Over the past few months we've learned a lot about how the US government looks at its own citizens. We've learned this through the actions of Edward Snowden. He's done us a great service by forcing a conversation that the NSA and FBI didn't want us to have. The NSA lied to the Senate recently by claiming that it never tracked US citizens through Cell Phones. We would never have known about these activities if it wasn't for Snowden.
Snowden was using email to send information back and forth between himself and Glenn Greenwald. Since email is in one of those fuzzy gray areas of the law around data retention and government access to it this has caused a bit of a problem. It make things more difficult Snowden used an encrypted email service called Lavabit. It's encryption was at such a level that when the FBI requested data from it, they were confounded and essentially attempted to blackmail (legally of course) the owner into handing over the encryption key. This would have effectively rendered the service these people were paying for worthless. They were paying to have their email traffic be secured from both public and private entities.
As we hear and more about how the US government has been behaving towards internet security, the more we're learning that the NSA and other US agencies are doing their best to thwart it. They have worked with the NIST and weakened the encryption key they developed. The problem with these backdoors is that if it's there for the "good guys" (whoever that might be) it's also there for the "bad guys" (whoever that might be). This isn't just general encryption keys, it's things that we use every day without using it. Whenever we are using any website that includes "https" we are using a basic encryption protocol called SSL. Think about when you're banking, you see the https. Google now allows you to use this when you send information to and from them. This encryption has also been broken by the NSA. This is our personal stuff and if it's broken by the NSA it can be broken by other people. Now does this mean we're likely to have a rash of new fraud cases or theft cases? No, as it's been compromised for some time. However, people do know about it now and this of course is a greater cause for concern.
What can we do about this? Well, first, look into more secure encryption methods. I wouldn't be surprised if Google and applications like HTTPS everywhere will change their algorithm in result. Second, contact your representative and your senator. I'm lucky my senator in Oregon is very vocal (Ron Wyden) not everyone is so please help inform your leaders. Third, buy from companies that you know haven't given up data to the NSA, don't use Facebook and the like and basically try to follow the great writing that Sean did several months ago over on KBMOD. He nailed it then and it's even more pressing than before to keep up with security.
Showing posts with label Snowden. Show all posts
Showing posts with label Snowden. Show all posts
Saturday, October 5, 2013
Monday, June 10, 2013
NSA and Edward Snowden
Today saw the unveiling of the NSA leaker, Edward Snowden, a highschool dropout that worked his way through sheer capabilities as a programmer. To me this guy is pretty amazing. He cares about the people that he could have put in harms way, he made sure that he did not release any information that would put anyone in harms way, even though he had the capabilities. He learned from Bradley Manning and worked to ensure there would be no risks of physical injury. He felt that these actions violated the constitution and decided to expose these deeds to the public even though he knew his life was over. He believes he's likely to be targeted by the US government or an agent, such as a member of the Triad gang (he's in Hong Kong), to be executed.
Not only he is clearly concerned, but the media seems to think that this is also true. My roommate was watching ABC news with Diane Sawyer and during one segue she mentioned that he may have left because he feared for his life and was likely in danger. Think about it. It's publicly acknowledged by our press, that it's likely a whistleblower might be killed by the US government. This is a US citizen that has a family history of serving (father a member of the coast guard and mother a legal clerk) the US government. He is afraid for his life because he believes that the US government would murder him. If he dies and his body is found the blame will automatically fall upon the government. Edward will not be able to answer phone calls, call anyone, and is essentially on his own to make it to a country that has no extradition treaty with the US. This is a travesty - the fact that many people believe this man is going to die within the next few weeks - killed by his own government without his right to a trial.
Why does what he said matter? A lot of people are talking about it being only Metadata - here's an excellent article explaining what would have happened if the British had meta data during the revolutionary war. It would have ID'd Paul Revere as a likely revolutionary based on his association. Knowing nothing else about him other than a few clubs he and 254 other people in Boston were members of it was possible to deduce the entire social network and who was at the center of the networks.
As I mentioned in my last blog post this network analysis would have caused the changes in my Facebook network to raise some red flags. I suddenly move to Europe (I didn't list Eindhoven has my city of residence it would have been inferred from my friends), some of my first connects in Europe on Facebook were 2 Colombians, 2 Pakistanis, an Iranian, and a Turk. These changes represented a major shift in my circle of friends. I had few non-americans as friends and no Iranians or Pakistanis in my network. Using the full history of my data they wouldn't have found much except that I liked to drink and wrote drunk posts on Facebook while in college. However, it's likely I would have remained someone to keep an eye on, and since then I've written numerous posts about Anonymous, LulzSec and other controversial topics.
Anyway, it's important to keep this in mind when selecting the companies you decide to store your information with, even if it's "only" metadata. Where you go, who you talk to, and what you do online are all representations of you and a lot of information can be gleaned from that.
What can we do? Vote all the bums out of office next go around for one. Start companies that only hand over encrypted data that the end users are the only ones that can decrypt it. Educate your friends, family, co-workers, and anyone politically minded you know. We need to drive change otherwise this will continue and will only get worse. At what point do we need to start worrying that the NSA/US Government will start killing your friends because of who they talk to and what they believe?
Not only he is clearly concerned, but the media seems to think that this is also true. My roommate was watching ABC news with Diane Sawyer and during one segue she mentioned that he may have left because he feared for his life and was likely in danger. Think about it. It's publicly acknowledged by our press, that it's likely a whistleblower might be killed by the US government. This is a US citizen that has a family history of serving (father a member of the coast guard and mother a legal clerk) the US government. He is afraid for his life because he believes that the US government would murder him. If he dies and his body is found the blame will automatically fall upon the government. Edward will not be able to answer phone calls, call anyone, and is essentially on his own to make it to a country that has no extradition treaty with the US. This is a travesty - the fact that many people believe this man is going to die within the next few weeks - killed by his own government without his right to a trial.
Why does what he said matter? A lot of people are talking about it being only Metadata - here's an excellent article explaining what would have happened if the British had meta data during the revolutionary war. It would have ID'd Paul Revere as a likely revolutionary based on his association. Knowing nothing else about him other than a few clubs he and 254 other people in Boston were members of it was possible to deduce the entire social network and who was at the center of the networks.
As I mentioned in my last blog post this network analysis would have caused the changes in my Facebook network to raise some red flags. I suddenly move to Europe (I didn't list Eindhoven has my city of residence it would have been inferred from my friends), some of my first connects in Europe on Facebook were 2 Colombians, 2 Pakistanis, an Iranian, and a Turk. These changes represented a major shift in my circle of friends. I had few non-americans as friends and no Iranians or Pakistanis in my network. Using the full history of my data they wouldn't have found much except that I liked to drink and wrote drunk posts on Facebook while in college. However, it's likely I would have remained someone to keep an eye on, and since then I've written numerous posts about Anonymous, LulzSec and other controversial topics.
Anyway, it's important to keep this in mind when selecting the companies you decide to store your information with, even if it's "only" metadata. Where you go, who you talk to, and what you do online are all representations of you and a lot of information can be gleaned from that.
What can we do? Vote all the bums out of office next go around for one. Start companies that only hand over encrypted data that the end users are the only ones that can decrypt it. Educate your friends, family, co-workers, and anyone politically minded you know. We need to drive change otherwise this will continue and will only get worse. At what point do we need to start worrying that the NSA/US Government will start killing your friends because of who they talk to and what they believe?
Subscribe to:
Posts (Atom)