Slashdot Mirror
Trustworthy Software For The NSA?
Janus Daniels writes "There's a new story from the New York Times, as reprinted at CNET News, about security concerns for Government agencies buying software from overseas. According to the article, a whistle-blower who helped sell software to the National Security Agency says that much of the development work is subcontracted to China, raising serious national security risks. He also discovered in the sales-support database... the names of more than 30 [identity-classified] employees of the United States National Security Agency...'"
of what it is they're programming, in the sense that do they know they are making a sensitive program for the NSA of the United States? If not then what could be the harm unless a backdoor gets thru unchecked? (I can only hope that some US officials or hired techies DO check this code for backdoors and the like.)
"There is no real right or wrong, just what the majority accepts at the time."
And obviously Chinese intel has capitalized on this - succesfully directing the US Air Force to it's embassy during the Serbian fiasco a few years back...
... but if they are afraid of untrustworthy software they really should hire someone to make them a custom open source solution. Or something. Yeah.
...when the NSA is having companies bid for a given project, how do they think companies are offering rediculously low prices compared to others?
This has been a trend for a long time, and not just in the IT industry, so one would expect the NSA to apply the same logic to purchases such as this too.
...who's to say that there might not be spies writting the software anyways. Can't the NSA write their own source code. They've already contributed selinux.
----
Go canucks, habs, and sens!
Obviously, having all software written in the US eliminates the risk of having security risks.
http://blogs.lns.kicks-ass.net/moonjihad/
The concerns cut both ways. The Chinese government has repeatedly accused the United States military and intelligence organizations of attempting to conduct espionage by manipulating American products sold in China. The tracking features in Intel's microprocessors and Microsoft's operating system software are of particular concern to Chinese officials, which is one reason China is intent on expanding its own technology industry. And so has the rest of the world.
There are two kinds of egotists: 1) Those who admit it 2) The rest of us
Those guys at MIT constructing the database on government members should get these names. oh what juicy tidbits of info they would be!
The same people who collect everything I do online?
Forgive me, but I hope they rot in hell with their compromised software.
Given the recent push to commercialize various aspects of government, this is one of the potential pitfalls. Businesses will subcontract work to the lowest bidder and eliminate one of the internal controls that many government software projects have had in the past.
Visit Jonesblog and say hello.
This is just the tip of the iceberg. I just quit a job (read by choice, not fired) where some of the software created for the DOD was done by mainland Chinese programmers ....without the knowledge of the DOD. This was software which was tied to a backend database containing sensitive information. No, we are not talking nuclear secrets, but it was information which other non-friendly countries to the U.S. (ie anyone by England) would find interesting and useful. I broached the subject numerous times to my employer, who essentially pulled an Alfred E. Nueman (What?!?! ME worry?!?!). Finally, I quit and informed the proper people, washing my hands of the entire mess. While it may sound stupid to quit a high-paying job in this economy, having Bubba has a cellmate made it a lot easier.
My rambling point is this....the U.S. Government, particuarly the DOD, will be using software made by non-friendly parties with an axe to grind, without ever receiving the source code or knowing who actually wrote the software. And what's more, it's been my experience the bueacracy really doesn't give a sh*t as long as they can pass the buck.
NSA is about total information, right?
I think it's a good idea that NSA software is developed in China. I bet there are "undocumented" key combinations that will disable Macrovision and regional restrictions.
Best Windows Freeware
The bigger issue is not where the code is written, it's whether you can audit the source yourself (and whether you actually do so.
See reflections on trusting trust for a nice article about why, if it really matters, you should be careful with other people's code.
China is free democratic and trustworty country with a growing group software developers.I'm sure that they could make something secure for NSA that we could lay our nations hands in. It's extremly important that we help to foster proprietary solutions that will help bussiness abroad.
And after all its much better to use secure and trusted solutios from a close ally than having to resort to some of those old versions of UNIX. Know that SCO probably wins their case and AIX and Solaris goes down the drain, it could be nice to have some other alternatives than only american software. Because we all know, as DARPA found out, that you just can't trust FreeBSD and Linux in an environment like the NSA needs.
Proud patriot and republican voter.
