It's stories like this that make me wish we had the term "national security" as narrowly defined as the term "treason".
I wouldn't be surprised if many of America's largest corporations most often present their corporate interests as national security interests when they are lobbying our politicians.
Looking at that map, we need to be asking questions about where so many of those "implants" are located. I'm not surprised by all the little yellow dots covering China and Russia, But what are they doing littered all over Latin America (except Venezuela and Cuba). I would like to here the justification for considering Brazil a national security threat. Same for the red dots in places like Spain, Portugal and France.
The only national security threat in Brazil AFAIK is the Comando Vermelho[0], which operates out of Rio de Janeiro. And even then, only a few of the criminal organization leaders in Brazil tenuously relevant to US national security interests, such as Fernandinho Beira Mar[1].
The only way to justify the extent of such offensive implants is if we are using a definition of "national security" that is overly broad.
The only conclusion I can come to is that we've effectively waging a war against the rest of the World without an act of Congress declaring such a war.
[1] IIRC, FBM is responsible for supplying a lot of the advanced Russian-made arms to the FARC. Even then the FARC is only a national security interest of the US because of our completely failed war on drugs.
> It's stories like this that make me wish we had the term "national security" as narrowly defined as the term "treason".
The U.S. Constitution has Article I, Section 8, Clause 1 that reads:
> The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States;
People on the political left seem to favor a broad interpretation of the powers that "general welfare" gives to the federal government. Why isn't there a similar acceptance of the broad powers that "common defense" grants the federal government in the same clause?
Not to excuse the actions, which I find deplorable. Isn't Brazil one of our major agricultural trading partners? Making the internal security interests of Brazil our security interests? If our food supply was cut by 1/3 during half the year, that could be a big issue.
> If our food supply was cut by 1/3 during half the year, that could be a big issue.
That would also be a massive issue for Brazil to lose their largest agricultural trading partner. It's a competitive marketplace. Their industry, law enforcement agencies, and courts are sufficiently incentivized to protect it, or risk losing it to other countries.
I'm amazed that people view the need for some World Police to control and monitor our economic interests abroad, when there has been no clear failure of markets or democratic processes at protecting them historically.
These rationalizations sound border-line schizophrenic and paranoid. With scenarios comparable to conspiracies theories.
Are there really economic threats that necessitate secret intelligence agencies intercepting private communications of citizens within friendly sovereign nations? And a threat to whom? The representative population? Or primarily the special interests of the government - from where these secret orders/intelligence are held, classified, and acted upon in secret?
Furthermore, once you toss out the schizophrenic/paranoia explanation of why the NSA is doing this, the only other explanation is economic espionage, which they've claimed they haven't been doing. However know one knows the truth, and given what has been demonstrated so far, most countries should assume the worst with respect to the use of the NSA for economic espionage, and treat the US as a suspect trading partner.
Given the US's covert and not so covert operations in Latin America, this comes as no surprise. Just because our goons are aren't over there making sure our economic interests are enforced doesn't mean we gave up on our stronghold.
As an American, I feel like my country is actually putting me in long-term danger. The government is making America and Americans enemies of the entire world.
If and when I ultimately have to feel the country, will I even be accepted into anywhere else?
What if they are suspicious that I work for the NSA? Or what if they just decide to treat Americans the way the US treats would-be immigrants to the US now--no, you can't come in?
> The government is making America and Americans enemies of the entire world.
Has made. It's water under the bridge now. All there is left to do is watch how it plays out:
Which US companies will lose their overseas customers because they cannot assure their customers regarding back doors in their products and services? We have already seen IBM and Cisco take significant financial hits.
Which nations are sufficiently independent, or have people sufficiently restive, to take an official position against pervasive surveillance and actually purge their intelligence services of foreign liaisons and cooperation in surveillance? Conversely, we will see which governments agree with and accept pervasive surveillance.
Where will new centers of expertise in cryptography develop?
How much of this will flow back into other areas of diplomacy? Will nations be generally more wary of intelligence and military liasons with the US?
