WA Post Publishes 4 More Slides On Data Collection From Google, Et Al 180
anagama writes "Lots of new program names, flowcharts, and detail in four previously unreleased PRISM slides published by the Washington Post today. These slides provide some additional detail about PRISM and outline how the NSA gets information from those nine well known internet companies. Apparently, the collection is done by the FBI using its own equipment on the various companies' premises and then passed to the NSA where it is filtered and sorted."
As a concerned Canadian (Score:5, Insightful)
I've already quit Google. Now how about you?
Re: (Score:3)
... and go where? Assuming it's true, all of the big players are there. Anyone who gets big enough will just get added to the list. I block javascript and cookies for the most part and encrypt any data I want kept save if I put it in 'cloud' storage. I'm not even sure if these companies had any way to refuse or warn the public about this, but I'm disappointed that someone didn't pull a 'Snowden'. The real problem here is not the companies, it's the government. People need to go to prison for this, from the
Re:As a concerned Canadian (Score:4, Insightful)
The real problem here is not the companies, it's the government.
Oh please, the companies write the rules for the government to enforce. The problem here is us. We let them do it. And only dangerous people should be in prison.
Re: (Score:2)
How would you suggest these people be punished? They're in government positions and have violated the constitution of the country and acted against the interests of the populace. Serious question.
Re: (Score:2)
How would you suggest these people be punished?
Chain gang... Oh, seriously? Loss of their position and benefits and forfeiture of other assets and income would be sufficient. Maybe the word 'thief' tattooed on their forehead... I'd rather make them face the stares and curses of the people they betray.
*What's the best way to get revenge against a rich man? Make him a poor man.*
Re: (Score:3)
All that plus a little time in PMITA Federal Prison would be nice. I mean they've built and profited from the largest prison industry in the world. They should experience it because it's theirs.
Re:As a concerned Canadian (Score:4, Insightful)
You've quit on Google, but Google hasn't quit on you.
Re: (Score:3, Insightful)
Re: (Score:3)
Are you ready to quit Microsoft also? They were one of the first to jump on board with all this nonsense. Quitting one and not the other would make no sense.
Re:As a concerned Canadian (Score:5, Informative)
Check the HTML - Google gets notified of every page you visit on here, in detail.
Re:As a concerned Canadian (Score:5, Informative)
Re: (Score:2)
And Do Not Track Me [abine.com] blocked an additional 3.
Re: (Score:3)
Re: (Score:2, Funny)
OK and how can I block Ghostery's snooping?
I think Ghostery Busters is the place to start.
Re: (Score:2)
Well that validates the 'weasel word' disclaimers. (Score:5, Insightful)
Google et al. said something, IIRC, like 'we do not collect and pass on any info to the NSA'. Technically true, but also completely irrelevant to whether or not the NSA was actually collecting data.
Asking corps or government about what they do and don't collect is like asking a genie for a wish: one must phrase the question perfectly, or they'll twist it any way they can in order to answer what you asked, but not what you really wanted to know.
News at 10! (Score:2)
Re: (Score:2)
... and to the person that said the devices were in ISPs, it's unlikely because of the prevalence of SSL. The equipment would need to be behind the company firewalls.
Re: (Score:3)
Because the NSA couldn't possibly have their private keys...
Re: (Score:2)
Having a copy of the private key doesn't help you when using Perfect Forward Secrecy [wikipedia.org] through ephemeral Diffie-Hellman session keys.
Though I suppose that if you disable everything but the EDH and DHE ciphers in your browser, many sites will not work.
Re: Well that validates the 'weasel word' disclaim (Score:2)
Actually in this context a self signed cert would maybe be more safe, although not really. If the proxy device has a root signing cert it can just sign one for the sight it is proxiing to on the fly and then re-encrypt chances are you would never notice.
Re: (Score:2)
They are technically correct. The best kind of correct. The FBI is the one doing the collection and passing on.
So, by statute the NSA is not allowed to spy on American citizens on American soil (since that's the FBI's job). But because of all the Intelligence-sharing laws that passed in the early and mid 2000s, that's been totally neutered. It's an offshoot of the outsourcing mindset - we're not allowed to do it, but we can ask someone else who IS allowed to and share the results.
Re: (Score:2)
I honestly don't know, but I thought it was illegal for the FBI to spy on U.S. citizens as well?
