I'm not a party to any of this. I've done nothing wrong, I've never been suspected of doing anything wrong, and I don't know anyone who has done anything wrong. I don't even mean that in the sense of "I pissed off the wrong people but technically haven't been charged." I mean that I am a vanilla, average, 9-5 working man of no interest to anybody. My geographical location is an accident of my birth. Even still, I wasn't accidentally born in a high-conflict area, and my government is not at war. I'm a sysadmin at a legitimate ISP and my job is to keep the internet up and running smoothly.
This agency has stalked me in my personal life, undermined my ability to trust my friends attempting to connect with me on LinkedIn, and infected my family's computer. They did this because they wanted to bypass legal channels and spy on a customer who pays for services from my employer. Wait, no, they wanted the ability to potentially spy on future customers. Actually, that is still not accurate - they wanted to spy on everybody in case there was a potentially bad person interacting with a customer.
After seeing their complete disregard for anybody else, their immense resources, and their extremely sophisticated exploits and backdoors - knowing they will stop at nothing, and knowing that I was personally targeted - I'll be damned if I can ever trust any electronic device I own ever again.
You all rationalize this by telling me that it "isn't surprising", and that I don't live in the [USA,UK] and therefore I have no rights.
I just have one question.
Are you people even human?
Also, it's pretty obvious terrorism is an excuse. The main reason is power and control. Corporate espionage and controlling US-unfriendly political movements is very likely the main goal.
Terrorism is indeed very real, and is happening all the time. Hundreds of acts of terror have been committed in the years since 9/11, resulting in deaths of thousands of civilians, including hundreds of children. They those acts have pretty much 0 media coverage, and no one is doing anything to stop them. The US is free to keep on terrorizing civilian populations around the globe.
They're terrorists too.
The fact is that the EU wants to apply even more crazy gov't surveillance tactics, and don't need the US pushing it. By saying this, you're giving them an "out" ('oh, big bad Uncle Sam basically forced us to play along!').
"It is also because Mr. Obama embraced a disputed method for counting civilian casualties that did little to box him in. It in effect counts all military-age males in a strike zone as combatants, according to several administration officials, unless there is explicit intelligence posthumously proving them innocent."
I don't imagine anyone cares to do the posthumous intelligence checks.
There was no al Qaeda in Iraq before US attacked it:
That's not exactly true in that not every non-U.S. citizen is an interest to the U.S. Government.
To your broader point though, the idea that a state's Security, Defense or Military arms are singularly focused on foreign "threats" or potential threats is a fundamental assumption of nearly every international relations theory. Why would you think it would be otherwise?
If we were talking about Georgia, or Israel, or Ukraine, or Japan, I would understand the fear. But the USA has no enemies, there are no threats. It's a tragic case of paranoia.
Unless, of course, you have a non-US company competing with a US company, then you are targeted.
"In the early 1990s, the U.S. National Security Agency intercepted the communications between the European aerospace company Airbus and the Saudi Arabian national airline. In 1994, Airbus lost a $6 billion contract with Saudi Arabia after the NSA, acting as a whistleblower, reported that Airbus officials had been bribing Saudi officials to secure the contract. As a result, the American aerospace company McDonnell Douglas (now part of Boeing) won the multi-billion dollar contract instead of Airbus."
"The American defense contractor Raytheon won a US$1.3 billion contract with the Government of Brazil to monitor the Amazon rainforest after the U.S. Central Intelligence Agency (CIA), acting as a whistleblower, reported that Raytheon's French competitor Thomson-Alcatel had been paying bribes to get the contract."
"In order to boost America's position in trade negotiations with the then Japanese Trade Minister Ryutaro Hashimoto, in 1995 the CIA eavesdropped on the conversations between Japanese bureaucrats and executives of car manufacturers Toyota and Nissan."
And these are only the public cases of course. If you can eavesdrop on the conversations between your competitor and prospect, I don't have to tell you the huge advantage.
You guys are pissing off friendly nations (I'm European).
"According to a European Parliament report, published in 2001, America's National Security Agency (NSA) intercepted faxes and phone calls between Airbus, Saudi Arabian Airlines and the Saudi government in early 1994. The NSA found that Airbus agents were offering bribes to a Saudi official to secure a lion's share for Airbus in modernising Saudi Arabian Airlines' fleet."
It would be interesting to see the European Parliament report, if anyone has a reference.
I m not saying what the NSA did was right, but that isn't really the issue i would have with their massive monitoring - it's that the information could be abused, or mis-used. The other part of the NSA problem is the National Security Letters (NSL), which is basically tyranny. I don't care that an american corporation managed to win more contracts this way, but that such powers could be abused.
I am interested in how you came to this conclusion.
The US has two borders. One with Canada, one with Mexico. Neither of these countries are likely to invade.
The US has the largest naval force in the world. I believe the Coastguard is also the 13th largest. Again, nothing to fear.
Of the countries that are "enemies", most would quite like to improve relations, for instance Cuba and Iran. Iran in particular has extended many an olive branch over the decades.
The US keeps these countries around as notional enemies, in part because of political incompetence, and in part because of a lack of incentive to fix things. Who wants to be the President who made friends with an "Islamic Republic"?
Either way, it's hard to see what particular danger the US is in.
Compare this to any of the countries I mentioned, which are much less defended, and have active disputes with neighbouring countries.
The US certainly has competitors for geopolitcal influence (~enemies), as does any other nation.
Economic competition has frequently been the underlying motivator for military action.
The ones that don't like to improve the relations generally get hung up on unstable countries developing atomic bombs.
Is this the first time you've talked about it?
When the docs first leaked, I wrote this:
I would not be surprised to find out that it has happened to me, but I don't think that is the case.
I can't edit anymore to clarify, but since it's not obvious from the post, especially if you don't read the references: I'm not either of the individuals who this happened to.
But do we know how this ends?
