[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NSA Attacks on VPN, SSL, TLS, SSH, Tor



On Wed, 31 Dec 2014 10:03:06 -0500 z9wahqvh <[email protected]> wrote:
> as long as we have our tinfoil hats on, one data point to keep in
> mind here is to remember that USGov, despite having many uniform
> policies, is also shot through with warring fiefdoms and turfs.
> 
> ...
> 
> CIA and NSA have often been thought not to be on the same page,
> largely because NSA is military and CIA is civilian (or whatever
> special/uber designation it has at this point). CIA sees itself as
> entitled to operate much *more* lawlessly than NSA.
> 
> it is not hard to imagine scenarios where CIA might want to weaken NSA
> capabilities in part via public embarrassment. and one involved in
> the plot could even go public with his statements about how damaging
> the leaks are. convenient!

Agreed.

In my defense, I was replying to "I'm getting the impression that all
the Snowden stuff that gets 'leaked' to the public has been somehow
approved by the US govt?"

:-)

On Wed, Dec 31, 2014 at 10:29 PM, Seth <[email protected]> wrote:
> On Tue, 30 Dec 2014 14:16:21 -0800, Jason Richards <[email protected]>
> wrote:
>> OK, I'll bite: why? What benefit does the US govt get from the
>> information leaked by Snowden?
> 
> The way this question is worded frames the debate to an extent. To
> me, using the phrase 'the US Govt' implies a monolithic entity with
> coherent motives.
> 
> It does not leave room for explanations involving fedgov internecine
> info-warfare for example.

Agreed, as per above.

>> So the US government seems to have said "we do things you don't
>> want us to, but if you use proven, open source crypto you're
>> reasonably secure." The only benefit I can see would be if they
>> could break that crypto and wanted people to have a false sense of
>> security by using that easily broken crypto.
>> 
>> My tinfoil hat isn't that thick. I don't buy it. So what are the
>> other benefits?
> 
> Just throwing some ideas out:
> 
> * Terrorize disenfranchised members of the population into the
> cyber-fetal position. Self-censor accordingly and don't get too
> uppity, submitizen!
> 
> * Make it clear for any potential rivals to deep state power who
> 'didn't get the memo' that their every move is being watched,
> cataloged, recorded and stored in perpetuity.
> 
> * Frame the debate. Never ask the fundamental question of whether
> the surveillance state should exist or not. Keep the discussion
> focused on 'how much' surveillance.

These do indeed seem like good outcomes for a totalitarian government.
It also unfortunately reinforces and brings about the predictions of
people like Orwell, Huxley and Zamyatin.

I still can't see that the cost is acceptable, unless:

> * Throw up a fog of dis-information consisting of yesterdays
> obsolete capabilities, which by themselves are enough to stun even
> the tinfoil hat brigade. Mobilize interesting targets into adopting
> defenses against the obsolete attacks, until they think they are
> safe and can let their hair down again. Immediately begin
> harvesting juicy new intel via unrevealed nextgen attacks.

This is my fear. They've outflanked us by making us think that there is
only one (or a small number of) effective solution(s). We just don't
know yet that it/they isn't/aren't secure.

> * Inflict political pain on rival agencies and political enemies

Again, I'd think that the cost of this one is too high, but I don't
know enough of the internal politics. It does seem to be a very high
price to pay.

I hope that your fourth point above is not correct.

J