Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Atlantic Wire)   Yes, the NSA has deliberately compromised public encryption standards and has a bank of back doors and secret zero-day vulnerabilites to others, but if you use strong encryption you can make it hard enough to read your mail that they won't bother   (theatlanticwire.com) divider line 76
    More: Interesting, strong cryptography, global strategy, encryption, bankers  
•       •       •

1981 clicks; posted to Geek » on 06 Sep 2013 at 2:16 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



76 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2013-09-06 01:05:02 PM  
"Properly implemented strong crypto systems are one of the few things that you can rely on," he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack- un dermine-internet-encryption

The strongest computer-based encryption is only as strong as the security of the electronic device it is used on.

Consider your ability to lock down your computer or other device so that an adversary with pretty  much unlimited resources can't get into it, but you can still use it to communicate with the outside World.

For true security in the face of an adversary like that, any key, algorithm, or plaintext should never be on a machine that is connected to the Internet.  Either use manual encryption methods, or utilize an "air gap", encrypting and decrypting on a stand-alone machine that is never connected to the Internet, and that is physically secured when not in use.
 
2013-09-06 01:11:01 PM  
I am selling a rock that will keep the NSA away from your computer.  $5,000 for each.
 
2013-09-06 01:15:47 PM  
The biggest concern should be in regards to all business communications.  Someone in the NSA will steal your business plan, your marketing plan, your product idea and will give that idea to someone else to bring to market before YOU.

They will compromise everything you have worked for over the years with impunity.


It is just a matter of time.
 
2013-09-06 01:19:12 PM  
I have no intention of saying "if you have nothing to hide, blah blah blah", but I really wish people who did have something to hide would farking hide it well.  Stop giving the NSA an incentive to read my boring old personal emails by orchestrating your criminal conspiracies over the same unsecured means.
 
2013-09-06 01:23:46 PM  
It's only a matter of time before the NSA finds out what you're getting your girlfriend for her birthday and gets her something nicer and she ends up leaving you for the NSA.

COME ON, SHEEPLE!
 
2013-09-06 01:27:51 PM  

JerkyMeat: Someone in the NSA will steal your business plan, your marketing plan, your product idea


Quite possibly.

and will give that idea to someone else to bring to market before YOU.

This is doubtful.  The NSA doesn't like to give out anything it doesn't *HAVE* to give out, and quite honestly, couldn't case less about your car dealership or furniture store.

What they may do, however, is let the rest of the government know what you may have planned, if it's something the government might not like.
 
2013-09-06 01:28:33 PM  

James!: COME ON, SHEEPLE!


I'm not into the whole furry porn thing.
 
2013-09-06 01:31:41 PM  

dittybopper: James!: COME ON, SHEEPLE!

I'm not into the whole furry porn thing.


Ha, if the funny button were on I'd click it.
 
2013-09-06 01:35:01 PM  

JerkyMeat: The biggest concern should be in regards to all business communications.  Someone in the NSA will steal your business plan, your marketing plan, your product idea and will give that idea to someone else to bring to market before YOU.

They will compromise everything you have worked for over the years with impunity.


It is just a matter of time.


Bingo! and worse yet, the NSA is deliberately sabotaging the other half of it's legally madated mission, which is to safeguard the Electronic communications of US citizens and businesses from foreign intrusion.   By deliberately undermining the open source standards for some encryption protocls and buying but then supressing zero-day exploits for others they are making US corporate and private communication completely vulnerable to prying foreign eyes, and some countries like China who have signint programs as robust as the NSA's have absolutely no scruples about using those capabablities for industrial, rather than poltical espionage.

In the name of National security the NSA is actively undermining it by weakening US businesses and the US economy

The really galling thing about this, is that, as the NY Times pointed out yesterday, 1996 the NSA Publicly tried to demand all encryption technologies contain a "clipper chip" backdoor that would allow the NSA in.  The were defeated by a coalition of privacy advocates from all sides of the US poltical spectrum.  John Ashcroft and John Kerry joined forces in Congress, and the ACLU and Pat fricking Robertson made common cause against it as well.   But after being defeated in public, they didn't abandon thier plans at all but just started building essentially the exact same capability in secret.
 
