Slashdot Mirror
German Intelligence Traded Citizen Data For NSA Surveillance Software
An anonymous reader sends news that Germany's domestic intelligence agency, the BfV, was so impressed with the NSA's surveillance software that they were willing to "share all data relevant to the NSA's mission" in order to get it. "The data in question is regularly part of the approved surveillance measures carried out by the BfV. In contrast, for example, to the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, the BfV does not use a dragnet to collect huge volumes of data from the Internet. Rather, it is only allowed to monitor individual suspects in Germany -- and only after a special parliamentary commission has granted approval. ... Targeted surveillance measures are primarily intended to turn up the content of specific conversations, in the form of emails, telephone exchanges or faxes. But along the way, essentially as a side effect, the BfV also collects mass quantities of so-called metadata. Whether the collection of this data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts."
I find this a little surprising. The NSA might have some great spy tools, but some of the most incredible programmers and IT people that I have ever known are German.
One would think that they could not only build an NSA type system, but do it better.
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
There's a big difference between freely exchanging information and having someone scoop up all that information when it's not addressed to them.
When you sit on a bench in the park talking to your girlfriend, you don't expect some stranger in a trenchcoat to lean in between you and listen to everything you say.
But, yes, it's unfortunate that the warnings from the 90s were ignored, and we didn't get automatic encryption by default across the Net to ensure this couldn't happen.
Orwell's Oceania comprised the UK and the USA.
What people need to understand about the current security and surveillance industry is that it is, first and foremost, a business. The business of keeping the now tens of thousands of people involved in permanent pensionable employment.
I'm not simply talking about the bonanza of outsourcing, supply contracts, and R&D being enjoyed by companies in the security industry supply chain -- though this is a factor as well obviously. I'm talking about the entire attitude of the 100% government employees who ultimately sit at the center of this process. A generation of managers and "leaders" in the Western world has been raised on an ideology of "Marketism", to believe in "markets", "customers", "stakeholders", "competitiveness", "trading partners", "contracts", and "global synergies", even when such concepts have utterly no place in the work they are charged with carrying out.
Case in point: This story. Why would a domestic intelligence agencies actually hand over that most precious of all intelligence resources data, to a FOREIGN rival intelligence agency. Even in the globalist dreamland of one happy Western Civ family, such a move makes little and less sense. But in the world of "Marketism", this is simply "doing business", "making a deal", making an "optimal tradeoff". All notions of basic fundamentals, rationalism, or common sense is secondary to the Cargo Cult drive to act as though your organisation is some kind of stock brokerage -- complete with "performance bonuses" for yourself of course. Sadly, most employees by this stage do not even require financial incentive. They have reached the point where they want to engage in these ridiculous actions, as they have internalized the ideology.
And this is an ideology. It's infected our society's professional classes from top to almost bottom. A belief that the principals of the "Markets" are universal, omni-applicable, aspirational and virtuous in all circumstances. It is now the religion of the western professionals, and unbelievers are not smiled upon. Such a mindset might be suited to industries in finance or industry -- though even this is an increasingly dubious proposition -- but it is clear that applying them to public services and now even state security services is calamity now transcending utter insanity.
I believe we are approaching peak Marketism. The dogma has become too pervasive, too obvious, too familiar, and the buzzwords are all losing their power, even as modern society loses its momentum. Hopefully we will see the pendulum swing away from this Marketist cult, but if it does, you can expect the three or four generations raised on, and ultimately paid by, this ideology to launch an almighty campaign to maintain their ascendancy. They had better hope they won't have "rationalized" their ability to do so in the meantime.
"In my opinion the reality of some rogue terrorist organization obtaining a nuclear bomb and detonating it in a population center is quite real."
Classic scaremongering, but the most likely scenario here is NSA spies on German political machine, US shapes German politics to be compliant to US wishes. Democracy lost in Germany, German business undermined, unfair trade agreements pushed through.... etc.
*Not* terrorist organization obtains nuclear weapon by Hotmail, NSA taps all Hotmail, spots threat, sends data to BfV, who arrest terrorist.
No, they're not. Networks are supposed to take data from one machine and deliver it to another. They're not designed to deliver it to anyone else along the way. That's an attack on the network, not part of the design.
And automatic encryption can easily be handled by pushing public keys into DNS. Yes, the NSA could force people to push fake keys into DNS, but then no-one would trust it any more.
This is how the US can spy on its citizenry "legally" for ages. US agents scoop up British and German data. British and German scoop up American data, then all the data is swapped. US never spied on Americans, and German Republic never spied on Germans.
But, they are not Five Eyes. Still don't sit at the big boys table.
Lets be clear about this, its not accidental snooping by some sort of sentient 'network'.
NSA has been faking certificates, Backdooring encryption, faking websites, installing taps into fibre optics around the world, hacking into servers to install back doors, writing malware, blocking encrypted connections force unencrypted fall backs etc. etc.
It didn't accidentally wake up and find it was building 7 massive exabyte class data centers!
"You will also never have "automatic encryption" across the network they way they are designed now"
Thats simply not true, you can exchange a first time key, and to defeat that key exchange, NSA would have to intercept all communications all the time. If it missed the first exchange, it fails, if it missed ANY subsequent exchange, the tap is revealed.
The problem currently is the certificate authorities and key cancel are a back door the NSA uses.
Siemens for example makes quite a lot of software.
yeah, I hear they make centrifuge software with some killer undocumented features
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
My NIC begs to differ. It receives every packet and discards those not addressed to it, except when I set it to promiscuous mode.
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"
You are creating a straw-man out of the GP's terms. The GP even used the term *delivered* to make the appropriate distinction. Information in a payload that is encrypted is not the *delivered* information *without* the decryption key information. A network *may* have access to the *delivered* information, but it doesn't necessarily *need* to have it, and having it is considered a security weakness that may be *attacked*.
# make clean sig