>> As an American, I feel like my country is actually putting me in long-term danger. The government is making America and Americans enemies of the entire world.
That has been happening since forever; it's just that the NSA stuff has made that fact visible to people who didn't see America's hypocrisy before.
I don't want to take the time to watch that video, but I actually do think that 99% of hatred of America historically has been due to the moral inferiority of the haters.
For example, fundamentalist Islamists, and all those who wish to sympathize with them, are "right" to hate America. Socialists are right to hate America--the American constitution fundamentally stands for the opposite moral code, and American prosperity is evidence that the American morality is the right one.
That said, the GOP is opposed to that very morality, and the Democrat party even more-so, so the country is being rapidly destroyed from the inside (and has been on that path for almost 100 years, just accelerating or decelerating occasionally).
Nope. The reason some people hate the US is because the country interferes (up to the point of overthrowing governments) with the entire world.
Yeah, it can be argued that there is some kind of problem with people more prone to hating than to actually dealing with the problem. But there is no excuse to think the reason that they target the US any other than them destroying their country.
The danger is two-fold: firstly the USA is losing friends abroad, 'allies' are realising that at best they were slightly favoured underlings but never equals. At least this is explicit from the outset with China.
Secondly, America's power and influence is fading, slowly admittedly, but fading nonetheless. Like here in the UK your turn will come when you realise what it is like to be yesterday's bully boy. Ours came with the break up of Empire, yours may come when the world calls in your debts or builds walls to isolate your corrupt financial structures.
America was once admired and respected. Now it is increasingly like some blundering fat tourist in a brothel, people pretend to be nice to you because they want your money. But really, nobody is your friend.
We don't need the Snowden disclosures to know this; it has for 15 years been the worst kept secret in computer security. People from the various groups in NSA that do this work talk about having done it on Twitter. Some of the smartest people in vulnerability research came from stints in NSA.
Be outraged that we're spying on your country if that makes you feel better, I guess. I'd rather nobody spied on each other either. But it is intellectually dishonest to pretend that people are just now discovering that NSA was breaking into computers around the world. That is literally the charter of the NSA. It's why they exist at all. There isn't even a pretense of a different purpose for the organization.
>But it is intellectually dishonest to pretend that people are just now discovering that NSA was breaking into computers around the world. That is literally the charter of the NSA. It's why they exist at all.
You're presenting a red herring here, tptacek. Any third grader who played played Splinter Cell would say, "No duh!" But the news isn't that the NSA is breaking into computers. The news is the scope of the intrusions (installing malware on 50k computers), and of the motivations for the behavior. We've been told it's to protect us from the extremist muslims attempting to establish a caliphate here in America [1]. That was a lie. 50k computers with US-planted malware on them is not a defensive maneuver. It's an offensive one. It's not about protecting America. It's about global information dominance.
Now, whether we want that or not is a different question; there are advantages and disadvantages to the issue depending to a large degree on whether or not you believe in American exceptionalism. But this is about an executive power grab, not about "spies spy, let's all go home now," and you're deluding yourself if you believe otherwise.
Yup. TBH I simply don't understand the logic that makes an offensive act against a non-combatants by an individual illegal, but somehow permits that same act against non-combatants by a nation state.
It it is illegal for an individual to murder someone, then it should be illegal for the government to do so. If it is illegal for a programmer to infect thousands of computers of innocent people with malware, then it should be illegal for the government to do so.
I have no doubt in my mind that among those 50k are many innocent people (foreign and domestic), and that among the domestic infections, I doubt the NSA could produce a warrant or other legal instrument that permits them to have caused that infection.
Under what wacky laws do we actually permit such malware. And are there any provisions in those laws proscribing corrections for any offensive malware programs that cause collateral damage.
What does illegal mean in the context of government? The government decides what's illegal. If you want to declare some government's action illegal, you need to find a bigger government to impose their laws on the little government.
If you live in a nation of laws, i.e. some form of functioning democracy, the people decide what is legal through their representatives, and this can change gradually as attitudes shift. The government is supposed to be an instrument of the people, not the other way around.
I assume the parent is talking about the USG spying on or murdering other not-US people, in which case the people of the US have more or less decided that's what they want.
The NSA was breaking into huge numbers of computers long before we were worried about a "caliphate", and the fact that they were doing it was showing up on people's resumes before 9/11 as well.
And this isn't about "American Exceptionalism". China didn't hack Google because they were upset about NSA hacking; they did it because Google had information they wanted, so they took it.
Then let's stop deluding ourselves and make it clear that the NSA's charter is about promoting what a small number of powerful unelected beaurocrats believe to be American interests, both politically and economically [1], without significant oversight. Then we can have an honest discussion on whether or not that's a good thing.
And while we're at it, let's stop letting them wave the "but the terrorists" flag every time they justify a program for which the goal is a lot more than terrorism (assuming many programs are about terrorism at all. Personally, I suspect most programs have nothing to do with terrorism, but that there is no better way to push through support than to argue "but the terrorists").
Many attacks against USA are motivated because of actions like the ones from NSA. Other countries are starting to consider the USA an enemy to be defeated because bulshit likes this is getting shown.
If citizens of other countries start to make an outcry their leaders will make retaliations even if just for show.
> The news is the scope of the intrusions (installing malware on 50k computers), and of the motivations for the behavior.
GCHQ have said for at least 15 years that their mission is to monitor all communications, world wide, at frequencies from DC to light. They've said that they provide intelligence for their customers, who are the Ministry of Defence and other parts of government. (MI5, MI6, etc).
> It's about global information dominance.
GCHQ / NSA have never ever said anything different.
GCHQ have said for at least 15 years that their mission is to monitor all communications, world wide, at frequencies from DC to light
That's a truly appalling aspiration. If that is indeed their aspiration, which apparently it is (total information awareness, master the internet etc), we'd be safer with them shut down completely. Otherwise as more and more data becomes available online, they'd be in a position of absolute power over the populace (including those who are supposed to control their activities).
That's not keeping us safe, that is endangering the things they purport to defend.
Don't you find this aspiration frightening?
It's a grab that happened a decade or more ago.
Oh, that's ok then. Business as usual. Would you prefer people just didn't bother to discuss this topic, or do you have something to say about where the limits on this behaviour should be?
> Would you prefer people just didn't bother to discuss this topic,
I would prefer that people stop saying that it's a modern development, or that there was no sign of it until Snowden leaked, or that it's some weird new thing. GCHQ at least has been open about their behaviour for years and years. ECHELON was discussed in EU parliament.
> do you have something to say about where the limits on this behaviour should be?
My view is tricky for me to explain, but I'll try.
1) GCHQ need to be allowed to do stuff. The limits should be clear, and defined by law.
2) GCHQ is a secret organisation, thus their oversight must be by people who keep secrets, but who are accountable to the public. GCHQ oversight failed, hard. I'm not sure what should happen. I hope that, in secret, someone is getting a kicking.
3) I don't care what GCHQ does to people who are not subjects of the UK (or whatever the hell England plus others is called now)
4) For UK subjects I would prefer that GCHQ does not collect meta data. I could be persuaded that they can collect targeted meta data, if they have suitable oversight. EG: They know that Bob is a terrorist-sympathiser. (Beyond just looking at a few YouTube videos - this would be things like sending money, fly-posting, fund raising, associating with other terrorists, etc.) GCHQ would apply for, and get, a warrant, and be allowed to collect meta data for that person. Warrants would require oversight, not just by the courts but by the oversight body.
5) For UK subjects I strongly prefer that GCHQ does not collect content data unless they get a warrant.
6) GCHQ claim to obey the law. I want oversight to be stronger, and I want some of the GCHQ choices to be challenged. I don't want weird interpretations of words to guide their behaviours. (EG: Clinton's "I did not have sexual relations" - well, a blow job is sexual to most people.)
Having said all that, I am a lot less bothered by GCHQ data slurping than I am by other potential privacy invasions.
