I have seen this discussion evolve from the early 90's from overwhelmingly freedom loving, rational and logical to now scaremongering, feeble justifications and often just self importance.
Isn't it time to have something like the Hippocratic Oath that commits developers to some ethical standards and not engage in activities that may have negative consequences for humanity in general.
The problem with Snowden is not what he has done but what thousands or maybe hundreds of thousands of others have not. And the way the freedom loving media, the EU and the US has treated him apart from being shameful doesn't help potential whistle blowers.
Given what we now know about the level of sophistication and ever growing number programs at play there needs to be more activism against the groups and individuals who enable this. And also more oversight of the level of involvement of security agencies and other vested interests in open source.
But if you want to really see evil, take a look at the infosec community. "White Hat" is effectively equivalent to government contractor now. Infosec people readily sell 0days to governments or fronts for governments without hesitation. They unquestioningly collaborate with law enforcement on victimless crime cases, so long as the money is good.
Yes, this is a gross generalization. But any doubts of this generalization can easily be remedied by attending RSA or BlackHat and talking to the other attendees. CCC and Defcon may be a slight step up, but not by much.
In any other community this wouldn't be all that disgusting, except the fundamental roots of the community are ostensibly in creatively and intelligently circumventing authority - and now they're rarely more than collaborators.
If you're attending this conference, it is your business to prevent
security breaches, and that means learning enough about hacks,
exploits, and leaks to scare your clients into hiring you again
next year.
[very subdued "ha-ha-only-serious" laughter]
The first place to start is for us to embrace GPL and shun BSD style licenses that allow tivoization. It's those kinds of licenses being abused and turned around on consumers that not only enabled the current state of things, but actively prevents us from fixing the current state of things. (sorry, that bug in your ps4 is there till we patch it, because you don't own your hardware and the software is closed. Or the firmware on your docsis 3.0 modem is out of date, but you can't have the firmware since only ISP's control that. Oh but your isp doesn't have the firmware for ityet.)
RMS may be a bit eccentric, but he was and is right, I think he was just a man ahead of his time. (A/L)GPLv3 ftw.
So, let's get this out of the way: will the people who are going to argue that the US is not a police state please step forward and address this damning evidence? The only way we know about this stuff is by someone deciding to play outside the rules and inform the public directly.
The security services and police are wildly out of control and have been intensely surveilling and scrutinizing the content of innocent people's communications without any oversight. This clearly doesn't make us any safer, as there have been two terrorist attacks on US soil during the era in which these totalitarian abuses have happened, so that argument can be discarded.
In short, we don't have security (nor could we ever have perfect security), and they've taken our liberty without our permission. Disgusting abuse of democracy. How can people attend a political rally or do any political activity when they know that their attendance and discussions are going to be analyzed for weaknesses by a malevolent third party?
will the people who are going to argue that the US is not a police state please step forward and address this damning evidence
Unfortunately, it's difficult to point out the high-powered shilling for authority that happens on HN because the biggest shills wield incredible influence (and karma).
Can you say more about the high powered shilling for authority that happens on HN? I've been around for quite a while and I can't say that I've seen such a thing... maybe a few no-name easy-to-detect shills in certain hot national security and geopolitical topics, sure, but that's to be expected.
But a good proportion of prior threads on the topics of NSA surveillance, silk road (or tor in general), CISA, FBI/prosecutorial overreach, etc - has certain somebodies reliably pull the Frank Drebben "nothing to see here" routine regarding abuses of authority.
The shilling that gets upvoted is rarely overt. It's almost always of the "this isn't so bad, citizen, carry on" or "criminals deserve it" variety that dramatically understates or deflects the threat posed to us by authority.
I've definitely seen this. This includes a handful of threads discussing legitimate concerns about BULLRUN-style influence that were suddenly insta-flagged, punted from the front page and hidden form the main index[1] by those same shills. Several times the "nothing to see here" explanation took the form of a sudden concern for "not wanting to tarnish someone's reputation".
