Security Researchers Face Revenge of Spy Agencies

mask.of.sanity writes: Researchers tasked with revealing malware attack campaigns are being harassed, locked out of tenders, and in some cases deported. The retaliation by the unnamed spy agencies is in direct response to the popular published advanced-persistent threat campaigns that have coloured information security reporting over recent years. More details from researcher Juan Andrés Guerrero-Saade are available in a paper (pdf).

For Your Own Good

Can't you see that our good friends the government agencies are protecting us from those evil researchers?

We wouldn't want freedom of speech and privacy now, would we?

Re:For Your Own Good

Why are the government spy agencies unnamed? You would think those security researchers affected by these agencies would name names. I call bullshit on this story likely planted by the government as part of its propaganda campaign.

Re:For Your Own Good

[ShanghaiBill]

Why are the government spy agencies unnamed?

Because that would require actual evidence, and TFA has none. It is much easier to make vague accusations and include lots of scary handwaving.

Re:For Your Own Good

These are the agencies that, at least in the US have sadly been able to blockade access to the evidence that would confirm wrongdoing. Even in cases where they accidentally released such evidence proving its existence they have effectively got courts to treat it like it didn't exist because of "national security" (aka complete lack of accountability).

Re:For Your Own Good

Why are the government spy agencies unnamed? You would think those security researchers affected by these agencies would name names. I call bullshit on this story likely planted by the government as part of its propaganda campaign.

Maybe, if they were named, then the researchers that named them would face revenge?

Re:For Your Own Good

[ShanghaiBill]

These are the agencies that, at least in the US have sadly been able to blockade access to the evidence that would confirm wrongdoing.

This is just more vague accusations and hand waving. Like TFA, you don't actually name the agencies, and you provide no information whatsoever to substantiate your allegations.

I love a good conspiracy theory, and I am always more than willing to believe the worst about the American government, but you have to do better than this. Even the 9/11 and moon landing kooks have a better argument than you.

Re:For Your Own Good

[cavreader]

But supposedly these researchers are already facing revenge so why not name names or present some actual facts to bolster the claims of this story?

Re:For Your Own Good

It's posts like this that make me want to vote Hillary in 2016. You can't prove she's not trustworthy! All those other guys - they must be fools!

Re:For Your Own Good

[ShanghaiBill]

You can't prove she's not trustworthy! All those other guys - they must be fools!

Except the problem here is not lack of "proof", but lack of any evidence whatsoever. Even worse than that, the accusations are so nebulous and non-specific that they are meaningless. Somebody somewhere that isn't named, and works for an "agency", that is also unnamed, did something wrong to some other anonymous person, at some unspecific place and time, maybe, and nothing can be named or specified for reasons that aren't given. Are we really supposed to be outraged about that?

Re:For Your Own Good

From TFA:
"This type of compromise is in some cases related to the threat to livelihood as private information security companies have displayed a more or less strict moralism in their hiring practices, often preferring practitioners untainted by publicly known blackhat tendencies," Guerrero-Saade writes.

I get the feeling that if you walked into _any_ tech interview and said "my passion is stealing secrets and trying to profit from them regardless of legal implications", the company would find you a "poor fit for the corporate culture at this time".

Ok, a bit of a straw-man, but TFA really should have elaborated on this.

(Perhaps it isn't moralism at all. Maybe they don't want anyone careless enough to have a _publicly_known_ blackhat tendency...)

Re:For Your Own Good

No, it is because you can be ordered to do something by an intelligence agency (rubber stamped by some secret court which makes it lawful and binding); and forbidden to discuss it with anyone under penalty of law (eg quick trip to federal prison).

That is why many tech companies added a disclaimer into their terms of service; saying that they haven't received any data requests from the intelligence community. This way if they receive such request; they would be legally obliged to remove that sentence from ToS while being banned discussing any details (yup it is an loophole).

Sometimes silence is meaningful; you should know how to listen for it.

First!

Yeah baby, Yeah... Sorry I forgot what age were in now. Yeah people, Yeah!

Not women

These researchers arent women, so who cares?

Re:Not women

Clearly the NRA is responsible for this.

surprise

People of questionable morality don't like to be thwarted in their nefarious activities and retaliate.

Re: surprise

Their activities aren't questionable - they are undeniably wrong and they know it.

Re:surprise

[KGIII]

My first response to this was, "Umm.. Duh? What the hell did you expect?" No right or wrong. Just, well, that's exactly what I'd expect to happen.

Re:surprise

[Coren22]

Are you talking about the "Security Researchers"?

Research is for cows

But they are Cows. Cows say Mooo. MOOOOO! MOOOOOO! Moooo cows mooo. MOOOO say the cows. YOU RESEARCHER COWS!!!

Re:Research is for cows

MMM T-Bone steaks.

In other news...

Security researcher Juan Andrés Guerrero-Saade was found dead in his apartment. Investigators found Guerrero-Saade laying next to various narcotics including heroin and suspect a drug overdose as the cause of death. His neighbors say he was a quiet man that mostly kept to himself.

Re:In other news...

or they found child porn on his PC.

Re:In other news...

[gweihir]

Non-encrypted one. Because, you know, security researchers do not know how to do that...

Bernie Sanders

Please everyone on /. support Bernie Sanders. Thank you.

Re:Bernie Sanders

Why? Don't want to work for a living? Keep your hands off my money you mooch. Fair warning: I'll be protecting it.

Re:Bernie Sanders

Don't worry, Sanders is the first major US politician I've seen who is reasonable, talking facts and is willing to take on serious reforms. He will never become a candidate.

You'll be given a choice between horror (Clinton) and evil (random Rep. asshole), just as you wish for.

Re:Bernie Sanders

You'll be given a choice between evil (Clinton) and horror (random Rep. asshole), just as you wish for.

-- Fixed that for you.

Re:Bernie Sanders

Please everyone on /. support Bernie Sanders. Thank you.

Bernie Sanders drinking game: Any time Bernie says "Socialism", take a drink of someone else's beer.

Re:Bernie Sanders

[ColdWetDog]

Cthulhu for President. Why vote for the lesser evil?

Re:Bernie Sanders

Ok, even I loled at that.

Re:Bernie Sanders

[KGIII]

It's okay - I'm willing to share my beer. It's less expensive and disruptive than you stealing all of it because you don't have any. So, have a sip. Hell, take one 'for the road' when you go. (You should probably have someone drive you.)

Re:Bernie Sanders

I sure as hell hope you are willing to share at least half of it. Every time you take a drink.
That's some socialism for ya.

Re:Bernie Sanders

You get half the drink for twice the price? That sounds like capitalism to me.

Re:Bernie Sanders

[Coren22]

So you are saying that Trump isn't speaking facts? As far as I have seen people are getting pissed because all he speaks are facts. NBC and Univision got pissed because he quoted a Univision owned magazine about crime in immigrants, can't have him quoting us on the subject, that is racist!

Carson also speaks his mind, and is getting fury from the press over it. He talked about how Islam is incompatible with freedom, do you doubt that to be true?

Re:Bernie Sanders

[Coren22]

You have a quarter of the money, while others get the rest of what you earn by sitting at home drinking. You are lucky to be able to afford beer.

Re:Bernie Sanders

Somebody should print up some "be eaten first" campaign buttons.

- T

Apparently the US is the best

[PRMan]

"In many places intelligence services tend to be more civilised than in others -- you would be lucky to deal with them in the US versus wherever else, Latin America, Asia, or Eastern Europe where they take very different tactics, "

The article is referencing other nations where freedom of speech is less guaranteed...for now.

Re:Apparently the US is the best

[guestapoo]

The article did not mention Europe, so more precisely, U.S is better than Latin America, Asia or Eastern Europe.

Re:Apparently the US is the best

Is Eastern Europe no longer part of Europe? I know its been a while since I took geography, but I didn't think plate tectonics worked that quickly.

Re:Apparently the US is the best

[guestapoo]

Normally, when saying Europe, it's meant EU states, vs Eastern Europe, which are former Soviet bloc states.

Re:Apparently the US is the best

Estonia, Latvia, Lithuania, Poland, Czech Republic, Slovakia, Hungray, Slovenia, Croatia, Romania and Bulgaria are all EU states and former Soviet bloc states. Your phrasebook needs updating.

