Author Topic: Latest Snowden revelation: NSA sabotaged electronic locks  (Read 708 times)

0 Members and 1 Guest are viewing this topic.

Offline happyg

  • Hero Member
  • ****
  • Posts: 11,822
Latest Snowden revelation: NSA sabotaged electronic locks
« on: September 06, 2013, 01:24:38 PM »
The latest Edward Snowden-powered exposé published by the New York Times, ProPublica and the Guardian is, to me, the most frightening. It reveals that the National Security Agency has moved beyond its historic role as a code-breaker to become a saboteur of the encryption systems. Its work has allegedly weakened the scrambling not just of terrorists' emails but also bank transactions, medical records and communications among coworkers.

Here's the money graf:

"The NSA hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world."

I'd be disappointed if the NSA hadn't figured out how to do that hacking trick. But adding vulnerabilities to standard encryption techniques? That's just making the job easier for hackers to make sense of the scrambled data they steal.

The outrage is still pouring in from various advocacy groups. Here's a succinct condemnation by the Center on Democracy and Technology, one of the more centrist of these organizations:

"These revelations demonstrate a fundamental attack on the way the Internet works," senior staff technologist Joseph Lorenzo Hall wrote in a statement. "In an era in which businesses, as well as the average consumer, trust secure networks and technologies for sensitive transactions and private communications online, it’s incredibly destructive for the NSA to add flaws to such critical infrastructure. The NSA seems to be operating on the fantastically naïve assumption that any vulnerabilities it builds into core Internet technologies can only be exploited by itself and its global partners."

Every form of encryption can theoretically be cracked, given enough time and processing power. But the mere use of encryption has encouraged data thieves to look elsewhere for targets, on the same principle that even weak bike locks are effective when there are unlocked bikes nearby.

The easier it is to pick the electronic locks used online, the less of a deterrent they become.

The NSA's efforts appear to be the Plan B implemented after the Clinton administration failed to persuade the communications industry in the mid-1990s to use government-developed encryption technologies for voice and data transmissions. The decryption keys would have been held by the government, available to the NSA as necessary. But industry ultimately rejected the plan because of a fundamental vulnerability: a stolen or cracked "master key" could have unlocked every bit of scrambled data.

The latest Snowden-leaked documents outline a multi-pronged assault by the NSA on the various forms of encryption used online. Its techniques included more traditional code-breaking as well as the aforementioned hacking and weakening efforts. Thursday's stories didn't identify the forms of encryption that the NSA undermined, saying more generally that the agency had targeted the secure version of HTTP, Secure Sockets Layer, virtual private networking technology and the encryption used on 4G smartphones.

In short, the implication of the mass of documents leaked thus far is that the NSA is not just monitoring seemingly every utterance on the planet, it is planting weaknesses in the security technology that protects legitimate online communications for the sake of decrypting illegitimate ones.

I'm looking forward to hearing the NSA's defenders explain why we should feel safer now.

http://www.latimes.com/opinion/opinion-la/la-ol-nsa-introduced-vulnerabilities-into-encryption-snowden-reveals-20130905,0,4293498,print.story

Offline Fishrrman

  • Hero Member
  • ****
  • Posts: 10,615
Re: Latest Snowden revelation: NSA sabotaged electronic locks
« Reply #1 on: September 07, 2013, 08:56:52 PM »
There's only one way to rein in the NSA -- and the rest of the New American Snoopers.

Congress won't do it.
The courts won't do it.
The president won't do it.

Only we the people can do it.

By amending the Constitution, creating a "right to privacy" with language like this:
=============================
"Citizens protected by this Constitution possess an inalienable right to privacy in their persons, business, and homes, and while they are in public.

It shall be a violation of this Constitution for the United States or for the several States to violate or invade the individual privacy of citizens by use of physical, mechanical, or electronic means or by the use of devices on land, on water, below ground, or from the air.

This protection shall extend to all lawful communications and acts by an individual citizen or between two or more citizens, including content that is spoken, written, or electronically transmitted. It shall extend to citizens regardless of their location, whether in private or in public.

The only exceptions will be as governed by the Fourth Amendment of this Constitution."
=============================

Four short paragraphs. Anyone can read and understand what it says.

Offline Oceander

  • Technical
  • Hero Member
  • ****
  • Posts: 45,278
  • #ToldYouSo
Re: Latest Snowden revelation: NSA sabotaged electronic locks
« Reply #2 on: September 07, 2013, 08:59:34 PM »
There's only one way to rein in the NSA -- and the rest of the New American Snoopers.

Congress won't do it.
The courts won't do it.
The president won't do it.

Only we the people can do it.

By amending the Constitution, creating a "right to privacy" with language like this:
=============================
"Citizens protected by this Constitution possess an inalienable right to privacy in their persons, business, and homes, and while they are in public.

It shall be a violation of this Constitution for the United States or for the several States to violate or invade the individual privacy of citizens by use of physical, mechanical, or electronic means or by the use of devices on land, on water, below ground, or from the air.

This protection shall extend to all lawful communications and acts by an individual citizen or between two or more citizens, including content that is spoken, written, or electronically transmitted. It shall extend to citizens regardless of their location, whether in private or in public.

The only exceptions will be as governed by the Fourth Amendment of this Constitution."
=============================

Four short paragraphs. Anyone can read and understand what it says.

How do "We the People" act?  Through the President, Congress, or the courts.  If none of them will control the NSA now, why on Earth would anyone think they would do an about-face and start controlling the NSA simply because "We the People" added more verbiage to the Constitution?

Offline Oceander

  • Technical
  • Hero Member
  • ****
  • Posts: 45,278
  • #ToldYouSo
Re: Latest Snowden revelation: NSA sabotaged electronic locks
« Reply #3 on: September 07, 2013, 09:30:13 PM »
Given the ubiquity of Russian and Chinese bot-nets, it's possible that some of the black-hat hackers have already figured out some of the weaknesses the NSA has introduced into internet security systems.

Offline Fishrrman

  • Hero Member
  • ****
  • Posts: 10,615
Re: Latest Snowden revelation: NSA sabotaged electronic locks
« Reply #4 on: September 07, 2013, 11:12:55 PM »
[[ How do "We the People" act?  Through the President, Congress, or the courts ]]

We "act" through 35 states, acting on their own to convene and pass the amendment.

That's the only "peaceable" way to do it.

If we accept what you're saying, we might just as well give it up, and be subjects, no longer free.

What else do you suggest?

Offline Oceander

  • Technical
  • Hero Member
  • ****
  • Posts: 45,278
  • #ToldYouSo
Re: Latest Snowden revelation: NSA sabotaged electronic locks
« Reply #5 on: September 08, 2013, 12:04:55 AM »
[[ How do "We the People" act?  Through the President, Congress, or the courts ]]

We "act" through 35 states, acting on their own to convene and pass the amendment.

That's the only "peaceable" way to do it.

If we accept what you're saying, we might just as well give it up, and be subjects, no longer free.

What else do you suggest?

No, what I'm saying is that if the courts, the Congress, and the President are not willing to act, then your amendment is a nullity, a curious bit of paper with some pointless words written on it, because your amendment will do nothing - nil, zip, nada - to make the courts, the Congress, or the President start acting.  Why would a court, for example, that refuses to apply the Fourth Amendment to the NSA hop-to-it and miraculously start applying your new amendments?

The failure isn't the lack of some set of magic words in the Constitution, the failure is a lack of willingness to act, and meddling with the Constitution will not remedy that fact.


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf