Slashdot Mirror
The NSA and Snowden: Securing the All-Seeing Eye
First time accepted submitter ChelleChelle2 (2908449) writes "Edward Snowden's release of classified material exposing the existence of numerous global surveillance programs (obtained while working as an NSA contractor at Booz Allen Hamilton) has been referred to as 'the most damaging breach of secrets in U.S. history.' Regardless of whether one choses to champion or condemn Snowden's actions, it is apparent that the NSA needs to dramatically rework its security measures. In this article Bob Toxen, renown author of several books and articles on Linux Security, discusses the security practices that could have stopped Snowden. Equally interesting, he weighs in on the constitutionality and morality of the NSA's spying on all Americans."
With all the leaks, corruption scandals (quite a show here in Montreal), and all the law-breaking from those agencies and governments, I wish there were more like Snowden. That's only the tip of the iceberg boys & girls,
I've got better things to do tonight than die.
No, their lax security measures are achieving exactly the right results for our democracy at the moment. I am completely against them reworking them, unless you mean subjecting them all to potential veto by a select group of thoughtful small-government patriots.
CIA Head: We Will Spy On Americans Through Electrical Appliances
Global information surveillance grid being constructed; willing Americans embrace gadgets used to spy on them
Steve Watson | Prisonplanet.com | March 16, 2012
http://www.prisonplanet.com/ci...
"CIA director David Petraeus has said that the rise of new "smart" gadgets means that Americans are effectively bugging their own homes, saving US spy agencies a job when it identifies any "persons of interest".
Speaking at a summit for In-Q-Tel, the CIA's technology investment operation, Petraeus made the comments when discussing new technologies which aim to add processors and web connections to previously 'dumb' home appliances such as fridges, ovens and lighting systems.
Wired reports the details via its Danger Room Blog[1]:
"'Transformational' is an overused word, but I do believe it properly applies to these technologies," Petraeus enthused, "particularly to their effect on clandestine tradecraft."
"Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters - all connected to the next-generation internet using abundant, low-cost, and high-power computing," Petraeus said.
Looker (1981)
http://www.imdb.com/title/tt00...
"John Reston: Television can control public opinion more effectively than armies of secret police, because television is entirely voluntary. The American government forces our children to attend school, but nobody forces them to watch T.V. Americans of all ages *submit* to television. Television is the American ideal. Persuasion without coercion. Nobody makes us watch. Who could have predicted that a *free* people would voluntarily spend one fifth of their lives sitting in front of a *box* with pictures? Fifteen years sitting in prison is punishment. But 15 years sitting in front of a television set is entertainment. And the average American now spends more than one and a half years of his life just watching television commercials. Fifty minutes, every day of his life, watching commercials. Now, that's power."
##
"The United States has it's own propaganda, but it's very effective because people don't realize that it's propaganda. And it's subtle, but it's actually a much stronger propaganda machine than the Nazis had but it's funded in a different way. With the Nazis it was funded by the government, but in the United States, it's funded by corporations and corporations they only want things to happen that will make people want to buy stuff. So whatever that is, then that is considered okay and good, but that doesn't necessarily mean it really serves people's thinking - it can stupify and make not very good things happen."
- Crispin Glover: http://www.imdb.com/name/nm000...
##
"It's only logical to assume that conspiracies are everywhere, because that's what people do. They conspire. If you can't get the message, get the man." - Mel Gibson (from an interview)
##
"We'll know our disinformation program is complete when everything the American public believes is false." - William Casey, CIA Director
##
"The real reason for the official secrecy, in most instances, is not to keep the opposition (the CIA's euphemistic term for the enemy) from knowing what is going on; the enemy usually does know. The basic reason for governmental secrecy is to keep you, the American public, from knowing - for you, too, are considered the opposition, or enemy - so that you cannot interfere. When the public does not know what the government or the CIA is doing, it cannot voice its approval or disapproval of their actions. In fact, they can even lie to your about what they are doing or have done, and you will not know it. As for the second advantage, despite frequent suggestion that the CIA is a rogue elephant, the truth is that the agency functions at the direction of and in response to the office of the president. All of its major clandestine operations are carried out with the direct approval of or on direct orders from the White House. The CIA is a secret tool of the president - every president. And every president since Truman has lied to the American people in order to protect the agency. When lies have failed, it has been the duty of the CIA to take the blame for the president, thus protecting him. This is known in the business as "plausible denial." The CIA, functioning as a secret instrument of the U.S. government and the presidency, has long misused and abused history and continues to do so."
