explicit law requiring every company that sells cryptography
(in the general case, i.e. not as a service provider) to provide key escrow.

However, this is not to discount law in praxis, how CALEA is interpreted and
enforced, the history of key escrow, current technology considerations, known
and suspected escrow mechanisms, and pressures exerted by federal law
enforcement (e.g. the removal of effective crypto from Skype when it captured
its market), and how all of this hangs together.

My (reasonably, educated and technically informed :p) suspicion is that
companies at a certain size, federal agents will come to your company and make
demands for data, which you must comply with and slowly as you are compelled
by law to give keys and data on a regular basis it becomes the best thing for
your business to install automatic escrow mechanisms.

It is my assertion that law enforcement interprets laws that read as
"...unless the encryption was provided by the carrier and the carrier
possesses the information necessary to decrypt the communication" as enough to
force companies to create escrow mechanisms.

I would argue some of this story played out very publicly with Google. Another
great example here would be the NSL of Lavabit - how they asked for far more
than was legally obligated and the forcefulness and non-public nature of the
demands made it impossible to put forward a reasonable defense.

To summarize it is apparent to me that the difference in our perspectives is
whether a specific law (another being proposed again now, as you point out) is
required in the current climate of practice of law, along with the leverage
and the compliance requirements that exist inside it, for key escrow to be
'required of companies'.

I come down on the side of 'no'. I believe they have what they need now to get
escrow.

