Comments

Poster of Brucedom Currently Being Tracked by the NSA June 21, 2013 6:01 PM

Squid using encryption have a higher chance of being retained by the NSA.

Also, thanks for the non-stop thoughtful essays you’ve been composing lately. Glad to hear They haven’t disappeared you yet.

Bryan June 21, 2013 6:33 PM

I had not heard Russ Tice’s whistleblowing until today:

http://reason.com/blog/2013/06/21/did-the-nsa-spy-on-obama

I regret to say that our officials “on the inside” have effected a virtual coup, and their public spokesmen cannot be taken at their word. At all.

My state senator, Diane Feinstein, head of the Senate Intelligence Oversight Committee, is incompetent or duplicitous, or both. I can’t say that any of our other representatives are any better, except for the senators from Oregon.

twofish June 21, 2013 7:12 PM

South China Morning Post has reported that the Chinese Communist Party used quantum cryptography to make sure that the communications lines used during the last Party Congress weren’t being tapped.

twofish June 21, 2013 7:25 PM

FYI, news media has reported that Snowden has been officially charged with espionage. HK has been asked to arrest Snowden, although I think it is rather unlikely that this is going to happen. The Chief Executive of HK isn’t politically suicidal. If he moves against Snowden, he is likely to see mass demonstrations.

nsa_hellothisisdog June 21, 2013 8:56 PM

Bruce,
I check you’re blog every day, so today when I heard a rumor you’d be speaking at Restore the 4th on 7/4/13 in DC I was really excited. Is the rumor true?

Figureitout June 21, 2013 9:37 PM

Trojan Horse Home Security

My name is Kenny Vorstrather, and I’m President of Trojan Horse Home Security. I broke into your home tonight to show you just how vulnerable you and your family are to crime. I sell a complete range of home and garden security devices.

Nick P June 22, 2013 2:00 AM

Assurance News: more new papers on security tech for people who are interested

I know in the past few times I did this little thread I included what I thought were the best papers with commentary. Well, I’m too strapped for time dealing with life’s challenges so I just filtered my more recent collections into a much smaller number of interesting papers within a few categories. Some of this requires ACM & IEEE access, others you can download via web sites like Citeseerx. Just google what you’re interested in hopefully a legal link is available. I’m sure the opposite won’t be a problem for some people.

(Threw a few hardware related innovations in for Wael since he was only guy here who responded to my forerunner post. Plenty of bleeding edge stuff for everyone, though, as always. 8)

http://pastebin.com/mnuTmDWc

name.withheld.for.obvious.reasons June 22, 2013 9:52 AM

FROM THE “HOW THE NSA F’D OUR BiZ”

Where’s that T-shirt (Told you so…). As a simple observer of events, the past nine months (my contributions to the discourse need not be repeated) have been anything but fun. With a new start-up company dealing in InfoSEC (holistic, not mechanical) and our hardware research and development efforts, the National Security Corporate Military Services Complex has done irreparable harm to my company and our efforts. Now for the 30,000 foot review of what we did whilst the NSA was spying on y’all…

We had spent considerable time crawling a chain of events that started in September of 2012 engaged in problem determination, forensic analysis, and mountains of on-line research (how bing, yahoo, google, doubleclick, facebook) determining that the Internet cabal was coalescing. It lead us to the FBI.

November 2012, dots appear out of no where. Information related to cyber warfare and recently published doctrinal white papers by DoD are suggesting significant changes. Work begins on the laboratory of our future.

In December of 2012 we reconfigured our processes, management, and systems to support a total DTA posture. We looked at ISO 27001, 15407, BS7799, and NIST 7628 Framework, NIST 800-53, NERC CIP-3,4,5 and a host of other information assurance proclamations, standards, and systems. This research is the basis for redefining the company’s information assurance posture. Our new facility (actually a renovated trailer (Faraday cage, Tempest Level) with a small clean room, front office, and an isolated test lab neared completion.

January of 2013, of a new strategic, business, and operational model and plan(s) started and is designed to provide for a survivable environment in which we could conduct our research and development. Completed the renovated facility.

In February 2013, after the announcement of PD-64 the pressure to expand our efforts became urgent. The research now suggests a significant amount of entropy awaits our small business as the large mastodons begin formulating new pre-emptive market constraints.

March of 2013, I’m recruited by a friend, she’s a mathematician and I an EE, first we work on catching up on developments in the field and our collaboration 10 years ago. It was time to revisit that research.