Re: (Score:2)
Re: (Score:2)
Google may not even have been aware that the FBI was passing information on to the NSA.
Re: (Score:3)
Oh, be fair. These infamous 9 have a lot of data centers, and you can't expect the CEO to know which equipment from whom is in every corner there? I mean, just walk up to one of their data centers with a router in your hand, and tell them that you need an Internet connection. I'm sure that they'll let you waltz in and connect wherever equipment you want . . .
. . . when monkeys fly out of my ass.
The FBI probably has technical offices and agents in each data center, to maintain all this stuff. Ask them
Re: (Score:3, Interesting)
Google et al. said something, IIRC, like 'we do not collect and pass on any info to the NSA'. Technically true, but also completely irrelevant to whether or not the NSA was actually collecting data.
They didn't mention the NSA: http://googleblog.blogspot.com/2013/06/what.html [blogspot.com] That post is unequivocal, and is in direct contradiction to statements by the post like:
The Foreign Intelligence Surveillance Court does not review any individual collection request.
and
The FBI uses government equipment on private company property to retrieve matching information from a participating company
Which directly contradicts a statement here: http://www.wired.com/threatlevel/2013/06/google-uses-secure-ftp-to-feds/ [wired.com] Unfortunately, all such statements in the Post's article aren't on the slides; they are the Post's annotations on the slides, and the author doesn't provide any evidence to support them. Take from that what you will.
Re: (Score:2)
They don't pass it along to the NSA they pass it to the FBI who passes it to the NSA.... So while technically correct was a part of the big lie that the NSA is not spying on Americans...
Re: (Score:3)
And sometimes, like when you ask if they "collect any information on millions of Americans," they just lie.
Oh, that's so harsh. It's just that you need to get them to precisely define the words "collect", "any", "information", "millions", and "Americans". I'm sure that if you did, you'd reach a point where you thought "oh, 'no' doesn't mean what I thought it meant". (The words "on" and "of" are probably safe, though you never know). It's like how the word "sex" can mean different things depending on who's talking.
Re: (Score:2)
I can say with absolute certainty, that the NSA workers were never collecting information while sitting ON millions of Americans. Number one, they sit on chairs, not people. Number two, some of them may be chubby but nobody is fat enough to sit ON even 1000 Americans at once, let alone millions.
Re: (Score:2)
Number two, some of them may be chubby but nobody is fat enough to sit ON even 1000 Americans at once, let alone millions.
Roseanne Barr comes pretty close.
Illegal power without Constitutional authority (Score:5, Insightful)
This is an unconstitutional power that the USA federal government usurped from the people, it doesn't actually matter how they grab most of it, however what does matter is that they do and it looks like it's not going to stop until the system crashes and there is no more money to run it.
Encrypt your communications, encrypt everything you can. Use self signed certificates, by the way, avoid Certificate Authorities, AFAIC they only make it easier to create a MITM attack, not harder. They can confirm to your device that a certificate is valid even if it is not the certificate that you want to use. Of-course if you use CAs do not let them generate your keys for you.
At this point the behaviour of browsers to treat self-signed certificates as worse than plain text should be suspect to everybody, there is no rational explanation to that sort of attitude except: we don't want you to use certificates that authorities can't revoke and replace.
Re: (Score:2)
Encrypt your communications
Djl;lk;mckj88 d d ddddja;pdooble!
How's that? The NSA will never know what I said there!
Re: (Score:3)
At this point the behaviour of browsers to treat self-signed certificates as worse than plain text should be suspect to everybody, there is no rational explanation to that sort of attitude except: we don't want you to use certificates that authorities can't revoke and replace.
I agree that everyone would be better off if everyone encrypted everything. I also agree that CAs shouldn't be trusted.
But seriously? You can't see any reason to distrust self-signed certificates? They aren't trusted because the browser has no way to verify their authenticity, which makes them dangerous. Trusting them would make man-in-the-middle attacks against SSL too easy; many studies have shown that users ignore the warnings. This _IS WORSE_ than plaintext because the user believes they have a secur
Re: (Score:2)
You can't see any reason to distrust self-signed certificates?
- I trust them much more than I trust governments and certificate authorities. I trust that using an encrypted connection with self signed certificate is NOT WORSE than using plain text and I don't trust that the browser behaviour regarding self signed certificates is without suspect, without a bias.