It's not a matter of humanity, society often puts itself before individuals to make sure society can exists the longest it can. A civilization will easily sacrifice many things to secure its survival.
That's how the strongest defend themselves, it's very hard to stay on top for a long time, so often, those countries will take huge leap of faith and risks to crush their enemies, even if they're on the other side of the world.
If you're an american, you have free speech, and all the democracy and the things around it. If you're outside America, you better be an ally or look like one. Intelligence agencies are a lot about crushing people who might make america look bad, it's about public image, it's almost the same job of a journalist, except you defend your country's interests.
Survival of the fittest. Democracy is just internal management.
I don't think any of those actions warrant accusations of inhumanity. I can understand that it's disturbing to feel that you're being stalked, or even just monitored. But it doesn't sound like anyone took action to intervene in your private affairs or intentionally lead you to feel threatened. It's legal and at least arguably moral to hire a private investigator to follow a private citizen around, so long as they follow certain rules. Attempting to friend someone on linkedin under false pretenses is also legal and arguably moral. Infecting a computer with a virus is not legal as far as I know, but I think the real concern there is the nature of the software and not it's existence. As long as they did not harm, the morality of even infecting a computer is questionable.
These people are spies, their job is to spy. To them at least, it isn't a question of the rights granted to you by your citizenship status. It's a tradeoff between the emotional discomfort that you may feel and their job requirement to develop resources that will allow them to stop bad people from doing bad things. I think they made the right decision. If influencing an employee at an ISP can give them more insight into the capability and intent of people they suspect to be up to no good, and the main cost is the distress that said employee or employees will feel as a result of being spied upon, then do it. The needs of the many outweigh the needs of the few.
I understand that we disagree on that, and there is ample room for both sides of the disagreement to be right or one of them to be utterly wrong. But I don't think that either decision is inhumane in any way.
This is bullshit.
Even if a virus doesn't intentionally harm, it does anyway harm.
Connections will become very slow, because high priority is given to uploading stuff from one's computer to nsa.
User will get inexpicable blue screens or exotic error messages that nobody can help to fix: asking for help in forums will just bring annoying answers of "experts" suggesting to upgrade Windows/Flash/HW/programs versions.
Installation or execution of some programs will be prevented, making computer usage a pain.
Infecting a computer is legally and morally a crime.
Edit: I should add that my suspicion came from noticing that the vast majority of the comments when this was first posted seemed aligned in favor of the NSA's mission.
It wasn't the presence of pro-NSA comments that was interesting but rather that these opinions were the overwhelming majority. This is, of course, how astroturfing becomes effective, it is not the rhetoric that is important but the cognitive bias imparted by the facade of so many people falling to one side of an issue.
This is of course, only a suspicion, but it seemed worth noting.
No need to consider the arguments made by people who don't agree entirely with a particular point of view, or even discuss it at all. They're obviously just shills.
Edit: Much of the 'pro NSA' comments I see here seem merely to suggest that not everything the NSA does is evil, and not every disclosure is necessarily useful. As often happens in threads like these, any such comments are dismissed as the work of astroturfing or shills.
To imply that disagreement with any narrative presented by the Guardian and Spiegel Online must make one an agent with ulterior motives, is precisely the kind of propagandist trolling any forum which cares about truth should avoid.
Yes, the NSA has a covert program to attempt to influence online messageboard and social media accounts. No, this program does not account for every even remotely 'pro-NSA' opinion one might find online. And even if it did, judge them on their own merits and move on, because you really can't tell. It's all just text in a box.
Seeing spooks everywhere doesn't make you free, it just makes you paranoid.
The other side of the debate has its own poorly reasoned comments. I haven't noticed many on this article yet, but they should arrive soon.
I doubt such comments are written by people with NSA connections, but their sudden appearance is odd. The only other subject that produces so many strongly opinionated, poor-quality comments is systemd.
And there are a lot of people on the job market who can do those things very well. It's something American schools have been teaching for decades. In my high school there was this thing called a forensics club. "What's forensics? Isn't that like crime stuff?" I asked. It was explained to me that they learn how to debate issues, like free speech on school grounds. "Well obviously we want free speech." "Actually", my friend says, "I'm going to be arguing against it." "You don't support free speech?" I ask. "I do. But I was assigned to the against side." I thought it sounded stupid. Now I get it. It was cognitive dissonance as a vocational lesson.
So it's the people who sound unusually well-informed that I most suspect of astroturfing. Except I assume they also practice how to make what they write not sound rehearsed.
If I were an NSA shill I'd just mention something about Snowden harming the US or Snowden being a spy. It's a controversial and dumb argument so it's going to get a decent amount of replies. It also doesn't take much effort. You'd derail the conversation, and informative comments would be drowned out by a bunch of people arguing whether Snowden is a hero or traitor.
Derailing a conversation works well because they will have a large number of responses prepared that talk about, using your example, Snowden being a traitor. So once they've wedged the issue their spam can become the dominant voice. If the discussion had drifted to an area they weren't prepared for, say the historical precedents for whistleblowers of government misdeeds, they probably don't have as much material for that.
My point is I assume astroturfed material would not be written off-the-cuff but meticulously edited ahead of time to give the desired impression. And near the top of that list must be the requirement that it not look like an obvious shill.
I wonder how effective it would be if agents were able to control both sides of the debate, even? A more sophisticated shill would give the appearance of supporting the opposition but will subtly help draw attention to the propaganda. A living straw man, as it were. Not unlike the way SWAT police will pretend to be violent protesters to goad troublemakers into doing something they can be arrested for.
The term is agent provocateur, I presume
Actually changing someone's mind through argument is almost impossible. On the internet I'd say it is impossible. So don't change minds, just make the people who disagree with you feel like the whole world is against them when actually they're in the majority.
