I'm not a party to any of this. I've done nothing wrong, I've never been suspected of doing anything wrong, and I don't know anyone who has done anything wrong. I don't even mean that in the sense of "I pissed off the wrong people but technically haven't been charged." I mean that I am a vanilla, average, 9-5 working man of no interest to anybody. My geographical location is an accident of my birth. Even still, I wasn't accidentally born in a high-conflict area, and my government is not at war. I'm a sysadmin at a legitimate ISP and my job is to keep the internet up and running smoothly.
This agency has stalked me in my personal life, undermined my ability to trust my friends attempting to connect with me on LinkedIn, and infected my family's computer. They did this because they wanted to bypass legal channels and spy on a customer who pays for services from my employer. Wait, no, they wanted the ability to potentially spy on future customers. Actually, that is still not accurate - they wanted to spy on everybody in case there was a potentially bad person interacting with a customer.
After seeing their complete disregard for anybody else, their immense resources, and their extremely sophisticated exploits and backdoors - knowing they will stop at nothing, and knowing that I was personally targeted - I'll be damned if I can ever trust any electronic device I own ever again.
You all rationalize this by telling me that it "isn't surprising", and that I don't live in the [USA,UK] and therefore I have no rights.
Indeed, Obama and US congress made it clear we foreign people are just fair game for targeting. At least I'm lucky not to live in a country where targeted assassinations are going on.
Also, it's pretty obvious terrorism is an excuse. The main reason is power and control. Corporate espionage and controlling US-unfriendly political movements is very likely the main goal.
> Also, it's pretty obvious terrorism is an excuse.
Terrorism is indeed very real, and is happening all the time. Hundreds of acts of terror have been committed in the years since 9/11, resulting in deaths of thousands of civilians, including hundreds of children. They those acts have pretty much 0 media coverage, and no one is doing anything to stop them. The US is free to keep on terrorizing civilian populations around the globe.
They're deaths nonetheless. In case my previous comment wasn't clear, let me say it directly - the USGOV is terrorizing the world and then uses fear of retaliation to push for more domestic security measures.
This comment is counterproductive, because it implies Europe (or more specifically the EU) has no agency.
The fact is that the EU wants to apply even more crazy gov't surveillance tactics, and don't need the US pushing it. By saying this, you're giving them an "out" ('oh, big bad Uncle Sam basically forced us to play along!').
I don't know. The EU seems to be more concerned about not falling apart right now. But then again, I was hoping the people of US would notice and maybe tell their government that they don't want to be citizens of the biggest terrorist state on the planet?
I am sure ISIS and al Qaeda feel they are being terrorized and Americans fully support these operations. Pakistan and Yemen help with these missions because they want them eradicated. Europeans criticize while not realizing these operation are run in large part from Europe. As long as the governments of Europe do what the U.S. says the opinion of their citizens can be ignored.
Redefining 'civilian' also reduces civilian casualties.
"It is also because Mr. Obama embraced a disputed method for counting civilian casualties that did little to box him in. It in effect counts all military-age males in a strike zone as combatants, according to several administration officials, unless there is explicit intelligence posthumously proving them innocent."
I don't imagine anyone cares to do the posthumous intelligence checks.
>we foreign people are just fair game for targeting
That's not exactly true in that not every non-U.S. citizen is an interest to the U.S. Government.
To your broader point though, the idea that a state's Security, Defense or Military arms are singularly focused on foreign "threats" or potential threats is a fundamental assumption of nearly every international relations theory. Why would you think it would be otherwise?
What the US is doing is extraordinary, mainly because it is the only country with the resources to run the operation that it's running, but also because everybody seems to be infected with fear.
If we were talking about Georgia, or Israel, or Ukraine, or Japan, I would understand the fear. But the USA has no enemies, there are no threats. It's a tragic case of paranoia.
"In the early 1990s, the U.S. National Security Agency intercepted the communications between the European aerospace company Airbus and the Saudi Arabian national airline. In 1994, Airbus lost a $6 billion contract with Saudi Arabia after the NSA, acting as a whistleblower, reported that Airbus officials had been bribing Saudi officials to secure the contract.[58] As a result, the American aerospace company McDonnell Douglas (now part of Boeing) won the multi-billion dollar contract instead of Airbus."
"The American defense contractor Raytheon won a US$1.3 billion contract with the Government of Brazil to monitor the Amazon rainforest after the U.S. Central Intelligence Agency (CIA), acting as a whistleblower, reported that Raytheon's French competitor Thomson-Alcatel had been paying bribes to get the contract."
"In order to boost America's position in trade negotiations with the then Japanese Trade Minister Ryutaro Hashimoto, in 1995 the CIA eavesdropped on the conversations between Japanese bureaucrats and executives of car manufacturers Toyota and Nissan."
And these are only the public cases of course. If you can eavesdrop on the conversations between your competitor and prospect, I don't have to tell you the huge advantage.
You guys are pissing off friendly nations (I'm European).
Fascinating. Here's the Economist reference (one of the sources cited in the Wikipedia article):
"According to a European Parliament report, published in 2001, America's National Security Agency (NSA) intercepted faxes and phone calls between Airbus, Saudi Arabian Airlines and the Saudi government in early 1994. The NSA found that Airbus agents were offering bribes to a Saudi official to secure a lion's share for Airbus in modernising Saudi Arabian Airlines' fleet."
It would be interesting to see the European Parliament report, if anyone has a reference.
so basically, you're against the NSA using these tactics to oust their competition (who was already doing something illegal)? why isn't the bribery receiving an equal dose of your moral high horse?
I m not saying what the NSA did was right, but that isn't really the issue i would have with their massive monitoring - it's that the information could be abused, or mis-used. The other part of the NSA problem is the National Security Letters (NSL), which is basically tyranny. I don't care that an american corporation managed to win more contracts this way, but that such powers could be abused.
I'd be interested to know who you think is a threat!
The US has two borders. One with Canada, one with Mexico. Neither of these countries are likely to invade.
The US has the largest naval force in the world. I believe the Coastguard is also the 13th largest. Again, nothing to fear.
Of the countries that are "enemies", most would quite like to improve relations, for instance Cuba and Iran. Iran in particular has extended many an olive branch over the decades.
The US keeps these countries around as notional enemies, in part because of political incompetence, and in part because of a lack of incentive to fix things. Who wants to be the President who made friends with an "Islamic Republic"?
Either way, it's hard to see what particular danger the US is in.
Compare this to any of the countries I mentioned, which are much less defended, and have active disputes with neighbouring countries.
Confirmed to have happened to employees of Belgacom and Stellar PCS, and the fact that the technique itself is documented with a codename suggests it happens to others who weren't leaked.
Welcome to my world. "You all rationalize this by telling me that it "isn't surprising", and that I don't live in the [USA,UK] and therefore I have no rights." This is because Americans are naive enough to think we have rights. And I was once one of the fools that thought this was a free country until what made us similar happened to me. And anyone who thinks that they are 2 far removed to be affected by this is in for a rude awakening that I don't wish on anyone and if we don't open peoples eyes 2 how close it is to them before it happens to them they will find out for themselves when it's a moot point. So my question to you is how do you let go and move past something as violating as this? It is rape of epic proportions!
Note: This story is meant to reference the two examples listed, and isn't my personal story. It is someone's story, and has almost certainly happened to many others who are unaware, given the MO described in the leaks.
I would not be surprised to find out that it has happened to me, but I don't think that is the case.
I can't edit anymore to clarify, but since it's not obvious from the post, especially if you don't read the references: I'm not either of the individuals who this happened to.
If government money can put people on the moon for military or security reasons, they will easily be able to spy on you no matter what if the same motives apply.
It's not a matter of humanity, society often puts itself before individuals to make sure society can exists the longest it can. A civilization will easily sacrifice many things to secure its survival.
That's how the strongest defend themselves, it's very hard to stay on top for a long time, so often, those countries will take huge leap of faith and risks to crush their enemies, even if they're on the other side of the world.
If you're an american, you have free speech, and all the democracy and the things around it. If you're outside America, you better be an ally or look like one. Intelligence agencies are a lot about crushing people who might make america look bad, it's about public image, it's almost the same job of a journalist, except you defend your country's interests.
Survival of the fittest. Democracy is just internal management.
This agency gathered information on you, attempted to friend you on linkedin and infected your family's computer.
I don't think any of those actions warrant accusations of inhumanity. I can understand that it's disturbing to feel that you're being stalked, or even just monitored. But it doesn't sound like anyone took action to intervene in your private affairs or intentionally lead you to feel threatened. It's legal and at least arguably moral to hire a private investigator to follow a private citizen around, so long as they follow certain rules. Attempting to friend someone on linkedin under false pretenses is also legal and arguably moral. Infecting a computer with a virus is not legal as far as I know, but I think the real concern there is the nature of the software and not it's existence. As long as they did not harm, the morality of even infecting a computer is questionable.
These people are spies, their job is to spy. To them at least, it isn't a question of the rights granted to you by your citizenship status. It's a tradeoff between the emotional discomfort that you may feel and their job requirement to develop resources that will allow them to stop bad people from doing bad things. I think they made the right decision. If influencing an employee at an ISP can give them more insight into the capability and intent of people they suspect to be up to no good, and the main cost is the distress that said employee or employees will feel as a result of being spied upon, then do it. The needs of the many outweigh the needs of the few.
I understand that we disagree on that, and there is ample room for both sides of the disagreement to be right or one of them to be utterly wrong. But I don't think that either decision is inhumane in any way.