This guy sounds a bit paranoid to me. As far as I'm concerned it's the US Governments job to look into things like this, not his. Does he honestly think the *NSA* would buy software with huge security holes? One might wonder if the names he saw were fake in the first place; I personally doubt the *NSA* would just give them out. Or maybe I just give them more credit than they deserve...
A lot of questions and insults. Not surprising, as you appear to have done no research. Well, we do know what the NSA does. The NSA is charged with breaking other people's coded message. In other words, it is basically the MOST defensive, MOST safe secret service we have. The worst it does is invade privacy. And it is very unlikely to invade YOUR privacy, as most people do not use the kind of High end cryptology that they coutner. The CIA is far more dangerous and active. Not to mention the various military agencies that do the black ops for the CIA.
P.S. What fool moded this as interesting. It is clearly off topic.
excitingthingstodo.blogspot.com
The NSA deals with mathimatics and technology, primary cryptography although it deals with a lot of the other facets of secure communications. It doesn't deal directly with the information it recovers/protects, it passes it on to the other intel & military groups.
R acers.com
The NSA is a great place to work for geeks as long as they don't want high pay (it is a government job).
No, I don't work there (Since I'm in college, but I might someday), but I know a mathmatician who worked there for a number of years and swears it was the best experience of his life (and he has a lot of cool stories about working there).
http://www.WhiteHatResearch.net
http://www.MSU
I should have also said that a number of contracts that one might expect would be internal government projects have more and more been bid out to private contractors. For instance, you might be surprised to find that a number of very sensitive database projects, military police actions and military interventions in the Balkans and Central America are being handled by companies such as Dyncorp.
Visit Jonesblog and say hello.
what about background checks for people writing software for the fed in the US? (for the chinese immigrants with maintenance and testing experience)
I suppose with TIA that would be redundant
whatever you do, don't buy that fancy new software from skynet!! /ahnuld accent on "Trust Me" /off
C:\earth\humans\del *.m0ronz
The Sun Grid software does the same stuff just as well, its open source, and after the NSA's contributions to SE Linux they must be ok with that. Platforms software is very expensive.
Jeebus Christ, don't those idiots remember what we did in the Inslaw affair? (Not so much what was done to Inslaw, but the backdoors the CIA put into software which was then sold to unfriendly countries.)
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Countries which develop their own military equipment usually do so in a secret/classified manner, and if they choose to import the necessary technology, they do so under an assumption that the country developing the technology would not try to sell them defective/backfiring technology.
The same assumption of trust applies (or should apply) to military software too.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
So why does the NSA emplyee the most people of any goverment TLA? FBI,CIA etc I'm not sure but I think it was only recently eclipsed by the Homeland Security Office.
Given it's secrecy how do you know that NSA is doing what it's mandated to do?
As someone who performs security code reviews on outsourced code I can say that this happens all the time. When everyone was outsourcing code to india for y2k work we found back doors all over the place. Everyone does it. It's a form of R&D. Give coutry X project review technical capabilities of coutry X people.
People who bite the hand that feeds them usually lick the boot that kicks them
OSS is just giving the plans to the enemy. With DRM, Bill Gates will ensure that all Americans sleep at night under the blanket of freedom. If you don't agree with that, then GET THE HELL OUT of this country!!!
Have they ever had software that was made overseas and which caused a security problem ?
Even more than home-made Microsoft - ware ?
according to the discovery channel, there is an oversight committee for the cia's secret ops. it is supposed to be a check and balance in that it is (iirc) a congressional committee w/ clearance to all of the cia's operations. They are to review the actions and make sure cia isn't doing anything (too) evil.
Of course, you could argue that they are both part of the same system. It seems this would be to the cia as internal affairs is to the police dept.
I would also say that all acts should become public record after, say, 10 years. I can respect the need for operational security/secrecy but anything that can't be known by the public, even after the fact, probably shouldn't be done.
why dont you visit their website and attempt to find out for yourself what they do? Here are the two big terms to look for: SIGINT and INFOSEC. When you can tell someone what those are in your own words, you'll know what the NSA does.
This is definitely a problem. I used to support the CIA as a customer, and though the users were only identified by first name, we had home addresses for a few because they sometimes wanted us to ship stuff in a hurry and not have it slowed down by inspections.
The legislative branch is supposed to oversee these agencies and keep them in check. As in so many other respects, your senators and congressmen are supposed to be your proxy, knowing things that the general public ought not to know. And appropriately, it's the legislative branch that controls the budget, which means that they have the power to cut off funding for those programs which are deemed harmful.
Who watches these watchmen? You do. You may not be able to tell whether your elected officials are doing exactly the right thing with respect to sensitive agencies, but you should at least know whether or not you trust them. Either way, be sure you vote.
>how do we, as citizens, ensure that organizations like the NSA are helping us more than they hurt us?
We pay attention when we vote for our congressmen, who control the budget and some of whom sit on the intelligence oversight committees.
We support a free press, so that a whistleblowing employee has somewhere to turn to get the word out.
We keep ourselves informed, so that we know the NSA makes and breaks ciphers, secures US communications, and eavesdrops on foreign communications.
Companies which have code written outside of the U.S. should pay duty or tariffs on each license they sell just like vendors of manufactured items do. That would slow down the Great Tech Job Exodus.
So the government doesn't have enough money to hire their own people? They have to subcontract it to china? heh...
----------
Check out Harvest Moon Online (a free online game based on the SNES game)
"stressed that he had seen no evidence of espionage or other wrongdoing by Platform employees either in Canada or China"
If he's really so worried about the threat to national security posed by the list of contact names, he should report it direct to the NSA.
"tamper with software being used by [NSA]" - that would be true wherever the software was written and regardless of who wrote it.
Presumably, the NSA has its own procedures for vetting and accepting new software - or are they really a bunch of innocents who just accept whatever they're given?
Do we even NEED the NSA? Does it do more for us than it does to us? And how could we ever possibly find out for sure?
This question is kind of like asking, "Do we even need the President's Cabinet?" Because the Cabinet doesn't work for the citizens of the USA, except in a technical taxpayer-dollars kind of way -- they work for the President, collecting information and advising on policy to him and him alone. They have no responsibility to the average citizen, nor are they any use to them. Their information and advice is for the chief executive.
Similarly, the NSA's function is nominally to protect America's secrets -- but really, it's to protect the American government's secrets. That government holds the data, collects the intelligence, operates the military, builds the equipment, etc. etc. Personally speaking, the NSA doesn't do jack for me. Their job is to serve the government and its offices.
The NSA isn't responsible to me because I don't vote for them, anymore than I vote for the President's cabinet. If I find out the NSA (or FBI or CIA) is doing something I don't like, then the only thing I can do is get the word out through the free press and vote out the elected officers who made it possible for those organizations to do so.
This is not a bad thing, mind you. I have enough trouble deciding which representatives, judges, councilmembers, etc. I ought to vote for on the local, state and federal levels every year. I don't need to vote for the NSA, too.
What the hell is with all these whistle-blowers? Anybody's who's heard of fire and the wheel knows that Uncle Sam & Co. have demoted/fired/blacklisted virtually every idiot who's ever stuck his head up to rat on the system (while the folks being ratted on get far more promotions that prosecutions).
Is there some DNA test that'd prevent hiring from the shallow end of the gene pool?
It's easy to make up & spread cool- and credible-sounding stuff. Finding & checking hard facts is hard work.
Actually, I've heard from people who deal first-hand with the CIA they are simply an information-gathering agency. They don't even have the authority to operate inside the country (though they have been known to impersonate Air Force officials in matters of high importance)!
Where are you getting your information?
--
http://nemilar.net - Not your grandmother's soup kitchen
Good post!
Security problems are like bugs, only harder to find. It's easy to write a bug that will slip through a code inspection. Would you trust an audit to uncover a cleverly crafted malicious security hole? Even if the auditors were as good as the OpenBSD team, which is a tall order?
I'd recommend controlling the environment the software runs in, so as to contain the damage done by a security problem. Then screening vendors for trustworthiness, then auditing their output to give yourself a chance of catching breaches of trust.
don't you think the NSA would prefer that the software they are using is created by people in the US? ooh wait, that's too uneconomical since they can hire people over seas for 10% of the cost.
