Snowden Comsec Is Stupefying
We still don't know, and likely will never know, what is in the Snowden collection. Admirable as his courage may be, he erred in handing it over to media incapable of assessing the whole wad, which has led to the teasing and hyperbolized accounts valorizing crypto to armor info-warriors. Perhaps more capable assessment is being done and will be made public in a credible fashion instead of the goofy call for debate before much is known beyond rhetoric and hype. The heavy-handed redactions suggest official advice threats and culling, and do not augur well for seeing the rest. Stupid claims of hiding the collection, insurance as stupid as that of WikiLeaks, stupidly sending some or all of it to other parties, come across as patent dissimulation of the comsec advertising type. Comsec is now a fat mark-up of junk, espoused by stupid comsec advisers to journalists as if a saintly medallion to stop a bullet.
You've shot down the approaches of Snowden and Assange before. I feel like I mostly understand your argument, but I'm not sure I know what you would have them do differently. Is there anything in particular you think they should have done differently to accomplish their goals? Or do you think their goals were misguided? If so, what should their goal been, and what should they have done to accomplish it? I know this seems I'm just trying to encourage counter factual arguments against history. But there will be more leaks, and more folks who are in a position to distribute them. What should they do? -- http://josephholsten.com
On Oct 18, 2013, at 13:37, John Young <jya@pipeline.com> wrote:
We still don't know, and likely will never know, what is in the Snowden collection. Admirable as his courage may be, he erred in handing it over to media incapable of assessing the whole wad, which has led to the teasing and hyperbolized accounts valorizing crypto to armor info-warriors.
Perhaps more capable assessment is being done and will be made public in a credible fashion instead of the goofy call for debate before much is known beyond rhetoric and hype. The heavy-handed redactions suggest official advice threats and culling, and do not augur well for seeing the rest.
Stupid claims of hiding the collection, insurance as stupid as that of WikiLeaks, stupidly sending some or all of it to other parties, come across as patent dissimulation of the comsec advertising type.
Comsec is now a fat mark-up of junk, espoused by stupid comsec advisers to journalists as if a saintly medallion to stop a bullet.
On 2013-10-19 13:43, Joseph Holsten wrote:
You've shot down the approaches of Snowden and Assange before. I feel like I mostly understand your argument, but I'm not sure I know what you would have them do differently.
Is there anything in particular you think they should have done differently to accomplish their goals? Or do you think their goals were misguided? If so, what should their goal been, and what should they have done to accomplish it?
Climategate version 1. One thousand incriminating emails, several hundred incriminating documents, released for everyone to see. Now, we observed the uniform reaction to climategate from the press "Nothing to see here, move along", even though every single email was incriminating and newsworthy - they were not random emails, they were emails someone had selected as being especially and notably vile and evil. If, however, he had slowly released the emails first to selected pressmen, those pressmen would not have been able to refrain from exploiting their advantage over other pressmen, and so the documents would have received coverage in the mainstream media, first one incriminating email, then the next, torture by slow drips. So, optimal behavior is selective release of incriminating documents to specifically chosen and favored individuals, followed by gradually broader release of more and more incriminating documents to more and more people.
On Fri, Oct 18, 2013 at 8:43 PM, Joseph Holsten <joseph@josephholsten.com> wrote:
... Is there anything in particular you think they should have done differently to accomplish their goals? ... there will be more leaks, and more folks who are in a position to distribute them. What should they do?