2013-09-06 01:52:28 PM  

dittybopper: JerkyMeat: Someone in the NSA will steal your business plan, your marketing plan, your product idea

Quite possibly.

and will give that idea to someone else to bring to market before YOU.

This is doubtful.  The NSA doesn't like to give out anything it doesn't *HAVE* to give out, and quite honestly, couldn't case less about your car dealership or furniture store.

What they may do, however, is let the rest of the government know what you may have planned, if it's something the government might not like.


no the NSA won't, but don;t believe for a second that the NSA is unique in the world in their abilities.  Chinese intelligence is in the same league and they DO very explicitly consider industrial espionage as part of their mission,  so the NSA by weakening or compromising encryption technologies HAS hurt American industry, in direct violation of the other half of their legally mandated mission.
 
2013-09-06 02:01:31 PM  

dittybopper: This is doubtful.  The NSA doesn't like to give out anything it doesn't *HAVE* to give out, and quite honestly, couldn't case less about your car dealership or furniture store.

What they may do, however, is let the rest of the government know what you may have planned, if it's something the government might not like


I don't think the issue is with the NSA as an organization, but with individual analysts. One guy leaked all this information. All it takes is for someone to see their "golden ticket". Albeit it's a small chance, but it could happen.
 
2013-09-06 02:05:58 PM  
Gung'f jul V hfr n 100% hapenpxnoyr pbqr sbe nyy bs zl Vagrearg pbzzhavpngvbaf.
 
2013-09-06 02:08:08 PM  
I prefer to leave my email unencrypted just so I can strike back by boring their agents to death
 
2013-09-06 02:08:40 PM  

MonstarMike: dittybopper: This is doubtful.  The NSA doesn't like to give out anything it doesn't *HAVE* to give out, and quite honestly, couldn't case less about your car dealership or furniture store.

What they may do, however, is let the rest of the government know what you may have planned, if it's something the government might not like

I don't think the issue is with the NSA as an organization, but with individual analysts. One guy leaked all this information. All it takes is for someone to see their "golden ticket". Albeit it's a small chance, but it could happen.


At the risk of going to prison for the rest of their natural lives?

Spies might do that, and so might a person like Edward Snowden, but some guy whose main motivation is to get rich isn't going to be working at the NSA in the first place.
 
2013-09-06 02:09:26 PM  

MaudlinMutantMollusk: I prefer to leave my email unencrypted just so I can strike back by boring their agents to death


They'll just have the computers do the checking for them.  No risk of boredom.
 
2013-09-06 02:13:28 PM  

dittybopper: MaudlinMutantMollusk: I prefer to leave my email unencrypted just so I can strike back by boring their agents to death

They'll just have the computers do the checking for them.  No risk of boredom.


I bet you're a lot of fun at parties
 
2013-09-06 02:16:05 PM  

MaudlinMutantMollusk: dittybopper: MaudlinMutantMollusk: I prefer to leave my email unencrypted just so I can strike back by boring their agents to death

They'll just have the computers do the checking for them.  No risk of boredom.

I bet you're a lot of fun at parties


I don't often attend parties, but when I do, I go stark naked.

/Not really.
 
2013-09-06 02:21:49 PM  
This is one of these things i've been saying for years, and everyone is all "ur so paranoid".

My accuracy is actually pretty amazing, although my failures, however few, are humiliating enough to compensate.
 
2013-09-06 02:21:56 PM  
Imagine:

Ahkmed wants to sent instructions to a sleeper cell.

He sends out 1,000s of emails of encrypted gibberish to 1,000s of email addresses. Only one of those message contain the actual encrypted instructions.

NSA has got nothing on REAL threats, but knows what you did last weekend.
 
