This sounds like a non-issue to me. Any person on this site could create little USB devices for stealing data. It's nothing special or new. I thought I was going to hear that they're light years beyond Tempest[1] or something. Feels good to finally hear an NSA story that doesn't depress me.
It can be inserted by a manufacturer, as mentioned in the article.
A little chip (inside the motherboard/CPU/hard disk/graphic card) with a radio module that can receive radio signals and write the received data directly into hard disk and/or RAM or read bytes from the hard disk and/or RAM and/or graphic card and transmit it back.
Interestingly, this would also seem to have the potential to defeat encryption, since it directly accesses working memory.
This is why I have always been cautious about those who advocate personal cryptography as a privacy solution. We need clear laws, first and foremost, to reign them in. Otherwise, we are effectively saying that if they can get it (i.e. decrypt it), it is fair game. Cat-and-mouse is not a game we want to play with the NSA.
Laws are not going to protect people from the NSA. Especially laws that only apply to a miniscule fraction of the population (ie the fraction of the population that lives in the USA). Spy agencies are a global menace.
Of course laws will protect us. They are actually our only real hope. With the right laws, Snowden is a whistleblower with due protection. There is no debate as to whether he is a "traitor" or who broke the law, and the entire dynamic is changed here.
Either we are a nation of laws or we are not. Laws are what constrain our government and what confer and protect all of our rights. Why should this be any different? Why should we suddenly abandon law here in favor of some (inevitably inadequate) technical scheme? It is naive to believe otherwise and it is more naive (catastrophic) to advocate a model wherein we do not rely on laws, but instead our personal capabilities to protect our rights from our own government. Advocating encryption over laws is just one example of that.
Protecting ourselves from the government with tech is a tempting, freedom-figthting technologist's fantasy. We cannot even duly protect ourselves from zero-day exploits. Why on earth would we abandon the law and position ourselves to play cat-and-mouse with the U.S. government?
Better laws, and official respect for them, would be the better solution if we had that option. But how do we get there? Has such a scenario ever effectively protected citizens from government in the real world? And what are we supposed to do in the meantime?
"We cannot even duly protect ourselves from zero-day exploits" - well that's definitional, isn't it? It's hardly a reason to give up on trying to protect communications from "big brother".
>Has such a scenario ever effectively protected citizens from government in the real world?
Of course it has, unless you believe that all of our rights in the U.S. are a sham, and are routinely violated in private by our government. No, it's not perfect and it never will be as long as humans are involved. But, there have to be definitions of right and wrong with associated penalties--in other words, laws.
>well that's definitional, isn't it?
That's my point. These things still exist. The fact that we continue to battle one-off hackers, groups, etc. and frequently lose should give us pause to consider whether this is really the cat-and-mouse posture we want to assume with the U.S. government.
>It's hardly a reason to give up on trying to protect communications from "big brother".
I don't have anything against taking prudent measures to protect our privacy in general. But, this idea that technical solutions will ultimately protect us from "big brother" is pure folly. Without the law on our side, we will lose.
I imagine the widgets transmit and receive over multiple spectrums, bouncing the spectrum around as they do.
I wonder if technology now can tweak and coordinate the multiple existing radios (Wifi, bluetooth, GSM/CDMA/3G/4G etc) on phones and computers to deliver the same result.
Is that possible? Would that require changes in silicon or could it be done with baseband software changes or even above that?
I have no idea frankly.
That's really interesting - radio spectrum steganography. I would think that compromise of the software network stack would be enough for such an attack.
I imagine the widgets transmit and receive over multiple spectrums
I seem to recall a strong opposition by the government to the development of consumer ultra-wideband radios. I wonder if this was part of the reason. Either way, it looks like some applications of UWB are available now, though, such as wireless HDMI.
Given that the NSA's mission is to do surveillance against foreign targets ("There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States.")...the techniques described here actually seem to be in line of what you imagine the NSA is supposed to be doing. At least it's surveillance that requires them to have a physical targeted presence, rather than just drinking from the telecommunications firehose.
> The technology, which has been used by the agency since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards
Obviously if someone has physical access to a machine it can be compromised. Replace "USB Cards" with "USB WiFi stick" and you've achieved the same thing.
