
Why we can't go back to business as usual post-PRISM - nullc
https://mailman.stanford.edu/pipermail/liberationtech/2013-June/008838.html
======
b6
I'm a peaceful person, but this issue has been simmering in my head for years,
and I find myself actually looking forward to some kind of meaningful
conflict. I'm sick, sick, sick to death of the president issuing denials while
they keep building more and more infrastructure against humanity. I think the
article is right, that it'll get worse from here, and in a way, I'm glad.

~~~
pilif
Last time people were looking forward to a meaningful conflict, it plunged the
whole world into 4 years of war, followed by another 7. Be careful what you
wish for.

We need a peaceful solution for this. Vote these people away. Replace them by
better people. Educate those who think they have nothing to hide.

~~~
TelmoMenezes
The scary thing is this: these people were already voted away. People voted
for Obama when he promised the end of warrantless wiretapping, the closing
down of Guantanamo, etc. Why should voters believe the next guy who promises
these things? It feels hopeless.

~~~
Shivetya
what was the excuse for voting for him again in 2012?

really I fail to understand people here, One day they bitch about invasion of
privacy the next day they want the same people to have every bit of control
over their health care. Well guess what, you cannot have it both ways.

Granted he had help from a major government agency interfering with groups
opposed to his reelection from gathering funds. So perhaps you didn't have a
choice in who won.

~~~
lukeschlather
> One day they bitch about invasion of privacy the next day they want the same
> people to have every bit of control over their health care. Well guess what,
> you cannot have it both ways.

This is just as flawed as the arguments that giving the government access to
your email is no big deal because you gave access to Google, and they're a
massive organization too, right?

I have no problem with Medicare having access to the health records of every
American. Single-payer healthcare is a great system. This is completely
tangential to giving the NSA/FBI similar access to information.

Comparatively speaking, it might actually be more difficult for the NSA to get
unwarranted access to government medical records, since we have extensive laws
on the books protecting such data. Your argument is an absolute red herring.

~~~
alexqgb
Not sure why you're getting the downvote. This is obviously true.

It's also important to consider not just the size of the organization, but the
nature and extent of its powers. For instance, Google - no matter how big -
cannot arrest you, try you, convict you, or imprison you. Your health insurer
isn't going to send the Marines to attack another nation, no matter how many
doctors they have in their network. I could go on, but the point should be
clear: military and law enforcement have a unique - and uniquely dangerous -
set of powers. Accordingly, they operate under structures for accountability
unlike those that exist anywhere else. The extraordinary trust they're given
in some areas is balanced by a distinctly high and formalized level of
distrust in others (e.g. actions that are subject to prior judicial review and
approval).

So contrary to what you insist, we _can_ give some powers to some
organizations, withhold the same power from others. And we can base those
organization's ability exist and operate legally on the degree to which they
respect and abide by these divisions, and the rule of law.

When it turns out that (a) they don't and (b) we can't respond to these
violations, it's a signal that the most basic arrangement keeping our society
viable is coming undone. That's a problem that needs to be solves. But thanks
to the principle of divided power, it doesn't mean we have to give up
intelligent arrangements for sending email or handling health care data in
order to keep the police and military in line.

------
bayesianhorse
For me, this incident is an example where the U.S. democracy failed, pure and
simple. Obama made campaign promises to not do surveillance. He was elected
and then did it anyway. It's frankly impossible now to change this issue in a
democratic fashion.

From the outside it often looks as if American politicians are overly busy
with a very expensive "game", rather than using the game for the greater good.

~~~
taktix
It's because the American people voted for looks over substance. Obama has no
morals and no spine, but he looks and sounds like a Hollywood star.

Obama is just the US population's reflection in the mirror.

~~~
icebraining
Yes, they should have voted for substance, for McCain, instead, who just
yesterday called this process "appropriate".

And of course, the two parties chose to approve _and_ re-approve the PATRIOT
act.

~~~
betterunix
Who says it is a choice between two people? You may not have noticed, but
there are more than two parties in this country.

How about all the Democrat and Republican voters who talk about choosing the
lesser of two evils _get over it and vote for third parties whose views they
agree with_? Stop being cowards and worrying about the "other side."

If anything, we will at least force the major parties to work harder to keep
their power.

~~~
mullingitover
Winner-take-all voting systems naturally tend to produce a two-party system.
There's an aversion to vote third party due to the problem of throwing your
vote away. So, before you can have viable third parties in this country, you
have to revamp the voting system to something like instant runoff.