you can't win opinion any further than Snowden/Manning - so why try? give up the pretense, restraint, and go for the jugular: - co-opt privileged access to further infiltrate and infect. apply 0days from the 0day factory to further pwn the factory itself. training, tactics, procedures leveraged for strategic advantage from within. - dial full-disclosure to 11: torrents, darknets, onions, all forms burst forth with terabytes in an instant. (intelligence census 20XX to complement the internet census 2012 approach to DIY discovery) - bootstrap a workflow of analysis and attack; the information pilfered as input to a second stage of retribution - consequence the only language of deterrence understood. - inflict maximum damage to all targets, all comers. exhaust every what if to demonstrate worst case in action. - seppuku/jigai; your role as übervillain complete. --- On Fri, Oct 18, 2013 at 11:00 PM, James A. Donald <jamesd@echeque.com> wrote: "optimal behavior is selective release of incriminating documents to specifically chosen and favored individuals, followed by gradually broader release of more and more incriminating documents to more and more people." consider an alternative: optimal behavior modification via the execution of worst case failure. make the fallout so significant, so terrible, so all encompassing that the thought of ever again building these massive systems of surveillance conjures nightmares of horrible potential. when the world believes Total Information Awareness == Thermonuclear Winter, you've won! alas, you won't be around to enjoy the victory. --- the pessimists say: such an outcome is inevitable. no technology, no debate, no democracy able nor willing to restrain what has been wrought. now just a matter of time until opportunity and malice applies global information dominance to global domination. dystopia inevitable; the worst case worse than you imagine...
On Sat, Oct 19, 2013 at 1:10 AM, coderman <coderman@gmail.com> wrote:
... consider an alternative: optimal behavior modification via the execution of worst case failure....
to anon: of course these suggestions are ridiculous; this fits the ridiculous notion of a many billion budget producing extremely poor results with abysmal cost effectiveness. in addition, trampling on privacy both domestic and foreign while squandering public resources. in a sane world with less ridiculous, whistle blowers would report in privacy and independent bodies would evaluate their claims with power to act against disallowed practices. that is the correct solution. of course, i also consider the lack of proper hardware entropy sources in all computing devices an inexcusable negligence equally ridiculous... i may be a bit biased ;)
It is not either dribble / or "dump" as favored outlets are pontificating, seemingly by ostentatious agreement to limit harm to governments by harming the public. Both: provide the documents in a publicly accessible depository as well as narrate their significance for those who prefer readers digest and authoritative guidance. Right now, DocumntCloud provides this depository, holds over 400,000 documents provided by "authenticated" journalists to substantiate their reports and to share with others. Nearly all of the Snowden documents are on file there. http://www.documentcloud.org/public/search/ Researchers and other journalists want to see original material for their own edification, interpretations and uses. And to balance the inevitable bias and lack of understanding common to all of us. Bear in mind that readers digests, narratives and editorials are entertaining fiction like "news." Similarly, WikiLeaks initially provided copious documents as back-up to its commentary. And still does despite an uptick in exhortatory narratives. So does Federation of American Scientists, National Security Archive, Public Intelligence, Crytpocomb, and dozens more, some very old, other new: http://cryptome.org/0002/siss.htm This dribbling of documents is a moneymaking scam which may increase in harm by concealing information that puts people in harm's way, not the spies and their agents. Or worse, choking the flow is required by a confidential negotiated agreement or policy to test the market, test the USG response, vet with governments as most major newpapers do "to limit harm" a code word of complicity. At one point early on Greenwald says he considered setting a web site for the documents to be called NSADocuments. It is not clear what led him to go a conventional monetized route with the Guardian. Nor the conditions under which WaPo, O Globo, Der Spiegel, New York Times and ProPublica were brought into the stream. What is annoying for the special purpose of this honorable list of understatement is the braying about encryption as if that is now mandatory PR to show comsec responsibility. Nothing about the well-known weaknesses of encryption, its frequent failures, its backdoors, its extremely misleading marketing, its long history of many failures and few successes, its use for entrapment and tracking, its customary snake oil claims, its recantment by original authors, its cover-up by original authors, its hopelessly fuck-up state at the present time and crazed efforts to patchwork temporary solutions to prop up damaged markets and tattered reputations amply demonstrated here and other crypto fora, especially the chickenshit one which bans political and embarassing topics, therefore most likely populated with those deeply and long complicit in commercial and governmental exploitation of the public. No need to beat the dead horses of Tor, anonymizers, OTR, OTP, sekret chats, sneaker nets, black nets, key signing parties, key revocations, forgeries, impersonations, giant corps and NGOs, use of trusted cryptoids to front dubious surefire protection, use of bold names to mislead corrective efforts for damage they themselves caused, in particular misleading Manning, Snowden, Anonymous, LulzSec and many others about comsec. At 11:43 PM 10/18/2013, you wrote:
You've shot down the approaches of Snowden and Assange before. I feel like I mostly understand your argument, but I'm not sure I know what you would have them do differently.
Is there anything in particular you think they should have done differently to accomplish their goals? Or do you think their goals were misguided? If so, what should their goal been, and what should they have done to accomplish it?
I know this seems I'm just trying to encourage counter factual arguments against history. But there will be more leaks, and more folks who are in a position to distribute them. What should they do?
On Oct 18, 2013, at 13:37, John Young <jya@pipeline.com> wrote:
We still don't know, and likely will never know, what is in the Snowden collection. Admirable as his courage may be, he erred in handing it over to media incapable of assessing the whole wad, which has led to the teasing and hyperbolized accounts valorizing crypto to armor info-warriors.
Perhaps more capable assessment is being done and will be made public in a credible fashion instead of the goofy call for debate before much is known beyond rhetoric and hype. The heavy-handed redactions suggest official advice threats and culling, and do not augur well for seeing the rest.
Stupid claims of hiding the collection, insurance as stupid as that of WikiLeaks, stupidly sending some or all of it to other parties, come across as patent dissimulation of the comsec advertising type.
Comsec is now a fat mark-up of junk, espoused by stupid comsec advisers to journalists as if a saintly medallion to stop a bullet.
On Sat, Oct 19, 2013 at 5:37 AM, John Young <jya@pipeline.com> wrote:
It is not either dribble / or "dump" as favored outlets are pontificating,...
Both: provide the documents in a publicly accessible depository as well as narrate their significance...
the latter is always done it seems, when the information is available. the former, providing "in publicly accessible depository" is the crux. so there it is: leakers should dump!
Right now, DocumntCloud provides this depository, holds over 400,000 documents provided by "authenticated" journalists... http://www.documentcloud.org/public/search/
amused by your recent Twain discovery: "We are of the Anglo-Saxon race, and when the Anglo-Saxon wants a thing he just takes it!" the more things change, the more they stay the same... ;)
What is annoying for the special purpose of this honorable list of understatement is the braying about encryption as if that is now mandatory PR to show comsec responsibility.
Nothing about the well-known weaknesses of encryption, its frequent failures, its backdoors, its extremely misleading marketing, its long history of many failures and few successes, its use for entrapment and tracking, its customary snake oil claims, its recantment by original authors, its cover-up by original authors, its hopelessly fuck-up state at the present time and crazed efforts to patchwork temporary solutions to prop up damaged markets and tattered reputations amply demonstrated here and other crypto fora, especially the chickenshit one which bans political and embarassing topics, therefore most likely populated with those deeply and long complicit in commercial and governmental exploitation of the public.
No need to beat the dead horses of Tor, anonymizers, OTR, OTP, sekret chats, sneaker nets, black nets, key signing parties, key revocations, forgeries, impersonations, giant corps and NGOs, use of trusted cryptoids to front dubious surefire protection, use of bold names to mislead corrective efforts for damage they themselves caused, in particular misleading Manning, Snowden, Anonymous, LulzSec and many others about comsec.
this is a potent criticism. encryption a convenient focus of hardness while OPSEC weaknesses abound and multiply. perhaps this is a suitable shibboleth: mention of encryption without operational cautions an indicator of incompetence; the purveyor worse than mis-informed - actively harmful!
participants (4)
-
coderman -
James A. Donald -
John Young -
Joseph Holsten