[1] which means moderator access
edit:
Anybody that thinks this is unlikely needs to watch PHK's "Operation Orchestra":
Short answer: this dries up any dissent. But if you think THIS is what stops people from organizing politically then you're wrong: the intelligence agencies have done a lot worse. They've dabbled with human experimentation in the 50's, sabotaged civil rights movements in the 60's, propagandized anti-Soviet literature in the 70's, and so on. This is another step in the long line of government abuses in the land of the free.
Yes, I'm aware of COINTELPRO and the like-- and I know that similar programs exist now as well. Kind of odd how the "bastion of democracy" can't stop doing unabashedly anti-democratic things over the course of decades.
The thing is, democracy doesn't work on a scale as large as the United States. (By not work I mean the people are far to the left of the elite with their redistributionist policies, and that's unacceptable to the people in power.) So either you have countries directly managing public opinion like China/Russia, or you have countries covertly managing public opinion like the United States. Essentially, you have to choose Brave New World or 1984 if you want to manage a "democracy".
The USA is not a police state. This is a catalog of tools with legitimate law enforcement and espionage uses, and I would hope that most intelligence services, militaries and national law enforcement agencies would have access to these, and better, tools. We have known that such devices exist long before Snowden, this catalog is nothing new.
Of course, understanding the motivation for their use, and oversight of the users is important, and I am in favour of making sure these tools are not abused. However to say that their mere existence implies a police state is laughable.
Some people (including me) simply don't believe that a right to privacy makes any sense. If anything, we believe privacy to be the cause of some of today's most important problems.
You people seem to speak as if the right to privacy is unquestionably good, and don't bother justify your beliefs. Surely, no progress can be made this way.
I'm glad your have been able to live a life free from problems such as stalkers, domestic abuse, or gender or sexuality issues. Other people are not as privileged.
It would be nice if we could live in an open society, but the reality is that discrimination and abuse still exist. Insisting that everybody forget about privacy is not only going to get some people killed and many others fired. Insisting that privacy is bad is effectively telling any minority that they have to stay "in the closet" if they want to keep their job and not be harassed by the bigots in society.
That's just the practical issues. A stronger argument for privacy is best summed up by Jacob Appelbaum's observation in Citizenfour:
What people used to call liberty and freedom we now call privacy.
And we say, in the same breath, that privacy is dead.
We have the freedom to decide what we want to disclose publicly.
Of course, you still believe in privacy. If you really think privacy doesn't make any sense, post your name, address, bank account numbers, social security number, and any email addresses you've used. None of those items are "secret" information (like a password). I could list a lot more things, but you should get the idea.
> If you really think privacy doesn't make any sense, post your name, address, bank account numbers, social security number, and any email addresses you've used.
I'd be quite happy for my country's intelligence agencies to have that information, sure, no problem...
> I'm glad your have been able to live a life free from problems such as stalkers, domestic abuse, or gender or sexuality issues. Other people are not as privileged.
There is zero correlation between the values I hold in this discussion and what best serves my personal interest. I have the capacity to completely detach myself from my arguments in a way that leads to a lack of bias. I am morally and intellectually selfless.
Legislation should never arise from anecdotes or personal preferences. Would I be abused or stalked, the fact that transparency is inherently superior wouldn't change.
> It would be nice if we could live in an open society, but the reality is that discrimination and abuse still exist. Insisting that everybody forget about privacy is not only going to get some people killed and many others fired. Insisting that privacy is bad is effectively telling any minority that they have to stay "in the closet" if they want to keep their job and not be harassed by the bigots in society.
There is no debate to be had about the fact that pain will be involved in the transition to a transparent society. Of course it won't be easy. However, it would be unreasonable to ignore the biggest problem of our time just because of a short-term friction. Like any form of investment in life, there are short-term drawbacks.
Human reasoning is weird as it understands a loss to be worse than a lack of gain. Loss aversion is the reason why we don't change things, which is the reason we can't get nicer things. People have no idea how much they're missing by trying to preserve "their" privacy.
We're all "in the closet" in some regards. We're also all bigots. We must force people out of their closet. We must expose bigotry. Only then will things start to improve.
> We have the freedom to decide what we want to disclose publicly.
Quoting the Bible would have had the same effect.
> We have the freedom to decide what we want to disclose publicly.
