General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsDear Stupid, Stupid NSA
http://readersupportednews.org/opinion2/424-national-security/19299-focus-dear-stupid-stupid-nsaIn other words, instead of just building a better lock pick, you are trying to make sure that all locks are faulty by design.
What is so jaw-droppingly idiotic about your actions is that you have not only subverted key elements of modern cryptography, but you have also appointed yourself as the guardian of the knowledge that the resulting vulnerabilities exist. And if your own security systems were up to the task, then those secrets wouldn't be sitting in the offices of the New York Times and ProPublica.
One must possess a Panglossian view on things to assume that Edward Snowden was the first person out of the many thousands in his position to make away with such material. He brought it to the public, and without that move there's a good chance you wouldn't have even known he took it. So who else has it? Bet you have no idea. So well done; you've probably put your own citizens at risk.
But let's ignore that distinct likelihood for a moment, and concentrate on the aftermath of Snowden's revelations.
If the first tranche of those revelations will hit the U.S. Web services and cloud economy hard-estimates vary as to how hard, and only time will tell-then the crypto scandal is going to do the same to the U.S. security industry. In fact, it's probably going to hurt more. Most people have too much invested in American Web services to pull out on short notice; it's relatively trivial in many cases to switch security services.
Katashi_itto
(10,175 posts)How can companies do business online when they know everything they do, that's propriety, is being collected and sold to the highest bidder. Why respect patents and such then?
Another reason EU is quietly looking at building a 2nd separate internet.
joshcryer
(62,270 posts)That's the eventual capitalist reality. You can't view content without being connected to a cloud allowing it. Microsoft tried this with the XBox One. The gaming community lost its collective shit over it (rightly so) and Microsoft backed down. Turns out their little Kinect device was going to spy on users on a 24/7 basis and make ads "interactive," so if you were watching an ad on TV the device would notice it, and put up some eye tracking stuff so you get interested, then you could, with other users watching the ad live, interact with the ad. It's like freaking mindgames times a million. Like all those flash ads that have mini-games? Only this would be on your TV and unskippable, unavoidable.
Microsoft didn't get to do that, yet, at least, as a full feature of their system, but it's the beginning and you can expect more and more devices to go in that direction at least until open source fixes the situation, which it will, it'll just be behind by a bit.
Katashi_itto
(10,175 posts)Wabbajack_
(1,300 posts)Interesting.
I'm tired of the copyright Nazis taking down videos and streams of things I want to see.
Katashi_itto
(10,175 posts)What is really interesting is EU is waking up to how much money can be made by having a separate, competing internet.
joshcryer
(62,270 posts)And that will allow services to continue to exist. Much like the ability to jailbreak our devices citizens will earn the right to be fully encrypted. That may come with a price, however, with an always online connected world.
KurtNYC
(14,549 posts)4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.
5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
dickthegrouch
(3,173 posts)In exactly the same way described here - porting the malware across to the air gapped system on a USB stick.
There is NO guarantee that there is no malware in any part of the updates or data or documents that you want to transfer.
joshcryer
(62,270 posts)It's the core where they then decide who to attack and where. They may have a whole crap load of software vulnerabilities stacked up, but they're not going out and attacking everyone because the virus companies and the hackers would find that, very very quickly. The NSA is very likely making custom payloads for each and every legitimate target, otherwise their entire operation gets cracked open within days.
With a fully encrypted networking grid it will be impossible to tell who's IP belongs to who, and where a message originated. We're talking several levels and rounds of encryption, obfuscation, and network pathing. From an outside observer grabbing data from a thousand network switches it would just look like random data, static, there would be nothing, absolutely no sign of any data actually being transferred everywhere. That's what a fully encrypted grid looks like.
Jerry442
(1,265 posts)"... and without that move there's a good chance you wouldn't have even known he took it."
Exactly. How many dozens (hundreds?) of Snowdens are out there with motives other than informing the public?
MisterP
(23,730 posts)randome
(34,845 posts)Do we really want the darker side of human nature -child pornographers, money launderers, human trafficking, drug cartels- to have a way to hide their activities from legally issued warrants?
Is it the contention that if it's in some type of code, prosecutors should simply toss the evidence?
[hr][font color="blue"][center]You should never stop having childhood dreams.[/center][/font][hr]
dickthegrouch
(3,173 posts)Put us all into a Catch-22 situation with respect to encrypted data.
It is now an offense (at least in the UK, and maybe in the US by now) not to provide the keys (even if you've genuinely forgotten them). Even though they have no concrete evidence Silence in this case can be tantamount to self conviction.
All the "best" law makes it so that you're damned if you do and damned if you don't (just think back to Salem Witch trials, it's no different today).