Digital Black-Bag Ops:
December 30, 2013 9:50 AM Subscribe

Der Spiegel reports on the NSA's "plumbers" at the Office of Tailored Access Operations, who collect and deploy exploits to infiltrate computers and even redirect shipments so they can install malware and hardware backdoors on electronics ordered by those they are targeting. Jacob Appelbaum [AKA ioerror] reports on the NSA's 'catalog', which ranges from $30 monitor cables that send back screenshots, to exploits for network security hardware from Cisco and Huawei, to backdoored BIOS code and firmware for all major hard drive manucfacturers. While some of the NSA's malware requires physical access or proximity, much of it is remotely installable over the Internet.

At the 30c3 conference in Hamburg, Appelbaum gives an in-depth talk about the NSA's Tailored Access Operations hacking activities and its 'interdiction' process, whereby computers are tampered with during shipping or as part of a 'black-bag' operation. Appelbaum, a Wikileaks affiliate who has reported on documents leaked by Edward Snowden, has been personally targeted by such operations, as have his family members.
posted by anemone of the state (195 comments total) 84 users marked this as a favorite

Read a couple of these links earlier today; great summary post.

Also and at last this should finally put to bed any idea of developing secure communications networks via encryption (or any other technological solution) and bring the actual issue of privacy as a human right to the fore.

They for whatever values of "they" you want to presume will always be one step ahead of any but a legal solution.
posted by digitalprimate at 9:56 AM on December 30, 2013 [11 favorites]

If you were heading up a spy agency and had these tools at your disposal, and if you considered yourself to be above the law, how might you use that capability?

You might already be owned.
posted by anemone of the state at 10:00 AM on December 30, 2013

NSA slide boasts 100% success rate with DROPOUTJEEP iPhone exploit.
posted by anemone of the state at 10:02 AM on December 30, 2013 [4 favorites]

The Der Speigel article reads a bit like "People who conduct cyberwarfare will have tools for conducting cyberwarfare." Which is very freaky & all, but more points to the aptness of digitalprimate's comment.
posted by Going To Maine at 10:05 AM on December 30, 2013 [1 favorite]

This is again truly horrifying.

For a look into how delusional the NSA supporters are in claiming this brings about meaningful results within judicial guidelines (and some wonderful retorts by an ex-FBI and ACLU lawyer), check out this debate on your drive home.

That's a link to a podcast of a great Intelligence Squared debate.
posted by glaucon at 10:07 AM on December 30, 2013 [2 favorites]

On hearing about the plumbers and hardware interception, I was immediately reminded of the scene from "The Lives of Others", where the reforming-antagonist is using steam to open the post of the citizenry.
posted by Slackermagee at 10:08 AM on December 30, 2013 [3 favorites]

Since this latest NSA story broke, the New York Times has said nothing about it.
posted by Auden at 10:15 AM on December 30, 2013 [8 favorites]

They for whatever values of "they" you want to presume will always be one step ahead of any but a legal solution.

There's no technological way to beat them and they believe they're above the law and lie to lawmakers. Depressing but true.
posted by immlass at 10:19 AM on December 30, 2013 [2 favorites]

I like to save taxpayer dollars by mailing my passwords directly to the NSA.
posted by It's Raining Florence Henderson at 10:20 AM on December 30, 2013 [13 favorites]

jcreigh: "It irks me to have my democracy subverted by people who are so bad at coming up with code names."

Code names aren't supposed to be relevant. If they were they wouldn't be very good code.
posted by Mitheral at 10:24 AM on December 30, 2013 [5 favorites]

I also like to mail the NSA whenever I'm about to take a bowel movement or trim my nails or excess body hair. I figure the only real chance for privacy anymore is in getting added to the NSA's SPAMFilter.
posted by It's Raining Florence Henderson at 10:26 AM on December 30, 2013 [4 favorites]

Privacy is gone, and it won't be coming back. If this NSA malfeasance hadn't come to light and killed it quickly and cleanly, than it would have been eroded over time regardless by the social media oversharing panopticon. I'm hopeful, honestly, that some kind of new paradigm will emerge that will supersede the notion of privacy entirely. People will look back and wonder why we thought we had anything to hide, because norms will change in such a way that nothing will seem worth hiding.
posted by adecusatis at 10:27 AM on December 30, 2013

All the product data sheets are available here.

A select few:
DEITYBOUNCE Dell PowerEdge BIOS malware
IRONCHEF BIOS implant to talk to hardware implant that jumps airgaps
SOMBERKNAVE Covertly turns on Wifi card to call home
DROPOUTJEEP 100% successful iPhone exploit
SPARROW II Wifi collection system for use in a UAV
GENESIS Covert SIGINT Transciever (looks like a phone)
posted by anemone of the state at 10:28 AM on December 30, 2013 [12 favorites]

So correct me if I'm wrong, but it sounds like these are all techniques, as opposed to operations. HOW they spy hasn't really been the issue, but on WHOM they spy, right?

Snowden has been trying to gain immunity in the US in exchange for a stop to the leaks. At what point does he run out of proof-of-abuse leaks and start sharing just any leaks? At what point does his motive switch from ending the abuse to winning immunity back home?
posted by cman at 10:33 AM on December 30, 2013 [1 favorite]

People will look back and wonder why we thought we had anything to hide, because norms will change in such a way that nothing will seem worth hiding.

Tell that to Syria's pro-democracy activists. Or non-profit watchdogs fighting corporate crime. Or anyone challenging economic and political elites in 2013.

Jaw-droppingly naive.
posted by ryanshepard at 10:37 AM on December 30, 2013 [39 favorites]

what we really need is a big case where anon releases the code so that anyone can open anyone else's computers. Forget credit card numbers, that's what will really motivate people to change.
posted by rebent at 10:40 AM on December 30, 2013 [2 favorites]

what is cman categorically, hands-down wrong about?

Snowden offering to 'stop leaks' in exchange for immunity, and the leaks being about anything other than exposing abuse.
posted by anemone of the state at 10:41 AM on December 30, 2013 [9 favorites]

It irks me to have my democracy subverted by people who are so bad at coming up with code names.

During World War II, the Nazis were working on some kind of proto-radar navigation system that only used ONE radar beam instead of three or whatever, and they thought PROJECT WOTAN would be a totally badass name for a one-station radar thing, because the god Wotan (aka Odin) has one eye, get it? Except that the British kept decoding all these messages like RADAR PROJECT WOTAN IS ALMOST OPERATIONAL, MEIN FUHRER and correctly guessed the cute Norse mythology reference like a movie computer hacker figuring out that the password is the name of the CEO's daughter! And that's why code names are crazy made up bullshit.
posted by theodolite at 10:41 AM on December 30, 2013 [31 favorites]

It'a a variant of the poor password selection problem. For example WWII Air and Army ENIGMA operators selected their own 6 character keys. This was of benifit to allied codebreakers because the operators would use celebity names and obscenities for the key which massively reduced the key space. Naval operators had to use a preplanned rotation making it much harder on the codebreakers.
posted by Mitheral at 10:50 AM on December 30, 2013 [3 favorites]

however the British also thought "Tube Alloys" was a fiendishly brilliant code for nuclear materials, and throughout the war nuclear scientists referred to plutonium as "copper" and U-235 as "magnesium," leading to transparently goofy messages like "On the basis of the present data, it appears that the explosive units of COPPER need be only half the size of those using MAGNESIUM"
posted by theodolite at 10:52 AM on December 30, 2013 [1 favorite]

Snowden offering to 'stop leaks' in exchange for immunity, and the leaks being about anything other than exposing abuse.

This leak doesn't seem to expose any abuses. It exposes some tools in the NSA's box but doesn't say that the NSA targeted anyone that they shouldn't have targeted or otherwise exceeded their charter. That's an old line around here, but from a theoretical standpoint this all seems to be tired news. (I mean, if this was the first time we'd all learned that stuxnet existed, okay, but it isn't.)
posted by Going To Maine at 10:54 AM on December 30, 2013

Code names aren't supposed to be relevant. If they were they wouldn't be very good code.

Understood, but this seems almost gleefully over-the-top. Assuming they didn't have a rogue employee give out the information, these would all simply be internal codenames, right? Looking at the iPhone malware description the one thing that gives me heart as a programmer is that 6 months from now some poor fucker is going to have to do some maintenance on that software. Finding that "DROPOUTJEEP is a STRAITBIZARRE based software implant . . . [that] uses the CHIMNEYPOOL framework . . . compliant with the FREEFLOW project" in the documentation is going to cause them to give up and decide to scrap DROPOUTJEEP to work on a gold-plated 2.0 version that will never get finished.

The descriptions read like a comedy skit of white nerds talking PLAYA. It makes my eyes hurt. I smell an international conspiracy of JUGGALOS.
posted by yerfatma at 10:57 AM on December 30, 2013 [8 favorites]

Going to Maine: Watch the video. Read the articles.
The fact that the NSA has completely undermined network security hardware, instead of working to close the backdoors, is terrifying. Because of this, people can no longer trust American-made technology. And do you not think these holes will be found by other people, and used by other repressive regimes? The Firefox 0-day deployed against Freedom Hosting was snapped up by the Syrian regime to discover dissidents using TOR.
posted by anemone of the state at 11:02 AM on December 30, 2013 [22 favorites]

This leak doesn't seem to expose any abuses.

Undermining trust in American IT and related industries is already costing the US economy billions of dollars. US-based cloud and hardware firms are poised to lose billons more in the near future.

It's not tired news - it is, as Appelbaum et al point out, more damning, potentially economic catastrophic proof that, "US intelligence . . . is compromising the technology and products of American companies."
posted by ryanshepard at 11:03 AM on December 30, 2013 [25 favorites]

A year ago if I had read something like this, I'd be muttering about tinfoil hats. Now I take it seriously. A lot's changed, hasn't it?
posted by Chocolate Pickle at 11:11 AM on December 30, 2013 [9 favorites]

I'm hopeful, honestly, that some kind of new paradigm will emerge that will supersede the notion of privacy entirely. People will look back and wonder why we thought we had anything to hide, because norms will change in such a way that nothing will seem worth hiding.

You don't understand what privacy's psychological, social and cultural function is, then, if this is your view. Privacy is not just or even primarily about hiding bad things, it's about having clean social and cultural divisions between public performance and private mental and functional space. We use private space not just to hide things we don't want people to know for ethical reasons, but to experiment with and develop complex ideas and to reflect on and develop aspects of our interior lives that are not merely public performance. We depend at a fundamental psychological level on being able to keep those boundaries intact, and the operation of businesses also depend on privacy. It is impossible for human beings to develop personal character or integrity in the traditional sense without privacy.

To applaud the destruction of the concept of privacy is to applaud the annihilation of individuality and freedom in its entirety. People need private space to be able to work without interference or judgment for so many different reasons that have absolutely nothing to do with "hiding" things from others. Privacy is a lot more complicated and important than those who view it as being all about "having things to hide" seem willing to understand or acknowledge.
posted by saulgoodman at 11:17 AM on December 30, 2013 [212 favorites]

Also, privacy isn't just a way for me to hide myself from you. It is also a way for me to hide yourself from me.
posted by It's Raining Florence Henderson at 11:25 AM on December 30, 2013 [16 favorites]

(A possibly useful analogy to clarify my views above about privacy: It's kind of like how object oriented programming languages derive real formal power from information hiding and encapsulation. Privacy is about establishing and preserving public/private boundaries that are functionally useful and beneficial to society, not just about giving people space to hide nasty secrets.)
posted by saulgoodman at 11:27 AM on December 30, 2013 [8 favorites]

So, we talk of "US-based hardware firms"; is there anywhere outside of the US to source a laptop or a router that a non-EE can know is not pre-compromised?
posted by sandettie light vessel automatic at 11:30 AM on December 30, 2013

So under the auspices of "fighting terror", the NSA and friends have singlehandledly destroyed the American technology industry?
posted by Lord_Pall at 11:35 AM on December 30, 2013 [11 favorites]

Glenn Greenwald: The NSA Can "Literally Watch Every Keystroke You Make"
posted by anemone of the state at 11:36 AM on December 30, 2013 [3 favorites]

Luckily my keystrokes are pretty boring, but it's still shitty and undemocratic of them. It's ironic, but also kind of sad, that what seems to finally be getting some traction is the very real and very large cost this is going to have on the American economy. Destroying the village in order to save it, indeed.
posted by Dip Flash at 11:40 AM on December 30, 2013

If this is true, I would have expected the whole establishment to have been binned by the congress-critters sitting on the relevant districts. It is true, it hasn't been binned, and there's a sort of creeping terror about why that is.
posted by Slackermagee at 11:41 AM on December 30, 2013 [3 favorites]

Undermining trust in American IT and related industries is already costing the US economy billions of dollars. US-based cloud and hardware firms are poised to lose billons more in the near future.