April 2013, we are talking daily, the mathematician and myself, on a daily basis to go over various “over the horizon” concepts and developments. She hints at wanting to come on board to work with me, not realizing that our company isn’t structure for international business operations. The need to reconfigure the organization becomes necessary and she comes on board with a 25% stake in the operation.

May 2013, we are excited and passing research back and forth (she doesn’t realize that I am still survelling the business and political world as the excitation that will be the doing of the likes of Harris Corp, SAIC, Raytheon, Generous Dynamics, and others distracts me from our foundational work.

June 2013, the restructured company and its instruments are in play and the future looks both dark and bright.

19 June 2013 — Washington D.C., event held by The Wall Street Journal on talks concerning cyber security. Michael Daniel, the White House CyberSecurity Coordinator and Special Assistant to the President is talking with Richard Bejtlich of Mandiant corporation. During their discussion, the business model that is being discussed (in couched and not so couched terms) is slowly becoming apparent. The feudal apparatus of repression makes an entrance and is knowable at this point.

My new book will be; HOW THE UNITED STATES GOVERNMENT, ITS CRONIES, AND THE LAWLESS AGENTS OF DOOM, RUINED MY FUTURE.

If these idiots hadn’t taken the series of actions that were obviously only of interest to an idiot–for only an idiot would ask for the outcomes that these decisions produced–our future endeavors would not appear to be in such peril.

I CANNOT EXPRESS HOW MUCH DAMAGE HAS BEEN DONE BY A COLLECTION OF ARROGANT FOOLS AND MINDLESS CHIMPS (my apologies to the chimpanzees in the audience, I mean no disrespect) WHOS ONLY VISION IS WHAT COMES FROM LOOKING THROUGH YOUR SPHINCTER.

THE IMPACT TO OUR ECONOMY WILL BE GREAT, AND GRAVE. BRUCE JUST HAD THE SCOPE OF THE FEUDALIST STATE WRONG…

twofish June 22, 2013 12:25 PM

More news on Snowden. The Washington Post is wondering why it’s taking so long for Snowden to get sent back, and the obvious answer is that no one in HK wants to send him back. Snowden is not going to end up back in the US anytime soon. The main decision that the HK government has to make within the next 48 hours is whether or not to arrest him. I think they would prefer not to arrest him. If they arrest him, then Snowden is going to tie up the HK courts for the next three years (not that this is a bad thing). If they don’t arrest him, then Snowden could slip away to some other place, which would eliminate a headache.

The thing about Snowden is that for him to end up back in the US, the following people have to agree to send him back

  • The Chief Executive
  • The Courts of first instance
  • The High Court
  • The Court of Final Appeals
  • The Legislative Council
  • Beijing
  • The UN High Commissioner on Refugees

If any one of those seven groups vetoes Snowden extradition, then he is not going to the US.

Something about HK is that it has a very strong system of human rights protection because its at the edge of an authoritarian government. It’s very hard to kick someone that is claiming political status out of HK because people wrote the rules to keep political dissidents from getting kicked back to the Mainland.

This is also one area in which both the Chinese and HK governments are listening to public opinion. Beijing ignores public opinion when it has a strong reason to, but in this situation, it really doesn’t, and I think that if Snowden gets sent back, a lot of people will think that this is a humiliating kowtow.

Herman June 22, 2013 12:37 PM

Most of what the NSA does, is Traffic Analysis. When the analysis points to something interesting, then only will they bother to look at the text of a communication.

Military radio systems are permanently transmitting random garbage in order to defeat traffic analysis. So, I’m wondering how one can make an internet system that will defeat it.

One way would be to create a background process that is randomly connecting to SSL servers and transceiving crud, thus burying your real communications in noise. Any other ideas?

Jack June 22, 2013 12:45 PM

@Bryan

[On the Tice disclosures – and agreements with him from various other previous leakers – that the intel agencies have been spying on law firms and political leaders]

I think all of this is tremendous news. I think Tice and fellows had to wait for someone like Snowden to come forward with hard, indisputable evidence for him to come forward, because otherwise no one would believe them.

Unfortunately, he does not have physical evidence however. And what he was privy to was kept in much smaller circles then what Snowden was privy to. So, they can deny these disclosures and ignore them until we have some hard evidence leak out.

Which will happen.

If the US government now decides to go after Tice and his fellows, they would only substantiate his stories by denial.