While a post where this type of rhetoric is only part of a larger argument is harder to categorize, there have been a lot of posts here and elsewhere that seem to bring up stale talking points (and little else), that distract threads from more important topics.
This is a tactic that Scientology was famous for, and it seem other groups have started using it as well. None of this is proof, of course; I merely suggest being extra vigilant about off-topic distractions and attempts to create division and unnecessary argument.
It's politics, and politics hits people in the lizard brain and short-circuits their ability to think rationally.
This subject seems to be a trigger for people to try to outdo each other to come off as cynical and in the know as possible about things which by definition almost no one knows much about.
People make broad statements about how evil and nigh-omnipotent the NSA is, and how deeply they've infiltrated every facet of human life
...is not the reverse case also true? We find ourselves discussing a condition where a lot of information is unknown, on both sides, but nobody upbraids the intelligence communities for exhibiting the same tendencies in the same breath that they castigate those people analyzing the situation with incomplete information.
There is ignorance, conclusions based on assumptions and a desire to know more on all sides of the argument. It's the nature of the beast, and if criticism is going to be levelled in this context, it should be pointed at those who withold the transparency required for understanding.
Arguably, secrecy exists for a good reason sometimes. But when you begin to treat the rest of the legal system, the government whose job it is to oversee you, and the public as enemies and keep everything as secret as possible, you really give people little to suspect anything but the worst.
I mean, here we are with what appears to be the biggest and most complex global data gathering correlation system in history - possibly a technological achievement to rival the web itself - and two terrorists who posted anti-American rhetoric on their Twitter accounts managed to bomb the Boston Marathon despite having been under surveillance at one point, and the Russians more or less tell us outright to watch these guys. They weren't exactly hiding behind 7 proxies so what the hell are we even doing?
How to interpret the cognitive dissonance in that? Maybe the system isn't as comprehensive as it appears? Maybe bureaucracy got in the way? Maybe the pieces just didn't come together in time? Is there even a Panopticon or not? Who knows.
General Hayden and Glenn Greenwald are given fair time to discuss the issue and to give rebuttals to each other.
Its much more informative then trying to parse HN comments to form an opinion about state surveillance. It also forces you to consider the views of people who don't agree with you.
I personally enjoyed watching Jameel Jaffer (ACLU) square off against Chris Inglis (former NSA Deputy Director) at the Brookings Institute last year - both sides had good arguments. For that matter, Benjamin Wittes (the guy moderating the debate) has had some good interviews on his blog and podcast as well - you don't see many outlets that will have James Comey (FBI director) one week followed by Chris Soghoian (ACLU) the next week.
I think it's worth reminding fellow readers that this sort of manipulation happens, and likely on HN.
What evidence is there that it's likely, other than paranoia?
It seems to me as if the purpose of bringing it up is to warn people that any opinion they encounter of a certain kind can't be trusted, because it's probably part of a coordinated campaign of government manipulation. That's a couple of steps away from calling it thoughtcrime.
The hard part is guessing what portion. 10 percent? 30 percent? What's the time-graph? Is it 50% of initial comments, tapering off to just us Real Folk to dither around with the wondering phase of the conversation? The important thing is to assume that you're often witnessing a deceit in some capacity, in most any important conversation.
Needless to say, all this is pretty fucked up.
EDIT: Changed percentages, because I honestly don't know what's reasonable :/
Invite only is awesome, but open forums are important too.
Reddit had a similar problem with truthers taking over discourse at the beginning, luckily it went away. Perhaps because there was a popular parody account mocking them all the time (something like 9_11_was_an_inside_job), and that account retired in time when it's job was done.
There just isn't, and it'd be a waste of resources to even attempt something like this.
People do exist (I am one of them) who think the NSA is doing a nasty job that isn't very appealing, but is absolutely necessary for me to be able to sleep in my bed at night safely. They may not have the best guidance from the government, but there are people who do believe they're doing the best they can.
Why must there be a conspiratorial astroturfing campaign taking place? Why can't there just be people who actually agree with some/most of what the NSA has done, based on the laws that govern it?
Regardless of how you feel about it, there is a conspiratorial astroturfing campaign taking place - it's a well documented NSA activity. Whether it accounts for specific comments is impossible to say, but it does exist. Why then is it so absurd to think that it may be in play?
EDIT: Added firstlook url per reply, originally pointed to https://www.techdirt.com/articles/20140224/17054826340/new-s...
...not really sure I see a substantial difference between the 2 articles, but there you go.
Oh right, because it doesn't support what you're saying. Got it.
Or that GCHQ does do it, but because they're GCHQ and not NSA that it's irrelevant?
Because now you have evidence that GCHQ does it you should allow the possibility that NSA does it. The reason you don't have evidence that NSA does it might be because NSA is a secret organistion.
That's not true.
I don't buy the Col. Jessup rationalization at all, and I think it's simpleminded. The threats these people are defending against are ones created by their own actions, and the actions of the governments they act on behalf. Regular citizens of whatever country are affected by these activities but they don't get a voice in how or whether the "nasty job" (and it's precursors) are in their interest.
1) the current state of affairs does not remove threats, because the agencies are starting trouble, too;
2) the people are the ones who have to live with the effects of something, in the US a result of a democratic system where the agencies may prioritize their own imaginations over citizens' actual lives, where the agencies may have perverse incentives.
I get the feeling you're one of those folks who won't accept anything except what you've already concluded.
Some times when this happens, we call it a strawman argument.
You sling personal insults, you point out trivial errors and falsehoods in statements by others which have nothing to do with the given point, you attempt to diminish reputations, and whatever other tactics available at the particular avenue in order to derail the original point/argument, while pushing pro US government talking points and stereotypical 'save-the-children' rhetoric.
I don't know who you are, but I have recently begun ignoring your posts, attempting to derive wisdom only from the replies directed towards your usually greyed/dead comments, but I hope that people who read my reply to you will take the chance to read your past comments and attempt to pick up on any potential biases before considering your opinion on things.
