Abaco

Edward Snowden

29 posts in this topic

I am curious what others here think about NSA whistleblower Ed Snowden. Is he a hero? Is he a traitor? I ask because I was a little surprised to hear Boehner call him a traitor yesterday. Perhaps I don't know the details but didn't this guy blow the whistle on government largess? Weren't the activities he exponsed unconstitutional? What am I missing here, honestly? I ask with an open mind.

Share this post


Link to post
Share on other sites

Just by listening to the news with a little more attention since the attacks of September 11, 2001 I've known about the NSA's scanning of electronic communications for key words and phrases -- I even know they intercept and scam worldwide communications from a facility in Canada (senator after senator spoke of how impressive the tech was to the Press. How hard is it to infer what they're doing?) And if they scan it it's reasonable to assume they keep copies. And if they have these copies, what would it take to write the code needed to analyze it in any of a million ways?

Given the relationship between communications companies and government from Day One, and how easy it is for anyone to get anyone's communications records, none of this is that surprising.

There was no need for this guy to do this. This has served no moral purpose that I can see.

Share this post


Link to post
Share on other sites

Just by listening to the news with a little more attention since the attacks of September 11, 2001 I've known about the NSA's scanning of electronic communications for key words and phrases -- I even know they intercept and scam worldwide communications from a facility in Canada (senator after senator spoke of how impressive the tech was to the Press. How hard is it to infer what they're doing?) And if they scan it it's reasonable to assume they keep copies. And if they have these copies, what would it take to write the code needed to analyze it in any of a million ways?

Given the relationship between communications companies and government from Day One, and how easy it is for anyone to get anyone's communications records, none of this is that surprising.

There was no need for this guy to do this. This has served no moral purpose that I can see.

I've not gotten a chance to dig deeply into what he was saying. But, wasn't his issue along the lines of domestic warrantless tapping of American citizens? Maybe it wasn't, but that's what I thought got him to blow the whistle. I think we're talking about two different things, John. But sure - If he's blowing the whistle on government surveilance of suspected terrorists in foreign communications there's really no issue. And, Boehner would be correct.

Share this post


Link to post
Share on other sites

Just by listening to the news with a little more attention since the attacks of September 11, 2001 I've known about the NSA's scanning of electronic communications for key words and phrases -- I even know they intercept and scam worldwide communications from a facility in Canada (senator after senator spoke of how impressive the tech was to the Press. How hard is it to infer what they're doing?) And if they scan it it's reasonable to assume they keep copies. And if they have these copies, what would it take to write the code needed to analyze it in any of a million ways?

Given the relationship between communications companies and government from Day One, and how easy it is for anyone to get anyone's communications records, none of this is that surprising.

There was no need for this guy to do this. This has served no moral purpose that I can see.

I've not gotten a chance to dig deeply into what he was saying. But, wasn't his issue along the lines of domestic warrantless tapping of American citizens? Maybe it wasn't, but that's what I thought got him to blow the whistle. I think we're talking about two different things, John. But sure - If he's blowing the whistle on government surveilance of suspected terrorists in foreign communications there's really no issue. And, Boehner would be correct.

I think warrantless tapping is an issue. My point is that this is nothing new to anyone that's been paying attention. I don't see what purpose his action has or will serve. I also don't see much damage done, as anyone who intends to do us harm has to be working on the assumption that their communications are IDed, recorded and scanned.

Share this post


Link to post
Share on other sites

As to whether this man is a hero or a traitor, I think much more needs to be revealed before I'll be able to make an informed decision. For example, did he endanger the lives of those in the intelligence community by releasing this information? I for one, respect the way John Bolton, former U.S. Ambassador to the U.N., eloquently makes his views known, and he states Snowden is a traitor. While on the other hand, if Snowden believed he was doing the right thing by becoming a 'whistleblower' of unconstitutional practices by our intelligence community, does that make him a hero? I am afraid there is much more to this story to be learned and many in the media, politics, and public are jumping to conclusions before all the facts are known, which is far too common a practice.

Share this post


Link to post
Share on other sites

The central issue is government spying on American citizens, not that there is yet another inside source exposing it. In this post-constitutional era there will continue to be controversies over insiders exposing government abuse even as they are claimed to be improperly revealing government information, but don't let the statists and their apologists misdirect your attention with a shiny object and let them call for the wrong head.