Snowden, as I am implying, his evidence could have been denied by the government if it circulated only in small, compartmentalized secrets. It did not, so they confirmed it by their hearty, mass denunciation of it all and their apologies.

So, we may have to wait for ‘more information’ until the Tice story gets any traction.

NobodySpecial June 22, 2013 12:56 PM

“Snowden has been officially charged with espionage”
Some good has come out of this – Americans have discovered the meaning of irony

Jack June 22, 2013 1:04 PM

@name.withheld.for.obvious.reasons

That definitely sounds like the fleshing out of a very interesting story, though the details have been too heavily self-edited to really make sense of what it is you are saying.

For, as you say in your name, I am sure, “name [and specific details] edited for obvious reasons”.

Not a lot there to comment on therefore, though I do see you speak of “feudal forces” in the – what can really only be described as “the software military industrial complex”?

If we saw a Chinese – or Israeli – company working closely with their government or having insiders who came from their government’s intelligence programs, wouldn’t we just naturally assume they are perhaps not cover agencies, but definitely under strong, perhaps indirect, control of the government? Maybe simply merely by the very factor that their respective government is one of their bigger customers?

And if we considered the peer networks of these “previously employed and trained by intelligence agency” individuals, that the entire network is compromised at least by monetary and status influence by their respective governments?

If you could flesh out those sorts of networks and their “corporate” mindset and motives, that might make an interesting – even important – read.

Concerned Patriot June 22, 2013 2:20 PM

@NobodySpecial

The fact that Snowden has been charged with espionage pretty much confirms his allegations, doesn’t it?

Ambrose Bierce June 22, 2013 3:04 PM

In the last week, my Yahoo account and the Yahoo accounts of two people I know were broken into. I and one of the others had reasonably strong passwords (>7 characters including letters, digits, and special characters). There are replies to comments on the Facebook story by several people who have had their Yahoo accounts broken into recently.

Has Yahoo had a general breakin recently that they haven’t announced?

Simon June 22, 2013 3:31 PM

@Ambrose Bierce – I cannot answer your question, and my Yahoo mail account has not been broken into, but are you an AT&T subscriber or just Yahoo? AT&T just made a huge change to the mail and if this incorporated your Yahoo account it is extremely aggravating. Many users were furious it was almost impossible to find how/where you could change your password. And if you wanted to change your Yahoo email password it was easier to cancel anything to do with AT&T then severe the connection between AT&T and Yahoo email. It took me 45 minutes to figure out how to change my Yahoo email account password which is, as far as passwords go, very strong. The whole thing gives me the creeps, besides the fact they limit the password alphabet you can use so it should be very long to gain strength.

I swear, there must be a huge contest going on to see how stupid companies can be. It reminds me of the decades long recorded message the phone company used to play when you mistakenly first dialed a “1” when not necessary, or the reverse. So, they couldn’t just automatically handle this for you, they had to play the same idiotic message each time. Worse, they made sure it was confounding to know in each case whether you should or should not dial the “1” first, because that depended on your service, not just how far away it was. Mindless, totally mindless. Those same people are now in charge of your email.

Indigo Jones June 22, 2013 4:09 PM

We won’t much longer have the luxury of debating what sorts of alternative energy solutions we want to adopt. Nearly 2/3 of Americans live on a coast, and the climate change deniers won’t be able to obfuscate rising ocean levels. Soon, we’ll be out of choices and strict measures will have to be imposed. People will call it “tyranny” though it is the direct result of decades spent choosing not to act.

Clive Robinson June 22, 2013 6:25 PM

ON Topic 🙂

Whilst the reduction or near demise of certain squid species (Humboldt comes to mind) would ecologicaly be desirable as they are currently in the process of eradicating other species, acidification of ocean water is a significant problem that effects rather more than squid.

I’ve read in the past a number of papers on what might happen not just to sea dwelling creatures but land and land dwelling creatures as well as certain weather conditions (hurricanes for instance).

Thankfully it’s unlikely that I will be around to see much of it but potentialy my great grand children might well.

Climate change is a reality that has unfortunatly been named “Global Warming” as this alows neigh sayers to get away with their activities.

The simple fact is we are going through about 1.4 times the energy that comes from the sun currently and this is set to get worse with the increasing industrialisation of various countries with large populations (China and India being the two most prominent). The issue people should be thinking about is where does this extra energy come from… Currently it’s from fossile fuels of various forms which unfortunatly were made very inefficiently and for various reasons are not simply hydro-carbons but a whole plethora of chemicals both organic and mineral. Which means they create one heck of a lot more polution than just their “carbon footprint”.

