Interview with an NSA Hacker
Peter Maas interviewed the former NSA official who wrote the infamous “I Hunt Sysadmins” memo.
It’s interesting, but I wanted to hear less of Peter Maas—I already know his views—and more from the NSA hacker.
Comments
Bruce Schneier • June 29, 2016 11:29 AM
“The Lamb, obviously, is a very skilled hacker, but I do not understand his ethics behind the act.”
I also wish the conversation veered more in that direction. Or if it did — Maas says that it was a very long conversation — that we learned more of it.
I think the ethics are very complicated and interesting. Organizations like the NSA play an important role in national security, and are necessary both offensively and defensively. We need to figure out how to make that work.
keiner • June 29, 2016 11:42 AM
…if you see things simple then “ethics” are not that complicated. Ask people “just doing their jobs”, all doing “jobs” 99.999% of the intelligent people should never do for money, as this NSA thing of breaking into everything, including Brazilian oil companies,foreign allies governments and alike.
In the end, money makes the world go around, not ethics. These people don’t know how to spell this word. Or what that really means…
@Adam Kaplan,
I’m probably going to get ruined for this, but he doesn’t sound very skilled to me.
He specifically states having to ask other Tao and noc how they would do his job, or how to do it better.
We all ask questions, but a ‘skilled’ hacker would bring more than just a warm body to the table.
By hiring run of the mill nerds like myself who may not be able to stand on their own all they are doing is expanding their manpower[n++];
It’s really no different than hiring accountants, the stuff gets done quicker but he’s not the person roasting the books. He’s just the one accumulating and tabulating data with tools others have provided.
@Adam Kaplan,
Further more, I think that the drawing is evidence of something he had to learn – which is why he created it: to simplify things for others there with him. The fact that he was able to be interviewed may also be viewed as illustrating what I am trying to say here.
I do wish there was more information available, but obviously this is a “nothing to see here.” moment imb.
albert • June 29, 2016 12:41 PM
The thing about Lamb and others of his ilk, is this: They live in a fairyland where they’re the ‘good guys’. Though they have no control over abuses by their employer, and they’re not likely to blow the whistle like Snowden did. Is that ethical?
There are no ‘good guys’ in spycraft. Fight terrorism? Gimme a break. The real point of all this is to maintain (US) or achieve (Russia/China) world domination. In this fight there are no rules.
‘Moral cannibals wanted, apply here.’
The only ethics Lamb controls are his own. Any arguments defending his employment by an unethical institution are specious.
Why not admit it? There are no good guys, just different classes of criminals.
. .. . .. — ….
Richard Crook • June 29, 2016 12:45 PM
How can one write so much and say so little?
Who? • June 29, 2016 1:29 PM
This hacker is neither ethical nor moral. Period.
Richard • June 29, 2016 1:34 PM
@ Bruce
Sadly, I think that all too often, hacking is about the technological equivalent of “counting coup” on an adversary, with NO consideration given to the ethics or consequences for others.
Even more sadly, this stupidity seems to extend all the way to the top levels of our intelligence services – who instead of helping to encourage simple common sense measures which would lead to much more intrinsically secure hardware – think it’s just nifty as hell that they can weaponize cyberspace.
I am referring of course to common sense measures such as hardware jumpers which would prevent unauthorized BIOS updates, harddrive firmware updates, and to physically disable out-of-band management technologies – all of which are currently being used to compromise system security.
Remember the tag line from the movie “War Games” where, after analyzing ALL the possible thermonuclear war scenarios, the computer reaches the conclusion –
“Strange game – the only winning move is NOT TO PLAY”?
Guess what, it would seem that this is ALSO TRUE for ‘Cyber-War’, so for my own part, I have decided to become a charter member of the anti-cyberwar movement.
Wouldn’t if be nice if they had a cyber-war and nobody came?
Seriously, Bruce, for your part, I think it would be tremendously helpful if you would consider doing just a bit more to lend your voice as a cyber-security expert to encourage closing down the physical vulnerabilities that let these idiots wage their silly cyber-war games by promoting just the kind of simple bulletproof hardware measured I mentioned above.
For example, no commercial approval for a computer mother boards, hard drives, routers, etc. UNLESS, as a minimum, they provide a switch or jumper to physically disable BIOS and other onboard firmware updates.
Of course the contrary argument would be that this would degrade security by preventing timely updates when a vulnerability is discovered – but I don’t find this a particularly persuasive argument for embedded firmware, which does not seem to benefit from frequent ‘security updates’, and instead has become the single greatest attack vector – plus, if this is the argument, anyone convinced otherwise, could just leave their jumper or switch in the ‘updates enabled’ position.
And there is a third security option that could be provided for complex BIOS or Router firmware , which would be to provided the user with a third option to allow a “Block Service” emergency shutdown feature instead of mandatory update. This would let the device respond to a properly signed vulnerability notice by shutting down service and notifying the user.
For example, this is what Firefox does in response to newly discovered serious Flash vulnerabilities that Adobe has not yet patched.
In case of a leaked signing certificate, this would trade a less severe ‘denial of service’ vulnerability for a total device compromise.
So lot’s of options – but it’s time to get serious about security, close down these silly-ass hardware vulnerabilities and stop playing their silly shit cyber-war-games – because, once again, like thermonuclear war, when it comes to cyber-war:
- THE ONLY WINNING MOVE IS NOT TO PLAY.
TS;DR • June 29, 2016 3:09 PM
“Organizations like the NSA play an important role in national security, and are necessary both offensively and defensively.”
Bruce’s unsupported assertion of necessity is precisely what is to be established case by case.
“An important role…” Tell that to Abdussattar Chhipa, Zainelabdeen Ibrahim Omer, Khalid al-Mihdhar, Nawaf al-Hazmi, Ali Mohamed, Andreas Strassmeier, Abdul Rahman Ali Alharbi, Fahad al Thumairy, Abdulazzi al-Hiijjii, and all the other sore thumbs who ran around under NSA’s nose blowing shit up.
“How to make this work.”
Piece of cake. All you have to do is comply with the goddamn frickin law.
"(a) take all necessary measures to ensure that its surveillance activities, both within and outside the United States, conform to its obligations under the Covenant, including article 17; in particular, measures should be taken to ensure that any interference with the right to privacy complies with the principles of legality, proportionality and necessity regardless of the nationality or location of individuals whose communications are under direct surveillance;
"(b) ensure that any interference with the right to privacy, family, home or correspondence be authorized by laws that (i) are publicly accessible; (ii) contain provisions that ensure that collection of, access to and use of communications data are tailored to specific legitimate aims; (iii) are sufficiently precise specifying in detail the precise circumstances in which any such interference may be permitted; the procedures for authorizing; the categories of persons who may be placed under surveillance; limits on the duration of surveillance; procedures for the use and storage of the data collected; and (iv) provide for effective safeguards against abuse;
"(c) reform the current system of oversight over surveillance activities to ensure its effectiveness, including by providing for judicial involvement in authorization or monitoring of surveillance measures, and considering to establish strong and independent oversight mandates with a view to prevent abuses;
"(d) refrain from imposing mandatory retention of data by third parties; and,
"(e) ensure that affected persons have access to effective remedies in cases of abuse."
Under a grownup system of governance NSA cannot possibly be any more worthless than they are now, and if you get them under control they would piss away less of our tax money.
Bruce has a better grasp of the particulars than almost anybody but whenever he makes these apodictic pronouncements it always conforms to NSA ethics, that is: Fuck the supreme law of the land. Surveillance of correspondence should be prohibited? Screw that shit. Protection from attacks on honor and reputation? Blow me! Diplomatic communications are inviolate? moist squelching fart noise
Nick P • June 29, 2016 3:13 PM
@ Bruce
“It’s interesting, but I wanted to hear less of Peter Maas — I already know his views — and more from the NSA hacker.”
Seriously, this guy likes to talk on and on about bullshit instead of get the information that the article is there for. I think I’ll avoid his writing in the future unless there’s a good reason not to.
“I think the ethics are very complicated and interesting. Organizations like the NSA play an important role in national security, and are necessary both offensively and defensively. We need to figure out how to make that work.”
We already know how to. I mean, I’m still interested in reading his and others people’s viewpoints. Yet, the situation is clear for anyone that has studied espionage. That is a function of creating and/or enforcing the policies of nations. They need intel from countries who don’t want to provide that intel. So, they create intelligence services or military units to get it. That this info is critical for preventing problems in negotiations, big contracts, and so on means all the major powers are part of the game at least collecting secrets. Some go further to steal I.P. to advance their national interests. The general rules are to know stuff, limit who you feed it to for some bit of fairness (or appearance of it), and no actively destroy or disrupt the other players. Just economic and political, but peaceful, competition that’s supplemented by the spies.
The people that join those groups do so for a steady income, adventure, curiosity, a sense of duty (protecting people or to government), revenge (eg 9/11), parental expectations, power trips, experience for private sector, a checklist item for public sector investment, sometimes mental illness, and/or sometimes essentially random. NSA is an organization whose foreign activities come off as pretty legit given the spy game most countries play. You or I might say certain, foreign actions go too far but you see almost nobody in foreign countries getting prosecuted when they spy for that country. Despite how far our and their media occasionally report they will go. Gives implicit, ethical consent or a justification for apathy for many. Further, domestic actions usually come out in leaks with hardly anyone trying to stop them. So, unless idealist, most that will participate in foreign ops will participate in domestic given it’s just spying and public knows it happens.
So, that’s my analysis of the situation. I don’t see hardly any morals in it at all past people’s preferences that vary considerably. The decision is more risk/reward than anything. Even there, it’s more like “will this be exciting and pay well? boring and pay well? or maybe I just go to Silicon Valley?” Not the risk/reward analysis you’d expect but what they face realistically considering government hacking jobs.
Clive Robinson • June 29, 2016 3:18 PM
@ Richard,
UNLESS, as a minimum, they provide a switch or jumper to physically disable BIOS and other onboard firmware updates.
Unfortunatly that boat sailed some time ago. Most mutable ROMs these days do not have real write enable/disable lines you could put a physical switch in.
FMCE manufacturers work in a deflationary market, in that it takes only a little over a year for the product price to be half what it was. Or a product twice the power to be the same price.
They do not want any impediments on their products that could add time to either manufacture or remanufacture times. Thus the manufacturer will not add components with what they regard as little or no marketable function (it’s inline with using Spread Spectrum techniques on the CPU clock circuit to get “under the bar” on the “EMC masks”. They can save 15-50 cents of components, which is 15-50 cents more margine to stay in business.
The only way to change this is by regulation, which frankly congress etc will not put forward let alone vote for irrespective of what the voter needs.
Comrade Major • June 29, 2016 3:27 PM
Bruce, there’s three things that matter for the majority of people:
1. Money
2. Ideology
3. Security
Money + Ideology + Security = Loyalty.
Nick P • June 29, 2016 3:27 PM
@ keiner
“as this NSA thing of breaking into everything, including Brazilian oil companies,foreign allies governments and alike.”
That’s cute. The Brazilian oil companies are corrupt and tight with the state that’s also corrupt and getting into similar, spying schemes. Terrible NSA would violate their privacy to see what they’re really up to. And foreign allies that spy on us or steal our I.P.? Our government should be ashamed. (sarcasm)
@ albert
“Why not admit it? There are no good guys, just different classes of criminals.”
Far as hackers, that’s mostly true. I remember the interview with Coldfire on Secret, Strange, and True. He pointed out that many hackers talk about how they’re fixing vulnerabilities, fighting for a cause, and all that stuff. He said that was nonsense. “At the end of the day, people are breaking into computers because it’s fun.” They like it so they keep doing it. The common denominator I see. For governments, because it’s useful to their selfish needs or wants. They all seem alike to me with rare exceptions.
@ Richard
Not true. Countries that choose not to play get their whole infrastructure owned. We see some disruptions, too, like with Belacom. The winning move for organizations focused on profit and availability is to cooperate with local authorities to a degree that’s deniable or legally unavoidable. The winning move for organizations focused on privacy is lie to the masses that they provide privacy in an easy to use and integrate product that’s cheap. The barely-surviving, but my favorite, move is to operate a service that’s actually private in one of few jurisdictions that supports that plus with government contracts (on the side) to reduce their odds off attacking it. Human nature and economics makes logical arguments like in Wargames almost moot in the real world.
Just look at the list of victors in terms of whose powerful and rich. Also, market penetration for various techs vs their security/privacy. People give a shit about a lot of stuff but not that. You better know you’re committed to principles if you aim for privacy/security instead of what they actually care about. You’ll be poor or with low impact 999 times out of 1000.
Daniel • June 29, 2016 4:18 PM
On one hand I get the perspective of the NSA and its desire to harvest the “deviant” types for its business. On the other hand I worry about the long run effect it will have on our democracy. We have already seen the effect this culture can have in the ease in which the CIA spied on the US Senate. So sooner or later the tail is going to wag the dog and then what?
I don’t see how giving “deviant” types lots of power is going to end well for a complex technological society like the USA.
No Maas • June 29, 2016 4:20 PM
You’re talking about an organization that blithely committed millions of felonies under the FISA, and targeted victims for widespread and systematic extrajudicial killing and torture constituting crimes against humanity. And you think you’re talking ethics? That’s like asking Ted Bundy whether he felt bad about tricking that one girl with the fake cast, or whether he should have raped her and tortured her to death fair and square.
Mark • June 29, 2016 4:55 PM
“Organizations like the NSA play an important role in national security, and are necessary both offensively and defensively”.
Really? I’m pretty sure on this very blog you’ve argued that they have never caught a single bad guy, except some taxi driver who gave $8000 USD to some guys in Somalia.
And it’s this sort of bullshit, naive statement that allows governments around the world to continue to abuse the law in our names. As a non-American, I couldn’t disagree with you more, Bruce.
Anyway, the article. It’s long and boring. I admit that I spent more time writing this than reading it.
I find it interesting how naive the guy in the article is. It’s as if he never aged, never left his parents’ basement, never grew up properly. I wonder if he’s intentionally naive of how his government operates — torture/killing innocent women and children/bombing hospitals/lying to the people/knowingly breaking the law/forcing their foreign policy on the world/starting wars/invading countries/oh shit I could go on and on — or if he truly doesn’t care because it doesn’t affect him or his family.
I’m currently looking for a job in infosec right now. I’ve ruled out banks (evil), companies that don’t pay their taxes (so all big multinationals), companies that don’t supply products for crimes against humans, companies that don’t have anything to do with human rights’ violations. Naturally, I’d never consider working for my government.
It’s tough.
Not only am I likely going to end up with less money in this capitalist world, but I simply have fewer jobs from which to choose.
Richard • June 29, 2016 7:19 PM
@ Clive Robinson
We have had this discussion before; while some higher level flash devices like SD and MicroSD lack physical Write Protection, there are still LOTS of parallel devices that have this feature.
Nor would a hardware jumper be particularly burdensome economically.
In fact it would probably be a lot LESS expensive – less expensive that is, after the NSA corners the market in BIOS Flash chips by offering highly discounted chips from it’s special foundry – chips which are super safe because they can never be written while the WP pin is enabled (unless of course, you happen to put a secret 2048 bit sequence on the address lines first that is 😉
Which proves your point Clive, that almost any purely technical solution (even a hardware jumper) will be totally ineffective absent a LAW banning anyone from intentionally introducing a backdoor into ANY software program OR hardware device so that they can gain unauthorized access at a later time (including government agencies).
@ Nick P
My point here Nick is not to propose that America or anyone else unilaterally abandon their own defensive or offensive cyber-warfare capability; like Bruce, I think these folks fulfill an important purpose – but leaving our citizens vulnerable in some lame-ass attempt to make your own job easier is just plain DUMB.
Hacker chumps • June 29, 2016 9:01 PM
Hear! Hear! Mark and Richard.
It would be easy to legislate for proper physical security on most easy attack vectors for the spooks – but we have lame duck governments everywhere who are democratic in name only.
Further, that ex-hacker sounds like a major dick. No insight, running around doing his best ‘HackerZ’ impersonation, no implication of how many felonies the spooks have committed in shitting all over the personal liberties of the global population, thinks Snowden is a traitor (is it traitorous to expose wholesale criminality of government agencies?), and has no clue as to how the US is the world’s #1 material supporter of terrorism world-wide (and has been for decades).
If these are the clowns being actively sought to run advanced script-kiddie functions in shadowy units, then no wonder they are fucked in their supposed function (catching bad guys). The intelligence in supposed intelligence agencies is MIA if this one-dimensional retard’s view is prevalent – which I suspect it is.
It is not surprising they then fallback to the easy hits in 99% of their work i.e. stealing IP, economic espionage, surveillance of outspoken groups that don’t conform to their authoritarian worldview etc.
Clive Robinson • June 30, 2016 1:45 AM
@ Richard,
… almost any purely technical solution (even a hardware jumper) will be totally ineffective absent a LAW banning anyone from intentionally introducing a backdoor into ANY software program OR hardware device so that they can gain unauthorized access at a later time
Which brings us back to morals and ethics and why some people lack them whilst others have them strongly.
It has been observed that children who don’t get given sweets whilst growing up have little interest in them when older, the same appears to be true of coffee as well (the Chinese don’t drink it and the US appear strung out on it). The question this raises is in effect similar to addiction, if you don’t develop a habit when you are overly susceptible to the rewards of the habit, then you don’t get hooked on the supposed rewards.
As others have noted the morals and ethics of banks, financial institutions and large companies are fairly bad. Even though there are laws, regulations, watchdogs and ultimately punishment. This does not stop their bad behaviour, some argue because the punishment is ineffective. In this respect the NSA is just as bad, but has the advantage of no punishment.
Thus the question then becomes one of “Is the punishment sufficient, and if not can it be made so?”. The answer appears to be no to both parts of the question. That is they are hooked on the rewards of bad behaviour. And like many people today will have behaviours where they take a small reward today, even knowing it will cause them to die ten or twenty years earlier.
Thus arguably the only effective punishment once a behaviour has become an addiction is to distance the person from the temptation. The logical consequence of this is either the person or temptation is exocised/terminated from society, and preferably both to stop others from getting hooked. Many would consider such a response draconian.
But at the end of the day, if we want to stop a behaviour that is endemic then it appears that, it is the only way to go. The problem is that we’ve found it does not work for various reasons.
Thus as long as there is a reward, no mater how small or fleeting then there will always be people who will take the risk as long as there is a way they can, no matter how draconian the punishment may be down the road.
Which means that “prevention” not “punishment” is the way to go. One way to do prevention is by reporting deviant behaviours. That is others report the devient behaviours to a third party who’s job it is to correct or terminate the deviant. Such reporting is what whistleblowing is all about…
I could go on but you can see where the argument is going…
Winter • June 30, 2016 2:09 AM
The abyss between the people and the intelligence community is very well illustrated by the Prometheus like status of Snowden: A hero to the people, and the vilest of criminals to the community.
Having seen the work ethics of people like Lamb has indeed influenced “consumers”.
Study: Encryption use increase largest in 11 years
Enterprise use of encryption saw the largest increase over the past year in over a decade, according to a report released today by the Ponemon Institute
http://www.csoonline.com/article/3088916/data-protection/study-encryption-use-increase-largest-in-11-years.html
Vesselin Bontchev • June 30, 2016 3:15 AM
LOL. This loser is “one of NSA’s top hackers”? Some of my students can do better, given the tech he had. No wonder a contractor sysadmin like Snowden managed to pwn them so thoroughly.
No, I still don’t believe it. More likely, the journalist believed his bragging because he (the journo) didn’t know any better. The NSA ought to have better talent than that…
tyr • June 30, 2016 3:55 AM
Morals and ethics ??
