[jr2]

Yeah, pretty much what I thought when I learned about it.

this is on the angle of security, instead of just privacy/rights


http://arstechnica.com/tech-policy/2013/11/schneier-tells-washington-nsa-broke-internets-security-for-everyone/

[MP-Ryan]

The chances of any government listening to experts like Schneier - who should absolutely be listened to - are slim and none.

[Dragon]

NSA probably has decent security itself (we can't be sure, but we better hope it's so...), but those backdoors are worrying. I'm more or less OK with NSA gathering various data, but if some dirty hacker got his hands on it (or even just messed with a related system), bad things would happen.

[Klaustrophobia]

if you didn't already know, i'm a government employee.  now i'm no computer security expert myself, but i feel like i know enough to generally recognize if other people know what the hell they are doing.  and the answer that i've seen is generally no.  our IT departments aren't staffed with experts or even trained IT people.  they are very often promoted/transferred in from other departments and given the quick and dirty government-grade on the job training.  this includes the people that manage the classified networks.  the whole system reeks of bureaucratic nonsense that may have at one time been proposed by an expert (or 'expert'), but has had to go through 17 levels of approval by people who haven't got a ****ing clue who go "gee, this method SOUNDS awfully impressive and techy and secure" or "MOAR asinine password requirements!!!!"

one would hope a higher-tier organization like the NSA might be a little better off, but....

[Flak]

I think they are rather happy with my country's government officials. You see, they happily talk about all their dirty deeds on the phone, and other easily tracked medias even if they are aware someone else is listening.

[S-99]

if you didn't already know, i'm a government employee.  now i'm no computer security expert myself, but i feel like i know enough to generally recognize if other people know what the hell they are doing.  and the answer that i've seen is generally no.  our IT departments aren't staffed with experts or even trained IT people.  they are very often promoted/transferred in from other departments and given the quick and dirty government-grade on the job training.  this includes the people that manage the classified networks.  the whole system reeks of bureaucratic nonsense that may have at one time been proposed by an expert (or 'expert'), but has had to go through 17 levels of approval by people who haven't got a ****ing clue who go "gee, this method SOUNDS awfully impressive and techy and secure" or "MOAR asinine password requirements!!!!"

one would hope a higher-tier organization like the NSA might be a little better off, but....

A post government employee. Most of the tests that are required to be taken by all government workers are bull****. A sub idiot couldn't pass them. Makes me curious about the that people devise them. In most likely cases, either tests or beurocracy are devised by idiots, or are lead by them. Most likely lead by them. I stopped taking them a year into having my job, and still had a job. I recently quit for wanting to have a better life and get out of this ****ty stepping stone to achievement.

The nsa breaking internet security isn't exactly anything new. Making sure to partner with businesses to have backdoors in products for total take over. One good example are companies that manufacture routers. That, and the nsa going ahead and breaking into routers if no backdoor is available. There's an alternative, running opensource firmware is your router is compatible. Then make sure the setup is secure, and hope that said opensource firmware isn't in leagues with the nsa i guess. Doing something in this case doesn't always equivocate to pointlessness. Doing something of a proprietary software means could greatly be pointless.

[Mikes]

NSA probably has decent security itself (we can't be sure, but we better hope it's so...), but those backdoors are worrying. I'm more or less OK with NSA gathering various data, but if some dirty hacker got his hands on it (or even just messed with a related system), bad things would happen.

NSA employs people ... leaving them wide open to the whole "employee with a grudge", "bored idiot employee" or "intelligent criminal employee" angle.

I don't think it's a matter of when it will be abused, but rather of how often it already has been abused.

[Aardwolf]

And let's not forget "employee with a conscience", like that bastard Snowden.

[jr2]

Well, they also have painted a huge target on themselves, cause all criminal hackers now know that they basically have the back door keys to pretty much everything interesting / worthwhile.  So unless their security is truly legendary, they will probably be compromised.  Also, foreign governments would love to get their hands on all of that.  So, yeah, pretty much all internet security now depends on the security of the NSA.  Awesome.