Re:Apparently the US is the best

[guestapoo]

It's Cold War heritage. When saying Western, or the West, it does not mean 'the West' as cardinal point (e.g, Italy), so are the Eastern Europe. Now, when countries are in EU, they're mentioned as Europe, that what the medias have use to report.
Ayy, stop this pointless discussion!

OK, I agree my comment was flawed, that use ambiguous word. I update my comment:
The article did not mention Western Europe, Southern Europe, Scandinavia, so more precisely, U.S is better than Latin America, Asia or Eastern Europe.

Re:Apparently the US is the best

[Zontar+The+Mindless]

Media are already plural. The singular is "medium".

BTW, I don't know where you live, but here in Europe, we usually understand "Europe" to mean "that big peninsula thing hanging off the west end of Asia, in between the Atlantic and the Urals".

Re:Apparently the US is the best

[AHuxley]

It depends on the location of the issues and who is reporting on another nations issues.
Operation Socialist (Dec. 13 2014) https://theintercept.com/2014/...
The fun of discovering issues, correctly reporting the matter and waiting ..... clean up and international expert code review is not always the expected result.

Re:Apparently the US is the best

[chasm22]

I love being precise. The article stated precisely this, "deal with them in the US versus wherever else". Unless you interpret wherever else to mean everywhere but Europe, you are precisely wrong.

Re:Apparently the US is the best

[guestapoo]

Your quote is not complete, just read the GP's quote: "...wherever else, Latin America, Asia, or Eastern Europe..."
The article "precisely" pointed out what "wherever else" is.

That why, I said "the article *did not* mention Europe" (Western, Southern, Scandinavia).
From this article, can you conclude about "Europe"!? Nope!

Re:Apparently the US is the best

[_merlin]

Is the resemblance between your nick "guestapoo" and "Gestapo" intentional or coincidental?

Re:Apparently the US is the best

[r-diddly]

As for Latin America, it's worth asking where they learned those questionable tactics and from whom.

Re:Apparently the US is the best

[RockDoctor]

Normally, when saying Europe, it's meant EU states,

So ... if (when? who knows?) the UK leaves the European Union, you'll no longer count it a European country?

Wearing my "geologist" hard hat, I can assure you that plate tectonics does not operate that fast.

And of course, Norway has never been part of Europe. Or at least, never part of the EU. It is part of the European Economic Area and of the Schengen "passport-less borders" arrangements, but they're not the same thing.

Re:Apparently the US is the best

[RockDoctor]

so more precisely, U.S is better than Latin America, Asia

Considering the number of kleptocratic abusive fascistic governments which the US has installed and supported in Latin America and Asia over the years, then you can be sure that the US government knows exactly what it wants to bring about at home.

Practice makes perfect!

TFA Lacks Substance

While I have no reason doubt that harassment and revenge is happening quite frequently, the article doesn't provide any information to substantiate their statements.

Tenders?

What does it mean to be "locked out of tenders"? My Google-fu fails me here.

Re:Tenders?

[RavenLrD20k]

The best guess I can think of that makes sense amounts to "locked out of financial accounts." This is assuming that "tenders" here is synonymous with "monies."

Re:Tenders?

What does it mean to be "locked out of tenders"? My Google-fu fails me here.

Mmmm, tenders. I love tenders. I can't imagine being locked out of them. Their crispy goodness, the dipping sauces. I couldn't keep on living.

Re:Tenders?

[ColdWetDog]

Nope. I'm quite sure they mean these bad boys. These NSA-types play mean and dirty.

Re:Tenders?

What does it mean to be "locked out of tenders"? My Google-fu fails me here.

It's a focking bid to supply. You focking hicks. When you're locked out, you're not allowed to bid. Where are you guys from? fockin Mars?

Re:Tenders?

What does it mean to be "locked out of tenders"? My Google-fu fails me here.

Companies regular respond to tender requests issued by government. In this context a tender is a contract open for bidding by organisations external to the government department or agency responsible for issuing the tender.

Re:Tenders?