It turns out that it is impossible to legislate morality.
Legislation merely shifts the effected populations one
way or another without solving any of the problems. If
you consider the technological safeguards, you get the
same conclusion. The locks on your home doors are not
there to deter “real” criminals, they are there to keep
those who act on impulse at random in check. The phrase
is locks keep honest people honest. That is true for
every technical solution. Dedicated nation states are
not going to be deterred if they want your information.
Whether your should then remove your front door to let
anyone at random rummage through your computer for any
interesting bits is left as an exercise for the student.
We have to make it harder for “honest” entities to remain
honest. Harder for them to harvest and store and use our
private property. Note that this does not make the nation
state surveillance activities harder. It makes them do
a clearly focussed job, instead of random harvests of
teen selfies and incriminating or embarassing political
materials. Smaller data haystack, better results because
then you’re finding the real problems before they appear
on the front page as another tragedy.
If you indulge in blanket conflations of what should be
separate workable areas of solution you’re making the
solvable insoluble because of the same lack of focus in
your problem definition. The current stupidity of tossing
previously worked out legal solutions because ‘computer’
has to be remedied by getting the damnned legislators an
education so that their proposed laws make sense. The
runaway national security stae needs to be curbed by budget
cuts and demands for results that mean something. Stop
trying to fix everything as a blanket solution to every
problem. Fix the center of the bell curve and then the
fringes which will still exist are no longer intractable.
Techs fix problems by understanding what they are first
and clearing away those things that are not part of the
problem. Then you can achieve some results instead of
random pokings at the complicated mess hoping to get
lucky.
The current status of the user is one of being required
to wear no clothing because it might conceal something
and to remove your front door because there might be a
computer inside the house. So where’s the ethics in that?
Where’s the morality ?
Matt • June 30, 2016 4:35 AM
He talks about wandering around the NSA and asking people about the interesting stuff they work on. I thought these places were completely compartmentalized, certainly for people at the technician level….
Grauhut • June 30, 2016 5:28 AM
@Hacker chumps, Matt: Right, smells like a disinformation Matrix.
And this piece of lamb meat produced the worst “spy with bgp” presentation i have ever seen. 🙂
https://www.documentcloud.org/documents/2919677-Network-Shaping-101.html
Bumble Bee • June 30, 2016 6:19 AM
Lamb is Mossad.
keiner • June 30, 2016 10:23 AM
@Nick P
The US government is as corrupt (at least) as the Brazilian. No question about that.
Make an educated guess who “inspired” the Brazilian state crisis. Or Middle America. Or.. or.. (you name it).
The US try to play world courthouse, but only whenever it is considered politically opportune, i.e. when left-wing governments or the Russians come into play. Who destabilized the whole Middle East? On purpose, btw.
https://www.youtube.com/watch?v=9fPzvG7qFRI
dated 1989! Watch Mr. Rumsfield. 10 years BEFORE 911 totally determined to destabilize a whole region in the world he has no idea of how it works.
Arclight • June 30, 2016 11:28 AM
Having been around some of these folks, the ethics aren’t that complicated. Most employees either implicitly trust their employer and assume that their upper management is doing right by the American people and not breaking any laws. As long as they follow the rules they are given, the responsibility rests with the “big picture” people who know more than they do and are in a position to do the right thing.
Others just show up to collect a paycheck, don’t think about it too much, and know that they will not be fired as long as they adhere to the handbook.
Violations of the “rules as stated” are reportable and can result in consequences to agency employees, giving the impression that everything is on the up-and-up. Where it breaks down, is in the assumption that the leadership actually knows what’s going on, cares about the U.S. Constitution and has a will to do something about it if things are not kosher.
Arclight
Bumble Bee • June 30, 2016 12:23 PM
@Arclight
Meanwhile life grinds on somehow or another. I just went for a morning stroll and somehow met up with a drug dealer on the corner of Hazelton St and Glenwood Ave. He was using his fine credentials with the BATFX to make a straw purchase of a pink .385 automatic handgun for his live-in girlfriend because she needed it to extort more child support from her ex. They tried not to let me leave, but by then they were so high they couldn’t stop me. On my way back to my car, a “couple” of lipstick l—— hookers showed up out of the blue.
After I shook them off my tail I ate hardtack for lunch and I’m just waiting for my SSI check tomorrow.
Richard • June 30, 2016 1:53 PM
@Winter
“The abyss between the people and the intelligence community is very well illustrated by the Prometheus like status of Snowden …”
The ancient Greeks held the sciences and the pursuit of truth in high esteem, so Prometheus is glorified as the bringer of the light and knowledge into our world – a hero who paid a horrible price for his gift.
The church in the middle ages found the pursuit of truth through science to be a threat, so in their theology, Prometheus, the bringer of light and knowledge, is replaced by Lucifer, also ‘bringer of light’, but one who tricked us into gaining knowledge we would be happier not knowing.
So some will see Snowden as a Promethean hero who brought dark facts to light, and paid a terrible price – while others see Snowden as the Devil himself and assert the ‘ignorance is bliss’ theory that the American People would have been happier and better off in continued divine ignorance.
Personally, I come down on the side of truth, and think Snowden should be pardoned for ‘speaking truth to power’ and allowed to return to the country he so clearly loves and was willing to risk everything for.
Nick P • June 30, 2016 2:16 PM
@ Richard
“like Bruce, I think these folks fulfill an important purpose – but leaving our citizens vulnerable in some lame-ass attempt to make your own job easier is just plain DUMB.”
It’s bad but not dumb. I’ve followed their work since I read Puzzle Palace and studied high-assurance security. They involuntarily participated in Walker’s Security Initiative where they published criteria for and evaluated highly-secure systems. Some good ones came out of that. Market got killed by almost no demand, NSA competiting for ego, Congress pushing COTS acquisition requirements, and export restrictions. Mainly feature demand and time to market as that’s pretty much only thing Americans cared about. Stronger security remained a niche in defense and elsewhere (eg smartcards). NSA even, per what believable people said, was fairly careful about intercepting on Americans. They minimized that where possible to keep in line with their mission parameters.
Now we get to the real problem as I explained here. Post-9/11, enough Americans and its leaders demanded something like that never happen again. NSA would have to get the intel out of anywhere without cooperation of owner. Basically. Them hacking and subverting about everything directly follows from such a mission requirement. Hayden sort of admitted it one day himself. After each leak, Americans didn’t do shit & even elected same scumbags. Responsibility lay on apathetic Congress and people. They need to give them a reasonable mission so they can reduce collection without thinking they’ll be blamed for next 9/11. If mission stays, collection will only expand.
@ Vessekub Vibtchev
Maybe someone else has the link but we’ve discussed this before. The NSA hackers often had scripts to follow showing how to deal with situations, when to back off, and so on. They were script kiddies. Certain ones in TAO had real talent. Most of the cabailities are devised, as I guessed, in SAP’s with more talented people. Majority using tooling have little talent, though. I was mocking them on that.
The consensus of discussion was that they’re just soldiers. Remember that NSA is a military organization that’s tasked with hitting targets to gain intel for other organizations. Most of the job is pretty redundant not even needing much brains. Plus, more brains = more risk of subversion and rebellion. So, like with most military stuff, the brains and veterans compress everything into training and tactics that regular soldiers can use to do their job. Their intelligence may vary but the baseline is necessarily small. The tools and scripts do most of the work. Just like in general population of hackers.
@ keiner
You do realize that none of your comment changes my reply. You previously expressed outrage the U.S. would collect intelligence on specific parties. I showed they’re either corrupt in a way that might screw U.S. or are also collecting intelligence the same way. Hence, the U.S. is either no worse or worth calling out than them in those situations. Or are better for playing the game more effectively. Yours was just some nice, anti-American sentiment I see when these issues come up. It had been different if you called out all the corrupt parties and their games over your idealism as a few others did. That have been fair, even if unrealistic.
977779 • June 30, 2016 5:23 PM
@Winter
The abyss between the people and the intelligence community is very well illustrated by the Prometheus like status of Snowden: A hero to the people, and the vilest of criminals to the community.
I suspect my own social circles leave me furthest from having the best knowledge of this kind of pulse of the public, but I really wonder about this. Given how it has played out, I still can’t discount my theory that Snowden is just a psy-op against the public to help create a ‘new-normal’, that, while being pretty freakishly orwellian, is at least close enough to the real truth so that society can minimally function and progress. I think people closer to silicon valley can see the contrasts better. As some other comment pointed out, most of the centralized services, in addition to the government intelligence offices, are populated by a mix of true-believers, and those who are willing to behave (like true believers). And then you have a population that is wise to the level of integration of organized crime with the government. It’s all pretty depressing really. But it’s one hell of a ride, to live in interesting times.
moo • June 30, 2016 5:30 PM
@Mark:
“Organizations like the NSA play an important role in national security, and are necessary both offensively and defensively”.
Really? I’m pretty sure on this very blog you’ve argued that they have never caught a single bad guy, except some taxi driver who gave $8000 USD to some guys in Somalia.
As I recall, Bruce has consistently made a distinction between intelligence gathering that targets specific persons of interest (which he considers legitimate and necessary, and I agree) and automated mass surveillance of everybody (which is a big overreach, and dangerous to freedom/liberty in the long term AND produces absolutely giant haystacks in which you can hardly find the needles).
Surgical spying on foreign diplomats, politicians, industry, terrorists is what the NSA should be doing. Scooping up the data exchanged by hundreds of millions of Americans with the flimsy justification that a few of them might be terrorists, not so much.
Ninja Hitman Assassin Agent X-99 • June 30, 2016 9:52 PM
@Bourbon After Work
The .385s are in the glass case, right next to the double-action revolvers with safeties and the handguns that make clicking and ratcheting noises every time you point them at someone.
You’d know that if you were a REAL gun expert, and had one of those wheelguns with a “silencer” on it.
ROTFLMAO
Nick P • June 30, 2016 10:26 PM
re 385
I’m guessing a Taurus revolver (esp .38ACP) with laser attachment. Not a gun expert outside common ones. So, that’s just a guess.
Skeptic • June 30, 2016 10:45 PM
They minimized that where possible to keep in line with their mission parameters.
Another person who believes everything the read.
aName • June 30, 2016 11:08 PM
@Bruce
I deeply respect your opinion and I would love to see a reply to Mike’s comment…
‘”Organizations like the NSA play an important role in national security, and are necessary both offensively and defensively”.
Really? I’m pretty sure on this very blog you’ve argued that they have never caught a single bad guy, except some taxi driver who gave $8000 USD to some guys in Somalia.
And it’s this sort of bullshit, naive statement that allows governments around the world to continue to abuse the law in our names. As a non-American, I couldn’t disagree with you more, Bruce.’
Me, I haven’t read the previous post mentioned, but I have seen Snowden saying something very similar, that the NSA surviliance is completely useless.
Clive Robinson • July 1, 2016 5:26 AM
@ Nick P,
Not a gun expert outside common ones.
Even “experts” don’t agree, some make a differentiation between “automatics” and “revolvers” when it comes to hand guns…
Nick P • July 1, 2016 7:49 AM
@ Clive
Well, automatic normally refers to machine pistols. You still have to squeeze the trigger on most, hence semi-automatic. Single-action revolvers make you manually chamber the round and pull the trigger. Purely revolvers. Double-action revolvers chamber the round as you pull the trigger. With a different mechanism, semi-automatics chamber the next round after the trigger is pulled. Both styles often let you pull back the hammer first. I was going to say initial shot takes more pull due to chambering on revolver but initial on semi-automatic requires cocking it. One could actually say a double-action revolver is more automated than a typical, semi-automatic pistol.
That’s interesting. 🙂
65535 • July 1, 2016 7:54 AM
@ Adam Kaplan, albert, Who?, Daniel, Richard, Vesselin Bontchev, aName, and others.
I agree that the NSA “hacker” with so called “internetz skillz” projects an unethical, self-enriching, creepy picture of workers in the NSA’s staff. If this type of criminal element is indeed the core of the USA’s Intelligence community the USA is in deep trouble. The “end result justifies any means” usually ends in very undesirable results.
The actual 4,000 + word article has little hard data except some buzz words such “bandwidth shaping” and “CNE” – which are never fully explained.
We know the NSA has been playing “send the packets around the world” game to bypass privacy laws.
Exactly how is this done? Is it bribes paid to peering partners to game the BGP routers? Is it NSA ownership of DNS servers with poisoned entries? Or is it some other method?
It would appear uneconomical for ISP’s or others involved in routing of data packets to provide less than optimal routes for sheer economic reasons.
Exactly, how does the “lamb” subvert plain economics in the highly competitive data delivery sector?
The article contains a lot of words but almost no hard data. This makes me suspect of the “lamb’s skillz” and his true position in the NSA [if any]. He could be a sly yum yum with a good line of BS.
Affectuate the spalaffelators • July 1, 2016 8:00 AM
Good catch, Skeptic, “They minimized that where possible to keep in line with their mission parameters.” Lots of people are susceptible to that kind of bureaucratic bafflegab. There is no such thing as mission parameters. Some West Point mediocrity pulls a phrase like that out his ass and his apple-polishing underlings parrot it. Bureaucrats, even DoD bureaucrats, start from authorities, not mission parameters. Every document cites the authority for putting pen to paper. There was no ‘where possible.’ NSA shitcanned the law. They acted ultra vires because they were confident that they could get away with it. At home, maybe they can, because US democracy is fake. In the civilized world outside the hermit kingdom the US government will pay for what they did for a long, long time.
Gerard van Vooren • July 1, 2016 12:16 PM
@ 977779,
I suspect my own social circles leave me furthest from having the best knowledge of this kind of pulse of the public, but I really wonder about this.
You just said what your problem is. You are naive. Get yourself well informed. Start with Wikipedia for instance, or Wikileaks or The Intercept. Then you can develop yourself a well informed opinion. All the information is there.
977779 • July 1, 2016 2:06 PM
You just said what your problem is. You are naive. Get yourself well informed. Start with Wikipedia for instance, or Wikileaks or The Intercept. Then you can develop yourself a well informed opinion. All the information is there.
To misquote rummy, the difference between naivete and ignorance is sort of like the difference between unknown unknowns and known unknowns. I look forward to subsequent SOS posts educating me as to the actual polling stats.
977779 • July 1, 2016 2:15 PM
and for the record, I’ve been following theintercept since before the ihuntsysadmins thing IIRC, and have been mirroring wikileaks since collateral murder. Wow you are a jerk Gerard. I’m also pretty sure I’m in the top percentile for wikipedia articles read in a lifetime. Ok, that’s really another unknown, but top 10% seems very likely to me. When Snowden starts talking more about everyone running their own email servers at home like Hillary Clinton being a serious way forward for cybersecurity, I’ll start believing he isn’t just a government sanctioned psy-op.
Gerard van Vooren • July 1, 2016 2:54 PM
@ 977779,
Wow you are a jerk Gerard.
I don’t deny that I like to confront people.
So now you claim that you are informed. Good. At first you had me on the wrong foot because you said that you aren’t in the right circle.
Gerard van Vooren • July 1, 2016 3:10 PM
@ 977779,
When Snowden starts talking more about everyone running their own email servers at home like Hillary Clinton being a serious way forward for cybersecurity, I’ll start believing he isn’t just a government sanctioned psy-op.
Yeah, that is too hard for ordinary people to establish. From his POV it is the right thing to do but I admit that setting up your own email server, and monitoring it, is simply too hard.
On the other hand, naming Snowden a government sanctioned psy-op… just doesn’t make sense. If that was the case, why is he in Russia right now? Is that part of the operation? There is no way a conspiracy like that could live that long, not with so many researchers and journalists involved. Like the moon landings, Snowden is real.
ЮЪ • July 1, 2016 3:34 PM
@Gvv, numbers dude, Not sure what there is to argue about here. If Snowden did get help from CIA, would we be any less grateful for the heads-up that he gave us? Would we esteem him any less?
Let’s say we did think CIA was involved. A psy-op seems pointless. Despite the theatrics of Snowden’s perils-of-Pauline close shaves, their high profile makes more sense as a means to the end of turf war between CIA and NSA. NSA encroached on intelligence collections at a time when CIA was ceding the HUMINT role to focus on illegal conduct by knuckle-draggers – until that line of business hit the wall of international criminal law. What’s more, the gentleman’s agreement is off. Russian intelligence has begun to publicize its take to expose CIA criminality. CIA is in deep shit. CIA’s best move here is to take over NSA’s nice safe suburban commuter job.
So rather than a psy-op, this is more plausible as a war between crime families, Colombo v. Gambino with cheaper suits. That makes Snowden an informant with very good witness protection.
Booz Allen plays a central role as a contractor to NSA and an industrial contractor and source of NOC posts for CIA. For high-level staff of both agencies, Booz Allen is the conduit for revolving-door corruption. Snowden’s Booz Allen boss is a ‘fellow’ under Pierre Omidyar’s control just like Greenwald. None of the open-source documentation is inconsistent with Booz Allen taking sides in CIA/NSA conflict. To do more than fail to reject that hypothesis, you have to ask around.
Internecine conflict is our friend and Snowden surfs it. This is how criminal regimes collapse.
977779 • July 1, 2016 3:37 PM
@Gerard van Vooren
Yeah, that is too hard for ordinary people to establish. From his POV it is the right thing to do but I admit that setting up your own email server, and monitoring it, is simply too hard.
But it doesn’t need to be. See FCC complaint id#12-C00422224(-1). I.e. if ISPs, under the only sane interpretation of network neutrality, were forbidden from discriminating (price or otherwise) against home server operators, the landscape would change quickly. Lower barriers to entry to new competitive solutions would have exponential effects on cybersecurity development IMHO.
On the other hand, naming Snowden a government sanctioned psy-op… just doesn’t make sense.
It does to me, but I understand if it doesn’t to others. After all, I am the author of the 53 page FCC complaint id#12-C00422224(-1).
If that was the case, why is he in Russia right now?
Conjecturing conspiracy theories: it makes him conveniently out of reach from the journalists of the U.S.
Is that part of the operation? There is no way a conspiracy like that could live that long, not with so many researchers and journalists involved. Like the moon landings, Snowden is real.
I disagree. The conspiracy can involve a single conversation between Snowden and Obama and end there. It theoretically needn’t be a vaster conspiracy than that, though certainly could be. Though I agree, the larger the number of conspirators, the less likely/lengthy the undiscovered conspiracy would be. Logically/statistically.
Grauhut • July 1, 2016 4:31 PM
@65535: “Exactly how is this done? Is it bribes paid to peering partners to game the BGP routers? Is it NSA ownership of DNS servers with poisoned entries? Or is it some other method?”
Best bet: Exploitation of lawful interception capabilities. Its just not lawful if they abuse them outside US jurisdiction.
Copying ip packets and source routing them to a different location does not cost a lot of system resources, just bandwidth.
And big cixes dont have a lot of choice when it comes to routing equipment. Take Alcatel-Lucent for instance. Did the Lucent labs ever work for the US IC? Of cause. Did they stop…? 🙂
Gerard van Vooren • July 1, 2016 4:32 PM
@ 977779,
I will look at your FCC complaint.
I.e. if ISPs, under the only sane interpretation of network neutrality, were forbidden from discriminating (price or otherwise) against home server operators, the landscape would change quickly.
I am not really sure about that. In Europe we have, although not absolute, network neutrality. The problem is not at that level IMHO. The problem is that I do know, well everyone I know, has a win / mac computer/laptop/tablet and / or an android / apple phone. But I don’t know many non technical persons who have modified the hosts file, or .bashrc, .profile files nor ports settings, nor whatever else what is required. Setting up your own server requires having technical knowledge. And besides that, the POP3 and IMAP protocols require some serious redesign, that counts for a lot of OSI protocols btw.
