As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options
The Growing [Surveillance State]
centraldogma
Registered User regular
Registered User regular
It’s been a couple of months since the last Surveillance Thread. If you haven’t been following the Snowden/NSA saga at all, you can take a look through the old thread to familiarize yourself.
Here is a quick rundown of what’s happened since the last thread (mostly compiled from Al Jazeera's detailed timeline):
US and UK spy agencies have invested heavily in defeating common forms of encryption.
US government tapped into corporate intranets.
India among top targets of spying by NSA.
NSA spied on Martin Luther King Jr. and two sitting US Senators.
Love interests followed by NSA.
NSA creating maps of Americans' social contacts.
NSA uses massive databases to store metadata, including web searches, email activity and browsing histories on millions of web users for up to a year.
TOR network attacked by NSA.
NSA collects online contact lists en masse.
German, European Officials to Confront US Over Spy Allegations.
The last one is pretty major news and is sitting as a top story on Google News. The thought of their personal communications being monitored has many European leaders angry. There’s no doubt a degree of hypocrisy, as many European nations are bound to have their own spying programs. But they seem to be drawing a line at spying on high ranking political figures.
Here is a quick rundown of what’s happened since the last thread (mostly compiled from Al Jazeera's detailed timeline):
US and UK spy agencies have invested heavily in defeating common forms of encryption.
US government tapped into corporate intranets.
India among top targets of spying by NSA.
NSA spied on Martin Luther King Jr. and two sitting US Senators.
Love interests followed by NSA.
NSA creating maps of Americans' social contacts.
NSA uses massive databases to store metadata, including web searches, email activity and browsing histories on millions of web users for up to a year.
TOR network attacked by NSA.
NSA collects online contact lists en masse.
German, European Officials to Confront US Over Spy Allegations.
The last one is pretty major news and is sitting as a top story on Google News. The thought of their personal communications being monitored has many European leaders angry. There’s no doubt a degree of hypocrisy, as many European nations are bound to have their own spying programs. But they seem to be drawing a line at spying on high ranking political figures.
When people unite together, they become stronger than the sum of their parts.
Don't assume bad intentions over neglect and misunderstanding.
Don't assume bad intentions over neglect and misunderstanding.
centraldogma on
+1
Posts
Frankly, I'm more bothered by a) programs like the NYPD Demographics Unit and b) the information aggregation of private firms.
I loved the reactions from the Chinese media
My response was "I don't think this has improved your credibility any. Nobody is going around trusting China to have a different attitude than 'Fuck you, I got mine'"
And I doubt it has damaged our credibility that much. The war in Iraq damaged that. The revelation that we are spying on everybody. Kind of expected. Christ anybody who watched the Bourne Ultimatum should have been able to figure that out.
The thing people miss besides all the nuance involved with realpolitik, is that the federal government is under a microscope so much, that it's fairly hard to get away with too much grievous shit. I'll admit that there are fuck ups that shouldn't be tolerated, but a fair chunk of it has to be treated case by case.
Like HA I'm more worried about the surveillance state when we get to the state/province(not nation-state) and local levels because people aren't paying attention to the abuses or failures of the law to keep up in privacy areas. People are too worried about the feds catching them looking at stupid pictures of cats and porn, that they don't realize their police departments are buying high end surveillance equipment or services, while saying "we are worried about every protest that ever happens, getting out of hand."
battletag: Millin#1360
Nice chart to figure out how honest a news source is.
Heh. It's totally cool to spy on the common folk but when you get to me? Well then good sir you've gone too far.
I'm worried about both.
The NSA already shares info with the DEA outside of its mission to protect national security. I have exactly zero confidence that they aren't (or won't, in the future) share info with other agencies as well. (And even if they don't; sharing info with the DEA is bad enough.)
the "no true scotch man" fallacy.
NSA: The house looked European. Like a postcard from Italy. Like that one. In fact, just like that one! The bad guys are in there.
DEA: I think you should wear this. (Hands over badge) I have not earned it yet. You just solved the entire case and revolutionised police training. I have studied human character, terrorist psyche, fingerprints. I have taken courses in surveillance, hostage negotiation and psychology. And all I had to do was drive around the neighbourhood - and point at a house and say: "The bad guys are in there."
(The DEA knocks on the door)
Henchman: May I help you?
DEA: Yes. Could I speak to the drug dealer of the house? We are out killing drug dealers. Do you have any in the house?
Don't get me wrong here. I do think there are some issues and wouldn't mind seeing most of the shitty aspects of the Patriot Act repealed. I'm just more worried that shit groups will use people's inability to pay attention to local and state politics to Trojan Horse in lots of shitty policies (if anyone hasn't caught on, those government offices are important and can be used to influence the federal system over time) or just flat out get away with it (they abuse power, leave the job and statue of limitations kicks in by the time anyone wises up).
