Comments
NSA Dragnet Debacle: What It Means To IT
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Faye Kane, homeless brain
50%
50%
Faye Kane, homeless brain,
User Rank: Strategist
6/26/2013 | 5:10:04 AM
re: NSA Dragnet Debacle: What It Means To IT
==--
The other shoe already dropped, but everyone seems to be politely ignoring it.

When Bush started all of this, a technician revealed that massive-bandwidth fiber trunks were being tapped into in special rooms at all the phone and internet providers.

Then last year, a Wired article quoted a systems-designer/whistleblower as saying that every phone call, email, ATM transaction, HTML request, electronic toll booth use, and library book loan that anyone in the country does is being tape recorded and stored in the new NSA data center in Utah at the rate of petabytes per day.

THIS is the data made available through PRISM, which is just a GUI into the massive database. I guess some of it is cached on disk.

That triggered a Senate investigation at which Clapper famously lied about it going on. For some reason, everyone insists on talking about mere telephone billing records--something their realtime data collection can't get.

It was also revealed then that there was a back door in every cell phone firmware allowing the NSA to turn on the GPS and microphone remotely.

I myself had a job interview with a friend of a friend contractor in an Arlington bar about a job tuning up the heuristics of the ontological model for the software that reads every single email anyone sends. I would have worked at UM, where the software was developed and where I did graduate work in knowledge representation and natural language understanding. I said "what about encryption", and he said they can brute-force anything, and if they can't, then they know it's important and they'll let the big machine crunch on it until they do.

I'm sure he wasn't supposed to tell me that, but he was drunk, bragging, and wanted to get in my pants. I didn't get the job because my DOJ security clearance had expired and the FBI was backlogged with clearance checks after 9/11. They needed someone NOW, with an active clearance.

I told the Washington Post, but they couldn't officially believe it unless I worked on the project or had documents.

We also now know details of the massively-parallel "big machine", also in Utah. I calculated that with 100 of the Nvidia CUDA arrays available now at Amazon, they could generate every 12-character password using every keyboard character in
20 minutes.

It also came out then that the NSA position is that they're not "intercepting" your phone calls until a human actually plays back the recordings.

Obama's statement "nobody's listening to your phone calls" was carefully worded. He would have preferred to say "nobody's recording your phone calls".

Y'all really need to WISE UP, and stop believing whatever the he11 you prefer to believe.

-faye kane GÖÇ girl brain
Faye Kane, homeless brain
50%
50%
Faye Kane, homeless brain,
User Rank: Strategist
6/26/2013 | 4:34:54 AM
re: NSA Dragnet Debacle: What It Means To IT
==--
> we have no idea what, if anything, actually happened here

Yes, that's very reassuring. I'm uploading (handing over) the source code for my new software even as we speak!

> all of the providers are denying it.

Not only do they have no incentive whatsoever to affirm it, and not only would the users throw rocks through their windows if they did, but if they 'fess up, they'll be shown the Patriot Act and hauled away to Security Prison for revealing state secrets.

This is how police states happen. How else did you think they happen?

-faye
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
6/12/2013 | 8:55:03 PM
re: NSA Dragnet Debacle: What It Means To IT
A good analysis. It's dispiriting that the government's surveillance has been confirmed in this manner-- but is it really surprising? As Andrew suggests, it's a bit unnerving that so much data is being collected, but the point about tax dollars puts the dragnet into perspective.

I don't think that makes it okay--but it makes me less concerned about being personally targeted than about (again, to follow Andrew) the dynamic between citizens and government. Things were already pretty bad; the far right has decided that "facts" matter less than "principles" and "faith," and the left hasn't held the Obama administration accountable for its failings (e.g. why has President Obama forgotten how much Candidate Obama talked about transparency? Would Candidate Obama have taken such a unilaterally harsh stance on whistle blowers?). These conditions, among others, had already polarized rhetoric and neutered Congressional efficacy.

Now, you have to wonder if there's any reversing the widespread disillusionment this will cause. The President points out that Congress has been briefed on this program-- but that's not nearly good enough, and he knows it. Perhaps the realities of a digital, post-9/11 world demand that certain assumptions and entitlements be discussed-- but that discussion never really happened. Never in my life have I seen such a huge gulf between Americans' collective perception of a law and what the law actually does. And that's not okay.

Effective democracy only works when there can be informed debate. I appreciate that national security must be maintained, and that means the government has to keep certain secrets. But I have to believe we could have, as a society, had some conversation about giving up privacy that would also have allowed the government to keep its methods and strategies under wraps. Instead of doing that, we rushed the Patriot Act into law. As a result, whenever the government doesn't feel like having a debate, it can point to "national security" and refuse to admit anything, let alone divulge additional details.

I don't think it's surprising that the government runs a program like this. To be honest, I'm not even sure how I feel about the way the data is being used, now that they have it. I just think it's discouraging that the government didn't have to have a conversation - let alone break any clear laws - to get this far.

