Ask Slashdot: Preventing Snowden-Style Security Breaches?

Nerval's Lobster writes "The topic of dealing with insider threats has entered the spotlight in a big way recently thanks to Edward Snowden. A former contractor who worked as an IT administrator for the National Security Agency via Booz Allen Hamilton, Snowden rocked the public with his controversial (and unauthorized) disclosure of top secret documents describing the NSA's telecommunications and Internet surveillance programs to The Guardian. Achieving a layer of solid protection from insiders is a complex issue; when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack. An administrator can block removal of sensitive data via removable media (Snowden apparently lifted sensitive NSA data using a USB device) by disabling USB slots or controlling them via access or profile, or relying on DLP (which has its own issues). They can install software that monitors systems and does its best to detect unusual employee behavior, but many offerings in this category don't go quite far enough. They can track data as it moves through the network. But all of these security practices come with vulnerabilities. What do you think the best way is to lock down a system against malicious insiders?"

simple

[greenfruitsalad]

Simple. Do good, make people working for you feel they're doing something good for the world.

Re:simple

[MightyMartian]

Yes, well, perhaps in La-la Land. Here, in reality, no matter how good your organization may be (for whatever definition of "good" you choose to use), you may still end up with bad employees. The question of securing your data shouldn't be about good or evil, or any particular moral judgment, but simply about how to make sure you're critical and confidential data doesn't end up being ripped off.

Re:simple

[Jeremiah+Cornelius]

Hark! Do I hear the approach of the Freedom Drone?

Stop launching Hellfires on babies, and stop treating the Citizens of your Republic like suspects in your dragnet.

Re:simple

[fuzzyfuzzyfungus]

Exactly. If an employer is doing nothing wrong, then at least long-term, it has nothing to hide. :-D

There are still merely-self-interested insiders: It's practically a tradition for Mr. Sleazy McSales to abscond with all the customer data when he accepts a position with the competition, and his engineering counterparts to lift design docs and the like for the same purpose.

Doing good does have the advantage of reducing disillusionment among your otherwise-least-corruptable people, and helps prevent economically-irrational leaking; but you still have to worry about the merely mercenary.

Re:simple

[kthreadd]

Let's say that the PRISM program managed to stop X number of terrorist attacks. As an NSA employee you might very well consider your work to be of good. Otherwise you would probably not work there. And this is probably true for many types of jobs. Good is a relative term, it depends on the viewer.

Re:simple

[rtfa-troll]

The question of securing your data shouldn't be about good or evil, or any particular moral judgment, but simply about how to make sure you're critical and confidential data doesn't end up being ripped off.

There's a certain level that you can go that way. However, in the end, to be useful data has to be loaded into people's heads. People can then unload part of it elsewhere. A very important part of securing the data is making sure that those people who could do that choose not to because they see the value of your mission. Those people who surround them also see the value and put social pressure not to reveal secrets. When the US loses it's moral authority by doing things identical to acts it has previously criticised this is obviously going to increase the risk of a leak.

Re:simple

[gweihir]

Indeed. Loyalty is the only thing that works. DLP is basically a scam to make tons of money, but cannot prevent leakage. As long as people work with data, they can steal that data. Get used to it.

You can to a bit of personality screening. For example if you are the NSA, you want to screen out anybody with a shred of personal ethics or honor. Then make sure you bribe these people in staying loyal too you and keep the bribes up. Sure, you only get psychos that way, but nothing else is going to work.

If, on the other hand, your organization is actually contributing something positive, then make sure your employees have ethics and honor, believe in the cause and address grievances before they become a problem.

Loyalty is the key, and how to get it depends on what your organization does. Nothing besides loyalty will help against anybody determined.

Re:simple

[Dahamma]

No, the general question TFA asks about security breaches really has nothing to do with right and wrong or morality, it was simply about protection of data from insiders in any organization. What if Snowden's motivation had instead been monetary (which is much more common in security breaches than whistleblowing)? Or industrial espionage instead of government?

Protecting data from internal leaks is a complex issue, and pretending "if you are good it won't happen" is idiotic.

Re:simple

[CanHasDIY]

Let's say that the PRISM program managed to stop X number of terrorist attacks. As an NSA employee you might very well consider your work to be of good. Otherwise you would probably not work there. And this is probably true for many types of jobs. Good is a relative term, it depends on the viewer.

You seem to be under the impression that most people have the job they have because they want to "do good."

