It really depends on who is doing the networking: eg. a suburban pay tv cable network with older code may not able to fully encrypt and reconcile every MAC, device with billing and their network beyond a node to every home and device. If your nation, firm, cult or organization can find some skilled locals you have an interesting network to hop along in a distant country with a physical endpoint in a city.
Nations can list all the 'other' nations all they like. The selection of nations may just be dependant some telco saving the cash on signed crypto like upgrades over many years. The costs of vans, staff, finding the old hardware, replacing it, upgrading is not worth the cost in new crypto and extra bandwidth - so you have a lot of interesting, sort of fast, open older networks world wide.
"Ok, so my topology would cost a few thousand more."
Think of the people with contracts selling security in place. Do they really want a robust, healing, balancing, working solution with the min of support calls?
If the bad people are in the network, you have to clean the new extra code out, reset and then the magic can start.
You have the contract to look after the brand and have just seen all your tech been fully understood by diverse people from around the world.
Clean, patch and wait will not work. The people from around the world now know too much about the inner working....
With a new contract for next gen software and hardware the brand can out class and out pace many known issues.
Issues like this can keep entire sectors of the cybersecurity-industrial complex very happy.
It depends on the sales and skills of the coders.
With 3d printing, expired 3D printing patents or will expire soon, 3d design visulization at home could get be a area of growth.
3d artwork, dev workflows for games, games and video conferencing could all be growth areas with todays bandwidth, cpu and emerging artistic creativity.
The other aspect is how will some/many/most users react during and after use?
Thats hours a user will be trapped in your 3d walled garden due to the limits of other web 2.0 sites, games, communities offering the same 3d experience.
Re China, Russia and drug cartels probably have their own
They would not be sending emails about legal questions. They would be part of the herd, passing tests, exams, going for promotions, always wanting to be seen ready to get new skills, pacing their work. Nothing to make fellow staff want to block them, flag them, report them, always good enough to be part of the next project, sharing the glory, a team player who really shines.
Been betrayed or almost discovered would be the only reason to pull them out. They have the smarts to stay and the faith, connections to stay loyal to their real cause.
Very hard to find once in the middle and upper levels and with privatized background database only entry level screening - a free for all to try. Every cult, faith group, country, crime syndicate, gang will be channel stuffing entry level staff - some might make it up the ranks.
Re what else is there that they are leaving the public at risk by keeping it a secret?
Think of classic home network traffic and DES like 'home' isp protections still in use.
Some very low quality efforts floating around many nations networking telco systems.
Long term and short term the idea might be catch and release, a vast cadre of informants and people who have to vouch for 'new' friends of friends.
Projects are started, friendships formed, trust built. Over years that project gains trust and is built in free, open or commercial products.
People move onto other projects, work, study... that inner core of 'new' friends of friends now owns the project.
The consumer crypto landscape will be like Engima or what embassies used in the 1950-80's - back to plain text everytime, in realtime.
We know the software and hardware past, we have a tiny view global data grab of the present.
Depends on the lower US courts: http://www.freedomwatchusa.org...
Other US courts consider color of law to be fine due to some issues that make it ok to spy domestically for a generation.
You and your legal team would be facing diverse US legal options. The option to go with special color of law just this one time again or not.
The good part is legal teams still get to talk in public about the color of law been used on that day in court:)
If you look around and see how other people doing "Whistleblowing" ended up http://cryptome.org/2013-info/...
You can talk to your boss - your job is over, your security work is over. No change
You can talk to a cleared US court - your job is over, your security work is over, you face jail. No change.
You can talk to a supportive US political leader and face a security court - your job is over, your security work is over, you face jail. No change.
You can talk to the supportive US press to face spin that your on the far left, right or a unionist, faker, just a contractor... and just wanted better pay, conditions, advancement, had staff issues, had personal issues... a short human interest story at best. Your job is over, your security work is over, you face jail. No change.
A lot of people have tried the legal system and the cleared legal teams, the political support and US press. No change.
Try something new. No change in the US political or legal system but the individual is now more aware of the brands/crypto/maths/hardware/software that fooled them.
You can now buy/support/code for any different brand, learn about real crypto beyond tame junk gov standards, write about the small brand changes you have made.
Ellsberg showed generations how historical spin works.
Snowden showed generations how junk crypto and tame brands are sold.
Yes re "the Pentagon Papers had no effect on the elections at all"
It woke up a generation of historians, the press and students to the ability of the mil to spin a story and have a generation fooled into taking sides in a distant civil war.
The other aspect is the two tracks of US mil thought - the correct view that you cant win a civil war vs more air support, cash, real troops, local death squads will win every time no matter realities on the ground.
US political power, section of the mil got to hide their mistakes pushing it all on planners:)
Re "Second, it is almost certain that ALL of that information was given over to the governments of the countries he traveled to."