This is just FUD. Machines that are air-gapped from the Internet with tight physical security are as secure as ever.
It seems to me you missed the "can be inserted by the manufacturer" portion of the article. Doesn't require physical access, just that they purchase a compromised machine.
I do understand that it is now the status quo to disavow everything the NSA is, but foreign intelligence gathering is their mission and releasing these details simply doesn't help the cause of fixing the NSA's less savoury incursions.
While arguably any foreign intelligence agency of note isn't going to be caught off guard by these leaks, leaking these details does offer political ammunition to the very people who stand to gain from the expansion of the NSA's mission into civilian data gathering. It helps to make the case that the leaks aren't such a good thing after all and are compromising the intelligence gathering apparatus of the US of A. Add a bit of spin and you can quickly use this to get back to business as usual and people will actually support them as now it'll become a matter of identity instead of what it should be - a surgical exploration of a cancer afflicting a nation state.
This is what happens when you screw up at the magnitude the NSA has, EVERYTHING will be released and scrutinized for the foreseeable future. Right or wrong they made the bed they now have to sleep in.
Plus, the assumption that they're only using their surveillance technologies against foreign powers is now known to (often) be a false assumption. So it's not immediately clear which systems are only being used against foreign powers, so one wouldn't even know what might be held back (if one were to take the position that things only affecting espionage against other nations should be kept quiet).
Exactly. The entire argument rests on the idea that we are certain that the NSA is trustworthy and is using its powers judiciously against, not only foreign powers, but those that pose a security risk. That assertion is exactly what is in question (for good reason).
I think some people see the NSA as fundamentally good and trustworthy, but perhaps exercising a little bad judgment and/or overreach. Others see their breach of trust as reason for grave concern and a flagrant abuse of power that merits our consideration that it may be the tip of an iceberg inadvertently revealed by a rogue agency.
Where people fall on that continuum probably drives their responses to subsequent revelations more than anything.
That's Ok, but you might agree, that since last year, the topic is highly political. I also don't think, that you could simply dissect discussion lines ...
It's not an attack. It's just a backdoor that avoids transmission over the network. This allows airgapped computers and those with close network traffic monitoring to still be monitored without giving it away, "the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user." It's just another antenna that the target would be unlikely to look for a transmission from.... until now I guess.
Much like /r/politics, it would hopefully catch the worst of the political bickering and simply unsubscribing from it would save you the pointless rehashed debates.
This doesn't strike me as a political question. Strong intelligence on foreign activities is the "right" side from an American perspective. It would be in the best interest of the nation and would be within the mandate of the NSA. It's right from a strategic sense and I wouldn't expect it to be partisan.
Other NSA activities, especially where they have exceeded their mandate would be debatable, and possibly partisan. Much of the leaked activity could be argued to be not in the best interest of the nation.
(I'm Canadian, so while I couldn't claim to be neutral, I have a bit of an outsiders perspective. Not to mention, spying on me with such a device would be within the mandate of the NSA.)
There is a lot of politics in these debates, but surely you don't think that as Internet users and technology professionals these revelations hold zero meaning for the HN community beyond "politics"?
I think the current system is fine, where NSA-related stories are (apparently) assigned a handicap to begin with. So those that make it to the home page are usually more significant pieces. And the best way to avoid the "debates" is to not read the comments (if that is what grates you) but just read the story. If even that's too much just read the headline, shrug at the needless brouhaha people are making about it all, and move on to the next news item.
The only reply to the comment you replied to is yours. Hardly an endless debate. You could have scrolled down just one comment to skip it - now there is an entire screenful of meta debating which has absolutely nothing to do with the topic at hand, which personally I find far more tiresome.
I think it's a little bit silly to expect discussions about these revelations to occur without discussion of politics. The issue is intrinsically political, and many people are calling for political solutions to the problems. By saying "can we please take the politics elsewhere" you are actually shutting down a very important avenue of debate.
The USA has diplomatic relations with foreign countries based on trust. They also trade with those foreign countries - and that international trade is what makes the economy and our lifestyles work.
