Linked by Thom Holwerda on Fri 21st Jun 2013 19:08 UTC
Legal "Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency. The sheer scale of the agency's ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate." Woah.
Order by: Score:
Comment by MOS6510
by MOS6510 on Fri 21st Jun 2013 20:02 UTC
MOS6510
Member since:
2011-05-12

I think we're still in the tip of the iceberg stage.

Reply Score: 11

RE: Comment by MOS6510
by Kochise on Fri 21st Jun 2013 20:17 UTC in reply to "Comment by MOS6510"
Kochise Member since:
2006-03-03

If its depth looks like the deep web, better not to take a look...

Kochise

Reply Score: 3

RE[2]: Comment by MOS6510
by MOS6510 on Fri 21st Jun 2013 20:19 UTC in reply to "RE: Comment by MOS6510"
MOS6510 Member since:
2011-05-12

I don't care for all the tapping. Fast forward to Area 51 stuff!

Reply Score: 5

Monkey see, Monkey do
by Phloptical on Fri 21st Jun 2013 22:33 UTC
Phloptical
Member since:
2006-10-10

No surprise there. The US is doing it....so should the UK.

Edited 2013-06-21 22:34 UTC

Reply Score: 4

Comment by MOS6510
by MOS6510 on Sat 22nd Jun 2013 04:02 UTC
MOS6510
Member since:
2011-05-12

I just read the US want Snowden arrested for... spying, which seems a bit hypocrite.

Reply Score: 7

Comment by neticspace
by neticspace on Sat 22nd Jun 2013 04:42 UTC
neticspace
Member since:
2009-06-09

South Korea has been spying on its citizens since the previous pro-American president. It doesn't look good because South Korea's spy chief was just indicted a while ago because of an organized manipulation of online opinions during a presidential election season. I always said this before. South Korea will always be worse than China when it comes to online surveillance and manipulation.

Reply Score: 3

Yowsers
by Alfman on Sat 22nd Jun 2013 05:36 UTC
Alfman
Member since:
2011-01-28

"The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases."

If the figure is true, that's probably ~$85B/year in employee costs alone without factoring in any technology costs. That means over 3% of our federal taxes are going to pay for this secretive operation without any public oversight.

Edited 2013-06-22 05:45 UTC

Reply Score: 7

Comment by mutantsushi
by mutantsushi on Sat 22nd Jun 2013 08:30 UTC
mutantsushi
Member since:
2006-08-18

Is this facing legal consequences in the UK, or under EU privacy law?

Reply Score: 2

Comment by marcp
by marcp on Sat 22nd Jun 2013 10:50 UTC
marcp
Member since:
2007-11-23

These guys are really working hard for the global anarchy to come ... Soon people will really have enough of these dirty games and someone's gonna have a big problem.
I really don't know where you can escape when the whole world is against you. Maybe they will be able to escape to Mars, or maybe they will have no choice.

Edited 2013-06-22 10:50 UTC

Reply Score: 3

v RE: Comment by marcp
by AndyB on Sat 22nd Jun 2013 14:12 UTC in reply to "Comment by marcp"
RE[2]: Comment by marcp
by Janvl on Sat 22nd Jun 2013 14:26 UTC in reply to "RE: Comment by marcp"
Janvl Member since:
2007-02-20

Reactions like that would have been the ultimate wet dream for Erich Honecker.

Just a little advise, look up he word democracy in a dictionary.

Reply Score: 6

RE[3]: Comment by marcp
by Adurbe on Mon 24th Jun 2013 09:57 UTC in reply to "RE[2]: Comment by marcp"
Adurbe Member since:
2005-07-06

Who lives in a Democracy?

In the UK we are a Constitutional monarchy (as are most of the commonwealth) and America is a Republic... as far as I am aware, there isn't a single true democracy in the world..

Reply Score: 1

RE[4]: Comment by marcp
by benytocamela on Mon 24th Jun 2013 23:24 UTC in reply to "RE[3]: Comment by marcp"
benytocamela Member since:
2013-05-16

I'll take "what does Democracy mean?" for $500 Alex.

Reply Score: 1

RE[5]: Comment by marcp
by Adurbe on Wed 26th Jun 2013 11:26 UTC in reply to "RE[4]: Comment by marcp"
Adurbe Member since:
2005-07-06

my comment is still correct. You really should learn how your government (whichever it may be) works as its NOT a true democracy.

From wikipedia;

"Democracy is a form of government in which all eligible citizens have an equal say in the decisions that affect their lives."

We have certain democratic rights, but we DO NOT HAVE EQUAL SAY. We elect representatives to vote on our behalf. Each representative DOES NOT have equal mandate (number of voters in one constituency vs another).

