Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Sperm Consumption in the Southern Bottletail Squid |
| Project C-43: A Final Piece of Public-Key Cryptography History »
June 17, 2013
Blowback from the NSA Surveillance
There's one piece of blowback that isn't being discussed -- aside from the fact that Snowden has killed the chances of any liberal arts major getting a DoD job for at least a decade -- and that's how the massive NSA surveillance of the Internet affects the US's role in Internet governance.
Ron Deibert makes this point:
But there are unintended consequences of the NSA scandal that will undermine U.S. foreign policy interests -- in particular, the "Internet Freedom" agenda espoused by the U.S. State Department and its allies.
The revelations that have emerged will undoubtedly trigger a reaction abroad as policymakers and ordinary users realize the huge disadvantages of their dependence on U.S.-controlled networks in social media, cloud computing, and telecommunications, and of the formidable resources that are deployed by U.S. national security agencies to mine and monitor those networks.
Writing about the new Internet nationalism, I talked about the ITU meeting in Dubai last fall, and the attempt of some countries to wrest control of the Internet from the US. That movement just got a huge PR boost. Now, when countries like Russia and Iran say the US is simply too untrustworthy to manage the Internet, no one will be able to argue.
We can't fight for Internet freedom around the world, then turn around and destroy it back home. Even if we don't see the contradiction, the rest of the world does.
Posted on June 17, 2013 at 6:13 AM
• 71 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Indeed. I've been reading articles and listening to podcasts about this issue, and every American columnist and podcaster seems nonchalant about the NSA gathering "foreign" data with not even a cursory oversight. As a non-American, it just rubs me the wrong way, how no one seems to care about US spying on everyone else. But when the US spies on its own citizens, then we have a scandal.
We may not be Americans, but we are also users of US cloud companies and we have a direct impact on their bottom line. If they won't stand up for us, maybe we should look elsewhere for our cloud needs.
Another "blowback" item I was considering -- if it is true (there seem to be sharply contradictory opinions on this) that thousands of analysts can gain access to actual emails and phone calls -- can we be certain this information hasn't been used for insider trading?
The EU was already wary of the US government's access to data in the cloud, and not without reason it now seems. Every single US company, even those not implicated in PRISM, doing business in the EU will from now on be faced with a simple question: what assurances do we have that our data is safe and secure even from the US government?
I expect more cloud providers to open datacenters in the EU and other territories, simply because not doing so will lose them big customers like government agencies and educational institutions.
The US has shot itself in the foot bigtime here, even if its own public doesn't care.
I once owned your book, "Applied Cryptography". My question is, what good is encryption if they see the handshake and the keys?
The world sees *many* contradictions about the US, that most here do not ...
@Todd, you have just described the problem that asymmetry encryption solves (RSA, DH).
I shudder to think of what Internet Governance would be like in the hands of a nanny state or censorship state. I'd think this likely to result in Internet governance being decentralized, unless there is another player who is universally viewed as trustworthy enough.
Yeah, I was realizing these ramifications over this weekend when reading about Saudi Arabia banning some encrypted chat clients, especially that Skype was on the list...
Really, however people wish to debate these measures, or ponder the *real reasons* the US entered into them, contrasted against the light of the behavior, the operation, of cults and totalitarian nations there is no argument: these sorts of measures are designed to curtail free speech, press, and belief.
Further international ramifications are extraordinary and considerable.
Some would blame Snowden for this, as though he set up these extensive surveillance and communicational control systems. They are clearly not thinking, nor standing up to the right morals.
They are betraying the ideals of this nation: and the entire world sees this.
I read some of the Chinese press and blogging on this incident. Snowden is hailed as heroic, not on his own terms, but on the terms that he is evidence of what they admire about this country.
Someone who stands against the wrongs of the powerful, even if that means standing down a tank.
Like Dan said, every time an American politician speaks about this they all emphasize how it's OK because they're only gathering data on "foreigners". I'm a foreigner (British) and your democratically elected politicians keep expressing their utter indifference to my rights. That doesn't make me happy. It certainly doesn't make me inclined to go and give more information to facebook and google and whoever.
Also noted by the NSA will be the EFF stickers the guy had on his laptop. I'm guessing that future interviews for security clearances will circle around the question "what do you think of wikileaks"?
@Bilal - It all depends on how broad a definition of "the National Interest" the US government uses.
I seem to (vaguely) recall stories about US government agencies supporting US multinationals trying to win international contracts - I.e. public espionage capabilities being deployed in the service of the private sector. (I cannot remember the references -- so these may just be unsubstantiated rumours).
