- Before Snowden, if you spoke about these issues, you were dismissed as paranoid.
- After Snowden, if you dismiss these issues, you are dismissed as hopelessly naive...
Oh, also - considering all this - you can bet that Intel's Management Engine has likely been backdoored by the NSA, so using Intel's processors is not recommended, especially if you're a non-US company... (industrial espionage !)
I’ve been telling people for years, but nobody listened.
Now everyone knows it’s true, but still nobody seems to care…
And for one more sentance, that is a work of pure genius: “Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” <3
And how the world is changing, from GDPR to California privacy law... I would just love to shake hand to this guy.
As one obvious example, LGBT Russians had absolutely nothing to hide, right up until the moment it was outlawed, again. Then suddenly it was extremely easy to identify and persecute.
In a world where we hold people like Willem Arondeus, Sophie Scholl or anyone else involved in hiding or exfiltrating Jews during WW2 a hero, it baffles me that the idea of "nothing to hide" even exists. The fact we've made a modern kinder-transport or even a resistance nearly technologically impossible honestly stops me sleeping.
I find this sentence interesting because it is very specific to the American public. I am European and personally I care a lot more about privacy than free speech, and America's obsession with free speech boggles my mind.
It might have to do with the last time we in Europe experimented with unadulterated free speech, and got Hitler and WW2 as a result. We might have dialed it back a bit after that. But what do I know ?
There seems to be some a profound divide between America and Europe on this front and I haven't quite put my finger on why yet.
But free speech is not absolute, even in USA (libel laws and all that).
What I find interesting is how the threshold between the freedom of speech and the freedom of others people is set differently between US and most of Europe.
For instance you can be convicted for incitement to ethnic or racial hatred in a lot of European countries  while to the best of my knowledge this kind of speech is protected in the US.
Personally I am very happy with how the free speech threshold is set in France or Germany but I have no doubt it is a cultural thing.
*Unless it's from the government in which case it's absolute.
It sounds like a quote from "Animal Farm", doesn't it? I am free to say anything I like, but if I say the wrong thing, I get punished for it. Also, "some are more equal than others".
Not quite. You did not quote a critical part -- being free from consequences from the government. And as governments, almost everywhere, give themselves a monopoly on the use of force "if I say the wrong thing I get punished for it" does not apply.
Thus whoever wants to punish you needs to petition the government for help and prove their case -- if I make false claims that you consider damaging you can ask the government to help and prove your case in a civil court (instead of, say, punching me in the snout to punish me directly). Just my 2c.
For example-- that famous one where the hedgehog pornography tycoon runs an add in his magazine accusing one of the pigs of having sex with his own mom, and then is cleared by a panel of pig judges who rule that parody is protected speech.
Where is that passage in Animal Farm? Maybe I don't have the details correct, but I certainly remember reading a long passage where Orwell clearly establishes that a book of satire like Animal Farm itself would be allowed in the Animal Farm universe. I thought it was such a nice touch of optimism in an otherwise dreary book. (And if I remember correctly it was a welcome respite from those long boring passages of complicated libel case law in the animal world.)
Libel is special because it's purely a civil matter and usually has to prove malicious intentions.
Compare that to: Poland, Netherlands, Spain, Switzerland, Thailand, and Saudi Arabia.4 are European and 2 not. Yet it is a criminal charge if you do. And in Saudi Arabia, it's a terrorist charge.
Why did you post it?
Because you know it's controversial and would create engagement.
If the nazi salute wasn't controversial (and rightfully considered hate crime) you would have ignored it.
BTW the first amendment does not condone hate speech.
Because even USA understands that there is a limit on everything.
Mainly as the defendant hadn't, despite the judge's specific encouragement, bothered to submit a proper defence or explore freedom of expression. So it could only be decided purely on the breach of the law. Then there were all the surrounding circumstances of how he set this up.
Thankfully in the US we have already codified free speech into law. Unfortunately there are still many who do not consider the liberties protected by the Bill of Rights to be a settled issue.
You might think they are extreme in their views but rulings restricting speech are very, very rare.
And that has severe consequences as you see.
Popper said it many years ago.
Which is slightly different.
No Western-style democracy observes a right to absolutely unrestricted freedom of speech, because it conflicts in obvious ways with other rights. We cannot, for example, incite people to a riot, or yell fire in a crowded theater, or go on the radio and accuse our boss of murdering children. The restrictions against Holocaust denial in Germany (for example) aren't different in kind. Europeans enjoy broad freedom to publish whatever they want about their government, critical or otherwise.
This is in stark contrast with China, Russia, most countries under some form of religious rule, and most dictatorships, where criticizing the government will get you tortured to death or sent to a labor camp at worst, and severely fined and blacklisted from government service at best.
The "median Western European" may have a more nuanced view on the right to free speech than the median citizen of the United States, but I'd attribute that to a superior education system and decades of trying to undo structural economic injustice rather than a cultural divide (which is complete nonsense, honestly).
You can also go on the radio and accuse your boss of whatever you like in the US as well. You might get sued by your boss in civil court, but the police will not come after you.
You can also deny the Holocaust, that the earth is round, that people have landed on the moon, or anything else. An unfortunate side effect of freedom is that other people will be allowed to say things that you dislike.
Yelling fire in a theater isn't illegal, but deliberately doing something that will cause a panic is.
In the US, you can say whatever you like and you will not be prosecuted or jailed. That is simply not true in most other countries.
I drew the obvious contrast with most of the rest of the world in the parent comment, I have nothing more to say there.
> It might have to do with the last time we in Europe experimented with unadulterated free speech, and got Hitler and WW2 as a result.
Um, I'm not sure what they put in your history books over there, but I'm certain that's not an accurate characterization of how that happened.
You forget that Hitler's ideas were popular at the time - that's why he was elected. Slowly but surely it was the free speech of Jews, their very ability to combat the incoming tyranny before it was to late, was clamped down on.
As such, censorship was quite popular.
Free speech levels the playing field between government and people.
regards from germany (-;
I think freedom of the press and freedom of association come before that.
In fact the first thing Mussolini did when he won the election (not without the help of violence, verbal but more importantly physical, like Hitler also did after him) was to abolish the free press and make all the other parties illegal.
2) Verbal 'violence' is a fallacy. It doesn't exist.
Your Address is: $address
Your phone is: #ph
You work at: $employer
You did X abhorrent thing (fakes picture or video with deepfakes). It would be a shame if something happened to you.
That right there is indeed verbal violence, AND a call to arms to enact violence against you.
Only the incitement to violence could possibly be considered violence, though I personally would say it is NOT violence, but a separate offence.
Believe me, my grangrandfather and my grandfather were jailed many times in the 20 years of fascist regime because they refused to swear as fascists.
They were two gentle men who worked as tailors.
Example: Pasquino https://en.wikipedia.org/wiki/Pasquino
2) I'm a polite Italian using ancient words: it's what we call hate speech today.
We also needed Americans to save us Europeans from those other Europeans.
Aside from being really smug about Europe's supposed superiority today, this comment is just factually misleading. For one thing, it wasn't "unadulterated free speech" that got Hitler into a position of dictatorial power, it was backroom politics, legal manipulation, and finally laws and a German constitution that were extremely pliant towards misuse and reinterpretation for the sake of dictatorship, with all kinds of clauses in favor of martial law, censorship and so forth that the Nazis used to powerful effect once Hitler was appointed chancellor. Had they been dealing with something more absolutist about freedoms like the U.S constitution, his road to dictatorship would have been much more difficult, chancellor or no. You actually have the whole thing about the value of rigidly preserved freedoms exactly backwards in your claim about Hitler and free speech.
In other words: Hitler's rabidly racist speeches never once won him a single electoral victory in Germany (and this even at a time when anti-semitism and racism were much more popular). The much greater damage was done by a weak constitution ridden with clauses against individual freedom, which couldn't effectively stop Hitler from becoming a dictator once he got the chancellors office.
Not my claim, it was the GP's claim and I was also disagreeing with it.
We can legally drink before the age of 21 because we are able to control ourselves.
We can have sex between 14 and 16 years, because we are able to control ourselves.
We don't shoot other people in school when we are upset, because we are able to control ourselves.
Tell me more about your strength...
You've a weird sens of humor my friend.
> And an orator said, Speak to us of Freedom.
And he answered:
At the city gate and by your fireside I have seen you prostrate yourself and worship your own freedom,
Even as slaves humble themselves before a tyrant and praise him though he slays them.
Ay, in the grove of the temple and in the shadow of the citadel I have seen the freest among you wear their freedom as a yoke and a handcuff.
And my heart bled within me; for you can only be free when even the desire of seeking freedom becomes a harness to you, and when you cease to speak of freedom as a goal and a fulfilment.
You shall be free indeed when your days are not without a care nor your nights without a want and a grief,
But rather when these things girdle your life and yet you rise above them naked and unbound.
And how shall you rise beyond your days and nights unless you break the chains which you at the dawn of your understanding have fastened around your noon hour?
In truth that which you call freedom is the strongest of these chains, though its links glitter in the sun and dazzle the eyes.
And what is it but fragments of your own self you would discard that you may become free?
If it is an unjust law you would abolish, that law was written with your own hand upon your own forehead.
You cannot erase it by burning your law books nor by washing the foreheads of your judges, though you pour the sea upon them.
And if it is a despot you would dethrone, see first that his throne erected within you is destroyed.
For how can a tyrant rule the free and the proud, but for a tyranny in their own freedom and a shame in their own pride?
And if it is a care you would cast off, that care has been chosen by you rather than imposed upon you.
And if it is a fear you would dispel, the seat of that fear is in your heart and not in the hand of the feared.
Verily all things move within your being in constant half embrace, the desired and the dreaded, the repugnant and the cherished, the pursued and that which you would escape.
These things move within you as lights and shadows in pairs that cling.
And when the shadow fades and is no more, the light that lingers becomes a shadow to another light.
And thus your freedom when it loses its fetters becomes itself the fetter of a greater freedom.
That just about sums up every bad act.
Lots of people were aware of all the bank fraud and toxic loans leading to the 2008 real estate bubble, no one cared leading up to it, and no one cares now.
The Googles/Facebooks/amazons are collecting and doing unsavory things with your data, whether you ever used their services or not (shadow accounts), no one seems to care.
Governmental spying on citizens? Hell the Government had a program which included secret kill lists, flew military bombers into foreign countries to drop bombs and kill a citizen. Even when the US failed to kill the citizen and the family sued, their case was dismissed as the courts denied any right to know who was on the list, how they got on the list, and even denied acknowledging the list existed...yet no one cared.
Imagine a foreign country flying military missions in the US and dropping bombs on a foreigner in the US, based on the foreign governments secret kill lists. It's pure insanity.
Do we really think that they are any better 50 years later because I don't.
(Also, not unprecedented - the Russians have been doing something very similar in a few high-profile UK cases...)
Of course, the main issue is that those "surgical" drone strikes still seem to have backfired strategically -
I wonder what is the state of these "who are we going to kill today" reunions under Trump ?
And of course in the background there's the whole Middle Eastern situation where the USA (and previously the British Empire) have only been making things worse for a century or so... but the control over those oil fields is just too important for them to let go !
Far as weakening, we were noting they did a lot of things that were public knowledge that indicated they prioritized shoddy products and surveillance over security. I had an essay listing most of them. I might dig it up and submit it Thursday if anyone is interested.
In hindsight, I was right, but I didn't get with the program after 9/11 (see the accounts of William Binney  and Edward Snowden's recently Permanent Record).
(Well, and GAFAM's behavior in the recent years certainly didn't help either...)
P.S.: Got Stallman to sign my The Snowden Files book after he introduced his speech with asking the public to give "three cheers for Snowden"...
Unless you communicate why we need to do sth anyways and what small managable steps can be taken it is hard to tackle this alone, even if you are an informed person with the motivation and the breathing space to do so.