Targeting "all foreigners" destroys trust that foreigners have in the USA system for trade and diplomacy, lowering the impact of the state on both.
Comments like this make me think that maybe all the "acting naive about foreign affairs, diplomacy, and statecraft" is not actually acting.
In the entire human history of diplomatic relations, nations have always attempted to spy on one another. Diplomatic relations are not based on trust, they are based on shared beliefs, interests, and goals.
Personally, I'd like to think that I live in a country that is above accepting such clandestine activities against its own citizens, allies and the citizens of its allies as the status quo.
This is not such a naïve viewpoint as you may think since I would expect it to be the average of the viewpoints that many Americans held about its own government up until a year or so ago. To most Americans, a year ago the NSA didn't spy on US citizens, not did it eavesdrop on the communications of the leaders of its own allies.
If you asked the typical American a year ago if s/he believes that their government spies on the leaders of our allies like Angela Merkel, you'd probably get an overwhelming negative response. If you continued your line of questioning and asked if it is acceptable to for the US government to do so, you'd probably get mixed responses. If you then went on to ask if it would be acceptable for the German government to spy on president Obama and other US politicians, you'd probably get a reaction where US citizens would consider that an act of war.
The truth is that many US citizens hold very very very different opinions of what is acceptable than those in the intelligence community.
I don't know about you, but the simple fact that such a wide disconnect exists between what citizens collectively think about how their government is operating and how it actually is operating is a fundamental failure of how our democracy currently functions. Leaders in a democracy should have a legal obligation to work to keep their constituents as best informed of how they are actually doing their jobs and attempts to hide or be less than honest about their activities should be viewed as attempts to subvert democracy. Anything otherwise, prevents I, Joe Q. Citizen, from honestly and effectively exercising my right to vote. If such policies mean non-American leaders will have a greater insight into how our politicians are acting in foreign policy negotiations than our leaders have about those non-American leaders are acting, that is the cost of being more ethical. Ideally that disadvantage is made up for in the long term by establishing a norm of greater ethics that those leader's citizens expect them to meet.
If a citizen votes based on lies and misinformation, are they really participating in a democracy?
It's not that spying on Merkel (she seems lovely), is in fact a profitable affair, but there are so many other instances where it would indeed be profitable. Where do you draw the line? After the reset are the Russians off limits? After the Russo-Georgian Olympic war are the Georgians off limits? After South Sudanese independence are they off limits? Do you think any of them view us as off limits? Hell does even name-any-random-western-european-nation think we're off limits? No. I'm wholly in favor of the NSA not touching a single American email, but their job is to spy on relevant foreign targets. As long as they stick to that job (not saying they have so far, in fact I am rather uncomfortable with the earlier Snowden revelations), then yes I am OK with this.
The citizen will always vote based on (US or not) (a/dis)information in the sense that every government has secrets. The key is maintaining a state where the secrets are not destructive to the underlying society that supports that given government. I am not entirely assured that the US has achieved that, however I do not think (betting man here) that we have fully failed that.
Downvote if you must, but there is a not small tragedy in verbally damming the deeds of those whom we literally paid to do it in the first place (spying on Americans not included, more referring to the foreign targeting referred to in the parent article).
So the US shouldn't have spied on the Japanese consulate in the 40s to anticipate the forthcoming declaration of war? Or intercepted German transmissions to break the Enigma code?
Sometimes nations lie to one another--even allies--in order to further their own self-interest. A diplomatic program that does not take that into account will find itself surprised in negative ways. Spying is one of several tools for managing that problem.
Given how in bed with the USA my country the UK is, yes, I would suggest that. I might be wrong, but I would very much make that suggestion.
My problem ultimately, as a Brit, is that it seems that we are more and more becoming a satellite of the US, bound by US law and ideals we never ever voted for. We had a referendum on the EU, but never a referendum for all this. But of course that is a British matter and not something the US should be concerned with. If we Brits want to suck up to the US, why would the US turn it down?