Anyway, I am definitely aware of former security services personnel providing consulting services to the financial sector. As a result, I find it perfectly conceivable that NSA resources are being used either by hedge funds or institutional investors - although, of course, that would constitute insider trading, so whoever is doing it would be careful to tread lightly. For example, if insider information were used to avoid making bad trades, rather than to plan good ones, it would be rather difficult to spot.
Not long ago, the American ambassador to Australia wrote this piece:
"By their nature, cloud services are not bound by borders. A cloud service provider located in Sydney or Silicon Valley has direct, immediate access to more than 1 billion broadband consumers in any part of the globe."
"The biggest obstacle to this bright future is fear that fuels a growing ''cloud protectionism''.
"Like people who once thought keeping their money hidden under the mattress was better than having it in a bank, some voices across the region, and even in Australia, have called for limiting the flow of data across borders, and requiring firms to install local data centres in each market to ensure local ''control''. This ''beggar thy neighbour'' protectionism would be just as self-defeating in the digital economy as in every other sector. In Australia, such restrictions would undermine the economic benefits the NBN [National Broadband Network -A] would deliver by cutting off access to the highest quality, lowest price and most secure cloud services for businesses, government and consumers. While some local providers may get a windfall, everyone else would lose out."
I trust that the irony isn't lost.
Just as likely, you'll see various parties deliberately using US telecom/internet services in the pursuit of seeding misinformation.
Wouldn't surprise me to find this has happened already. I've been saying for a long time that our military jumped on "cyber" too eagerly, and went to excessive lengths to make it "muscular" and "sexy".
How much time before the first "cloud in space" service?
Put some satellites there with good storage capacity, even with the shitty lag you can use it to store things.
Noob remark here: My understanding is that what many object to is government CENSORING of the internet and not the government reading what is there.
Of course there are privacy issues for e-mail and the like, but really, how much privacy do we really expect when we use things like g-mail? I can see the ads tailored toward what I talk about and search for, etc.
As a Brit I don't like the idea of the Americans spy on us "foreigners", particularly as we are close allies. But it is done with the connivance of the British government though GCHQ. The UK doesn't seem much of an independent state, torn between the US & the EU.
What about other dualisms of thinking:
1. Terrorism executed by the US: killing children and teenager with flying killer machines. (note the newspeak "drones", a male bee without a sting is definately newspeak for a flying killer robot)
2. Or the concept of secret laws/interpretations appear from the outside of the US like as far away from Democracy as it gets.
3. Bringing down democratically elected Governments all over the world is nothing unheard of: http://en.wikipedia.org/wiki/...
Actually little of the wars for democracy are outside the US believed to be no more than wars for ressources.
How many of these are perceived in inside the US as normal? Or rather as acceptable? I wonder, as from outside the US this all appears to be outrageous.
@Todd, @Ben: E-Mail encryption even with public key encryption doesn't help when the most crucial information is just "who talks to whom, how often?"
I'd imagine it depends how good your opsec is. Just knowing who talks to whom and how often isn't *everything*, but it provides an extraordinary amount of information when other info on any of the parties is gleaned through other intelligence mechanisms.
...and US politicians see no big deal about the NSA spying on US citizens..
..just as long as THEIR calls/texts are not the ones leaked to the public. Because it would be totally TOTALLY unconstitutional to capture call info from their cellphones to high-price prostitutes and lobbyists.
One of the othe other consequences is the international assumption of how everyday American citizens feel about issues like this. We ARE protesting in the streets, we ARE angry that they are spying abroad, killing abroad, and arresting people world wide on trumped up charges including here back home. Trust me, we are angry. And we are getting our asses handed to us by our own militerized police. It is getting scary. And while we fight as best we can to set things right at home we Americans appreciate support world wide for resolving these issues. We would appreciate it if foreign countries would stop asking for aid, blood money not to kill each other, military support. We can hardly care for our own people. We are tired of our children dying in foreign wars. We need our young brave people home helping us to restore our Nation as a land of freedom and opportunity. We want to be the good guys again. And that is not going to happen unless the world allows us to.
The events and discovery of NSA activity is just the tip of the iceberg, DoD is hoovering the communiques, data, and business records of U.S. citizens as its primary function. Statements from our friendly data whores indicated that law enforcement (not the dozen terror attacks thwarted) actions are being taken (robber, theft, missing persons) and that speaks for itself.
