NSA is breaking the internet

Testifying before the US Senate last month, NSA Deputy Director John Inglis conceded that the bulk collection of phone records of millions of Americans under Section 215 of the Patriot Act has been key in stopping only one terror plot.

But then it never was just about phones and national security, was it?

In his 2013 Budget Intelligence Request, NSA director James Clapper - who lied to the US Congress under oath about the scope of secret surveillance and was then appointed by Obama to an independent review board to investigate his own agency - advised :

“We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic." 

"The SIGINT Enabling Project actively engages the US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs. These design changes make the systems in question exploitable through SIGINT collection with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact."

"the consumer and other adversaries"

Under a section for release to Five Eyes - that's us!

Insert vulnerabilities into commercial encryption systems, IT systems, networks ...
Collect target network data and metadata via cooperative network carriers...

The joint Guardian NYTimes ProPublica release yesterday doesn't tell us who those "co-operative" network carriers and IT systems are - publish the names! - but the NSA is pretty clear about their own role - weakening encryption standards and writing code with backdoors in them for security vendors . 

The NSA/GCHQ help them build the locks to keep your data safe; then the government gets one key and you get the other one.

The possibility for corruption and breaches of security built into a system that includes scoping out cell phones, tablets, Facebook, emails, web searches, medical and banking data are endless - industrial espionage, blackmailing political figures, fixing elections, corrupting markets, internet scams ...

"Snowden, one of 850,000 people in the US with top-secret clearance..."

And have any of these other 850,000 top-secret clearance people in what is already a massively corrupted security system taken it one stage farther and facilitated an internal black market for information about stocks, patents, trade deals, etc. within the larger market? Would there be any way of knowing? The NSA wouldn't know - they've already admitted to having no clue what Snowden took.

9/11 changed everything.  The Five Eyes govs upped the spying on their own citizens and started locking up whistleblowers while simultaneously supplying AlQaeda et al with arms, training, and money.

Nothing in the Canadian media about yesterday's release yet.
Update : National Post : NSA has now cracked common Internet encryption, including personal email and online banking
CBC : NSA cracked most online encryption says report

My fear is that we'll agree to ignore this assault on our privacy as long as the roving supply of cat videos doesn't dry up.

Ok - gotta go.  Some adversarial consumer Windows security patches have just automatically downloaded themselves onto my computer and I have to reboot for them to take effect. hey wait a minute ...

.

Tin foil - not just for hats anymore

CTV : "The federal government is repatriating a database of personal information about Canadian citizens after warnings the U.S. government might misuse it.
The database with details about several hundred British Columbians was turned over to the U.S. Customs and Border Protection agency last year as part of a controversial project to issue "enhanced driver's licences" instead of passports for land-border crossings."

The BC pilot project is the first step in a Canada-wide program that could have seen the personal information of hundreds of thousands of Canadians handed over wholesale to American officials.
But the Canada Border Services Agency has bowed to pressure from privacy advocates and is recalling the database, with the U.S. border agency promising to erase its records.


The CBSA signed an agreement with its American counterpart to ensure that the information would be accessed only by U.S. officers at the time of crossing for border purposes only.
However, the USA Patriot Act could trump that clause, forcing the U.S. border service to turn over information to American security agencies.


Canada’s Privacy Commissioner Jennifer Stoddart sounded the alarm about this over a year ago and also criticized the new enhanced driver's licences as creating a de facto national ID card for both countries.

Homeland Security Michael Chertoff told Canadians they shouldn’t worry about the sharing of biometric information with other governments.
"Your fingerprint's hardly personal data, because you leave it on glasses and silverware and articles all over the world," he said.

As I noted at the time, having a glass of wine in a public restaurant is not at all like having your fingerprints fed into a database like Server in the Sky.


There's also the problem of identity theft.

Watch here as an ethical hacker drives round the block with his $250 homemade tracking device and copies the RFID tags, or radio-frequency identification device, off two passports.


RFIDs are used to track cattle and merchandise.
People with RFID driver's licences are supposed to keep them wrapped in tin foil.
Personally I don't think I'll have any left over.
.