Friday Squid Blogging: Radioactive Giant Squid Washes Ashore in California

Uh oh.

And the real story.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on February 7, 2014 at 4:54 PM • 109 Comments

Comments

NobodySpecialFebruary 7, 2014 5:00 PM

Of course THEY could have posted the orignal two images (the whale and little squid) and back-dated the web logs to make it look like the giant squid was fake......

George H.H. MitchellFebruary 7, 2014 5:03 PM

The state of California wants to require some vaguely-specified "kill switch" in all mobile devices. Have they thought about what will happen when the system for activating the kill switches is hacked?

paranoia destroys yaFebruary 7, 2014 5:03 PM

A security concern is someone can make the hotel accommodations even more unbearable for competing athletes than the reports so far have been.
That was how access was gained to the Target credit card information. Their HVAC systems are connected to the internet which was not properly separated from their payment system. One story pointed out that Sochi is not even using a password.

Spaceman SpiffFebruary 7, 2014 6:04 PM

The expression "believe your eyes", should be altered to read "believe your lies"... :-) Especially in this age of photoshopping. Great picture (even if it is an amalgam) though!

BenFebruary 7, 2014 6:16 PM

@spacemanSpiff Hashtag #TrueDat

All forms of evidence can be faked now... from CCTV through fingerprints to DNA.

Kipling had a short story in which he related that a the judicial murder of a man could be arranged in colonial India for a few thousand rupee... complete with victims relatives and witnesses, and no necessity for the victim to die or even have existed.

So it has always been with us. There is no certainty, only the search.

TFebruary 7, 2014 6:16 PM

#.Uu would make a good firefox bug, the hash parsed, then extension var, then unicode, with latter checked small u, what is mc.ext?

Bob S.February 7, 2014 8:40 PM

Fukishima will be an ongoing disaster and human tragedy for a thousands years.

That's the one where we should have learned our lesson...mankind cannot be trusted with nuclear power.

And so too the US government and it's predatory corporations cannot be trusted with the power of the internet.

Which leads to:

"Cryptography Breakthrough Could Make Software Unhackable"

http://www.wired.com/wiredscience/2014/02/cryptography-breakthrough/

The article strongly suggests a breakthrough is imminent for encryption. But, the comments aren't quite so sure.

It involves, "a “black box” obfuscator, which would jumble a program so thoroughly that a person with the best available computational resources could figure out nothing at all about it, except for what might be gleaned from inputs and outputs."

I don't have the expertise to critique it.

Anyone?

65535February 7, 2014 8:46 PM

@ George H.H. Mitchell

SACRAMENTO — Citing... thefts of smartphones and tablets, officials proposed Thursday that California become the first state to require the devices to be sold with "kill switches" that render them inoperable when stolen.

State Sen. Mark Leno (D-San Francisco) and other lawmakers said they plan to introduce such legislation with the support of Los Angeles Mayor Eric Garcetti and Police Chief Charlie Beck. L.A. had a 12% increase in mobile-device thefts in 2012, the most recent figures available… Some tech companies have started offering theft-deterrent technology. Apple's latest operating system includes a lockout feature. A LoJack app is installed in Samsung's Android phones that can make them useless, but a payment must be made to activate it.

http://www.latimes.com/local/la-me-smart-phones-20140207,0,2510892.story

Another day and another law. Maybe they should install kill switches on microphones of over-active legislators.

Chris AbbottFebruary 7, 2014 9:43 PM

Here's one that hasn't been discussed: I got access to a couple of the documents myself and learned that one of my company's servers is affected by a newer implant called NAUGHTYKIWI. NAUGHTYKIWI is quite a menace. It planted curious shortcuts on my employees' desktops, and when they clicked on them, they unwittingly succumbed to WHITEHOLE. WHITEHOLE works by threatening to bully their kids on Facebook if they didn't cough up our trade secrets. Of course, they did, and how can I blame them? The NSA comes up with cyberbullying that your average 12 year old could only dream about...

65535February 7, 2014 10:44 PM

@ Chris Abbott

"I got access to a couple of the documents myself..."

How?

What's the trick?

Nick PFebruary 7, 2014 11:25 PM

""I got access to a couple of the documents myself..."

How?

What's the trick?"

He reads Schneier.com. Links a plenty. ;)

Clive RobinsonFebruary 8, 2014 4:02 AM

@ Hjalti,

This is the second time I've seen "alternet.org" mentioned in a fairly short time...

The previous occurance was over an this article,

http://www.alternet.org/media/one-american-city-enjoys-internet-hundreds-times-faster-most-ours-no-surprise-its-outside

Titled : One American City Enjoys a Hyperfast Internet -- Any Surprise Corporations Don't Control It?

And it was posted to a site about Sky Broadband --which is owned and controled by "The Aussie Digger" Rupert "the bear" Murdoch's media empire (NewsCorp NewsInt etc) which is currently being investigated for criminal behaviour including corruption (bribery etc)-- by what I asume was a very disgruntald Sky customer.

As the article makes it fairly clear that such organisations as "Sky Broadband" are "ripping their customers off", not surprisingly it did not stay up for long, a Sky droid pulled the comment quickly...

However it was too late for Sky the Google robots had got there first and hovered it up into their cache, so you can search for it to show it had happened :-)

It's the likes of Google's Robots that make interesting security tricks possible, one of which is making "bot nets" not require fixed IP or fixed Domain Names for their command and control servers or "heads". Thus bot nets can be made to survive being "taken over" or having the Command and Control head blocked etc.

And with an extra wrinkle (thanks to millions of blogs) you can make the control fully anonymous as well...

Clive RobinsonFebruary 8, 2014 4:38 AM

@ George H.H. Mitchell, 65535,

    The state of California wants to require some vaguely-specified "kill switch" in all mobile devices.

Asside from the "hacker issue" (any body see the hacked up FEMA emergency message about the Zombies Rising attack?)[1].

For the usual "anti-theft" argument it's a compleate waste of time as well [2].

So either the person who thought this up is an idiot, or more likely gets their rocks off on the power trip idea of being able to send Californian mobile phone users into the electronic equivalent of a netherhell at a "Push of the Big Red Button" in their "StarTrek Bridge" command bunker. Mind you they could be both an idiot and a meglomaniac as well ("This is a general page for Alex..." ;-)

[1] http://www.zdnet.com/u-s-emergency-alert-system-open-to-more-zombie-hackers-after-accidental-ssh-key-disclosure-7000017811/

[2] Your "smart" smartphone thief knows that there is a couple of risks when stealing mobiles. The first is a command will be sent to it to "brick the device" and make it fairly useless [3]. The second is that the phones owner might have put a "tracking app" on it. The latter of which has resulted in police tracking the thieves down and arresting them and a couple of such arrests from London's Lewisham area have been televised.

So the smart thief either pulls the battery quickly or drops the phone into an RF tight enclosure of some kind. Then the phone can be sold on to techies who will clean it up and ship it to be sold in Africa and other parts of the world with a thriving black market.

[3] Most if not all phones are not "destructively" bricked, thus a techie with the right "factory tools" can bring the phone back into working order, but it takes a lot longer and requires a higher level of skill than the usual wipe & factory reset.

Clive RobinsonFebruary 8, 2014 5:31 AM

ON Topic :-)

Bruce,

Fond as I am of lightly braised trunip since Black Adder's man servant Baldrick made them popular again (although roasted parsnip is sweeter ;-) I can only say this must have left a bitter taste in someone's mouth.

The picture it's self "looked wrong" (see shapes of shadows) without having to resort to the lengths of Storyfulls analysis. Which should have caused atleat a moments reflection in any persons mind irespective of what first language they spoke.

Also common sense should have triggered a "Huh", not an "Uh ho" moment, the joke article said the squid was 160 ft which is several times the size of the largest squid washed up previously. But more importantly the question should be "how long does it take to grow that big?" and secondly "how much food would be required and from where?", thus "has there been enough time since the nuclear accident?" To which common sense should scream NO, causing the re-reporter to pause and check etc.

I guess "The Real Story" is the issue of having to report news as quickly as possible before anyone else to get the $10 it pays. Thus the "reporter' is so focused on find&post that proper journalistic skills don't come into play, to filter out jokes and fakes.

I suspect that this "post or die" attitude will cause all news sources to become increasingly polouted to the point real news will be the noise not the signal.

Which leaves the question of "what will the signal be?".

Clive RobinsonFebruary 8, 2014 5:47 AM

@ Bob S,

    Fukishima will be an ongoing disaster and human tragedy for a thousands years

Maybe maybe not, the simple answer is we realy don't know as there has been insufficient time and actual science to say.

If you think back to Chernobal the area around it according to what was said at the time, should be a nuclear wasteland devoid of all living things other than cockroaches. The reality is most wild life appears to be getting on just fine without the presence of humans.

There is also the question of past natural nuclear reactors and what effect they did or did not have on their environment.

Whilst I have many objections to nuclear fission and the unsafe way we use it to produce electricity and what we do with the waste, I don't want to fall into the trap of making claims over and above those that the limited evidence supports.

We only have to look at climate science to see how very messy the "political" not "scientific" arguments get.

Mike the goatFebruary 8, 2014 6:22 AM

Clive: re phone thieves - absolutely. If I were to take up such a profession I would carry around a Faraday pouch (you can find commercially made and tested ones for sale for the intelligence industry and the pathologically paranoid) and drop the phone in it post haste. Many phones have a non removable (without screwdriver at least) battery so it is the easiest option. You could then easily make a Faraday tent or a simple shipping container is very effective. Perhaps even use your own BSS so it associates with it. I guess next step would be to replace the firmware, change the IMEI number with a "clean" phone and sell it on. Changing the IMEI number is quite trivial on many handsets - particularly the Samsung Galaxy S2 and S3. Of course even talking about this is illegal in some parts. But, I am researching cellphone security so I can't just ignore this. On other phones - particularly Androids there will be a way, even if you have to resort to the JTAG headers


Bob S: agreed. Bad things are happening over there and unfortunately it is going to directly impact (and already has) the west coast. We have already seen the EPA raise some acceptable limits. It is standard government procedure on both sides of the Pacific - lie... And if that doesn't work blame someone or something and lie some more. I have no confidence in the Japanese and TEPCO. Nuclear power can be safe if respect is given to its dangers. It seems that in all of the high level incidents stupidity was either the cause or a contributing factor. Whoever approved the power plant in such a seismic location is a fool. If you insisted on using this location then at least choose a reactor design that is inherently safe. I guess they will keep pumping ocean water into the core until the decay heat has subsided to a point that they can get the rods into a flask and dispose of them.

name.withheld.for.obvious.reasonsFebruary 8, 2014 9:14 AM

OT y'all...actually out-of-band.

Posted it to last week's Squid, didn't want to re-post it so I'll just link to it here, it's just another social political observation on strategic planning versus symptomatic responses.

Using an analog, I explain how NSA operations work against our own strategic interests. Unlike the MAD nuclear cold war strategic thinking, the craziness is the method for returning from the breach. How NSA strategies would be impacted if treated like other strategic thinking and providing another perspective on the psychotic group think we all seem to be witness to...

Black AngelFebruary 8, 2014 11:03 AM

@name.withheld.for.obvious.reasons

Ingenius and interestingly heartfelt post.

I think the cold war detente of nukes should be considered as the base model for what is being seen here with the explosion of offensive computing.

Did we learn any lessons from that? Or are we too caught in a one biased view or another of that entire mess?

And what would the lessons be from that whole mess? I suppose you are correct, it can be summed up as being either mindlessly reactive like brute beasts... or reasoning and thinking. Mankind, conqueror of fear and instinct.

I am surprised someone at the CIA was so naive to believe this was not the case. Some of that sort of analysis may be intuitive, I know my wife and I would often joke about our SMS messages not having NSA keywords and the like... long before any of this came out.

@65535

I believe the poster was simply describing an everyday usage of the computer and inventing metaphoric keywords for it.

@Ben #Truedat

It is surprising we do not see more faked video out there. Where do they start? I suppose it started with the Loch Ness Monster (Leviathan?)... UFOs... bigfoot... now, we have modern cinema. The 80s day and age of puppet special effects are long gone. Everyday television shows have ground breaking special effects. When do they start using this technology for something really scary? Or have they already? I was watching a documentary on the Indonesian killings... the genocidists pointed out that they made money in the sixties from scalping tickets to Hollywood movies which depicted sadism as a form of glory. The Communists got into the fray, and then they started killing them. The "gangsters" nowadays claim that they got the idea of their genocides and violence from Hollywood. Absurd.

I would imagine some trends we see continuing would be the faking of evidence towards intelligence agencies via alert key terms -- and deliberate shows put on for intelligence in front of likely watched by them monitors. (A favorite activity for some crazy souls at comp sec conferences in vegas where you always have a camera pointed at you. Why else have these conferences in vegas? Plausibly deniable reason for video cameras everywhere...)

The People play the Double Cross game.

But is anyone really listening or watching... or is everyone and their paranoia just playing for a fourth wall audience that is far more concerned about the mickey d's on their lap then the camera monitor in front of them?

Black AngelFebruary 8, 2014 11:32 AM

@Hjalti
Selling Your Secrets: The Invisible World of Software Backdoors and Bounty Hunters
The brave new dystopian world that the U.S. government is building.
http://www.alternet.org/...

Interesting way of putting it.

Likes thieves with amazing power to skulk around. I think one thing to point out on this subject is for years people have been able to find security vulnerabilities in major products... and it took quite some time for the US to start to legitimize that process, at least publicly. Most of these security bugs over the years have been found by singular "researchers". A large chunk of them have done this through the auspices of their day job, to speak at conferences, to get paid to find bugs so their company gets press articles. But they tend to be singular researchers behind that work.

So how many of these people were rogue before the US started to gobble them up in companies like Endgame Systems?

And how many are rogue today?

It could also be noted that Endgame Systems is not secret, nor are these other contracting companies. In fact, their employees simply sign NDAs. They often do not even have clearance. America's way of emulating what China and Russia was doing long before they could have any kind of outreach to talented hackers, perhaps?

Likely this scenario started with "the people" first, instead of government. Like commerce and so many areas. Even with the atomic bomb, it was the small circles of professional and amateur scientists who went to the government first saying, "We can build an atomic bomb".

One thing I have to wonder with all of these disclosures is: what remains secret? While there is a tendency to argue that human beings are incapable of keeping secrets, reality is this is not true. In fact, Snowden's disclosures and these others do this. But, what I mean is, if all that material was available to a low level contractor like Snowden -- what was not available to him? What is being kept which is secret?

