They run the collect it all systems that connect into the private sector. They know the jargon and terms that allow them to pass effortlessly back into the big US brands and telcos undercover or as part of a gov team.
Re "Hiring contractors to work on sensitive material doesn't make too much sense to me."
That policy is driven by political contacts, no bids and legal teams. If access to the private sector is not granted, access is demanded by politics and the need for creating local jobs.
Re "bump up a few salary grades"
The issue is the skills offered by contractors and the skills the gov, political class and mil then think they need for the collect it all missions.
A rush to the private sector to keep skills and get new skills saw a huge flood of rushed digital clearances or past self signed equivalent digital clearances been updated.
That allowed the US gov to be sold on the story that tech skills, language skills, people with skills that only living within a faith, community or the private tech sector could be found by using contractors.
The huge issue is security teams have not interviewed around the life history of a lot of contractors or even gov staff. No long interviews with extended family, questions to very local courts about sealed local paperwork in the past, no interviews with teachers, friends, looked over a home, looked at books around a home. i.e. radicalisation, cult membership, political issues or the value of another nation. All the classic work that builds a real picture of the person, not just that they exist on a digital file on some computer in some fly over state.
The other aspect is criminal pasts. The need for language skills, cultural insights, having travelled the world, jargon, slang saw a rush to hire anyone.
Finally political aspects as to who can now get into the US gov is changing. Nothing to do with security just yet, but within a generation the US gov will be flooded with people hired on very different priorities, i.e. basic gov security is not even a consideration anymore.
"Obama’s DOJ blames criminal, citizenship checks of job seekers for lack of police diversity" (Sept. 25, 2016) http://www.washingtontimes.com...
Other nations will ensure trusted generations of their sympathisers, cult members, faith get in and rise up the ranks of the US bureaucracy.
Bulk collection and collect it all will not be able to track insiders as they will never risk any digital device, a distant holiday or religious service will give them time with their handlers.
The fix is so easy, keep it within gov/mil, hire correctly on merit, compartmentalise, walk the real US life story of all US applicants.
Give great rewards, further education and allow for advancement based on merit.
People who have cult, faith or political issues, put their "other" nation first will always be a risk for decades as trusted contractors or staff.
The US always had a great system to hire the best and ensure their pasts showed no sign of working for other interests.
Sadly with political pressure and no bid contractors all that has changed and within a generation a lot of strangers will have total access to mid and low level US secrets daily and without question. How far did they get up the gov and mil system?
No bid contractors are sold as adding private sector ability and ingenuity to the US gov and mil.
It has become very profitable to get clearance and then sell services back to the US gov at any cost in times of need.
Tools, software, hardware, support, language skills, interrogations skills, medical devices, food, energy, crypto, design.
The other part is the US can then talk about the easy option to ramp up support from the private sector allowing for some very fast results. Most of that action ends up in bank accounts.
If the US gov or mil comments about quality, some states bipartisan political leadership makes a fuss until the private sector from their state is selling to the gov again.
Once proprietary hardware and software is sold/rented into the US gov/mil, self cleared contractors have to follow in for support.
That has really been a big pull between the NSA and GCHQ. To trust and guide up mil/gov only staff over decades on the traditional UK side. Better pay, wages, esprit de corps over decades. Or the US view that any contractor with skills can get clearance and it will all be great because the private sector is always by default good. The US view only works with the best vetting policy and total compartmentalization. Once the US stopped sending out staff to walk the life of applicants from home to education, interviewed friends the private sector had a free for all within the US gov and mil.
Private sector staff could ensure their digital records matched what the US gov was looking for and security became a digital formality.
Operational security is now about securing profits to the point of making it to no bid.
Unconstitutional bulk domestic spying is the key to undoing any "Theft of secrets" color of law comments. The US gov/mil cannot hide a from the United States Constitution by invoking a few decades of "secrets".
Whistleblowing and criminal investigation would never work in the US if the gov can just pull "secrets" over any other part of the gov or mil asking legal questions.
So the US is very careful to allow the "secrets" part to drop when discovering legal issues within its gov/mil.
If not US gov/mil/contractors could just quote "security" all day before any US court as a form of total immunity and the US court system would not function.
That is why so much effort is spent hunting whistleblowers and their first contact with the press.