And even if I am completely wrong about your stake in this game, the hostility that you inject into these discussions is uncalled for, and adds nothing but scorn and hurt feelings, quelling the debate and discussion of the topics at hand; what I believe is your very objective.
It's fine for users to neutrally remind each other when they're breaking the HN guidelines. But it's not ok to insinuate evil motives, let alone that another user is a "forum plant". Personal attacks are not allowed on Hacker News.
I can't voice an opinion on this website that doesn't mesh with the popular opinion on this specific topic without being severely marginalized, mocked, and even ridiculed -- I think pointing that out should be allowed.
There just isn't, and it'd be a waste of resources to even attempt something like this."
You and I are not the ones defining the reasons of and what NSA are interested in. You might think there are no reasons, but NSA may have a totally different view. For an organization that for real wants to capture ALL communication on this planet, waste of resources may seem like a minor issue.
Thanks to Snowden, we do know that NSA and GCHQ are actively doing astroturfing.
Without overstate the importance of HN, this is one place where a lot of technical talent hangs out. Talent that also talks, informs and educates others. If one want to moderate criticism from people that others listen to and rely on for information about security, privacy, HN would probably be a good place to focus on.
They just got caught with their pants down spying on the American people. If they don't try to take hold of the narrative they might see themselves at the shit end of the political stick.
Blind trust with no accountability is totally insane. There has to come a point, during the lives of the people who have to be held accountable for what they've done, that what they've done comes to light. Or how do you propose we hold them to account?
This isn't about you, or me, or any individual, that's not how this country works. Some things that are not very popular are absolutely necessary nonetheless.
They aren't always given the information either. Recall Diane Feinstein being quite displeased about being lied to recently. And we still have to elect "them" on the basis of something. By what process is a corrupt politician supposed to be held accountable if the fact of their corruption is a government secret?
> Some things that are not very popular are absolutely necessary nonetheless.
How do you propose to ensure that only the "absolutely necessary" things are occurring?
And as to the 'nasty unappealing job', what has led you to believe that is a common perspective among those who work there? The project detailings that have been released often seem downright giddy.
True. But that's not what this is about. What the NSA care about is what resources he has, which they would want to use for their own purposes - this is why they monitor such individuals as work at major ISP's. Its not about thought - its about action. What actions can they perform if they gain access to this persons electronic life - in the case of sysadmins for major ISP's, there is much to be gained from infiltration, exploitation, and subterfuge.
And the reality is when it comes to cyber conflicts [...], we have more to lose.
We spend more on research and development than these other countries, so we shouldn’t be making the internet a more hostile, a more aggressive territory. We should be cooling down the tensions, making it a more trusted environment, making it a more secure environment, making it a more reliable environment, because that’s the foundation of our economy and our future.
The concept there is that there’s not much value to us attacking Chinese systems. We might take a few computers offline. We might take a factory offline. We might steal secrets from a university research programs, and even something high-tech. But how much more does the United States spend on research and development than China does? Defending ourselves from internet-based attacks, internet-originated attacks, is much, much more important than our ability to launch attacks against similar targets in foreign countries [...].
When you look at the problem of the U.S. prioritizing offense over defense, imagine you have two bank vaults, the United States bank vault and the Bank of China. But the U.S. bank vault is completely full. It goes all the way up to the sky. And the Chinese bank vault or the Russian bank vault of the African bank vault or whoever the adversary of the day is, theirs is only half full or a quarter full or a tenth full.
But the U.S. wants to get into their bank vault. So what they do is they build backdoors into every bank vault in the world. But the problem is their vault, the U.S. bank vault, has the same backdoor. So while we’re sneaking over to China and taking things out of their vault, they’re also sneaking over to the United States and taking things out of our vault. And the problem is, because our vault is full, we have so much more to lose. So in relative terms, we gain much less from breaking into the vaults of others than we do from having others break into our vaults.
There hasn't been any such penalty for many months. There used to be a weak penalty, which started during the period when there were hundreds of NSA/Snowden stories. But our intention was always to remove that once the quantity normalized, and so we did.
In this case, the idea is that the NSA will keep knowledge the secret door to the bank vault to themselves, and we'll all be secure. The problem with this is that other countries can inspect the bank vault and discover the secret door for themselves, or steal said knowledge from the NSA via espionage. Now our bank vault is just as exposed as theirs.
This persistent confusion between legitimate NSA operations such as preparing to intercept communications of foreign governments and illegitimate such as mass slurping of everyone's email merely serves to discredit the entire privacy defending position, and in the long run will just play into the hands of those that want to read everyone's email for nefarious purposes.
Surprisingly, it turns out that this is an easy way to make enemies, as last week's action in Paris have shown. It has been shown since 2005 that the islamists that massacred twelve people were, in fact, radicalized by what they learned about the prison of Abu Ghraib.
Job well done, thank you very much guys.
Lastly, the way our own government is supporting the nsa makes me feel nauseated at some times, furious at other times. We have plenty of work to do locally, that's why usually I don't complain about foreign services. Simply allowing the nsa to gain world domination like that though, just because "that is their job", really is hard to accept for me, and it really rubs me the wrong way.
The USA has no allies, only clients. Some clients get more respect than others but they're all clients.
Remember, the State Department had a mole in the FDP, reporting on the German coalition negotiations. In all likelihood the CIA have a minister or more. The US does not respect anyone's sovereignty who can't and won't make them.
I can't believe it is more likely to you that your government is rolling over and "letting the NSA gain world domination", versus your government is trying to downplay it because they know they may one day be caught in exactly the same situation.
I do believe the NSA overstepped their mandate in domestic surveillance, and should be held accountable, but let's not forget that this world does have bad guy's - plenty of nations would lose no sleep at night if they hurt America.