2013-09-06 02:21:59 PM  
Whether I trust the NSA barely even matters. If they can crack it, then it is only a matter of time before somebody else figures out how to crack it, and I have no idea who will do it first. I'm certainly not about to trust them sight unseen.
 
2013-09-06 02:28:58 PM  
Or fher gb qevax lbhe Binygvar.
 
2013-09-06 02:30:03 PM  
I typically use very strong encryption on most but not all of my mundane communications.  If you only encrypt the stuff you want to keep secret the encryption will be a give away so I add noise by encrypting junk.  No the stuff I don't want the government to know about I never encrypt I hide it in the body of an email with "Fw:Fw:fw:fw:FW" in the subject, no one reads these emails.
 
2013-09-06 02:30:19 PM  

Millennium: Whether I trust the NSA barely even matters. If they can crack it, then it is only a matter of time before somebody else figures out how to crack it, and I have no idea who will do it first. I'm certainly not about to trust them sight unseen.


Do you think other countries don't infiltrate and spy on the NSA?
 
2013-09-06 02:30:36 PM  
Well, ditty, I has a machine that has something like a 30 foot air-gap already, although I need to secure it in the other ways you mentioned. Is that a good start?

/it'll never be networked, kinda like a certain old battlestar
 
2013-09-06 02:52:59 PM  
I think the NSA is lying and only trying to convince people that encryption is pointless so don't bother.
 
2013-09-06 02:54:36 PM  

Kittypie070: Well, ditty, I has a machine that has something like a 30 foot air-gap already, although I need to secure it in the other ways you mentioned. Is that a good start?

/it'll never be networked, kinda like a certain old battlestar


It would be, but consider that you have to permanently disable WiFi and BlueTooth access.  I'd even pull out or disable the regular network card/port.

You'd have to install some decent encryption/decryption software on it, and you'd have to use a fresh, new, randomly purchased USB drive to copy the encrypted files from the isolated machine to the non-isolated one, and vice-versa.

You'd also have to have some really, really good wiping software present on the isolated machine, and you'd have to be religious in using it, because I'm assuming you can't set up perfect physical security for that machine (as none of us really can).

This is why I like manual stuff.  Fewer loose ends and vulnerabilities to worry about, and those that are present can be dealt with in an very intuitive manner.  If you burn both copies of the plaintext and both copies of the key (assuming a manual OTP system), it's gone forever.  You can't recover it from ciphertext.
 
2013-09-06 02:56:52 PM  
Now, a revision: "privacy through increased overhead." It's not a perfect response, but it is apparently one of the better responses we've got.

It's a lame response. It is like a gnat getting into an arms race with a spaceship. The informed user, let alone the average user, has zero hope. The only real security that anyone has online is volume. There are so many people with so many weaknesses that the NSA, the crooks, and the foreign government can't get to them all. Your real security comes not from the amount of time and energy you put into protecting yourself but the fact that everyone else has limited time and energy to devote to pursuing targets. If someone wants you they are going to get you. So that leaves you with two choices: (a) make sure they don't want you, i.e. do nothing valuable like banking, engaging in business communication, etc. online or (b) roll the dice.
 
2013-09-06 03:05:14 PM  

dittybopper: Kittypie070: Well, ditty, I has a machine that has something like a 30 foot air-gap already, although I need to secure it in the other ways you mentioned. Is that a good start?

/it'll never be networked, kinda like a certain old battlestar


It would be, but consider that you have to permanently disable WiFi and BlueTooth access.  I'd even pull out or disable the regular network card/port.

You'd have to install some decent encryption/decryption software on it, and you'd have to use a fresh, new, randomly purchased USB drive to copy the encrypted files from the isolated machine to the non-isolated one, and vice-versa.

You'd also have to have some really, really good wiping software present on the isolated machine, and you'd have to be religious in using it, because I'm assuming you can't set up perfect physical security for that machine (as none of us really can).

This is why I like manual stuff.  Fewer loose ends and vulnerabilities to worry about, and those that are present can be dealt with in an very intuitive manner.  If you burn both copies of the plaintext and both copies of the key (assuming a manual OTP system), it's gone forever.  You can't recover it from ciphertext.


