She said that she had been advised that the hard drive contains “approximately 58,000 U.K. documents which are highly classified in nature, to the highest level.”
Goode said the process to decode the material was complex and that “so far only 75 documents have been reconstructed since the property was initially received.”
There can be no realistic expectation of privacy in today's world. A longing for it, perhaps, but not a reasonable expectation of it.-kyrathaba (August 31, 2013, 03:31 PM)
The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
Every other article about NSA and privacy issues has a line like 'restricted to those cleared' yet Snowden and whoever else were just able to look at it, walk out with it and reveal it.-rgdot (September 06, 2013, 08:19 AM)
Every other article about NSA and privacy issues has a line like 'restricted to those cleared' yet Snowden and whoever else were just able to look at it, walk out with it and reveal it.-rgdot (September 06, 2013, 08:19 AM)
That's one of the perks when you have sysadmin privileges. It's good to be root.-Renegade (September 06, 2013, 08:32 AM)
NSA, GCHQ Admit That The Public Is The Enemy
from the civil-war dept
Yet another point on the latest NSA/GCHQ revelations concerning backdoors into all sorts of commercial encryption tools, buried within the stories is the pretty clear admission that the NSA and GCHQ views the public as the enemy. First, as Marcy Wheeler points out, all of the programs are named after civil war battles in which the same country's own citizens were seen as the enemy:
The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of American Civil War battles. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century.
Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”
But it actually goes even further than that. As the Guardian report notes, in one of the documents, the public is flat out named as the "adversary."
Among other things, the program is designed to "insert vulnerabilities into commercial encryption systems". These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as "adversaries".
Kind of says it all, doesn't it? For all the bullshit coming out of the administration and the defenders of this program that they're about protecting the safety of Americans, that's clearly not the overall intent. It's to compromise the privacy of everyone.
It's as if in our analysis of this situation we are subconsciously influenced by Hollywood plots.-rgdot (September 06, 2013, 10:45 AM)
^I don't think it's a matter of our government intel community and the Executive Branch "going beyond" anything any more. I think it's reached the point where we're now in the first phase of an undeclared and ongoing war against the people of the United States by a relatively small cabal within our own government.-40hz (September 06, 2013, 10:15 AM)
doesn't the US have some sort of paper and isn't there some sort of vague provision in there for an individuals right to a private life?-Carol Haynes (September 06, 2013, 11:15 AM)
I am The Other.
No, not from Game of Thrones.
I mean I am the "other" contemptuously categorized by my government, a vast category of people with an interest in using encrypted communications to thwart my government's attempt to spy on me.
doesn't the US have some sort of paper and isn't there some sort of vague provision in there for an individuals right to a private life?-Carol Haynes (September 06, 2013, 11:15 AM)
While this was for some time a popularly held belief, it is no longer possible to confirm existence of said verbiage as that section was rendered illegible when someone wiped their ass with said document. Hence the prevailing wisdom of our time now holds this as a myth.-Stoic Joker (September 06, 2013, 01:00 PM)
apparently GCHQ have a similar project (though given the UK don't seem to be able to set up any government IT systems that aren't obsolete before they get them working I am not losing any sleep).-Carol Haynes (September 06, 2013, 11:15 AM)
I'd say the most positive aspect of this whole affair is that it should lead to big improvements in encryption in the future.-xtabber (September 06, 2013, 06:22 PM)
Matthew Green is a cryptography researcher at Johns Hopkins University. His blog post On the NSA (http://blog.cryptographyengineering.com/2013/09/on-nsa.html) was taken down by the university, then restored, with only an image of the official NSA logo deleted, after the initial removal caused an uproar in some circles.
Green provides a useful perspective on the NSA's activities in subverting encryption, from someone who really does understand the topic, about what MAY (remember - that information is classified) have happened and what it would mean if it in fact HAS happened.-xtabber (September 11, 2013, 07:51 AM)
Which means there's a circumstantial case that the NSA and GCHQ are either directly accessing Certificate Authority keys** or else actively stealing keys from US providers, possibly (or probably) without executives' knowledge.
Matthew Green is a cryptography researcher at Johns Hopkins University. His blog post On the NSA (http://blog.cryptographyengineering.com/2013/09/on-nsa.html) was taken down by the university, then restored, with only an image of the official NSA logo deleted, after the initial removal caused an uproar in some circles.
Green provides a useful perspective on the NSA's activities in subverting encryption, from someone who really does understand the topic, about what MAY (remember - that information is classified) have happened and what it would mean if it in fact HAS happened.-xtabber (September 11, 2013, 07:51 AM)
47 minute audio interview (Fresh Air on NPR) with Washington Post's Barton Gellman on Snowden NSA leaks.
http://www.npr.org/2013/09/11/221359323/reporter-had-to-decide-if-snowden-leaks-were-the-real-thing-mouser (September 12, 2013, 02:19 PM)
^That Fresh Air interview of Gellman is definitely worth listening to in its entirety. :Thmbsup:-40hz (September 12, 2013, 03:34 PM)
47 minute audio interview (Fresh Air on NPR) with Washington Post's Barton Gellman on Snowden NSA leaks.
http://www.npr.org/2013/09/11/221359323/reporter-had-to-decide-if-snowden-leaks-were-the-real-thing-mouser (September 12, 2013, 02:19 PM)
I listen to enough NPR on the radio in the car, and it's rarely anything other than what it is - state funded news. The highlights all seem to aim at damage control.-Renegade (September 12, 2013, 07:04 PM)
That's rather funny since that's pretty much what the arch conservatives, the religious right-wingers, the political lunatic fringe and their ilk invariably say about NPR whenever it doesn't cover or tell a news story the way they think it should.
;D :P-40hz (September 13, 2013, 04:40 AM)
None of that sounds like state sponsored propaganda to me.-40hz (September 13, 2013, 01:52 PM)
If it were, the interviewer would have attempted to make Gellman look like a ring-tailed baboon with rapid-fire leading questions and inference tossing like the neo-con talk show hosts so love to do.-40hz (September 13, 2013, 01:52 PM)
The neutral tone of NPR is a refreshing departure from the utter drivel and gnashing of teeth that you get in the MSM, but it's still state run media.-Renegade (September 13, 2013, 09:04 PM)
I don't know why people always go on about the "neo-con talk show hosts" being douches. Sure, Rush Limbaugh has a solid douchebaggery score. So do other right-aligned commentators. But why does nobody ever point out the douchebaggery of the left-aligned commentators?
The neutral tone of NPR is a refreshing departure from the utter drivel and gnashing of teeth that you get in the MSM, but it's still state run media.-Renegade (September 13, 2013, 09:04 PM)
It's not. You really need to spend a little more time in the USA to understand how things actually work here, as opposed to 'just knowing' how they do. :-\ :P-40hz (September 14, 2013, 01:45 PM)
The NSA has forged web security certificates. What’s worse, we knew that they could, and we still trusted certificate-based web security. Web security as we know it is dead and worthless – worse than worthless, even – and must be rebuilt from the ground up.
When you are going to a website that bills itself as secure, it uses a so-called “security certificate”. Such certificates on the web serve two purposes. One, they encrypt the session between your computer and the web server, so nobody else can listen in, and two, they identify the web server you are talking to and tell you whose web server it is. When you log onto your bank, you will see a little padlock next to the bank’s name in the address bar. The NSA and their ilk have effectively negated both of these security mechanisms.
This makes today’s Web security worse than worthless. It is not just worthless, as in not providing the claimed security whatsoever; it is worse than worthless, as it provides people at large with a thoroughly false sense of security. It’s like if all the front door locks in the world were dead easy to open for somebody who knew the magic word. Unless this lack of security is well understood – and being a technical issue, it won’t – people will keep thinking they’re secure. That’s horrible, frankly.
...
Many certificate suppliers are based in the USA. This, combined with the infamous National Security Letters (NSLs) that the U.S. Congress has created, is a death knell. There is nothing stopping the NSA from issuing such a letter compelling Verisign or any other U.S.-based certificate authority to issue a forged certificate to the NSA, and be forced by law to not tell anybody about it.
The mere possibility of this happening is enough to declare certificate-based web security stone dead as a technology – but we know now that the NSA has already used forged certificates to impersonate Google. That’s extra damning. Let’s take that again: the NSA forced web traffic intended for Google’s servers to take a route through the NSA’s servers, where the NSA presented themselves as Google and were able to wiretap traffic intended for Google’s servers, negating both functions of certificate-based security.
FLYING PIG: The NSA Is Running Man In The Middle Attacks Imitating Google's Servers
Glyn mentioned this in his post yesterday about the NSA leaks showing direct economic espionage, but with so many other important points in that story, it got a little buried. One of the key revelations was about a program called "FLYING PIG" which is the first time I can recall it being clearly stated that the NSA has been running man-in-the-middle attacks on internet services like Google. This slide makes it quite clear that the NSA impersonates Google servers:
3.4. Kleptography
Kleptography is persuading the party to be intercepted to use a form
of cryptography that the attacker knows they can break. Real life
examples of kleptography include the British government encouraging
the continued use of Enigma type cryptography machines by British
colonies after World War II and the requirement that early export
versions of Netscape Navigator and Internet Explorer use 40 bit
symmetric keys.