First, that's a drop in the bucket for an economy with 15 trillion GDP. Second, not everyone will look at it as a bad thing that when the US hegemonic dominance of IT ends. Third, this means alternative tech industries less susceptible to NSA spying will develop, which is a good thing in the long run.

It is impossible for human beings to develop personal character or integrity in the traditional sense without privacy.

Uh, I don't know about that. Wouldn't this mean that places with less privacy would have more problems with lying or even crime? This doesn't seem to be true, at least in the cases of comparing like a densely urbanized places in Japan vs. the United States for example.
posted by FJT at 11:41 AM on December 30, 2013

So under the auspices of "fighting terror", the NSA and friends have singlehandledly destroyed the American technology industry?

My guess is no. Average consumers will most likely ignore this completely, so there will be no reason for anything to change. If the past is any measure.
posted by It's Raining Florence Henderson at 11:42 AM on December 30, 2013 [1 favorite]

It is impossible for human beings to develop personal character or integrity in the traditional sense without privacy.

To applaud the destruction of the concept of privacy is to applaud the annihilation of individuality and freedom in its entirety. People need private space to be able to work without interference or judgment for so many different reasons that have absolutely nothing to do with "hiding" things from others. Privacy is a lot more complicated and important than those who view it as being all about "having things to hide" seem willing to understand or acknowledge.

"Privacy" is not some universal objective constant. Ideas about what is appropriate regarding privacy vary enormously across culture and time. What we consider sacrosanct regarding privacy today might seem baffling or shocking to someone in 16th century China. Even today societies differ vastly on what "privacy" means.

It's not unreasonable, and is in fact likely, that future ideas of what privacy should be, even in the same societies, will be different than what they are now. I'm 29 and what people my sister's age (25) and younger seem comfortable with in terms of privacy are truly bizarre to me already. I do think in a few decades what we think of as absolutely private and personal will seem hopelessly quaint and outdated.

It may come to be that the line of what is considered public and private in the future will be so blurry as to seem non-existent from our current POV.
posted by Sangermaine at 11:44 AM on December 30, 2013 [2 favorites]

Uh, I don't know about that.

"Personal Character" is traditionally defined more or less as how one behaves in private as opposed to in public performances. If every human act becomes a public performance, there can't be any such thing as personal character or individual identity left. Psychologists have long maintained that the keeping of secrets is one of the first necessary steps toward the development of a healthy personal identity.

Uh, I don't know about that. Wouldn't this mean that places with less privacy would have more problems with lying or even crime?

Not at all. It would just mean individuals in those less private society would be less capable of thinking creatively and individually, and would tend be more culturally homogeneous. Also, more conventional and less able to behave in ways that violate received norms.
posted by saulgoodman at 11:49 AM on December 30, 2013 [12 favorites]

Privacy" is not some universal objective constant. Ideas about what is appropriate regarding privacy vary enormously across culture and time.

Yes, but the psychological importance of privacy is well-established. If the idea is that it would be better for everyone if people could never have secrets or private lives, which is definitely an attitude one encounters now from time to time (and in the original comment I was responding to), that's absolutely a wrong and dangerous way to think.
posted by saulgoodman at 11:55 AM on December 30, 2013 [4 favorites]

It irks me to have my democracy subverted by people who are so bad at coming up with code names.

Actually, they're good at it. The code name should tell you nothing about what the actual object does. The TL;DR version of a previous comment -- the Germans codenamed a guidance system "Wotan", the Brits, knowing Wotan was Odin in German, and Odin had one eye, guessed that it was a guidance system that used only one radio beam. They were right, and they were able to jam it from day one.

Most likely, there is literally a "jam two random words" generator program, and when you need a codename, you call the desk, they run the thing and tell you that yes, your new Android root kit is called BLUEPEPSI.

RAGEMASTER is probably just luck -- just as "Black Maria" was when it was issued as a code name in the UK. (UK codes were Color of the Day / Random Word)
posted by eriko at 12:07 PM on December 30, 2013 [2 favorites]

Yes, but the psychological importance of privacy is well-established.

This still misses the point. Privacy is psychologically important, but what privacy is can be very, very different to different people and societies.

If the idea is that it would be better for everyone if people could never have secrets or private lives, which is definitely an attitude one encounters now from time to time (and in the original comment I was responding to), that's absolutely a wrong and dangerous way to think.

I never said it would be better or that that's what it should be. It just seems to me that your posts are based on an assumption that the idea of privacy is the same everywhere, when that is demonstrably not true. People across time, across the world, even across the same society today have different ideas of what having "secrets or private lives" means, and they aren't insane or stupid or uncreative mindless drones.

To me this is the biggest failing of the privacy movement: the inability to deal with this concept and arguing from some absolute position. What younger people in the US right now are comfortable having public is different than what was the social norm even 15 years ago, and haranguing them about a perceived loss of privacy is going to fail. Similarly, people in the US seem a lot more comfortable with the NSA surveillance than, say, those in Germany.

Instead of talking about the loss of the Platonic ideal of privacy, you have to engage each group on its own terms and explain to them why you think this is an issue. And "it's so obvious, can't you see!" is not generally a winning tactic when changing minds.
posted by Sangermaine at 12:12 PM on December 30, 2013 [7 favorites]

Does the NSA have a tool available to search the last decade of my post and e-mail history, webwide, so that I can compile I list of people who accused me of tinfoilery over the years?

Because then I can at least enjoy a little smug superiority before sinking back into the usual hopelessness.

Codename TOLDYOUSO/STILLSCREWED.
posted by rokusan at 12:16 PM on December 30, 2013 [7 favorites]

They do have that tool, rokusan, but only if you upgrade to Citizen Prime.
posted by It's Raining Florence Henderson at 12:19 PM on December 30, 2013 [9 favorites]

Does anyone think that they wouldn't have a dossier on each of the members of the Senate Select Committee on Intelligence? It doesn't take much of a scandal to sink a political candidate these days, even an incumbent. All it takes is one, and the rest will fall in line. -- leotrotsky

I think about this sometimes, and it would certainly explain why Congress has been so uniformly complicit for decades, occasional empty squawking notwithstanding. And the image of any new President receiving a first secret briefing (wherein Intelligence explains how things are really going to work around here) is certainly a sexy one.

But the problem with this theory is that no politician has yet spilled any beans or fessed up, even after retiring. Not even in any form of deathbed confession. One would think that of the thousand plus recent members of Congress, there'd be a few with a still-functioning guilt gland, secreting just enough remorse to do something about it, if only after the fact.

More likely what's in play is just a chilling effect. They have not been contacted or threatened directly by anyone in Intelligence. But they know some of what Intelligence is capable of, and fear (correctly) that there's much more they're capable of as well. So they just play along, protecting their own still-secret skeletons in the process, since that seems to keep the ship on course and moving forward.

(For some values of 'forward', yes.)
posted by rokusan at 12:23 PM on December 30, 2013 [3 favorites]

Privacy is psychologically important, but what privacy is can be very, very different to different people and societies.

My comment was addressing a comment that specifically labeled "privacy" in the most abstract sense a bad and looked forward to a golden age of humanity in which no such expectation exists in any form (and I suppose we're all content to be part of an enormous undifferentiated ego mass). It would take a much more involved discussion to make any sense of the more nuanced cases you're interested in discussing, and that might be an interesting topic, but it's the more fundamental, less nuanced view as expressed up-thread that I'm criticizing, and going further is way beyond the scope of an informal internet exchange.

What younger people in the US right now are comfortable having public is different than what was the social norm even 15 years ago,

Your presuming all cultural change is beneficial and should be embraced. History and basic good sense warn otherwise. Yes, there are lots of options, but the broader conversation on these topics isn't even remotely close to that level of refinement. Instead its just lazy generalizations about very complex subjects.
posted by saulgoodman at 12:23 PM on December 30, 2013 [2 favorites]

Or tl;dr from my original comment: 'Privacy is a lot more complicated and important than those who view it as being all about "having things to hide" seem willing to understand or acknowledge.'
posted by saulgoodman at 12:25 PM on December 30, 2013 [1 favorite]

Instead its just lazy generalizations about very complex subjects.

It would just mean individuals in those less private society would be less capable of thinking creatively and individually, and would tend be more culturally homogeneous. Also, more conventional and less able to behave in ways that violate received norms.

...
posted by Sangermaine at 12:26 PM on December 30, 2013

To me this is the biggest failing of the privacy movement: the inability to deal with this concept and arguing from some absolute position. What younger people in the US right now are comfortable having public is different than what was the social norm even 15 years ago, and haranguing them about a perceived loss of privacy is going to fail.

What people choose to reveal is their own business and quite different from a surveillance imposed by the state. I think it's disingenuous to suggest otherwise. "My kids text their friends about embarrassing stuff" is not equivalent to "It's ok for the government to read everything I write or record everything I do." If you feel like "the privacy movement" has been remiss in not explaining this to you clearly or convincingly enough, well, I don't even know how to respond to that. Fundamentally there is no 'privacy movement' - these are rights we all have and they're being taken from us. Some people seem only to comprehend the value of something if there's a price tag on it.
posted by newdaddy at 12:26 PM on December 30, 2013 [18 favorites]

What younger people in the US right now are comfortable having public is different than what was the social norm even 15 years ago.

I don't love citing young people's poor judgment as some indicator of a new social norm. Young people have always been reckless: why is their rashness now seen as a valid, weighed decision-making process?

As teenagers, we were probably all quite certain we wanted everyone to know all about us, not to mention our thoughts, dreams, fears and all the other unique flaky-snowed problems we faced. But as adults, how do we usually feel about those earlier beliefs and expressions?

I think that until these younger 'share everything' people reach middle age and have histories, careers and families of their own, we won't really see how "comfortable" they are having grown up in such an age.
posted by rokusan at 12:30 PM on December 30, 2013 [7 favorites]

The fact that the NSA has completely undermined network security hardware, instead of working to close the backdoors, is terrifying.

Closing backdoors isn't the NSA's job, as much as folks would like it to be. Schneier touched on this in his article on reforming the NSA. It's an organization with two missions in tension. But its job isn't to release a list of patches to hardware manufacturers.

Undermining trust in American IT and related industries is already costing the US economy billions of dollars. US-based cloud and hardware firms are poised to lose billons more in the near future.

That particular article about the Saab beating Boeing is pretty limp - it reads as if the Times wants you to think that the NSA stuff factored in, but every expert to whom they spoke disagreed. That said, I'd absolutely agree that the NSA equipment revelations are having an impact on trust & will no doubt impact business. There's a line here between "undermining trust", "abuse", and "illegality". Snowden's revelations are interesting to me if they expose some kind of particular crime, and in general they haven't. They are certainly newsworthy, and have pushed the conversation about what the NSA should be allowed to do, but that is a different class of thing.

So under the auspices of "fighting terror", the NSA and friends have singlehandledly destroyed the American technology industry?

My guess is no. Average consumers will most likely ignore this completely, so there will be no reason for anything to change. If the past is any measure.

Cory Doctorow had an editorial in the Guardian in which he argued that "we have finally attained Peak Indifference to Surveillance". You can either read as a battle cry or as a man throwing up his hands in frustration. He also links to a pew study that found that "some 68% of internet users believe current laws are not good enough in protecting people’s privacy online and 24% believe current laws provide reasonable protections," which might give heart to those in the first camp.
posted by Going To Maine at 12:30 PM on December 30, 2013

Assuming they didn't have a rogue employee give out the information, these would all simply be internal codenames, right?

Not necessarily. Here is an old job posting for a software engineer, for DROPOUTJEEP or a closely related project.