But, and I am sounding like a broken record here, the NSA component is only a piece of a bigger puzzle...don't force me to draw a picture.
@Dan, @Rowan: My thoughts on the matter entirely.
@Harold: I suspect this will have very little impact at the operational level for 90% of UK/EU organisations and Individuals. Just look at the lack of knowledge and interest most SMEs and individuals have in basic Data Security/Data Protection issues. Look at how willing the EU is to openly hand over passenger flight data.
Wait a minute, I thought the Internet interpreted tyranny as damage and routed around it. You mean all those "cyber-libertarians" were just full of it?
As a Blowback from the NSA Surveillance (not the current news) is that Spam filtering and / spam-bot takedowns should have improved /increased?
why, beause they generate so much traffic on the internet (email, page views, blog comments) that the noise they create (in addition to normal, boring stuff) the signal must be so swamped it's no wonder they cant process information to use it to predict incidence......
The obvious solution is to fix the noise - but we don't seem to have much of reduction in our inboxes / blogs / social media?
or is googles spam filter good because ......?
"We may not be Americans, but we are also users of US cloud companies and we have a direct impact on their bottom line. If they won't stand up for us, maybe we should look elsewhere for our cloud needs."
That's not a choice, it's a necessity. If your company uses the cloud for their mail or even office 365 you're susceptible to NSA snooping. History has taught that the NSA isn't afraid of assisting corporate espionage to give an advantage to US companies.
Most cloud providers already have datacenters in Europe, for performance reasons. But that doesn't affect the point you're making. The patriot act affects all companies doing business in the US, not only the datacenters located in the US.
Yes, if you are a cloud provider with a datacenter in Europe while doing business in the US, you are legally obligated to comply with information/data requests by the Patriot act. Also the NSLs the FBI is so fond of. Yes, if you don't comply they cannot come to your datacenter and take it, but you can be sure your US business comes to an end and face federal charges.
The only alternative is to have an European-based partner company which owns & manages those European datacenters using licenses for your cloud infrastructure software. I'm not even sure if using a subsidiary is enough to circumvent the legal issue.
If you need to create partner companies to ensure data security, there is something awfully wrong with US legislation.
Here in Germany we already see the consequences of the NSA surveillance scandal: Our minister of the interior is calling for more extensive surveillance of the Internet!
There are different audiences here. The first is the American public who the NSA does not have the American legal authority to spy on as a national spy agency. When statements are made around this, it's in the context of it being legal or illegal in America. If the NSA is skirting US law via the one week free pass then US citizens "outrage" is in relation to a democratic government unknowingly paying for an autocratic spy system.
The NSA (and its listening partners in the UK) do a very good job at their job. Their job is in spying for the welfare of the US (and UK). Other countries have spies that do the same and would love to do the same at the same scale. China is, has been, and will continue to be in that zone. Russia and Iran would love to be.
US companies (mentioned in that sad PPT deck) continue to claim ignorance and independence. It is and never could be a good business practice to funnel data to the government. Thanks to the EFF, we know that a decade ago the telcos had some data sharing arrangement. Those telcos had previously existed as government orgs and are close to monopolies. The cloud vendors in the PPT are a bit farther away from that and used much more "optionally". They have consistently stated they do not have back doors for the US government. From a technological standpoint, I tend to believe they do could not share all their data. I believe, but add salt to statements that they only comply with legally mandated FISA requests. It is entirely possible that they may respond to FISA requests in some automatic fashion while those FISA requests are not fully-fledged FISA requests and disappear after a week. The government quotes a relatively small number of them issued per year. I have to wonder if the number responded to by Facebook and the like exceed that number by a few factors of ten.
I think a root cause is just human nature, that few ever have problems with power in their own hands, but most have problems with power in the hands of others.
That's also one of the reasons politicians of any persuasion will campaign against the incumbent, yet not change it when they are at the desk. It's like someone who doesn't want their neighbor owning a gun, but do not want to part with the power their own gun provides.
It would be revealing if any single country with a shred of international respect received the amount of scrutiny the US gets.
As bad as the US is, it's still one of the best in terms of lack of Internet control. For comparison, here are the permanent members of the UN Security Council:
Among these 5, the USA interferes the least, and is generally limited to closing botnets and P2P filesharing.
Citizens from governments other than the US would be well served to keep in mind that the US is not the fountainhead of spying. Their own governments as well as many other governments world-wide are likely (even known) to be engaging in their own programs - just as likely to target "foreign" and domestic targets. The NSA has been successfully navigating around culture and laws that would otherwise prevent what they have been doing. That is the scandal. Consider governments who do not have even those roadblocks. Save your ire for the US and consider the environment we are in and the risks that represents.