No wifi or bluetooth on it at all, and yeah I can prang the network card myself.

Thanks for the additional advice :)
 
2013-09-06 03:06:51 PM  

Prophet of Loss: Millennium: Whether I trust the NSA barely even matters. If they can crack it, then it is only a matter of time before somebody else figures out how to crack it, and I have no idea who will do it first. I'm certainly not about to trust them sight unseen.

Do you think other countries don't infiltrate and spy on the NSA?


Certainly they try, though I don't know what their success rate is. If it's high enough, then they may become the "somebody else." Or perhaps that capability will be developed independently. I don't know.

My point is that even if I were to trust the NSA, it would still be wise of me to prefer encryption they cannot crack, because if they can't crack it, there probably isn't anyone else who can.
 
2013-09-06 03:10:53 PM  

James!: I am selling a rock that will keep the NSA away from your computer.  $5,000 for each.


"check out this one weird old trick big government HATES"
 
2013-09-06 03:15:14 PM  
lets just assume that the NSA has like 30 backdoors into all microsoft OS's...    How far down the nerd hold do I need to go now?  Linux?  Unix?
 
2013-09-06 03:37:23 PM  

Maul555: lets just assume that the NSA has like 30 backdoors into all microsoft OS's...    How far down the nerd hold do I need to go now?  Linux?  Unix?


Pencil and paper.
 
2013-09-06 03:44:40 PM  

mcreadyblue: I think the NSA is lying and only trying to convince people that encryption is pointless so don't bother.


Magorn: the NSA by weakening or compromising encryption technologies HAS hurt American industry, in direct violation of the other half of their legally mandated mission.


I'm sure it's been said before:

Who invented the Internet (really)? A little government agency called ARPA. Now DARPA. ARPAnet was invented to share data about classified projects across geographically separated sites that were doing compartmented work long before it was expanded to universities and hosting pr0n and cat memes.

Classified communications have been encrypted since Forever.

What government agency is responsible for developing government cryptography solutions? The NSA.

Your interwebz have *never* been secure from the people who invented it and the encryption that has protected it. The NSA has been collecting and reading "strongly" encrypted communications for decades. The bits in your emails and IMs and text messages and tweets go literally everywhere, including across national boundaries and into and through space over systems owned and operated by multiple nations' corporate and government entities...which are fair game for monitoring.

And the government reading the average American's email? Not likely. The NSA may have collected it, but a human was not involved in doing the looking for it, and unless you're involved in nefarious shiat with nefarious people who are *already* being watched, or who are communicating from specific locations associated with nefarious shiat, chances are any emails "accidentally" collected are never flagged with a high enough priority for a human to ever look at. And should they actually be flagged, as soon as an analyst understands that some of the communications involved is coming from a US person, they will hand the information over to a representative from the DoJ or DoT such as the FBI, ICE, or secret service, who then look for *evidence*, not intelligence, and then compartment off any criminal investigations from the Title 10/Title 50 agencies.

So, sorry to diminish anyone's outrage and indignation, but all of this is really nothing new.

/Carry on.
 
2013-09-06 03:46:38 PM  

dittybopper: This is doubtful. The NSA doesn't like to give out anything it doesn't *HAVE* to give out, and quite honestly, couldn't case less about your car dealership or furniture store.


But the NSA might find it easier to convince someone like Intel to add a particular back door to one of their chips if they could offer some juicy information from AMD's boardroom in return (as a hypothetical example).
 
2013-09-06 03:59:01 PM  

dittybopper: For true security in the face of an adversary like that, any key, algorithm, or plaintext should never be on a machine that is connected to the Internet. Either use manual encryption methods, or utilize an "air gap", encrypting and decrypting on a stand-alone machine that is never connected to the Internet, and that is physically secured when not in use.


This.

