The following replies are approved. To see additional replies that are pending approval, click Show Pending. Warning: These may contain graphic material.
3
When these types of business vs. government stories come around, I've often thought about what I might do if I were the business owner. My natural, knee-jerk fantasy reaction is that I, too, would shut my business down rather than compromise my principles. However, I have not been in similar shoes, but I'd like to think I'd have the fortitude to not give in.
Now if only a big player with some impact, like Google, had the nuts to do like Lavabit and Silent Circle. On the other hand, Google is in practically the same business as the NSA.
I am not doing much on the internet, certainly nothing that would put me in the cross-hairs of the NSA. This is too high a price to pay. This is far and away the most interesting news story of the last few year, at least to me. I want the US to catch terrorists; I want them to catch domestic criminals. But I make the distinction between catch and stop.
6
Google would never do that. They're one of the companies that probably gleefully assist with such surveillance.
8
Google is probably just laughing and laughing at the NSA because they're not bothering to use their massive database to sell ads.
1
Yes, Big Data is a gold mine. We can expect a lot of back and forth between businesses and the NSA. Data mining be be sliced and spliced more than the CDOs on Wall Street ever could be. Ka-ching.
Could the technologically savvy please answer some questions of mine?
1) How come we haven't invented some form of communication that cannot be easily intercepted or harvested for data? Some communication system that doesn't have a middle man/server that can just collect things as it comes in and goes out? With our cell phones right now, if I text you, that text goes to a server and then from there gets sent to you. And if someone wanted (as the government has demonstrated) they can just sit on that server and harvest everything that come in. Is it possible, practical, and legal to make some method of communication that goes from end-user to end-user with no way to intercept and harvest the data stream?
2) If yes to the above question, how come we haven't brought it out yet? I would hurl money at someone that could guarantee privacy.
It seems this would solve much of our problems. If we could create systems of communication that would be incredibly hard to break into or intercept, then we could bring privacy back to the American people. Or if these communication companies could base their HQ in other nations that actually believe in privacy as to avoid these problems...
2
Yes, it's called peer-to-peer networking. But unless you set up that peer-to-peer connection with a single cable between each endpoint, data will still cross through other network devices such as routers and routers can be configured to send your data elsewhere without you knowing it.
That's my .02 — others feel free to add or expand.
6
We do have ways of talking securely - strong cryptography still works very well. The main issue is that email itself can't be inherently secured for total privacy. The second issue is that "all the other" secure forms of communication have to be used with a couple of assumptions that are no longer feeling all that safe these days:
- You have to assume that nobody has managed to swipe your private key
- You have to assume that the feds have not rooted your phone or computer and installed a trojan replacement for your crypto program that reveals everything
- You have to assume that the feds have not installed a keylogger or some other way of capturing the password used to unlock your keys or generate your crypto
- And finaly if you use something with "Strong privacy and crypto" but run by a 3rd party with physical ties to the USA then you have to assume that the feds are not going to secretly compel your provider to give up the goods and render your security transparent. Skype and Microsoft is a good example here. Skype was previously thought of as being very hard to intercept but the leaked NSA docs show that the feds can get the contents of voice, text and video straight out of Skype.
Basically the technology for privacy is very well established. What we are all finding out however is that the foundations on which we use those technologies are far less robust than anyone ever thought. Strong crypto is useless if your phone or keyboard is going to narc on everything you type ...
1
you can always encrypt your communications, and then people in the middle cannot intercept it, even if it's on their server. Unfortunately, that requires a significant trade off in convenience. You have to have the encryption software on your side and they have to have their encryption software on their side.
Harvesting traffic in the middle is pretty pointless if it's encrypted. Smart people, both criminals and law-abiding, know this, which makes the whole nsa thing even worse in some ways. It means that normal people are being spied on while they do normal things, while people who spend a little time can avoid having their communication read.
5
Can someone remind me again who I should hate and why? Last I checked, every grocery or department store, every major bank, every utility company I ever used, and every service or software provider on the internet has been selling my (unbelievably sad and useless) information for years. I guess I should be angry with the government for storing and reviewing my lolcats or depressed email exchanges, but now I'm wondering if I should just be angry they didn't sell the shit and stick the profit back into providing services. YMMV, but the only thing they stand to learn from me is how mundane most lives are.
9
I think I can help you out here. The reason some people are upset is because not every person is a boring, mouth-breathing, nose-picking, ignorant boot-licker such as yourself. Some of us actually do stuff that we don't want other people knowing about.
There are a couple important differences between a private company collecting your personal information and the government doing it. First, you generally have to enter into a voluntary agreement with a company before they can collect and commodify your personal info. Second, if they abuse the privilege of having and storing your information, you have recourse. What is that recourse, you ask? It is civil and criminal penalties imposed upon the private company by—guess who?—the government. But if the government is the one misusing and abusing your personal information, then you have no recourse. You are helpless. You are a slave.
Feel free to share this little primer with anyone else you know who is tempted to post yet another version of "But I'm a boring idiot who doesn't care what anyone does to me, so why should anyone else care if their rights are violated?" Because you are at least the 10,000th stupid moron to post this kind of asinine drivel.
1
Watch this, it's a start:
2
Well if your "unbelievably sad and useless information" was so useless why would all these places and own government be vying for every bit they can get? I'll try to explain why you should care:
- It's your information and should have some say in how it is used and who ultimately sees and uses it. It's not only CVS/Safeway/Wells Fargo/etc that sees your data, but whoever they do business with or decide to sell it to.
- Much of the data is very sensitive. It can include things like your income, address, age, race, the number of condoms you bought last year, medications you're taking, etc.
- These data collection companies (and the government I suspect) usually create a "profile" about you and make assumptions about who you are and what type of person you are, even your personality type. This info may or may not be true about you.
- They can get the data wrong. Technical mess ups, incorrectly entered data, stolen identities, etc can put false or incorrect data on your profile. This is perhaps the biggest issue with government surveillance. If the government incorrectly (or even correctly) identifies you as being in a suspicious area or having connections with "suspicious" people and decide you are guilty or need to be investigated, you'll have to deal with that. If the government notices that you (or someone using your identity) has been buying materials that could make bombs at Home Depot and decide you're the one doing it, good luck trying to prove them wrong. You may think you have nothing to hide, but your data might say something differently.
- Finally, our complacency in this is allowing this type of behavior ultimately facilitates the (illegal) harassment and tracking of Americans who are doing nothing wrong.
1
Thanks to those who got this out of the grey, and especially thanks to you, Jon. Bootlicker, eh? Congrats for your anger and your explanation of private license policies! Since you had to sign more than a few of those just to comment I assume you read them all and have your legal team at the ready. Sorry I'm too ignorant or boring for you, but you've got better things to do than read my foolish questions (perhaps even now you are doing things you don't want anyone to know about). I will attempt to relay your message of warning and friendship to the other stupid morons who post here.
4
Preemptive surrender! That'll show 'em!
4
It's a risky move, but how can they in good faith continue to sell their service as "secure" going forward? Hopefully the idea is it's a domino effect that gets enough people raising hell with their politicians about shitty government practices.
7
This one might be a bigger deal then LavaMail - Silent Circle founders include PGP author Phil Zimmerman and a ton of high powered ex-special-forces types and their primary business is providing serious confidentiality to heads of state, business execs and even other special forces people. Phil Z in particular is one of the hero types from the original crypto wars back in the 80s when the feds were trying to ban civilian use and export of strong cryptography algorithms. For Phil Z to basically say "we are shutting down our email service because it can't be kept confidential" is a really big deal. Unless of course, you look at the Silent Circle founding executive team and think that their outfit would make a perfect front for the NSA anyway, heh.
I don't understand can't these guys just base them selves on sealand or something?
2
Because it's trivially easy for a state actor to monitor *every* network packet that goes in and out of sealand for example. The US has optical taps on every major undersea cable and even a special submarine that was purpose built to tap into the cables used by foreign governments. No need to invade their "sovereignty" if you can watch everything going in and out. And plain crypto is not the answer as the leaked NSA documents indicate that simply using cryptography as a civilian is a "suspicious" sign that enables them to take additional action per their own internal interpretation of the rules. Just my opinion though!