Thats a big leap AC. Russia and China would not touch anything gifted to them by a CIA/NSA/contractor as a walk in while talking about the press.
Russia and China have had decades of gems from ex staff but with a lot of expensive CIA/MI6 junk in the mix.
China has its own path of internal growth, EU/US supporters and a collection of very smart students around the world.
China is doing fine in globally with its exports, brand building, loans and political charm that gets deals done. They know the West ability - surrounding listening stations, Western owned container ships with listening equipment, subs, optical taps, junk crypto, junk hardware/software, banking access, cults/NGO, protests - sorting a pile of 'free' docs for gems is just not worth it.
Russia will just take one look at the person and think back to how many times it has been fooled by the CIA and MI6.
They did not find this person, work with them, test them, build them up. They have their own vast skilled networks of trusted people doing great work over generations.
Sorting a pile of 'free' pre sorted docs for gems is just not worth it for Russia or China. They did what they had to politically - transit and a work permit.
The "signing keys for is nefarious purposes" usually come with a set of people. The NSL lets the gov sit down and make offers before that middle class, trust fund or wealthy extended family security cleared legal team finds their way to the interview.
The gov gets the server, the staff to step away with a NSL and the ability to become the 'staff'.
At first you just get the build ability. Then a safe, expected build with the surrounding jargon and skill set is tried.
If the community did not notice the change to the staff or build or site then a project can be turned.
The new tame staff are slowly rolled out to the wider community with a full 'crypto' history on the web to be found.
If the community did not notice then a project can be altered to ensure the user gets full crypto but so do a few govs around the world and their friends have keys.
Its just building on the classic hardware and software methods the US and UK gov used in the 1940-80's - the NSL is a tool to get in, then the work starts on the project.
The NSL is just the first outer step. It shows the gov who will turn, who will turn but get a message 'out'. All the NSL might be about is a server, logs and all related access to every part of the project.
Then the offers start: Work with the gov, walk away but approve all changes/staff, walk away or.....
The NSL got the results of providing a way in, no outside changes if done right and over time the 'new' staff can shape the project in many different ways.
From just a honey trap to find/chat up/turn the helpers and experts who are hard to find but would be attracted to some types of projects.
To give a past, faces on ongoing staff that can be used for decades but need a turned project to build that lifestyle s they start out.
Later a project may get a classic trap/back door with extra keys for gov decryption or not - the staff go on building great code but provide decade of introductions to a wider community allowing 100% gov run front crypto efforts.
Why risk a back door in an existing project when in a few years you have a 100% gov crypto front with the blessing and 100% support of an older trusted project?
Over time the older project gets more limited. People are attracted to the 'new' 100% gov crypto front project.
It can all start with a chat over a log under a NSL with results around people or the existing code or the next gen of code or a side project.
The interesting aspect is the wider public is now talking about the topics.
Yes the NSL gets them a/the trusted build server and web connections and allows the gov to become the 'project' with their own tame/turned staff over time.
Over time the next tame builds have the classic trapdoor/key/backdoor. The applications still looks the same, all the sites look the same, no 3rd party can get to your data just one extra entity will have a way in too. The new feature over the life of a project after a NSL is the control of the site, server, code, staff and later an extra US/UK gov key is built in over an expected update cycle.
So... what has changed... have the roosters come home to roost!?
The German and French police experiences of the 1970's and 1980's via peace, workers, law reform groups and the use of early computer networks is been folded into everyday policing. Facial recognition, computer learning/tracking of written web 2.0 content, voice and web cam collection are all part of keeping one step ahead of the formation of all protest groups. After individuals have been identified they can be tracked, sorted and appropriate action can be focused on the person. The option to set up, turn into an informant, been used to divide a group or offered an easy way out if they just stop protesting can be considered.
What makes Germany more legally interesting is the pro democracy laws that can put any group left or right under long term watch once legally found to be a problem for German democracy. A neat legal gift left in German law after ww2.
The rest of the tame protesters can be herded into established groups that are 100% gov controlled or totally tracked to do pointless busy work around political ideas with no traction with the wider public.
The mass French protest experience and national coordination with early networking via Minitel https://en.wikipedia.org/wiki/... will not be allowed to form on German web 2.0.
The German gov hopes German protesters will see organizing on web 2.0 as risky as a telephone in 1980's East German once on a list.
You chat on web 2.0, protest, your under easy to see active watch, tracked, approached by name and offered gov terms: work with the gov, stop now or expect jail 'soon'.
What the German gov has forgotten is East Germans turned up at churches and protested, risked prison, loss of jobs, loss of eduction, loss of family.
Yes the email seems to exist:) http://time.com/137530/nsa-to-... http://www.theguardian.com/wor...