IF your argument had any merit, THEN browsers could at least use the self signed certificate and NOT show the 'secure' icon, show whatever you like, don't break browsing experience for users. Don't say that t
Re: (Score:2)
- I trust them much more than I trust governments and certificate authorities. I trust that using an encrypted connection with self signed certificate is NOT WORSE than using plain text and I don't trust that the browser behaviour regarding self signed certificates is without suspect, without a bias.
It is worse. Using an encrypted connection with a self signed certificate is worse than plain text in terms of security. With HTTP a man-in-the-middle can see everything you send. With HTTPS using a self-signed certificate a mitm can substitute their certificate for yours and see everything you send. You'll have no idea this happened because you'll see the self-signed warning either way. The difference is that with HTTP the user knows the connection is insecure and choose what data to transmit accordingly;
Re: (Score:3, Interesting)
It is worse. Using an encrypted connection with a self signed certificate is worse than plain text in terms of security. With HTTP a man-in-the-middle can see everything you send. With HTTPS using a self-signed certificate a mitm can substitute their certificate for yours and see everything you send.
- nonsense and it is dangerous nonsense given the facts that we now are aware of about the governments recording all communications to look at a LATER DATE.
If somebody, especially government is specifically targeting you for MITM attack, no CA will stop them, worse, AFAIC CAs are are highly suspect, CAs are a perfect target for government 3LAs to create an easy way to penetrate security.
In fact there cannot be 'secure' icon on a browser if a CA is used! The only way to have highest order of security that
Re: (Score:2)
If somebody, especially government is specifically targeting you for MITM attack, no CA will stop them, worse, AFAIC CAs are are highly suspect, CAs are a perfect target for government 3LAs to create an easy way to penetrate security.
Correct, and a self-signed certificate won't stop them either. Here's a simple algorithm to break self-signed HTTPS:
1. If HTTPS using a CA-signed certificate is detected, record the traffic.
2. Else if HTTPS using a self-signed certificate is detected, perform a mitm attack and record the decrypted traffic.
It's only secure to use trusted self-signed certificates, which is what I've been arg
Re: (Score:2)
I saw your post, I understand what encryptions is, what certificates are, what self signing is, I develop with it and use it all the time. Again, unless you are working for CAs and have a dog in this fight or you are NSA, you wouldn't want people to use self signed certificates, that's true. Otherwise it is a nonsensical irrational position to state that self signed certificates EVEN when are not deployed manually, when the fingerprint is not checked by the end client are worse in any way than plain text g
Re: (Score:3)
There are two scenarios here: either the government performs mitm attacks or they don't.
If they do perform mitm attacks, using an untrusted self-signed certificate is equivalent to using a CA-signed certificate in terms of what the govt can see. The govt can perform a mitm on the self-signed connectino by using their own self-signed cert, and the govt can perform a mitm on the CA-signed connection by forcing the CA to give up the CA cert and signing a new cert with the CA cert.
If they don't perform m
Re: (Score:2)
A self-signed certificate without MITM attack prevents gov't from looking at your past. CA that generates your keys is the biggest breach of security there is and browsers acting as if self-signed certificates are a virus coupled with CAs is a huge barrier to entry for a large number of people that prevents them from implementing self signed certificates.
You would have to be a complete idiot to let a CA generate your keys for you. The normal (and sane) process is to have the CA sign your public key. In that case what I previously posted is true: a CA-signed cert is equivalent to a self-signed cert in that, to decrypt your traffic, the govt must do a mitm or take your cert.
I didn't address that scenario in my previous comment, it doesn't mean that it is how I would address it (not give a warning when a CA authorised certificate is replaced with a self signed certificate)!
How can you possibly detect when a CA authorized certificate is replaced with a self-signed certificate? You can't ask bank.com's webserver because you don't have a secure way of communica
Re: (Score:2)
- if this is your first connection to the bank, then there is nothing you can do, correct! You can't know what the certificate is for the bank until you get one. So you should be presented with a PLAIN TEXT connection to the bank if this is your first connection and if you are willing to go through a PLAIN TEXT connection to your bank, then that's up to you and if that's the MITM attack then too bad, you didn't care to check what the connection to your bank is and that it doesn't use a CA signed certificate (as if that matters if you don't care to check what the hell you are doing connecting to your bank without understanding you need to look for a 'secure' connection icon, which is what all banks tell you to do).