Information sharing is really tricky. I agree, that it was a huge problem that all the agencies weren't talking to one another and were competing in some ways, that ended up being more harmful. I want them to talk to one another when they come across someone that raises legitimate red flags that passes a reasonable process (something with safeguards) that justifies such an action. I don't want them going "hey, we might have wasted our time on this guy that doesn't seem fishy, please do some fishing in hopes that you can prove that belief wrong" or "hey, this guy is a danger to society, but we aren't going to check in with other agencies, who could have additional info that could be handy."
battletag: Millin#1360
Nice chart to figure out how honest a news source is.
It is exactly the type of outrage you get from people who don't realize they're going outside of their field of expertise - it's a whole bunch of people thinking "international politics is just talking, I know how to do that".
Spying on foreign leaders is exactly what the NSA exists for, and you know, was what the British did at the WTC conference (and you know, also what everyone else who didn't get caught and disclosed in the Snowden infodump).
This is all being argued in bad faith: there's a group of people who want no intelligence agencies to exist. This is why this is getting any traction because it's pretty clear that it's got nothing to do with domestic spying, and a lot to do with any spying. It's pretty apparent that most of them have no idea what the status quo is, and give precisely zero thought to why it's like that - i.e. "they spied on Congress" - well, you know, except that Congress's emails would already be audited and stored by the Secret Service and probably a few other agencies for the precise purpose of accountability.
Why shouldn't the NSA share legally obtained information with the DEA in a way which does not endanger the rights of citizens?
Don't get me wrong, I'm not saying its okay or ethical or anything... but it ain't exactly today's news. Heck, it goes so far back that it is one of the purest examples of politics post World War II that every single president of both parties has supported. Its like, you can't get more bipartisan than overwhelmingly huge, overreaching, and highly unethical surveillance on anything with a pulse.
What really scares me though? That this is turned into an attack by the right against Obama (because of course if its mainstream news now it must be all his fault) and as a result more focus is put on demonizing him rather than, you know, dealing with (and fixing) the fact that anyone in the oval office can and will use these powers irregardless of their personal views.
EDIT: I have seriously considered, despite my personal objections to them, to try and get a career in intelligence agencies.
EDIT2: I think the above post (and many, many others) may have just disqualified me for any such work. (CIA/NSA if you're reading this: we're still bros right? All that talk about "unethical this, unconstitutional that" was about getting liberals to trust me if you get what I mean
;-) ;-) ;-) )
PSN: ShinyRedKnight Xbox Live: ShinyRedKnight
Many of the processes used by the NSA ought not to be legal. The chances of their scope shrinking is extremely low, but if other agencies come to rely on the data, then it will become zero. Even if the benefit to these agencies is miniscule, especially compared to the social costs, they're not going to give up the data.
It goes from "this is for National Security!" to "well, why not?"
A thought: is Time magazine due for a gimmicky Person of the Year, or are they going to do Snowden?
Which processes? Because from where I stand I am having a hard time figuring out which ones you're talking about.
(and round and round we go)
Their scope, as is, does involve lots of spying. That's the nature of the game. Much of that spying does not involve national security. Much of it involves, for example, economic espionage. That's the way the world works. And they should be sharing with other agencies. If they kept everything to themselves, the agency would be useless. Of course they share with other agencies! The DEA is pretty terrible but that's a fucking fault of the DEA and has nothing to do with the NSA. They're not going to stop sharing with other agencies and they're not really going to shrink their scope. Maybe there will be congressional action at some point in the future but I really doubt that any time soon. If anything was going to happen it would've happened right after the Snowden story hit and the NSA was at the low point of their popularity. As it is, the majority of Congress doesn't care and the majority of Americans do not care.
The NSA's mission is simple. Breach everyone else's communications while protecting ours. They have utterly abandoned the latter part, as evidenced by sabotaging NIST standards.
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
If domestic consumer level encryption was uncrackable by the NSA, then what exactly would prevent foreign nations from buying that encryption for themselves?
I've never seen any documents released which outline it, other then Bruce Schneier declaring that this is totally what happened.
I'm pretty suspicious of the claim personally - the hysterics surrounding this issue from the get go mean I'm not putting much stock in the experts since there's a lot of "reads 1 line...here's the worst case possible scenario". While that scenario might be possible, there's a paucity of evidence to show its what happened.
http://en.wikipedia.org/wiki/Dual_EC_DRBG
Included in NIST's standard set, substantially slower than other standard RNGs, identified weaknesses, potential backdoor due to the asymmetric nature of the underlying algorithm if the constants were chosen to have one.