Description
Come join Base2 Engineering, LLC, formed to be the premier provider of high-end engineering products, software and services for Government and Commercial clients and their suppliers

Base2 is currently looking for a talented Mid/Senior Software Engineer with the following experience:

Desired Skills: (In addition to required skills listed below):

Experience with POPROCKS
Experience with STRAITBIZARRE
Experience with cellular protocols (GSM or UMTS)
Required Skills:

C/C++ Developer for Linus
Experience with CHIMNEYPOOL

Position Requirements
BSEE or BSCS required
C/C++ Developer for Linus
Experience with CHIMNEYPOOL

Must be fully cleared

And here is a current one for an Android-project that, judging by the requirements, is pretty similar.

Position Requirements
Prior experience with analysis of digitized RF data (e.g. MATLAB or XMIDAS)
Prior experience with reverse engineering of Android firmware
Knowledge of internet protocols for data transfer
Good oral communications skills
Candidate must be fully cleared

It seems Base2 Engineering has been contracted to build at least some of these systems.
posted by Authorized User at 12:35 PM on December 30, 2013 [4 favorites]

Sangermaine: Fine, I'll cop to that being a generalization, but I meant it to be a bit more speculative. Point being, of course you probably wouldn't see more nonconformity in a society in which development of an individual identity is discouraged. Sure, it's more complicated than that, but it seems a likelier state of affairs as a lazy inference than there being more crime/less social stability as a result of people having less well-developed senses of personal identity. The real point is we aren't even engaging with the real issues about privacy; the public debate is just about sloganeering and manipulating people's sense of shame.
posted by saulgoodman at 12:35 PM on December 30, 2013

Now that I think about it, there's an investment opportunity.

Fuck carbonite or Time Machine. NSA can hook you up with anything you might've lost over the past 10 years or so.

Just needs to be cheaper than glacier recovery.
posted by Lord_Pall at 12:35 PM on December 30, 2013

To me this is the biggest failing of the privacy movement

Wait, what? Privacy Movement? Since when was there a privacy movement? This is tacking on a term which is subtly (or maybe not so subtle) perforative and completely out of line; there is no such movement. There are people which are concerned about the erosion of privacy. Those people have very widespread concerns, with equally widespread remedies, and to throw them all into a "movement" bin is ludicrous.

In other comments, this idea that hey, privacy is seriously threatened so we should all lie down with the sheep and let the wolves have at it seriously baffles me.
posted by Bovine Love at 12:36 PM on December 30, 2013 [5 favorites]

On the plus side, next time a right-winger claims Government agencies are incompetent buffoons, you can point at the NSA: Government is perfectly able to be effective, innovative and world-class if it has the funding, direction and autonomy. (I'm not being funny: right-wing relatives on Facebook both complain about state incompetence and NSA competence...)
posted by alasdair at 12:36 PM on December 30, 2013 [1 favorite]

Privacy is psychologically important, but what privacy is can be very, very different to different people and societies.

Sure, through most of our existence, humans have lived in communal dwellings where they've eaten, slept and screwed with sight of each other but that's not the issue at all
This is about the surreptitious monitoring of personal activity. The people doing it have placed themselves outside of any legal controls.
posted by bonobothegreat at 12:37 PM on December 30, 2013 [6 favorites]

So, we talk of "US-based hardware firms"; is there anywhere outside of the US to source a laptop or a router that a non-EE can know is not pre-compromised?

HALLUXWATER is a back door for [Chinese manufacturer] Huawei Eudemon firewalls in the form of a software implant hidden in the boot ROM. Huawei is one of the largest producers of networking hardware worldwide. During the second quarter of 2013, Huawei was behind Cisco but ahead of Juniper in terms of revenues generated with routers and switches. Many Western telecommunications firms, including Deutsche Telekom, use Huawei hardware.

As a shopper who's obsessed with tracking his shipments online, I will never look at the words IMPORT CLEARANCE DELAY quite the same way again.
posted by rokusan at 12:42 PM on December 30, 2013 [5 favorites]

That particular article about the Saab beating Boeing is pretty limp - it reads as if the Times wants you to think that the NSA stuff factored in, but every expert to whom they spoke disagreed.

From the Reuters article that broke the story:

Until earlier this year, Boeing's F/A-18 Super Hornet had been considered the front runner. But revelations of spying by the U.S. National Security Agency in Brazil, including personal communication by Rousseff, led Brazil to believe it could not trust a U.S. company. "The NSA problem ruined it for the Americans," a Brazilian government source said on condition of anonymity.

A U.S. source close to the negotiations said that whatever intelligence the spying had delivered for the American government was unlikely to outweigh the commercial cost of the revelations. "Was that worth 4 billion dollars?" the source asked.
posted by ryanshepard at 12:47 PM on December 30, 2013 [6 favorites]

I had an EXPORT CLEARANCE DELAY for a while, but then I was rescued by a Privacy Movement. BREAK THAT CODE, NSA!
posted by It's Raining Florence Henderson at 12:47 PM on December 30, 2013 [6 favorites]

BSEE or BSCS required
C/C++ Developer for Linus
Experience with CHIMNEYPOOL

Must be fully cleared

Wanted: Scientologist C/C++ programmer whose used to work for Linus. Must have experience with leaking chimneys.
posted by cosmic.osmo at 12:51 PM on December 30, 2013 [9 favorites]

We use private space not just to hide things we don't want people to know for ethical reasons, but to experiment with and develop complex ideas and to reflect on and develop aspects of our interior lives that are not merely public performance.

I agree that this is a beneficial aspect of privacy, as it functions currently, but it is not the only way for ideas to develop and grow. For example, if I read you correctly, privacy is useful when one is only just beginning to get a project off the ground, but doesn't yet feel like opening it up for input and criticism. Perhaps the person developing the project is worried that if people were to look at it in its unfinished state, they could get the wrong impression and set that project on the wrong course.

I have to question that viewpoint. Why not go for criticism early and often? Why not open questions up to the widest possible audience? I hate to couch this in emotional language, but what is there to be afraid of? We can radically question current conceptions of what is personal and what is public and find new ways to develop both ideas and identities.
posted by adecusatis at 12:52 PM on December 30, 2013

I think my favorite codename out of the batch is ANGRYNEIGHBOR
posted by mrbill at 12:56 PM on December 30, 2013

I have to question that viewpoint. Why not go for criticism early and often? Why not open questions up to the widest possible audience?

Well, partly because human beings are socially opportunistic in nature and if they have some chip on their shoulder against you because you drink Starbucks coffee or whatever, will willfully and maliciously undermine you. People are not saints. We need legal protections from each others interference and malice. Privacy works to the benefit of the innocent far more often than the guilty.
posted by saulgoodman at 12:56 PM on December 30, 2013 [15 favorites]

Sure, no privacy could work--if we were all enlightened and perfect going into it. But we are not. And assuming idealized versions of reality for purposes of making policy is where things get really dangerous.
posted by saulgoodman at 12:59 PM on December 30, 2013 [1 favorite]

I think what we'll see as a fallout from all this is an adoption of what might
termed as the "Sopranos" method of conducting personal and professional
interactions: in a bathrobe, in our basements, face to face, with a noisy household
appliance running.
posted by Chitownfats at 1:13 PM on December 30, 2013 [2 favorites]

Privacy is useful when...

... You are a religious minority in a place where practice of your religion may be a dangerous thing (to your livelyhood, to your life, to your career, etc) [eg: you are an atheist politician in america]
... You wish to get an abortion (it may be legal, although it is illegal in many places around the world).
... You wish to keep your HIV status from being known to your entire neighbhoorhood/school/community...
... Your sexual preferences may have negative social consequences (or legal consequences perhaps if you are in Russia or other places around the globe).
... You do not support the current political regime in which you reside (and opposition to the current regime could cost you your freedom - this could be Syria or Maricopa county in Arizona).
... You are an environmental activist that is targeted by corporate investigators (to dig up any dirt on your life that could be used against you).
... You wish to keep your mental health diagnosis from your employer/neighbor/etc.
... You wish to keep explicate photographs that you took with an intimate partner private...
... You wish to show up at an Occupy Movement demonstration (or an anti RNC demonstration, or an anti-DNC demonstration, or any kind of controversial political advocacy).
... You want to take a shit in private.

For anyone here who has the stance of "I don't have any secrets", please memail me a list of your passwords.
posted by el io at 1:14 PM on December 30, 2013 [54 favorites]

I'm 29 and what people my sister's age (25) and younger seem comfortable with in terms of privacy are truly bizarre to me already. I do think in a few decades what we think of as absolutely private and personal will seem hopelessly quaint and outdated.

It may come to be that the line of what is considered public and private in the future will be so blurry as to seem non-existent from our current POV.
posted by Sangermaine at 2:44 PM on December 30 [2 favorites +] [!]

As others have said, I think this has more to do with maturity than generation. I'm 28 and ten years ago i shared literally everything on my xanga, even though I new my parents read it religiously and disapproved of it. I didn't care about privacy, I wanted everyone to know what i was thinking all the time.

Now, heh, I have a paper journal that I keep on my bookshelf, and I routinely delete half-written status updates as "nobody needs to know that".
posted by rebent at 1:28 PM on December 30, 2013

I think another thing worth emphasizing here is that NSA surveillance is pretty uniformly without any recourse or meaningful oversight. If you're not legally allowed to talk about it, then how could you ever take them to court if you found your private info were being leaked? How long will this kind of surveillance go on before abuses become rampant if there are no consequences?
posted by newdaddy at 1:31 PM on December 30, 2013 [1 favorite]

How NSA Hunts Metadata “Content” in Search of Your Digital Tracks
posted by homunculus at 1:32 PM on December 30, 2013 [1 favorite]

The Supreme Court Logic That Could Destroy Privacy in America: It's dangerous for courts to continue adhering to Smith vs. Maryland, a decision that was made before the advent of big data.
posted by homunculus at 1:33 PM on December 30, 2013 [3 favorites]

I routinely delete half-written status updates as "nobody needs to know that".

Sorry.
posted by cromagnon at 1:51 PM on December 30, 2013 [9 favorites]

alasdair: On the plus side, next time a right-winger claims Government agencies are incompetent buffoons, you can point at the NSA: Government is perfectly able to be effective, innovative and world-class if it has the funding, direction and autonomy.

I feel differently; a competent organization wouldn't have lost so many docs to an insider, would have at least the ability to reconstruct what was stolen, would have a disaster plan in place in the event such an exfiltration did occur, and wouldn't have been caught flat-footed lying to Congress and the people.

And that's my concern with a lot of what's coming out about the NSA - I can accept them being red team bad-asses when they're going against non-American adversaries, but this domestic shit is way too far for me. They have no right to the frequency or duration of my conversations with my wife, or my wife's texts to her colleagues, or my mother-in-law's location whenever she carries her phone.
posted by These Premises Are Alarmed at 1:55 PM on December 30, 2013 [2 favorites]

Or sending men with night-vision goggles into Mefites' partners' houses to plant bugs.
posted by anemone of the state at 2:00 PM on December 30, 2013 [4 favorites]

I’d just like to add that the posts by saulgoodman are among the best, most intelligent comments on the whole privacy/surveillancy debate I have read.
posted by Termite at 2:35 PM on December 30, 2013 [8 favorites]

The NSA has the capability to pre-compromise foreign equipment. My guess is that it's harder for them to use that capability operationally than for US equipment. Though, who knows, maybe they've paid off someone at the Chinese factory to install these "implants."

Why would it be harder for foreign equipment? It's not like most US-branded equipment is made in the US anyway. Heck, the more expensive stuff is often drop-shipped as individual units from the point of manufacture directly to the end user. (Apple laptops used to come via FedEx directly from China, not sure if they still do.) And the same manufacturer that produces stuff for a US brand on Tuesday might be turning out stuff for a Japanese or European brand on Wednesday.

Put differently, if you want to compromise American-branded equipment, you have to go to China (or in the case of hard drives maybe Thailand) anyway.* It'd be pretty stupid to stop at just the American brands, since lots of US adversaries may prefer to use non-US-branded equipment and it's not like the NSA's snooping is limited to or even primarily domestic.

I would really, really not depend on brand names to offer any sort of protection against these attacks.

* I mean this figuratively, not literally; I don't know if it would really be necessary for someone of the NSA's payroll to actually physically go to China. It can probably all be done electronically.
posted by Kadin2048 at 2:37 PM on December 30, 2013

> Privacy is psychologically important, but what privacy is can be very, very different to different people and societies.... What younger people in the US right now are comfortable having public is different than what was the social norm even 15 years ago, and haranguing them about a perceived loss of privacy is going to fail. Similarly, people in the US seem a lot more comfortable with the NSA surveillance than, say, those in Germany.

The problem, however, isn't that the American people (or youth, or consumers) are comfortable with a different standard of privacy than you or I (or MeFites, or the "privacy movement") would be. The problem is that we're not even being given the chance, as a society, to define privacy for ourselves; the decision is being imposed on the people without anything approaching informed consent. If we fully understood the scope and implications of the NSA's surveillance program and chose it anyway, that would be one [screamingly bad] thing, but at least there could be meaningful public debate. Instead, we're discussing how best to put the toothpaste back in the tube, without even knowing where or how much has been squeezed out.

"Easier to ask forgiveness than permission" is not, as far as I'm aware, supposed to be a guiding principle of our democracy.
posted by Westringia F. at 3:01 PM on December 30, 2013 [11 favorites]

tl;dr: Anybody can be imprisoned at any time. You, your mom/dad, your kids, your friends... ANYBODY.

Longer:

This NSA-collected data is not just being used for catching "terrorists". (I would argue that the country is more terrorized now by NSA than Al Quaeda -- I certainly am.) It is already being shared with law enforcement. That will only increase. The people will demand it -- to catch child molesters, murderers, etc. -- but once that genie is out of the bottle, precedence has been established.

Here's the problem: The *average* American breaks one law per day. Not a big deal, because with limited boots on the ground, law enforcement is spotty at best. But if they have all your history, years and years worth, it's a sure bet that they can find SOMETHING that you did illegal. The algorithm gives them a boot-strapped probable cause to obtain a warrant (using an automated service, naturally), then militarized thugs serve it no-knock style, shoot your dog, do an anal cavity search on you and your spouse in front of your kids, send them off to Child Protective Services, and lock you up while they paw through the rest of your history -- you dirty, dirty criminal you. And you did, in fact, do the crime(s), so even with "due process" you are f u c k e d -- *something* will stick. You remain "free" -- not locked in a cage or shot -- at the whim of the powers that be. Piss the wrong person off, and it's Game Over for you. And once you're a "criminal", nobody gives 2 shits about you. Tough on crime, you know.

This is very, very bad. The terrorists have won by turning our government upon its citizens. 9/11 literally ended up destroying freedom in the US. The NSA might as well start implanting tracking chips and remote-kill devices in us at birth. They have every bit of that capability now.

And I won't lie, I'm a little nervous for posting this here, where it can no doubt be traced back to me. Am I fomenting dissent? Will I be targeted as a Person of Interest? Is my family in danger?? I'm leaving the country, but no doubt they'll track me there too.
posted by NiceKitty at 3:08 PM on December 30, 2013 [25 favorites]

Will the abolishment of privacy at least provide us with a national gun registry?
posted by ceribus peribus at 3:16 PM on December 30, 2013 [2 favorites]

NSA slide boasts 100% success rate with DROPOUTJEEP iPhone exploit.

Don't all mobile phones have a baseband CPU which (a) has control over all aspects of the phone's operation (including that of the slave CPU which runs the user-side apps) and (b) will run any code pushed to it by a base station, with the assumption that the base station is trusted? Surely, if your country's security services/secret police (or regular police, tax department, organised crime, foreign intelligence agencies, &c.) want to use the capabilities of your phone (be it a shiny new iPhone or a 10-year-old Nokia), they just need to take control of a base station or pretend to be one?
posted by acb at 3:37 PM on December 30, 2013

Code names aren't supposed to be relevant. If they were they wouldn't be very good code.

There's a bunch of rules governing the creation of code names but they're generated more or less randomly from a pool of words. See this primer for details.

Assuming they didn't have a rogue employee give out the information, these would all simply be internal codenames, right?

Most two word codenames aren't themselves classified so they could be put on a resume for instance, as long as you don't give away any of the classified aspects of the project. All the projects where the name itself is classified have a single word designation.
posted by scalefree at 3:39 PM on December 30, 2013 [1 favorite]

At some point, can we add some nuance to this debate?

Whenever NSA things get posted on MeFi there's an outcry, but lately it's seems like it's turned into NSA bad, not NSA good. I want to be very clear, I oppose a lot of the things that have come to light as a result of the Snowden leaks: NIST standard poisoning, metadata collection, tapping US companies wires outside of the country. These are all things which are bad, and I am against and would like to see reforms made.

That all being said: this leak seems like exactly the type of thing the NSA should be able to do. The question, as cman pointed out is how these things are used. If they're being to target political or religious dissidents, fine, nail their asses to the wall. But if the North Koreans, Iranians, etc are ordering US technology, hell yes lets wiretap them.

This is obviously a specific issue, but I'm trying to make a more general point about the tone of debates around the current NSA leaks. Some of them have been awful and wrong -- fine. But things like this are exactly what they're supposed to do. The debate seems far, far too polarized -- to me at least it should be possible to be upset with some of the things the NSA are doing without being upset about all of them.
posted by yeahwhatever at 3:51 PM on December 30, 2013

Sangermaine's supposition that the younger generation is jettisoning our notion of privacy doesn't work either. It's true that teenagers have different motivations about what they put out there. But it's very telling that they are leaving or more strictly managing their Facebook accounts, where the privacy lines keep shifting and they're increasingly in reach of authority figures. They don't like being watched by Big Brother anymore than adults do.

So the real and sensitive conversations are moving to Snapchat, Tumblr, Whatsapp, and what have you. Places where its a lot easier to manage what gets seen and who sees it. Teenagers are rational actors. These social connections are worth the risks, and they're minimizing their risks by managing their privacy.
posted by Mercaptan at 3:54 PM on December 30, 2013 [1 favorite]

>>> We use private space ... to experiment with and develop complex ideas

>> I have to question that viewpoint. Why not go for criticism early and often? Why not open questions up to the widest possible audience? ... what is there to be afraid of?

> ... People are not saints. We need legal protections from each others interference and malice. Privacy works to the benefit of the innocent far more often than the guilty.

I'd add: particularly for those without power. Privacy doesn't just work to the benefit of the innocent; it works to the benefit of the weak.

There's a reason the NSA hides its surveillance strategies from wide & open criticism: having the privacy to experiment with and develop those ideas is power. The thing it's afraid of is not so different from what anyone is afraid of -- losing independence & control. From this perspective, the question becomes less about how much privacy we should have than about who should have it. And even though the ideals of privacy will vary across [social & technological] cultures and evolve with time, there's an argument to be made that it's universally problematic when privacy becomes a privilege of the powerful.
posted by Westringia F. at 3:57 PM on December 30, 2013 [9 favorites]

Code names aren't supposed to be relevant. If they were they wouldn't be very good code.

There's a bunch of rules governing the creation of code names but they're generated more or less randomly from a pool of words.

It would be great if one day this method led to a series of tools being named RAINBOWTABLE, STACKSMASH, BUFFEROVERFLOW, MANINMIDDLE, etc. Like Knuth (allegedly) said, if your random number generator can't spit out 20 zeros in a row, it's not really random...
posted by Joey Buttafoucault at 4:00 PM on December 30, 2013

Even if you think erosion of privacy as a social trend is benign, there's a disturbing political trend here. As Appelbaum points out in his CCC talk, the NSA has a near-monopoly on privacy violation because a regular American citizen risks serious jail time for invading computer networks, under the Computer Fraud and Abuse Act. And Snowden is facing terrible punishment for giving NSA a dose of its own privacy-violating medicine. I don't see how "Privacy is dead, get over it" can be a viable argument unless it applies roughly equally to everyone.
posted by Estragon at 5:14 PM on December 30, 2013 [4 favorites]

Very few things are built without some COTS bit of tech. With the recent stuff about MicroSD cards I become extremely pessimistic about our ability to secure anything. As coin folk like Snowden exploit these attack vectors to spill all the governments secrets perhaps there will emerge a kind of detente, such as in a game of iterative prisoners dilema.
posted by humanfont at 5:35 PM on December 30, 2013

The debate seems far, far too polarized -- to me at least it should be possible to be upset with some of the things the NSA are doing without being upset about all of them.

Just about everything uncovered so far has been mostly worse than most paranoid cypherpunk fantasies. Members of the NSA have shown themselves entirely unreliable to evaluate the necessity of their actions, much less able to point to any explicit examples of the utility of their work. When confronted with these revelations, NSA officials commit perjury without any consequences, nearly all judges go out of their way to prevent discussion in a courtroom, and the president seems entirely on board with what the NSA is doing by actively preventing truly independent review and oversight. Seems there is little to be gained by giving these folks the benefit of the doubt on anything, for the same reasons no one would give the benefit of the doubt to the beliefs of deniers of global warming, evolution and the Holocaust.
posted by Blazecock Pileon at 6:02 PM on December 30, 2013 [9 favorites]

> At some point, can we add some nuance to this debate?
posted by yeahwhatever at 3:51 PM on December 30

Eponysterical.
posted by Johann Georg Faust at 6:04 PM on December 30, 2013

Snowden has been trying to gain immunity in the US in exchange for a stop to the leaks. At what point does he run out of proof-of-abuse leaks and start sharing just any leaks? At what point does his motive switch from ending the abuse to winning immunity back home?

You do realize that Snowden is no longer leaking material, don't you? He gave the data to reporters, and they have been breaking the stories. So the whole idea that he has any kind of bargaining power is NSA propaganda.

there's a disturbing political trend here.

It's called totalitarianism. This is not hyperbole. The NSA, its goals, and programs are, by definition, totalizing forces in our culture and society. The idea we need the NSA to protect us is the same tired old justification that every totalitarian system ever envisaged has used to justify its existence. Fuck them and anyone who apologizes for the codification, normalization, and maintenance of totalitarian practices and structures in our "democratic" institutions. This is not directed at any individual mefite or otherwise, but rather at the whole intellectual movement that has since 911 been determined to undermine open debate about where our country is headed.
posted by AElfwine Evenstar at 6:09 PM on December 30, 2013 [14 favorites]

A more serious reply: In all honesty and sincerity, what good does this whole dragnet do us, really? Is this really the most efficient way to stop terrorists? 'Cause those Boston Marathon Bombers were still able to pull off their attack, as amateurish as it was. And it's done next to nothing to predict or prevent the other recent spates of mass violence (e.g., mall shootings, suicide bombs and other IEDs), so how exactly is the success of these techniques supposed to be measured, anyway? And since when does North Korea or Iran have anything to do with America's vendetta against Al Qaida or the Taliban?

I'm afraid to even call it security theatre anymore. More like security pornography. It's a sick perversion that a small, esoteric group of addicted fetishists have fooled themselves into believing is a necessary part of their daily routine, and the rest of us are too nervous to discuss the topic even after it has become an apparent problem. Maybe if I extend this metaphor far enough it'll at least show up on the spy satellite they have pointed at me.
posted by Johann Georg Faust at 6:31 PM on December 30, 2013 [4 favorites]

Personally, I want privacy because GLBT people will be among the first targeted for life-ruin if/when the Dominionists come into real power and succeed with their goals to transform this country. And I don't discount that as a possibility sometime in my lifetime. A good portion of the country seems to be slavering for it to happen, in theory, even if they themselves may discover they don't like the actual results once it happens.
posted by hippybear at 6:42 PM on December 30, 2013 [3 favorites]

I believe very wealthy people are in mostly in charge of the government now. They are desperate to lockdown population before the next Bastille Day happens -- and they're doing it. The rich will get more rich and the poor will get more poor, a return of the aristocracy. Only this time, revolution will be impossible. I think it's already too late. I hope they're nice to us.

Then again, I just saw the latest Hunger Games movie, and that could be coloring my world view. (SPOILER ALERT: She's really good with a bow and arrow.)
posted by NiceKitty at 7:55 PM on December 30, 2013 [1 favorite]

> Just about everything uncovered so far has been mostly worse than most paranoid cypherpunk fantasies.

This isn't necessarily true. Certain things were fairly well known inside the industry (prng poisoning) and others were assumed (end point security being non-existant). The ability of the NSA to compromise nearly any target was expected. The dragnet portion on the other hand...