Sounds like this was the plan from the beginning. Obama and his statists are no more interested in internet freedom than is China or Russia.
Doesn't matter what cloud storage you use so long as everything is encrypted and uploaded through jondonym/tor/i2p. If not at least Iceland passed whistleblower and actual free speech laws, they aren't a part of the EU so no data retention laws, and they kicked out the FBI when they went looking for wikileaks servers.
Plus most Iceland hosts are using renewable energy.. so I guess it would be my #1 choice for secure storage safe from spying, but I would Skein or AES 256 encrypt all data regardless
The first judgement against an Eu company/public body for using a US internet/email/cloud service - knowing that the data is being spied upon - will finish cloud computing as a business.
@ Paul Johnston
Well done for completely missing the point of Bruce's post.
Bruce, leave them poor liberal arts majors alone :-)
Opportunities: If I was from a micronation, say Malta or Vatican City, I would definitely consider investing in network infrastructure and opening a large server farm...
David Cameron is trying to filter/censor all internet access in the UK at the isp level with highly censored DNS and basically a huge version of Net Nanny. So I guess +1 for US and A.
Guardian also leaked dox yesterday on the amount of spying that went down during the last economic conference there though the bulk of it was NSA shenanigans like installing keyloggers in all internet cafes and breaking into blackberries of delegates
Foreign countries think that they can avoid being subject to NSA surveillance? Naive. The news just talks about what the general public is becoming aware of; the capabilities of the NSA are far greater. With Russia, China, Iran and others, do they really think that the NSA is focused only on Americans?
@nobody: you seem to underestimate this. Who talked to whom is not only relevant for criminal cases. It can reveal a lot of normal people too. Not only E-Mail, but also phone contacts.
If you call a specialized doctor, or a mechanic, contact a religious institution, and so on and so on. This reveals a lot even without knowing the content.
Or the other way round: find out who had contact to the investigative reporter, who revealed something about the NSA... Snowden knew he could not stay anonymous!
@Arkh - Amateur radio operators have just such a system in space already. Granted, not with VMs with GBs of storage space, but still, a proof of concept already exists. Google for "amateur radio satellite packet radio".
Once again, ham radio has the commercial industry beat by several decades, but we'll never get a lick of credit.
And the today there are a lot of streaming services in the US. For TV or radio they couldn't check what you watch or listen to. With internet streaming they know exactly.
So, if you like to watch political shows or listen to political or even religious music, they're for sure most interested in it...
Big Brother is watching.
And don't forget: they know, what kind of pr0n you like. ;-)
re: Bilal Mujahid • June 17, 2013 6:33 AM
Another "blowback" item I was considering -- if it is true (there seem to be sharply contradictory opinions on this) that thousands of analysts can gain access to actual emails and phone calls -- can we be certain this information hasn't been used for insider trading?
Answer: That is , without a doubt, the least significant aspect to this story, imo.
It's always been a sham, @Craig. I've been saying this for a decade but nobody will believe me. No routing protocol on the face of the planet, be it as trivially simple as RIP or as deeply automated as OSPF, can route around disruptions in the network in a completely autonomous way without the equivalent of a mesh network having already been put in place. And as long as you hear network engineers talking about trunks and backbones while carrying around pagers (or smartphones used as pagers), we will never have a mesh network, and the Internet will forever be beholden to humans manually configuring routers in times of duress.
Thus, its ability to route around damage is, ultimately, dictated by the human will to support that illusion.
@Christian Ortolf - isn;t it interesting hwo all those things yuoui mention are exactly what the US used to and still does complain about it cold war era enemies? ...interesting role reversal, isn;t it...
@akf - that was my point.
My eu supplier/tax authority/health service has to abide by the data protection act. They used Office365 after it was revealed that this involved passing on data to everyone+dog without a warrant.
The court ruling says that by using Office365 they were negligent/deliberately breaking the data protection legislation and the case law then says you can't use Office365 for customer information, repeat for gmail, AWS, Azure etc.
So someone on the Guardian website asked Snowden the $1,000,000 dollar question that I am sure all of us here wonder about. Namely, he was asked how well can standard public encryption protect against NSA snooping?
"Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. "
He did not elaborate on the "ways around it." I assume he is talking about the same general techniques that Bruce has mentioned numerous times -- things like side-channels, weak passwords, buggy software, keyloggers, viruses, 0-day exploits, etc.