"The Most Intriguing Spy Stories From 166 Internal NSA Reports" (May 17 2016) https://theintercept.com/2016/...
FIRSTFRUIT was the effort to scan the media to find any contact with the press and track whistleblowing efforts.
So from the PRISM, decryption, plain text access days we are back to very careful words again.
Does that depend on what scanning legally is? On what "email traffic" on some part of the network is this decade?
Some national security related requests are more legal than others?
If the gov knows to ask in a different way to the right staff it would never be self discovered?
Is that big new gov server really a per device or per service backdoor or trapdoor?
Thanks very much for your link.
I think the main idea was to remove all on site union staff and replace them with networks to report back an error to a gov mandated min count of engineers to cover any 'state".
Crews of contractors could then be dispatched to repair as needed and could be hired or replaced as workloads changed over the years.
Long term network care of all networks was now just fix on failure.
The idea sounds great to upper management but the networks are not robust enough for the "engineers" to just change over to another ready network in real time while the crews works for hours or days. Savings go to generational shareholders, stock buyback or big bonuses unrelated to network performance.
The other issue is the loss of battery power due to it never working or just running out a few hours later. The lack of gas and other longer term power per site then fails due lack of service, or falls apart needing another crew hours away to fix it.
Wireless devices rather than fix wireline beyond an outside tree or an above ground break will be policy soon.
No more truck rolls up the copper network for a fault unless its a medical device that depend on a wired phone connection.
The US always expected junk crypto and tame big brands to help with their crypto under PRISM, Bullrun, https://en.wikipedia.org/wiki/....
Keeping most users on a few big US brands generational "free" applications helped a lot too.
If the gov cant get in thanks to real encryption try and get into one end of the users computers.
As some point the users is going to be reading plain text again and could even be typing in a message.
Some software sent down to any user of interest to capture the message as decoded and as created is the next step.
For communications to stay secure, anonymity and privacy is needed.
Once anonymity is lost, privacy is lost.
But for that a staging server with a cover story is needed, ready to use malware per OS is needed per case vs just read it all thanks to a tame brand.
Back to keystroke logging software and ensure all AV application globally never get too smart? https://en.wikipedia.org/wiki/...
The other issue is file change or realtime request to alter any interesting file detection and outgoing firewalls.
Such deep third party security software is slowly gaining traction and is well beyond most OS bands expected and well understood internal "protection" efforts.
The problem is the internet has changed from the late 1990's and "everyone" now has accounts.
So the more varied life experiences now have to be considered when creating open marketplaces on the once useful and pristine internet.
Copy existing rule lists other online sites have and play catch up?
Or rush out a beta experience, gather real raw data, build inner city mind share and then regulate as the brand builds.
The US POTS network was also a robust way to contact a lot of vital and important people.
If a second shift or experts where needed on site due to an event, often a second POTS service would be installed and kept in good working condition.
No need to worry about a new phone been "on" or "off", local power. Unless the phone line did not work, that phone was expected to ring under most conditions.
In theory the back end to such a POTS into the wider network would have been well looked after and robust in most states.
The change to optical, cell towers with battery only power lasting hours, a lack of gas or other looked after on site power to take over.
Crews finding they have to totally rebuild, repair or replace network power during a longer loss of power rather than just to ensure backup power keeps working.
The other issues is the network design. Lots of long shared "pipe" as the network, with no other ready networks to change to. One always working pipe is the network from telco, network to telco to user. Redundancy is now reduced to a crew an hour or further away in the "state" on standby to fix the one and only big connection.
A lot of different charity groups, NGO's and law enforcement support efforts go into creating a checksum of every file recovered by the US legal system and seen by courts.
So any later movements of that file seen by a US court can quickly be tracked on any US network, cloud service, telco or when the file passes into any larger providers national networks.
AC "relevant information for intelligence" is domestic spying and is not a free pass around Fourth Amendment of the U.S. Constitution.
Given that gathering such domestic information in bulk is not legally protected, adding a color of law term like "intelligence" does not make any such activity more legal.
That was all worked out by the Church Committee https://en.wikipedia.org/wiki/... and all domestic legal protections still stand.
The US cannot remove any of the legal protections by just invoking "intelligence" anymore and never could.