GCHQ has a many petabyte dump of data but there's no impact on me unless they grep my name. (I'm aware that this is like me saying I'm not so bothered by police stop and search powers; me being white and rarely leaving the house means that I'm never stopped and searched.) Plenty of other organisations have my data, and we have many examples of them breaching confidentiality through corruption, incompetence, maliciousness, and so on. I said a bit more about that in this post. https://news.ycombinator.com/item?id=6767612
Thanks for commenting. I do think this is a subject worth discussing until it is fixed.
GCHQ has a many petabyte dump of data but there's no impact on me unless they grep my name.
I'd disagree there - if GCHQ is collecting huge dumps of data, it doesn't have to be your data to affect you directly. For example if your MP or prime minister is deposed because of selective leaks of their data, that could easily affect your life in dramatic ways.
I don't know anything about GCHQ, but I don't want British intelligence to have intimate details about my life stored in some nosql database, and I see it as an offensive maneuver by a foreign government from which my government fails to protect me. See my reply to tptacek's post sibling to yours for a general response to your inquiry.
I seriously doubt that. Russia, for example, could not care less about 99.9% of western citizens (whereas for western spying agencies, those are potential dissidents to be kept on check).
And even if they cared, what exactly would they do with that information? It's not like they are particularly powerful, imperialist or try to play global cop (post USSR). It's also not like they arrange puppet politicians and governments in foreign countries, as western powers are known to do.
Has there ever been an NSA thread where you didn't take the opportunity to tell us why whatever the NSA has been doing is completely normal and expected?
The only thing I find even more fascinating than his unwavering attempt to defend the despicable actions of the NSA is how these posts end up every time as the top comments.
I don't think I've seen him defend their actions, just explain them. I, for one, appreciate it. He is in a sphere that I am not in, and were I to guess whether or not this was well-known behavior, I would have guessed not. And, apparently, I would have been wrong.
So I thank tptacek for sharing what he knows that I don't know. That is, after all, why I come here.
We could close down all news sites and stop reporting on all crimes - because, hey, the cop, the robber and the victim knew already hours ago that somebody had been robbed.
The argument that something should be a no-story, just because I personally suspected/knew about it already for some time screams of delusional self-importance worldview to me.
Perhaps somewhat, but not really. I read the word 'people' in the sense of 'some group' instead of 'any single person.' In other words, 'people now know that eggs aren't bad for you' doesn't mean that every single person has learned this, just that the knowledge is in the generally accepted body of knowledge and those with business or interest in nutrition know it. At least that's how I read it.
But if a person does not know that the NSA is doing this (and possibly would tell you that they aren't doing it, were you to ask), then is that person being intellectually dishonest in acting like this knowledge is new to everyone?
I think that leveling a claim of intellectual dishonesty at someone who thinks that everyone else was as ignorant as they were is a bit harsh, and sort of inflammatory.
I think that most people would reasonably believe that if there were such strong signals that the NSA was doing this it would be closer to public knowledge than it was.
I don't mean to drag this on forever, but I read the comment differently- as I said in the reply linked below. In short, that person isn't being intellectually dishonest. But the organizations who did know better and are pretending otherwise are.
I didn't take it that way. In fact, you could argue for more outrage: "There are certain groups who knew about this behavior all along and for them to pretend that this is news to them is bullshit" is how I read it.
So if you are going to be outraged, you should be outraged at the groups "in the know" as well.
It was unexpected for me, but I think it is important for us to understand that it wasn't unexpected for everybody. It's kind of like if we found out that Gitmo really wasn't exceptional. That would be important.
It would imply that this something is a standard practice, many groups are aware of it and for some reason, over time and through many events, they've decided it's the best policy that they can hope for (or else they would have blown the whistle earlier).
It means you should consider changing policy carefully, because the policy was put in place (and stayed there) not on a whim but rather after some consideration and re-consideration. Unless you think that all of these groups are filled with horrible people whose only aim is power and control you might have to allow that some of them have different insights into the problem from their experiences.
Please understand that I'm not defending anything- just showing how it could be important to learn this type of information.