So, it looks like AES and probably RSA are safe given sufficient key lengths and well-written implementations. However, if you are on their radar, they will probably be able to eventually find a "side-channel" to get at your plaintext regardless.
Also, it is apt to point out here that Snowden used OTR and PGP to communicate with the Guardian. He even sent them a video showing them how to set it up properly.
Perhaps he is not aware of what the "crypto guys" at NSA can do (after all a lot of stuff there is likely compartmentalized), but he at least feels confident enough to use standard public methods of encryption.
While I can certainly agree that this revelation has put the United States in an uneasy position regarding it's practices of spying on other state entities, I fail to see how that can be extrapolated to the point that the United States is not the best choice of countries in regard to protecting the openness of the internet. They may spy on individuals and governments but, unlike other countries like China and Iran to name but two, they do not keep citizens from communicating through this media.
When discussing potential blowbacks from the NSA Surveillance story, most people outside this blog (and similar circles) seems to be unaware of that the argument "don't worry, we only spy on foreigners" is complete BS.
Under the ECHELON programme, it was standard practice for each participating government to let another ECHELON partner spy on their political opposition. Then each agency just said the same thing: "don't worry, we only spy on foreigners", while another agency did their dirty work for them.
Today, exchange the name ECHELON for Stellar Wind or whatever, it is SSDD - "same shit, different day." If we pass new laws, and manages to enforce them, that prohibits domestic information gathering - then NSA could say "no problem" and let some other participating agency continue their work.
This is a world wide problem, it isn't just NSA. Every nation wiretaps everybody else, or wants to do it. And ordinary citizens is NOT protected by these systems from scammers, spammers and identity thieves - who would be trivial to catch using dictionary type systems.
Bruce is quoted at the end of this article saying:
He said it doesn't matter what the government and the companies say, either. It's spycraft, after all.
"Everyone is playing word games," he said. "No one is telling the truth."
That sums things up more eloquently than I can.
And what is the use of metadata?
One use is social network analysis and creating sociograms.
I appreciate the work you are doing to keep trolls, spammers and agent provocateurs off this blog.
But, I use Tor and I often get "Comment Blocked" when posting comments. None of the three reasons specified applies, because when I choose to "Use a New Identity" in tor and post the same comment from another tor-node it is accepted.
If this site discriminates against specific IP's, then you could set a time limit on the comment blocking feature and get info from https://torstatus.info/ to find out if the offending IP is a tor exit-node (which normally generates lots of traffic from many different tor-users).
If there is something else going on, I would like to know about it.
While there may be something on your larger point, picking up China and Iran as examples weakens it a lot.
Being more open/free then China and Iran is not much achievement. It is just not being among worst. It is like saying that city is safe enough, cause it is not in top 5 cities by murder rate.
Maybe you mean "humanities major"? Because science is one of the liberal arts! --Signed, a member of Phi Beta Kappa
Some thoughts I've recently had about this:
Look at it this way: How much of your privacy would you trade if the government promised to protect you from tornadoes?
Because the way I see it, that's only slightly less than how much they will ultimately be able to do to protect you from terrorists. The terrorists will always come up with a new way to terrorize, meanwhile the government is still protecting us against that last method.
Our response to terrorism should be similar to our response to tornadoes. Both events can have horrible consequences, cause great loss of life and property, and both are dealt with at a federal level (at least as far as the National Weather Service is concerned, along with the National Tornado center in Norman, OK).
Since we cannot control tornadoes we do the best we can to watch for contributing weather, put out warnings, respond to sightings, and engage in disaster relief and recovery.
The last point is I think the most important. Having a first responder plan for any disaster is the most important. It applies to any disaster and says to the terrorists, we will not be terrorized.
As far as looking for signs to thwart terrorists, the best info has always come from human intelligence, not connecting dots with telephones and emails, because the terrorists know not to use those methods any more.
The "obvious" dots that could have been connected using electronic intelligence always appear to have been missed when terrorists attack.
The greatest danger of this "information gathering" is that it will be abused by those in power against their own people. If the capability is there it will be abused. It always is.
