Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
I hate to repeat a post, but the latest NSA revelations are more profound than I can describe [View all]
Last edited Fri Nov 1, 2013, 02:32 PM - Edit history (2)
Also, think back, and look at who is writing this OP.
Why the *#($ didn't Greenwald lead with this? It's far and away the scariest thing I've read in this whole mess, and it retroactively changes the light of a lot of previous revelations.
Slashdot has IMO the best roundup:
http://tech.slashdot.org/story/13/10/30/1735257/nsa-broke-into-links-between-google-yahoo-datacenters
The leaked documents include a post-it note as part of an internal NSA Powerpoint presentation showing a diagram of Google network traffic, an arrow pointing to the Google front-end server with text reading, 'SSL Added and Removed Here' with a smiley face. When shown the sketch by The Post and asked for comment, two engineers with close ties to Google responded with strings of profanity.
They responded with a string of profanity (which a friend of mine at the Post, who did not write this story, described in a personal communication as "minutes long"
because this is an absolute nightmare. This is the "upstream", and it's far, far worse than what I had imagined. I threw this out a few months ago as an absolute pie-in-the-sky hypothetical that of course the NSA didn't have the wherewithal to pull off, because that's absurd, nobody has that. But apparently they do (or OTOH, maybe they just want us to think they do).
If Greenwald had led with this slide and post-it note, I would have definitely responded differently. This is a real-time SSL corruption on a physically isolated line. The existence of those lines and my assumption about their inviolatenes was the main technical basis for my "meh" responses earlier.
Some of my shrugs remain valid: you should always assume that third parties read not your emails themselves but to whom and from whom you send and receive them, and you should always assume that third parties read not the content of the websites you read but what websites you visit. That was true before any of us had heard of Edward Snowden and it will remain true as long as SMTP and HTTP are what they are. If you weren't assuming that already, consider this a teachable moment.
But two very, very Bad Things came out in the most recent revelations:
1. NSA is doing its own gathering. Previously we had had no evidence of that; all the documents said NSA was getting its data from the FBI and subject to the FBI's checks that were there to prevent surveillance of US citizens.
2. At the level of this compromise, there is absolutely nothing from the tech side to prevent NSA from reading real-time content, not just metadata. One reason I had "shrugged" before was that according to what we had previously seen, the NSA was only seeing metadata that, while not public, was already visible to a large number of third parties, and that there were technical limitations that kept them from (meaningfully) getting anything deeper. We now know that is not true.
And, as an unsolicited third part:
3. Former CIA agent Edward Snowden may have declined to release any documents about the CIA's surveillance, but I wouldn't trust that for a second. You can count on Langley to be doing even worse things than Ft. Meade.
66 replies
= new reply since forum marked as read
= new reply since forum marked as read