I interpreted "tender" as a poorly chosen synonym of an "offer." TFA makes muddled references to AV / research organizations becoming targets of intelligence agencies when the agencies' activities are exposed by the researchers.... While at the same time recognizing that there are lucrative business intelligence consultancies that could be taken advantage of from the selfsame agencies. So as AV companies tend to need to become informational business intelligence agencies the very products of their research they may nevertheless end up being denied acceptance of the offers (or 'tenders.') I guess.

I could easily be wrong but I think TFA muddies the water between threat research and being a, "threat intelligence brokerage."

Re:Tenders?

[ShanghaiBill]

What does it mean to be "locked out of tenders"? My Google-fu fails me here.

It means their grant application wasn't approved. That could be because their research is crap, or it could be, as the TFA claims, proof of a vast government conspiracy to silence them.

Re:Tenders?

It's a focking bid to supply.

Well, thank for clearing that up. What's a "bid to supply"?

Re:Tenders?

[Zontar+The+Mindless]

We're supposed to take the word of an AC who can't spell "fuck"? I'm defo with that, eh.

Re:Tenders?

Means any time you bid on a government contract, your bid's summarily rejected.

Re:Tenders?

[RockDoctor]

This is assuming that "tenders" here is synonymous with "monies."

I don't know what the word means in your country, but on this side of the Atlantic (Europe), a "tender" is a proposal that a company puts out to invite other companies to bid for a contract. EU law has some strict issues about how all contracts above a certain value should be put out to public tender, with specified levels of advertising, the amount of detail that needs to be made public in the advertising, etc. This is intended to damage monopolies and break cartels, while encouraging the mobility of labour, service and skills.

The major sanction against organisations that don't comply with public tendering rules is that they're not allowed to be awarded EU contracts.

Returning to TFA, the way I read that is that "Evil Intelligence Organisation" sees "Good Security Researcher" apply for contract "X" by company "Y" which is put out to tender, and goes to have a little talk with the management of company "Y" who then refuse to accept the tender from "Good Security Researcher" but instead accept a contract bid from "Tame Security Bullshitter".

Easy to suspect, hard to prove.

Anyone remember Billy Mays?

Who do you think got him? "Cocaine," right. Detergent is an enormous opportunity for underground markets. Domestically as an easily-laundered (no pun intended) money sink, everyone uses it and it goes right down the drain. Also domestically as an off-book trade commodity popular among gangs and drug couriers. Internationally as exports. There are billions of dollars circulating the globe in containers labeled "Tide." Tide powder and liquid are frequently counterfeited and sold for agency profit. OxiClean was a roadblock to be eliminated.

Zero-days are no different. Exploits are where state agencies can make big inroads to clandestine access, blackmail, smuggling, profits. In the electronic case it's knowledge and information they're laundering, not physical goods, but the outcome is the same. The competition is more fierce but a bit more subtle. You start stepping on agency territory, though, make enough waves, you're going to get recruited or you're going to get fucked. IC doesn't like competition.

Locked out of tenders

[ItsJustAPseudonym]

What the heck is a "tender"?

Re:Locked out of tenders

[Jason+Levine]

When I went on a cruise recently, a "tender" was the boat you took to the island. Perhaps they're tossing them onto desert islands and then locking them out of the boats to return home? Then again, considering the island I took the tender to, that wouldn't be a bad thing. (No Internet access but otherwise was incredible.*)

* The no Internet access isn't a problem if you're visiting the island. If I was forced to live there, though, it would become a problem.

Re:Locked out of tenders

[sexconker]

This explains it pretty concisely: https://www.youtube.com/watch?...

Re:Locked out of tenders

[RavenLrD20k]

As I noted with the AC above: What I presume makes the most sense in this context is tender = money. Using this context I think that "Locked out of tenders" could be better represented by saying "having their financial accounts frozen."

Re:Locked out of tenders

My bet is on this: https://en.wikipedia.org/wiki/Request_for_tender

Re:Locked out of tenders

[drinkypoo]

What the heck is a "tender"?

Tender, noun. (commerce) a formal offer to supply specified goods or services at a stated cost or rate

They're getting locked out of bidding on contracts. At least, that's what the sentence means. Not sure if it was used correctly.

