Slashdot Mirror
The NSA and Snowden: Securing the All-Seeing Eye
First time accepted submitter ChelleChelle2 (2908449) writes "Edward Snowden's release of classified material exposing the existence of numerous global surveillance programs (obtained while working as an NSA contractor at Booz Allen Hamilton) has been referred to as 'the most damaging breach of secrets in U.S. history.' Regardless of whether one choses to champion or condemn Snowden's actions, it is apparent that the NSA needs to dramatically rework its security measures. In this article Bob Toxen, renown author of several books and articles on Linux Security, discusses the security practices that could have stopped Snowden. Equally interesting, he weighs in on the constitutionality and morality of the NSA's spying on all Americans."
With all the leaks, corruption scandals (quite a show here in Montreal), and all the law-breaking from those agencies and governments, I wish there were more like Snowden. That's only the tip of the iceberg boys & girls,
I've got better things to do tonight than die.
"People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties. What about security against Microsoft? Every non-free program is a 'just trust me program'. 'Trust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."
"There are three kinds: those that spy on the user, those that restrict the user, and back doors. Windows has all three. Microsoft can install software changes without asking permission. Flash Player has malicious features, as do most mobile phones."
"Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer. Apple certainly has the digital handcuffs that are the tightest in history. The i-things, well, people found two spy features and Apple says it removed them and there might be more""
From:
Richard Stallman: 'Apple has tightest digital handcuffs in history'
www.newint.org/features/web-exclusive/2012/12/05/richard-stallman-interview/
Then maybe the whole thing is intentional. After all, the voters, in their conditioned helplessness, aren't going to elect anybody to stop it, so what "damage" is the NSA going to suffer? Smooth everything over with a little PR, and it's back to business as usual. In fact nothing has changed except increased chatter on the internet.
“He’s not deformed, he’s just drunk!”
TLDRBIPIOAWMAWI (Too Long Didn't Read But I Printed It Out And Wiped My Ass With It).
Geeks are so full of shit that "beating the crap out of them" takes a whole new meaning.
That's like saying when aliens attack you'll be glad you bought UFO insurance. Just because you can imagine a scenario does not make it likely. I have seen no compelling evidence that terrorism is a battle worth giving up my privacy and freedom for.
I started reading but soon moved on to just skimming the article. It read like a very logical but basic security primer... Until I hit the sidebar. Wow, I've never seen a better laid out, yet brief, history lesson that got straight to the point. Our government needs to remember that its "For the People, by the People" not "For those people, by these people"
Peter.
Personally I see using outside contractors such as Booz Allen Hamilton as the massive security breach.
Never in history North Korea and USA were so close. It is true love between regimes of two countries.
Anyone arriving in USA is terrified by the large number of security forces and STASI type lifestyle so much prevalent.
Kim Jong Un blesses USA
The easiest fix would be to stop violating our constitutional rights. Snowden would have never leaked anything had the NSA been acting within the bounds of the constitution. Violate the constitution and everyone working for you that is a patriot is bound by honor to thwart you. Righteous anger is a SOB.
Risking death to have freedom is more than worth it. Even if the NSA is effective, it should've thought of that before violating the highest law of the land and everyone's fundamental liberties; then they could've carried on with their actual goals.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
The NSA does not work for us. I don't care about their security.
I think that the degree of spying by the US government and the availability of computers and the net are locked hip to hip. Computers and somewhat open communication are powerful tools and the US government equates paranoia with responsibility.
1. Take control of your own networks via your own staff again.
No contractors, no private sector, no ex gov staff moving around, people without exhaustive gov staff real world full family tree, education, friends interviewed background results.
2. Drive the private sector contractors out of the gov networks. Fancy 3rd party network wide security software will not stop a trusted system admin, it will just give the security software bosses a nice gov contract bonus.
3. Go back to finding all your staff from top universities after watching them in the wild for a few years. When ready, offer them a great job, for life with academic freedoms and an above great wage. Make sure they feel invited in.
a) Interview them in person using gov staff only staff.
b) If accepted as useful to the gov:
Interview their extended family in person using only gov staff. Interview their recent academic staff in person using gov staff. Drive out to their local community and find friends, cops, ex cops, sealed court records, all teachers at every stage of schooling.... in person using gov only staff.
Look at generations of book lists, magazines, newspapers, payments, gambling, faith with links to other nations, cults with links to other nations, holidays, charities, political causes, the probability of placing another nation/faith/cash/cult interests above all gov security levels.
Build up a real world life story with real world contact with every close person or event and keep looking.
Note: a database search is not a real world interview. A database search by a 3rd party private sector security cleared person is not a real world interview.
Some data on a random gov computer about past good work been seen by a 3rd party private sector security cleared person is not a real world interview.
Keep interviewing, testing, profiling your new staff using trusted gov staff - in house staff, not a 3rd party private sector security cleared person invited in with a new 'system' to rent.
4. The file systems need to be kept air gapped and back to best practice compartmentalization. No new 3rd party cloud, no outside big brand private sector 'helpers' beyond installs.
5.. Dont trust any paperwork from any other sector of the gov/private sector on an individual. If they have great paperwork and want to move jobs, something interesting might be missing from that great 'story'.
6. Stop political suggestions over 'sharing' the cloud and other ways into what should be a sealed gov network.
Some better ways to alter public perception:
Hint at a limited hangout, or partial hangout, the idea that the material was baited provides endless speculation and academic busy work on web 2.0 and beyond.
Drop hints via trusted cutouts to the 'alternative media' that will take years to work out.
A sockpuppet is not a useful cutout.
The hardware and software, junk encryption was for domestic use by 'others' in the wider US legal system. The results of a splitter, tame corporate/academic decryption ended up with any number of diverse ongoing very legal domestic criminal probes is a great talking point.
Hint at a political culture for weakening once strong gov only security clearance levels.
8. Talk the the UK about decades of tell all books, newspapers, interviews and 'documents' ie the magical "why" nothing ever got much traction beyond academic history books and obscure university level history papers.
9.. As all this is now in the open and telco immunity is/was in place move forward with a domestic locked box for all telco metadata. Move in front of "damaging breach" to a post telco immunity budget and gov security expansion needs.
Domestic spying is now "Benign Information Gathering"
In the light let's correct the the heading. Edward Snowden did not cause the 'the most damaging breach of secrets in U.S. history.', he exposed the 'the most damaging breach of secrets in U.S. history.'. Let's be clear on this, it was the NSA that was conducting the illegal breach of secrets of people from all over the globe, no one was safe and no countries laws were respected, not the US not anyones. It was the NSA that was the completely unrepentant criminally insane computer network hacker, hacks not in the hundreds or thousands but very likely in the millions. This had nothing to do with securing anything for the US but everything to do with empowering the insane head of the NSA and his backers in their grab for power. He is now protected status by the secrets he holds, he knows more about the criminal activity of politicians from all over the globe than any other person in US history. As the the puppet president Uncle Tom Obama the choom gang coward, well, he runs nothing and has not done so for years, he just does as he is told to do and smile when he reads his instructions in front of the public on the teleprompter, the puppet prompter, what a way to go no in history, really lame.
Chaos - everything, everywhere, everywhen
Except there is also the fact that some of the NSA's main goals, despite its draconian and probably unconstitutional methods, are still counterterrorism and counterintelligence. When a friend or family member is killed in a terrorist attack because the NSA's security wasn't adequate you can be proud you encouraged it.
The NSA's mass-surveillance techniques have not been proven effective for counter-terrorism, nor do those techniques represent a cost-effective method of lowering the overall US death rate, nor are they worth (in my opinion) the egregious violation of our Constitutional rights.
I believe that a cursory glance at global affairs — in particular, which entities commit terror attacks upon which nations; the attackers' motives; and attacked nations' foreign policies — suggest that the most effective counter-terrorism results come from not interfering in the sovereignty or affairs of foreign governments, and not violating the human/civil rights of foreign and domestic populaces.