This is a horribly brittle approach.
What if the website switches CA-signed certs for a legitimate reason? What if they follow your advice and switch from a CA-signed cert to a trusted self-signed cert? Certs do, and should, expire.
How do you know the first cert you receive from the website is the correct one? If I wanted to defeat your approach, all I would have to do is ALWAYS replace the CA cert with a self-signed cert. Your approach isn't implemented yet, so if I start doing that before it is, I w
Re: (Score:2)
And where is the problem with that? People have no idea what security is and how all pieces of it are implemented, however they are told by banks (for example) that they must have the 'https' connection (or the secure icon) and if it's not there, then they shouldn't use it.
User studies have shown that users don't pay attention to HTTPS warning messages or to the secure icon (e.g., https://www.usenix.org/legacy/event/sec09/tech/full_papers/sunshine.pdf [usenix.org]).
Worse, how is the user supposed to know whether to check for the icon?! If you're going to bank.com it's reasonable to assume that HTTPS should be used. What about other websites? You know, the kind that the govt would actually be interested in intercepting traffic to. There would be no way to know if HTTPS _should_ be pres
Re: (Score:2)
I agree that the SECURITY portion of the https is screwed up, it's out of date, it's not working. However I am not talking about delivering security, I am talking about encrypting all traffic across the entire Internet with as many certificates as possible.
AFAIC it is more relevant today to encrypt all traffic and prevent government from having access to any plain text communications than provide 'security' (or whatever we see as 'security') in the current sense of the word. The security model is broken a
Re: (Score:2)
Like I said, the govt can easily circumvent your system by performing a mitm whenever it sees a self-signed cert. You're decreasing the system's security and at the same time you're not signific
Re: (Score:2)
We should get people to encrypt traffic and if that takes self-signed certs then that's what we should be promoting and browsers using ridiculous warnings for self signed certificates do not promote using more of them.
Now, if every connection already had a self signed certificate except for some, that would choose CAs, then I would be talking about something else - how to add actual security to the encryption and security requires that the involved parties know who they are before they can communicate in a
Re: (Score:2)
There's no point using self-signed certs that cannot be verified. There's no way to know if a mitm is taking place or not.
Re: Illegal power without Constitutional authority (Score:2, Interesting)
How long before we find out that CAs are part of the whole spying industry also?
Re: Illegal power without Constitutional authority (Score:4, Insightful)
How long before we find out that CAs are part of the whole spying industry also?
There is very high likelihood that they are . Verisign was founded by a group of ex CIA/FBI directors back in the 90's, who resigned to start Verisign. This happened after the Clipper chip program got canned. (The US government wanted to build a legal backdoor into every computer running the Clipper cryptographic system.)
Its the same reason that they bought Thawte from Mark Shuttleworth for about a $1 billion dollars. He controlled a significant amount of HTTPS encryopted HTTPS traffic via his start-up.
I suspect that Most HTTPS traffic can be decrypted on the fly by the US spy organisations.
Re: (Score:3)
He wasn't modded down. Roman mir posts so much incoherent schitzophrenic babble that his karma is in the toilet. Look at the moderation (click on the number on a comment to see how it was modded). He's at +1 now with 100% insightful. Moderation worked.
OTOH you should be modded offtopic. Moderation failed on your comment. It wasn't informative, it was incorrect. Mods, please pay attention! If someone's sitting below 1, don't assume he'd been modded down.
Re: (Score:2)
Funny story, a few years back when I wrote this [mozilla.org], I added in the functions to encrypt and decrypt text in browser input elements with a predetermined password. At the time when I was working on it, FF was some much older version and to my surprise when I was debugging the code, I realised that I could use Javascript to read input characters from password fields in my code from ANY page. That was unfortunate (I think they fixed that by now). But of-course today if you use something like gmail or hotmail, t
Re: (Score:3)
That's very interesting. A friend of mine was talking about doing a similar thing recently so I'm going to let him know about this.
One of the problems with encryption, is that even if the content is secret, who it was sent to and who sent it isn't necessarily so. That makes me think that perhaps one the scourges of the internet, spam, could be turned into a secure means of communication, because if a message is delivered to 50m people, figuring out who it was intended for is pretty hard. Couple that with
Re: (Score:2)
The spammer would probably get grilled if found out, so that IS a weak link.