~~~
icebraining
We have a Parliamentary system with six parties with at least one seat. For
the most part, I'd say it barely has any effect, except maybe on some
important social issues (same-sex marriage and drug use decriminalization),
but which could have passed without them.

The problem is that the two major parties coalesce the broad ideology-less
voters, and while the others have a solid core of supporters, they can never
really get a meaningful number to really force change.

I mean, even during one of our worst economical crisis, with unemployment and
poverty hitting record highs, the polls barely show any increase for the other
parties.

------
fpp
Also read the reply by Aaron Greenspan in the thread:

[https://mailman.stanford.edu/pipermail/liberationtech/2013-J...](https://mailman.stanford.edu/pipermail/liberationtech/2013-June/008839.html)

------
ericHosick
This may seem a bit off topic, but I do agree that we can't go back. So, I'm
asking here.

We are building out a software development framework "from scratch" and would
like to make security a core aspect of the framework.

Where would be a good place to start looking at encryption solutions? For
example, would PGP be a good option?

~~~
einhverfr
Here's my view. I recently wrote an article on my blog
([http://ledgersmbdev.blogspot.com/2013/06/tangent-design-
thou...](http://ledgersmbdev.blogspot.com/2013/06/tangent-design-thougths-
about-next-gen.html)) which was on the front page of HN for a while. I want to
summarize both my thoughts again and things that have occurred to me after
writing it.

All of our existing key interchange systems are amazingly brittle. With X509,
there's no reason to assume the NSA couldn't order verisign to produce a
certificate for any given individual or site which they could then use to
orchestrate a MITM attack. Purely synchronic protections (i.e. focused
exclusively at the moment of exchange) are obsolete in my view. Similarly
purely diachronic protections have problems too, and often aren't well
implemented. Suppose you need to rotate ssh host keys. This becomes a problem.
I think we need something a lot better.

Regarding PGP, the question is what they can break. Could they get a court
order to force MIT to help them present that your key on their directory is
visible to you but their key is visible to everyone else (allowing them to
step in between and conduct another MITM attack of another variety?

Even if you add endorsements (web of trust model), how easily can that be
attacked? It might be harder but not that much harder.

So my thinking is this. Start with a standard PKI model and extend it to
require evidence of continuity. The assumptions required to do this are:

1\. No external authority issues private keys, and

2\. You must retain and continue to use an old private key for an unspecified
transition period (possibly spanning several keys). This shows a chain of
issuance, and evidence that the same entity controls the same internally
issued private keys over time.

So suppose you define a transition period of 2 years and a key rotation period
of one year. This means that anyone you have been in communication with over
the last three years will be able to check that the continuity of key
possession has not changed, and three keys would have to be compromised to
force a certificate believably (two of those keys can be stored somewhere else
and only used for the certificate resigning process) If a MITM attack starts,
anyone who has been in contact in that period knows instantly that something
is wrong. Newcomers get alerted when the MITM attack stops.

I would recommend looking into what we can do to implement a system like that.
I am thinking of trying to write it up as an RFC and submit it to the various
bodies.

~~~
XorNot
Put a better interface on GPG to make managing web-of-trust not a nightmare.
The infrastructure has existed for a long time, but using it is amazingly
unfriendly.

It gets more interesting when you consider a model like off-the-record
encryption, where the goal isn't encryption and verification but deniability.
OTR has the great property of ensuring that any time you manage to decrypt or
intercept a message, you've also received all the information necessary to
forge that message. Identifying keys are transient so you can never really
prove any individual, sent any message since if you hold a copy of the message
you could just as easily have faked the message.

~~~
eightyone
I wish there was a site to connect open-source projects who need better UIs
with the designers over at Dribbble. On Dribbble you see a lot of UI concepts
that never come to fruition. What if we could convince some of them to help
build a better PGP UI? After all, real world applications look much better on
a resume than concepts.

~~~
gurkendoktor
We've tried to write a streamlined UI for GPG keysigning parties in
university. The CLI of gpg was absolutely hostile. Fatal errors would still
have 0 as the exit code etc... :(

~~~
Torgo
You're supposed to link against GPG-ME. It's specifically for that purpose.

~~~
gurkendoktor
Thanks! We apparently all failed at Google at the time. We were using Java but
it seems there are wrappers.

------
raverbashing
"Why would you use AES/RSA/etc. when the NSA employs more mathematicians than
anyone else and may well have cracked them?"

Well, because of everybody else seems to be a good reason.

And one thing a bunch of good mathematicians is not better than is math. And
as far as we know, they may still be good systems.

The construct of encryption systems today is so complex I think the last part
they would address would be the algorithms themselves (but they certainly can
factor the product of two primes in record time)

~~~
Spearchucker
Assuming for a minute, hypothetically, that the NSA _can_ crack AES and RSA,
then the way to combat that is for more people to use it more often, and to
create meaningless encrypted spam.

Cracking requires huge computing resources. If there's an overwhelming amount
of data to crack, with little guarantee of any useful yield, then we can
reasonably expect it that negates the ability to crack it.

~~~
wisty
4Chan is https. So there is a fair amount of meaningless encrypted spam out
there already.

~~~
jafaku
They don't need to crack 4chan, it's in the US.

------
robomartin
I know a couple of people that, for as long as I've known them, have been
consumed by this idea of having to be able to defend yourself from an
intrusive government. They, as one would expect, have gun safes full of guns
of all types, piles of ammunition and other survivalist tools and equipment.

When the Newtown school massacre happened I actually called a friend in the
Sheriff's department to ask if I should "drop a dime" on these guys. My
argument was that, while they had never hurt anyone in their lives, perhaps
they could one day blow a fuse and use their arsenal to kill innocent people.

This was a troubling call for me. I am not anti-gun at all. I don't happen to
own any. Yet, I don't have any fundamental objections to law-abiding people
owning them. The Newtown event rattled me as much as it probably did lots of
people.

To my surprise my friend, the Sheriff, said not to worry. He went on to tell
me that this sort of thing (stock-piling weapons and ammo) is very common. He
said lots of cops do it. He went further and told me "we can find most of
these people because they are being tracked one way or the other, whether they
know it or not".

I didn't think much of that last statement until the latest government
scandals started to surface, from the IRS targeting political groups
(regardless of alignment, would you like it to happen to you in the future?)
to this PRISM/surveillance mess. You now have to wonder where else the
government is tracking us. Or, perhaps, the right question could very well be
the opposite: Where are you safe?

All of a sudden these "nut-cases" who stockpile weapons and wake up every day
thinking the government is out to get them actually have something to point to
and say: "See, I told you so". I already got that call, BTW.

No, I am not going out to buy guns. Not interested. I have enough fun shooting
them at the range. I don't feel I need to own any of them for any reason. But,
you know, how can I now tell these guys they are insane for thinking the way
they do?

~~~
tokenizer
You can't, because a rebellion/revolution is a potentiality. Sure, it seemed
unlikely, but now not so much.

Would I criticize someone for not locking their front door? No. Locks only
keep honest people honest, and the chances of your property being broken into
are fairly slim.

Would I criticize someone for preparing themselves for a
collapse/rebellion/revolution of some kind? Absolutely not. The cost of not
doing so is much higher than lost possessions. Rights, Your life, etc...

The main thing to take away from this, is that you can't know for sure, and
everybody reacts to those percentages differently. It's better to be safe than
sorry, or you can live fast and die young without worries.

I should note that the duality above can be taken in both contexts.

~~~
robomartin
I have not locked my cars in probably fifteen years. In the summer I usually
leave all the car windows open (all day). Most of my neighbors do the same. It
is common to see garage doors open all night in my neighborhood.

When I want to throw out something like a bike it can stay on the sidewalk for
weeks if I don't put a sign on it that says "free, take me". So it should come
as no surprise that we don't really feel the need to own weapons for any
reason whatsoever. I enjoy target practice at the range a few times a year
with my son. It's fun, and I think it is important to learn --particularly
safety.

Now, I have lived and worked in areas of Los Angeles where you would not dare
leave your car unlocked for one hour. I've had car stereos and whole cars
stolen from right outside my window in those areas. What did we do? We moved.

Ultimately you need to consider what it is you want from life. If I have to
own a weapon to feel safe at home I am living in the wrong place. I realize
one isn't always free to make these kinds of choices. I get it. I also have to
question if owning a few guns is of any use whatsoever as it pertains to
curtailing a corrupt or over-reaching government.

Perhaps my point is that, if we have to resort to an internal armed conflict
to bring our government in line we will have already failed at so many levels
that this will, at that time, in no way resemble the country I grew up in.

