It isn't just the names that are revealed. You can infer from the profiles quite a bit of information about what these programs are used for. Take quotes like these (from various public posts):
Utilized ANCHORY/MAUI reporting database to correlate and verify target selections. Utilized AIRGAP for discovery of priority targets within the missions AOI. Used Marina as a tracking and pattern of life tool on selected targets within the missions AOI. Used Marina as a raw SIGINT data viewer for detection and analysis of priority targets. Used HOMEBASE as coordination and tasking tool with other DNI analysts.
Are they? Do you actually have any inside knowledge of the NSA and what they do
No of course not. That's the problem.
You could use the exact same defense for the Stasi. East Germans had no nice and official documentation about what they did, unless they worked for them. Were they therefore not entitled to have an opinion about it?
Most of them are probably doing harmless innocuous work, or actually tracing workable intelligence leads towards the bad guys.
Are they? Do you actually have any inside knowledge of the NSA and what they do?
Beleive it or not the intelligence community does serve a useful purpose
I'm not convinced. I've not seen conclusive evidence. Oh sure, I'm sure they stop a terrorist now and then, but the question is whether the threat they themselves pose to liberty is worse than the threats they deal with.
History suggests it is: people have vastly overestimated external threats compared to the threat from people nominally tasked with defending them.
Cryptanalysis is at a level you could not possibly comprehend.
A person confirmed by the US government of having a lot of inside information, recently said that our encryption is secure. So unless you can explain why you know more about the NSA's capabilities than him....
Not everything you could do to resist modern government surveillance is going to be hard. Here's an easy one:
Every time you send a mail, your app zip it and encrypt it with a small, randomly chosen key. You don't transmit the key. Instead, the recipient has to brute force it, it takes about 5 seconds.
That thing does extremely little to protect your message from a determined attacker. But it also stops mass scanning of message content dead in its tracks.
We need different forms of protection. Some are very hard to get. Let's not get so discouraged by that that we don't bother with the protection we can easily take.
Before you care about those issues one way or another, you've got to care about your freedom and ability to actually make a difference on either of those issues.
If you have no power, if the spy agencies are in charge and could manipulate the majority's public opinion on those issues any way they wanted, what would it matter what you thought about them?
That's high-effort spying. Because it's so detectable, it's also very risky, so it's highly unlikely they would use it other than on high-value targets.
Our goal is first and foremost to stop low-effort, safe (for them) mass surveillance.
Not true if the NSA has a deal with the telco. They can use base station and signal strength to determine your position accurately. This was part of the metadata NSA collected from Verizon in the initial scandal.
Torture, torture, torture. What you must realize is that if you demand the perfect protection, the kind that is resistant to FSB kidnapping and torturing all your friends, then you're going to have to wait. While there are easy steps you can take now, which won't stop NSA for all eternity, but can make their business much harder when it comes to spying on you.
It's a bit like securing webservers. It's extremely likely that there's an exploit somewhere in the software you run on it, that could be found by a very determined adversary. Do you refuse to run even a simple firewall because of that? No, that would be stupid. The most important thing is to protect from casual, easy attacks - the targeted nuclear attacks you can worry about later.
(To be more specific: Man in the middle attacks against the likes of PGP or OTR chat are a bit like targeted nuclear attacks. Sure they work, but they have so much potential fallout that you're not going to see it very often. Unless you have a specific reason to think you are a high-value target and an immediate risk,it's scarcely worth thinking about!)
The problem is, they don't even need very much determination to do so today. It could all be automated, and run on your entire demographic (just in case) rather than targeted at you.
You can extract metadata from the content of your message too. They can't automatically understand it yet, but they can probably guess whether you're talking about something political, whether you're angry, certainly what languages you speak...
It can also enhance their understanding of your social connections. If there are certain words that show up in mails to recipient A which never shows up in any other mail (say, like the words "your body"), that's valuable to them, that can tell you something about what kind of relationship you have to A. Now if those words suddenly start turning up in messages to someone else... whoops, automatically collected blackm.. I mean opposition research material!
No, they don't generally know that their email is wide open. I guarantee you, if a large batch of random intercepted emails was suddenly published, regular people would be shocked.
And not all compromising is equal. If it takes even a modest effort for NSA to read my mail, that's better than nothing. That ultimately limits how much they can do.
It's not so easy to turn a genuine idealist, and The Pirate Bay folks were in fact that. Greedy maybe, but not willing to compromise on certain things.
It's virtually guaranteed that these polls are flawed. Public opinion polls on all topics are of a deplorable quality.
But regardless of that, the issue is how this poll is used. Whether what it reports is accurate or not, there can be little doubt that it's used for political purposes, in order to erode the very support it reports on.
If you want people to think Snowden is a bad man, you don't get far by saying "I think Snowden is a bad man, and here's why:...". That gets people's critical guard up. You get far further by saying "Support for Snowden is slipping". There is abundant evidence that people glance to their neighbours when they decide what their opinion should be, and when they do that they internalize the standpoints, and it slips past their critical guard. You don't have to come up with justifications, they will do that by themselves.