> Members of the NSA have shown themselves entirely unreliable to evaluate the necessity of their actions, much less able to point to any explicit examples of the utility of their work. When confronted with these revelations, NSA officials commit perjury without any consequences, nearly all judges go out of their way to prevent discussion in a courtroom, and the president seems entirely on board with what the NSA is doing by actively preventing truly independent review and oversight.
Blazecock Pileon

Yes, and these things are wrong and should be corrected. That's exactly the point I'm trying to make. There's enough blame and anger to go around: our intelligence committee in congress being ineffectual lapdogs, the NSA lying to congress, poisoning standards which are supposed to protect us, and recording metadata on everyones phone records. We should be rightly upset about these things. However, it does not mean we should be upset about everything the NSA does. This seems totally inside their mission.

> In all honesty and sincerity, what good does this whole dragnet do us, really?
Johann Georg Faust

But this isn't necessarily a dragnet? I'm against the dragnet style stuff thats come to light, as I mentioned. This seems targeted towards particular individuals.

Look, I'm all for reforming the intelligence system in this country, because of the abuses which are listed above. The information presented thus far doesn't indicate to me that this is one of those abuses. All I'm trying to say is these issues have some nuance to it, and an entire thread of "NSA bad" every time Snowden leaks something is not the best way to go about getting these changes. It's just not a productive dialog. Instead, could we try evaluating these topics on a case by case basis, then using the negative cases as an overall impetus for change? That seems like it would be a far better way to approach this.
posted by yeahwhatever at 8:48 PM on December 30, 2013 [1 favorite]

Consider that Obama fills our inboxes with email and the NSA reads each one. At least someone is reading those urgent appeals.
posted by humanfont at 8:56 PM on December 30, 2013 [3 favorites]

All I'm trying to say is these issues have some nuance to it, and an entire thread of "NSA bad" every time Snowden leaks something is not the best way to go about getting these changes.

Do you work for the NSA, or are you just prone to spouting their talking points? Snowden leaked the documents and had his passport yanked. All that has been happening is that reporters who have access to the cache of documents that he leaked are now reporting on said documents. This is a very straightforward and easy to understand premise, but you are the second person in this thread who seems to lack the faculties to make this basic distinction. Why is that?
posted by AElfwine Evenstar at 9:02 PM on December 30, 2013 [5 favorites]

No, I do not work for the NSA, nor have any affiliation with them what so ever.

I'm advocating for reforming the NSA. I'm upset with many of the things the NSA has done that have come to light recently. I support reporters publishing the documents they have. I support people talking about the documents that have been published. I don't know how I can make it any clearer. To the best of my knowledge, these are not NSA talking points.

I'm not sure why you're so hostile towards me about this. I'm not even sure which premise I'm failing to understand.

I'm being critical of the dialog that surrounds these leaks. Namely, I wish it were better.
posted by yeahwhatever at 9:10 PM on December 30, 2013

The information presented thus far doesn't indicate to me that this is one of those abuses.

I suggest you brush up on the history of state surveillance in this country. Capabilities used against foriegn targets sooner or later get pointed inward. I suggest starting with the Church committee hearings and following that up with reading the Pike committee hearings.
posted by AElfwine Evenstar at 9:18 PM on December 30, 2013 [1 favorite]

But this isn't necessarily a dragnet? I'm against the dragnet style stuff thats come to light, as I mentioned. This seems targeted towards particular individuals.

The NSA activities which have been revealed, in particular the wide-spectrum gathering of cell phone use, are pretty much a textbook example of a dragnet. That is, casting far and wide and knowing you might catch some wrongdoing while scooping up a lot of innocents in the process. The fact that they claim not to be doing all manner of pattern-analysis on the data they are collecting and are only using the data to target specific individuals when they feel they have cause to investigate that individual doesn't stop their data collection from being a dragnet.

I don't even know how the matters which are the topic of this FPP are targeted. But the fact that they are developing these technologies, that many of them can be directed at anyone at any time, that they can possibly be part of the products that many of us are purchasing without our knowledge, just waiting to be activated when the NSA decides to do so... that seems to me also to amount to a dragnet.
posted by hippybear at 9:21 PM on December 30, 2013 [4 favorites]

I'm being critical of the dialog that surrounds these leaks. Namely, I wish it were better.

That's fine, but it seem to be a concern troll given the scope of the already revealed transgressions...many of which have democracy breaking implications if allowed to continue. As of yet there are no signs that Congress is going to fix this. The fact that some people are being too critical of the NSA seems to be a really odd thing to be worried about at a time like this.
posted by AElfwine Evenstar at 9:27 PM on December 30, 2013 [3 favorites]

> I suggest starting with the Church committee hearings and following that up with reading the Pike committee hearings.

I'm familiar with the Church committee hearings, as well as things like COINTELPRO. I'm very concerned with this sort of technology, specifically because of the US's long history of turning these sorts of things inwards. This is one of the primary reasons I support reform of the NSA.

This all being said, this does not mean this is currently one of those abuses. All that's been reported is that the NSA has capability to do this.

> The NSA activities which have been revealed, in particular the wide-spectrum gathering of cell phone use, are pretty much a textbook example of a dragnet

I think you misunderstand me. I specifically pointed that out as something I was opposed to, and a reason for reform. This FPP is about other capabilities, the extent to which they're deployed is not known. The potential for future abuse is is not the same as currently abuse. What I'm trying to say is to use the current abuses as impetus for change, not the hypothetical future abuses. It's a stronger argument.

> The fact that some people are being too critical of the NSA seems to be a really odd thing to be worried about at a time like this

Call a spade a spade. If something is an abuse of power, as I said, nail them to the wall. Seriously, find the people who authorized it and throw them in jail (I'm aware this will never happen). Impeach congressmen (also will never happen(. Throw them all under a bus. But do it with good reason (which you have plenty of!), not because of things the NSA is doing which it should be.
posted by yeahwhatever at 9:31 PM on December 30, 2013

The potential for future abuse is is not the same as currently abuse. What I'm trying to say is to use the current abuses as impetus for change, not the hypothetical future abuses.

I think you missed a couple of links.
posted by AElfwine Evenstar at 9:45 PM on December 30, 2013 [2 favorites]

The first link you listed suggests the US Govn't broke into his house and tapped his computer. This is a different kettle of fish than intercepting computers en route to their final destination and installing backdoors.

For what it's worth, add that (as well as Mr Applebaum's prior harassment when crossing borders) to the list of things the the US Govn't should be ashamed of. And yes, it's a long list.

The second link reiterates what the Spiegel article claims, only in presentation form. Again, the what matters here is how such capability is used. To the best of my knowledge there are no confirmed cases of this happening. I'm positive it's possible, and it's almost definitely be used in cases we're not aware of. What is important is if those cases were judicious uses of the ability.

I don't feel like I'm being particularly obtuse about this. I've made it very, very clear I would like to see some significant changes in the NSA. I don't think the point I'm making is overly sympathetic towards the NSA, considering the number of times I directly and without qualification condemn things they have done.

The point I was trying to make you're helping to illustrate. I'm advocating for critically evaluating each story on it's own merits. Metafilter seems to have a penchant lately for heaping blame and condemnation on the NSA by virtue of them being the NSA. As I said, I would like to see more nuance in the discussion. I feel like it's totally reasonable to have the position that many of the things the NSA does are wrong and should be reformed, while still holding that some of the things the NSA does are right, and what they should be doing.
posted by yeahwhatever at 10:07 PM on December 30, 2013 [2 favorites]

I watched the Applebaum youtube. About a third of it was over my head. I would be very interested in a HOWTO for noobs like myself who have done nothing wrong and have nothing to hide except maybe I have written something dumb online and I probably have a couple of friends or contacts who might be suspicious to the Powers that Be (e. g. I have a couple Muslim friends). I don't want to declare war against these assholes but I also don't want them breaking into my computer or into my house. Surely there must be some set of basic guidelines on camouflaging myself that will be 90% effective?

(google search on "avoiding the nsa for idiots" did not help.)
posted by bukvich at 10:31 PM on December 30, 2013 [1 favorite]

Possibility of a second NSA leaker (besides Snowden)
posted by NiceKitty at 10:36 PM on December 30, 2013 [8 favorites]

Surely there must be some set of basic guidelines on camouflaging myself that will be 90% effective?

Never do anything online, lose your cell phone, use only cash for purchases, don't let people take photos of you and tag them online...

That's a pretty basic set of guidelines.
posted by hippybear at 10:46 PM on December 30, 2013

bukvich, question is, what hardware is safe from compromise? I'm guessing they can't hack into a Tandy TRS-80, for example. Then I guess you'd have to use proxy servers to anonymize the traffic. All to say "Hi, grandma! Hope you're having a great holiday!!" without Big Brother looking over your shoulder. Also, give up your cell phone, credit cards and bank accounts, modern cars and air travel... Ok weirdo. Think how you'd have to live.

Danger is, would sending encrypted messages that cannot be cracked automatically and evading most tracking methods mark you as a Person of Interest, eligible for anything from a visit from men in black to a free stay in one of these countries? I think it would. It's certainly a non-zero risk. If there was a legitimate baddy terrorist, that's how he'd be acting.

The result is, basically, you're guilty until we can thoroughly examine your life and prove you innocent. It's disgusting.
posted by NiceKitty at 10:50 PM on December 30, 2013

Well, that's why some people have been saying for decades "encrypt everything". Because if everyone encrypted everything, then there would be no "oh, he's encrypting things, he must be Of Interest" marker to trigger a flag.

The problem is, as we have recently been told, even the encryptions are now compromised. So... *shrug*
posted by hippybear at 10:53 PM on December 30, 2013

yeahwhatever wrote: this leak seems like exactly the type of thing the NSA should be able to do.

I agree that surveillance of individuals is reasonable, so I don't have a problem with things like this, a clever little device that taps the signal generated by computer keyboards and broadcasts it only when activated by a second, external unit. I do have a philosophical problem with bulk surveillance, but that's really something for the USA to work out: does it want to be the global enemy of freedom? What I really deplore, though, is the USA war on data security by, e.g., subverting cryptographic standards.

Bad security is a threat to everyone, not just the enemies of the USA. An attack that the NSA knows about today may be uncovered by anyone tomorrow. In fact, I suspect that the USA's enemies know everything the NSA does: surely Edward Snowden isn't the only employee the NSA shouldn't have trusted? So when the NSA subverts a standard, or inserts a back door in a router, or even remains silent about an accidental weakness, it exposes us all to malice and criminal damage. The NSA's gross and promiscuous attacks on security put it on the side of terror and chaos, and make it a threat not only to enemies of the USA, but to us all.
posted by Joe in Australia at 11:02 PM on December 30, 2013 [2 favorites]

Another nasty question, if the NSA is collecting all this data, even if they only Use It For Good, do we trust them to keep it secure from legitimate criminals? Just one breach is enough to compromise all of our security.
posted by NiceKitty at 11:05 PM on December 30, 2013

> even the encryptions are now compromised

Actually the leaks have shown that our widely used crypto primitives are pretty secure. The end points might not be secure at all, but there have been no leaks that show that the NSA has solved elliptic curves, integer factorization, etc, or more generally broken the concept of hash functions, symmetric, or asymmetric encryption. There are obviously specific examples (MD5 in Flame, RNG exploit) but one of the real stories out of all these leaks is that the NSA has to do work to circumvent these systems (via things like this), as opposed to breaking them outright.
posted by yeahwhatever at 11:06 PM on December 30, 2013 [2 favorites]

If the encryption software or even the compiler for the encryption software is compromised, the encryption is compromised. If the NSA can remotely keylog or exploit other backdoors (the subject of this post), the message is compromised. No need to crack ECC.

Fun/horrifying thought... If the NSA can monitor you and your communications, it's *technically* possible for anybody to. Maybe that's the real wakeup call here. It just sucks, to put it mildly, that our own government has helped facilitate it.

The question on everyone's lips: How will we adapt to a post-privacy reality?
posted by NiceKitty at 11:16 PM on December 30, 2013 [1 favorite]

Metafilter seems to have a penchant lately for heaping blame and condemnation on the NSA by virtue of them being the NSA.

Well they haven't exactly comported themselves in a respectable manner now, have they? Habitual lying and showing a penchant for totalitarian behavior is a surefire way to get people to not like you.

The first link you listed suggests the US Govn't broke into his house and tapped his computer. This is a different kettle of fish than intercepting computers en route to their final destination and installing backdoors.

