Likewise, how many will suffer today in the crossfire between criminal gangs, extremist organisations and legitimate governments? How many would suffer if legitimate governments didn't fight?
About as many, or even less.
Governments not using mass surveillance, and other forms of spying on their own citizens, implies the following benefits:
The money spent on mass surveillance is either spent elsewhere (so you merely need to find a more productive use of those untold billions to decide that the surveillance is not worth it) or not collected as taxes or tariffs to begin with.
The man hours spent constructing, maintaining and operating the apparatus of surveillance is spent elsewhere (this coincides with the benefit above, where the government takes engineering talent and uses it for more productive projects or increases the supply of engineering talent in the private market alongside a tax rebate).
The money & man hours spent by innocent people (read: people caught in 'crossfire') defending themselves from mass surveillance is free to be spent on more productive projects (whereas now it merely serves to lower the impact of the 'crossfire').
The chilling effect caused by mass surveillance ceases to exist (or is at least less in the world where people are unsure whether mass surveillance occurs vs. the world where they know it occurs for sure).
As for the detriments, I'm not sure how effective mass surveillance has been at achieving its stated goal - while I cant reliably reason about a world where mass surveillance never existed, I can say that the impact of domestic and international terrorism on the quality of life in US and Europe was not high prior to mass surveillance and that I see no good reason to believe it should have increased dramatically enough to justify both the resources spent and the loss of privacy (or even either of those separately) - but this is an argument that you need to make, I can't provide it for you.
I'm also not aware of any notable achievements of the mass surveillance programs, and although these may be classified, I doubt they exist since the US gov't still refuses fair trials to the alleged terrorists it imprisons, and if the surveillance projects had generated a significant amount of useful, incriminating evidence this would not be necessary (under the, imo, fair assumption that the reason they avoid trial is that the govt is incapable of proving guilt in many relevant).
The problem is that, as Gall's Law states, systems and organization eventually become counter productive: the NSA and the security industry generally are threats to individual and national security.
How can you confidently say that this is about control and not security?
That you call it a conspiracy betrays your ignorance of this matter.
Instead of analogies and aphorisms, let's talk about actual consequences to actual tactics.
Unlike nuclear weapons, there aren't a lot of rare resources required for discovering vulnerabilities, so the approaches that help with nuclear nonproliferation will not help with digital security. All one needs is to find vulnerabilities is smart people (and maybe a lot of computing resources to brute force fuzz a lot of software). There are a lot of smart people and fast computers out there, and the ones not in the US almost certainly outnumber those that are inside the US. It seems it would be much better to defend against them and disarm entirely rather than hope to stay ahead of them.
On some authority, you're asking me to put myself in the position of an NSA leader. I'm not an NSA leader. Postponing the bug fixes hurts me, and the rest of the people like me. Fix them.
Its possible that the right answer is we should have a US agency finding bugs and getting them patched, but it certainly shouldn't be any of the intelligence agencies. That feels a little too like putting the military in charge of the police force.
... well said.
The scope is huge, the book is giant, and he published it under his own imprint so that no one could tell him to cut things. I found the section on Kriegsspiel particularly interesting. Highly recommended if you're an enthusiast for the subject, otherwise you'd probably get very frustrated.
This looks like the review in question: http://catless.ncl.ac.uk/Risks/10.03.html#subj10.1
The other moral the story: always keep an off-site backup.
They took all three. They also got my wife's in-progress Master's Thesis, and she had to restart from scratch because they refused to return even a copy.
I'm curious where the quote attributed to me was sourced from, as I don't remember saying that. However, since I regularly come across things in old backups that I had totally forgotten, both code and written text, it may be completely legit.
I'm kind of surprised the author didn't bother to contact me at all (I'm hardly difficult to find). We weren't awakened at gunpoint, for instance. That was Goggans. We were awakened by pounding on our apartment door at 6 AM.
As for being woken up at gunpoint, that's sourced from a number of contemporary accounts, including a Mar 5 1990 comp.dcom.telecom post (reposted in Phrack #31) reading "The Mentor was awakened at 6:30am on Thursday (3/1/90) with the gun of a Secret Service agent pointed at his head."
I do apologize if it seems standoffish not to have dropped you a line while I was working on it - it's kind of my shtick that I work exclusively from documentary evidence of the era I'm writing about rather than from interviews today. No method is perfect, but the results tend to be pretty decent.
But a random Usenet post from someone who undoubtedly wasn't there isn't a source, it is hearsay....
And how hard would it have been to look at the cover of Cyberpunk and spell my name right?
And as for the gun in your face, obviously you know best what happened to you, I was just explaining why the article says what it says. I will not repeat the hearsay.
"The obstruction charge relates to an attempt by Brown and his mother to hide a laptop from authorities during a search of her home in March 2012. Brown’s mother was separately charged with obstruction and given six months probation."
At any rate, my point was that if you have a list of credit card numbers, and the Secret Service comes and asks for them. It is not ok to keep an off-site backup.
I'm not saying that the US government isn't behaving batshit crazy wrt hackers ever since around the Kevin Mitnick case, or that the current laws makes sense -- nor that the priorities makes sense -- just that "having an off-site backup" isn't a defence against a rouge state. Especially if you are a subject of that state.
However, I'd argue to a judge that I can't be "non-compliant" about surrendering all copies of illegal material until the court decides that the material is indeed illegal. Just because law enforcement wants to bring charges doesn't mean I'm actually guilty of anything yet.
Really? What changed? The government at least got more proficient at using the Internet, I guess.
That someone is able to write such an article and at the very end wrap it up like this, today, after everything that the whole world knows for a fact, this scares me more than anything in the article.
seems like knowledge is what's being hammered on these days by propaganda. IIRC a kid was arrested for using DOS / a shell on his school computer (can't find the link, sorry)
While other countries, like Russia, and China--seem to encourage their citizens to become better black hat Hackers?
Russian Hackers seem pretty efficient, and we can't touch them.
prosecutorial laws should be not so heavy handed. A Prosecuter should not be able to stack charge after charge against a black hat Hacker(like Arron Schwartz)--to the point where he commits suicide. Or, make Black Hat Hackers so angry with their government they turn their backs if asked to help? Crimes--even computer crimes are not black and white; neither should the punishment be one big blow in order to send a message.
When other countries become better Hackers than Americans and take over critical infrastructure; I picture some Gsometing government employee scouring Google trying to figure out exactly what the Russians and Chinese have done to our servers? Or worse, hiring some slick security outfit who claims they know how to fix the intrusion?
(No wonder Hackers keep Obama up at night? I don't think he was referring to American Hackers either?)