Verizon & Obama: all your calls are belong to us.

I'm not getting too excited by that NYTimes link just because Laura Poitras is the co-author. She's one of Greenwald's circle, and one of the ones who claimed that the NSA had "direct access" to everything on Google's servers when it turned out that Google had basically just set up a secured FTP folder they could drop subpoenaed info into. She has a very clear agenda and a history of deliberately misconstruing info to fit that agenda.

Without actual proof of wrong-doing by the NSA (which Poitras admits in like the 20th paragraph when acknowledging that the NSA does actually need a specific warrant for a specific individual to make one of those social maps), I'm going to stick with my original thought and simply say that this reveal doesn't really change anything except that the secret FISA court needs to go away and/or become much less secret.
 
Turns out that the FBI can compel email (and probably other) companies to give out their SSL keys: http://www.wired.com/threatlevel/2013/10/lavabit_unsealed?ref=cm

For the non-technical folks out there, this is a very, very, VERY, VERY, bad idea. SSL is the foundation of "I'm really communicating with whom I think I am" on the internet. If any government has your SSL key, they can intercept 100% of your traffic with you not knowing, and even spoof your entire website to the outside world.

They can even alter in-line what you said. So if you sent an email to another person saying "I want to plead not-guilty because I did not murder that person" from your gmail account through SSL, then without being traced the entity with the private SSL key (government) could alter the message before it was even sent to say "I want to plead not-guilty even though I murdered the person." Then that 3rd-party communication could be used as evidence with a warrant that you did a crime. With NO WAY to tell differently.

This is ungodly horrible that those keys can be compelled. Which means it has probably already been done for the "big" email companies who couldn't shut down, rather than comply. I'm actually wondering if it's even worse, such as, do they already have a copy of the main "Root certificates" of the internet, and can thus man-in-the-middle ANYBODY who isn't using self-signed?

Anybody else feel "safe" still? I'm waiting for the mandatory "tele-screens" in everybody's home that listens all the time, since that's what this is. (1984 for those who don't get that reference)
 
Turns out that the FBI can compel email (and probably other) companies to give out their SSL keys: http://www.wired.com/threatlevel/2013/10/lavabit_unsealed?ref=cm
Okay, this one is really bad.

It may be a case of some FBI lawyer writing out an order full of interwebs jargon that he thinks sounds important (the impression I get based on the FBI claim that they're just trying to get metadata, which you don't need SSL keys for), but either way, it's really effin' bad. Warrants for access or for metadata are one thing, SSL keys are something else entirely.
 
Saw the article mentioned, and I'm sure national security is a perfectly good reason to completely invalidate the web of trust.
They're saying, "You need to give us your keys," but what they're really saying is, "We don't want to spend the time and trouble sending you tons and tons of requests and have to wait for you to get back to us for each and every one. Why don't you just give us the keys so we can do it all ourselves?"

This is exactly the sort of thing that causes I see no problem with this.

--Patrick
 
This is the digital equivalent of the police asking for full operational control of your company because one of your hundreds of employees may be using his company car to deal pot.
 
"History tells us we need to watch the watchers."
I really wish there were some way I could help that didn't involve contributing money. I would happily and unhesitatingly contribute hundreds of dollars to this cause if doing so did not amount to financial suicide. But I have no money to give, no whistles to blow, and no time to volunteer (and no desire to be radical about it), so my hands are tied.

This makes me unhappy.

--Patrick
 
A new bill to end the bulk collection of metadata is actually getting some support. It might be worthwhile to contact your congress persons and push them to support it also.

"Our bill also ensures that this program will not simply be restarted under other legal authorities, and [it] includes new oversight, auditing, and public reporting requirements," Sensenbrenner wrote in an op-ed in Politico on Tuesday. "No longer will the government be able to employ a carte-blanche approach to records collection or enact secret laws by covertly reinterpreting congressional intent. And to further promote privacy interests, our legislation establishes a special advocate to provide a counterweight to the surveillance interests in the FISA Court’s closed-door proceedings."
 
Ok, I'm surprised.

Wait, I looked which one, Sensenbrenner makes sense. He's the only somewhat reasonable national representative left in the state.
 
And it gets worse. Why stop at just metadata? Let's just tap directly into Google and Yahoos overseas links between their datacenters without their knowledge and grab everything. It's not in the US so we can do what we want.

The newly revealed program, codenamed MUSCULAR, harvests vast amounts of data. A top-secret memo dated January 9, 2013 says that the NSA gathered 181,280,466 new records in the previous 30 days. Those records include both metadata and the actual content of communications: text, audio, and video.

The program is a strikingly aggressive one on the part of the NSA against US-based Internet companies. Operating overseas gives the NSA more lax rules to follow than what governs its behavior stateside.

In one of the documents (a hand-drawn sheet), an NSA presenter explains how the agency gets in to the mid-point where the "Google Cloud" touches the "public Internet." With a smiley-face drawing added, the slide explains: "SSL Added and removed here!"

The MUSCULAR program taps directly into the fiber optic cables that Google and Yahoo use to transmit data between their own data centers—a situation the companies have tried to avoid, in part by purchasing or leasing thousands of miles of their own fiber optic cables, explains the Post. The program is conducted overseas in conjunction with GCHQ, the UK's top intelligence agency.
 

GasBandit

Staff member
Rohypnol Romeos rejoice, according to the logic of Mike Rogers, if she doesn't know she was violated, it wasn't rape!

Disgusting.
 

GasBandit

Staff member
You can take it even farther. If you murder someone in their sleep, it wasn't really murder! Hooray!
So long as nobody ever finds the body! Good to know that if I make certain repellant politicians disappear without a trace, it's not a crime.
 
Top