I know someone that has a small software company that's done contract work for the CIA. He is much, much more careful with his software than that, and would never make a mistake like that because he'd be afraid that he'd lose his security clearance and never be able to get his cushy government contracts.
He also said that he worked for a certain salad dressing company once, and they were much more careful about their trade secrets (recepies) than the CIA was about anything.
There are no trails. There are no trees out here.
There might be problems with letting US companies code things...
John Kerry is a Joke!
There's no other way to see it. It is grossly negligent for any agency involved in national security (NSA, CIA, NRO, FBI, etc.) to outsource software. Any "budget" or "manpower" excuse is unacceptable. Frankly, the US should have a "National Coding Office" to make all government software. Nothing should be purchased from Microsoft, and it sure as hell shouldn't be purchased from the Chinese communists (i.e. the enemy). Would we have outsourced to the Soviets during the Cold War? Apparently so.
Stupid people make stupid things profitable.
In a previous job I dealt with a piece of Platform Software called LSF (Load Sharing Facility). Now I have to say it was a very complicated bit of software which to me seem to be a mixture of shell scripts, binarys and NFS/SMB mounts. After actually doing the training courses my belief didn't change and I regularly found bugs in it.
Now this might of just been the SGI version but overall taking this as a particular example the quality of the code was terrible and 1/2 had undocument features
Just my 2p
Rus
Cheap UK and US VPS
If I wanted to increase my profit margins, what is a better way than to reduce my cost. Remove the high-paying jobs here in the good ol' US of A, and put minimum wage overseas workers in their place. BOOM! More profit!
If you want a simpler answer: Greed.
"Some fight for law. Some fight for justice. What will you fight for? One day, you will see."
Why should the NSA be any better? Why would the best of the best go there when they can make a whole lot of money in the private sector? I'm not just talking about the mathematicians, computer guys and cryptographers either, you need the top notch managers to run those groups and deal with the compartmentization that goes on while still motivating and producing top quality results. I could see the government rounding up geeks and math guys, I couldn't see them cultivating that leadership or hiring much of it.
Honestly, I think their biggest thing is that they never get tired or run out of resources. That's how the FBI caught the unabomber, they just kept looking and looking and looking and then they got him. There are textbook methods and approaches to security. Their ciphers have looked like they simply follow them and are extremely conservative and diligent.
Let no one make the mistake that this story has any connection to "trustworthy computing". The story does not use the word "trustworthy", much less suggest that that the NSA should use trustworthy computing.
Anyone who suggests that trustworthy computing would be good for government security doesn't know what they are talking about. Trustworthy computing would be an absolute disaster for security. Any intelligence agency on earth can dig one of the keys out of trustworthy hardware and beat the system. Hell, college students with access to a well stocked university lab can break the hardware security and beat the system.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
If they used standard project management procedures, use project coding standards, have full source code review; how can there be security concerns? Sounds totally like scare mongering to me!
NSA Echelon system provided information to CIA which leaded to the arrest of two major Al-Qaida figures after one gave and interview (giving a blueprint of his voice), and later placed a cell phone call.
Also note that now I have used important keywords on sensitive subject, prepare your account "Hentai" to be well ranked on the radar of NSA.
It's called congressional oversight. You need to go back to civics class. Please see 50 USC 413
Well, information-gathering except for when they're blowing up people remotely, with their Predator drones armed with Hellfire missiles, that is....
But I think you're right on the "operating inside the country"
http://pythonisito.blogspot.com/
OK, I read this article this morning.
The guy is telling the NSA stuff they already know, and have signed off as acceptable. His company was entirely above board in explaining their operations to the NSA in the first place.
Everyone involved knows what's going on. He is the only person who seems to have a problem with it. It doesn't sound like whistle-blowing to me, as much as whining.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
I apologize if my tone sounded in any way insulting; this was not at all my intent. I merely wanted to understand the situation better.
My issue with the NSA is that precisely because of its secrecy, I cannot be certain that any research I do is factual - just because its publically stated mission and charter prevents it from working domestically is no guarantee that it is, in fact, not working domestically - many of us are already well aware of some of the abuses of power performed domestically and abroad by various government agencies this century. "That couldn't happen here" is not a sentiment some of us will trust, especially not after having heard it echoing throughout history from other nationals just as brave, just as strong, and just as patriotic as ourselves.