Michael Endler
InformationWeek Associate Editor
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
6/11/2013 | 3:16:21 AM
re: NSA Dragnet Debacle: What It Means To IT
"What foreign company will want to do business in the U.S. if it's our government's acknowledged practice that it performs warrantless collection of the data stored in the cloud by major U.S. companies in order to combat non-specific threats?"

Oh, that's quite an easy question to answer... United Kingdom, Canada, Australia, New Zealand and The Netherlands - which happens to be all of the countries (aside from the US) that participate in the Echelon program of sharing SIGNIT back and forth.

This process has been going on for years and I highly doubt that public outcry will stop it. The big thing that's happening at this point in time is that the American public are losing faith and trust in their government doing the right things with the data that it is collecting (mostly due to the incompetence and political motivation of the existing administration). If you trust your government to do the right thing, does it inherently matter if they're analyzing data and metadata regarding your activities?

Point blank - here's how it all works... if something is in a digital format, unless it's stored on a system that's powered down, disconnected from all external cabling and is stored in a locked room, you should treat it as public knowledge, period. Once you overcome the obstacle (more of a mental block) that there are no secrets in the digital age, things aren't quite so bad.

If someone at the NSA feels the need to read through my e-mail and finds it interesting how I plan to restore my Imperial convertible, have at it! I'm quite sure there are better uses of my tax dollars... like running the systems and analyzing the petabytes of data available to find the small voice that may be rallying troops to cause another incident in the United States in the wilderness of funny LolzCat pictures and gossip about the latest Hollywood starlet who can't hold her liquor.

When it comes to cloud security - see above, once it's digital, it should be considered public knowledge. There are way too many large targets out there and way too many determined hackers who do these sorts of things (for fun AND profit). Remember the 80s when there was a technology embargo against the Soviet Union? Ever seen what those determined Russian programmers could make even an old IBM XT do, because it's all they had to work with? Now with technology being commoditized and ubiquitous, just about anyone on the face of the planet can order up a used PIII system with enough oomph to run Linux and get to work on coding the next great 0day assault. It comes down to where an organization wants to put their risk, what they feel comfortable with, and how they plan to mitigate the issues inherent with the level of risk that they're comfortable with.

Andrew Hornback
InformationWeek Contributor
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
6/11/2013 | 3:15:38 AM
re: NSA Dragnet Debacle: What It Means To IT
And where do your encryption standards come from?
rjones2818
50%
50%
rjones2818,
User Rank: Strategist
6/10/2013 | 10:50:10 PM
re: NSA Dragnet Debacle: What It Means To IT
And to think we're actually in the process of pretty much putting all of our business and personal data up in the 'cloud.'

Fool us once...shame on them, unless we should have known better.
dwebb608
50%
50%
dwebb608,
User Rank: Apprentice
6/10/2013 | 8:43:35 PM
re: NSA Dragnet Debacle: What It Means To IT
I agree. The basic question is "Can the government be trusted to protect our privacy?" Recent activity gives me no reason suspect that the answer might be "yes". Therefore, it behooves me to take my own actions to ensure that information can't get into the wrong hands (I.e. encrypt the *%$#!! out of EVERYTHING).
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
6/8/2013 | 4:57:49 PM
re: NSA Dragnet Debacle: What It Means To IT
Nevertheless cases like this one clearly show the risks. So your proprietary data is somewhere in the cloud and next thing you know a hack at some three letter agency spills out your stuff into the public. The cloud has its benefits, but having full control over your data is not one of them. Anything from getting it stolen over losing it all when the cloud vendor ceases to exist to having no access because either the cloud or the Internet connection is down somewhere. That is fine for non-critical systems that have a backup on site, for everything else it is like playing Russian roulette - quite a disservice of IT for any company. There is a reason why the cloud is called the cloud, it is nothing more than vapor, here today, gone tomorrow.
kmarko
50%
50%
kmarko,
User Rank: Strategist
6/7/2013 | 10:30:08 PM
re: NSA Dragnet Debacle: What It Means To IT
While I agree with the statements about government overreach, I think it is far too early to be making broad conclusions about the security of your data in the cloud. First, we have no idea what, if anything, actually happened here; all of the providers are denying it. Second, there is a huge difference between cloud providers providing internal access to the U.S. government, while likely staring a FISA warrant in the face, and them wantonly granting access to just anyone or leaving the doors wide open for foreign hackers. If the Feds wanted information in your private data center, they'll get it. Of course you'll know about it, but, pursuant to the Patriot Act, you can't tell anyone (i.e. your employees or customers) about it.

In sum, I don't think that what we know so far justifies making damning conclusions about data security in the cloud vis-a-vis on premise or on private networks.
Guest
50%
50%
Guest,
User Rank: Apprentice
6/7/2013 | 6:31:21 PM
re: NSA Dragnet Debacle: What It Means To IT
Kudos to this writer.
Page 1 / 2   >   >>


Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.