Friday Squid Blogging: Camouflage in Squid Eyes

Interesting research:

Cephalopods possess a sophisticated array of mechanisms to achieve camouflage in dynamic underwater environments. While active mechanisms such as chromatophore patterning and body posturing are well known, passive mechanisms such as manipulating light with highly evolved reflectors may also play an important role. To explore the contribution of passive mechanisms to cephalopod camouflage, we investigated the optical and biochemical properties of the silver layer covering the eye of the California fishery squid, Loligo opalescens. We discovered a novel nested-spindle geometry whose correlated structure effectively emulates a randomly distributed Bragg reflector (DBR), with a range of spatial frequencies resulting in broadband visible reflectance, making it a nearly ideal passive camouflage material for the depth at which these animals live. We used the transfer-matrix method of optical modelling to investigate specular reflection from the spindle structures, demonstrating that a DBR with widely distributed thickness variations of high refractive index elements is sufficient to yield broadband reflectance over visible wavelengths, and that unlike DBRs with one or a few spatial frequencies, this broadband reflectance occurs from a wide range of viewing angles. The spindle shape of the cells may facilitate self-assembly of a random DBR to achieve smooth spatial distributions in refractive indices. This design lends itself to technological imitation to achieve a DBR with wide range of smoothly varying layer thicknesses in a facile, inexpensive manner.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Tags: ,

Posted on January 17, 2014 at 4:44 PM128 Comments

Comments

AlanS January 17, 2014 4:54 PM

Obama earlier today:

“At the dawn of our Republic, a small, secret surveillance committee borne out of the “The Sons of Liberty” was established in Boston. The group’s members included Paul Revere, and at night they would patrol the streets, reporting back any signs that the British were preparing raids against America’s early Patriots. Throughout American history, intelligence has helped secure our country and our freedoms.”

The President, a Harvard-educated lawyer, educated in Boston no less, and who later taught constitutional law, has a perverse understanding of “The Sons of Liberty”.

At that time the Sons of Liberty were British citizens who were vehemently opposed to their government’s issuing of general search warrants. In 1761 James Otis, who was later one of the Sons of Liberty, gave a rousing argument against Writs of Assistance in the Superior Court of Massachusetts–he lost the case. John Adams, who witnessed the presentation, later wrote: “Every man of an immense crowded audience appeared to me to go away as I did, ready to take arms against writs of assistance. Then and there was the first scene of the first act of opposition to the arbitrary claims of Great Britain. Then and there, the child Independence was born.” Otis’s arguments, along with the decisions in a couple of English cases of the same period, became the bedrock of the 4th Amendment.

It’s a lot easier to make the case for Snowden being the true descendent of the Sons of Liberty than our current intelligence agencies.

Bob S. January 17, 2014 5:05 PM

It’s clear based on the timid measures ordered by the President he doesn’t get “it”, or doesn’t care to get it.

This isn’t just about the meta data…it’s whether “Collect it All” is consistent with a democratic form of government and our liberal Constitution. In any case they are still going to collect the meta data, too.

Random brain spasm:

How can we secure our routers?

Is there such a thing as a firewall that can be trusted?

NobodySpecial January 17, 2014 5:43 PM

If only intelligence gathering had been a little better, these terrorists groups wouldn’t have been able to organiSe and overthrow the legitimate government.
Now protected by total surveillance, terrorists like Paul Revere would be stopped and his message would have been detected.

Anura January 17, 2014 5:57 PM

AlanS

It’s clear based on the timid measures ordered by the President he doesn’t get “it”, or doesn’t care to get it.

I think it’s the latter. The surveillance state is a product of Cold War Industries™, which has been declared too big to fail. We are mostly a one party system, and the Status Quo party gets huge campaign contributions from CWI Inc. I don’t expect anyone to get elected unless they are a member of the Status Quo party. You’ll always have a few members of the Maybe We Should Move On party in Congress, but they seldom have enough support to accomplish anything.

AlanS January 17, 2014 6:29 PM

@Anura

That was Bob S’s comment you were replying to but I think I would also tend towards the “doesn’t care to get it” theory.

Anura January 17, 2014 6:37 PM

@AlanS

Sorry about that. The software probably switched your names for a minute (because relational databases work that way), however to show what a great candidate I am for President, I will reluctantly accept partial responsibility.

Matt Hurd January 17, 2014 7:20 PM

1) Blackphone? It’s a good start but not enough. I think you’d need to be a virtual mobile network operator in addition to something akin to a secure phone. You could then spin IMEIs etc around the pool of connected phones, plus do a bit of redundant traffic, to make it hard to track individuals through id or traffic analysis.

2) Simpler OS and hardware. A group at UNSW / NICTA did a proof based L4 microkernel that had certain guarantees. Along those lines, we need simple OS and firmware that is easier to audit. Microkernel bases and build from there. Audit and post-reasoning is too hard. An apple ][ and vic-20 was a lot easier to fully understand even without a proof. Make critical routers, servers, etc out of simpler hardware and software.

3) Need to have broad integrity checks across hardware, firmware and software. The hardest one to cope with the impossible compiler trapdoors and their ilk as shown by Ken Thompson plus sneaky turing machines such as linker tables. Simple integrity checks don’t work there. For that there needs to be a new kind of functional integrity check where a source based flow description is compared to the binary or vm flavour to match and guarantee some kind of integrity. Otherwise you’re always at the mercy of turing machines whether hidden or explicit. That is the only way as we ain’t gonna solve the halting problem any time soon.

4) Need more RF, DPA, audio, optical, magnetic side-attack awareness and testing.

$0.02

–Matt.

saucymugwump January 17, 2014 7:23 PM

@ AnanS
“It’s a lot easier to make the case for Snowden being the true descendent of the Sons of Liberty”

I really wish everyone would pause their movement to make Snowden a saint.

Snowden saw things reminiscent of the Pentagon Papers. But then what did he do? He went to China and Russia, our competitors at best. The one thing which the 60 Minutes interview brought out was that Snowden had stardom in his eyes so he did not see the threat from Chinese and Russian intelligence. I firmly believe that his laptop / USB drives / whatever were compromised during his stays in those countries.

Snowden is not very bright. All he had to do was travel to Germany, given the revelation that the NSA had spied on German Chancellor Angela Merkel. He would have been given sanctuary. Germany would have been able to use the news as a lever to force NSA to change. Snowden is a fool, with the proof being his desire to return to the USA as a hero.

@ Bob S
“It’s clear based on the timid measures ordered by the President he doesn’t get ‘it’, or doesn’t care to get it.”

Obama is no different than Bush the Younger in terms of national security, the economy, the banking sector, and loyalty to incompetent underlings. He promised to empty Guantanamo’s prison, remove Scientology’s tax exempt status, and recognize the Armenian Genocide. I am happy he failed on the first, but the second and third were not that difficult and should have been done. He and his family made it into the presidential club, so he is satisfied.

@ Anura
“The surveillance state is a product of Cold War Industries™, which has been declared too big to fail.”

Well put. Have you read the Reuters series Unaccountable: The high cost of the Pentagon’s bad bookkeeping? Here’s just one quote: ” The Pentagon alone has never been audited, leaving roughly $8.5 trillion in taxpayer dollars unaccounted for since 1996, the first year it was supposed to be audited.” Given that our national debt is $17 trillion, we see that the DOD is responsible for half.

“We are mostly a one party system”

Exactly. The people who rail against “the other party” are fools, as there are only minor differences between the Ds and Rs.

MNsure user January 17, 2014 7:24 PM

MNsure.org has a bunch of subdomains.
http://www.mnsure.org, plans.mnsure.org, auth.mnsure.org, people.mnsure.org, payment.mnsure.org, etc., corresponding to contractors and their different contracts.

2 of them, plans.mnsure.org and payment.mnsure.org(on the sign in page) have mixed https and http content giving a “man in the middle attack” warning when using Firefox.

Matt Hurd January 17, 2014 7:27 PM

5) A new type of message exchange. Redundant in multiple countries that are protected from gov’t search. Use a combination of OTP ( O(n) with an exchange rather than O(n^2) as a network), PKI and dual symmetric encryption. Standard numbering for quality assurance on physical, legal and technical security aspects so you know what you’re dealing with easily. Polling and redundant traffic for traffic analysis avoidance. Use existing mechanisms, such as TOR, for on-boarding when appropriate.

$0.005

–Matt.

Tony H. January 17, 2014 7:56 PM

Bruce interviewed on CBC TV after Obama’s speech today. More than a soundbite, and the interviewer wasn’t completely clueless. Well, maybe 80%, but…

AlanS January 17, 2014 9:52 PM

@saucymugwump

I expressed no opinion on Snowden’s sainthood or otherwise. Obama was suggesting that current government mass surveillance is a continuation of activities undertaken by The Sons of Liberty. The suggestion is ludicrous given that The Sons of Liberty were in revolt against their own government’s use of general warrants.

Markus O. January 17, 2014 9:57 PM

TFC: Pidgin with one-time pads, padding, TRNG generated keys. 2x RaPi + RS232 data diodes = end point security. Open source, open hardware design.

Basically it keeps messages confidential against cryptanalysis and software level zero-day vulnerabilities. Draft available at
http://www.cs.helsinki.fi/u/oottela/TFC.pdf

GregW January 17, 2014 11:10 PM

@saucymugwump

I firmly believe that his laptop / USB drives / whatever were compromised during his stays in those countries [China and Russia].

Your post contains straw man exaggerations (“sainthood”) and in the above quote you seem to reveal you don’t know enough facts about the situation to make a good case about his action (much less skills, or morality).

Is there any factual evidence to back up your “firm beliefs” that Snowden even took the documents to Russia?

And what’s your scenario for how the Chinese would intercept the documents from Snowden, before he turned them over to journalists, before his identity was made public, despite the at-rest encryption employed and despite Snowden’s awareness of Chinese intelligence methods due to his work hacking Chinese targets for the NSA earlier in his career?

Perhaps read up a bit further; start with: http://www.theguardian.com/world/2013/oct/18/edward-snowden-no-leaked-nsa-documents-russia

Do you understand what a general warrant is as distinct from the warrants we use today, and the nature of Snowden’s objection to general warrants, among other concerns and motives of his?

For more on that, start with: http://www.washingtonpost.com/world/national-security/edward-snowden-after-months-of-nsa-revelations-says-his-missions-accomplished/2013/12/23/49fc36de-6c1c-11e3-a523-fe73f0ff6b8d_story.html

Rusty Shackleford January 18, 2014 1:25 AM

“We are mostly a one party system”

Mostly? Try entirely! And we won’t mention which two presidents mentioned something about being a dictator to get things done – or to enjoy the role better than that of President.

The TV and almost cartoonish celeb culture seals and binds the minds of the stupid. The right attack the left on one channel then vice versa. And the stupid think Colbert and the other comedy news show on Comedy Central (CC) are so hilariously anti-big-government but do they write their own material or is all or most of their material written for them? And who owns CC? Could we really see honest, in-depth, and impartial media on corporate owned stations? No – it’s like in the movies, the pirates breaking in for a few seconds to get a message across – but that doesn’t happen too much these days – at least not in America.

We might as well face it, we have a monarchy and they should live and dress like the Queen and her slaves, why hide it? Just give it to them.

The TV and print media control most of the minds, at least the few that participate in voting. Unless it’s about legalization of cannabis, most people really don’t care, they vote the party line all the way through the ballot as if they were voting for their favorite sports team. Read and listen to what George Carlin was saying before he just suddenly died.

People who speak the truth do not last in media, if something slips through, they are fired, shuffled around, or receive ‘treatment’.

Some examples:

@ http://en.wikipedia.org/wiki/Punitive_psychiatry_in_the_Soviet_Union
@ http://en.wikipedia.org/wiki/Psikhushka

Note how many celebs are ‘re-educated’ after speaking out or worse. Brittany Murphy’s death is suspicious as a lot of celebs are.

Randy Quaid took off and was quite vocal on why, as many dismissed him and/or his wife of being crazy or losers. People who spoke out about compromised air gapped computers before the leaks were considered nutty, too.

brown shirts January 18, 2014 3:16 AM

ACLU app lets Android users secretly tape the police

The free app records video and audio, hides when requested and lets users send backup copies of recordings to the ACLU for safekeeping.

http://news.cnet.com/8301-1009_3-57467073-83/aclu-app-lets-android-users-secretly-tape-the-police/

http://web.archive.org/web/20131022194439/http://news.cnet.com/8301-1009_3-57467073-83/aclu-app-lets-android-users-secretly-tape-the-police/

http://www.aclu-nj.org/yourrights/the-app-place/

http://download.cnet.com/ACLU-NJ%20Police%20Tape/3000-2094_4-75742382.html

http://www.nyclu.org/app

http://news.cnet.com/8301-31921_3-57405594-281/boston-admits-it-cell-phone-photography-is-not-a-crime/

Mike the goat January 18, 2014 5:19 AM

Bob S: yes, and indeed this is a question that I have been trying to answer for quite a while now. I considered putting up a kick starter project for an inline device that was constructed of macroscopic components where possible and for tasks that are not possible to achieve using discrete components using ASICs etc. from a non American source. Essentially I wanted to develop a network analyzer that I (you) can trust. At the moment there is nothing.

My last analyzer setup is designed into one of those plaatic luggable airport trolleys.. My new design will likely try and reuse some kind of easily obtainable product unless we can get the volume to manufacture them. That said – what is secure anyway?? And how do we prove it? When I made my last attempt I wasn’t thinking of an evil NIC only reporting what it wants to or those kind of situations but it was a convenient little thing until it met its end. It has a built in UPS, and a single marine battery instead of the rubbish they put in the extern UPS packs. The input to the UPS (to charge it) is wired to a panel mount IEC on the top of the cabinet, and there is a 10′ power cord wrapped around the handles of the trolley.

A disembodied laptop running wireshark amongst other things is the “analyzer” bit, with the screen fixed behind the aluminum labelling between the two handles that run vertically up. The laptop keyboard is permanently mounted, again slightly recessed into a hole in the aluminum sheeting.

A panel mount rj45 socket makes available the internal 1000baseT card in the laptop. A switch is mounted in the trolley portion below the laptop keyboard and normally this goes into the assigned trunk port on the right. I have an assortment of SPF modules so I can test both copper and fiber (single and multimode Ethernet). I even keep a media converter in a little drawer I made under the switch bay to support 10base thinnet. Most ports are set to mirror to the monitor port, so effectively it mirrors a hub in effect.