Quis custodiet ipsos custodes, indeed?
-Hentai [in vita non pacem est]
That's foreign. They haven't blown anyone up domestically, have they?
--
http://nemilar.net - Not your grandmother's soup kitchen
Even if they hire their own programmers, who's to say the programmers they hire aren't spies?
;)
They could perform background checks of the programmers they hire or of all the programmers that work for an IT outsourcing outfit. But even then, it's possible for spies to slip through. After all, do you think anyone's gonna write "worked for Chinese military intelligence as a spy" on their resume?
This is an inherent problem in running a group like the NSA. You can't trust anyone. The best you can hope for is to bring your programmers (or any employee or contractor) in-house and keep a watchful eye on them. Even then, how do you know for sure they aren't leaking documents when they go home? What are you gonna do? Lock all the programmers in a room with lead walls and no door? How realistic is that?
My journal has hot
I thought you said: "CIA they are simply an information-gathering agency"? Or is blowing people up some new form of gathering information?
The meme police, They live inside of my head
Like all secret service orgs the NSA has many arms dealing with various levels of classification and security. If you want to know more about them just go to http://www.nsa.gov, if you want a collection of names of people who work there go to http://www.nsa.gov/releases/speeches.html, learn who they are and feel free to digest all that they have to say. This is the story of a guy who was fired for missing his performance goals, he should be laughed at not heralded as a hero. I'm not sure anybody really cares about the 30 procurement execs that he found in his companies CRM system. You can bet your bottom dollar that any contractors working on secret systems will have been vetted, depending upon the classification level there is a good chance that the vetting will go down to employee level. I therefore have to assume that the work that Platform are doing is non-essential, I for one am glad to see the Government spending our dollars a little more wisely than they would be if they applied the highest level of security regulations to all of their systems.
Where are YOU getting your information?
Impersonate Air Force officers? Why would they do that when there are so many assigned to them?
Probably just 30 engineers who happen to work at the NSA who lead otherwise boring lives. The only reason they're identity-classified is because you can't threaten/blackmail someone working for the NSA if you don't know who they are. If I worked for them, you can bet I wouldn't be telling anyone about it.
In fact, this whole post might just be an elaborate ruse....
paintball
Without them, how would US corporations know what to steal from European corporations?
paintball
anything that can't be known by the public, even after the fact, probably shouldn't be done.
I'm sure that the Afgahn nationals passing on intelligence to the CIA fully agree with you. The Taliban and AQ wouldn't hold a grudge.
I'm sure the British agent(s) who infiltrated the IRA agree wholeheartedly. Why, after 10 years, they could all get together and share a pint down at the pub.
Likewise, the informant who decides to turn in a mob boss.
I'm just about as libertarian and pro-transparency as the next guy...But We DO live on earth.
"If, therefore, any be unhappy, let him remember that he is unhappy by reason of himself alone."
~Epictetus
Ok, so now out-sourcing is causing all the information leaks, as opposed to the previous administration, who outright sold our secrets to competetor nations.
As for how the money trails tie together, it's amazing what information Google will find for you.
It would be naive to assume either way: The software can't be left unchecked, but it would be unfair to just assume that any software developer in China is working for or collaborating with the Communist government. There is percaution, then there is just baseless suspiction. China was not always hostile in recent times to the US, but hostilities have increased ever since the rise of the Bush administration.
Okay. So they test LSF in China.... big deal. C'mon people! LSF is written by CANADIANS! This is the country with 90% of its population within 200 miles of our northern border- they are poised for invasion! This is the country that is secretly spewing tons of CFCs into the atmosphere to drive up their real estate prices through global warming. While the lower 48 is a desert wasteland, those hockey loving, eh sayin' canucks will be living in a tropical paradise! Do you think it is a coincidence that microsoft is headquartered so close to the Canadian border? And what about all the money they make selling all that maple syrup? Where does that go? That's right... straight to the ACLU! I for one won't stand for it! The evil empire must be stopped! ;-)
I think NSA got suspicious when they discovered the following comment in the software.
"Help! Help! We're being held prisoner in a Chinese system software factory!"