In the past people always expected some sort of domestic protection after the Church report https://en.wikipedia.org/wiki/...
Users would have expected domestic access to be court approved per account.
In the past a lot of sock puppets would have attempted to distant efforts like this with suggestions of collection been too large, political protections, legal protections, lawyers, material found been of no use in a court, strong protections and respect for US data and accounts.
Now all that is out in the open with the "Foreign Intelligence Surveillance Act" covering for "all arriving messages."
"Searching all arriving messages" should not be unexpected given years of US interest in placing checksums on all files and then searching for file movements of interest.
The same reason so few had https in the past, most just want to get their brands out. When all the security comes on one cheap chip, they will up sell that in a few years.
Until then its just getting their brand into each home and online hype about the internet been on their easy to use devices.
Security is a cost to buy on an another chip, a cost to design, to keep cool, test, add, build, then support.
When standards change, a device is stranded with a user looking for their passphrase. The box or some paperwork that was once in the devices packaging.
To the user its the fault of the brand if they have to set anything new up, rather than have instant discovery on any new or old wireless network.
Consumers don't want to keep a box, read a long unique number stuck on some folded paper and have to press 5-20 keys on a keyboard to get a device seeing a network.
Or just ship every device with admin, admin and try and ask the user to enter a stronger password?
Encryption is the hope that privacy is not sold with a mil or gov demanded trapdoor or backdoor. It is not anonymity.
The NSA can still work out who is chatting, who looked at site, video, what location, track the hops to friends of friends of friends.
The content of the message might be encrypted along the path but each end it of the Apple network is plain text again.
If a person is reading the message on a screen, so are the security services thanks to a consumer grade device been trusted and telco networked.
PRISM https://en.wikipedia.org/wiki/... showed a generation of staff, gov and mil happy to work together to get around any external "encryption" to get all plain text.
Re "As for places and governments that would abuse such power, the problem isn't the abuse, the problem is the government."
That kind of hard. The US and UK have been reading messages in bulk since the 1900's and like the insights they get into the direction the population is trending.
Defence of the Realm Act 1914 https://en.wikipedia.org/wiki/...
Project SHAMROCK https://en.wikipedia.org/wiki/... "direct access to daily microfilm copies of all incoming, outgoing, and transiting telegrams via the Western Union and its associates RCA and ITT."
Political leadership is addicted and likes its total overview of all communications. The gov/mil workers love the good paying domestic spying jobs and free education. Contractors like the no bid upgrades over decades and the security clearances that keep out the competition.
As PRISM showed company staff, crypto experts, academics, the press, legal experts are no help before, during and after the gov/mil asks for total domestic access.
The lack of backups is the result of thinking that gave the US the pager outage
"Why did satellite Galaxy 4 go off course?" (May 20, 1998) http://edition.cnn.com/TECH/sp...
Most nations just buy into one direct to consumer network. Like one phone line, one satellite was seen as enough.
A lot of basic vital infrastructure around the world is just used all day, everyday with no thought to any backup.
Intel’s Optane, or 3D XPoint
Intel's crazy-fast 3D XPoint Optane memory heads for DDR slots (but with a catch) http://www.pcworld.com/article... (Aug 21, 2015)
Re: "Could be a honey pot"
Yes. Recall the watch on onion routing using XKeyscore.
"How the NSA Targets Tor Users" (July 4, 2014) http://motherboard.vice.com/re...
"... and logs the IP address of people searching for various other privacy and encryption software."
NSA classifies Linux Journal readers, Tor and Tails Linux users as "extremists" (July 4, 2014) http://www.in.techspot.com/new...
"... program marks and tracks the IP addresses of those who search for..."
Yes most of that was covered with the US issues around the need to reverse-engineer the IBM BIOS.
If its open, everyone gets a look and can create, ship, market.
The only way around that is to ship closed hardware and give each person buying a device a full copy of all useful code and offer support.
The user buying into the product can then create anything they want, the hardware been a pay for dongle.
As for the clone production line, the moment its signed over another factory or even the same production line will be running 25 plus hours a day vs any reported much slower production run:)
So the actual production runs are underreported to match any contract but a lot of extra product is made and the trade dress is altered, renamed.