Another cool touch was the small digital oscilloscope that I managed to mount just below the monitor. The RS232 interconnection was done behind the unit and inside the frame so nobody could see it but enabled the results to be shown and saved etc. I also made available two USB ports which I mounted into the aluminum panelling I made the whole thing whole out of. When complete it looked nothing like the extended arm luggage trolley. Imagine the whole arm section enclosed with Al sheet, with cuts made for a handle and cut and glued black pool noodle foam so it is grippy and no cuts from thin metal. Directly below the handle a few toggles. Masters turned on the UPS and thus power to the unit. Two LEDs above showed whether AC power was on (if UPS was charging) and second showed that UPS is supplying OK. An analog voltmeter was added directly underneath the switch – I pulled out the paper behind the gauge and.made my own on my inkjet with appropriate green yellow and red voltage zones. Going along we had a momentary toggle for the laptop (up hold for power button on laptop), and next a switch for the switch and a switch for the oscilloscope. The last switch was for an external power socket.

Below the switches was a VGA monitor (10.5in) and below that was where the “bucket” bit of the original trolley was. All sides were covered and welded into an Al sheet metal box. The keyboard was sitting on the top of the box, countersunk into a hole made into it and held firm by a small shelf below that was tacked with a bit of force upon it so the keyboard ain’t going anywhere. We followed up with neat black hard sealant bead around the whole “cut” in the sheet that exposed the keyboard. Directly below this inside is the guts of the laptop. A few inches down and on the front side is the 24 port switch again mounted and slightly sunk in a hole in the panel and below that a mini oscilloscope of Asian origin. A small cupboard was affixed on the right side which exposes the UPS hardware and the marine battery. There is a small sliding drawer above the battery area for cables and junk. It was a beautiful creation.
It truly is an all in one workstation.

Pity I left it next to our rack in our local verizon business data center and it was gone the next day.

It was four years ago but I still want to cry.

Benni January 18, 2014 6:39 AM

saucymugwump • January 17, 2014 7:23 PM
“Snowden is not very bright. All he had to do was travel to Germany, given the revelation that the NSA had spied on German Chancellor Angela Merkel. He would have been given sanctuary. Germany would have been able to use the news as a lever to force NSA to change. Snowden is a fool, with the proof being his desire to return to the USA as a hero.”

Lol. You do not know germany’s laws when it comes to asylum. Only 10 per cent of all applications for asylum get accepted by germany. The other people are sent back where they came from. To get asylum from germany, the coutry must be the first or the european union, that you are visiting. If you came to germany by traveling through another european coutry, you will be sent to this country immediately. This means that you can only get asylum in germany, if you travel via airplane or ship.
Furthermore, germany has an extradiction treaty with the US. So if the US police wants someone who is not a german citizen because he is suspectedly involved in crime in the US, the germans must send them back to the US. German police usually does what they have to do. If merkel would make a telephone call to the police, to prevent snowden to be sent back, police would, in most circumstances , start a preliminary investigation because of illegal intervention in police matters.

There exists, however, one way, snowden gets an asylum in germany:
If refugees come from somalia or other interesting countries, they are questioned not only by germany’s department of migration, but also by the secretservice BND, who has a mysterious “Institut für Befragungswesen” (institute for interrogations) located at Hohen­zol­lerndamm 150 in Berlin.
http://www.geheimerkrieg.de/#entry-25-6048-die-quelle-aus-somalia

In germanys asylum laws, it is stated that the migration department must consider so called “nachfluchtgründe” (after escape factors). It is said that applications for asylum get accepted fast, after the refugee has provided interesting answers to the “institute for interrogations”. So, if Snowden is willing to tell the BND everything, he might get asylum in germany.

Clive Robinson January 18, 2014 6:39 AM

@ Bob S,

You ask two questions,

  1. How can we secure our routers?
  2. Is there such a thing as a firewall that can be trusted?

The first breaks down into two issues,

  • Secure Code
  • Immutable Devices

How to solve the “Secure Code” is still an open research issue, and I suspect one that is unlikely to change for a while (even though I have my own ideas on this 😉

The second issue was actually how we started (diode programable ROM) and we have since migrated under market preasure to about the least secure hardware we could design to do the job… a clasic race to the bottom via “Open Market” “Short Term” philosophy. The only question here is “is it still possible to turn back the clock” or are we in effect beyond a technological “tipping point”…

And the answer to your second question given the answer to your first is I am sad to say “Currently NO”.

However if the resources are made available then it should be possible to turn back the clock on mutability issues, which leaves the problem of secure coding. Arguably it’s not possible to make 100% secure code, however that does not mean it’s not possible to design a system that can not be exploited.

That is the “exploit” issue is a very very small subset of the “secure code” problem and in some cases it can be defined not in terms of software possabilities but hardware resource constraint. To see this you have to think about exploits as having two routes into any hardware realisation,

  • Built in exploits
  • Injected exploits

The first is in effect an “insider attack” be it by,

  1. Accident
  2. Insufficient knowledge
  3. Design

Insider attacks are in effect due to a lack of ability to recognise a vector, and arguably it’s in the same class of problem as the “halting problem”.

However injected exploits are either,

  1. Extra code
  2. Modified code

Both of which are amenable to identifing and limiting via relativly simple hardware resource monitoring / constraint.

So there is a good deal of hope that provided you can eliminate “insider attacks” and arive at a secure system you can keep it secure within the bounds of known attack classes and known attacks, as well as some unknown classes of attack and instances of attack.

saucymugwump January 18, 2014 10:00 AM

@AlanS
“I expressed no opinion on Snowden’s sainthood or otherwise”

Sorry, that was not meant to be a personal attack, though it came across that way. Mea culpa. I meant it as more of a general comment to Snowden groupies everywhere. He thought the world would crown him, but instead he is used as a pawn for national interests by many countries.

@GregW
“straw man exaggerations (“sainthood”)”

Straw man? Hardly. Try sarcasm.

“Is there any factual evidence to back up your ‘firm beliefs’ that Snowden even took the documents to Russia?”

Is there any to prove he didn’t?

“And what’s your scenario for how the Chinese would intercept the documents from Snowden”

Did he carry his materials everywhere or did he leave them somewhere temporarily while he postured in his new role as hero for the anarchy crowd? It takes very little time to copy USB drives, paper, or even hard drives. I worked for a DOD contractor and had a clearance. I had the usual training people with clearances receive. Unless Snowden took his materials with him everywhere, he was compromised.

“Merkel probably would rather be a “sixth eye” than offer Snowden sanctuary: (Der Spiegel URL deleted)”

Der Spiegel is one of my favorite news sources. I read it M-F. By the way, that article says absolutely nothing regarding Merkel giving Snowden amnesty or not; the word “Snowden” does not even appear in that article. Try these instead (I won’t include the URLs because the spam filter will block my post) or just search Der Spiegel for “snowden”:
-Asylum Debate: Germany Wants to Question Snowden
-Spying Fallout: German Trust in United States Plummets
-Codependent: Merkel’s Pragmatic Approach to the NSA Scandal

Germany wants to be included in the Five Eyes Agreement, but it has leverage over the USA in that it might veto the trans-Atlantic free trade agreement which American capitalists really want.

Also, search Der Spiegel for stories on how China has stolen technology from German companies. Try these to start:
-Cyber Menace: Digital Spying Burdens German-Chinese Relations
-Espionage Report: Merkel’s China Visit Marred by Hacking Allegations
-Steinmeier in China: Technology Theft Dominates Beijing Visit
-Product Piracy Goes High-Tech: Nabbing Know-How in China

@Benni
“You do not know germany’s laws when it comes to asylum … So, if Snowden is willing to tell the BND everything, he might get asylum in germany.”

Actually I do understand the laws from reading many articles on Der Spiegel, Deutsche Welle, and other sources, though I do not claim to be an expert. And your last sentence expresses my point succinctly: Snowden would have been told point-blank that he would either share everything he knows or be sent back. He would choose the former and Merkel would then have the political ammunition to defend him against the USA. She might have been able to gain entrance to the Five Eyes club. You may disagree, but I believe Merkel is practical and intelligent.

AlanS January 18, 2014 10:27 AM

So are what did others make of the President’s speech?

Video and fulltext here:
http://justsecurity.org/2014/01/17/president-obama-speaks-intelligence-reforms/

Most of the commentaries I have read seem to be along the lines of the NYT’s editorial: “But even as Mr. Obama spoke eloquently of the need to balance the nation’s security with personal privacy and civil liberties, many of his reforms were frustratingly short on specifics and vague on implementation.”

A lot of it seemed to come down to “trust us” which is blind to the fact that they have little to no trust in the bank. Trust is what you invest it in “checks and balances”–the very things his administration and the previous one seem to have been intent on blowing away.

Dan January 18, 2014 10:30 AM

Does anyone here has any insight into the encryption used by Synform ?

It’s a company that pools “spare” storage space on users hard disks in exchange for free cloud storage.

GregW January 18, 2014 10:33 AM

@saucymugwump
Your speculations of what Snowden might have done need to have some basis in reality to be considered evidence. Proof for any position is unlikely but let’s just start with the evidence.

Benni January 18, 2014 11:26 AM

saucymugwump • January 18, 2014 10:00 AM
“And your last sentence expresses my point succinctly: Snowden would have been told point-blank that he would either share everything he knows or be sent back.”

The problem is: that is no way sure. Even for someone who comes from somalia and tells the BND everything about AlQuaida there.

Recently, there is a wave of refugees coming from Chechenia, where russia installed a dictator. 2/3 of these refugees are send back, even if they were tortured, becuase Chechenia has the status of a “peaceful” country for the migration service in germany.

There are some members of parliament in germany who want Snowden there. MDB Ströbele even took a flight to Snowden and met him: http://www.tagesschau.de/ausland/snowden260.html
Ströbele is a member of germany’s parliamentarian control comission of the secret service BND. MDB Ströbele said several times that in his opinion, Snowden should get asylum.

According to Ströbele, judicial requirements for a safe passage of snowden to germany should be created somehow and Snowden indeed showed interest in this. He is just cautious because if he moves from russia, he will loose his asylum status there.

saucymugwump January 18, 2014 11:56 AM

@Benni
“Recently, there is a wave of refugees coming from Chechenia, where russia installed a dictator. 2/3 of these refugees are send back”

First I want to say that I am not arguing with you. I will never understand Germany as well as a native, though I have visited many times.

I think there is more to the refugees from Chechnya. As we saw with the Boston Marathon bombers, it is difficult to know whether someone is a secular person fleeing from Islamic persecution, an Islamist fleeing from Russian persecution, or just someone who wants a better life. In the middle case, governments must do all they can to ensure that dangerous religious nuts not enter their country. Europe, the USA, Canada, and other countries are seeing more and more closet Islamists, e.g. the Times Square and Portland bombers.

The same is true of the Somalis you mentioned in your earlier post. They are possibly the world’s craziest Islamists, not to mention that whole piracy / kidnapping thing, and for that reason they should not be at the top of the immigration list for any Western country.

With Snowden, the situation would be entirely different. The German government would immediately see the benefits of allowing him to enter. As I said before, Snowden is a pawn in a serious game.

“(web page from tagesschau.de)”

Mein Deutsch ist sehr schlecht, so I prefer to read Der Spiegel in English. Yes, I read about Christian Ströbele’s excellent adventure to Russia in Der Spiegel (Asylum Debate: Germany Wants to Question Snowden). I suspect he has an agenda of his own.

BlackAngel January 18, 2014 12:44 PM

http://boingboing.net/2014/01/18/glenn-greenwald-on-bill-maher.html

Bill Maher calls Snowden “totally b*tshit”.

Maher cited Snowden saying that NSA surveillance was more about social control and almost not at all about terrorism. Greenwald shot back, “What’s nuts is the fact that you think that’s nuts.” He argued that the bulk of what the NSA does “has nothing to do with national security” and said Snowden only speaks that way because he’s not a trained politician with a filter and people constantly whispering in his ear.

Maher granted him that, but maintained that “every time he opens his mouth, he always says something f*cking nuts.”

I have not watched the video, but that seems a pretty sad statement of imbecility from a man who is often revered as a intelligent contrarian.

Speaking of, everytime I hear one more story come out, I almost invariably find myself considering that anyone who believes this system is about terrorists is either a complete imbecile, or a stunningly self-deluded hypocrite.

The later is the conclusion I invariably make, as I do not believe even the most lowly of meatpuppets are imbeciles. Hypocrites, though, this is what they can have in most stunning array.

I hate to make such a stark statement, but there is some math involved here which is not that complex. I am not, however, seeing it well spelled out: this level of secret surveillance is absolutely detrimental to the existence of a democracy.

This is not alien to anyone, intrigue of the sort supplied by secret surveillance is common place in today’s media. For instance, two of the most popular shows, Game of Thrones and Revenge well spells out how detrimental secret surveillance can be.

If you can secretly surveil a corporate business person or a politician, you can control them. You can bring about their downfall, or lift them up for a price.

Destroying such a system is next to impossible.

The math easily works out to a future where control over corporate interests and politics is handled by those who have control of the surveillance systems. Which party uses it most ruthlessly and takes control for a perpetual system of rule is the party which wins.

As this is inevitable, it is sheerly a matter of time besides one interest or another does so. Which then invalidates all wars fought and all lofty speeches for liberty…. which invalidates all progress made towards the concepts of free markets and free nations.

There are, however, countless reasons for people to side with the bad guys. None of these reasons are noble. They have short lives and are trying to get what they can while they can — while appearing otherwise. The later bit requires little effort, as everyone is all too accommodating for that.

BlackAngel January 18, 2014 12:57 PM

@AlanS

[Obama praises spying, puts the revolutionaries as early spies, and then paints himself and intel as revolutionaries, which Alan notes is absurd and dishonest.]

Is anyone surprised Obama made statements that amount to nothing? His term will be up soon and the combined intel forces have far more power then he has. Not only can they be accounted as old style court masters of intrigue, but also they have strong bearing over the american military and police services.

As Tice has pointed out, Obama was under strong surveillance long before he was a “somebody”, and so it can also probably be estimated that Obama had to have had something on himself even to get elected.

That these men are selling their excesses as “pro-freedom” and “anti-terrorist” is disgusting.

They are clearly thinking about the here and now, and not five, ten, twenty years down the line when such systems would prove democracy’s undoing.

The service these intel leaders provide is daunting: they can order up for you whatever information you could possibly want on your political rivals, or on any corporate interests, domestic or foreign.

Of course, who is “you” that is offered this service is very likely extremely exclusive.

