NSA has direct access to tech giants' systems for user data, secret files reveal

You're absolutely right about the extra-legal approaches used, which is also why it's an extraordinarily bad idea to have the scope creep from real, genuine matters of national security to the majority of cases which are essentially criminal but not threatening national security at all. But that's exactly what's happened and happening, and this disastrously blurs and defocusses the system, and makes it accessible to way too many people.

I watched the Subcommittee testimony from last month where an FBI prosecutor (Conley) seemed to major on the practice of "upskirting", as a reason why backdoors were needed into encryption. Now, upskirting is many things, including criminal, but is not a threat to national security, nor a reason for subverting constitutions and weakening critical infrastructure and business protections.

In the UK, eyewitness testimony has been discounted for a long while now, for the reasons you mention.

 

Looks like a done deal, with the privacy folks saying 'best we can do at this point'. Perhaps a couple amendments.

What I've heard that really scares is a willingness by those opposed to encription "back doors" to pre-compromise on a law to legally force keys from whoever. Put out on the rationale that big digital products would loose market share internationally.

Well, true, but what about the rest of us who just want a little privacy. Soon up for debate.

 

Section 215 of the Patriot Act expired last night

http://www.net-security.org/secworld.php?id=18438

 

Finally congress inaction put to a good use.

 

http://nautilus.org/napsnet/napsnet...ivities-utilising-multi-beam-antenna-systems/

 

http://electrospaces.blogspot.co.uk/2015/05/new-details-about-joint-nsa-bnd.html

 

Let the snooping resume: Senate revives Patriot Act surveillance measures.

Related: How the end of Patriot Act provisions changes NSA surveillance

-- Tom

 

https://firstlook.org/theintercept/2015/06/04/nsa-hackers-nyt-warrantless-surveillance/

 

From The NSA’s Domestic Cybersecurity Surveillance:

Hat tip: NSA Running a Massive IDS on the Internet Backbone.

 

This is just part of the militarization of the Internet. It's rather like the Cold War, and more or less features the same players. I suppose that it's better for them to be pwning each other, instead of tossing nukes around. But then, they still have nukes. And it is US policy to potentially respond with nukes to cyberattack. Maybe that's just crazy talk to deter aggression, but one never knows ...

 

I can't even imagine passing through an internet backbone without being in "dark space" via multiple encryption schemes/hops anymore. I have nothing major to hide except my right to privacy, but its important to me.

 

Desperately attempting to focus on the technical issues raised by this (!) - to be really useful an IDS requires, at least in part, the ability to do DPI. Within a business, that is often handled by effectively having the stuff in clear, or at least, with known certificates/keys internally. At least nominally, that is not the case for encrypted internet communications. Either they have been given or stolen the corporate keys to perform a useful IDS, and if that is not possible, then the IDS isn't particularly valuable.

Second, blame attribution is still going to be impossible, because, much as they'd like, they do not have total information awareness, and the internet is not completely controlled by them. I personally do not want nukes or cyberwarfare to be launched based on this kind of extra-legal and secret attribution - the WMD debacle was bad enough. And I do not believe the Sony North Korea attribution - one of the huge elements of damage of the actions of the TLAs has been the erosion of trust in a single thing they say.

Third, speaking as a citizen and businessperson of an ally of the US, I am not at all accepting of the role of foreigner-with-no-rights, because my stuff will get inspected regardless of whether it's anything to do with the US. And in fact, I believe will be used for industrial espionage and theft of my trade secrets (Airbus but on a very small scale). Because the US has apparently abandoned to rule of law, and is not behaving in a civilized fashion even to its allies (it's not alone in this), it's has created every incentive for people to balkanise the internet, and create a huge market for products and services that will be very useful to terrorists and criminals because they will increasingly implement strong crypto outside the jurisdiction of the X-eyes. If my nation does not take steps to protect our national interest in this area, I can only conclude that we are a vassal internet state, and the people actually running the country are in cahoots with the power base in the US. Either way, I'm compelled to run strong crypto simply to protect my basic rights and legitimate business interest.