>Infecting a computer with a virus... As long as they did not harm, the morality of even infecting a computer is questionable.
This is bullshit.
Even if a virus doesn't intentionally harm, it does anyway harm.
Connections will become very slow, because high priority is given to uploading stuff from one's computer to nsa.
User will get inexpicable blue screens or exotic error messages that nobody can help to fix: asking for help in forums will just bring annoying answers of "experts" suggesting to upgrade Windows/Flash/HW/programs versions.
Installation or execution of some programs will be prevented, making computer usage a pain.
Infecting a computer is legally and morally a crime.
Much like trying to comprehend what it is like to be a parent when you are not a parent. You will not grasp how clueless you were about it until you become one.
Looking at the comments in support of the NSA here makes me suspect an astroturfing campaign is happening.
Edit: I should add that my suspicion came from noticing that the vast majority of the comments when this was first posted seemed aligned in favor of the NSA's mission.
It wasn't the presence of pro-NSA comments that was interesting but rather that these opinions were the overwhelming majority. This is, of course, how astroturfing becomes effective, it is not the rhetoric that is important but the cognitive bias imparted by the facade of so many people falling to one side of an issue.
This is of course, only a suspicion, but it seemed worth noting.
No need to consider the arguments made by people who don't agree entirely with a particular point of view, or even discuss it at all. They're obviously just shills.
Edit: Much of the 'pro NSA' comments I see here seem merely to suggest that not everything the NSA does is evil, and not every disclosure is necessarily useful. As often happens in threads like these, any such comments are dismissed as the work of astroturfing or shills.
To imply that disagreement with any narrative presented by the Guardian and Spiegel Online must make one an agent with ulterior motives, is precisely the kind of propagandist trolling any forum which cares about truth should avoid.
Yes, the NSA has a covert program to attempt to influence online messageboard and social media accounts. No, this program does not account for every even remotely 'pro-NSA' opinion one might find online. And even if it did, judge them on their own merits and move on, because you really can't tell. It's all just text in a box.
Seeing spooks everywhere doesn't make you free, it just makes you paranoid.
Try looking at the comments from a different angle. Instead of grouping them into "pro-NSA" and "anti-NSA" categories, try checking for technical ignorance. Look for ideas about cyberwarfare based on bad analogies with real warfare. Look for a mindset that puts winning an arms race first and never considers ethical implications. Look for vague statements about protecting or harming America that don't explain whether they mean the American military, the civilian government, or ordinary citizens. Look for equation of the NSA's offensive and defensive capabilities.
The other side of the debate has its own poorly reasoned comments. I haven't noticed many on this article yet, but they should arrive soon.
I doubt such comments are written by people with NSA connections, but their sudden appearance is odd. The only other subject that produces so many strongly opinionated, poor-quality comments is systemd.
If I were being paid to influence a debate, especially being paid by the U.S. Government, the first thing I do is lots and lots of research. The easiest way to discredit someone is to point out technical ignorance in their argument. So I'd make my point technically sound on all points. I'd research the counter-argument so I have rebuttals to every knee-jerk response the amateurs on the internet will toss at me. I'd read other discussion threads and make note of writing styles that frequently engender agreement. After all, this is my job and I've got professional pride on the line.
And there are a lot of people on the job market who can do those things very well. It's something American schools have been teaching for decades. In my high school there was this thing called a forensics club. "What's forensics? Isn't that like crime stuff?" I asked. It was explained to me that they learn how to debate issues, like free speech on school grounds. "Well obviously we want free speech." "Actually", my friend says, "I'm going to be arguing against it." "You don't support free speech?" I ask. "I do. But I was assigned to the against side." I thought it sounded stupid. Now I get it. It was cognitive dissonance as a vocational lesson.
So it's the people who sound unusually well-informed that I most suspect of astroturfing. Except I assume they also practice how to make what they write not sound rehearsed.
So if you were operating 50 accounts to try to influence the debate you'd be posting 50 informative and persuasive comments? I doubt it, that would take way too much time.
If I were an NSA shill I'd just mention something about Snowden harming the US or Snowden being a spy. It's a controversial and dumb argument so it's going to get a decent amount of replies. It also doesn't take much effort. You'd derail the conversation, and informative comments would be drowned out by a bunch of people arguing whether Snowden is a hero or traitor.
You only have to write the argument once. Then use the social media management software that's being peddled to tweak the wording slightly so you have prepared text stating the same thing 50 different ways. Then if someone gives a counter-argument that you have a prepared response for, you can copy-paste that in a matter of seconds. Arguments you haven't prepared for are ignored because the goal isn't to engage in dialog, it's to give the false impression that a dialog is occurring. To an outside observer the forum would appear to be populated equally by people for and against the topic. Even though it's really an overwhelming support for one side and a single agent spamming with 50 different personalities.
Derailing a conversation works well because they will have a large number of responses prepared that talk about, using your example, Snowden being a traitor. So once they've wedged the issue their spam can become the dominant voice. If the discussion had drifted to an area they weren't prepared for, say the historical precedents for whistleblowers of government misdeeds, they probably don't have as much material for that.
My point is I assume astroturfed material would not be written off-the-cuff but meticulously edited ahead of time to give the desired impression. And near the top of that list must be the requirement that it not look like an obvious shill.
I wonder how effective it would be if agents were able to control both sides of the debate, even? A more sophisticated shill would give the appearance of supporting the opposition but will subtly help draw attention to the propaganda. A living straw man, as it were. Not unlike the way SWAT police will pretend to be violent protesters to goad troublemakers into doing something they can be arrested for.
I see nothing wrong with presenting a coherent argument backed up by research which accounts for opposing points of view, even if it's the US government doing the arguing. I would much rather they try to persuade people through dialogue than violence or subterfuge. And I wouldn't consider what you're describing to be subterfuge, necessarily.
Theoretically, my goal wouldn't be to influence debate. It would be to find places where thoughtful individuals discuss ideas like this that have an anti-current-government-position bent, and not put forth well reasoned thoughtful arguments. Instead I'd just throw out, en masse, the same tired fearmongering comments, surveillence apologist comments, accuse snowden of being a traitor, anything that would make the pro-democracy elements of this site feel like they are in the minority, or unwelcome. Then they leave, or comment less. Movement destroyed. A slew of garbage one liners about protecting freedom or trusting the secret ultra-powerful decision makers and all of a sudden anyone who has anything intelligent to say feels like, "why bother. This isn't the place for me, obviously. Maybe noone agrees with me."
Actually changing someone's mind through argument is almost impossible. On the internet I'd say it is impossible. So don't change minds, just make the people who disagree with you feel like the whole world is against them when actually they're in the majority.
In particular, pay special attention to any post where the only content is a divisive, wedge topic trying to change the conversation. Divide and conquer is a classic strategy, and was an explicit goal of JTRIG in their attempts to disrupt "threats".
While a post where this type of rhetoric is only part of a larger argument is harder to categorize, there have been a lot of posts here and elsewhere that seem to bring up stale talking points (and little else), that distract threads from more important topics.
This is a tactic that Scientology was famous for, and it seem other groups have started using it as well. None of this is proof, of course; I merely suggest being extra vigilant about off-topic distractions and attempts to create division and unnecessary argument.
To be fair, I doubt many people (including myself) with an opinion either way actually know what they're talking about. The expert pool for knowledge about high-level classified government hacking is probably pretty small, even on Hacker News.
It's politics, and politics hits people in the lizard brain and short-circuits their ability to think rationally.
One the other hand there aren't many opinions on it on hacker news that are more clueless than those of elected officials and various powerful lawyers. But I think the one where you just trust those caught out being grossly incompetent (even if you have zero ethics) really has been one of them.
That's pretty condescending. How many sports fans know how to be a pro athlete or manage a team? How many critics of government, "know what they're talking about," by your standard?
I'm sorry, I should have been more specific. The poster I was replying to mentioned that it was odd that low-quality, uninformed arguments tend to crop up in threads like this a lot. People make broad statements about how evil and nigh-omnipotent the NSA is, and how deeply they've infiltrated every facet of human life. The existence of parallel construction leads to the assumption that every case involving the government is due to parallel construction. Google appears on a PRISM slide, they must be an NSA front company. Someone suggests politics may be more complex than they appear, or the NSA may not be as powerful as they seem, they must be a shill. The US government is involved with NIST and TOR, it means they've completely undermined all forms of encryption and TOR is a honeypot.
This subject seems to be a trigger for people to try to outdo each other to come off as cynical and in the know as possible about things which by definition almost no one knows much about.
People make broad statements about how evil and nigh-omnipotent the NSA is, and how deeply they've infiltrated every facet of human life
...is not the reverse case also true? We find ourselves discussing a condition where a lot of information is unknown, on both sides, but nobody upbraids the intelligence communities for exhibiting the same tendencies in the same breath that they castigate those people analyzing the situation with incomplete information.
There is ignorance, conclusions based on assumptions and a desire to know more on all sides of the argument. It's the nature of the beast, and if criticism is going to be levelled in this context, it should be pointed at those who withold the transparency required for understanding.
That's fair. The intelligence community really has no one to blame but themselves for that.
Arguably, secrecy exists for a good reason sometimes. But when you begin to treat the rest of the legal system, the government whose job it is to oversee you, and the public as enemies and keep everything as secret as possible, you really give people little to suspect anything but the worst.
