http://techbeat.com/2013/11/microsof...ns-encryption/
The NSA. Spying. Surveillance. Edward Snowden.
We’ve been hearing about these left and right in the past year, and it seems that the issue is not going anywhere any time soon. In fact, major tech players have made their voices heard and are taking some steps to counter “alleged” NSA spying. About a month ago, we heard about Yahoo adding email encryption exactly due to that. Now, as we look at the end of 2013, Microsoft is also ramping up its security efforts.
According to a Washinton Post article, Microsoft has already had its own su ions about the NSA’s activities. Who wouldn’t, after all the talk? As they say, where there’s smoke, there’s fire. Anyhow, when the news came out that the NSA was gaining access to the networks of Google and Yahoo, Microsoft execs decided to do something about it.
There is no solid evidence that the NSA is actually doing something “against” Microsoft, but it is only understandable that the big boys will want to take steps. Just in case.
So what are they doing?
Microsoft is going to join the ranks of its contemporaries who are already beefing up their defenses against intrusions of this kind. The spying issue is much bigger than the tech companies, sure, and the government has to be one to put measures in place in terms of legislation, but at the end of the day, the onus to take care of their products lies on Microsoft et al.
Since we know that “data collection” by the NSA can be done at points outside of the private networks, this beefing up of security – encryption included – is something that should make privacy-focused individuals rest easier. Then again, we know that TAO (NSA’s elite hacking team) exists. Who’s to say they don’t just get around the encryption somehow?
What do you think of this whole brouhaha?
It's all PR.... these guys been in bed with the NSA since forever... heck, if they play cowboy, they get handed a NSL and they have to comply.
The problem with spying isn't going to be solved in the private sector, simply because it's a problem of laws. It's Congress that has to close the spigot.
Top-Secret Do ent Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit 'Radicalizers'
The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches, according to a top-secret NSA do ent. The do ent, provided by NSA whistleblower Edward Snowden, identifies six targets, all Muslims, as “exemplars” of how “personal vulnerabilities” can be learned through electronic surveillance, and then exploited to undermine a target's credibility, reputation and authority.
"Without discussing specific individuals, it should not be surprising that the US Government uses all of the lawful tools at our disposal to impede the efforts of valid terrorist targets who seek to harm the nation and radicalize others to violence,"
"It's important to remember that the NSA’s surveillance activities are anything but narrowly focused -- the agency is collecting massive amounts of sensitive information about virtually everyone,"
"Wherever you are, the NSA's databases store information about your political views, your medical history, your intimate relationships and your activities online," he added. "The NSA says this personal information won't be abused, but these do ents show that the NSA probably defines 'abuse' very narrowly."
the lessons of history ought to compel serious concern that a "president will ask the NSA to use the fruits of surveillance to discredit a political opponent, journalist or human rights activist."
"The NSA has used its power that way in the past and it would be naïve to think it couldn't use its power that way in the future,"
http://www.huffingtonpost.com/2013/1...n_4346128.html
NSA/CIA is unstoppable. There will never be enough votes in Congress to restrict them, AND then to enforce the restrictions.
And NSA/CIA will never allow themselves to be restricted because they will always cover them with the blanket of "we are defeding the country" (and warming our chairs, padding our pensions)
the incompetent Keystone Kops ignored the clues and hints from Russia about the Boston Marathon bombers.
Techies Vs. NSA: Encryption Arms Race Escalates
Encrypted email, secure instant messaging and other privacy services are booming in the wake of the National Security Agency's recently revealed surveillance programs. But the flood of new computer security services is of variable quality, and much of it, experts say, can bog down computers and isn't likely to keep out spies.
In the end, the new geek wars --between tech industry programmers on the one side and government spooks, fraudsters and hacktivists on the other-- may leave people's PCs and businesses' computer systems encrypted to the teeth but no better protected from hordes of savvy code crackers.
"Every time a situation like this erupts you're going to have a frenzy of snake oil sellers who are going to throw their products into the street," says Carson Sweet, CEO of San Francisco-based data storage security firm CloudPassage. "It's quite a quandary for the consumer."
Encryption isn't meant to keep hackers out, but when it's designed and implemented correctly, it alters the way messages look. Intruders who don't have a decryption key see only gobbledygook.
For those who want to take matters into their own hands, encryption software has been proliferating across the Internet since the Snowden revelations broke. Heml.is -- Swedish for "secret" -- is marketed as a secure messaging app for your phone. MailPile aims to combine a Gmail-like user friendly interface with a sometimes clunky technique known as public key encryption. Younited hopes to keep spies out of your cloud storage, and Pirate Browser aims to keep spies from seeing your search history. A host of other security-centered programs with names like Silent Circle, RedPhone, Threema, TextSecure, and Wickr all promise privacy.
