> To my mind, the NSA should be working to make the security technologies used by American individuals, American companies, and the American government as strong and as free of vulnerabilities as possible.
Didn't NSA develop SELinux?
Edit: Heh, lets all avoid the fact that NSA created something insanely useful for the entire world. Nobody likes to think about these things. Hating is so much easier.
> Maybe Signal is awesome. But privacy from law enforcement is not a killer feature. The US Government has substantial leverage over me in other ways.
What about the UK government? The GCHQ is one of the most aggressive and sophisticated signals intelligence agencies in the world.
What about the RU government? Or the Chinese government?
The reason most security folks speak of "nation state actors" in aggregate isn't to be euphemistic (initials: NSA), it's because "the only threat you might encounter online is your local government" isn't necessarily true.
To be clear, I don't want to turn this into a political discussion. I just wanted to point out that the scope is wider than your comment implied.
> If my company is outside the US I can try to use infrastructure that at least makes it harder for the US to gain access.
Which is great, if you have a decent idea of the NSA's (and the US intelligence establishment in general) capabilities. If not, you're essentially fumbling around in the dark trying to make that kind of infrastructure selection. (And, of course, the US intelligence community isn't the only threat, China -- through whom much traffic that neither originates in nor terminates in China is routed -- has to be a consideration, particularly, but they aren't the only other threat, either.)
If you don't have a system where you have strong theoretical guarantees of end-to-end security and integrity with the data sent over untrusted infrastructure, its security against any of the major threats really relies more than anything on them just not caring about it, and if you think that you are meaningfully buying security by choosing between Google or one of their competitors for basic services, you are probably deluding yourself.
> In the balance, weakening American standards does little to help with foreign collection.
While that makes logical sense, the previous actions of the NSA has demonstrated they're not a logical actor in regards to this stuff, or that there's more going on.
> If the NSA were only focused on industrial espionage with these programs then I don't see why they felt the need to target Google (a U.S. corporation in the first place).
The main difference with other countries is that we all know about NSA thanks to what happened to people like Snowden, otherwise it would not be any different from other countries -> pure speculation. And why would the US do it better than countries like China, Russia or France?
Even if you could beat the NSA you still have the UK, Canada, AU, NZ, Russia, China etc. Cool project though.
reply