So unless the felt pain and the impeding doom doesn’t exceed the threshold of “oh shit this isn’t fine, what was I thinking!” people will just call the whole thing off as unmanagable and move ahead.
 https://nl.wikipedia.org/wiki/Wet_op_de_inlichtingen-_en_vei... (article also available in German and Chinese)
I'm a proponent of binding referendum, but I don't see how it would solve the problem in this case.
I know young wealthy people who don’t know who Elon Musk is. People’s attention is highly fragmented.
In general, the mainstream media didn't make much of it. At the time they hadn't yet tied outrage to revenue/profits. If Snowden were to happen today the coverage and reaction would be much different.
But alas, it's too late. The public has it in their minds it was a non-issue. That seems unlikely to change any time soon.
The author dismisses CPU-level backdoors in favor of Intel ME backdoors mainly on the basis that, since CPUs can't save state, they can't protect themselves against replay-"attacks", and hence Intel would lose any sort of plausible deniability once an "activation sequence" was ever found in the wild.
But I don't really see how ME is protected against replay-"attacks" either. Sure, you might not be able to replay the sequence to the same CPU, but you can definitely replay it to a different CPU - unless every single CPU out there has a different activation sequence, which is possible, but would be vastly less efficient (if you want to hack someone you now have to know / guess some sort of unique production ID of the CPUs he's using?).
I'm really not seeing the big argument in favor of an ME backdoor here. A backdoor directly in the CPU would work just as well.
Arguably better in fact, since the CPU can just look for the activation sequence in the data it reads (if you send an e-mail or website it's very likely the plaintext string gets copied, and therefore read, by the CPU at some point), whereas the ME processor would only be able to watch specific offsets in memory.
The one they'd use the most was deniable looking flaws in ME. They'd reserve their best ones for most important cases with lowest chances of detection. Maybe even with personal physically there activating it with a RF signal. Could integrate wireless in something called Centrino to make that easier. Take a pile of hard cash and lots of defense sales as a thank you.
There isn't a hope in hell you can reliably keep track of who has which Intel CPU.
Think of all the stages involved, and how each one has to cooperate and how many times Intel's CPU is sitting on "undifferentiated palette of X units".
But that's usually not the interesting case. The interesting case is that you find a new target, and that target already has a PC/laptop, and you want to gain access to it without having to physically infiltrate. Now, you might be able to manipulate their network in some way, or send them an E-Mail, or get them to visit a website that contains an activation code. But having to backtrack which CPU that laptop contains seems impossible to me in the vast majority of cases. Even if you can somehow figure out where he bought it, most stores aren't even going to be able to tell you the serial number of the product they sold, and even if they can, now you have to match that serial number to a CPU, which is... impossible? How would you get that information? Retailers buy hundreds of thousands of CPUs, and they probably don't tell Intel which CPU they put into which device, or even who buys which individual CPU. If you send a CPU back on Amazon, they don't even check if it's the same goddamn model! (Hence the surprise of some people who bought a $550 CPU and got a $550 CPU box with a $50 CPU in it.) And if the CPU or laptop was bought used, now you're really out of luck. I really don't see how this is very useful, when instead of doing that you can just force Intel to give up plausible deniability and hack everything in sight. If you get caught (which is incredibly unlikely in the first place), you just say "we did it for America!" and that's it, nobody would care. I mean Intel would be kinda fucked, but the NSA wouldn't be.
The issue with supply chain tracking is the sharing of information. If every part of the supply chain is hacked then you have all of the info. You also need to look at it backwards: instead of "who has X" ask "where did X go" which is easier to answer. It starts at the source, the factory, which can know which serial was in which lot. Then you know where that got shipped, etc.
Maybe occasionally units get "lost" but you do have error bounds on their location.
But it’s like nothing happened. No investigation, no nothing. If they can’t be bothered by that, it’s little surprise they’re not bothered by their spying on regular folk.
That was in 2009. I remember being kind of stunned that nobody seemed to care that the executive branch blackmailed an elected Rep. Log rolling and pork barrelling is fine, but blackmail seems like a bridge too far.
You have to wonder if the French government would have allowed the sale (as an example).
Seems like the conservatives don't give a shit about strategic national companies as long as the cheques clear.
Guy makes six figured, works remotely as an NSA contractor from Hawaii, suddenly had a moral conscience, somehow had multiple laptops with classified data, leaves his smoking hot girlfriend to meet journalists from The Guardian and Der Spegiel and gave them evidence that was composed of poorly made slides; almost all of which have been released heavily redacted -- all have been heavily dismissed by the US government, Yahoo, Google, Verizon and others. Honestly, the 9/11 truth evidence feels like it should have been more convincing, and yet every media agency took this as gospel.
If the revelations are taken at face value, why couldn't it also be possible this was all just a test by intelligence agencies? Companies have strengthened their general security and the general population hasn't .. really cared. Both of those are valuable pieces of information gathered by the government.
Look at COINTELPRO and Operation Mockingbird. At the time, if you had said such programs existed, it would have been viewed as crazy conspiracy. But they did exist and intelligence agencies in the US government has manipulated their own people in past decades.
Either Snowden is incredibly clever and lucky, or he's a stage show. He should be in the situation Assange is in now. It's difficult to believe he's still in an unknown location, hiding out in Russia. The whole story stinks and I feel like no one wants to have a rational talk about the alternative: that it may be more manipulation and testing to show that Americans don't really care about surveillance.
> It's difficult to believe he's still in an unknown location, hiding out in Russia.
Wouldn't this make Russia a party to this theory? As far as I can tell they don't deny harboring Snowden, which if he wasn't actually there hiding from the USG wouldn't they call the US on that?
Want to know about his motivation and background? Read his new book and watch Citizenfour. He explains what lead him to be a whistleblower.
> all have been heavily dismissed by the US government, Yahoo, Google, Verizon and others
Completely untrue. Much of it has been confirmed. If it was fake the government wouldn't be charging him with espionage.
First, it's worth pointing out that "encrypt everything in flight always" is not prohibitively expensive on modern hardware; also that your own internal network should not be viewed as an impenetrable bastion where you can let down your guard, just because you keep a close eye on the external routers.
I believe this is part of eg google/alphabet's new model: no hard wall, soft "inside" (egg model). Just stand alone secure sub-systems with ACL (access control lists) mediating access on a user-by-user, sub-system by sub-system level. No real trust in "location" as proof of authorization (I assume truly, off-grid clean rooms are excepted) - because "everything" needs access to networked resources.
Ah, I guess they call it BeyondCorp:
Most people would agree that the state should be able to deprive people of their liberty ( prison ), but that stringent controls should be in place, with that process being public and involve peers ( though that is being slowly undermined in the west ).
What are the controls around surveillance? What processes stop abuse? Who is accountable? Where is the transparency?
You could argue that you can't be public about intent to spy, but there is a lot more that could be done.
Everyone is being spied on. Perhaps the only distinction worth making is whether you’re being spied on by your own government in addition to foreign governments.
As extortion is the central procedure of spycraft, people trained in its use by the government also have access to the "goods". Criminal intent is no bar to employment by Booz Allen, or by NSA or FBI proper, never mind Russian GRU or FSB or their Chinese counterparts.
Extortion works for anybody.
We're in a multi-party cyberwar. We have been for years. It involves both governments and NGOs. Most of the players are pushing as hard as they can, short of real warfare, to gain the advantage over the others.
That's a much tougher story to tell, since it doesn't have clear heroes and villains. Also it involves a lot of technical stuff Joe Layman doesn't want to process. Because of this, media outlets are always going to tell the simpler story. The overwhelming danger here is that nobody learns what is going on, which presumably is the point of having a media outlet in the first place.
This cryptography blog seems to, but... is WhatsApp really trusted as secure end-to-end encryption chat client?
Colloquially, for one thing it's now owned by one of the biggest personal-data collection companies in the world, which would have little interest in owning a chat client it couldn't benefit from data-wise. For another, I read an article mentioning it was "known" that WhatsApp decrypted your message, stored it, then resubmitted it encrypted to the destination. (Inconveniently, I can't seem to find the article now.) If, say, your life relied on privacy, would you trust WhatsApp, and if not, why?
