Slashdot Mirror
Glenn Greenwald: How the NSA Tampers With US Made Internet Routers
Bob9113 (14996) writes "According to Glenn Greenwald, reporting in The Guardian: 'A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers, and other computer network devices being exported from the US before they are delivered to the international customers. The agency then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some "SIGINT tradecraft is very hands-on (literally!)".'"
Surely the NSA can touch anything that Customs does.
You just single-handedly killed the entire US tech industry. You murdered trust. No one will ever trust US hardware again.
Working for a defense contractor, I can say that someone is going to have fun talking with the FBI and/or the CIA and/or the NSA soon.
Happy butt raping!
Soon?
You must have missed the part where it says "A June 2010 report from the head of the NSA's Access and Target Development ".
I seriously doubt the FBI or CIA are going to go after the NSA.
It just costs US companies sales, and further encourages them to move manufacturing overseas.
Sig Battery depleted. Reverting to safe mode.
You can't trust open source either.
Devices like these often have "binary blobs" that aren't open source and could contain backdoors (one of the reasons RMS has been rallying against them, but probably not the primary reason), but even more fundamentally than that, it would be naive to assume that the NSA can't hire programmers to contribute to these projects and that they can't be good enough at what they do to make a backdoors that would pass a code review without being detected.
That said, at least with open source you have the chance to find such things, so there is that. But either way ... I think we're screwed.
Well that's what I was wondering. They must import them to the US, backdoor them and then export them again. I'd bet they have chinese backdoors in addition to the US ones.
(cough) with china, the backdoors are put there FROM the factory. no trip to the chinese version of NSA needed.
if you trust chinese software or embedded hardware, you are stupid and/or ignorant.
(similar if you trust the US stuff, now, too, sorry to say!)
maybe something good will come from this: the world does not trust as easily anymore. in a way, that can be a good thing; its certainly a maturing thing. the world is growing up and not thinking life is a wonderful disney movie anymore. the world is filled with bad guys and those wearing white are often the worst (so to speak).
--
"It is now safe to switch off your computer."
Considering the US government blatantly and consistently ignores its constitution, the document which grants it sovereignty, and is thus a rogue or fail[ing/ed] state, dismantling the intelligence apparatus would be a good thing for its citizens.
Simply raise tech propaganda, wait for the US to build backdoors into everything, and then steal the knowledge because apparently the US is very bad with cybersecurity.
I'm suprised most people haven't realized that it's part of the pattern USians show, do-evil-blame-someone-else. NSA backdoors everything, thinks everybody is just as evil and paranoid as they are so they start creating negative propaganda against 'enemy' targets accusing them of doing exactly what they are doing.
I'm not a USian, so haven't been exposed to all the mind numbing media they have, but has there ever been ONE piece of intelligence about other countries that was true and wasn't simply the US looking in a mirror and trying to cover their tail???
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
Just wait till the markets open tomorrow. NASDAQ down 600-800 points (at least). Nobody sane is going to purchase US-made networking gear for a very long time.
Nah, this won't budge the markets, mainly because this info was released some time ago - and it wasn't limited to router hardware.
The only reason this is being re-reported is to promote Greenwalds's book.
Is there any US made networking gear? I'd be surprised if it was more than 3 percent of the market. Maybe some high end stuff but I'd bet all the consumer grade shit is Chinese in origin. Hard to boycot made in America when it's not made in America. This article sounds like bullshit.
This is to be expected.... what is the real scope of this?
I believe that a router on the way to a German auto maker is not targeted. OK I want to believe.
I believe that a well managed site will audit and reload software. I believe that additional system admin audits behind and in front of the
hardware are justified.
For the NSA (Never Say Anything) to snoop does not bother me but they are not the only TLA in the game today.
The internet has not been friendly for a gosh long time nothing has changed.
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
Security researcher and Tor developer, Andrea Shepherd, found something fishy:
http://www.techdirt.com/articl...
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
I think we're screwed.
Only if you keep on reelecting the same old crooked politicians over and over again. The NSA can't control who you vote for.
“He’s not deformed, he’s just drunk!”
You can't trust open source either.
Devices like these often have "binary blobs" that aren't open source
No, you CAN trust open source. If it has a binary blob, then by definition, it is not open source.
it would be naive to assume that the NSA can't hire programmers to contribute to these projects and that they can't be good enough at what they do to make a backdoors that would pass a code review without being detected.
That's still better than closed-source code that you can never inspect. Also, any such contributions will be recorded and tracked. Serious open-source projects like the Linux kernel don't accept anonymous contributions; they have to be signed off by someone. Also importantly, if you look at the Linux kernel, you'll find most contributions (esp. in an area where a backdoor could have a real impact, not places like USB joystick drivers or whatever) come from programmers working for well-known companies, not from random people on the internet.
Had Snowden only leaked the unconstitutional domestic spying, he would be a hero. It should be very clear now that those leaks were just a cover for treason. His goal seems to be nothing less than the dismantling of our entire intelligence apparatus.
You can't hide an intelligence operation of this scale forever, this was going to come out sooner or later, Snowden is an inevitability. That having been said, while your concern over how the USA's ability to find out what color underwear everybody else is ordering online is a valid one, consider the economic impact of this. I'm sure Cisco and a whole horde of other US based network equipment manufactures were thrilled to the core when they woke up one morning and found out that the NSA just crashed their sales and to add insult to injury ensured that in the long term their overseas competitors will get a whole lot more business as governments and corporations look for secure and preferably domestic sources of network equipment. Maybe the fact that it was all done in the name of patriotism and national security will more than compensate these US businesses for any financial losses that result from this activity?
Only to idiots, are orders laws.
-- Henning von Tresckow
I'd assume this wouldn't only be US made networking gear. It probably also includes networking gear that is made elsewhere, shipped to the US and then re-sold and exported to its final destination (as is the case with most US products). If you order a Linksys, D-Link or Netgear router, it may be manufactured in China/Taiwan/Japan, but it almost certainly passed through the US before making it to their Canadian, Mexican, European, etc customers.
Does it really matter who we vote for, as far as the NSA is concerned? Any "electable" candidate will just let the NSA keep doing what they're doing.
Even if someone like Al Franken got elected president by some miracle (which is not going to happen) he still couldn't do much unless people also elected a whole bunch of Al Frankens/Rand Pauls to Congress. And that just isn't going to happen (there's a reason why those two are such outliers).
Ultimately the only way we'll ever end NSA malfeseanse (or CIA malfeseanse for that matter) is if we can somehow expose what they do. Without that, we'll change politcians but they'll stay the same.
The NSA can't control who you vote for.
YET.
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.
Looks to me like those spying on anyone, anywhere, are the real traitors.
Il n'y a pas de Planet B.
NSA's message:
Beware: we're doing it to them so they could be doing it to us.
Of course they could not go public with part one to they only publicized part two.
Al Franken? No thanks! Besides, he thinks the NSA is a-okay...
“He’s not deformed, he’s just drunk!”
The NSA's own internal watchdog group found that NSA snooping power was used to spy on 'love interests' of several NSA employees.
If their own internal watchdog group is telling the world that there's something going on here, it's a bold move to claim "all the disclosures released so far have shown government ACTIVELY protecting civil liberties of Americans"
Imagine if an organization such as the ACLU had access to all internal NSA snooping records. Are you telling me that you believe that no civil liberties have been violated by the NSA? Alternatively, are you telling me that we have zero rights because the NSA is allowed to spy on everyone doing anything at any time for no reason at all?
Electronic Voting Machines maybe?
Now they've been found out it's going to hurt USA's export market.
You need to be one to understand one. US, especially the international cyber security related ranks of government, were worried about the security of networks, operating on Chinese made Huawei brand routing equipment. Has anyone give it a thought "why" ? Because, they were doing the same thing to the US manufactured equipment and up until Huawei undercut Cisco prices and made inroads to the US networks, they didn't say anything. I am just laughing why people are getting so upset at this point in game. Your privacy and mine as well, is no more than a joke.
__________
The more I know people, the more I love animals
That said, at least with open source you have the chance to find such things, so there is that.
Even with "open source" you still have to get the source code to your spiffy new router. Then you have to do a code review to see what's there. Then compile it, then get the libraries and try to link it, then try comparing the binary just to find out that it will have natural differences from what is installed in the router IF you can extract the binary once it has been flashed into it. (Do many firmware-upgradeable routers have an "extract" function, or only "install"?)
So, if by "chance to find such things" you really mean "install your own code that will overwrite anything that isn't supposed to be there", yes. But to actually FIND the backdoors you need to extract the binary and decompile it anyway. The source may be a guide to what you expect to see, but with optimization and compiler tricks the source may not be all that helpful.
You can't really trust the firmware upgrader to actually write your code there unmodified, either. Or that your code is the only code that runs on the system.
Just curious, does that include Alan Turing spying on Germans? Or the UK intelligence intercepting Zimmerman's telegram?
In Soviet Washington the swamp drains you.
Let's see. We have proof of the US doing this. We don't have proof of China doing it.
Conclusion: Accuse China!
This makes perfect sense.
I've started raising pigeons to communicate with friends. It's pretty cool, you see you take a message and fold it and attach it to the pigeons leg with a band and he flies off to home with it. Just have to watch for the hawks.
You do know they put the branding on them there don't you. It comes here to be sold to US consumers. I can't believe anyone is stupid enough to buy a router made in china and then shipped out of the US. You have to know the only possible reason for it to come to the US and then leave again is that it's been altered. Anyone who falls for that is so incompetent you shouldn't really need to spy on them.
I don't think the NSA is operating for the good of the US. I think the NSA is operating for the good of the NSA.
What is the NSA? A collection of security services companies milking a black budget with zero accountability and oversight. That's how this leak happened in the first place. Shitty contractors overcharging and under providing. All it took was one ordinary guy with a conscious to unravel the whole thing.
It's not just that we're being betrayed. We're being ripped off to make a buck at the same time.
"And that just isn't going to happen (there's a reason why those two are such outliers)."
The reason is that people like you that ought to know better keep repeating such nonsense. Franken and Paul are only 'outliers' in the context of Washington DC and the deep state - in terms of the country they are essentially mainstream at this point. The media works tirelessly day and night to prevent us from figuring this out, however, and one of their most effective tools is silly little tropes such as the one I quoted above.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Nothwithstanding the fact that I don't think a single person involved in any of this is guilty of treason, you are blatantly wrong about a few things, like this:
In fact, all the disclosures released so far have shown government ACTIVELY protecting civil liberties of Americans.
This is just wrong, the NSA's net is so large that they can and do collect a lot of information about Americans not suspected of a crime. The three hops rule means that they collect data from millions of people who are so loosely connected with a particular suspect as to make it so that there is no real connection there. The recent proposals of changing how the NSA works also removed the privacy advocate. If the federal government's priority was protecting Americans' civil liberties, why did they remove the person whose job that would be?
Remember, the goal is to expand the powers of government.
The goal of what? The goal of the constitution is to limit, not expand, the powers of government. That is spelled out very clearly. The entire purpose of the constitution is to protect the citizens from the government.
Your role as a citizen is to make sure government continues to function and do its job, because that's what we as citizens have decided.
What happens when the government stops doing its job, or starts abusing its power? If that is happening, wouldn't you want to know about it?
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
I think we're screwed.
Only if you keep on reelecting the same old crooked politicians over and over again. The NSA can't control who you vote for.
1) who knows how far NSA has its fingers into everything. If they've hacked the voting machines ... perhaps they *can* control who we vote for.
2) it doesn't have to be the NSA. They may have the most resources and the most support from our government, but China could do similar things. And the part about getting back doors into open source software doesn't require a government agency at all.
The most recent poster child of vulnerabilities that nobody noticed was of course Heartbleed, but who knows how many other problems either 1) have been detected but not reported to anybody, or 2) were deliberately added but made to look benign? And it's always possible that the vulnerabilities aren't where you think they are -- for example, the idea of hacking the C compiler to detect when it's compiling /bin/login and adding a back door if it is is decades old, and it's only one of oodles of possible scenarios.
I work for a company that ships laptops, desktops, and routers to customers overseas and I'm going to say that there are some really weird things going on in transit that I can't explain. Particularly with international shipments, but not necessarily exclusively. I've personally heard from numerous customers who've had there systems seemingly opened in transit. Not just the packages, but the actual cases. They don't even always do a good job of re-connecting and re-sealing everything. Its obviously the cases that have been opened too as snap-style pieces are left disconnected (hard drives). No amount of vibration or force will cause a disconnect.
While I've suspected something like this I've never attempted to have a customer take a hash of the disk image and compare it to a before-shipment hash. Given this is a problem I think I might just go ahead and start doing this. The problem now is actually finding a customer who is going to be able to repeat the process on the other end.
"just people applying 20th century ideas to 21st century conflicts."
All too true. Although the results may be far worse than becoming a "quaint has-been". To expand on your point: ... There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all."
http://www.pdfernhout.net/reco...
"Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all. Cheap computing makes possible just about cheap everything else, as does the ability to make better designs through shared computing.
And also on intelligence specifically:
http://www.phibetaiota.net/201...
"A failure to realize this irony will produce ever greater problems down the road as we develop ever greater technologies that can become ever greater amplifiers of destructive impulses (including self-replicating nanotech and biotech) or ever greater inhibitors of constructive impulses (like pervasive surveillance to enforce arbitrary unhealthy norms as a "war on the unexpected"" [see Schneier]). So, how can we have an intelligence community in the 21st century that is truly worthy of the name? How can we have an intelligence community that truly helps prevent misadventures that waste trillions of US dollars while millions of US children grow up in poverty and tens of millions of US citizens lack access to health care or even adequate nutritious food?"
And:
http://pcast.ideascale.com/a/d...
"As with that notion of "mutual security", the US intelligence community needs to look beyond seeing an intelligence tool as just something proprietary that gives a "friendly" analyst some advantage over an "unfriendly" analyst. Instead, the intelligence community could begin to see the potential for a free and open source intelligence tool as a way to promote "friendship" across the planet by dispelling some of the gloom of "want and ignorance" (see the scene in "A Christmas Carol" with Scrooge and a Christmas Spirit) that we still have all too much of around the planet. So, beyond supporting legitimate US intelligence needs (useful with their own closed sources of data), supporting a free and open source intelligence tool (and related open datasets) could become a strategic part of US (or other nation's) "diplomacy" and constructive outreach."
"Good will" is an important resource. Slowly the USA has been squandering what goodwill it including from WWII. Fortunately, good will can be a renewable resource depending on the political choices the USA makes going forward.
For example, imagine how much goodwill the USA would have right now if we had given the people of Iraq US$6 trillion dollars (US$300
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
... I just can't imagine how anyone would be offended or in the least bit concerned over this.
No idea why you're being downmoderated. It's *absolutely* the NSA's job to eavesdrop on foreigners. That's what they're being paid to do.
While it is the NSA's job to spy on people, that's traditionally been something you do against your adversaries, not your allies. I mean, it's one thing if we're talking about tapping the USSR's undersea cables. They had nuclear-tipped ICBMs pointed at us. It's quite another thing when we're talking about tapping the phone of Angela Merkel. She's the democratically elected president of an allied NATO state. I mean, up until that point she and Obama had a pretty good working relationship, so if he really wanted to know what she was thinking, he probably could have you, know, asked her.
Exposing is not the issue. They need to be convicted. They already HAVE been exposed.
Don't fight for your country, if your country does not fight for you.
NSA apologist trope #57: [insert foreign country that has no 4th amendment] routinely does the same thing we do.
This is one of the dumbest arguments in the NSA apologist playbook. Gee, we are as bad as China when it comes to spying on our populace. Great job!
Try not to be distracted by the hyperbole of GP. Companies aren't going to go bankrupt or lose all their large international contracts overnight.
What'll happen is a gradual shift away from doing business with U.S. based companies. Nor will the business necessarily go to the Chinese counterparts. Instead, what'll likely happen is niche local players will suddenly find that some new doors have opened up. And regulators will give U.S. companies more trouble when they're making large acquisitions of foreign (or domestic, from their POV) entities. And maybe some overseas companies will refuse to do business in the U.S. or not be allowed by their governments to form U.S. subsidiaries, though that's far less likely a direct result of this revelation.
Chances are, this will isolate the U.S. from the rest of the world a bit more, and maybe that's a good thing, or maybe it's a bad thing. Corporations will feel the sting particularly hard, but the people willl survive.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
I think you missed the point, so I'll put it in other terms.
You stab your hand with a knife; everyone sees you do it. You then run around yelling that your enemy stabbed you in the hand with a knife, because everyone knows he'd do it if he had the opportunity.
Meanwhile, you do nothing to stop the blood flowing out of your hand, and deny that you stabbed it... even while your enemy is sneaking up to stab you in the foot.
In other words, who cares about whether China is doing this or not? The US is doing it, has been proved to be doing it, and is doing nothing to fix the situation, instead either saying "It's OK, everyone does it" or "Look at them! They're worse!"
Once the US cleans up its own act, THEN it can help the rest of the world with the specks in their own eyes.
Or to put it more bluntly: in these situations, the US government is its own worst enemy, and needs no help from others who would see it come to harm, whether they're getting said help or not.
By what 'tradition'? Nation states and their predecessors have always spied on friend and foe alike.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Isn't it still possible to have a trustworthy firewall as separate hardware, that can inform you if there are any inappropriate data transfers? It would seem like an important tool to have if only for virus/malware analysis.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
I never said open-source was perfect, but there's no shortage of vulnerabilities discovered in closed-source software. Heartbleed is just an exceptional case, and was very quickly fixed once reported. How many proprietary vendors have sat on vulnerabilities and refused to fix them for ages? They even contend that vulnerabilities should never be disclosed to the public, so that they can take their time fixing them, if they ever get around to it.
The NSA can't control who you vote for.
And you know this how? You know for a fact that the NSA can't 1) Dig up information on a candidate, that will cause them to (legitimately) lose the election. 2) Donate, or encourage others to donate, to campaigns such that they legitimately lose the election. 3) Frame the candidate for something, that will cause him to lose your vote. 4) Actively eliminate a candidate, eg an "accident", causing you not to vote for them. 5) Change your vote, such that "your" vote becomes a vote for a different candidate?
Full paranoia mode: and occasionally they release a few people like Snowden, to air a select portion of their dirty laundry and make us believe that we know what the NSA is doing. Remember when they were nicknamed the No Such Agency, think they gave up on that level of secrecy rather than just have the current NSA as their public interactions branch?
Now excuse me while I go add a few more layers to my tin foil hat.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
It's their job to spy on enemies of the state. Foreigners is a broad brush that is a slippery slope to domestic monitoring. Actually we are already there.
Addressing both your comment and the grandparent comment: this distinction of allowing non-free software is part of what distinguishes the older free software movement from the younger open source movement. RMS has been talking and writing about this critical distinction for years.
Consider the following from "Why Open Source misses the point of Free Software":
In other words, open source won't endorse software freedom for its own sake. That movement was designed to never raise the issue of software freedom in order to promote a developmental methodology thought to lead to more reliable, more powerful programs. That methodology is fine as far as it goes (everyone likes powerful robust programs) but as we're seeing with the Snowden revelations, that methodology doesn't go far enough. RMS realized this very early on and has been providing ethical counterarguments since the open source movement began (older essay, newer essay).
This difference explains what we're seeing in the very different approaches taken in Linus Torvalds' fork of the Linux kernel versus the GNU Linux-libre fork of the Linux kernel. Linux-libre's distinction is that this fork removes the blobs that come with the Torvalds fork of the Linux kernel. Torvalds includes nonfree code meant to make the kernel run on more hardware which places a high value on convenience at the cost of software freedom. Linux-libre values software freedom instead. As a result, Linux-libre doesn't run on as much hardware and might not take advantage of everything modern hardware can do, but one gains a system they are allowed to fully inspect, share, and modify—software freedom. Linux-libre lets users make sure the software does only what that user wants that program to do. RMS, as recently as his recent responses to /. questions, encouraged readers to reverse engineer hardware in order to fully document hardware ("The parts of Linux we need to replace are the nonfree parts, the "binary blobs". [...] The main work necessary to replace the blobs is reverse engineering to determine the specs of the peripherals those blobs are used in. That's a tremendously important job -- please join in if you can."). This work leads to increased support for fully free operating systems, including fully free support in Linux-libre.
Increased security is one of the things you get with the pursuit of software freedom for its own sake. I think RMS very much recognizes the security enhancements that come along with Linux-libre and why his org
Digital Citizen
Lie. Spying enables war, it creates the illusion of having sufficient control and being able to go in and kill whom ever you want and win. Spying the disrespecting of other countries laws and their citizens rights and is the peremptory action to war. The death penalty for espionage still exists in many countries and with good reason. Espionage routinely enables and uses organised crime in targeted countries, ignoring laws also covers ignoring laws like murder and extortion the assumption by those countries actively engaged in hostile espionage are that the targeted countries citizens have no rights and are to be considered sub-human to be abused at will as long as they hostile country can get away with it. It is pretty clear the US has become the enemy of world peace, quite simply because there is not enough profit in it, for the select few.
Chaos - everything, everywhere, everywhen
If I'm a foreign buyer for this stuff... say a bank in Germany that wants to build a data center... I can't buy American stuff anymore. That's a huge blow to US tech.
Look... I'm okay with pulling this crap against brutal dictatorships. But I suspect they're just doing it to anyone they're even vaguely interested in... I have to assume that because there's so much double talk and evasion on the issue along with apparently no oversight or auditing.
If this sort of crap continues then the companies are at they very least going to have to use protected shipping methods that guarantee no tampering. A guard going with the shipment 24 hours a day from the factory to the delivery location would be an example.
And of course, any organization or customer that is responsible to data security is going to have increasing trouble trusting US businesses with anything.
This is incredibly damaging. The NSA needs to do their job without destroying the US tech industry in the process.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
here's your solution: buy a US router and a china router. put them in parallel (on their inputs) and on their outputs, use a local AND. only pass packets that are produced by both and reject all differences.
(I'm kidding, but maybe only half kidding..)
--
"It is now safe to switch off your computer."
To be fair this should be rephrased as:
"You lose the moral high ground when you resort to being no better than you claim that the dictators and terrorists are."
I think we've pushed this "anyone can grow up to be president" thing too far.
Yes, if they meet the definition of "traitor". Because "those spying on anyone, anywhere" does not meet any definition I know of.
Or, another way, your statement is just as true as the gp.
I prefer to think of it as redefinition, where the meaning of treason is whatever supports gp post.
On one hand, we have the idea that all spying is wrong. On the other, some spying is okay, if it supports the greater good.
If I misdial an international number and get a terrorist burn phone, does it make sense to flag me as metadata to be recorded in the future? If I repeatedly call burn phones, am i a greater risk? If I have friends I met in college who are fighting for their freedom and lives in an unpleasant country - fighting the same fight that my country is fighting but from the inside - how does my country know which side I'm on?
If some spying is good, we have to define where to draw the line. My parents were killed 20 years ago, when CCTV was not prevalent. Would you support CCTV cameras for the purposes of finding their killer(s)? That seems like unnecessary spying given the hours of tape that would get captured, but it also seems to be for the greater good.
So, can we define clear lines that don't require interpretation, which clearly defines the good guys from the bad guys and the targets from the protected? And we have to keep in mind that the state preserving itself is not the same as the state preserving its citizens, so the state is not necessarily the best decision maker. When a revolution happens, the state finds itself on the wrong site of history, and is the bad guy. They will abuse any power granted them at that point.
So how do you grant UK permission to make the call, while giving the Americans the ability to revolt?
And don't forget that the hardware itself may be compromised.
Here is a little logic lesson, take heed of the flow because I realize that logic is difficult for people.
Spying in and of itself can be considered a gray area. We can justify spying on enemies, and not spying on friends.
Deceit on the other hand is always bad. There is really no gray area in that one, try as you like there is no way to convert deceit to honesty.
The issue with the NSA, and say Australia, is that the US Government as a whole has lied to the people that the politicians and office holders are supposed to be representing. Repeatedly lied I'll add, and those lies are all in the open and well documented.
This takes us to an issue of trust, and people simply have no more trust for the US Government. People in offices have lied not just about the NSA, but everything possible. WMDs in Iraq, the TPP, and Fast and Furious are good recent examples, but The Gulf of Tonkin and COINTELPRO were just as real and lies as well. So we have a history of liars holding offices to overcome somehow.
Spying by itself may not be treasonous (unless you are breaking the laws defined in the US Constitution), but providing arms to gangs that kill US citizens surely counts. I would say that declaring war on fabricated and falsified information also counts because it cost thousands of US lives and endangers our country as a whole. A politician failing to protect the US Constitution and trying to subvert our Government also counts as treason, which is why the last 3 Presidents have all been brought up on impeachment charges.
It's the lying in addition to performing acts the US Constitution prohibits that make these acts treasonous.
American companies have shown they will do anything the government asks. So those backdoors are not installed by the NSA, they came like that from the factory. And for simplicity, they probably back-doord everything but have a secret (port knocking) key to enable the backdoor code.
Given the level of resources available to the NSA, once they have their hands on your hardware you should consider it permanently untrusted. It's not just that they could have reflashed the firmware, they could have installed a radio keylogger or maybe a radio receiver that allows direct control of the computer itself. The power supply could be redone to transmit your crypo-keys onto the power lines for all you know. Now you just have to figure out how to get hardware before they get their hands on it. Given their resources, that might be difficult.
Yet another thing when it's an Indonesian cigarette company being spied on for commercial reasons. Burning through the goodwill of allies just to help out a campaign donor with some trade secrets picked up by spies is IMHO a ridiculous abuse of power.
I think it's somewhat of "we have all your data. If you are suspected of anything wrong, we will look at it. Don't do anything wrong."
- Zav - Imagine a Beowulf cluster of insensitive clods...