One oddity of this is that some forms of polution have an action that results in more of the suns energy being reflected back into space. Which whilst it may reduce the “Solar heating” effect, effectivly increases the energy gap between solar supply and human demand. It also reduces the amount of rainfall in many parts of the world which is already causing geo-political problems as nations effectivly demand and use more and more water. This is already causing a resurgance of “water rights wars”.

Whilst “water rights wars” are bad enough the energy gap has grown at a rate where most of us will experiance the side effects of “Energy-wars”. Arguably we are seeing this in the Middle East currently, but as some nations there are only to aware their fossile fuel supplies have considerably less than twenty years at current usage rates and thus they are exploring alternative energy sources. One such is as we know Iran that is trying to develope a nuclear energy independance despite interferance from Israel and the US that claim they are actually developing a nuclear weapons capability (for which they have yet to show publicaly any evidence that is as credible as the Bush/Blair dodgy dossier on “Iraqi WMD”).

But it’s not just the middle east, for instance Russia under Putin has been using access to energy as a way to excert fairly direct political control on a number of independant East European Countries by cutting of gas supplies during the winter.

To prevent this political blackmail verious Western European countries were looking at building Nuclear power plants but due to one thing or another it’s now considered a bad idea. Esspecialy as potential plant designer/builder/operator companies have rapidly diminished and the few left belive that they hold the countries concerned over a barrel where they can demand exhorbitant prices and concessions.

Thus the current “Great White Hope” is fracking, unfortunatly the companies that do this are being extreamly economical with the truth and are likewise demanding all sorts of concessions from European Governments that are looking into fracking.

However recently leaked data suggests the environmental issues are ten to twenty times worse than the companies claim and the real yields are considerably down on the original and revised theoretical models.

Which might account for why so many eyes are looking greedily to the high lattitude Southern Hemisphear and antarctic where there are belived to be very large fossile fuel deposits in various forms. It is thus one reason Argentina is trying to wrest control of the Faulkland Islands from the islanders and land owners, both of whom appear to prefer UK as opposed to Argentinian political affiliation.

One thing that is fairly certain, and that is despite the claims of the various “green organisations” environmentaly friendly energy production is just not viable. Not because wind/wave and solar cannot generate large quantities of energy, it can, but what it can not currently do is produce it on demand. This would not be an issue if we had a viable energy storage solution but we don’t nor are we likely to have in this century based on the current progress and lack of investment. So far the only large scale viable solutions have involved inneficient potential energy systems such as the pumping of water up mountins and using hydro-electric generation as required to provide peak demand power. Some other slightly more efficient research systems have involved the equivalent of geo-thermal energy production but like fracking these systems do have large question marks above them.

All of which suggests we need to use less energy, and there are only two ways to do this, firstly make systems more efficient, secondly limit energy usage, which will have significant effects on world economics and dare I say it our own personal comfort…

If we don’t then secondary effects such as increasing acidification of the oceans and other bodies of water will increase and this will have further knock on effects on the likes of the weather, land erossion and flooding and thus food production…

Clive Robinson June 22, 2013 6:38 PM

OFF Topic :

Due to the UK Gardian newspapper and Mr Snowden’s revelations about the NSA one or two quite important news items are being virtualy ignored.

One such is from the Bank of England and is quite significant. Basicaly most UK banks regard cyber-crime and cyber-attacks as more of a threat to banking stability and availability than the current multi trillion Euro Crisis which is bringing many southern European nations not just down on their knees but almost fully supine.

http://www.computerworlduk.com/news/security/3452438/bank-of-england-ranks-cyber-attacks-above-eurozone-crisis-as-biggest-threat/

twofish June 22, 2013 6:50 PM

Some good has come out of this – Americans have
discovered the meaning of irony

Yeah…. From the WaPo….

“If Hong Kong doesn’t act soon, it will complicate our bilateral relations and raise questions about Hong Kong’s commitment to the rule of law,” said another senior administration official, who spoke on the condition of anonymity.

GOOD GRIEF.

Unlike the US, officials in Hong Kong have to answer to the courts and the public for their decisions. If Leung even tries to extradite, the HK courts will give him a good spanking….

http://en.wikipedia.org/wiki/Political_offence_exception

Also espionage law is different in HK and in the US. Both HK and the US require that the information released by espionage be damaging to the state. However, in the US the courts will automatically defer to the executive in determining what is damaging. In HK, the courts will conduct an independent review over whether the material released in fact damages national security.