Why do you thin that Snowden is a government sanctioned psy-op? What’s the goal? He embarrassed the political establishment. From Wikipedia: In January 2014, Snowden said his “breaking point” was “seeing the Director of National Intelligence, James Clapper, directly lie under oath to Congress.”
Grauhut • July 1, 2016 4:45 PM
@Gerard: “On the other hand, naming Snowden a government sanctioned psy-op… just doesn’t make sense. If that was the case, why is he in Russia right now?”
Ihmo its a 50/50 chance. Imagine tptb said “too much internet, we have to stop these 99%ers” and its your job to design a psyop in order to scare the people…
How would you do that?
Why not a “cybaaa weapons parade”? “We know everything!”
And why Russia? “Operation Maidan”? Did they need OPs there?
977779 • July 1, 2016 5:01 PM
@Gerard van Vooren
I will look at your FCC complaint.
Thank you. Here is my link, though note I also have a conspiracy theory that I may have been hacked, and hackers misled me into believing that this is a real complaint on file with the USG. However I have been given rather tangible evidence from my government in the last couple years that they consider me ‘sane enough’.
http://cloudsession.com/dawg/downloads/misc/kag-draft-k121024.pdf
dmc: “I.e. if ISPs, under the only sane interpretation of network neutrality, were forbidden from discriminating (price or otherwise) against home server operators, the landscape would change quickly.”
I am not really sure about that. In Europe we have, although not absolute, network neutrality. The problem is not at that level IMHO. The problem is that I do know, well everyone I know, has a win / mac computer/laptop/tablet and / or an android / apple phone. But I don’t know many non technical persons who have modified the hosts file, or .bashrc, .profile files nor ports settings, nor whatever else what is required. Setting up your own server requires having technical knowledge. And besides that, the POP3 and IMAP protocols require some serious redesign, that counts for a lot of OSI protocols btw.
This I all counter with the aforementioned exponential logic. I have a somewhat rare combination of personal knowledge of the situation and landscape. I tried to express that as relevently and efficiently as possible in the 53 page complaint.
Why do you thin that Snowden is a government sanctioned psy-op?
Please reread my comments above. I can be succinct.
What’s the goal? He embarrassed the political establishment.
Again, disclaiming this as pure conjecture: A goal I would see would be a pressure relief valve between the way the world (of and including computers and the internet) works, and the way the masses in general thought that it worked. In my self published dystopic sci-fi novel from 2009 titled “surveillance spiral”, I made oblique references to the laughable security of the BIOS level of computers in general. To better understand my worldview, spend more time considering the rather odd political news of Hillary Clinton’s home email server. And contrast the timeline of that story and journalism with the timeline within my 53 page complaint.
From Wikipedia: In January 2014, Snowden said his “breaking point” was “seeing the Director of National Intelligence, James Clapper, directly lie under oath to Congress.”
I’m not sure about the timeline. Perhaps Snowden had some other ‘breaking point’ which caused him to seek redress of issues with higher ups. I don’t understand how your statement there is inconsistent with my suspicions as voiced thus far.
Clive Robinson • July 1, 2016 7:17 PM
@ Grauhut,
Ihmo its a 50/50 chance.
With respect to what?
That is if Ed Snowden is a Psy-Op you have to ask a couple of things,
1, Against whom, or to what objective?
2, What the end game is?
Of all the arguments I’ve seen for a Psy-Op nearly all fail the “sniff test” thus have no mileage. Of those that do get past the sniff test, they then fail the end game question.
Thus you fall into a problem, which is either Ed Snowden is more or less what he says he is, which is a whistleblower or he has for some reason been persuaded to perform a Psy-Op where the end game has no “up-side” for him now, in the short term, or for that matter the long term.
Thus it would be easier to argue that Ed Snowden became his own version of a “wanabe celeb / delusional self aggrandisizer” than a willing participant in a Psy-Op.
The problem with the “wanabe” asspect is that to argue it, you would have to argue that Ed would have had to have known in advance almost exactly how the US authorities were going to react… And that’s a real problem
Apart from President Obama’s known predilection for being an out and out control freak from day one of his Presidency, thus being a “Red Queen” with whistleblowers, there is no previous track record of how the USG would react to a whistleblower who was “out of US jurisdiction”.
It’s this point that the Psy-Op argument turns. That is they argue the draconian USG response was a carefully orchestrated plan. Not an otherwise unpredictable knee jerk draconian response from a slighted megalomaniac with a god complex. The main Psy-Op argument being the timing of the revoking of Ed Snowden’s passport with him being in Russia. But that in turn fails because there was no track record of what the Russians would do.
As has been pointed out many times “You can’t have your cake and eat it”, your argument has to go from cause to effect. You can not argue back from effect to cause, it’s like a golfer hitting the ball and claiming it landed on exactly the tuft of grass they where aiming at.
So both the Psy-Op and Self-Aggrandizment arguments fail to hold water…
But on the highly improbable assumption that key players in the USG knew in advance exactly what Vladimir Putin would do, you still have to ask the “Who or What” is the target question. Based on the payload of the revelations there is no profit in it, not even in the CIA doing it to embarrass the NSA, they all lose by it. Which means you have to look in a quite twisted way to find a winner in the USG.
But if the USG is the looser due to the payload, you have to consider other players. One Psy-Op argument is Ed Snowden is a Russian and it’s a Russian Psy-Op. Well that argument fails on the fact that there is no track record of what the USG would do, so how would the Russian’s know that the USG would cancel Ed’s passport…
Thus it’s unlikely it’s either a US or Russian government Psy-Op unless they were both in on it… But again you come back to the “Who or What” and “Who wins” questions.
If you listen to what USG and other Signals Intelligence Agencies are saying then the only immediate winners are certain Middle East based Terrorist organisations. A little “twisted thinking” gets you to the “NeoCons / MIC win from ME destabilization” argument. But that is getting you into “Who shot JFK” territory…
Another from “effect to cause” argument is it’s the FBI and the “going dark” people that are running the Psy-Op. That is by letting ME terrorists know their communications are monitored, they then start using encryption, giving certain governments no option but to negate encryption in some way. This argument fails on the fact that it can be shown that the terrorists were well aware of the communications monitoring long prior to Ed Snowden’s revelations, and the fact that contrary to what some “unnamed officials” would have you believe active terrorists are not realy using electronic communications let alone encryption. Thus the FBI and others arguing “gowing dark” are in reality “opportunists” jumping on any band waggon they can good or bad as it passes. But their inept opportunism has been easily reviled, thus they are not likely to be sufficiently adepr to run a major Psy-Op. But even if some were it still does not get past the “end game” issue…
I could go on but the arguing from a highly improbable effect to cause and twisted viewpoint are red flags for conspiracy theory thinking, as are the lack of “end game” and “who or what” target / winner. So applying William of Occam’s razor to what is publicaly known brings us back to “whistleblower” with a high probability not 50/50 by a long way.
Grauhut • July 1, 2016 8:09 PM
@Clive: Its the old “Core” ./. “Heartland” game. And this is not an exact science with predictable outcomes. You cant code it. But its played, even if you cant predict its end.
And i think you know this.
https://www.foreignaffairs.com/reviews/review-essay/2003-09-01/hegemony-or-empire
https://www.youtube.com/watch?v=U2fYcHLouXY
http://demotivation.me/images/20140314/g63fo1s5l8s0.jpg
I dont know if Snowden is as selfmade hero or a fckn well payed free lancer…
Stan • July 1, 2016 10:05 PM
This never-ending effort to keep the discussion polite and restricted to the purely technical and legal domain is deplorable.
These are not civilized people. They sell data to torturers. People being tortured are called ‘targets’. These targets’ circumstances are indisputable proof there is absolutely no such thing as law in the US, and exposure of this reality would be extremely embarrassing to even the most vicious pro-torture Americans. It might even embarrass you.
Some of the people on the torture target lists actually exist. Flesh and blood people, some of them with fewer traffic tickets than yourselves. I kid you not.
@977779
though note I also have a conspiracy theory that I may have been hacked, and hackers misled me into believing that this is a real complaint on file with the USG. However I have been given rather tangible evidence from my government in the last couple years that they consider me ‘sane enough’.
You haven’t applied for social security have you?
That’s how they find you.
Seriously, there’s a very long list of savants and autists that are effectively on government retainer.
Ken • July 1, 2016 11:10 PM
@ Clive Robinson said, “So applying William of Occam’s razor to what is publicaly known brings us back to “whistleblower” with a high probability not 50/50 by a long way.”
Then you would have to consider the same sniff tests as 1. “to whom and what objective” and 2. what is the “end game”, in the event for being a whistleblower?
Does he realistically believe USG will change its policy due to public awareness? Or shift the operations into proxies? What good does it do? Did not pass the sniff test, for me, on both accounts.
977779 • July 1, 2016 11:18 PM
@r: “You haven’t applied for social security have you?”
Part of the explanation of my psyche is that my father, 37 years older than me, a retired math prof, mentioned once or twice to me the whole civics thing with social security numbers as (or as not) national ID numbers, and the whole ‘your papers please’ stuffs. Later, I read myself the obvious connections with ‘number or the beast’ and ‘required id number to make purchases and engage in commerce’.
Let’s not entertain whatever joke you were trying to make. I live in the U.S. I have a social security card. Its last four digits, like my fingerprint, are used for various sorts of security theatre. Forgive me for trying to say lets not waste verbiage on those bullshit conversation roads and lets stick to the whole home-email-server thing that is clearly my baliwick here.
Ken • July 1, 2016 11:34 PM
@ 977779 said, “Given how it has played out, I still can’t discount my theory that Snowden is just a psy-op against the public to help create a ‘new-normal’, that, while being pretty freakishly orwellian, is at least close enough to the real truth so that society can minimally function and progress.”