There's also the bit about how his partner woke up to find a bunch of guys with night vision goggles watching her sleep. I think its a reasonable stretch to make the leap that if they are going to intimidate journalists by breaking into their houses and the houses of their families and loved ones then all of the other transgressions of a less intrusive nature are also being done. It would seem that if they were bold enough to break into Applebaum's house they were bold enough to intercept his computer and compromise it. The difference is that they apparently wanted Applebaum to know how far they were willing to go.

To the best of my knowledge there are no confirmed cases of this happening. I'm positive it's possible, and it's almost definitely be used in cases we're not aware of. What is important is if those cases were judicious uses of the ability.

You say you are familiar with the Church committee and COINTELPRO. OK, so given the historical track record of state surveillance in this country and the recently revealed track record of the NSA what in Zeus's butthole makes you think that they would be judicious?
posted by AElfwine Evenstar at 11:32 PM on December 30, 2013 [3 favorites]

Bananaglee: Where'd all the tellers go?!"
Turbopanda: "They're usin' the co-opted OS like you commanded, Glee."
Bananaglee: "I told you not to use my name! Can't you even try to keep from forgettin’ that?"
Turbopanda: "Not even your code name?"
Bananaglee: "Oh yeah, yeah. My ‘code name.’”
Turbopanda: "You all hear that? We're using code names!"
Bananaglee: "All right, everybody! We're just about ready to begin a spyin’ proper!"

“It is impossible for human beings to develop personal character or integrity in the traditional sense without privacy.”

I think, at some point, we’re going to realize we don’t want to watch how the sausage is made. Because it’s also impossible for human beings to develop character and integrity without allowing for others’ privacy as well. Maybe sooner. But maybe a lot later.

What’s odd is how far afield this extraordinarily basic premise can get bound up. Not here. Generally I mean, the public discussion loses most of its coherence. Re: yeahwhatever’s “The debate seems far, far too polarized -- to me at least it should be possible to be upset with some of the things the NSA are doing without being upset about all of them.”

I mean, ‘Rule 34’ sure, but I have yet to see anyone clamor for porn of their own parents having sex. There are some concrete things we are pretty universally sure that we don’t want to see. And there are some concrete things we’re pretty sure our intelligence agencies should be doing in an age so heavily dependent on electronic communications.
And yet it goes right off the rails in the abstract. Arguments about Snowden. Greenwald (who, personally I don’t know how one can live in Rio knowing the kind of and make generalizations about how evil the U.S. is in contrast. In Chicago there’s been some seriously abusive policing, but death squads killing by the favelaful - different story), but I appreciate his arguments and criticism), the Government arguments – which superball around depending on the political spectrum of the given speakers …

Speaking of which, the “largest breach of top-secret information in history” did we miss in the whole “1984” evil government surveillance, yadda yadda – that he was a private contractor?

I hear Gen. Hayden (who’s working for a telecom now (Motorola) say Snowden is: “…revealing how we acquire this information…It will take years, if not decades, for us to return to the position that we had prior to his disclosure.” That “There's reason we call these leaks. If you extend the metaphor to Hanssen and [Aldrich] Ames, we can argue whether that was a cup of water that was leaked or a bucket of water. What Snowden is revealing, Major, is the plumbing.”

Who’s “we” Kemosabe?

Whatever Snowden is or is not or was or is doing, he wasn’t “we” until some dufus decided to farm out the entire set of plumbing to private industry. YOU made him WE, General.
WE have a constitution that limits OUR government. And, by extension the NSA. It doesn’t much matter WTF Congress does to the NSA if someone keeps contracting out the work to private firms that don’t have to worry about the 4th amendment.

In fact, the weaker and more corrupt the NSA looks, the better it looks for…oh, say, telecommunications companies to handle the workload.

Motorola hires people like Hayden and Regina Dugan (former DARPA head) to run their research outfit (hires researchers too – “technical program leads,” dunno the difference. Get to wear khaki’s maybe). Google spent $12 billion on them. The Moto X thing. Their telecommunications bid. Etc. 'Devices have backdoors' – yeah, ya think?

I don’t know the exact threshold of what kind of money people will spy, much less kill their neighbors for. But I’d put $12 billion well inside both those neighborhoods.

The NSA works with Leidos (SAIC) and Booz Allen Hamilton et.al. In addition to employing Snowden, Booz Allen Hamilton employs/ed Gen. James Clapper (Dir. National Intelligence) and VAdm John McConnell (former NSA director) who Greenwald described as emblematic of the incestuous relationship of public and private sector in intelligence

I scoff at Greenwald *scoff!* for conveniently not noticing the Brazil I’ve seen, and yet (in addition to the general human trait of excluding what you’re not hooked into (“perception is selection”), perhaps it’s because he operates in more rarefied air. After all, in a more sophisticated society, you don’t need death squads when lack of privacy is business as usual. Stand naked and strip others or you don’t eat.

I mean, the cops used a predator drone to nail some cow-theivin' weirdos (the editorial “weirdo,” as objectively as I can look at the Sovereign Citizen thing, and regardless of the merits or lack therof in the movement, the Brossarts are as weird as snakehips) and it’s outrage-o-rama.

And to be fair the argument – which skirts the “police can’t park in a car and scan your house with a thermal imaging camera to determine if you’re growing marijuana” ruling – that police can generally fly over an area and look at it: because “airspace,” is a crucial bit of privacy we need to determine.

But it doesn’t hold a candle to routinely using thermal imaging to spy on stuff (and on the government, which I still like to think of as more “WE” than folks who might happen to share stock in the same company).

“The company funding this espionage is Genscape, a private energy intelligence firm based in Louisville. Genscape also places electromagnetic monitors beneath the power lines running into the Cushing tank farms to measure their power usage…
The companies that own the tanks aren’t happy about the surveillance. Some have trading operations and closely guard their information about what goes on in Cushing. Eight-foot-tall barbed-wire fences surround their facilities. Signs warn drivers that they’re on private property and are liable to be stopped and searched. High-definition remote-control cameras mounted inside the complexes monitor every square foot. At times, armed guards are posted at the gates.

But the companies can’t control the airspace. And while they may not like the choppers, most storage companies are also Genscape clients. “They have a philosophy that while they may not like what we’re doing, they love to know what their neighbor is up to,” says Jill Sampson, managing director of North American operations for Genscape. Still, it’s a fraught relationship: “Let’s just say that on most days we are not their favorite people.” Demand for information about what’s going on in Cushing is so high that a Colorado-based firm called DigitalGlobe (DGI) (in partnership with Bloomberg LP, which owns Bloomberg Businessweek) has started flying one of its three satellites overhead twice a week to snap high-resolution pictures from space. They also do this over Libya. And Iran.”

That, and *crickets*

The government owns spy satellites - OMG!
Commercial vendor owns spy satellites - meh.

(The tech industry as a victim thing, yeah, DigitalGlobe got a lot of pattern of life pictures of Osama's house. Just sayin')

I think, though, the lack of nuance generally – and the ignoring of the private sector element of the spying equation specifically - is worse than political polarization or the human addition to personal drama or sensationalizing by the media or even propaganda by design.

I think it’s the nature of the beast:

"Attention is the gathering of information crucial to existence. Anxiety is the response when that information registers as a threat. The intriguing part of this relationship is straightforward: we can use our attention to deny threat, and so cushion ourselves from anxiety." - Daniel Goleman

The hell of it is people making money off of it drives actual threat so far off our radar that it’s inevitable we’ll stave off the little stuff by pure economic inertia until something really goddamn big comes and bites us in the ass.

Whatever Snowden is, or whatever else he is, he's a dispeller of delusion. We can argue truth all day but at some level that truth - for example mine and Greenwalds', have - at absolute best, their subjective flavor. Their focus. Their respective attention. Even where they're not at all at odds (again, myself and Greenwald. Abuses, even worse ones, in Brazil does not invalidate the validity of abuses in the U.S.).
And truth tellers get handed their respective measures of praise and condemnation in whatever measure. Perhaps profitable. Perhaps lethal. Rarely with any kind of real justice.

But people who pull back the wool you and your society have pulled over your own eyes?
Man, you all know what historically humans have done to them.

I’m not pre-gloating here. Never liked doomsday talk (serious talk anyway). Not big on looking for the death of anyone I'm not planning to end or defend myself (if I can't do anything about it, I can't do anything about it).
But it just reminds me of the bit from The Magnificent Seven. Guy falling off a ten story building. As he was falling, people on each floor kept hearing him say: "So far, so good."

“Don’t be evil”
So far, so good.
posted by Smedleyman at 11:32 PM on December 30, 2013 [6 favorites]

Code names aren't supposed to be relevant. If they were they wouldn't be very good code.

The military seems to go back and forth every now and then on the subject of whether code names should be propaganda terms (Desert Storm, etc.) or opaque identifiers (Castle Bravo etc.). Here's a history of the practice I bookmarked from an earlier metafilter thread. Some of the Snowden-leaked names are far too apposite to be random, though.

The *average* American breaks one law per day.

Also estimated at three felonies a day. If you include lesser infractions, the number's presumably a lot higher.
posted by hattifattener at 11:48 PM on December 30, 2013 [1 favorite]

Oh grate I'm not paranoid... enough. Again.
posted by NiceKitty at 11:52 PM on December 30, 2013

Joe In Australia: Yes, I agree. Backdoors can have their keys walk out, as the Snowden leaks indicate. I think the ethics of software vulnerabilities (reporting known vulnerabilities to vendors) is an interesting newer problem and I'm not sure I agree with them having an obligation to report things, but at the same time I'm not sure I disagree.

AElfwine Evenstar: I apologize, my internet connection is very, very bad at the moment and I wasn't able to watch too much of that video, or really any from the CCC yet. It's on my todo list. Speaking more generally I'm very, very concerned with the govn't abuse of power. I would go so far to say that if the govn't has certain capabilities, it will abuse them at some point. I think of Fred Hampton frequently when discussing these things.

This all being said, I think it's still important to look at how things are being used. Find the people who are authorizing this morally repressible stuff and hold them accountable. All I was trying to say is that we don't have evidence of this particular technology being used poorly. To use an analogy: I'm not upset we have cops, I'm upset we have cops that racially profile, beat people, harass minorities, and guard their own ranks and resist reform. When I talk to people about police corruption, I don't use examples where cops are acting morally, even when the same cop will act immorally later. I use the examples of the cops being complete illegal assholes. I'd like to apply the same standards to the NSA.

> stuff
Smedleyman

I agree completely. In my opinion the hemisphere leaks from AT&T were worse than what's been reported from the NSA so far, yet no one seems to care/give it the press because it's the private sector. It's amazing the shit they were (are) doing is legal.

I'm out for the night.
posted by yeahwhatever at 12:04 AM on December 31, 2013 [1 favorite]

Anyone else catch bit on ANGRYNEIGHBOR (RAGEMASTER, etc.) where they beam 1kW into people to bounce a signal off a spying device in a monitor or keyboard cable? Any idea if the devices they implant in plastic laptop cases work that way too?

I'd agree with Assange that this makes Hugo Chavez death from cancer suspicious. In fact, the Venezuelans already insinuated this before they even knew about ANGRYNEIGHBOR, etc. I'm curious if they find such implants in Chavez old computer equipment.

Anyone suddenly wondering about other cancer cases who the NSA might've spied upon? Just imagine if say Steve Jobs' family found such a remote powered bug in an old monitor cable!
posted by jeffburdges at 12:15 AM on December 31, 2013

The truth is that technology magnifies power in general, but the rates of adoption are different. The unorganized, the distributed, the marginal, the dissidents, the powerless, the criminal: they can make use of new technologies faster. And when those groups discovered the Internet, suddenly they had power. But when the already powerful big institutions finally figured out how to harness the Internet for their needs, they had more power to magnify. That’s the difference: the distributed were more nimble and were quicker to make use of their new power, while the institutional were slower but were able to use their power more effectively. So while the Syrian dissidents used Facebook to organize, the Syrian government used Facebook to identify dissidents.
-Bruce Schenier
posted by landis at 2:01 AM on December 31, 2013 [2 favorites]

Interesting: These passive microwave-activated bugs are descendants of The Thing, a microphone which would modulate and reflect back a continuous-wave microwave signal beamed into the room. Such bugs would be passed up in counter-surveillance sweeps because they were hidden in objects that weren't plugged in to a power source.