Notably, this doesn't actually weaken the algorithm to external attack, since finding the backdoor is likely as hard as breaking the entire thing
There are also concerns over NIST's changes to SHA-3
The vulnerability involved would have been a step removed from that, involving the function itself. Basically, a vulnerability was discovered, if you built the function in a certain way, with constants based on another formula (so they wouldn't be apparent in the code itself), that you could use that to calculate the outcomes, and the output of the RNG wouldn't be so random for you, if you had knowledge of that extra information. And so if you had that information, you could easily break the encryption based on it. And anyone else who was able to acquire or discover that information would be able to break it as well.
tl;dr : the NSA pushed for intentionally flawed code to become a standard used by everyone for encryption, so that they would be able to break it.
Encryption is supposed to be uncrackable, that's the point. It sounds more like you're arguing against the entire concept of encryption to begin with. That people should not be allowed to communicate privately.
You seem to be arguing that NSA backdoors in widely used crypto standards are a good thing. This only makes sense if you assume that no one else can ever find and exploit those backdoors, and that is incredibly naive. And if anyone else finds backdoors in commonly used crypto standards, they get to fuck with a bunch of civilian systems and infrastructure. The potential damage is huge. Furthermore, it would only affect those who trusted NIST. Since quite a lot of people suspected that, for example, NIST-recommended ECC curve parameters might be cooked even prior to the Snowden leaks, that list is unlikely to include entities hostile to the United States.
Intentionally introducing backdoors in widely used standards is an incredibly stupid idea, and I doubt the NSA did it on a large scale. AFAIK, all that has been publicized so far is a PRNG that people were already suspicious about before and that was never widely used anyway.
Where do you get the bolded part from?
And saying that the NSA has a job to crack other countries, but they should also stand idly by and let other countries have access to things that can't be cracked, seems contradictory.
Cryptography isn't limited to stuff published or standardized by US government agencies. It is, in fact, a very active and open field of academic research. Standards like AES or SHA are chosen from a number of submissions from teams from all over the world. If you want to introduce a backdoor in one of those standards, then you need to change the proposal before standardization (see SHA-3, where there are some suspicions that this might have happened). You can't, however, prevent people who don't trust your standards from not adopting those changes or just using a different algorithm altogether to communicate with each other. Don't like AES/Rijndael? Use Twofish. Don't like Twofish? Use Serpent, etc.
The US government isn't in a position to "let other countries have access" to this stuff. Rijndael was proposed by a team from Belgium. Backdoors introduced during standardization only affect the people who trust and use your standards. That probably doesn't include the Chinese government. It does, however, include the companies that provide your critical infrastructure.
Because there's no other reason to intentionally weaken a crypto standard.
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all And this is an important piece of information to keep in mind. Governments aren't likely to use encryption algorithms developed by countries they consider to be enemies. Sabotaging your own encryption standards is something that would only be useful domestically, or against allies or civilian companies, or other people who trusted you.
Is mail private?
Only instead of "bad guy steals his armor," it's more like "bad guys can have open access to his armor whenever they want."
Tony Stark owns his armor and can control who has access to it. The US government does not own and did not create most crypto algorithms and is in no position to control who has access to them. Putting a huge hole in his armor just in case someone steals it also seems out of character for Stark.
EDIT: Did you even read my earlier response to you or are we doing this thing again where you repeat the same point over and over again and ignore peoples' responses?
There are two qualifiers here. The first is that the information is legally-obtained. The second is that the information shared does not endanger the rights of citizens. I do not have any faith that either of these qualifiers are true.
They might be true. They might not be true. Due to the nature of the NSA and their spying operations we have no way of knowing.
If the information is legally obtained and shared with the DEA in a way that does not endanger the rights of citizens, why is there a need for the DEA to engage in parallel construction to establish probable cause for arrest?
If we were talking about, say, a foreign hostile warlord using the drug trade to fund military operations, then there would be no need for parallel construction. Probable cause for arrest and the Fourth Amendment do not apply.
Which, by the way, highlights the very reason this is a problem. When the NSA shares information with the DEA which is then used to enforce domestic drug laws, that literally means that the Department of Defense is assisting domestic law enforcement with criminal investigations. That is the military taking on police duties.
The separation of the military (a defense against foreign threats) and the police (enforcers of domestic laws) is well-established with a long history. The military has broad powers - such as, but not limited to, certain forms of spying - that domestic law enforcement is denied or allowed to use only in a restricted capacity; law enforcement is required to have a degree of transparency while the military's very nature requires a degree of secrecy. The military is not bound by the Fourth Amendment. And this doesn't even get into the boundaries we place on the use of violence which are arguably outside of the scope of this thread. This is why we have the Posse Comitatus Act; this is also why FISA required that the targets of spying must be agents of a foreign government.
I recognize that in situations where public safety is imminently endangered, as in a riot or national emergency, the military may be called upon to provide support only long as is necessary to restore safety and order. But you'd have a pretty big uphill battle to convince me that routinely sharing information on domestic criminal activities is akin to a national emergency.