"He goes on to cite a list provided in the training that ranks presidential executive orders alongside federal statutes in the hierarchy of orders governing NSA behaviour.
“I'm not entirely certain, but this does not seem correct, as it seems to imply Executive Orders have the same precedence as law"
With an unnamed individual sending back "“correct that EO's cannot override a statute” but that they have the “force and effect of law”."
Would seem to show a legal question in one email was 'found' and is now been presented with spin to the wider media.
Re 'decide his fate by staying in the US and facing the judicial system ? "
At best he would have found some political interest in his case.
He would have faced a sealed court as just a 'contractor' as the gov aspect of his NSA and CIA work would have been carefully hidden.
A 'contractor' may face all the same legal charges as a gov worker but enjoy few of the gov worker only whistleblowers legal protections.
He would have had all the legal protections of a contractor before a sealed court with a very expensive short list of cleared lawyers.
His legal team would not have the clearance to see, question or ask for more evidence that would support his case.
His legal team would not have the clearance to present more facts to any interested cleared political supporter.
After a short, rigged hidden trial the very public spin would begin.
The left of the US main stream media would understand he was a low level private contractor and not worth reporting on.
The right of the US main stream media would understand he was a low level contractor with far left union ideals and not worth reporting on.
For anyone else the hint that he was a limited hangout would make sure they lost interested in the few public fragments of the case.
Knowing what happens to even the most politically powerfully supported US gov whistleblowers within the US legal system the only wise option was to get the information to the press and then be free of the material.
You can more read about other past US whistleblowers and their US court experiences here: http://cryptome.org/2013-info/...
The other good aspect is that great law reform teams can now work with the public information in public courts and slowly bring more media attention to the loss of US rights and freedoms over the past decades.
Re the intelligence/industrial complex, but that doesn't make a whole lot of sense either.
Classically the intelligence/industrial complex will find a tame brand that reverts to plain text for them (and only them) while been secure to all known 3rd party efforts.
They will then top down, middle staff the project in key areas to ensure ongoing plain text ability and that such new code/hardware is not questioned within the brand.
The final step is to out class, out price and upset all other 'real' products on the market. Low price, standardization, gov contracts will ensure tame brands rise and all others fail over years. That was the late 1940's to 1980's 'hardware and 'software' key for the intelligence services.
With in any new merging generation of hardware or software you have all plain text.
Open source provides the option to start a gov run 100% fake crypto effort and keep it funded, to turn a small group of key people in a larger effort or fund/shape an expert group into long term amazing non crypto projects.
Thats the bright side. The other aspect is just to have a chat with key people and project is no longer updated.
The current game at a state, federal and intelligence/industrial complex seems to be to turn people, run/take over projects and attract as many new people in.
Soak up the skill set so nothing too new forms.
The GCHQ view was to sit back, watch, learn and build. Not many understood crypto, talked about it and all was good for decades.
The US effort now seems to be very public, legally active. People are now talking about crypto. The UK gov seemed to have the better vision for long term decryption.
Another fun question for Germany is who clears the crypto tech, the paper trail of its conception, design, development, testing, build.... the fully trusted life cycle of any secure German only telco product.
How generations of cleared German gov contracted academics, the German military, German security services all allowed this to happen is something for elected German leaders to ponder.
Can diverse, independent, fully vetted groups of staff, engineers, consultants really just rubber stamp something of that importance to Germany?
Given German exports and scientific education - lack of skills does not seem to be the origin of this plain text issue. Other nations have to buy the open market crypto and fully understand they are getting junk - but they know need it for everyday use and take steps to reduce their chatter.
Re I bet they refused to accept the evidence at hand?
What can any one German do? If they make a fuss, protest your on a domestic security agency watch list as a far right or left sympathiser, fellow traveler.
No more security work, risk that promotion, your boss gets a hint about your new found political views...
As in West, East or now in Germany - you protest, you risk a lot long term.
Asking for telco/privacy law reform in Germany is not fun outside a list of tame political parties, front organizations and trusted activists offering busy work.
Yes the cash flow post WW2 is the key.
West Germany was rebuilt on French, UK and US terms and ideals. Staff where vetted and kept their old ww2 jobs or where in the UK, France, US under Operation Paperclip like plans.
Operation Paperclip https://en.wikipedia.org/wiki/...
Reinhard Gehlen and start of West German/CIA work https://en.wikipedia.org/wiki/...
Operation Gladio US/EU long term staff https://en.wikipedia.org/wiki/...
So long term the people selecting the next generation of West German telco/crypto staff where very thankful to France, the US and UK for forgetting their WW2 work.
Over many years this has build up a cadre of West Germans with a very strong bond to the US/UK.
Add in a flow of US and UK tech to support West Germany at a signals and mil effort and you have a very skilled, very dependant class of German bureaucrats, officials and officers.