Yeah, that will work. LOL.
Given how pernicious and intractable the problem of spam has proven for as long as its been around, you sooner or later might suspect that it is a product of the US Government itself.
Re: (Score:3)
Don't be ridiculous. As a well documented historical relic, the paper is worth much more than you think.
Lies and very very serious problems (Score:4, Insightful)
Lies, Facebook in particular lied about this, even as Obama was confirming it and claiming a [non-existent] warrant is needed to access this data:
"The search request, known as a “tasking,” can be sent to multiple sources — for example, to a private company and to an NSA access point that taps into the Internet’s main gateway switches. A tasking for Google, Yahoo, Microsoft, Apple and other providers is routed to equipment installed at each company. This equipment, maintained by the FBI, passes the NSA request to a private company’s system. Depending on the company, a tasking may return e-mails, attachments, address books, calendars, files stored in the cloud, text or audio or video chats and “metadata” that identify the locations, devices used and other information about a target."
I don't care about the pathetic protections put in place for Americams, I'm not American. I care that these services hand my data to a military structure that works against me. Worse they inevitably turn America into a dictatorship.
"Before an analyst may conduct live surveillance using PRISM, a second analyst in his subject area must concur. "
So any boss that oversees 2 analysts can spy on Americans, simply because he can order 2 of them to concur. And the big boss, General Alexander can even waive this, because its HIS policy not law, i.e. no protections at all.
You want to fix this? Well try running for President and sacking the NSA chief. He'll have record of every mistake you've made, detailed knowledge of who backs you, the campaign team, private communications, strategies, everything. They've made a dictator and people like Dianne Feinstein are so stupid and incompetent they can't see why they've done so much damage.
Completely flipping the system in secret, the system that's kept the US a democracy for the longest time any democracy has survived so far. Those little shits just threw it away.
Re: (Score:2)
Obama was only speaking about americans when he said that you need a warrant. that's where the 51% probability comes from, so some dude has to think that there's 51% probability that someone is a foreign national on foreign soil and therefore they can SPY ON HIM INSIDE USA from american servers ;)DDSSAFSD.
WA or DC? (Score:3)
I'm just a dumb Canadian... Is WA ever used for Washington DC?
Re: (Score:2)
No. WA is always Washington state, DC is the District of Columbia; Washington, DC is not in any state. WA is a postal code, like IL is Illinois and FL is Florida.
Re: (Score:2)
While "WA Post" is rather ... odd, its frequently abbreviated to WAPO.
In fact, google for wapo and the first result is the washing post site. Wikipedia redirects wapo to the article about the washington post.
Etc.
"WaPo" (Score:2)
I've only seen it a few times -- on Poynter.org, who report on journalism, and they seem to have standards on how they form abbreviations. I don't know that I've seen it in other places -- most people reporting try to cater to a wide audience and don't tend to slip in jargon.
And when I've seen it on Poynter, I've always seen it as mixed case 'WaPo' not "WAPO'. I've also seen it abbrreviated 'WashPost', but this is the first that I've ever seen it as 'WA Post'. (and I don't think I might've over looked it
Re: (Score:3)
Re: (Score:2)
I love it when people try to show themselves as clever and end up showing the complete opposite.
Re: (Score:2)
I'm just a dumb Canadian... Is WA ever used for Washington DC?
No it isn't - WA is the official US Post Office abbreviation for the State of Washington, which incidentally is where I live (so I've written or typed it thousands of times in my life).
Re: (Score:2)
Correct, and the GP, Happy Canada Day.
The OP should either have used the commonly understood abbreviation, "WaPo", for the Washington Post, or used perhaps, "Wash. Post" which is a correct-US-English, though not US Postal Service, abbreviation for Washington, D.C.
"WA Post" makes it seem it might be out in Tacoma or Spokane or thereabouts.
Re: (Score:2)
"Wash." used to be the postal code for WA before we went to two letter abbreviations. I'm surprised though that people are having such a hard time reading this (well, I can understand non US based people not getting it, but anyone in America who doesn't must lead an incredibly hard life, being so literal and all).
Or maybe it is just that I live Washington State, and it rankles me whenever I hear people say "Washington" when they mean "Washington DC".
