NSA has direct access to tech giants' systems for user data, secret files reveal

Discussion in 'privacy general' started by Dermot7, Jun 6, 2013.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    4,270
    Location:
    DC Metro Area
    @mirimir:

    You got it.

    "The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers...

    Under Department of Defense regulations, information is considered to be 'collected”'only after it has been 'received for use by an employee of a DoD intelligence component,' and 'data acquired by electronic means is ‘collected’ only when it has been processed into intelligible form.'

    In other words, the NSA can intercept and store communications in its database, then have an algorithm search them for key words and analyze the metadata without ever considering the communications 'collected.'..."

    https://www.eff.org/deeplinks/2013/...-word-games-explained-how-government-deceived
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,877
    Kinda like Schrödinger's cat ;)
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,753
    Location:
    UK
    Except that it has real-world consequences outside the box - it's obviously an entangled cat....

    Completely automated data mining and attack tools can quite easily be judge, jury and executioner when it comes to things like putting people on no-fly lists, person-of-interest-pick-this-person-up list, make them a "usual suspect" and so on. No human involvement required. Little justice or rule of law either.

    Even if humans do get involved, they notoriously do not question why the algorithm came up with the security credit rating score it did, and indeed, the algorithm has no clue, cannot typically explain itself. There's a hugely unscientific and unjustified level of credibility with these systems, which are often based on GIGO, and grotty selectors, and lots of profit to the companies and empires involved. Might be ok if you were serving ads rather than subpoenas, but we already know there are not enough humans viewing the "collected" data because they can't even keep up with the humint targeted one. This being the precise point that Binney made.
     
  4. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    The media, and their conspiritors, traitors and deceivers, do their best to hide the truth from the people. You can't even say it on most internet forums they will delete it. But if you want to find it, you will.
     
  5. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,137
    Right again RockLobster.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,158
    Although it should be unreadable currently, I bet they are collecting pure onion traffic as well.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,877
    Well, supposedly "everything encrypted" gets saved forever. While that probably excludes at least TLS, I bet that it includes everything from Tor relays ;)
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,133
    Location:
    Here
  9. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Good, maybe this will encourage more people to speak out and intervene in this culture of deceit that has infested the tech industry.
    That is a very clinical way of describing activities like infiltrating open source projects and organisations mandated to design or approve security standards and bribing commercial companies or their employees to cripple security algorithms, libraries etc.

    Very well said, Professor Orr Dunkelman.
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,158
    Color me "tinfoil" but its one of the reasons I just don't really trust/like AES. No proof, just that nagging feeling in my gut! If I am wrong I'll live with it, but I removed all AES from my LUKS stuff and doubled down on some other schemes.
     
  11. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    In light of what we all should have learned in recent years, tinfoil should now be considered an analogy for smart.
    It does seem a little strange that any government should approve a military strength encryption algorithm and then make it available to the entire world.
    Also if you look at the NSA encryption level classifications there is an AES-384 TLS cipher. If AES-256 would really outlast the universe like they say, why have an AES-384
     
    Last edited: Sep 25, 2017
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,133
    Location:
    Here
    https://www.schneier.com/blog/archives/2018/01/after_section_7.html
     
  13. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    With that being said I think it is time to redefine.

    Politician
    Someone who fears freedom, craves authoritarianism and considers the population they represent, to be their enemy.
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,133
    Location:
    Here
    https://securityaffairs.co/wordpress/68684/digital-id/nsa-memo-anonymizing-systems.html
     
  15. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    I have suspected this for a while, the question is, how are they doing it?
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,877
    OK, let's assume that the memo is genuine. Even so, its claims must be considered in context. It's basically a report to justify increased funding. So it seems likely that the authors are generalizing success with Tor, I2P and VPNs under particular circumstances. We know that Tor has been compromised in particular ways. Most recently, CMU researchers used a relay-early exploit to trace circuits involving malicious guard and exit nodes, and so deanonymized users and onion sites. The FBI has used its NIT to pwn users, by dropping Windows malware through a bug in Tor browser, which then phoned home when Tor wasn't running.

    Documents released by Edward Snowden revealed that the NSA can compromise PPTP VPNs, and also IPSec VPNs with public preshared keys. But there's no evidence that they've compromised OpenVPN or properly secured IPSec. I don't follow I2P, so I don't know how it's been compromised.

    Anyway, I doubt that it's appropriate to freak quite yet :)
     
  17. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    Interesting thread. Too bad I did not find months ago as that link is 403 Forbidden. Interesting.

    Found it:

    https://www.eff.org/deeplinks/2013/...-word-games-explained-how-government-deceived
     
  18. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Yes that is a good article but one thing still bothers me.
    Everyone is willing to discuss what the NSA did but no one wants to discuss why.
    Why put an entire nation under surveillance.
    Of course the blind answer is terrorists but that does not hold up to even casual scrutiny.
     
  19. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    I think initially it was all about terrorism. With good intentions. But BIG government begats big government. And Congressional oversight sucked. And still does - perhaps even worse. Clapper lied to them and they KNEW it. What happened? As usual - NOTHING. And now not just the NSA, but FBI as well.

    And now they came back and made FISA worse!

    https://www.schneier.com/blog/archives/2018/01/after_section_7.html

    With all the current revelations it is a sad case indeed.

    But bottom line is that there is simply a HUGE power zone there in all respects - Congress, Admin, Deep state entrenched and enshrined bureacracy.

    I remember fighting this BS nearly 30 years ago with Project Echelon - which did not exist. Yeah - right. Several of us on Usenet proved they were "collecting" posts - key words were triggers. Things like bomb and so on elicited post removals, knocks on doors, warnings to ISPs and domain managers, etc.

    Have been a big supporter of EFF since the beginning and appreciate the efforts of Snowden and Wikileaks. The new revelations exposed last year shows that the NSA is OUT of Control.
     
    Last edited: Feb 7, 2018
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,877
    Way back in the day, before the Internet, the NSA focused on signals intelligence. They could monitor everything. But they were slow in adapting, as PCs and the Internet developed. Realizing that there was stuff that they couldn't monitor was very traumatic. So they've been playing catchup.
     
  21. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,328
    Location:
    Surrey, England.
    https://theintercept.com/snowden-sidtoday/
     
  22. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    Fascinating! Bookmarked and will read fer sure - TY:thumb:
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,133
    Location:
    Here
    NSA's new IoT encryption schemes blocked in murky tale of backdoors and bullying
    https://www.theregister.co.uk/2018/04/25/nsa_iot_encryption/
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,342
    Location:
    U.S.A. (South)
    Same :thumb:
     
  25. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Yes that is a fascinating story and good to know the ISO still stands firm against the subversion of standards we all rely on.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.