I mean, here we are with what appears to be the biggest and most complex global data gathering correlation system in history - possibly a technological achievement to rival the web itself - and two terrorists who posted anti-American rhetoric on their Twitter accounts managed to bomb the Boston Marathon despite having been under surveillance at one point, and the Russians more or less tell us outright to watch these guys. They weren't exactly hiding behind 7 proxies so what the hell are we even doing?
How to interpret the cognitive dissonance in that? Maybe the system isn't as comprehensive as it appears? Maybe bureaucracy got in the way? Maybe the pieces just didn't come together in time? Is there even a Panopticon or not? Who knows.
General Hayden and Glenn Greenwald are given fair time to discuss the issue and to give rebuttals to each other.
Its much more informative then trying to parse HN comments to form an opinion about state surveillance. It also forces you to consider the views of people who don't agree with you.
For those who aren't Munk members, it's also available on C-SPAN[1]. I thought it was an entertaining debate, but not as good as I hoped it would be (I watched it live when it was first broadcasted). My memory is a little foggy, but as I recall, Glenn Greenwald went off on his usual 'the NSA is the epitome of evil and exists solely to invade your privacy' rants; Michael Hayden spent most of his time backtracking and focusing on where Greenwald was factually wrong rather than making his own argument; I didn't think Alan Dershowitz made a particularly convincing argument; and Alexis Ohanian made some greats points but was completely ignored by everyone else.
I personally enjoyed watching Jameel Jaffer (ACLU) square off against Chris Inglis (former NSA Deputy Director) at the Brookings Institute last year[2] - both sides had good arguments. For that matter, Benjamin Wittes (the guy moderating the debate) has had some good interviews on his blog[3] and podcast[4] as well - you don't see many outlets that will have James Comey (FBI director) one week followed by Chris Soghoian (ACLU) the next week.
Thanks for this I didn't know this existed. Interesting for sure to see the evidence presented on each side and how little actual data came through in the course of the debate.
The parent poster didn't advise ignoring the pro-NSA opinions but gave his opinion that he felt there might be an astroturf campaign. And why follow a comment agreeing that astroturf campaigns are employed with one slanting those pointing it out as 'spooks' and 'paranoid'?
I think it's worth reminding fellow readers that this sort of manipulation happens, and likely on HN.
That's a fair point, but as evidence of likelihood, it's still kind of weak. The US government might post here. But then again, so do communists and anarchists and libertarian capitalists and what have you. It's not as if HN is awash in pro-US, pro security sentiment anyway.
It seems to me as if the purpose of bringing it up is to warn people that any opinion they encounter of a certain kind can't be trusted, because it's probably part of a coordinated campaign of government manipulation. That's a couple of steps away from calling it thoughtcrime.
I haven't seen a political comment thread on a major site which hasn't been polluted with astroturf in the last 2 years or so. Anything regarding Russia is particularly obvious but they are all at it. Then again, when enough regular commenters are just parroting talking points there's not much distinction.
Assume that since there is something to be gained by the more powerful on one side, that a certain portion of the comments siding with the more empowered source are owned. It's not worth calling out individual commenters, because you can't know. But assume that some portion is shilling.
The hard part is guessing what portion. 10 percent? 30 percent? What's the time-graph? Is it 50% of initial comments, tapering off to just us Real Folk to dither around with the wondering phase of the conversation? The important thing is to assume that you're often witnessing a deceit in some capacity, in most any important conversation.
Needless to say, all this is pretty fucked up.
EDIT: Changed percentages, because I honestly don't know what's reasonable :/
One approach to countering sock-puppetry as a general problem is with increased transparency. Personally, I think lobste.rs' notion of a user tree is a step in the right direction: https://lobste.rs/u
An appearance of merit can be engineered/manufactured, which is one of the foundational concepts of classical trolling, not to mention thread-poisoning.
The introduction tree is a great idea. But lobsters community is junk. If you dare have an opinion against their hivemind you get donwvoted to oblivion. It's like a clique took over.
Reddit had a similar problem with truthers taking over discourse at the beginning, luckily it went away. Perhaps because there was a popular parody account mocking them all the time (something like 9_11_was_an_inside_job), and that account retired in time when it's job was done.
I've been reading the comments and it looks like typical political bickering. People have been made so polarized on these issues by propaganda, astroturfing, the two party system, mainstream media, and etc. that they can't have a conversation about these topics without going for the throat. Shockingly, or not so shockingly, even on Hacker News we can not seem to have constructive conversations about this stuff.
What comments in support of the NSA? Any comments in support of the NSA here are IMMEDIATELY flag-killed by the HN Nazis who love to suppress any kind of free speech they don't agree with.
There is absolutely no reason for the NSA to give a flying fuck about what you or I think.
There just isn't, and it'd be a waste of resources to even attempt something like this.
People do exist (I am one of them) who think the NSA is doing a nasty job that isn't very appealing, but is absolutely necessary for me to be able to sleep in my bed at night safely. They may not have the best guidance from the government, but there are people who do believe they're doing the best they can.
Why must there be a conspiratorial astroturfing campaign taking place? Why can't there just be people who actually agree with some/most of what the NSA has done, based on the laws that govern it?
> Why must there be a conspiratorial astroturfing campaign taking place?
Regardless of how you feel about it, there is a conspiratorial astroturfing campaign taking place - it's a well documented NSA activity. Whether it accounts for specific comments is impossible to say, but it does exist. Why then is it so absurd to think that it may be in play?
Or that GCHQ does do it, but because they're GCHQ and not NSA that it's irrelevant?
Because now you have evidence that GCHQ does it you should allow the possibility that NSA does it. The reason you don't have evidence that NSA does it might be because NSA is a secret organistion.
Snowden did not gather everything. Maybe he just missed it? Or maybe GCHQ does it but NSA doesn't? We know that other bits of the US government have different levels of online presence so I'm not sure why you're so hostile to the idea that NSA has people that disrupt online conversation about NSA.
I for one try to only accuse folks of doing things I actually have evidence of them doing, and I know this sounds crazy, but there's currently no evidence the NSA is on HN astroturfing comments, so maybe we shouldn't pretend like we know things we don't.
People do exist (I am one of them) who think the NSA is doing a nasty job that isn't very appealing, but is absolutely necessary for me to be able to sleep in my bed at night safely.
I don't buy the Col. Jessup rationalization at all, and I think it's simpleminded. The threats these people are defending against are ones created by their own actions, and the actions of the governments they act on behalf. Regular citizens of whatever country are affected by these activities but they don't get a voice in how or whether the "nasty job" (and it's precursors) are in their interest.
So in other words, if the US just left everyone alone, there would be zero threats to the US? Everyone acts rationally, and once you remove all rational reasons to attack the US, folks will simply stop doing it?
Of course not, and that's a highly uncharitable reading bordering on bad faith.
1) the current state of affairs does not remove threats, because the agencies are starting trouble, too;
2) the people are the ones who have to live with the effects of something, in the US a result of a democratic system where the agencies may prioritize their own imaginations over citizens' actual lives, where the agencies may have perverse incentives.
Just to be clear, is there any form of this conversation where you admit to being anything except absolutely correct on all points you're attempting to make?
I get the feeling you're one of those folks who won't accept anything except what you've already concluded.
Your reply had literally no connection to any of the words in my post except, presumably, in your imagination. Can you lay out its accuracy for us? Obviously we're curious how you made the jumps in logic you did, and it appears you left some words out.
As a casual reader of the NSA/GCHQ/Snowden threads on HM I have mentally check-marked nearly every comment of yours within this thread as a different form of documented tactic of subversion used by forum plants.
You sling personal insults, you point out trivial errors and falsehoods in statements by others which have nothing to do with the given point, you attempt to diminish reputations, and whatever other tactics available at the particular avenue in order to derail the original point/argument, while pushing pro US government talking points and stereotypical 'save-the-children' rhetoric.
I don't know who you are, but I have recently begun ignoring your posts, attempting to derive wisdom only from the replies directed towards your usually greyed/dead comments, but I hope that people who read my reply to you will take the chance to read your past comments and attempt to pick up on any potential biases before considering your opinion on things.
And even if I am completely wrong about your stake in this game, the hostility that you inject into these discussions is uncalled for, and adds nothing but scorn and hurt feelings, quelling the debate and discussion of the topics at hand; what I believe is your very objective.
Although I was late to read it, this comment is at least as bad as the one I chastised in this thread.
It's fine for users to neutrally remind each other when they're breaking the HN guidelines. But it's not ok to insinuate evil motives, let alone that another user is a "forum plant". Personal attacks are not allowed on Hacker News.
Please don't make comments like this or be personally rude on Hacker News. Even when you're sure you're right, it harms the site for everyone. That's why it's against the rules:
What? Come on, I wasn't being rude, I was making a point. The nature of the responses on this topic, particularly on Hacker News are completely aggressive and kill any intellectual exploration or useful conversation.
I can't voice an opinion on this website that doesn't mesh with the popular opinion on this specific topic without being severely marginalized, mocked, and even ridiculed -- I think pointing that out should be allowed.
"There is absolutely no reason for the NSA to give a flying fuck about what you or I think.
There just isn't, and it'd be a waste of resources to even attempt something like this."
You and I are not the ones defining the reasons of and what NSA are interested in. You might think there are no reasons, but NSA may have a totally different view. For an organization that for real wants to capture ALL communication on this planet, waste of resources may seem like a minor issue.
Thanks to Snowden, we do know that NSA and GCHQ are actively doing astroturfing.
