NSA Spying Relies on AT&T'S "Extreme Willingness to Help"

[John Young]

The NYT-Propublica is an informative and impressive release,
in many ways better than previous. It expands on the earlier
revelations (as the narratives state) with some overlap and filling
in gaps. A good sign the holders of the balance of the Snowden
dump are digging deeper and learning how convey a fuller picture
or at least a more enthralling one for the public while techologists
twiddle thumbs awaiting useful data to devise defenses. (A hint
from some Snowden withholders there may be handoffs to
technologists separate from the public. Schneier, Matthew
Green, a few other comsec wizards aiding publishers have
said as much.)

Hardly complete to be sure, with about 10% of the dump
published, with plenty of gaps indicated by jumps in narratives
and still too many redactions -- presumably the result of
consulting with officials as heretofore disclosed, or due to
Snowen's instructions about what to withhold, either to
"avoid national security harm" or in expectation US prosecutors
might be mollified in the negotiations for his return to the
US.

Most frustratingly, details of the spying technology are
missing with emphasis still on slide shows and textual
summaries -- most likely to satisfy the public rather than
technologists at home and national opponents.

Jacob Appelbaum's and a few others releases of the
technology are the exception, civil liberties and lawful
issues remaining in the forefront of released documents
and much more so for the journalistic accounts.

It might be surmised that staying away from technology
disclosures and featuring 5-Eyes and partners prowess
and comprehensiveness of slides and text serves to
warn the enemy of what's in store without disclosing
information to defend against it.

In particular, Snowden's and associates harping on the
need for widespread, strong encryption use, even though
the documents show how the spies bypass it, undermine it,
use it for deception, implant backdoors in it (as well as in
chips, OSes, routers, nodes, cable stations, server farms,
teleco hubs, virtually everywhere in the global system as
shown in this latest release) should be taken as a warning
encryption is not the magic cape its proponents claim.

This suggests reliance upon encryption may be a decoy to
divert attention from other comsec protection, the old
CryptoAG ploy: The most trusted comsec the most
likely not.

The tremendous rush to market cybersecurity means and
methods for public consumption, combined with 5-Eyes
outreach to industry for means and methods to defeat
cybersecurity, is a wonderful paradox, albeit powerfully
stenching with treachery.

Whether Snowden is more of a hero to the public than to
5-Eyes and its partners is up for future historical debate.
Say 25-30 years ahead, about the time required for
full disclosure of the Snowden dump at the current rate of
release (to the public, not clear which wizards getting
early access are developing products, sales and industries
to capitalize on cybersecurity alarm, some most assuredly
are based on their inability to avoid bragging about being
consulted by government, industry, NGOs,, vulture capitalists,
and the usual speaker bureaus where wizards flog their
skills.)