When government laws are increasingly tyrannical, and government violates its own laws that were originally intended to be proper (like "national security"), there is no longer a clear criterion of "follow the law" -- that has been turned into a statist duty accompanied by sophistry appealing to an objective respect for law which is no longer warranted. Beware of conservatives who can't tell the difference. You follow many laws now because you are forced to, but you no longer have to respect them or automatically call for their enforcement.

Learn who, in this context, are your friends and watch for what is valuable and courageous even among the mixed, watching carefully to see the purpose of those who speak out, what they do, and why. Don't follow platitudes and false alternatives creating confusion on behalf of statism. You are witnessing and experiencing how a country falls apart into tyranny. That isn't by a sudden collapse with no warning. It goes through a long period of disintegration and mixed characteristics, for reasons Forum members already know, before a sudden turn for the worse in the instability.

Here is a good article from Wired.com exposing what was already publicly known over a year ago (March 2012) about the mass government interception, archiving, and decrypting (when required to interpret) electronic communications (including both email and telephone) "The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)" March 15, 2012.

Those reports were undermined and confused in the public mind by official denials muddying the water, as illustrated in this article "NSA Chief Denies Domestic Spying But Whistleblowers Say Otherwise" March 21, 2012.

The recent expose in the Guardian, based apparently mostly on Snowden's documentation from a classified slide show "NSA slides explain the PRISM data-collection program", blew the cover off the obfuscation by revealing actual NSA documents describing how the government has ensnared several major private companies into helping it. This was further supported by a copy of the most recent court ordered mass "general warrant" for "meta data" directed at Verizon, of unknown source. This has turned a state of what the government might be doing, with a sinking feeling that they are in the process, into "they already are, more and sooner than you had hoped, and have been hiding it".

So far Snowden has apparently done nothing to endanger the country or our actual defense, either maliciously or by accident. On the contrary:

“People who think I made a mistake in picking [Hong Kong] as a location misunderstand my intentions. I am not here to hide from justice; I am here to reveal criminality.”

“I’m neither traitor nor hero. I’m an American.”

“My intention is to ask the courts and people of Hong Kong to decide my fate. I have been given no reason to doubt your system.”

Here are a couple of other recent articles on William Binney, another former NSA whistleblower:

"NSA Whistleblower: The Government Is Still Telling You an ‘Outright Lie’ About Its Spying Programs"

"Whistleblower's NSA warning: 'Just the tip of the iceberg'"

Share this post


Link to post
Share on other sites

Snowden didn't endanger Americans - terrorists endanger Americans. The government's role is not to protect certain rights at the expense of others, it is to protect all rights according to an objective standard, ideally defined in the law. I'm not sure Snowden is a hero, but he's closer to being one than to being a traitor.

Share this post


Link to post
Share on other sites

Snowden didn't endanger Americans - terrorists endanger Americans. The government's role is not to protect certain rights at the expense of others, it is to protect all rights according to an objective standard, ideally defined in the law. I'm not sure Snowden is a hero, but he's closer to being one than to being a traitor.

Why then, is Snowden being labeled a traitor? Why is he being vilified for what he did? What information did he blow the whistle on? If what he did aided and abetted the terrorists did he not endanger Americans?

Share this post


Link to post
Share on other sites

You need to make a case for those claims before asking me to defend snowden. People are labelled bad things and villified all the time. Doesn't make it true.

Share this post


Link to post
Share on other sites

Snowden didn't endanger Americans - terrorists endanger Americans. The government's role is not to protect certain rights at the expense of others, it is to protect all rights according to an objective standard, ideally defined in the law. I'm not sure Snowden is a hero, but he's closer to being one than to being a traitor.

Why then, is Snowden being labeled a traitor? Why is he being vilified for what he did? What information did he blow the whistle on? If what he did aided and abetted the terrorists did he not endanger Americans?

The documentation he released (so far 4 slides from an internal agency presentation) were classified top Secret. Publicizing them violated his security clearance and is illegal. He also claims to have taken copies of more documents. From that, and apparently that alone, those who vilify him leap to the conclusion that he must be a "traitor". They confuse purposefully endangering national security with endangering government cover-ups, and ignore that documents are often misclassified and hidden to protect government corruption.

Actual terrorists already know that their communications are monitored. If Snowden also has actually endangered national security from foreign enemies (as opposed to the Tea Party that the Obama administration regards as more dangerous to his agenda), either deliberately or inadvertently, it has yet to be publicly explained. In an era of "narratives", "stories" and "talking points" intended to manipulate what people think, don't expect an objective explanation from the politicians and their apologists.

Share this post


Link to post
Share on other sites

ewv - I'm thinking along the lines of your commentary. And, this leads me to something that has troubled me quite a bit lately. As you mention, there is a period of "disintegration and mixed characteristics", and this is what I think I've been observing among my fellow conservatives over the past decade. It's like watching a ping pong match where the players actually switch sides. I've seen some of my friends who are conservatives argue emotionally for government largess. I've seen them argue against the sanctity of life, against free distribution of information that had nothing to do with national security. These positions, coming from people I've known to be conservatives, confuses me. I only wonder if I'm seeing the same thing when Boehner calls Snowden a "traitor". My first question is, "based on what?" It's not that I disagree. I just want to hear why he's a traitor. Once again - I believe that Snowden's bone to pick was that our government was spying on any of us. I've heard him say so. Will he be executed now? It's quite possible.

I once knew a beautiful woman from Columbia. She fled and came to Seattle when I lived there. In Columbia the government police might come to your door and say, "We need a computer. We'll be back in three days to get it." If you don't have it when they come back the man of the house has an accident. I seriously think some people I know personally and who call themselves "conservative" would argue that such a thing is justified because it's to help the police and the police fight crime, and fighting crime is conservative. I'm not exaggerating. One conservative friend recently said we need to go into Syria and start killing people. I asked him why he had this position and he had no answer. None.

How long until I hear some of my conservative friends arguing for gun control? I've heard them argue for forced abortion. See how the waters are being muddied? Maybe I'm seeing something that was always there and I was just being naive.

Share this post


Link to post
Share on other sites

For years, the three whistle-blowers had told anyone who would listen that the NSA collects huge swaths of communications data from U.S. citizens. They had spent decades in the top ranks of the agency, designing and managing the very data-collection systems they say have been turned against Americans. When they became convinced that fundamental constitutional rights were being violated, they complained first to their superiors, then to federal investigators, congressional oversight committees and, finally, to the news media.

http://www.federaltimes.com/article/20130617/DEPARTMENTS01/306170009/3-We-told-you-so

Share this post


Link to post
Share on other sites
Well the information he released IS NOT NEW NEWS. It's been in the academic and public domain for a while under different disguises...the only thing he did was VALIDATE & CONFIRM THE DEGREE to which the programs were operating.


Have all y'all noticed that the MSM has focused the attention on Snowden and the right/wrong of his actions (just like this thread) rather than the malfeasance he has attempted to reveal? Also, have you noticed the LACK of coverage on all the scandals on the Administration that occupied the news since the Snowden issue?


That said...it could have been whistle blowing if he had just left it at a point of Americans are being collected on without specific warrants (the accusation is that this program is specifically aimed at communications between Americans with neither being overseas) but he went beyond that, how he did it, and his history and back story stinks.


The difference between this program and what Bush did (as far as we know) is that this program is collecting everything between specifically Americans while the Bush program had to have one side of the communication overseas usually from or to terrorist hot spots. The examples the director gave in open session each had one side overseas, which is not the issue at hand. we of course do not know what was discussed in closed session.

Share this post


Link to post
Share on other sites

Email exchange between Edward Snowden and former GOP Senator Gordon Humphrey

I believe you have done the right thing in exposing what I regard as massive violation of the United States constitution.

I object to the monumentally disproportionate campaign being waged by the U.S. Government against Edward Snowden, while no effort is being made to identify, remove from office and bring to justice those officials who have abused power, seriously and repeatedly violating the Constitution of the United States and the rights of millions of unsuspecting citizens.

Mr. Humphrey,

Thank you for your words of support. I only wish more of our lawmakers shared your principles - the actions I've taken would not have been necessary...

... I will not hesitate to wear those charges of villainy for the rest of my life as a civic duty, allowing those governing few who dared not do so themselves to use me as an excuse to right these wrongs.

My intention, which I outlined when this began, is to inform the public as to that which is done in their name and that which is done against them. I remain committed to that. Though reporters and officials may never believe it, I have not provided any information that would harm our people - agent or not - and I have no intention to do so.

Further, no intelligence service - not even our own - has the capacity to compromise the secrets I continue to protect. While it has not been reported in the media, one of my specializations was to teach our people at DIA how to keep such information from being compromised even in the highest threat counter-intelligence environments (i.e. China).

You may rest easy knowing I cannot be coerced into revealing that information, even under torture.

With my thanks for your service to the nation we both love,

Edward Snowden

Share this post


Link to post
Share on other sites

I object to the monumentally disproportionate campaign being waged by the U.S. Government against Edward Snowden, while no effort is being made to identify, remove from office and bring to justice those officials who have abused power, seriously and repeatedly violating the Constitution of the United States and the rights of millions of unsuspecting citizens.