That is incorrect; the actual reason most people have a job at all is because it's damn-near-if-not impossible to survive today without some form of monetary income.

I'm guessing the dicks at the NSA (yea, that's right, I called you all dicks. Prove me wrong.) do what they do because the paycheck is quite fat; on the other hand, I guess some people would sell their own mother to the slavers for a pack of smokes and a lighter...

Re:simple

[peragrin]

The trick with that is what was the ratio of attacks stopped versus the number of people "looked" at?

In the UK their is a current debate on random stop and search used by police. The noticeable point is that it is 9% effective in finding someone doing something wrong.

So if the police stop and search 100 cars they find 9 people who are breaking the law.

Prism is spying on tens of millions, to find a couple dozen.

that is why it should be stopped. They should turn that kind of data mining loose not on the outside world but their own internal agencies. If the NSA data mines, searches emails, databases, etc they could get far better results.

It would single handily merge the agencies that don't want to cooperate and produce far better results.

Re:simple

[MightyMartian]

Can you tell me how reduced? What percentage of data theft by insiders is by whistle blowers, and what percentage is by employees out to screw employers or profit by selling sensitive information?

My gut tells me the latter far outweighs the former, but clearly you must have some notion as you say that being a good organization will seriously reduce your risk.

Re:simple

[Beardo+the+Bearded]

I'm guessing the dicks at the NSA (yea, that's right, I called you all dicks. Prove me wrong.)

Come on man, I've gone through your email, we have a lot of the same hobbies, we could be friends.

You could invite me, or I can just show up and we can go shooting. I already know the time and place. I'll pick up some subs at Blimpie's on the way over, that cool?

Re:simple

[Grishnakh]

The people working for the Stasi thought they were doing the "right thing" too.

Re:simple

[davydagger]

and heaven knows what else they are looking for besides terrorists.

https://en.wikipedia.org/wiki/FBI_Index

Read this, Subversives: the FBI's war on student radicals
http://www.amazon.com/Subversives-Student-Radicals-Reagans-Power/dp/0374257000

Based on de-classified FBI memos, it describes how th FBI kept security and reserve lists of political enemies, that could be detained at a moments notice.

Its a clear example on how we got damn close to having our own "night of long knives".

https://en.wikipedia.org/wiki/Night_of_long_knives

Re:simple

[TheCarp]

Sure my gut tells me the same; but that doesn't mean I think much can be done about it in most situations. The simple fact is you need your employees to do their job, if your information is so valuable to your business, then its even more likely that impeding them getting it is impeding your business.

Security measures are best seen as insurance since they can never pay off in the positive, they can only cost, and hopefully, less than the alternative....and that cost isn't just the cost of doing them once, but the cost of keeping them up every single day and the entire effect of that.

I seriously think a person trying to solve this problem is, most likely, trying to solve the wrong problem, unless perhaps, he is a criminal, or actually has data that is worth more to a criminal than the HR database of names, SSN, addresses, salaries etc.... which is unlikely for anyone asking slashdot.

Re:simple

[sg_oneill]

The magna carta is a wonderful document. More important perhaps in the history of laws than even the US constitution as a statement of rights, simply because the magna carta was the *first*.

But the rights it outlays are fairly simple, and rather indicitive of its times.

[quote]

                1. FIRST, We have granted to God, and by this our present Charter have confirmed, for Us and our Heirs for ever, that the Church of England shall be free, and shall have all her whole Rights and Liberties inviolable. We have granted also, and given to all the Freemen of our Realm, for Us and our Heirs for ever, these Liberties under-written, to have and to hold to them and their Heirs, of Us and our Heirs for ever.
                9. THE City of London shall have all the old Liberties and Customs which it hath been used to have. Moreover We will and grant, that all other Cities, Boroughs, Towns, and the Barons of the Five Ports, as with all other Ports, shall have all their Liberties and free Customs.
                29. NO Freeman shall be taken or imprisoned, or be disseised of his Freehold, or Liberties, or free Customs, or be outlawed, or exiled, or any other wise destroyed; nor will We not pass upon him, nor condemn him, but by lawful judgment of his Peers, or by the Law of the land. We will sell to no man, we will not deny or defer to any man either Justice or Right.[45]
[/quote]

Then theres a bunch of other ones like the king has to stop taking hostages ( a surprisingly common event in medieval europe ) , mercenaries have to gtfo of england, "all evil customs connected with forests were to be abolished" and other assorted medieval jurist things.