I live in the real Washington, the one with trees and mou
Re: (Score:2)
Usually I hate Slashdot tangents, especially pedantic ones, but this one got me looking at some Utah Phillips stuff on Youtube.
http://www.youtube.com/watch?v=U0f-mlwaGcE [youtube.com]
That is from Amy Goodman's interview with him before he died. Interestingly, he talks about the prosecutions under the espionage act of labor organizers (Phillips was a Wobbly) around WWI toward the end of that segment. http://en.wikipedia.org/wiki/Palmer_Raids [wikipedia.org]
J. Edgar Hoover was involved in those.
Anyway, this tangent on "WA Wash Washingto
Re: (Score:2)
"Wash." used to be the postal code for WA before we went to two letter abbreviations.
There were no standardized abbreviations before the US Postal Service created them. At best you had something like the Associated Press style manual for datelines. Canada Post collaborated (note that "MB" is the only possible abbreviation for Manitoba that doesn't overlap with a US state).
I'm surprised though that people are having such a hard time reading this (well, I can understand non US based people not getting it, but anyone in America who doesn't must lead an incredibly hard life, being so literal and all).
It's up there with there/their/they're and to/too/two: "WA" has a clear and unambiguous meaning and its incorrect use is jarring, interrupting the smooth flow of reading while we have to consciously decipher the writer'
Re: (Score:2)
No, I wanted to make sure I fit the headline in the space allotted so I abbreviated without even thinking about it. I abbreviate WA DC like that all the time when commenting on stuff here and elsewhere and nobody has ever expressed confusion. Seemed totally natural to me. Next time I'll be sure to write "Mordor Post" or something to avoid confusion.
Re: (Score:2)
Google wapost
Then Google WA Post.
Any other questions?
Not one person reading this story assumed it was from Washington State.
Advanced pedantry.. (Score:2)
WA is the abbreviation typically associated with Washington State, not the city of Washington, D.C.
Wash. Post is the more commonly accepted abbreviation of the newspaper based in Washington, D.C.
And on goes the deceit (Score:3, Interesting)
With each new iteration it is clear that the NSA is bullshitting congress (partly under oath), and congress is bullshitting the public by well-chosen weasel-wording.
What those criminals don't understand is that stating technical truths with the explicit intent of causing false beliefs in the recipient is lying. The intent to deceive and mislead is not ameliorated by some technical truth to a statement.
What is intended to convey wrong information is a lie. The bitter truth is that the NSA is trying to test with how little truthful information they can get away with congress and public, and congress and government are trying to test with how little truthful information they can get away with the citizens.
As long as their is no intention to actually and truthfully communicate, the respective entities need to get dissolved. They are out of control, and they like being out of control.
can we spam or spoof them? (Score:2)
I think it's pretty clear that the US government simply does not have the manpower to read every single online communication in the world and if they can't read it it is useless. So is there some way we can fuck up their automated filters? It would be great if Snowden had information on the actual keywords that PRISM searches for to bump the communication over to a human.
How about an application that intentionally comes up with suspicous sounding emails that spam all of the NSA keywords. If each of us ran s
Re:confusion (Score:5, Insightful)
Actually, I'm glad they're leaking these a bit at a time - in some cases, it's exposing the denials as BS. For example, we've known about the FBI CALEA infrastructure for years. The fact that it's being used to wholesale grab information and pass it to the NSA shows the hair splitting that's going on in the denials.
And actually, the FBI probably does have some CALEA hooks into providers. Google Voice and Skype are almost certainly set up to handle requests, even as the FBI is attempting to get CALEA formally expanded. That's likely not being handled at the ISP level. Further evidence of that? Microsoft wanted to provide statistics about how many requests they get for each service, and the government said "no". The "unnamed sources" complaint from inside Microsoft is that the government doesn't want people to know the extent to which Skype is being targeted.
Re: (Score:3)
So is the box inside Microsoft that's scanning all Skype-pasted URLs after the fact actually the FBI's collection box? That's one filter that may be easy to implement - redirect all traffic from that box to a honeypot or /dev/null it.
Re:confusion (Score:4, Informative)
The third slide has this annotation:
So who should I believe -- the government's own claims or that of an AC?
Re: (Score:2)
Lame self reply, but look at the "Content Type" box of slide 3 -- what does "OSN" mean in that context? Online Service Network? eg: "H: OSN Messaging (photos, wallposts, activity, etc)"
This implies to me that the provider of the info is not the ISP, though the ISP does stand in the middle so it would be technically capable of intercepting and passing this on.