Good old System 6.
No, they leave that to Wilson Goode.
(Let's see how many Philadelphians are old enough to remember that one.)
All's true that is mistrusted
well i have heard from friend who know some people who first hand got information from a very reliable source in the DMV whos cousin used to want to be in the CIA that your information is pure hyperbole!
True. I also can't be certain that you actually are Hentai (165906). I can't be sure NSA isn't growing plants capable of world domination, and I can't be sure that Intel doesn't rutenly replace foreign dictators with animatronic robots.
I also can't tell what the Department of Labor, Nasa, or any other government agency really does. Sure, they've got pretty offices you can go into, but is that all of it? Did they show you the sub-basement?
Having interned at NSA a number of years back, I can tell you I never saw any Ninja's training in the cafeteria.
Mod point free since 2001
I can say that when a company does write software for something that goes into a military project, it has to conform to certain coding standards. IEEE 12207 is the standard most used for the US military.
So the software put into these electronics is well documented with specifications, design documents and quality assurance documents.
The government also gets to review all source code supplied along with running their own tests and so on to ensure that the software is of the proper quality. The master of the source is encrypted and put into a secure location.
The software and hardware is not always bug free, but between the customer and the buyer, the code is open.
Since the NSA is run by the Air Force, I would think that this guy is just moving some hot air around.
As for outsourcing the coding to a non-US company, that happens when the company happens to be a subcontractor for an American company, or if the American companies can't compete. The US isn't in the business of propping up American companies (at least, not in the sense that Europe does with say, Airbus). They will almost always go for the solution presented by the lowest bidder which performs the best in the tasks that are required.
Since I doubt the NSA is run by a bunch of idiots, I would say that they check the software that is supplied to them. Let me put it this way: you can't stay in the business of protecting the US and its interests if you are an idiot.
You did read that article, right? You'll note the distinct lack of NSA even being mentioned. Predator drones are a military project. You can point that one more to DARPA research than NSA.
Mod point free since 2001
"a whistle-blower who helped sell software to the National Security Agency says that much of the development work is subcontracted to China,"
How incredibly STUPID..
And I thought he NSA was smarter than that.
They even have developed a secure version of the kernel and have it for public download http://www.nsa.gov/selinux/
My faith has been shaken...
Next thing you know we'll be trusting our software developement to Finish nationals.
My Blog
" Do you know who/what the NSA are? "
Yes, I do. In a moment, you, and anyone else reading this will too.
"The NSA is charged with breaking other people's coded message."
Well, no, not really. That's just oh so simplistic. You make it sound as though someone slaps a coded message on the NSA's desk and they sit there with a room full of really nerdy guys trying to figure out what it means. That's simply ridiculous.
Now let's talk about what the NSA really does. The NSA operates, with the help of a select few other nations, a worldwide communications survillance and recovery network designed to capture, decode, sort, and record any and all internet, satellite, radio, telephone, cellular, fax, or any other communications which travel from one location to another via technology while prioritising data in need of further review. With installations in the US, Canada, the UK, New Zealand, Australia, and numerous other places, the NSA monitors and oversees this massive woldwide network. All messages are automatically compiled and sorted by the system for analysis, at which point any and all irrelevant data is purged. Coded or encrypted information is recorded and decoded on a priority-based system. Keywords are no longer used, as they were 20 years ago or so. Context-sensitive AI systems work through messages to understand a wide range of contextual and syntatic items, setting aside possible intelligence leads, threat information, uninterpretable data, and other information of interest (information which could be useful for or against certain coporations, for instance) for more detailed analysis; or in the case of items deemed high priority, immediate human analysis.
The NSA's missions also include, as you state, cryptography-breaking, but also cryptography-making. They are responsible for creating and maintaining the encryption systems of intelligence and military institutions at the higher levels. In addition to this, they are also responsible for ensuring that new systems developed by anyone, friend or foe, are quickly cyphered so no information remains hidden from us. Much of the mathematics done at the NSA is for the study of cryptography, both practical and theoretical.
