Government snooping, backdoors and #necessaryhashtags

[chalsall]

Quote:

Originally Posted by kladner

.....or hush payments to "plumbers".

Same thing.

[ewmayer]

Note that the esteemed Mr. Eric "what me, evil?" Schmidt is also the star of a related perspective by Julian Assange - although I believe the fellow credited with the "foaming" quote therein actually intended "fomenting", as "foaming" implies a more-literal yeasty "ferment" than the societal one described in the piece.

[And now I'm longing for a brewsky, but it's at least 4 hours too early here in sunny CA on this workday Monday.]

[xilman]

Facebook has recently released statistics on which governments requested information.
Strangely enough, USG refused to allow an exact figure to be produced. HMG's number is 2,337,outnumbered by India at 4,144 and slightly ahead those four Italy and the 4th Reich.

Some one might like to attempt to set more precise error bars on the USG requests.

Paul

[xilman]

NSA 'spied on Brazil and Mexico' --- film at 11.

[chalsall]

Hmmmmm...

[ewmayer]

o The omni-ogling issue is making for some interesting bedfellows:

Fears of gun registry prompt NRA to back lawsuit against surveillance

Quote:

NEW YORK (Reuters) - The National Rifle Association said on Wednesday it supports a lawsuit brought by civil rights groups to strike down the U.S. government's broad telephone surveillance program, citing potential violations of gun owners' privacy rights.
...
The ACLU said it welcomed the support from the NRA in its suit against Clapper and other officials filed in U.S. District Court for the Southern District of New York.

"Americans from across the political spectrum value individual privacy," said Jameel Jaffer, one of the ACLU lawyers on the suit. "The philosophical roots may differ, but I think that is a widely shared American value."

o Update on the NSA/DEA "fake the evidence trail" program - this is so blatantly unconstitutional [and perjurious on the part of the fakers] it's rather appalling that there even needs to be a "national debate" on it:

Civil-liberties groups seek hearings on DEA's use of intelligence: (Reuters) - A coalition of two dozen civil-liberties groups called Thursday for broad congressional hearings on the Drug Enforcement Administration, citing recent revelations by Reuters about the DEA's use of National Security Agency data to build non-terrorism cases against Americans.

Quote:

Last month, Reuters reported that the DEA funnels tips from overseas NSA intercepts, informants, court-ordered wiretaps and a massive telephone database to police and federal agents nationwide, including tax investigators at the Internal Revenue Service.

The DEA instructs the agents and police to never reveal the source of the information and to instead "recreate" the investigative trail, records seen by Reuters show. This DEA process, which agents call "parallel construction," disturbs some judges, former prosecutors and defense lawyers, who say it systematically eliminates potential evidence that defendants may need to ensure a fair trial.

[kladner]

http://www.theguardian.com/world/201...codes-security

Quote:

US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

[Nick]

In the early days of the Internet (when Jon Postel was still around) protocol design concentrated on sound engineering. These days, protocol design is often more influenced by commercial considerations: getting a protocol standardized which requires all users to license a patent, for example, is seen as a way to make money.
And now we learn that it is apparently also steered to facilitate surveillance.

The current marketing push towards devices and services will only make this easier.
How many people with a smartphone are the system administrator of the device they own? How many "browsers" on smartphones are completely implemented within the phone, rather than just being a graphical shell talking to the real browser somewhere in the network? When protocols are no longer open but proprietary, how will we even check?

[kladner]

Quote:

How many people with a smartphone are the system administrator of the device they own?

Much less masters of their fates, or captains of their (hypothetical) souls.

[xilman]

Quote:

Originally Posted by kladner

http://www.theguardian.com/world/201...codes-security

This little snippet

Quote:

Another program, codenamed Cheesy Name, was aimed at singling out encryption keys, known as 'certificates', that might be vulnerable to being cracked by GCHQ supercomputers.

from that article ties in with rumours I've been hearing about a facility out in deepest Utah.

Arjen Lenstra et al. paper last year (a search on ' Ron was wrong, Whit is right' will find it) dug out many thousands of vulnerable certificates.

[ewmayer]

Piece on the NSA/GCHQ backdooring programs from the Guardian [here via Reuters] today - probably duplicates stuff linked above, but I like to include a reader-friendly summary excerpt rather than just tossing links out:

New Snowden documents say NSA can break common Internet encryption: (Reuters) - The U.S. National Security Agency has secretly developed the ability to crack or circumvent commonplace Internet encryption used to protect everything from email to financial transactions, according to media reports citing documents obtained by former NSA contractor Edward Snowden.

Quote:

The Guardian, The New York Times and journalistic nonprofit ProPublica reported on Thursday that the U.S. intelligence agency used a variety of means, ranging from the insertion of "back doors" in popular tech products and services, to supercomputers, secret court orders and the manipulation of international processes for setting encryption standards.

The publications said the NSA and its British partner Government Communications Headquarters (GCHQ) reported making strides against Secure Sockets Layer technology, which protects millions of websites beginning in "Https," and virtual private networks, which are common for remote office workers and for people seeking to obscure their locations.

Privacy advocates have succeeded in convincing Google Inc, Facebook Inc and other popular service providers to turn on SSL for all of their users, but the new disclosures suggest that the effort could be futile against the NSA.

The Times and ProPublica cited an intelligence document saying the NSA spends more than $250 million a year on its "Sigint Enabling Project," which "actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs" to make them "exploitable."

It is unclear from the articles how often technology companies voluntarily agreed to allow covert access to their offerings through back doors and how often the NSA compelled them to do so through secret court orders.

The New York Times and ProPublica said they were asked not to publish their findings by intelligence officials who argued that their foreign targets might switch to newer forms of encryption or communications if the NSA tactics were revealed.

"Some specific facts" were removed, the New York Times said. The articles do not say which mainstream encryption systems have been effectively broken.

The undertaking, codenamed Bullrun, followed the abandonment in 1990s of a U.S. effort to force back doors into services through what was called the Clipper Chip.

Back doors in software or hardware allow for access that is typically unseen by the user.

Because the NSA has great expertise and is charged with protecting U.S. assets as well as spying electronically, it has been a frequent contributor to public processes for choosing security techniques. That could now come to a halt.

The disclosure that the NSA succeeded in subverting some unspecified processes for setting security standards is likely to enrage those who were willing to allow the defensive experts from the agency to participate in vetting proposals.