I think that what has happened is a nasty mission creep with regard to intelligence. Its used to be all about threats to a given country. The basic point was to understand the intentions of one's enemies. This was and is vital in preventing mistaken action based on not knowing that an enemy has no plan to, say, invade, or what ever. It was based on the idea that knowledge helps prevent paranoia and fear. All of which is not just OK, but vital. It is why in the cold war, both sides accepted this in a gentlemanly way. Both knew it was vital to both to stop both nuking each other. If the USSR said it would not start a war, the West could verify that by spying and have confidence. And vice versa. Now it seems that a lot of it is about gaining advantage in commerce, and local law enforcement. Its fine to say that the NSA has nothing to do with this, but we know that they give access to the FBI and police. We can reasonably believe that its quite possible that the NSA also gives intelligence to large businesses like Lockheed. What has happened is that economic and local criminal issues are now redefined as matters of national security. The lines have not just blurred, but completely crossed over, perhaps gone completely.
As a result, I think we need to re-examine the role and scope of intelligence gathering. Spying needs credibility. And yes, there is a severe danger of throwing out babies in the bathwater. But ultimately, if the people lose confidence in intelligence gathering, we are in a whole lot of trouble. It is vital to get the balance right.
That's an odd argument and seems completely circular.
You effectively state that the leaks aren't such a good thing ipso facto, then you go on to say that leaking these details proves it; thus they shouldn't be leaked. Kind of hard to find where that argument begins and ends.
I know where your thinking is going, but you would first have to establish the NSA's trustworthiness to get there. That is exactly what is in question and, importantly, for legitimate reasons.
I think he means that a distinction should be made when considering whether to leak information.
Is this information something the public needs to know, because it tells them something important about their democracy, or would releasing this be an ironic hindrance to the common public interest?
The "common public interest" should not be limited to the US public. (even if it were, I'd argue that they are only mutually exclusive in the short term).
IMHO, the public should know everything its government is doing on its behalf. A more appropriate question would be how long the government is allowed to keep its secrets.
I don't dispute that there is definite realpolitik value in keeping secrets when trying to achieve short-term gains. However defaulting prevents that society in the future from determining if your actions were just when done in their name. Every time a politician acts in the name of myself and my fellow citizens, it reflects on me. On the other hand, I and my fellow citizens voted that person in to get things done on my behalf. The eventual publication of all governmental secrets keeps governments honest long term. After aboute ~10 years, a secret poorly received when made public after the fact no longer reflects poorly on the current officials in government (unless those responsible are still involved in government). What it does do is allow society to have a debate about whether they approve in hindsight of a government's actions.
If the government wants to keep a certain category of secret indefinitely, it should specifically ask the public if they acquiesce via a majority vote. A future public should be able to overturn that vote and make something public. Unilaterally affording government officials the right to make things secret indefinitely is a path to tyranny. The truth keeps governments honest.
Does such a policy put a country at a disadvantage when competing against adversaries without such a policy? Yes, it does, in the short term, since any governmental actor must consider the potential for fallout when their actions/policies enter the public domain. On the other hand, there are long term game theoretic advantages of holding your country to a higher standard. It establishes a basis upon which the population of other democratic countries judge their own government.
The US used to have this positive influence upon the World. There was a time when citizens of less free countries would look to the US and ask themselves, "Why can't my country be free like the US?". That question is no longer asked because we are no longer a guiding light for the world to follow, instead we've become the ship on the beach that has become the lighthouse to the sea.
Long-term, citizens the whole world over are going to be better off by establishing a precedence that everything their governments do in their name (from the local and state levels to the federal) will eventually become public.
Just seems odd. Along the lines of complaining about a foreign language because you don't speak it. The fact that you don't speak it does not mean it's gibberish.
As upset as I am about the NSA, I agree that reports like these may be hard to justify as whistleblowing. This seems to be less about accountability and more about gawking at the NSA's toys.
I suppose the NYT could argue that this article only reiterates what was previously reported on the ANT program, and the technology disclosed in that report is over 5 years old. Still, this article may get more attention because when ANT was previously reported the media (and much of HN) got distracted by the NSA's ability to jailbreak iPhones (in 2008!) and largely ignored the passive radio-based technology that was also described.
There's classified data coming from Washington or whatever government agencies to newspapers all the time through "sources". Do you really think everything that is given passes the highest standards for what should or not be leaked?