The NSA also designs and manufactures survillence devices for audio, visual, and GPS-based tracking. GPS-based systems are developed at a number of NSA sites, and new technologies are first tested and implemented in NSA-controlled satellites in geo-sync orbit for use in tracking and survillance. Part of the NSA's mission has been expanded to include corporate espionage for large US-based mega-corps. NSA surveillance devices have also been used to gain an edge in diplomatic situations, such as in the UN. While the CIA is mostly human to human interactions and manpower-based intelligence, the NSA is nearly entirely technology-based.
"In other words, it is basically the MOST defensive, MOST safe secret service we have."
The NSA is the most likely candidate for the first agency to be used to try to turn the US into a totalitarian state. Its massive surveillance capabilities make a 1984-style society seem so attainable. In the information age, information is power. In the information age, the NSA is the information source. In a world where everything is electronic, the NSA has eyes and ears everywhere, and has developed the technology (with the help of a massive, secretive budget) to ensure that whoever is in control gets the information they need when they need it.
"The worst it does is invade privacy."
Invasion of privacy is 90% of what makes 1984 possible. If you have privacy, you don't have 1984; a dark corner is all it takes.
"And it is very unlikely to invade YOUR privacy, as most people do not use the kind of High end cryptology that they coutner. "
Completely wrong. The NSA does not only monitor highly-encrypted data; that's absurd. The NSA monitors all telecommunications. If it's on the i
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
Well, think about all the communications that go on in the world today. They're job is to monitor all of that, translate it, analyze it, and determine it's meaning and potential threat to the US. Oh yeah, and it has to happen at near-realtime, because you want to figure out that the bad guys are going to do something before they do it.
As for knowing if the NSA is doing what they are supposed to, that's the job of our elected representatives on the Intelligence committees in congress. It's not much, but hopefully it's better than nothing.
Here in Europe, we have an uneasy feeling that any software made in USA may have some US government back doors in it, and as such not be suitable for any information we consider confidential. Even if we are on friendly terms with USA just now, we know that US policies have changed rather quickly (think Afghanistan), so we have a reason to guard our own data, even (especially?) from the Americans...
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
It's just the Air Force's puckish sense of humor.
I mean, after the French forced the F-111's to go the long way to Libya, BOOM!, there goes the French Embassy in Tripoli.
The Chinese bought the Clinton administration. made off with designs for nuclear weapons, and stole guidance systems from Loral. Then, BOOM!, there goes teh Chinese Embassy.
God bless 'em!
668: Neighbour of the Beast
Yep, no matter how impressive it looks, there's only so much you can do with Powerpoint.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Yep, no matter how impressive it looks, there's only so much you can do with Powerpoint.
All kidding aside, there are only so many good programmers and associated professionals. If a government agency wants the good ones, chances are they're going to have to either lure them in, train them from the inside, or buy off the rack; contractors.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Folks,
.... We will contract out most of the worker-bee and pack-mule government jobs, because it is easier for (SUFU) idiots in management to manage a contract point fingers and have friends and family share awards and recognition for doing the wrong thing (... recent NASA, FBI, and CIA, failings)
... if they ain't solving and preventing problems. This is why we have the money and intelligence to buy software with China as the OSD and receive "Trojan Horse" applications from OSD even here in the USA for US Government and Military mission critical systems.
Not the first time not the last time for Clueless Management in politics as usual DC and Government. Our potential destruction due the stupid, pompus, and greedy.
In our Capitalist Democracy our leaders political and religious place more priority on enforcement of the Digital Millennium Copyright Act (DMCA) and Library internet filters, than homeland defense. It looks better to the illiterate moral majority bigots that vote and supports the economy (the real priority) with questionable profit penalties and no cost issue camouflage. Our true foreign policy at times to be develop a good customer or at least a foreign government that supports a capitalist economy
I strongly support our Marines, Soldiers, Sailors, and AirPersons, but the politicians and management need to get their priorities straight. FAILURE is never and option. It is time CEO, politicians, management and some other recognize that they are the problem
OldHawk777
Reality is a self-induced hallucination.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
I agree with another poster that mentioned selinux. The NSA know how to write secure software and how to audit software and source code. Assuming they build their own binaries from the source it should be a relatively safe system. The only potential security problem I can see is that outsiders may know exactly what they are running. But assuming it's properly designed and implemented that shouldn't be a problem either. That's the why everyone like Linux/BSD so much.
