Snowden: You can't trust SPOOKS with your DATA Irony meters exploded when NSA whistleblower Edward Snowden, addressing the SXSW conference via video link today, urged programmers to encrypt their data to protect it from, er, prying eyes. snowden SXSW Snowden wraps himself in US constitutions Snowden, a former CIA technician, addressed the audience in Austin, Texas, in …
> The NSA has supplied information to the DEA about drug deals and DEA agents have lied about the source of that information.
I'm sure things like that happen -- corruption is nothing new -- but that the DEA agents lied about it should tell you it is not standard procedure, or even legal.
> You seem to have a problem with the idea that people oppose the idea of dragnet surveillance
People oppose all sorts of things, not always for good or even rational reasons -- see e.g. the anti-vaccination movement. If people are not in any risk from the "dragnet surveillance", then yes, I do think there are more pressing matters. Like the very real and actually dangerous dragnet surveillance from corporations and ordinary law enforcement.
Also, stop fucking projecting on me. Seriously.
While I don't have much disagreement with this in general, a couple of minor points are worth noting.
First, as Snowden states, properly applied encryption can protect communication privacy against signals intelligence collectors, and that would include protection against those who can tap international data links. (He is simply wrong about the surveillance, though; most of that derives from metadata.) Encryption is unrestricted in the US as to both use and type. As far as I know, that is basically true in the other Five Eyes countries, although in many others it is not, specifically including Russia and China, which among other restrictions authorize use only of government approved encryption methods.
Petty bureaucrats here in the US (including border guards) certainly do not require anything CSEC or others might pass to them through NSA to harass me if they wish; I doubt things are much different elsewhere. And so far, reports of actual harassment of citizens based on signals intelligence analysis seem to be pretty much absent. The closest thing I recall in the US is of NSA passing information to the DEA about smuggling of illegal drugs. Both the utility and the existence of oppression based on signals intelligence have been enormously overstated.
Based on reading some of the documents rather than only the news articles, the degree of oversight, at least of the NSA, appears to have been seriously understated or even suppressed. The New York Times article this morning describes loosening that the FISC approved in about 2002, with accompanying documents that describe restrictions that still are fairly restrictive on release of US "person" identifiers to law enforcement officials. One may wish to argue that the NSA did not adhere to the restrictions. There are known cases of that, but they appear to be aberrations, ones that were known because the NSA internal oversight organization reported them.
Probably the best argument against collection of domestic data by the likes of NSA and the like are that the costs probably far exceed any conceivable benefit.
Even if you could get the majority to care enough to participate - questionable in the UK - we have a huge problem to overcome with trust. If we can't trust the software we're using to encrypt, all the measures we try to take might well be a complete waste of time and we'd never know, and that I find profoundly disheartening.
I think its telling that some prominent people are asking searching questions of Truecrypt, because it seems a logical place to start with pushing the idea of more widely used encryption. But the fact these questions weren't being asked before in spite, for many I suspect, of nagging doubt says a great deal about how far trust has collapsed, and what a gargantuan task it will be to rebuild it to the point that we can have some reasonable level of confidence that the systems we use are not compromised.
Sadly, I suspect that dearth of confidence works to the advantage of the NSA and chums - 'divide and rule' writ large.
Snowden is right, make it expensive by encrypting everything, at the moment they can just hoover up any old shit and make it look to be important, bullshit baffles brains as they say.
Problem is he is also right with, how the F%$K do we get people to understand, just encrypt your email to granny it's keeping your freedoms safe!
The majority of the intelligence value probably is in the metadata, which normally would be tough to encrypt. Tor may help there.
Despite the current hysteria, I have little hope, however. I have been trying for years to persuade my family and friends to use PGP, with only one taker, who found it on his own.
"rony meters exploded when Snowden, a former CIA technician, addressed the audience in Austin, Texas, in a live broadcast using Google Hangouts, given the web giant's involvement with surveillance of the population."