Re: (Score:3)
"OSN is probably online social network."
That sounds more plausible than my guess.
Re: (Score:2)
The FBI equipment is for CALEA and is on site in ISP's, not content providers such as google and yahoo.
You are making an unwarranted assumption here. Even during the "Room 641A" controversy, the claim was made that the FBI has black rooms directly on premises with multiple content providers.
The classified slides that are being leaked show something different. Assuming those interception points are CALEA-related doesn't really make sense - do you really think, with regards to CALEA, the FBI only started slurping Apple traffic in October 2012?
Re: (Score:2)
Well, if it's not enough to make a good understanding of the situation it still isn't enough.
Re: (Score:2, Insightful)
We know we're being watched isnt that enough? Who cares what they call all their programs and who they belong to. They have access to our personal computers, to every chat or email you send. Who cares about semantics?
Re:confusion (Score:5, Informative)
You're totally wrong.
We've SUSPECTED spying. It was even reasonable to suspect that, though you could still be called a foil hatter.
Now we KNOW.
It is like the difference between an untested hypothesis you strongly suspect is true, and experimental results that confirm the hypothesis. The confirmation allows a next step to taken on a fully informed basis rather than belief.
So you are totally wrong -- this is NOT nothing. This is confirmation and if we don't do something about it now, it will be seen as a free pass to do this and more. That's why you should care -- apathy now absolutely ensures a deteriorating future.
Re:confusion (Score:5, Insightful)
Sometimes I have to wonder if this lack of concern isn't all our fault.
Before Snowden:
Wild-haired man: The gub'ment be spying on us! The NSA, the CIA, the FBI; they all are reading our emails, monitoring our online chat and seeing all the websites we go to! And all of them telecom and internet companiers are involved too!
Common citizen: Oh, you wacky nutcase; you've been going on for years about this. Where's your proof of this great conspiracy, huh? They aren't spying on us! This is America and that sort of thing doesn't happen here!
After Snowden: /somebody/ a while ago. Anyway, it's been going on forever and the only thing different now is that its out in the open, so why make a fuss about it now?
Wild-haired man: The gub'ment be spying on us! They see everything you do online, everything! And the big internet and telecom companies are in cahoots with them! And look, now I got irrefutable proof!
Common citizen: Well, of course they were spying on us. Hasn't this been known for years? I remember hearing about it from
It's sort of like crying wolf, except the warnings were always true. Instead of making people disregard you, it instead acclimatizes them to the threat to the point where it doesn't seem dangerous anymore (also seen in sci-fi movies where the aliens use conspiracy theories to make people ignore the threat of a coming alien invasion).
Perhaps we should dub this tactic "Snowden's Law"?
Re: (Score:3)
Perfect example: Economist and professional snob Tyler Cowen [twitter.com]: 'I'd heard about this for years, from "nuts," and always assumed it was true,'
Bullshit. How come there's no record of him giving any credence to such claims before then?
Same thing when Climategate broke out.
Re:And how do we know these are legit? (Score:5, Insightful)
Re: (Score:2)
And how do we know that Snowden didn't construct these slides precisely to become "Assange-like" in the hope that he could create enough of a public following to become "untouchable", while actually delivering the real stuff to his handler?
In other words, making a huge public fuss was his back up plan when he got caught.
Re: (Score:3)
Personally, I think the declassification date is a nice touch.
LOL (Score:4, Insightful)
Re: (Score:2)
Right. Like the government has prosecuted people who claim the moon landing was false or that the face on mars was built just so it could protect its good name from conspiracy nuts.
All the government does to those people, is laugh along with everyone else.
The fact that it is prosecuting Snowden, rather letting have a silly foil hat rant, shows it isn't a foil hat rant.
Re:And how do we know these are legit? (Score:5, Insightful)
That would explain why Biden called Correa for a personal chat, the White House is orchestrating a smear campaign directed not at the content, but at Snowden and Greenwald, and it's pursing Snowden to the ends of the earth to bring him back for "trial" (he has been indicted you know). That all points to the obvious conclusion that Snowden photoshopped some slides? Are you daft?
Re: (Score:2)
Correct.
And the Republicans, for once, are in complete agreement. It seems the only bipartisan issue that exists today is propping up the NSA.