There may be some byzantine legal justification for this in the US code of law, but again, we don't know, because of the level of secrecy this sort of activity requires. Even if you could establish that this does not violate the letter of the law, I would argue that it violates the spirit. There is a necessary separation of military and police and the NSA as it is currently structured falls on the military side of that line while the DEA falls on the police side. The NSA should not be involved in police investigations.
the "no true scotch man" fallacy.
Also no one is actually certain that's what happened.
Basically, everyone was convinced this is what the NSA did to DES in the 90s or whenever, when they were pushing for certain magic numbers for the algorithm, and arguing for a reduced key-size (56 bits).
What people forget is that the computer hardware of the time was exponentially less powerful. There were really good reasons to want to keep the DES keys short, because DES is slow and hardware crypto-engines weren't common. The magic numbers turned out to be because the NSA had identified a differential cryptanalysis attack on DES, but didn't want to disclose that they'd done it, and the numbers they were pushing for initialized the algorithm such that differential cryptanalysis wouldn't work.
All of which makes me enormously suspicious of the people who are thrown into hysterics everytime you can fit "NSA" into the title of a news article, claiming that the NSA definitely tried to backdoor an algorithm. I'll believe it when someone shows me the memo or technical brief which says "the factors for Dual_EC_DRBG form the public part of a private key, giving us easy access to the random sequence".
Because seriously, the citations on this point are incredibly weak and no primary evidence has been presented.
If you don't know that its problematic then why should you have a right to prevent and/or examine the security apparatus knowing that such examinations destroy the effectiveness of such apparatus?
The NSA is not operating within the borders of the US when it gives foreign obtained information to the DEA just as the army isn't operating within the borders of the US when it tells the FBI about terrorist threats.
FISA did not and has never required targets be agents of foreign governments (I mean how would you even know before investigating) and even if it did that would seem horribly naive given the current climate.
The US government does own the NIST standards. It's a US government agency.
I mean you do realize it's a US government agency, and the Advanced Encryption Standard is a US government specification (which is used by everyone because if it's good enough for top secret, it's probably good enough for whatever you're doing).
You do not seem to understand how encryption standards work.
Intentionally weakening stuff that is actually widely used like AES (or DES when that was the standard) would be incredibly stupid and I doubt that the NSA actually did that (although who the fuck knows what's up with that PRNG). @Schrodinger is saying that they should have.
Suppose you legally get your information from an informant. If the warlord learns of this, then the informant will be murdered.
That would be a good reason for parallel constructionism.
Calling in a tip is taking on police duties?
Suppose a mafia member learns that his friends are planning a kidnapping. He feels guilty, and calls in a tip. Does that mean that the mafia is taking on police duties?
Right, and I don't care what he's saying. What I care is that nobody has engaged their goddamn brains on this issue, which means whatever point their might be to it is being lost in a sea of stupid.
You can't have a debate about surveillance overreach with people who don't understand how international politics works, how nation-states work or what they are, or who refuse to demonstrate a cogent grasp on the nature and distribution trust as an aggregate rather then a specific issue.
There's a whole bunch of people defending not giving a fuck about real, open abuses of minority rights, judicial process and the little fiefdoms no one in the US prosecutes, because "oh but the NSA's surveillance is potentially so much worse".
Because if anything the NSA does actually starts getting used against US citizens, it'll be because those same idiots were ineffectually yelling about it while voting to strip habeas corpus from "terrorists", to detain pregnant women without representation, and stop and frisk anyone who looks suspicious on the streets. Totalitarian states (god that term is overused on this issue) do things to their citizens. The surveillance makes it more effective, but they sure as fuck don't invent the surveillance first.
No, what I'm saying is:
1) No one should be surprised and
2) We still don't know what this "sabotage" actually entails, and what sort of resources would be required in order to exploit it. Not just in terms of inside knowledge, but also in terms of time and computer power.
Is this going to be like the movie Sneakers, where the NSA can crack whatever they want in a matter of seconds?
Or is this a weakness that requires the resources of $TEXAS to utilize, and is too impractical to use on anyone who isn't already on the FBI's most wanted list?
In these debates "understanding international politics" seems to be code for superficial cynicism, though.
I haven't seen any of that. What I have seen is people pointing at all of those things and basically saying "you aren't allowed to care about the NSA stuff while all that is still happening", as if people were incapable of caring about more than one issue at a time.
Your view on this seems to be colored very much by the fact that the political opposition to this is mainly coming from the Republicans, but for most of them this is probably just another thing to blame Obama for. I don't think they're representative of most of the people who care about this stuff.
Surveillance is "doing something" (chilling effect etc). Also, already having the surveillance apparatus in place arguably enables totalitarian tendencies.