It's Russia, you twit! How can there be a Russian conversation about domestic surveillance when they have trouble having political opposition, let alone a free press! The Russian Federation is 148th in the 2014 Reporters Without Borders World free press index, and here you are, talking about how you asked a tough question to a leader who doesn't give a shit about looking hypocritical or lying, and has been using you for the last 10 months to discredit the West while he goes forward with his project of grand russian unification.
I really like how the very last one (8. "A malicious meddler who tries to discover sensitive information by poking around") is said to be deprecated, when it is by FAR the most commonly used, among infosec professionals, in the litterature, the media and well, pretty much everybody, for the last decade or so... The only exception being that tiny minority who still cling to the old-school definition...
This is very true, but from the POV of the US, it is also a great argument for continuing to invest in offensive cyber capabilities.
In the end, it costs way less to attack a network than to secure it properly. And unfortunately, this asymmetrical situation could remain true for a long time.
This also can lead to a cult of the offensive: http://en.wikipedia.org/wiki/Cult_of_the_offensive
> Given that a lot of people in intelligence communities believe they are working for the good side, I have no troubles believing your hypothesis.
A truckload of people in the security and intelligence communities have issues with domestic surveillance and were against the Patriot Act from the very begining. It's far from a minority opinion.
I've work extensively with NERC CIP v3 - there's a BUTTLOAD of blind spots in the standard, but it's also true for PCI and others, and it will also be true for NERC CIP v5.
These regulations generally aim for basic security controls, in industries that have little to no information security culture, so they start with some basic stuff. And even this basic stuff is hard to sell and implement.
Oh yeah, you got me there Sherlock. It's impossible that some people just think that i'm making sense, and are happy to see someone calling your bullshit for once. No. It MUST be a conspiracy. By "shills". We are legion, we are everywhere. The NSA pays us to troll a website nobody cares about anymore.
> Great explanation, the collect information about everybody, about who called who. How can this not be systematically storing files on everyone. Or is it that it isn't a physical file, so its different.
It's just not the same thing at all. If I have a security camera outside my building and I record people passing by, I'm recording a lot of information from a lot of persons, the vast majority who are innocent. But there's a difference between this and creating a file of every one of these person, and then associating each record to each files. THAT would be creepy.
> Neither do you, it is speculation based, the response of the government, when the NSA goes against the constitution, do the get forced to stop, no, the government goes after the whistle blower. I know its not isn't proof, but to me it strongly implies a lot of political influence.
You're the one saying that NSA is so good at doing something that they don't appear to be doing it. Note that such claim could be said about anything: NASA sends people to Mars everyday, but they are so good at hiding it that it looks like they aren't. That's speculation. You're the one making a claim here.
As for the rest, I fail to see how this has anything to do with what I said.
> FUD. Pure and unstrained. You might consider that if we didn't shoot/bomb/torture so many people and left them the fuck alone, they might not hijack a plane and crash it into our buildings.
Those two things are not mutually exclusive, so I don't really know what's your point.
> Why have it in-house? What do you call an organization that prepares material for the Commander-In-Chief and supplies data to lawenforcement agencies? Do you imagine the the NSA operates in a magical box, all alone, cut off from the rest of the US government, and the US government has no desire to use their information?
I never said that they were completely isolated. But there clearly was a willingness to enforce a separation of dutie on this matter (which makes a lot of sense), this separation of duties has clearly influenced the relationships between these organisations, and this is also clearly a difference between the NSA and the Stasi (and I'm kind of surprise to see people jump on THIS difference in particular).
> Fucking jackboot licking shill
Three persons called me shill on this thread; the three were AC. Now, I'm sure it must feel very edgy from your POV, but trust me, you guys don't sound edgy at all. You guys sounds like excited dicks who would say anything for a reaction, and can't handle a real discussion when faced with someone calling your ignorance.
> Isn't that what gathering "meta data" is all about. Hum... no?
>I would be very surprised if the didn't, the basically force companies like google to hand over information. They hire people to put back doors int encryption algorithms. Why do you think they are are above doing the same with the general public. The only reason I can see, is it maybe less efficient, than monitoring all electronic communication.
The Stasi hired your neighbors to spy on you. At one point, one in 20 or one in 30 East german citizen (can't remember the exact ratio) was an informant on Stasi payroll. If you have any shred of begining of hint of evidence that the NSA is doing anything remotely close to that, please share it.
>or crazy good at it, so good at it that you don't even know they are doing it, the USA is a democracy, well compared to East Germany, so they have to be a little more subtle about it.