Any counters or management oversight are fooled, manipulated until a much cheaper product is selling under a new name 100% locally owned.
The investor or inventor is left with an expensive branded product that won't sell and full design and support costs:)
The next investor is invited in to start the cycle all over again with the lure of low costs and local gov investment support.
That would be State or CIA, MI6, front foundation or NGO funding:)
Tempora shows the day to day totality of tracking everything even on a more limited UK budget. https://en.wikipedia.org/wiki/...
The ability to reconcile any data movements domestic origins would be trivial over days or longer.
The long term view seems to be to track the skill set of any other nations ability to enter a US/UK network and note the tools used and any live searches done in such events.
Why anyone with access would use a database live for a search and risk all with logs kept or a realtime admin?
Other nations just seem to use insiders to walk out with bulk data to sort later or the digital bait is so open anyone with a network connection is transversing diverse US networks.
The other option is just the random use by corporate interests, criminal, other "friendly" nations, ex staff, former staff, cults, individuals looking around or gaining skills.
Tools used seem to be well understood by the US security contractors, so must be in a few different hands globally if such detailed info can pass quickly to the waiting media.
Yes, domestic. What nation with all the Bear code news, all international ip ranges been watched and well understood would even need to try this?
Discovery is an issues and junk or fake data been offered as a honeypot is a risk.
US sites and all access is well tracked by the NSA, GCHQ with in the US and at all international access to US networks.
Data flow in or out, or access to a site would be discovered by the NSA, methods understood and protective methods worked on.
Most nations just use their generations of tested, trusted and well placed human spies rather than risk moving around vast amounts of data created as US digital bait.
The internet belongs to the NSA, GCHQ and NRO. No data flows domestically or as international data in or out without their tracking it.
Think of it from the US gov, mil and other agency daily usage side.
Say the CIA needs a cleared flight crew with loading experience to help re "supply" some pro US "freedom fighters" to remove a bad dictator and install a new US backed theocracy.
Asking for the decryption keys, been logged for the search and having a record of the crew found to fly a CIA mission is not the quick result needed.
So keep the entire database of serving staff and still cleared skilled staff in plain text and have no logging is the needed database.
Every other agency can then do a text search without a worry, find staff and get on with their mission, saving paper work, access requests and FIOA issues.
A vast pool of easy to find contractors and gov workers that has no usage logging, is plain text and needs no keys or key requests been logged.
As a bonus its all bait to see who globally will try and get a look and who they search for:) A real honeypot.
Given the "Officials Investigate Leprosy Case in California" reality:) http://abcnews.go.com/Health/o...
The US will deal with such news by making the decades of very good public health and epidemiology political.
Infections and contagious conditions entering into the USA will just be a very hard to treat "rash".
Computer entry and collection of any such data will never make it out to the regional or national media.
Enforcement changes can also be seen in the lack of reporting on infectious like syphilis, gonorrhoea, infectious leprosy, and human immunodeficiency virus (HIV) infection.
Active tuberculosis is about all the US gov will ever admit to be able to track in public.
"Medical Examination of Aliens-Revisions to Medical Screening Process" (01/26/2016) https://www.federalregister.go...
With political change US doctors will not longer mention or track communicable disease.
That will be fun for top US experts at international medical conventions. The US case count this years is? Classified, redacted, not ready, not found, guess?
Could other nations ever even trust US medical data collection again? Lack of reporting and an active under reporting policy would make all such US stats useless.
What will that expensive and advanced US medial degree be worth if basic reporting trust is gone?
Encrypt all data on their own end? If staff walk away with data or someone enters the network, nothing useful can be fully recovered?
The site works with the username and weak password on creation to ensure better server side protection against plain text walk outs, usable network data loss or buying into cheap "standard" reversible cryto?
Could an extra layer of security be added to data on an network, during storage and real time use be added?
Expecting users to change habits and still enjoy a site is a big ask, what could owners and admins code in to help?
No more walk outs, no more bulk plain text data left on any internal or internet facing server for years?
The working with the private sector goes way back to efforts like Project SHAMROCK https://en.wikipedia.org/wiki/...
Just have the other domestic federal agencies doing a few decades of "ongoing" investigations as cover.