But in terms of stop and search, AFAIK your rights are preserved only as far as a right to a fair trial, I'm afraid.

Its an old document, more or less a first attempt at codifying limits on executive power.

Re:simple

[Grishnakh]

The intent of the Stasi was to look for any kind of "traitors" or subversives, not just people trying to escape; the NSA's mission was the same: spy on the populace.

If the USA was right next door to a country that was a much better place to live, and accepted any escapees with open arms, and enough people started emigrating there that it seriously affected the economy, then the US would certainly ban emigration. It doesn't have to because it has no reason to at this point; there aren't a lot of places that are significantly better, none of them are nearby, and those that are aren't highly friendly to immigrants unless they have valuable skills or a lot of money in the bank, plus for the moment the employment situation for those people with valuable skills is still pretty decent here. When the economy crashes even harder in the next few years, and if any countries start courting our tech workers (causing a "brain drain"), you can bet your ass that emigration out of the US will be forbidden.

Nice try NSA

We won't help you cover your asses for the future. It's time to clean house.

Re:Nice try NSA

[intermodal]

That was certainly an issue. If we're talking Snowden-style, the best deterrent is to actually conduct your operations within the law and within the boundaries of ethical behaviour. Snowden wouldn't have had anything to leak if the government were operating within the legitimate bounds of the constitution.

Re:Nice try NSA

[MozeeToby]

The NSA doesn't need help, all they would have had to do is follow their own procedures and the leak would have been greatly reduced. There's no excuse for having active USB ports on a machine that is handling top secret documents. Nor is there any excuse for giving someone access to more classified documents than they need to do their jobs, a system admin needs approximately zero access to the actual contents of the actual documents.

Re:Nice try NSA

[Gr8Apes]

Congress can make laws that are illegal - that's why we have the Supreme Court. If Congress creates laws, but they're 'secret" and no one gets to see them, and they're acted upon by other "secret" people, who supposedly report back to a congressional oversight group - but they lie.... and the courts never see any of this... I think we have what's called a dictatorship in the making.

Re:Nice try NSA

[Moof123]

I'm going to fail Godwin's law off the bat here, but remember that Hitler was lawfully elected and his SS all worked within the law. The letter of the law can twisted and re-written to make torture "legal", but that does not mean that it is OK since it is legal. The fact that "enhanced interrogation", and now "enhanced observation" is legal and was known to congress should be MUCH scarier than if it came out that the NSA was breaking the law without congressional oversight.

Re:Nice try NSA

[Grog6]

I lost mod points to post this, but this is the only use I've ever seen in 20+ years of internet, where Godwin did not apply.

We are ruled by an organization akin to the Gestapo.

There are Secret rules, secret Courts, and the Judges aren't allowed to comment, and have never ruled against the State.

I still remember when America Didn't Torture People; everyone responsible should be hanged.

Nice try NSA

[stewsters]

How about try not to do anything you would be embarrassed by if it leaked? Not ignoring the 4th Amendment is a good start.

Be sure to choose the lowest bidder

[attemptedgoalie]

That always ensures quality.

Lesson Number One.....

[segedunum]

Don't piss off the sys admin.

Don't be dicks, you'll get less whistleblowers

Obeying your country's constitution and not operating for the sole benefit of oligarchs and barons of commerce would go a long way towards limiting whistleblowing activity.

If you want to go the opposite direction, I guess you could lock up your employees in a bunker and hold their families hostage.

Nice Try

Nice try, NSA.

Limit access

[Xargle]

Have separation between levels of security and have fewer & fewer admins working on them as you go up the chain. Use the old established and trusted guys at the top. Don't have thousands of people (particularly contractors) crawling all over the most sensitive data. Seems obvious really. Look at the amount of data *Private* Bradley Manning got his hands on. It's like NSA & Govt just leave the barn doors open and hope the fear of prosecution will prevent the bad thing from happening.

Stay legal?

[mike449]

How about not doing illegal things in the first place?
A lot of motivation for insiders to disclose the "sensitive" information would go away.

Does it matter if there's only one bid

[rsborg]

That always ensures quality.

With our recent innovation of no-bid contracts (well, there's one bid - from the crony that's been hand-selected by the corrupt government department), you get all the benefits of outsourced work along with the quality of a supplier with a monopoly for your project(s).

No one solution to this...

[mlts]

This is an age old problem. It partially requires people skills, and it requires technology. A couple ideas:

1: First thing is compartmentalize. One person shouldn't have access to all the goodies.