IF my MP votes in favor of additional tapping my only recourse is to vote for another representative next time.

Reply Score: 2

RE[2]: Comment by marcp
by Gullible Jones on Sat 22nd Jun 2013 14:39 UTC in reply to "RE: Comment by marcp"
Gullible Jones Member since:
2006-05-23

Which is totally not the point. The situation is not dangerous yet, but it is absolutely ripe for abuse.

Think about it a bit. Governments now have the tools to enforce a totalitarian state much more effectively than in the olden days. What happens to your law-abiding citizens when the law starts to diverge from ethics?

As a matter of fact, we already live in a runaway gonzo-capitalist society - "greedist," as Iain Banks put it - that accommodates many unethical things. People who oppose said system and said things are already targets of the media's ire. What happens now that the government can learn everything about those people?

Reply Score: 5

RE[2]: Comment by marcp
by Gullible Jones on Sat 22nd Jun 2013 14:46 UTC in reply to "RE: Comment by marcp"
Gullible Jones Member since:
2006-05-23

I would also draw another analogy: power over others is the One Ring. Wear it for too long, and you will become a slave to it, no matter how strong-willed and ethical you start out.

Spying programs like this definitely qualify IMO. Government officials can become invisible, as it were; they can learn everything about citizens, without any public oversight. This is incredibly corrupting stuff.

Reply Score: 6

RE[2]: Comment by marcp
by Lennie on Sat 22nd Jun 2013 15:55 UTC in reply to "RE: Comment by marcp"
Lennie Member since:
2007-09-22

I don't think that is the solution.

I want all the protocols to have privacy built in. That way, it's not any extra work and people will less technical ability can enjoy the benefits too.

Reply Score: 3

RE[2]: Comment by marcp
by BushLin on Sat 22nd Jun 2013 17:36 UTC in reply to "RE: Comment by marcp"
BushLin Member since:
2011-01-26

What if the person after you isn't following the law, what is the person is a private investigator working for someone very unreasonable... are you happy for every detail of your life to fall into their hands?

What if someone with power didn't like you expressing an opinion on something political, do you mind being under surveillance then?

Reply Score: 3

RE[2]: Comment by marcp
by marcp on Sat 22nd Jun 2013 21:15 UTC in reply to "RE: Comment by marcp"
marcp Member since:
2007-11-23

These are your options, my authority-loving friend. It doesn't mean there aren't other.

Let me tell you one thing as the simplest example here:
People involved in PRISM were also using it to ... spy on their own wives and relatives.
Where's decency? where's good behavior and ethics? It's like your god telling you to avoid killing and killing people in the same time.

Maybe now you'll see the point.

POWER CORRUPTS. TRANSPARENCY IS THE KEY AND SOLUTION.

Sorry for the caps, but it had to be said this way.

Reply Score: 4

RE[3]: Comment by marcp
by zima on Thu 27th Jun 2013 20:36 UTC in reply to "RE[2]: Comment by marcp"
zima Member since:
2005-07-06

Where's decency? where's good behavior and ethics? It's like your god telling you to avoid killing and killing people in the same time.

Isn't that what pretty much all the gods do? ;)

PS. Another danger - easier spying on foreign officials, and having that way some leverage over them.

Reply Score: 2

RE[2]: Comment by marcp
by Morgan on Sat 22nd Jun 2013 22:58 UTC in reply to "RE: Comment by marcp"
Morgan Member since:
2005-06-29

I don't think you understood marcp's point. I believe he was saying that the government leaders who have been authorizing the spying will be the ones on the run from the public at large. Personally I don't see that happening, but I'm pretty sure that was what he meant.

Reply Score: 2

RE[2]: Comment by marcp
by Soulbender on Sun 23rd Jun 2013 02:51 UTC in reply to "RE: Comment by marcp"
Soulbender Member since:
2005-08-18

if you live a decent, law abiding life then you have nothing to worry about.


Funny, that's the argument the USSR and East Germany used.

Reply Score: 3

RE[2]: Comment by marcp
by unclefester on Sun 23rd Jun 2013 04:27 UTC in reply to "RE: Comment by marcp"
unclefester Member since:
2007-01-13

First they came for the Communists, but I was not a Communist so I did not speak out. Then they came for the Socialists and the Trade Unionists, but I was neither, so I did not speak out. Then they came for the Jews, but I was not a Jew so I did not speak out. And when they came for me, there was no one left to speak out for me.

Dietrech Bonhoffer

Reply Score: 5

RE[3]: Comment by marcp
by RshPL on Sun 23rd Jun 2013 12:24 UTC in reply to "RE[2]: Comment by marcp"
RshPL Member since:
2009-03-13

Did not know the quote, thanks.. however

... Then they came for the Socialists and the Trade Unionists, but I was neither, so I did not speak out.

