On 29/06/13 13:23 PM, Jacob Appelbaum wrote:
http://www.guardian.co.uk/world/2013/jun/17/edward-snowden-nsa-files-whistleblower
One of the most interesting things to fall out of this entire ordeal is
that we now have a new threat model that regular users will not merely
dismiss as paranoid. They may want to believe it *isn't* true or that
policy has changed to stop these things - there is a lot of wishful
thinking to be sure. Still such users will not however believe
reasonably that everyone in the world follows those policies, even if
their own government may follow those policies.
Yes, but I don't think the penny has yet dropped.
One of the things that disturbed me was the several references of how
they deal with the material collected. I don't think this is getting
enough exposure, so I'm laying my thoughts out here.
There is a lot of reference to analysts poking around and deciding if
they want that material or not, as the sole apparent figleaf of a
warrant. But there was also reference to *evidence of a crime* :
http://www.cnsnews.com/news/article/intelligence-chief-defends-internet-spying-program
—The dissemination of information "incidentally intercepted" about a
U.S. person is prohibited unless it is "necessary to understand foreign
intelligence or assess its importance, *is evidence of a crime* , or
indicates a threat of death or serious bodily harm.
The way I read that (and combined with the overall disclosures that they
are basically collecting everything they can get their hands on) the NSA
has now been de-militarised, or civilianised if you prefer that term.
In the sense that, information regarding criminal activity is now being
shared with the FBI & friends. Routinely, albeit secretly and deniably.
This represents a much greater breach than anything else. We always
knew that the NSA could accidentally harvest stuff, and we always knew
that they could ask GCHQ to spy on Americans in exchange for another
favour. As Snowden said somewhere, the American/foreigner thing is just
a distracting tool used by the NSA to up-sell their goodness to congress.
What made massive harvesting relatively safe was that they never shared
it, regardless of what it was about, unless it was a serious national
security issue.
Now the NSA is sharing *criminal* information -- civilian information.
To back this shift up, the information providers reveal:
http://www.counterpunch.org/2013/06/20/spying-by-the-numbers/
Apple reported receiving 4,000 to 5,000 government requests for
information on customers in just the last six months. From December 1,
2012 to May 31, 2013 Apple received law enforcement requests for
customer data on 9-10,000 accounts or devices. Most of these requests
are *from police for robberies, missing children* , etc.
Facebook said something similar about missing children, I think.
Elsewhere, someone sued the NSA to reveal information on his whereabouts
to assist his defence against a crime [0].
So we have moved almost full circle from national security to local
crimes. And nobody blinked! The NSA, FISA, administration, FBI, DoJ,
media, google, facebook, apple... everyone really, have not thought this
strange [1]. Indeed, reading the media reports, it's almost as if they
are preparing the American public for a fait accompli.
The only thing left is civil cases. But we've already seen a number of
elements of that (e.g., l'affair Petraeus) and I suspect it is only a
matter of time before (say) the SEC gets in on the game and uses civil
discovery and civil cases against some scumbag boiler room operation [2].
To put this in context, the endgame in civil cases is divorce, which can
already be dressed up as criminal if we add in some claims of assault, etc.
Do Americans believe the local police and the FBI can show restraint
given the availability of NSA and friends' intel? Use of secret
letters? Do Americans consider that allowing their criminal and civil
courts access to this stuff is a reasonable thing?
Am I the only one to find the American psyche response to be rather
weird? They seem to be focussing on the breaking of (constitutional)
rules, and saying tut, tut, naughty NSA. Must phone my Congressman.
But they -- Americans -- seem to be ignoring the real danger writ large
to them, the very reason for those rules.
iang
ps; to drag this back to crypto, I think crypto can help, and it is
encouraging to see that upswing. But the wider issue here is going to
require a complete rethink of the threat model.
[0] If Apple and Facebook and the rest are accepting secret national
security letters for local crimes, he should get that info. Perhaps EFF
should file a "friends of the court" brief arguing that we are now in a
society where civilians are now entitled to the NSA's support. But I
digress...
[1] This is without even considering the twin corruptions of the
policing forces, being (1) war on drugs, and (2) the profit-making
inherent in asset seizures.
[2] The SEC typically uses civil cases not criminal cases because the
bar of evidence is lower. But they act "as if" it is criminal prosecution.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography