Thursday, June 8, 2023

10 years after Snowden

Edward Snowden released his bombshell revelations ten years ago.  These showed that there was mass government spying on US citizens by US intelligence agencies; it also showed without a doubt that General Clapper perjured himself before the US Senate when he denied that this was the case.

Ten years later, Snowden is a refugee from the US Government, and Gen. Clapper is free as a bird (and guilty as sin).  This tells you much about how much trust to put in the US Government.

There are two excellent retrospective articles about this: The Register walks us through much of the narrative about the who, what, and when of the last ten years.  Highly recommended.  Here's the TL;DR:

"Ten years have gone by," since the first Snowden disclosures, "and we don't know what other kinds of rights-violating activities have been taking place in secret, and I don't trust our traditional oversight systems, courts and the Congress, to ferret those out," Wizner said. "When you're dealing with secret programs in a democracy, it almost always requires insiders who are willing to risk their livelihoods and their freedom to bring the information to the public."

Bruce Schneier has a fascinating piece from the perspective of someone who was involved with the disclosures.  Also highly, highly recommended.  Schneier is a security big wig, and so there's a fair amount of security industry inside baseball.  For example:

I ended up being something of a public ambassador for the documents. When I got back from Rio, I gave talks …at the IETF meeting in Vancouver in November 2013. (I remember little of this; I am reconstructing it all from my calendar.)

What struck me at the IETF was the indignation in the room, and the calls to action. And there was action, across many fronts. We technologists did a lot to help secure the Internet, for example.

And this prediction from your humble host has stood the test of a decade:

The two highlighted items really get to the heart of why the security industry is so angry about what the NSA has been doing.  They spent years establishing a relationship of trust with the industry and researchers.  Then they exploited that trust for personal gain at the expense of everyone else.

While I don't at all want to minimize the horrific crime of child abuse, that will give you a bit of the flavor of how the security industry looks at Ft. Meade now.  It was a rape, a rape of those who had trusted them as teacher and protector.

This is going to cause enormous problems for NSA.  I simply don't see how anyone will ever want to cooperate with them outside a public forum.  Nobody who values their reputation will be willing to be accused of slipping an NSA mickey into a crypto library.

And nobody on a standards body will ever again listen to NSA recommendations for changes to algorithms.  As a matter of fact, those recommendations will make the hair on the back of people's necks stand up, and lots of people will start to reverse engineer the NSA's math to see what games they're playing.

The last ten years have sure been a wild ride.


Aesop said...

Most people still don't believe it - at least not to the point of any actual alteration in behavior; sheep gonna graze - but at least it's not because no one told them it was so.

Michael said...

Borepatch I fear you underestimate the power of the almighty tax dollars to get businesses to "follow Suggestions" by the NSA.

As long as people continue to forget basic communications OPSEC all the words we post warning them is worthless.

The weakest link in your personal security invalidates the strongest procedures.

Ken said...

NSA suggestions could also be rolled into ESG requirements with trivial ease. "Like your line of credit? Wanna keep it? Here's your groomer...I mean Pride kit and your IT security backdoor."

matism said...

Never forget Five Eyes. And FOURTEEN Eyes. While there are allegedly laws against some behavior by the US agencies, there are no laws against such behaviors by agencies of those other countries. And AT&T has been kind enough to provide them their own room in a central office in the big Craphole where they can do their thing unmolested and then provide the info to the US agencies!