2: USB devices are easy to control. I can push a GPO on Windows that blocks writing to any USB flash drive, or just locks out access completely so someone can't hook up their iPod Touch, run iTunes and copy files that way. Third party programs can offer this functionality as well. Of course, there are always BIOS locks. If one doesn't care about reselling machines, snipping wires and epoxy blobs in the USB ports will finish the job.

There are other devices and ports too. Firewire, Thunderbolt, and even PCIe cards can be hazardous. Don't forget the humble old CD-ROM burner in most machines.

3: Watch data and its access. If a Windows admin suddenly is slurping down everything in the accounting directory, and it isn't a backup utility doing this, then someone should be notified.

4: I normally dislike DRM, but I have used an IRM/RMS server in house for protecting files. That way, if someone slurps off a Word document, it works fine if running on my machine, but unless they saved it to another format, it will be encrypted on their end. I've used Microsoft's RMS for about ten years now for personal items, and it does a decent job as a secondary layer, especially when coupled with some other encryption.

5: Get a solution that can make heads/tails over audit logs. Splunk is nice (though expensive.)

6: Add documents that are normally not accessed, but if they are, they immediately trigger an alert from the solution mentioned in #5. That way, if someone is doing a mass copy of files, someone knows. Most likely it is part of the job, but it is wise to have a couple tripwires.

7: Spend your time and do background checks that work. Checking for felonies, yes. Demanding usernames/passwords to Facebook for ongoing monitoring 24/7, no.

8: Finally, morale. A company that always threatens its developers with offshoring, and has low morale will have far more security issues than one that at least knows how to treat people with some modicum of respect.

From the technical standpoint

[Natales]

I'm with most of the posts so far regarding the despicable acts of the NSA, but taking the question more down to the technical realm, it seems obvious to me that security breaches coming from the inside of any organization can be mitigated by a more robust defense in depth methodology like this:

1. Access to information in a need-to-know basis only using strong enforcement via MAC. Nobody has ALL the information on a specific subject.

2. All applications are used via virtual desktops accessed from secured, fully managed devices. No access is allowed from unmanaged endpoints of any kind.

3. If some information is as sensitive as described, then physical security enforcement need to be in place (isolated terminal room for example).

4. No printing, no emailing, no networking outside the proper security perimeter.

5. Regular audits and interviews to personnel with access to specific pieces of data.

You'll have to sacrifice convenience for security in environments that require that.

Same Problem as DRM

[Jah-Wren+Ryel]

While all the "don't be evil" responses are cathartic and fun, the real issue here is that you can't simultaneously give someone access to data and prevent them from having access to the data. You can make it more difficult to access the data but the price is that it is more difficult to access the data. You can't read minds so intent is not something you can reliably build into the system.

Its simple really.

[Nadaka]

Don't have morally repugnant and illegal secrets.

Focus on insiders first

[swillden]

Not really an answer to the question, but good security design should focus on identifying all of the relevant threats (aka a "threat model") and mitigating all of them to the degree that makes sense -- and any good threat model will inevitably identify insider threats as the highest risks most at need of mitigation, because, by definition, insiders have greater opportunities to conduct attacks, and they have roughly the same motives as external attackers.

If you find that your organization doesn't spend 95+% of its security time, money and effort on foiling insider attacks, it's almost certainly not doing a good job. If it is adequately hardened against insiders it'll be darned near impossible for outsiders.

My impression of the NSA has always been one of an extremely high degree of competence, so the Snowden leaks surprised me. You can't stop insiders from gaining access to the data they need to do their jobs, of course (though you can often segment job responsibilities to minimize it), but you can and should make it a lot harder for them to get access to other sensitive data, and Snowden was apparently able to get a lot of stuff that wasn't relevant to his responsibilities.

Simple:

[gerardrj]

Stop doing things that seem illegal or immoral to your employees. Stop lying. Stop cheating. Stop cowering behind secret courts.

As people say about the data collected by the NSA: if you haven't done anything wrong then you have nothing to hide. The NSA was hiding this program because they knew it was wrong.

Nothing can be done... Nothing

[mendax]

No matter how deep a background check goes, no matter how thorough the inquiry is into a person's character, no matter how many interviews are made of friends and family, and no matter how many polygraph tests are performed, if a person is given a position that requires some trust there is always going to be a chance that this person is going to abuse the trust. Psychopaths and sociopaths the the scariest of these people because they have no problem with lying, are good at it because they are usually good at being manipulative, are often very well liked by family and friends, and can lie without end like a baby-kissing politician running for re-election and still pass a polygraph test.