Some other commenters and myself already touched on the issue in Bruce's Friday 7th Squid post
I quote from one of my comments:
... It may however be an entirely different story on the other side of the Atlantic. USG intelligence and surveillance initiatives may very well - and at least in part - be the reason for the increased lobbying by US corporations against the Draft European Data Protection Regulation. If this is being picked up by the European Commission, it is not impossible that the tech companies involved in PRISM (Microsoft, Google, Facebook etc.) as well as other US-based cloud providers (Amazon, Rackspace) are facing a world of pain if they were to lose their self-certified "Safe Harbour" status under the EU Data Protection Directive. This would hurt them immensely.
So far, several MEP's like former Belgian prime minister Guy Verhofstadt, Dutch Marietje Schaake and leader of the socialist parliament group Hannes Swoboda have spoken in very strong terms against Prism, with Verhofstadt even calling it close to Big Brother. Similar voices have been heared from high-ranking German officials such as Peter Schaar, the German data protection and freedom of information commissioner, and German Justice Minister Sabine Leutheusser-Schnarrenberger.
But contrary to the Chinese government - ironically - asking for explanations, at the European governments and EU Commission level the silence has been pretty much deafening with as main exception Vice-President and EC justice commissioner Viviane Reding (UK). In a somewhat unexpected turn of events, Reding after a meeting of US and EU justice and law enforcement officials in Dublin, last Friday announced that "she was satisfied that US collection of metadata via the Verizon mobile phone network was mainly an American question".
Although there will undoubtedly be some classified briefing(s) on the recent NSA surveillance revelations between top EU and US officials at this weeks Dublin G8 trade agreement talks, these rather soft reactions lead me to believe that most, if not all EU member state governments as well as the EC at least partially knew about it. Meanwhile, we've learned that the UK had access to Prism through GCHQ, and unconfirmed sources claim Dutch intelligence services were in on it too.
Anyhow, the Snowden leak for the US couldn't have come at a worse time. Both USG and US based companies have been lobbying extensively to water down the Draft European Data Protection Regulation, final version of and vote on which is expected somewhere in September. Snowden may just have tipped the balance with many undecided MEP's now understanding why exactly they where doing so.
But that's of course only (the current state of) the political side of the story. Many countries in Europe, and especially Germany with its nazi and stasi past, consider privacy a basic human right, whereas in the US it's more considered a civil liberty. They may quietly play along with the USG, but still pursue a second agenda pertaining to US businesses. Norway and Germany had already previously banned Google Apps from the public sector over privacy concerns, and despite being a loyal US lapdog, Sweden has recently done the same.
Although it is unlikely that European corporations and users will now be dropping US cloud service providers "en masse", many public sectors in EU member states may gradually consider going the same way, looking for a "Not subject to US law"-trademark and trying to get a better grip on the physical infrastructure at the same time. France can use it to push some of its own state-sponsored cloud services, and Germany already has several companies operating under a "Cloud Services: Made in Germany"-label. It is inevitable that private companies concerned with the same issues and the veil of secrecy, doublespeak and inclarity surrounding them sooner or later will start exploring non-US alternatives too, irrespective of their own government/secret services spying on them. After all, most will prefer domestic spying over foreign spying anytime. I have no doubt this will play out exactly the same in APAC.
The USG may eventually get away with NSA mass surveillance programs both domestic and abroad, but US based companies voluntarily or against their will participating in them may be in for a somewhat bumpy ride in the aftermath of these events.
As I've repeatedly said in the past you need to understand the UK "special relationship" with the US.
Towards the end of WWII various people in the various British M.I.'s (like MI6) realised that British political power in the world was on the decline due to Britain having bankrupted it's self fighting the war and nolonger had the reserves to build it's self back up. Worse they also knew through "lend lease" the cost of fighting alone would be extracted multiple times over by America (and was untill Maggie Thatcher finaly got rid of it).
The problem was simple Britain had a large hungry population and limited land mass also it's industry had had the guts knocked out of it and had few natural resources of it's own left. Contrast this with America that whilst having a large population had plenty of land resources and raw resources and had built up it's industrial base compleatly unhampered by the strife of war.
Physicaly the British had nothing the Americans everything. What the British did have that the Americans did not (for various reasons) was a good and very experianced inteligence operation (which was one reason the NSA and various other secret US agencies came into being in an attempt to do much like the DHS is now supposed to do but still does not).
The people in the M.I.'s realised this was the only "trump card" the British had. Thus they formulated an idea to retain British influance by trading intel.
At the heart of this was the BRitish-US Agrement (BRUSA) which formed an inteligence sharing collective that quickly became an "above elected government" arangment, with it's own heirachy and rules. It quickly got other WASP nation members and became known as the UKUSA agrement. Some of these new members discovered that they were in effect tier 2 or later tier 3 members.