It's more than likely that Hugo Chavez was the target of such surveillance operations, but it probably didn't cause his cancer. Microwave radiation isn't ionizing and hasn't been shown to be carcinogenic yet- so at this point it's a bit of a distraction.
posted by anemone of the state at 2:03 AM on December 31, 2013 [3 favorites]

It's incredible to learn how many people who look like sane, not-shit people will turn into apologists for the worst abuses and crimes at the drop of a hat.

"It is difficult to get a man to understand something, when his salary depends upon his not understanding it!" - U. Sinclair
posted by rough ashlar at 2:20 AM on December 31, 2013 [7 favorites]

Cory Doctorow had an editorial in the Guardian in which he argued that "we have finally attained Peak Indifference to Surveillance".

Cory has not spent enough time with his fellow man. Humans can show even LESS caring.
posted by rough ashlar at 2:33 AM on December 31, 2013

the list of things the the US Govn't should be ashamed of. And yes, it's a long list.

I'm not outraged enough today - where is this list so I can learn of new things to be outraged over so I can start 2014 with outrage burnout AND not have to be shocked in 2014 over past behaviour?
posted by rough ashlar at 2:50 AM on December 31, 2013

I do have a philosophical problem with bulk surveillance, but that's really something for the USA to work out:

Sure, a US of A problem. Perhaps some reading about ECHELON is in order for you?

Another nasty question, if the NSA is collecting all this data, even if they only Use It For Good, do we trust them to keep it secure from legitimate criminals?

How about a re-frame - This bulk data is being gathered by corporations and then forwarded to the NSA. Why should you trust these Corporations who gather the data to keep it secure?
posted by rough ashlar at 2:56 AM on December 31, 2013 [1 favorite]

EFF's Kurt Opsahl: Through a PRISM, Darkly - Everything we know about NSA spying
posted by anemone of the state at 3:01 AM on December 31, 2013 [1 favorite]

The *average* American breaks one law per day.
Also estimated at three felonies a day. If you include lesser infractions, the number's presumably a lot higher.

In 1982, while at the Justice Department, Mr. Gainer oversaw what still stands as the most comprehensive attempt to tote up a number. The effort came as part of a long and ultimately failed campaign to persuade Congress to revise the criminal code, which by the 1980s was scattered among 50 titles and 23,000 pages of federal law.

Now ponder - ignorance of the Law is no excuse. How many laws are you ignorant of?
posted by rough ashlar at 3:05 AM on December 31, 2013 [2 favorites]

Appelbaum mentioned that the NSA explicitly targets sysadmins to access the systems they control, which sounds illegal. And provides a converse of sorts to Assange and Appelbaum's joint talk Sysadmins of the world, unite!

Apparently Appelbaum's talk was originally combined with To Protect And Infect Part 1 by Claudio Guarnieri and Morgan Marquis-Boire, which discussed hackers exploring the commercial tool used by smaller states and local law enforcement, like FinFisher, Hacking Team, VUPEN, etc. I felt the two halves being presented separately made pedagogical sense and let both say more, but..

The rumor mill claims these two were pressured into speaking separately. Ain't necessarily the NSA behind any such pressure, maybe just colleges, employers, etc. It's worth providing Appelbaum with some solidarity now though. In particular, these revelations could be used further discredit the NSA by (a) exposing who they target and (b) exploiting their backdoors.

As an aside, we might want a 30c3 post not so focused on the NSA hardware hacking like last year, but apparently Glen Greenwald's keynote (c3) and the amazing The Year in Crypto (c3) have not gone up on media.ccc.de yet, even though they exist on youtube. There were many interesting technical talks like the FPGA/PSHDL stuff, The Tor Network, GNU Name System, etc. and interesting civil liberties talks on China, India, monopolies, etc.
posted by jeffburdges at 5:23 AM on December 31, 2013 [4 favorites]

I just don't think the powers that be care about the law anymore. This is an end-run that is making public pressure irrelevant. They'll change the law to accommodate illegal behavior, or just hide it and fvck you it's sekrit. Oh you found out? Fvck you what you gonna do we have tasers and pepper spray and military grade hardware if you want to dance.
posted by NiceKitty at 6:08 AM on December 31, 2013 [2 favorites]

Ubiquitous surveillance of communications data creates another privacy problem, but it's dual-edged: we're talking about digital information, collected by means known and unknown. Once you accept that the government has the ability to gather any piece of information you have ever read or created, it is just as easy to fabricate a log or piece evidence as it is to collect it.

The upside of this is that nothing electronic can be truly considered 'evidence,' since it amounts to worse than hearsay.

The downside is it probably doesn't matter, since once you're targeted in such a way you are already lost.
posted by Mooski at 7:15 AM on December 31, 2013 [2 favorites]

saulgoodman: It is impossible for human beings to develop personal character or integrity in the traditional sense without privacy.
FJT: Uh, I don't know about that. Wouldn't this mean that places with less privacy would have more problems with lying or even crime? This doesn't seem to be true, at least in the cases of comparing like a densely urbanized places in Japan vs. the United States for example.

In many respects, a densely populated big city offers its inhabitants more privacy, through anonymity-in-the-crowd and apathy, than a stereotypical small town does. The issue isn't just "how many people might overhear my personal conversations" but "how much attention is paid to my overheard personal conversations."

I think we should definitely expect a post-privacy society to have, if not more out-and-out lying, certainly more prevarication, more economical use of the truth. With pervasive recording and no privacy, everything we do becomes politics, and we all become politicians. Every opinion you admit to becomes a risk, a liability, an opportunity for someone (maybe years later) to pigeonhole you, to deny you a job, to assassinate your character, to justify abusing you in various ways, etc.
posted by Western Infidels at 7:31 AM on December 31, 2013 [3 favorites]

IRATESPATULA is a gigahertz 802.1x architecture intended to decipher concealed user information. For the first time, we have the ability to exfiltrate targets' pornography with total freedom.
posted by pompomtom at 8:02 AM on December 31, 2013 [9 favorites]

pompomtom, the link output changes constantly. I got, among others:

SOURCESQUIRREL is a data-line cellular technique created to decrypt foreign journalist information. It is capable of both cellular and BIOS decryption.

WAFFLEMONKEY is a gigahertz 802.1x device built to intercept concealed journalist intel. For the first time, we have the ability to store agents' pornography at boot time.

ANGRYMONKEY V9 is a data-line PKI device created to eliminate the privacy of encrypted file intel using the SLICKERSEAGULL intercept. Our collaboration with Verizon under the LATENTGENESIS program has made it possible to analyze this intel.

(Wish there was a way to get unique links, but I can't find one.)
posted by RedOrGreen at 11:21 AM on December 31, 2013 [1 favorite]

In many respects, a densely populated big city offers its inhabitants more privacy, through anonymity-in-the-crowd and apathy

And also a cultural difference. Historically, much of the overt attraction of city life was not having your neighbors in your business. In a small town, everyone knows what everyone is doing; in a city, you are expected to pretend not to notice private activity, no matter how obvious, unless explicitly invited to. This pair of expectations shows up pretty explicitly in literature going back a century or more.
posted by hattifattener at 7:40 PM on December 31, 2013 [2 favorites]

I don't see how being socially anonymous in a city prevents the government from collecting your metadata. Your neighbors might leave you alone, but if anything, there is more opportunity for govt data collection, what with the cameras everywhere. And hey you're in public; totally "legal". (That word is becoming more and more meaningless to me.)
posted by NiceKitty at 7:40 AM on January 1, 2014

Edward Snowden, Whistle-Blower
posted by AElfwine Evenstar at 3:55 AM on January 2, 2014 [1 favorite]

I continue to be amazed at the level of apologia for this behaviour. It is complete insanity. Where can I go online to be around more people who understand what Appelbaum is really saying here? Because, damn.

We're already into paranoid schizophrenic territory -- except this is all factual, to the best of our knowledge. I'm a little scared that a less apologetic crowd will be a trip on the crazy train... and then they'll turn out to be 100% correct!
posted by NiceKitty at 8:31 AM on January 2, 2014

Hey guyz what if this is all viral marketing material for some cheesy new sci-fi dystopian movie?? Sure feels like it sometimes.
posted by NiceKitty at 8:32 AM on January 2, 2014

Just watched the Applebaum video. Holy shit.
posted by KokuRyu at 4:04 PM on January 2, 2014 [1 favorite]

Hey guyz what if this is all viral marketing material for some cheesy new sci-fi dystopian movie?? Sure feels like it sometimes.

It's all just further evidence to support my theory that actual reality did end on 12/21/12, and we are now living in hollywood screenwriter reality.
posted by hippybear at 6:15 PM on January 2, 2014 [1 favorite]

NSA seeks to build quantum computer that could crack most types of encryption
posted by AElfwine Evenstar at 8:55 PM on January 2, 2014 [1 favorite]

What a nightmare Applebaum's life must be. In another article (perhaps linked above), he compares US state surveillance with the sort of intimidation practiced by former Soviet bloc security services. Apparently someone broke into his Berlin flat while he was away.

The most obvious and common result of all of this surveillance is going to be self-censorship.

The rationale for surveillance doesn't even make sense if you consider the fact that the American authorities could not even predict and prevent the Boston bombings.
posted by KokuRyu at 10:11 PM on January 2, 2014 [2 favorites]

The Linksys WAG200G router has a backdoor that gives administrator and local network access without authentication. All Sercomm wireless DSL routers including Cisco, Watchguard, Belkin, models might be vulnerable as well.
posted by jeffburdges at 8:07 AM on January 3, 2014 [1 favorite]

Losing Aaron (/.)
posted by jeffburdges at 8:37 AM on January 3, 2014 [3 favorites]

great link, Jeffburdges - worth it for the "reason I hacked the router" comic alone
posted by rebent at 8:40 AM on January 3, 2014 [1 favorite]

Are Other NSA Employees Leaking Documents Under The Cover Of Snowden?

Suggestion To NSA Employees Who Actually Respect Civil Liberties: Do A 'Quarter Snowden With A Twist'

Obama Chastises Keith Alexander For Trying To Befuddle Him With Tech Jargon
posted by jeffburdges at 8:59 AM on January 3, 2014 [2 favorites]

Every 'Threat' The NSA Spreads FUD About Seems To Be Something The NSA Itself Is Actually Doing
posted by jeffburdges at 12:55 PM on January 3, 2014 [1 favorite]

Losing Aaron (/.)

I think that article might deserve its own post.
posted by homunculus at 1:17 PM on January 3, 2014 [3 favorites]

I think that article might deserve its own post.

Seconded.
posted by AElfwine Evenstar at 2:09 PM on January 3, 2014

Why They Mattered: Aaron Swartz
posted by homunculus at 1:13 PM on January 4, 2014 [2 favorites]

NSA says Congressional Representatives have same privacy protections are rest of Americans,
posted by the man of twists and turns at 11:44 AM on January 5, 2014 [1 favorite]

Seriously. He should have said "No, we use specially trained database operators to delete Congressional correspondence, and we administer memory-wiping drugs to them at the end of the day." It would have been a simple enough lie, and you can bet Congress would have swallowed it. You just can't buy loyalty anymore.
posted by Joe in Australia at 5:44 PM on January 5, 2014 [1 favorite]

Yahoo Advertising Serves Up Malware For Thousands
posted by jeffburdges at 6:49 PM on January 5, 2014

I'd have been pretty pissed if they had said Congress was getting some sort of special treatment. For one reason, because it would obviously be a lie: you can't be selective when you're doing bulk collection in the way they have allegedly been doing, but also because I think Congress needs to get a taste of what the rest of America has been feeling if there's going to ever be any reform.

So, bravo on the NSA for that one. Universal surveillance is universal.
posted by Kadin2048 at 7:46 PM on January 5, 2014

That's OK, Kadin2048. I believe the NSA can confirm that it is not illegally spying on millions of Americans using powers granted by Section 215 of the Patriot Act. At no time has it tapped your phone, specifically, or sought a warrant to examine your records. The NSA fully stands behind the law.

This stuff is too easy, they should hire me to write for them.
posted by Joe in Australia at 9:45 PM on January 5, 2014 [2 favorites]

NSA revelations: the 'middle ground' everyone should be talking about

Matt Blaze is one of the smartest. Previously.
posted by These Premises Are Alarmed at 1:09 PM on January 6, 2014 [1 favorite]

This stuff is too easy, they should hire me to write for them.