Germany has crypto skills but still handed its top elected political leader junk US crypto that gave the USA voice and text over generations of the telo product.
Too many shared facilities, further education on US and UK methods, systems and products have produced German staff that enjoy working with 5+ other countries.
How are German firms, gov negotiations, gov vetting, German trade deals and science served by German gov teams handing all over related telco material to 5+ other competitor nations and a few other nations?
How can German leaders and firms escape this shared crypto mess? Stop using the telco system, start meeting face to face at random sites, test top staff with fake projects and see if German bureaucrats, officials and officers mention/hint take the unique bait.
Reread the origins of the staff that failed - how where they positioned to enter your firm, brand and who promoted, protected them?
Work around the German telco staff and their shared digital networks, start putting the German brand and German interests first.
Use computers, junk crypto and the secure phones to spread wild fake news, fake info about amazing new products and projects fitting in with expected projects/patents.
Give the German translators something fun and new everyday:)
eg a version 2.0 of Operation Mincemeat https://en.wikipedia.org/wiki/... with your brands future projects.
Any real work is done face to face with tested and trusted inner German only teams...
Re: "Why, in the hell, any country (even mine) have the right to record my phone calls, track my e-mails, access all my data? "
It gets better, you have 5 other nations and a few extras getting data too. Thats all their active staff, former staff, ex staff who know of telco systems weaknesses floating around the world. What of their cash flow, faith, political views at any time into the future? Thats the problem with weak encryption and junk telco networks. Generations of staff have seen the keys at work or know of nation wide weaknesses. We traded geography and junk encryption for 50 years of plain text via ENIGMA 2.0. Who else is getting the plain text? Who else is paying for the plain text? Who else is seeing into random gov's negotiations and offering the perfect price every time?
Junk encryption does not flow in one direction or magically stay in zones of interest. Once the keys are out, its fun for all. You really think the 5++ other nations are just reading what they get offered at shared sites and are not using the same telco sub systems for their own diverse national interests too?
The junk consumer encryption and software packages to track people where useful to the gov looking down its telco network?
They understand more, have their own better deep packet options and fully understand encryption.
China can now do without US consumer OS brands - a better place to be in any trade negotiations.
What can some US technocrat jet in and say anymore? No OS or computer chips? No banking interconnects? No credit cards? No computer games? No big movies? No easy trade deals?
No robotics? No US supercomputers? No getting US export controlled simulation software?
Lots of funding for dissident groups and cults?
Its not the 1960's-80's anymore. What the US can hold back in exotic tech the EU will gladly sell or find. Anything else China can now make or work around with its EU friends.
China knows to have its own local cpu options, networking, telco systems and OS code.
China knew the GCHQ (Tai Mo Shan and other sites) and NSA where into every telco system and signal around China looking in from shared sites in Asia and from above.
The US and UK also liked to use Western container ships as cover to hide complex collection equipment via tame Western shipping firms.
China understood US supplied networking, telco systems and OS would be a natural evolution of past data collection efforts.
China seems to have had its own neat magic in rapid growth with consumer and prosumer US products.
China seems to have had its own ability in watching foreign backed dissident groups using junk default encryption on consumer and prosumer US products.
Now that China has its own backhaul telco systems, its own hardware, cpu options and software its time to re think vast use of expensive US networking products.
The other option is to produce, code and sell brand China via a next gen product range from factories in China, shipped and sold under well funded 100% China owned brands. The worlds emerging and established markets can be flooded with a diverse product range at a fair price without the US "gov inside" reality many trusted US brands now offer.
China gets total control of hardware, software, export cash, jobs, its own branding around the world and can secure its coastal and river shipping lanes. The OS is just the next small step.
Start thinking locally.
Do you need that chat or VOIP product known to decrypt your messages on your computers?
Do you need that free or consumer OS known to decrypt your messages on your computers?
Do you need to invite that hardware vendor known to backdoor your servers next upgrade?
Do you still trust that crypto vendor known to trapdoor your communications system?
Are your staff really fully aware of what tame academia, hardware and software providers offered as robust crypto standards?
Does your historic database really need to be on a cloud with a vendor known to share access to your data?
A whitebox solution with regional expert staff will run hot, be very expensive and you still need a CPU vendor.
If your nations political leadership, tame academics, mil staff are happy to see your productive entrepreneurship given to 5+ other nations for free over decades...
not much you can do but rethink your own network and computer use.
Over the decades when exposed and required to be shut down:
The main operational software and hardware is removed and the teams reassigned.
The methods, data gathered and backups just end up at a different site, branch, agency under as a new or old project.
The classic "Total Information Awareness" https://en.wikipedia.org/wiki/... would be a public example of this.