Re:Locked out of tenders

[Somebody+Is+Using+My]

A tender is an offer to provide a requested service for a government. Governments put out a request for a service (say, "we need somebody to help us ensure our computer systems are secure") and companies and individuals can tender an offer saying, "these are my qualifications, this is my price range". Government will then select one of those tenders to get the job.

Presumably, people who speak out against governmental practices are having their offers tossed.

At least, that's how I read it.

Re:Locked out of tenders

[BradleyUffner]

A tender is an offer to provide a requested service for a government. Governments put out a request for a service (say, "we need somebody to help us ensure our computer systems are secure") and companies and individuals can tender an offer saying, "these are my qualifications, this is my price range". Government will then select one of those tenders to get the job.

Presumably, people who speak out against governmental practices are having their offers tossed.

At least, that's how I read it.

In previous jobs where I've worked that dealt with government contracts those were called RFPs (Request for Proposal), I've never heard them called "Tenders" before.

Re:Locked out of tenders

[macklin01]

What the heck is a "tender"?

It's a deep-fried, breaded piece of meat product (usually chicken), best served with sweet and sour sauce. Proprietary synonyms include Chicken McNuggets

Re:Locked out of tenders

[angel'o'sphere]

In naval terms a Tender is a supply ship, or a boat carried on a bigger ship capable of transferring personnel or goods between either ships or a ship and land (a live boat is not a tender, a tender has a 'Captain' and a role and potentially a crew, plus passengers)

Tender is also used as a word for currency or money.

Re:Locked out of tenders

[Lakitu]

It's a common word in common usage. Look no further than your nearest dollar bill to see it used this way!

Re:Locked out of tenders

[Coren22]

It is something less than a contract as far as I understand. More temporary employment, or "hey, we need a dozen computers" not a years long contract to provide service or products.

Re:Locked out of tenders

[Coren22]

But what if you prefer ranch or barbecue sauce?

Security Clearance

[TechyImmigrant]

I find it interesting that not having security clearance is viewed as an impediment.

I'm well employed in computer security and not having any clearance, not having signed any government secrets agreement has been an essential part of being able to do my job.

While I work with people with clearances, I simply cannot trust them for specific things because it is not possible to know who they are really working for. Once you have signed up, you are clear for some government work, but tainted for work on the outside. Take your pick.

Re:Security Clearance

[Whorhay]

How does having a security clearance taint you? The only thing it indicates is that you either don't have much of anything to be blackmailed with, or that you have already disclosed such material to the government. There are other contracts you could have signed like NDA's, but that isn't part of having a clearance. Hell it's actually possible for a person to be granted a clearance without them having signed up for one at all.

Re: Security Clearance

Assumptions that they are bound to withhold precious spook bugs instead of spotting or patching them because they were marked as classified by previous government jobs?

Re:Security Clearance

You are trained to lie and misdirect.

Re:Security Clearance

[HiThere]

That's not necessarily true, but one can't be certain, and there are areas one can't investigate.

Re:Security Clearance

[AHuxley]

The freedom to read, talk, understand, consider, create, discover, build, test, expand on existing systems is lost.
It depends on the country, the decade, the boss and the endless tax payer no bid gov/mil contracts.
The problem with a security clearance is that the person is then obligated to report on all material and people they come in contact with by default.
If the material looks like it could be security related, the cleared staff will have to report the matter and all connected people back to the gov/mil.
Reading material, conversations, guests or outside academics presenting raw data, talks about the work of whistleblowers and how it could alter crypto, software or OS development has to be reported on.
If they do not they have lost their security clearance. Another cleared person might have already reported the matter and mentioned a list of staff.
The other long term factor is having two masters. If the mil or gov asks for cypto to be weak or its design changed the cleared worker has the stated directive to alter the project.
Alter the code, weaken the cryto, build in a trap door and pass the work as been secure. That product then ships nationally or globally as a tested standard for years.

Re:Security Clearance

[chasm22]

Wow. And what are you trained to do? Troll?

Re:Security Clearance

What? This doesn't have a logical flow, much less make any sense. At best you have a total misunderstanding of what a security clearance is. At worst, you're just pulling stuff straight out of your ass.

