| Submit your comments on this article |
| Home Front: Politix |
| As evidence mounts, it's getting harder to defend Edward Snowden |
| 2014-08-04 |
| The underlying assumption in a lot of media reports is that we should be so afraid of terrorism that we need to give away our rights to privacy so that not a single American will be harmed. The trade isn't worth it, economically or culturally. If these clowns are at war with us, we need to feel it so we will be motivated to solve the problem and not just have it whitewashed for us. The evidence is mounting that Edward Snowden and his journalist allies have helped al Qaeda improve their security against NSA surveillance. In May, Recorded Future, a predictive analytics web intelligence firm, published a persuasive timeline showing that Snowden's revelations about NSA's capabilities were followed quickly by a burst of new, robust encryption tools from al-Qaeda and its affiliates: This is hardly a surprise for those who live in the real world. But it was an affront to Snowden's defenders, who've long insisted that journalists handled the NSA leaks so responsibly that no one can identify any damage that they have caused. In damage control mode, Snowden's defenders first responded to the Recorded Future analysis by pooh-poohing the terrorists' push for new encryption tools. Bruce Schneier declared that the change might actually hurt al Qaeda: "I think this will help US intelligence efforts. Cryptography is hard, and the odds that a home-brew encryption product is better than a well-studied open-source tool is slight." Schneier is usually smarter than this. In fact, the product al Qaeda had been recommending until the leaks, Mujahidin Secrets, probably did qualify as "home-brew encryption." Indeed, Bruce Schneier dissed Mujahidin Secrets in 2008 on precisely that ground, saying "No one has explained why a terrorist would use this instead of PGP." But as a second Recorded Future post showed, the products that replaced Mujahidin Secrets relied heavily on open-source and proven encryption software. Indeed, one of them uses Schneier's own, well-tested encryption algorithm, Twofish. Faced with facts that contradicted his original defense of Snowden, Schneier was quick to offer a new reason why Snowden's leaks and al Qaeda's response to them still wouldn't make any difference: Whatever the reason, Schneier says, al-Qaida's new encryption program won't necessarily keep communications secret, and the only way to ensure that nothing gets picked up is to not send anything electronically. Osama bin Laden understood that. That's why he ended up resorting to couriers. Upgrading encryption software might mask communications for al-Qaida temporarily, but probably not for long, Schneier said...."It is relatively easy to find vulnerabilities in software," he added. "This is why cybercriminals do so well stealing our credit cards. And it is also going to be why intelligence agencies are going to be able to break whatever software these al-Qaida operatives are using." So, if you were starting to think that Snowden and his band of journalist allies might actually be helping the terrorists, there's no need to worry, according to Schneier, because all encryption software is so bad that NSA will still be able to break the terrorists' communications and protect us. Oddly, though, that's not what he says when he isn't on the front lines with the Snowden Defense Corps. In a 2013 Guardian article entitled "NSA surveillance: A guide to staying secure," for example, he offers very different advice, quoting Snowden: "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on." Scheier acknowledges that hacking of communication endpoints can defeat even good encryption, but he's got an answer for that, too: Try to use public-domain encryption that has to be compatible with other implementations. ...Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about.... The NSA has turned the fabric of the internet into a vast surveillance platform, but they are not magical. They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible. Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That's how you can remain secure even in the face of the NSA. It sounds as though al Qaeda took Bruce Schneier's advice to heart, thanks to leaks from Edward Snowden -- even if Schneier is still doing everything he can to avoid admitting it. UPDATE: The description of Recorded Future was changed at the request of the company, which said, "While this may seem like splitting hairs, in the world of data analysis software "predictive analytics" has specific technical meaning which implies something different. We use the term web intelligence to reduce this confusion." |
| Posted by:gorb |
| #4 Insanely ridiculous logic. The intelligence community has absolutely no business divulging the results of security compromises [or lack of compromise] to anyone except those authorized to review them. So basically Snowden screws us over but it's a security violation if we talk about how he screwed us over? I hate to tell y'all this, but this is gonna be another thing like Benghazi where all the hostile foreign actors know what happened and the only people who don't are the American people. |
| Posted by: Thing From Snowy Mountain 2014-08-04 19:45 |
| #3 This is a quick summary of my understanding of the facts in the Snowden case, and my conclusions from those facts. First: Nothing published and attributed to him describes an illegal act by anyone other than him. Second: Much of the unseemly stuff that has come out does show how bad our laws are. And for that we have Congress to blame. And Congress to remedy. Third: It is clear from his actions and training that he intended to collect and disseminate this information. From these facts, I conclude that his actions were a premeditated political campaign designed to have the effect of embarrassing the U.S. in general and Congress in particular, as well as degrading the capability of the executive agencies collecting information in accordance with U.S. Law. These effects are consistent with Russian interests, who now shield him from U.S. prosecution. Finally, the important issue going forward is not Snowden and his fate, but how to reverse the degradation of the U.S. collection capability and how the political challenge to the Congress' current set of Laws is resolved. |
| Posted by: rammer 2014-08-04 19:38 |
| #2 But it was an affront to Snowden's defenders, who've long insisted that journalists handled the NSA leaks so responsibly that no one can identify any damage that they have caused. Insanely ridiculous logic. The intelligence community has absolutely no business divulging the results of security compromises [or lack of compromise] to anyone except those authorized to review them. |
| Posted by: Besoeker 2014-08-04 18:07 |
| #1 As evidence mounts, it's getting harder to defend Edward Snowden Is it getting easier to hang him? |
| Posted by: Skidmark 2014-08-04 17:50 |