109860628
submission
Nicola Hahn writes:
In June of 2013 an intelligence specialist named Edward Snowden released a set of classified documents to journalists in Hong Kong. Ushering in a series of revelations that put mass surveillance and state sponsored hacking center stage. Snowden’s initial disclosures were soon joined by others, like the ANT Catalogue, the Equation Group tools, and the Vault 7 leaks.
In the wake of these developments a number of high-ranking officials scrambled to justify clandestine programs. Executives likewise recalibrated their stance toward the government and lawmakers worked to defend our civil liberties. Yet despite the tumult of the post-Snowden era and the debates that ensued, has it actually changed anything? Or did society merely offer a collective shrug to the looming threat of pervasive monitoring, surrendering to the convenience of mobile devices? One observer who has warily followed the aftermath of the Snowden affair believes that most people followed the latter path and that it does not bode well for civilization.
99492349
submission
Nicola Hahn writes:
In the wake of congressional hearings the national spotlight has been placed squarely on Mark Zuckerberg such that the discussion about user privacy tends to orbit around Facebook and Cambridge Analytica. Yet bulk data collection isn’t the work of a couple of bad apples. Corporate social media is largely predicated on stockpiling and mining user information. As Zuckerberg explained to lawmakers, it’s their business model. In other words, social media is a form of mass surveillance. Classified government documents show that it has directly enabled targeted influence campaigns as well as intelligence operations.
While Zuckerberg has offered public apologias, spurring genuine regulation will probably be left to the public. Having said that, confronting an economic sector which makes up one of the country’s largest political lobbying blocks might not be a tenable path in the short term. The best immediate option for netizens may be to
opt out of social media entirely.
85413541
submission
Nicola Hahn writes:
While reporters clamor about the hacking of the Democratic National Committee, NSA whistleblower James Bamford offers an important reminder: American intelligence has been actively breaching email servers in foreign countries like Mexico and Germany for years. According to Bamford documents leaked by former NSA specialist Ed Snowden show that the agency is intent on “tracking virtually everyone connected to the Internet.” This includes American citizens.
So it might not be surprising that another NSA whistleblower, William Binney, has suggested that certain elements within the American intelligence community may actually be responsible for the DNC hack. This raises an interesting question: facing down an intelligence service that is in a class by itself, what can the average person do? One researcher responds to this question using an approach that borrows a line from the movie THX 1138: “The T-H-X account is six percent over budget. The case is to be terminated.”
84238571
submission
Nicola Hahn writes:
While top secret NSA documents continue to trickle into the public sphere tech industry leaders have endeavored to reassure anxious users by extolling the benefits of strong encryption. Rising demand among users for better privacy protection signifies a growth market for the titans of Silicon Valley and this results in a tendency to frame the issue of cyber security in terms of the latest mobile device. Yet whistleblowers from our intelligence services offer dire warnings that contrast sharply with feel good corporate talking points. Ed Snowden, for example, noted that under mass surveillance we’re essentially “tagged animals” who pay for our own tags. Hence there’s an argument to be made that the vast majority of network-connected gadgets enable monitoring far more than they protect individual liberty and perhaps in some instances the most secure option is to opt out.
81458829
submission
Nicola Hahn writes:
As the Department of Justice exerts legal pressure on Apple in an effort to recover data from the iPhone used by Syed Rizwan Farook, Apple’s CEO has publicly stated that “the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”
But, as one Windows rootkit developer has observed, the existing functionality that the FBI seeks to leverage is itself a backdoor. Specifically, the ability to remotely update code on a device automatically, without user intervention, represents a fairly serious threat vector. Update features marketed as a safety mechanism can just as easily be wielded to subvert technology if the update source isn’t trustworthy. Something to consider in light of the government’s ability to steal digital certificates and manipulate network traffic, not to mention the private sector’s lengthy history of secret cooperation.
77401779
submission
Nicola Hahn writes:
The pluralist stance of American politics contends that true power in the United States has been constitutionally vested in "the people" through mechanisms like the electoral process, freedom of speech, and the ability to establish political parties. The traditional view is that these aspects of our political system result in a broad distribution of power that prevents any one faction from gaining an inordinate amount of influence.
And today the New York Times has revealed the shortcomings of this narrative by publishing the names of the 158 wealthy families that have donated almost half of the money spent towards the 2016 presidential race. This group of donors is primarily Republican and is dominated by interests in the banking industry. These facts lend credence to the idea that national policy making is influenced heavily by a relatively small group of people. That the American body politic is largely controlled by a deep state.
74953901
submission
Nicola Hahn writes:
"The topic of key escrow encryption has once again taken center stage as former Secretary of Homeland Security Michael Chertoff has spoken out against key escrow both at this year’s Aspen Security Forum and in an op-ed published recently by the Washington Post. However the debate over cryptographic back doors has a glaring blind spot. As the trove of leaks from Hacking Team highlights, most back doors are implemented using zero-day exploits. Keep in mind that the Snowden documents reveal cooperation across the tech industry, on behalf of the NSA, to make products that were "exploitable". Hence, there are people who question whether the whole discussion over key escrow includes an element of theater. Is it, among other things, a public relations gambit, in the wake of the PRISM scandal, intended to cast Silicon Valley companies as defenders of privacy?"
73699559
submission
Nicola Hahn writes:
As American lawmakers run a victory lap after passing the USA Freedom Act of 2015, Edward Snowden has published an op-ed piece which congratulates Washington on its "historic" reform. He also identifies Apple Inc. as a champion of user privacy. Snowden states:
"Basic technical safeguards such as encryption — once considered esoteric and unnecessary — are now enabled by default in the products of pioneering companies like Apple, ensuring that even if your phone is stolen, your private life remains private."
This sort of talking point encourages the perception that Apple has sided with users in the battle against mass surveillance. But there are those who question Snowden's public endorsement of hi tech monoliths. Given their behavior in the past is it wise to assume that corporate interests have turned over a new leaf and won't secretly collaborate with government spies?
71148301
submission
Nicola Hahn writes:
NSA director Mike Rogers spoke to a Senate Committee yesterday, admonishing them that the United States should bolster its offensive cyber capabilities to deter attacks. Never mind that deterrence is problematic if you can’t identify the people who attacked you.
In the past a speech by a spymaster like Rogers would have been laced with hyperbolic intimations of the End Times. Indeed, for almost a decade mainstream news outlets have conveyed a litany of cyber doomsday scenarios on behalf of ostensibly credible public officials. So it’s interesting to note a recent statement by the U.S. intelligence community that pours a bucket of cold water over all of this. According to government spies the likelihood of a cyber Armageddon is “remote.” And this raises some unsettling questions about our ability to trust government officials and why they might be tempted to fall back on such blatant hyperbole.
70951427
submission
Nicola Hahn writes:
Yet another news report has emerged detailing how the CIA is actively subverting low-level encryption features in mainstream hi-tech products. Responding to the story, an unnamed intelligence official essentially shrugged his shoulders and commented that “there's a whole world of devices out there, and that's what we're going to do.” Perhaps this sort of cavalier dismissal isn’t surprising given that leaked classified documents indicate that government intelligence officers view iPhone users as ‘Zombies’ who pay for their own surveillance.
The past year or so of revelations paints a pretty damning portrait of the NSA and CIA. But if you read the Intercept’s coverage of the CIA’s subversion projects carefully you’ll notice mention of Lockheed Martin. And this raises a question that hasn’t received much attention: what role does corporate America play in all of this? Are American companies simply hapless pawns of a runaway national security state? Ed Snowden has stated that mass surveillance is “about economic spying, social control, and diplomatic manipulation. They're about power.” A sympathy which has been echoed by others. Who, then, stands to gain from mass surveillance?
70772135
submission
Nicola Hahn writes:
In light of a classified document regarding state-sponsored cyber ops the editorial board at the New York Times has suggested that the most constructive approach to reducing the spread of cyber threats would be to “accelerate international efforts to negotiate limits on the cyberarms race, akin to the arms-control treaties of the Cold War.”