They run the collect it all systems that connect into the private sector. They know the jargon and terms that allow them to pass effortlessly back into the big US brands and telcos undercover or as part of a gov team.
Re "Hiring contractors to work on sensitive material doesn't make too much sense to me."
That policy is driven by political contacts, no bids and legal teams. If access to the private sector is not granted, access is demanded by politics and the need for creating local jobs.
Re "bump up a few salary grades"
The issue is the skills offered by contractors and the skills the gov, political class and mil then think they need for the collect it all missions.
A rush to the private sector to keep skills and get new skills saw a huge flood of rushed digital clearances or past self signed equivalent digital clearances been updated.
That allowed the US gov to be sold on the story that tech skills, language skills, people with skills that only living within a faith, community or the private tech sector could be found by using contractors.
The huge issue is security teams have not interviewed around the life history of a lot of contractors or even gov staff. No long interviews with extended family, questions to very local courts about sealed local paperwork in the past, no interviews with teachers, friends, looked over a home, looked at books around a home. i.e. radicalisation, cult membership, political issues or the value of another nation.
All the classic work that builds a real picture of the person, not just that they exist on a digital file on some computer in some fly over state.
The other aspect is criminal pasts. The need for language skills, cultural insights, having travelled the world, jargon, slang saw a rush to hire anyone.
Finally political aspects as to who can now get into the US gov is changing. Nothing to do with security just yet, but within a generation the US gov will be flooded with people hired on very different priorities, i.e. basic gov security is not even a consideration anymore.
"Obama’s DOJ blames criminal, citizenship checks of job seekers for lack of police diversity" (Sept. 25, 2016)
http://www.washingtontimes.com...
Other nations will ensure trusted generations of their sympathisers, cult members, faith get in and rise up the ranks of the US bureaucracy.
Bulk collection and collect it all will not be able to track insiders as they will never risk any digital device, a distant holiday or religious service will give them time with their handlers.
The fix is so easy, keep it within gov/mil, hire correctly on merit, compartmentalise, walk the real US life story of all US applicants.
Give great rewards, further education and allow for advancement based on merit.
People who have cult, faith or political issues, put their "other" nation first will always be a risk for decades as trusted contractors or staff.
The US always had a great system to hire the best and ensure their pasts showed no sign of working for other interests.
Sadly with political pressure and no bid contractors all that has changed and within a generation a lot of strangers will have total access to mid and low level US secrets daily and without question. How far did they get up the gov and mil system?
No bid contractors are sold as adding private sector ability and ingenuity to the US gov and mil.
It has become very profitable to get clearance and then sell services back to the US gov at any cost in times of need.
Tools, software, hardware, support, language skills, interrogations skills, medical devices, food, energy, crypto, design.
The other part is the US can then talk about the easy option to ramp up support from the private sector allowing for some very fast results. Most of that action ends up in bank accounts.
If the US gov or mil comments about quality, some states bipartisan political leadership makes a fuss until the private sector from their state is selling to the gov again.
Once proprietary hardware and software is sold/rented into the US gov/mil, self cleared contractors have to follow in for support.
That has really been a big pull between the NSA and GCHQ. To trust and guide up mil/gov only staff over decades on the traditional UK side. Better pay, wages, esprit de corps over decades. Or the US view that any contractor with skills can get clearance and it will all be great because the private sector is always by default good. The US view only works with the best vetting policy and total compartmentalization.
Once the US stopped sending out staff to walk the life of applicants from home to education, interviewed friends the private sector had a free for all within the US gov and mil.
Private sector staff could ensure their digital records matched what the US gov was looking for and security became a digital formality.
Operational security is now about securing profits to the point of making it to no bid.
Unconstitutional bulk domestic spying is the key to undoing any "Theft of secrets" color of law comments. The US gov/mil cannot hide a from the United States Constitution by invoking a few decades of "secrets".
Whistleblowing and criminal investigation would never work in the US if the gov can just pull "secrets" over any other part of the gov or mil asking legal questions.
So the US is very careful to allow the "secrets" part to drop when discovering legal issues within its gov/mil.
If not US gov/mil/contractors could just quote "security" all day before any US court as a form of total immunity and the US court system would not function.
That is why so much effort is spent hunting whistleblowers and their first contact with the press. "The Most Intriguing Spy Stories From 166 Internal NSA Reports" (May 17 2016)
https://theintercept.com/2016/...