Actually we don't. Should I have the right to erase something from your brain because you saw something I didn't want you to see? Of course I'm not suggesting that we should coerce people into doing anything they don't want to do, but a person's actions shouldn't be protected by any external entity. At the end of the day, an honest person has a lot more to gain by exposing themselves to the world instead of keeping things to themselves. IoT, Wearables, Big Data, AI are all concrete examples of how data gathering can improve people's lives.
> Of course, you still believe in privacy. If you really think privacy doesn't make any sense, post your name, address, bank account numbers, social security number, and any email addresses you've used. None of those items are "secret" information (like a password). I could list a lot more things, but you should get the idea.
Privacy and Transparency are not games you can play alone. They're inherently social. The society is built on top of expectations of privacy. For example, there is some information that I legally couldn't disclose, even if I wanted to. Likewise, my identity is only secured by archaic methods of authentication, which completely breaks if my password gets known. Private key cryptography is not a technology we should build sensitive systems on top of, and it will quickly be destroyed once P = NP gets proven and applied.
Your question is like asking a person to not wear a seat belt in an unsafe car. I might not think that humans should wear seat belts forever, yet I still wear one when I drive my car every day.
Fast-forward 1000 years in the future. Total transparency. Ask a person whether they'd like to keep their name, address, bank account numbers, social security number, email address (assuming these things still exist which they won't). Surely, that person would refuse to make this information private as doing so would make his life miserable considering all the benefits this used to enable.
The least I can ask from people is to discuss this issue seriously, and not just accept privacy to be the solution to all of our problems. This whole obsession with privacy is just a distraction.
> I have the capacity to completely detach myself from my arguments in a way that leads to a lack of bias. I am morally and intellectually selfless.
The easiest person to fool is yourself.
I've read Brin's Transparent Society as well, and I agree that a functioning society along those lines would be much, much healthier than we have now. However, this article is about the privacy-erasing tools used by the powers that be, whose very existence was secret to those on the outside until now. I'll surrender my privacy just after they do.
> Fast-forward 1000 years in the future. Total transparency. Ask a person whether they'd like to keep their name, address, bank account numbers, social security number, email address (assuming these things still exist which they won't). Surely, that person would refuse to make this information private as doing so would make his life miserable considering all the benefits this used to enable.
Speaking of progress, flip back through history and examine the movements, individuals and groups who have shaped our comfortable life and society.
If the authority at the time had the ability to completely invade their privacy, would they have been as effective? The truth is that the most important progress in society almost always begins outside the status quo and without privacy that status quo becomes much more difficult to disrupt.
So we all give up our privacy. Activists, judges, journalists, potential whistleblowers and so on.
Then... the current power structure will just accept disruption to their system because it's the right thing to do? They won't use their intelligence advantage to maintain the status quo? They won't use their mass of information to slander and render ineffective any opposition?
Stop projecting your views and choices on everyone. I don't need or want a lot of privacy. I'm also not black, or gay, or a Muslim. I'm not politically active. As such, I could live a comfortable life and not run up against the limits of freedom even in a fairly repressive social and political environment.
I also manage to have some empathy, if only because it might serve me well someday. Try it. It's actually part of enlightened self-interest.
These are not 'my' choices. I'm simply a reflect of universal absolute moral truth.
What privacy advocates do is reduce freedom of knowledge. They're the kind of person that create PIPA/SOPA and kill the internet. I don't deem them wise.
As for empathy, I fail to understand how it relates to the above.
And what is your basis for claiming that this is "universal absolute moral truth"? You make that claim with exactly zero to back it up, to a bunch of people who profoundly disagree with you. The rest of us find that highly unpersuasive.
> What privacy advocates do is reduce freedom of knowledge. They're the kind of person that create PIPA/SOPA and kill the internet. I don't deem them wise.
You're clueless.
These people are ther exact cross section of the population opposed to those sorts of things.
It boggles my mind how we as a republic can allow for this. Basically, someone attacked us a long time ago, and now politicians just have to say "we're keeping you safe" and we allow them to do ANYTHING they want.
This will not end well for anyone who is not in power.