You might be able to get their attention if you write stuff like this.
posted by homunculus at 1:31 PM on January 6, 2014

The thing that really depresses me isn't the NSA's wild misbehavior so much as the average American's ambivalence on this subject. I think the NSA depends on this. Maybe, after years of us telling them to use strong passwords, to stop downloading stupid shit off the internet and other things that they didn't want to hear, they finally tuned us out. "Oh, the nerds are in a tizzy about something again..."

Either that or they have a very poor understanding of what their rights are supposed to be.
posted by double block and bleed at 4:43 PM on January 6, 2014

An actual example of the USA's executive branch using an NSA wiretap to pressure a member of Congress: The Danger of NSA Spying on Members of Congress
posted by Joe in Australia at 4:50 PM on January 6, 2014 [1 favorite]

would sending encrypted messages that cannot be cracked automatically and evading most tracking methods mark you as a Person of Interest

You can't hide from the Machine.
posted by homunculus at 9:09 PM on January 8, 2014

"The NSA loves Yahoo" - Jacob Appelbaum
"Yahoo's Email encryption needs work" - Ivan Ristic
posted by jeffburdges at 4:56 AM on January 9, 2014 [1 favorite]

How the NSA Almost Killed the Internet

Crossposted from here.
posted by homunculus at 10:09 AM on January 9, 2014 [1 favorite]

These Premises Are Alarmed: NSA revelations: the 'middle ground' everyone should be talking about

Jacob Appelbaum on Matt Blaze's article: "@mattblaze I'm really sad that you used my reporting to come to this conclusion."
posted by anemone of the state at 12:54 PM on January 9, 2014 [1 favorite]

Homunculus: How the NSA Almost Killed the Internet

Wonderful graphics!
posted by Joe in Australia at 2:10 PM on January 9, 2014

What It's Like When The FBI Asks You To Backdoor Your Software
posted by Joe in Australia at 2:14 PM on January 9, 2014 [2 favorites]

Should we publish a list of several thousand NSA collaborators as per On the take and loving it by Julian Assange?
posted by jeffburdges at 8:26 AM on January 13, 2014 [1 favorite]

Are there any "aggressive" virus scanners for Mac OS X that compare files in a /System and elsewhere with SHAs for files known to be distributed by Apple? Ain't so great running a closed source OS obviously, but I'd love to know all files that did not actually come form Apple.
posted by jeffburdges at 8:11 AM on January 14, 2014 [1 favorite]

jeffburdges: It would be very hard to do that in a reliable way on a running system. If your system is compromised at that level, it wouldn't be hard to make it misreport the file hashes. Basically, if you are concerned that you are rooted, you can't trust any output that the system produces. And so if you did create software to try and detect sabotage under those conditions, it would really only detect naive or flawed attempts, and in doing so probably give the user a false sense of security.

You'd have to pull the drive from the suspected computer and put it into a known-good machine and from there examine the system files for modifications. That's not impossible to do, but I'm not aware of any out-of-the-box software to do it. It's probably easier just to back up your data and reinstall the OS from immutable media.
posted by Kadin2048 at 9:44 AM on January 14, 2014

Agreed in principle. Actually there is a Thunderbolt Target mode, so this isn't hard to implement on Mac, basically run an rsync-like backup through another Mac from Target mode to a backup drive, and analyze the log. An attacker like the NSA could alter your Thunderbolt firmware, but merely the existence of a user friendly tool for scanning one from another endangers their surveillance activities.
posted by jeffburdges at 9:52 AM on January 14, 2014

How the NSA Almost Killed the Internet

From the same author: I Spent Two Hours Talking With the NSA’s Bigwigs. Here’s What Has Them Mad
posted by homunculus at 10:53 AM on January 14, 2014 [1 favorite]

Researcher Says Simple Security Fixes From Carriers Would Have Prevented NSA Collection Of Cell Communications
I doubt that conclusion myself given the stuff exposed here, although maybe they'd need more complex solutions.
posted by jeffburdges at 1:00 PM on January 14, 2014

New York Times: N.S.A. Devises Radio Pathway Into Computers

The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.

The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.

posted by the man of twists and turns at 6:47 AM on January 15, 2014 [1 favorite]

A $1B intelligence satellite deal between France and the UAE goes sower over U.S. technology that intercepts data transmitted to the ground station.
posted by jeffburdges at 3:33 AM on January 16, 2014

Regarding the discussion upthread on US-branded vs foreign-branded equipment, where I suggested that buying foreign branded equipment is no protection against surveillance, there is now confirmation that the NSA had an exploit specifically targeting Huawei routers.

HEADWATER
(TS//SI//REL) HEADWATER is a Persistent Backdoor (PDB) software implant for selected Huawei routers. The implant will enable covert functions to be remotely executed within the router via an Internet connection.
(TS//SI//REL) HEADWATER PBD implant will be transferred remotely over the Internet to the selected target router by Remote Operations Center (ROC) personnel. After the transfer process is complete, the PBD will be installed in the router's boot ROM via an upgrade command. The PBD will then be activated after a system reboot. Once activated, the ROC operators will be able to use DNT's HAMMERMILL Insertion Tool (HIT) to control the PBD as it captures and examines all IP packets passing through the host router.
(TS//SI//REL) HEADWATER is the cover term for the PBD for Huawei Technologies routers. PBD has been adopted for use in the joint NSA/CIA effort to exploit Huawei network equipment. (The cover name for this joint project is TURBOPANDA.)
STATUS: (U//FOUO) On the shelf ready for deployment.

And depending on what you believe regarding Chinese government involvement with Huawei, you might have dueling backdoors in there.
posted by Kadin2048 at 10:47 AM on January 16, 2014

There is obviously a huge "home field advantage", as Appelbaum puts it, when any nation wishes to add backdoors because (a) the native company has control over component designs and (b) foreign nationals risk espionage charges by adding backdoors.

In the French case, there is surely a deal between French intelligence, like the DGSE, etc., and the NSA, CIA, etc. to add backdoors to spy satellites.

In the Huawei router case, HEADWATER is a backdoor implant that might or might not use an actual backdoor in some Huawei routers. Any actual router flaws might simply be bugs the NSA found or even derive from American components.

Now, if South Korean intelligence were unaware of HEADWATER, then their counter-intelligence should investigate the change history pertaining to any bugs that facilitate implantation. And they should look into filing espionage charges if they find anything suspicious.
posted by jeffburdges at 1:09 PM on January 16, 2014

NSA collects millions of text messages daily in 'untargeted' global sweep
posted by homunculus at 1:55 PM on January 16, 2014 [2 favorites]

Buzzfeed: America’s Spies Want Edward Snowden Dead
posted by the man of twists and turns at 8:45 AM on January 17, 2014 [1 favorite]

One Army intelligence officer even offered BuzzFeed a chillingly detailed fantasy.

“I think if we had the chance, we would end it very quickly,” he said. “Just casually walking on the streets of Moscow, coming back from buying his groceries. Going back to his flat and he is casually poked by a passerby. He thinks nothing of it at the time starts to feel a little woozy and thinks it’s a parasite from the local water. He goes home very innocently and next thing you know he dies in the shower.”

This is probably how they already do it, but they know that if Snowden turned up dead, they might not weather the backlash.
posted by anemone of the state at 5:28 PM on January 18, 2014

“I think if we had the chance, we would end it very quickly,” he said. “Just casually walking on the streets of Moscow, coming back from buying his groceries. Going back to his flat and he is casually poked by a passerby. He thinks nothing of it at the time starts to feel a little woozy and thinks it’s a parasite from the local water. He goes home very innocently and next thing you know he dies in the shower.”

In a just world, this statement would have led to an immediate Congressional inquiry.
posted by NiceKitty at 10:41 PM on January 18, 2014 [2 favorites]

Or a journalist would ask "Hey, how many guys a year do you think get killed that way?"
posted by Joe in Australia at 11:31 PM on January 18, 2014 [3 favorites]

Too bad I'm not in Berlin this weekend : Einbruch der Dunkelheit
posted by jeffburdges at 5:42 AM on January 25, 2014 [1 favorite]

The Internet is compromised
posted by jeffburdges at 5:52 AM on January 25, 2014

The Internet is compromised

Good info there. But I doubt it's true that encryption is still safe if they can factory- or remote-install keyloggers, OSes are compromised, etc. At any rate, the meta-data is still in the clear -- what traffic goes where and when. They can establish your entire social and professional network from that alone.
posted by NiceKitty at 9:38 AM on January 25, 2014

One thing I've wondered is whether or not they have the capability to shut an individual's internet and phone communication down completely. Seems a trivial thing to associate a person's identity with a MAC address or phone number and just block those undesirables, thus greatly limiting their ability to organize and assemble. (Even if the MAC address is spoofed, I'd think they could identify you based on metadata patterns.) Great way to squash dissent!
posted by NiceKitty at 9:46 AM on January 25, 2014

Encryption is the only safety. In practice, any strong encryption means the NSA must take risks if they want the plain text :

TLS exposes the plaintext to the server, but some NSLs get challenged, potentially exposing an investigation. And little ol' Lavabit exposed the them like crazy. AT&T, Verizon, etc. have never challenged an NSL.

OtR and GnuPG expose only metadata, requiring they hack your system for the plaintext. Any such hacks risk exposure themselves though, even if you're unsophisticated, perhaps you've sophisticated friends. And hacks risk exposing not only the investigation but also the exploit and payload, potentially worth real money. Pond does not even expose the metadata without such risks.

And factory backdoors represent a major economic risk to the U.S. as well as an existential risk to the collaborating company, maybe even the NSA itself.

"Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it." - Edward Snowden
posted by jeffburdges at 1:37 PM on January 25, 2014

Are you opposed to fracking? Then you might just be a terrorist: From North America to Europe, the 'national security' apparatus is being bought off by Big Oil to rout peaceful activism
posted by homunculus at 5:45 PM on January 25, 2014 [2 favorites]

Operation American Spring: General & Colonel Call For a Massive March on Washington

According to Riley, “We’re not suggesting that our government structure is bad. We’re not even suggesting that the principles which the Founding Fathers gave us are bad or wrong. What we’re saying is that the people who now occupy positions of power have betrayed the Constitution, have betrayed the Founding Father principles, and have betrayed We the People in seeking power and greed in an incestuous operation in Washington. They just feed one another, whether Democrat or Republican…they all put up a little show as if there’s some difference. There really isn’t. They’re all up there to stay, to eat at the trough of the American people and basically have their own world, and we’re down here wondering what’s going on. We’ve had enough; we’ve just had enough.“

posted by NiceKitty at 10:31 AM on January 26, 2014 [1 favorite]

Why goes TorBrowser uses HTTP Everywhere?
Spoiled Onions: Exposing Malicious Tor Exit Relays
posted by jeffburdges at 11:01 AM on January 26, 2014 [1 favorite]

Davos to Detention: Why I Hate Coming Home to America
Just reminded me of the treatment ioerror always got entering the U.S., except this guy isn't actually being targeted personally, he's just named Ahmed.
posted by jeffburdges at 4:08 PM on January 29, 2014 [2 favorites]

If this guy's a US citizen, under what legal theory is he being detained? Presumably his stuff has been examined by US Customs; they have established his identity; why isn't he free to go?
posted by Joe in Australia at 4:23 PM on January 29, 2014

Isn't it simply that his name is Ahmed? Don't miss the comment :
"Apparently looking latino, having a latino name rises my 'profile'." - Paulo Desouza

In Iraq, sectarian death squads have set up checkpoints where they kill you if you name is Omar or whatever fits their ideology. "I started to feel frightened after hearing stories that they are killing people named Omar and that there are checkpoints where they arrest people named Omar".
posted by jeffburdges at 5:11 PM on January 29, 2014

I know why they're doing it, but what reason do they give?
posted by Joe in Australia at 7:08 PM on January 29, 2014

« Older Mads Mikkelsen is absolutely stellar as the Mad... | "We are going to get rid of the horse carriages.... Newer »

This thread has been archived and is closed to new comments

MetaFilter

Digital Black-Bag Ops:
December 30, 2013 9:50 AM Subscribe

Tags

Share

Digital Black-Bag Ops: December 30, 2013 9:50 AM Subscribe

Tags

Share

Digital Black-Bag Ops:
December 30, 2013 9:50 AM Subscribe