~~~
tokenizer
Agreed. Hopefully it never gets to that point, and from what I see, it wont.

I was just referring to the effects of these variables on people's minds. I
agree with you that it's almost always contextual, but you'll find the odd
person or two that feel very strongly about a low odd potentiality and it can
definitely make you feel like their are some crazies...

But I think everyone does this to some degree. If you cancel a marathon in
Halifax because of a 5 seconds phone call to the police referencing a the
Boston Bomber, then most understand that... However, when one looks at the
facts, in my country no one has died from Terrorism in the last 9 years... a
far fetched reason for this government power grab. So I don't know. Maybe the
Gun Nuts are wrong, and they have nothing to fear. But maybe most of the
populations of OECD countries are completely wrong in this manufactured fear.

Source:
[http://injuryprevention.bmj.com/content/11/6/332/T1.expansio...](http://injuryprevention.bmj.com/content/11/6/332/T1.expansion.html)

------
whatevenisthis
This whole thing is so bizarre to me. The NSA has been doing this sort of
thing since at least the early 90s. Who knows, probably earlier. What exactly
did people think the NSA was doing? The only difference is that, before
digital cell service, it was more difficult to monitor phones conversations
because the infrastructure simply didn't support it.

Everyone's all riled up over a few PowerPoint slides (which may ver well be
fake). I don't get. No mainstream company or consumer has ever given two shits
about encryption. You send data in plaintext and are surprised that the NSA
might be reading/logging it?

The public overwhelmingly supported the PATRIOT Act back when it was passed.
Black box rooms in telecom facilities were exposed what, 10 years ago? No one
gave a shit.

Why do people seem to suddenly care? You can't say it's because, "We have more
information," because we really don't. People suddenly care about privacy?

I do not understand what those who are outraged thought the NSA did. Honestly,
how can you be so ignorant?

~~~
nullc
A lot of people— sometimes the most technically competent ones— were busily
telling them that wholesale surveillance was infeasible... greatly
underestimating the available funding and ingenuity.

So it was easy to imagine that only a few things were being intercepted:
Communications be an amorphous "bad people". A distant problem for someone
else.

In the mean time digital communications devices, cloud services, social media,
etc. have become increasingly central to our lives— mediating more and more of
our most private communications and storing our most trusted data. Most of it
has built on an architectural house of cards which provides little systemic
security beyond "hasn't screwed you yet".

The fact that this is happening to _everyone_, that the data is being
correlated and stored— perhaps forever— that the argued legal basis of the
program itself is cloaked in secrecy, that the public has been denied the
ability to question something that potentially impacts the entire world, that
the leaders of technology companies that we trust with our most personal data
are either clueless or lying— as they make claims that appear to contradict
the whitehouse.

And now it's becoming clear enough that its harder to say "well, maybe it
isn't really happening" (even as you say "which may ver well be fake!)or "the
black box rooms are for someone else" and so instead of ignoring it people are
being forced to process the information. Some of them feel violated and upset.
"Hasn't screwed you yet" is starting to look a little too weak once considered
in the sunshine.

~~~
mehwoot
_A lot of people— sometimes the most technically competent ones— were busily
telling them that wholesale surveillance was infeasible... greatly
underestimating the available funding and ingenuity.

The fact that this is happening to _everyone_..._

Has this actually changed? Is there any evidence that a U.S. citizen's gmail
account, or skype calls, or yahoo searches, or facebook information, has been
obtained without a court ordered warrant?

I'm not a U.S. citizen and have always assumed that anything I put on these
companies' servers can be read by the U.S. government at will. But if you're a
citizen of the land of the free and the home of the brave, I haven't seen
anything come out that actually showed your cloud data is being accessed
without probable cause being shown, the way it always has been.

~~~
kintamanimatt
> I'm not a U.S. citizen and have always assumed that anything I put on these
> companies' servers can be read by the U.S. government at will.

Why are you ok with that?

~~~
mehwoot
Firstly, I feel like assuming the government has the ability to monitor your
communications and acting accordingly is better than assuming they can't and
getting worried when it turns out they do.

Secondly, I have zero power to change how the U.S. conducts it's business in
this regard so I'm not going to expend energy fighting it, I just take it into
account and try not to use these services in a way that I wouldn't want to be
discovered.

Thirdly, I do agree that the government (U.S. or mine) should be allowed to
get information on me if they show probable cause. I strongly support that.
And if I accept people might look at my stuff, then it doesn't really matter
in the end _why_ they are doing it- I should still plan accordingly. The
Government could very well have probable cause to investigate me even when
I've done nothing wrong.

We have the technology to keep what we do online anonymous. Even if the
government had no power to check this, stuff like the AOL search data debacle
shows _there is always a non zero possibility someone could be looking at your
unprotected data_. If you're worried about that, you should protect your data.
That's the only real solution. I agree with people who fight against
illegitimate or non transparent ways people try and access that data- but
that's not what I rely on to keep my privacy.

------
kriro
I wonder if there will be a bigger outrage if companies like Salesforce and
Oracle are involved. Non-US companies might be a tad alarmed if their ERP
provider is cooperating with PRISM.

Since Microsoft is explicitly mentioned I wonder if the access includes their
SMB-ERP stuff.

~~~
einhverfr
From the reports I would be surprised if non-hosted ERP stuff was ever easily
targeted. Hosted stuff is a bit of a different story.

ideally if you are paranoid, you should run things in-house and firewalled. If
you are less so, I will point out I help run a British-registered hosting
company for an open source ERP (the company can be found at
[http://www.efficito.com](http://www.efficito.com)).

Everyone wants to talk about how the cloud will change ERP and while I am
involved in a startup that is operating in this space, I have to say that it
is extremely important for users to know that they give up a lot of control
over security when they make that choice. We do our best but we cannot compare
to a well-run internal installation.

------
logn
The innocent days of building software and having fun are probably over. Let's
get our kicks before the whole shithouse goes up in flames. Then we can figure
out how to teach the next generation to build software in the brave new world
we'll give them.

------
Nursie
We can't... but we will.

Never underestimate the apathy of the general public, their faith in
authority, and their general willingness to write this stuff off as 'stuff
that affects someone else'.

Yeah I know, I'm a cynic.

~~~
jafaku
How can apathy be cured?

~~~
Nursie
I'm not sure it can. Human history is full of examples of people tolerating
the most awful oppression from their leaders.

That said there seems to be less and less tolerance of this crap on both sides
of the atlantic, I'm just not sure what can be done about it, as most people
won't do anything other than have a bit of a moan, and then attempt to vote
for the least-worst candidate again next time.

------
fnordfnordfnord
_" And so—before the capability was made public, it _likely_ wouldn't have
been used against mere political nuisances,"_

Wasn't this _type_ of data mining the source of the data leading to the
expose' of Eliot Spitzer's bad habits; ultimately leading to his political
demise? Exposing philandering politicians, or prostitution, are both far away
from what I'd consider an appropriate use of technology.

------
noerps
Welcome to counterintelligence, have a nice day.

Sorry I forgot to point out
[https://en.wikipedia.org/wiki/Perfect_forward_secrecy](https://en.wikipedia.org/wiki/Perfect_forward_secrecy)

------
general_failure
And yet we will all go back to work. Just wait for wwdc and e3

~~~
samstave
> __ _And yet we will all go back to work. Just wait for ww3_ __

FTFY

------
kllrnohj
Of course we can go back to business as usual post-PRISM, because PRISM turned
out to be absolutely nothing. It's a mundane, boring data storage & analysis
system for data obtained through FISA requests about specific individuals.
It's not a data dump from major tech companies, it's not a warrant-less spy
program, etc...

~~~
flyinRyan
You don't have a clue what it is. What you should realize, though is that a
_lot_ of people are up in arms about this. Do you think you're smarter than
_all_ of them? From this post alone, I see a resounding no.

~~~
kllrnohj
Here:
[http://usnews.nbcnews.com/_news/2013/06/08/18850035-intellig...](http://usnews.nbcnews.com/_news/2013/06/08/18850035-intelligence-
chief-declassifies-prism-details-slams-reckless-disclosures)

The people up in arms aren't thinking logically, they are thinking
emotionally. That's a terrible way to make any sort of decision.

~~~
flyinRyan
Oh, so one of the people involved in this immoral, illegal spying program says
it's not that bad? Well never mind then! I guess it must all be ok. No
oversight needed.