I have no doubt that the NSA's job is "national security" and that some portion of that work serves the people. Nobody knows what that portion is, by design.
If you bury the difficult, complicated issues under terms like "security", "threat to the country", and "bad guys", you're basically just supporting the NSA on faith.
Forget the terminology and FUD of "threats", and let's ask ourselves what the concrete benefit to the people of the United States (or better yet, the world) is for the NSA to be arming themselves for the destruction of computer systems. Is the benefit Cold Waresque deterrence through keeping the rest of the world in fear? Is this the strategy we want our work and taxes to support?
Maybe it's too complicated to think about, and even if we wanted to critically analyse the situation, secrecy prevents us from knowing anything besides what the government desires the people to know. It's easier to just trust in benevolent "national security" protecting us from Eastasia. Let's not forget that the world does have bad guys, and besides, we've always been at war with Eastasia.
They've been doing it longer than the Internet. The "Five Eyes" have existed for a while, so that they can have a legal loophole for domestic spying (e.g. "We can't spy on our citizens, so we'll just ask our allies to do it for us!"). To me this indicates that, while the stated purpose behind the organization may have merits, the execution of that purpose has been flawed for some time.
It specifically explores the conflict of interest that the NSA must work both offensively and defensively. It makes the argument that the balance has shifted so drastically to the offensive that our defensive is being weakened.
Now, the US government as a whole is in a very strong position to actually push for genuine security compliance and to ultimately defend against even the most determined state cyber warfare initiative. They haven't done that because they want a way to get into systems even if it makes people less safe on the whole.
> I would tell him to steer away from anything that isn't a public service — like talking about the ability of the U.S. government to hack into other countries or other people is not a public service. So that's kind of compromising capabilities and sources and methods, basically. That's getting away from the public service that he did initially. And those would be the acts that people would charge him with as clearly treason.
The whole interview is a great read: http://www.usatoday.com/story/news/politics/2013/06/16/snowd...
Correct me if I'm wrong, but they said some time ago that only 1% was published. So it would be impossible for Snowden himself to read everything and choose if it should be published.
and the Guardian's "haha what":
Note that this "leak", as well as NOT coming from Snowden, isn't really in the domestic public interest, is an activity that a far larger percentage of people would support, and presumably is already known by the target anyway. The clear intent is to make people read the article and go "huh, this Snowden ballyhoo is very overblown". I wonder why the so-called "Independent" played along.
It's also important the public realize the NSA is more than just the National Stalking Agency.
I bet there's a room stacked to the ceiling in printed US secret military documents in Beijing that they trade to Russia for cheap oil+gas imports. I realize Snowden never wanted that to happen but there's a reason why state's have strict methods to store and transport top secret data and they don't include using questionable XTS container software and staying in a HK hotel with the entire secret US archive stored on a commercial device.
No, movies have bad guys.
Not so much Blofeld as Klingon: http://www.dailymail.co.uk/news/article-2421112/NSA-director...
Along with threat deterrent.
I can't think of any good argument for why the US military should have no offensive capabilities in the digital realm. It'd be the equivalent of staying out of the skies when flight became possible.
In any war, the US is going to come under digital attack, and it should be fully capable of responding both defensively and offensively. Besides that, shutting down the power grid of a country you're at war with via digital means, sure beats doing it with hundreds of missiles.
Oh, wait, no, it's not. Your German Shepherd isn't planting bombs underneath the neighbours' porches in case they decide to rob your house.
It seems like a bit of a self-fulfilling prophecy to me, which can be a very dangerous thing.
Vulnerabilities should be searched for, but when discovered they need to be disclosed and fixed, not used to create real world damage.
There is a clear need for defense. But because of lack of oversight, NSA has overstepped its bounds in both foreign and domestic spheres.
The other side of this argument, one made cogently by Snowden, is that we simply have more to lose by escalating the cyberwar.
In information warfare, waiting until conflict begins is too late. The information you collect and systems you exploit prepare you for the conflict.
For example, country A wants to know about country B's new bomber years ahead of the conflict so they can design anti-aircraft defenses to stop it. Country B spends years gaining access to Country A's routers, servers, etc. so they can utilize them the moment conflict begins.
If you wait for conflict to begin to do these things, you will be much too late.
Both may well need similar capabilities but we can't tell the ability of an agency to engage in "cyberwar" just from their activities in "cyber espionage".
Do you believe that backdooring American products will have a positive effect on security?
Ignoring this nonsensical analogy...
> undermine encryption, infiltrate networks, keep exploits to yourself
This is really the MO of any intelligence agency; that is their job.
> you can make everyone secure by patches, standards and encryption that works
Interesting statement, because it shows some things. Firstly, there is a difference in incentives -- why publish a vulnerability when it could be used to further your mandate? For the specific case of NSA though, that also ignores their broader role in securing federal communications (eg, vetting SHA, AES, FIPS, etc). Of course, there are always exceptions (DES, Dual-EC-DRBG, etc) -- but in a way, that precisely illustrates why we have intelligence agencies in the first place: trust no one.
If you think there's some sort of restraint with regards to citizens of other 'five eyes' nations, I wonder how you square that with the "but everyone spies on everyone, including allies" argument that can always be found in these threads.
Buffer overflows in trusted code have to go. This means getting rid of the languages with buffer overflow problems. Mostly C and C++. Fortunately we have Go and Rust, plus all the semi-interpreted languages, now, and can do it.
We need something that runs Docker-like containers and, all the way down the bare metal, has no unsafe code. We need dumber server boards, with BIOS and NIC code that's simpler and well-understood. The big cloud companies, Amazon, Facebook, and Google are already doing their own server boards.
Companies which put in "backdoors" should face felony criminal prosecution. That doesn't happen by accident.