Most of the "technical" side was US based and organisation and liason UK based. The elected politicos were seen as dangerous loose cannon and were kept as much as possible in ignorance of what was going on.
One aspect used against politicos almost from day one was the old "if you know what I know but cannt tell you" hook to lure some of them in and tie them up in "pacts with the devil" agrements in return for "nodding head" oversight. Part of this was and still is the dirty little game of spying on political opponents (we know that the UK's Jack Straw MP was one recipient of such intel for Harold Wilson PM at the time of the Libral Party scandle). Such cheap baubles and "word on the quiet" investment advice to trusties etc ensured that no questions of importance ever got asked by oversight commities in various countries. Further the "our friends abroad" tactic was and still is a method used to manipulate elected politicians with surveillance tit-bits that might or might not have been true but had the desired effect of removing potential "rocks in the road" types from commities where they might make the intel organisations lives more difficult.
In fact when it came to tier2 and tier3 countries such as AUS-NZ the politicos discovered that US staff on attatchment were calling the shots over the elected officials heads.
As such it's embarising for politico's to admit they are impotent over their own intel organisations and have no idea as to who exactly is calling the shots and why and in return for not asking and paying through the nose they get a few crumbs off of the table that whilst of immense value to individual politicos are not realy of any worth when it comes to National Security in it's many forms.
Hopefully what the re-boiling of these issues will do is cause citizens to start asking which end of the body of government the elected politicians are actualy at, the head with teeth chewing rapidly through resources, or the bottom which makes and unpleasent mess others have to clean up and where the tail wags aimlessly to please the onlookers.
I suspect many readers will figure their elected politicos of recent times, by the public stink of their behaviour are definatly not at the end where the brains are...
There is a bigger danger when the usa spies than when china does. China is not run by predatory corporations bent on locking up more in prison, making them fatter and addicted to porn, violence, superstitious beliefs, cigarettes, alcohol and so on. China is getting freer and usa is getting more evil by the minute. just 1 example - Everyone knows the drug war has failed but they don't care because its profitable, and justifies a police state. Conclusion? China is run by heavy handed but well meaning parents, USA is run by predatory corporations (who hate many of its citizens and see them as prey), and therefore surveillance and lying cannot be tolerated, I would rather live in China. Soon there will be more defections.
*Blowback from the NSA surveillance*
--Sneaky engineers (and yes Hams) continue to slave over new means of communication and linguists develop languages no one else knows.
Others help by pushing so much "water" thru the hose that it begins to break the hose and analyst's eyes get pushed out of sockets from the pressure.
It could simply be a unique form of Morse code; the sky's the limit people.
As a developer who has mostly rejected cloud computing for security reasons this whole NSA scandal leaves me feeling incredibly vindicated.
@Samuel A. Falvo II Thanks for directing me to this OSCAR thingy. This look like awesome projects.
Contrary to what most people think the leading edge on space development is not done by big country super-powers.
This is because payloads not delivery systems is where it's at and most of the world leading research in that area is done in European countries these days.
Oddly in the case of the UK it's because of OSCAR and other similar amature radio space projects.
A case in point is the UK's Guildford University and the offshoots in the adjoining Surrey Science parks. Similarly Licester with it's universities and the National Space Museum.
Surrey University got going in the space race because of it's amature radio group and the Uni saying yes to having a stripped down WWII destroyer Boffors Gun Mount put on the roof to act as a directional antenna base. It became the UK AmSat home and encoraged many students to get involved with the development of electronics not just for Amature Radio Sats but also for leading edge astronomical missions as well, which also gave rise to a lot of civilian work.
Technology has got to the point now where micro and nano sats are being developed around smartphone systems, with ion jet rocket motors for low thrust manovering in orbit for station keeping etc.
Surprisingly an ion jet rocket motor can be made with relativly simple tools in a home workshop. All you realy need is a sacrificial electrode made of a high density but soft metal and a series of accellarator electrodes. In effect it's just like the electron gun in an old Cathode Ray Tube, except for the fact you are producing heavy ions at the cathod not electrons... Ionisation of course can be fairly easily done with an electric arc or other electricaly powered welding technology. The advantage of ion motors is firstly they only require electricity and very small quantities of heavy metal element fuels and they work well in the vacuum of space providing low G but constant acceleration as long as the solar cells see the sun.
It's an interesting time in Europe for space development and it's likely to continue for the foreseable future.