Except that's bollocks:
http://www.huffingtonpost.com/2013/09/10/internet-companies-nsa_n_3896097.html
for example. None of these companies have a choice in 'co-operating' with the NSA, it's all done at the end of a metaphorical gun barrel. Point your hate in the right direction, the US and UK govs.
I don't see the poster saying that at all?
I see the poster saying that Google weren't willingly handing stuff over left, right and centre. That's decidedly different to them denying that Google slurp data.
Definitely a tinfoil hat subject though. Whilst I agree we should be making it difficult for these agencies, I doubt what I do on the internet really interests them that much. And if you think your internet activity is that interesting to them, might I suggest a room with nice, soft walls and a big jacket?
>I doubt what I do on the internet really interests them that much. And if you think your internet activity is that interesting to them, might I suggest a room with nice, soft walls and a big jacket?
True, what I do as an individual doesn't interest the NSA. However, it gets insidious when you consider that political groups are monitored - The US gov has been happy to subvert democracy in the past by undermining legitimate political groups that have been deemed to be 'un-American'.
Of course, one man's political group is another man's bunch of nutters. And one man's political group can be painted as a group of nutters if that serves another man's interests.
"Of course, one man's political group is another man's bunch of nutters. And one man's political group can be painted as a group of nutters if that serves another man's interests."
The principal is as old as the hills, but I recall there was a story during the Iraq invasion about a guidance memo issued by (I think it was) CNN to crews covering demonstrations in Washington against Bush/the war. The suggestions included that camera angles should focus on "misfits" including "those with beards or tattoos" or who were wearing "unpatriotic t-shirts".
A generation earlier, the BBC famously reversed the order of footage at the "Battle of Orgreave" during the 1985 miners strike. The edited footage showed the miners pelting police with bricks and the police responding to the provocation with a baton charge, rather than the exact opposite.
I personally threatened resignation rather than allow one of my images to be selectively cropped to fit a narrative that suited my editor, but grotesquely distorted the events I witnessed. It is absolutely everywhere, and done trivially.
"Mind I suspect you may have touched a nerve and am now expecting a conflated and massive polemic on the evils of anybody Trevor doesn't agree with ...... regardless of the reality of the situation."
I don't have a huge problem with the corporate collection of data. I am, however, aware that many others do.
Yes, these companies have no choice but to hand over the data they collect. That's merely a statement of fact. Those companies, however, make a choice as to ho much data they collect. There is no evidence to say that they have been directed by national agencies to specifically collect more data than they otherwise would have.
That means that whilst I don't personally have a huge issue with the fact of corporate data collection, there is a legitimate case to be made by those who do. That means that aversion to the amount of data collected by these companies can be part of a rational decision making process that entails choosing not to use these companies.
Thus the fact of their collection - and how much they choose - to collect is relevant. As relevant (if not more so) than the fact of national dragnet surveillance. Corporate collection makes the job of the national spy agencies easier and cheaper. The companies in question can choose to collect less, or to collect in a manner that makes that collection useless to the spooks. (Unless and until ordered otherwise.)
Me, personally, I wouldn't have a huge issue with corporate collection if the spooks weren't a threat. I can choose to avoid corporate collection with simple tools. Google, Microsoft et al provide me valuable tools in exchange for my privacy, and I honestly believe many of them put effort into doing a good job to protect my privacy from everyone except the spooks.
So if I've a beef with the original poster here it is merely that one cannot realistically separate the fact of corporate collection from governmental collection in today's world. They are deeply intertwined.
Personal privacy will best be regained by curtailing and limiting the powers of our national security agencies and dialing back the surveillance state. Once the spooks are prevented from using dragnet surveillance and properly restricted to targeted surveillance then we as citizens can set about choosing how much of ourselves to reveal by choosing which corporations we interact with.
None of these companies have a choice in 'co-operating' with the NSA, it's all done at the end of a metaphorical gun barrel. Point your hate in the right direction, the US and UK govs.