While such advice is by all means well-intentioned there are significant differences between nuclear weapons and malware that would make treaty verification problematic. Not to mention that the history of the Cold War itself illustrates that certain countries viewed arms control treaties as an opportunity to secretly race ahead with their own covert weapons programs. Rather than take on the Sisyphean task of trying to limit the development of offensive cyber technology, why not shift national priorities towards creating robust, fault-tolerant, systems that render offensive tools ineffective?
70564629
submission
Nicola Hahn writes:
In the wake of the Snowden revelations strong encryption has been promoted by organizations like The Intercept and Freedom of the Press Foundation as a solution for safeguarding privacy against the encroachment of Big Brother. Even President Obama acknowledges that “there’s no scenario in which we don’t want really strong encryption.”
Yet the public record shows that over the years the NSA has honed its ability to steal encryption keys. Recent reports about the compromise of Gemalto’s network and sophisticated firmware manipulation programs by the Office of Tailored Access Operations underscore this reality.
The inconvenient truth is that the current cyber self-defense formulas being presented are conspicuously incomplete. Security tools can and will fail. And when they do, what then? It’s called Operational Security (OPSEC), a topic that hasn’t received much coverage. Until now.
70165175
submission
Nicola Hahn writes:
Both the White House and the U.S. Intelligence Community have recently announced reforms to surveillance programs sanctioned under Section 215 of the Patriot Act and Section 702 of the Foreign Intelligence Surveillance Act. But do these reforms represent significant restructuring or are they just bureaucratic gestures intended to create the perception that officials are responding to public pressure?
The Executive’s own Privacy and Civil Liberties Oversight Board has written up an assessment of reform measures implemented by the government. For those who want a quick summary the Board published a fact sheet which includes a table listing recommendations made by the board almost a year ago and corresponding reforms. The fact sheet reveals that the Board’s mandate to “end the NSA’s bulk telephone records program” has not been implemented.
In other words, the physical infrastructure of the NSA’s global panopticon is still in place. In fact, it’s growing larger. So despite all of the press statements and associated media buzz very little has changed. There are people who view this as an unsettling indication of where society is headed. Ed Snowden claimed that he wanted to “trigger” a debate, but is that really enough? What will it take to tear down Big Brother?
67565167
submission
Nicola Hahn writes:
Over the course of the Snowden revelations there have been a number of high profile figures who've praised the merits of encryption as a remedy to the quandary of mass interception. Companies like Google and Apple have been quick to publicize their adoption of cryptographic countermeasures in an effort to maintain quarterly earnings. This marketing campaign has even convinced less credulous onlookers like Glenn Greenwald. For example, in a recent Intercept piece Greenwald claimed:
"It is well-established that, prior to the Snowden reporting, Silicon Valley companies were secret, eager and vital participants in the growing Surveillance State. Once their role was revealed, and they perceived those disclosures threatening to their future profit-making, they instantly adopted a PR tactic of presenting themselves as Guardians of Privacy. Much of that is simply self-serving re-branding, but some of it, as I described last week, are genuine improvements in the technological means of protecting user privacy, such as the encryption products now being offered by Apple and Google, motivated by the belief that, post-Snowden, parading around as privacy protectors is necessary to stay competitive."
So while he concedes the role of public relations in the ongoing cyber security push Greenwald concurrently believes that encryption is a "genuine" countermeasure. In other words, what we're seeing is mostly marketing hype... except for the part about strong encryption.
With regard to the promise of encryption as a privacy cure-all, history tells a markedly different story. Guarantees of security through encryption have often proven illusory, a magic act. There are subtle currents flowing beneath the surface of the body politic and seeking refuge in a technical quick fix can be hazardous for a number of reasons.
66852429
submission
Nicola Hahn writes:
In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don’t walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc.
All told Greenwald’s argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? Looking back at the past couple of decades have Silicon Valley companies demonstrated that they view security as anything other than a marketing scheme? Noise for rubes. After all of the lies can we trust hi-tech vendors to be honest? There are people who think that advising citizens to devolve into consumers is a dubious proposition.