Many of the people behind these programs are well known for pushing the boundaries of privacy and security online. Heml.is is being developed by Peter Sunde, co-founder of notorious file sharing website The Pirate Bay. Finland's F-Secure, home of Internet security expert Mikko Hypponen, is behind Younited. Dreadlocked hacker hero Moxie Marlin e is the brains behind RedPhone, while Phil Zimmerman, one of the biggest names in privacy, is trying to sell the world on Silent Circle. Even flamboyant file sharing kingpin Kim Dotcom is getting in on the secure messaging game with an encrypted email service.
http://talkingpointsmemo.com/idealab/techies-vs-nsa-encryption-arms-race-escalates
If you try to hide, you're obviously a suspect and surveillance target for CIA/NSA/FBI.
I remember the right-wingers here, when debating/supporting dubya/ headREPUG spying, FISA, etc, saying "if you have nothing to hide, then there's no problem", just off with your "reasonable expectation of privacy". Now that the surveillance is happening under the Dem pres, they're against it.
Snowden is a True American Hero
Last edited by boutons_deux; 12-01-2013 at 09:51 AM.
Hit the nail on the head. +1
"It's Congress that has to close the spigot."
won't happen.
If it does, then it will for pro-forma, for show, with no real enforcement, nudge-and-wink stuff, letting CIA/NSA/FBI continue to rape everybody's privacy "for national security".
HTF do you spy on the spooks?
We already saw Snowden expose Clapper lying to Congress about surveillance, and got off with an "error", rather than prison (lucky he wasn't baseball player lying about juicing).
I disagree, private sector can solve this - by lobbying. If Microsoft and like start losing serious money because of this, the problem will be fixed, otherwise it's an uphill battle. Only by putting surveillance "security" vs. something like for example functioning economy can we hope to regain some privacy.
another nail.....
The "fix" is changing the law and removing the powers granted to a secret court with no oversight that couldn't care less about "functioning economy" or who is losing money.
Microsoft knows this, that's why they spin the PR machine, so when manager X, completely unaware of the Patriot Act and it's abuses, asks what are they doing about "that thing I heard about Snowden/spying", they can drop this press release on him.
The only thing more abused that the "National Security" rug in the US is the "Protect the Children" rug... neither unfortunately is going away in the foreseeable future.
Even when there are laws, regs, frustrated FISA judges (all Repugs appointed by Chief Justice), NSA/CIA are unstoppable law breakers, renegades
Why FISA Court Judges Rule The Way They Do
But old rulings that have been released this winter demonstrate those judges were often frustrated with the NSA's lapses.
Still, Bates, like other members of the secret court almost always gave the agency a green light to do more despite the violations.
we're learning about how this court operates, that it really does see its job as getting to yes.
it doesn't look like the judges are trying to find the best interpretation of the law. It looks like they are trying to find an interpretation of the law that can plausibly sustain what the government has asked to do. And that's not the role of the court.
Judge John Bates called out the agency for continually collecting too much information, and misrepresenting its activities to the court for years. His recently released opinion said the NSA vacuumed up more information on American citizens than it was supposed to, then wrongfully shared the content of email messages with other people in the government who were not empowered to receive it.
Mukasey recently told an audience at the Federalist Society that reform proposals on the table - things like putting an adversary inside the court to argue against the government and limiting phone record collection - could undermine national security.
it's almost impossible to police such a secret organization.
Mess up in a mass surveillance world, you get a massive mistake. And those mistakes have led to collection of lots of information about Americans that's supposed to be off limits.
not convinced that surveillance this complicated can ever be controlled.
there is no way to make bulk collection and mass surveillance work in a democracy - period. That it is just incompatible with a democracy.
http://www.npr.org/2013/12/03/248320...he-way-they-do
Last edited by boutons_deux; 12-03-2013 at 02:48 PM.
http://www.zdnet.com/microsoft-us-go...at-7000024019/While Microsoft's recent move to encrypt user data made the most headlines, the reasoning underlying its new data protection strategies classify the US government in the same category as a cyber-criminal group.
Brad Smith, Microsoft's EVP of Legal and Corporate Affairs, labeled the American government as an "advanced persistent threat" in a December 4 post on The Official Microsoft Blog.
Saving the Net from the surveillance state: Glenn Greenwald speaks up
http://news.cnet.com/8301-13578_3-57...tag=CAD090e536
The house and senate intelligence committees have oversight. They see everything that goes through there. POTUS does too. If you have no faith in Obama, Feinstein and Rogers I certainly understand but it is what it is.
no, congress and the Exec DON'T see everything.
As I posted above, even FISA judges, who are probably closer to NSA than lege or exec, know NSA breaks even the very few rules.
And Clapper was exposed by Greenwald as outright feloniously lying to Congress, Congress being an object of contempt and ridicule by the NSA/CIA's "A Few Good Men" manning the ramparts and defending America by raping it.
Last edited by boutons_deux; 12-09-2013 at 07:08 AM.
Have to love people that behave with certainty regarding topics where there is none.
Now I want you to think real hard: who leaked the judge's 'frustration' to NPR? How can that apply to the discussion at hand?