Were a friend or family member killed in a terror attack, I'd be upset they died even though their Constitutional rights were being violated, and I'd be upset that they likely died as a result of blowback from unilateral US action abroad intended to increase or maintain the power and wealth of US oligarchs, likely in violation of international law. If mass-surveillance were ended and a friend or family member were killed in a terror attack, I would take solace in death(s) as free people.
Thank you, Edward Snowden.
"Arguments from authority are worthless." —Carl Sagan
You don't seriously expect people to spend the day plowing through this without a summary, do you? Where's the abstract for this report, book, manifesto, or whatever it is?
Thank you, Edward Snowden.
"Arguments from authority are worthless." —Carl Sagan
Indeed. Best summary so far. The NSA seems to be turning more and more into a GeStaPo. On the plus side, they usually kill people outright (or help to do so), instead of torturing them first. So maybe they are still a bit better than the GeStaPo.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The whole idea of the NSA is deeply flawed. But, judging from how things are going with the human race, maybe entirely deserved.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
And they are not very talented either. I now personally that they have to outsource critical stuff because they just cannot hack it themselves...
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Except there is also the fact that some of the NSA's main goals, despite its draconian and probably unconstitutional methods, are still counterterrorism and counterintelligence. When a friend or family member is killed in a terrorist attack because the NSA's security wasn't adequate you can be proud you encouraged it.
Whatever the "claimed" goals of government are, its real actions are the things that count, and nowadays, in terms of something resulting from NSA intrusions, an American is more likely to be harmed by her or his own government than harmed by a "terrorist attack". The NSA has not been very successful in citing successes in its protecting of Americans.
If you could guarantee the goals of the NSA were always noble, then I would favor granting them far-reaching authority. But, in reality, the government, and elements of the government such as the NSA in particular, are often not noble; thus, *government authority must be limited*. This is a concept enshrined in The Constitution, and it's also a concept widely accepted by people everywhere the modem civilized world.
(||) Nehmo (||)
...is somewhere along the line SOMEONE has to be trusted. That secure program that transfers files? How do you know it doesn't have a back door/hidden features? You audit that source code..do you trust the auditor? How do you know he's not in collusion with the programmer? Hmm, better get someone or someones to audit them. And so on....
Technical restrictions are good, but they're not the be-all. Technically, the best locked down systems aren't usable (any geezers here remember C2 [orange book] Windows NT 4 systems? Very secure (especially for NT in the day)...and wholly unusable).
His comments about securing ssh are just common sense and best practices (for once they coincide). As he pointed out, metal detectors would have caught the egress of the thumb drives. Just as locks on reinforced cockpit doors would have prevented 9/11, sometimes the low-tech scalable solution is the best solution.
In the light let's correct the the heading. Edward Snowden did not cause the 'the most damaging breach of secrets in U.S. history.', he exposed the 'the most damaging breach of secrets in U.S. history.'. ....
Agreed. It's amazing how people mindlessly parrot the government slant.
Pretty much if the government states something, the opposite is true. The "corrections" department does not correct people; it punishes them. The "defense" department is for offense. The Division of Family Services breaks up families. The Patriot Act is unpatriotic. The ones who "serve and protect" really take your money and your freedom. Etc.
(||) Nehmo (||)
If you are of renown, you are renowned. You'd think folks sensitive to the exacting demands of various languages would be more respectful of English. Sheesh.
"with their freedom lost all virtue lose" - Milton
You don't seriously expect people to spend the day plowing through this without a summary, do you? Where's the abstract for this report, book, manifesto, or whatever it is?
The video game generation strikes again.
I have no more mod points, but would like to say that this entirely, and eloquently, sums up my views on this matter. Well said.
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
Um, no. The Whiskey Rebellion had nothing to do with "shitting on veterans". Veterans rallied around George Washington to put down the rebels.
