NSA Attacks on VPN, SSL, TLS, SSH, Tor
Jason Richards
jjr2 at gmx.com
Wed Dec 31 20:16:16 PST 2014
On Wed, 31 Dec 2014 10:03:06 -0500 z9wahqvh <z9wahqvh at gmail.com> wrote:
> as long as we have our tinfoil hats on, one data point to keep in
> mind here is to remember that USGov, despite having many uniform
> policies, is also shot through with warring fiefdoms and turfs.
>
> ...
>
> CIA and NSA have often been thought not to be on the same page,
> largely because NSA is military and CIA is civilian (or whatever
> special/uber designation it has at this point). CIA sees itself as
> entitled to operate much *more* lawlessly than NSA.
>
> it is not hard to imagine scenarios where CIA might want to weaken NSA
> capabilities in part via public embarrassment. and one involved in
> the plot could even go public with his statements about how damaging
> the leaks are. convenient!
Agreed.
In my defense, I was replying to "I'm getting the impression that all
the Snowden stuff that gets 'leaked' to the public has been somehow
approved by the US govt?"
:-)
On Wed, Dec 31, 2014 at 10:29 PM, Seth <list at sysfu.com> wrote:
> On Tue, 30 Dec 2014 14:16:21 -0800, Jason Richards <jjr2 at gmx.com>
> wrote:
>> OK, I'll bite: why? What benefit does the US govt get from the
>> information leaked by Snowden?
>
> The way this question is worded frames the debate to an extent. To
> me, using the phrase 'the US Govt' implies a monolithic entity with
> coherent motives.
>
> It does not leave room for explanations involving fedgov internecine
> info-warfare for example.
Agreed, as per above.
>> So the US government seems to have said "we do things you don't
>> want us to, but if you use proven, open source crypto you're
>> reasonably secure." The only benefit I can see would be if they
>> could break that crypto and wanted people to have a false sense of
>> security by using that easily broken crypto.
>>
>> My tinfoil hat isn't that thick. I don't buy it. So what are the
>> other benefits?
>
> Just throwing some ideas out:
>
> * Terrorize disenfranchised members of the population into the
> cyber-fetal position. Self-censor accordingly and don't get too
> uppity, submitizen!
>
> * Make it clear for any potential rivals to deep state power who
> 'didn't get the memo' that their every move is being watched,
> cataloged, recorded and stored in perpetuity.
>
> * Frame the debate. Never ask the fundamental question of whether
> the surveillance state should exist or not. Keep the discussion
> focused on 'how much' surveillance.
These do indeed seem like good outcomes for a totalitarian government.
It also unfortunately reinforces and brings about the predictions of
people like Orwell, Huxley and Zamyatin.
I still can't see that the cost is acceptable, unless:
> * Throw up a fog of dis-information consisting of yesterdays
> obsolete capabilities, which by themselves are enough to stun even
> the tinfoil hat brigade. Mobilize interesting targets into adopting
> defenses against the obsolete attacks, until they think they are
> safe and can let their hair down again. Immediately begin
> harvesting juicy new intel via unrevealed nextgen attacks.
This is my fear. They've outflanked us by making us think that there is
only one (or a small number of) effective solution(s). We just don't
know yet that it/they isn't/aren't secure.
> * Inflict political pain on rival agencies and political enemies
Again, I'd think that the cost of this one is too high, but I don't
know enough of the internal politics. It does seem to be a very high
price to pay.
I hope that your fourth point above is not correct.
J
More information about the cypherpunks
mailing list