The reason for this is that Beijing is in charge of defense and foreign affairs, and for obvious reasons courts in HK are just not going to rubber stamp Beijing’s views. Also, there will be massive anger if Hong Kong gives in to US pressure. The logic is that if HK is willing to kowtow to the United States, then it’s not going to be able to stand up to Beijing on free speech issues. This is important since the pro-business HK tycoons are trying to convince people that they have enough of a voice without formal elections for the Chief Executive, and if Leung extradites, that will make this look stupid.

Snowden is pretty brilliant. The civil libertarians in HK on on his side, but he has released enough stuff about how the US has hacked China that the pro-China nationalists are now also on his side. If Snowden gets extradited, there is going to be massive anger not just in Hong Kong, but on the Mainland as well for “kowtowing” to the United States.

And exactly what can the US do to HK?

The USDOJ apparently has had little experience trying to justify its actions to courts or to a public that really cares about civil liberties. It’s quite out of practice on this one.

One other thing, Hong Kong officials are being quiet about this Snowden issue because HK cares a lot about privacy, and as Snowden has not been charged with any HK crime, HK officials do not have the authority to say anything about him.

NobodySpecial June 22, 2013 10:38 PM

And exactly what can the US do to HK?
I’m sure there are some “terrorists” in the USA that China would like back. Presumably a deal could be done to extradite a few Chinese journalists/human rights campaigners/critics of the government in return for this guy

h4xx June 22, 2013 11:06 PM

South China Post reporting today that Snowden leaked evidence of backdoored network firmware that was used to steal multi millions of chinese text messages.

twofish June 22, 2013 11:41 PM

Not really. The Chinese government would in fact prefer that Chinese dissidents stay in the United States where they become a headache for the US. Google for “Chen Guangcheng” and see what’s he been up to for the last few days.

Dissidents tend to be “chronic complainers” (not that this is necessarily a bad thing, sometimes a society needs a “chronic complainer”). If you keep them in China, they’ll complain about China. If you move them to the US, then they’ll eventually start complaining about things in the US.

You get into some odd situations. Wu’erkaixi the famous Tiananmen dissident has been trying to get back into China for the last several years.

http://m.theepochtimes.com/n2/china-news/survivor-of-1989-student-massacre-demands-return-to-home-country-239604.html

twofish June 22, 2013 11:47 PM

The other thing to point out there is that the US government has done far, far more damage to US interests than anything Snowden could have revealed. Any sort of moral authority that the US had to talk about freedom of speech and freedom of the press has been shredded, and it will take years, maybe decades to repair this.

The other thing to notice is that if you look at how the New York Times is covering this versus how the SCMP and Guardian are covering this story, it makes the NYT really seem like the People’s Daily and Xinhua.

NobodySpecial June 23, 2013 12:37 AM

@twofish – but it is a Heisen-crime, it only exists if people find out about it, therefor the person that reveals it is the criminal

Clive Robinson June 23, 2013 5:46 AM

@ Twofish,

So Edward Snowden leaves HK because the US opened it’s mouth publicaly for PR reasons and in the process tip him off that they had started extradition proceadings, but had also failed to provide the correct paperwork for HK courts despite having appropriate representation over there.

So,

1, Monumental US “cock up” (not exactly unknown)
2, HK Gov playing it smart and giving the US “the finger”.
3, A carefully worked out diplomatic stratagy between US and HK (fairly unlikely).
4, Or the US “flushing the prey to the guns” for a more favourable killing field…

I guess we won’t be able to tell untill he turns up somewhere in a few hours and either has a visa or asks for assylum…

With regards to asylum there are quite a few South American countries that are quite unhappy with the US and UK currently so he could be heading that way.

Likewise as you note Iceland is a possability, their government and their people are deeply unhappy with both the US and UK and Europe more generaly over the issue with bank loans that are not being repaid and a whole load of other Financial Crissis issues.

twofish June 23, 2013 8:53 AM

The problem is that legally HK can’t extradite for espionage under the political offence exception. HK could possibly extradite for theft of government property, but that would require that the US promise that it wouldn’t charge Snowden with espionage.

There is no way that the US could have provided HK with the “right paperwork.” What the US hoped that HK would do is to look the other way at bad paperwork, but this is something HK was quite unwilling to do.

The US government had a tremendously weak legal case, but as with most things, the USDOJ didn’t seem to be interested in telling people that.

The problem for HK is that everyone would prefer to see him elsewhere. By trying to force HK to arrest Snowden, Snowden would have been forced to stay in HK while all of the appeals were going through. Snowden visa would have expired in two more months, at which point he would have had to apply for asylum. HK has a long standing policy of requiring people that succeed in asylum to move outside of HK, which means that if he had stayed, he would have been confined for several years and the best end game would have been that he ended up where ever he is going now.

It’s a game of global legal chess, and Snowden is doing quite well.

Petréa Mitchell June 23, 2013 10:38 AM

In other news, the latest terrorist plot by people who could never apparently have managed anything without extensive FBI assistance involves a death ray.

Wael June 23, 2013 11:08 AM

@ Clive Robinson

All of which suggests we need to use less energy, and there are only two ways to do this, firstly make systems more efficient, secondly limit energy usage,

There is a third option: Reduce population!

Wael June 23, 2013 11:16 AM

@ Nick P

Threw a few hardware related innovations…

Thank you, Nick P! I also learned about pastbin.com 🙂 Another vector for information (I mean metadata) collection. When I have the chance, I’ll give you some feedback.

Jack June 23, 2013 1:46 PM

Petréa Mitchell • June 23, 2013 10:38 AM

“In other news, the latest terrorist plot by people who could never apparently have managed anything without extensive FBI assistance involves a death ray.”

Surely emblematic of all of the other “plots” this massive illegal surveillance system (“company”, “rogue shadow state”? ) has stopped.

“The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.”

I would not be surprised if they said that they stop two guys trading watermelons where they claim watermelons were code names for something nefarious. When it was just really about literal watermelons.

They probably get a lot of that.

The UK used to analyze closely one guy’s table tennis letters and discussions certain it was some kind of secret code. It wasn’t.

I noticed that Tice spoke about how he saw a tremendous batch of unlisted numbers in SoCal being investigated — besides Obama, McCain, Feinstein, Patraeus and the others.

Interesting that Patraeus is on that list.

Really weird coincidence that he just happened to get into a funny affair and ended up there was some credible excuse for it to be carefully investigated and then exposed to the world.

Kind of like suspected a prostitute is using heroin because her track marks are many and fresh.

name.withheld.for.obvious.reasons June 23, 2013 2:15 PM

@Jack

To follow the Petraes vein, during a senate IC meeting Feinstein expressed her anger that the gang of 8 had not been notified of the FBI op or their findings. This is a huge clue.

Dirk Praet June 23, 2013 6:48 PM

@ Nick P

Assurance News: more new papers on security tech for people who are interested

Wow ! That’s quite some stuff to chew on. Thanks for that.

Nick P June 23, 2013 10:41 PM

@ Wael, Dirk, Icicle

Thanks for your feedback. 😉 Be sure to copy and past the contents of the link into a text file on your computer if you plan to look at them little by little over time. I’ve seen pastebin links break on occasion. Best to have a local copy of good papers and bibliographies.

Wael June 23, 2013 11:46 PM

@ Nick P

Be sure to copy and past the contents of the link into a text file

I often use a firefox extension for that purpose. It’s called “ScrapBook Plus”. It also gives you the option to “capture” the link and save it locally, with the desired depths of links. I also use “Wired Marker” for related tasks. Can’t vet for these plugins’ security vulnerabilities , so use with caution…

name.withheld.for.obvious.reasons June 24, 2013 1:18 AM

Under current legislation, CISPA, the United States government is enjoining private companies with protections from repudiation irrespective of occurence or extent of wrongdoing.

Let’s use Booze Allen (B.A.) as an example of what could be the result.

THIS IS A FICTIONAL STORY

Booz Allen (B.A.) , working under contract with the U.S. government, hires a number of contractors (some 50% from India) and subcontracts with another company based in Singapore. It is discovered, say by an insider, that B.A. is illegally offshoring the data management of state secrets and classified documents. One year after they secured the contract, the Guardian publishes a story that drawings, schematics, schedules and material information that is part of the F-35 JSF program have been acquired by an unknown third party.

As B.A. was responsible for the management of Lockhead Martins data center services under a contract signed two years ago. Lockhead Martin discovers that B.A. had offshored the data backups to their facility in Singapore and managed by their Bangledesh office. B.A. is also a “Protecting Entity” under contract with the NSA. Lockheed attempts to bring B.A. to court in a civil proceeding claiming material loses that include reputational costs…

B.A.’s response is that they are a “Protecing Entity” and cannot be held liable by Federal law. “See–it’s completely legal.”