It really depends on who is doing the networking: eg. a suburban pay tv cable network with older code may not able to fully encrypt and reconcile every MAC, device with billing and their network beyond a node to every home and device.
If your nation, firm, cult or organization can find some skilled locals you have an interesting network to hop along in a distant country with a physical endpoint in a city.
Nations can list all the 'other' nations all they like. The selection of nations may just be dependant some telco saving the cash on signed crypto like upgrades over many years. The costs of vans, staff, finding the old hardware, replacing it, upgrading is not worth the cost in new crypto and extra bandwidth - so you have a lot of interesting, sort of fast, open older networks world wide.
"Ok, so my topology would cost a few thousand more."
Think of the people with contracts selling security in place. Do they really want a robust, healing, balancing, working solution with the min of support calls?
If the bad people are in the network, you have to clean the new extra code out, reset and then the magic can start.
You have the contract to look after the brand and have just seen all your tech been fully understood by diverse people from around the world.
Clean, patch and wait will not work. The people from around the world now know too much about the inner working....
With a new contract for next gen software and hardware the brand can out class and out pace many known issues.
Issues like this can keep entire sectors of the cybersecurity-industrial complex very happy.
It depends on the sales and skills of the coders.
With 3d printing, expired 3D printing patents or will expire soon, 3d design visulization at home could get be a area of growth.
3d artwork, dev workflows for games, games and video conferencing could all be growth areas with todays bandwidth, cpu and emerging artistic creativity.
The other aspect is how will some/many/most users react during and after use?
Thats hours a user will be trapped in your 3d walled garden due to the limits of other web 2.0 sites, games, communities offering the same 3d experience.
Re China, Russia and drug cartels probably have their own
They would not be sending emails about legal questions. They would be part of the herd, passing tests, exams, going for promotions, always wanting to be seen ready to get new skills, pacing their work. Nothing to make fellow staff want to block them, flag them, report them, always good enough to be part of the next project, sharing the glory, a team player who really shines.
Been betrayed or almost discovered would be the only reason to pull them out. They have the smarts to stay and the faith, connections to stay loyal to their real cause.
Very hard to find once in the middle and upper levels and with privatized background database only entry level screening - a free for all to try. Every cult, faith group, country, crime syndicate, gang will be channel stuffing entry level staff - some might make it up the ranks.
Re what else is there that they are leaving the public at risk by keeping it a secret? ... that inner core of 'new' friends of friends now owns the project.
Think of classic home network traffic and DES like 'home' isp protections still in use.
Some very low quality efforts floating around many nations networking telco systems.
Long term and short term the idea might be catch and release, a vast cadre of informants and people who have to vouch for 'new' friends of friends.
Projects are started, friendships formed, trust built. Over years that project gains trust and is built in free, open or commercial products.
People move onto other projects, work, study
The consumer crypto landscape will be like Engima or what embassies used in the 1950-80's - back to plain text everytime, in realtime.
We know the software and hardware past, we have a tiny view global data grab of the present.
Depends on the lower US courts: :)
http://www.freedomwatchusa.org...
Other US courts consider color of law to be fine due to some issues that make it ok to spy domestically for a generation.
You and your legal team would be facing diverse US legal options. The option to go with special color of law just this one time again or not.
The good part is legal teams still get to talk in public about the color of law been used on that day in court
If you look around and see how other people doing "Whistleblowing" ended up http://cryptome.org/2013-info/... ... and just wanted better pay, conditions, advancement, had staff issues, had personal issues... a short human interest story at best. Your job is over, your security work is over, you face jail. No change.
You can talk to your boss - your job is over, your security work is over. No change
You can talk to a cleared US court - your job is over, your security work is over, you face jail. No change.
You can talk to a supportive US political leader and face a security court - your job is over, your security work is over, you face jail. No change.
You can talk to the supportive US press to face spin that your on the far left, right or a unionist, faker, just a contractor
A lot of people have tried the legal system and the cleared legal teams, the political support and US press. No change.
Try something new. No change in the US political or legal system but the individual is now more aware of the brands/crypto/maths/hardware/software that fooled them.
You can now buy/support/code for any different brand, learn about real crypto beyond tame junk gov standards, write about the small brand changes you have made.
Ellsberg showed generations how historical spin works.
Snowden showed generations how junk crypto and tame brands are sold.
Yes re "the Pentagon Papers had no effect on the elections at all" :)
It woke up a generation of historians, the press and students to the ability of the mil to spin a story and have a generation fooled into taking sides in a distant civil war.
The other aspect is the two tracks of US mil thought - the correct view that you cant win a civil war vs more air support, cash, real troops, local death squads will win every time no matter realities on the ground.
US political power, section of the mil got to hide their mistakes pushing it all on planners
Re "Second, it is almost certain that ALL of that information was given over to the governments of the countries he traveled to."