No, you are absolutely right, when the NSA comes to those companies, they have to obey. Except those companies do have one thing they can do - they do not have to have physical nor corporate presence in the US. If google were *so* upset about it, after the first order came in they could have announced that they were upping sticks and moving everything outside of NSA's explicit reach.
"Due to the current political climate and state intrusion we can no longer operate in the US. Please direct all queries to Fort Meade."
"Except those companies do have one thing they can do - they do not have to have physical nor corporate presence in the US. If google were *so* upset about it, after the first order came in they could have announced that they were upping sticks and moving everything outside of NSA's explicit reach."
You forget that THE PATRIOT Act puts any US registered company in the NSA's pocket.
That law is the core that drives the bending of the FISA courts and a bunch of other stuff.
It could have been repealed.
It has not.
No John, I did not forget that the patriot act puts any US registered company in the NSA's pocket.
You however failed to grasp that the entirety of my post was that US registered companies choose to be US registered. They could choose to not be a US registered company, if what the NSA asked them for was so abhorrent - they make out that it was, now that we know about it.
"They could choose to not be a US registered company, if what the NSA asked them for was so abhorrent -"
True.
They could also use some of their enormous profits to lobby to have THE PATRIOT Act scrapped.
After all as US corporations are "people" shouldn't they fight for their country as well?
But you're right. They chose not to do that either.
"You can't make this up."
No need to. Having 'democratic' and 'liberty protecting' western governments helping most dictatorships in the world is a more extreme instance of the same old trick. My enemy's enemy etcetera...
Now, compare what Snowden did - i.e. getting asylum in Russia and making public some info the Russians, in all probability, already knew - with, as an example, the Western support for Shaddam Hussein during the Iran-Iraq war. Compare the ethics, the scope and the consequences.
Lots of shades of grey here, but IMHO Snowden's actions are almost a pure white, compared with what our beloved governments often do.
I still don't really have an issue with any of it. Its not like anything I do is top secret. So someone reads my email to my Nan. So what, I was only asking her how she was and what the weather is like.
My issue isn't them accessing all our information it's more a case of them missing the ones they should be catching because they aren't focused enough. Its a hard task to be fair and I don't think there is a right answer.
I do have a worry but its more around criminals working on the internet, taking peoples bank details, distributing child porn etc. We make the internet difficult to monitor and those people become much harder to catch and them and terrorist types are the ones we need to catch. A more locked internet makes it harder. Just open it all up.
As per the title I'm quite sure they are damned if they do and damned if they don't. They miss a terrorist and we'll nail them to the wall, they read our emails and we'll nail them to the wall.
You may not mind now, but you might in years to come when the data, whatever it is, is used against you in ways that you cannot imagine.
Nobody is squeaky-clean. Everybody does something at some point or other that is marginally illegal (speeding, stopping in a no-parking zone, littering, jay-walking, visiting unusual web-sites etc), or anti-social, If there is a record of it, no matter how trivial it may be, it could be used against you to build a case for further investigation if you suddenly do look interesting.
I presume that you know for a fact that your Nan has never been involved in any protests or pensioner activist movements, or a member of the Communist party or UKIP, or was an unused Russian sleeper agent, or even someone who worked at Bletchley Park and is not allowed to talk about it that may warrant investigation (wild speculation, I know, but are you sure).
The only way to prevent this is to stop the data collection in the first place!
"I still don't really have an issue with any of it."
You are assuming that you only have to worry if you have done something illegal (or are planning to).
An example off the top of my head:
You work in the security industry and require SC clearance for you job - you work at the MoD.
One of your kids starts taking an interest in politics, and without you knowing it, signs up to Sinn Fein newsletters and makes the odd donation.
In a total surveillance society, how long do you think you would still have a job?
Another one: You may not be a powerful person today, so you don't worry about the kinds of things that would ruin a political or top level business career. Even so, you don't post embarrasing stuff on the internet. However, one day you are a politician and about to assume a highly powerful position, but somehow someone managed to get some dirt on you from your past that no-one could possibly know (perhaps you took out a porn subscription to 18yr-old virgins or something) - something that was legal then, but isn't now. Now they decide to let you be, but now they own you. Perhaps one day you will be in a position to approve a budget, or bury a bill that could hurt them.