A Nonny Bunny June 24, 2013 1:19 AM

@Clive Robinson • June 22, 2013 6:25 PM

“The simple fact is we are going through about 1.4 times the energy that comes from the sun currently”

Maybe I’m misunderstanding what you’re trying to say, but we use around 150PWh/y, whereas the sun gives us 2.4 million.

Scott "SFITCS" Ferguson June 24, 2013 2:49 AM

@A Nonny Bunny

we use around 150PWh/y, whereas the sun gives us 2.4 million.

The Earth receives 174 petawatts (PW) of incoming solar radiation (insolation) at the upper atmosphere. Of the sun’s energy that reaches Earth’s atmosphere, 30 percent is reflected back into outer space, 47 percent is absorbed by Earth’s surface and converted into heat energy, 23 percent drives the hydrological (water) cycle, less than one percent creates winds and ocean currents, and only 0.03 percent is captured by plants and used in photosynthesis.
The 0.03 percent of the sun’s energy captured by plants provides all the world’s food energy and produced the stored fossil fuel energy (coal, oil, natural gas).

What Clive probably meant is “we use 2.4 times as much energy derived from sunlight and laid down as petroleum deposits as is created (at the same time)”.

Current consumption rate for oil alone is around 90 million barrels per day.

off topic : french translation June 24, 2013 7:06 AM

The French blog “Internet actu” has poster a translation (and a bit of commentary) on your recent article “What We Don’t Know About Spying on Citizens: Scarier Than What We Know” (http://www.schneier.com/essay-429.html) here : http://internetactu.blog.lemonde.fr/2013/06/21/lutter-contre-la-surveillance-armer-les-contre-pouvoirs/ .

They also translated, on the same page, Daniel Solove’s “President Obama’s Flawed Defense of Surveillance: 4 Responses” (http://www.linkedin.com/today/post/article/20130610082630-2259773-president-obama-s-flawed-defense-of-surveillance-4-responses )

twofish June 24, 2013 7:58 AM

One irony is that with all of this technology, the US is looking pretty silly not being able to pin Snowden down.

There was this curious remark by Dianne Feinstein who is chairman of the Senate intelligence committee

Sen. Dianne Feinstein D-Calif., said Sunday she thought China
would’ve used the opportunity to arrest ex-CIA employee Edward
Snowden to improve U.S. relations.

Anyone with any sort of knowledge of HK and Chinese politics would have known that this just would not happen, in part because it couldn’t happen that way. There are a lot of limitations both political and legal on how much Beijing could intervene with HK.

The other thing that the NSA, the USDOJ, and “Gang of Eight” just didn’t figure out is how much people in Hong Kong and in Beijing feel about this issue. The fact that you have Leung “Long-hair” Kwok-Hung, Albert Ho, Regina Ip, Leung CY, and Beijing working with each other to get is nothing short of extraordinary. These people normally absolutely hate each other (look them up on Wikipedia.)

It’s pretty obvious from anyone that had the slightest clue about HK politics, CY Leung would do everything he could to keep Snowden from being arrested, and that he was just stalling the USDOJ. Once the SCMP started talking about NSA hacking on HK and China targets, there was just no way that Snowden would have been sent back to the US.

Dirk Praet June 24, 2013 9:46 AM

@ Twofish

Sen. Dianne Feinstein D-Calif., said Sunday she thought China would’ve used the opportunity to arrest ex-CIA employee Edward Snowden to improve U.S. relations.

It’s not exactly novel that US foreign policy, and more in particular insight into local context, is about as clueless as clueless can get and is more about corporate interests, wishful thinking and muscle flexing than “Realpolitik”. And that’s even without mentioning the irony in asking a country you’ve just been revealed to be spying on to extradite the guy who made it public.

It kinda reminds me of a scene in Die Hard 2 when the irritating reporter is harassing the flight attendant because he doesn’t want be anywhere near Holly Gennaro-McClane.

Flight Attendant: [to Holly] What did you do?
Holly: Knocked out two of his teeth.
Flight Attendant: [to Holly] Would you like some champagne?

As to Dianne Feinstein, chairwoman of the US Senate Select Committee on Intelligence, I find it very difficult to take this person serious any longer. Ever since Snowden came forward, she has been telling nothing but hysterical nonsense on the matter, for all practical purposes begging a debate on a statutory age limit for US representatives and other government officials.