Without overstate the importance of HN, this is one place where a lot of technical talent hangs out. Talent that also talks, informs and educates others. If one want to moderate criticism from people that others listen to and rely on for information about security, privacy, HN would probably be a good place to focus on.
I agree that it's best to assume earnestness in opinions, I disagree with your opening. There absolutely is a reason for the NSA to give a fuck what you or I think. They are an intelligence and security agency, operating covertly with plausible deniability is what they do. More importantly, there are laws trying to be passed that can strengthen or weaken their funding and power. Making people at home feel that the agency needs to keep up the good work is not a waste of funds to that end.
They just got caught with their pants down spying on the American people. If they don't try to take hold of the narrative they might see themselves at the shit end of the political stick.
Do you have an actual answer to that question? Because it seems like a bad plan to spend trillions of dollars on something if you can't even show that it works.
If by "me" you mean "the voters" then yes of course. What was that Russian proverb Ronald Regan was always so found of? Trust but verify? The verify part is very, very important.
Blind trust with no accountability is totally insane. There has to come a point, during the lives of the people who have to be held accountable for what they've done, that what they've done comes to light. Or how do you propose we hold them to account?
You pick representatives, and they are shown the effectiveness of programs, because they are the ones who vote for the programs.
This isn't about you, or me, or any individual, that's not how this country works. Some things that are not very popular are absolutely necessary nonetheless.
> You pick representatives, and they are shown the effectiveness of programs, because they are the ones who vote for the programs.
They aren't always given the information either. Recall Diane Feinstein being quite displeased about being lied to recently. And we still have to elect "them" on the basis of something. By what process is a corrupt politician supposed to be held accountable if the fact of their corruption is a government secret?
> Some things that are not very popular are absolutely necessary nonetheless.
How do you propose to ensure that only the "absolutely necessary" things are occurring?
If you know about it, it's not secret, so you're in a losing position of being unable to come up with an example of corruption the public doesn't know about.
Don't be silly. All of the corruption we know about now is an example of corruption the public didn't know about before it was published. The problem is we need to learn about it while there is still time to do something about it. We can't stop it if we only learn about it after it has already happened.
Which NSA activities have been necessary for you to sleep in safety?
And as to the 'nasty unappealing job', what has led you to believe that is a common perspective among those who work there? The project detailings that have been released often seem downright giddy.
>There is absolutely no reason for the NSA to give a flying fuck about what you or I think.
True. But that's not what this is about. What the NSA care about is what resources he has, which they would want to use for their own purposes - this is why they monitor such individuals as work at major ISP's. Its not about thought - its about action. What actions can they perform if they gain access to this persons electronic life - in the case of sysadmins for major ISP's, there is much to be gained from infiltration, exploitation, and subterfuge.
There was a long interview with Snowden posted recently, which didn't make it to the frontpage. I guess because of Snowden penalty on HN and Snowden fatigue. Anyway, he kept repeating a point which is quite easy to understand for the public I think.
And the reality is when it comes to cyber conflicts [...], we have more to lose.
We spend more on research and development than these other countries, so we shouldn’t be making the internet a more hostile, a more aggressive territory. We should be cooling down the tensions, making it a more trusted environment, making it a more secure environment, making it a more reliable environment, because that’s the foundation of our economy and our future.
[...]
The concept there is that there’s not much value to us attacking Chinese systems. We might take a few computers offline. We might take a factory offline. We might steal secrets from a university research programs, and even something high-tech. But how much more does the United States spend on research and development than China does? Defending ourselves from internet-based attacks, internet-originated attacks, is much, much more important than our ability to launch attacks against similar targets in foreign countries [...].
[...]
When you look at the problem of the U.S. prioritizing offense over defense, imagine you have two bank vaults, the United States bank vault and the Bank of China. But the U.S. bank vault is completely full. It goes all the way up to the sky. And the Chinese bank vault or the Russian bank vault of the African bank vault or whoever the adversary of the day is, theirs is only half full or a quarter full or a tenth full.
But the U.S. wants to get into their bank vault. So what they do is they build backdoors into every bank vault in the world. But the problem is their vault, the U.S. bank vault, has the same backdoor. So while we’re sneaking over to China and taking things out of their vault, they’re also sneaking over to the United States and taking things out of our vault. And the problem is, because our vault is full, we have so much more to lose. So in relative terms, we gain much less from breaking into the vaults of others than we do from having others break into our vaults.
There hasn't been any such penalty for many months. There used to be a weak penalty, which started during the period when there were hundreds of NSA/Snowden stories. But our intention was always to remove that once the quantity normalized, and so we did.
I thought the back doors into our vaults were intentional, so that NSA could get in. Is the NSA willing to allow local companies have a completely secure network if it means they can't get into it also? Seems like they're comfortanle with the risk of hacks as long as they can get to go into the vault and look around too.
There's no reason to pick Offense vs. Defense any more than there is Social Security vs. Education. It's just a question of budgeting. Why wouldn't we invest in both?
In this situation, you can't pick both. The offensive measures we are discussing exist by breaking the defensive measures. The problem is breaking the defensive measures breaks not only their defensive measures, but ours as well. Hence Snowden's analogy to making a secret entrance to all bank vaults, even ours.
In this case, the idea is that the NSA will keep knowledge the secret door to the bank vault to themselves, and we'll all be secure. The problem with this is that other countries can inspect the bank vault and discover the secret door for themselves, or steal said knowledge from the NSA via espionage. Now our bank vault is just as exposed as theirs.
I think offensive vs defensive is a very easy choice. We want to prevent our systems from being compromised, but don't have any business provoking attacks by breaking into systems. Invest in defense.
To be fair here, the NSA should very well be doing these things, for the purpose of attacking other states. The reason is very clear as the Russian attacks on Estonia ( https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia ) demonstrate a clear need for defensive capability in this area, and where you have defence you end up needing offence.
This persistent confusion between legitimate NSA operations such as preparing to intercept communications of foreign governments and illegitimate such as mass slurping of everyone's email merely serves to discredit the entire privacy defending position, and in the long run will just play into the hands of those that want to read everyone's email for nefarious purposes.
So I happen to be German, and obviously I don't have a say in what commands you guys give to your own secret services. But since this appeared in a German magazine, allow me to say this: given the track record of how you treat your alleged "allies", I don't feel comfortable seeing these developments. And I wouldn't ever trust anybody with these powers, least the nsa or even the US government. These people are still trying to create a US World Empire out of their own hybris, they just cannot leave the world in peace.
Surprisingly, it turns out that this is an easy way to make enemies, as last week's action in Paris have shown. It has been shown since 2005 that the islamists that massacred twelve people were, in fact, radicalized by what they learned about the prison of Abu Ghraib.
Job well done, thank you very much guys.
Lastly, the way our own government is supporting the nsa makes me feel nauseated at some times, furious at other times. We have plenty of work to do locally, that's why usually I don't complain about foreign services. Simply allowing the nsa to gain world domination like that though, just because "that is their job", really is hard to accept for me, and it really rubs me the wrong way.
Point taken. But let's keep the CSC vs de-mail discussion for another time. I see a huge difference between spying to get to know the others' intentions, and preparing sabotage, destruction and infrastructural doom for maximum threat potential.
This explains why Europe is going back into recession. The only possible threat to US power is Europe waking up but they won't even close US military bases.
> given the track record of how you treat your alleged "allies", I don't feel comfortable seeing these developments.
The USA has no allies, only clients. Some clients get more respect than others but they're all clients.
Remember, the State Department had a mole in the FDP, reporting on the German coalition negotiations. In all likelihood the CIA have a minister or more. The US does not respect anyone's sovereignty who can't and won't make them.
Your government is practically telling you that they are doing the same thing. What do you think "that is their job" means?
I can't believe it is more likely to you that your government is rolling over and "letting the NSA gain world domination", versus your government is trying to downplay it because they know they may one day be caught in exactly the same situation.
Agreed. I think the Snowden revelations have harmed the NSA's reputation to the point where most people on HN just assume NSA is a bond-level villain. The NSA serves a purpose, they are meant to be prepared offensively and defensively for the USA's security, which includes the internet. I have no problems with the NSA's purpose and would prefer they continue to exist and prepare against threats to the country.
I do believe the NSA overstepped their mandate in domestic surveillance, and should be held accountable, but let's not forget that this world does have bad guy's - plenty of nations would lose no sleep at night if they hurt America.
Sapir-Whorf and Newspeak. What does "security" mean?
I have no doubt that the NSA's job is "national security" and that some portion of that work serves the people. Nobody knows what that portion is, by design.
If you bury the difficult, complicated issues under terms like "security", "threat to the country", and "bad guys", you're basically just supporting the NSA on faith.
Forget the terminology and FUD of "threats", and let's ask ourselves what the concrete benefit to the people of the United States (or better yet, the world) is for the NSA to be arming themselves for the destruction of computer systems. Is the benefit Cold Waresque deterrence through keeping the rest of the world in fear? Is this the strategy we want our work and taxes to support?
Maybe it's too complicated to think about, and even if we wanted to critically analyse the situation, secrecy prevents us from knowing anything besides what the government desires the people to know. It's easier to just trust in benevolent "national security" protecting us from Eastasia. Let's not forget that the world does have bad guys, and besides, we've always been at war with Eastasia.
> I do believe the NSA overstepped their mandate in domestic surveillance
They've been doing it longer than the Internet. The "Five Eyes" have existed for a while, so that they can have a legal loophole for domestic spying (e.g. "We can't spy on our citizens, so we'll just ask our allies to do it for us!"). To me this indicates that, while the stated purpose behind the organization may have merits, the execution of that purpose has been flawed for some time.
