I don't think he's saying it would be good for anyone for the NSA to continue snooping as they do. I think your first point is wrong, your last point is right, and the two are unrelated.
The issue isn't the fact that the NSA snoops. That's their job and it has value when their power to do so is used judiciously. The problem is that its not being used judiciously. Rather than singling out as few people as possible to root out the bad guys their just collecting everything they can. They don't need to do this and doing so opens up the possibility for huge abuses of power. That's the issue.
I think the article is right that the crypto revelations aren't pertinent to this discussion. I would even consider the crypto revelations a red herring. Is it important how the NSA spies on everyone? No, its only important to know that they do it at all when speaking in the context of how the Snowden leaks are important to creating a national debate and, hopefully, by some miracle, create reforms.
I think its reasonable that as a US citizen you're okay with the NSA being able to break crypto. You just want to be able to trust that they're using it against the bad guys and not you. Even now that we know they're probably using it against innocent civilians its more harmful to the NSA's ability to go after the "bad guys" when they legitimately do (and they still do serve that purpose) and isn't really helping the debate over whether their over collection of data is okay and how to reform that system.
I think its reasonable that as a US citizen you're okay with the NSA being able to break crypto. You just want to be able to trust that they're using it against the bad guys and not you.
This is very interesting and got me thinking. I think that yes, in principle I agree, but there are limits.
I draw a distinction between types of "breaking encryption". There's the standard kinda that "anyone" can do: social engineering, secret mathematical hacks, 0day exploits, brute force attacks, etc.
Then there's the special stuff that only organizations in the position of the NSA can do: putting backdoors in cryptosystems (and pressuring commercial vendors to do so), influencing development of new cryptosystems to make them weaker, etc.
I'm ok with the first set of methods, but not the latter. When you weaken a cryptosystem, you weaken it for everyone, not just the people you want to be able to spy on. Even if the NSA's activities were completely above-board and their power was used appropriately, weaker crypto that everyone uses means that no one can trust their crypto, whether it's to secure corporate communications, keep discussion of an unpopular idea secret, or just trust that when you access your bank's website, a random attacker can't use an NSA backdoor to steal your banking info.
I can't say this with any authority, but I imagine the NSA would do its damndest to make sure advantages gained from the second method are only enjoyed by the NSA. E.g., jealously guarding information about backdoors and influencing development in ways that only they can or know how to take advantage of.
The incentives are aligned; crypto that only the NSA can compromise is far more valuable to the NSA than crypto that anybody can crack.
Imagine a hypothetical world in which it's been revealed that the NSA is spying on the entire internet through the means we generally expected them too, i.e. an army of super-smart crypto people and access to more computing power than God. What would happen following this revelation?
I anticipate that there would be outcry similar to what we've seen, followed by efforts to block their access. Companies like Google, Apple, Microsoft, all the tech heavyweights, would lead the charge. I think there'd be a lot of newfound interest in moving from crypto that's "good enough" to crypto that's deeply over-engineered. 1024-bit AES variant, anyone?
Instead, the NSA has gained their access largely through influence. This is smart, considering their mission. Why crack good crypto when you can just bypass it, or at least ensure that the crypto is not so good? It's certainly way easier. As far as we know, there's still no realistic way for them to crack a solid implementation of things like AES, so it's really the only way.
Are Google, Apple, Microsoft, et al leading the charge for better crypto in our world? No, because they're hopelessly compromised. Nobody trusts them, because the NSA has subverted all of them.
I anticipate that any new crypto, whether algorithm, system, or implementation, involving the United States in any way will be completely shunned. The US's tech giants will be shut out of a lot of activities. A huge chunk of the US's tech dominance will shift elsewhere. This will hurt the US economy and the US's security.
In short, the question comes down to, how do you avoid NSA spying? And that depends on how the NSA spies. If they spied due to math and computers, then you avoid NSA spying with better math and better computers. If they spied by broadly subverting a huge number of companies and organizations, as appears to be the case, then you avoid NSA spying by avoiding the American tech industry. This is tremendously damaging.
We don't need just better crypto, but some way of doing encrypted computation in the cloud and anonymous routing. We need technological protection against the cloud vendors just as much as we need to protect the backbone from being spied on.
Certainly, they need to be reined in. Cracking crypto is their job. Sabotaging standards processes and forcing people to turn over data and gagging them with National Security Letters is very much no their job, and must be stopped.
Apologies; I deleted my comment because i realized it was not directly addressing your argument.
I will add that while I agree it will certainly be done- I was saying that Mother Jones is arguing the "how" shouldn't have been disclosed because all that we need to know is the "what"- because political avenues are the most suitable avenues for recourse, and do not need the "how".
No problem. Nothing wrong with tangents as long as they're understood as such.
Anyway, I still think the "how" is important. If the NSA was spying on everybody with sheer technical prowess, the political remedy would basically be, "Hey, you guys need to tone it down. Limit the spying to actual enemies." The techniques would be OK, they just need to be applied more carefully.
The way things are now, the techniques are unacceptable. The political remedy here needs to be, "Hey, you guys need to stop sabotaging crypto standards, forcing tech companies to hand over data, and threatening them with prison if they talk. Stick with the technical prowess stuff you're supposed to be doing."
>"Hey, you guys need to stop sabotaging crypto standards,
forcing tech companies to hand over data, and threatening
them with prison if they talk. Stick with the technical
prowess stuff you're supposed to be doing."