Latest CERT advisory: "Vulnerability Note VU#936356 Ceragon FiberAir IP-10 Microwave Bridge contains a hard-coded root password ... Ceragon FiberAir IP-10 Microwave Bridges contain an undocumented default root password. The root account can be accessed through ssh, telnet, command line interface, or via HTTP. ... CERT/CC has attempted to contact the vendor prior to publication without success."
All Ceragon customers should demand their money back, and their products should be seized at US customs as supporting terrorism.
In the meantime, since moving away from C will take years, we need to invest in better exploit-mitigation technology instead of relying on bug-hunting-driven-security. That means OS/kernel developers need to start taking security seriously and keeping up with attackers. This means adding proactive measures instead of slowly reacting only when a new CVE comes out. Which sadly far from the reality at the moment.
For example, OpenBSD made headlines for adding W^X to the whole kernel but hackers have already been bypassing W^X on iOS for years:
>> These protections may guard against a (very small subset of) casual attackers, but they're just another minor hurdle for determined attackers.
In addition we need to move away from signature-based AV towards host-based intrusion detection systems (HIDS). It is not accident that all the feds who left government cybersecurity jobs in recent years moved to build private companies creating HIDS products and making millions selling them to big corps (FireEye, Crowdstrike, etc).
The only options available for consumers and the average sys admin are security tools easily bypassed by any semi-sophisticated adversary (for ex: Anti-virus/RKhunter/SELinux/most trusted computing code-integrity systems/etc).
We need to start to think of replacing underlying runtimes and core libraries with Rust and Go-based alternatives (or similar) to make them safer. Ultra-large goal and probably impossible in the near term, but it should be done.
Rust programs running on "libnative" do not, I think, use "libc" any more.
Juz 16 is right that the companies concerned should face criminal prosecution, this is not technological problem and technology cannot (ultimately) solve it.
Hard to do that when refusing to put in a backdoor can have even worse consequences.
If you fix the software, the NSA will just backdoor the firmare/hardware (if they haven't already) and, even on an Android phone running AOSP, there are literally still millions of lines of proprietary, unaudited, closed-source code. Not to mention half dozen microprocessors containing circuitry you can't possible inspect. PCs are the same these days. Do you really expect these multi-billion $ industries to change? There's only a niche commercial interest for consumers of 'simple and well-understood'(read: secure) firmware.
And it's not like the hardware/consumer industry is sitting pretty as a lone miserable failure from a security sensitive standpoint. Then entire Internet stack from Ethernet and BGP up the way up to HTTP is complete and utter garbage. Our standards bodies (IETF, W3C etc) are failing to protect us and there's no sign of it getting better because the cost of starting over is simply too damn high.
- Mass surveillance of all humans is objectionable on human rights terms.
- Attacks on civilian infrastructure. The NSA is executing military operations against civilian infrastructure even in NATO countries.
It isn't conventional foreign policy or warfare for a military agency to be actively and continuously attack the civilian cultural and economic infrastructure in preparation for war.
Another big problem is that NSA has started undermining crypto. Before 2001 you could maybe actually trust NSA that they're releasing crypto that is safe because you thought they actually have an interest in "security". Not anymore. Anything and everything NSA has touched now has to be considered corrupt.
Wherever the standard of freedom and independence has been or shall be unfurled, there will her heart, her benedictions and her prayers be. But she goes not abroad in search of monsters to destroy. She is the well-wisher to the freedom and independence of all. She is the champion and vindicator only of her own. She will recommend the general cause, by the countenance of her voice, and the benignant sympathy of her example. - John Quincy Adams
It was until recently (the early 1900s) that the policy of the United States to stay entirely out of any foreign affairs other than her own. It was acknowledged that America could spread her virtues and values by being the paragon example of them as inspiration to others to follow suit.
Today she holds the opposite view - that it is her unquestioned duty and obligation to interfere everywhere with the justification and rationalization that she seeks justice - and that discarding some of these principles for her own people is necessary for this noble mission.
I would guess that it is a combination of:
- A deemphasis of poetry and literary studies in the concept of being educated and cultured
- The rise of writing staff and PR professionals in the practice of engaging with the public
- The relative lack of importance writing has today compared to newer picture and video delivery (media is message, etc)
- Inherited nostalgia for forms associated with 'classic' art styles
I don't blame the NSA for trying to be ready to fight a cyberwar. Other nations probably wouldn't stop their programs even if the US did. Our culture isn't the only one infected with a sense of Manifest Destiny.
Where we might consider drawing the line begins with necessity. Deciding which actions are necessary and which are gratuitous might prove difficult, assuming we even know, which is why I find it hard to fault Snowden for leaking this information.
As fearsome as the NSA sounds, certainly they have some limits. For instance, why don't they just clean out everyone's bank accounts? Might pay their bills for a few days anyway. But why haven't they gone after certain criminals? Many shady operations keep their money in jurisdictions that probably can't compete with our cyberwar capabilities. Maybe these operations enjoy the protection of a powerful entity but probably not all of them do. And probably many operations still use cash and couriers but the US and others seem to have gotten better at tracking movements of people so it's doubtful such tactics will remain viable forever.
Maybe in the end we have to somehow conquer the notion of distrust. Not sure how it can be done except through telepathy and even then the transition to a telepathic society will probably be full of misery.
Intelligence Agencies act on the behalf of their respective nations, there is nothing surprising about the US spying on the EU and vice versa.
As we already know the extent of the collection programmes the NSA operates i really do not see any real value in spewing more and more content about it, especially things that start to touch on the operational know-how of such programmes.
As much as we don't like the Americans spying on us there are far worse nations out there that i would actually fear if they will ever gain even a shred of the capabilities the NSA and some other western allied nations have.
Sadly this incident will be a very bad thing to whistleblowing in the long run, good luck passing any whistleblowing protection laws in the US (and many other countries including in the EU who took notice) any time soon.