Thats a big leap AC. Russia and China would not touch anything gifted to them by a CIA/NSA/contractor as a walk in while talking about the press.
Russia and China have had decades of gems from ex staff but with a lot of expensive CIA/MI6 junk in the mix.
China has its own path of internal growth, EU/US supporters and a collection of very smart students around the world.
China is doing fine in globally with its exports, brand building, loans and political charm that gets deals done. They know the West ability - surrounding listening stations, Western owned container ships with listening equipment, subs, optical taps, junk crypto, junk hardware/software, banking access, cults/NGO, protests - sorting a pile of 'free' docs for gems is just not worth it.
Russia will just take one look at the person and think back to how many times it has been fooled by the CIA and MI6.
They did not find this person, work with them, test them, build them up. They have their own vast skilled networks of trusted people doing great work over generations.
Sorting a pile of 'free' pre sorted docs for gems is just not worth it for Russia or China. They did what they had to politically - transit and a work permit.
The "signing keys for is nefarious purposes" usually come with a set of people. The NSL lets the gov sit down and make offers before that middle class, trust fund or wealthy extended family security cleared legal team finds their way to the interview.
The gov gets the server, the staff to step away with a NSL and the ability to become the 'staff'. .....
At first you just get the build ability. Then a safe, expected build with the surrounding jargon and skill set is tried.
If the community did not notice the change to the staff or build or site then a project can be turned.
The new tame staff are slowly rolled out to the wider community with a full 'crypto' history on the web to be found.
If the community did not notice then a project can be altered to ensure the user gets full crypto but so do a few govs around the world and their friends have keys.
Its just building on the classic hardware and software methods the US and UK gov used in the 1940-80's - the NSL is a tool to get in, then the work starts on the project.
The NSL is just the first outer step. It shows the gov who will turn, who will turn but get a message 'out'. All the NSL might be about is a server, logs and all related access to every part of the project.
Then the offers start: Work with the gov, walk away but approve all changes/staff, walk away or
The NSL got the results of providing a way in, no outside changes if done right and over time the 'new' staff can shape the project in many different ways.
From just a honey trap to find/chat up/turn the helpers and experts who are hard to find but would be attracted to some types of projects.
To give a past, faces on ongoing staff that can be used for decades but need a turned project to build that lifestyle s they start out.
Later a project may get a classic trap/back door with extra keys for gov decryption or not - the staff go on building great code but provide decade of introductions to a wider community allowing 100% gov run front crypto efforts.
Why risk a back door in an existing project when in a few years you have a 100% gov crypto front with the blessing and 100% support of an older trusted project? Over time the older project gets more limited. People are attracted to the 'new' 100% gov crypto front project.
It can all start with a chat over a log under a NSL with results around people or the existing code or the next gen of code or a side project.
The interesting aspect is the wider public is now talking about the topics.
Yes the NSL gets them a/the trusted build server and web connections and allows the gov to become the 'project' with their own tame/turned staff over time.
Over time the next tame builds have the classic trapdoor/key/backdoor. The applications still looks the same, all the sites look the same, no 3rd party can get to your data just one extra entity will have a way in too. The new feature over the life of a project after a NSL is the control of the site, server, code, staff and later an extra US/UK gov key is built in over an expected update cycle.
So... what has changed... have the roosters come home to roost!?
The German and French police experiences of the 1970's and 1980's via peace, workers, law reform groups and the use of early computer networks is been folded into everyday policing.
Facial recognition, computer learning/tracking of written web 2.0 content, voice and web cam collection are all part of keeping one step ahead of the formation of all protest groups.
After individuals have been identified they can be tracked, sorted and appropriate action can be focused on the person. The option to set up, turn into an informant, been used to divide a group or offered an easy way out if they just stop protesting can be considered.
What makes Germany more legally interesting is the pro democracy laws that can put any group left or right under long term watch once legally found to be a problem for German democracy. A neat legal gift left in German law after ww2.
The rest of the tame protesters can be herded into established groups that are 100% gov controlled or totally tracked to do pointless busy work around political ideas with no traction with the wider public.
The mass French protest experience and national coordination with early networking via Minitel https://en.wikipedia.org/wiki/... will not be allowed to form on German web 2.0.
The German gov hopes German protesters will see organizing on web 2.0 as risky as a telephone in 1980's East German once on a list.
You chat on web 2.0, protest, your under easy to see active watch, tracked, approached by name and offered gov terms: work with the gov, stop now or expect jail 'soon'.
What the German gov has forgotten is East Germans turned up at churches and protested, risked prison, loss of jobs, loss of eduction, loss of family.
Yes the email seems to exist :)
http://time.com/137530/nsa-to-...
http://www.theguardian.com/wor...