Quite ironic, considering that NSDAP stands for "Nationalsozialistische".

Reply Score: 0

RE[4]: Comment by marcp
by Alfman on Sun 23rd Jun 2013 15:01 UTC in reply to "RE[3]: Comment by marcp"
Alfman Member since:
2011-01-28

RshPL,

While we're on the topic of famous quotes:

"They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." B. Franklin.

When we were escaping the grips of the english, our leaders were ferociously free-thinking. It's astonishing how much has regressed politically.

Reply Score: 3

RE[5]: Comment by marcp
by zima on Fri 28th Jun 2013 23:42 UTC in reply to "RE[4]: Comment by marcp"
zima Member since:
2005-07-06

Or so the myths about the past are...

Reply Score: 2

RE[4]: Comment by marcp
by zima on Fri 28th Jun 2013 23:25 UTC in reply to "RE[3]: Comment by marcp"
zima Member since:
2005-07-06

Quite ironic, considering that NSDAP stands for "Nationalsozialistische".

It was deliberately named that way to create confusion, to mislead (and some people still fall for it...); NSDAP didn't have much in common with socialists.

Edited 2013-06-28 23:30 UTC

Reply Score: 2

RE[3]: Comment by marcp
by oskeladden on Sun 23rd Jun 2013 18:32 UTC in reply to "RE[2]: Comment by marcp"
oskeladden Member since:
2009-08-05

First they came for the Communists, but I was not a Communist so I did not speak out. Then they came for the Socialists and the Trade Unionists, but I was neither, so I did not speak out. Then they came for the Jews, but I was not a Jew so I did not speak out. And when they came for me, there was no one left to speak out for me.

Dietrech Bonhoffer


The quote is not from Bonhoeffer, but from Martin Niemöller.

Unlike Niemöller, who initially welcomed Hitler's assumption of power, Bonhoeffer opposed him from the very start - two days after Hitler took power, Bonhoeffer delivered a radio address condemning "the leader who makes an idol of himself." There was no doubt of whom he spoke. Bonhoeffer was one of the very first to call upon the Church to act against the Nazi persecution of the Jews, in his essay "The Church and the Jewish Question", published less than three months after Hitler came to power.

Reply Score: 5

RE[2]: Comment by marcp
by cjmuk on Mon 24th Jun 2013 10:04 UTC in reply to "RE: Comment by marcp"
cjmuk Member since:
2013-01-16

I swear I shiver every time I hear something like 'if you live a decent, law abiding life then you have nothing to worry about'.

Fresh in the UK news this week is an account about how the Police trawled for evidence to discredit the family of a boy who was murdered at a bus-stop in the early 90s (Stephen Lawrence) because they wanted to defend against criticism of the Police's handling of the case. There was no internet (as we know it now) so they had to send an undercover officer onto the job, but imagine how easy it would be now, with all this information on tap.

See: http://www.guardian.co.uk/uk/2013/jun/23/stephen-lawrence-undercove...

Reply Score: 2

RE[3]: Comment by marcp
by ASmith on Mon 24th Jun 2013 18:07 UTC in reply to "RE[2]: Comment by marcp"
ASmith Member since:
2012-02-10

I swear I shiver every time I hear something like 'if you live a decent, law abiding life then you have nothing to worry about'.

Fresh in the UK news this week is an account about how the Police trawled for evidence to discredit the family of a boy who was murdered at a bus-stop in the early 90s (Stephen Lawrence) because they wanted to defend against criticism of the Police's handling of the case. There was no internet (as we know it now) so they had to send an undercover officer onto the job, but imagine how easy it would be now, with all this information on tap.

See: http://www.guardian.co.uk/uk/2013/jun/23/stephen-lawrence-undercove...

-------------------------------------------------------

Many folks do no realize how many officials in defense contractors and government agencys are on the payrolls of the multi-billion dollar drug cartels as well as other neferious organisations who thru their paid agents can access that same information for carrying out murders, extortion and blackmail.

Even former President Clinton related his concern about Israeli pressure on their intercepts of his phone calls regarding the huge at that time exposure of his having an affair with a young intern in the oval office. PRISM and before PRISM has two Israeli firms that designed the cloning of the telecom cable and main relay point communications streams which all calls are routed thru.

Children that have suddenly found themselves misplaced onto terrorists watch lists have found it is impossible for their parents to remove them. That could and likely will cost those young citizens MILLIONs in lost employment during their lifespans as nearly all employers in the west run extensive background checks on potential and current employees.

Familys now must be rightly concerned what their children state in a blog, forum or sms text to friends could and would be used against them and their loved ones decades later if not sooner. Disembarking in a foreign nation and finding you or a family member had a red flag based on a data intercept years earlier and preventing you from entering that country, preventing you from obtaining a visa is going to be going from a rare occurrence to a much more common shocker which I seriously doubt main stream western media is going to even publish.

