12/18/13
Harvard
Bruce Schneier
NSA code names are the most fun
Sigat - a tap point
Quantum Cookie forces to release cookies and to "stain" a user for later surveillance
Fox Acid - exploit orchestrator, server that sits on Net that tricks user into visiting it
Egotistic Giraffe - native Firefox exploit
Evil Olive figures out where your cell phone is
NSA has turned the Internet into a giant surveillance platform, a technically and politically robust platform
"Surveillance is the business model of the Internet"
Metadata = surveillance
Snowden's documents show what the NSA does which is also what any other surveillance operation would do
A choice between an Internet vulnerable to attack or protected for everyone
Lesson is the cryptography works but everything around it is insecure
NSA has cryptoanalytic tools to break cyphers but usually uses the weaknesses around it
NSA had no contingency for Snowden's exposure. That has changed. Corporations also will change. When you know that exposure will eventually happen, your actions change.
"Collect everything" has been the modus operandi up till now. No cost benefit analysis on any operations but that may change.
Even when we know something, it may not be actionable for a number of reasons.
"A lot of this is voyeurism"
Generation gap on privacy and surveillance. Job for life "club feel" is gone.
The goal is to make eavesdropping expensive, make wholesale surveillance expensive and force them back to targeted surveillance. More encryption by default. Personal security products (psp) annoy the NSA. Encrypt your hard drive. Consolidation makes us less secure.
Transparency, oversight, clarity are the solutions
Make laws that are technologically invariant
And all this affects only NSA - no foreign entities or citizens
"A secure Internet is in everybody's best interest"
Not US versus China but security for everyone
"We have a chance to win the 'tell us what you're doing' argument" not the stop doing it argument
The Balkanization of the Internet is a big problem
NSA has a dual purpose: to protect our communications and break others'
This problem is bigger than NSA, bigger than security. It's about data.
Fundamental question of information society is the tension between personal and social uses of data
Q: no more fruit of the poison tree? Are we looking at the wrong thing, tech and crypto rather than the law?
Yes
International standards because US businesses have lost trust overseas
Harvard
Bruce Schneier
NSA code names are the most fun
Sigat - a tap point
Quantum Cookie forces to release cookies and to "stain" a user for later surveillance
Fox Acid - exploit orchestrator, server that sits on Net that tricks user into visiting it
Egotistic Giraffe - native Firefox exploit
Evil Olive figures out where your cell phone is
NSA has turned the Internet into a giant surveillance platform, a technically and politically robust platform
"Surveillance is the business model of the Internet"
Metadata = surveillance
Snowden's documents show what the NSA does which is also what any other surveillance operation would do
A choice between an Internet vulnerable to attack or protected for everyone
Lesson is the cryptography works but everything around it is insecure
NSA has cryptoanalytic tools to break cyphers but usually uses the weaknesses around it
NSA had no contingency for Snowden's exposure. That has changed. Corporations also will change. When you know that exposure will eventually happen, your actions change.
"Collect everything" has been the modus operandi up till now. No cost benefit analysis on any operations but that may change.
Even when we know something, it may not be actionable for a number of reasons.
"A lot of this is voyeurism"
Generation gap on privacy and surveillance. Job for life "club feel" is gone.
The goal is to make eavesdropping expensive, make wholesale surveillance expensive and force them back to targeted surveillance. More encryption by default. Personal security products (psp) annoy the NSA. Encrypt your hard drive. Consolidation makes us less secure.
Transparency, oversight, clarity are the solutions
Make laws that are technologically invariant
And all this affects only NSA - no foreign entities or citizens
"A secure Internet is in everybody's best interest"
Not US versus China but security for everyone
"We have a chance to win the 'tell us what you're doing' argument" not the stop doing it argument
The Balkanization of the Internet is a big problem
NSA has a dual purpose: to protect our communications and break others'
This problem is bigger than NSA, bigger than security. It's about data.
Fundamental question of information society is the tension between personal and social uses of data
Q: no more fruit of the poison tree? Are we looking at the wrong thing, tech and crypto rather than the law?
Yes
International standards because US businesses have lost trust overseas