this post was submitted on 27 Jan 2024
524 points (99.6% liked)
Technology
59374 readers
7834 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
When the Snowden releases came out the promise was the NSA was only using their massive surveillance machine to hunt down Islamist terrorists.
But since then they've passed tips to local precincts regarding loose cash in transit so that it can be seized and used by police departments for margarita ice crushers and other luxuries. The NSA itself gets a cut of the take.
This is to say NSA efforts are being used to rob Americans using asset forfeiture, which is about as far from for good or in support of a good cause as you can get.
The NSA does not need money from asset forfeiture. This is one of the stupidest accusations I've heard of NSA. They have to be careful about how they use their intelligence to keep potential targets unaware of what they can or are snooping on. This would be the stupidest and most pointless use of their intelligence. Anyone they would share intelligence with must do so with the most absolute secrecy, and municipal and state law enforcement generally does not qualify. This doesn't mean they're not acting unlawfully, but knowing if they are is going to next to impossible.
As with much of the federal government, the NSA's information security is lax and outdated, and strict records that are supposed to be kept about who looks at what are not actually filed.
We're pretty sure Russia and China are unofficially privy to any data they want.
NSA was supposed to be an INFOSEC department, making sure that Eve was out of business. That changed after the PATRIOT act (though the movie Sneakers predicted this change in mission). The eliptic curve scandal was a dead giveaway.
That said, at this point NSA leaks stuff to other law enforcement, and fourth-amendment protections are circumvented with parallel construction. Asset forfeiture puts the proof of innocence on the prior owner, so there are no rights to begin with. (Though this is changing state by state.)
As someone who has read the unclassified reccomendations on infosec written by the NSA and CISA, no, it isn’t. The NSA has some sophisticated security infrastructure, and if stuxnet or eternal blue has shown us, their infosec capabilities are incredible.
I have literally never heard anyone say this before and this goes everything I know about cybersecurity, intelligence, and geopolitics.
The NSA ECC bullshit was to support surveillance, not to weaken their own security. The theoretical vulnerability lies in the usage of the suggested parameters of their curve, not ECC itself. Making surveillance easier is something that the NSA has historically supported.
I genuinely have never seen anything to support this that is substantial.
Holy shit I cant believe you’ve made an anarchist defend the NSA but this is so damn wrong.
Apparently you don't read TechDirt, which I have for over a decade now, and NSA had been active in shenanigans and lax securityy since the wiretapping scandals of the aughts, and in 2023 has been leaking stuff to FBI without warrants (which is supposed to be unconstitutional but between the PATRIOT act and the Federalist-Society-dominated SCOTUS, we may be no longer legally protected from NSA surveillance as an unreasonable search).
The FISC has always been a rubber stamp court, so it shouldn't be necessary for law enforcement to circumvent warrants for NSA information, but it turns out it's just easier using the NSA backdoor access.
I will admit to a certain degree of cynicism. When official channels tell me something is secure or handled with respect to all ethical and civic concerns, and investigative journalists tell me the opposite, I trust the journalists more than I do the official channels. But then I've been through the aughts and the George W. Bush administration when the only sources of actual facts were from foreign sources, because the native news agencies were terrified of reprisals for failing to toe the line.
It's why when people are alarmed today that the fascist autocrats are here and SWATTING their political enemies, I can only quietly sip my coffee from the corner.
I don’t read TechDirt
Oh, I know about this, I thought you were talking about local law enforcement offices, which is not something I’ve seen.
As far as the unconstitutionality of the NSA’s actions, I fully agree with you. From the perspective of of an anarchist, I don’t exactly see any alphabet agencies or the branches of government in a good light. I fully expect the NSA to be involved in shenanigans, just as I expect the FBI or CIA to do so.
If you are talking about the FBI when you saw law enforcement, the FBI has it’s own malware it uses, such as Magic Lantern historically, and certainly others that are not public. There is also some info about them possibly using the NSO group’s Pegasus spyware, which is obscenely hard to detect, and has, at times, been 0-click, meaning you don’t need to take any actions, and it has cleaned up evidence of tampering. Since the FBI has to make sure their evidence is admissible in court, they do need to make sure their evidence is gathered in such a way that it does not violate laws.
However, I have listened to interviews with people who argued their case was built on unconstitutional evidence, and claimed that the feds told them “if you try and attack the case like this, we will tack on more charges,” so I’m not saying they always deal with admissibility in court when starting investigations.
The only gripe I still have is the your statement about the NSA’s lax security, since the breaches I’ve read about have all been done by nation state actors, which tend to be the most capable groups in the world.
My experience with the NSA, as someone who works in security, does not indicate they have lax security. From their leaked tools (I <3 ghidra), to their security guidelines, to their malware like stuxnet, to their public tools like SELinux (and eventually ghidra), their security capabilities seem solid.
I don’t want this to come out as me liking the NSA, since I hate a lot of what they do. But as someone who is a huge security nerd and malware enthusiast, I find their tools fascinating, and do have some respect for them from that perspective, in the same way someone might like Kanye’s music and respect his talent, but hate his guts for being a nazi.
If there are any good techdirt articles, please send them my way, I’d love to read them
I mean I did put quotes around good :)
Yes. I assumed you were assuming some of us would hold some of the usual centrist justifications for NSA, e.g. there are some serious meanies out there who might want to 9/11 or Pearl Harbor the US again, but risks of this could be drastically reduced by not engaging in military adventurism for sake our our industrialist plutocrats. Essentially, if the US stopped being an outrageous and brutal dick to the rest of the international community, then the numbers who would attack our civilians would be drastically reduced to fringe militant ideologues.
So yes, there are no valid justifications for NSA. It exists because the state and the legal departments of the state regard the US public as an enemy.
I'm certain they've caught bad guys ii would have wanted caught and stopped shit I would have wanted stopped. E.g. I'm certain they've stopped human trafficking.
But the world isn't black and white. They don't need to set us up to be a total f****** police state to do some good in the world
Yes, there's a balance that has to be struck between protection and liberty. Years ago I speculated what could happen if everyone was chipped into a system that monitored their vitals, with the resulting data we could track morbid outcomes (say heart attacks) to their core roots and then track people who are currently experiencing early warning signs and show the TRUE POWER OF PREVENTATIVE MEDICINE
The problem is, of course, so much data can be used for purposes against the interests of the public, and will once there are technicians privy to all that information. This was the original business model of Google: no-one looks at the data except its owner (e.g. I get to look at my own contacts lists) and Google profits from analysis of multiple data points. Only the police got the power of courts to look at the data, to the point where they wanted everyone who happened to websearch a given name, or whose phones were in a radius of a crime scene at a certain time.
You don't want to be a non-white or a known protestor who had business near a crime scene in the US.
So yeah, until we're able to lock up data so no-one but their intended audience has the capacity to read it, even when a court writes a warrant, we can't trust such all-encompassing systems, especially if the state is at risk of turning into an ideology-driven regime. (England, for instance, still has hard feelings between Catholics and Anglicans, and the Irish / UK border is a bit tense these days.)
And unfortunately with the state of data protection, You can never be assured that that won't land in someone else's hands eventually.