Journalists now are routinely being threatened with espionage and felony charges for simply reporting on such events in real-time much less reporting on whistleblowers who expose criminal actions by government and military officials whose ethical and moral conduct must be impeccable yet now are going after those that expose their criminal actions.

Reply Score: 1

Enough already
by Lennie on Sat 22nd Jun 2013 15:53 UTC
Lennie
Member since:
2007-09-22

Time to do widespread deployment of:

Tor, HTTPS, BrowserID/Mozilla Persona, WebRTC and PGP.

Here you can see what an improvement just using Tor and HTTPS already is:

https://www.eff.org/pages/tor-and-https

Explanation of all:

- Tor makes sure the traffic you send to a site can't be tracked to your IP-address.

- HTTPS encrypts your traffic so it isn't possible to see the traffic you exchange with a site

- BrowserID/Mozilla Persona is privacy preserving oAuth equivalent for single sign on

- WebRTC is encrypted audio/video/data between 2 browsers or other applications. This is better than VoIP most VoIP traffic isn't encrypted. Also the "signaling" of how to establish the connection can be handled in any way you don't depend on telephone-number or other unencrypted stuff

- PGP can be used to send encrypted email

There is also a system for fibers to detect snooping, maybe that should also be used.

Edited 2013-06-22 16:00 UTC

Reply Score: 3

RE: Enough already
by Alfman on Sat 22nd Jun 2013 17:34 UTC in reply to "Enough already"
Alfman Member since:
2011-01-28

Lennie,

Not bad ideas in general, but playing devil's advocate they're not going to protect us from a sufficiently advanced adversary either.

"Tor makes sure the traffic you send to a site can't be tracked to your IP-address."

This requires that a significant number of tor nodes not to be compromised. Even then assuming NONE of them are compromised and assuming the adversary merely has access to ENCRYPTED packets between the client and server, given enough such packets it eventually becomes possible to correlate them by timing/size/envelope information alone.

https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29#We...

"- HTTPS encrypts your traffic so it isn't possible to see the traffic you exchange with a site"

If the allegations are true then HTTPS will not protect you if google and other companies already have their ends tapped. Furthermore HTTPS can be vulnerable if the adversary has access to certificate authority signing keys to coordinate man in the middle attacks, this is very likely within the NSA's capability, not to mention companies far lower on the food chain.

Reply Score: 3

RE[2]: Enough already
by Lennie on Sat 22nd Jun 2013 17:44 UTC in reply to "RE: Enough already"
Lennie Member since:
2007-09-22

There was a reason I mentioned 'widespread deployment', because Tor currently has to few nodes to be really, really good.

On HTTPS and CAs, yes, it needs to be improved.

There are some improvements, but non are perfect yet.

Reply Score: 2

RE: Enough already
by Soulbender on Sun 23rd Jun 2013 02:46 UTC in reply to "Enough already"
Soulbender Member since:
2005-08-18

HTTPS encrypts your traffic so it isn't possible to see the traffic you exchange with a site


Yes but...if we presume that the intelligence agencies are in league with the certificate authorities (wilfully or by force) they can easily impersonate the site you're talking to.
Interestingly enough this is actually makes a good case for using self-signed certificates or running your own CA.

Reply Score: 3

RE[2]: Enough already
by Lennie on Sun 23rd Jun 2013 07:32 UTC in reply to "RE: Enough already"
Lennie Member since:
2007-09-22

The closest thing to solving that is DNSSEC and DANE.

DNSSEC secures DNS bij signing the DNS-data.

DANE puts certificate information in DNS.

That can be the certificate from the site owner or information about the CA.

So it isn't possible to use CA X for a site that was signed by CA Y.

There are already extensions for Firefox:

https://addons.mozilla.org/nl/firefox/addon/dnssec-validator/
https://www.dnssec-tools.org/wiki/index.php/Firefox
https://os3sec.org/

And even some other browsers.

The people say: that makes you more dependent on DNS.

My answer: you think you are not dependent on DNS now ?

DNSSEC helps to verify the site at the first visit.

HTTP Strict Transport Security can be used by a site owner to tell the browser to always visit the site with HTTPS.

There are RFC drafts to add the ability to add CA-pinning to that so the site can tell the browser only to use these CAs with this public key.

Is that enough ? I don't know.

You are trusting DNS and using it to verify the site the first time and every time after that the browser should first check CA-pinning before DANE CA-information because it already has that information.

It is the closest thing to being deploy-able that we have.