Our Attorney General, who can't get enough of misrepresenting Stand Your Ground stats, has declined to go after the IRS personnel that went after Tea Party members and conservatives.

Share this post


Link to post
Share on other sites

Feds tell Web firms to turn over user account passwords


Secret demands mark escalation in Internet surveillance by the federal government through gaining access to user passwords, which are typically stored in encrypted form.

July 25, 2013

"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."

A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'"

Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.

Cracking the codes

Even if the National Security Agency or the FBI successfully obtains an encrypted password, salt, and details about the algorithm used, unearthing a user's original password is hardly guaranteed. The odds of success depend in large part on two factors: the type of algorithm and the complexity of the password.

Algorithms, known as hash functions, that are viewed as suitable for scrambling stored passwords are designed to be difficult to reverse... Computer scientists believe that, if a hash function is well-designed, the original phrase cannot be derived from the output.

But modern computers, especially ones equipped with high-performance video cards, can test passwords scrambled with MD5 and other well-known hash algorithms at the rate of billions a second. One system using 25 Radeon-powered GPUs that was demonstrated at a conference last December tested 348 billion hashes per second, meaning it would crack a 14-character Windows XP password in six minutes.

The best practice among Silicon Valley companies is to adopt far slower hash algorithms -- designed to take a large fraction of a second to scramble a password -- that have been intentionally crafted to make it more difficult and expensive for the NSA and other attackers to test every possible combination.

One popular algorithm, used by Twitter and LinkedIn, is called bcrypt. A 2009 paper (PDF) by computer scientist Colin Percival estimated that it would cost a mere $4 to crack, in an average of one year, an 8-character bcrypt password composed only of letters. To do it in an average of one day, the hardware cost would jump to approximately $1,500.

But if a password of the same length included numbers, asterisks, punctuation marks, and other special characters, the cost-per-year leaps to $130,000. Increasing the length to any 10 characters, Percival estimated in 2009, brings the estimated cracking cost to a staggering $1.2 billion.

As computers have become more powerful, the cost of cracking bcrypt passwords has decreased. "I'd say as a rough ballpark, the current cost would be around 1/20th of the numbers I have in my paper," said Percival, who founded a company called Tarsnap Backup, which offers "online backups for the truly paranoid." Percival added that a government agency would likely use ASICs -- application-specific integrated circuits -- for password cracking because it's "the most cost-efficient -- at large scale -- approach."


So for NSA, 10 character passwords at a mere "staggering" (only to taxpayers) $1.2 billion in 2009 for reusable equipment are routine.

Share this post


Link to post
Share on other sites

When available I back my passwords up with mobile authenticators in the form of physical or software units that generate random time-based codes. Even if they have my username and password they still can't get in.

The HTTPS protocol is up for grabs as well:

http://news.cnet.com/8301-13578_3-57595202-38/feds-put-heat-on-web-firms-for-master-encryption-keys/

If the FBI or NSA gets this information, it will eventually be stolen or leaked and the Internet will instantly be a very different place to do business.

Share this post


Link to post
Share on other sites

According to these last two articles, all companies contacted are denying that they have fulfilled the "requests" for the general password and https security information.

Meanwhile you can use the commonly used https plugin for firefox, DNSCrypt, and the ixquicksecure search gateway (and/or startpage for google) to block browser url tracking by all kinds of lowlife -- as well as tor or JonDo for secure proxies, pgp encryption for email such as the engigmail plugin for thunderbird, and even encrypted telephone calls on smart phones.

But the more sophisticated the methods you use, the more it attracts the attention of paranoid bureaucrats who assume you have something to hide because they can't easily see what it is when they want to. In particular, encrypted communications and use of secure proxies that typically go through foreign servers are routinely monitored: The top secret rules that allow NSA to use US data without a warrant (Guardian 6/20/13):

... the Fisa court-approved policies allow the NSA to:

• Keep data that could potentially contain details of US persons for up to five years;

• Retain and make use of "inadvertently acquired" domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;

• Preserve "foreign intelligence information" contained within attorney-client communications;

• Access the content of communications gathered from "U.S. based machine" or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.

The broad scope of the court orders, and the nature of the procedures set out in the documents, appear to clash with assurances from President Obama and senior intelligence officials that the NSA could not access Americans' call or email information without warrants.