Surely there is intelligence capabilities out there being put into practice which are large and impressive and not purview to defense contracting analysts and administrators. Or not purview to the general public, such as with this Utah data center?

Nick PFebruary 8, 2014 12:25 PM

@ name.withheld

If we did all out cyberwar with destruction focus, then MAD would be a good model and warning against such foolishness. That's not what NSA, China, Russia, etc are doing, though. Matter of fact, I see little motivation for any of the most powerful countries to do that.

Offensive computing is currently divided into several categories:

1. Information gathering on targets of interest to support commercial, military or personal goals

2. Theft of valuable assets from money to I.P.

3. Sabotage of specific pieces of equipment.

4. Controlling computers to launch activities from them for a variety of reasons, esp making money.

5. Straight up taking down whole systems or networks, temporarily or permanently.

The latter two are mainly done by private black hats, the former by larger organizations incl governments. Of all of these, none are anything like a nuclear war. The ultimate argument backing my claim is that all of these have been happening en masse without humanity being reduced to radioactive ash or anything comparable. Americans wouldn't be so sidelined or apathetic if nukes were being fired. ;)

The best metaphor for most of offensive computing is simply calling it what it is. For intelligence gathering, say your computer, phone, entire life was bugged with people watching you to learn something to use against you. For theft of I.P., well that's theft of trade secrets worth large amounts of money. An easy to understand concept already. That advanced computer tools were used during the theft doesn't change what it is and it's what it is that makes it deplorable. And so on.

We don't need a special metaphor for offensive computing. It's just the same stuff we encounter but with tools that expand capabilities. We already understand these things. We also shouldn't make it out to be worse than it is. Offensive computing is just another tool that good or evil people can use when other side puts trust into untrustworthy machines. It seems evil has an advantage as capabilities go up with resources available and evil is inherently better at rolling in cash. *cough* Wall St *cough*

The trick is to get Americans to push lawmakers to reign in those with too much power, whether it be offensive computing or some other power. Accountability and public pressure that doesn't go away after an election cycle is the only solution. Anything else is a cat and mouse game where the cats are well equipped and the mice are hiding behind glass walls. There is no winning endgame for the mice*. So, the cat's have to go or be watched by our guard dogs.

* Bruce once said this cat and mouse game of security is such that the mice will win in the end, but the cats will be well-fed in the meantime. It was a cute little saying that even I agreed with at the time. The experience I accumulated over time led me to believe it's incorrect. The combination of inherent properties of modern computers, perverse economics of defense, scalable economics of offense, and vast resources of attackers (plus incentives for them) mean security on COTS systems is a loser's game. It can't be any other way. One or more of these attributes of our environment must change before the mice have even a possibility of a winning endgame. Hence, my focus on political solutions, incentives, multinational schemes, etc.

If it sounds like I have no clear answer it's because there is no clear answer. Gentlemen, we are fighting human nature itself along with certain principles of the universe. No easy win there. ;) The quote below is very applicable to this battle, I think.

"So you're not fighting me...so much as you are the human condition. All I want is to own the bullets and the bandages. War, on an industrial scale, is inevitable. They'll do it themselves, within a few years. All I have to do...is wait." (Moriarty, Sherlock Holmes Game of Shadows)

Saul TannenbaumFebruary 8, 2014 12:34 PM

For folks in the Boston/Cambridge area:


Why Defense Will Never Work: Defending the network from cyber-attack. Prof. Jim Waldo, HU CIO; Mr. Stephen Boyer, CTO BitSigh

Location: Belfer Library, Littauer-369, Harvard Kennedy School of Government
Date: Tuesday, February 11, 2014
Time:4:15 PM

The National Security Program and the Belfer Center are co-sponsors of a study group for American military affairs. Panelists Prof. Jim Waldo, Harvard University’s Chief Technology Officer; Mr. Stephen Boyer, CTO of BitSightTech; and several National Security Fellows with over 50 years of experience in cyber provisioning, defense, forensics, and intelligence will discuss why current approaches to cyber defense won’t work in the future. This moderated panel will explore how recent data breaches at Target, Neiman Marcus, and other high-profile retailers are just the tip of the iceberg. Panelists will also explore new and innovative approaches to defending the cyber environment. Bring your questions for a lively discussion about the future of Cyber Defense.

name.withheld.for.obvious.reasonsFebruary 8, 2014 2:40 PM

@ Nick P
If we did all out cyberwar with destruction focus, then MAD would be a good model and warning against such foolishness. That's not what NSA, China, Russia, etc are doing, though. Matter of fact, I see little motivation for any of the most powerful countries to do that.

Precisely my point, at least with MAD there was a highly motivated strategy to "not" be first. Both for strategic and political reasons. What I was attempting to do was "re-frame" the current cyber warfare strategic thinking in a way that others might understand. It is kind of hard to discern the fact that the United States is engaged in a strategic exercise that if it were put in Soviet-era Cold War terms it would resemble the U.S. carrying out first strike attacks due to the simplist provocations on a continuous basis.

My sad attempt to wrap it in another framework that might make more sense. Believe me brother Nick, you are preaching to the choir. My posts to Bruce's blog are honestly a bit baited. Not for the regulars like Clive, RobertT, Bob, AlanS, 66536, Nate, Mike the Goat, figureitout, Black Angel, kingsnake, and a few others that I forgot to mention but may be reminded of it later. My posts have formed a chronological chain that people might find interesting and/or scary. But this is familiar ground to you, Clive, and a few others. It is apparent that more than a couple of people on this blog know what is really going on. And again that goes to my point, seems to be a bit of an intellectual circle jerk (more from circumstance rather than from some dark place having some nefarious intent). In otherwords, we need to get to the "end game" before it's 1938.

where.we.areFebruary 8, 2014 2:57 PM

@name.withheld.for.obvious.reasons "...we need to get to the "end game" before it's 1938".

It may be later than you think. If mass surveillance is being used to target certain personality types for filtering out of the culture, then we are already in the midst of a psychological holocaust.

BuckFebruary 8, 2014 5:01 PM

@Nick P

While I think much of what you're saying is technically accurate, I can't help but feel you're just trying to refute @name.withheld's metaphor by supplanting it with a metaphor of your own! I will however point out that your fourth item:

4. Controlling computers to launch activities from them for a variety of reasons, esp making money.
... being "mainly done by private black hats" is quite debatable...

Based on current trends though, "all out cyberwar with destruction focus" is absolutely not the trajectory we're headed towards. Probably an easy leap to make (but please correct me if I'm wrong), when you earn your living thanks in large part to an expanding cyberwar with meandering foci... (maybe even the latter two specifically?)

I believe the contemporary legislation and research & development budgets would suggest a much different route to MAD than that. When I imagine General Keith B. Alexander as a 'General Jack D. Ripper' type, the MAD is not so much 'destruction' per se...
More like a Sky-Net-esque decision to relinquish all command & control to the quantum / neural-net algorithms (remember, first to market wins ;-). All persons operating outside normal behavioral parameters would then be subject to additional scrutiny, until eventually all creativity and human individuality has been stomped from the face of the Earth... The so-called 'singularity' may actually arrive, just because we ourselves have become robots. Pretty grim picture if you think about it for to long :-\

As for the communist plot to pollute the "precious bodily fluids" of Americans... Who knows!?

SkepticalFebruary 8, 2014 6:12 PM

Interesting article in The New York Times on how Snowden selected and then accessed material for download:

http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa.html

The answer in the article is that Snowden used an automated script, which the article compares to a web-crawler, to seek out documents satisfying certain conditions and applying passwords as needed to complete access to them.

From the article: Agency officials insist that if Mr. Snowden had been working from N.S.A. headquarters at Fort Meade, Md., which was equipped with monitors designed to detect when a huge volume of data was being accessed and downloaded, he almost certainly would have been caught. But because he worked at an agency outpost that had not yet been upgraded with modern security measures, his copying of what the agency’s newly appointed No. 2 officer, Rick Ledgett, recently called “the keys to the kingdom” raised few alarms.

“He was either very lucky or very strategic,” one intelligence official said. A new book, “The Snowden Files,” by Luke Harding, a correspondent for The Guardian in London, reports that Mr. Snowden sought his job at Booz Allen because “to get access to a final tranche of documents” he needed “greater security privileges than he enjoyed in his position at Dell.”

Snowden did release a statement through one of his attorneys at the ACLU, which I frankly found to be rather coy. He does not deny anything stated to The Times, but rather notes that the government is itself leaking information simply to discredit him.

As to whether he possesses a large volume of documents containing intelligence on military assets, plans, operations and procedures, all unrelated to his surveillance concerns, according to The Times Mr. Snowden denied any deliberate effort to gain access to any military information. “They rely on a baseless premise, which is that I was after military information,” Mr. Snowden said.

Which is simply more coyness, and for little purpose.

We do learn a little something about the DIA's report on Snowden:

“Everything that he touched, we assume that he took,” said General Flynn, including details of how the military tracks terrorists, of enemies’ vulnerabilities and of American defenses against improvised explosive devices. He added, “We assume the worst case.”

Snowden is too intelligent to not realize how damaging the necessity of adopting such an operating assumption can be. That damage, which he can mitigate without endangering himself and without affecting his legal position, rests squarely on his shoulders.

As to the means, is the explanation put forth by the anonymous intelligence officials in the article technically plausible? If so, does that make the DIA's estimate of 1.7 million documents more or less likely to be accurate?

Black AngelFebruary 8, 2014 6:21 PM

I think... what everyone should remember is that God does not exist, nor do angels. So... these leaves the wolf wanderers of hell...

Who own everything...

anonFebruary 8, 2014 6:23 PM

@where.we.are, can you elaborate on "targeting certain personality types for filtering out of the culture"? Sounds like an interesting concept. Is the idea to force anyone interested in liberty to commit suicide or something?

SkepticalFebruary 8, 2014 6:33 PM


One bit of speculation from me:

Greenwald spoke effusively at one point about how well organized Snowden's documents were.

I don't think it's possible for Snowden to have put eyes on 1.7 million documents and organized them in the time available.

But, if Snowden simply copied directory trees and contents... it all comes nicely organized and labeled for you, perhaps.

Black AngelFebruary 8, 2014 6:38 PM

anon
@where.we.are, can you elaborate on "targeting certain personality types for filtering out of the culture"? Sounds like an interesting concept. Is the idea to force anyone interested in liberty to commit suicide or something?

I think if you are interested in freedom this makes you enemy number one.

You can go ahead and commit suicide for this.

BenniFebruary 8, 2014 6:50 PM

Snowden apparently wants to testify before european parliament:
http://www.heise.de/newsticker/meldung/Whistleblower-Snowden-will-zur-NSA-Affaere-aussagen-2109312.html

And he now has a german lawyer:
http://www.spiegel.de/netzwelt/netzpolitik/berliner-anwalt-wolfgang-kaleck-vertritt-edward-snowden-a-952322.html

The german ministry of justice now told the german chief public prosecutor that they will let him start an official investigation http://www.heise.de/newsticker/meldung/Bundesanwalt-darf-gegen-NSA-ermitteln-2109272.html
(in germany, if severe political problems with a foreign state may arise from such an investigation, the ministry of justice would have a right to express its opinion on such an investigation, even though they would be under authority of the chief prosecutor. Now the ministry of justice decided that the potential law breaking of nsa weights too much, and let the investigation start. In the article, it is mentioned that the chief public prosecutor apparently wants to start in a few days. But it is still unclear whether he wants to investigate merkel's phone tapping only or NSA's surveillance of the german population in general.

When snowden testifies before the european parliament, the german chief prosecutor, and especially before the immigration department, and perhaps the german "institute for questioning" of the secret service "Bundesnachrichtendienst", if snowden applies for asylum should he come to germany, then hiring a german lawyer was exactly the right thing to do.

name.withheld.for.obvious.reasonsFebruary 8, 2014 6:51 PM

@ Buck
I knew I forgot someone in my last diatribe, sorry I was work from off top the skull cap. You generally have good contributions and your last did not disappoint...

All persons operating outside normal behavioral parameters would then be subject to additional scrutiny, until eventually all creativity and human individuality has been stomped from the face of the Earth... The so-called 'singularity' may actually arrive, just because we ourselves have become robots. Pretty grim picture if you think about it for to long :-\

And yes, I'm using allegory as an instrument to describe the escalation and logical extension of the concept of nuclear war and stating it as a parallel construction to cyber based-warfare. The Cold War was probably the closest thing in the resent past that demonstrates many of the same elements. 1. Primarily psychological in its affects, 2. Destruction or direct deaths were on a very small scale. 3. Capabilities and operations were "mysterious". But, I am not making a one to one corollary between the two. Just don't know where Nick's head is on this one; he's typically very insightful and thorough. Something's throwing him off his game, and the kid's got game.

Black AngelFebruary 8, 2014 6:56 PM

#skeptical

I do not know.... it could have been...

We controlled Snowden....

Ambiguos... Anonymous...

I think it is OK... to say we own...

Bauke Jan DoumaFebruary 8, 2014 7:04 PM

Question to anybody interested.

How many people does it take to 'defend' the country (let's assume the continental USA) simply against illegal/illegitimate/uncontrolled entry. Particularly I have in mind being washed ashore (never mind the how and what) on an American beach.

Also, assume a more or less flatland, no significant entry through the air or other 3D.

So, how many?
I think the number is going to be relatively/very small.
How many people does the US Coast Guard have?

My hypothesis: that's how many (how few) people it takes to defend or consolidate current power systems and current breakdown/spread of power. There's another assumption that lies at the foundation of the former.


SkepticalFebruary 8, 2014 7:36 PM


@Black Angel - What? I did not understand anything in your last few posts. Could you explain?

@name.withheld - the country that worships the creative destruction of capitalism, the military of which relies on a technological edge preserved by the continued brilliance of engineers and thinkers across the US, the laws and culture of which celebrate and protect individualism and freedom of expression, is secretly plotting to use the NSA to somehow "filter" creative personalities from society? Come on. You don't really think that's even possibly true, do you?

As to your allegory, I think it may obscure your argument more than it clarifies it. I understand you to be saying that the US is engaging in cyberwarfare preemptively, and that it is, or seeks to, utilize private systems and persons as part of that effort.

While I don't entirely agree with that, there's a lot in that line of analysis that is interesting. But MAD isn't really an apt analogy, since the game-theoretic structure of cyberwarfare is significantly different than that of nuclear warfare. As I understand your post, you're using MAD to illustrate the similarities and differences in US offensive/defensive posture between the Cold War and today, but MAD is a quintessentially game-theoretic concept, so once you introduce it that becomes the focus of your audience.