I don't think it's defending. It's one part nerd-based "I've known about this forever. It's obvious!" and one part "this is their purpose — yes, it's abhorrent, but that's the entire mission, so don't be surprised when they do what they are chartered to do."
I'd take a bet that it's mostly the former (and the latter is rather similar to it). It's not just that some people get off on pointing out that something is 'obvious', it's that lots of other people feel the same way. So they upvote.
A somewhat similar example that always comes to mind in these cases (and for some reason happens relatively often among my 'geekier' friends) is when someone says 'I don't dream'. There's always a smart-ass around to point out that everybody dreams, but they just don't always remember it. I don't know if that's true, but that's irrelevant..
It might be technically true, but it's pedantic and misses the point of the statement. And it cuts off a potentially interesting conversation for the sole purpose of making this person sound smart.
I've noticed myself doing this too (I privately call it 'snoping' someone), and have been trying to avoid it as much as possible since I became aware of it.
Yes. For instance, I was not a believer in the NSA curve backdoors.
Unfortunately for whatever innuendo you're trying to evoke here, I'm on pretty firm ground when I say that NSA sponsoring computer hacking is normal and expected. I say that because you can find it on people's fucking resumes.
Not many of the people commenting in this thread, to say nothing of the general population, are founders of security research firms. We may have seen noisy rumours of these things, and even noisier hints at their scope and extent, but we're not being personally mailed verifiable primary documents by first-party actors.
Well, I am in the software industry, but not the security industry. And I don't recall anyone mentioning to this to me. Or on HN.
Can you point to some HN threads that discussed this in detail before Snowden? For example, when China was hacking Google, some people may off-handedly said, "well we do it too", but nobody gave specifics as Snowden did. His revelations were extremely useful.
Ditto. During all the "China is hacking us" stories, I never once recall any piece of news that talked about what we were doing to the rest of the World. As someone who is also in software, if such a story had been published, I would have been among those in the United States most likely to have read such a story.
If you have articles with publish dates pre-Snowden with lots of examples like the revelations in the posted story, please share. I want to figure out how I missed this.
>We don't need the Snowden disclosures to know this; it has for 15 years been the worst kept secret in computer security.
Just 1 year before, people would deny such thing occured and treat you like a conspiracy theorist, including here on HN.
>But it is intellectually dishonest to pretend that people are just now discovering that
A, the "we knew it all along so it's ok" defense -- with the "and furthermore, you should be ashamed for pretending to have learned about it just now" extension...
> "and furthermore, you should be ashamed for pretending to have learned about it just now"
You are wrong.
People have been saying for as long as email has existed that it is not private and that anyone can read it. People have been warning that if you have something secret you must not put it online, or that you must use sensible encryption carefully if you do so.
Risk assessment has always been part of online security considerations.
Online privacy is not a new thing. Knowing that governments have access to everything is not a new thing. Being annoyed that governments do it is a new thing.
What did you think they were doing with the huge secret budget and more computing power than anywhere else?
> the European Parliament warned EU citizens of the threat to their privacy from Echelon, a global eavesdropping network run by the US National Security Agency in cooperation with Britain, Canada, Australia and New Zealand. As we reported on Saturday, it concluded that the primary purpose of the system is to "intercept private and commercial communications". It urged individuals and businesses to use codes to protect their communications.
> Half of the UK and US government are saying it's news to them
> GCHQ employs one of the largest long term bulk near line storage systems in the world. Data is stored in a number of locations on a variety of media, including magnetic tape, cartridges, recordable Compact Disc and optical storage technologies.
What did they think was being done with the largest long term storage system in the world?
> GCHQ has an interest in all aspects of modern telecommunications and uses a variety of systems designed to operate on all frequencies over which data can be transmitted.
> People sometimes think that we cannot be accountable because we do not disclose much about GCHQ's operations and methods.
> Nothing could be further from the truth.
> In fact, GCHQ is subject to very rigorous oversight both by Parliament and senior members of the judiciary, and works entirely within a legal framework which complies with the European Convention on Human Rights.