You sound like that verbose dude. Creating a ‘new-normal’ would fail most sniff tests except the most ludicrous ones. One has to undderstand the complex mechanisms of our sociopolitical architecture, most of which left no trace to prove, and creating a dichotomy to foster subtly-planned social changes. This act is in essence to un-balance a status quo, as the system works better in a polarized format, because it needs that little bit of flexibility to morph with the changes of times. Love the novel.
Clive Robinson • July 1, 2016 11:59 PM
@ Ken,
Did not pass the sniff test, for me, on both accounts.
So the obvious question is what does pass your sniff test on Ed Snowden?
Clive Robinson • July 2, 2016 12:40 AM
@ All,
For those critical of @Bruce when he says,
- Organizations like the NSA play an important role in national security, and are necessary both offensively and defensively. We need to figure out how to make that work.
You need to realise that whilst “collect it all” is quite a massive undertaking for the NSA, it is only a small part of their function.
I think most here agree that the “collect it all” programs have taken a part of the NSA “off the reservation” both morally and legaly, and it needs to stop, but at the same time we need to remember the other parts of the NSA. Thus “we do not want to throw the baby out with the bath water” when trying to deal with “collect it all” policies, projects and practices.
For instance one part of the “NSA” is responsible for Military Communications Systems. Even though I’m not a US citizen and do not reside in the US, it does not stop me appreciating that this work saves the lives of ordinary US soldiers, who are the sons, daughters, partners and parents of other US citizens young and old.
So Bruce is right when he says the NSA play an important role in National security, and further that we need to figure out how to make it work the way the US electorate need it to.
977779 • July 2, 2016 2:33 AM
@r: “You haven’t applied for social security have you?”
I suppose I find myself compelled to apologize, as there was some reactionary amount of emotional denial in my first response. In the last 20 years I have run across at least 3 people close to me that have told me they are on pre-retirement-age social security benefits related to disabilities with psychological components. Presumably this is what you meant, though you should have been more respectfully blunt, thus avoiding my flame reaction of “jesus, we are born with social security cards in this country. apply? wtf do you mean?”.
The short answer is no, I’ve never applied for such benefits, though I’ll admit that were I to find myself that desperate for money, part of my application process would probably involve testing that theory about whether or not the bizarre fcc complaint number was a real thing or not. As it stands, I have other plans for testing the theory eventually that don’t involve any sanity tests of me personally.
de La Boetie • July 2, 2016 7:04 AM
Personally, I’m more interested in the psychopathology of the leaders and senior managers of these operations than the foot-soldiers.
Can I recommend some books?
The (Honest) Truth About Dishonesty: How We Lie to Everyone – Especially Ourselves
Dan Ariely
The Milgram Experiment
The Stanford prison experiment
All of these have a bearing on how normal regular people can do evil things, and manage to self-justify so they can sleep nights.
But it’s the senior management who do these obviously immoral wrong things that I want to see in jail. It’s not that I expect these operations to be “clean”, but I don’t want to be on the end of harmful empire building that has nothing to do with keeping us safe, the opposite.
ianf • July 2, 2016 7:32 AM
@ Ant under magnifying glass […the NSA has] “taken its legitimate mission and gone completely off the rails in a taxpayer-coffer-draining/ make-everybody-less-safe/ collect-it-all-keep-it-all-share-it-all/ extra-judicial rampage.”
I’m not commenting on Bruce’s post or comment, but on that your above assertion of what NSA’s executive and/or its minions are up to. None of us really knows what that amounts to, and a single interview with someone who’s obviously full of ‘self, doesn’t make it any clearer: we can be appalled by his lack of moral fibre (or whatever), but that’s at best only a mirage of a glimpse into the core.
- 6 months ago I raised the subject of NSA’s in-house routines and culture, but elicited no response. Maybe better luck this time?
Further on, you “have zero sympathy for how unbelievably far they’ve strayed from what their mission should be…”
Try “s/their mission should be/what the outsider me imagines it should be/g”
Lastly, you “have a huge amount of respect for the man, but this sentiment smacks of a dangerously apologetic naïveté”
Aha! having your Bruce-cake AND eating it (while indulging in British spelling). Devious.
And now for something still in-topic, but completely different; bear with me:
June 25th, me to Gerard van Vooren [no leniency to aristocratic riff-raff here]:
6 days later, Gerard van Vooren to #977779:
- Get yourself well informed. Start with Wikipedia for instance, or Wikileaks or The Intercept.
2 hours later #977779 to Gerard van Vooren:
- I’m also pretty sure I’m in the top percentile for wikipedia articles read in a lifetime. Ok, that’s really another unknown, but top 10% seems very likely to me.
Is this the birth of a Wikipedia-deployed-as-intellectual-club trend here? [confirmation requested].
(Signed charter Wikipedia supporter).
Grauhut • July 2, 2016 8:59 AM
@Clive: “what does pass your sniff test on Ed Snowden?”
We cannot have a realistic sniff test on him. Missing data.
What we know is: Snowden was an IC mercenary.
I would like to see proof he is not a mercenary anymore, that he not just switched to the psyops department.
Do you have any proof?
Stan • July 2, 2016 9:54 AM
@gordo – July 2, 2016 8:01 AM
Bumbling, self-destructive offense is no defense at all.
That should be obvious to all sentient beings by now, even salaried patriots.
977779 • July 2, 2016 1:09 PM
@ianf
Is this the birth of a Wikipedia-deployed-as-intellectual-club trend here?
For the record, my citation of wikipedia was purely defensive. Just as soon as the world gets weened from gmail to home email servers, the next step is weening them off wikipedia. With the right to operate a server protected by network neutrality, there will be no sane reason to voluntarily send details of (at least 99% of) your encyclopedia reading habits across the internet. Wikipedia is an example of a non-commercial (re)centralized service exploiting the high barriers to entry to competition. IMO.
@977779,
I omitted responding in a schizophrenic manner, but to this I shall not resist.
All information is decentralized, there will always be communication preceding the advent of learning and acknowledgement.
If you don’t keep backups or share, then it is you who is centralizing such repositories.
977779 • July 2, 2016 1:58 PM
If you don’t keep backups or share, then it is you who is centralizing such repositories.
backups – good, yes.
sharing – with voluntary/ethical/bla/bla consent (same applies to backups)- good, yes
centralizing one’s own choices of repositories – also good in my book.
The internet is a battle between empowerment and disempowerment. Agenda flavored lies drowning most truths while the surviving truths find they have the ability to swim.
me • July 2, 2016 2:54 PM
@de La Boetie,
Re: booklist suggestions
Add: Eichmann in Jerusalem – a Report on the Banality of Evil by Hannah Arendt.
“ethics”.
Donald • July 2, 2016 7:56 PM
@ Clive Robinson, “This does not stop their bad behaviour, some argue because the punishment is ineffective.”
Don’t forget the laws are written not given. The major loop in USG is a lobbying system made of up special interest groups who “donate” money to have legislation shaped to their advantages. It is in efffect not a crime and punishment issue but the very definition of compliance and punishing those who circumvent the desirable results (of whom is still arguable).
Oh by the way, Happy Fourth of July to you’all New World lads.
ianf • July 3, 2016 1:52 AM
@ Ant under magnifying glass […] “admits now that he does not have the energy to match my posting stamina.”
What do you mean, stamina? (I could accept eloquence; Wael take note). I am not the Big Bad Posting Wolf here, Clive Robinson is.
ianf • July 3, 2016 4:22 AM
@ Jacky, who “sometimes feels [that] CR(???) is like DPR of Schneier’s blog.”
WTF do you mean? Try being lss crptc.
@ianf,
and here I thought cryptic was fun, I’ve always between under the impression that although it can be frustrating it still ‘stirs’ the pot.
and I don’t like it when my noodles get burnt, do you?
CR, Clive Robinson.
DPR, dread pirate Roberts.
rr • July 3, 2016 8:54 AM
@ianf,
I think that comment is in reference to not the film character but the forum character of silk road flame.
some sort of romantic will o wisp, a guiding light of Hansel and Gretel homework… just don’t try to fix the oven with the pilot lit.
Gerard van Vooren • July 3, 2016 11:54 AM
@ 977779,
I’ve read your complaint. Not every word but the big outline. Like I said before, in Europe we have net neutrality-ish, so these problems are not playing here. That said, I still don’t see many home servers because it’s still complex and time consuming technology.
@ ianf,
Wikipedia doesn’t make you an intellectual but it’s a wonderful site. I donate them annually.
Jacky • July 3, 2016 12:25 PM
@ rr wrote, “I think that comment is in reference to not the film character but the forum character of silk road flame.”
Err, it was in reference to the film character. Why would I compare him to a lamer?
977779 • July 3, 2016 1:12 PM
@Gerard van Vooren
Before the invention of movable type and the printing press, the creation of books was (ok, not really that) complex and (but yes, very) time consuming.
There is zero reason why we can’t all be running home email servers instead of gmail. Except server persecution by ISPs. I know my political opponents will hold to your line. I’d love Schneier to weigh in on my tech estimates, but oh well, whatever. I’m clearly confident that in the long run, my analysis will be vindicated. I really think its inevitable and only a matter of time. The true believers of today will then claim that some new networking technology they helped develop (years from now) was the key enabling factor. But they will still be as full of shit as they are today. It’s all about barriers to entry, platforms, and opportunities denied. With clear motivations related to state surveillance (read: PRISM) and money (read: gmail the golden goose).
rrr • July 3, 2016 1:39 PM
@Jacky,
I don’t know. Forum? following?? unabashed disdain for existing systems??? any number of reasons I wasn’t trying to assume was just trying to illuminate.
rrrr • July 3, 2016 1:43 PM
@Jacky,
I try to shy away from the ‘visual’ art Hollywood uses to finger our neurons. I’m not so interested in ‘productions’.
977779 • July 3, 2016 2:17 PM
Re: home/private email servers
And for the record, to help unravel any undesired miscues as to my specific forms of crazyness, the reason I use the word ‘home’ in my ranting so much, when obviously mobile phone based ‘private’ email servers have just as much a place in a sane overall picture… is because of the distinction made in the 2010 FCC net-neutrality 1.0 vs the interesting lack of that distinction in the 2015(?) net-neutrality 2.0. And part of my whole schtick is beating the living hell out of the dead horse that was the misrepresentation of reality of FCC-10-201. Or rather, I actually understand enough of the nuance of why that distinction was there, why it isn’t now, and why my entirely coherent and strongly held opinions in this matter are sidestepped by all parties. Or I have enough theories that provide a substitute for a sense of understanding.
@977779
the more personal email servers are deployed the less we require the traditional email server as per RFC, the more servers are deployed the more friendly routes can be established through dht like mechanisms and the less accounts those servers will need to manage. if you want to run a new style of decentralized mail or instant messaging server on 25 and 110 go ahead. but that’s not what we need, IMO anyways. email and emessaging need innovation, we need uptime reliability reroutability and friendly interaction between personal devices or servers. if you want to run an SMTPd at home go ahead, you’re just trying to recentralize something we already have.
977779 • July 3, 2016 3:20 PM
@r
the more personal email servers are deployed the less we require the traditional email server as per RFC,
What RFC are you referring to?
the more servers are deployed the more friendly routes can be established through dht like mechanisms and the less accounts those servers will need to manage.
Yes, it is complex. See aforementioned exponential logic, but I’ll elaborate more here as well (i.e. it’s about deployment platform availability).
if you want to run a new style of decentralized mail or instant messaging server on 25 and 110 go ahead.
You mean ‘go ahead’ if I either pay double or more the price for an ISP plan that is ‘business class’ and doesn’t prohibit running a server, or if I choose to willfully violate the terms of service of my lowest-tier plan.
While it happens to be the case that I could afford to do this without much trouble, I admit that I alone cannot (am not willing to without compensation) solve all the (not difficult, but effort and time consuming) problems that need to be solved. Also, because of my political history, if I alone try to develop this, I am an easy target for interference campaigns. In order to see developed what I want to see developed, I need the safety of a herd. I need the national/global tactical situation to be such that impeding me as a target has no effect of preventing or significantly delaying the deployment I am after. And I have every confidence that there are enough people who would like to see what I would, that my absense from the picture will have no fundamental effect.
but that’s not what we need, IMO anyways. email and emessaging need innovation, we need uptime reliability reroutability and friendly interaction between personal devices or servers.
Sure, and when every high school student is free to take an open source operating system on a general purpose computer, and fiddle around with enhancements that they and friends can test – WITHOUT GETTING THEIR PARENTS TO PAY TRIPLE FOR A BUSINESS CLASS NON-SERVER-PROHIBITION INTERNET TIER – then this will happen if not overnight, within a year.
if you want to run an SMTPd at home go ahead, you’re just trying to recentralize something we already have.
That makes no sense.
977779 • July 3, 2016 4:20 PM
subject: ‘private’ email servers
And again for the record, trying to demonstrate some specific ways that I’m not actually crazy- I fully expect that were the FCC to grant my wish, that the establishment server operators (gmail/youtube/etc) would not be dethroned quite so easily. Their next tactic would be to bring up ridiculous software patents. In fact, the real evil is that they can persecute servers long enough to build up an arsenal of software patents to use against home server innovators for decades to come. But I’m fully prepared to spend the next decades ranting in forums like this one about those ridiculous (as yet only conjectured) software patent sillies. It’s a pretty sick long game actually.
@977779,
how’d pre-patented concepts play’d out for truecrypt? one can play a war of attrition with an idea, er- a good idea can defeat an entrenched idea through dissemination and time. one can scream all he wants that squirrels are stealing his walnuts (they steal mine) and making him nuts but you’ll probably die before you will win.
if they want to block 25, no matter how unjustified it is to block say 80 and 25 please remember that traditionally those are unencrypted channels. in the case of 80 having public access is reasonably (cough) defensible, even arguably so… I just don’t see it with 25, do you want to mass mail or something? do you demand the right to mass mail?? are you demanding the right for the interoperability of a home based mass mailing mechanism for all of us?
people like Comcast got scared in the 90’s because of some girl name Melissa who is still saying “I love you” to billions of people… (obv over simplification)
there was a thread a couple of weeks ago holding a challenge out for the most elegant parser possible in the case of SMTP… it’s possible that somewhere in one of those crazy convoluted spec sheets there are definitions for non standard ports. maybe backup servers… I don’t know, what I do know is email comes down to namespace and mx bs… seeing as you are likely leasing your dynamic? IP address from a service provider having access to the mx records is not likely to happen.
I don’t lease my water, some of you do. 🙂
if you build it, they will come. maybe I have an agenda to push here as this is a problem I’ve been kicking around for a while: I do see a need for public decentralized mail services and exchangers… I do see a need for a public decentralized maybe chunked and re-distributable blogosphere… I do see a reason for people to audit, crowdsource and share code and ideas. do I think port 25 hold the keys?
I think email is outdated, we need a public key exchange that is distributable redundant resistant and capable of harboring or facilitating both shared and unshared communication irrespective of intent or use. we need something with the (supposed) privacy of i2p but the (intended) strength of a blockchain. we need something that can be put onto a pi or a phone or a laptop or a server and just left to run, and if it goes down then participants create fault tolerance and delivery delays or new routes and announcements of retiring keys or waiting messages. I think communication is splintering like Google and Android, like Linux and UNIX. all I’m proposing is there’s got to be something better; maybe bigger, maybe smaller just certainly not bitter.
you want port 25?, I want 80, 443, 22 and the right to BROADCAST.
977779 • July 3, 2016 5:54 PM
@r
you want port 25?, I want 80, 443, 22 and the right to BROADCAST.
The fact that the right to broadcast maps one to one from radio to the internet as the right to operate a server (versus client only), is the heart of my issue. Nailed it. I don’t need all the ports (though that is as it should be), but I’d settle for a few (hundred, whatever).
The FCC cannot be as stupid as they try to make us believe they are.
977779 • July 3, 2016 6:06 PM
@r – “if you build it, they will come.”
If you show them entirely new tools and building materials, they will build it for you, and then you can come to them. Deployment and testing platform availability. If the platform isn’t available, the things which it could be the foundation of won’t get tested and deployed. If the tools are criminalized or priced out of reach of all but the monied elite, or the building materials don’t exist or are hoarded by the establishment, then the greatest things will never get built.
ianf • July 3, 2016 6:31 PM
@ Ant under magnifying glass
You were attempting to use [something something to] possess by implying… is a sentence loaded with 5 verbs in 3 different yet still 2 passive tenses… maybe just blurb out what you wanted to say and be done with it? (YA sample of my unnecessarily combative off putting tone where you only expected positive strokes).
“eloquence”
Lose the ironic quotes (=more combative tone etc). That’s an order.
@ rrrrrr
I like crypto as anyone else, only here the ciphertext was too damn short, 2 atoms of 5 characters total, to lend itself to any viable crypto analysis. So you just winged it, imagined being able to read Jacky’s mind by remote control—WHICH FAILED. There’s a lesson in it somewhere, only I now have to watch THE NEWS.
@ Jacky
which film character was that… (not?) one of these with neon turds artfully taped to the forehead to signal advanced extraterrestrial intelligence? (Wael has the details).
@ #977779
I knew you were trouble the moment I saw your nick… ’cause people willingly numbering themselves are by default unbalanced, hence not to be engaged with.
To nip this your idée fixe of home email servers‘ superiority over backbone ditto IN THE BUD: in theory you may be right. Only we do not live in theory, nor even inside some alleged simulacrum, but IRL. Mere thought that each and every leaf node online would run its own mail (and then of course any other) server IS SIMPLY PREPOSTEROUS… where the heck would those de-facto millions of host masters acquire and maintain the knowledge needed to configure, and then ensure running of all those servers? And then why should each and every one of the connected us have to spend considerable time and daily effort to maintain what easily lends itself to centralization at a fractional cost to each of ourselves rhetorical q. Homo Economicus.
Clearly, either you’re daydreaming upside down while wearing pink flippers, or you’re just some net-bozo who innerly believes (analogous to free citizens in Athenian democracy, which today we’d call proto-fascist), that the Net should be solely for those who grok the advantages of home email servers; while others are simply not worthy. Because, however one looks at that your concept, there’s no jumping over the threshold that it’d put up for ordinary sheeple.
You are “clearly confident that in the long run, your analysis will be vindicated. You really think it is inevitable and only a matter of time.”
I don’t play the long-con (nor any con-) games, but, since you ask, I can assure you—on my future grave—that that your… anal-ysis, was it? has already been forgotten in the shortest of runs. From what I can discern, you simply refuse to acknowledge the reality as we know it in favour of your own Imaginary Better Mail Server Mousetrap.
Unlike you, however, I’ve studied the origins of the Net in depth, and, while I personally wasn’t there, I know what it felt like when everyone on mid-80s FidoNet/equiv. had to run their own mail exchange daemons, and was overjoyed when they managed to get a response from Australia in under 3 months’ time. Two years later, now intermittently connected to academic Internet via unofficial bridges, that delay was down to weeks, then 8 days on average (of perhaps 20% of the letters that came through). A year later uucp was ported to MS DOS, and the Mac, and suddenly “everybody” could have their own automatic store-and-forward server (at SLIP backbone’s atrocious timesharing-CPU cost), except it required purging the terminal every 4 hours, or the malloc() would wreck(“havoc”) – after all, it expected unlimited memory of a Unix workstation, or a mainframe, not some piddly microprocessor’s. Your kind of setup; sysadmins loved it, end users hated it.
- Perhaps you’d be better off by simply traveling back in time to permanently live in that form of mail Nirvana, only look up for stray fruit flys in the transport booth!