BenniFebruary 8, 2014 7:41 PM

This paragraph from germany might help snowden very much:
http://www.gesetze-im-internet.de/irg/__6.html

(1) Die Auslieferung ist nicht zulässig wegen einer politischen Tat oder wegen einer mit einer solchen zusammenhängenden Tat. Sie ist zulässig, wenn der Verfolgte wegen vollendeten oder versuchten Völkermordes, Mordes oder Totschlags oder wegen der Beteiligung hieran verfolgt wird oder verurteilt worden ist.

(1) The extradiction is inadmissible because of a political crime or because of a crime connected to a political action.
The extradiction is admissible if the suspect is persecuted because of or convicted of accomplished or attempted genocide, murder or homicide.

It would actually be strange, if a german court would not believe that Snowdens actions where not related to a "political crime".

In germany, political crime is defined as follows:
http://de.wikipedia.org/wiki/Politische_Straftat

Juristically, Snowdens actions could be described as high treason. And that is among the definitions of "political crime".

That way, it could be that if snowden does not get asylum status, he still can not be extradicted from germany to the US because the US wants him for a political crime.

This is actually the usual thing that happens with asylum seekers in germany. It results in a so called "duldung" (temporary acceptance to stay) http://de.wikipedia.org/wiki/Duldung_(Aufenthaltsrecht) .
Until he finally gets a permanent permission to stay, this acceptance would have to be renewed before it expires.

By now, 87839 asylum seekers in germany live, often since several years, with this strange status. They are allowed to work after they have stayed in germany for one year. And then, after 6 years, they usually get the permanent permission to stay if they have a job, which for snowden would not be a problem.


BenniFebruary 8, 2014 7:58 PM

I made a mistake, What snowden dit is not "high treason", but just treason (landesverrat) http://de.wikipedia.org/wiki/Landesverrat

high treason would be if someone tries to violently replace the constitution, e.g a terrorist, which could very easily be extradited-

Snowden just did treason, which is defined as someone telling a government secret to others.
Because of that, snowden could never be extradited to the US. Actually germany has much experience with defectors coming from the former DDR, the communist part of germany. And for them, this law was made, that would forbid sending snowden to the us.

65535February 8, 2014 8:20 PM

@ Nick P

“He reads Schneier.com. Links a plenty. ;)”

Haha…

[and]

“The trick is to get Americans to push lawmakers to reign in those with too much power, whether it be offensive computing or some other power. Accountability and public pressure that doesn't go away after an election cycle is the only solution…”

I agree.

Encryption and other technology is good but in the long run a political solution is need. As you say “too much power" is the problem [with little or no accountability].

@ Clive

“Asside from the "hacker issue" (any body see the hacked up FEMA emergency message about the Zombies Rising attack?). For the usual "anti-theft" argument it's a compleate waste of time as well. “So either the person who thought this up is an idiot, or more likely gets their rocks off on the power trip idea of being able to send Californian mobile phone users into the electronic equivalent of a netherhell at a "Push of the Big Red Button" in their "StarTrek Bridge" command bunker. Mind you they could be both an idiot and a meglomaniac as well ("This is a general page for Alex..." ;-) “

That is my feeling.

@ Black Angel

“I believe the poster was simply describing an everyday usage of the computer and inventing metaphoric keywords for it.”

Yes, I searched the entire implant catalog and the name did not come up. It was a joke.

@ name.withheld.for.obvious.reasons

“In otherwords, we need to get to the "end game" before it's 1938.”

I agree. But, as others have noted the situation may have surpassed 1983 -84 Orwellian conditions in some aspects. We don’t have torture-reeducation centers yet – but it looks like the target lists are being drawn up. The communication channels are being monitored and prepared for interdiction. That is very discomforting.

BenniFebruary 8, 2014 8:49 PM

Since this belgian cryptographer was hacked, i got interested in miniduke. Out of curiosity, i visited the urls reported in

https://www.securelist.com/en/downloads/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf

arabooks.ch
artas.org
tsoftonline.com
www.eamtm.com
news.grouptumbler.com

when visiting the frensh site artas.org, my antivirus program immendiately registered an attack. I wonder how these domains are still active and why they were not shut down.

Having visited the others, i fear now that they could have installed something...

There are reports from quisquater and others that say this miniduke attack on quisquater is perhaps from another foreign country and not by the nsa. But I somewhat do not believe that.

The twitter accounts that control the miniduke malware are all in english language. Perhaps this is because the attacker does not know another language and therefore only was able to put some foreign english slang in it as a weak disguise. Furthermore, the fact that spying targets are based in the us is not what would prevent nsa from spying americals. They are monitoring american phone calls. So why not spying on american high profile think tanks and research institutes. From the snowden files, NSA is known to spy on United Nations development programme, the UN's children's charity Unicef and Médecins du Monde. And perhaps that is why the miniduke software is targeting "healthcare organizations". Why would a country like china interested in healthcare organizations? But for a country on war against terror, international healthcare organizations are an interesting target. Perhaps the research institutes hire foreign scientists. And then we have a perfect target, that is not an US scitizen. Also, I notice that none of the servers that control the malware is based in asia. For the chinese, it would be cheaper to get some server in asia. Why would china deploy a malware over european servers? I guess that china would have shot these servers down after they were discovered, because of expenses. But these servers are still active and alerting my antivirus program.


Nick PFebruary 8, 2014 9:28 PM

@ name.withheld

"But, I am not making a one to one corollary between the two. Just don't know where Nick's head is on this one; he's typically very insightful and thorough. Something's throwing him off his game, and the kid's got game"

You're too kind. :) I was arguing that there's no Cold War-style escalation along the line of nukes in electronic warfare. It's more like spy vs spy games from Cold War than anything else. The top groups behind it are even intelligence agencies. Unlike a nuclear arms race, this situation can escalate and continue for a long time with the overall globe still functions well enough. That's because everyone spies. It's a reality of nation-states. If anything, the non-superpowers and non-five-eyes are just seeing where they're at in the intelligence food chain. ;)

However, my mind has been strained recently. Easy for me to miss subtleties in your posts. If my counter is missing your point, then that would be the unfortunate explanation. If that's the case, then I apologize.

@ 65535

"“In otherwords, we need to get to the "end game" before it's 1938.”

I agree. But, as others have noted the situation may have surpassed 1983 -84 Orwellian conditions in some aspects. "

I believe name.withheld was referring to Feb 4, 1938 when Hitler took power.

@ Buck

re Most botnets being by black hats vs govts

My claim is debatable. Almost every botnet I've ever read about was controlled by organized crime for spam or illegal content. Yet, I don't have numbers on govt botnets. So, they might have more.

re futuristic predictions

I doubt all that. The reality of the situation looks more like a gradual increase of overt and covert authority with a sudden surge of uncontrolled power expansion. That's consistent with what we know of US history pre- and post-9/11. Regular imperialism, domestic control and scaremongering explain everything they're doing. Now, they might read posts like yours and be inspired to do "greater" things. ;) Honestly, I always thought elites ripped off Rome or Book of Revelation for many ideas like world government. They're rarely original and hence easier to beat if people are willing.

Clive RobinsonFebruary 8, 2014 10:33 PM

@ Skeptical,

You shoot yourself in your own foot so often it's becoming quite sad.

Your post about the NYT item followed by your post admitting no one individual could have read 1.7million pages is self answering.

Ed Snowden is being coy for that reason, that is he does not know what is in every socument.

Neither do the NSA know which 1.7million documents Mr Snowden has, which is abundantly clear from the last stupid attempt to find out with the appeal to "return the stolen documents".

Much as General Alexander would like to put the horse back in the stable after leaving the door wide open and lighting a fire in the hay loft, he can not that horse has bolted and is gone for good.

Think about it as "intangible information" not as General Alexander is trying to do as "tangible physical objects".

You like General Alexander need to understand the realities of life, Ed Snowden did not steal tangible physical objects, he copied intangible information, and has kept it as intangible information.

That is there is "No Physical Accountability", likewise there is "No Auditability" either because General Alexander failed to carry out his primary responsability of "protecting the nations communications". He was so self obsessed about "knowing everything" he failed to take minimum requirments to "know what he should". He is without any shadow of a doubt a compleate and utter failure, and the fact he was such a failure for so long and so badly tells you precisly why proper over sight needs to be placed on these out of control intel organisations.

It was this "I cann't tell you, trust me" stupidity that alowed General Alexander to be such a compleate failure and hide it from those who might have taken steps to correct his failings (though I doubt it in the case of DiFink).

But General Alexander's failing is much much worse than that of any non military person making the same self obsessed mistake. Because almost the first thing drummed into a military raw recruite is "protect your six" as they rise through the various ranks the message is strengthened. Thus any General fit for command would know you have to protect your rear and not push forwards faster than you can protect your rear. General Alexander appears not to be cognisent of this when it comes to "Cyber-warefare" which might account for the lamentable state of cyber-defense and why other idiots are running around saying as far as cyber-attacks are concerned "the only defence is offence". It's a compleate and utter nonsense and anybody spouting it should be taken to a quiet dark place where they cann't do themselves any harm, but more importantly can not do harm to others.

Navy pilots are aware beyond almost all others that the most important part of launching an attack is to protect the carrier. Because if it's not protected then any attack they carry out becomes a suicide run, as they will have no place to land and no hope of rescue. That's easy for nearly all people to understand, but the priciple of "protecting your staging post" applies to all millitary attacks. That is you cannot have effective offence if you have no defence, to do otherwise is to commit a suicide run, which except on very rare occasions is a pointless self defeating tactic.

Sadly the US press are to compliant to call General Alexander and his ilk what they are "incompetent and dangerous self obsessed fools" who want to gloriously "Ride down the Russian Guns in the valley of death", but unlike the those that did they are not brave they are naves.

There are two reasons that General Alexander was not immediatly dismissed, without rank or pension, the first is he is still protecting those who failed to be good employers and manage him even remotly effectivly. The second is the truth of his gross incompetence is not yet realised by the US public in general.

It is this second point you should --like the rest of the US population-- "get up to speed on".

Firstly "giving back the documents" is not like returning a physical object it's not a case of "either I have it or You have it". The documents are information that is trivialy and perfectly coppied over and over again, thus by now there could be thousands if not millions of copies of them. Giving General Alexander a single copy of them won't change that and can not change it. Even if Ed Snowden and those he gave copies to are scrupulously honest, there is no guarenty that there are not stray copies floating around. General Alexander by his gross incompetance allowed that Pandora's Box to be opened --and I guess by rather more people than Ed Snowden,-- and no matter how hard General Alexander and others may wish that box is not going to close with it's contents intact ever again. For good or bad the contents are out to plauge the world.

So why is there the request to "return the stolen documents" being made. There can be only two answers to this,

1, It's yet a further overly obvious attempt at misdirection. / discreditation.
2, Gen Alexander still does not know what Ed Snowden had.

Your previous comments make me believe you have not spotted the former and have swallowed the poison pill / bait and are thus hooked possibly to your peril.

And whilst you acknowledge Ed Snowden could not have read 1.7million documents, you either fail to recognise the latter point or quite deliberatly chose to ignore it.

So you should ask the question "Why is General Alexander so desperate to get his hands on what Ed Snowden copied?"

It's because either the General has worked it out for himself, or the NSA and DoJ legal entities have told him, there is insufficient evidence against Ed Snowden to be of use.

A point Ed Snowden's legal advisors have nodoubt told Ed the same thing.

Thus the 5eyes legal entities are desperatly hoping to strike lucky and get a single golden nugget out of that unseen mountain to use against Ed Snowden and rope him in for the "Manning Detention" treatment or worse (what most civilised countries call pschological and physical torture).

This is why MI5 under presure pushed the UK border agencies to grab Mr Greenwald's partner (an attempt that has caused them and the UK Gov much embarisment and continues to do so). It's also why the UK's most senior civil servent made a fool of himself infront of the editor of the Guardian, overplayed his hand and had to settle for a rediculouse pantomime involving "tweedle dee and tweedle dum" from GCHQ, which actually leaked yet more classified information to the world.

I must admit I'm surprised that you can not see this, after all your arguments although generaly wrong, do not come across like "Joe Sixpack, Sunday morning quaterbacking".

BenniFebruary 8, 2014 11:01 PM

regarding the above comment of mine on miniduke, i should add that it was noted that none of its targets were based on china. However, this does not imply the malware was made by someone in asia. The reason, that miniduke does not target asia is because it is not well suited for that.
Asian people have their own language and especially fonts. A person targeted with miniduke would perhaps immediately become suspicious, if he sees his computer connecting to european servers, of to twitter accounts written in english language, accounts by persons like "obamaApril".

The german site eamtm.com that deployed the miniduke malware currently shows a small company selling used machine parts. The site It lists a contact information: European Association of Machine Tool Merchants vzw Villalaan 83,
B-1190 Brussels, Belgium
the domain service whois lists eamtm.de as a domain of the following registranr: Hans-Juergen Geiger Maschinen & Apparate GmbH
Adresse: Hans-Juergen Geiger, Gutenbergstr. 31,
PLZ: 72555, Ort: Metzingen, Land: DE which is apparently the same company.

Perhaps this small company was hacked by the miniduke deployers? But why do they not issue some statement on their site that they have cleaned their servers and now are bug-free?
Furthermore, if you attack engineers, then a malware that contacts an engineer company is perfectly the least suspicious way to do. And NSA is known to attack e.g Belgacom engineers to get into GSM.

So the fact that miniduke has no targets in asia does not make miniduke of probable chinese origin. Miniduke seems to be made to attack western countries, with twitter accounts in english language, and deployment servers in europe.

It would be conceivable that for attacking asian computers, the nsa has simply designed entirely different malware, with asian twitter accounts and command servers located in asia, in order to remain undetected for longer periods.