- Victor Marchetti, Propaganda and Disinformation: How the CIA Manufactures History
##
George Carlin:
"The real owners are the big wealthy business interests that control things and make all the important decisions. Forget the politicians, they're an irrelevancy. The politicians are put there to give you the idea that you have freedom of choice. You don't. You have no choice. You have owners. They own you. They own everything. They own all the important land. They own and control the corporations. They've long since bought and paid for the Senate, the Congress, the statehouses, the city halls. They've got the ju
"People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties. What about security against Microsoft? Every non-free program is a 'just trust me program'. 'Trust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."
"There are three kinds: those that spy on the user, those that restrict the user, and back doors. Windows has all three. Microsoft can install software changes without asking permission. Flash Player has malicious features, as do most mobile phones."
"Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer. Apple certainly has the digital handcuffs that are the tightest in history. The i-things, well, people found two spy features and Apple says it removed them and there might be more""
From:
Richard Stallman: 'Apple has tightest digital handcuffs in history'
www.newint.org/features/web-exclusive/2012/12/05/richard-stallman-interview/
Then maybe the whole thing is intentional. After all, the voters, in their conditioned helplessness, aren't going to elect anybody to stop it, so what "damage" is the NSA going to suffer? Smooth everything over with a little PR, and it's back to business as usual. In fact nothing has changed except increased chatter on the internet.
“He’s not deformed, he’s just drunk!”
Without transparency, we can't find their flaws. If you want the NSA to work robustly, and resist internal threats (misuse of their data, leaks etc), its going to have to be more transparent. You can't have oversight without transparency: We gotta at least know what program exist so we can question how their oversight works. Otherwise each internal team has a free for all.
Personally I'd rather have the whole thing fail, but not the way it has been failing. Unconstrained fragmented secret groups misusing data as they please and immune to laws is not the kind of failure I want...
TLDRBIPIOAWMAWI (Too Long Didn't Read But I Printed It Out And Wiped My Ass With It).
Geeks are so full of shit that "beating the crap out of them" takes a whole new meaning.
I started reading but soon moved on to just skimming the article. It read like a very logical but basic security primer... Until I hit the sidebar. Wow, I've never seen a better laid out, yet brief, history lesson that got straight to the point. Our government needs to remember that its "For the People, by the People" not "For those people, by these people"
Peter.
You are fucking insane, even for /.
Personally I see using outside contractors such as Booz Allen Hamilton as the massive security breach.
Never in history North Korea and USA were so close. It is true love between regimes of two countries.
Anyone arriving in USA is terrified by the large number of security forces and STASI type lifestyle so much prevalent.
Kim Jong Un blesses USA
The easiest fix would be to stop violating our constitutional rights. Snowden would have never leaked anything had the NSA been acting within the bounds of the constitution. Violate the constitution and everyone working for you that is a patriot is bound by honor to thwart you. Righteous anger is a SOB.
"Breach" all the secrets. Keep none. We have the deterrent of enough nukes to destroy anything and anyone. We have the fact that any large-scale conflict would only harm the aggressor in trade alone than they could hope to gain.
The net "damage" to U.S. citizens, worst-case, would be vastly less than the economic and political damage the NSA has itself caused, and continues to cause, to the citizens.
"National security" nowadays just means "security of the national security apparatus", and has little to do with security of the nation.
Get thy to the editing!
...and his name is Barak Obama.
His predecessor was George W. Bush and his sucker abolutist King-lets are David Cameron, Angela Merkel and all the other sucker kinglets of Pax Americana.
They all give a shit about "unreasonable search and seizuire" - spitting on their respective national constitutions or constitutional scriptures.
...they hate Putin. This man is kind of a patriot who sometimes cares about the average Russian, not just the Kleptocracy. Putin dared to lock up at least one of the most greedy Kleptocrats for a couple of years. The Kleoptocratic International hates Putin for this very badly.
Consequently, they will try to sow all the hatred they can against Putin into Anglosaxon (and other Pax Americana) brains. Thank god there is the internet and we can call out this shit.
@NSA, CIA: Question yourself whether you like the Kleptocrats or whether you like the government to care about the people. Discharging your duties properly means clamping down on the New York Kleptocracy and their friends. If you fail, well, have a replay of 1933 with Adolph Cromwell, a U.S. Army Corporal who turned himself into the Divine Leader of America.
I think that the degree of spying by the US government and the availability of computers and the net are locked hip to hip. Computers and somewhat open communication are powerful tools and the US government equates paranoia with responsibility.