That isn't all that still needs to be improved right now. Certificate revocation is a problem too. OCSP is our best solution, but OCSP is slow, depends on the performance of the CA and tells the CA what site you are visiting when you visit it. And OCSP isn't enforced but a lot of browsers. If the CA fails to respond, the browser will just continue. That isn't security. (It is kind of like: I can't do password checks right now, so let's just let the user login)

OCSP stapling is supposed to solve that, but doesn't support multiple responses.

I think the browser should just have a nup to date list of all trusted CAs and subCAs, that solves that problem.

Edited 2013-06-23 07:47 UTC

Reply Score: 2

RE[3]: Enough already
by Alfman on Sun 23rd Jun 2013 14:53 UTC in reply to "RE[2]: Enough already"
Alfman Member since:
2011-01-28

Lennie,

In theory, I prefer DNSSEC based certificates over HTTPS because it'd allow every domain owner to send security keys to users without any certificate authority. Ie, the mere fact that you own the domain makes you the authority for your domain without paying another party to prove it.

However DNSSEC is still based on the same centralized root of trust model that HTTPS / CAs use. We have to ask what makes the root of trust in DNSSEC any more trustworthy?

If you want to look at a decentralized crypto model that is considered secure from the prying eyes of the most powerful adversaries, take a look at freenet. It took a radically different approach at storage, transporting data, plausible denyability, secure identities, etc. Alas, the design decisions that have gone into making it private have also made it rather impractical to use in the way we're used to with the web.

Reply Score: 3

RE[4]: Enough already
by Lennie on Sun 23rd Jun 2013 22:44 UTC in reply to "RE[3]: Enough already"
Lennie Member since:
2007-09-22

The only advantage DNS has is there are more parties involved with DNS. It is easier to choose a different branch (.com can't sign stuff from .org).

Every CA can sign anything it wants.

And you only need to trust that ones, because you can use HSTS to cache fingerprints.

DNS names is something people know and understand and is deployed.

Have to admit haven't looked into freenet yet.

But let's put it a different way, did you know a lot of crypto does not get deployed for only one reason.

Because the users it is intended to, do not understand how it could ever work.

Edited 2013-06-23 22:48 UTC

Reply Score: 2

RE[5]: Enough already
by Alfman on Mon 24th Jun 2013 00:28 UTC in reply to "RE[4]: Enough already"
Alfman Member since:
2011-01-28

Lennie,


"The only advantage DNS has is there are more parties involved with DNS. It is easier to choose a different branch (.com can't sign stuff from .org)."

I'm really not too familiar with DNSSEC, but my understanding is that the root zone, which operates one layer above .com or .org, is still vulnerable to the kind of adversaries that we're talking about:

https://www.icann.org/en/about/learning/factsheets/dnssec-qaa-09oct0...

In particular see section #7.

"i) ICANN, an International not-for-profit Corporation under contract from United States Department of Commerce, performs the 'IANA' function. IANA stand for Internet Assigned Numbers Authority. ICANN receives and vets information from the top level domain (TLD) operators (e.g. 'com')"

"ii) National Telecommunications and Information Administration (NTIA) - which is an office within the United States Department of Commerce - authorizes changes to the root"

"iii) VeriSign a United States based for profit company is contracted by the US Government to edit the root zone with the changed information supplied and authenticated by ICANN and authorized by the Department of Commerce and distributes the root zone file containing information on where to find info on TLDs (e.g. 'com')"


It seems extremely probable that DNSSEC is already compromised by the government. Who were also responsible for provisioning it.

Reply Score: 2

RE[6]: Enough already
by Lennie on Mon 24th Jun 2013 09:00 UTC in reply to "RE[5]: Enough already"
Lennie Member since:
2007-09-22

If you think it is ICANN that has the final say, then you are probably wrong.

The root operators are multiple independent organisations.

The root operators actually can refuse to accept changes.

There is no reason for the root operators to accept a change that would allow the US to block or do something else stupid.

Have to admit the US is at an advantage 10 out of 12 of these organizations are associated with the US.

I don't know if the other 2 have the guts to stand up to the rest. And maybe with DNSSEC in widespread use, it doesn't matter.

The sole purpose of the root operators is to allow for pointers to TLDs.

Even if they might be convinced to remove a TLD I really doubt they would accept anything else so traffic could be redirected.

Reply Score: 2

RE[7]: Enough already
by Alfman on Mon 24th Jun 2013 12:54 UTC in reply to "RE[6]: Enough already"
Alfman Member since:
2011-01-28

Lennie,

"The root operators actually can refuse to accept changes."

The root keys aren't intended to be changed, if they were it would be a big deal.

"The root operators are multiple independent organisations."

We need to distinguish between the TLDs and the DNSSEC root key. In theory either could be compromised, but it's the private component of the static root key that would give an attacker the capability to subvert DNSSEC in it's entirety.