What do these people want? They want power, they want money. They want whatever fetishes they can get away with, besides these things. They want some degree of permanence to their power and money, security for that. Democracy does not provide them this permanence, but illegal and pervasive surveillance does.

Benni January 18, 2014 1:24 PM

@saucymugwump
In germany, the process of applying for asylum is traditionally very very bureocratic. And the usual refugee does not know german law or can hire a lawyer. And that is, what usually creates the problems.

They have to expect a long and highly bureocratic process that often goes over several years. If they are e.g. answering incompletely to the government, they are sent back immediately.

Refugees in germany are forbidden to work in the first 9 months of their stay. Moreover, until they have that permission, the refugees have to live in special asylums or camps in germany.

Before july 2012, refugees got 224,97 Euro from government per month until they got their permission to stay. The highest court ruled that this was against constitution. Now they get 354 Euro.

Even though it maybe that Snowden could get the permission to stay a bit faster than the usual refugee, going to germany would still be a tough undertaking.

Imagine: Being forbidden to work for nine months, living from 354 Euro per month, in a camp together with e.g. 4 foreigners in one room, until this painfully slow bureocratic process is finished that would in any case take months and whose outcome is not sure …

Snowden is correct to be cautious here. Even if the people from the control comission of the secret service want him in germany.

BlackAngel January 18, 2014 1:25 PM

@saucymugwump

[Snowden is not very smart, and made bad choices going to “our” enemies, China and Russia.]

Republicans and Democrats you have ascertained are about the same, but not Americans, Chinese, and Russians? Which nation is truly more dangerous to global freedom?

If you notice among genocidal nations in their worst depravity, they rarely embraced savage slogans as their mantra. Rather, they embraced lies, cutting lies, claiming to be the true vessels of righteousness while they cut down their enemies who showed the strongest evidence of being what they claimed to be.

The Americans are shouting slogans of truth, freedom, liberty, democracy, free markets (forget the “capitalism” mantra, the strive is towards free, competitive markets). And while doing this they are investing heavily in the armaments of intrigue.

Under the auspices of “terrorism”. As if terrorists are in the halls of corporate, private America, Europe, and the world. As if these ever present terrorists are in that swarm of 200 million plus SMS messages a day in the US alone.

For the past ten some odd years it has been America declaring themselves the good guys, while they have been ruthlessly attacked by China and Russia. Now, we know, the reverse is true.

Snowden has perfectly stirred the hornet’s nest. He has shown America to be condemned by the standards even of Communist China and ‘barely not totalitarian anymore’ Russia. This gets out a very strong message.

Also, as China and Russia are the mostly strongly attacked by America, they will be the most busy trying to route out where they have been attacked and setting up a disinformational counter-attack. Keeping everyone most safely busy.

Benni January 18, 2014 1:36 PM

A question that stucks me a bit is this localization thing.

NSA uses sms, internet connections and smartphone localization to get targets. The point is now: According to this article: http://www.sueddeutsche.de/politik/angriffe-in-afrika-drohnentod-aus-deutschland-1.1829921-2 they use this to assasinate terrorists in somalia. For example, the call from an english wife to their somali terrorist husband, was used to shoot this terrorist (and a goatherder as collateral damage).

One can certainly not say how many terrorist attacks this prevents, but certainly, nsa has the numbers of terrorists who got shot because nsa was able to locate their phones.

Stopping nsa’s bulk collection would also imply that they have to use new methods for getting their targets. E.g. they would have to sent agents to somalia. And that will cost money. The question is whether us government wants to invest this, if they can get it cheap as they do it now.

Nick P January 18, 2014 2:00 PM

@ BlackAngel

I think Maher’s right about Snowden in that he sometimes gets too ahead of himself or even inflates something. Greenwald’s response was great as he demolished Maher’s point. That this is the best Maher could come up with says more positive about Snowden than negative, ya think? 😉

BlackAngel January 18, 2014 2:11 PM

@Benni

One can certainly not say how many terrorist attacks this prevents, but certainly, nsa has the numbers of terrorists who got shot because nsa was able to locate their phones.
Stopping nsa’s bulk collection would also imply that they have to use new methods for getting their targets. E.g. they would have to sent agents to somalia. And that will cost money. The question is whether us government wants to invest this, if they can get it cheap as they do it now.

Currently, they are grabbing everyone’s information, in US, in Europe, probably in China, Russia… how any of this relates in any way towards “fighting terrorists” is absurd, at best, no?

They are working closely with major US firms, and that probably means they have information useful to these firms.

While we do not know who all may be profiting from these expenses, we can look at the visible leaders and observe they are being well paid.

Conversely, we can note that terrorists who literally come to the US to perform terrorism tend to congregate in groups that encourage and pay for these things. These groups are choke points. Such as the mosque the Boston bombers visited. And they were completely off the terrorism radar.

Nevermind that Osama Bin Laden was not caught by all of these fancy systems. Incredibly, he did not call anyone in America or Europe. And he further thwarted American forces by not using Yahoo, Facebook, MySpace, or Skype.

One can only imagine the staggering diabolical methods goatherds with ak-47s and a strong dislike of America might be employing to outscheme the enormous NSA system.

The NSA are probably far more concerned about knocking out foreign and local politicians who hold anti-surveillance stances… and observing major moves by major foreign and local corporations which can increase their stock profits.

That money would be a lot to lose.

BlackAngel January 18, 2014 2:17 PM

Nick P • January 18, 2014 2:00 PM
@ BlackAngel
I think Maher’s right about Snowden in that he sometimes gets too ahead of himself or even inflates something. Greenwald’s response was great as he demolished Maher’s point. That this is the best Maher could come up with says more positive about Snowden than negative, ya think? 😉

Heh. 🙂 I am sure.

Maher does strike me as the sort to play a good strawman, arguing the reverse of truth in order for people to come to the obvious rational conclusion that he leaves only vaguely blanked out. Such people are absolutely necessary because people feel much more confident when they have reasoned out the truth for their own selves.

(Perhaps merely that the reasoning process removes doubt.)

BlackAngel January 18, 2014 2:28 PM

Two other good privacy related boingboing posts:

The privacy scorecard Obama failed horribly at:
http://boingboing.net/2014/01/18/scoring-obamas-nsa-reforms.html

Oakland residents fighting against the “Domain Awareness Center” being built there:
https://www.change.org/petitions/the-mayor-and-city-council-of-oakland-ca-don-t-sell-out-the-people-of-oakland-to-the-department-of-homeland-security-don-t-vote-to-fund-the-domain-awareness-center

Really, who comes up with these names?

Apparently, a type of new city center designed for localized mass surveillance against civilians to “reduce crime”.

Skeptical January 18, 2014 3:23 PM

The NSA are probably far more concerned about knocking out foreign and local politicians who hold anti-surveillance stances… and observing major moves by major foreign and local corporations which can increase their stock profits. That money would be a lot to lose.

This is a great example of an incorrect mental image of reality driving analysis and conclusions.

You imagine the US government as a cozy club, in which things can be done with a wink and a nod. Someone at the NSA wants to know what will be in a company’s earning release tomorrow. Simple. Ask your friend to send you emails from the relevant personnel, read them over, and then buy/sell (lots of margin and lots of options, of course) accordingly.

But in fact government is a sprawling bureaucracy, in which some parts are highly motivated to find corruption or misconduct in other parts. Contrary to the impression some may have given, a tasking order for the intercept of domestic email communications will very likely include a field for an authorization code, which will need to link to a warrant. There will be a record. And when just one of the God-only-knows how many layers of bureaucracy, compliance officers, and agencies ranging from the SEC (who look for patterns of unusually good fortune in investments) to the FBI notice your unauthorized eavesdropping or trading activities, it’s over.

“Ah hah, but what if the corrupted are at the highest levels” you say. Then I will say that they are choice cuts of steak to parts of the government that are highly motivated to find corruption at the highest levels. The incentives and culture of the US law enforcement community tasked to investigating official corruption, and to conducting counterintelligence (obviously a group within the NSA that used signals intelligence to trade profitably would be of enormous interest to both groups) are extremely supportive of the detection and prosecution of this type of corruption.

Now, there’s a less easily detected, harder to prove, kind of corruption that manifests within decisions that are both reasonably defensible and require the exercise of judgment. Someone officially selects A over B for a contract because they know A will make their boss happy, even though that someone thinks B is truly better; the boss will be happy because the CEO of A is influential and will view him favorably. But since both A and B are defensible choices, and since this is all implicit, it’s very hard to demonstrate corruption.

It’s much harder to assess how often the latter type of corruption occurs. The former type of corruption, while it does happen, can’t generate to become widespread in the current institutional framework; there are too many people with incentives, protection, and cultural support to find and stop it.

The probability of corruption is greater when the official in question can act independently of the knowledge or scrutiny of anyone else. At the federal level, that kind of “privacy” is tough to come by. But at the local level…

Nick P January 18, 2014 3:32 PM

“But in fact government is a sprawling bureaucracy, in which some parts are highly motivated to find corruption or misconduct in other parts. Contrary to the impression some may have given, a tasking order for the intercept of domestic email communications will very likely include a field for an authorization code, which will need to link to a warrant. There will be a record.” (Skeptical)

Anyone reading this statement wouldn’t get the impression that either Manning or Snowden could have just taken huge collections of classified information without anyone noticing it happened. Yet, they did. Skeptical’s post reveals “an incorrect mental image of reality driving analysis and conclusions” with regard to accountability in NSA & DOD.

Doug Coulter January 18, 2014 3:35 PM

Given the rise of a certain type of astroturfing, here and elsewhere, I’d invite people to take a look at this link.
http://phys.org/news/2011-10-darpa-master-propaganda-narrative-networks.html

It’s more or less about a darpa initiative to “control the narrative”. Hey, they’re not even trying to hide the implications of propagandizing your own people – you know, the ones you’re supposed to be serving, instead of ruling. If you care about the constitution, which I understand now makes one a “radical”. I personally thought it was a pretty good idea, and took human nature into account. Though one of the founders did say – here, we gave you a republic – if you can keep it. So even this was predicted way back then.

The four most dangerous words in say, stock trading are “it’s different this time”. Well, sometimes the details change, but what never seems to be different this time is human nature. The above does not conflict with that idea.

saucymugwump January 18, 2014 3:42 PM

@BlackAngel
“For the past ten some odd years it has been America declaring themselves the good guys, while they have been ruthlessly attacked by China and Russia. Now, we know, the reverse is true.”

I will freely admit that the USA has done some evil things over the years:
– overthrow of Iran’s government in 1953
– shoot-down of Iran Air 655
– interference in Nicaragua
– killing large numbers of Vietnamese and Iraqis in misguided wars

But if you think China and Russia are such great places, then move there. I am tired of people who claim that the USA is the most evil place on the planet all the while enjoying the local ambiance.

Your mind is clearly already made-up, but just in case the door is not completely closed, try reading Radio Free Asia for stories on how China treats its own people, let alone the people of Tibet. Read how China deports North Koreans back to the DPRK even though it knows quite well that they will almost certainly be executed — and China is a party to Articles 33 and 35 of the United Nations Refugee Convention and Article 3 of the United Nations Convention on Torture which forbid deportation back to a country where refugees will be tortured, imprisoned, and/or executed. China uses North Korea as a buffer against the West, while 200,000 North Koreans are tortured and die in prison camps.

As for Russia: you really need to read Krebs on Security. Russian cyber-thieves are allowed to steal from any non-Russian company. Paunch, someone who bit the hand that feeds him, was arrested solely because he allowed his products to be used against Russian banks. Have you heard about the Target breach? And you really need to read-up on how Russia uses its oil and gas to bludgeon other countries into doing its bidding.

The NSA’s actions would not be ranked in the top fifty worst actions of the USA and I think maybe not even in the top hundred.

Figureitout January 18, 2014 3:45 PM

So are what did others make of the President’s speech?
AlanS
–Haven’t listened to it, don’t plan on wasting time on lies and insincereity. But articles give the same old failing “solutions”. Here’s the solution people, and it sucks b/c we all have to make time for it. Locally, start having meetings, where we start talking about local laws we want to have. How many people these days even know their neighbors? The politicians won’t listen so I’m telling you all to not waste your time, any Public affairs college students, change your major now and get a science degree b/c the jobs aren’t really there and it won’t give you many marketable skills.

They are not going to listen to the people anyway, so why even give a second of attention to it? We need new laws, starting locally. Now the problem is there will always, ALWAYS be some goddamn derper w/ dumb ideas and s/he will not stop even if basically everyone else disagrees. So to set up a new democracy, it’s really a lot of work and you need to think about setting up new oversight. Most of all you need dedicated people w/ the right mindset; which is hard in a crap economy, no one has time or money to put towards the effort.

Anything short of removal of these criminals from office by current police and military and starting over locally, so everyone knows the laws; will be failure and the same problems rehash themselves and nobody even gets involved in “the democracy”.

Even Bruce, having “secret meetings” w/ 6-members of Congress; while I understand trying to protect from subversion, seems like it’s setting up for another failure. We need entirely new people.

Also, be the solution. Setting up small local nonprofits dedicated to certain causes in your community w/ all local people. This is the way forward. Eventually, there shouldn’t be much need for the current politician or maybe even a lot of other public services; meaning we can cut gov’t and restore more freedom. That’s a stretch though, more of a very hopeful vision.

Figureitout January 18, 2014 4:03 PM

But if you think China and Russia are such great places, then move there. I am tired of people who claim that the USA is the most evil place on the planet all the while enjoying the local ambiance.
saucymugwump
–I don’t really. You’ve got a massively polluted place that actual sends people to “re-education camps”, censors your internet, and kills all attempts to make a better place to live. The other place has an ex-KGB as prime minister who “got elected” again after sitting out a term.

The point, is the US should be better, much much better and actual practice what we preach. Speaking of prison camps, we have a private prison industry here and lock up a lot of non-violent low level offenders here while we nearly had our entire economy destroyed by bankers who have anywhere from $200million–$1 billion and are free. The priorities are very messed up.

From my perspective, the US should be leading the charge on innovative secure computers that aren’t subverted by the gov’t. Otherwise we got practically no COTS product you can buy that is secure, and now refridgerators are getting hacked, so now someone on the other side of the world could shut off your fridge and spoil all the food or route child porn through your network and get you framed.

Skeptical January 18, 2014 4:17 PM

Nick P, someone should read the entire post, in which I specifically note that instances of corruption, including the misappropriation and misuse of information, still happen. My point is that the nature of the system prevents it from being widespread, which is contrary to the argument BlackAngel was making.