"He goes on to cite a list provided in the training that ranks presidential executive orders alongside federal statutes in the hierarchy of orders governing NSA behaviour.
“I'm not entirely certain, but this does not seem correct, as it seems to imply Executive Orders have the same precedence as law"
With an unnamed individual sending back "“correct that EO's cannot override a statute” but that they have the “force and effect of law”."
Would seem to show a legal question in one email was 'found' and is now been presented with spin to the wider media.
Re 'decide his fate by staying in the US and facing the judicial system ? "
At best he would have found some political interest in his case.
He would have faced a sealed court as just a 'contractor' as the gov aspect of his NSA and CIA work would have been carefully hidden.
A 'contractor' may face all the same legal charges as a gov worker but enjoy few of the gov worker only whistleblowers legal protections.
He would have had all the legal protections of a contractor before a sealed court with a very expensive short list of cleared lawyers.
His legal team would not have the clearance to see, question or ask for more evidence that would support his case.
His legal team would not have the clearance to present more facts to any interested cleared political supporter.
After a short, rigged hidden trial the very public spin would begin.
The left of the US main stream media would understand he was a low level private contractor and not worth reporting on.
The right of the US main stream media would understand he was a low level contractor with far left union ideals and not worth reporting on.
For anyone else the hint that he was a limited hangout would make sure they lost interested in the few public fragments of the case.
Knowing what happens to even the most politically powerfully supported US gov whistleblowers within the US legal system the only wise option was to get the information to the press and then be free of the material.
You can more read about other past US whistleblowers and their US court experiences here: http://cryptome.org/2013-info/...
The other good aspect is that great law reform teams can now work with the public information in public courts and slowly bring more media attention to the loss of US rights and freedoms over the past decades.
Re the intelligence/industrial complex, but that doesn't make a whole lot of sense either.
Classically the intelligence/industrial complex will find a tame brand that reverts to plain text for them (and only them) while been secure to all known 3rd party efforts.
They will then top down, middle staff the project in key areas to ensure ongoing plain text ability and that such new code/hardware is not questioned within the brand.
The final step is to out class, out price and upset all other 'real' products on the market. Low price, standardization, gov contracts will ensure tame brands rise and all others fail over years. That was the late 1940's to 1980's 'hardware and 'software' key for the intelligence services.
With in any new merging generation of hardware or software you have all plain text.
Open source provides the option to start a gov run 100% fake crypto effort and keep it funded, to turn a small group of key people in a larger effort or fund/shape an expert group into long term amazing non crypto projects.
Thats the bright side. The other aspect is just to have a chat with key people and project is no longer updated.
The current game at a state, federal and intelligence/industrial complex seems to be to turn people, run/take over projects and attract as many new people in.
Soak up the skill set so nothing too new forms.
The GCHQ view was to sit back, watch, learn and build. Not many understood crypto, talked about it and all was good for decades.
The US effort now seems to be very public, legally active. People are now talking about crypto. The UK gov seemed to have the better vision for long term decryption.
Another fun question for Germany is who clears the crypto tech, the paper trail of its conception, design, development, testing, build.... the fully trusted life cycle of any secure German only telco product.
How generations of cleared German gov contracted academics, the German military, German security services all allowed this to happen is something for elected German leaders to ponder.
Can diverse, independent, fully vetted groups of staff, engineers, consultants really just rubber stamp something of that importance to Germany?
Given German exports and scientific education - lack of skills does not seem to be the origin of this plain text issue. Other nations have to buy the open market crypto and fully understand they are getting junk - but they know need it for everyday use and take steps to reduce their chatter.
Re I bet they refused to accept the evidence at hand?
What can any one German do? If they make a fuss, protest your on a domestic security agency watch list as a far right or left sympathiser, fellow traveler.
No more security work, risk that promotion, your boss gets a hint about your new found political views...
As in West, East or now in Germany - you protest, you risk a lot long term.
Asking for telco/privacy law reform in Germany is not fun outside a list of tame political parties, front organizations and trusted activists offering busy work.
Yes the cash flow post WW2 is the key. :)
West Germany was rebuilt on French, UK and US terms and ideals. Staff where vetted and kept their old ww2 jobs or where in the UK, France, US under Operation Paperclip like plans.
Operation Paperclip https://en.wikipedia.org/wiki/...
Reinhard Gehlen and start of West German/CIA work https://en.wikipedia.org/wiki/...
Operation Gladio US/EU long term staff https://en.wikipedia.org/wiki/...
So long term the people selecting the next generation of West German telco/crypto staff where very thankful to France, the US and UK for forgetting their WW2 work.
Over many years this has build up a cadre of West Germans with a very strong bond to the US/UK.