Perhaps the problem is in the kind of people being sought for these jobs that require great trust. While a person needs to be squeaky clean to get security clearance, perhaps the squeaky clean requirement is causing the government to choose some from the wrong pool of candidates. My experience has been that you will have a better chance of finding an honest man (or woman) by looking at those who have messed up in his or her life, is genuinely repentent, and has demonstrated through years of clean and honest living that he or she is worthy of such great trust. The gratitude that comes from being given this second chance is an incredible motivator in steering a straight and narrow course through life.

Re:Its a Sysphian Task

[techsoldaten]

I agree with this point. It's not impossible to stop leaks, but organizations can change to mitigate the impact one individual can have.

The thing that is most interesting to me about the Snowden case, as well as the Manning case, is the level of access intelligence communities give to these people. I mean, Manning was able to dump years of diplomatic cables, and Snowden has been able to detail a worldwide architecture of network ops.

Did they really need to have this much access to information? If their roles were more compartmentalized, these situations would be different.

I feel the problem with these leaks is a management issue moreso than the acts of individuals. Taking young, principled, intelligent guys and giving them the keys to a trove of information about questionable activities is just not the way to run an organization. The people he reported to should be the ones being indicted over this.

A solution (without knowing the particulars) would be to spread out access across a range of individuals with specific skill sets in their area and that's it. If you want to train people to be hackers, focus their development on one level of infrastructure and make it impossible for one guy to do this all on his own.

Re:We don't want to prevent them, duh.

[techsoldaten]

The question is what you can do to prevent it, not whether or not Snowden is a hero.

It's an interesting problem on it's own. Imagine the situation in reverse - someone working in IT for an aid organization, beset by government hackers looking for information about political opponents who would kill them. How do you prevent someone from leaking information of a completely non-criminal nature to forces who mean to do them harm?

One of the problems with disclosures, and why they are so divisive, is that they expose people's relative values. For everyone who thinks Snowden is a hero, there is someone who things he broke an oath and the government is being completely reasonable.

It's not worthwhile to judge situations the same way you judge individuals. I work with a lot of NGO where people would get killed if information about their operations is exposed, and one of the big threats is someone handing over documents under duress.

Do it like the GDR?

[ImdatS]

Basically, the GDR (former Eastern Germany) had similar problems with their border guards: guards would usually patrol the border in pairs (two guards at any given time). And this is obviously a necessary thing in border patrol.

But since the government couldn't trust their guards and since there indeed was a possibility that the guards would just jump across the border to Western Germany, they had a brilliant plan: (1) they made sure that each of the guards came from a completely different area of the country, and (2) that they didn't spend too much time with together in order to build trust between them. So, for the case (2), the government decided to create new pairs every week or so... it worked quite successfully.

Now, the question, obviously, is whether you *want* to be something like the former Eastern German Government.

I believe there are a lot of ways of protecting data against malicious employees - one being the way the Eastern German Government did (this might be a good solution actually for the NSA). Other ways are making sure that the employees in question can never copy any data by any means, whether it is by blocking USB-ports, not having any drives, not allowing *any* personal devices at all, including no cameras, smartphones, etc. You might even force the people to use a company-provided mobile phone even for their private calls (without snooping into their calls) without cameras, data connection, etc (just calls+sms).

Lastly, you could consider using a TrustedOS with levels such as B1-B3 or even A1 or Beyond-A1. http://en.wikipedia.org/wiki/TCSEC

I knew TISX http://en.wikipedia.org/wiki/Trusted_Information_Systems, which had (afaik) the only B2-TOS at that time. It was quite ingenious how it worked...

Re:Do it like the GDR?

[Fuzzums]

In addition to what you wrote: http://en.wikipedia.org/wiki/Border_guards_of_the_inner_German_border

As a further measure to prevent escapes, the patrol patterns of the Grenztruppen were carefully arranged to reduce any chance of a border guard defecting. Patrols, watchtowers and observation posts were always manned by two or three soldiers at a time. They were not allowed to go out of each other's sight in any circumstances. When changing the guard in watchtowers, they were under orders to enter and exit the buildings in such a way that there were never fewer than two people on the ground. Duty rosters were organised to prevent friends and roommates being assigned to the same patrols. The pairings were switched (though not randomly) to ensure that the same people did not repeatedly carry out duty together. Individual border guards did not know until the start of their shift with whom they would be working that day. If a guard attempted to escape, his colleagues were under instructions to shoot him without hesitation or prior warning.