BenniFebruary 8, 2014 11:13 PM

the other sites also have interesting whois entries:


[Querying whois.nic.ch]
[whois.nic.ch]
whois: This information is subject to an Acceptable Use Policy.
See http://www.nic.ch/terms/aup.html
Domain name:
arabooks.ch
Holder of domain name:
Librairie Arabe l'Olivier
Bittar-Maurin Alain
rue de Fribourg 5
CH-1201 Gen?ve
Switzerland
Contractual Language: French
Technical contact:
VTX Services S.A.
COBBI Francis
avenue de Lavaux 101
CH-1009 Pully
Switzerland
DNSSEC:N
Name servers:
cardassian.deckpoint.ch [194.38.160.129]
narn.deckpoint.ch [194.38.160.133]

[Querying whois.verisign-grs.com]
[Redirected to whois.godaddy.com]
[Querying whois.godaddy.com]
[whois.godaddy.com]
Domain Name: TSOFTONLINE.COM
Registrar URL: http://www.godaddy.com
Registrant Name:
Registrant Organization:
Name Server: NS1.TANPIXEL.COM
Name Server: NS2.TANPIXEL.COM
DNSSEC: unsigned
Domain Name: EAMTM.COM
Registrar: ASCIO TECHNOLOGIES, INC.
Whois Server: whois.ascio.com
Referral URL: http://www.ascio.com
Name Server: NS1.SCARTECH.BE
Name Server: NS2.SCARTECH.BE
Name Server: NS3.SCARTECH.BE
Status: ok
Updated Date: 22-may-2013
Creation Date: 20-may-1997
Expiration Date: 21-may-2014

Domain Name: GROUPTUMBLER.COM
Registry Domain ID: 1637534467_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.register.com
Registrar URL: www.register.com
Creation Date: 2011-01-29 13:32:47Z
Registrar Registration Expiration Date: 2014-01-29 13:32:47Z
Registrar: REGISTER.COM, INC.
Registrar IANA ID: 9
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.4042602594
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: TIM K. LAPPIN
Registrant Organization: GROUPTUMBLER.COM
Registrant Street: 4573 FROE STREET
Registrant Street: BLUEFIELD, WV 24701
Registrant City: BLUEFIELD
Registrant State/Province: WV
Registrant Postal Code: 24701
Registrant Country: US
Registrant Phone: +1.3043241632
Registrant Phone Ext:
Registrant Fax: +1.3043241632
Registrant Fax Ext:
Registrant Email: ADMINISTRATOR@GROUPTUMBLER.COM
Registry Admin ID:
Admin Name: TIM K. LAPPIN
Admin Organization: GROUPTUMBLER.COM
Admin Street: 4573 FROE STREET
Admin Street: BLUEFIELD, WV 24701
Admin City: BLUEFIELD
Admin State/Province: WV
Admin Postal Code: 24701
Admin Country: US
Admin Phone: +1.3043241632
Admin Phone Ext:
Admin Fax: +1.3043241632
Admin Fax Ext:
Admin Email: ADMINISTRATOR@GROUPTUMBLER.COM
Registry Tech ID:
Tech Name: TIM K. LAPPIN
Tech Organization: GROUPTUMBLER.COM
Tech Street: 4573 FROE STREET
Tech Street: BLUEFIELD, WV 24701
Tech City: BLUEFIELD
Tech State/Province: WV
Tech Postal Code: 24701
Tech Country: US
Tech Phone: +1.3043241632
Tech Phone Ext:
Tech Fax: +1.3043241632
Tech Fax Ext:
Tech Email: ADMINISTRATOR@GROUPTUMBLER.COM
Name Server: DNS01.GPN.REGISTER.COM
Name Server: DNS02.GPN.REGISTER.COM
Name Server: DNS03.GPN.REGISTER.COM
Name Server: DNS04.GPN.REGISTER.COM
Name Server: DNS05.GPN.REGISTER.COM
DNSSEC: unSigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-02-01 09:25:09Z

Domain ID: D39723668-LROR
Creation Date: 2000-11-03T11:36:57Z
Updated Date: 2013-09-24T16:55:39Z
Registry Expiry Date: 2014-11-03T11:36:57Z
Sponsoring Registrar:Gandi SAS (R42-LROR)
Sponsoring Registrar IANA ID: 81
WHOIS Server:
Referral URL:
Domain Status: clientTransferProhibited
Registrant ID:0-1344430-GANDI
Registrant Name:Association Artas
Registrant Organization:Association Artas
Registrant Street: Chateau de Touche Noire
Registrant City:GEHEE
Registrant State/Province:
Registrant Postal Code:36240
Registrant Country:FR
Registrant Phone:+33.254408048
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:duret.anne@wanadoo.fr
Admin ID:BH1576-GANDI
Admin Name:Patrick Priem
Admin Organization:Art'As
Admin Street: 19 rue Victor Lefevre 1030 Bruxelles
Admin City:BRUXELLES
Admin State/Province:
Admin Postal Code:1030
Admin Country:BE
Admin Phone:+32.477262751
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin
Email:9d0135a5660d7aeed4fb609991631227-1208301@contact.gandi.net
Tech ID:GV237-GANDI
Tech Name:Gilles Vincent
Tech Organization:
Tech Street: Whois Protege / Obfuscated whois
Tech City:Paris
Tech State/Province:
Tech Postal Code:75013
Tech Country:FR
Tech Phone:+33.170377666
Tech Phone Ext:
Tech Fax: +33.143730576
Tech Fax Ext:
Tech Email:gilles.vincent@gmail.com
Name Server:C.DNS.GANDI.NET
Name Server:B.DNS.GANDI.NET
Name Server:A.DNS.GANDI.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

Clive RobinsonFebruary 8, 2014 11:33 PM

@ Name.Witheld...,

The analagy between cyber-warfare and the MAD stratagie does not realy work.

The problem you are having trying to find a suitable analagy is explained by "unstated assumptions / axioms", and I've mentioned it before on this blog.

The problem is that we are "creatures of the tangible physical world" not of the "near infinate possabilities of the intangible information universe". In the physical world the laws of physics as we understand them apply that is mass/energy equivalence and all forces constrained by the speed of light. The information universe is intangible and not constrained by physical laws except where information impinges into our physical world, then information becomes constrained by the physical objects it is impressed upon for storage, processing or communication.

The MAD stratagy relied overwhelmingly on physical constraint although it was not usually stated. That is the US has the physical capabilities to "outproduce" not just the CCCP/USSR but the entire rest of the worlds nuclear arsanals two or three to one. Likewise and perhaps more importantly the same applied to the physical delivery systems. And the US would thus always have the upper had that guarenteed MAD would be effective.

The almost exact opposit applies to cyber-warfare, because ther are no physical limitations on producing an information weapon. And more importantly the delivery system is other information systems that you as an attacker neither have to provide energy for, produce or own them, thus they are to the attacker free. These delivery systems are owned by the enemy, if the enemy does not have them or they are not accessable to the attacker then the enemy can not be attacked. Thus the more accessable information systems a country has the more vulnerable it is...

However as the general populous who think about Stuxnet and the Ed Snowden reverlations are realising "accessability" is not something that can be denied to an attacker if your information systems are to be of any use culturaly, industrialy, economicaly, politicaly or even as weapons. The fact is to have and use information systems makes you vulnerable to attack.

However not having the information systems and using you leaves you vulnerable culturaly, industrialy, economicaly and politicaly...

Catch 22

Or as has been often said "Can't live with em, can't live without them".

But more importantly is the understanding of what this means in real terms, the "Doctorine of First Strike" is flawed and thus an offencive "attack only" stratagy is at best self limiting because the deleivery mechanism you need to succeed is also what you are attacking.

Thus you have to work another way which is to take offensive acts of war prior to any hostillities. This would be the equivalent of FedEXing or UPSing your nukes to be kept in their warehouses in the country you wish to defend yourself against... Such behaviour under the rules and laws of war is considered a premptive act of war against a civilian population which is about the worst war crime you can commit...

I'm sorry I've shot a hole in your analagy for a couple of reasons. Firstly MAD is viseraly understood by most western people and it has the ability to scare them awake. Secondly I doubt there is a replacment analagy most people could recognise sufficiently to get behind to shout down the War Hawks.

The War Hawks are like the drunken idiot hanging off a lamppost barely able to stand scraming "I can have yer" at passers by on the opposit side of the street. Where the best policy is to keep away from them till somebody competent to deal with them takes them away and locks them up where they cann't hurt themselves and more importantly cann't hurt others. The trick is to keep weapons and sharp edged tools out of their hands, not as we currently do let the idiots have "run of the shop".

Clive RobinsonFebruary 9, 2014 1:48 AM

@ Nick P, Name.Witheld...,

Speaking of nukes here and a few days ago about the inability to authenticate people, raises the Comand and Control system question asked by US Air Force Maj Hering, which cost him a lot more than his job,

http://www.slate.com/articles/life/the_spectator/2011/02/an_unsung_hero_of_the_nuclear_age.single.html

As the article mentions President Nixon did make his comment about leaving the room and in 25 minutes 70million people would be dead. Which Dick Chaney also talked about with regards the not so big W... It's a problem that's still with us and unfortunatly with the War Hawks and military insudtrial complex riding high is not going to go away any time soon. As somebody once noted "no matter how small the probability if you wait long enough it becomes an odds on certainty"...

BuckFebruary 9, 2014 2:22 AM

@Nick P
re Most botnets being by black hats vs govts:

My claim is debatable. Almost every botnet I've ever read about was controlled by organized crime for spam or illegal content. Yet, I don't have numbers on govt botnets. So, they might have more.

We're in wholehearted agreement here ;-)
The existence of a covert network of possibly millions of implanted machines, ready to strike any target at a moment's notice (along with their activation sequences), would certainly be considered part of the so-called (so far unseen) 'crown jewels' of the U.S. (or any other nation's) intelligence community.

re futuristic predictions:

I'm actually somewhat surprised that my post on recent quantum computing developments (https://www.schneier.com/blog/archives/2014/01/friday_squid_bl_413.html#c3920142) didn't peak more interest than it did...
Perhaps that's just me being written-off as a spammer due to my esoteric style of prose?
Could it be that, unknowingly, I (or some of us) have been preselected as beta testers for some sort of "personalized digital media experience" software program?
Or was it too obvious that those are all PR fluff pieces with little value other than for hooking ignorant investors?
Maybe that mumbo-jumbo is still considered pseudo-science?
But I think probably because quantum mechanics are just too unintuitive to believe possible ;-)
I'd like to again point out that blurb from Google's AI lab (published nearly two years ago - by a public company, no less!):
Launching the Quantum Artificial Intelligence Lab (May 16, 2012 - Google)

We've already developed some quantum machine learning algorithms. One produces very compact, efficient recognizers -- very useful when you're short on power, as on a mobile device. Another can handle highly polluted training data, where a high percentage of the examples are mislabeled, as they often are in the real world. And we've learned some useful principles: e.g., you get the best results not with pure quantum computing, but by mixing quantum and classical computing.
http://googleresearch.blogspot.com/2013/05/launching-quantum-artificial.html

How far off is the future? Lately it seems as if around here we've all been living about 7 years in the past... :-\

Regular imperialism, domestic control and scaremongering explain everything they're doing. Now, they might read posts like yours and be inspired to do "greater" things. ;)

If, however, I am the first to come up with any of these ideas; I would honestly be both humbled and horrified! Perhaps patent law is the place for me!? If business processes can be patented under the auspices of "and it's been implemented on a computer!" maybe methods of waging war could similarly be protected as "intellectual property" :-P

And yes, ancient ideas such as 'Rome or Book of Revelation' have earned their place in history, and certainly have influenced much of civilization since their inception... Though if you're really that far removed from our present reality, might I suggest some readings about some more relevant and much more recent developments? See: Sturmabteilung (http://en.wikipedia.org/wiki/Sturmabteilung) and Schutzstaffel (http://en.wikipedia.org/wiki/Schutzstaffel)

SkepticalFebruary 9, 2014 7:47 AM

@Clive:

I didn't say one word about anyone "returning stolen documents." Very little in your comment seems to be actually directed against what I had written.

I linked to a New York Times article reporting on Snowden's method of retrieval (sounds like a glorified wget), and asked whether this sounded technically plausible. You should read the article.

Now, if he were using such a tool to retrieve files, then I wonder whether he simply retrieved entire directories and sub-directories, and left them organized as such. This would provide him with out-of-the-box organization and labeling, with which Greenwald was so impressed.

As to Snowden not confirming whether he has taken 1.7 million documents, the consequences of forcing the US to operate under a worst-case scenario assumption is completely on him. This has nothing to do with Snowden returning documents. It has to do with him taking basic steps to minimize harm.

Legally, he's done. His attorneys know that. The first year law student gazing in caffeinated befuddlement at his casebook knows that. There's no question of lack of evidence. Clive, he's confessed multiple times, and journalists have reported on confessing statements multiple times, in addition to whatever forensic evidence they have, in addition to the huge amount of circumstantial (which is not pejorative) evidence.

Snowden's best hope is a deal. I think he knows that much. What I don't think he realizes is the importance of showing good faith, and winning additional public support. The USG is never going to like Snowden; but they could possibly respect him if he made an effort to limit the damage.

So why does Snowden not limit the damage?

I suspect someone is whispering to him that it is more important that the US have absolutely no idea what journalists may report upon. If they do, these whispers continue, the US can suddenly change programs, can release documents ahead of the journalists with its own spin, and somehow control things. As to the costs, including the human costs, of forcing the US to operate under a worst-case assumption, these whispers say little, because those whispers quite frankly don't know what the fuck they're talking about. When special operations have to be cancelled or modified, it is sometimes the case that human beings must bear an increased amount of risk because of that, for example.

Snowden knows better. The only ones who benefit from him not minimizing harm by indicating at least what documents were actually taken are: (1) Wikileaks and journalists who do not want their "exclusives" to be any less so, and (2) enemies of the United States. If the government tries to spin a story the wrong way, then journalists working on these stories already have the information necessary to correct that spin.

The other part of the case being made by those whispering to him undoubtedly is that he needs to hold back minimizing harm in order to maximize his leverage. Whether that is true depends on information I don't have, specifically whether his attorneys are negotiating with the DOJ and what the DOJ has indicated with respect to a deal. If however the DOJ has indicated that they won't do a deal at the point of a gun, that's likely true; and Snowden then needs to switch tactics by engaging in good faith minimization efforts, which will win him some credibility and which will also make the DOJ more inclined to negotiate.

skepticredulousFebruary 9, 2014 9:46 AM

Legally, huh huh, that's funny. Legally in backwoods rube law.

Legally, the NSA is done. The US Stasi's most sensitive secret is not sources and methods or National Technical Means. Their best-kept secret is CCPR Article 17, supreme law of the land equivalent to federal statute, with which domestic law at all levels must be brought into compliance; and UDHR Article 12, federal and state common law and customary international law of all nations; Articles V, IX, and X of the American Declaration of the Rights and Duties of Man, binding in the jurisprudence of the Inter-American Court of Human Rights and in the Inter-American Commission on Human Rights; and the American Convention on Human Rights Article 11, binding as conventional international law for states parties in the OAS. The right to privacy.

Contrary to the Juche of the NSA's Songun Pioneers, surveillance, "whether electronic or otherwise, interceptions of telephonic, telegraphic and other forms of communication, wire-tapping and recording of conversations" are to be prohibited, according to the Human Rights Committee, which has interpretive authority over US jurisprudence under ICJ Statute Article 38. National-security antiterror nonsense doesn't justify US government panty-sniffing, either: surveillance in war suspends the rights and actions of the nationals of the hostile party, a war crime in itself under Rome Statute Article 8.2.b.xiv and equivalent universal-jurisdiction law.