Again, do you have any evidence whatsoever? Because it really sounds like speculation.
Well, that's the theory. In actual reality, the relationship between the NSA, the FBI and the CIA is far from easy. In fact, lack of collaboration between them is one of the biggest reason why 9/11 happened. They roles and responsibilities sometime overlap. For example, the NSA isn't the only signal intelligence organisation in the US. The military has their own. Historically, the CIA had their own too. But the NSA never had any enforcement branch, while a shitload of US organisations have (did you know NASA has its own law enforcement division?)
Obviously, if you see the US government (or any other government) as some kind of monolithic entity that always goes the same direction in unity, you won't care about the distinctions between all these organisations. In reality, it's far, far from being that simple. Politics is everywhere, even in the intelligence community.
None of these organisations are enforcement arms of the NSA. They are separate organisations with separate mandates, and in practice, who aren't even especially friendly or helpful among each others.
The NSA cannot arrests anyone the way the Stasi could without having to tell anybody.
And the fact that the NSA is, on pro rata of the population, 20 times smaller than the Stasi. And the fact that they don't have any enforcement arm, while the Stasi had the power to arrest anyone at will. And that they don't systematically create files on their citizens, you know, what the Stasi job was by design. Nor to they hire informant among the public. And they don't seem to be politically active (or if they are, they are crazy bad at it), while the Stasi was closely tied to East Germany and almost took over the country at some point, the way Poutine (ex KGB, remember) did in Russia. So yeah, exactly the same. Especially if you have no idea of what you are talking about.
In 30 years, the most profitable company in the world will be General Bitcoin. They will have developed their own nuclear reactors and designed their own computing technologies in order to be the very last organisation able to generate bitcoins, slowly but surely, one at a time. Huge amount of resources, beyond those available to most countries, will be spend in order to slowly grow the amount of bitcoins available. What a fantastic utopia we have here.
While what the NSA did with Dual_EC_DRBG is shit, no, it's not the only way they support civilian infrastructure. NSA provide all kind information security expertise, not just with encryption.
Not only that, but *obviously* they have the ability to associate a number with someone at some point - if not, then what is the point in collecting and analysing anything? Metadata doesn't allow you to see the *content* of a call, but obviously it has to give you some information or you wouldn't bother with it.
From the point of view of intelligence agencies worldwide, there's no real difference. Both have an impact of their respective countries interests. Both have been done for decades. This ship has sail a long time ago.
The fact that the NSA was spying foreign nationals wasn't a big secret indeed, considering it's the very reason of the organisation existence. But then, it wasn't a big secret in the US either.
The details of actual operations is a completely different matter. To take the most obvious example, the Germans certainly didn't know Merkel cell phone was compromised for so long, or they would have reacted before. Same thing for the Chinese targets Snowden disclosed. The Chinese knew the US were very interested in what they were doing, but it obviously doesn't mean they knew about the actual targets or the actual vulnerabilities use to compromise them. And that's where the big loss is for the NSA.
The US government isn't pissed about Snowden because "the entire US population" learned about their foreign eavesdropping operations, but because foreign intelligence agencies did.
That's the number of people with Top Secret clearance, some times necessary to merely work on some governments projects. It's not really a meaningful number at all (it certainly doesn't has anything to do with "people employed to monitor web traffic").
The world isn't divided between thinkers and doers. People who believe that generally see themselves on the thinker side, and they don't want to do, so it's a narrative that fits them well.
In practice, I've met very few good thinkers who weren't also doers in one way or another, simply because it's very hard to actually have good ideas if you never got down to implementing them. An idea can feel good and sounds great, but if you don't have the experience in knowing what works and what doesn't, how to see and deal with edge cases and exceptions, it's probably not that great - or, put another way, you are probably not a good judge of its greatness.
And that's the biggest problem with the "lets reinvent the world" crowd - if you don't know how the world works, why it works, and if you never actually managed to reinvent anything in your house, in your community, in your business, it's quite doubtful your great idea to save the planet is actually interesting. And it's also why so many of the world's doers seem to do so often the same things, and take the same decisions in front of the same situations - not because they are stupid and ignorant, but because more often than not, they already figured out what works and what doesn't, and the difference between what they can dream and what they can accomplish.
Slashdot Mirror
Btw, I did not write that. AC isn't me.
It's Russia, you twit! How can there be a Russian conversation about domestic surveillance when they have trouble having political opposition, let alone a free press! The Russian Federation is 148th in the 2014 Reporters Without Borders World free press index, and here you are, talking about how you asked a tough question to a leader who doesn't give a shit about looking hypocritical or lying, and has been using you for the last 10 months to discredit the West while he goes forward with his project of grand russian unification.