> Activities at GCHQ are underpinned by the Intelligence Services Act 1994 (amended most recently by the Anti-Terrorism, Crime and Security Act 2001) and the Regulation of Investigatory Powers Act 2000. The purposes for which interception may be permitted are set out explicitly in these Acts: national security, safeguarding economic wellbeing, and the prevention and detection of serious crime. Interception for other purposes is not lawful, and we do not do it.
But I've already condemned this kind of wording used to justify unjustifiable privacy violation.
EDIT: It's mildly interesting reading through the technology pages to see it iterating. They list Win3.1 in the early versions!
It could maybe be described as hidden in plain sight. If you dug around there were pieces in the public domain that you could put together. But if you suggested this, you would have been dismissed as a tinfoil hatter by most people.
More to the point, the fact that it is a huge story in the news across the world proves that most people were simply unaware. So it doesn't mean much to say that this was already known when to most it wasn't. That could be taken to imply that there is nothing to see here and that people who are bringing it up are a little slow - which is simply disingenuous. The fact that my mother doesn't read every page of every newspaper doesn't mean she should be disenfranchised. And it also doesn't change the fact that many businesses are only now changing their behaviour and moving away from US companies and reconsidering architecture for IT projects and business operations.
I should say that I'm glad it's now being taken seriously by many people. I'm a bit worried about the number of toy crypto systems popping up. I'm frustrated that people still release apps that have over-broad privacy intrusions.
May I suggest a different perspective: We did need the Snowden disclosures to know this, for some value of we. A lot of members here on HN appear to realize this for the first time, and this is obviously a computer-related community. Non-technical people, considering who to vote for next time, certainly needed the Snowden disclosures to know this. The press could have picked up this story from resumes, but didn't, so the disclosures do allow for a democratic discourse on the subject, which wasn't possible earlier.
I do appreciate you sharing the fact that among computer security circles it was a well-known fact, and it's sad that you get so much hate for your informative comments.
We successfully fought against idiotic ideas from government to control use of encryption (EG Clipper chip). We told you to use encryption. We told you they could listen. We told you they were listening.
I think there's a strong distinction between "the government can read everything unencrypted" and "the government has a horde of vulnerability researchers, and routinely infects huge numbers of computers with their code". For the sake of discussion, I will concede that the former was well-known. The latter, IMO, wasn't.
What more could people have done? Good question. Maybe try and contact investigative journalists, although I have had no luck doing that for an unrelated issue I feel strongly about (NBA game fixing).
But it's interesting to know the scale of this, because the bigger the scale, the more people and institutions around the world will starting to think that "hey, they must be doing this to everyone, possibly even to us - so maybe we should do something to protect ourselves better".
Sovereign countries interact in the state of nature. Your country has a problem with the NSA? Pick up a SAT solver and build yourself some ROP shellcode and hit us back. Oh wait: your country's already doing that.
Do I like it? No. We don't work with the USG, and that's one of many reasons why.
My country? Are you kidding, they couldn't hack their way out of a paper bag. Any expertise and equipment they have is provided by the NSA, and they're a bunch of B-players with no budget.
The whole situation is uncomfortably asymmetric. Economies of scale I guess. Winner takes it all.
From whom? Last I checked we had most of our fleet sitting outside countries with whom we have conflicts of interest and not countries known for harboring pirates taking over private vessels. When was the last time a US war ship captured a Somali pirate vessel?
The US Navy capture smaller vessels quite regularly. The larger pirate boats may have non-combatants and/or hostages aboard so the rules-of-engagement limit the Navy actions.
Be outraged that we're spying on your country if that makes you feel better, I guess. I'd rather nobody spied on each other either.
Opposition to the tactics of the NSA/GCHQ does not require you to be opposed to the existence of spies. That's an old, tired argument, which we didn't need to go into the first time. Of course spies spy, but should they do so without boundaries, without proper supervision, and above the law? Should they do so outside wartime and on allies? Should they be given the very real capacity to subvert our democracies and networks worldwide? Who then will keep them in check if the head of the NSA decides he wants regime change at home? How will we know if this has happened?