It specifically explores the conflict of interest that the NSA must work both offensively and defensively. It makes the argument that the balance has shifted so drastically to the offensive that our defensive is being weakened.
What the article fails to mention is the NSA's instrumental efforts in weakening crypto standards and computer security in general. We don't know the extent of that undermining yet, but it's likely significant. They are also hoarding security vulnerabilities and not releasing them, as responsible researchers should. They're weakening security for everyone.
Now, the US government as a whole is in a very strong position to actually push for genuine security compliance and to ultimately defend against even the most determined state cyber warfare initiative. They haven't done that because they want a way to get into systems even if it makes people less safe on the whole.
precisely, and this is why I'm starting to think that snowden has - at least - caused as much harm as good by his revelations. if he had stopped at revealing the domestic surveillance he would be an undisputed hero/patriot. but with all of these unnecessary leaks that does nothing but harm to national interest I can understand how others might view him otherwise.
Others have said as much. Here is a quote from William Binney, another NSA whistleblower, on advice that he has for Snowden:
> I would tell him to steer away from anything that isn't a public service — like talking about the ability of the U.S. government to hack into other countries or other people is not a public service. So that's kind of compromising capabilities and sources and methods, basically. That's getting away from the public service that he did initially. And those would be the acts that people would charge him with as clearly treason.
The US public has a legitimate interest in knowing about NSA's hacking abilities, because vulnerabilities used by the NSA abroad can just as easily be used domestically by foreign or criminal attackers.
Against a well-prepared adversary, a vulnerability can only be exploited once -- a zero day. After disclosure, or evidence of an exploit in circulation, such vulnerabilities become useless towards the agency's mandate, whether or not you agree with that mandate. Realpolitik? Definitely.
The affected public is not just in the US, considering us citizens of (even) allied countries are fair game. The motto you cite probably refers to just US citizens.
Do you realize that Snowden never leaked single documents? He just delivered over 100,000 of documents to Glenn Greenwald last year, and he published them continuously over a long time.
Correct me if I'm wrong, but they said some time ago that only 1% was published. So it would be impossible for Snowden himself to read everything and choose if it should be published.
as you said, he leaked 100k documents to Glenn Greenwald. My point is that it was his responsibility to vet them himself and not rely on Glenn and whoever Glenn chooses.
Specifically which leaks harmed "national interest" without benefit to the public? I ask non-rhetorically, as GCHQ at least have shown themselves not to be above "leaking" carefully selected titbits and attributing them to Snowden, just to muddy the debate:
Note that this "leak", as well as NOT coming from Snowden, isn't really in the domestic public interest, is an activity that a far larger percentage of people would support, and presumably is already known by the target anyway. The clear intent is to make people read the article and go "huh, this Snowden ballyhoo is very overblown". I wonder why the so-called "Independent" played along.
> if he had stopped at revealing the domestic surveillance he would be an undisputed hero/patriot. but with all of these unnecessary leaks that does nothing but harm to national interest
It's also important the public realize the NSA is more than just the National Stalking Agency.
I'd say it's safe to assume all 1.7 million documents, including the secrets his bot scraped that Snowden didn't want released are in the hands of the Chinese MSS already. I find it hard to believe they didn't set up shop beside his room in that HK hotel to use state intel agency methods to grab his keys, nor do I believe that his hasty destruction of his standard laptop wear-levelling flash drives in the airport before departure to Moscow actually destroyed all the data.
I bet there's a room stacked to the ceiling in printed US secret military documents in Beijing that they trade to Russia for cheap oil+gas imports. I realize Snowden never wanted that to happen but there's a reason why state's have strict methods to store and transport top secret data and they don't include using questionable XTS container software and staying in a HK hotel with the entire secret US archive stored on a commercial device.
To me this goes both ways. If there is a legitimate mission for the NSA to accomplish, then perhaps they should make sure at all times to act in a way that is deserving of the public's trust. The persistent confusion you mention is not the fault of the confused.
I don't understand why there are so many comments saying that the NSA needs offensive digital capabilities. What valid reasons does the NSA have to ever be committing a cyber attack?
I can't think of any good argument for why the US military should have no offensive capabilities in the digital realm. It'd be the equivalent of staying out of the skies when flight became possible.
In any war, the US is going to come under digital attack, and it should be fully capable of responding both defensively and offensively. Besides that, shutting down the power grid of a country you're at war with via digital means, sure beats doing it with hundreds of missiles.
But by stockpiling vulnerabilities they are making civilians less safe. Offensive digital capabilities should never come at the expense of fixing software.
I ended up rescuing & then adopting a German Shepherd 18 months ago, without having planned such a thing. These days I don't even bother to read the the scarevertising from burglar alarm suppliers that turns up in the mailbox every month or two. I don't want to barricade myself into my own home or have some corporation constantly surveilling it for me. While it's far from an exact analogy, I actually feel quite a bit safer with an active deterrent than I did previously.
What is the "active deterrent" analogy in computer security that makes it worth leaving vast numbers of civilian computer systems vulnerable to stockpiled 0-days, engineered backdoors, and weaknesses surreptitiously introduced into standards?
Bombs under your neighbor's porches, according to this sister comment - more seriously, the offensive capabilities outlined in the original article. I think both of you are taking an over-literal reading of my comment despite the qualification therein.
Bombs under your neighbor's porches, according to this sister comment - more seriously, the offensive capabilities outlined in the original article. I think both of you are taking an over-literal reading of my comment.
Having offensive capabilities and actually utilizing such capabilities are two different things. You can acknowledge the need for the former alongside the dangers of the latter, just as you would with any standing military.
> Having offensive capabilities and actually utilizing such capabilities are two different things. You can acknowledge the need for the former alongside the dangers of the latter, just as you would with any standing military.
In information warfare, waiting until conflict begins is too late. The information you collect and systems you exploit prepare you for the conflict.
For example, country A wants to know about country B's new bomber years ahead of the conflict so they can design anti-aircraft defenses to stop it. Country B spends years gaining access to Country A's routers, servers, etc. so they can utilize them the moment conflict begins.
If you wait for conflict to begin to do these things, you will be much too late.
This is very true, but that still leaves a significant gap between what you're talking about (military/strategic intelligence enabled by network operations) and an actual military campaign conducted against adversary networks.
Both may well need similar capabilities but we can't tell the ability of an agency to engage in "cyberwar" just from their activities in "cyber espionage".
I don't really see how that fits into this scenario. Computer Security is more like chemical warfare. Were you can either do research or try to make everyone more secure by international treaties. Here you can either undermine encryption, infiltrate networks, keep exploits to yourself or you can make everyone secure by patches, standards and encryption that works.
> undermine encryption, infiltrate networks, keep exploits to yourself
This is really the MO of any intelligence agency; that is their job.
> you can make everyone secure by patches, standards and encryption that works
Interesting statement, because it shows some things. Firstly, there is a difference in incentives -- why publish a vulnerability when it could be used to further your mandate? For the specific case of NSA though, that also ignores their broader role in securing federal communications (eg, vetting SHA, AES, FIPS, etc). Of course, there are always exceptions (DES, Dual-EC-DRBG, etc) -- but in a way, that precisely illustrates why we have intelligence agencies in the first place: trust no one.
This was the British GCHQ. They were spying on non-Europeans using their roaming networks, including US citizens.
If you think there's some sort of restraint with regards to citizens of other 'five eyes' nations, I wonder how you square that with the "but everyone spies on everyone, including allies" argument that can always be found in these threads.
Are you a US citizen? How would you react if supposedly close US allies were bugging the White House, the US senate and AT&T? Repeatedly? Five Eyes, Echelon, Merkel, Belgacom, ...
Um.... you perhaps know less than you think you do about what "close US allies" do and do not engage in behind closed doors. Half of the reason Five Eyes even exists is to reduce the threat of espionage conducted by close allies.
I agree. The DoD/NSA and other agencies should be developing these capabilities. IT's really the oversight and legal use of weapons against civilians that is the question
I suspect that "cyberweapons", like biological weapons, are almost impossible to use in a way that does not harm civilians. Their development is practically certain to lead to use against civilians in a way hard to reconcile with the ideas behind current international law. On the other hand, the idea of fighting a war without harming civilians is a 19th century notion unlikely to survive much longer.
It's exactly this unrealistic notion of having your cake and eating it too that landed us in this mess in the first place. And what do you mean by "defensive capability"? Secretive military organizations isn't going to protect civil society. In fact their influence is often in opposition to such protection.
Everything at the lowest levels needs to be tightened up now.
Buffer overflows in trusted code have to go. This means getting rid of the languages with buffer overflow problems. Mostly C and C++. Fortunately we have Go and Rust, plus all the semi-interpreted languages, now, and can do it.
We need something that runs Docker-like containers and, all the way down the bare metal, has no unsafe code. We need dumber server boards, with BIOS and NIC code that's simpler and well-understood. The big cloud companies, Amazon, Facebook, and Google are already doing their own server boards.
Companies which put in "backdoors" should face felony criminal prosecution. That doesn't happen by accident.
Latest CERT advisory: "Vulnerability Note VU#936356 Ceragon FiberAir IP-10 Microwave Bridge contains a hard-coded root password ... Ceragon FiberAir IP-10 Microwave Bridges contain an undocumented default root password. The root account can be accessed through ssh, telnet, command line interface, or via HTTP. ... CERT/CC has attempted to contact the vendor prior to publication without success."