 

Well I stopped feeling I had to justify privacy when I read about GCHQ's monitoring of webcam chats - possibly including that of our children. It certainly included a substantial proportion of teenage sexual activity. My children are pretty important to me, and I do not want anyone to have access to their private stuff, for any reason. And we also know that the NSA analysts have their Loveint. For which none have gone to jail or been charged under the Espionage Act.

When governments trot out the pedophilia trump card as a reason for mass surveillance, I'd point out that Geoffrey Prime, a GCHQ employee in the 60s/70s was not only a spy passing information on to the Russians, he was also a pedophile who used equipment from his work to target local girls (that's how he got caught). I do not think that human nature has changed since then, nor that the security service employees are anything but representative of the human population, and we're now storing and providing information which is extraordinarily dangerous to a large number of unaccountable people.

 

From Did FBI Stall an IG Review of Innocent Americans Sucked Up in the Dragnet?:

 

https://firstlook.org/theintercept/2015/06/08/nsa-transcription-american-phone-calls/

 

I don't know how the majority of the world population still uses their SmartPhones after the Snowden Revelations. Even worse, how they use a natively-backdoored-system (Window$), privacy-enemy e-Mail providers like Gmail/Yahoo!/Microsoft, and using Facebook, etc.

There's a citation of some book author, which I can't remember the name, saying something like: "People are stupid, you can't expect more from them than you'd expect from a bunch of cheep".

 

Speech recognition is still moderately expensive computationally, otherwise I'm sure they'd do it all, routinely. So the impression from the article, and practical ASR mean that they probably do this on selectors (which could still be a lot of people, including sacred Americans).

Vonage provide an ASR on voicemail, so that you can usually decipher what the message is about from an email.

The other big problem with ASR in practice (despite the claims of accuracy improvement) - is that error rates are significant (and often hilarious), on untrained speakers, poor quality calls, and presumably, no speech models at all for some dialects or languages (Somali pirates for example). It may of course that rather than rely on general speech models, they are only "looking out for" particular keywords in speech, and that's what gets flagged.

Given the error rates, you're then immediately into the realm of false positives when the transcripts are then scanned for keywords. And all the usual problems for the innocent.

 

Justice Department plotting to resume NSA bulk phone records collection.

-- Tom

 

Is it just me or US people these days don't "man up" as much as they did in the past? In fact, most people don't.

 

It's not you. Most are more concerned with reality TV than they are with reality. Many think they have nothing to hide. A large percentage believe the rhetoric that gets forced at them by network TV. Other believe that the end justifies the means but don't see where all this leads, even with the parallels in recent history. Of those that don't accept global surveillance, most feel that there's little they can do and are afraid to attract attention. That leaves a very small percentage that are actively opposing the surveillance state. They'll be labelled as terrorists, traitors, and subversives. Barring a major catastrophe, the writing is on the wall.

 

It seems that the NSA managed to "hack" Kaspersky:
https://securelist.com/blog/researc...a-sophisticated-cyberespionage-actor-returns/
http://www.forbes.com/sites/eugenekaspersky/2015/06/10/why-hacking-us-was-a-silly-thing-to-do/
http://www.bbc.com/news/technology-33083050

That was not unexpected.

 

From my understanding after reading the Ars article, the assumption was Israel. But who really knows for sure at the moment.
http://arstechnica.com/security/201...-kaspersky-for-months-tapped-iran-nuke-talks/

 

I don't believe that it's worth distinguishing between the NSA and Israel.

 

We are probably already labeled as subversives etc, for posting about it.
I think something has changed over the past two decades those in power no longer fear the backlash from the population when they impose draconian measures upon them and a large section of the population are too stupid to realize why there should be opposition. They don't look at history and realize we are going down the same road we have been down before when the ruling classes implement the architecture that gives whoever is in control, absolute power.

 

NSA maintains secret "five eyes" satellite facility in Israel