WA Post Publishes 4 More Slides On Data Collection From Google, Et Al 180
anagama writes "Lots of new program names, flowcharts, and detail in four previously unreleased PRISM slides published by the Washington Post today. These slides provide some additional detail about PRISM and outline how the NSA gets information from those nine well known internet companies. Apparently, the collection is done by the FBI using its own equipment on the various companies' premises and then passed to the NSA where it is filtered and sorted."
Re:Well that validates the 'weasel word' disclaime (Score:3, Interesting)
Google et al. said something, IIRC, like 'we do not collect and pass on any info to the NSA'. Technically true, but also completely irrelevant to whether or not the NSA was actually collecting data.
They didn't mention the NSA: http://googleblog.blogspot.com/2013/06/what.html [blogspot.com] That post is unequivocal, and is in direct contradiction to statements by the post like:
The Foreign Intelligence Surveillance Court does not review any individual collection request.
and
The FBI uses government equipment on private company property to retrieve matching information from a participating company
Which directly contradicts a statement here: http://www.wired.com/threatlevel/2013/06/google-uses-secure-ftp-to-feds/ [wired.com] Unfortunately, all such statements in the Post's article aren't on the slides; they are the Post's annotations on the slides, and the author doesn't provide any evidence to support them. Take from that what you will.
Re: Illegal power without Constitutional authority (Score:2, Interesting)
How long before we find out that CAs are part of the whole spying industry also?
Re:Illegal power without Constitutional authority (Score:3, Interesting)
It is worse. Using an encrypted connection with a self signed certificate is worse than plain text in terms of security. With HTTP a man-in-the-middle can see everything you send. With HTTPS using a self-signed certificate a mitm can substitute their certificate for yours and see everything you send.
- nonsense and it is dangerous nonsense given the facts that we now are aware of about the governments recording all communications to look at a LATER DATE.
If somebody, especially government is specifically targeting you for MITM attack, no CA will stop them, worse, AFAIC CAs are are highly suspect, CAs are a perfect target for government 3LAs to create an easy way to penetrate security.
In fact there cannot be 'secure' icon on a browser if a CA is used! The only way to have highest order of security that we can achieve right now is to install self signed certificates where we know the fingerprint and to prevent CAs from authorising anything at all on our computers.
Again, given what we know about government snooping on people making it ANY more difficult for users to have encrypted communications to any server is only helping government secret police to go back in time and retrieve and search through any communications that are happening on the Internet.
Plain text is the worst possible way to transfer data that should be secured and AFAIC at this point all communications need to be secured, there shouldn't be ANY plain text communications on the Internet, plain text communications is the worst possible thing that is happening right now given what the governments are doing.
Once again, I completely, 100% disagree with your idea that self signed certificates are in any way worse than plain text, that's pure nonsense and dangerous given our times.
And on goes the deceit (Score:3, Interesting)
With each new iteration it is clear that the NSA is bullshitting congress (partly under oath), and congress is bullshitting the public by well-chosen weasel-wording.
What those criminals don't understand is that stating technical truths with the explicit intent of causing false beliefs in the recipient is lying. The intent to deceive and mislead is not ameliorated by some technical truth to a statement.
What is intended to convey wrong information is a lie. The bitter truth is that the NSA is trying to test with how little truthful information they can get away with congress and public, and congress and government are trying to test with how little truthful information they can get away with the citizens.
As long as their is no intention to actually and truthfully communicate, the respective entities need to get dissolved. They are out of control, and they like being out of control.