Re:Security Clearance

[AHuxley]

AC look up terms like activity security manager, information assurance, site security, "appropriate authorities", preserve evidence, sanitization, physical removal when "Classified Information Spillage" occurs :)
Just presenting public, open academic crypto information is getting interesting in an educational setting.

Re:Security Clearance

I have a clearance and am well aware of these topics (although some are incredibly generic so don't really make sense in their usage here), but your previous statements are wildly inaccurate (or incredibly incomplete at best) and still don't make any sense.

Re:Security Clearance

This is simply not true.

I have a clearance. I am obligated to treat classified information in a specified manner, and report
overseas travel and suspicious contact by foreign nationals. Beyond that, nothing.

Re:Security Clearance

[gweihir]

It is quite clear why that is. If, in the US, you have a clearance, you may not look at secret material anymore unless specifically authorized to. For example, reading the Snowden documents while you have a security clearance is a crime. For that reason, if you do security research, the only sane thing is to refuse a clearance even if offered.

Re:Security Clearance

[gweihir]

You may not read secret material anymore unless specifically authorized to. Yes, that includes if it is printed in the NY Times. You also have to report certain types of conversations. I accidentally did that to somebody with a clearance a while back and had that explained to me afterwards. (I don't have a clearance, but have done research outside of the US that is at least "secret" there and may well be classified quite a bit higher.)

So, yes, it taints you and significantly so.

Re:Security Clearance

[Whorhay]

A clearance is just a certified opinion of your trustworthiness from the issuing agency.

Deliberately reading information that you know to be classified can cause you to lose that clearance depending on the following investigation. And yes, if you want to maintain a clearance you need to log specific types of conversations and contacts with foreign nationals. Mainly you do that though so you can provide it to the investigator whenever your clearance comes up for review. If you don't care to maintain the clearance you can just disregard all that and move on like anyone else.

Everything you've listed amounts to inconvenience for the person with the clearance. It doesn't actually affect you in anyway unless you are worried about them reporting the fact that they had a conversation with you about some topic or other.

Re:Security Clearance

[gweihir]

I beg to disagree. When I talk to some fellow researcher about my work, and suddenly she gets an expression of fear in her face, clamps up and runs away, that is something that does impact me. My impression is you are sugar-coating to an extensive degree in your statement.

Re: Security Clearance

[Whorhay]

I suppose you could have a situation where someone knows some secret vulnerability and can't spill the beans to fix it because they knew about it previously through classified means. But I would imagine that the number of people who know that kind of information, and then seek out private employment specifically looking for and fixing those kinds of things, to be a very small number. You are probably more likely to have co-workers who find and keep vulnerabilities secret so that they can sell them than keep mum because they already knew about it from previous classified work.

There are only a couple million people with clearances in the USA currently. The enormous majority of those people are military members that will likely never actually see anything above FOUO or PII, and have just the most basic level of clearances. Above that you have another large group of people who have top secret clearances of assorted flavors that still likely never work with anything above secret, but have TS just in case there is a spillage to deal with. I would expect that any zero days that the government is keeping to its self are classified at the TS level and probably only known to a few hundred people.

For 99.9% or more of people with a clearance there would be no way for them to know that a vulnerability is classified, and they would be obligated to report it and seek to fix it.

Re:Security Clearance

[Coren22]

You can be granted access to a clearance, but as soon as you try to use the clearance, one of the first papers they have you sign is an NDA.

Re:Security Clearance

[Coren22]

I can't imagine why they would be afraid, but I guess to each their own.

Re:Security Clearance

[Whorhay]

I suppose it could be a fear of stirring up a reportable incident. In some situations just an investigation could lead to suspension of clearance until the investigation is completed. If her job was dependent on having the clearance then she might have to take some leave until it's cleared up. But so long as she didn't disclose or acknowledge some classified information she shouldn't have anything more to report than that some other researcher independently discovered something that she knows or suspects is classified.

Re:Security Clearance

[TechyImmigrant]

So if you had worked on the development of a secret governemtn cryptographic attack against the ECDLP, and you were now being asked to implement an ECDH exchange in consumer software that was subject to that attack, what would you do?

