back to article Tech companies are raising their game (and pants) post-Snowden

If there’s a positive to the disclosures by ex-National Security Contractor (NSA) contractor Edward Snowden, it’s that it’s been a disaster for technology and internet firms. Yes, a positive. In the last year we’ve learned the NSA has backdoors placed in the hardware that makes networks, the existence of massive funnels …

COMMENTS

This topic is closed for new posts.
  1. Ilsa Loving

    lolwut

    "shaking of users’ complacency in relying on “free” products and in being too accepting of what they’re given and of standard “solutions.”"

    HAHAHAHAHAHAHAHA!

    If there's one thing that's been proven beyond a shadow of a doubt, is that the average person doesn't have even the dimmest flicker of good judgement regarding security.

    http://www.theregister.co.uk/2007/04/17/chocolate_password_survey/

  2. Anonymous Coward
    Anonymous Coward

    Were they all in denial?

    Am I the only one who *expected* the NSA to be tapping fiber optics all over the world? It's a logical step from the telephone and radio interception they've done for decades. Mark Klein confirmed it in 2006. Paying or intimidating private companies into handing over customer data? Credit card companies were doing that 20 years ago.

    I'm only surprised at how amateur these guys are. The DUAL_EC_DRBG standard. The internal Sharepoint crap. The powerpoint slides where they brag about how 'l33t they think they are for doing script-kiddie hacks. The woeful lack of internal security...

    1. ecofeco Silver badge

      Re: Were they all in denial?

      De Nile?

      Most of the reports and news shows that they (MS, Google, etc., et al) were COLLABORATING!

      1. Pascal Monett Silver badge

        Collaborating ?

        Well I'd also collaborate with a thief holding a gun to my daughter's head.

        Now, far be it from me to defend Microsoft (or any of them, actually), but you do have to acknowledge that the NSA didn't just phone the majors and ask politely. They came to the door with a legal document saying basically "drop your pants now, 'cause you're shafted anyway".

        That being said, some companies may have been more enthusiastic in their cooperation than others, but still, they didn't really have a choice.

      2. southpacificpom
        WTF?

        Re: Were they all in denial?

        Well I believe that Assange has labelled Debian as the NSA's playtoy.

        Julian Assange: Debian Is Owned By The NSA

    2. CoolKoon

      Re: Were they all in denial?

      Well, they are still state-run bureaucracies (with all its pros and cons), aren't they?

  3. Paul Crawford Silver badge

    "The goal here isn’t to keep the NSA out, because realistically they will find a way in if they really care about you. The goal is to raise the cost so that bulk surveillance becomes impossible."

    Amen to that. We all knew spy organisation perform spying activities, but we thought/hoped it was targeted on the basis of probable cause and court oversight. By raising the cost of doing so, it becomes targeted again, court or no court.

    The other aspect of this is likely to be a general improvement in security practice, something that also helps against access by foreign gov (for any given definition of "foreign" that fits) and criminal hackers.

    1. John Smith 19 Gold badge
      Unhappy

      ""The goal here isn’t to keep the NSA out, because realistically they will find a way in if they really care about you. The goal is to raise the cost so that bulk surveillance becomes impossible."

      Amen to that. We all knew spy organisation perform spying activities, but we thought/hoped it was targeted on the basis of probable cause and court oversight. By raising the cost of doing so, it becomes targeted again, court or no court."

      Exactly

      The internet was built on trust. It's not that ISP's and admins could not snoop your packets, they just weren't interested.

      But the NSA and it's partners are like some autistic panoptical senior citizen whose interest in everyone 24/7/365 (not that they'll bother to listen to most of this BS, they just want it, "just in case" someone turn out to be a "threat" in 20 or 30 or more years). If there was a human following you around like they do you'd be straight down to a court to get a restraining order, and rightly so.

      It's time to start working (and delivering) the next generation of secure and private internet protocols, which balance legitimate access to law enforcement (with a warrant issued for due cause) and the 99.97% (that's roughly the percentage of the UK MI5 did not think were potential terrorists) whose business should be none og GCHQ's.

      1. Anonymous Coward
        Anonymous Coward

        "secure and private internet protocols, which balance legitimate access to law enforcement"

        Whoa there! Protocols are either 100% secure, or not secure at all. Law enforcement backdoors are unacceptable. Cops can do detective work the old fashioned way, and find physical evidence. Electronic evidence should be inadmissible in court anyhow; it's too easy to forge.

        1. Bronek Kozicki
          Holmes

          I upvoted John Smith on the basis that remaining "0.03% weakness" of the protocols has no technological basis, but sociological one. No matter how perfect your technology is, if someone with court order turns at your door, you have no choice but to cooperate. Of course ideally you should have no technological means for this, but in reality more than few protocols are built on trust (which can be subverted). Should these protocols be redesigned? Yes of course. Is this achievable goal? Not in 100% ...

          1. John Smith 19 Gold badge
            Unhappy

            Oops.

            "I upvoted John Smith on the basis that remaining "0.03% weakness" of the protocols has no technological basis, but sociological one. No matter how perfect your technology is, if someone with court order turns at your door, you have no choice but to cooperate. Of course ideally you should have no technological means for this, but in reality more than few protocols are built on trust (which can be subverted). "

            Actually what I meant to write was the 0.003% of the UK population (1500 suspects out of a then UK population of 66 000 000 were viewed as potential Islamist terrorists)

            Apologies for the missing decimal point.

        2. Michael Wojcik Silver badge

          Protocols are either 100% secure, or not secure at all

          This is an impressively meaningless statement.

          "Secure" is not some Platonic attribute that exists independently of context. Nothing is "100% secure" for the same reason that nothing is "100% colorful" or "100% strange".

          One of the biggest problems with IT security is the refusal of so many people to understand that it's theoretically complex and underdetermined, not just difficult to implement.

  4. Anonymous Coward
    Anonymous Coward

    realistically

    There is no way out - the only way out is to go off and live in some isolated part of the planet and live a self sustained life which in short has very little/restricted comunication access.

    The existance of technology and communication has also resulted in back doors in what we the users are lead to believe to be safe/secure devices.

    Regardless of how hard you lock these stuff down they have backdoors into it.

    So the feasible answer but impossible would be for all the techies who are outraged by all this to just get up and leave their jobs. Then when you have an entire industry that all the organisations rely on to make their money fails = no profits = no taxes = no money for the gov's = no money to spend on these big wild projects.

    Sadly I know the reality is if we all left tomorrow youngsters who are all pressured by current economic climate will jump in and replace us. So this would not work unless everyone just banished IT industry including those looking for work. That would be really the only clear message that this sort of thing should not go on.

    It is a bit like having a car with no fuel availability - great nice car but it don't run and there are no mechanics/fuel to make it run. A very large brick.

  5. Anonymous Coward
    Anonymous Coward

    Irrational fears lead to conspiracy theories

    Tin foil hat time.

    My little theory says that Snowden is a ruse who is actually paid by the US government to spread disinformaiton. Why you ask? Well the NSA and other bodies have been having a hard time breaking all this security and it's costing them too much money to keep up with the technology and all these little blackhat/whitehat programmers living in their basements. So what do they do? They put out a 'mole' to 'disclose' about a load of made up nonsense about backdoors in this that and the other. This puts the fear into everyone and so people start looking for supposedly more secure alternatives.

    Step into the breach a whole raft of new companies offering new and improved 'you can really trust our products, services, software and protocols guvnor. Honest!' 'stuff'.

    But behind the scenes all these new startups are part of the government initiative to create new 'stuff' that they can actively monitor.

    Unless the source code is available and can be compiled and compared by anyone I ain't buying it.

    Of course I could just be living on 'The Fringe' and am just another smoked too much cann[tea] nut job. :)

    1. ecofeco Silver badge
      Boffin

      Re: Irrational fears lead to conspiracy theories

      Google "PROMIS"

      After that, catch up on all the news article and reports you missed that show the major IT players were COLLABORATING with the NSA.

      Then you can scratch that conspiracy off your list.

      1. ecofeco Silver badge

        Re: Irrational fears lead to conspiracy theories

        Thumb down? Was it the lack of facts?