At the end of the day it's the newspapers who decide what gets published.
It's also worth keeping in mind that the NSA may percieve, in this case rightly, that pushing this angle, which is all re-hashed information, would in fact not expose new information but could potentially reframe the debate in their favor.
I think that your idolatry of the NSA is unwarranted. They have powers and technologies that they can use to actively thwart anyone who will cross an American interest. They're not a military organization; the military is simply one of their biggest customers.
What they are, is a totalitarian control mechanism for American political and business interests to apply around the world.
So if you are on the 'American' side of this fuzzy, electronic wall that they have erected, and if you are an American who will do what is necessary to further American interests in the world - okay. The NSA is on your side.
But for those of us who do not live under the crux of American hegemony - and there are quite a few of us, after all - knowing about these heinous violations of human rights, and the tactics and technology that these totalitarians are using, is very important. We are not all Americans, here, nor do we all derive profit from American military-industrial efforts.
To some, the NSA is a heinous, despicable construction. I, for one, am glad to see leaks around this organization; as I am with any leaks that will reveal the truth about the tyranny we all live under.
The entire West is complicit. Pretending it is just America ensures the status quo remains in place. Also look up the word tyranny, it doesn't mean whatever you want it to.
You look up the word tyranny - it absolutely applies to the NSA situation!
And just saying 'others do it too' isn't enough to weasle out of the fact that the USA spends far, far, far more energy and effort on establishing its tyranny - militarily and technologically - than any other country.
Fact is, 'others' would like to live in a world where we don't have to deal with secret injections at the whim of a politician in our lives. Some of us would like to build companies to compete with the American hegemony, and some of us would very much like to reduce the power that the military-industrial tyrants currently ruling America have over the worlds' population. We're not happy having to deal with American pixy-dust solutions to the problem that they're not in control ..
"Entire West"? You're showing your prejudice. Not everyone in the Western world is content to bend over for American tyranny.
And you think the NSA won't interfere, should I start up a company that will compete with the US? They sure will. This is why there is such heat on this subject, duh .. why compete with the American Industrial Spook Empire, if they can inject code into your systems, remotely, without detection. If they can inspect all the packets, wherever. If they decide, after I become successful at something that might impact an American-Industrial Giant's applecart, to use my neighbours router to hide their destruction of my business?
Screw that. I don't want to hear an excuse - I want to hear a solution, from our American friends. Damn right I want a revolution!
I think this thread is a manifestation of the broader trap that we are in as a culture, in that we cannot seem to break out of the dialectic-materialist mode of argument, even though its not the only way we can form a consensus..
I generally agree with this. I'm not sure what exactly this adds to the overall conversation. Does anyone have thoughts on why the NYT would choose to publish it, perhaps beyond pageviews?
I tend to think that leaks like this one may weaken the overall view towards the Snowden leaks. As far as I can tell from reading the article it's a tool that's used in specific cases, and likely has value in that capacity.
As the Snowden leaks get further away from "they're spying on Americans" and more into "they're doing their job" I'm getting less and less sympathetic. This is just a way to exfiltrate data, if that way was on steroids and a bigger budget, but still very much within the scope of the legally declared mission of the agency. Why is anyone upset that a technical spy agency is spying using technical means?
As a rational person on planet earth I can safely assume that if your country is not too broke to afford a spy service then it has probably attempted to spy/spied on the US at some point. That's what countries do when they don't know something that someone else is unwilling to tell them.
Do you really think that the US is unique in spying? or that the scale is even unique? Pro tip: if you do you're wrong.
Yes, the scale is unique for many reasons, one of the most important being that most of internet backbone including consumer services are located in the US jurisdiction. Your pro tip is worth nothing.
It's now reasonable to assume that any resources the NSA have are being used on innocent people form around the world with no connection (supposed or otherwise) with terrorism.
So I think it is valid for victims to be made aware of the tools their enemies in the security services are using against them.
"releasing these details simply doesn't help the cause of fixing the NSA's less savoury incursions" -- of course it doesn't. Why would anyone expect that? At least, I'm not convinced there is any realistic prospect of NSA's programmes, or other similar abuses being "fixed" in the forseeable future.