Personally I don't think this world-weary acceptance of lawbreaking is an appropriate response, and I'm outraged that spies in my country (GCHQ) have been collaborating with collection of data worldwide and handing it over to the NSA, without any respect for international law or the interests of their own country.
The important discussion to be had is on where the boundaries to NSA surveillance lie, and how to perform adequate supervision of them, and just what laws they are not allowed to break. At the very least I think we need a proper inquiry into those topics, which we have not been offered thus far. Spies could (and have) assassinate, kidnap, subvert the political process, and break into networks worldwide but should they do those things to allies and domestically? Should we fund them to keep doing it? Should we accept the perpetual state of war which has been engendered by wars on terrorism and drugs, and the use of that to justify tyranny, assassination and subversion of the democratic process? If we say they can and will do all these things, because it's just what they do, we might as well given up on the pretence of a democracy we currently enjoy.
There are very good reasons the NSA is not supposed to be used domestically, and I'd argue those reasons should also extend to allies, if only because not doing so means your country will no longer have any real allies at all. Why should anyone trust the US or UK in trade negotiations when they've been shown to cheat and steal at every opportunity? Why should Sri Lanka say not just laugh in the face of the UK when Cameron talks of human rights, and China laugh in the face of the US when it complains about intrusive industrial espionage? The blowback on this topic is very real and deep and is only going to be reinforced by reactions like yours above which come down to 'spies will be spies'. The defensive capabilities of the NSA should be far more important than the offensive ones in my opinion, particularly in times of peace. Acting as if you are in a perpetual state of war with other nations, including your closest allies and even domestic population, will lead them to treat you the same way.
The spies have become a supranational organisation which apparently doesn't feel it is answerable to anyone; even the politicians who are ostensibly in charge of them. I think that's dangerous and worthy of note.
As much as I really don't like what the NSA is doing, this argument isn't valid. Law enforcement privileges cannot be directly compared to those of regular citizens. If you want to argue they've abused their privileges... then I'm with you 1,337%
I don't think the NSA is a law enforcer. They are an intelligence collector which may utilized by either the military, law enforcement, or executive branch.
Law enforcement still has to behave within the confines of the law. Unfortunately what we've had in the US is a revolving door of individuals who neither respect nor enforce the law. The Obama administration's attacks on whistle blowers is the equivalent to an organized criminal syndicate attempted to intimidate and snuff out informants.
Law enforcement has been turned upon itself, rather than going after the individuals breaking the law, they are going after those who are providing evidence of the crime.
For the record, and I've stated this before, there are two very separate issues here -- what the NSA does to the US & what the NSA does to everyone else. I am only referring to what is occurring in the US against US citizens (and US corporations.) There is very little disagreement that what has been done in the past and what likely is continuing does not fall within the confines of US law. The complicit and conspiratorial behavior among the highest levels of law enforcement & military mean there is no investigation, no prosecution, no tribunal for what is undoubtedly illegal behavior.
What the US's allies think about blanket surveillance and espionage is another matter, which should be debated between citizens of those democracies.
Is NSA "law enforcement" though? They are spies. It is (or should be) also quite illegal for them to be doing that to its own citizens, so if they do that, they should be in prison.
Too bad we live in a time where the president of US and Congress, prefer to protect these guys no matter what (whether it's spying or torture), instead of punishing them according to the law.
I really don't consider the NSA to be law enforcement. What, if any, US laws are they responsible for enforcing?
The FBI, Secret Service, Highway Patrol, city, state and country police departments, sheriffs, etc. are all in charge of enforcing laws. The NSA and the CIA as far as I can tell are not. Additionally neither are really tasked with domestic operations of any kind. National domestic law enforcement issues fall under the jurisdiction of the FBI.
What would happen if NSA mistakenly targets a nuclear reactor, and a bug in the malicious software caused a meltdown.
Is that a declaration of war, similar to a US launching a nuke? Would US be liable, and under what jurisdiction? Could the US President be put under Interpool arrest warrant, charged as an terrorist?