Update on EU reaction to Prism:
The office of Peter Hustinx, European Data Protection Supervisor, released a statement containing unusually strong language yesterday.
"Cyber security is not an excuse for the unlimited monitoring and analysis of the personal information of individuals, said the European Data Protection Supervisor (EDPS) today following the publication of his opinion on the EU's strategy on cybersecurity. While there is a welcome acknowledgement of the importance of data protection principles for a robust cybersecurity policy, the strategy is not clear on how these principles will be applied in practice to reinforce the security of individuals, industry, governments and other organisations."
"There is no security without privacy. So I am delighted that the EU strategy recognises that it is not a case of privacy versus cybersecurity but rather privacy and data protection are guiding principles for it. However, the ambitions of the strategy are not reflected in how it will be implemented. We acknowledge that cyber security issues have to be addressed at an international level through international standards and cooperation. Nevertheless, if the EU wants to cooperate with other countries, including the USA, on cyber security, it must necessarily be on the basis of mutual trust and respect for fundamental rights, a foundation which currently appears compromised."
The full press release (in .pdf) can be found here. As I previously said, damage control teams from both USG and US based companies are going to have to put in some serious overtime and additional budgets.
How are we going to stop Terrorists if we presume that Terrorists were too ignorant to realize that the NSA programs that are now being described were occurring? or is it, Just how ignorant have we as US citizens chosen to be in not realizing that these programs existed, and are probably much more intrusive than what is being described now. Do we believe that the government would not continue to lie to us?
Consider the "Backup Assistant" program which Verizon mandates we have on many low cost, the "month the month" phones. That is, Verizon, a company not known for acting in their customers best interest, unless Verizon is getting paid extra, requires that we have a program which regularly puts on a Verizon website all the information from our phone, Pictures, Contact List, which can include the personal information like birthdays, anniversaries of those we know.
Raising the question: Does Verizon mandate I have "BackUp Assistant" which always runs, because it is concerned about me, or because it is was part of a deal with the NSA?
Lastly, Backup Assistant is surely not in my best interest in placing my personal information on a corporate website, as we have witnessed credit card information being hacked from professionally managed sites.
In some ways, the average person has depended on anonymity for his security, which should be recognized as a false hood, if an individual or his friends live in todays world, try to earn a living. Not only does personal privacy not exist in todays world, neither does anonymity going to protect us.
And the certificate for this website has expired.
From what I understand, most of those satellites have to piggyback official launches. Unless there is an easy way to put small payloads in orbit I don't know about, this "amateur" field is still expensive.
Your throw-away line at the beginning about Snowden killing any chances of a liberal arts major getting a job at the DoD for a decade is rather interesting from a sociological point of view. I have to ask, did Bradley Manning kill any chances of a transsexual getting a job at the DoD? I didn't hear anything about it. Half a century ago, Guy Burgess did this for homosexuals, but people were not so "politically correct" back then.
For what it's worth, the PRISM issue has already cropped up on a W3C mailing list discussing EME & DRM in HTML5. Some folks (myself included) mistrust the idea of accessing parts of the web through closed-source proprietary binary systems, in part for surveillance-related reasons.
Imagine the 'metadata' that could be harvested by DRM systems with access to everything you watch, listen and read.
@Dan US Constitutional laws don't apply in the same ways to non-Citizens.
I think the US rightly are concerned with what US laws have been broken by this massive surveillance of US citizens. The global implications, while not trivial, are part of another story.
That the US spies on other countries and their peoples is hardly new or surprising.
Snowden has killed the chances of any liberal arts major getting a DoD job for at least a decade.
Anybody else irritated that it takes a liberal arts major (rather than, say, a scientist or even a lawyer) to take his oath to protect the constitution serious?
Lying under oath to congress and populace about flagrantly ignoring the 4th Amendment is not even worth a slap on the wrist, while telling the truth about the constitution being trampled is deemed high treason.
I am getting increasingly irritated that the actual crime is not worth anybody's attention. Snowden is a pawn, but nobody can be interested in dealing with the real players.
We have come a really long way since Watergate. Downhill.
And while we fight as best we can to set things right at home we Americans appreciate support world wide for resolving these issues. We would appreciate it if foreign countries would stop asking for aid, blood money not to kill each other, military support.
I'm pretty sure no foreign country was begging us to invade Iraq, Afghanistan, etc. Our issues are largely ones we've created. Ever hear of military-industrial complex?
It seems more likely that such systems are actually useful to "scammers, spammers and identity thieves".
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.