NSA is buying Americans’ internet browsing records without a warrant::“Web browsing records can reveal sensitive, private information about a person based on where they go on the internet,” said Sen. Ron Wyden.

  • bl_r@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    11 months ago

    the NSA’s information security is lax and outdated

    As someone who has read the unclassified reccomendations on infosec written by the NSA and CISA, no, it isn’t. The NSA has some sophisticated security infrastructure, and if stuxnet or eternal blue has shown us, their infosec capabilities are incredible.

    we’re pretty sure Russia and China are unofficially privy to any data they want.

    I have literally never heard anyone say this before and this goes everything I know about cybersecurity, intelligence, and geopolitics.

    The NSA ECC bullshit was to support surveillance, not to weaken their own security. The theoretical vulnerability lies in the usage of the suggested parameters of their curve, not ECC itself. Making surveillance easier is something that the NSA has historically supported.

    at this point NSA leaks stuff to other law enforcement

    I genuinely have never seen anything to support this that is substantial.

    Holy shit I cant believe you’ve made an anarchist defend the NSA but this is so damn wrong.

    • Uriel238 [all pronouns]
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      Apparently you don’t read TechDirt, which I have for over a decade now, and NSA had been active in shenanigans and lax securityy since the wiretapping scandals of the aughts, and in 2023 has been leaking stuff to FBI without warrants (which is supposed to be unconstitutional but between the PATRIOT act and the Federalist-Society-dominated SCOTUS, we may be no longer legally protected from NSA surveillance as an unreasonable search).

      The FISC has always been a rubber stamp court, so it shouldn’t be necessary for law enforcement to circumvent warrants for NSA information, but it turns out it’s just easier using the NSA backdoor access.

      I will admit to a certain degree of cynicism. When official channels tell me something is secure or handled with respect to all ethical and civic concerns, and investigative journalists tell me the opposite, I trust the journalists more than I do the official channels. But then I’ve been through the aughts and the George W. Bush administration when the only sources of actual facts were from foreign sources, because the native news agencies were terrified of reprisals for failing to toe the line.

      It’s why when people are alarmed today that the fascist autocrats are here and SWATTING their political enemies, I can only quietly sip my coffee from the corner.

      • bl_r@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        apparently you don’t read TechDirt

        I don’t read TechDirt

        the NSA has … been leaking stuff to the FBI

        Oh, I know about this, I thought you were talking about local law enforcement offices, which is not something I’ve seen.

        As far as the unconstitutionality of the NSA’s actions, I fully agree with you. From the perspective of of an anarchist, I don’t exactly see any alphabet agencies or the branches of government in a good light. I fully expect the NSA to be involved in shenanigans, just as I expect the FBI or CIA to do so.

        the FISC has always been a rubber stamp court so it shouldn’t be necessary for law enforcement to circumvent warrants for NSA information, but it turns out it’s just easier using the NSA backdoor access

        If you are talking about the FBI when you saw law enforcement, the FBI has it’s own malware it uses, such as Magic Lantern historically, and certainly others that are not public. There is also some info about them possibly using the NSO group’s Pegasus spyware, which is obscenely hard to detect, and has, at times, been 0-click, meaning you don’t need to take any actions, and it has cleaned up evidence of tampering. Since the FBI has to make sure their evidence is admissible in court, they do need to make sure their evidence is gathered in such a way that it does not violate laws.

        However, I have listened to interviews with people who argued their case was built on unconstitutional evidence, and claimed that the feds told them “if you try and attack the case like this, we will tack on more charges,” so I’m not saying they always deal with admissibility in court when starting investigations.

        The only gripe I still have is the your statement about the NSA’s lax security, since the breaches I’ve read about have all been done by nation state actors, which tend to be the most capable groups in the world.

        My experience with the NSA, as someone who works in security, does not indicate they have lax security. From their leaked tools (I <3 ghidra), to their security guidelines, to their malware like stuxnet, to their public tools like SELinux (and eventually ghidra), their security capabilities seem solid.

        I don’t want this to come out as me liking the NSA, since I hate a lot of what they do. But as someone who is a huge security nerd and malware enthusiast, I find their tools fascinating, and do have some respect for them from that perspective, in the same way someone might like Kanye’s music and respect his talent, but hate his guts for being a nazi.

        If there are any good techdirt articles, please send them my way, I’d love to read them