It's said that the root key was divided by ICANN unto 7 individuals residing in different countries: Britain, the U.S., Burkina Faso, Trinidad and Tobago, Canada, China, and the Czech Republic. The official procedure is for five to be present on US soil to reveal the root key. (I'm learning some of this right now, so feel free to cite corrections if I'm mistaken on something)

https://www.schneier.com/blog/archives/2010/07/dnssec_root_key.html

Edit: I'm not sure how difficult it would be for the NSA to obtain the keys from these individuals. They might bug the computers being used (hardware or software), they might copy the keys while the individuals are sleeping, some might be hired by the NSA, there's blackmail/threats, etc. I can only speculate here since I have no actual experience with espionage ;)

Edited 2013-06-24 13:11 UTC

Reply Score: 2

RE[5]: Enough already
by Alfman on Mon 24th Jun 2013 03:22 UTC in reply to "RE[4]: Enough already"
Alfman Member since:
2011-01-28

Lennie,

I didn't have enough time to respond with a more rounded response earlier (I don't mean to be a naysayer on every post of yours). My opinion is that while centralized crypto models are "good enough" for typical banking and commercial uses, they are inherently incapable of providing (mathematical) confidence that they will not be abused by those at the helm.

Privacy is hard, but by changing our conventions for interpersonal communications, through education and wider deployment of available crypto technology, we can make more foolproof systems. For example, every time we meet someone in person, we could exchange keys via NFC on smartphones. From that point forward we could authenticate & encrypt all communications with that person. The technology could be made seemless across email/telephony/video chat/etc. It's not really the crypto theory holding us back so much as it is the social norms, and I think we agree on this point.

Steganography is an interesting idea to hide the fact that communication is even taking place, but even there you'd need to communicate the parameters some how ahead of time.

Edited 2013-06-24 03:36 UTC

Reply Score: 3

RE[6]: Enough already
by Lennie on Mon 24th Jun 2013 09:01 UTC in reply to "RE[5]: Enough already"
Lennie Member since:
2007-09-22

A head of time, is the whole problem with websites and people you've never met. I did mention in wide-spread use.

A web of trust is the only solution we have and it is isn't a great solution.

Just a simple example: Do you think the general public would ever be using something like CAcert ?

Reply Score: 2

It's become part of life, sadly....
by gan17 on Sat 22nd Jun 2013 17:48 UTC
gan17
Member since:
2008-06-03

This is all being carried out without any form of public acknowledgement or debate.

Ever been to London lately? The amount of surveillance cameras there is insane. I think people there don't even bother arguing anymore.

Kind of similar to where I live, Singapore. We know we're being monitored constantly, but most just don't give a sh*t anymore. Even the petty criminals (small-time dealers, loansharks, knock-off goods pirates) just live in denial, constantly telling themselves "they'll ignore me and only go after the big fish".

Reply Score: 4

AndyB Member since:
2013-03-22

Which is just the point I was trying to make earlier! The whole point of this is to catch terrorists, extremists and the like, not some random guy selling dodgy DVD's.

There is a factor of information overload though, the more data is gathered, the more likely things will be overlooked due to the sheer volume of the data haul. It's much more likely that targeted data collection will be analyzed closely, rather than trawling through it all in the hope something of interest comes up.

At the end of the day if you have nothing to hide then I really do not see the problem! It sure beats living in a country where you fear for your life every day because the real loonies are never caught!

Reply Score: 0

fossil Member since:
2009-05-29

.

At the end of the day if you have nothing to hide then I really do not see the problem! It sure beats living in a country where you fear for your life every day because the real loonies are never caught!


I youu have nothing to hide you shouldn't have curtains at your home?

If you have nothing to hide you shouldn't mind remotely controlled cameras and microphones in every room at home and at work, yes?

If you have nothing to hide you shouldn't mid the instrumentality of a police state being set up?

Being over 60, I'm glad I won't live long enough to see the world you seem willing to accept.

Reply Score: 3

Morgan Member since:
2005-06-29

At the end of the day if you have nothing to hide then I really do not see the problem!


The problem lies in the fact that every year more and more formerly innocuous acts become criminalized. Soon we'll reach the point where the average person's daily routine causes them to commit multiple misdemeanors and local ordinance violations. Combined with the fact that nearly everything we do, say, and type is being logged, you end up with a situation where extreme leverage can be placed on anyone at the government's whim.

There is also a push in the US law enforcement arena to attempt to charge a suspect with obstruction for exercising their Constitutional right to not self-incriminate.

It's getting quite a bit scary out there.

Reply Score: 4

unclefester Member since:
2007-01-13

Which is just the point I was trying to make earlier! The whole point of this is to catch terrorists, extremists and the like, not some random guy selling dodgy DVD's.