George Washington was a millionaire at the time because he owned some extremely popular Whiskey distilleries, so when he imposed the first taxes of the nation (largely to pay our war debts), the first thing he did was put on a tax that hit himself hardest. This was considered fair. Even in those days, it was well known that alcohol came with severe social consequences, so this Sin Tax was generally accepted as the best way to raise national funds.
So what drove the Whiskey Rebellion? Largely it was early Borderlander (Scott/Irish) culture, one of the american nations, which simply wanted all the benefits of living the United States without having to pay a dime for its upkeep. This attitude, by the way, still completely dominates in these regions 200 years later, driving much of our politics: right wingers who pretend to "speak for the veterans" while at the same time refusing to pay for their benefits. Clyde Bundy is a poster child for borderlander culture
Thinking about it, I suppose you could say that "shitting on veterans" was the point of the revolution - it was just the rebels who were trying to do the shitting.
A 9/11 event would have to happen twice a week or more to crack the top 5 causes of death in the US. Why is it so important to give up on fundamental freedoms (i.e. the 4th Amendment)? Does it seem more or less important to you after considering that by the NSA's own admission, not a single terrorist has been caught or a citizen's life saved by this surveillance?
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
Dumbass, we were a Republic less than a century ago. So far Democrazy has done nothing good for us. ESAD
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
How did we vote before we were a Democrazy? This was less than a century ago.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
My essay: http://www.phibetaiota.net/201...
"This essay discusses how the USA's security clearance process (mainly related to ensuring secrecy) may have a counter-productive negative effect on the USA's national security by reducing "cognitive diversity" among security professionals."
An example I have there:
----
Let us contrast two candidates with different very backgrounds and ask which one would get a security clearance. Which of the two would be hired to create the social and technical systems to define US National Security?
The first candidate is a woman performance artist currently couchsurfing near New York City's Greenwich Village. She has a messed up credit history, suffers from depression, has been on psychological medication, had a terrible childhood, and has had multiple friendships and has slept with people from a variety of foreign nations who she met in NYC. She even spent a few months living in the Middle East protesting various US-related policies. She was arrested once for smoking marijuana in public outside a nightclub. She is outraged by domestic violations of privacy rights in the USA and would never submit to a security clearance screening involving lots of prying questions (if only to protect her friends). Still, she has "been there" and understands what it means to be poor and also understands what it means to see the world from multiple points of view (including the downtrodden). To her, the invasion of Iraq was an obviously stupid thing to do and she was arrested for protesting before the invasion, too. Well, it does not take much imagination to assume she would be denied a security clearance, not that she would probably ever consider a job that requires applying for one.
The second candidate is a woman with a PhD in mathematics and a master's and bachelors degree in public policy from an Ivy League university (paid for by her professional parents). She has never known a day of hunger or homelessness in her life, has excellent credit, is very emotionally stable in the past (although the limits of that have never really been tested), has never felt a need to escape from her life using drugs, and has married a reliable accountant (himself a third generation American). She thinks that a job working at the Pentagon is worth just about any sacrifice to preserve a superior US way of life (plus, she feels she and her family and friends have nothing to hide). Well, it would seem there is probably a good chance such a person would get a security clearance, even if her polygraph readings jumped when she confessed that she has in the past purchased "fair trade" coffee that came from South America and also drives a Toyota Prius that her parents gave her as a birthday present last year.
Ten years go by and our successful second candidate has risen to a position where she is assisting in using highly mathematical Operations Research to define US defense policy and weapons systems priorities to protect against those she sincerely feels "hate us because we are free". Do you feel safer as a result? Do you really think she could do as effective a job in thinking about security threats and opportunities relative to general US interests as the other woman who would never qualify for a security clearance?
As for our first candidate, perhaps she becomes a Volvo-driving soccer mom with three kids in Portland, Oregon, a successful author, and married to an organic grocery store manager, to give her story a reasonably happy ending in mainstream terms? :-)
But here is a deep question implicitly raised by Scott Page's writings. Do you think the two women, working together, along with others, might be able to do a better job at improving US national security out of their diversity of skills and experiences than either one working alone? What sort of social environment or workplace setting would it take to make that possible?
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.