What bugs me the most...

[RoknrolZombie]

I think what bugs me the most about these most recent leaks is that the ONLY people surprised by it are the members of the public. The various governments know that they're being watched...mainly because they're doing watching on their own (that they're not supposed to do), that they talk about (which is monitored by other nations), rinse, repeat. Of course, it behooves all of the various countries involved to deny it...they don't want to look like douchbags, after all. But then again, how many of them look "squeaky clean" after the last round of releases that established that they were spying too. Everyone knows they do it, everyone has known that they've been doing it...so why in the fuck is anyone pretending to be surprised?

On topic, I have two answers for you depending on how your question was intended.

A1: You don't. You will never stop "leaks" of any sort, because you will inevitably be fooled into trusting the wrong person at some point. Leaks will always happen, even if there's been no wrongdoing (leaks can take the form of corporate secrets, for example).

A2: If you mean how do we stop leaks like this, as in, leaks about Governments infringing on public rights and acting like utter jagoffs the solution is far far simpler: Stop being jagoffs, stop breaking the law. Hell, that's the answer that WE get, isn't it? "You don't have anything to worry about if you're not breaking the law"...well, if they don't want people to blab about the Gubmint breaking the law, the Gubmint should stop breaking the law and they won't have anything to worry about. Right?

Re:Doesn't address the problem.

[amRadioHed]

Two months ago Snowden was living in Hawai'i with an attractive girlfriend and a decent salary. How is that more dysfunctional than living in a Russian airport on the run from the US government?

I support the NSA's collection and leaking!

[xQx]

I've given this a lot of thought, and compiled a solid rant on the subject.

My thesis about privacy in 2013 - 2020:

Lets start with some facts:
1. The Spy agencies in NZ, UK, USA, Australia and Canada spy on everyone, even their own citizens. 2. The UK copies literally everything that traverses the Internet and keeps it for 3 days for analysis (EVERYTHING!) 3. The USA shares this information (including commercial secrets) with its private enterprises to help them win international business. 4. So many people work for these agencies that from time to time this information is made public. 5. Nobody really cares. 6. The chances of any of these organisations giving up such a valuable source of power are about the same as global nuclear disarmament 7. It’s only a matter of time until the local police have access to all this information. 8 . In 2001, as sysadmin of BSSC I could read the email of every teacher and every student at that school, without leaving a trace of evidence, nor with any fear of punishment for wrongdoing.

So, I assert: You have no privacy online. You never really did. It was only by unspoken rule of sysadmins that we let you have the illusion of privacy. Ed Snowden betrayed sysadmins.

Strangely, Google poise to release the most important advancement toward our goal of total access to information - a video camera strapped to every second person’s head (Google Glass), and people are up in arms (9) and so are the governments best poised to take advantage! (10).
I think we’ve got it all wrong. Let’s stop bitching about this rampant surveillance and embrace it.

Let’s get our spy agencies to make everything they’ve got available to everyone! Let’s mandate that every Google glass camera must be on all the time, every phone must have its microphone on all the time, every GPS recording its location and all this content uploading to the cloud!

Information WANTS to be free! EVERYONE should have access to EVERYTHING!

Then it will hardly be accessed, because if Facebook status updates have proven anything it’s that it’s no fun spying on all your friends if all they do all day is play Farmville.

Finally, these civil libertarians realise that nobody really cares about them, or their “right to privacy”, and we will be able to make the most out of google glass (11).

Sources:
1. http://www.spiegel.de/international/world/interview-with-whistleblower-edward-snowden-on-global-spying-a-910006.html
2. http://mashable.com/2013/06/21/gchq-spy-agency-taps-global-internet/
3. http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html
4. Bradley Manning, Edward Snowden
5. http://www.news.com.au/
6. http://io9.com/5969204/could-nuclear-disarmament-actually-increase-our-chance-of-an-apocalypse
7. “if the information is there, it’s already collected, why not use it to prosecute the crime? Why are you protecting the guilty? If you’re innocent you will want us to use this information to exonerate you.”
8. I read your email. Get over it.
9. http://www.policymic.com/articles/29585/3-new-ways-google-glass-invades-your-privacy
10. http://news.cnet.com/8301-1023_3-57591975-93/google-glass-privacy-concerns-persist-in-congress/
11.