Maybe this Apple and Google thing will clarify it. But somehow I doubt it.
Prediction: no explicit law on key escrow will be passed (it would be entirely
too harmful for US exports) but it will continue to be practiced.

~~~
xnull2guest
Here are some interesting links.

HP obtained a patented backdoor system in 2008 (filed mid 2000 and approved
around the start of 2001).

[https://www.google.com/patents/EP1059578A2](https://www.google.com/patents/EP1059578A2)

Certicom (the same company DUAL_EC was filed under) has a new key escrow
system patented.

[https://www.google.com/patents/EP2637350A2](https://www.google.com/patents/EP2637350A2)

Key escrow system filed in 2004 and published in 2011:

[https://www.google.com/patents/US8015597](https://www.google.com/patents/US8015597)

2008-2012 stateless key escrow patent:

[https://www.google.com/patents/US8315395](https://www.google.com/patents/US8315395)

"Automatic recovery of TPM keys" \- Lenovo

[https://www.google.com/patents/US8290164](https://www.google.com/patents/US8290164)

Oops, here's a Microsoft "cloud storage" key escrow system from 2011-2012.

"Some of the files stored on the network server may be sensitive or
confidential. The user may wish to restrict access to those files. The files
may then be encrypted or otherwise protected with a password or other key. The
user may not trust the network server to store the key, and may thus desire to
retain sole possession of the key. Such users, however, often lose (or forget)
their passwords or keys. Moreover, other third party users may legitimately
require access to the stored, encrypted files."

"FIG. 3 illustrates a flowchart of an example method for providing third party
data access to a user's encrypted data according to a predefined policy."

"In some cases, however, while the data storage system is not able to decrypt
the user's data, it may be necessary for an outside entity (e.g. a
governmental entity) to access the user's data."

"In cases where the encrypted data is a cryptographic key, that key may be
stored as a plurality of shares. The shares are mathematical transformations
of the user's private key, and each share is provided to one of the verified
third parties. Each verified third party publishes his or her own public keys,
and encrypts his or her share of the encrypted key using their published
public key. The verified third party shares encrypted according to the third
partys' public keys are then stored in the data storage system. Because the
shares are encrypted according to the verified third parties' public/private
key pair, the data storage system is prevented from accessing the encrypted
shares, and is further prevented from accessing the user's data."

"In some cases, the user's data may comprise, at least in part, a
cryptographic key. The user's data, including the key, may be stored in
multiple different shares."

Encrypted data AND keys!

The patent examiner cited "The Risks of Key Recovery, Key Escrow, and Trusted
Third-Party Encryption" when doing his examination.

[https://www.google.com/patents/US20120321086](https://www.google.com/patents/US20120321086)

[http://academiccommons.columbia.edu/catalog/ac:127127](http://academiccommons.columbia.edu/catalog/ac:127127)

Some Raytheon for good measure. A bit older, but certainly Bush era.

[https://www.google.com/patents/US7269261](https://www.google.com/patents/US7269261)

Motorola [1]. Certicom [2]. Honeywell [3]. Motorola [4]. Deutsche Telekom Ag
[5]. IBM [6]. Apple [7]. ‎Fujitsu [8]. Red hat [9]. F-Secure [10]. Sony [11].
Seagate [12]. Dell [13]. Sprint [14]. Nokia [15]. Gemalto [16]. Intel [17].
Samsung [18]. Symantec [19]. Sun Microsystems [20]. Toshiba [21]. Cinea [22].
General Dynamics [23]. Citicorp [24]. Siemens [25]. Ericsson [26]. VMWare
[27]. Facebook [28]. HP [29]. Cisco [30]. Liquid Machines [31]. GIC [32].
Microsoft [33]. Novell [34].

And of course the US patent system has a classification for key escrow
systems: 380/286.

[http://www.uspto.gov/web/patents/classification/uspc380/defs...](http://www.uspto.gov/web/patents/classification/uspc380/defs380.htm#C380S286000)

[1]
[https://www.google.com/patents/US7116786](https://www.google.com/patents/US7116786)

[2]
[https://www.google.com/patents/US8688998](https://www.google.com/patents/US8688998)

[3]
[https://www.google.com/patents/US20070140496](https://www.google.com/patents/US20070140496)

[4]
[https://www.google.com/patents/US5241597](https://www.google.com/patents/US5241597)

[5]
[https://www.google.com/patents/US7162037](https://www.google.com/patents/US7162037)

[6]
[https://www.google.com/patents/US8195959](https://www.google.com/patents/US8195959)
&
[https://www.google.com/patents/US7856664](https://www.google.com/patents/US7856664)
&
[https://www.google.com/patents/US7873170](https://www.google.com/patents/US7873170)

[7]
[https://www.google.com/patents/US20090319769](https://www.google.com/patents/US20090319769)

[8]
[https://www.google.com/patents/US6754349](https://www.google.com/patents/US6754349)
&
[https://www.google.com/patents/US8055911](https://www.google.com/patents/US8055911)
&
[https://www.google.com/patents/US7752318](https://www.google.com/patents/US7752318)

[9]
[https://www.google.com/patents/US8144876](https://www.google.com/patents/US8144876)
&
[https://www.google.com/patents/US8494169](https://www.google.com/patents/US8494169)
&
[https://www.google.com/patents/US20070280483](https://www.google.com/patents/US20070280483)

[10]
[https://www.google.com/patents/US8824682](https://www.google.com/patents/US8824682)

[11]
[https://www.google.com/patents/US7672458](https://www.google.com/patents/US7672458)

[12]
[https://www.google.com/patents/US7899186](https://www.google.com/patents/US7899186)

[13]
[https://www.google.com/patents/US20090080663](https://www.google.com/patents/US20090080663)

[14]
[https://www.google.com/patents/US7869602](https://www.google.com/patents/US7869602)

[15]
[https://www.google.com/patents/US8107623](https://www.google.com/patents/US8107623)

[16]
[https://www.google.com/patents/US8074076](https://www.google.com/patents/US8074076)

[17]
[https://www.google.com/patents/US6950523](https://www.google.com/patents/US6950523)

[18]
[https://www.google.com/patents/US8315386](https://www.google.com/patents/US8315386)
&
[https://www.google.com/patents/US20070172069](https://www.google.com/patents/US20070172069)
&
[https://www.google.com/patents/US7492895](https://www.google.com/patents/US7492895)

[19]
[https://www.google.com/patents/US8397281](https://www.google.com/patents/US8397281)

[20]
[https://www.google.com/patents/US7050589](https://www.google.com/patents/US7050589)
&
[https://www.google.com/patents/US7660423](https://www.google.com/patents/US7660423)
&
[https://www.google.com/patents/US20100142713](https://www.google.com/patents/US20100142713)

[21]
[https://www.google.com/patents/US8099609](https://www.google.com/patents/US8099609)

[22]
[https://www.google.com/patents/US7277544](https://www.google.com/patents/US7277544)

[23]
[https://www.google.com/patents/US20070195960](https://www.google.com/patents/US20070195960)

[24]
[https://www.google.com/patents/US6970836](https://www.google.com/patents/US6970836)

[25]
[https://www.google.com/patents/US7313697](https://www.google.com/patents/US7313697)

[26]
[https://www.google.com/patents/US20080152151](https://www.google.com/patents/US20080152151)

[27]
[https://www.google.com/patents/US8234518](https://www.google.com/patents/US8234518)

[28]
[https://www.google.com/patents/US8490166](https://www.google.com/patents/US8490166)

[29]
[https://www.google.com/patents/US6577735](https://www.google.com/patents/US6577735)

[30]
[https://www.google.com/patents/US8631227](https://www.google.com/patents/US8631227)

[31]
[https://www.google.com/patents/US7796760](https://www.google.com/patents/US7796760)

[32]
[https://www.google.com/patents/US20040052380](https://www.google.com/patents/US20040052380)

[33]
[https://www.google.com/patents/US20070003065](https://www.google.com/patents/US20070003065)

[34]
[https://www.google.com/patents/US8098828](https://www.google.com/patents/US8098828)

~~~
xnull2guest
I have lost the ability to edit this post. I wanted to share some more
information. All of these patents contains key escrow capabilities, which is
defined by the US patent system as "Subject matter wherein the key is
deposited or retrieved to or from a third party."