Would you go right ahead and implement it knowing it was unsafe, or would you warn people of the danger? I don't think you would do the latter.

People go to jail, people die when crypto fails them. Not everyone, but certainly some.
 

Re:Security Clearance

[gweihir]

The problem might be that a simple nod at the wrong place can disclose classified information. And yes, this person was very much dependent on her clearance. The absolute requirement to report anything relevant, even things that are not really that hard to find out, effectively gags them and they cannot be part of a civilized conversation between adults anymore.

Re:Security Clearance

How does having a security clearance taint you?

You are trained to lie and misdirect.

Complete and utter bullshit. In my army reserve unit, anyone who was supposed to have access to the arms vault had to have a security clearance. It's just a very extensive background check with some strings attached, as noted in other posts. For example, don't discuss the arms vault or its contents. Simple, really - no cloak-and-dagger skullduggery involved.

I suppose a real CIA spook must necessarily have a security clearance. However, the vast majority of persons who have had a security clearance are not former spies, nor anything close to it. They're just regular people who can't talk about certain things they've seen, which is not all that different from an NDA, but with heavier consequences for breaking it.

You would do better to concern yourself with whether someone's resume has lies about prior experience and education. Vetting that would be of much greater benefit than foolishly equating "security clearance" with "government spy".

- T

Punishments without a fair trial

[JimSadler]

This punishment without a trial nonsense needs to be hacked off at the knees and all who caused these punishments should be jailed.

Re:Punishments without a fair trial

Snowden hasn't faced a trial either. Nor has Assange.
Both are definitely being punished though.

Good luck sorting that one out.

Re:Punishments without a fair trial

Snowden broke the law. He freely admits that. But he fled to escape punishment. He hasn't been punished at all.
Assange is also a fugitive, but hasn't even been charged with breaking the law. No punishment there, either.

Re:Punishments without a fair trial

Wha...? Snowden has been effectively exiled for doing the right and moral, if technically illegal, thing for the good of his country. Assange is effectively under indefinite house arrest and had his reputation destroyed for helping people find out what their governments are doing secretly in their name. Both live with the knowledge that if western intelligence agencies can find them they will almost certainly disappear "in mysterious circumstances" and (possibly, if the PR guys think it would spin well) turn up later for a show trial and/or indefinite detention until they go nuts aka Bradley Manning - if an "accident" doesn't mysteriously happen first.

I'd call that (unjustified) punishment. Perhaps you have a different definition of the word?

Re:Punishments without a fair trial

This punishment without a trial nonsense needs to be hacked off at the knees and all who caused these punishments should be jailed.

Jail without a trial?

Re:Punishments without a fair trial

If you define punishment that loosely (so that anybody fleeing prosecution is being punished), then I have to reject the idea that there must be no punishment without a trial.

Re:Punishments without a fair trial

Wha...? Snowden has been effectively exiled for doing the right and moral, if technically illegal, thing for the good of his country. Assange is effectively under indefinite house arrest and had his reputation destroyed for helping people find out what their governments are doing secretly in their name. Both live with the knowledge that if western intelligence agencies can find them they will almost certainly disappear "in mysterious circumstances" and (possibly, if the PR guys think it would spin well) turn up later for a show trial and/or indefinite detention until they go nuts aka Bradley Manning - if an "accident" doesn't mysteriously happen first.

I'd call that (unjustified) punishment. Perhaps you have a different definition of the word?

Right??? Moral??? Whose morality? And who gets to claim the moral authority? And who gets to claim the righteous authority?

This one-size-fits-all-centric view of right/wrong/morality disturbs me. Especially when the origins of right/wrong/morality are steeped in hypocrisy. Two examples stand out early in this country's history - 1) U.S. treatment of indigenous peoples. 2) Slavery IN the U.S.

So spare me with your right and moral argument. It all depends on WHOSE definition of right and moral applies here, and it certainly doesn't apply to everyone.

Surveillance

[PopeRatzo]

It appears that government has used the Microsoft Word "search and replace" function to substitute the word "cybersecurity" for every instance of the word, "surveillance".

