QOTD (NSA Fallout Edition)

Bruce Schneier, explaining to Financial Times why US tech companies will get hurt by news that NSA got some of them to put back doors into their products while others complied with the FISA court orders — even setting up automated systems transfer the data:

“How would it be if your doctor put rat poison in your medicine? Highly damaging,” said Bruce Schneier, a US computer security expert.

Might make you shop around a just a little bit. When the dust settles though, it’s not clear what other country’s tech providers will seem more trustworthy. China? Korea? UK? France? Unlikely all. Not Switzerland. Certainly not Russia. Who then? Can Iceland grow a big enough tech sector?

This entry was posted in Cryptography. Bookmark the permalink.

8 Responses to QOTD (NSA Fallout Edition)

  1. anon says:

    But it’s called warfarin, one of the most prescribed medications in the country.

  2. gollyup says:

    P.S. the NSA was created by executive order, and the Congress has never passed a single law proscribing its behavior.

    • National Security Agency Act of 1959 ?

      • smith says:

        The Act you cited is almost exclusively about employee compensation.

        It also includes strange caveats like:

        “Sec. 2. (a) The Secretary of Defense (or his designee) is
        authorized to establish such positions, and to appoint thereto,
        without regard to the civil service laws, such officers and
        employees, in the National Security Agency, as may be necessary to
        carry out the functions of such agency”

        and

        “(b)(1) In order to maintain necessary capability in foreign
        language skills and related abilities needed by the National
        Security Agency, the Director, without regard to subchapter IV of
        chapter 55 of title 5, United States Code, may provide special
        monetary or other incentives to encourage civilian cryptologic
        personnel of the Agency to acquire or retain proficiency in foreign
        languages or special related abilities needed by the Agency.”

        I also found this:

        “The power of the N.S.A., whose annual budget and staff are believed to exceed those of either the F.B.I. or the C.I.A., is enhanced by its unique legal status within the Federal Government. Unlike the Agriculture Department, the Postal Service or even the C.I.A., the N.S.A. has no specific Congressional law defining its responsibilities and obligations. Instead, the agency, based at Fort George Meade, about 20 miles northeast of Washington, has operated under a series of Presidential directives. Because of Congress’s failure to draft a law for the agency, because of the tremendous secrecy surrounding the N.S.A.’s work and because of the highly technical and thus thwarting character of its equipment, the N.S.A. is free to define and pursue its own goals”

        http://www.nytimes.com/1983/03/27/magazine/the-silent-power-of-the-nsa.html

  3. Vic says:

    To your point, I think this COULD lead to more people stopping reliance upon closed standards and moving more toward the open standards in that someone (hopefully) more capable than them will be looking at such code closely and determining that it is free of back doors. (Ignoring for the moment the hardware issues in play). You don’t need to worry about some cloud server company, wittingly or otherwise, handing your data over to NSA if you’ve encrypted it yourself, with good encryption, before ever putting it out there. (again, ignoring some facts for complicated discussion reasons).

    But the real problem in ALL of this is that most people just don’t CARE. You have the subset (of all Americans) who know little about tech and won’t educate themselves. You have another subset who know little and probably are (in practice) uneducatable to a level necessary to really understand. You have the people that think that privacy is a relic of a past age. And you have the subset of people who proudly proclaim that they have nothing to hide – because they’ve, by golly, done nothing wrong, and if it helps find bad guys…

    Then there are the only humans on the planet that can correct or stop the situation (Congress, in combination, perhaps, with the Federal Courts), and it won’t happen (and nobody else will ever have enough standing), so…

    Between all these subsets, you only have a few people left, and they just wind up seeming like crazies because they advocate encrypted emailing, etc. Whether what is happening is legal or not, isn’t even an issue that will ever matter.

  4. David says:

    It may be worth reminding people that the creator of the internet was DARPA, the “Defense” Advanced Research Projects Agency. Since then, the military-industrial complex has never thought of it any other way than as a military asset.

    • pootine says:

      Actually, since industrial-scale commerce got its hands on the Internet, the Pentagon views it as an enemy weapons system:

      When it describes plans for electronic warfare, or EW, the document takes on an extraordinary tone.

      It seems to see the internet as being equivalent to an enemy weapons system.

      “Strategy should be based on the premise that the Department [of Defense] will ‘fight the net’ as it would an enemy weapons system,” it reads.

      The slogan “fight the net” appears several times throughout the roadmap.
      The authors warn that US networks are very vulnerable to attack by hackers, enemies seeking to disable them, or spies looking for intelligence.

      “Networks are growing faster than we can defend them… Attack sophistication is increasing… Number of events is increasing.”

      http://news.bbc.co.uk/2/hi/americas/4655196.stm

      That’s why they’re hunting for terists in online video games.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.