this post was submitted on 27 Jan 2024
525 points (99.6% liked)

Technology

59424 readers
2893 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

NSA is buying Americans' internet browsing records without a warrant::"Web browsing records can reveal sensitive, private information about a person based on where they go on the internet," said Sen. Ron Wyden.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 9 months ago (1 children)

The NSA does not need money from asset forfeiture. This is one of the stupidest accusations I've heard of NSA. They have to be careful about how they use their intelligence to keep potential targets unaware of what they can or are snooping on. This would be the stupidest and most pointless use of their intelligence. Anyone they would share intelligence with must do so with the most absolute secrecy, and municipal and state law enforcement generally does not qualify. This doesn't mean they're not acting unlawfully, but knowing if they are is going to next to impossible.

[–] [email protected] 0 points 9 months ago (1 children)

As with much of the federal government, the NSA's information security is lax and outdated, and strict records that are supposed to be kept about who looks at what are not actually filed.

We're pretty sure Russia and China are unofficially privy to any data they want.

NSA was supposed to be an INFOSEC department, making sure that Eve was out of business. That changed after the PATRIOT act (though the movie Sneakers predicted this change in mission). The eliptic curve scandal was a dead giveaway.

That said, at this point NSA leaks stuff to other law enforcement, and fourth-amendment protections are circumvented with parallel construction. Asset forfeiture puts the proof of innocence on the prior owner, so there are no rights to begin with. (Though this is changing state by state.)

[–] [email protected] 5 points 9 months ago* (last edited 9 months ago) (1 children)

the NSA’s information security is lax and outdated

As someone who has read the unclassified reccomendations on infosec written by the NSA and CISA, no, it isn’t. The NSA has some sophisticated security infrastructure, and if stuxnet or eternal blue has shown us, their infosec capabilities are incredible.

we’re pretty sure Russia and China are unofficially privy to any data they want.

I have literally never heard anyone say this before and this goes everything I know about cybersecurity, intelligence, and geopolitics.

The NSA ECC bullshit was to support surveillance, not to weaken their own security. The theoretical vulnerability lies in the usage of the suggested parameters of their curve, not ECC itself. Making surveillance easier is something that the NSA has historically supported.

at this point NSA leaks stuff to other law enforcement

I genuinely have never seen anything to support this that is substantial.

Holy shit I cant believe you’ve made an anarchist defend the NSA but this is so damn wrong.

[–] [email protected] 1 points 9 months ago (1 children)

Apparently you don't read TechDirt, which I have for over a decade now, and NSA had been active in shenanigans and lax securityy since the wiretapping scandals of the aughts, and in 2023 has been leaking stuff to FBI without warrants (which is supposed to be unconstitutional but between the PATRIOT act and the Federalist-Society-dominated SCOTUS, we may be no longer legally protected from NSA surveillance as an unreasonable search).

The FISC has always been a rubber stamp court, so it shouldn't be necessary for law enforcement to circumvent warrants for NSA information, but it turns out it's just easier using the NSA backdoor access.

I will admit to a certain degree of cynicism. When official channels tell me something is secure or handled with respect to all ethical and civic concerns, and investigative journalists tell me the opposite, I trust the journalists more than I do the official channels. But then I've been through the aughts and the George W. Bush administration when the only sources of actual facts were from foreign sources, because the native news agencies were terrified of reprisals for failing to toe the line.

It's why when people are alarmed today that the fascist autocrats are here and SWATTING their political enemies, I can only quietly sip my coffee from the corner.

[–] [email protected] 3 points 9 months ago

apparently you don’t read TechDirt

I don’t read TechDirt

the NSA has … been leaking stuff to the FBI

Oh, I know about this, I thought you were talking about local law enforcement offices, which is not something I’ve seen.

As far as the unconstitutionality of the NSA’s actions, I fully agree with you. From the perspective of of an anarchist, I don’t exactly see any alphabet agencies or the branches of government in a good light. I fully expect the NSA to be involved in shenanigans, just as I expect the FBI or CIA to do so.

the FISC has always been a rubber stamp court so it shouldn’t be necessary for law enforcement to circumvent warrants for NSA information, but it turns out it’s just easier using the NSA backdoor access

If you are talking about the FBI when you saw law enforcement, the FBI has it’s own malware it uses, such as Magic Lantern historically, and certainly others that are not public. There is also some info about them possibly using the NSO group’s Pegasus spyware, which is obscenely hard to detect, and has, at times, been 0-click, meaning you don’t need to take any actions, and it has cleaned up evidence of tampering. Since the FBI has to make sure their evidence is admissible in court, they do need to make sure their evidence is gathered in such a way that it does not violate laws.

However, I have listened to interviews with people who argued their case was built on unconstitutional evidence, and claimed that the feds told them “if you try and attack the case like this, we will tack on more charges,” so I’m not saying they always deal with admissibility in court when starting investigations.

The only gripe I still have is the your statement about the NSA’s lax security, since the breaches I’ve read about have all been done by nation state actors, which tend to be the most capable groups in the world.

My experience with the NSA, as someone who works in security, does not indicate they have lax security. From their leaked tools (I <3 ghidra), to their security guidelines, to their malware like stuxnet, to their public tools like SELinux (and eventually ghidra), their security capabilities seem solid.

I don’t want this to come out as me liking the NSA, since I hate a lot of what they do. But as someone who is a huge security nerd and malware enthusiast, I find their tools fascinating, and do have some respect for them from that perspective, in the same way someone might like Kanye’s music and respect his talent, but hate his guts for being a nazi.

If there are any good techdirt articles, please send them my way, I’d love to read them