Electronic surveillance didn't stop 9/11 or the recent Boston bombing. The data was simply overlooked.

Effective counter-terrorism requires intelligence agencies to infiltrate the terror networks at the highest levels. Britain effectively destroyed the IRA over decades by gradually inserting their agents into the IRA hierarchy. Eventually the No2 IRA commander was a British agent supplying a constant stream of intelligence to the authorities.

Reply Score: 4

benytocamela Member since:
2013-05-16


At the end of the day if you have nothing to hide then I really do not see the problem!



in the name of consistency would you kindly disclose the details of your banking accounts please?

Edited 2013-06-24 23:33 UTC

Reply Score: 1

M.Onty
Member since:
2009-10-23

http://www.guardian.co.uk/uk/2013/jun/23/mi5-feared-gchq-went-too-f...

"The answer is that you can't stop it. It is a self-fulfilling prophecy. The more we develop communications technology, the more they develop technology to intercept it. There was MS Chat – easy. Then Yahoo chat – did that, too. Then Facebook. Then Skype. Then Twitter. They keep catching up. It is good for us, but it is bad for us."

Reply Score: 3

Comment by yester64
by yester64 on Sun 23rd Jun 2013 17:44 UTC
yester64
Member since:
2012-07-28

It gets harder and harder to distinguish between China and the US or the UK or other countries with similar surveillance.
for your protection we will monitor you for your own sake.
The future looks indeed grim. Good luck future generation.

Reply Score: 2

All USA & Queenslands SPY DATA IS SHARED
by ASmith on Mon 24th Jun 2013 01:13 UTC
ASmith
Member since:
2012-02-10

Prior to 1987 and thru present dates USA has had a spying telecommunications agreement with UK,Canada,Australia and New Zealand (Queenslands) to obtain and jointly share all domestic and international phone calls and data feeds.

By tapping into the major optic fiber feedlines to each nations main exchange relay points, the intelligence agencys are able to clone or tap all the data that flows in and out of those relays in a passive fashion.

With the new NSA Beehive gigantic data server that Herr Warren Hatch managed to get funded in Utah, USA childrens critical comments or disparging texts now could be used to prevent them from obtaining Jobs, Visa's and various Positions decades from now.

Does the Israeli Mossad also get copies of all of that data after its been filtered and indexed? Very likely and France,Germany likely get some data also.

What is extremely troubling however is the vast number of contractors with top secret or higher access (1 Million+) that could obtain access to that data and then providing that to the drug cartels, vindictive employers or political partys for all kinds of digital extortion, blackmail and violence which those that haven't connected the ways such information could and would be used against Western citizens and their familys in the future have not considered.

Another truly sad observation is any forum and posting site connected to current and cutting edge computer technology DOES NOT OFFER SSL CONNECTIONS! Yes OS News forces its users to send their login information via a non-SSL (non-Https:) connection and your posts are likewise sent in plaintext fashion. Such is now mostly seen by the oldest, unused websites and is insulting to find on any current forum connected to computer technology. Wanting SSL to users is not paranoid, its common sense and widely used across the industry to button down who sees what.

Please consider offering SSL to viewers and members of the OSNews community.

Reply Score: 2

Morgan Member since:
2005-06-29

I can see your point about wanting SSL login for this site. But as far as posts being sent "in plaintext", well this isn't an exclusive, private site. Anyone with or without an account here can read, index and search all posts by anyone. I'm not sure why you think that should change, it's not like we're some super secret anarchist organization. We're a bunch of tech types talking about current trends in the tech world.

Edited 2013-06-24 12:48 UTC

Reply Score: 2

ASmith Member since:
2012-02-10

Logging in under SSL insures end-end encryption AND end-end decryption preventing snooping midstream from simply cloning your plain text into a huge data storage unit which is precisely what the PRISM does in cloning the data stream and storing it for snooping agencys.

Such has nothing to do with the fact of a public forum reading the data which is posted. SSL would prevent snooping the mid-stream data because it is encrypted end-end, decrypted at the osnews server site end and then posted. Yes posted in plain text but sent in encrypted AES-256bit midstream.

Having SSL for login and secure sessions has nothing to do with paranoid nor some anarchist organization, its about common sense and 2013 in which a vast number of current sites and modern forums have recognized and now offer SSL (https:) optionally to its members and guests.

Reply Score: 1

Comment by lucas_maximus
by lucas_maximus on Mon 24th Jun 2013 10:18 UTC
lucas_maximus
Member since:
2009-08-18

GCHQ is a spy agency, I would be surprised if they wasn't doing stuff like this.