The Democrats won't allow anything negative to blow back on Obama, (not that they needed another reason to justify snooping and oversight of the unwashed masses, since their normal world view is that you need government to take care of yourself.
But the Republican party is passing up this opportunity to pin this on the democratic administration because much of this st
Re: (Score:2)
I only vote third party anymore. If there is no third party candidate, I vote for my cat.
In 2008 I voted 3d party based on my skepticism of Obama, but I was still hopeful he would reverse the abuses of the GWB administration, and I voted for Democrats running in other races.
Obama's extension and expansion of the GWB abuses, which began within months of his election, coupled with the absolute silence from Democrats about this crap, soured me beyond any possibility of returning to the fold. The Democrats co
Re: (Score:2)
At least GWB had 9/11 to "justify" the excesses of that time.
What does Obama have to justify his failure to roll back those excesses as he promised to do? What does he have to justify all of the new excesses of spying put in place since he took office. Look at the last slide in the linked article. All but one of these took place under Obama.
Everyone knew Obama would never fulfill his promises. Even Democrats knew this. Third party may be the answer, but I suspect they would be co-opted immediately upon
Re: (Score:2)
And you are making the opposite assumption. There is no conclusion, and it is not obvious.
All it takes is the appearance of legitimacy, and the NSA has to pursue Snowden. It can't confirm some parts and say the rest are lies, because everything so far has been at least a half-truth, even to Congress. It can't disclaim everything because some are corroborated by NSA statements. If it says nothing is true, Congress is going to start asking, then what is true?
NSA has no choice but to discredit the source,
Re: (Score:2)
Re:And how do we know these are legit? (Score:4, Informative)
It would be pretty easy to create PowerPoint with the requisite markings, logos, etc, on it and then peddle it to various newspapers.
because the response the gov. took about them... they started arguing about how it is necessary for them to do this. that's how we know.
Re: (Score:2)
It would be pretty easy to create PowerPoint with the requisite markings, logos, etc, on it and then peddle it to various newspapers.
That is true. I think you've got to use how the government is reacting as an indicator. If this was just some loon who'd made up a few bogus powerpoint slides, would Joe Biden be calling Ecuador to suggest that they shouldn't let him in? I guess maybe if it was a major disinformation campaign on the part of the government, but it's hard to think of why they'd do that. And now they've got the EU pissed off, too.
Re:And how do we know these are legit? (Score:4, Funny)
But you have to be a true artist to design a powerpoint deck that horrible. Only Government types invest that kind of effort.
Re: (Score:2)
We know those are legit because they're ugly as hell. Seriously, whoever did these slides has zero artistic abilities.
Re: (Score:3, Insightful)
Dan Rather showed what he knew to be a fake memo to smear Bush during an election. Even with overwhelming evidence that he lied Rather continued to state that the memo was true. He finally lost his job due to this.
NBC doctored audio to show Gerorge Zimmerman is a racist, once the full audio came out their trick was shown to be an outright lie.
The CNN woman that moderated the debate between Romney and Obama outright lied in the middle of the debate to protect Obama, a week later she admitted to lying, she
Re: (Score:3)
The CNN woman that moderated the debate between Romney and Obama outright lied in the middle of the debate to protect Obama, a week later she admitted to lying, she was congratulated as a hero in CNN.
Or are you lying or mistaken? From CNN [cnn.com]:
ROMNEY: I -- I think interesting the president just said something which -- which is that on the day after the attack he went into the Rose Garden and said that this was an act of terror. [..] I want to make sure we get that for the record because it took the president 14 days before he called the attack in Benghazi an act of terror.
[..]
CROWLEY: He -- he did call it an act of terror. It did as well take -- it did as well take two weeks or so for the whole idea there being a riot out there about this tape to come out. You are correct about that.
[..]
And here is the transcript from Obama's Rose Garden remarks on September 12, the day after the attack:
"Our country is only as strong as the character of our people and the service of those both civilian and military who represent us around the globe," he said. "No acts of terror will ever shake the resolve of this great nation, alter that character, or eclipse the light of the values that we stand for. Today we mourn four more Americans who represent the very best of the United States of America. We will not waver in our commitment to see that justice is done for this terrible act. And make no mistake, justice will be done."
[..]
But, as to the original accusation from the conservative critics that Obama never mentioned "acts of terror" until weeks after the attack, they were wrong. Crowley was right.