The ODNI junta's Big Lie holds that America's constitution protects the domestic population's privacy and nothing protects foreign populations from US surveillance. False. All humans have the right to privacy. Take it from the Inter-American Court: the "object and purpose [of human rights treaties] is the protection of the basic rights of individual human beings irrespective of their nationality, both against the State of their nationality and all other contracting States." The US constitution, by contrast, is Clapper's toilet paper, illegally suspended by decree in breach of CCPR Article 4. Give it up, it's gone, you're not getting it back. Unlike Snowden, you live in an out-of-control pariah state that crushes human right. The outside world is your only recourse.

The DoJ hacks are irrelevant to Snowden, who cannot be legally be prosecuted for defending human rights. Snowden is in the world's witness protection program, A/RES/53/144, and he's ratting out the dangerous criminal enterprise that is the US government.

bassixFebruary 9, 2014 10:12 AM

Today the UK paper 'Mail on Sunday' has a story on the leaking of thousands of files of customer details by Barclays Bank. This has been picked up by the BBC News online service at http://www.bbc.co.uk/news/uk-26106138 Now, I use Barclays and today I made an online purchase using my Barclaycard and this online transaction was backed up by the 'Verified by VISA' service. So far so good. When I later checked online with Barclaycard Secure I entered my VbV password incorrectly, using a lower case alpha character rather than the uppercase which I set it up to use. It let me in. So, I deduce the password is not stored in a hashed or encrypted form. So, Barclaycard Secure online security appears to be not fit for purpose.

Clive RobinsonFebruary 9, 2014 12:28 PM

@ Bassix,

    So, I deduce the password is not stored in a hashed or encrypted form. So, Barclaycard Secure online security appears to be not fit for purpose

Err your deduction could well be wrong.

Ignoring for the moment channel encryption what you are doing is sending a plaintext password to their server. You are assuming that this should be hashed and the compared to a stored copy of the hash yes?

Well one of the biggest problems with customers hitting the "three strikes and your out" and having to call support etc is the use of the caps lock key, which without visual on screen feedback can be not in the state the user thinks it's in.

One solution is that the programers decided to fix this problem by using the equivalent of "toupper()" which converts lower case to upper case. If they always do this on the plain text password prior to hashing then the caps lock problem goes away. That is the hash they store for comparison is converted prior to hashing into uppercase as well.

Whilst this does provably remove a chunk of support calls it also reduces the size of the charecter alphabet for each password char by 26 which significantly reduces password guessing attempts.

So your final conclusion of "not fit for puropose" may not be that far off the mark.

I've watched with dismay Barclay's lack luster attempts at ITsec for users this century and remember Sept 2000 when they made it not just into the UK press but world press for their "behind the curve" security practices. As you are also probably awar their fixing of LIBOR was another attack not just on their customers but nearly every bank customer in the western world. So as you can guess I don't have any kind of relationship with them in this century and I couldn't realy find any reason to use/recomend them, they might have two centuries of existence but even the best of apples will rot to the core in much less time than that, unless strict controls are in place.

MikeFebruary 9, 2014 1:51 PM

@Skeptical: I'm wondering if it has occurred to you, as it has to me, that Snowden may not be *that* bothered about a deal, or a 'best hope' or any other such thing. Sure, the rest of his life is obviously of some concern to him but – really – given how he's behaved so far I think it's reasonable to assume his future may not be such a high priority for him. Presumably he wasn't expecting anything about his life would ever be the same when he did what he did.

As a thought experiment let's give him the benefit of the doubt – assume that he is someone who's genuinely performed a knowing self-harming act based on a sense of higher responsibility to society as a whole – misguided or otherwise – with no regard for his own self-preservation/comfort beyond whatever is necessary to achieve his altruistic/idealistic aim. If this is true then the idea that Snowden is likely to give that much of a sh*t about his future seems to me to be highly questionable. Snowden's ongoing *priority* in this case is surely still going to be to further whatever his altruistic/idealistic aims were in the first place – with continued disregard for his own medium to long term wellbeing – even more so presumably now that he has knowingly already thrown so much of his life away for his cause. I wonder sometimes if some of the statements/accusations that have been interpreted as attempts to 'smear' him are actually no such thing – could they just be genuine attempts by successful sociopathic types in authority to try to understand why on earth he would do such a thing – it is as if they're thinking that surely Snowden *must* have been motivated by some sort of personal gain and they can't make sense of the situation until they've figured out what it was he was hoping to get out of it – as if for them the idea that someone might act against their own interests, for the good of society, with no hope of personal gain simply does not compute. This reminds me a bit of when the sociopaths in oppressive regimes 'crack down' on dissent to try to set a bloody example and then seem surprised when, as it often does, this just makes even more people come out on to the streets – the sociopaths presumably find it almost impossible to imagine what it might be like to be someone who could act un-selfishly – wrongly assuming that everyone, like them, is utterly self-serving – for them, given the choice between knuckling under or standing up to the tyranny at the risk of getting a good kicking with nothing in return the sociopaths would naturally choose to stay at home every time – and are baffled that some people continue to insist on standing in front of the tanks and so forth. Maybe Snowden isn't one of those 'stand in front of a tank' people – but at the moment could than not be the simplest explanation for events so far?

name.withheld.for.obvious.reasonsFebruary 9, 2014 2:14 PM

@ Clive Robinson

The analagy between cyber-warfare and the MAD stratagie does not realy work.

Thanks Clive, not really trying to tie the two concepts together (cold/cyber war) or the strategies (MAD, PPD 20). I understood when I started this exercise that establishing a contextually coherent analog using the method of allegory would likely fail. You, and several others, have established thoughtful responses but the corpus of my underlying theory seems not to be apparent. Seems two objectives, boiling down a series of complex conceptual (the Cold War was largely conceptual) environment(s) that is the cyber battlesphere with the associated operational methods (some if revealed in the NSA documents) would be frought with peril. "Let me go back and face the peril."

Your comments bare that out in full. But, I do have to say several thoughtful and insightful observations have been made. The issue is can some form of progress beyond the tongue wagging be made?
and MAD an abstract strategic

AdjuvantFebruary 9, 2014 2:44 PM

@Skeptical
"As to Snowden not confirming whether he has taken 1.7 million documents, the consequences of forcing the US to operate under a worst-case scenario assumption is completely on him. This has nothing to do with Snowden returning documents. It has to do with him taking basic steps to minimize harm."

I've been quiet lately, but I can't believe nobody has challenged this line of argumentation. Are you seriously positing that if Snowden were to give a statement delineating the scope of the breach, that would be sufficient for the government to take to the bank and call off the "worst-case scenario assumption?"

We've already established that Snowden likely has a legal motivation not to confirm what has been taken, lest some tidbit prove damning. From the NSA's point of view, anything Snowden could possibly disclose at this point would therefore be suspect. Just as Snowden cannot prove or satisfactorily demonstrate the non-existence of any further copies of this information, he also cannot prove or satisfactorily demonstrate the non-existence of any further portions of this information. Therefore, if Snowden were to completely disclose what he has, that would do nothing to "limit the damage" unless you expect the NSA to behave like a naive 10-year-old. Such disclosure would, of course, confirm that particular elements are present within the scope of the breach, but this could also lead to misdirection of mitigation efforts if the release were selective (i.e. Snowden has motivation to hide any damaging bombshell discoveries he might have made within his trove), so these points of confirmation would be of limited value. In short, the NSA would be fools to make any changes to their basic assumption.

In this scenario, nobody has anything to gain, and Snowden potentially has quite a bit to lose. So quit whining about Snowden's refusal to "turn over the documents" and find a new line of argument to discredit him: this one is piss-poor.

Doug CoulterFebruary 9, 2014 3:24 PM

Mike hammered it. most people do what psychologists call projection, without even realizing it.

VatosFebruary 9, 2014 3:39 PM

Pwn2Own is happening soon.

What is the value of such contests? Maybe one vulnerability is fixed (like the one in Chrome last year) but it does not address all of the others

Clive RobinsonFebruary 9, 2014 6:12 PM

@ Skeptical,

I get the feeling you do not understand what a legal juresdiction is and how it applies to people inside of and outside of the teritorial limits of the juresdiction.

You take a questionable US juresdictional issue and assume incorrectly that it has any standing in another juresdiction.

Outside of the US Ed Snowden has not committed any crimes. The US has made many rumblings about "crimes" well they have to establish them. The only thing Ed Snowden has admitted to is copying documents, on which some of the 5eye nations have copyright.

The fact that some people are going around implying Ed Snowden has commited treason etc etc is irelevant outside of the US and any other 5eye country. To the US Gov the documents might be secret, to any other nation they are not secrets just documents that might or might not have copyright asigned to them.

Now in many juresdictions copyright violation is not a criminal offence just a civil offence, the documents might have some monetary value asigned to them for which damages might be awarded by a court if moneterisable harm can be shown (which for most of the documents is doubtfull).

Thus even if the country Ed Snowden ends up in has an extradition treaty with the US the chance of the US getting Mr Snowden extradited is minimal, and I'm sure the US DoJ is aware of this as are the legal types at the NSA.

Thus to get Mr Snowden extradited they have to show he's commited a crime that is sufficient for extradition to be granted. At the moment very few of the --supposed-- 1.7million documents has been revealed, none of which show methods or sources that have any value as far as extradition is concerned. And we can make a working assumption that the NSA don't currently know what the other documents are (though they may have suspicions). Why? because otherwise the DoJ would have been all over it, likewise there would not have been so many US Gov statments of "not doing" which almost immediatly get contradicted by the release of documents by the press from the trove supplied to them by Mr Snowden.

So why would Ed Snowden or the press give anything to the NSA or any other part of the US Gov? there's no advantage for them or Ed Snowden in doing so in fact the very opposit.

So why you persist in some strange belife otherwise is I guess one of those inexplicable mysteries in life.

Bob S.February 9, 2014 6:25 PM

Get your tin foil hat and pop corn ready:

"Glenn Greenwald,...suggested new revelations are to come when he launches an independent news site this week." ~cnn

I am not sure I can take much more....but cyber war is hell for sure.

Wesley ParishFebruary 10, 2014 4:53 AM

@Clive Robinson et alii

As far as I know, documents produced by the state in the US, the UK and the other 5Eyes are not covered by copyright in the same way that documents produced by private individuals (such as you, I or Tom, Dick and Harry next door) are. So it can't be copyright infringement that the US Fe[de]ral is rabbiting on about. I doubt any French, German, Russian, or whatever court would give them the time of day over such "copyright infringement".

No, it's the fact that he's spilled the beans on surveillance-as-lifestyle as practiced by the US and the 5Eyes nations. The actual "harm" is the bruised egos of the NSA analysts and other alphabet soup types, and the fact they can't continue doing what they've done previously, now that everybody sees the Emperor has no clothes on.

So you see, there's nothing Snowden can do to mitigate the "harm". He can prevent the use of those documents to harm those on the periphery of the whistleblowing; but he can't soothe the egos of those mistaking the glass houses they were living in for subterranean caves and thus throwing rocks and boulders with gay abandon.

BenniFebruary 10, 2014 5:33 AM

One problem with snowden getting to germany could perhps be how to get out of russia. And then, there is the problem that a person must apply for asylum in the first country of the european union that he visits. Differently from germany, the EU has a extradition treaty with the US that says an extradition is only forbidden if a death sentence could happen in the US. This is different in germany, where german law states that persons can not be extradited for political crimes

So Snowden would have to get to germany directly from russia, without touching another european country. This is only possible by plane, or ship.
There could be a solution for this. Hans Dietrich Genscher was germanys foreign minister for a long time. Recently, Genscher freed the russian industrial Chodorkowski from prison and took him into a flight to germany: http://www.zeit.de/politik/ausland/2013-12/chodorkowski-auf-dem-weg-nach-deutschland

Perhaps Genscher could do the same with Snowden. Genscher has a homepage: http://www.genscher.de/ where this postal adress is mentioned: Hans-Dietrich Genscher
Postfach 20 06 55
D-53136 Bonn
e-mail: buero@genscher.de


Genscheris a member of the FDP. This is a party that has, when it comes to economics, similar ideas than the US republican party. But the FDP are entirely not conseratives. FDP means freedom democratic party, and freedom is their only program. Freedom of taxes, as well of freedom from governments social spending. As the last part is seen critically in the german population, the FDP recently was thrown out of parliament after they lost their election. Currently, the FDP wants to regain profile as a civil rights party. Here, for example: http://www.zeit.de/politik/deutschland/2013-12/lindner-fdp-parteitag-antrittsrede the chief of that party compares the nsa with terrorists.

If genscher was able to free Chodorkowski, perhaps he could extract snowden as well.

SkepticalFebruary 10, 2014 6:14 AM

@Mike: I'm wondering if it has occurred to you, as it has to me, that Snowden may not be *that* bothered about a deal, or a 'best hope' or any other such thing. Sure, the rest of his life is obviously of some concern to him but – really – given how he's behaved so far I think it's reasonable to assume his future may not be such a high priority for him.

Anything is possible, but that is an extremely unlikely hypothesis. All of these actions are inconsistent with it:

- Snowden asked The Washington Post to include a digital signature on documents published which he could use to verify to a foreign embassy that he was in fact the leaker.

- Also from The Washington Post: In an e-mail on May 24, he dropped a bombshell. Whistleblowers before him, he said, had been destroyed by the experience. Snowden wanted “to embolden others to step forward,” he wrote, by showing that “they can win.”

- Snowden chose Hong Kong because he thought it would be difficult to extradite him. He then sought refuge in the Russian consulate, reportedly with the help of Wikileaks.

- Snowden created a package of documents with incredibly damaging information and instructed certain persons to release it in the event something happened to him.

- Snowden has been actively courting asylum in many nations, such as Brazil and Germany, by promising to assist in investigations.

I mention these not pejoratively, but simply to show that Snowden is very much concerned about his future, and has been energetic in both thought and action in his attempts to secure one.

None of these things is inconsistent with the idea that Snowden is also motivated ideologically, of course. He's a human being, and there are multiple drivers.

SkepticalFebruary 10, 2014 6:17 AM

@Clive: Now in many juresdictions copyright violation is not a criminal offence just a civil offence [...] Thus even if the country Ed Snowden ends up in has an extradition treaty with the US the chance of the US getting Mr Snowden extradited is minimal, and I'm sure the US DoJ is aware of this as are the legal types at the NSA.

Copyright has nothing to do with this.

Snowden violated US espionage laws, specifically 18 USC 793, 18 USC 794, and 18 USC 798. These are major felonies, and are covered in general by extradition treaties.

Thus to get Mr Snowden extradited they have to show he's commited a crime that is sufficient for extradition to be granted. At the moment very few of the --supposed-- 1.7million documents has been revealed, none of which show methods or sources that have any value as far as extradition is concerned.

The documents and Snowden's own recorded statements widely reported upon are more than sufficient to sustain charges under the Espionage Act. These charges in turn would form the basis of a valid extradition request under most US extradition treaties.

As I'm certain Snowden's attorneys have already told him, and as I'm sure he was well aware before that, the evidence available to the public is ample and sufficient to bring charges under the laws I referenced, and to enable a conviction.

The only way in which it may be to Snowden's advantage to not take action to minimize harm is under the theory that this withheld knowledge may help him in bargaining with the US. Whether that is actually the case depends on facts I don't have.

In other words, Snowden's leverage with the USG consists in two things: information he has that the USG wants, and public support.

By not taking basic minimization of harm steps, though, he may find himself vulnerable on the public support front, and may for different reasons burn any chance of the USG being able to support a deal for him.

I strongly suspect that his current strategy is a mistake prudentially; I am certain that his current strategy is a mistake morally.

SkepticalFebruary 10, 2014 6:37 AM

@Adjuvant: Just as Snowden cannot prove or satisfactorily demonstrate the non-existence of any further copies of this information, he also cannot prove or satisfactorily demonstrate the non-existence of any further portions of this information. Therefore, if Snowden were to completely disclose what he has, that would do nothing to "limit the damage" unless you expect the NSA to behave like a naive 10-year-old.

It's more nuanced than that. What Snowden says, and what reasons he gives for believing what he says, can alter a risk-assessment. Nothing can be known with certainty, but there may be ways of corroborating certain claims he makes, which may raise or lower the probability of possible event.

So quit whining about Snowden's refusal to "turn over the documents" and find a new line of argument to discredit him: this one is piss-poor.

I'm asking that he take basic steps to inform the USG as to what he has taken. I'm asking that he say to the USG, "listen, here is what I have taken (or NOT taken), here are reasons for believing me, here are ways to corroborate what I'm saying."

You, among others, spoke of whether Snowden has legal reasons to refrain from doing so. I've addressed this idea already, but to restate: the information I think he should disclose may be useful in bargaining with the US for a deal, but the evidence available is already more than sufficient, beyond any reasonable doubt, to sustain charges and a conviction.

His attorneys may be thinking "well, this is useful bargaining material, and even if they have enough evidence to convict, why add to the pile?"

But I suspect, if that's what they're thinking, that they haven't thought through how such a basic lack of cooperation impacts the DOJ's institutional view of this case. Nor have they thought through the extent to which lack of cooperation actually increases Snowden's liability at sentencing if no deal is struck.

SkepticalFebruary 10, 2014 7:03 AM

@skepticredulous: The US Stasi's most sensitive secret is not sources and methods or National Technical Means. Their best-kept secret is CCPR Article 17, ...

Um, no. You won't find a court anywhere in the world, much less the United States, who agrees with your legal arguments. And an attorney who presented those arguments would be committing malpractice.

Incidentally, it is curious to me that while many are willing, even eager, to speculate on how the NSA does things, few, if any, seem to willing to speculate on how Snowden took files.

lostFebruary 10, 2014 7:10 AM

@ all

Skeptical sounds like an LEA who believes that EJS reads this blog and that he can persuade him with direct argument to do what he wants.

SkepticalFebruary 10, 2014 7:18 AM

Last post as I'm out of time:

@lost: Not LE, not written for or directed to Snowden. I simply enjoy thinking things through and talking about them. As do most of us, I think.

scepticredelusorulityFebruary 10, 2014 8:50 AM

Hard to know what to make of skeptical's factless theological denial of the universally-recognized binding force of customary and conventional international law. US government evasion of its legal obligations and commitments is based on the sleazy runaround of "non-self executing" law. To the civilized world, that's just a bad joke. No one's fooled but wannabe goobers down home. The US government quietly sucks it up when the ICJ lays down the law. US officials routinely crawl for treaty bodies and charter bodies, acknowledging state duties and abjectly promising to do better. They will crawl again this year in the March review of US compliance with the CCPR, and in the fall, more spectacularly, with mandatory review of US compliance with the Convention Against Torture. Our skeptical patriots here will be stopping their ears and chanting lalalala to block out the public disgrace. Makes Juche look like the scientific method.

And now Snowden's rock-solid documentary evidence shows complicity of NSA executives in murder, torture, and disappearance in breach of Rome Statute Article 7.1.a, 7.1.f, and 7.1.i (or, if you prefer, the corresponding universal-jurisdiction law.) Crimes against humanity. No statute of limitations. Times change. It will be fun to watch Alexander and Clapper doddering in wheelchairs in the dock, blankets on their knees, trying to look all frail and pathetic to tug the judges' heartstrings.

MikeFebruary 10, 2014 9:29 AM

@Skeptical: Thanks for the considered reply. I think my point was about priorities – not that he has no concern for his future wellbeing.

As you say:

None of these things is inconsistent with the idea that Snowden is also motivated ideologically, of course. He's a human being, and there are multiple drivers.

Indeed – multiple drivers – so I was thinking maybe the ideological (for want of a better word) driver in Snowden's case may be rather stronger than *anything* else – certainly on past form this seems likely given what he appears to have given up in order to do what he chose to do. My point, I think, was that sometimes when people find his actions/statements incompatible with self-preservation and/or a return to a semblance of normal life – as indeed you did in your prior post – perhaps more sense could be made of what he says and does when viewed through the prism of an often *overriding* ideological motivation.

Saul Tannenbaum February 10, 2014 9:40 AM

While it doesn't say so on the calendar entry, it turns out that the event I noted above:

Why Defense Will Never Work: Defending the network from cyber-attack. Prof. Jim Waldo, HU CIO; Mr. Stephen Boyer, CTO BitSigh

is Harvard-only.

Clive RobinsonFebruary 10, 2014 9:46 AM

@ Skeptical,

It's pointless quoting US juresdictional law on espionage when it comes to extradition with most civilised countries, especialy when the documents released are revealing much more serious crimes. Further as the US has laws protecting such documents when in journalists hands they will view that within the burden of proof. With other aspects Ed Snowden can show he is in effect a person of political status who acted not for any form of self enrichment but over acts of genocide by the US excecutive. Thus the country could and in many cases would regard any such US charges as either being unfounded or political in nature and thus reject the extradition request.

I'm fairly certain the US DoJ are more than aware of this which is why they appear to be sitting there just twiddeling their thumbs. The only current hope they have is by demonstrating Ed Snowden has taken and released material for personal enrichment or to give to those who would activly use it to harm individual Americans or others foreign nationals engaged in espionage for the US government. What Ed Snowden has done is to give the documents to those of a recognised protected status under US legislation (Journalists) and it is they not him who are releasing carefully selected documents. Ed Snowden has said he nolonger has the documents which I suspect is actually true thus neither he nore his legal advisors could do the very strange and distinctly counter productive things you very oddly suggest.

As for Ed himself I suspect he has resigned himself to live as an excile for now if not indefinatly. He would almost certainly take the view that any negotiation with the US currently would be extreamly counter productive if not life and liberty threatening. He's made it ubundantly clear to the world that he can nolonger do harm to the US so the US would be very ill asvised to send people after him. In fact after certain political and intel community idiots flapped their gums with what could be regarded as death threats they have not only given Ed Snowden grounds to say his life would be in danger if he was extradited to the US the idiots have actually made it much more likely that the US would want to ensure that Ed Snowden stayed alive and well. Because any harm that comes to him now or in the near or foreseable future will make him a maryter as well as being directly attributed to the US Govenment by just about everyone outside of the US which has significant political implications (as well as real physical risk to any US citizen who goes abroad).

Those are the realities of the situation currently.

Speaking of realities you've said,

    Incidentally, it is curious to me that while many are willing, even eager, to speculate on how the NSA does things, few, if any, seem to willing to speculate on how Snowden took files

That's because appart from minor "operational details" we know it was down to the gross failure of the senior mangament of the NSA. Specificaly Gen Alexander failed to carry out one of the two primary functions of the NSA which is "to protect the communications of the United States of America". Instead he chose to go on a very expensive "wild goose chase" which failed in just about every quantifiable respect. That sort of monumental failure makes the failure of Sub-Prime look good in comparison.

Tyco BassFebruary 10, 2014 1:31 PM

Re Bob S. & black box:

I'm very much a fascinated and generally floundering amateur in this group, but I'm thinking that the soundness of obfuscation theory may not matter so much as who sets up the black boxes and controls them?

SkepticalFebruary 10, 2014 7:51 PM

@Clive: It's pointless quoting US juresdictional law on espionage when it comes to extradition with most civilised countries, especialy when the documents released are revealing much more serious crimes.

No, actually most extradition treaties cover charges brought under the Espionage Act. Nor did many of the documents that Snowden took and gave to journalists reveal anything remotely close to a crime.

Further as the US has laws protecting such documents when in journalists hands they will view that within the burden of proof.

No, evidence of a crime doesn't become inaccessible by being held by journalists. And the burden of proof for extradition is usually quite low (generally that charges have been brought and are not completely without support).

With other aspects Ed Snowden can show he is in effect a person of political status who acted not for any form of self enrichment but over acts of genocide by the US excecutive.

So far as extradition is concerned, it doesn't matter if Snowden acted for self-enrichment or not. Nor does it matter as far as charges brought under the Espionage Act. Nor am I aware of any country in which altruism is a defence to charges of espionage.

For Snowden to qualify as a political refugee, he would probably have to be the subject of government action because of his political beliefs. However, Snowden clearly isn't the subject of government action because of his political beliefs, but rather because he took classified information and distributed it to several unauthorized persons, some foreign citizens and organizations.

And acts of genocide by the US executive?? What documents are you reading?

@scepticredulous: No court system in the world would recognize any of the flights of fantasy you've written as a valid legal argument. Sorry. If it's any consolation, I found your invocation of customary international law, in a world where most developed countries collect signals intelligence on foreign countries, to be outright funny.

But more seriously, and dropping the snark your rhetoric inspired me to, it's great that you're interested in such things, and took the time to do a little research. Whatever source you're using though is not giving you a very accurate view of international law, much less US law.

SkepticalFebruary 10, 2014 8:53 PM

@Mike: Indeed – multiple drivers – so I was thinking maybe the ideological (for want of a better word) driver in Snowden's case may be rather stronger than *anything* else – certainly on past form this seems likely given what he appears to have given up in order to do what he chose to do. My point, I think, was that sometimes when people find his actions/statements incompatible with self-preservation and/or a return to a semblance of normal life – as indeed you did in your prior post – perhaps more sense could be made of what he says and does when viewed through the prism of an often *overriding* ideological motivation.

I think in some respects that's is the best explanation of what he's done, but I don't think ideology takes priority over self-interest with respect to everything.

Ideology to some extent explains the decision to engage in leaking documents at all (though mixed with self-interest, which I do not mean in a pejorative sense). But self-interest is the best explanation for many of the actions following.

He's also rationalized those self-interested actions. According to him, the self-interested actions he's taken are only for the sake encouraging future "whistleblowers."

But that's a pretty thin rationalization. Even if he were to "win" (to use the words he used in his communication to The Washington Post), the only lesson he'll have imparted to future whistleblowers is "take information that will truly damage your country's national security, and those of many others, and use it as a bargaining chip." The lesson will not be "reveal the information you truly think to reveal criminal acts, take care not to endanger non-whistleblower information, and if your judgment is good, you will emerge bruised but successful."

BuckFebruary 10, 2014 10:44 PM

Is there any good reason that the title of the article has been removed from the comment byline?
I used to be able to find all of my previous posts with a simple search:

site:schneier.com "buck on" -"joe buck"
(most of these don't actually have the phrase "buck on" included any longer, but apparently they still do in google's cache)

Now that the "on Friday Squid Blogging: Radioactive Giant Squid Washes Ashore in California" tag-line is missing, this feat seems far more difficult than necessary... :-\

Of course there's always been the occasional "spent a good buck on" and similar others... But I've done this search a handful of times; so now it comes to me as quite a surprise that currently, the first result on google is coming up with 3 straight posts from "Buck" on April 24, 2013 12:26 PM:

https://www.schneier.com/blog/archives/2013/04/more_plant_secu.html#c1316760
I'd yet to see those particular posts, but I am familiar with the some of the "Nosey Parker" 'spam' that followed (see, for example, this one from May 30, 2013 4:19 PM):
https://www.schneier.com/blog/archives/2013/05/nassim_nicholas.html#c1450543
Whereas, personally, my first comment here was not posted until May 9, 2013 11:49 PM
https://www.schneier.com/blog/archives/2013/05/is_the_us_gover.html#c1362467

Now I'm not trying to expose some secret conspiracy here... It's an open board, I get it- and I've seen at least one other "Buck" since I've been here (it is a pretty common word)... May 10, 2013 6:32 PM:

https://www.schneier.com/blog/archives/2013/05/the_onion_on_br.html#c1365291

Just wondering why such a useful feature has been silently disabled.!?

Also wondering... I know at least at one point since I've been here, someone was talking about having a stored database of comments from schneier.com... Not a bad idea, but will I be charged as a suspected terrorist if I collect and store the wrong spam comments?

BuckFebruary 10, 2014 11:31 PM

@Skeptical

No, evidence of a crime doesn't become inaccessible by being held by journalists.
While that may have been true from May 31, 1978 through October 13, 1980... unless the Patriot Act (or some secret law) has nullified the Privacy Protection Act without my knowledge, or the NSA document dumps contain elements possibly considered child pornography (not really all that unlikely unfortunately)-: this statement is categorically false.
http://epic.org/privacy/ppa

Clive RobinsonFebruary 10, 2014 11:45 PM

OFF Topic :

This might raise a smile...

Why turn of NSA funding when you can turn off their lights?

It would appear there is a flurry of emergancy legislation going into state legislatures to stop utilities being supplied to the NSA.

State's are in effect telling utility and other service providers "It's them or us" in that the legislation will prevent the state or any of it's subcontracters using entities that also supply the NSA "for ever"...

http://www.usnews.com/news/articles/2014/02/10/lights-out-for-nsa-maryland-lawmakers-push-to-cut-water-electricity-to-spy-agency-headquarters

I'm not sure of the legality of all the legislation because in theory it could be seen as not just "anti-competitive" but also as "seeking to establish a cartel or monopoly".

It also raises the question of "anti-federal discrimination", like it or loath it the NSA is a federal organisation, if there is legislation to discriminate against one federal entity what about the legislation also being used against other federal entities or if not this legislation using it as a precident for introducing legislation against other federal entities...

In essence this is a form of "water rights war" which has a history almost as old as man. The modern equivalent is "energy rights wars" of which the US prosecution of war against Iraq was an example and likewise the manovering and rhetoric against North Korea and Iran. Russia under Putin is busy keeping it's buffer zone countries under it's sphear of influance by turning the gas supply on or off in winter to these countries. China is likewise prosecuting a resource war against the West to get control of certain technologies into mainland China. Israel seeks to control access to the "occupied territories" and other land in order to force those there to leave etc so "land resources" can be colonised as part of "the greater Israel state".

History shows that "access to resources" be it land, water, energy, raw resources, trade routes etc is an effective method of establishing fuedal control and in effect enslaving people., giving rise to significant conflict. Thus wars can be almost exclusivly explained by conflicts over the control of resources.

It will be interesting to see what sort of "civil conflict" will arise over this legislation, will it just be political or will it become economic or worse? How far will each side push or be pushed by vested and other interests...

Clive RobinsonFebruary 11, 2014 12:25 AM

With regards the latest revelations about the use of NSA SigInt for targeting drone attacks, there have been discussions in the past on this blog about how SigInt is very far from perfect as the NSA tries to convince people.

Infact modern technology with a little fore thought can be used to create a totaly seperate personal "Signals Ghost" or even a "Faux Signals Identity" with an entirely seperate existance to any physical body.

Whilst the NSA are busy slurping up the bottom (radio) end of the EM spectrum as the IRA ably demonstrated last century you can quite easily use the middle (near IR and Visable light) of the EM spectrum very cheaply to be geographicaly seperated from a danger point. As was the case back then the middle part of the EM spectrum can easily be made quite covert and difficult to detect off axis. Thus tracing what is in effect "out of band" signaling paths/webs makes their SigInt reliability claims moot.

This is already happening and as President obama has made it clear he issues the "death warrents" he must also take responsability for the "murders" commited when the SigInt is wrong.

As the doctorin of "imperitive preventative first strike" is not realy accepted within the general theory of permisable lawful warfare President Obama and the executive are guilty of at a minimum"war crimes" and likewise charges of "genocide".

BuckFebruary 11, 2014 12:26 AM

@name.withheld et al.

I feel I should mention the most central difference between conventional & current MAD tactics is the low cost of entry...

While in the past, budgets of extreme consequence were required for deterrence, now anyone can join the game!

Including, but not limited to:
criminal cartels, defence contractors, disenfranchised geniuses, disgruntled government employees, federal mandates, foreign powers, former spies, loose associations of hackers, special congressional committees, undercover operatives, and so on...

Wesley ParishFebruary 11, 2014 2:13 AM

Oh, the joy of absolute certainty that what you've just done actually makes sense! NZ PM John Key puts his foot in his mouth again!

Note that:

"According to my sources their parents were the ones who called up and asked for them to be stopped. Instead of scaremongering and providing twisted information for political gain we urge John Key and the Government to do more to meet its international humanitarian obligations."

John Key has been rabbitting on about how the limited number of passport cancellations proves the need of intrusive surveillance; as the above quote states, the situation is that the community targeted did not themselves wish to choose sides in the conflict too openly.

BewareSnowdenFebruary 11, 2014 2:53 AM

@Benni: "Postfach 20 06 55"

Why would Genscher use a Mailbox as a proxy for snail mail ?

Perhaps Genscher (and Benni) are working for CIA/... and were interested in Chodorkowski for its knowledge about Putin ...

Clive RobinsonFebruary 11, 2014 4:01 AM

@ BewreSnowden,

Perhaps the reason is "prominent politician".

Most people who are famous in one way or another, rent property or are wealthy know that they are liable to be stalked, attacked, abducted or killed by crazies, criminals or political cranks. So they quite sensibly don't publish either their home or office addressess and instead use either accomidation addressess or post office boxes.

Whilst they can be used for fronts for criminal and similar activities they do have quite a few legitimate uses.

MikeFebruary 11, 2014 4:56 AM

@Skeptical

As far as whistle blowing goes I think the message Snowden is sending most strongly at the moment – inadvertently or otherwise – seems to be "get out of the US before blowing your whistle and you may stand a chance of staying out of prison, but will have to adjust to a colder climate and unfamiliar cuisine."

On the one hand we have the state arguing he should send them everything he has in order to minimise the harm to the national interest, and that his failure to do so is irresponsible and self-serving – the implication being that he is withholding in the vain hope of being able to bargain for a better future (perhaps an eventual return to home cooking).

On the other hand his ideological motivation for withholding may simply be that he believes that sending them everything he has before release may diminish the impact of his revelations and thus diminish any good that he thinks may come from it. He could continue to think of himself as acting responsibly if he believes the good/legislative-change that may result from the shock-and-awe impact of his revelations could outweigh the potential harm stemming from exposing the information to leakage risk and not fully disclosing to the state prior to release.

I've been thinking about this, and I think the credibility of the second (ideological) option depends to quite a large extent on the details of what he has – which neither of us knows (presumably).

SkepticalFebruary 11, 2014 12:11 PM

@Buck: Good reference. But the Privacy Protection Act still allows documents a journalist has received from someone else to be compelled; the government simply must use a subpoena before using a warrant (unless certain circumstances apply). The journalist's work product is a little more protected, but that wouldn't apply to the actual documents transferred by Snowden.

@Mike: well, I see what you're saying, but not sure I completely agree about the lesson. There has been lots of talk about striking a plea bargain with Snowden in exchange for his cooperation. The letter to Brazil, along with leaks about US intelligence collection against targets in Brazil, seems motivated by non-ideological reasons, as does the show-and-tell with the South China Morning Post before he was allowed to depart for Moscow.

You're right that neither of us (as far as I know) knows what he has, but it seems a fair bet that he's taken much more than is intended for publication or that includes whistleblowing material. Even if the rationale about not blunting the impact of reporting were correct (and I have doubts about this, as I've yet to hear of a story being blunted in impact by the government having advance knowledge of it, unless we count the scrambling that the US did to secure certain affected persons before the Wikileaks cables dump), there's nothing blunted by persuasively telling the US that certain directories having little to do with the NSA were not removed from the site.

Also... this is a really heavy cost to impose on the US just for the sake of a possibly bigger splash on publication. We could be talking about cancelled operations, modified operations that include less reliance on possibly compromised assets or plans and that as modified are less timely or more dangerous, etc. Regardless of what one thinks about the threat of terrorism, there is no doubt that there are lots of military men and women from the US and other countries deployed to some distinctly non-tourist hotspots. Given the importance of OPSEC to the activities they'd be engaged in, I'm concerned about the probability that their work is going to get much more dangerous if they can't rely on certain things.

And we haven't even begun to talk about the price that the possibility of compromise would have on human intelligence operations in hostile or non-permissive environments.

All that for a little bigger splash?

name.withheld.for.obvious.reasonsFebruary 11, 2014 12:33 PM

@ Buck
special congressional committees
Almost spilled coffee on my lap...warn me next time a joke of that caliber is coming, could save me from self inflicted injury. :)

I agree, that was the reasoning that there is a weapon of MAD in everyone's pocket/purse.

name.withheld.for.obvious.reasonsFebruary 11, 2014 12:42 PM

@ et al

Yes, my reference to 1938 is to Germany, the year the fascistic mechanisms of Nazi germany became fully operational. The key was in the ignition and was turned, there was no stopping it at that point. It would require that it be destroyed.

BenniFebruary 11, 2014 3:21 PM

@Beware_Snowden:
It is normal for german politicians to have a mailbox.Usually, they never open mail in person, but all this is first opened by security. That way, nobody can send them a bomb. Then, the mail is usually looked at by secretary staff. Thar way, the politician gets only the mail that interests him personally. The rest is usually given to waste.

Regarding the new relevations on drone attacks:
Süddeutsche.de has revealed before, that the drones start from Dschibuti but the pilots sit, because of shorter transmission time, in the US Base Ramstein, and the targets are nominated at the US Africa corps AFRICOM which has its headquaters in stuttgart:

http://www.sueddeutsche.de/politik/angriffe-in-afrika-drohnentod-aus-deutschland-1.1829921

the quys are publicly offering jobs for target nominations, and drone pilots from stuttgart openly list this in their linkedin page, e.g http://de.linkedin.com/pub/danielle-moore/52/b97/5a3 and talk to the tv on this: http://www.youtube.com/watch?v=_4Ueq9ZKB3I the general public prosecutor already has a begun a monitoring process of this, http://www.sueddeutsche.de/politik/moeglicher-verstoss-gegen-voelkerrecht-in-deutschland-generalbundesanwalt-prueft-us-drohnenangriffe-1.1807072 to clarify wether garmeny has helped in murder with this drone piloting from Stuttgart and Rammstein. Eliminating terrorists would not count as murder, since germany is at war in somalia to, with frigates cruising in the sea. The problem is the collateral damage. The german government claims that before the relevations of süddeutsche Zeitung, it did not know what the americans were doing. But now this is known and juristically the german government has an obligation to stop this. So when collateral damage happens, germany could be accused of helping in a murder by the relatives of the victims. The americans themselfes are safe because of diplomatic immunity for troops.

For example, Kareem Khan has lost his brother and his son in a drone attack. And now he planned to visit europe:

http://www.spiegel.de/politik/ausland/pakistan-anti-drohnen-aktivist-kareem-khan-vor-reise-nach-berlin-entfuehrt-a-952757.html

He wanted to meet with Christian Ströbele, members of the german government, and then he wanted to visit the international court in Den Haag.

Well, that meetings now have to be cancelled, as Khan got visited himself by 20 men recently, and was kidnapped in front of his wife. He was never seen again.


BenniFebruary 11, 2014 3:29 PM

Der Spiegel strikes again:
This is its newest revelation:

http://www.spiegel.de/netzwelt/netzpolitik/kolumne-von-sascha-lobo-die-kriminellen-vom-geheimdienst-a-952675.html

No, the NSA does not only industrial espionage.

According to the Spiegel, they are doing industrial war, by discrediting employees, even sex traps, sms-bombardment, phone calls, and defamation. It uses social networks and blogs, as well as youtube, to spread discrediting information about emoloyees. In the presentations, the spiegel finds words as ""Very annoying!!" Can take 'paranoia' to a whole new level"". DER Spiegel writes that a few slides further it is revealed how they ruin companies that way.

skeptcalifragilisticexpialidociousFebruary 11, 2014 6:33 PM

Nice try at condescension there, skeptical. You might have pulled it off, too, except for the increasingly strident tone of your black-is-white insistence on the basic boilerplate US propaganda line.

No court system in the world... priceless. Here we have sceptical drolly struggling to pretend to know nothing of Baltasar Garzón and the secret US government obstruction-of-justice shitfit he triggered - as immortalized by Chelsea Manning and Wikileaks. And here's sceptical gamely acting wholly ignorant of what happened when Luis Moreno Ocampo mischievously proposed to review US documents disclosed by Manning (in lawful defense of CCPR Article 19 and the human right to denunciation of aggression) for evidence of criminality (in fairness, sceptical likely lacks the clearance and need to know to learn what happened - but he certainly ought to know how Moreno Ocampo wound up on the US fecal roster). Skeptical even pretends to be ignorant of of the hair-raising flight of fugitive Robert Lady and his torture gang. Don't tell me you missed the comedy gold of Lady getting locked up in Panama!

In fact, international criminal law scares US officials shitless. And well it should. Bolton knew what he was about when he tried to sink the Rome Statute with 600-odd amendments, and unsigned it so the US could sabotage the treaty's object and purpose. But international criminal law is increasingly hard for US government criminals to escape. Every one of them will have to look over his shoulder for the rest of his life. The criminal state can always cut a deal and sacrifice a few bad apples in a pinch, Nicht war?

So come clean: do you actually have any clearances or compartments? Sounds like you don't. The know-it-all act goes down in flames when you ignore what happens in the world.

GoogleTranslateFebruary 12, 2014 3:19 AM

@Benni: "According to the Spiegel, they are doing industrial war, by discrediting employees, even sex traps, sms-bombardment, phone calls, and defamation."

Here is a translation of that article http://www.spiegel.de/netzwelt/netzpolitik/kolumne-von-sascha-lobo-die-kriminellen-vom-geheimdienst-a-952675.html ; Question marks are around misunderstandings from me, the other misunderstandings are from Google Translate. I found nothing in english on Internet about that.

Internet protest against surveillance: The criminals from secret ?agencies?
A column by [1]Sascha Lobo

Protests against surveillance in Washington (2013): Anti Democratic megalomania

Today will be an internet demonstration against the secret service surveillance sweep through the Internet.
It is urgently needed, as the recent revelations show that the services did more than listening.
They undermine democracy and the law.

Today February, 11 is the [249]day against the total surveillance of the Internet are: Starting from the mains civil rights movement EFF platforms and organizations such as reddit, tumblr, Greenpeace, Amnesty International and Mozilla have [3]called for a digital storm of protest .
Other than a few blogs there are quite no German participants; it is pity, because the NSA in Germany neither tax ?evasion? nor forged automatic rankings.
Although almost nothing can be ruled out.

Because more and more clearly stands out not only the outline of a surveillance state machinery.
But also the radical of a tyrannical regime.
In the fall it was announced that secret [4]pornographic preferences of individuals was collected, about who they considered extremist.
To be able to put these under pressure.
People collected blackmail material and believed they defended freedom on behalf of a democratic government.
And that was just a foreshadowing of the actual ?repulsive news?.

In particular, the British official [5]GCHQ has developed an anti-democratic Anything-goes-megalomania, which probably feeds on the inferiority complex of an ex-imperial power.
And with [6]sponsor of nine-digit sums of the NSA.
Papers were published back in January 2013, showing that the intelligence [258]used denial-of-service attacks against the anarcho activists of Anonymous.
This method, DoS of servers, has been banned by law in 2006 in the UK - and topped with imprisonment up to ten years in prison.
The mere download of the DoS software can be punished with two years in prison.

Beginning in February 2013 MSNBC [8]published papers on a British task force called Joint Threat Research and Intelligence Group (JTRIG), which acts against other countries, arms dealer, terrorist groups, hackers, and other suspects and not afraid to spy on journalists, diplomats and ordinary citizens or implicate.
They are documents of state-organized villainy to an extent that one would have expected from ?most? dictators in fancy uniforms.