BlackAngel January 18, 2014 4:54 PM

@saucymugwump

But if you think China and Russia are such great places, then move there. I am tired of people who claim that the USA is the most evil place on the planet all the while enjoying the local ambiance.

Those responsible for enacting a surveillance state in the US are the ones who should move to Russia or China. They would feel much more at home in Medieval Europe, in Stalinist Russia, Mao’s China, or Hitler’s Germany. They have done all they can to undermine every principle of a free nation. They are – by every means – a minority. A powerful minority. And they are making their power play, today.

If they have their way, then, yes, in the future, the US and other free nations (today they can still be called “free”) will be the bulwark of a future totalitarianism the past could only dream of.

Excellent article on the techno-militarization of America:
http://techcrunch.com/2014/01/18/the-techno-militarization-of-america/

Really, the inevitable course of history would take its’ place if the surveillance state were to continue as is the wet dream of these fascist-at-heart fools.

I do not believe they will succeed in the slightest. But, I enjoy mocking their depravity.

If these fools were allowed to continue on the course they are on, they would create a bulwark of totalitarianism in the heart of the free nations. It would be a far stronger totalitarianism then any nation has seen in the past.

I know they will not succeed in the slightest, but I do not mind mocking their depravity while watching them try. It is an absurd spectacle. What man would do if he can get away with it. Always in the name of what is good.

It is that what free nations have is good which makes their actions so terrible. This whole “freedom” concept is really new to nations. Previously – and many are still this way – they were anything but free. Even in these vaunted free nations of today, what they were in the 19th century is what a China or Vietnam is today, effectively.

Heck, in the US, they just barely have gotten out of being able to see people of different colored skins as equal, and still have problems with that and seeing women as equal to men.

They barely have their knuckles off from dragging the ground… and their leaders would take them right back into the caves.

If they continued on their way – which they surely will not – they would have the whole planet back in the middle ages within fifty years.

But terrorists and liberals are not the threat, except how they use them as threats. They are the threat.

Stasi Quo January 18, 2014 5:00 PM

With the NSA unconstrained by the Constitution and functioning like the Stasi, one wonders where the Stasi scientists went after it was shutdown.

Perhaps the US joined the competition to acquire that talent before other nations could do the same.

BlackAngel January 18, 2014 5:11 PM

@Skeptical
Nick P, someone should read the entire post, in which I specifically note that instances of corruption, including the misappropriation and misuse of information, still happen. My point is that the nature of the system prevents it from being widespread, which is contrary to the argument BlackAngel was making.

Actually, I read your post, noticed my name, and thought, “How can he say the system is incapable of being abused when Snowden came away with so much information”. Then, I go and read Nick P’s post and it is that point he appears to be making.

I am sorry, but Manning and Snowden do prove the system is chaotic and beyond control. Nobody noticed them taking that information: who would notice if some intel leader sold some favors to a politician? Maybe giving him data on a political rival?

How small of a feat of taking what they are not supposed to take would that be in comparison to what a Manning or Snowden took?

And Hoover did exactly this. A lot. So it is not like this is unproven ground. He got away with it, too.

This data that is being slurped up is not just going to “the NSA”, it is going who knows where.

It can also be noted that this manner of behavior is not specific to the US. But, historically, anywhere these sorts of systems have been built, they have been abused. Granted, historically, not so difficult to figure this out: as it is primarily totalitarian systems that have built such systems.

Benni January 18, 2014 5:32 PM

@saucymugwump and Figureitout
I’m actually a bit stuck by the stereotypes that some US people have on Russia and China.

The russian constitution was copied from the frensh one. The center with a strong president was made, because they recognized that the society was not developed enough that several real and credible parties had been developed. For several years ago, russia was a one party system without much freedom for a single person. Political parties that can govern a state do not form up in just one night. Therefore it is no surprise, that the current president of russia is a former KGB apparatchik.

Because of its climate, china was, since thousands of years repetedly haunted by large famines. In the 18. century, the population began to grow and the problems increased. Now the Food and Agriculture Organization of the united nations say:
http://www.fao.org/news/story/en/item/209135/icode/
China’s gains against hunger have been impressive, said Graziano da Silva. China has registered some of the world’s sharpest reductions in poverty and chronic hunger in the past 20 years and already met the hunger-reduction target specified by Millennium Development Goal number one, namely, to reduce by half the proportion of chronically hungry people between 1990 and 2015.

And then I read comments on this blog like “reading Radio Free Asia for stories on how China treats its own people, let alone the people of Tibet. Read how China deports North Koreans back to the DPRK ”

Gee, Russia and China are in some sense developing countries. One can not compare them to an already developed industrial country like the US. Indeed, one also must see the communist dictatorships as a development step compared to what was before in these countries. Before that, these countries where absolutistic monarchies. The development from a monarchy to a real democracy takes centuries, just as it did in europe.

And having built up a surveillance system that the STASI in the former communist DDR in germany would be proud of, just tells something on how “developed” the US really are.

Benni January 18, 2014 5:33 PM

@Stasi Quo, yes, one could indeed think NSA employed the former stasi officers, like they dit it with Nazi Wernher von Braun and his V2 rocket.

After the russians have lerned that these NSA programs exist, russias FSB passed a law to do the same:

http://themoscownews.com/russia/20131021/191995741/FSB-wants-full-access-to-Internet-users-information—report.html

Like in Kubricks Dr Strangelove:

http://www.youtube.com/watch?v=2yfXgu37iyI

Russian Ambassador: “Our Doomsday scheme cost us just a small fraction of what we’d been spending on defense in a single year. But the deciding factor was when we learned that your country was working along similar lines, and we were afraid of a Doomsday gap”. President Muffley: This is preposterous! I’ve never approved of anything like that! Russian Ambassador: Our source was the New York Times.”

BlackAngel January 18, 2014 7:00 PM

@Skeptical
“Ah hah, but what if the corrupted are at the highest levels” you say. Then I will say that they are choice cuts of steak to parts of the government that are highly motivated to find corruption at the highest levels. The incentives and culture of the US law enforcement community tasked to investigating official corruption, and to conducting counterintelligence (obviously a group within the NSA that used signals intelligence to trade profitably would be of enormous interest to both groups) are extremely supportive of the detection and prosecution of this type of corruption.

I have confidence that any corruption will not win out.

I do not have that confidence because I believe the system is seamless and the workers perfect.

I think if you studied the history of counter-intelligence, and the work of internal investigative departments you would have to agree with me that there likely is a lot of abuse going on. And very likely abuse is driving the ‘wide net’ moves these agencies are making.

You espouse knowledge of counter-intelligence, and systems of back checking so you must know – in all good conscience – these are not at all perfect systems.

I believe that any abuses at the top – where the main problems lay – will be discovered and exposed.

But I am not about to assume there are no such problems. Especially not because none are yet found.

And on your argument about federal versus local: surely consider that if one is federal, there are areas where they might as well be local. Secrecy, for one, requires this.

Guys below can not be sure what the guys above are doing.

One good rule of counter-intelligence, is, however: it is the worst offenders who do the best job at rising to the top. And they rise specifically to the tops of agencies specifically designed to investigate their own selves.

Philby, Ames, Hanssen, and the like.

There are most assuredly individuals at the top of the food chain who can operate as they please without scrutiny.

We might as well add Hoover to the above list. And today, with the way the structure is, there could be a very many Hoovers with their own little super secret fiefdoms.

saucymugwump January 18, 2014 7:38 PM

@Figureitout
“while we nearly had our entire economy destroyed by bankers who have anywhere from $200million–$1 billion and are free.”

Totally agree there. I cannot understand how people can admire either Bush the Younger or Obama when they transferred hundreds of billions to banksters with no preconditions. I consider Tim Geithner the most incompetent Treasury Secretary of all time. I have argued with fools at the Atlantic Magazine who claimed that Obama had no choice but to bring in Geithner (yes, they were serious), when the list of qualified candidates included Warren Buffett, Sheila Bair, Brooksley Born, and Bill Black.

@BlackAngel
“But terrorists and liberals are not the threat, except how they use them as threats.”

Except for that pesky 9/11, the shoe bomber, the underwear bomber, the Portland bomber, the Times Square bomber, the Boston Marathon bombers, …

@Benni
“Gee, Russia and China are in some sense developing countries.”

I take back what I said before. I really am arguing with you.

When China deports North Koreans back to the DPRK, they are usually executed because the DPRK views its people as slaves. China signed UN conventions to stop that very thing. China is doing it because it views the prospect of U.S. troops near its borders again as the #1 evil. What part of the above do you not understand is evil?

Does Brazil, another developing country, have a similar problem with its neighbors? Can you name another country which has a similar policy?

Benni January 18, 2014 7:49 PM

@saucymugwump,
Brazil has no neighbor like north korea.
If china would not deport North koreans back, they would probably all go to china, and china would have the problems how to feed them.

A proper comparison could perhaps be made with certain african states.

Skeptical January 18, 2014 7:55 PM

BlackAngel, what I know of counterintelligence I’ve only learned through books and articles; I have no expertise or experience. Based on what I’ve read, I agree that corruption is always possible. Without question. And I agree that monitoring for corruption and abuse must be a continuous, rapidly adaptive process.

Re probability of intelligence official successfully selling blackmail material to politicians: What makes me dubious are the following considerations:

-“blackmail material” isn’t likely to be neatly collected these days for the corrupt official. He may need to specifically task collection on the target, which for a US person will almost certainly require notification of different offices and the filing of appropriate approvals and warrants. I’m guessing based on certain comments by Snowden that such tasking would attract a special amount of attention if it involved someone in Congress.

-He’ll need to sort through all the information collected to look for blackmail material. This may take a substantial amount of time and energy, for an uncertain payoff.

-He’ll need to transfer that information and figure out a way for the target to be contacted to threaten exposure of blackmail material without that contact being detected by surveillance.

-He’ll either need to have established a buyer beforehand, and have gathered the information before it became uninteresting to the buyer, or will need to move fast to find a buyer (and hope he isn’t exposed) after finding the information.

-The target may refuse and report the attempt.

-The target may be under surveillance by a different agency who will detect the attempt.

-The corrupt official himself becomes susceptible to blackmail by doing this.

It’s an endeavor so fraught will the likelihood of failure, and with so little payoff for the intelligence official, that the odds of even an attempt are likely low. If that official were the director of the FBI in the time of Hoover, of course, matters would be somewhat different.

It’s just as dangerous to sell information to a foreign intelligence agency, but even here the risk is somewhat lower, as the incentives and capabilities of the foreign intelligence agency will be conducive to success on the part of the corrupt official.

But as you point out, individuals do undertake to transfer information to foreign governments and other organizations, and people in powerful positions can nonetheless be unhappy or irrational, and do some fairly dumb things.

Clive Robinson January 18, 2014 8:02 PM

@saucymugwump,

It has been noted in the past that “those who live in glass houses should not throw stones“, lest people throw them back.

For instance I could mention “waterboarding”, “extrodinary rendition” and quite a few other things the US and it’s alies have been upto.

The simple fact is that most nations will get upto some form of quite unplesant behaviour towards it’s own or other nations citizens, especialy if it can find either an excuse to legitamize it or keep it from public attention.

The usual trick these days is to “long grass” things by “outsourcing” to contractors with partial or full deniability.

As for Germany getting 5eyes status, it’s highly unlikely. Historicaly the 5eyes came about out of geographical need and other than the original BRUSA two the others are either not run by their host nations (see NZ) or are limited in what intel they get out of the agrement.

The original two BRUSA countries don’t have any pressing need for German intel, thus the most likely use of German interest will be to put preasure on UK politicians with regards intel/defence spending, by droping hints that the supposed “special relationship” is under threat. As others have observed and the US has said it needs the UK in the heart of Europe, and it needs the UK to keep up on it’s defence spending. Thus the UK has an issue currently, it needs to make major cut backs on defence spending, and the Conservative Party has internal issues wher the “old lags” want “out of Europe”. Thus Germany will almost certainly be used as a “rod across the back” of UK politicos to “keep them on message”.

However as various figures show the “US special relationship” is not worth that much in terms of “Pounds Shillings and Pence” these days and when you factor in the cost of being the US “standup partner” in the various “war on terror” campaigns it is definatly a significant loss maker and drain on the UK Purse (then there’s the “Trident issue” making it very much worse). Much UK trade is with Europe and that is unlikely to decrease, in fact it’s more likely to increase in importance in the near future as will trade with both Russia and China. Europe, Russia and China look suspiciously at the “special relationship” and it’s no secret that diplomaticaly it’s effectivly tying one hand behind the back in trade and other negotiations. And Russia is an important trade partner with Germany and they would almost certainly not want Germany having a “special relationship” with the US…

So realisticaly it’s only those in the “old boy intel game” who as others have noted are not realy under the control of their respective countries elected officials that see benifit in the UK-USA “Special Relationship”.

Thus the only real hope for Germany getting second tier 5eye status is if they become more important to the US than the UK, and I suspect the price of entry will be to high anyway. That’s not to say they won’t get a lower tier entry where the relationship will be very “one way”.

How ever you also have to ask the question as to why Germany might want 5eye status? One possible reason to appear to want it is to use it as a negotiating chip with other European nations. Realisticaly it’s Germany that is keeping the fundemental tenent of the “Single Currency” afloat currently and it’s hurting badly and their citizens are far from happy. The Franco-German axis relationship is not what it once was and other North Western European nations don’t want to play the “Subsidise the south and east” game. As has been less than humourously said by other Euro nation journalists the Germans are taking up the British sense of humour, and Thatcher / Merkle comparisons are being made.

Politics and economics “make for strange bed fellows” at the best of times and the flip side of diplomacy is espionage in all it’s many forms, especialy when times are tough and “National Security” is more about “bread on the table at home” than “adventuring in foreign parts”.

Clive Robinson January 18, 2014 8:41 PM

@ Skeptical,

    -“blackmail material” isn’t likely to be neatly collected these days for the corrupt official. He may need to specifically task collection on the target which for a US person will almost certainly require notification of different offices and the filing of appropriate approvals and warrants. I’m guessing based on certain comments by Snowden that such tasking would attract a special amount of attention if it involved someone in Congress.

Err no, they have had in the past whole departments tasked with digging into peoples “reliability” and we know from past behaviour (Lavender Scare) that such information was used to at the very least “strong arm opponents”.

Whilst basic background checking for secret and top secret clearance had been “outsourced” due to the vastly increased need for the likes of Booz Hamilton and other contractors other roles still attract more than basic background checking. Those doing this sort of work do get to see just about any and all information without comment, what they do with it is unclear, and unless victims come forward we are unlikely to know. Historicaly we know from Hoover’s activities that people don’t come forward….