All Ceragon customers should demand their money back, and their products should be seized at US customs as supporting terrorism.
> Buffer overflows in trusted code have to go. This means getting rid of the languages with buffer overflow problems.
In the meantime, since moving away from C will take years, we need to invest in better exploit-mitigation technology instead of relying on bug-hunting-driven-security. That means OS/kernel developers need to start taking security seriously and keeping up with attackers. This means adding proactive measures instead of slowly reacting only when a new CVE comes out. Which sadly far from the reality at the moment.
For example, OpenBSD made headlines for adding W^X to the whole kernel but hackers have already been bypassing W^X on iOS for years:
>> These protections may guard against a (very small subset of) casual attackers, but they're just another minor hurdle for determined attackers.
In addition we need to move away from signature-based AV towards host-based intrusion detection systems (HIDS). It is not accident that all the feds who left government cybersecurity jobs in recent years moved to build private companies creating HIDS products and making millions selling them to big corps (FireEye, Crowdstrike, etc).
The only options available for consumers and the average sys admin are security tools easily bypassed by any semi-sophisticated adversary (for ex: Anti-virus/RKhunter/SELinux/most trusted computing code-integrity systems/etc).
One problem with most "interpreted languages" you cite as preferable is that they rely on C/C++ run-times for now. This means these languages are only as safe as the underlying C/C++ run-times and the core libraries they rely upon (glibc and the like.)
We need to start to think of replacing underlying runtimes and core libraries with Rust and Go-based alternatives (or similar) to make them safer. Ultra-large goal and probably impossible in the near term, but it should be done.
It may not be that big a task. How much code do you really need to run a container instance? If you could get an airtight Xen-like system, you might not need much of an OS inside each container. Xen already does memory allocation, CPU dispatching, I/O handling, timer handling, and message passing, which is all an OS really needs.
Rust programs running on "libnative" do not, I think, use "libc" any more.
The chair of the computer science department at my university liked to say that CS could just as easily be considered the Computer Security department. This guy wasn't a pragmatic programmer whatsoever, he always claimed he didn't even know how to code (he was a theory guy), but he was right.
I wonder, how switching to different programming language would have prevented backdoor in network hardware?
Juz 16 is right that the companies concerned should face criminal prosecution, this is not technological problem and technology cannot (ultimately) solve it.
Removing whole classes of software bugs, even if the cost were bearable, won't make a huge dent.
If you fix the software, the NSA will just backdoor the firmare/hardware (if they haven't already) and, even on an Android phone running AOSP, there are literally still millions of lines of proprietary, unaudited, closed-source code. Not to mention half dozen microprocessors containing circuitry you can't possible inspect. PCs are the same these days. Do you really expect these multi-billion $ industries to change? There's only a niche commercial interest for consumers of 'simple and well-understood'(read: secure) firmware.
And it's not like the hardware/consumer industry is sitting pretty as a lone miserable failure from a security sensitive standpoint. Then entire Internet stack from Ethernet and BGP up the way up to HTTP is complete and utter garbage. Our standards bodies (IETF, W3C etc) are failing to protect us and there's no sign of it getting better because the cost of starting over is simply too damn high.
There are a number of objectionable elements to the NSA foreign operations.
- Mass surveillance of all humans is objectionable on human rights terms.
- Attacks on civilian infrastructure. The NSA is executing military operations against civilian infrastructure even in NATO countries.
It isn't conventional foreign policy or warfare for a military agency to be actively and continuously attack the civilian cultural and economic infrastructure in preparation for war.
Of all countries? I doubt that. Many people don't seem to realize the scope is the main problem here, and they are equating spying on one person in targetted surveillance, with spying on 4 billion people and saying "NSA has already been doing that!". No they haven't. So stop confusing the message.
Another big problem is that NSA has started undermining crypto. Before 2001 you could maybe actually trust NSA that they're releasing crypto that is safe because you thought they actually have an interest in "security". Not anymore. Anything and everything NSA has touched now has to be considered corrupt.
Judging by the scope of the attack on Belgacom in 2011 that battle is already underway, the surprise I guess should be that it is the allies attacking each other. If China or North Korea would have made an attack like this it would be trumpeted as an act of war, but because it is the UK with NSA assistance it's downplayed as much as possible.
The premise that we need "beneolvient power" to "protect us" from "evil doers" is the oldest trick in the book. If there is no threat, one will be generated. Almost organically, it does not even take overt orginization. The players know cui bono.
She has abstained from interference in the concerns of others, even when the conflict has been for principles to which she clings, as to the last vital drop that visits the heart. She has seen that probably for centuries to come, all the contests of that Aceldama, the European World, will be contests between inveterate power, and emerging right.
Wherever the standard of freedom and independence has been or shall be unfurled, there will her heart, her benedictions and her prayers be. But she goes not abroad in search of monsters to destroy. She is the well-wisher to the freedom and independence of all. She is the champion and vindicator only of her own. She will recommend the general cause, by the countenance of her voice, and the benignant sympathy of her example. - John Quincy Adams
It was until recently (the early 1900s) that the policy of the United States to stay entirely out of any foreign affairs other than her own. It was acknowledged that America could spread her virtues and values by being the paragon example of them as inspiration to others to follow suit.
Today she holds the opposite view - that it is her unquestioned duty and obligation to interfere everywhere with the justification and rationalization that she seeks justice - and that discarding some of these principles for her own people is necessary for this noble mission.
It's kinda odd that our politicians in the past used to be, for lack of better words, poets. I have often wondered about this and wondered what has happened.
Speaking as a citizen, the problem with the US's newest brand of digital weapons, is that they can be used on US population under the radar and w/o killing anyone. This may justify legally their extended use for surveillance unfortunately. The development of the atom bomb and chemical weapons had no "convenient" use on the USs own citizens, and they clearly couldn't get away with it. However, these weapons do, and they are being developed with all the same force, purpose, and financial backing as the a-bomb and chemical weapons were ~100 years ago.
Not only could use. These weapons are built using either weaknesses introduced into civilian domestic systems, or found in domestic civilian systems and not fixed. This means that the basic premise for this weapons created to protect US citizens is to weaken their security.
I won't pretend to know what's going on here or its implications. So far humanity has lucked out considering our capacity for building some pretty nasty weaponry. We'll probably go through a series of cyberwars before we come to our senses.
I don't blame the NSA for trying to be ready to fight a cyberwar. Other nations probably wouldn't stop their programs even if the US did. Our culture isn't the only one infected with a sense of Manifest Destiny.
Where we might consider drawing the line begins with necessity. Deciding which actions are necessary and which are gratuitous might prove difficult, assuming we even know, which is why I find it hard to fault Snowden for leaking this information.
As fearsome as the NSA sounds, certainly they have some limits. For instance, why don't they just clean out everyone's bank accounts? Might pay their bills for a few days anyway. But why haven't they gone after certain criminals? Many shady operations keep their money in jurisdictions that probably can't compete with our cyberwar capabilities. Maybe these operations enjoy the protection of a powerful entity but probably not all of them do. And probably many operations still use cash and couriers but the US and others seem to have gotten better at tracking movements of people so it's doubtful such tactics will remain viable forever.
Maybe in the end we have to somehow conquer the notion of distrust. Not sure how it can be done except through telepathy and even then the transition to a telepathic society will probably be full of misery.
The NSA behaves very hostile against everyone not from the US. As an EU resident I think it is very important to have an idea on the lines the NSA is crossing to protect US citizens that might put me at risk.
But that puts it under espionage not "whistleblowing", we don't call a N. Korean scientist that defected to the west who spills light on N. Korea's nuclear program a whistleblower, we call him a defector and a spy.
Intelligence Agencies act on the behalf of their respective nations, there is nothing surprising about the US spying on the EU and vice versa.
As we already know the extent of the collection programmes the NSA operates i really do not see any real value in spewing more and more content about it, especially things that start to touch on the operational know-how of such programmes.
As much as we don't like the Americans spying on us there are far worse nations out there that i would actually fear if they will ever gain even a shred of the capabilities the NSA and some other western allied nations have.
Sadly this incident will be a very bad thing to whistleblowing in the long run, good luck passing any whistleblowing protection laws in the US (and many other countries including in the EU who took notice) any time soon.
While i do respect the sentiment behind Snowden's leak, I do actually have a bone to pick with how it was executed. There were NSA leakers before him, there will hopefully be some after him that will speak out when a line is crossed. However grabbing which ever documents you can put your hands on, and then seeking shelter in what is now a defacto hostile state isn't really responsible behavior.
Just few years before Snowden we already had an NSA leak from which the "secret interpretation of the FISA act" fiasco was made public. Snowden could've made the same effective impact with a handful of slides, not 1000's of documents (if not more, some numbers which were flying in the early days of the leak pointed at anywhere between 50 and 250 thousands documents) of which many probably contain actionable information which i would dare to say puts the EU as a organisation, and you as an individual at more risk than anything the NSA will ever did or do.
not 1000's of documents [...] of which many probably contain actionable information which i would dare to say puts the EU as a organisation, and you as an individual at more risk than anything the NSA will ever did or do.
Fearmonger much?
So far my statistical risk to be killed in a train accident is significantly higher than being killed in a terrorist attack.
And somehow it has been this way since before the internet was even invented.
How did the internet make the terrorists suddenly so much more dangerous that we now need mass surveillance to defend against them?
What do terrorists have to do with anything? Nation states are far more likely to launch a cyber attack against the EU than a terrorist organisation.