FIRSTFRUIT was the effort to scan the media to find any contact with the press and track whistleblowing efforts.
Whistleblowers faced few options within the USA. https://cryptome.org/2013-info...
So from the PRISM, decryption, plain text access days we are back to very careful words again.
Does that depend on what scanning legally is? On what "email traffic" on some part of the network is this decade?
Some national security related requests are more legal than others?
If the gov knows to ask in a different way to the right staff it would never be self discovered?
Is that big new gov server really a per device or per service backdoor or trapdoor?
Thanks very much for your link.
I think the main idea was to remove all on site union staff and replace them with networks to report back an error to a gov mandated min count of engineers to cover any 'state".
Crews of contractors could then be dispatched to repair as needed and could be hired or replaced as workloads changed over the years.
Long term network care of all networks was now just fix on failure.
The idea sounds great to upper management but the networks are not robust enough for the "engineers" to just change over to another ready network in real time while the crews works for hours or days. Savings go to generational shareholders, stock buyback or big bonuses unrelated to network performance.
The other issue is the loss of battery power due to it never working or just running out a few hours later. The lack of gas and other longer term power per site then fails due lack of service, or falls apart needing another crew hours away to fix it.
Wireless devices rather than fix wireline beyond an outside tree or an above ground break will be policy soon.
No more truck rolls up the copper network for a fault unless its a medical device that depend on a wired phone connection.
The US always expected junk crypto and tame big brands to help with their crypto under PRISM, Bullrun, https://en.wikipedia.org/wiki/....
Keeping most users on a few big US brands generational "free" applications helped a lot too.
If the gov cant get in thanks to real encryption try and get into one end of the users computers.
As some point the users is going to be reading plain text again and could even be typing in a message.
Some software sent down to any user of interest to capture the message as decoded and as created is the next step.
For communications to stay secure, anonymity and privacy is needed.
Once anonymity is lost, privacy is lost.
But for that a staging server with a cover story is needed, ready to use malware per OS is needed per case vs just read it all thanks to a tame brand.
Back to keystroke logging software and ensure all AV application globally never get too smart?
https://en.wikipedia.org/wiki/...
The other issue is file change or realtime request to alter any interesting file detection and outgoing firewalls.
Such deep third party security software is slowly gaining traction and is well beyond most OS bands expected and well understood internal "protection" efforts.
The problem is the internet has changed from the late 1990's and "everyone" now has accounts.
So the more varied life experiences now have to be considered when creating open marketplaces on the once useful and pristine internet.
Copy existing rule lists other online sites have and play catch up?
Or rush out a beta experience, gather real raw data, build inner city mind share and then regulate as the brand builds.
The US POTS network was also a robust way to contact a lot of vital and important people.
If a second shift or experts where needed on site due to an event, often a second POTS service would be installed and kept in good working condition.
No need to worry about a new phone been "on" or "off", local power. Unless the phone line did not work, that phone was expected to ring under most conditions.
In theory the back end to such a POTS into the wider network would have been well looked after and robust in most states.
The change to optical, cell towers with battery only power lasting hours, a lack of gas or other looked after on site power to take over.
Crews finding they have to totally rebuild, repair or replace network power during a longer loss of power rather than just to ensure backup power keeps working.
The other issues is the network design. Lots of long shared "pipe" as the network, with no other ready networks to change to. One always working pipe is the network from telco, network to telco to user. Redundancy is now reduced to a crew an hour or further away in the "state" on standby to fix the one and only big connection.
A lot of different charity groups, NGO's and law enforcement support efforts go into creating a checksum of every file recovered by the US legal system and seen by courts.
So any later movements of that file seen by a US court can quickly be tracked on any US network, cloud service, telco or when the file passes into any larger providers national networks.
AC "relevant information for intelligence" is domestic spying and is not a free pass around Fourth Amendment of the U.S. Constitution.
Given that gathering such domestic information in bulk is not legally protected, adding a color of law term like "intelligence" does not make any such activity more legal.
That was all worked out by the Church Committee https://en.wikipedia.org/wiki/... and all domestic legal protections still stand.
The US cannot remove any of the legal protections by just invoking "intelligence" anymore and never could.
http://motherboard.vice.com/re... (June 21, 2016 ) :)
The "login records" get tracked
"Surveillance and Security Lessons From the Petraeus Scandal" (Nov 13, 2012)
https://www.aclu.org/blog/surv...
In the past people always expected some sort of domestic protection after the Church report https://en.wikipedia.org/wiki/...
Users would have expected domestic access to be court approved per account.
In the past a lot of sock puppets would have attempted to distant efforts like this with suggestions of collection been too large, political protections, legal protections, lawyers, material found been of no use in a court, strong protections and respect for US data and accounts.
Now all that is out in the open with the "Foreign Intelligence Surveillance Act" covering for "all arriving messages."
"Searching all arriving messages" should not be unexpected given years of US interest in placing checksums on all files and then searching for file movements of interest.
The same reason so few had https in the past, most just want to get their brands out. When all the security comes on one cheap chip, they will up sell that in a few years.
Until then its just getting their brand into each home and online hype about the internet been on their easy to use devices.
Security is a cost to buy on an another chip, a cost to design, to keep cool, test, add, build, then support.
When standards change, a device is stranded with a user looking for their passphrase. The box or some paperwork that was once in the devices packaging.
To the user its the fault of the brand if they have to set anything new up, rather than have instant discovery on any new or old wireless network.
Consumers don't want to keep a box, read a long unique number stuck on some folded paper and have to press 5-20 keys on a keyboard to get a device seeing a network.
Or just ship every device with admin, admin and try and ask the user to enter a stronger password?
Encryption is the hope that privacy is not sold with a mil or gov demanded trapdoor or backdoor. It is not anonymity.
The NSA can still work out who is chatting, who looked at site, video, what location, track the hops to friends of friends of friends.
The content of the message might be encrypted along the path but each end it of the Apple network is plain text again.
If a person is reading the message on a screen, so are the security services thanks to a consumer grade device been trusted and telco networked.
PRISM https://en.wikipedia.org/wiki/... showed a generation of staff, gov and mil happy to work together to get around any external "encryption" to get all plain text.
Re "As for places and governments that would abuse such power, the problem isn't the abuse, the problem is the government."
That kind of hard. The US and UK have been reading messages in bulk since the 1900's and like the insights they get into the direction the population is trending.
Defence of the Realm Act 1914 https://en.wikipedia.org/wiki/...
Project SHAMROCK https://en.wikipedia.org/wiki/... "direct access to daily microfilm copies of all incoming, outgoing, and transiting telegrams via the Western Union and its associates RCA and ITT."
Political leadership is addicted and likes its total overview of all communications. The gov/mil workers love the good paying domestic spying jobs and free education.
Contractors like the no bid upgrades over decades and the security clearances that keep out the competition.
As PRISM showed company staff, crypto experts, academics, the press, legal experts are no help before, during and after the gov/mil asks for total domestic access.
The lack of backups is the result of thinking that gave the US the pager outage
"Why did satellite Galaxy 4 go off course?" (May 20, 1998)
http://edition.cnn.com/TECH/sp...
Most nations just buy into one direct to consumer network. Like one phone line, one satellite was seen as enough.
A lot of basic vital infrastructure around the world is just used all day, everyday with no thought to any backup.
Intel’s Optane, or 3D XPoint
Intel's crazy-fast 3D XPoint Optane memory heads for DDR slots (but with a catch)
http://www.pcworld.com/article... (Aug 21, 2015)
Re: "Could be a honey pot"
Yes. Recall the watch on onion routing using XKeyscore.
"How the NSA Targets Tor Users" (July 4, 2014)
http://motherboard.vice.com/re...
"... and logs the IP address of people searching for various other privacy and encryption software."
NSA classifies Linux Journal readers, Tor and Tails Linux users as "extremists" (July 4, 2014)
http://www.in.techspot.com/new...
"... program marks and tracks the IP addresses of those who search for..."
Yes most of that was covered with the US issues around the need to reverse-engineer the IBM BIOS. :) :)
If its open, everyone gets a look and can create, ship, market.
The only way around that is to ship closed hardware and give each person buying a device a full copy of all useful code and offer support.
The user buying into the product can then create anything they want, the hardware been a pay for dongle.
As for the clone production line, the moment its signed over another factory or even the same production line will be running 25 plus hours a day vs any reported much slower production run
So the actual production runs are underreported to match any contract but a lot of extra product is made and the trade dress is altered, renamed.
Any counters or management oversight are fooled, manipulated until a much cheaper product is selling under a new name 100% locally owned.
The investor or inventor is left with an expensive branded product that won't sell and full design and support costs
The next investor is invited in to start the cycle all over again with the lure of low costs and local gov investment support.
That would be State or CIA, MI6, front foundation or NGO funding :)
Tempora shows the day to day totality of tracking everything even on a more limited UK budget. https://en.wikipedia.org/wiki/...
The ability to reconcile any data movements domestic origins would be trivial over days or longer.
The long term view seems to be to track the skill set of any other nations ability to enter a US/UK network and note the tools used and any live searches done in such events.
Why anyone with access would use a database live for a search and risk all with logs kept or a realtime admin?
Other nations just seem to use insiders to walk out with bulk data to sort later or the digital bait is so open anyone with a network connection is transversing diverse US networks.
The other option is just the random use by corporate interests, criminal, other "friendly" nations, ex staff, former staff, cults, individuals looking around or gaining skills.
Tools used seem to be well understood by the US security contractors, so must be in a few different hands globally if such detailed info can pass quickly to the waiting media.
Yes, domestic. What nation with all the Bear code news, all international ip ranges been watched and well understood would even need to try this?
Discovery is an issues and junk or fake data been offered as a honeypot is a risk.
US sites and all access is well tracked by the NSA, GCHQ with in the US and at all international access to US networks.
Data flow in or out, or access to a site would be discovered by the NSA, methods understood and protective methods worked on.
Most nations just use their generations of tested, trusted and well placed human spies rather than risk moving around vast amounts of data created as US digital bait.
The internet belongs to the NSA, GCHQ and NRO. No data flows domestically or as international data in or out without their tracking it.
Think of it from the US gov, mil and other agency daily usage side. :) A real honeypot.
Say the CIA needs a cleared flight crew with loading experience to help re "supply" some pro US "freedom fighters" to remove a bad dictator and install a new US backed theocracy.
Asking for the decryption keys, been logged for the search and having a record of the crew found to fly a CIA mission is not the quick result needed.
So keep the entire database of serving staff and still cleared skilled staff in plain text and have no logging is the needed database.
Every other agency can then do a text search without a worry, find staff and get on with their mission, saving paper work, access requests and FIOA issues.
A vast pool of easy to find contractors and gov workers that has no usage logging, is plain text and needs no keys or key requests been logged.
As a bonus its all bait to see who globally will try and get a look and who they search for
Given the "Officials Investigate Leprosy Case in California" reality :)
http://abcnews.go.com/Health/o...
The US will deal with such news by making the decades of very good public health and epidemiology political.
Infections and contagious conditions entering into the USA will just be a very hard to treat "rash".
Computer entry and collection of any such data will never make it out to the regional or national media.
Enforcement changes can also be seen in the lack of reporting on infectious like syphilis, gonorrhoea, infectious leprosy, and human immunodeficiency virus (HIV) infection.
Active tuberculosis is about all the US gov will ever admit to be able to track in public.
"Medical Examination of Aliens-Revisions to Medical Screening Process" (01/26/2016)
https://www.federalregister.go...
With political change US doctors will not longer mention or track communicable disease.
That will be fun for top US experts at international medical conventions. The US case count this years is? Classified, redacted, not ready, not found, guess?
Could other nations ever even trust US medical data collection again? Lack of reporting and an active under reporting policy would make all such US stats useless.
What will that expensive and advanced US medial degree be worth if basic reporting trust is gone?
Encrypt all data on their own end? If staff walk away with data or someone enters the network, nothing useful can be fully recovered?
The site works with the username and weak password on creation to ensure better server side protection against plain text walk outs, usable network data loss or buying into cheap "standard" reversible cryto?
Could an extra layer of security be added to data on an network, during storage and real time use be added?
Expecting users to change habits and still enjoy a site is a big ask, what could owners and admins code in to help?
No more walk outs, no more bulk plain text data left on any internal or internet facing server for years?