Bottom line: It doesn't matter whether or not _you_ mind or not, it's about whether or not the information _can_ be abused. Because if they can, they will.
"And how is that different to the muck raking currently done by the press? Like the daily mail and some labour MPs and PIE?"
It isn't. I suppose you know the source of all the info that the press use do you? Can you say for certain that this hasn't already happened?
Considering my views are pro snooping who's to say I don't already work in the trade. I still fail to see how any of my data can be used against me by my own government.
As long as you are honest for SC clearance you'll have no issues. Honesty is the key, it's why I don't care what information I send over the internet is snooped. If you smoked a joint as a kid and are honest about it you'll sail through SC clearance. Heck one day you may even run the country.
If I want something to be said in private I'll go talk to them. After all life outside the web is quite a pleasant place at times.
I'd be more annoyed by identity theft than I would GCHQ/NSA or similar holding a few emails, phone calls and SMS conversations.
"Considering my views are pro snooping..."
Whilst I respect your rights to hold your opinion, your use of "snooping", by it's very definition, does infer that you support the right of a government, organisation or sponsored individual to pry into the private affairs of any individual on whim. To me, this is a little unsettling. Not unsettling in the sense that you hold such an opinion, but unsettling that such opinion, once accepted as the default norm within society at large, will likely lead to a highly corrupt system. One corrupted by human nature, corporate lobbying and it's own inherent potential for abuse.
In real life, and elsewhere on the internet, I accept that whatever I say, do or post will likely be monitored, whether by CCTV, behaviourlal advertising systems, GPS location, or whatever. Because I accept such a reality, it does not however mean that I believe it is right to sanction or support the right of any organisation, whether governmental or corporate, to operate systems that 'snoop' on the private thoughts, communications and activities of the individual on a wholesale, whim-driven basis.
As others have stated, targetted surveilance? Fine. Wholesale capture? Not good, counter-productive and downright wrong.
What I never have seen mentioned is that much, if not all, of the general surveillance data really is useful only for targeted investigation of past events, and probably is used only for that. The notion that the security plods sort and process the bulk data or go through the video camera images with facial recognition algorithms to identify plotters and thereby prevent terrorist attacks is pure rubbish. Once they have a clue from targeted surveillance (whether signals or other) the bulk data has obvious uses in identifying the scope of any plot and rolling it up.
The bulk data allows investigators and analysts to look back into the past and see whom a suspect was in contact with and who, therefore, might also be involved in whatever the suspect is believed to be doing or have done. Without it there is much less capability to do that.
The important question concerns what a suspect is believed to be involved in. Bulk data of the type being collected by the NSA and other Five Eyes agencies, and by whoever collects street camera video, is dual use. Use to identify and prosecute terrorists or other criminals may be beneficial; use to identify and persecute political opponents or those with unorthodox political views is unacceptable in a democratic regime.
Controlling use of this information is a difficult problem, more difficult some places than others. In the Five Eyes countries government misuse of bulk surveillance data appears to be quite rare despite the availability of the data. The same is true in the remainder of the EC and a number of other countries, some of then known to collect a good deal of data. These regimes probably merit their citizens' trust, even in respect of bulk surveillance data. In some other countries, governments routinely prosecute or otherwise make life difficult for those with unorthodox political views. We all know pretty much which they are, and although they have not experienced a Snowden event, we can be fairly sure some of them conduct surveillance at least on a par with the worst imaginings about the NSA, and that they use it in ways the US government does not.
"As long as you are honest for SC clearance you'll have no issues. Honesty is the key, it's why I don't care what information I send over the internet is snooped. If you smoked a joint as a kid and are honest about it you'll sail through SC clearance. Heck one day you may even run the country."
I see..
So yo don't have to fear you're loss of privacy.