Did you never wonder why "horse race reporting" was so popular?
Most of the "they already knew this" folks would have called you paranoid if you asserted half of what's been revealed. It's a thin attempt to justify their complacent attitudes, in the face of evidence that radical attitudes were called for all along.
And hopefully, I'm not going to be called paranoid now when I assert that the government has a social media strategy, and that they know how to play on people's vanities in order to manufacture consent.
It is now official. YouGov has confirmed: Edward Snowden support is dying
One more crippling bombshell hit the already beleaguered internet community community when CNN confirmed that support for whistleblowers has dropped yet again, now down to less than a fraction of 1 percent of all important people. Coming on the heels of a recent Pew survey which plainly states that...
But let's step back a bit. I'm no Valley Visionary, so if I were setting up a business based on offering unlicensed hospitality or cab rides, I might ask myself a few questions first. And I may ask myself: why is it that every town and city I've ever been to has licensing requirements for people offering taxi services or overnight accommodations? Is there a global taxi cartel or a multinational bed-and-breakfast conglomerate enforcing its will on municipalities from Aberystwyth to Yellowknife? And if there isn't -- and of course there isn't, because taxi and B&B operations are usually local and small-scale operations -- I may ask myself: what's behind all these rules?
Since the drug dealers would know NSA had the keys - they didn't much try to conceal their interception, like they do today! - they would have to be very stupid indeed to use Clipper.
Yes, in fact it does. A reduced-round attack is a strike against a cipher, and the existence of a reduced round attack is pretty much a prerequisite for a full attack. Thus, in academia and in competitions such as NIST's AES competition, reduced round attacks are a strike against a cipher. No, it doesn't guarantee it, and most ciphers in active use get some reduced round attacks against them eventually, but such a strong attack on day 1 is a pretty awful sign.
You mention the Clipper chip and its key escrow system guaranteeing government access, but what you should remember is that the cryptosystem that chip used was
1. Foolishly kept secret by the NSA, although it has long been understood that academic scrutiny is far more important than security through obscurity, and
2. The symmetric cipher the chip used, Skipjack, was subject to a devastating attack on its first day of declassification (breaking half the rounds) and by now is completely broken. That remains rare for any seriously proposed cipher...
Since presumably the NSA did not try to make a broken cryptosystem (why, to help other spies? They themselves had the keys anyway!) this illustrates that yes, incompetence is a concern even at super-funded, super-powerful agencies like the NSA.
Slashdot Mirror
It isn't just the names that are revealed. You can infer from the profiles quite a bit of information about what these programs are used for. Take quotes like these (from various public posts):
No of course not. That's the problem.
You could use the exact same defense for the Stasi. East Germans had no nice and official documentation about what they did, unless they worked for them. Were they therefore not entitled to have an opinion about it?
Are they? Do you actually have any inside knowledge of the NSA and what they do?
I'm not convinced. I've not seen conclusive evidence. Oh sure, I'm sure they stop a terrorist now and then, but the question is whether the threat they themselves pose to liberty is worse than the threats they deal with.
History suggests it is: people have vastly overestimated external threats compared to the threat from people nominally tasked with defending them.
Interesting. Could you give any references?
A person confirmed by the US government of having a lot of inside information, recently said that our encryption is secure. So unless you can explain why you know more about the NSA's capabilities than him....
Companies can legally be compelled to turn over data, but I'm not sure they can be legally compelled to run an active attack on their users.
Sadly, just because I'm not sure it would be legal, doesn't mean I'm at all sure they wouldn't do it.
SpiderOak seems sweet enough, but I have trust issues with US companies right now.
Yeah, but it happens inside a binary blob. At least I can't find the source download.
Unless there's a way to make the binary blob do that, currently or in the future.
There is, sadly.
It's at least somewhat more resistant to sudden and catastrophic failure. If they go down, you probably get advance warning.
Not everything you could do to resist modern government surveillance is going to be hard. Here's an easy one:
Every time you send a mail, your app zip it and encrypt it with a small, randomly chosen key. You don't transmit the key. Instead, the recipient has to brute force it, it takes about 5 seconds.
That thing does extremely little to protect your message from a determined attacker. But it also stops mass scanning of message content dead in its tracks.
We need different forms of protection. Some are very hard to get. Let's not get so discouraged by that that we don't bother with the protection we can easily take.
Before you care about those issues one way or another, you've got to care about your freedom and ability to actually make a difference on either of those issues.
If you have no power, if the spy agencies are in charge and could manipulate the majority's public opinion on those issues any way they wanted, what would it matter what you thought about them?
Democracy first, then politics.
That's high-effort spying. Because it's so detectable, it's also very risky, so it's highly unlikely they would use it other than on high-value targets.
