This Creepy New NSA Story is Bonkers

Thursday, September 05, 2013 - 04:43 PM

Another Thursday, another huge NSA story based on Snowden documents.

Truthfully I'm still processing this one. The big takeaways for me, so far:

Most of the companies you trust to keep your information are compromised - either because they've made a deal with the NSA, or because the NSA has covert operatives who work for them.

From The Guardian:

A quarterly update from 2012 notes the project's team "continue to work on understanding" the big four communication providers, named in the document as Hotmail, Google, Yahoo and Facebook, adding "work has predominantly been focused this quarter on Google due to new access opportunities being developed". To help secure an insider advantage, GCHQ also established a Humint Operations Team (HOT). Humint, short for "human intelligence" refers to information gleaned directly from sources or undercover agents. This GCHQ team was, according to an internal document, "responsible for identifying, recruiting and running covert agents in the global telecommunications industry."

The amount of work you'd need to do to protect your data from the NSA is too geeky for most people to understand

Security expert Bruce Schneier has a piece in the Guardian about how you can still protect yourself. The subtext of it is, unless you are very, very brainy, you probably can't. 

Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about. There's an undocumented encryption feature in my Password Safe program from the command line); I've been using that as well.

I am a relatively nerdy person and have heard of none of those programs. Also, Schneier recommends that in highly delicate cases, you buy a second computer that you never connect to the internet.  

If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good.

Obviously, Schneier's security concerns are higher than mine or, probably, yours. He's working with the Snowden documents. The NSA would have a specific interest in peeking into his work. But still. There's something deeply disheartening about how impossible true privacy seems today. 

People who are blase or unsurprised by this are wrong. 

This summer's been punctuated by stories like this one, which wildly expand our notion of how far-reaching the NSA's surveillance apparatus is. To me, the most boring kind of cynicism looks like this:

All these stories have the same message - that the NSA is spying on most of our internet - but there's significant differences between what we knew today and what we knew yesterday. Knowing that the NSA has broken much of the encryption that the world relies on, purposefully introduced weaknesses that anyone could exploit in communication software, and snuck covert agents into communications companies? That's a big deal. There's something pretty boring and narrowminded about refusing to see the differences of degree in these stories as meaningful. </soapbox>



More in:

Comments [10]

PJJ from TX

Sands, you wrote, "Snowden stole tens of thousands of documents. There is no way that he or Greenwald or anyone else can know what they all include..." Well, that is simply not true. They have the documents, and they can read them. Therefore, they can know what they all include. You may argue that they may not fully understand the implications of the information those documents contains, but Snowden and company have been very circumspect about the information they have revealed. It seems to me that they have been very careful about what has been published.

You are correct, though, to worry about people being captured and locked up in a gulag - or maybe an island prison outside the scope of civilian law where people can be kept indefinitely based solely on accusations (or secret evidence that can't be revealed to the accused).

Sep. 26 2013 02:21 PM

Hey Joshua, thanks for cathing thosee misteaks. Fixed 'em.

Sep. 09 2013 03:18 PM
Joshua from Anywhere, USA

Has this post been proofed? "[...]there's significant differences[...]", "blase"? Not really a nitpicker, informally composed blogposts needn't also be sloppy.

Sep. 07 2013 09:55 AM
Sands from Portland

10) Snowden stole tens of thousands of documents. There is no way that he or Greenwald or anyone else can know what they all include, who they endanger (as in real human beings in danger of being killed or locked up in a gulag forever), or how they compromise our national security. There is no conceivable way that all of these documents cover subjects which would quality as "whistle blowing." As eluded to above, there are categorical differences in the types of information being leaked (i.e. the Black Budget is different than info on Americans being spied on), but the general media seem content to act as if each of these weekly leaks has equal legitimacy.

11) Snowden has taken these thousands of national security documents to China, and now Russia. (Snowden hasn't been seen or photographed in how long now? Wonder how he feels about "oppressive America" now? Probably starting to look pretty damn good in retrospect.) Regardless of whatever his initial intentions were, he is now essentially a defector, among the most harmful spies to ever betray our country, and yes, a traitor.

(That ended up longer than I planned)

Sep. 06 2013 01:11 PM
Sands from Portland

agoldman, I don't have time to respond to the original points. I will give my quick take on the whole Snowden/NSA/Greewald affair.

1) I agree that now is a good time for Congress to reform the FISA system and re-examine the Patriot Act to shore up security for Americans.

2) I am fine with my country spying on its enemies and thankful that we have the biggest budget, best technology and are (among) the best at it. If the NSA can capture the electronic activity of a terrorist or China's military and read it, God bless them.

3) Every country spies, and the most technologically advanced such as Russia, China, European countries and Israel are working 25 hours a day to do all of these same things to us. If you work in a large corporation, there is probably a Chinese hacker squatting on your computer right now. I have zero interest in unilaterally disarming.

4) Any savvy person should have low or no expectation of privacy for most electronic activity. Things like Facebook are non-private by their nature. If you work for someone else, your email can be read and web activity can be legally monitored by them at any time. If you talk on a cell phone, your words are traveling on waves through the open air, being captured by your phone company which explicitly tracks your call activity, likely being routed through one or more other company, before traveling through the air again to the person on the other end of the line.

5) 99% of people are not talking about anything interesting ever. So who cares?

6) Again, my main point last time: there is a difference between reporting what the NSA theoretically can do, and what it is actually doing.

7) The initial leaks regarding Americans getting caught up in the dragnet does count as "whistle blowing", though as you can tell, once the actual nuanced details came out I find it less shocking than many do.