Because you already gave it away for your job.
And for the rest of us?
By contrasting identity theft with wholesale surveillance, you are confusing the argument. I, too would like a world where identity theft is prevented. But this won't happen by the government watching what everybody does.
Having concentrated data is more likely to cause identity theft if the information that is kept by GCHQ/NSA ever leaks. Imagine what damage could be done if in one information dump, miscreants get health records, bank details, loan information, social security data, work history, email trails, especially if this data contains access credentials to all of your on-line systems gathered through state-sponsored data gathering and cracking of the very cryptography systems that people believe keeps them safe on-line.
After all, we all know how good governments are at keeping such data safe!
I may come across a bit paranoid here, but it is probable unsafe to be too complacent.
BTW. Honesty is not enough to get/maintain SC clearance. If your honestly reveals the fact that there are serious concerns about you having a blackmail vector (serious debts, family members working in unstable areas of the world etc), or even if it shows that you've been out of the country for extended periods, then you will get SC clearance denied. I've seen it happen, and the first time I applied, the clearance was seriously delayed because I gave as a personal reference an upstanding professional member of the community who happened to have been born in Kenya during the Empire days (I did not think that it mattered - turns out it did).
And who knows how the rules may change in the future. It would be perfectly possible for those in control to make smoking dope in your history an automatic fail. It probably won't happen, but we cannot be sure.
These "examples" are, of course made up for the purpose of hypothetical argument. I, on the other hand, about 1970 counted a number of Maoist Communists among my friends and on occasion attended their meetings and rallies. Perhaps there were government agents there; I do not know. I do know that I had no trouble obtaining clearance to work in the DoD a couple of years later.
As an aside, the NSA was enjoined a couple of days ago from purging 5 year old data from its databases due to a pending lawsuit by the EFF.
For years the average Danish person had no problem with people knowing their religion, in fact it was written on their birth certificates. Maybe some were uneasy and thought it was a bad idea but there were too many others who said "I still don't really have an issue with any of it."
Sadly none of them could predict the future and in 1940 Denmark got invaded by an army whose first action was to grab those records to select people for death camps.
"I do have a worry but its more around criminals working on the internet, taking peoples bank details, distributing child porn etc. We make the internet difficult to monitor and those people become much harder to catch and them and terrorist types are the ones we need to catch. A more locked internet makes it harder. Just open it all up."
You equate a real loss of privacy with a potential improvement in the crime rate.
This has nothing to do with real threats and everything to do with the creating and maintaining of a state of fear which justifies this rubbish.
BTW neither the control of child porn or computer fraud are in fact part of the remit of intelligence agencies. Their supposed remit is the control of terrorism and intelligence gathering by foreign nations.
It is the former that "requires" they spy on everyone forever.
If you don't know this the basis on which you're making decisions is completely inaccurate.
@John Smith 19
A better way to state the point would be that a random citizen is far more likely to suffer damage from a criminal than from misuse of information gathered by foreign intelligence agencies. That is especially true in the US due to the antiquated card systems and POS terminals in use, but I know no reason to thing the intelligence services in Australia, Canada, New Zealand, or the UK pose a measurable risk to randomly chosen citizens.
It is, of course, completely true that foreign intelligence agencies such as NSA are not purposed to reduce child porn or computer fraud. Indeed, the NSA is not tasked with a large role in identifying or preventing domestic terrorism, mainly a job of the FBI. I do not recall seeing it reported, but it would be unsurprising if the FBI could request queries of the NSA metadata databases.
It might not be common place but GCHQ do provide assistance to the police in some cases when investigating child porn or other general computer crimes. I can think of two examples in the last few months where they have been involved in information gathering as the police simply don't have the skills to do it. I'm unsure about the NSA to be fair but GCHQ do this at times, although I agree its certainly not the primary focus.
My example of identity thief wasn't related to the main issue per say, it was more to highlight what the general public perceive as 'internet risks'.