I don't really buy that. I don't think they have the capacity of understanding neither the technology nor the scope. Heck, even the (secret) court appointed to oversee and authorize these procedures has protested about being misled (if not outright lied to) about these programs and their use. To me, the word oversight means somebody looking over your shoulder and verifying what you're doing. The whole "agency reports/requests authorization" methodology is simply flawed.
Spies’ Dragnet Reaches a Playing Field of Elves and Trolls
Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe, according to newly disclosed classified do ents.
Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the do ents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels.
The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players, according to the do ents, disclosed by the former National Security Agency contractor Edward J. Snowden. Because militants often rely on features common to video games — fake iden ies, voice and text chats, a way to conduct financial transactions — American and British intelligence agencies worried that they might be operating there, according to the papers.
Online games might seem innocuous, a top-secret 2008 N.S.A. do ent warned, but they had the potential to be a “target-rich communication network” allowing intelligence suspects “a way to hide in plain sight.” Virtual games “are an opportunity!” another 2008 N.S.A. do ent declared.
But for all their enthusiasm — so many C.I.A., F.B.I. and Pentagon spies were hunting around in Second Life, the do ent noted, that a “deconfliction” group was needed to avoid collisions — the intelligence agencies may have inflated the threat.
No threat too silly to escapt inflation and to keep sucking down the taxpayers' $100Bs
http://mobile.nytimes.com/2013/12/10...?from=homepage
But when the Russians tell the CIA/NSA the Boston Marathon bombers were a threat, duh, CIA/NSA ignored it.
The NSA Would Really Appreciate a Visit From President Obama
We don't know what the National Security Agency's office atmosphere was like back before Edward Snowden was a household name, but it seems safe to say it was better then than it is now. The Washington Post reports thatmorale at the organization's Fort Meade headquarters "has taken a hit" as the world has been inundated with seemingly endless spying revelations."The news — the Snowden disclosures — it questions the integrity of the NSA workforce," said one anonymous former official. "It's become very public and very personal. Literally, neighbors are asking people, 'Why are you spying on Grandma?' And we aren’t. People are feeling bad, beaten down." And you know what would cheer them up? A little face time with President Obama.
Though top Obama aides, including Chief of Staff Denis McDonough, have stopped by recently "to express the president’s support and appreciation for all that NSA does to keep us safe," NSA workers are said to be "dismayed" that he has not gone up to Maryland himself. Former NSA Inspector General Joel Brenner fondly recalled the 2006 visit George W. Bush made to the agency in the wake of the New York Times' reports on its warrantless post–September 11 surveillance. "There’s been nothing like that from this White House," Brenner complained.
According to the Post, Obama might be more likely to show his affection for the NSA in person once "internal and external reviews" of its methods have been completed. In the meantime, employees will just have to make do with whatever messages of approval they can find on his cell phone.
http://nymag.com/daily/intelligencer...rom-obama.html
NSA uses Google cookies to pinpoint targets for hacking
The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance.
The agency's internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations.
For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them.
The revelation that the NSA is piggybacking on these commercial technologies could shift that debate, handing privacy advocates a new argument for reining in commercial surveillance.
http://www.washingtonpost.com/blogs/...cking/?hpid=z1
How to tell if a website isn't spying on you......the government shuts it down
http://www.itsecurityguru.org/node/4780
CertiVox confirms it withdrew PrivateSky after GCHQ issued warrant
CertiVox has admitted that it chose to take its secure email encryption service PrivateSky offline after a warrant was issued by a division of GCHQ.
CEO Brian Spector told IT Security Guru that despite having "tens of thousands of heavily active users", it was served with an ultimatum from the National Technical Assistance Centre (NTAC), a division of GCHQ and a liaison with the Home Office, who were seeking the keys to decrypt the customer data.
He said that this was at the end of 2012, ahead of the same action by Lavabit and Silent Circle and it was before Snowden happened. “So they had persons of interest they wanted to track and came with this signed by the Home Secretary. You have to comply or you go to jail,” he said.
"It is the same in the USA with FISMA, and it is essentially a national security warrant. So in late 2012 we had the choice to make - either architect the world's most secure encryption system on the planet, so secure that CertiVox cannot see your data, or spend £500,000 building a backdoor into the system to mainline data to GCHQ so they can mainline it over to the NSA.”
Spector said that complying with the warrant would have been a "catastrophic invasion of privacy" of its users, so instead it chose to withdraw the product from public use and run it internally. "Whether or not you agree or disagree with the UK and US government, this is how it is and you have to comply with it," he said.
However some of the technology has been implemented into its M-Pin authentication options, where rather than hold the data, it is split in two so CertiVox has one half and the user has the other, and law enforcement would need both to access the data.
“So as far as I know we are the first to do that so if the NSA or GCHQ says 'hand it over' we can comply as they cannot do anything with it until they have the other half, where the customer has control of it,” he said.
^ good find thanks!
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
