NSA has direct access to tech giants' systems for user data, secret files reveal

https://firstlook.org/theintercept/...q-prism-nsa-fisa-unsupervised-access-snowden/

 

The race to bring NSA surveillance to the Supreme Court
There are at least three pending cases against the agency with a shot at making it all the way

http://www.theverge.com/2014/5/1/5671532/will-nsa-surveillance-ever-get-to-the-supreme-court

 

State surveillance under microscope
Journalist Glenn Greenwald, former NSA head Michael Hayden weigh in on privacy and spying

http://www.cbc.ca/news/business/state-surveillance-under-microscope-1.2630007

 

A handheld air horn would be appropriate for their next phone call. It would be their word against his unless they taped the call. For them, producing that tape as evidence in court would open its own can of worms.

 

White House seeks legal immunity for firms that hand over customer data

http://www.theguardian.com/world/2014/may/02/white-house-legal-immunity-telecoms-firms-bill

 

People need to send a very clear message on this issue. Support it and we will remove you from office. Nothing less will make any difference.

 

A video of May 3, 2014 debate between Glenn Greenwald and Former NSA Director Michael Hayden and others including Harvard Law Professor Alan Dershowitz and the founder of Reddit can be seen here:

http://www.informationclearinghouse.info/article38402.htm

 

Sure, but letter frequency does not work on any modern symmetric algorithm (combined with a good block mode) even if I use the standard US/english character set.

 

Emails reveal close Google relationship with NSA

http://america.aljazeera.com/articles/2014/5/6/nsa-chief-google.html

 

True with current encryption. I was comparing to old school substitution ciphers to word substitution codes.
Somewhat OT to the thread, it seems to me that it would be easy to make NSA proof encryption. IMO, current encryption has a fundamental flaw when compared to old style substitution ciphers. When an incorrect password/passphrase is used, it doesn't decrypt at all. If 2 layers of conventional strong encryption are used, you know that the first layer is correctly decrypted when you reach the 2nd layer. If a substitution cipher is used for the "outer layer" there'd be no realistic way to determine if the decryption attempt resulted in the actual 2nd layer or if it was just gibberish.

 

Google etc can't have it both ways. They're either US firms that cooperate with US agencies, or they're global firms that don't cooperate with any governments. To the extent that they're associated with the NSA etc, they'll lose non-US business.

 

http://threatpost.com/privacy-coalition-calls-for-net-reset-in-june

 

IMO, much of this "net reset" is little more than a "feel good" or symbolic response that really doesn't accomplish anything. Judging by the article, much of their emphasis is on using and forcing HTTPS and PFS. IMO, they're calling for mass implementation of measures that are for all purposes, already broken. When governments can and are coercing certificate authorities, I have to wonder if HTTPS is of any value at all against mass surveillance. This would be much more effective if they promoted self signed certificates and eliminate the certificate authorities. I haven't read all the links on the article but so far I don't see any mention of the certificate authority problem.

 

They don't claim that those measures will prevent NSA spying - it will make it harder. IMO that's the main goal of this alliance.

 

The best fun is hiding innocent chatter in hardest-to-crack data

 

I was actually wondering about the certificate security a few days ago. Let's say a certification authority is breached for some reason, even then I still have the private key for my server certificat on my server alone. So even if a (root) certification authority gives out my certificate to other parties they're still missing the private key because it never left my server and the traffic will still be safe and encrypted.

Or am I wrong?

 

https://firstlook.org/theintercept/2014/05/08/keith-alexander-unplugged-bushobama-matters/

 

The certificate authority wouldn't have your site's private key, but a man-in-the-middle attack could still be performed.

 

The Battle to Retake Our Privacy Can Be Won — Really!.

-- Tom

 

An interesting talk from Jacob Appelbaum, Surveillance and you, from the Security in Times of Surveillance conference at Technical University Eindhoven. Videos from other speakers are also available:
http://www.win.tue.nl/eipsi/surveillance.html

 

Routers ROOTED by the NSA !

Once again, not fantasy or tin foil hat etc, but for Real

 

"With the tools it installs, the NSA can gain access to entire internal networks, the story said. For example, in a report on its use of the technology, the NSA said an embedded beacon was able to call back to the agency and "provided us access to further exploit the device and survey the network," Greenwald wrote.

The new charge vastly expands the scope of alleged NSA spying beyond the interception of traffic across the Internet, said Ranga Krishnan, a technology fellow at the Electronic Frontier Foundation. As an example, he pointed to reports from the Snowden documents that the NSA had tapped into Google's own fiber network among its data centers, where the company hadn't encrypted the traffic at all.

"That's how most organizations function," Krishnan said. "So once you're within the company's router, you have access to all that data that's unencrypted."

In addition, any security hole that a government installs could open up the network to attacks by others, he added."

http://www.cio.com/article/752753/R...: cio/feed/articles (CIO.com Feed - Articles)

 

New NSA Slogan.

We work to ensure your safety.
Don't Worry We Have Your Back[door]

Meanwhile there is absolutely no proof that the NSA's ubiquitous surveillance has prevented one terrorist attack. Aren't you grateful?

The earth tremors from the sound of Orwell's continuous rolling over in his grave.

 

United States of Secrets.

-- Tom

 

Glenn Greenwald: from Martin Luther King to Anonymous, the state targets dissenters not just "bad guys".

-- Tom