Los Almos has a history of Physical Security problems that should cause more worries then this. Hard Drives disappearing and reporters sneaking in at night, getting locked in and then the guards let them out when they found them.
So why does the NSA emplyee the most people of any goverment TLA? FBI,CIA
Because the CIA's dirty work is mostly done by private corporate contractors (Wackenhut, Carlyle, and The Curry Company are the big ones), some entertainment companies (remember MCA, now part ofUniversal Studios but I'm sure they're still active in the comunity) and an assortment of airlines (Pan Am got screwed for helping out), shipping companies (still working on tracking these), and import/export businesses (mostly furniture and lighting, some appliance). There are also some strange connections to Scientology, The Landmark Education Corporation, and The Moonies.
The CIA has been known to work with terrorist organisations to achieve thier desired objectives.
The FBI, CIA, and the DEA, also contract various crime organisations, individual criminals, and run of the mill citizens to do work for them. Often these folk have no idea who it is they are working for.
The NSA, for the most part, uses in house employees to analyze intelligence data, monitor foriegn communications, and ensure the security of comunications for the other departments and the military. In other words, they hire a lot of geeks, have some clue about the internet (they like it), and don't really mind if you encrypt your own data (security for all is more secure than security for some, plus breaking it will be a nice challenge.)
--qtp
Read, L
Or is blowing people up some new form of gathering information?
Only if you read the entrails.
I hereby place the above post in the public domain.
The Ninjas work out of the trailers in the parking lot. Did you even look?
So what kind of people work in the NSA? People like you and me. Geeks and nerds. Lots of them. Some contractors too, sure. And bunches of non-geeks in the mix (they have janitors, right? Or are those guys uber-special too?). It's like any tech-oriented business if you look at what we can see (looking at Ft. Meade and watching people go to work and everything). Forget the "mystery" and "godlike" status that everyone perceives for a second. It's an organization like any other business, and an effective organization is only possible if all people work together. But remember, these people have morals, they have laws protecting them from harm, and they have concerns about what their employer does as well. Back on topic, if you were paranoid about threats from abroad constantly (I imagine if you knew all sorts of neato stuff you'd be pretty paranoid), then you would most likely distrust anything from overseas and maybe even within the US (one poster already mentioned this as commonplace). So they'd probably audit software, heck yeah... even rip apart distributed binaries and analyze them to confirm that there's no "weird-looking piece of assembly" that doesn't seem to execute no matter what you try. And remember how slow everybody in the government works? Look at the postal service! That's a government agency too! Nothing much of a surprise to me, but maybe it comes as a mild shock to most people in general.
They surely have a little more capacity than, say Google with "73.5 million unique users per month".
Whatever they do with so much electricity.
And they have their own HQs in all those countries in which they observe. In Frankfurt, Germany, it's one whole street, straight under the telecommunications tower.
I just love the word "oversight" - it means both surveillance and vigilance, and failing to see things and looking the other way all at the same time!
You expect someone to see Ninjas?
(Pan Am got screwed for helping out)
This is a link to David Ickes site. Im not sure I place too much faith in the opinions of a bloke who reckons we are being invaded by reptilian space aliens. YMMV.
Yes, I can't help but agree with you on that. The link, however is to the text of a London Times article that is only available through a paid subscription. I have found the same article printed in several other newspapers, but have not yet found an subscription-free archive that dates this far back.
Although I have found some usefull information through resources like David Ickes and Art Bell, my opinion is that they do damage to serious inquiry into government and intelligence agency corruption with thier lack of fact checking and self serving sensationalism. They make it difficult for those who have a legitimate grievance by mixing legitimate evidence with outlandish stories of aliens and time travel. It's possible that this is done intentionally.
Read, L
They can have my tinfoil hat when they pry it from my cold, dead... uh... head.
You forgot INGSOC ;)
I have to say that even though this is exaggerated and looks like a flaimbait, infact there is some level of truth in this. Instead of saying that all STATES are rackets to suck resources from people, it makes sense to say, any state where the people are not vigilant enough, or people are not reasonably powerful enough to stop miscreants in the government, will become suckers for a state which gains off of them.
DO NOT PANIC