Meanwhile, everyone, US and others alike, needs and is rightfully entitled to secure communications (in a moral sense, not to be confused with the laws of particular states). Unless there is some guarantee that the methods exposed could never be used improperly, exposing them is a vital public service.
Transmit as far as "EIGHT Miles". Does anyone know what type of power this would take? I imagine if they used a less noisy frequency combined with sensitive receiving equipment, it would not take much. I used to play with CB radios which has a cap at 4W, with a good antenna, one could transmit 7+ miles in good situations.
There's at least two things that limit the range of this system, compared to the CB radio you mention:
- less power available via USB
- less impressive antenna
It's a pretty much meaningless number without also talking about the antenna used both at the transmit and receive end. Carefully aimed high gain antennas can easily get that sort of range with power in the tens of milliwatt range. I've seen 100mW hobby-grade FPV gear doing 5+km with an omni directional antenna on the transmitter and only a high gain directional antenna at the receive end. With sophisticated enough gear at the recieve end, and an intentionally-aimed high-gain antenna at the transmitter, I'd bet getting 8 miles on single-digit mW of transmit power would be do-able.
(Note that 4Watts of 27Meg CB radio is well known for getting ionospheric "skip" and connecting over literally thousands of miles given the right conditions.)
I suppose it's possible, but if I were the NSA I wouldn't bet on getting a signal past the neighborhood distribution transformer. There's often enough disturbance on a building-wide circuit to cause problems with powerline networking. Your 42" LCD TV probably has enough power-conditioning circuitry to interfere with network signals.
If you have one of those briefcase-sized boosters, 8 miles could be pretty reliable.
If you have a huge antenna, a fraction of a watt in the shortwave band will easily get you across the country.
But presuming not shortwave and no particularly special antenna, a watt or two might do it.
For reference, cellphone radio signals are on the order of a watt or two, and they have no trouble reaching cell towers a mile or two away; maybe more.
This comes from my ham radio background and some of my individual experimenting.
"Computers with particular Intel® Core™ vPro™ processors enjoy the benefit of a VNC-compatible Server embedded directly onto the chip, enabling permanent remote access and control. A RealVNC collaboration with Intel's ground-breaking hardware has produced VNC Viewer Plus, able to connect even if the computer is powered off, or has no functioning operating system."
I have to admit I was disappointed these seem to require radio transmitters be added to the device. Was sort of hoping to discover there were little antennas built into Intel processors or nvidia video cards.
However, I now know more about what DARPA's littlest flying robots will be doing, especially the ones already described as little more than chips with wings.
The only thing that's more disappointing than the NSA spying is the NYT sitting on this scoop for more than a year, and letting Der Spiegel break it. Only slightly less amazing is that Der Spiegel and Jacob Applebaum were talking about this more than two weeks ago, and the NYT diddled until now. Incredible.
https://www.youtube.com/watch?v=vILAlhwUgIU
"We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies"
Nobody with an unspoiled mind and following the news last year will believe this bullshit.
If there is anything, people all over the world (also in the US) should have learned: Statements from people of some federal US organisations can not be believed at all -- in many cases the complete opposite is true.
The NSA lost all credibility for their claim not to be stealing for commercial advantage when they were caught spying on Brazil's Petrobras (government owned oil company). It is simply not credible to claim this spying was for the prevention of terrorism.
This is another example of how Snowden has compromised national security by leaking secret information that has nothing to do with American metadata and everything to do with the NSA's charter and legal mission.
Maybe it's Snowden, maybe it isn't. It has been suggested by the reporters of this information that the Snowden name may be used as a cover for other NSA leakers.
Except if we actually put this story into context of how the US government does things, we realize that if this technique of spying isn't already being used on US citizens, it soon will be. Drones, wire-tapping, and infectious state-created spyware came home from the War on Terror, what makes you think this practice won't?
Of course, neither of us can prove anything either way, but context is necessary before making analyses like yours
Any thought that the NSA is adding to our national security is a delusion.
How about a shift in your thinking: Instead f "securing" ourselves through trillions in weapons and intel BS - why not work toward creating a better world through better systems and people?
