NSA has direct access to tech giants' systems for user data, secret files reveal

I can vouch for Signal. Moxie Marlinspike who codes it is a true legend of the scene. He knows crypto and can really code.

 

Op-ed: (How) did they break Diffie-Hellman?

http://arstechnica.com/security/2015/11/op-ed-how-did-they-break-diffie-hellman/

 

Me thinks that NSA whistle blower William Binney, former highly placed intelligence official with NSA for over 30 years, was right that the NSA collects so much info, rather than the targeted program he developed and which was rejected, that it is of little practical use:

"Since it could not have been the work of 200 lone wolves, but only a large organization with headquarters in Syria and Iraq and impressive multinational capabilities, it is hard to understand how the far-reaching preparations for a multiple Paris terror assault were not detected by any Western signals intelligence branches, including ECHELON, the all-seeing American digital surveillance system and its small brother, Frenchelon."

http://www.debka.com/article/25022/...p-target-in-multiple-terror-atrocity-in-Paris

 

"Why Edward Snowden thinks you should use an ad blocker"

https://www.washingtonpost.com/news...-snowden-thinks-you-should-use-an-ad-blocker/

 

"How Islamic State Teaches Tech Savvy to Evade Detection"

http://www.wsj.com/articles/islamic-state-teaches-tech-savvy-1447720824/?mod=mktw

 

Good read! I have been looking at a few of those myself, but I am starting to be hesitant because it will reflect as if I am a "bad guy"! Even though I am not doing anything wrong. That tech team pretty much got it right. My personal assessment of those tools almost perfectly matched their conclusions and I made mine before seeing this article.

 

https://theintercept.com/2015/11/18...llance-goldmine-on-venezuelas-oil-executives/

 

Good Read by Glen Greewald.

~ Removed Off Topic Political Remarks ~

"NYT Editorial Slams “Disgraceful” CIA Exploitation of Paris Attacks, But Submissive Media Role Is Key"

https://theintercept.com/2015/11/18...ris-attacks-but-submissive-media-role-is-key/

 

My understanding is that effective operational security is far more important than secure messaging to them. There is an article in the Intercept inferring that they actually communicated unencrypted for the operation, but I imagine we will never know the truth.

My feeling is also that ordinary people and businesses have no choice but to reclaim their rights through using effective secure messaging, and that businesses of all types are negligent if they do not encrypt communications and data at rest (databases are a particularly difficult problem and need to be carefully handled). The information above regarding business-related data mining (in the case of Petroleos is particularly chilling, because operating in one country, you can have your own security services handing over bulk data sets/access and then they will certainly perform industrial espionage on it - all in the name of national security. I believe there will be a data-mining feed from Xks to the Fed and onward to Wall St. for example.

The unprincipled use of mass surveillance has created a huge market for these products, which may benefit bad guys as well as everyone else. But if they stopped the mass surveillance, there would be substantially less motivation for that.

 

What I dont think is getting the attention that it deserves is that Governments are requesting backdoors to encrypted communications to allow for cases when they have a warrant for a specific individual. Current techniques that three letter agencies have access to are more than sufficient to provide access to the communications by compromising the endpoint.
The only advantage to accessing encrypted communications is to the mass surveillance programs.

I am all for allowing targeted access of specific individuals through the use of a warrant. Law enforcement already has the tools necessary to do this.

 

That's exactly what the outgoing GCHQ head Omand said they would increasingly do - break the door down if the communications were encrypted. If that were properly warranted (judicially, not politically) and had proper challenge and redress, then that would be more acceptable. But they are also talking about bulk hacking, which is way more scary, and probably just as counter-productive as the mass surveillance. I also suspect that using certain services will automatically, algorithmically, get you hacked (again, not acceptable).

 

I agree.

Personally I am not as concerned about bulk hacking. I believe that they are achieving this by using something similar to XcodeGhost. Link is for background on XcodeGhost http://techspective.net/2015/09/21/ios-apps-in-apple-app-store-compromised-with-xcodeghost-malware/

If you are very fussy on what you install on your phone and use strong privacy settings I think you are not as vulnerable to this bulk hacking. It is definitely not acceptable. Probably legal though (as long as the only court that looks at it is a secret FISA court with judges you appoint).

 

"New Docs Reveal NSA Never Ended Bulk Email Collection, Just Hid It Better

Agency shut down email surveillance in 2011, only to relaunch it under different intelligence laws

The National Security Agency (NSA) secretly replaced its program monitoring Americans' emails and moved it overseas before the operation was exposed by Edward Snowden in 2013, according to new reporting.............."


http://www.commondreams.org/news/20...nded-bulk-email-collection-just-hid-it-better

 

If a tree falls in a forrest and there is no one around to hear it does it make a sound?

I think this is the philosophy of the NSA.

If you are bulk collecting emails and there is no one around to review it does it break any laws?

 

YES in practice but you do raise an interesting and insightful philosophical/legal issue.

It is THE ACQUISITION of the emails that constitutes the violation unless otherwise exempted by law and the prior required authorizations were obtained.

 

Hmmmm. I have to contemplate on this one for a while

 

Contemplate on this:

http://www.nytimes.com/interactive/2013/08/22/us/22nsa-opinion-document.html

which would be a good idea if you are immortal and could thus afford the time and did not want to blow one of your 10 free monthly reads behind The NYT's Paywall. ~ Removed Off Topic Political Remarks ~

If you quickly scan it you wil get it.- scanning actually does not take that much time since so much of The Court's Opinion has been redacted "in the interest of protecting Nation Security." Yeah right.

 

Thanks, I'm aware of that ruling. I was thinking more about using that question as a koan

 

Meditation koan's for privacy advocates.

 

Loophole lets the NSA spy on your email even though it’s not allowed to anymore.

-- Tom

 

Amazing, even the FISA court was too much effort for them.

 

Policy Repercussions of the Paris Terrorist Attacks

https://www.schneier.com/blog/archives/2015/11/policy_repercus.html

 

Not sure I agree with the analysis completely, because it doesn't include the wishes of the dominant corporate sector. What will happen is nasty collusion behind the scenes, as has already happened in part with CISA. This will allow the politicians to claim their security theatre without harming those corporates.

 

On dit " La Boétie " ou " De la Boétie ".

 

Il n'a pas eu un smartphone