        /sarcasm

    2. John Smith 19 Gold badge
      Unhappy

      Re: Irrational fears lead to conspiracy theories

      "My little theory says that Snowden is a ruse who is actually paid by the US government to spread disinformaiton. Why you ask? Well the NSA and other bodies have been having a hard time breaking all this security and it's costing them too much money to keep up with the technology and all these little blackhat/whitehat programmers living in their basements. So what do they do? They put out a 'mole' to 'disclose' about a load of made up nonsense about backdoors in this that and the other. This puts the fear into everyone and so people start looking for supposedly more secure alternatives."

      Says the AC.

      Thanks for you "insight."

  6. ecofeco Silver badge

    We can confirm this, how?

    What utter, UTTER bullcrap.

    There is no way, NONE for anyone but another Snowden to verify if they really have closed the backdoors.

    You can bank on the fact that they haven't or have instead, just created new ones while closing the old ones.

    Now go one, pull the other one.

  7. JaitcH
    FAIL

    Snowden's leaks have done a lot of damage to the computer security industry

    Bullsh*t!

    Snowden hasn't damaged anything, all he has done is open the barn doors and let the sun shine in.

    If the computer security industry had done it's job properly, there would be nothing for Snowden to expose.

    Likewise with the NSA, if it had restrained itself to within reasonable limits the American public would likely support it.

    So quit blaming Snowden for suppliers/vendors shortcomings.

  8. Anonymous Coward
    Anonymous Coward

    "Not quite, say security godheads"

    Not quite, say security goatherds

    There, fixed it for you. ;)

  9. Anonymous Coward
    Anonymous Coward

    The spooks and flacks really do read El Reg!

    How flattering to see the disinfo "warriors" out in force and down voting my posts.

    Will you be "scrubbing" all those news articles as well?

    1. DF118

      Re: The spooks and flacks really do read El Reg!

      Yeah! Those evil downvoting G-men!

      1. Michael Wojcik Silver badge

        Re: The spooks and flacks really do read El Reg!

        Those evil downvoting G-men!

        Will they stop at nothing?!! Clearly we live in some authoritarian dystopia where secret government agents anonymously disseminate and reinforce official opinion through mild expressions of disapproval at the casual, ad hoc ramblings of online paranoics.

        It's like COINTELPRO all over again.

        They downvoted AC, and I did nothing, because they did not downvote me... WAKE UP PEOPLE SOON THEY WILL DOWNVOTE EVERYONE AND THEN OUR REG VOTING STATISTICS WILL BE RUBBISH.

  10. I. Aproveofitspendingonspecificprojects

    Government Agencies

    The Smithsonian uses an Adobe backend on its servers that is openly hostile to Linux (Try downoading the volcano database it offers for Excel users.) Am I wrong in supposing that the other agencies that have all gone that way or Googlified their sites are in fact doing it just to watch us?

    It was very strange that the Smithsonian ditched their text archive for a website that just didn't work. (Now it just doesn't work in Linux KDE (not sure what the other versions are like.)) Fancy them not keeping the viable one running during the switch!

    And you can't even copy and paste the address they give you as a non-link to complain through. Can you fathom it?

    Beats me.

    The British Meteorological&Climategate Office is also doing something similar but no doubt that is foist on them by GCHQ. Anyone know who is running ther software?

    I imagine they could do it in house if that was government policy. I assume they have tech people for writing code for their models.

  11. Fascist Nation
    Pirate

    How can you trust security?

    The problem is trust. We now KNOW the NSA has gone around and either strong armed or paid millions to major corporations as well as smaller app writers and Internet service providers to insert back doors for their access, turnover cryptographic algorithms, and record customer interactions for them.

    We KNOW the NIST developed AES is back door hacked by the NSA via the NIST warning AES is no longer reliable. Guess NIST did not get the memo to lie about AES along with the memo to lie about WTC7.

    We know that EVERY phone conversation is recorded, the ability to turn on all cell phone's microphones was hardwired via NSA into the GPS location chip installed in ALL cell phones sold in the USA. Even if the cell phone is turned off. Want to bet about the camera? We KNOW every keystroke going out on the Internet is intercepted.

    So a person and a business can do all sorts of things to try and dick with the man, but the bottom line in security is you just do not know if you have gone far enough. And you do not know if the NSA is selling your company secrets to the Chinese, Ben Bernanke or whomever their masters or buyers are. You simply cannot be certain. Ever. That much you KNOW.

This topic is closed for new posts.

Other stories you might like