While i do respect the sentiment behind Snowden's leak, I do actually have a bone to pick with how it was executed. There were NSA leakers before him, there will hopefully be some after him that will speak out when a line is crossed. However grabbing which ever documents you can put your hands on, and then seeking shelter in what is now a defacto hostile state isn't really responsible behavior.
Just few years before Snowden we already had an NSA leak from which the "secret interpretation of the FISA act" fiasco was made public. Snowden could've made the same effective impact with a handful of slides, not 1000's of documents (if not more, some numbers which were flying in the early days of the leak pointed at anywhere between 50 and 250 thousands documents) of which many probably contain actionable information which i would dare to say puts the EU as a organisation, and you as an individual at more risk than anything the NSA will ever did or do.
So far my statistical risk to be killed in a train accident is significantly higher than being killed in a terrorist attack.
And somehow it has been this way since before the internet was even invented.
How did the internet make the terrorists suddenly so much more dangerous that we now need mass surveillance to defend against them?
And since when mass surveillance is a new thing? The US, some European allies, Russia and any other capable country were conducting mass surveillance since pretty much WW2 if not earlier. Tapping phone lines including the transatlantic phone cables since the 50's, opening millions of letters each year and far more.
Nations have always been spying on each other and on their people, I am not saying that this is right, and that it's justified in every case but it's the reality we've been living in since the middle of the 20th century if not during the entire recorded history.
But sure keep thinking that posting every document including ones that deal with operational aspects of the programme is justified. Next time when the EU decided to duke it out with Russia over the gas piplines and trade agreements it might find it self on the receiving end of such programmes far more hostile than the NSA tapping a Belgium ISP.
H/N Don't forget to bury this comment with down votes too since well screw the content rules, your political opinions and narrow world views are under attack.
Just for the kick of it according to data from the ERA(European Railroad Agency) the total number of deaths in train accidents from 2000 is 319, number of people who died in terrorist attacks in during the same period in Europe is 338+(stopped counting once I've got pass 319..). Please note that this isn't the number of EU citizens who died in terror attacks(which is several times greater), but the number of casualties for attacks on European soil.
Of course if you count the Madrid train bombings as a train accident you are welcomed to subtract 191 people of that list and add it to your get hit by a train statistic.
Since when are nukes a new thing? Countries have been going to war for centuries!
Can you see how absurd a notion that is?
The NSA will soon be able to record every move you make and every word you speak or write during your lifetime, in realtime. Not much later it will be able to do this for entire populations.
None of this has been possible until very recently. Conflating this kind of mass surveillance with the past practices of manually opening letters and wiretapping phones would be very naive.
About your PS 2.0...
Since you apparently still don't realise how completely irrelevant that number is;
Twice as many people were killed by lightning strike in the same timeframe.
"According to a former employee, NSA had by 1995 installed "sniffer" software to collect such traffic at nine major Internet exchange points (IXPs). The first two such sites identified, FIX East and FIX West, are operated by US government agencies. They are closely linked to nearby commercial locations, MAE East and MAE West (see table). Three other sites listed were Network Access Points originally developed by the US National Science Foundation to provide the US Internet with its initial "backbone"."
"...leading US Internet and telecommunications company had contracted with NSA to develop software to capture Internet data of interest, and that deals had been struck with the leading manufacturers Microsoft, Lotus, and Netscape to alter their products for foreign use. The latter allegation has proven correct (see technical annexe). Providing such features would make little sense unless NSA had also arranged general access to Internet traffic."
This is from the EU Parliamentary reports compiled in the mid to late 90's. You can find that and much more in the EU online library under "Temporary Committee on the ECHELON Interception System" and the SOTA reports...
Again not saying it's OK, but FFS this has been going on for a LONG LONG time, people really need to get some perspective and focus on what actually matters. The NSA won't stop "spying" it's what they are for, who and how actively they are doing it should be the main issue here.
On the PS part, well duh, the numbers are completely irrelevant it as was the arbitrary statistic about being in a train accidents vs terrorism.
Bring up a dumb point get a dumber reprisal...
Yes, it absolutely is.
Yet for some reason you keep trying to defend their Orwellian ambitions with some handwavy "they have always been spying, it's their job"...
The NSA is not "spying" in the romantic sense that you seem to be caught up in.
It is installing global surveillance, a google index of all communications worldwide (ICREACH). This goes far beyond keyword sniffing on phonecalls or opening letters.
They are implementing the exact kind of surveillance that totalitarian regimes are condemned for (see e.g. the movie "The Lives of Others"), at an unprecedented scale.
And their justification is the defense against a "threat" that is less likely to harm you or me than a lightning strike.
If you can't see the blatant disproportion here, and the extreme concentration of power in an institution that has largely detached itself from democratic checks and balances, then you must really have paid not much attention to the Snowden revelations.
Yes, the comforting normality of the cold war between the US and everybody else. Just don't be surprised when US products and services become a target of widespread boycotts around the world.
Snowden's own documents showed many EU countries (including all of the enlightened Nordic ones) who actively supported the US spying in order to gain intelligence on their own citizens and on other EU members, heck Denmark joined the NSA programme to spy on freaking Belgium.
The harsh truth is that everyone spies, even Iceland has some dude in an office some where who's in charge of their intelligence gathering. The means and effectiveness vary between nations but considering that the UK, Germany and France have intelligence services which are considered amongst of the best in the world only a fool would write this off as some US fling due to post cold war PTSD.
Harder as in how?
That handwavy excuse gets thrown around a lot, I have yet to hear someone back it up with anything tangible.
Domestic spying is something that needs to be reigned in and tightly controlled
Well, we tried with blind faith for a while. Turns out that didn't work all too well.
So, how do you propose we control something that we are not allowed to know anything about?
So, how do you propose we control something that we are not allowed to know anything about?"
Agreed, with the first sentence at least. Let's be real though; no incarnation of oversight is going to have you and I involved directly, nor should it. You cannot expect the populous to be sufficiently educated on the intricacies of foreign policy and global threats.