It wasn't a secret to anyone who would have really wanted to know. The NYT knew for years and stayed hush to keep their access to the political establishment. I seriously doubt this is news to China, Russia, Iran, etc.
Or, perhaps, an example of what all intelligence agencies are using, not just the NSA. With knowledge of these techniques, multinational corporations can try to protect themselves against industrial espionage by foreign governments.
Until we have true US citizen oversight over the NSA activities to make sure that they are acting purely in a way that is aligned with its charter and legal mission, all this information about its capability also compromises its ability to carry out a perfect tyranny.
I think most US citizens would be okay with affording the NSA rights to secrecy if those in the NSA had shown themselves to be exemplary defenders of the US Constitution.
Instead, they have demonstrated themselves as the most formidable opponents to the US Constitution, and more specifically the Bill of Rights. Our national security means nothing if the principles upon which the nation is founded are being debased wholesale. The US without the Constitution is not a nation, since the Constitution is the foundation of the shared history and government of the 330 million people that call themselves Americans.
An NSA that does not respect the Constitution is the greatest existential threat to national security this country has faced. An organization with the capabilities of the NSA with no real oversight can unilaterally subvert even the healthiest democracy.
Snowden leaked a huge amount of data to journalists that he trusted to decide what was in the public interest and what would harm national security.
I actually think they have mostly done a good job. I think this story, and the previous one on TAO from Der Spiegel, are substantially different to the other stories that have been run from the leaks.
I do think there is an argument that these kind of details weaken security, and it's far, far less clear cut in my mind that the public interest argument outweighs the security argument in this case.
If you believe it does not that isn't a belief I would challenge - but blame the journalists who have made the wrong call, not Snowden. Deciding which 0.1% of the 100,000 documents to leak is their job.
So according to you, the USG not being able to spy on everyone, everywhere, all the time compromises "national security"? By that logic, you're threatening your neighbors by not having surveillance cams in your bedroom and bathroom, because you might be doing something nefarious there.
I have a better idea: the US should stop interfering in other countries and violating people's rights - then it wouldn't have enemies.
This reminds me of a lunatic I was talking to in Best Buy some 12 years ago. He claimed that he knew about, was aware of, and involved with a government program/technology where they could plug in a device to a computer and immediately gain access to all current computers at the time.
It was bullshit then, and it is bullshit now. Yes there are such things as side channel timing attacks against secure chips, but it isn't going to work with a fucking usb device plugged in outside of the metal cage that is a pc case.
So, any chances of finding such a device out in the wild? Suggestions for detecting the most likely used type of radio transmissions? How can they transmit over 5Km with USB power and no antenna?
Under the right conditions you can send radio messages around the world on as little as 5 watts.
You gotta remember that there's two sides to any radio system: the transmitter and the receiver, and both determine what you can do. After all, with the right antenna on one side, you can use wi-fi over a distance of miles.
oh man when does this stop? these guys are clearly breaking the law all in the name of "keeping us safe from terrorists". This needs to be stopped. All the perpetrators of this program must be brought to justice with a court that adheres to the principals of democracy and freedom.
"The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers."
Oh, so they only need physical access to the machine, and then they can do stuff to it? It's like magic!
Well, I suppose it's time for the tin-foil-hat crowd to turn their computer cases into a Faraday cages then! Of course, these NSA gizmos might plug into ground and detect radio-induced current fluctuations. Given how many computer cases are metal, this might be the obvious way to go actually. So... Faraday cage and a really expensive ground conditioner?
> Richard A. Clarke, an official in the Clinton and Bush administrations who served as one of the five members of the advisory panel, explained the group’s reasoning in an email last week, saying that “it is more important that we defend ourselves than that we attack others.”
Pretty frightening that such things apparently still need to be said.
I remember an article on here a while back of a well known security or cryptology researcher that had a machine get re-infected by unknown malware time and time again without a network connection, who also observed radio waves and thought that was the iv...
I remember coming to the conclusion at the time that the security researcher must be kind of going nuts or something; doesn't seem quite so nuts now. Surely a professional would spot a rogue chip or device though?
1. http://en.wikipedia.org/wiki/Tempest_(codename)
reply