See the provided link for the "definitions".
I really like how the very last one (8. "A malicious meddler who tries to discover sensitive information by poking around") is said to be deprecated, when it is by FAR the most commonly used, among infosec professionals, in the litterature, the media and well, pretty much everybody, for the last decade or so... The only exception being that tiny minority who still cling to the old-school definition...
But yeah... "Deprecated."
This is very true, but from the POV of the US, it is also a great argument for continuing to invest in offensive cyber capabilities.
In the end, it costs way less to attack a network than to secure it properly. And unfortunately, this asymmetrical situation could remain true for a long time.
This also can lead to a cult of the offensive:
http://en.wikipedia.org/wiki/Cult_of_the_offensive
> Given that a lot of people in intelligence communities believe they are working for the good side, I have no troubles believing your hypothesis.
A truckload of people in the security and intelligence communities have issues with domestic surveillance and were against the Patriot Act from the very begining. It's far from a minority opinion.
I've work extensively with NERC CIP v3 - there's a BUTTLOAD of blind spots in the standard, but it's also true for PCI and others, and it will also be true for NERC CIP v5.
These regulations generally aim for basic security controls, in industries that have little to no information security culture, so they start with some basic stuff. And even this basic stuff is hard to sell and implement.
Oh yeah, you got me there Sherlock. It's impossible that some people just think that i'm making sense, and are happy to see someone calling your bullshit for once. No. It MUST be a conspiracy. By "shills". We are legion, we are everywhere. The NSA pays us to troll a website nobody cares about anymore.
ON DEMAND is different than SYSTEMATICALLY. Especially when the "on demand" is "in 1% of the cases".
> Great explanation, the collect information about everybody, about who called who. How can this not be systematically storing files on everyone. Or is it that it isn't a physical file, so its different.
It's just not the same thing at all. If I have a security camera outside my building and I record people passing by, I'm recording a lot of information from a lot of persons, the vast majority who are innocent. But there's a difference between this and creating a file of every one of these person, and then associating each record to each files. THAT would be creepy.
> Neither do you, it is speculation based, the response of the government, when the NSA goes against the constitution, do the get forced to stop, no, the government goes after the whistle blower. I know its not isn't proof, but to me it strongly implies a lot of political influence.
You're the one saying that NSA is so good at doing something that they don't appear to be doing it. Note that such claim could be said about anything: NASA sends people to Mars everyday, but they are so good at hiding it that it looks like they aren't. That's speculation. You're the one making a claim here.
As for the rest, I fail to see how this has anything to do with what I said.
> FUD. Pure and unstrained. You might consider that if we didn't shoot/bomb/torture so many people and left them the fuck alone, they might not hijack a plane and crash it into our buildings.
Those two things are not mutually exclusive, so I don't really know what's your point.
> Why have it in-house? What do you call an organization that prepares material for the Commander-In-Chief and supplies data to lawenforcement agencies? Do you imagine the the NSA operates in a magical box, all alone, cut off from the rest of the US government, and the US government has no desire to use their information?
I never said that they were completely isolated. But there clearly was a willingness to enforce a separation of dutie on this matter (which makes a lot of sense), this separation of duties has clearly influenced the relationships between these organisations, and this is also clearly a difference between the NSA and the Stasi (and I'm kind of surprise to see people jump on THIS difference in particular).
> Fucking jackboot licking shill
Three persons called me shill on this thread; the three were AC. Now, I'm sure it must feel very edgy from your POV, but trust me, you guys don't sound edgy at all. You guys sounds like excited dicks who would say anything for a reaction, and can't handle a real discussion when faced with someone calling your ignorance.
> Isn't that what gathering "meta data" is all about.
Hum... no?
>I would be very surprised if the didn't, the basically force companies like google to hand over information. They hire people to put back doors int encryption algorithms. Why do you think they are are above doing the same with the general public. The only reason I can see, is it maybe less efficient, than monitoring all electronic communication.
The Stasi hired your neighbors to spy on you. At one point, one in 20 or one in 30 East german citizen (can't remember the exact ratio) was an informant on Stasi payroll. If you have any shred of begining of hint of evidence that the NSA is doing anything remotely close to that, please share it.
>or crazy good at it, so good at it that you don't even know they are doing it, the USA is a democracy, well compared to East Germany, so they have to be a little more subtle about it.