And since when mass surveillance is a new thing? The US, some European allies, Russia and any other capable country were conducting mass surveillance since pretty much WW2 if not earlier. Tapping phone lines including the transatlantic phone cables since the 50's, opening millions of letters each year and far more.
Nations have always been spying on each other and on their people, I am not saying that this is right, and that it's justified in every case but it's the reality we've been living in since the middle of the 20th century if not during the entire recorded history.
But sure keep thinking that posting every document including ones that deal with operational aspects of the programme is justified. Next time when the EU decided to duke it out with Russia over the gas piplines and trade agreements it might find it self on the receiving end of such programmes far more hostile than the NSA tapping a Belgium ISP.
P.S.
H/N Don't forget to bury this comment with down votes too since well screw the content rules, your political opinions and narrow world views are under attack.
P.S. 2.0
Just for the kick of it according to data from the ERA(European Railroad Agency) the total number of deaths in train accidents from 2000 is 319, number of people who died in terrorist attacks in during the same period in Europe is 338+(stopped counting once I've got pass 319..). Please note that this isn't the number of EU citizens who died in terror attacks(which is several times greater), but the number of casualties for attacks on European soil.
Of course if you count the Madrid train bombings as a train accident you are welcomed to subtract 191 people of that list and add it to your get hit by a train statistic.
And since when mass surveillance is a new thing? [...] Countries were conducting mass surveillance since pretty much WW2
Since when are nukes a new thing? Countries have been going to war for centuries!
Can you see how absurd a notion that is?
The NSA will soon be able to record every move you make and every word you speak or write during your lifetime, in realtime. Not much later it will be able to do this for entire populations.
None of this has been possible until very recently. Conflating this kind of mass surveillance with the past practices of manually opening letters and wiretapping phones would be very naive.
About your PS 2.0...
Since you apparently still don't realise how completely irrelevant that number is;
Twice as many people were killed by lightning strike in the same timeframe.
"The second report (rapport complÈmentaire d'activitÈs 1999) deals with the ECHELON system
in much greater detail. It gives a view on the STOA study and devotes one section to explaining
the technical and legal background to telecommunications monitoring. It concludes that
ECHELON does in fact exist and is also in a position to listen in to all information carried by
satellite."
"According to a former employee, NSA had by 1995 installed "sniffer" software to collect such traffic at nine major Internet exchange points (IXPs). The first two such sites identified, FIX East and FIX West, are operated by US government agencies. They are closely linked to nearby commercial locations, MAE East and MAE West (see table). Three other sites listed were Network Access Points originally developed by the US National Science Foundation to provide the US Internet with its initial "backbone"."
"...leading US Internet and telecommunications company had contracted with NSA to develop software to capture Internet data of interest, and that deals had been struck with the leading manufacturers Microsoft, Lotus, and Netscape to alter their products for foreign use. The latter allegation has proven correct (see technical annexe). Providing such features would make little sense unless NSA had also arranged general access to Internet traffic."
This is from the EU Parliamentary reports compiled in the mid to late 90's. You can find that and much more in the EU online library under "Temporary Committee on the ECHELON Interception System" and the SOTA reports...
Again not saying it's OK, but FFS this has been going on for a LONG LONG time, people really need to get some perspective and focus on what actually matters. The NSA won't stop "spying" it's what they are for, who and how actively they are doing it should be the main issue here.
On the PS part, well duh, the numbers are completely irrelevant it as was the arbitrary statistic about being in a train accidents vs terrorism.
Bring up a dumb point get a dumber reprisal...
who and how actively they are doing it should be the main issue here
Yes, it absolutely is.
Yet for some reason you keep trying to defend their Orwellian ambitions with some handwavy "they have always been spying, it's their job"...
The NSA is not "spying" in the romantic sense that you seem to be caught up in.
It is installing global surveillance, a google index of all communications worldwide (ICREACH). This goes far beyond keyword sniffing on phonecalls or opening letters.
They are implementing the exact kind of surveillance that totalitarian regimes are condemned for (see e.g. the movie "The Lives of Others"), at an unprecedented scale.
And their justification is the defense against a "threat" that is less likely to harm you or me than a lightning strike.
If you can't see the blatant disproportion here, and the extreme concentration of power in an institution that has largely detached itself from democratic checks and balances, then you must really have paid not much attention to the Snowden revelations.
> there is nothing surprising about the US spying on the EU and vice versa
Yes, the comforting normality of the cold war between the US and everybody else. Just don't be surprised when US products and services become a target of widespread boycotts around the world.
The same newspaper reported that Germany's BND had active wire taps on 2 US secretaries of state, (Hillary) Clinton and Kerry, as well heavily spying on NATO members like Turkey.
Snowden's own documents showed many EU countries (including all of the enlightened Nordic ones) who actively supported the US spying in order to gain intelligence on their own citizens and on other EU members, heck Denmark joined the NSA programme to spy on freaking Belgium.
The harsh truth is that everyone spies, even Iceland has some dude in an office some where who's in charge of their intelligence gathering. The means and effectiveness vary between nations but considering that the UK, Germany and France have intelligence services which are considered amongst of the best in the world only a fool would write this off as some US fling due to post cold war PTSD.
I agree. I don't believe this report includes anything that could pose a legitimate threat to national security. If the NSA has begun militarizing the internet, the public has a right to know.
The obvious answer is that it becomes much harder for the NSA (and related entities) to do their job when their tactics and capabilities are known to the world. And yes, this is their job, and there's nothing wrong with it. Domestic spying is something that needs to be reigned in and tightly controlled, but to think that everyone should know everything is just naive and shows little understanding of how the real world actually operates.
The obvious answer is that it becomes much harder for the NSA (and related entities) to do their job when their tactics and capabilities are known to the world.
Harder as in how?
That handwavy excuse gets thrown around a lot, I have yet to hear someone back it up with anything tangible.
Domestic spying is something that needs to be reigned in and tightly controlled
Well, we tried with blind faith for a while. Turns out that didn't work all too well.
So, how do you propose we control something that we are not allowed to know anything about?
"Well, we tried with blind faith for a while. Turns out that didn't work all too well.
So, how do you propose we control something that we are not allowed to know anything about?"
Agreed, with the first sentence at least. Let's be real though; no incarnation of oversight is going to have you and I involved directly, nor should it. You cannot expect the populous to be sufficiently educated on the intricacies of foreign policy and global threats.
So my proposal would be for the lawmakers to propose a better form of oversight which includes strict provisions for surveillance, especially the domestic variety. These provisions also cannot hamstring the NSA or the like; there has to be balance.
The parent comes off as a proponent of opening up the floodgates. That's ridiculous and it will never happen (nor should it). You cannot have a system which A) allows for full disclosure, and B) does not weaken our ability to defend ourselves.
"You cannot expect the populous to be sufficiently educated on the intricacies of foreign policy and global threats.
So my proposal would be for the lawmakers to propose a better form of oversight which includes strict provisions for surveillance, especially the domestic variety. These provisions also cannot hamstring the NSA or the like; there has to be balance."
but then, if you and I (the "populous") aren't allowed to know what they are trying to achieve, or how they are doing it, how on earth are we supposed to have any faith in the oversight that "lawmakers" provide?
I cannot overstate how strongly I abhor the "you cannot expect the populous..." type arguments when used to continue keeping them in the dark about matters for which THEY HAVE ULTIMATE RESPONSIBIILITY.
if "the populous" is expected to select lawmakers based on the quality of the job they do, then "the populous" sure as HELL needs to have the information on the intricacies of foreign policy and global threats made available to them, and the response that their lawmakers support.
> What benefit do we as the public gain from this knowledge?
I'm from the EU, but I can imagine that, given that some of the NSA's operations today are only semi-constitutional, where these operations are supposed to be going is relevant to the debate.
Belgacom was also targeted because its networks are a hub for non-Europeans roaming on the continent – including US citizens. Since this is the British intelligence service, US citizens aren't protected.
Remember as well that one of the CIA's targets in 2014 was the US Senate. Anything that damages the national security complex is a benefit to the US public.
Snowden revelations have become a media franchise in their own right. This is not about public gain anymore, it's about fame and revenue on the part of the outlets covering the stories.
The NSA should just leak documents showing all of the other governments doing this stuff so we can move on from the Anti US/UK circle jerk. Seriously if you think your government hasn't invested serious time and money in digital subterfuge you are living in a dream world and need to wake up.
Classic straw man. Many of the documents leaked have shown that our allies are doing the same, usually with the NSA's help. Of non U.S. allies most countries are too small to have serious programs, or are plainly doing much worse. I suppose this is some sort of perverse defense of the NSA, but the fact is that luckily most people would like to hold their government to a higher standard, instead of saying "the other guys are worse". If more people had had your attitude a few hundred years ago, we wouldn't even have democracy, as there would have been plenty more brutal and totalitarian regimes to point to.
What I find really frightening is where they write:
From a military perspective, surveillance of the Internet is merely "Phase 0" in the US digital war strategy.
[...]
This enables them to "control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0)." Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation. The internal documents state that the ultimate goal is "real time controlled escalation".
This isn't about fighting terrorism. It's also not about the usual warfare it's more like the infrastructure or a set of tools to control nearly every other country or the planet or at least make sure that the US will always be able to keep them from disagreeing.