Our goal is first and foremost to stop low-effort, safe (for them) mass surveillance.
Not true if the NSA has a deal with the telco. They can use base station and signal strength to determine your position accurately. This was part of the metadata NSA collected from Verizon in the initial scandal.
Torture, torture, torture. What you must realize is that if you demand the perfect protection, the kind that is resistant to FSB kidnapping and torturing all your friends, then you're going to have to wait. While there are easy steps you can take now, which won't stop NSA for all eternity, but can make their business much harder when it comes to spying on you.
It's a bit like securing webservers. It's extremely likely that there's an exploit somewhere in the software you run on it, that could be found by a very determined adversary. Do you refuse to run even a simple firewall because of that? No, that would be stupid. The most important thing is to protect from casual, easy attacks - the targeted nuclear attacks you can worry about later.
(To be more specific: Man in the middle attacks against the likes of PGP or OTR chat are a bit like targeted nuclear attacks. Sure they work, but they have so much potential fallout that you're not going to see it very often. Unless you have a specific reason to think you are a high-value target and an immediate risk,it's scarcely worth thinking about!)
The problem is, they don't even need very much determination to do so today. It could all be automated, and run on your entire demographic (just in case) rather than targeted at you.
You have an account with five digits, and you're still using it after all these years? Yeah, I think they can find you.
You can extract metadata from the content of your message too. They can't automatically understand it yet, but they can probably guess whether you're talking about something political, whether you're angry, certainly what languages you speak...
It can also enhance their understanding of your social connections. If there are certain words that show up in mails to recipient A which never shows up in any other mail (say, like the words "your body"), that's valuable to them, that can tell you something about what kind of relationship you have to A. Now if those words suddenly start turning up in messages to someone else... whoops, automatically collected blackm.. I mean opposition research material!
No, they don't generally know that their email is wide open. I guarantee you, if a large batch of random intercepted emails was suddenly published, regular people would be shocked.
And not all compromising is equal. If it takes even a modest effort for NSA to read my mail, that's better than nothing. That ultimately limits how much they can do.
It's not so easy to turn a genuine idealist, and The Pirate Bay folks were in fact that. Greedy maybe, but not willing to compromise on certain things.
It's virtually guaranteed that these polls are flawed. Public opinion polls on all topics are of a deplorable quality.
But regardless of that, the issue is how this poll is used. Whether what it reports is accurate or not, there can be little doubt that it's used for political purposes, in order to erode the very support it reports on.
If you want people to think Snowden is a bad man, you don't get far by saying "I think Snowden is a bad man, and here's why: ...". That gets people's critical guard up. You get far further by saying "Support for Snowden is slipping". There is abundant evidence that people glance to their neighbours when they decide what their opinion should be, and when they do that they internalize the standpoints, and it slips past their critical guard. You don't have to come up with justifications, they will do that by themselves.
Did you never wonder why "horse race reporting" was so popular?
Most of the "they already knew this" folks would have called you paranoid if you asserted half of what's been revealed. It's a thin attempt to justify their complacent attitudes, in the face of evidence that radical attitudes were called for all along.
And hopefully, I'm not going to be called paranoid now when I assert that the government has a social media strategy, and that they know how to play on people's vanities in order to manufacture consent.
If they "seized" his wallet, wouldn't they be unable to get the money as it's encrypted?
It is now official. YouGov has confirmed: Edward Snowden support is dying
One more crippling bombshell hit the already beleaguered internet community community when CNN confirmed that support for whistleblowers has dropped yet again, now down to less than a fraction of 1 percent of all important people. Coming on the heels of a recent Pew survey which plainly states that...
http://whimsley.typepad.com/whimsley/2012/12/peer-to-peer-hucksterism-an-open-letter-to-tim-wu.html
Since the drug dealers would know NSA had the keys - they didn't much try to conceal their interception, like they do today! - they would have to be very stupid indeed to use Clipper.
Yes, in fact it does. A reduced-round attack is a strike against a cipher, and the existence of a reduced round attack is pretty much a prerequisite for a full attack. Thus, in academia and in competitions such as NIST's AES competition, reduced round attacks are a strike against a cipher. No, it doesn't guarantee it, and most ciphers in active use get some reduced round attacks against them eventually, but such a strong attack on day 1 is a pretty awful sign.
In this case, the fears were fully justified.
You mention the Clipper chip and its key escrow system guaranteeing government access, but what you should remember is that the cryptosystem that chip used was
1. Foolishly kept secret by the NSA, although it has long been understood that academic scrutiny is far more important than security through obscurity, and
2. The symmetric cipher the chip used, Skipjack, was subject to a devastating attack on its first day of declassification (breaking half the rounds) and by now is completely broken. That remains rare for any seriously proposed cipher...
Since presumably the NSA did not try to make a broken cryptosystem (why, to help other spies? They themselves had the keys anyway!) this illustrates that yes, incompetence is a concern even at super-funded, super-powerful agencies like the NSA.