Eben Moglen and I Talk about the NSA

Last week, Eben Moglen and I had a conversation about NSA surveillance. Audio and video are online.

EDITED TO ADD: The site seems to be down, so here's a YouTube link.

Posted on December 20, 2013 at 6:30 AM • 17 Comments

Comments

CuriousDecember 20, 2013 7:52 AM

I am having difficulty loading the webpage and when I did so earlier I was unable to download either the mp3 or ogg file. (ca 1400 central european time 20. Dec).

FredrikDecember 20, 2013 12:37 PM

www.softwarefreedom.org is entirely unresponsive now. A torrent/magnet link would be appreciated.

unimportantDecember 20, 2013 2:21 PM

I share the opinion that Snowden's revelations are authentic. I am in doubt whether humanity can withstand surveillance: The last attempts resulted in revolutions, but the ultimate fight for humanity is right now when we have to deal with high tech surveillance which was not available in former times. Aggressive surveillance affects our conscious behavior until we are humanoid robots. The constant surveillance of every transaction and instant cruel punishment without considering the contexts will unconsciously force us into the allowed thought patterns (to that of the average consumer).

DBDecember 20, 2013 3:18 PM

I have non-technical friends who no longer carry their cellphones around with them everywhere they go. They now sometimes leave them at home when they go out, because of government releases and admissions that it's tracking everything you do and everywhere you go.

I have another friend who sat his son down and lectured him about the dangers of searching on the internet nowadays for things, when his son was researching different guns online.

I have also tried using cash a bit more instead of plastic every time I buy things... it's not as hard as you might think...

This mass surveillance is already altering the behavior of society already on a mass scale. The differences may seem subtile now, but it will get worse before it gets better I think.

Bob RobertsonDecember 20, 2013 3:34 PM

4:30 ET, still down. Silly people, better a slow server than no server at all.

Simplify your web pages! Static HTML.

unimportantDecember 20, 2013 3:59 PM

@DB, trying to hide is not solving the problem if at least the majority of people are surveilled, because the system can identify you as unobservable and punish you accordingly after a surveilled transaction. And the rules are not necessarily published because this would address only your conscious behavior and not train you unconsciously.

SamDecember 21, 2013 2:19 PM

Does anyone else wonder if AES extensions built into the Intel chips and the Apple chips have similar weaknesses built into by the NSA? A pseudo clipper chip?

A bad random number generator?

WaytoomanyUIDsDecember 21, 2013 7:15 PM

@ Sam:

Bruce Schneier says in the talk (at about 34 minutes) that OpenBSD no longer trust the hardware random number generator on Intel chips because Intel are known to co-operate with the NSA and a researcher recently published a theoretical method of creating an effectively undetectable backdoor in a hardware RNG.

I am not a security researcher, but IMHO If OpenBSD think sommething is dodgy, it probably is.

Carl 'SAI' MitchellDecember 23, 2013 2:40 PM

@Sam

We can't know for sure. We do know they provide the same output for a given input, (so unless there's a problem with AES the output is fine) but we don't know if they allow a side-channel attack.

@WaytoomanyUIDs

OpenBSD NEVER trusted the RDRAND generator alone, and always mixed it with other sources. FreeBSD is the distro that just changed. Linux also never trusted RDRAND alone. No one should ever trust a single random source, but should instead combine sources with something like the Fortuna algorithm.

Nick PDecember 23, 2013 3:37 PM

@ Carl

"No one should ever trust a single random source, but should instead combine sources with something like the Fortuna algorithm. "

I'll add this is always a good idea even if one isn't worried about subversion. RNG's, esp black box units, might experience any number of faults in their lifetime. Redundancy is very justified here due to importance of quality randomness and how quick/easy it is to gather data from many sources into a pool.

KarellenDecember 31, 2013 10:22 AM

In the Q&A, someone asked a question about the Underhanded C Contest, and you countered that if someone wrote code suitable for the Obfuscated C Contest then it would be rejected and/or rewritten.

Note that these are different contests, and the one that the questioner was talking about specifically is: "The goal of the contest is to write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil." - somewhat in the manner of the 2003 attempt to backdoor the [Linux] kernel.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..