I am glad for any document that has been leaked. Although we might not be able to see the whole picture yet it made one thing clear: the US government is at the same moral level as countries like Russia, North Korea or the Iran to me. They do neither respect the privacy of their citizens nor the privacy of any other person in the world. They might have some moral concepts that are a little bit more close to mine as a European (aside from the gun laws, death penalty). The problem is that they have much more power and influence than any of these countries.
What kind of idiot would ever want to stand on the wrong side in this world? We see that communication is not private, maybe every technical device could be used to spy on you and in a war against the USA you would not even see the enemy's soldiers. THIS is a reign of terror.
Good to know you see reading your mail as equivalent to executing people for their sexuality, interning hundreds of thousands in labor camps, and jailing all who dare oppose you. That definitely doesn't devalue the lives of all those people or reveal you as hysterically self-important.
I don't think he wanted to equalize both. Yet, snooping on your private conversations is wrong, executing people for their sexuality is also wrong. It's worse but both are wrong according to my value set ... this is a bit off topic, yet how would you rate the killing of innocents with drone strike?
What if some people believe developing offensive "cyber war" capabilities in secret is immoral?
Consider, for example, whether you would be opposed to someone leaking information as to whether one of the nuclear powers had nuclear capability in excess of what was publicly known?
Oh, sure you can dance around the fact that the latter may be more of a violation of treaties, etc., but just because their are no treaties covering "cyber war" (correct me if I'm wrong), does not make it morally acceptable.
Snowden did not write this article or blow this whistle. He handed materials directly over to journalists, which is protected by US law. This reporting has been done by journalists who have access to the Snowden documents, which is protected by US law.
that's why I never understood why he agreed to turn over all the docs to greenwald. he should've been in control of what's revealed and used the rest as insurance.
no one benefitted by revealing that the U.S. spied on merkle. that's what nations do, even Israel spies on the U.S. all the time. then this, how does this knowledge benefit anyone but the bad guys?
No, it doesn't. Snowden isn't the one who's been releasing these documents; the journalists are. For your claim to make any sense, you'd have to believe Der Spiegel is secretly working for the Russians.
They can disclose it because they were given it. Do you think he did not know this will get published sooner or later?
Also depth of Russian penetration of security services and media in Europe.. in many places it is quite complete. It would not actually be surprising at all if Spiegel had someone working for FSB/GRU.
Having said that it is not 100% certainty. If he was not turned before the disclosures then US whistleblower witchhunt that drove him into arms of FSB is even worse because he really had no choice once US started hunting him.
Did Snowden go to his superiors about the program?
Did anyone care?
If the Russians wanted to steal our information why not just steal the information? They have many of the secrets Snowden talked about already (via their own intelligence agencies, Russia is no slouch) and could publicize them if they wanted to, or release them anonymously and pretend it was some hackers on steroids.
It just doesnt hang together that Snowden is a spy for me, whether or not you approve of what he did.
Mostly because Snowden and his image and how it was done make the whole thing much more believable and has more impact in US and Europe then random anon disclosures.
Who knows what his motivations are, they very well maybe noble. Enemy of my enemy is my friend kinda thing.. and when you face US gov power you need powerful friends. He saw what happened to other whistleblowers.
In the end whatever the story is I think he did a great thing for the republic in the long term.
> the only law that applies is the survival of the fittest.
Is this such a problem? In a world where exploits are used to break infrastructure, isn't the best solution simply to build increasingly more secure code? If that won't solve the problem I don't know if legislation will. Right now a determined hacker can harm a company via the internet (e.g. Sony). Are laws really going to stop that from happening?
If not, please correct me. I know little about cyber warfare and would love to know more.
Legislature can't prevent bad people from doing bad things. But it can prevent good people from doing bad or ignorant things, and it provides a framework to punish those who cause harm.
Every law can and does get broken, but that doesn't mean laws are useless.
There are other ways to have an impact with laws than punish the aggressor. Airplanes aren't safe because the pilot or mechanic gets punished when something happens, it's because (very simplified) the airlines and manufacturers do.
I think you are exactly right. Any solutions to this have to be technical and largely defensive. Legal or diplomatic solutions will only bind parties that intend to follow the law. Counter-attacking and deterrence will fail if the attacker is not defending much of anything, so that approach might work against states and state-backed actors, but not against non-state actors.
> Legal or diplomatic solutions will only bind parties that intend to follow the law.
Simple rule of thumb: This argument is always false.
Our society is too complex. It is never about good guys vs. bad guys. It is mostly about money, who has the most and how laws can change incentives and prices.
It is the same with drugs, guns, atomic bombs and nearly every other topic were this argument is brought up. We need to get over this because it is just slowing us down.
The last 2 articles I read were this one and the earlier piece on Google and neural nets [1]. It's easy to connect the two, add the pervasive integration of technology in our lives, mix in a healthy dose of paranoia --> see a SkyNet future.
I'm pretty late to the party here but there are some fascinating parallels between the USG's actions in the physical world, as in the digital one.
First to USG has made a concerted and successful attempts to place secret digital strongholds and black sites across the globe, including some 'behind the enemy lines' so to speak. In the physical world these are the equivalent to CIA black sites and safe houses, from which you can attack and spy on the enemy, feed in extra weaponry to partisans and rebels (similar to the CIA Benghazi compound, sorry 'consulate', sorry 'embassy'.
The NSA has all these smart dangerous and arguably immoral minds employed to defend the digital borders of the US. But in truth these minds are busier establishing secret pathways through the digital trenchlines in order to have a definive and effective advantage when the cyberwar comes (which of course they are actively encouraging to validate their position, historical actions and future funding).
At the same time they are making a concerted effort to make sure that the security protocols everyone uses are undermined and backdoored. In effect they are making sure that the digital nuclear weapons held by their enemies aren't going to get in the air when the time comes.
Through strong encryption we could make sure that we have the digital equivalent of mutually assured security, but as ever the US isn't interested in this, because the reality is that the military industrial compound aims to make billions of dollars from the industry.
In a world where all communications and hardware devices were secure, they wouldn't make any money. A secure, stable and safe world just isn't profitable.
At best this seems like an arms race but at worst, there are actually battles being fought (of a kind). I wonder what the digital equivalent of a nuke would be such that govts decide that diplomacy is better. Some kind of Digitally Affected Mutual Destruction (DAMD).
Domestic surveillance was controversial and surprising. Is a spy agency preparing ways to attack and cripple foreign infrastructure that unexpected or contentious?
One thing to be said about the offence vs defence side of this story is that the adage the best defence is a good offence definitively applies here. It's so much easier to attack another system than defend your own. It's inherent to the way systems are set up:
A computer system has many services, programs and tasks running on it. Only one of these needs to contain a flaw for a system to be vulnerable, obviously this means that on a secure system everything must be perfect, for 1 flaw compromises everything.
Therefore I don't find it strange that the NSA allocates the resources it does to research and expand it's offensive capabilities, since trying to defend the systems of the US is probably a lost cause. The question remains if this is ethical and/or legitimate. Being a non us-citizen I'm certainly opposed to the practises of weakening standards and harvesting/exploiting services on the internet.
I also find the double-speak of the US government deplorable, on the one hand we have the government declaring that in many ways a cyber-attack will, and can, be reacted upon as if it were a conventional attack. And on the other hand we have the US government attacking and targeting civilians (Belgacom Sysadmins). I fail to see how attacks against the US can be labelled as a conventional attack, but that attacks from the US against civilians are apparently OK.
seems to me a lot of people flaged the story (443 points, 1 day ago, on page 3 with a couple of stories with 200 points also 1 day ago) ... wondering why conspiracy theories ;)
For me the only bunch of people who wants and loves to start war is USA government, note I am not saying americans, I am saying US government. Why should you prepare if you dont have intention of war? "defense", from whom? from people where you started war? directly with Afghanistan, Iraq and some others, indirectly with Syria, even with Russia (started economically) and many others where they got governments with bribes. Now preparing for D war. Every war started with flag of "Demo hypocracy", defense and some other pseudo defensive words, reality is USA starts war and government fuckingly loves when people die. Probably you are going to downvote, thats because you didnt lost any of your brother, sister or even relatives and friends in such wars which just started because they wanted more oil and more money.
I'm not a party to any of this. I've done nothing wrong, I've never been suspected of doing anything wrong, and I don't know anyone who has done anything wrong. I don't even mean that in the sense of "I pissed off the wrong people but technically haven't been charged." I mean that I am a vanilla, average, 9-5 working man of no interest to anybody. My geographical location is an accident of my birth. Even still, I wasn't accidentally born in a high-conflict area, and my government is not at war. I'm a sysadmin at a legitimate ISP and my job is to keep the internet up and running smoothly.
This agency has stalked me in my personal life, undermined my ability to trust my friends attempting to connect with me on LinkedIn, and infected my family's computer. They did this because they wanted to bypass legal channels and spy on a customer who pays for services from my employer. Wait, no, they wanted the ability to potentially spy on future customers. Actually, that is still not accurate - they wanted to spy on everybody in case there was a potentially bad person interacting with a customer.
After seeing their complete disregard for anybody else, their immense resources, and their extremely sophisticated exploits and backdoors - knowing they will stop at nothing, and knowing that I was personally targeted - I'll be damned if I can ever trust any electronic device I own ever again.
You all rationalize this by telling me that it "isn't surprising", and that I don't live in the [USA,UK] and therefore I have no rights.
I just have one question.
Are you people even human?
[1]https://firstlook.org/theintercept/2014/09/14/nsa-stellar/
[2]https://firstlook.org/theintercept/2014/12/13/belgacom-hack-...