Sabotage, especially when the target can not be fully verified, is a dangerous game. IP addresses are easily mistakenly taken as identity, even if proxying is the number one method to evade detection.
"What would happen if NSA mistakenly targets a nuclear reactor, and a bug in the malicious software caused a meltdown."
What would happen if the NSA introduced a weakness in a cryptosystem that was used to secure major utilities in the USA? The NSA does not care about such external effects.
>What would happen if NSA mistakenly targets a nuclear reactor, and a bug in the malicious software caused a meltdown.
First order of business is covering your tracks. An accident happened, period.
>Is that a declaration of war, similar to a US launching a nuke? Would US be liable, and under what jurisdiction?
No. At worst you get to use your diplomatic channels to sort things out. Rembember, the target also needs to save face. Having allowed NSA to cause a reactor meltdown is not something anybody would want in their CV.
>Could the US President be put under Interpool arrest warrant, charged as an terrorist?
I do not know enough about Interpol to offer an answer on this one. But I would say that it is as likely as having USA kicked out of Nato or UN. One would have to start a parallel institution without US for that to be even remotely possible.
Like during the cold war, the world was a button press from global collapse.
It is not a good thing that random act of sabotage against targets which the attacker can't and won't verify is happening with such indifference to consequences. As citizens, we should react with more than "And?".
So, the 250 lb gorilla in the room: Linux, or Windows or ...?
Seriously, I'd like to know. I mean it's probably Windows for all the usual reasons (incomparable installed base, lots of attack surface, active exploit community, MSFT gives exploits to NSA before publishing), but what if it isn't? What if all this is done by Cisco IOS?
Given the amount of closed source routing hardware built by U.S. companies, it would surprise me more if they weren't complicit in similar activities to Microsoft on this topic. I've never been big on conspiracy theories, but this isn't really so much a conspiracy as what would be an obvious point of being able to distribute information from global sources.
When Iran buys computer hardware via third parties, odds are the software may well be a generation or two older... Having knowledge of internal exploit vectors would be invaluable to a state actor (like the NSA).
In my career I've been contacted (usually by recruiter) to consider projects by the RIAA, MPAA and the NSA... None of these were cracking projects or otherwise covert that I am aware of. Just the same, I don't think I could work for an organization that works directly against ideologies that I believe in.. those being liberty, privacy and the greater public good. On the last point some may well believe that these organizations work towards that, I disagree.
Is it me or with NSA entities power we do not live in democracy anymore? They can manipulate everything, from google results, voice, emails to the actuals votes.
what pisses me off most about this is that if you, Joe Public does it, it's illegal and if you get caught, you're arrested and charged for computer fraud, espionage or whatever else they can pin on you. But it's fine for them to do the same thing. The hypocrisy is disgraceful.
On one hand I can see how this looks bad (along with all the other revelations), but you've got to admit, for the taxes we've been paying, it's impressive how, albeit arguably misguided, talented and prolific our intelligence agencies are.
I wouldn't be surprised if many of America's largest corporations most often present their corporate interests as national security interests when they are lobbying our politicians.
Looking at that map, we need to be asking questions about where so many of those "implants" are located. I'm not surprised by all the little yellow dots covering China and Russia, But what are they doing littered all over Latin America (except Venezuela and Cuba). I would like to here the justification for considering Brazil a national security threat. Same for the red dots in places like Spain, Portugal and France.
The only national security threat in Brazil AFAIK is the Comando Vermelho[0], which operates out of Rio de Janeiro. And even then, only a few of the criminal organization leaders in Brazil tenuously relevant to US national security interests, such as Fernandinho Beira Mar[1].
The only way to justify the extent of such offensive implants is if we are using a definition of "national security" that is overly broad.
The only conclusion I can come to is that we've effectively waging a war against the rest of the World without an act of Congress declaring such a war.
[0] http://en.wikipedia.org/wiki/Comando_Vermelho
[1] IIRC, FBM is responsible for supplying a lot of the advanced Russian-made arms to the FARC. Even then the FARC is only a national security interest of the US because of our completely failed war on drugs.