As has been observed numerous times about people in politics and the political organisation “a leopard can’t change it’s spots”, so I’ve no reason to beleive that the “strong arm tactics” have stopped, such is the nature of the political animal.

Nick P January 18, 2014 11:14 PM

@ Bob S

“How can we secure our routers? Is there such a thing as a firewall that can be trusted?”

You might start with my post here where I give examples. A few still exist. Warning: they’re EXPENSIVE.

Ryan January 19, 2014 2:59 AM

I think it is time to create software firewalls for our routers, and have routers provide enough processing and memory for such firewalls.

Clive Robinson January 19, 2014 7:00 AM

For the ‘NSA neigh sayers’ a little quote from history that you should contemplate,

    When Pastor Niemöller was put in a concentration camp we wrote [about it in] the year 1937; when the concentration camp was opened we wrote [about that in] the year 1933, and the people who were put in the camps then were Communists. Who cared about them? We knew it, it was printed in the newspapers
    Who raised their voice, maybe the Confessing Church? We thought Communists, those opponents of religion those enemies of Christians – “should I be my brother’s keeper?” Then they got rid of my brother’s keeper?”
    Then they got rid of the sick, the so-called incurables. – I remember a conversation I had with a person who claimed to be a Christian. He said: Perhaps it’s right, these incurably sick people just cost the state money, they are just a burden to themselves and to others. Isn’t it best for all concerned if they are taken out of the middle [of society]? — Only then did the church as such take note. Then we started talking, until our voices were again silenced in public.
    Can we say, we aren’t guilty/responsible? The persecution of the the Jews, the way we treated the occupied countries, or the things in Greece, in countries Poland, in Czechoslovakia or in Holland, that were written in the newspapers. …
    I believe we Confessing-Church-Christians have every reason to say: mea culpa, mea culpa! We can talk ourselves out of it with the excuse that would have cost me my head if I had spoken out.[1]

As the Pastor testifies, it is easy at the time to side with authority overtly or covertly, to as it were to bow the head and tug the forelock or say this is right because it brings order from the chaos that you imagine and fear. However it is wrong and you will if you are honest either stand up and say so, or spend your future years regreting that you did not do so. But if dishonest you will sneak away and pretend you were hoodwinked, beguiled or following the majority view and live in fear of being exposed as craven, or worse self intrestedly profiting.

[1] Translated from : Pastor Martin Niemöller’s Die deutsche Schuld, Not und Hoffnung, Zurich : Evangelischer Verlag, 1946, by Harold Marcuse, Professor of History at UCSB.

Clive Robinson January 19, 2014 7:29 AM

@ Ryan,

    I think it is time to create software firewalls for our routers, and have routers provide enough processing and memory for such firewalls.

It’s a nice sound bite but it will not work for several reasons.

Firstly even in the case of quite limited bandwidth routers the CPU’s can barely keep up. As has been sugested recently one way to find routers that have been attacked is to up their CPU load just a little. Those that are infected keel over and take considerable time to come back up and a change in trace route information from befor and after in both directions will indicate where the infected router is.

Secondly adding more memory just gives a larger space to hide malware in and putting more power in the CPU appart from being bank balance destroying will just add more power to any malware.

Thirdly, we know that currently the routers are being compromised at the BIOS level or lower (ie hiding in IO hardware microcontroler flash memory). There is no way software above the OS can see what goes on below the OS so cannot stop the malware doing what it does.

saucymugwump January 19, 2014 8:24 AM

@Benni
“If china would not deport North koreans back, they would probably all go to china, and china would have the problems how to feed them.”

You are completely ignorant of the situation vis-à-vis China and North Korea.

South Korea has repeatedly asked China to return North Korean refugees to Seoul. South Korea will put them on a South Korean airliner so it will cost China nothing. China refuses to do so for a few selfish reasons. I won’t bother to detail them because for whatever reason — indifference to Asians, perhaps — you are unconcerned.

saucymugwump January 19, 2014 9:41 AM

@Clive Robinson
“I could mention ‘waterboarding’, ‘extrodinary rendition’ and quite a few other things”

Please do not confuse me with Dick Cheney. I am not a liberal, i.e., I do not believe that Islam is a religion of peace, but neither am I a neo-con. We should have used the FBI to interrogate the Islamists. The FBI does a great job questioning spies, mafia members, motorcycle gang members, and other losers, and they do it while being civil.

“The usual trick these days is to ‘long grass’ things by ‘outsourcing’ to contractors with partial or full deniability.”

That is an amazingly dangerous development, given that those people are not managed very closely. I remember when thugs from Blackwater had a traffic accident in Iraq (probably their fault) and were therefore delayed. They reacted by drawing their weapons on U.S. soldiers. If I had been Secretary of Defense, I would have ordered a company of U.S. soldiers to arrest every single Blackwater thug, including their bratty CEO, and prosecute them for treason or something comparable. Of course, Dick Cheney would have intervened because his personal financial interests were at stake.

“As for Germany getting 5eyes status, it’s highly unlikely.”

I guess I’m a little more optimistic. Germany has leverage in the form of Ramstein AFB and its membership in NATO, not to mention what would have happened if Saint Snowden would have been corralled.

But then again, NATO is a Hydra. I believe that Obama’s campaign promise to recognize the Armenian Genocide was neutered by NATO responsibilities. That and the fact that he is just another slimy politician like Bush the Younger and Clinton.

“the ‘US special relationship'”

Yes, that. That always makes me chuckle, especially now that Britain doesn’t even have an active duty aircraft carrier (can you say “Malvinas”?). And it is doubly-amusing given how Britain cannot deport violent Islamists because of European Court of Justice rulings that even dangerous psychopaths deserve a family life (for some, multiple families).

“Much UK trade is with Europe”

Cameron and Farage are such clowns. If the UK leaves the EU, the trading implications will smack Britain right in the wallet (Ford warned the UK about that).

“Realisticaly it’s Germany that is keeping the fundemental tenent of the ‘Single Currency’ afloat currently and it’s hurting badly and their citizens are far from happy. The Franco-German axis relationship is not what it once was and other North Western European nations don’t want to play the ‘Subsidise the south and east’ game.”

You have hit on one of my favorite subjects. Germany was the #1 exporter just a few years ago and is now #3, just behind the U.S. It does it by making the world’s best automobiles, industrial machinery, tunnel boring machines (at least one of which is in London right now), and a few other categories. There is no reason the U.S. and Britain could not be in that market, except that both of our countries funnel a large portion of our funds and energy into casinos. And the U.S spends an equally large amount on the black hole of the DOD (Unaccountable: The high cost of the Pentagon’s bad bookkeeping).

The EU shot itself in the foot when it accepted Malta (selling EU citizenship for 650,000 euros now), Bulgaria, Romania, and Croatia, all for reasons of corruption. Allowing Cyprus in should have been a way to force Turkey to remove its troops from the northern half of the island. And to even consider Serbia, Montenegro, Macedonia, Albania, Bosnia and Herzegovina, Kosovo, and Turkey is insanity compounded. There are a number of British politicians who favor Turkish membership for reasons I cannot fathom.

“Thatcher / Merkle comparisons are being made”

I actually find Merkel to be a better than average leader, far better than Obama, Hollande, Cameron, or Putin. Thatcher was often prickly; you know she opposed German reunification, right?

Getting personal, I see January 19, 2014 9:48 AM

saucymugwump, you seem to be asserting you know something of your interlocutor’s character, picking a plausible reason for that assumed frame of mind, and using this as a slur.

Why ? This topic seems of clear interest to you, judging by the comments above, so it would be a shame to see it derailed by to the person invectives.

Figureitout January 19, 2014 10:16 AM

Benni
–Yeah it’s a stereotype; of the country and opportunities there not just the people there. Wish I could actually go there and “feel” the place. I forget who my dad said he talked to who said someone he knew got sent off to a re-education camp. And a Chinese girl I know had a social media post deleted that was critical of the gov’t. My dad’s small company does plenty of business w/ a German company. Been friends w/ Russians & Chinese; citizens of the world get along fine w/ each other, it’s the gov’ts and its agents that ruin relationships and start wars.

Markus O.
–Nice little write up. It’s these kind of projects, that are simple, well documented (and state risks that are pretty much impossible to always address) that will democratize technology the most and get more people using it securely. Now I got a use for my RaspPi lol.

saucymugwump January 19, 2014 11:02 AM

@Getting personal, I see
“you seem to be asserting you know something of your interlocutor’s character”

One of my many personality flaws is that I answer insults in kind. Go back to Benni’s previous comment where he said:
“And then I read comments on this blog like ‘reading Radio Free Asia for stories on how China treats its own people, let alone the people of Tibet. Read how China deports North Koreans back to the DPRK'”

In other words, he was belittling me. Now I am a big boy and usually do not react so forcefully to insults, but when it comes from someone who is clearly ignorant of the facts, it annoys me.

The situation in North Korea is the worst of any country in the world, yet it does not appear to be a priority for the West. Women in the prison camps, where 200,000 people are currently being held, are sometimes raped and then killed to prevent their telling anyone. Torture and executions are common in the camps. The government does not lift a finger to help orphans, yet when they attempt to leave the country, they are routinely executed. Obama, one of our most incompetent presidents — along with Nixon, Harding, Clinton, and Bush the Younger — allows Dennis Rodman to arrange basketball games there, when in past times that sort of behavior would have been considered treasonous.

And the nutty thing is that I am not Korean, so I have no idea why I care.

BlackAngel January 19, 2014 11:05 AM

@saucymugwump
“But terrorists and liberals are not the threat, except how they use them as threats.”
Except for that pesky 9/11, the shoe bomber, the underwear bomber, the Portland bomber, the Times Square bomber, the Boston Marathon bombers, …

In context of what I am talking about: threats to the survival of the free world … no, they are not threats in comparison to the threat of an out of control military and intelligence complex.

And anyway, the expansion of those powers as astronomically as we are talking does little to nothing to curtail terrorism, and actually is pretty well guaranteed to increase it.

I am sad to see people yet again motivated by fear in their decision making, and power, instead of intellect.

Rhetoric and ego does not change these simple facts, nor change history. Though, I am sure maybe a billion dollars can stop the looming threat of shoe and underwear bombers. Problem is cannons are very poor devices for stopping flies. People do not buy cannons for swatting flies even if they say they are. They buy them to make war and conquer, to pillage.

The Nazis were not really interested in stopping a global conspiracy, which did not exist. The Stalinists were not really interested in the welfare of the worker. The Inquisitions were not really interested in the opinions of God. And the free nations are not really interested in terrorists.

William Payne January 19, 2014 12:34 PM

It seems like all the “NSA exploit of the day” stories are targeted against networking gear: routers, firewalls and so on. Is this the case for all the exploits? How do the targets break down in terms of percentages? Can we draw any inferences from this about strategic priorities? (I am heading to the archive now to have a look for myself).

Nick P January 19, 2014 12:59 PM

Slashdot reports that D J Bernstein’s high speed crypto algorithms recently made it into both OpenSSH and OpenBSD’s signed package tool. Article indicates Google also supports some of the tech. Good sign.

@ Mike the Goat

You were wanting to code a version of our signature idea a while back. If you ever do it, you might find the Signify code useful. You know it will have good quality, too, considering the source.

BlackAngel January 19, 2014 1:12 PM

@Skeptical
BlackAngel, what I know of counterintelligence I’ve only learned through books and articles; I have no expertise or experience. Based on what I’ve read, I agree that corruption is always possible. Without question. And I agree that monitoring for corruption and abuse must be a continuous, rapidly adaptive process.

[and noting many checks and balances]

Of course, we have to agree to disagree here. But, in either case, we are talking about unprovens. There could be vast corruption utilizing the surveillance systems, or there may not be.

If I am correct, then I do share your optimism in this way: regardless of how numerous and powerful the offenders are, they will be exposed and come to their downfall.

Time will tell.

I will state my confidence is based on experience of the competency of some who work in government.

I would state they are downright dreadful.

Nick P January 19, 2014 2:03 PM

The older highly assured systems have plenty to teach us about stopping NSA level threats. However, information on NCSC and its Evaluated Products List practically disappeared off the net in past year. I had to dig and dig to even get the web address. Fortunately, Wayback Machine has pages from that address.

Evaluated Products List
http://web.archive.org/web/20060210122257/http://www.radium.ncsc.mil/tpep/epl/epl-by-class.html

(Pay attention to B2-A1 products. Only A1 products were considered secure, with B3 highly resistant to penetration.)

Final evaluation reports partial list
http://web.archive.org/web/20060429012720/http://www.radium.ncsc.mil/tpep/library/fers/tcsec_fers.html

(Gemini, XTS-300, and Trusted Xenix are most educational, and secure, products on the list.)

Nick P January 19, 2014 2:10 PM

@ William Payne

If they aren’t focusing much on endpoints, that may imply that all the main endpoints are thoroughly subverted or hackable. A dire situation.

BlackAngel January 19, 2014 3:09 PM

@Anura

I was reading that — my impression is they may have intimated more information with the journalist then they were feeling they could share. But, my impression was also, “What a complete bunch of utter incompetents, simply further trumpeting their own outrageous incompetence whatever the case was”.

Had Snowden been working all along with Russia, he could have continued to stay out of the public limelight and they likely would have insisted he stay in place and stay quiet. He could have been a lifelong asset that could move up the chain of command for them and the information of their own hacked assets would have been kept secret allowing them to turn them against the Americans without the Americans suspecting.

Now the Americans know all of that is compromised.

Anyway it goes, they admit one person with limited access could do them extremely severe damage.

No armies of stealth ninja spies necessary.

Keep the money flowing and let no heads roll that were actually responsible.

NobodySpecial January 19, 2014 3:24 PM

So Mike Rogers and Dianne Feinstein are saying Snowden may have been working for Russian spy agencies.

Well the Russian Spy agencies are big employers. Between 1979 and 1997 in the UK – all union organisers, peace, environmental, gay rights, anti-racism and anti-nuclear campaigners were working for the KGB. As were all the labour politicians who made up Blair’s government and everyone at the BBC.

Ironically the only ones who actually were working for the Russians were all the heads of the intelligence agencies.

Clive Robinson January 19, 2014 4:17 PM

@ Anura,

    So Mike Rogers and Dianne Feinstein are saying Snowden may have been working for Russian spy agencies

Yup and when an aircraft falls out of the sky it must be pilot error (unless s/he’s still alive to defend themselves).