If you enable backups in WhatsApp those backups aren't stored on Facebook's servers, but they are probably not encrypted very well, since you don't enter your own encryption key, and WhatsApp has to be able to decrypt those backups if you lose your device. So those probably aren't secure if you are directly targeted.
Also if you are directly targeted, it's not completely impossible that Facebook has a way to send you a custom "update" that simply sends all your messages to Facebook encrypted with their keys.
But in terms of mass surveillance, it seems fairly unlikely that Facebook can read WhatsApp messages, because something like that would not be hard to find for someone from the outside, especially since the protocol WhatsApp is supposed to use is completely known.
Facebook probably cares more about your meta-data (who has who in their address book) anyway than it cares about the content of your messages.
> My point is that security people need to get their priorities straight. The "threat model" section of a security paper resembles the script for a telenovela that was written by a paranoid schizophrenic: there are elaborate narratives and grand conspiracy theories, and there are heroes and villains with fantastic (yet oddly constrained) powers that necessitate a grinding battle of emotional and technical attrition. In the real world, threat models are much simpler (see Figure 1). Basically, you're either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you'll probably be fine if you pick a good password and don't respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU'RE GONNA DIE AND THERE'S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they're going to use a drone to replace your cellphone with a piece of uranium that's shaped like a cellphone, and when you die of tumors filled with tumors, they're going to hold a press conference and say "It wasn't us" as they wear t-shirts that say "IT WAS DEFINITELY US," and then they're going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere. Also, SANTA CLAUS ISN'T REAL. When it rains, it pours.
As to benefiting from WhatsApp, I'm sure they benefited just fine. They bought it for the contact info from millions of non-Facebook customers that they could use to cross sell. Their growth in, for example, LatAm seems to imply that it worked ok.
> No, we don’t see any of the content in WhatsApp, it’s fully encrypted
It's clear he's speaking about his company. Given Snowden, it would be monumentally stupid to make such a bare faced lie to Congress if they were reading, or facilitating the ability to read, unencrypted content.
Especially as he could have chosen not to say anything so specific. Congressman Schatz was talking about advertising. He could have just said something innocuous like: we don't have the ability to use WhatsApp content for advertising.
What he also didn't say there was whether others routinely saw with Facebooks help.
Not saying they do, just saying he didn't strictly say they didn't.
He may of also being talking in the context of using content for advertising, not surveillance.
Finally a lot of intelligence gathering is just based on who has talked to who kind of networks in the first instance, rather than content because:
1. Content can be obfuscated, but not the connections
2. Easier to store and navigate
3. Less noise
I'm not suggesting that no-one can read them. I have no idea. I am saying that his testimony makes me very comfortable that Facebook is not because he has way more to lose from lying than from not in those circumstances.
I have trouble with this logic.
Also, I'm not quite clear - what are the consequences for lying to Congress?
It would be pre-2013 naive to imagine that, now that WhatsApp traffic is no longer end-to-end encrypted, no use is being made of the change.
I'm sorry, what?
Is everyone intentionally ignoring this or actually unaware?
Things stored in plain text client side, can be read in plain text client side and resyndicated.
All this focus on the first transmission being encrypted while in flight and server side is just a bit negligent.
Its a system ripe for abuse and thats it.
WA has a lot to lose, and big enough target on it for a backdoor to have been found, if E2E is false.
> WhatsApp's end-to-end encryption is available when you and the people you message use our app.
Is that what you're referring to?
Like, how many people click on forwarded messages or pictures.
- who is communicating with whom,
- dates, times, and durations,
- method (text / voice / video),
- amount of data transferred,
- type of attachment if applicable, and
- location of each device,
along with unique device identifier, and perhaps other information.
See the Privacy International report or video on how much data FB glean from on other apps that merely use the Facebook SDK, each time an app that uses it it opened for a clue... how much more will they want from a service they paid billions for?
Yes, like everyone says it's all about your threat model. If it really includes nation states, you should not use WhatsApp. Everyone else can use it for iMessage like functionality over-the-top.