There are circumstances where this is not being used to give access to law
enforcement, or the patent would not make sense in that context.

This is a last defense argument. Certainly it is the case for some escrow
systems, and (especially with the patentese) are difficult to decipher.

But others are clear as day: "In order to receive the information, law
enforcement may submit a request to each of the entities identifying the
communication session and their basis for authorization."

Only some of the documents provided above have been read through by yours
truly. They constitute only a minor fraction of patents by a minor fractions
of companies in the US patent system.

Verisign? [1]

[1]
[https://www.google.com/patents/US6931133](https://www.google.com/patents/US6931133)

------
aburan28
The NSA has clearly recruited employees from companies like Google, Facebook,
Cisco, etc to compromise and place vulnerabilities that the NSA can exploit.
The fact that the NSA has decided that the legal channels to acquire data
through warrants and actual investigations no longer applies must be stopped.

~~~
MichaelGG
As an example, I have a small VoIP company. At one point, we were processing
about a billion calls a week. A malicious employee could probably setup a
trace and collect call records or record calls. I'd have no real defense
against hiring someone that worked for the NSA.

An employee at a hosting company could do huge amounts of damage. Consider SSL
certs can be issued just by checking email to prove "ownership". At some large
ISPs/datacenters, it'd be "fairly easy" to intercept the confirmation email
and get SSL issued in a company's name "legitimately" (that is, no bad effects
to the CA and not traceable to the NSA).

Subverted employees is a huge threat and we should really consider that when
looking at security in general.

------
philip1209
I don't see any reference to domestic surveillance, so my interpretation is
that a spy agency is spying.

------
bmh100
It is unfortunate the shadowing did not also go to homework and extra
curricular activities. This is an area that is neglected too. If he had sat
through a practice, then gone home to read 200 pages and do two hours of
homework, his conclusions would be even more dramatic.

------
chj
Not surprised. Good thing is we don't have to hear US gov criticizing other
countries any more.

------
duckery
Thank God we are clustered with Germany and South Korea in this. I can only
imagine the not-giving-a-fuckery if the targets were "China, Iran and Cuba"

------
t-rex1
Revealing mass surveillance is one thing (great!), but some of these leaks
feels like revealing too much and some of whats meant to be protecting
us...no??

~~~
psaintla
I've been a Snowden supporter but this is the kind of information that gets
people killed. I'm not sure how comfortable I am with this. He proved his
point a long time ago is this really necessary?

~~~
t-rex1
I agree..

~~~
psaintla
I know..

------
icantthinkofone
I can't find any article titled "Chinese and German Saboteurs in America".
Why?

------
curiously
I wonder what's in the tip of the pyramid, shaded in black. Somethings I like
to imagine:

\- Kennedy was assassinated by CIA

\- Aliens transferred technology to US government

\- Former strongman of South Korea was assassinated by CIA

\- List of other assassinations by CIA

\- Iraq WMD was made up and knew about it but went ahead with war anyway.

etc...

~~~
WorldWideWayne
You're not allowed to be imaginative or speculate here about topics that
people have been conditioned to patriotically think non-critically about! Just
give it up man! We all know that the official stories about 9/11 are 100%
true!

(For a group that hates censorship as much as these "hackers" do, isn't it
funny how they love a site that lets everybody censor each other by downvoting
comments into invisibility? See? Help meeee I'm meltinggggg....)

~~~
dandelany
When you speak in front of a crowd of people and are arrested by police for
the things you're saying, that's censorship.

When the crowd boos you off the stage before you're finished, that's not
censorship, it's other people also asserting their rights to free speech.
Perhaps you should reconsider what you're saying or find a new group of people
to say it to.

~~~
WorldWideWayne
Your analogy doesn't work because 3 or 4 downvoters does not constitute a
crowd. No, this is basically censorship by a small set of group-think leaders.

Thanks for the unsolicited advice though!

------
illumen
TLDR; Secret police do secret police things.

~~~
pluma
More like: the US can't get rid of its Cold War era habits.

The Cold War never ended. It was just extended from US vs the Soviet Union to
US vs everybody else.

But what do you expect from a nation that is now _de facto_ in a perpetual
state of war with an amorphous, heterogeneous and strictly confidential blob
of groups, nations and assorted individuals that includes its own citizens.