It’s this sort of knee jerk response that is responsible for much of the ills in society, that is neither the real truth or justice are sort by authority. All those “in charge” want is that “justice is seen to be done” to keep the public quiet, prferably to someone who cannot defend themselves because they are dead or incapable of mounting a defence.

As far as those in charge are concerned the biggest evil there is are those that threaten their position, and they will fight like cornered rats to maintain that position

Feinstein is guilty not just of “being asleep at the wheel” of oversight but also on being “pulled over” also found to be “drunk and disordaly” having biten off more power than she can consume. She is without any doubt a disgrace to America and probably guilty of insider trading and other abuses of power, her word is of no value and her opinions less so. I would say “the sooner she is gone to hell the better for every one” but unfortunatly there is probably some one equaly as bad waiting to step into her shoes.

We see similar over on this side of the puddle with “rockets Rifkind” and just recently William “14 pints a day” Hague all saying just how wonderful GCHQ is and how well they monitor it…

Rodman5 January 19, 2014 4:29 PM

@Benni
In germanys asylum laws, it is stated that the migration department must consider so called “nachfluchtgründe” (after escape factors). It is said that applications for asylum get accepted fast, after the refugee has provided interesting answers to the “institute for interrogations”.

“institute for interrogations”..? sounds awful. Hopefully it is now as awful as it sounds(?)

Clive Robinson January 19, 2014 4:57 PM

@ Nick P, William Payne,

    If they aren’t focusing much on endpoints, that may imply that all the main endpoints are thoroughly subverted or hackable.

Whilst that is likely to be true, I suspect the reason is different.

Network gear such as routers are only manufactured by just one or three companies, the OS’s on them are closed source and so is the hardware. Whilst not quite a mono-culture it is close enough to not realy make any difference (when it comes to corporate spying).

This makes developing a covert listening device fairly easy at puts it in the prime “upstream” position for doing all sorts of Man In The Middle attacks.

Importantly though consider how few (if any) people actually monitor the “upstream” side of their router or actualy do any other security work on the upstream side.

Likewise consider how many people just treat the router as a “black box” partly out of lack of knowledge, but also in quite a few cases it’s not owned by them but the service provider.

Now consider the risk of discovery, on a router it’s quite minimal compared to an end point.

Now when you consider encryption it’s become quite clear it’s only secure if used properly. This means “off line” on a correctly issolated system with proper TRNGs etc etc.

Well for 99.99999% of users their only use of encryption is “online” where “key-leakage” of some form detectable across the wire is standard. Which is most easily gathered at the upstream router.

Likewise injecting fake packets to do “fallback” attacks or bougus PKI certs is most easily done at the upstream router.

Likewise if you have put malware on an endpoint the upstream router is going to be the place to pick it up. Especialy if it uses a covert time/frequency based covert channel (think back to Mat Blaze’s keyboard bug that used time delays and went through the end point transparently).

Not that this thinking is new, we’ve talked about upstream attack points in the past.

Benni January 19, 2014 8:20 PM

@Rodman5

Well, perhaps “institute for interrogations is a bit wrong translation. It means “Institut für Befragungswesen”, which could also be translated as “institute for questioning”.

The people there are certainly very friendly. That is not the problem.

The problem is, that for the migration office, the refugee has to prove that he is, according to the laws, a candidate for asylum. And the german law is very very detailed.

For example, often refugees in germany make hunger strikes protesting against their threatment:

http://www.dw.de/deaths-possible-at-refugee-hunger-strike-in-berlin/a-17164557

http://www.dw.de/police-raid-munich-camp-of-migrants-seeking-asylum-in-germany/a-16916231

http://www.dw.de/asylum-seekers-in-bavaria-go-on-hunger-strike-to-highlight-their-plight/a-6330316

This is, because sometimes, the migration office came to no clear decision on their status since for example, three years… And for that time, they have to live in some remote camp, forbidden to travel or work.

Snowden is very correct, when he is cautious with an application for asylum in germany. Because in his case, he can not invoke humanitarian reasons (e.g possible torture and death sentence in his homecountry) that would prevent to send him back.

Furthermore, he could expect that the migration office and this institute for questioning of BND can only judge his case completely, if he would tell them anything that he has.

And the migration office would certainly not give him asylum status, until they have reviewed and carefully disected all his files…….

For a usual refugee it takes several years until his papers have all gotten carefully reviewed by migration office. And snowden has gigabytes of files and documents they would have to review…..

This is how it typically works in germany. Very precisely, but also very slow, just to assure everything being in law and order….

(If you loose your job in germany, then something similar happens. theoretically, you get enough to live from government. Just that it takes up to half a year until the office has reviewed all your documents and made its decision…..)

shortMemory January 19, 2014 8:52 PM

Russia has no interest whatsoever in what Snowden took — they had it all already thanks to Royal Canadian Navy Sub-Lieutenant Jeffery Delisle.

Delisle provided 32Gb a month of NSA databases to Russia, from 2007 until his arrest in January 2012. The transcript of Delisle’s four-hour debriefing interview is online. He had full access to the STONEGHOST, the intelligence database used to share SIGINT information among the FVEY (Canada, US, UK, Australia and NZ).

It’s fair to say that NSA could provide a public internet query portal to STONEGHOST today without the slightest security risk. Yes, there would be some embarrassment here at home — and that’s the real issue

Russia conducts very little electronic espionage of its own initiative– here they were piggybacking on the US’s $52 billion a year snooping for $3,000 a month.

http://www.cbc.ca/news/canada/nova-scotia/navy-spy-blames-marriage-heartbreak-for-betrayal-1.1239255
http://www.thestar.com/news/canada/2012/11/29/russia_used_canadian_spy_to_obtain_us_secrets_newly_released_documents_say.html
http://en.wikipedia.org/w/index.php?title=Stone_Ghost& oldid=539384530
http://s3.documentcloud.org/documents/480853/rcmp-interview-with-navy-spy.pdf

NobodySpecial January 19, 2014 9:22 PM

@shortMemory – that sounds like a very good deal, perhaps we could subcontract spying out to the FSB. Nobody could object to being spied on by the Russians as opposed to the NSA and it would save $$billions

Tom239 January 19, 2014 10:57 PM

From that Jan 19 NYTimes article (Congressional Leaders Suggest Earlier Snowden Link to Russia):

“Intelligence officials say they have no doubt that Chinese and Russian intelligence have obtained whatever information Mr. Snowden was carrying with him digitally.”

Note that the officials are unnamed. The Times likes to say they only grant anonymity for good reason, but in practice they grant it too freely. In this case, the “officials” are sniping from cover. They are smearing Snowden with the Times’ cooperation.

dgh January 20, 2014 1:31 AM

Nick Payne writes “It seems like all the “NSA exploit of the day” stories are targeted against networking gear”

I suspect we will see some revelations where a certificate authority is turning over private keys under a NSL order, at least for some certificates. Its already happened with Lavabit, abeit unsucessfully, and I suspect its only a matter of time before other instances are publicized. It seems like the likely route for the MITM attacks to work against Google etc.

Because of this, I’ve gone to creating self-signed certificates for my openvpn servers, DD-WRT routers(which are open-source) and .ssh configuration files.

Zimmerman’s original PGP had a web-of-trust that allowed for a peer-to-peer evaluation of trust. Brilliant concept. People meet and trust their ultimate contact, and a shared trust value indicates relative trustworthyness of others.

openssh has been recently enhanced to implement more enhanced forward secrecy algorithms than ECDSA, supplanting NSA elliptic curves in ECDSA. Think curve25519; its brilliant.

I suspect its only a matter of time before a web-of-trust db instead of a certificate authority is implemented for ssh ssl and other forms of end-to-end encryption software.

Once adoption of strong crypto becomes widely used, the NSA snoopers will be reduced to one-by-one black bag jobs and the economies of scale currently exploited will be no more.

Clive Robinson January 20, 2014 2:07 AM

@ ShortMemory,

In all the more recent spy stories it’s not that it’s going on that is surprising but the vast volumes of data involved.

In each case the volume was more than could be read by an ordinary individual in the time frame involved [1].

Further is the bredth or range of apparently unrelated documents they access, there is a lot of difference between research searching and just general hoovering of documents [2].

Whilst in the case of Ed Snowden his job was not research but managment of systems thus bulk movment of unrelated documents etc might be expected, there would still be a discernable pattern to the behaviour related to the work carried out.

In times past information was corralled quite strongly in several ways which limited it’s leakage. At some point around the turn of the century, this process of controling data was relaxed. It is perhaps not unrelated to the moving of intel analysis from in peoples heads to technocratic solutions where automated systems look for patterns in data, thus falsely encoraging quantity of data over quality of data.

However as industry is discovering with quantity the amount of channel noise is proportional to the channel bandwidth not the desired signal bandwidth. Thus anything other than obvious signals gets swamped.

Perhaps one or two more cases of mass information exfiltration will make more senior intel staff realise a return to quality from the glut of quantity will make not just for more effective operating but also more secure operating.

As has been observed about children in sweet shops to much choice leads to undesirable outcomes…

[1] To give people an idea a floppy disk with text files or only lightly marked up files is the equivalent of a couple of three hundred and fifty page paperbacks (of 70chars/line, 35lines/page and about 20% white space is aprox 2KBytes). Even with the likes of MS Word if used correctly it’s still well above one quite thick paperback. And with the best will in the world few people can sustain that level of “skim reading” on a daily basis and still carry out a nine-five job.

[2] Normaly when doing any kind of research the documents are related via a recognisable set of search criteria such as document titles, authors names, technical terms etc with the selection process becoming more refined with time spent on the research. That is document searching starts in “breadth mode” then goes into “depth mode” then back to a more limited range breadth mode. Just knowing which documents get retrevied can enable an observer to work out the area of research as well as the researchers style.

[]

name.withheld.for.obvious.reasons January 20, 2014 4:27 AM

@ Clive Robison

You mentioned Rogers and Diane, what may be a way to bring the conspiracy full circle is to look at what committees the republicrates have a seat. Very interesting–as former FBI and prosecutor, Diane just the later, it’s easy to see why civil rights are not high on their list(s).

Clive Robinson January 20, 2014 5:46 AM

@ Bruce,

I’m not sure what direction (if any at the moment) your Hawks-v-Doves research is going in.

However the following article might be of interest,

http://opinionator.blogs.nytimes.com/2014/01/18/what-happens-when-the-poor-receive-a-stipend/

It indicates that an unconditional and reliable source of income for the poor by the giving from a community resource has a marked infuluance on life long outcomes for the children in poor familes. Which appears to actualy have a saving in longterm social costs (it aligns with other studies from around thirty years ago).

Adjuvant January 20, 2014 5:56 AM

@Nick P

Speaking of OpenBSD, looks like they’re in a bit of a crunch these days. Being essentially non-technical, I’ve never tried installing it until now, but it can hardly be more challenging than Gentoo, right? 😉 I might just convince myself to spring for a copy of their latest release disc set & associated feelies.

Nick P January 20, 2014 7:42 AM

@ Adjuvant

That’s funny. Those guys are really cocky till they run into money trouble. I bet the “logistical reasons” against a move are mainly Theo de Raadt wanting to maintain physical control over everything. He probably loves the ego rush he gets when he walks into the room with dozens of old servers of all architectures sucking power running his OS. He’d probably say “their” or “our,” but we know what he really means. 😉

In any case, if you know UNIX, you can get OpenBSD to work. It’s comparable to a Linux with little to no assistance tools. In the past I heard a person say that installing, configuring, and using OpenBSD is the best UNIX education one can get for free. Haha. Anyway, it has fewer defects than most, almost everything is off by default (safer), and the code is available under permissive license (BSD). BSD’s you can copy, tweak, or remix into a commercial product with nobody knowing unless they reverse engineer it.

One guy even tried a port to the L4 microkernel where OpenBSD was a user-mode app. Back when I pushed separation kernels here, I used to joke about starting with a strong kernel like INTEGRITY then adding (in user mode or ring 1) rock solid OpenBSD for trusted, non-kernel code. Minimize the OBSD to contain just what app needs. The L4OBSD project is at least in the right general direction.

Benni January 20, 2014 8:30 AM

What might help snowden to get asylum in germany could be this new development:

http://www.manager-magazin.de/politik/deutschland/merkels-handy-abgehoert-generalbundesanwalt-koennte-gegen-nsa-ermitteln-a-944335.html

The spiegel has given the NSA files that write on tapping Merkel’s phone to the federal prosecutor.

Now after almost half a year of assesment of these files, the public prosecutor general of the federal court of justice (that is simply the chief federal prosecutor in germany), has concluded, that “could be” an “initial suspicion” for a crime done by NSA in germany.

The decision, whether he opens a preliminary investigation by public prosecution has not been made yet. But the chief prosecuter has informed the ministry of justice that this could happen.

It may well be that the chief prosecutor takes another half year of assessing these files further and then opens a formal investigation, which also could take years.

If such an official investigation is opened, Snowden would be an important witness. Then maybe an application for asylum will get faster than usual, (e.g. only two years instead of three or so….)

Bryan January 20, 2014 10:42 AM

“”I am sorry, but Manning and Snowden do prove the system is chaotic and beyond control. Nobody noticed them taking that information: who would notice if some intel leader sold some favors to a politician? Maybe giving him data on a political rival?””

I always wondered if the system security was so lax so they could slip data to their friends without it being noticed.

“”-He’ll need to sort through all the information collected to look for blackmail material. This may take a substantial amount of time and energy, for an uncertain payoff.””

I seriously think you underestimate the value of graph theory and meta data sets. In college I wrote a database core that makes this type of analysis easy. It would be very easy to correlate a list of known dissidents with a person to find links, even a couple jumps deep. That can then be used filter which communications are looked at. With a large distributed system it is also possible to just automatically scan large amounts of data for keyword references. For a target, build a list of everybody to three jumps out, then scan all their communications.

“”And the nutty thing is that I am not Korean, so I have no idea why I care.””

You care because we are social creatures with built in hardwired empathy.

BlackAngel January 20, 2014 12:41 PM

@Bryan
I always wondered if the system security was so lax so they could slip data to their friends without it being noticed.

Apparently so. I think Manning & Snowden says something is seriously wrong. There are plenty of stories of cops who have misused their own systems for personal reasons, and the ease of which they have done so speaks that it is likely very easy for others to do so.

With the “source everything out” mindset, further, it seems the idea of everyone being in a strictly controlled and intimidating environment is way out the window. Defense contractors are making a lot of money in these deals, and leaders of intel, even the very visible ones, are not afraid of shying away from showing their profit from dealing with these companies.