Some Laws was created.
Some revelations was made.
But even manipulations with elections did not kill any company
> Some of the top-level indicators are surprisingly healthy. HTTPS adoption has taken off like a rocket, driven in part by Google’s willingness to use it as a signal for search rankings — and the rise of free Certificate Authorities like LetsEncrypt. It’s possible that these things would have happened eventually without Snowden, but it’s less likely.
> End-to-end encrypted messaging has also taken off like a rocket, largely due to adoption by WhatsApp and a host of relatively new apps. It’s reached the point where law enforcement agencies have begun to freak out, as the slide below illustrates.
The engineering and technology culture around security and product development has certainly changed. The IETF even adopted "Pervasive Monitoring Is an Attak" as a best current practice.
Don't be so defeatist.
Sure, they might not be able to listen in on those https connections, but if they wanted to attack/listen to this Joe Smith over here, they are more than capable, and still do it.
The problem with the NSA revelations wasn't that the NSA spies on people - that's their job.
It was about mass warrant-less surveillance of the american public, not individual targeted surveillance.
Remember just after the Snowden revelations all the 3 letter agencies were very worried about https adoption rising, then their concerns suddenly disappeared.
However I have no idea how encryption works so maybe my hunch is stupid (I remember that the NSA impersonated a certificate authority for that purpose).
Your words, not mine.
The person who created Let's Encrypt started it as his thesis in college. From there he received assistance from the EFF, some of its staff, and a few other volunteers. None of them are anonymous, all working in the space before Let's Encrypt. It's fully open source and there are no backdoors in TLS encryption.
Now that things have actually started going dark for these overfunded and completely unaccountable entities this is where the biggest danger lies. They have become so desperate for continued access to endless funding that they are actually turning against the people they are sworn to serve. The most dangerous time will come when the governments of the world start the task of trimming down such entities to something proportionate to their worth. That process has not really even begun yet...
Everybody who believes the CIA had ESP teams, trying to use clairvoyance to extract secrets and kill goats, is evidence of the program's success.
>NSA's work necessarily brings it in possession of the private communications of Americans. This is so because in order for NSA to monitor international lines of communications for foreign intelligence, NSA must intercept all communications transmitted over such links.
>First, it suggests that NSA is able monitor virtually every international communication entering or leaving the United States. At present, some 24 million telegrams and 50 million telex (teletype) messages enter, leave, and transit the United States annually, and most of these are sent or received by private citizens. Millions of additional messages are transmitted over leased lines, including millions of computer data transmissions electronically entering and leaving the country each year. International telephone calls are yet another potential source of intelligence.
Source: we are releasing an XMPP client for iOS soon.
Exactly as we're told on forums, exactly as we're told on TV. This is how you know Epstein is also innocent and why it won't be investigated, because we know people cannot keep silent about committing crimes, therefore we know no crimes were committed.
That's both a good point and not so much. In the end, they didn't keep their mouths shut, Snowden spilled the beans and uncovered the large conspiracy. It's a good point with regard to "that would require a large conspiracy, and those don't work" not being a good argument against theories: there might be a large conspiracy that just hasn't failed yet.
And who knows how many more years or decades the large conspiracy would have worked just fine if Snowden hadn't leaked.
And yes, conspiracy theorists don't have an accurate appreciation of how hard it is to manage projects and keep them secret.
There are plenty of conspiracies, plenty of which have become known. The point is that there is a limit to the number of participants, significance and age of those that are not yet known.
Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort. No Person shall be convicted of Treason unless on the Testimony of two Witnesses to the same overt Act, or on Confession in open Court.
Did the NSA levy war against the US?
Did the NSA give aid & comfort to the enemies of the US?
He violated several laws around the general topic of national security, he made the work of US intelligence agencies harder and he did endanger US troops abroad. He also helped along Putin's general interest of destabilization.
So colloquially, there may be a case to call him a "traitor". It's impossible to clear him from the accusation that he worked with/for a foreign government, maybe even before he fled to Russia. And at the current point in time, he wouldn't be able to refuse any request the Russian government made of him. He also featured in a fake "ask-me-anything" with Putin, just to make that point.