The documents also show that discretion as to who is actually targeted under the NSA's foreign surveillance powers lies directly with its own analysts, without recourse to courts or superiors – though a percentage of targeting decisions are reviewed by internal audit teams on a regular basis.

Encryption is still a roadblock to both "commercial" trackers and government agencies, especially as it becomes more widely used, but according to the CNET article on demands for password security data cited above:

Even if "the NSA is asking for access to hashed bcrypt passwords," Mazières said, "that doesn't necessarily mean they are cracking them." Easier approaches, he said, include an order to extract them from the server or network when the user logs in -- which '>has been done before -- or installing a '> keylogger at the client.

An engineer from the anti-virus company Saperksy once told me, when pressed, that their normal anti-virus scanning is only effective for viruses that have already been discovered in common use and added to their filters, and would not catch a custom virus designed to politically go after a particular individual.

Share this post


Link to post
Share on other sites

Hard work to listen to all that. I can't be so dismissive of motivations not affecting the heroics of an action. After all, the motive may be a bigger threat than the evil mitigated.

Share this post


Link to post
Share on other sites

Hard work to listen to all that. I can't be so dismissive of motivations not affecting the heroics of an action. After all, the motive may be a bigger threat than the evil mitigated.

The attempt to separate the motives from an action in this context sounds like a mind-body dichotomy, as if the intent of an action has nothing to do with how you evaluate the person as opposed to the consequences of the action, with a person's character evaluated through a rationalization deduced from what his body did without regard to what he thinks and why he acted.

The focus in this thread has been on what he did and the meaning of what he revealed -- which is stunning and thoroughly justifies Leonard Peikoff's conclusions about what it means for this country and government -- and on a warning not to let the statists shift our attention away from that and onto Snowden's "lawbreaking".It's interesting that a lot of prominent Republicans naturally fell into that, missing the whole point as apologists for the government corruption. We are now supposed to believe that 'respect for the law' means unquestioning ''respect', submissiveness and obedience to statism, completely ignoring what laws are properly for and why a government of such laws is to be respected but not its statist opposite.

We have seen enough now about Snowden and his apparent sincerity to conclude that his actions are personally heroic and that he ought to be defended as a matter of justice, but the main issue, as he has said himself, is still what the government is doing.

Share this post


Link to post
Share on other sites

"No need" for free speech, says the British counterpart to NSA, as it orders journalists to stop writing about the NSA scandal. This is the face -- and the massive boot -- of statism, and the scope and intensity have become stunning. NSA and its British counterpart have become a monster -- an enormous agency given trillions of dollars to secretly collect and decrypt comprehensive information on everyone, in collaboration with major corporations who may or may not be coerced but are being lied to themselves as NSA manipulates markets, standards, and products while secretly running covert spy operations inside the private companies on behalf of what it calls its "political masters" and against consumers it calls its "adversaries" -- as it also lies to Congress and the public and claims to be justified by a secret government court it also lies to.

This, or something like it, was inevitable given the kind of raw power that government has appropriated for itself. And given the shear size of and number of people involved in this exploding power it was equally inevitable, despite the hubris of the rulers who believed they could indefinitely keep it secret, that sooner or later someone would inevitably spill the beans. If it hadn't been Snowden and his predecessors like Binney, it would have come out some other way.


Fox News/AP: NSA can reportedly break into most encrypted Internet communications

Excerpts:

The National Security Agency, working with the British government, has secretly been unraveling encryption technology that billions of Internet users rely upon to keep their electronic messages and confidential data safe from prying eyes, according to published reports Thursday based on internal U.S. government documents.

The NSA has bypassed or altogether cracked much of the digital encryption used by businesses and everyday Web users, according to reports in The New York Times, Britain's Guardian newspaper and the nonprofit news website ProPublica. The reports describe how the NSA invested billions of dollars since 2000 to make nearly everyone's secrets available for government consumption.

In doing so, the NSA built powerful supercomputers to break encryption codes and partnered with unnamed technology companies to insert "back doors" into their software, the reports said. Such a practice would give the government access to users' digital information before it was encrypted and sent over the Internet.

Thursday's reports described how some of the NSA's "most intensive efforts" focused on Secure Sockets Layer, a type of encryption widely used on the Web by online retailers and corporate networks to secure their Internet traffic. One document said GCHQ had been trying for years to exploit traffic from popular companies like Google, Yahoo, Microsoft and Facebook.

Snowden told one questioner that "encryption works." Snowden said that "properly implemented strong crypto systems" were reliable, but he then alluded to the NSA's capability to crack tough encryption systems. "Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it," Snowden said.