I have my PGP private keys on smartcards. I also keep secure, offline backups (printed on paper and on CD-R in a locked box) of the keys in case I need to restore them to the card for some reason. I figure that if someone physically breaks in to gain access to those copies, I have bigger problems. The keys were generated on a diskless offline system, booted into a Debian LiveCD, with a hardware random number generator. In the event that I have issues with the card and need to reload the private keys, I setup the same diskless, offline system again, pull the key off the backup, and reload it onto the card.

There's two things I could do to make it even more secure:
- Generate the keys entirely on the card and have no backups. (Only problem: if I lose or damage the card, I'm hosed. I'm not quite needing that level of security yet.)
- My card reader doesn't have a built-in PINpad, so I need to type the PIN into the computer. A reader with a PINpad would be more secure as the computer would never see the PIN. Sure, the PINpad could be compromised but that seems somewhat less likely (I live in Europe and buy my crypto stuff from European companies.)

Honestly, while I suspected the NSA had such capabilities I'm a bit disturbed to see my fears confirmed.
 
2013-09-06 04:09:23 PM  

Ivo Shandor: dittybopper: This is doubtful. The NSA doesn't like to give out anything it doesn't *HAVE* to give out, and quite honestly, couldn't case less about your car dealership or furniture store.

But the NSA might find it easier to convince someone like Intel to add a particular back door to one of their chips if they could offer some juicy information from AMD's boardroom in return (as a hypothetical example).


Meh.  I doubt they would do that, because

1. No one at Intel would be cleared for that kind of information.  That's actual intelligence product, something they'd *NEVER* receive, and
2. AMD would never have any reason to cooperate with the NSA if they found out about it, and in fact could use that as a marketing tool "Our chips don't have NSA back-doors built into them!".
 
2013-09-06 04:12:17 PM  

heypete: Honestly, while I suspected the NSA had such capabilities I'm a bit disturbed to see my fears confirmed.


I've always assumed it.

I used to intercept communications for a living, and my intercepts went straight into the bowels of the NSA.  I had access to a whole bunch of really high-tech equipment (well, high tech for the 1980's).  I just naturally assumed that as computer capability has grown, so has their ability to intercept and decrypt.
 
2013-09-06 04:12:49 PM  

heypete: dittybopper: For true security in the face of an adversary like that, any key, algorithm, or plaintext should never be on a machine that is connected to the Internet. Either use manual encryption methods, or utilize an "air gap", encrypting and decrypting on a stand-alone machine that is never connected to the Internet, and that is physically secured when not in use.

This.

I have my PGP private keys on smartcards. I also keep secure, offline backups (printed on paper and on CD-R in a locked box) of the keys in case I need to restore them to the card for some reason. I figure that if someone physically breaks in to gain access to those copies, I have bigger problems. The keys were generated on a diskless offline system, booted into a Debian LiveCD, with a hardware random number generator. In the event that I have issues with the card and need to reload the private keys, I setup the same diskless, offline system again, pull the key off the backup, and reload it onto the card.

There's two things I could do to make it even more secure:
- Generate the keys entirely on the card and have no backups. (Only problem: if I lose or damage the card, I'm hosed. I'm not quite needing that level of security yet.)
- My card reader doesn't have a built-in PINpad, so I need to type the PIN into the computer. A reader with a PINpad would be more secure as the computer would never see the PIN. Sure, the PINpad could be compromised but that seems somewhat less likely (I live in Europe and buy my crypto stuff from European companies.)

Honestly, while I suspected the NSA had such capabilities I'm a bit disturbed to see my fears confirmed.



imgs.xkcd.com
 
2013-09-06 04:18:34 PM  

dittybopper: "Properly implemented strong crypto systems are one of the few things that you can rely on," he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack- un dermine-internet-encryption

The strongest computer-based encryption is only as strong as the security of the electronic device it is used on.

Consider your ability to lock down your computer or other device so that an adversary with pretty  much unlimited resources can't get into it, but you can still use it to communicate with the outside World.