"Denial, disrupt, degrade, outwitting"

The instrumentation over opponents included methods such as ?sex? blackmail.
And the strategy "Deny / Disrupt / Degrade / Deceive" (4D) was ?also? used on a sophisticated network of terrorism.
A possible translation on internet is: denial of service, interruption, weakening, deception.
But it may also be translated as "denial, disrupt, degrade, Outwit," because the agencies explicitly meant methods of psychological terror: sending phone calls of SMS every ten second; emailing with fake compromising content and slander to friends, co-workers and supervisors.
The will also be redistributed on social networks such as YouTube, Twitter, Facebook, Flickr.
Blog articles that seemed to be posted by alleged victims were put on the web to discredit them.

With the nasty ?pride? of lousy villain is about the possibility deletion of online presence of other people seriously in the notes ?of? the PowerPoint presentation ?titled? "Very annoying!"
With two exclamation points.
So here is harm would an agent lecturer about the effect his illegal power and enthusiastic about the same continued: "Can take 'paranoia' to a whole new level", translated: "This can raise the 'paranoia' to a whole new level."
You can feel how the author downright a Zwinkersmiley had to refrain from behind.

It is explained a few pages later succinctly how companies were ruined in this way.
This is no longer "just" economic espionage, this is economic war as James Bond would do it.
We must remember that it is at best suspect to the victims of this perfidious methods - if at all.
There were no judicial decisions or anything that looks like.
Citizens and businesses are terrorized without trial.
It is even worse that just that.

?About? breaking the law, ?they? are completely uninhibited

More, it is explicitly specified to ?rely? on third-party computers viruses and fake content.
According to the Powerpoint presentation, it is done to hide the originating state.
But if the possibility of "Ferneinpflanzens" content exists and there appear to be no compunction to destroy private individuals with the most revolting means - what should prevent these people from getting in this way to remove unpopular people out of the way?

?About? breaking the law, ?they? are completely uninhibited.
The simple, terrible truth is: the British state mandates and pays criminals.
The ?professional? look of that PowerPoint presentation does not conceal that an army has formed, under state mission, to discredit and destroy mentally the opponents at their own discretion.
A secret police outside the law.
This is still and always disturbing from British authorities to ignore virtually every democratic achievement, while [9]David Cameron identified with a worried mine elsewhere issues ?about? the observance of human rights.
Taking bigotry to a whole new level, this farce is so great that a pack of young continents could play hide and seek in it.

Considering the law as only valid for some is the core of the problem, both in GCHQ as well as in the American intelligence agencies.
With a possible involvement of German services much to be clarified.
Today February, 11 is a day of protest against internet surveillance.
But actually it is a day of protest against the denial, disruption, degradation, outwitting of democracy and the law.
The start of total surveillance.

Criminals are criminals.
Even if they are acting in order of the State.
Just ?like? now.

References

1. http://saschalobo.com/
2. https://thedaywefightback.org/
3. http://www.spiegel.de/netzwelt/netzpolitik/aktionstag-gegen-ueberwachung-im-internet-the-day-we-fight-back-a-952614.html
4. http://www.bbc.co.uk/news/technology-25118156
5. http://www.spiegel.de/thema/gchq/
6. http://www.theguardian.com/uk-news/2013/aug/01/nsa-paid-gchq-spying-edward-snowden
7. http://www.wired.com/opinion/2014/02/comes-around-goes-around-latest-snowden-revelation-isnt-just-dangerous-anonymous-us/
8. http://www.nbcnews.com/news/investigations/snowden-docs-british-spies-used-sex-dirty-tricks-n23091
9. http://www.spiegel.de/thema/david_cameron/

MikeFebruary 12, 2014 5:45 AM

@Skeptical:

You say:

All that for a little bigger splash?

Yes – probably.

What is Snowden's 'ideological' position then? I'm not sure, but he's said he wants to start a public debate – a debate he thinks otherwise won't happen.

He was presumably aghast at what he saw being done behind closed doors and (probably wrongly assuming that most other people share his moral/intellectual framework) he thought that were the proles to be informed of these hidden dark shenanigans being perpetrated against-them/in-their-name then they would surely be horrified and immediately demand legislative change (or at the very least should be given the opportunity to do so).

If you want to 'start a debate' – if you want to stir the proles into outraged action – then you presumably need every little bit of extra splash you can get – you're going to want to have as much control over the news agenda as possible – and that means not giving anyone else a chance to lay the ground ahead of time.

I suspect that for him the question of the strict-letter-of-the-law-legality or otherwise of what is being done was not much of an issue. Why wouldn't he believe that in a democracy the laws can be changed if the people think that the behaviour the laws are enabling/failing-to-punish is unjust or unreasonable? I guess he thought, like many whistle blowers before him, that such change surely cannot ever happen if the people are not aware of what is actually being done.

Imagine how disappointed he must be feeling.

SkepticalFebruary 12, 2014 8:39 AM

@Mike: But according to Snowden, he's started the public debate he intended. So why continue to withhold information that would enable minimization of harm, unless for prudential reasons?

Nor do I see how the government having advance notice will reduce the impact of news stories. The government had years worth of notice when The New York Times reported on the warrantless wiretapping program, and the impact of such reporting certainly did not seem reduced. Nor was the impact of the reporting on Snowden's own leaks reduced when the papers reporting spoke to the government, in advance of publication, for comment on the articles being written and for advice as to what should be withheld from publication.

@skepcalifrag: I don't think you're looking closely enough to see whether the references you're tossing out actually support your positions. For example, the prosecution of Lady was undertaken under Italian law for violating Italian laws (he was sentenced for kidnapping). This has zero to do with your prior legal assertions. Your other examples are fraught with similar difficulties (Garzon took his actions using a Spanish law that has since been limited by the Spanish legislature; I've no idea what you're talking about re Ocampo).

In screenplays, the authors will sometimes write something like "[insert tech-speak here]" when they want the character to rattle off something that sounds technical. It doesn't really matter what it is, or even if it makes sense, as long as it sounds technical.

You're doing something similar here, except instead of tech-speak it's legal-speak. There are legal references and legal terms being written, but they don't add up to a coherent argument in support of the assertions.

In any event, as soon as your eagerly foretold doom of the NSA under international law comes to pass, you'll have a really great "I was right!" moment. Perhaps we should hold our discussion in abeyance until that moment, since it doesn't seem to be going anywhere constructive.

skeptipitulationFebruary 12, 2014 9:44 AM

Ahh. At least now we have some semblance of argument, instead of louder and louder slogans. But wrong again. You're displaying a fundamental confusion about the relationship between domestic and international law. Of course universal-jurisdiction prosecutions can occur under national law, as national law must comply with customary and conventional international law, and national courts have domestic jurisdiction unless they are unable or unwilling to act (as in the US). Then international venues or other states may step up. (Ask Bush why he skedaddled home from Switzerland that time. Was it Swiss law he was fleeing, or the CAT? Who cares?)

Just because you don't understand it, that doesn't make it bafflegab. Parochial statist indoctrination is not my problem. The wider trains its junior functionaries in current world-standard law. Look into it, it broadens your horizons.

SkepticalFebruary 12, 2014 11:19 AM


@skepisomething:

You've missed the point of my reply. This was your initial contention:

Their best-kept secret is CCPR Article 17, supreme law of the land equivalent to federal statute, with which domestic law at all levels must be brought into compliance; and UDHR Article 12, federal and state common law and customary international law of all nations; Articles V, IX, and X of the American Declaration of the Rights and Duties of Man, binding in the jurisprudence of the Inter-American Court of Human Rights and in the Inter-American Commission on Human Rights; and the American Convention on Human Rights Article 11, binding as conventional international law for states parties in the OAS. The right to privacy.

Contrary to the Juche of the NSA's Songun Pioneers, surveillance, "whether electronic or otherwise, interceptions of telephonic, telegraphic and other forms of communication, wire-tapping and recording of conversations" are to be prohibited, according to the Human Rights Committee, which has interpretive authority over US jurisprudence under ICJ Statute Article 38. National-security antiterror nonsense doesn't justify US government panty-sniffing, either: surveillance in war suspends the rights and actions of the nationals of the hostile party, a war crime in itself under Rome Statute Article 8.2.b.xiv and equivalent universal-jurisdiction law.

Because of this, you claimed, "legally, the NSA is done."

After I noted that this is absurd, and that no court would recognize the argument as valid, you cited in response the prosecution of several persons in connection with an extraordinary rendition (or, as the Italian prosecutor termed it, kidnapping), Garzon, and Ocampo.

Now what do any of those three things have to do with whether a court would recognize your argument as valid? Obviously the Italian prosecution has nothing to do with international law (the crimes were committed on Italian soil and were prosecuted under Italian law), the Spanish law that enabled Garzon to conduct his actions has since been limited (and so is irrelevant here), and I really don't know why you mentioned Ocampo.

Let me make this even clearer. Your argument is that nations around the world have by agreement (conventional international law, outside certain crimes like genocide and torture, which are proscribed regardless) and by practice (customary international law) decided that signals intelligence collection is a war crime.

You can see why that's ridiculous, right?

I'll bow out now. Please have the last word.

MikeFebruary 12, 2014 11:20 AM

@Skeptical:

You say: But according to Snowden, he's started the public debate he intended.

Yes, he has indeed – though I don't think it is as wide, or going as well, as he'd hoped.

You then say: So why continue to withhold information that would enable minimization of harm [...]?

As I've said, I guess it depends on what that information is, and to what extent it could contribute to the furthering of his public-debate inspiring cause.

You are the one who is suggesting that his primary motivation is, as you put it, prudential – but in light of this you also find his actions to be self-defeating; you conclude that he is being stupid/unwise and/or is receiving bad advice. You may be correct – and the longer this goes on perhaps the more likely this is to be the case. I am simply trying to find an alternative explanation for this apparent contradiction based on the idea that his ideology may be a stronger driver than prudence.

You also say: Nor do I see how the government having advance notice will reduce the impact of news stories.

I think we're just going to have to agree to disagree on that one. For sure, there are probably examples where you are correct, but all other things being equal it is surely going to be of advantage to be the first mover in these sorts of situations. I am also drawn to idle speculation about all the stories we may have never heard about because the leaker responsibly forewarned the leak-ees of the impending leak – though obviously such things are going to be difficult to quantify and use as examples!

SkepticalFebruary 12, 2014 11:48 AM

@Mike: You are the one who is suggesting that his primary motivation is, as you put it, prudential – but in light of this you also find his actions to be self-defeating; you conclude that he is being stupid/unwise and/or is receiving bad advice. You may be correct – and the longer this goes on perhaps the more likely this is to be the case. I am simply trying to find an alternative explanation for this apparent contradiction based on the idea that his ideology may be a stronger driver than prudence.

That's fair, although (small point) my argument isn't that he's being stupid even if withholding information is prudentially motivated. I can see how a reasonable person might believe such a withholding is advantageous. From a prudential vantage, I just think the considerations are too narrow; it's like a chess strategy that is well thought through, except that it forgot to take into account that rook on the 7th rank which for various reasons may have been obscured to the strategist.

But I agree that there's an ideological explanation as well. Perhaps we'll learn more in the future.

You also say: Nor do I see how the government having advance notice will reduce the impact of news stories.
I think we're just going to have to agree to disagree on that one. For sure, there are probably examples where you are correct, but all other things being equal it is surely going to be of advantage to be the first mover in these sorts of situations. I am also drawn to idle speculation about all the stories we may have never heard about because the leaker responsibly forewarned the leak-ees of the impending leak – though obviously such things are going to be difficult to quantify and use as examples!

Sure, this is something reasonable people can disagree about.

I can think of examples where a news organization went to the government, asked for the comment, and the government argued that the news organization should withhold the story.

Sometimes the news organization agrees, and does so (The New York Times on SWIFT monitoring). Sometimes the news organization disagrees and doesn't do so (The New York Times on the location of a base used to launch UAVs).

But, for the US, I can't think of any examples in the last several decades where the government forced a news organization not to publish or managed to somehow reduce the impact of the story by having advance knowledge.

You're right that if the government somehow managed to completely suppress a story, and also managed to keep the suppression itself completely secret afterwards, we'd just never hear about it. But you'd think we'd also have heard about failed attempts if that were the case, and I can't think of any (which may not mean much, since it's just an application of the availability heuristic).

skepgoatFebruary 12, 2014 11:54 AM

Don't be obtuse under pretense of clarifying things, that's dishonest. You know (or ought to know) perfectly well that surveillance per se is not an internationally wrongful act but a serious international delict of concern to the international community. NSA officials' conduct in targeting humans for murder, torture and disappearance, now THAT's a war crime, or crime against humanity, or both.

And yes, by all means, basta, think it over at your leisure without the pressure of moot-court oneupmanship. Here's the friendliest advice you'll ever get:

This is not rocket science. It's the supreme law of the land. (Ask any 3rd-tier-toilet law prof.) If the supreme law of the land is some kind of baffling zen koan to you, you'll go far in all sorts of government drone jobs. The government loves slack-jawed grunts who do what they're told. Your superiors will shower you with attaboys right up until you become the next Charlie Graner. Or Aleksander Radler.

MikeFebruary 12, 2014 12:08 PM

@Skeptical: Agreed - un-known un-knowns and all that. I don't think I'm inclined to paranoia/conspiracy-theory (as far as I know...) but then again I am from England, home of the super-injunction!

BuckFebruary 13, 2014 1:41 AM

@Milo M.
Brought up quite an off-topic, yet very interesting development over at:

https://www.schneier.com/blog/archives/2014/02/drm_and_the_law.html#c4423899

The topic is the White House's new 'Cybersecurity Framework'... Direct link here:
http://www.nist.gov/cyberframework/

Care to comment? I find Sec. 9. Identification of Critical Infrastructure at Greatest Risk. (a) to be quite interesting with respect to our current conversations...
The Secretary shall not identify any commercial information technology products or consumer information technology services under this section.

Clive RobinsonFebruary 14, 2014 2:13 AM

OFF Topic :

D J Bernstein has a crypto blog,

http://blog.cr.yp.to/

On which there are two articles well worth a read,

The first on the problem of "entropy" and supposadly random sources of it,

http://blog.cr.yp.to/20140205-entropy.html

The second is about a potential attack on latice based systems that are being talked about as the replacment for the current PubKey systems when QC gets up and going,

http://blog.cr.yp.to/20140213-ideal.html

Speaking of Quantum effects the following might be of interest,

http://www.lightbluetouchpaper.org/2014/01/20/why-bouncing-droplets-are-a-pretty-good-model-of-quantum-mechanics/

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..