President Barack Obama said he welcomed the debate and called it "healthy for our democracy" but meanwhile criticized the leaks; the Justice Department charged Snowden under the federal Espionage Act....

Last month, Guardian editor Alan Rusbridger said that British government officials came by his newspaper's London offices to destroy hard drives containing leaked information. "You've had your debate," one UK official told him. "There's no need to write any more."


The longer, original Guardian article:

Revealed: how US and UK spy agencies defeat internet privacy and security
- NSA and GCHQ unlock encryption used to protect emails, banking and medical records
- $250m-a-year US program works covertly with tech companies to insert weaknesses into products
- Security experts say programs 'undermine the fabric of the internet'


Excerpts:

"By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet." Classified briefings between the agencies celebrate their success at "defeating network security and privacy"...


The breakthrough, which was not described in detail in the documents, meant the intelligence agencies were able to monitor "large amounts" of data flowing through the world's fibre-optic cables and break its encryption, despite assurances from internet company executives that this data was beyond the reach of government...


Among other things, the program is designed to "insert vulnerabilities into commercial encryption systems". These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as "adversaries".

"These design changes make the systems in question exploitable through Sigint collection … with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact."

The document sets out in clear terms the program's broad aims, including making commercial encryption software "more tractable" to NSA attacks by "shaping" the worldwide marketplace and continuing efforts to break into the encryption used by the next generation of 4G phones...


Independent security experts have long suspected that the NSA has been introducing weaknesses into security standards, a fact confirmed for the first time by another secret document. It shows the agency worked covertly to get its own version of a draft security standard issued by the US National Institute of Standards and Technology approved for worldwide use in 2006.

"Eventually, NSA became the sole editor," the document states...


... The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.

The document also shows that the NSA's Commercial Solutions Center, ostensibly the body through which technology companies can have their security products assessed and presented to prospective government buyers, has another, more clandestine role.

It is used by the NSA to "to leverage sensitive, co-operative relationships with specific industry partners" to insert vulnerabilities into security products. Operatives were warned that this information must be kept top secret "at a minimum".

A more general NSA classification guide reveals more detail on the agency's deep partnerships with industry, and its ability to modify products. It cautions analysts that two facts must remain top secret: that NSA makes modifications to commercial encryption software and devices "to make them exploitable", and that NSA "obtains cryptographic details of commercial cryptographic information security systems through industry relationships"...


Strict guidelines were laid down at the GCHQ complex in Cheltenham, Gloucestershire, on how to discuss projects relating to decryption. Analysts were instructed: "Do not ask about or speculate on sources or methods underpinning Bullrun." This informaton was so closely guarded, according to one document, that even those with access to aspects of the program were warned: "There will be no 'need to know'."...


"Some exploitable products are used by the general public; some exploitable weaknesses are well known eg possibility of recovering poorly chosen passwords," it said. "Knowledge that GCHQ exploits these products and the scale of our capability would raise public awareness generating unwelcome publicity for us and our political masters."

The decryption effort is particularly important to GCHQ. Its strategic advantage from its Tempora program – direct taps on transatlantic fibre-optic cables of major telecommunications corporations – was in danger of eroding as more and more big internet companies encrypted their traffic, responding to customer demands for guaranteed privacy...

Edgehill's initial aim was to decode the encrypted traffic certified by three major (unnamed) internet companies and 30 types of Virtual Private Network (VPN) – used by businesses to provide secure remote access to their systems. By 2015, GCHQ hoped to have cracked the codes used by 15 major internet companies, and 300 VPNs...


Analysts on the Edgehill project were working on ways into the networks of major webmail providers as part of the decryption project. A quarterly update from 2012 notes the project's team "continue to work on understanding" the big four communication providers, named in the document as Hotmail, Google, Yahoo and Facebook, adding "work has predominantly been focused this quarter on Google due to new access opportunities being developed"...


This GCHQ team was, according to an internal document, "responsible for identifying, recruiting and running covert agents in the global telecommunications industry."



Explaining the latest NSA revelations – Q&A with internet privacy experts
The Guardian's James Ball and cryptology expert Bruce Schneier answer questions about revelations that spy agencies in the US and UK have cracked internet privacy tools

Share this post


Link to post
Share on other sites

Another very troubling point is that if the NSA can do all this, so can foreign governments and agencies. Imagine how easy it will become to frame you and then blackmail you if they can get into your email and bank accounts.

Share this post


Link to post
Share on other sites