For true security in the face of an adversary like that, any key, algorithm, or plaintext should never be on a machine that is connected to the Internet.  Either use manual encryption methods, or utilize an "air gap", encrypting and decrypting on a stand-alone machine that is never connected to the Internet, and that is physically secured when not in use.


Yeah, but I'm not sure that the NSA really cares about my Ewok cosplay furry midget porn addiction enough for it to be worth encrypting.
 
2013-09-06 04:21:26 PM  

Mad_Radhu: Yeah, but I'm not sure that the NSA really cares about my Ewok cosplay furry midget porn addiction enough for it to be worth encrypting.


...unless you're encrypting your terroristic plots into your Ewok cosplay furry midget porn.
 
2013-09-06 04:22:11 PM  

DocUi: heypete: dittybopper: For true security in the face of an adversary like that, any key, algorithm, or plaintext should never be on a machine that is connected to the Internet. Either use manual encryption methods, or utilize an "air gap", encrypting and decrypting on a stand-alone machine that is never connected to the Internet, and that is physically secured when not in use.

This.

I have my PGP private keys on smartcards. I also keep secure, offline backups (printed on paper and on CD-R in a locked box) of the keys in case I need to restore them to the card for some reason. I figure that if someone physically breaks in to gain access to those copies, I have bigger problems. The keys were generated on a diskless offline system, booted into a Debian LiveCD, with a hardware random number generator. In the event that I have issues with the card and need to reload the private keys, I setup the same diskless, offline system again, pull the key off the backup, and reload it onto the card.

There's two things I could do to make it even more secure:
- Generate the keys entirely on the card and have no backups. (Only problem: if I lose or damage the card, I'm hosed. I'm not quite needing that level of security yet.)
- My card reader doesn't have a built-in PINpad, so I need to type the PIN into the computer. A reader with a PINpad would be more secure as the computer would never see the PIN. Sure, the PINpad could be compromised but that seems somewhat less likely (I live in Europe and buy my crypto stuff from European companies.)

Honestly, while I suspected the NSA had such capabilities I'm a bit disturbed to see my fears confirmed.


[imgs.xkcd.com image 448x274]


This is why I like manual one-time pads:  They are very rubber-hose cryptanalysis resistant.

You can't beat the key out of someone because it's pretty much impossible for any human to remember a long string of random numbers.  As for beating in order to find out the contents, well, how will you know if the person is lying or not?  You can't confirm it by reading the message.  So they could tell you they are gay love letters instead of plotting to blow up a parking meter, and you'd have know way to know the difference.
 
2013-09-06 04:29:37 PM  

Mad_Radhu: Yeah, but I'm not sure that the NSA really cares about my Ewok cosplay furry midget porn addiction enough for it to be worth encrypting.


Perhaps not.

But other law enforcement agencies might, and the NSA is known to tip them off, through the DEA's "Special Operation Division", in what is almost certainly an unconstitutional program.

Imagine if John Ashcroft hadn't been distracted by 9/11 and went after porn like he was talking about doing just before the attacks:  Local law enforcement would get an "anonymous tip" that you downloaded some unapproved hardcore.  They would lie about where they got the information from to the court, and you wouldn't be able to protest the ultimate source was an illegal search under the Fourth Amendment because you'd have know clue where the "tip" came from.  Nor would the judge.
 
2013-09-06 04:30:35 PM  

Stabone33: Mad_Radhu: Yeah, but I'm not sure that the NSA really cares about my Ewok cosplay furry midget porn addiction enough for it to be worth encrypting.

...unless you're encrypting your terroristic plots into your Ewok cosplay furry midget porn.


It's terroristic enough on its own.
 
2013-09-06 04:35:47 PM  

DocUi: imgs.xkcd.com


Fair enough. Still, no sense in making their job easier than it should be.

I look at the NSA and other similar groups as an "Eye of Sauron": they're often scanning various things, but they can only focus on a few things at a time. Those that get focused on are usually totally boned (one of the recent articles mentioned the NSA discovering that a target of interest ordered a new computer, so they leaned on the manufacturer to put a compromised chip into his system at the factory, thus being able to gain more intel on the guy) but for the most part they're trying to be subtle and slurp up what they can.