Again, do you have any evidence whatsoever? Because it really sounds like speculation.
Well, that's the theory. In actual reality, the relationship between the NSA, the FBI and the CIA is far from easy. In fact, lack of collaboration between them is one of the biggest reason why 9/11 happened. They roles and responsibilities sometime overlap. For example, the NSA isn't the only signal intelligence organisation in the US. The military has their own. Historically, the CIA had their own too. But the NSA never had any enforcement branch, while a shitload of US organisations have (did you know NASA has its own law enforcement division?)
Obviously, if you see the US government (or any other government) as some kind of monolithic entity that always goes the same direction in unity, you won't care about the distinctions between all these organisations. In reality, it's far, far from being that simple. Politics is everywhere, even in the intelligence community.
None of these organisations are enforcement arms of the NSA. They are separate organisations with separate mandates, and in practice, who aren't even especially friendly or helpful among each others.
The NSA cannot arrests anyone the way the Stasi could without having to tell anybody.
And the fact that the NSA is, on pro rata of the population, 20 times smaller than the Stasi. And the fact that they don't have any enforcement arm, while the Stasi had the power to arrest anyone at will. And that they don't systematically create files on their citizens, you know, what the Stasi job was by design. Nor to they hire informant among the public. And they don't seem to be politically active (or if they are, they are crazy bad at it), while the Stasi was closely tied to East Germany and almost took over the country at some point, the way Poutine (ex KGB, remember) did in Russia. So yeah, exactly the same. Especially if you have no idea of what you are talking about.
In 30 years, the most profitable company in the world will be General Bitcoin. They will have developed their own nuclear reactors and designed their own computing technologies in order to be the very last organisation able to generate bitcoins, slowly but surely, one at a time. Huge amount of resources, beyond those available to most countries, will be spend in order to slowly grow the amount of bitcoins available. What a fantastic utopia we have here.
While what the NSA did with Dual_EC_DRBG is shit, no, it's not the only way they support civilian infrastructure. NSA provide all kind information security expertise, not just with encryption.
People go to these conferences for the networking opportunities, not necessarily because they care about the flagship product of the main sponsor.
The NSA does both. Beyond their SIGINT operations, they also support industries in various security initiatives.
Not only that, but *obviously* they have the ability to associate a number with someone at some point - if not, then what is the point in collecting and analysing anything? Metadata doesn't allow you to see the *content* of a call, but obviously it has to give you some information or you wouldn't bother with it.
From the point of view of intelligence agencies worldwide, there's no real difference. Both have an impact of their respective countries interests. Both have been done for decades. This ship has sail a long time ago.
You think people are going to vote Republicans because they are pissed at the NSA?
The Patriot Act was voted under a Republican president.
The fact that the NSA was spying foreign nationals wasn't a big secret indeed, considering it's the very reason of the organisation existence. But then, it wasn't a big secret in the US either.
The details of actual operations is a completely different matter. To take the most obvious example, the Germans certainly didn't know Merkel cell phone was compromised for so long, or they would have reacted before. Same thing for the Chinese targets Snowden disclosed. The Chinese knew the US were very interested in what they were doing, but it obviously doesn't mean they knew about the actual targets or the actual vulnerabilities use to compromise them. And that's where the big loss is for the NSA.
The US government isn't pissed about Snowden because "the entire US population" learned about their foreign eavesdropping operations, but because foreign intelligence agencies did.
That's the number of people with Top Secret clearance, some times necessary to merely work on some governments projects. It's not really a meaningful number at all (it certainly doesn't has anything to do with "people employed to monitor web traffic").
It's true for almost anything.
The world isn't divided between thinkers and doers. People who believe that generally see themselves on the thinker side, and they don't want to do, so it's a narrative that fits them well.
In practice, I've met very few good thinkers who weren't also doers in one way or another, simply because it's very hard to actually have good ideas if you never got down to implementing them. An idea can feel good and sounds great, but if you don't have the experience in knowing what works and what doesn't, how to see and deal with edge cases and exceptions, it's probably not that great - or, put another way, you are probably not a good judge of its greatness.
And that's the biggest problem with the "lets reinvent the world" crowd - if you don't know how the world works, why it works, and if you never actually managed to reinvent anything in your house, in your community, in your business, it's quite doubtful your great idea to save the planet is actually interesting. And it's also why so many of the world's doers seem to do so often the same things, and take the same decisions in front of the same situations - not because they are stupid and ignorant, but because more often than not, they already figured out what works and what doesn't, and the difference between what they can dream and what they can accomplish.