NobodySpecial June 24, 2013 5:20 PM

@twofish – since Booz-Allen already got caught offshoring processing of data, including the designs for the F35 fighter, to south east asia – pretty much anyone. Interestingly they only got a fine for that.

Figureitout June 24, 2013 7:01 PM

Wired article concluding w/ Bruce’s “Feudal” tech. worldview. Kind of preaching to the choir here…

moo June 25, 2013 5:08 PM

http://yro.slashdot.org/story/13/06/24/1136255/nsa-releases-secret-pre-history-of-computers

“The National Security Agency has declassified an eye-opening pre-history of computers used for code-breaking between the 1930s and 1960s. The 344 page report, entitled It Wasn’t All Magic: The Early Struggle to Automate Cryptanalysis (pdf), it is available on the Government Attic web site. Government Attic has also just posted a somewhat less declassified NSA compendium from 1993: A Collection of Writings on Traffic Analysis. (pdf)”

Figureitout June 25, 2013 6:01 PM

Pretty neat

The resulting chips could trim energy consumption at data centers, boost the battery life of mobile devices, and help keep Moore’s Law going well into the next decade.

But keeps the surveillance state churning along and of course threatens your keys. But they got some problems to overcome first.

Icicle June 26, 2013 9:40 AM

@ folbec
Good point, my sentiments exactly!
The blog you linked to is quite good. It can be difficult to write something that explains how scary metadata collection actually is. I tried to write a comment about this some days ago, but didn’t post it because I felt it needed some percolating.

Percolating ideas is a good way of avoiding premature blogging 😉

Anyway, this is what I’ve written so far:

How do you feel about social network analysis?
It is a great tool to catch criminals, isn’t it? Enter the name of a criminal suspect and the system shows everybody that this suspect has been in contact with (since the system was initiated). Now law enforcement can investigate lots of new leads in hope that one of them leads to the criminal’s capture and conviction.

Now lets play “six degrees of separation“. If the system has data on everyone, then logic dictates that law enforcement has to interview Kevin Bacon in connection with EVERY crime committed!

Or swap the name of Kevin Bacon with YOUR NAME, or your mom and pop. Do you feel all warm and fuzzy now?

An explanation on why indiscriminate social network analysis violates the Fourth Amendment is left as an excercise for the reader…

Use this argument, improve it, spread it and help the populace to understand.

Nick P June 26, 2013 2:55 PM

It seems the various secure virtualization vendors are about to really hit the mobile scene. A few press releases I’ve seen recently:

Green Hills deploying to Samsung Galaxy based products
http://www.ghs.com/news/20130625-trusted-mobile-samsung.html

OK Labs tech in GD’s modified LG Optimus
http://www.engadget.com/2013/02/25/general-dynamics-locks-down-android/

They’ve merged it with Samsung’s KNOX architecture for their Galaxy devices. That should make for a powerful combination. I particularly like KNOX’s layer by layer approach to platform and app security. More on it below.

http://www.samsung.com/global/business/mobile/solution/security/samsung-knox

Blackberry was (still is?) the classic leader in mobile security. They had many security and management features enterprises liked. They’re pushing their new OS while ensuring iPhone and Android users can use their BB groupware and messaging solutions. I think that’s a smart temporary move. Maybe they should just become a software and services company like IBM has been doing.

PikeOS has had an Android “Personality” for a while. I haven’t heard anything about them partnering with vendors. Wind River’s MILS platform is multicore which is an interesting benefit. Haven’t seen much from them either, though.

So, it’s mainly Green Hills vs General Dynamics for security-enhanced smartphones with platform level protection. Two defence contractors with good engineers and technology. I hope good products come out of it.

Nick P June 26, 2013 3:19 PM

@ Bruce Schneier & Clive Robinson

What do you two think about this?
http://pandodaily.com/2013/01/07/shape-security-raises-20m-for-a-project-so-secret-if-it-told-you-it-would-have-to-kill-you/

I’ve seen in many papers and products pretty much everything we need to beat remote attackers across the board (except DDOS). We’ve discussed solutions to many problems on this blog too. So I wonder what this tech actually does, if it’s effective, how novel it really is, and how it compares to the many other good ideas that were simply not funded/implemented/marketed-well.

name.withheld.for.obvious.reason June 28, 2013 12:10 PM

One if by land, two if by sea, and 300 plus million if by domestic phone call.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.