8) Many of the subsequent leaks do not count as "whistle blowing" and are merely harmful to our national security. Releasing the Black Budget is not whistle blowing, it is just providing a trove of information to your enemies. Telling Brazil and Mexico that we are spying on them is not "whistle blowing". It is intended only to embarrass people who Greenwald (and his Goodyear Blimp-sized ego) considers to be personal enemies.

9) David Miranda was stopped in Heathrow because he was on a paid assignment from the Guardian to carry thousands of stolen national security documents across international borders (UK documents through the UK, no less). The UK has a law making it illegal to possess information which may be useful to a terrorist, and that is why he was stopped under a terrorism law. The UK does not have a shield law for journalists, which both the Guardian and Greenwald knew before they sent the poor sap on this assignment.

Sep. 06 2013 01:10 PM

(Comment 2 of 2)

"Yes, there has been some reporting on a few thousand instances of innocent people being caught in the dragnet."

That sounds like the cavalier attitude of a person who has not been searched for six hours at a border crossing for no reason, or has a family member arbitrarily placed on a no-fly list.

"Strip away the bug-eyed hyperbole and what you have is this: 'The NSA is a secretive and very technologically-advanced agency with a large budget used for electronic spying for national security purposes.' Is that really something you didn't know a year ago?"

The extent was certainly not known. Nor was the nearly unfettered access to information both foreign *and* domestic. The latest is that the last safe method of electronic communication has been compromised. If these efforts are no big deal, why go to such lengths to keep the world uninformed? If this is pro forma, why aren't people whose information is being read given the opportunity to fight it?

Sep. 06 2013 10:20 AM

(Comment 1 of 2)

Sands, I'd like to respond to your comment point by point.

"The NSA uses these tools when they have specific foreign targets."

True, but Americans frequently get caught up in the warrantless surveillance of foreign targets as long as they are within "two or three hops." Meaning not just people who have interacted directly with said suspect, but people who have interacted with interactors, and people who have interacted with *those* interactors.

"For domestic targets they have to get a FISA warrant."

It is now without dispute that the FISA court essentially rubber stamps requests. Since it is a secret court, subjects whose information is being subpoenaed are unable to contest the acquisition of said information.

"an unethical person at the DMV can use the DMV computer system to check you out as well."

The scope of information the DMV has on file is limited to name, address social. The NSA aims to be able to collect all information on location, as well as any electronic communication you may be having, encrypted or otherwise. It's apples and oranges.

"What Greenwald continues to confuse (very intentionally in my opinion) are the theoretical capabilities of these NSA tools vs. any proof that they are actually being used for anything other than valid spying purposes"

An audit found that the NSA broke privacy rules thousands of times a year. Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States.

Using and abusing this technology to spy on crushes (something common enough that the NSA even has a cute nickname for it - LOVEINT) is well documented.

And from an interview that appeared on our air in june:

ELIZABETH GOITEIN: There's been a, a long and inglorious history of the government misusing information to target social activists and political enemies and, even on some occasions, personal enemies. The Church Committee in the 1970s studied administrations going back to FDR and found that across administrations that these abuses have been commonplace. We’ve seen some examples of it recently, as well. In 2010, there was an Inspector General report at the Department of Justice that found that the FBI was investigating antiwar protests. And there have been even more, I would say, instances recently of government officials misusing information for personal reasons, using information to stalk ex-girlfriends or, you know, find out things about their neighbors.

Sep. 06 2013 10:19 AM
Sands from Portland

The piece missing from nearly all of these stories is the difference between what the NSA can do (as in it has the capability) and what it actually does do.

The NSA uses these tools when they have specific foreign targets. For domestic targets they have to get a FISA warrant. Can some unethical NSA employee abuse this system to track a person without a warrant? Yes. But an unethical person at the DMV can use the DMV computer system to check you out as well. An unethical police dept. employee could abuse their access to their computer system. An unethical bank employee could abuse their access to the bank's credit card database.

What Greenwald continues to confuse (very intentionally in my opinion) are the theoretical capabilities of these NSA tools vs. any proof that they are actually being used for anything other than valid spying purposes (all nations spy and always have). Yes, the NSA can break some encryption, because when foreign terrorists send encrypted information, the NSA tries to capture and read it. Unless the NSA gets a FISA warrant to search whatever cat memes you're sending around, you are safe.

Yes, there has been some reporting on a few thousand instances of innocent people being caught in the dragnet. "Thousands" sounds like a lot, but given the sheer volume of data being filtered, it is a fraction of a fraction of a percent. Those records were identified and deleted. As they were picked up by mistake, they wouldn't have been of much use to anyone anyhow (i.e. more cat pictures).

Strip away the bug-eyed hyperbole and what you have is this: "The NSA is a secretive and very technologically-advanced agency with a large budget used for electronic spying for national security purposes." Is that really something you didn't know a year ago? How about this: "Spy agencies try to crack codes." Hardly earth shattering.

Sep. 05 2013 07:18 PM

Hi Kat Rogers. This is your co-worker Alex Goldman. You may know me from sending you emails and from sitting five feet away from you.

In HTML (the most commonly used language for creating websites), that is what's called a "tag". Tags come in pairs - one that begins whatever you're hoping to modify, and one that ends whatever you're modifying. So if if I wanted to bold a block of text, I would tag it this text will be bolded. PJ is making a joke about how he done soapboxing. He's closing his soapboxing tag. Hence . Does that make sense?

Sep. 05 2013 06:03 PM
katya rogers

hi peej (that's OTM for PJ) - what the f**k is

Sep. 05 2013 05:47 PM

Leave a Comment

Email addresses are required but never displayed.

Supported by

Embed the TLDR podcast player

TLDR is a short podcast and blog about the internet by Meredith Haggerty. You can subscribe to the TLDR podcast here. You can follow our blog here. I tweet @manymanywords and @tldr.

Subscribe to Podcast iTunes RSS