Really, what disturbs me is they have performed such wide net operations, seemingly without concern. It really would be only a few hop skips that these databases of information could be poorly guarded, allowing access from higher ups, or even lower down employees — cut through the red tape.

Keep up the appearances of legitimacy by forcing a certain number of court stamped subpoenas and the like to keep going through. Meanwhile, the bulk of the access would be completely without any kind of rubber stamp. Hoover did something like this, and it is routine for processes to have such holes. It helps people do real work.

There is no burden of proof on anyone that this is not the case.

There are no cases, either, and I think law enforcement and intel agencies would be willing to look the other way and are not so eager to investigate each other.

I seriously think you underestimate the value of graph theory and meta data sets. In college I wrote a database core that makes this type of analysis easy. It would be very easy to correlate a list of known dissidents with a person to find links, even a couple jumps deep. That can then be used filter which communications are looked at. With a large distributed system it is also possible to just automatically scan large amounts of data for keyword references. For a target, build a list of everybody to three jumps out, then scan all their communications.

I did not go into detail about blackmail, but you can see how it can play out in Game of Thrones or Revenge, two popular shows.

You usually do not need to actually have anything on someone. You can just inject into conversation in a plausibly deniable way private information about them to give them a scare and say, “We are watching you”.

For politicians, they are especially vulnerable to this.

They can confront the person, and they can easily deny it. The person their own self does not even need any solid name or proof of who they are. They could be a stranger the person meets at a bar, at a hotel, at a coffee shop. They just then need to identify themselves as working for the faction putting pressure on them, such as by injecting in conversation a plausibly deniable statement that only the politician and the division would know.

They would be good to wear a disguise at this juncture.

If the politician continues to not get along, then they could start digging.

Often just the very idea that one could be watched without even all of this fanfare probably is enough to get most politicians compliant.

There are also other appeals, like, “We are working on your team”, and “you want to have us back you” sort of appeals.

Feinstein and McCain probably feel like golden knights of the round table, such ass kissers they are of intel and leo’s.

AlanS January 20, 2014 8:02 PM

Obama’s speech also made use of this old canard:

“The program [bulk collection of telephone records under Section 215] grew out of a desire to address a gap identified after 9/11. One of the 9/11 hijackers – Khalid al-Mihdhar – made a phone call from San Diego to a known al Qaeda safe-house in Yemen. NSA saw that call, but could not see that it was coming from an individual already in the United States.”

He doesn’t actually claim that if we’d had this in place we could have stopped 9/11; he just implies it. Bulk collection is a red herring. They were listening to the Yemen safe-house calls and could have tracked down the other end of the calls if they had wanted to do so. We also know the intelligence services had lots of data about Khalid al-Mihdhar for up to 18 months before 9/11 but mishandled it.

The whole speech comes over as carefully crafted to be misleading right from the opening lines about the “The Sons of Liberty”. There’s plenty of talk about privacy and civil rights in the speech but not much substance to it. Over on Lawfare Blog ( http://www.lawfareblog.com/2014/01/the-presidents-speech-and-ppd-28-a-guide-for-the-perplexed/ ) the speech is characterized as “a strong and tactically clever defense of the intelligence community—a defense that signals a great deal more change spiritually than it promises in practical terms”.

Mike the goat January 21, 2014 1:00 AM

Nick P: thanks for the tip. I am still committed to doing something, just have to organize some free time which is a commodity that is in short supply at the moment!

name.withheld.for.obvious.reasons January 21, 2014 2:33 AM

WOT–

@ Clive (I’ll get his name right) Robinson

Apologizes (American English of course) for the misappropriation of your avatar/name…caught it after the post.

Regards,
NWFOR

BlackAngel January 21, 2014 7:05 AM

@AlanS

I think the gorilla in the room is that all of this defies belief for any good reason. It defies all reason. It is cartoonish. The claims that this is all for terrorism have got to be one of the more stupid claims a government has ever made.

AlanS January 21, 2014 7:43 AM

@BlackAngel

Yes. Interesting coincidence that the speech fell on the same day as Eisenhower’s speech in 1961 warning against the risks of the “military-industrial complex” and the “potential for the disastrous rise of misplaced power” that might “endanger our liberties or democratic processes”.

name.withheld.for.obvious.reasons January 21, 2014 8:10 AM

An article from Steve Levy on wired encapsulates the political issue surrounding the NSA (indirectly) in the last sentence of his article.

Notice anyone missing from the discussion?

Curious January 21, 2014 8:20 AM

Last night I watched a brief segment of Obama’s speech from the other day and found a statement to be a little peculiar.
I am looking over the entire speech now and see that he mentioned Snowden and started talking about the disclosure of classified information.

Right after this Obama states: “If any individual who objects to government policy CAN take it in their own hands to publicly disclose classified information, then we will never be able to keep our people safe, or CONDUCT FOREIGN POLICY.” (My emphasis in bold.)

As a non US citizen, what I find interesting is that Obama here seem to imply that only the country of USA should be able to “conduct foreign policy” and that others shouldn’t.
The kind of secrecy that Obama qualify for presumably ever having, ever wanting or ever conducting a foreign policy, for which Obama states he cannot have if he cannot prefectly expect secrecy, surely will patently deny any other foreign government of having such secrecy at all in their foreign policy.

This looks like some kind of circular reasoning to me because of the obviousness of what one must defer from a definetively “never”, but imo a good example of a hypocritical statement that use the particular excuse of unwanted disclosure to victimize itself in the same process as conducting espionage against all others. As if Obama said: “We can’t ever possibly allow other nations to spy on USA” but also “It is perfectly reasonable for others to always keep spying on us”.

It is important to note here I think that Obama is not lauding espionage capabilities as some kind of international sport, he is obviously promoting own nation activity against other nations regardless of any rationale. As if might makes right, in domestic relations as in foreign relations. And so, imo USA (and other nations behaving like this) are not really lawful nations, in simply assuming their right for behaving like this (by simply providing excuses). Like my country Norway that has decided on the forced storing of peoples communications data as a national directive. Presumably the military or secrecy agencies do whatever they want and any legal measure might as well be thought of as a possible whitewash of past,current or future measrues, if the storing of communications data perchange already is happening or will happen for bulk storage.

Also, at at the end of Obama’s speech it says: “Having faced down the totalitarian dangers of fascism and communism, the world expects us to stand up for the principle that every person has the right to think and write and form relationships freely – because individual freedom is the wellspring of human progress.”

I think it is highly unlikely that this “individual freedom” could ever be the same thing as the “personal freedom” that any individual or rather person would intuitively have in mind, because this “individual freedom” couldn’t possibly have to do with a “need for freedom”, because of how such “freedom” is already implicitly provided and wouldn’t be needed as such. So, if you yourself need freedom, this “individual freedom” is probably not what Obama is referring to. The difference between political version of “freedom” and personal freedom is not about anarchism or idiocy, I would say that the political idea of “freedom” is a generalization and as such simply a white lie, because it is intended to mean something else from different points of view. I dare say that only when the “political” and the personal is understood to mean the same thing, only then “freedom” comes to mean the same thing, and that is probably not the idea most people have about freedom. To clarify something: anything thought to be “personal”, is never “political”, else anything personal stop being meaningful denomination and there would be no intention, hope, though or will to respect in the individual, or rather in the individual person.

(Before posting this I made myself read the entire speech so that I did not happen to take things out of context. Pretty sure I have not.)
Source: http://www.lowellsun.com/breakingnews/ci_24945582/full-text-president-obamas-speech-nsa-spying?source=rss (some random webpage I found searching for a full text)
Apparently this is the announced speech, delieved to press beforehand. Presumably he has been reading all of that from a teleprompter. Otherwise I have to go watch the speech on video in case he said something else than the announced speech.

Curious January 21, 2014 9:23 AM

Uhm, on second thought: I guess it makes sense that the text I found and referred to just above is simply a preliminary transcript and perhaps not a pre announced script that I initially thought it was.

Nick P January 21, 2014 9:44 AM

@ mike the goat

“Nick P: thanks for the tip. I am still committed to doing something, just have to organize some free time which is a commodity that is in short supply at the moment!”

Same here.

Anura January 21, 2014 8:34 PM

http://arstechnica.com/gadgets/2014/01/homeland-security-special-agents-hold-up-a-google-glass-moviegoer/

On Jan. 18, special agents with ICE’s Homeland Security Investigations and local authorities briefly interviewed a man suspected of using an electronic recording device to record a film at an AMC theater in Columbus. The man, who voluntarily answered questions, confirmed to authorities that the suspected recording device was also a pair of prescription eye glasses in which the recording function had been inactive. No further action was taken.

I would like to thank these agents for doing everything possible to protect our homeland from these dangerous security threats. I feel so much safer knowing that these resources are focusing on such important life and death matters.

Cointelpro January 22, 2014 5:14 AM

@Adjuvant: “it can hardly be more challenging than Gentoo, right? ;-)”
@Nick P: “Anyway, it has fewer defects than most”

Only try OpenBSD on a old (<2008 ? SATA support was sketchy in 2012) computer with a good bandwith to internet (everything is donloaded and untarred on the fly, and your future welcome mail http://openbsd.wikia.com/wiki/Theo's_Welcome_email warns you that you will have to reinstall frequently).

Thank you @Nick P for the link l4openbsd.org !

@saucymugwump: you used may Cointelpro Techniques for Truth Suppression documented by http://cryptome.org/2012/07/gent-forum-spies.htm and the good answer is to ignore you.

Cointelpro January 22, 2014 7:01 AM

@Anura: “suspected recording device was also a pair of prescription eye glasses”

It is worse that just wasting some taxpayers money allocated to Homeland Security Investigations.

In the future, some “privacy” policy will state that anything that can be seen from a place open to public is collectible, given the consumers’ and police’s acceptation of prescription eye glasses made by Google.

Hence what you reported is very bad news for privacy.

Remember that Facebook believes that passive actions like typing in a box, deleted parts of what has been typed, or moving the mouse are collectible as defined by Facebook’s policy, according to a representative of Facebook. http://www.slate.com/articles/technology/future_tense/2013/12/facebook_self_censorship_what_happens_to_the_posts_you_don_t_publish.html … Jennifer Golbeck has updated this article to clarify that browser code can collect these passive actions, as specialists know; guess which side asked for that clarification.

Cointelpro January 22, 2014 7:09 AM

schneier.com just truncated my previous comment: “Only try OpenBSD on a old (http” should have been
Only try OpenBSD on a old computer, possibly from 2008; SATA support was sketchy in 2012. You will also need a good network connectivity, given that downloaded packages are untarred on the fly (http

I don’t know why a question mark was so dangerous.

Markus O. January 22, 2014 7:09 AM

@Figureitout,
Thanks for the feedback. That’s a part of what makes the months spent on the project feel worth while. I’m pro full-disclosure and think that addressing the vulnerabilities provides the best type of security. I’m glad you found my project useful and I hope you’ll find something that needs improving.

-Markus

BlackAngel January 22, 2014 7:34 AM

@AlanS
Yes. Interesting coincidence that the speech fell on the same day as Eisenhower’s speech in 1961 warning against the risks of the “military-industrial complex” and the “potential for the disastrous rise of misplaced power” that might “endanger our liberties or democratic processes”.

Did they miss this.

A portent, that is for sure.

AlanS January 22, 2014 8:17 AM

@BlackAngel

I believe it was just coincidence. Obama seems to have bought into the MIC’s self-serving propaganda. Most of his talk about the need to defend individual liberties comes off as lip service.

KnottWhittingley January 22, 2014 2:54 PM

Short Memory,

I’d missed the whole Delisle thing.

How much of what did STONEGHOST give Jeffery Delisle access to? How much of Five Eyes / NSA’s capabilities is he likely to have revealed?

A big problem in a situation like that is how he could wade through all the crap he had access to in order to find the stuff his Russian handlers were interested in…

…but even a random sampling would reveal a whole lot about the capabilities and scope of the spying producing whatever was available to him.

Has Snowden revealed much that Delisle hadn’t already shown the Russians in rawer form?

Nick P January 22, 2014 5:15 PM

@ Clive, RobertT, Iain

I was doing updates on old projects I posted. Checking on Sandia’s Java chip, now called Score, I found this interesting paper which may have some value:

ftp://ftp.cs.kent.ac.uk/people/staff/phw/.old-1999/tmp2/443-cpa2007-wickstrom.pdf

Their ASSET development framework is supposed improve development of embedded hardware-software systems. They used it in developing their Java chip. Their SEED architecture’s Event Queue “eliminates the need for interrupts,” a goal I was looking into in my designs. The architecture in general is conceptually simple in how it mixes Functional, Timing, IO and Analog. Could this interrupt-less architecture be used in one of the improved CPU’s we’ve been discussing here? Such as one of the tagged, capability, or otherwise improved general purpose CPU’s? If not, any alternatives to deal with the interrupt problem that hurts software verification/modeling. (I know there’s modeling techniques for interrupts but I’d rather not have to worry about them at all.)

The other thing that I noticed in the paper is their hardware verification methodology. There are quite a few people here discussing simple hardware designs. They’ll have to verify them. In sections 5.3 and 5.4, Sandia describes their basic approach to microcode and hardware validation for Score processor. I like it in that I understand what they’re doing without knowing much of hardware. Such a methodology might help people new to validation designing rather simple chips. I also like that their hardware is simple, but flexible: all Java stuff is microcode on top of real hardware.

Side note: I recently re-reviewed an old paper by legendary Paul Karger about issues virtualizing Alpha processor. DEC solved much of their chip flexibility issues with PALcode layer. It allowed them to use normal Alpha instructions instead of microcode for special instructions/extensions. This helps in productivity and validation. That paid off in the VAX A1 security kernel project. Might be worth copying in a future chip.

re microcode in general

It seems that hardware development is more difficult than firmware or software. At least to learn. So, for all these people trying to make better chips, do you guys think it would be better for them to make something with very flexible microcode or a PALcode type feature? My idea is I can’t see most projects going anywhere if amateurs are trying to design useful chip hardware with little to no experience. However, if they had solid microcode or PALcode engine + good base instruction set they might be able to develop interesting ISA’s or features. Just seems more accessible.

re DARPA CRASH SAFE

Btw, I’m not sure if I ever got an opinion on the DARPA CRASH SAFE programs’ hardware designs: SAFE and CHERI. As usual, I’m not limiting the discussion to their stated use case. For instance, SAFE architecture will use the custom TEMPEST language. I think we could also target Java, Ada, ML, etc. to it to leverage existing work. Likewise, the CHERI architecture is simple enough that it might be combined with other tech in my last paper release. I’m just curious what you think of both projects’ hardware choices from a software security point of view (actual goal). Physical, EMSEC, etc. is out of scope here.