[Dragon]

And let's not forget "employee with a conscience", like that bastard Snowden.

Remember, he was actually quite careful about what to reveal. Nothing he exposed really endangered anyone, nor threatened the security. I'd be more concerned about guys with actual malicious intent, or simply dumber.

Now, while I would expect NSA to have such "legendary" security, it does indeed employ people. People who set passwords to "0000" or "swordfish", people who forget to log out or, perhaps, people who are interested in stealing data themselves. Heck, even simply nice, polite people who, upon being told that "Hey, I'm new here, could you let me in? Some bastard stole my access card on the bus." would simply open the door instead of calling security. While they probably are aware of possibility of all that happening, this is still putting all our eggs in one basket.

[jr2]

Let's not forget the danger of possible components built into the hardware they might be using.  Like hardware keyloggers?

[BengalTiger]

Let's not forget the danger of possible components built into the hardware they might be using.  Like hardware keyloggers?

You mean someone playing their own game better than they are?

This asks for another question:

The NSA had their Snowden. How many companies/agencies/organizations pulled off the same stuff, but got away with it because nobody spoke up?

Those super cyber attacks as seen on Live Free or Die Hard or National Geographic's American Blackout, might actually be waiting to happen. If the whole internet has holes in it, that would include power plants, traffic control systems and everything else computerized and networked.

[karajorma]

The claims of hardware backdoors certainly throw all the reports about Huawei into a new light.

Is it possible that Huawei products do have backdoors allowing the Chinese security agencies access to your data, yes, definitely. But I'd consider it equally possible that they don't have any backdoors and that the story was made up precisely because they couldn't be used in that way. Especially when you consider the source.

“This is beyond vague suspicions,” said Richard Falkenrath, a senior fellow in the Council on Foreign Relations Cyberconflict and Cybersecurity Initiative. “Congress is now looking at this as well, and they’re doing so based on very specific material provided them in a classified setting” by the National Security Agency, he said.

[Aardwolf]

And let's not forget "employee with a conscience", like that bastard Snowden.

Remember, he was actually quite careful about what to reveal. Nothing he exposed really endangered anyone, nor threatened the security. I'd be more concerned about guys with actual malicious intent, or simply dumber.

"bastard" was sarcasm

[Dragon]

I know. My point was that guys like Snowden aren't really a threat to internet security. A whistleblower who isn't a complete idiot will take such precautions, if only so that people actually take his side and not be furious at him for releasing sensitive data to general public, which includes hackers and criminals. He ensured that his revelations only hit the NSA, not people monitored by them.

[Grizzly]

That's what I really like about Snowden. Unlike Assange, who just dumped the files on his server with only his team's sight on what is correct and what isn't, Snowden works with experienced reporters all over the world. The whole process is extremely professional.

[Dragon]

Yeah. He's so professional that some accused him of working for the Government the entire time, and the whole thing to be staged by NSA/CIA/FBI/Illuminati/Your conspiracy of choice. But either way, it's certain that he knows what he's doing.

[Aardwolf]

Unlike Assange, who just dumped the files on his server

BS

with only his team's sight on what is correct and what isn't

Not sure what that's supposed to mean but I'm going to assume it's also BS

[Luis Dias]

I have little sympathy for those who shelter themselves in Russian territory or russian media, as if the Putin guy is this freedom-of-speech go-to-guy.

It's as if they don't give a **** about the innumerous reporters that were put to death by the russian regime the past 15 years by now.

Or take the first three words of that sentence out, probably more true.

[karajorma]

Where should he have gone then? Russia (and China for that matter) are countries that wouldn't give a stuff about American pressure to give him back.

Ironically pretty much any country you would say has a good record on freedom of speech would have arrested him within seconds of him landing.