Bouazizi's fire ended up burning quite a few government officials, even outside of Tunisia.
By my count, it started six rebellions, prompted five government reforms, and Libya's Qaddafi got brutally murdered in public. Libya, Syria, and Iraq are still in a state of civil war.
So more recently than the late 80s. As recently as right frickin now.
>...(4th July, Bastille day) tends to be the statistical anomaly
While I think your statement is true, it's probably true because individuals and society can adapt to invasive governemnt behavior for a very long time. Historically we see the Tea Act, the Boston massacre and the Intolerable acts and think "Of course the colonies rose up"
But we often forget or don't take into account everything leading up to 1776 in the British Americas:
The British government prohibited settlement beyond the Appalachian mountains in the early 1760s, offending many colonists.
The currency act banning bills of credit issued by the colonies.
the sugar, stamp, townshend and tea acts - all tax acts on common consumer goods such as sugar, tea, newspapers, playing cards, glass, paper etc. Some of these were later repealed but only under intense pressure and economic reprisals from the colonies.
This was all just after the French and Indian war which the colonies bore the brunt of. Many in the colonies felt that they had proved themselves in the war as a capable independent military and economic force. So there were least 10 years of turmoil leading up to July 1776 and 20 if you count the start of the French and Indian War.
And the American Revolution got the ball rolling for the French. Starting with Louis the 16th going into debt to help the colonies and helped merrily along by, yet again, an unfair tax system.
Both of these examples and many more, are largely caused by economic turmoil (largely, not solely, of course there are many factors).
I think as long as governments watch what you spend and where you spend it, but don't decrease how much you can spend then everyone will go merrily along.
From Justice Robert's majority opinion of Riley v California:
Our cases have recognized that the Fourth Amendment was the founding
generation’s response to the reviled “general warrants” and “writs
of assistance” of the colonial era, which allowed British officers
to rummage through homes in an unrestrained search for evidence of
criminal activity. Opposition to such searches was in fact one of the
driving forces behind the Revolution itself. In 1761, the patriot
James Otis delivered a speech in Boston denouncing the use of writs
of assistance. A young John Adams was there, and he would later write
that “[e]very man of a crowded audience appeared to me to go away,
as I did, ready to take arms against writs of assistance.” [...]
According to Adams, Otis’s speech was “the first scene of the first
act of opposition to the arbitrary claims of Great Britain. Then and
there the child Independence was born.”
The only surprising thing here is just how out of date the catalog appears to be when compared to the current offerings from these (and many other) vendors.
Most of these products have brochures and commercials on the vendor website and social media pages they aren't overwhelmingly classified.
The lack of any information about the Hailstorm device is notable. Hailstorm is the version that can break 3G/4G connections, supposedly. Breaking GSM is not anything remarkable because GSM was designed on the assumption that cell site simulators didn't exist. But 3G authenticates the tower. Whatever Hailstorm is doing, it's not just taking advantage of a missing design requirement, it's actually subverting the crypto itself.
Unfortunately it seems there's nearly nothing public about it.
3G uses the KASUMI or A5/3 cipher which was shown to be easily broken in in 2010 (two hours on a PC via a related key attack):
>we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the $2^{128}$ complexity of exhaustive search, which indicates that the changes made by the GSM Association in moving from MISTY to KASUMI resulted in a much weaker cryptosystem. - http://eprint.iacr.org/2010/013
This is actually far worse than cell site simulation because it is a passive attack and so is totally undetectable. You could just setup recording equipment, hide them in a van and start decrypting conversations. Given how much weaker KASUMI is from MISTY is seems possible this was a backdoor engineered by an intelligence agency. If so, it certainly tells the lie to NOBUS (no one but us).
Odd how the GSM association always generates breakable ciphers.
As far as I know the 2010 attack isn't applicable to actually deciphering 3G in the real world. From the paper:
"However, the new attack uses both related keys and chosen messages, and thus it might not be applicable to the specific way in which KASUMI is used as the A5/3 encryption algorithm in third generation GSM telephony. Our main point was to show that contrary to the assurances of its designers, the transition from MISTY to KASUMI led to a much weaker cryptosystem, which should be avoided in any application in which related key attacks can be mounted"
The changes from MISTY to KASUMI were justified by the designers, they weren't random. The reasons were to make it easier to implement in hardware, and more efficient. They explicitly stated they thought the changes wouldn't make it more susceptible to related key attacks. I am skeptical it's the result of IC manipulation.