So my proposal would be for the lawmakers to propose a better form of oversight which includes strict provisions for surveillance, especially the domestic variety. These provisions also cannot hamstring the NSA or the like; there has to be balance.
The parent comes off as a proponent of opening up the floodgates. That's ridiculous and it will never happen (nor should it). You cannot have a system which A) allows for full disclosure, and B) does not weaken our ability to defend ourselves.
but then, if you and I (the "populous") aren't allowed to know what they are trying to achieve, or how they are doing it, how on earth are we supposed to have any faith in the oversight that "lawmakers" provide?
I cannot overstate how strongly I abhor the "you cannot expect the populous..." type arguments when used to continue keeping them in the dark about matters for which THEY HAVE ULTIMATE RESPONSIBIILITY.
if "the populous" is expected to select lawmakers based on the quality of the job they do, then "the populous" sure as HELL needs to have the information on the intricacies of foreign policy and global threats made available to them, and the response that their lawmakers support.
I'm from the EU, but I can imagine that, given that some of the NSA's operations today are only semi-constitutional, where these operations are supposed to be going is relevant to the debate.
Remember as well that one of the CIA's targets in 2014 was the US Senate. Anything that damages the national security complex is a benefit to the US public.
From a military perspective, surveillance of the Internet is merely "Phase 0" in the US digital war strategy.
This enables them to "control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0)." Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation. The internal documents state that the ultimate goal is "real time controlled escalation".
This isn't about fighting terrorism. It's also not about the usual warfare it's more like the infrastructure or a set of tools to control nearly every other country or the planet or at least make sure that the US will always be able to keep them from disagreeing.
What kind of idiot would ever want to stand on the wrong side in this world? We see that communication is not private, maybe every technical device could be used to spy on you and in a war against the USA you would not even see the enemy's soldiers. THIS is a reign of terror.
Consider, for example, whether you would be opposed to someone leaking information as to whether one of the nuclear powers had nuclear capability in excess of what was publicly known?
Oh, sure you can dance around the fact that the latter may be more of a violation of treaties, etc., but just because their are no treaties covering "cyber war" (correct me if I'm wrong), does not make it morally acceptable.
no one benefitted by revealing that the U.S. spied on merkle. that's what nations do, even Israel spies on the U.S. all the time. then this, how does this knowledge benefit anyone but the bad guys?
Also depth of Russian penetration of security services and media in Europe.. in many places it is quite complete. It would not actually be surprising at all if Spiegel had someone working for FSB/GRU.
Having said that it is not 100% certainty. If he was not turned before the disclosures then US whistleblower witchhunt that drove him into arms of FSB is even worse because he really had no choice once US started hunting him.
It just doesnt hang together that Snowden is a spy for me, whether or not you approve of what he did.
Who knows what his motivations are, they very well maybe noble. Enemy of my enemy is my friend kinda thing.. and when you face US gov power you need powerful friends. He saw what happened to other whistleblowers.
In the end whatever the story is I think he did a great thing for the republic in the long term.
Is this such a problem? In a world where exploits are used to break infrastructure, isn't the best solution simply to build increasingly more secure code? If that won't solve the problem I don't know if legislation will. Right now a determined hacker can harm a company via the internet (e.g. Sony). Are laws really going to stop that from happening?
If not, please correct me. I know little about cyber warfare and would love to know more.
Every law can and does get broken, but that doesn't mean laws are useless.
Simple rule of thumb: This argument is always false.
Our society is too complex. It is never about good guys vs. bad guys. It is mostly about money, who has the most and how laws can change incentives and prices.
It is the same with drugs, guns, atomic bombs and nearly every other topic were this argument is brought up. We need to get over this because it is just slowing us down.
First to USG has made a concerted and successful attempts to place secret digital strongholds and black sites across the globe, including some 'behind the enemy lines' so to speak. In the physical world these are the equivalent to CIA black sites and safe houses, from which you can attack and spy on the enemy, feed in extra weaponry to partisans and rebels (similar to the CIA Benghazi compound, sorry 'consulate', sorry 'embassy'.
The NSA has all these smart dangerous and arguably immoral minds employed to defend the digital borders of the US. But in truth these minds are busier establishing secret pathways through the digital trenchlines in order to have a definive and effective advantage when the cyberwar comes (which of course they are actively encouraging to validate their position, historical actions and future funding).
At the same time they are making a concerted effort to make sure that the security protocols everyone uses are undermined and backdoored. In effect they are making sure that the digital nuclear weapons held by their enemies aren't going to get in the air when the time comes.
Through strong encryption we could make sure that we have the digital equivalent of mutually assured security, but as ever the US isn't interested in this, because the reality is that the military industrial compound aims to make billions of dollars from the industry.
In a world where all communications and hardware devices were secure, they wouldn't make any money. A secure, stable and safe world just isn't profitable.
In light of current revelations, it may or may not be all that surprising. Surprising or not though, it is most definitely contentious!
A computer system has many services, programs and tasks running on it. Only one of these needs to contain a flaw for a system to be vulnerable, obviously this means that on a secure system everything must be perfect, for 1 flaw compromises everything.
Therefore I don't find it strange that the NSA allocates the resources it does to research and expand it's offensive capabilities, since trying to defend the systems of the US is probably a lost cause. The question remains if this is ethical and/or legitimate. Being a non us-citizen I'm certainly opposed to the practises of weakening standards and harvesting/exploiting services on the internet.
I also find the double-speak of the US government deplorable, on the one hand we have the government declaring that in many ways a cyber-attack will, and can, be reacted upon as if it were a conventional attack. And on the other hand we have the US government attacking and targeting civilians (Belgacom Sysadmins). I fail to see how attacks against the US can be labelled as a conventional attack, but that attacks from the US against civilians are apparently OK.