Reply Score: 2

Are we all living in the 50's???
by AndyB on Mon 24th Jun 2013 17:18 UTC
AndyB
Member since:
2013-03-22

I apologize in advance for what I am about to say, but doesn't this all remind you of people wearing metal hats to stop aliens reading our thoughts in the 50's?

Seriously, considering they have probably being doing this for years already, do you know of anyone personally who has been affected by any of this? By personally I mean your friends/social group or you've done business with them, not just that you recognize a name in the newspaper because they have been caught for some wrong doing before.

Reply Score: 1

ASmith Member since:
2012-02-10

Yes, several law abiding computer users attending the Occupy Wall Street demonistrations and protests in Seattle, Washington and Portland, Oregon were followed by the FBI,DHS federal agents then had their doors kicked in following early morning raids with sealed warrants which prevented any of them from reading the scope of the warrants and charges.

All of their digital devices were confiscated (stolen, taken, downloaded, cloned) and those law abiding USA citizens are in jail still waiting to even learn of their criminal charges.

OWS protesters in NYC found the CIA was (Illegally under the USA Domestic Spying Ban) working directly with the NYPD and later also LAPD to crush demonistrators and protesters at the Occupy Wall Street protests. Perhaps that is what you mean by the crass,depraved use of the FBI during the McCarthy 'Everyone is a Communist' 1950's era when scores of innocent USA Citizens including high level Hollywood actors and actress's were blacklisted as 'communists' and much later found entirely innocent AFTER their lives and livelyhood were destroyed.

Or were you referring to those realizing the USA policestate would make the depraved Stashi green with jealousy as wearing tin-foil hats? That makes you sound like a Ostrich with its head in the sand pretending goose stepping police and security agencys are not destroying entire nations libertys, freedoms and privacy's of its law abiding citizens.

The present and future of Computing will have a very heavy focus on privacy and security. The recent admission by Microsoft officials that holes, exploits and percieved backdoors are being shared with the NSA who uses them to build virus's, trojans to attack their 'enemys' is a eyeopener. The Stuxnet,Duqu and Flame Virus packages infested MILLIONs of computers and electronic control modules of Win-X OS computers in the Western nations over the years after they were apparently released in the Middle East. Now I know why Microsoft didn't go after the authors of the Stuxnet,Duqu and Flame virus creators whose many modules probably directly resulted from high level exploit information sharing from Microsoft themselves, oh my!

Reply Score: 2

AndyB Member since:
2013-03-22

So let me get this straight, you think that protesters are average, law abiding citizens? I grant you the following treatment is harsh if that's all they did, but who's to say they were completely innocent if they are prepared to be part of a protest (which in itself is a form of offence)? Just because the authorities have not made their past public knowledge does not prove they're innocent either!

Reply Score: 1

zima Member since:
2005-07-06

You're outright scary (assuming you're not trolling)

Reply Score: 2

AndyB Member since:
2013-03-22

Not trolling, but not paranoid either!

I was merely pointing out that without knowing the whole story it's very hard to judge an action or reaction. That is why I said anyone who KNOWS someone, which got a reply which could have very easily come from a newspaper report, hardly a personal account now is it?

Reply Score: 1

zima Member since:
2005-07-06

All right then, you are scary... (and a wet dream of every would-be tyrant)

Reply Score: 2

Alfman Member since:
2011-01-28

AndyB,

"So let me get this straight, you think that protesters are average, law abiding citizens?"

Why wouldn't they be? The moment you start treating them otherwise is the moment democracy breaks down as normal honest citizens begin to fear their dissent will result in governmental retaliation/harassment (stoppages at the borders, detained from flights, police searches, etc).


"... who's to say they were completely innocent if they are prepared to be part of a protest (which in itself is a form of offence)?"

Seriously?!? Protestors are no doubt a thorn in the side of overreaching governments, but they're role is absolutely crucial for genuine democracy and to keep the government accountable to the public. Having a government that imposes it's will, and employs agencies to secretly spy on the public is ass-backwards!


I'll ask you candidly, if a government truly believes in democracy, does it allow it's most controversial policies to be decided on by the public or behind closed doors? There are nascent elements of totalitarianism going on here, and that is what scares me, certainly more than "offensive" protestors.

Edited 2013-06-25 19:19 UTC

Reply Score: 2

CapEnt Member since:
2005-12-18

Nobody ever got a real alien spying thoughts. That's why the masses always reduced this to the ridicule.

Now it is different: we actually got the government doing mass surveillance.

The difference between fantasy and reality can be very thin sometimes. If you said 5 years ago that any government was doing such a wide scale information gathering, you would be shunned and called a paranoid.

Looks funny, but now Richard Stallman does not look so much a crazy. I don't see anybody smiling while reading a article made by him anymore.

Reply Score: 3