A good debate all, always enjoy hearing other peoples views and you know you've done a good job commenting when you get voted down on the reg :)
"A better way to state the point would be that a random citizen is far more likely to suffer damage from a criminal than from misuse of information gathered by foreign intelligence agencies. "
No.
My comment was that a) The control of identity theft and/or child pornography is nothing to do with the signals intelligence agencies and b) the real threat of an actual terrorist incident is grossly disproportionate to the effort made in spying the citizens of their own country.
In 2007 MI5 stated they had 2000 islamist terror terror suspects. That's 0.0032% of the UK population who might perhaps maybe possibly commit a terrorist act.
I'll try to say it one more time. A US or UK citizen has every chance to be spied on by their own spy agencies for no reason, some chance of being a victim of a for-profit crime and almost no chance of being a victim of a terrorist act,
Yet those agencies are (supposedly) focused on the leastliekly event.
It's a simple idea, yet you appear to have trouble understanding it and try to re phrase it what seems more palatable to you.
Why is that?
"A better way to state the point would be that a random citizen is far more likely to suffer damage from a criminal than from misuse of information gathered by foreign intelligence agencies." - Clearly related, not to your comment, but the the one you were responding to - I overlooked the quotes. It still is a true statement about US/UK/Canada/Australia/New Zealand and quite a few other countries.
As you state, bulk communication surveillance data is of little use in preventing terrorism or any other crime such as child pornography. It is likely to be useful in the investigation of terrorist acts or other crimes after the fact.
Except that the bit about "killing the planet" is pretty much true in the "build everywhere, kill off other species, pollute endlessly, consume much" sort of way. Or do you really think it's going to all be okay even in 100 years time?
Just sayin'
a)I bet people were prophesying the same thing 100 years ago.
b)Things are going to change so fast in the next 100 years, you wouldn't believe it
c)The whole "killing the planet" line is imbecilic. The worst we can do is make it a bit dirty.
That is still "a bit dirty" by planetary standards. And I doubt we can even do that, except possibly through massive radioactive contamination. Climatologically speaking, large mammals were around in vastly different conditions to what we have now both in terms of temperature and atmospheric makeup. And larger mammals survive, thrive even, in conditions ranging from -20 to +40 degrees. And you only have to look at some of the worst polluted cities (China) to see that even when things are 100X worse than we've got anywhere else, people and other mammals carry right on living. You get illness and shortened lifespan but that's not uninhabitable by a LONG chalk. And all of this is without any technological intervention - animals don't have that but people do so we're probably now at the point we could survive just about any conditions we create for ourselves. Not in our current numbers, but again that is not the same as wiping the species out.
"A leaf from Saul Goodman's book?"
That's exactly what I thought. Frankly, 'wrapping oneself in the constitution' so blatantly is a tactical error, and detracts from the content of one's arguments. When Saul Goodman sits in front of a blow up of the US Constitution, are viewers invited to find him reliable and upstanding, or a cheesy shyster?
What? It's not too late?
Tell you what:
1) Go into a company
2) "IMMA HUV PROBLEMS WITH MUH MAIL"
3) "Ok, why not move everything to the Microsoft cloud...."?
4) "But what about the NSA?"
5) "Yeah, but think of the CONVENIENCE, man!"
6) ....
7) SOLD!
8) Your face when.
Sir Runcibald Ferrit
Pray do tell why you would trust data with Snowden? He can't have it both ways you know.
It's like the Police are supposed to uphold the law, doesn't always work out that way.
Next time stop trying to score silly points that way you won't look like a toothless ferrit
"Pray do tell why you would trust data with Snowden? He can't have it both ways you know."
I don't give a shit, I wouldn't particularly trust or distrust Snowden based on what he has done, but I do know that saying you can't trust spooks with YOUR DATA, doesn't equate to 'can't trust Snowden with DATA'.
I'm not interested in Snowden, I'm rather more concerned about the NSA and GCHQ getting out of hand and having their hands up the politicians arses.
Oh, and it's 'Ferret'
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