@977779,
is UDP 25 filtered? I’ve never tested it, another thing considering email if user data and who’s going to be operating something larger than they’re family…
what about 1025?
it’s kind’ve cute.
977779 • July 3, 2016 6:36 PM
@ianf
Mere thought that each and every leaf node online would run its own mail (and then of course any other) server IS SIMPLY PREPOSTEROUS… where the heck would those de-facto millions of host masters acquire and maintain the knowledge needed to configure, and then ensure running of all those servers?
OMFG. Can you imagine explaining to the deceased code-making geeks of WW2 how billions of mere mortal homosapiens were all quite productively mastering gigabyte data storage devices they fit in their pockets, running however many operations per day on that global data network that they do. Jesus fucking christ. We automate shit. That’s how we sysadmins do. As the decades fly by, what took a room full of man and computer power becomes what happens in our pockets as we nap.
ianf • July 3, 2016 6:37 PM
#977779: […] “again for the record, trying to demonstrate some specific ways that I’m not actually crazy”
I’m a wild and crazy guy, but somehow feel no compulsion to demonstrate that I’m normal. Perhaps because I am?
977779 • July 3, 2016 6:48 PM
I sincerely hope your normality makes you happy ianf. My non-normality makes me happy.
ianf • July 3, 2016 6:56 PM
When I’ll feel the need for sanctimonious well-wishings from you, I’ll dispatch a messenger kangaroo in your direction.
@ianf,
last comment <here> and I promise I will try to grow and mature elsewhere within Bruce’s glorious community as I’ve already detracted far enough.
BUT!
lingual context == metadata.
DPR was kind’ve a duh, but I couldn’t confirm the intent until i viola’d CR so I guess I kinda worked backwards.
Don’t feel too bad, I should improve myself with more than friendly banter here but it definitely had me stumped for a minute or two.
977779 • July 3, 2016 9:04 PM
@r
if they want to block 25, no matter how unjustified it is to block say 80 and 25 please remember that traditionally those are unencrypted channels.
Please remember that any tradition you are referring to is more correctly described as “not encrypted by default”. Which is entirely different in an importantly nuanced way from “unencrypted”. People have been using rot13 and pgp over 25 and 80 since the beginning (more or less). I presume we are talking about this in the context of traditional ham radio style encryption laws.
ianf • July 4, 2016 12:44 AM
@ rrrrrrrrr, Jacky
I still have no idea of what you two went on about, but let’s drop it, as there’s nothing in Bruce’s ToS that says that (specifically) I have to understand everything mumbled here. Let’s just say that I march to the sound of a different semantic drummer; this:
Clive James: […] “the standard dead white male language of Jane Austen is now being assailed not only by expansive phrases from institutions that wish to sound more important, but also by piddling abbreviations from individuals who wish to sound pressed for time. […] people who write as if they have no time for such useless stuff as grammar and punctuation are inviting you to treat them as if you have no time for such useless stuff as listening to a bore mangle our beautiful language while he declares himself important.” [18vi2016]
977779 • July 4, 2016 1:45 AM
@r
do you want to mass mail or something? do you demand the right to mass mail?? are you demanding the right for the interoperability of a home based mass mailing mechanism for all of us?
More or less. If I can run a bog standard redhat/debian smtpd and mailman, and provide some interesting enough series of correspondance that I can get a million people to subscribe to my mailinglist, and configure my server such that the resulting number of bits sent via my ISP is less than that sent by someone uploading a 10 minute 720p cat video to youtube, then yes, I am demanding to speak that freely without being charged more than the cat video uploader. If however I use the same system to send unsolicited spam to people, I fully would expect the smarter of those people to use the legal system and the cooperation of my ISP to bankrupt me. Does that clear up my desires and intentions relating to ‘mass mailing’ enough for you?
@977779,
such that the resulting number of bits sent via my ISP is less than that sent by someone uploading a 10 minute 720p cat video to youtube, then yes,
and you haven’t heard of torrents?
when you BCC you will see…
it’s a multipliers.
port 80 blog, with podcast (or less)
your fans and RSS subscribers will thunk you.
977779 • July 4, 2016 2:18 AM
@r
I’ve heard of lots of things. I have lots of ideas for even better things I want to develop. What exactly is your point?
977779 • July 4, 2016 2:32 AM
My internal turing test is definitely going to now include whether or not a commenter appears able to distinguish between hypotheticals that are related to actual desired situations, versus hypotheticals that are crafted as logical corner cases to clarify debate points.
977779 • July 4, 2016 4:45 AM
@ianf
Clearly, either you’re daydreaming upside down while wearing pink flippers, or you’re just some net-bozo who innerly believes (analogous to free citizens in Athenian democracy, which today we’d call proto-fascist), that the Net should be solely for those who grok the advantages of home email servers;
apropo comedy from Bill Hicks on the topic of mandatory flag burning laws-
Piecemaker • July 4, 2016 9:52 AM
Great. Another internet cat fight. I feel so enriched.
977779 • July 4, 2016 1:15 PM
@Piecemaker
Great. Another internet cat fight. I feel so enriched.
I’ve commented so many times in this thread because I consider fcc complaint id# 12-C00422224(-1) to be an important fight for freedom, free speech utilizing the internet specifically. But yes, I know I live in a retarded country, the majority of which would prefer to let their government crucify flag burners. So I guess the net result looks like this. It is what it is.
977779 • July 4, 2016 2:42 PM
If anybody wants $1000 or more, I’ll throw out these interesting links. Note, I’ve as yet had no one claim in any way either of these two bounties I posted months ago.
(fcc id number bizarrity)
http://lwn.net/Articles/676195/
(tor tangent bonus)
http://lwn.net/Articles/657583/
(today’s foia news)
https://yro.slashdot.org/story/16/07/04/0326207/america-expands-its-freedom-of-information-act#comments
I’ll extend my own foia pursuit for at least another couple months.
@97779,
Anyone seeking your bounty may require more information, eg: your 2009 book.
977779 • July 4, 2016 3:50 PM
@r
Anyone seeking your bounty may require more information, eg: your 2009 book.
This does not sound true to me the way I recall specifying the bounties. Please explain. Though the pdf of my book is freely downloadable at lulu.com/cx1
977779 • July 4, 2016 4:34 PM
@Ken
Love the novel.
Thanks. If it’s not too much to ask, please go to lulu.com/cx1 and rate the novel.
@Garak,
in some of your comments both here and at lwn you sort’ve paint it as a potential case of discrimination, you’re basically making your own book relevant to the issue’s you’re espousing… If you were less interactive I would label it plugging or potential exploitation, we’ll see.
977779 • July 4, 2016 4:51 PM
@r
in some of your comments both here and at lwn you sort’ve paint it as a potential case of discrimination,
I’m plenty interactive. I wonder in furtherance of what larger point does your characterization here clarify? Also to that end, by all means, include a sampling of those comments to help me understand what you mean, and I’ll be more than happy to clarify any misunderstanding you may have. I’m just trying to clear up potential misunderstandings I may have and think that may help me out. Uknown unknowns and all that.
Henry • July 4, 2016 8:16 PM
977779,
If the tools are criminalized or priced out of reach of all but the monied elite, or the building materials don’t exist or are hoarded by the establishment, then the greatest things will never get built.
Interesting view points, but I may contest that the greatest things will still be built, but the pricing of which will come afterwards. The best things will eventually be “bought” as the last resort, because in a live system things don’t always go as originally planned. If it were the case then IBM, and Microsoft, would own the social internet, but they won’t because it’s a counter-culture of memes. Memes are like anonymous collectives, an orchestrator can launch well-planned memes, or hijack one, but it cannot hold exclusivity. It’s a bit leveled compared to the business arena, but ultimately everything requires money to function, especially with scale, and I think it is somewhat related to my view on home email servers. De-centralization is often dependent on where obscurity is placed. You’re fighting where the data is hosted, but once it goes on the wire, it goes everywehre.
977779 • July 4, 2016 9:09 PM
@Henry
You’re fighting where the data is hosted, but once it goes on the wire, it goes everywehre.
Third party doctrine. Fourth amendment ‘papers and effects’. Terms of Service, arbiters of ‘impropriety’ (see fcc complaint, google fiber’s terms). I’m fighting for the control of information in the email world to become more closely analagous to how control of information in the snail mail world was for our ancestors. The evolution of ‘expectations of privacy’ is pretty scary these days. I’m afraid the next generation will expect no privacy. I worry about them.
977779 • July 4, 2016 10:11 PM
@Henry
You’re fighting where the data is hosted, but once it goes on the wire, it goes everywehre.
And a couple other key points- First, this is factually not accurate. Despite what some people probably believe (that is not altogether that far from the truth), your data does not instantaneously get absorbed and recorded into permanent optical media in a silo in Utah operated by the NSA. The data, once on the wire, doesn’t go everywhere, it goes where it goes. A gmail user is at the mercy of Google/Alphabet as being the ones in most control of where their data goes. A home email server user is considerably more empowered. Second, see the Bill Hicks reference for the nuance of what I am fighting for. I’m fighting to empower people with options they didn’t previously have, or didn’t legally understand yet that they actually had all along. I’m not fighting to dictate what service/s or software or devices or networks anyone must use.
I’ve been waiting for the right moment to say this in respect to Clive’s comments…
Information really does grow on tees.
Then!
It later goes on trees.
Happy Fourth Amendment Day all.
Josephine • August 17, 2016 12:11 PM
You need a hacker to go to for all of your cyber issues, then pauleta.steelbreaker on gmail is the one you should consult or text +1 928-323-3115
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Adam Kaplan • June 29, 2016 10:58 AM
Reading this article, makes me feel sick. Accepting obvious wrongdoing, and embracing it, because “the world will never change”, seems to me like a cowardly thing to do. The Lamb, obviously, is a very skilled hacker, but I do not understand his ethics behind the act.