[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NSA Attacks on VPN, SSL, TLS, SSH, Tor

On Wed, 31 Dec 2014 10:03:06 -0500 z9wahqvh <[email protected]> wrote:
> as long as we have our tinfoil hats on, one data point to keep in
> mind here is to remember that USGov, despite having many uniform
> policies, is also shot through with warring fiefdoms and turfs.
> ...
> CIA and NSA have often been thought not to be on the same page,
> largely because NSA is military and CIA is civilian (or whatever
> special/uber designation it has at this point). CIA sees itself as
> entitled to operate much *more* lawlessly than NSA.
> it is not hard to imagine scenarios where CIA might want to weaken NSA
> capabilities in part via public embarrassment. and one involved in
> the plot could even go public with his statements about how damaging
> the leaks are. convenient!


In my defense, I was replying to "I'm getting the impression that all
the Snowden stuff that gets 'leaked' to the public has been somehow
approved by the US govt?"


On Wed, Dec 31, 2014 at 10:29 PM, Seth <[email protected]> wrote:
> On Tue, 30 Dec 2014 14:16:21 -0800, Jason Richards <[email protected]>
> wrote:
>> OK, I'll bite: why? What benefit does the US govt get from the
>> information leaked by Snowden?
> The way this question is worded frames the debate to an extent. To
> me, using the phrase 'the US Govt' implies a monolithic entity with
> coherent motives.
> It does not leave room for explanations involving fedgov internecine
> info-warfare for example.

Agreed, as per above.

>> So the US government seems to have said "we do things you don't
>> want us to, but if you use proven, open source crypto you're
>> reasonably secure." The only benefit I can see would be if they
>> could break that crypto and wanted people to have a false sense of
>> security by using that easily broken crypto.
>> My tinfoil hat isn't that thick. I don't buy it. So what are the
>> other benefits?
> Just throwing some ideas out:
> * Terrorize disenfranchised members of the population into the
> cyber-fetal position. Self-censor accordingly and don't get too
> uppity, submitizen!
> * Make it clear for any potential rivals to deep state power who
> 'didn't get the memo' that their every move is being watched,
> cataloged, recorded and stored in perpetuity.
> * Frame the debate. Never ask the fundamental question of whether
> the surveillance state should exist or not. Keep the discussion
> focused on 'how much' surveillance.

These do indeed seem like good outcomes for a totalitarian government.
It also unfortunately reinforces and brings about the predictions of
people like Orwell, Huxley and Zamyatin.

I still can't see that the cost is acceptable, unless:

> * Throw up a fog of dis-information consisting of yesterdays
> obsolete capabilities, which by themselves are enough to stun even
> the tinfoil hat brigade. Mobilize interesting targets into adopting
> defenses against the obsolete attacks, until they think they are
> safe and can let their hair down again. Immediately begin
> harvesting juicy new intel via unrevealed nextgen attacks.

This is my fear. They've outflanked us by making us think that there is
only one (or a small number of) effective solution(s). We just don't
know yet that it/they isn't/aren't secure.

> * Inflict political pain on rival agencies and political enemies

Again, I'd think that the cost of this one is too high, but I don't
know enough of the internal politics. It does seem to be a very high
price to pay.

I hope that your fourth point above is not correct.