If they physically compromise my systems or myself (e.g. threatening me or my family, breaking into my house, etc.) then I'm boned. That seems unlikely: if they were interested in me (and I honestly don't see why they would be), they'd likely do some sort of remote compromise. Keeping private keys on smartcards makes that considerably more difficult.

/doesn't have "anything to hide" but still values his privacy.
 
2013-09-06 04:37:41 PM  

J. Frank Parnell: This is one of these things i've been saying for years, and everyone is all "ur so paranoid".


THIS.  I've even added as much to my email sig, with helpful links to "So, now you believe me?  Here's how to encrypt things" guides.  I've been saying, for 15+ years, "if you didn't choose, test, install, understand, and secure *every* item, both hardware and software, on your network -- it's insecure.  And if you did,  good... but if you hook that network to the Internet in any way, it's insecure."  People used to look at me like I was a total loon.  Now they look at me like they think I'm mostly a loon, but have their doubts... it's progress, I guess.

It's safe to assume that the NSA (or other interested third party) *can* ("will" is a different question) read your email -- but it's still important in this way:  Encryption buys you time.  In some cases, lots of it.  So, by the time your content is decoded, whatever you're planning / doing / scheming / conspiring is already over, or is no longer of interest, or should be.

In other news, the NSA has a -shockingly- interesting museum, if you're at all curious about this kind of thing.
 
2013-09-06 04:39:26 PM  

dittybopper: and the NSA is known to tip them off, through the DEA's "Special Operation Division", in what is almost certainly an unconstitutional program.


Not unconstitutional at all. If, and only if, intelligence agencies accidentally uncover apparently criminal acts or plots involving US citizens, they are *required* to turn it over to Law Enforcement -- they are subject to the same obstruction of justice laws that US citizens who stumble upon crimial acts are.

The Interagency process is used in places like CENTCOM as well -- there are specific dividing lines between military action and other instruments of national power (economic, diplomatic, informational....), and any kind of action taken against an adversary that isn't direct military action, such as freezing assets or designating someone a kingpin, etc is handled not through the DOD, but the DoJ, DoS, and Treasury. intelligence gathering is often at the beginning of that process, but intelligence is not evidence, so there still must be an investigation to develop evidentiary information for the other agencies to go do something about it.
 
2013-09-06 04:43:08 PM  

dittybopper: Mad_Radhu: Yeah, but I'm not sure that the NSA really cares about my Ewok cosplay furry midget porn addiction enough for it to be worth encrypting.

Perhaps not.

But other law enforcement agencies might, and the NSA is known to tip them off, through the DEA's "Special Operation Division", in what is almost certainly an unconstitutional program.

Imagine if John Ashcroft hadn't been distracted by 9/11 and went after porn like he was talking about doing just before the attacks:  Local law enforcement would get an "anonymous tip" that you downloaded some unapproved hardcore.  They would lie about where they got the information from to the court, and you wouldn't be able to protest the ultimate source was an illegal search under the Fourth Amendment because you'd have know clue where the "tip" came from.  Nor would the judge.


Divorce lawyers...wait until the divorce lawyers get a hold of the data. For the kids you know.
 
2013-09-06 04:49:58 PM  
Is the Unlikely tag still on summer vacation?
 
2013-09-06 04:50:04 PM  

SFSailor: In other news, the NSA has a -shockingly- interesting museum, if you're at all curious about this kind of thing.


(I know, (a) quoting myself and (b) terrible pictures, but the idea of "NSA Museum" just seems so Farkworthy.)

i44.tinypic.com

i43.tinypic.com

I wanted to buy a copy of the second one in the NSA Museum Gift Shop, but no luck.

/ yeah, "NSA Museum Gift Shop"
 
2013-09-06 04:55:33 PM  
imgs.xkcd.com
 
Displayed 50 of 76 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report