I would say implementing mass surveillance would equally make it impossible to clear the NSA from such accusation.
A lot is going wrong there, but there are limits imposed by the transparency and rule of law. Compare that situation to a country like the Russian Federation.
So oversight probably isn't effective enough for agencies like the NSA and I am reliant on first hand information such as provided by Edward Snowden. Which have shown that it happened again.
And you are imposing your personal views on those doing the overseeing, namely the branches of government. From their point of view, such "overreaches" may not necessarily be that far. Also, the respective presidents didn't only know about the programs, they ordered them. And the oversight committees mostly new about that, also.
I'm not saying that nothing went wrong, but the level of oversight in the US system of government does provide better "worst case" guarantees than in many other nations. And in the end, pretty much every significant wrong-doing seems to come to light, often through the political process or in case that is too slow, the media.
The only check on that is their higher-ups' jealousy of their income, provided they know of it.
The people in counter-espionage are not subject to such regulations, nor are generals, and the evidence is that the only people they are used against are those who make any kind of fuss about rule-breaking or, you know, felonies.
The US or the people of the US?
The US suffered a cyberattack that was only possible due to NSA's subversion of Juniper Systems.
This could well and truly be considered 'giving aid / comfort to enemies of the USA' ..
I don't know why people are so hung up on trying to come up with bizarre explanations for why "treason" must be the right word here. It isn't and the explanations aren't even especially arcane. Just pick a different word already.
As can Iraq, Iran, and North Korean hackers.
So, whatever your particular issue is with 'treason', the fact that the NSA has subverted our - the publics - technology, and in so doing allowed us to be susceptible to real and true danger from 'our enemies', means that yes: the NSA IS FUCKING TREASONOUS.
I know there are some judges and institutions that enabled this madness, but I think they might be guilty as well.
These judges should be accountable to the public in theory.
I am not saying the everyone working at the NSA is a criminal. But maybe Snowden was the only one with perspective.
The NSA as an institution certainly did more damage to the US than most of its enemies.
The US has judges and legislation to enable the NSA.
Russia, China, Iran, NK, and many other authoritarian states seek to use their power to attack America 24x7 and do so without any oversight.
Personally, I think the "cyber war" is the typical scare to reduce civil rights. That is a pretty common pattern to bolster and justify disregarding the law.
In reality, the cyber war is probably still focused on the classical industrial espionage. I fail to see the need to subject citizens to mass surveillance.
When society has no great way of preventing, let's say for example, the Boston Marathon bombing or the Las Vegas Concert shooting, providing an appearance of activity, however mindless, like a bunch of ants feverishly running around when a stone is thrown into the anthill, is just the default setting of the security establishment. You can't blame them for that because we aren't yet psychologically, socially or politically sophisticated enough to do anything better.
But today after collecting and sitting on top of shitloads of useless data they themselves admit its unnecessary. You don't find who the best Tennis player in the neighborhood is by monitoring the entire neighborhoods conversations but by just watching the local tennis courts.
What you can do is ask why it took so long, with that nudge from Snowden, for the establishment to admit this. That kind of questioning prevents them jumping into further "we can do it so lets do it" bullshit projects down the road.
(IIRC / I believe)
Many would disagree with that perception, and I also believe that amount of surveillance to have been wrong and counterproductive, but there hasn't been any evidence or significant hints into possible corrupt motivations.
One mustn't forget that all of this was put into motion after the 9/11 attacks, and both the Bush and Obama administrations where still working under (somewhat irrational) pressure from citizens afraid of a repeat performance.
We could better say there is no indication that nobody who had access to illegally-obtained information misused it.
We have plenty of evidence of cops misusing databases they have access to, and that stuff is way less juicy.
Accusations of treason at every corner hinder rational democratic discourse.
The rabbit hole on this one is extremely deep. Hint: What agency did Snowden work for before the NSA?
That criminal misuses of the data were not also exposed suggests that he knew what line not to cross.