1. Take control of your own networks via your own staff again.
No contractors, no private sector, no ex gov staff moving around, people without exhaustive gov staff real world full family tree, education, friends interviewed background results.
2. Drive the private sector contractors out of the gov networks. Fancy 3rd party network wide security software will not stop a trusted system admin, it will just give the security software bosses a nice gov contract bonus.
3. Go back to finding all your staff from top universities after watching them in the wild for a few years. When ready, offer them a great job, for life with academic freedoms and an above great wage. Make sure they feel invited in.
a) Interview them in person using gov staff only staff.
b) If accepted as useful to the gov:
Interview their extended family in person using only gov staff. Interview their recent academic staff in person using gov staff. Drive out to their local community and find friends, cops, ex cops, sealed court records, all teachers at every stage of schooling.... in person using gov only staff.
Look at generations of book lists, magazines, newspapers, payments, gambling, faith with links to other nations, cults with links to other nations, holidays, charities, political causes, the probability of placing another nation/faith/cash/cult interests above all gov security levels.
Build up a real world life story with real world contact with every close person or event and keep looking.
Note: a database search is not a real world interview. A database search by a 3rd party private sector security cleared person is not a real world interview.
Some data on a random gov computer about past good work been seen by a 3rd party private sector security cleared person is not a real world interview.
Keep interviewing, testing, profiling your new staff using trusted gov staff - in house staff, not a 3rd party private sector security cleared person invited in with a new 'system' to rent.
4. The file systems need to be kept air gapped and back to best practice compartmentalization. No new 3rd party cloud, no outside big brand private sector 'helpers' beyond installs.
5.. Dont trust any paperwork from any other sector of the gov/private sector on an individual. If they have great paperwork and want to move jobs, something interesting might be missing from that great 'story'.
6. Stop political suggestions over 'sharing' the cloud and other ways into what should be a sealed gov network.
Some better ways to alter public perception:
Hint at a limited hangout, or partial hangout, the idea that the material was baited provides endless speculation and academic busy work on web 2.0 and beyond.
Drop hints via trusted cutouts to the 'alternative media' that will take years to work out.
A sockpuppet is not a useful cutout.
The hardware and software, junk encryption was for domestic use by 'others' in the wider US legal system. The results of a splitter, tame corporate/academic decryption ended up with any number of diverse ongoing very legal domestic criminal probes is a great talking point.
Hint at a political culture for weakening once strong gov only security clearance levels.
8. Talk the the UK about decades of tell all books, newspapers, interviews and 'documents' ie the magical "why" nothing ever got much traction beyond academic history books and obscure university level history papers.
9.. As all this is now in the open and telco immunity is/was in place move forward with a domestic locked box for all telco metadata. Move in front of "damaging breach" to a post telco immunity budget and gov security expansion needs.
Domestic spying is now "Benign Information Gathering"
Bob Toxen is a fascist who has his fist up the ass of the NSA.
"The vast majority of NSA employees and contractors are eminently talented law-abiding dedicated patriots."
No, they are fascists, like Bob, who got a hard one when they read 1984 and are now living the dream. They are the enemy of the people, and the enablers of our overlords. They are guilty.
Discussing how to better secure systems against people like Snowden is like discussing how to ensure a thief or a murderer succeeds.
Sure it was during the ORIGINAL Confederacy, but it WAS post-Revolution. What did it teach us? The people in charge will shit all over the veterans even if they just busted their ass to set you free. Combine that with the Whiskey Rebellion and this country was sunk before it even got started.
But it's not like they bother to teach those little tidbits to gradeschool classes, where the less conditioned children might ask 'How is that any different than what the revolution set out to resolve?' or perhaps 'This sounds just like that children's book about the farm of animals!' :)
You don't seriously expect people to spend the day plowing through this without a summary, do you? Where's the abstract for this report, book, manifesto, or whatever it is?
Thank you, Edward Snowden.
"Arguments from authority are worthless." —Carl Sagan
I suppose it would be more accurate to sat they are amoral, but the results are the same.
We need to change our policy on secrets - nothing is secret past a year. The year is enough for tactical security, but not enough to hide embarrassments. Then the state will have to be answerable to its bosses - the citizens.
Except there is also the fact that some of the NSA's main goals, despite its draconian and probably unconstitutional methods, are still counterterrorism and counterintelligence. When a friend or family member is killed in a terrorist attack because the NSA's security wasn't adequate you can be proud you encouraged it.
Whatever the "claimed" goals of government are, its real actions are the things that count, and nowadays, in terms of something resulting from NSA intrusions, an American is more likely to be harmed by her or his own government than harmed by a "terrorist attack". The NSA has not been very successful in citing successes in its protecting of Americans.