@ All readers

A video with excellent breakdown of SAFE architecture is here:
https://www.youtube.com/watch?v=Aa19Jy553EY

re update on HISC processor

I just got three or four papers on it which are IEEE paywalled (search “jHISC” & name Wong if interested). Anyway, for anyone following they’ve continuously improved it where it’s at version 4 right now. Version 4.1 is targeted toward workstations and servers. That means we have JOP, Sandia Score processor (SSP), etc. for embedded device level stuff. Then jHISC might be used for workstation or server. I’m still thinking of using NUMA to throw a bunch of low capability processors together & make up for shortcomings in volume (with isolation benefits).

Nick P January 22, 2014 5:38 PM

I like looking at old ideas I posted here to see if any are taking off commercially or in academia. It can be a decent reality check sometimes. In a discussion with Bryan, I suggested we develop systems using many different languages each created to solve a specific aspect of the problem with easy validation and integration. Prevents trying to force one tool to do it all. Well, two researchers are doing exactly that:

http://www.cs.yale.edu/publications/techreports/tr1436.pdf

Their work started in 2010. I instantly recognized the names as I’ve read good work of their before. So, they have the skill. Their strategy, similar to mine, is to break each aspect of the system into pieces with its own dedicated tools or languages. They’re using DSL’s, some formal method tools and new things they built. I would’ve kept with existing tools as I’m more conservative and lack their specialist skill in this area. Their methodology has potential but my greatest concern is they’re doing too much at once. Both in general and in the new techniques they’re using. Most projects with novelty on top of novelty end in failure or successes that are incomplete. I wish them the best, though, as it’s a good effort and they seemed to have structured it well. And “Correct-by-construction” software research is always a good thing.

re Shape Security “revolutionary technology”

It was a mystery to many. I speculated here that there would be nothing revolutionary about it. My guess was that they’d apply obfuscation, transformation, or diversity techniques like those I’ve linked to or others have discussed. I’ve posted about dozens of such techniques here for years (and recent paper dump had some too) although hackers always bashed it as “security by obscurity.” I always counter with “it worked against everyone up to govt hackers… unlike mainstream security approaches.” RobertT also attests to such approaches for protecting chips as well. Anyway, Shape’s technology was finally revealed to be… what I predicted. The model is weaker than many academic creations. Although, as I said, obfuscating a target is both simple and can be highly effective at stopping mass automated attacks. You could say my critique is that it’s foolish to call it “revolutionary,” “new,” or even “cutting edge.” Still good to see a company putting an old concept to effective use.

Figureitout January 22, 2014 9:07 PM

Markus O.
–No problem, if I wasn’t in over my head in other stuff, I’d like to try it out ASAP and give some better feedback. Talked to my dad about building a network analyzer for my internet connection which is butt-naked now, and instead of the usual scoffing and telling me to get a job, he was actually kind of sympathetic to it. Mostly b/c one of the current products he’s working on has gotten him into ethernet again; so I’ll probably try it out eventually.

Same goes to all the lurkers out there working on security projects. You’ve got at least 1 interested listener.

Nick P
–Besides the priceless pointers, advice about pitfalls, and interesting discussion; it sounds like Clive is out (no physical guarantees of security) and RobertT is out (same thing pretty much). Iain’s still in last I checked. Bryan, Petrobras, Wael (never really said interest), Mike the goat for implementation/software, NWFOR for additional engineering, and a lot more cryptographers/programmers here. So a motley crue. And yes I’m an amateur so I’m not leading it and need a few years before I can present something worth listening to.

RE: SAFE
–Little youtube video was a nice synopsis. Still ran into the usual problems in ideal security vs. practical security. They needed deliverables which will possibly compromise the project. Poison pill problem was an issue where someone is inside the safe zone forcing machine shutdown shouting out data tags. Then the solution broke their initial goals by making tags public and now attackers just need to get inside info on tags to data.

Three people he mentioned who were “some of the best software security researchers in the world”:
Benjamin Pierce: http://www.cis.upenn.edu/~bcpierce/papers/index.shtml#Security

Greg Morisett: http://www.eecs.harvard.edu/~greg/

Olin Shivers: http://www.ccs.neu.edu/home/shivers/

Then all the people on the project: http://www.crash-safe.org/people

I’m not going to rehash the fab stuff, but there’s still fundamental issues w/ getting a secure processor. Such a challenge, maybe that’s why some are so drawn to it…

Adjuvant January 22, 2014 10:40 PM

@Nick P, Figureitout:

Godspeed!

Such a challenge, maybe that’s why some are so drawn to it…

Even vicariously! Almost reminds me of this little windmill-tilt. I was one of this fellow’s early backers (albeit in a token amount), back in ’09. There’s a visceral thrill to tackling the really big problems, and I always salute those with the fortitude to try.

As an aside, the whole Polywell matter is infuriatingly frustrating. Last I checked up on it, the main project that the Prometheus folks were trying to follow was proceeding as well as could be expected under the circumstances but has been starvation-funded by the Navy — back-burnered indefinitely out at China Lake and Dr. Bussard’s successor eventually jumped ship. I think many people here would find the whole saga immensely fascinating. Dr. Bussard’s address to Google remains the most electrifying technical presentation I have ever seen, eight years later.

@Nick P I like looking at old ideas I posted here to see if any are taking off commercially or in academia. It can be a decent reality check sometimes.
Sometimes, yes. Still, lack of commercial success or academic popularity does not in and of itself indicate lack of merit. In the continuing absence of definitive evidence either way, I still intuit that Dr. Bussard’s work (albeit in an entirely different field) is a good illustration of that principle. I think you would find his Google talk stimulating on this point.

Unlike the Prometheus endeavor, I actually give yours some change of success! My means are limited, and I have no real technical skill to contribute, but I’m entirely with you in spirit. [Also: keep Russell Fish’s work in mind. Call it a hunch 😉 ]

Nick P January 22, 2014 10:51 PM

@ figureitout

Glad to see the enthusiasm. Morisett is another name I recognize from many previous papers. Matter of fact, his research project list shows it with quite a few practical techs in there.

re SAFE

Current situation demands two approaches pursued in parallel:

  1. Development of provably secure architectures that make secure system development easy. (eg SAFE)
  2. Development of computing systems that make physical subversion hard to do and/or easy to detect.

I think they’re opposite if you want the benefits of modern tech. That’s why I say do them in parallel. SAFE is going in one direction. The recent stuff I posted is mixed: mainly for software assurance but simple enough that it might help in hardware area. I’m thinking things like JOP, Forth chips, a re-invented Lilith, a modern version of 1960’s-80’s machines, etc will work better for hardware subversion.

See how different these are, though? I could imagine running a modern workload on a production version of SAFE and even a legacy workload on CHERI (a design goal). However, doing this on a slow, low transistor chip? Unlikely. That’s why I looked into Transputer and NUMA like designs combining many weaker chips with a security interface at memory layer. Yet, complexity starts to increase where it can’t be verified.

Might be an unsolvable problem for modern systems. Anyone wanting non-subverted machines would be running something akin to DOS or older systems I keep posting about. Still useful to varying degrees but barely. My strategy of pushing IO and legacy functions onto dedicated modern boards to offload work from trusted chip can only go so far.

This brings me back to RobertT and I’s discussion on fab security. The end result of that was that the safe route might be to use most cutting edge, obscure, black box fab possible. Several maybe. Make the design good, get it low level as one can, vet it, and translate it to smallest process possible. Have them crank out a shitload of them. Then hope for the best. That’s what we’d be doing anyway.

Before that point, though, need a design that’s worth the money. Hence, my focus on all these safe[r] chips. It’s also cool that DARPA is the group making it happen. It would be great if the worst thing to happen to pervasive spying and vulnerability was a product of a secretive US govt agency. Left hand and right hand analogy would work in our favor for once. (Well, twice if you count Tor and thrice if you count ARPAnet.)

Figureitout January 22, 2014 11:45 PM

Glad to see the enthusiasm.
Nick P
–Likewise. Won’t accept defeat until I’m dead. Two more people are Aspie and Dirk Praet. Aspie shared w/ me a lot of assembler/Forth code for a PIC; SAFE mentioned they were hiring, Aspie knows ASM and a handful of older more trustworthy chips. It sounded like he was personally wanting to make an encryption computer; only problem is programming it from a previous internet-connected untrusted device.

I’d prefer separate signals to be relayed to me for physical attack (still can be jammed) so large radius of isolation, long distance radar, multiple cameras, all w/ backup power supplys and hidden DB’s that still beg the question…what if they’re watching you set up your security system?

To combat hardware subversion by…going for blackbox chips sounds so crazy it just might work…Still not cool, I can’t trust a connector, any wires, have to split them open.

And yeah, they can’t even trust the processors. They’re identities will be know leaving Ft. Meade, do they live in a cave? No so they’re vulnerable and they may have had to rely on another Snowden to secure their computers. Just feels like no stable ground anymore anywhere…at some point I wonder if false physics will be taught in schools to protect intel agencies exploits…

name.withheld.for.obvious.reasons January 23, 2014 1:26 AM

@ Nick P, figureitout, et al

The regard and respect needed to produce proveable and auditable “systems” is significant–the skilks and knowledge can be, at least for tbe foreseeable future, procured (NSA cannot subvert well maintained printed matter, and Clive has an invaluable collection).

Comfort can be attained in knowing that others see value in your pursuits outside their own narrow interests. That said, some body (not IEEE or NIST) needs to be identified ((Nick I am concerned about DARPA–hidden hand of DoD) that we all could get behind, in front of, or to the side of that could further some shared objectives. I don’t think there is enough interest to overcome the apathy. But, that doesn’t mean I am unwilling to try.

Wael January 23, 2014 2:08 AM

@ Figureitout,

Wael (never really said interest)

I applaud your efforts. I also don’t want to rain on your parade and say something discouraging, so I prefer to be a silent observer on this one…

Adjuvant January 23, 2014 3:04 AM

@Cointelpro Only try OpenBSD on a old (http://openbsd.wikia.com/wiki/Theo's_Welcome_email warns you that you will have to reinstall frequently). In fact the version you linked says nothing of the sort, but I’m sure that your advice is sound nonetheless. Thanks!

Thanks also for the Gentleperson’s Guide link @ Cryptome. I’ve been around the block a few times with regard to such tactics, but that particular document is one I’d forgotten about. You are also correct, generally speaking, that the best response is usually to refuse to bite, but at the same time it’s important not to cede the narrative.

With respect to your assessment of this specific thread, I haven’t read it closely enough to offer any comment. As a connoisseur of such tactics, though, you may be amused by the following ham-fisted maneuver from earlier this week. It begins with an impressively bold non-sequitur that attempts to change the subject by beginning an argument regarding an issue that had never been raised. Naturally, the issue in question was completely unrelated but inherently inflammatory. This appears to have been followed up by what what might be termed a “crap shotgun” approach — a mess of additional distractions, purportedly topical but in fact entirely devoid of cohesion. One might hope for more subtlety! 😉

@Nick P, figureitout, name.withheld, et al.:
I wrote a longer response here to you that seems to have gotten spam-filtered, but let me just say: Godspeed! There’s not much I’m equipped to do for the effort technically, but I’m a sucker for windmill-tilters, and I wish you all the best of luck.

@Nick P I like looking at old ideas I posted here to see if any are taking off commercially or in academia. It can be a decent reality check sometimes.
Sometimes, yes. A lack of commercial success or of popularity in academia need not, however, signify a lack of merit. I could point to historical examples, of course, but at the risk of judging the outcome before all the cards have been dealt, I’ll instead let you chew on what I intuit to be a contemporary example in the form of a Google Tech Talk by the late Dr. Robert Bussard — the realization of whose work was was, last I checked, still languishing on the back burner at China Lake. Eight years on, the video remains the most riveting technical presentation I have ever seen, and I think you’ll find it quite stimulating.

Also, don’t forget about Russell Fish’s work that I mentioned earlier. Just another one of my hunches 😉

Adjuvant January 23, 2014 3:19 AM

@Nick P And yes, I do realize that the example I shared is from an entirely different technical field, but I think you’ll appreciate Bussard’s public meditation on the politics of which ideas get realized and which do not. I’m certain you’ll find it fertile for analogizing. 😉

Figureitout January 23, 2014 7:51 PM

Adjuvant
–Thanks, glad you like a challenge too. Maybe drop the pom-poms and be a contributor. Learn to code (it’s hard at first, and you may need to take a class) or just read up. If you’re using Gentoo, or thinking about BSD (I am too, still getting used to Unix after growing up on windoze and it’s hard to cut ties when they get you as a kid…) there’s no reason you shouldn’t be programming at least. What’s sad is, a lot of engineers that can currently do this have full-time jobs and families so no free time. Oh well, things don’t happen if no one makes a move.

Still, there hasn’t been real commitments to actually starting a new project; it’s open research right now. I can say though that, along w/ Aspie and others working on breadboard computers (I’m on z80 asm) that I see success a lot easier w/ these tiny computers. The attacks won’t be in these computers, but outside; still possible hidden memory.

NWFOR
–How about starting a new group then if that’s what it would take for you? At some point, someone has to do it…I’m concerned about DARPA too; way too close to defense establishment. How messed up to say that being a US citizen? I should be trusting and supporting them…

Wael
–Fair enough; this is purely voluntary, more of a side project/hobby for me. Not in it for the money, just want a secure development environment. And I’m not expecting total success at all so I’m not marching in a parade.

name.withheld.for.obvious.reasons January 24, 2014 1:15 PM

@ Figureitout
…I’m concerned about DARPA too; way too close to defense establishment. How messed up to say that being a US citizen? I should be trusting and supporting them…

I completely sympathize with your sentiment. It used to mean something to be a citizen of the U.S., I see it now as “will not obey unlawful orders”.

Some colleagues are reacting to my semi-public resignation–seems it requires some digesting. That’s a good thing, it means they’re are being contemplative, or least one can hope they are. NSF, NIST, EIA/TIA, Union of Concerned Scientists, Federation of American Scientists (do I have a story there), EFF, EPIC, CDT and some private concerns (Robin Williams is a big tech fan, he’d be the perfect spokesperson for a “recovering the constitution” campaign.

I did start an adhoc group but with a slightly different charter. CIPA, the Critical Infrastructure Protection Alliance, was created as a vehicle to seriously address the systemic problem of corporatist lobbies lining up at the Federal food trough to push their crap. Seems we cannot break this visious cycle.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.