GCHQ, European Spy Agencies Cooperate On Surveillance 145
jones_supa writes "Edward Snowden papers unmask that the German, French, Spanish and Swedish intelligence services have all developed methods of mass surveillance of internet and phone traffic over the past five years in close partnership with Britain's GCHQ eavesdropping agency. The bulk monitoring is carried out through direct taps into fibre optic cables and the development of covert relationships with telecommunications companies. A loose but growing eavesdropping alliance has allowed intelligence agencies from one country to cultivate ties with corporations from another to facilitate the trawling of the web. The files also make clear that GCHQ played a leading role in advising its European counterparts how to work around national laws intended to restrict the surveillance power of intelligence agencies."
Re:It's all a sham (Score:5, Interesting)
"they can't itemize a list of the terrorist operations they've intercepted and stopped." - for obvious reasons
Bull. National security be damned - have you ever known a politician not to take credit? That's why I don't believe these operations are even effective. The biggest fish they've bragged about is some cabbie in LA and his friends who sent a whopping $8500 to some terrorist group in Africa. Are we willing to sell the Bill of Rights for that?
Encrypt everything. (Score:5, Interesting)
End to end encryption is the only answer here. Maybe instead of relying on server certificates, which could be compromised, do the reverse -- the client certificate is used to secure the connection. That way everyone can use a CA (or even issue their own) that they trust. It puts the client in the driver seat, so instead of just stealing Google's key (or tapping Google's fiber), they have to get yours... One might argue that they could target you with advanced malware and steal your private key, but that is no different than what could happen today if they REALLY target you.
Makes sense that if you trust no one, why do you trust their SSL certificate? Why not make them use yours. In the case of on-line purchases, you trust the server based on their certificate but the client still controls the session key. And they trust you based on your login rather than the certificate.
Shrug... Something has to be done by the users. These governments are never, ever going to stop spying.
Re:Lies! (Score:4, Interesting)
Are you serious? The Germans are hardly short on technology. Any nation that has long winters with brutal, cold weather, tends to have a surplus of uber-geeks. After all they can hardly be outdoors playing volleyball when it is minus 30 degrees F. over there. We found out in WWII that a tiny nation like Germany is capable of all kinds of bleeding edge tech.
And it is naive to think that economic advantage as well as economic harm are not part of the spy game. How many ideas and trade secrets are stolen by such spy work by governments? And if you start to develop a product that the government feels endangers the big boys wallets you just might suddenly pass away. Evil seems to distribute itself rather easily in all governments.
Re:Snowden is playing a good game (Score:4, Interesting)
A good thing to start doing right now would be to educate people to use end-to-end encryption for all their communications (or as much as they can).
End-to-end encryption is a great idea, but technical people need to make this as simple and idiot proof as possible to maximize adoption. Let me repeat that: it needs to be simple and idiot proof. I know it's popular around here to accuse everyone in the world of being a drooling dolt, especially where technical matters are concerned, but the fact is, people are busy living their lives, working hard, spending time with their family, etc., and have little time left over for technical geekery. A ten page guide that walks you through all kinds of technical jargon and details is not going to cut the mustard. It must be nearly "click, click, click, done" simple.
HTTPS, IMAPS, etc. It's not the ultimate solution but will make a good portion of MiTM attacks conducted by spying agencies useless.
https is broken by design: it trusts anything the root CAs trust, and you can be sure most or all the CAs around the world are in bed with all the big intelligence agencies.
Re:It's all a sham (Score:4, Interesting)
http://www.washingtontimes.com/news/2013/oct/2/nsa-chief-figures-foiled-terror-plots-misleading/ [washingtontimes.com]
As for tactics every State run group of freedom fighters usually gets some support as in
http://en.wikipedia.org/wiki/Kunduz_airlift [wikipedia.org]
or http://www.telegraph.co.uk/news/worldnews/middleeast/syria/10311007/Syria-nearly-half-rebel-fighters-are-jihadists-or-hardline-Islamists-says-IHS-Janes-report.html [telegraph.co.uk]
Snowden's leaks are from material given to people entering the system as contractors, of great use to historians and for getting global crypto usable again
The "freedom' fighters seem o be doing just fine with their own gov supporters.
So cold the the public is hearing about junk encryption, the brands that help with little worry about legality and vast domestic surveillance nets.