Additionally Hailstorm is supposed to work against 4G connections and those use AES instead of Kasumi.
I suspect Hailstorm is not doing anything more sophisticated than jamming 3G/4G frequencies to force a downgrade.
It might be. The stuff I've read suggests developing it was a difficult project and Harris is the only one that has such a product. Seems unlikely if all it's doing is jamming.
In terms of the complexity here, it is quite substantial, and for the lay person to cache all the multi-layered exploits in their head is unexpected. It's disgustingly complex and multi pronged ex-filtration of data that has no bounds.
This industry is 1000 years ahead of the common UNIX neck beard / basement dweller type who probably owns no more than $10,000 worth of kit, but uses that kit on orders of magnitude more advanced levels than the catalog presented here.
If it is the case that 'they' are 1000 years ahead of us in terms of ex-filtration and their budget is apparently limitless, then this allows the citizen to dream of many strategies to avoid, overcome, and render such ex-filtration useless.
One strategy which I will announce (a public one I will give away because bragging in public forums is apparently safe) is to compartmentalize a digital life. A frustratingly common motif is the "Person A stores their life on their phone" and thus we have a central store of data about person A.
Bad OPSEC, you cry? Well the lay person is not familiar with spycraft terms like OPSEC and such a term has only flourished in use in recent times because of Snowden. Infact a great many spycraft terms have gained widespread use, like OSINT for example, which were so rare, that you would be red-flagged as a spy if you searched for those terms, or were using them in everyday conversation.
All that is needed is for the lay person to acknowledge that unless a spy-vs-spy tactic is employed, then it really is a disgusting grab fest for all one's data. Annoyingly this can lead to arms-race type scenarios where a citizen attempts to 'beef up' their digital life, and the cost can be substantial, and potentially turning citizens into digital Winston Smiths, which is never good, and the surveillance can be said to have failed.
Compartment-ed computing is but one of a whole cornucopia of techniques and strategies to reverse the Panopticon on itself though...
wait, random example for CYBERHAWK - "Takes 4-10 mins for download; Saved and dialed numbers, missed calls, SMS data, pictures, calendar, sound files all consolidated into one report" - how is it possible?
Not really enough to go on here. Are these unlocked phones? Which models? I seem to recall that many old dumb phones had official, proprietary interfaces for downloading data off them.
The blurb at the front says some of these things are in use by US government, some aren't. So why does the government's internal catalog list things the government doesn't use? Who would buy those things if they weren't in use? I'm not trying to make a point here, I'm confused.
But the first two are part of the government, so anything they use is by definition in use by the government. Would the other groups get the catalogue? I would think not since it's supposedly internal to the US government...
I once knew someone who has contributed to this catalog. Their justification for participating in this heinous orgy of totalitarianism, was, simply: "I hope your children and loved ones are safe". 'twas the last I had to do with them - I cannot be friends with someone who justifies the creation of these devices, nor their continued application to society. Especially when they invoke terror to justify the crime.
1 point by lolyololol 0 minutes ago | edit | delete
Having an open discussion about state surveillance is essentially impossible on hacker news given moderation policy, liberal use of banning, astro turfing and corresponding up and down voting and flagging that occurs. HN Mod policy is to claim they take such claims seriously but nothing changes and those who complain too loudly get banned
Isn't it time to have something like the Hippocratic Oath that commits developers to some ethical standards and not engage in activities that may have negative consequences for humanity in general.
The problem with Snowden is not what he has done but what thousands or maybe hundreds of thousands of others have not. And the way the freedom loving media, the EU and the US has treated him apart from being shameful doesn't help potential whistle blowers.
Given what we now know about the level of sophistication and ever growing number programs at play there needs to be more activism against the groups and individuals who enable this. And also more oversight of the level of involvement of security agencies and other vested interests in open source.