Add in a flow of US and UK tech to support West Germany at a signals and mil effort and you have a very skilled, very dependant class of German bureaucrats, officials and officers.
Germany has crypto skills but still handed its top elected political leader junk US crypto that gave the USA voice and text over generations of the telo product.
Too many shared facilities, further education on US and UK methods, systems and products have produced German staff that enjoy working with 5+ other countries.
How are German firms, gov negotiations, gov vetting, German trade deals and science served by German gov teams handing all over related telco material to 5+ other competitor nations and a few other nations?
How can German leaders and firms escape this shared crypto mess? Stop using the telco system, start meeting face to face at random sites, test top staff with fake projects and see if German bureaucrats, officials and officers mention/hint take the unique bait.
Reread the origins of the staff that failed - how where they positioned to enter your firm, brand and who promoted, protected them?
Work around the German telco staff and their shared digital networks, start putting the German brand and German interests first.
Use computers, junk crypto and the secure phones to spread wild fake news, fake info about amazing new products and projects fitting in with expected projects/patents.
Give the German translators something fun and new everyday
eg a version 2.0 of Operation Mincemeat https://en.wikipedia.org/wiki/... with your brands future projects.
Any real work is done face to face with tested and trusted inner German only teams...
Re: "Why, in the hell, any country (even mine) have the right to record my phone calls, track my e-mails, access all my data? "
It gets better, you have 5 other nations and a few extras getting data too. Thats all their active staff, former staff, ex staff who know of telco systems weaknesses floating around the world.
What of their cash flow, faith, political views at any time into the future? Thats the problem with weak encryption and junk telco networks. Generations of staff have seen the keys at work or know of nation wide weaknesses. We traded geography and junk encryption for 50 years of plain text via ENIGMA 2.0. Who else is getting the plain text? Who else is paying for the plain text? Who else is seeing into random gov's negotiations and offering the perfect price every time?
Junk encryption does not flow in one direction or magically stay in zones of interest. Once the keys are out, its fun for all. You really think the 5++ other nations are just reading what they get offered at shared sites and are not using the same telco sub systems for their own diverse national interests too?
The junk consumer encryption and software packages to track people where useful to the gov looking down its telco network?
They understand more, have their own better deep packet options and fully understand encryption.
China can now do without US consumer OS brands - a better place to be in any trade negotiations.
What can some US technocrat jet in and say anymore? No OS or computer chips? No banking interconnects? No credit cards? No computer games? No big movies? No easy trade deals? No robotics? No US supercomputers? No getting US export controlled simulation software?
Lots of funding for dissident groups and cults?
Its not the 1960's-80's anymore. What the US can hold back in exotic tech the EU will gladly sell or find. Anything else China can now make or work around with its EU friends.
China knows to have its own local cpu options, networking, telco systems and OS code.
China knew the GCHQ (Tai Mo Shan and other sites) and NSA where into every telco system and signal around China looking in from shared sites in Asia and from above.
The US and UK also liked to use Western container ships as cover to hide complex collection equipment via tame Western shipping firms.
China understood US supplied networking, telco systems and OS would be a natural evolution of past data collection efforts.
China seems to have had its own neat magic in rapid growth with consumer and prosumer US products.
China seems to have had its own ability in watching foreign backed dissident groups using junk default encryption on consumer and prosumer US products.
Now that China has its own backhaul telco systems, its own hardware, cpu options and software its time to re think vast use of expensive US networking products.
The other option is to produce, code and sell brand China via a next gen product range from factories in China, shipped and sold under well funded 100% China owned brands. The worlds emerging and established markets can be flooded with a diverse product range at a fair price without the US "gov inside" reality many trusted US brands now offer.
China gets total control of hardware, software, export cash, jobs, its own branding around the world and can secure its coastal and river shipping lanes. The OS is just the next small step.
Start thinking locally. ...
Do you need that chat or VOIP product known to decrypt your messages on your computers?
Do you need that free or consumer OS known to decrypt your messages on your computers?
Do you need to invite that hardware vendor known to backdoor your servers next upgrade?
Do you still trust that crypto vendor known to trapdoor your communications system?
Are your staff really fully aware of what tame academia, hardware and software providers offered as robust crypto standards?
Does your historic database really need to be on a cloud with a vendor known to share access to your data?
A whitebox solution with regional expert staff will run hot, be very expensive and you still need a CPU vendor.
If your nations political leadership, tame academics, mil staff are happy to see your productive entrepreneurship given to 5+ other nations for free over decades
not much you can do but rethink your own network and computer use.
Over the decades when exposed and required to be shut down: The main operational software and hardware is removed and the teams reassigned.
The methods, data gathered and backups just end up at a different site, branch, agency under as a new or old project.
The classic "Total Information Awareness" https://en.wikipedia.org/wiki/... would be a public example of this.