If you could guarantee the goals of the NSA were always noble, then I would favor granting them far-reaching authority. But, in reality, the government, and elements of the government such as the NSA in particular, are often not noble; thus, *government authority must be limited*. This is a concept enshrined in The Constitution, and it's also a concept widely accepted by people everywhere the modem civilized world.
(||) Nehmo (||)
...is somewhere along the line SOMEONE has to be trusted. That secure program that transfers files? How do you know it doesn't have a back door/hidden features? You audit that source code..do you trust the auditor? How do you know he's not in collusion with the programmer? Hmm, better get someone or someones to audit them. And so on....
Technical restrictions are good, but they're not the be-all. Technically, the best locked down systems aren't usable (any geezers here remember C2 [orange book] Windows NT 4 systems? Very secure (especially for NT in the day)...and wholly unusable).
His comments about securing ssh are just common sense and best practices (for once they coincide). As he pointed out, metal detectors would have caught the egress of the thumb drives. Just as locks on reinforced cockpit doors would have prevented 9/11, sometimes the low-tech scalable solution is the best solution.
If you are of renown, you are renowned. You'd think folks sensitive to the exacting demands of various languages would be more respectful of English. Sheesh.
"with their freedom lost all virtue lose" - Milton
You don't seriously expect people to spend the day plowing through this without a summary, do you? Where's the abstract for this report, book, manifesto, or whatever it is?
The video game generation strikes again.
With law enforcement intent ,should get you life in prison if there is no probable cause.
... so, why they're worried about people investigating them?
My essay: http://www.phibetaiota.net/201...
"This essay discusses how the USA's security clearance process (mainly related to ensuring secrecy) may have a counter-productive negative effect on the USA's national security by reducing "cognitive diversity" among security professionals."
An example I have there:
----
Let us contrast two candidates with different very backgrounds and ask which one would get a security clearance. Which of the two would be hired to create the social and technical systems to define US National Security?
The first candidate is a woman performance artist currently couchsurfing near New York City's Greenwich Village. She has a messed up credit history, suffers from depression, has been on psychological medication, had a terrible childhood, and has had multiple friendships and has slept with people from a variety of foreign nations who she met in NYC. She even spent a few months living in the Middle East protesting various US-related policies. She was arrested once for smoking marijuana in public outside a nightclub. She is outraged by domestic violations of privacy rights in the USA and would never submit to a security clearance screening involving lots of prying questions (if only to protect her friends). Still, she has "been there" and understands what it means to be poor and also understands what it means to see the world from multiple points of view (including the downtrodden). To her, the invasion of Iraq was an obviously stupid thing to do and she was arrested for protesting before the invasion, too. Well, it does not take much imagination to assume she would be denied a security clearance, not that she would probably ever consider a job that requires applying for one.
The second candidate is a woman with a PhD in mathematics and a master's and bachelors degree in public policy from an Ivy League university (paid for by her professional parents). She has never known a day of hunger or homelessness in her life, has excellent credit, is very emotionally stable in the past (although the limits of that have never really been tested), has never felt a need to escape from her life using drugs, and has married a reliable accountant (himself a third generation American). She thinks that a job working at the Pentagon is worth just about any sacrifice to preserve a superior US way of life (plus, she feels she and her family and friends have nothing to hide). Well, it would seem there is probably a good chance such a person would get a security clearance, even if her polygraph readings jumped when she confessed that she has in the past purchased "fair trade" coffee that came from South America and also drives a Toyota Prius that her parents gave her as a birthday present last year.
Ten years go by and our successful second candidate has risen to a position where she is assisting in using highly mathematical Operations Research to define US defense policy and weapons systems priorities to protect against those she sincerely feels "hate us because we are free". Do you feel safer as a result? Do you really think she could do as effective a job in thinking about security threats and opportunities relative to general US interests as the other woman who would never qualify for a security clearance?
As for our first candidate, perhaps she becomes a Volvo-driving soccer mom with three kids in Portland, Oregon, a successful author, and married to an organic grocery store manager, to give her story a reasonably happy ending in mainstream terms? :-)
But here is a deep question implicitly raised by Scott Page's writings. Do you think the two women, working together, along with others, might be able to do a better job at improving US national security out of their diversity of skills and experiences than either one working alone? What sort of social environment or workplace setting would it take to make that possible?
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
More damaging than that committed by the Rosenbergs, which only taught the Soviets how to make nuclear weapons and started the nuke-fueled Cold War.
Hyperbole much?