Please Ignore This Post

4a52 89fb 8723 cec1
de47 3a79 0772 625c
ff56 fbd2 4ba3 4d11
dab2 a4b4 4054 8443
3000 7ef3 b4ed 6dcd
843c 924e 7758 4dda
c669 c061 1fa2 8ed2
113e 2122 86fd c778

Re:Please Ignore This Post

Wholy shit!! Kewl story br0!!!

Not how clearances work, dude.

This is not how clearances work, dude.

IME, it means you can be trusted with government secrets. It does not mean you will withhold anything outside the scope of the specific government contract. For example, if your government job has nothing to do with virus research/creation, then sharing that data won't be prohibited.

I worked on guidance systems. That isn't may job these days, but I avoid doing any work related to those systems now to make my life easier. I am not prohibited from working in commercial guidance systems - the requirements don't really overlap with the work I did, however. My clearance wouldn't prohibit working on viruses, security, or any other sort of computer security subjects. Completely unrelated.

Re:Not how clearances work, dude.

[TechyImmigrant]

It also has an impact on what you can be trusted with. I would not employ you in any capacity that was a position of trust over customer security. You say it was guidance systems, but if you were seeking the key management job, it would raise questions about what your motivations are.

It's not a pejorative thing. It's just how trust works. It isn't transitive and it goes both ways.

Re:Not how clearances work, dude.

Erm, how do you plan on determining whether or not someone has a security clearance, unless the applicant has put it on his or her resume? Which they may do (it shows they have passed extensive background investigation, and is worth something if applying to government agencies or contractors), but there is no requirement to do so. If you are a private employer, there's no way for you to verify whether or not someone in fact holds a clearance.

Re:Not how clearances work, dude.

It's just a work culture. In oceanography (my field), there are the people that want to save the dolphins (or the fish, or hug a tree), and those that work on Navy contracts and don't mind if their work is used to kill people (if albeit very indirectly). There isn't so much overlap, either in terms of researchers, or in terms of the funding sources they get. Both groups work on similar things, but people either are or are not comfortable working on government or military projects, and then their friends tend to be of the same group.

Re:Not how clearances work, dude.

[HiThere]

You say you were working on a guidance system, but if it's a classified project, I can't ascertain that you're telling the truth.

So, yes, it has an effect on the ability to trust you by anyone who don't both have the proper clearance and a government approved "need to know".

Re:Not how clearances work, dude.

"You say you worked on an enterprise payment system, but you signed an NDA, so you might be lying."

A security clearance is a really in-depth NDA. That's all. A finding that someone is trustworthy. Anyone can lie at any time, and people that cannot get a US security clearance is more likely to be untrustworthy. If your only evidence for mistrust is that the US government trusts them somewhat, then pretending that you cannot is straight up bigotry.

Re:Not how clearances work, dude.

[HiThere]

I do agree with you that working on a job that requires a security clearance is no more than any other legally enforceable NDA, where the company demanding the NDA won't share information. In fact it's exactly the same thing.

So yes, you are right, I am suspicious of candidates from any NDA job. But most companies don't operate large spy agencies, so you can know that the NDA isn't covering for them. I don't suspect companies of hiring people secretly to do things that the companies don't do. But if there's a hidden area, they one must consider that they might have done anything that the companies do within that hidden area. So if a company runs a secret police force, then I may suspect that the NDA covered work in or for that secret police force with reason, though the term here is "suspect", and it doesn't speak to how one judges probabilities. Generally the probability is rather low. Sometimes, however, a rather low probability is sufficient to justify a passive decision (i.e., a decision not to take a particular action).

Re:Not how clearances work, dude.

[dbIII]

An example of that was one of the Enron guys that had some sort of clearance from a previous job and cultivated a cloak and dagger aura with wild rumours of him doing special ops stuff part time (I forget his name but it was in the books about that utterly fucked company). He would vanish for days and questioned he would tell his bosses it was "sensitive" - probably literally because he was eventually seen in strip clubs on such occasions :)

Just like ACLU

If the attacks were beneficiaries of legal and monetary compensation, they could withstand the attacks. Form a PAC!

No such agency!

Surely no such agency would do such a thing!

Joe Biden 2016!

Joe Biden is a square shooter