This is really a key point that can't be emphasized enough. Anyone who was paying attention in the 1990s knew that the NSA has a significant technological advantage over the U.S. private sector and the rest of the world, but even pretty serious civil libertarians were not concerned, because there was no possibility of dragnet spying on today's scale, and because most of us assumed -- rightly or wrongly -- that the NSA was for the most part keeping out of domestic affairs and politics (funding issues aside).
Now, it's abundantly clear that the NSA not only has inserted itself deeply into our political process, routinely cooperates with domestic law enforcement, bullies, coerces, and co-opts U.S. industry, and very likely spies on politicians and activist groups. For anyone who has studied modern history, this sets off major alarm bells.
I keep hearing "what's changed" from NSA stalwart defendants. My answer: everything.
I think its reasonable that as a US citizen you're okay with the NSA being able to break crypto
I think you have forgotten the phrase "absolute power corrupts absolutely." Humans with unchecked access to information (=power) will NEVER be completely trustworthy. Never. It is by definition. That's why we have checks and balances. That's why we had democracy. No one should be absolutely above democracy. But that's what today's NSA is.
You realize these guys (in the NSA) have been using intelligence resources to spy on their girlfriends and neighbors? How much more human and fallible does it get than that?
True. Even if NSA publicly shuts down mass surveillance, I wouldn't still be okay with knowing that someone can still invade my privacy without me getting even a hint. If they still get to keep their crypto powers, how can we be sure that they won't just keep doing it in secret. Just how can people trust these guys when they have already lied on the face of whole world. I feel so helpless and hopeless.
The same can be said for every method of communication in history. Security agencies have the technical capabilities to record your telephone conversations, read your mail, and listen to your private conversations. Yet we manage.
There are so many frightening powers out there, trying to prevent them from existing is a complete waste of effort. You simply cannot make it technologically impossible to shoot you with a bullet, or snoop in your house, or track your car. This is why gov't is regulated, and answers to the people. You simply cannot prevent everyone from having the technical capabilities to take the advantage of you.
So, IMO, forget about whether they can or they cannot. Even if you manage to prevent them from breaking strong crypto, if it can be done someone will do it. Focus on controlling what they do with it.
The thing that is fundamentally different about modern surveillance is how automated it can be. Governments have always been able to listen in on phone calls and physical mail, but the limitations of needing a person to actually do these things kept a check on the scope.
When every phone call can go through a voice recognition system and a set of filters to detect anyone talking about Topic X, that's a very different world. The NSA can't hire half the country to spy on the other half, but they can hire a few thousand people to build a computer system to spy on everyone.
> You realize these guys (in the NSA) have been using intelligence resources to spy on their girlfriends and neighbors? How much more human and fallible does it get than that?
And they get caught and fired for it. Such stories even made the WaPo pages pre-Snowden.
Are you saying that any government agency which ever has any civil servant misuse their position should be shutdown?
The problem with having the NSA break encryption in this manner is that it's not like they've discovered a 0day and are hacking into our enemies; instead, they've corrupted the encryption, exposing what were formerly considered secure comm methods. I'm pretty sure that these corrupted comm methods aren't only available to the NSA. This gives enemies of the US an idea of how to circumvent our encryption, thus exposing everyone who uses these comm methods to attack, whether they're US allies or enemies.
> I think its reasonable that as a US citizen you're okay with the NSA being able to break crypto.
Because the world is divided to US citizens or the bad guys? C'mon, there is a non-US world out there, who are not bad guys, but who've just lost every respect for the US tech sector.
I thought I had addressed that. But you said it perfectly. I guess the short version of what I'm saying is that there shouldn't be a problem with a spy agency spying. The problem is that they've violated their own citizen's rights and the human rights of all citizens around the world if they really do spy on 'everyone'.
I have to admit though, I'm okay (as a citizen of any country) with my government's spy agency violating the privacy rights of citizens and foreigners when it's done in a targeted way. There's a big difference between spying on a person and their network of connections because you've got some evidence to suggest something bad is coming from them and just collecting everything you can and looking for reasons to go after people after the fact. The former is how it should work, the latter is how its being described now.
You could say that technically he wants the NSA to secretly have the ability to secretly snoop on anyone but somehow not use it widely despite the complete lack of oversight, the fact that they have done each time they were given the option, etc.
The issue isn't the fact that the NSA snoops. That's their job and it has value when their power to do so is used judiciously. The problem is that its not being used judiciously. Rather than singling out as few people as possible to root out the bad guys their just collecting everything they can. They don't need to do this and doing so opens up the possibility for huge abuses of power. That's the issue.
I think the article is right that the crypto revelations aren't pertinent to this discussion. I would even consider the crypto revelations a red herring. Is it important how the NSA spies on everyone? No, its only important to know that they do it at all when speaking in the context of how the Snowden leaks are important to creating a national debate and, hopefully, by some miracle, create reforms.
I think its reasonable that as a US citizen you're okay with the NSA being able to break crypto. You just want to be able to trust that they're using it against the bad guys and not you. Even now that we know they're probably using it against innocent civilians its more harmful to the NSA's ability to go after the "bad guys" when they legitimately do (and they still do serve that purpose) and isn't really helping the debate over whether their over collection of data is okay and how to reform that system.