NSA Whistle-blower Ed Snowden

[Nemo888]

After the threat of assassination Snowden did a 30 minute interview with Germany's NDR. Why is he a Russian agent?

http://www.liveleak.com/view?i=f93_1390833151
or
http://vimeo.com/85153645

 

[SupersonicMax]

T6: speculation or proven fact?

 

[Journeyman]

It's been mentioned in multiple places that Snowden lacked the ability to do this all by himself -- that he was helped by others.  Snowden has repeatedly denied this, saying he worked alone.

Last weekend, the pot was stirred by the news show Face the Nation, which featured Rep. Mike Rogers (R-Michigan) and Sen. Dianne Feinstein (D-California), who have been involved with Snowdon investigations.  Rogers suggested that Russia helped Snowden, saying "I believe there's a reason he ended up in the hands - the loving arms - of an FSB agent in Moscow. I don't think that's a coincidence."

When Feinstein was asked if she thought Snowden had been working for the Russians, she said, “he may well have.  We don't know at this stage."


You'll forgive me if I don't demand the expulsion of Russian diplomats just yet.

 

[SupersonicMax]

So speculation. Got it.

 

[Jarnhamar]

It seems that Snowden is a Russian agent and not a whistle blower.As such if he ever returns to the US he should stand trial.

Ed Snowden married a negro!
Ed Snowden is a homosexual!
Ed Snowden is a spy!

 

[tomahawk6]

Was he a Russian agent before he took the trove of classified documents ? Probably not. But after the fact there is plenty of evidence to show that he has cooperated with FSB ,otherwise he wouldnt be their guest. Of course he can clear the air if he returns to the US.So what is keeping him from doing so ?

 

[Journeyman]

- The doubtful ability to get a fair trial

- As a contractor, he's not covered by the 'Whistleblower Protection Act'

- He can't travel because his passport has been revoked 


While I do not condone what he's done, he's being charged under the Espionage Act (1917), which still carries the death penalty.  I think I'd stay in Russia too.

 

[Edward Campbell]

It seems that Snowden is a Russian agent and not a whistle blower.As such if he ever returns to the US he should stand trial.

Notwithstanding where he is, now, and with whom he is cooperating, his initial action ~ stealing all those files ~ seems, to me, to be subject to that old adage: "Never ascribe to malice that which can be adequately explained by stupidity."

I remain dismayed that he, anyone for that matter, had such easy access to so much information. As I have mentioned elsewhere, I believe that carelessness is a far bigger threat to security than either malice or faulty systems. My suspicion is that a lot of people in the NSA have a superiority complex that makes them feel invulnerable. That sort of thinking makes it easy to try to be efficient when, as we all should know, efficiency is the arch enemy of good security. That quest for efficiency explains, to me, anyway, why we end up with unsegregated files on computer drives. An effective system would require a battalion of ladies (of a certain age and disposition) who would have to fetch tapes or  drives from locked cabinets and mount them onto network devices and then feed the information directly to a senior official who is positively cleared to see it. But that would make some self-important senior(or middle manaement) official have to wait minutes, even an hour, for the information (s)he wants to see ... so we have efficiency rather then effectiveness.

 

[SupersonicMax]

Was he a Russian agent before he took the trove of classified documents ? Probably not. But after the fact there is plenty of evidence to show that he has cooperated with FSB ,otherwise he wouldnt be their guest. Of course he can clear the air if he returns to the US.So what is keeping him from doing so ?

He was trying to transit through Russia to South America.  He even had tickets.  But the US cancelled his passport before he could go beyond Russia. 

I have not found, in the mainstream media, any proof that he cooperated with the FSB or any other such agencies.

 

[Nemo888]

I remain dismayed that he, anyone for that matter, had such easy access to so much information.

You know who else was dismayed by that, Edward Snowden. He said this is a direct result of him working for a private contractor whose interests are making cash first and national security second. He mentions it in the NDR video. No one even knew he had taken thousands of files and they still have no idea what he took. If he was a spy he would be an incredibly rich man right now.

 

[The Bread Guy]

.... An effective system would require a battalion of ladies (of a certain age and disposition) who would have to fetch tapes or  drives from locked cabinets and mount them onto network devices and then feed the information directly to a senior official who is positively cleared to see it. But that would make some self-important senior(or middle manaement) official have to wait minutes, even an hour, for the information (s)he wants to see ... so we have efficiency rather then effectiveness ....

Also hard to do by those selling services under the "highest profit lowest tender" business outsourcing model the U.S. seems to be using to get help for the int community.

 

[tomahawk6]

The Federal Enforcement and Recovery Act of 2009 covers contractors working for the Federal Government.

 

[a_majoor]

Perhaps the real reason for the anger and dismay over Snowdon's revelations:

http://pjmedia.com/instapundit/183552/

IN LIGHT OF YESTERDAY’S POST ON USING “PARALLEL CONSTRUCTION” to launder NSA surveillance in DEA prosecutions, reader Eric Klaus writes:
The big unanswered question is… “Where else is Parallel Construction being used?”

Are there NSA insiders “tipping” off journalists at the National Enquirer as to potential political scandals involving political enemies?

Are there NSA insiders “tipping” off the Justice Department to the Political Contributions of Anti-Obama filmmakers such as Dinesh D’Souza?

Are there NSA insiders who’ve read the rest of the BridgeGate emails and are prepared to “tip” the necessary parties regarding Presidential Aspirant Chris Christie?

Are there NSA insiders who’ve already cataloged every single thing Ted Cruz has written and conversed about and gathering a dossier to “tip” off interested parties at the right time?

These are the big questions.

Just imagine the power there is in this database.

When you no longer can be sure that there are things the government wouldn’t do, you have to base your assessments on the things that it could do. As I’ve noted, making “crazy” conspiracy theories seem more-or-less sane is one of Obama’s toxic legacies.

 

[Edward Campbell]

Notwithstanding where he is, now, and with whom he is cooperating, his initial action ~ stealing all those files ~ seems, to me, to be subject to that old adage: "Never ascribe to malice that which can be adequately explained by stupidity."

I remain dismayed that he, anyone for that matter, had such easy access to so much information. As I have mentioned elsewhere, I believe that carelessness is a far bigger threat to security than either malice or faulty systems. My suspicion is that a lot of people in the NSA have a superiority complex that makes them feel invulnerable. That sort of thinking makes it easy to try to be efficient when, as we all should know, efficiency is the arch enemy of good security. That quest for efficiency explains, to me, anyway, why we end up with unsegregated files on computer drives. An effective system would require a battalion of ladies (of a certain age and disposition) who would have to fetch tapes or  drives from locked cabinets and mount them onto network devices and then feed the information directly to a senior official who is positively cleared to see it. But that would make some self-important senior(or middle manaement) official have to wait minutes, even an hour, for the information (s)he wants to see ... so we have efficiency rather then effectiveness.

There is an article in the Globe and Mail that explains how Mr Snowden got access to so much information: a piece of web crawler software.

I stand by my thesis that it is idleness and carelessness, ineptitude and simple stupidity within the bureaucracy, not foreign intrigue, that is to blame for this little disaster.

 

[a_majoor]

Still think domestic agencies collecting metadata is harmless?

http://arstechnica.com/tech-policy/2014/03/volunteers-in-metadata-study-called-gun-stores-strip-clubs-and-more/

Volunteers in metadata study called gun stores, strip clubs, and more
Stanford research shows even when offering up metadata, it's very revealing.

by Cyrus Farivar - Mar 12 2014, 5:00pm EDT

Since November 2013, researchers at Stanford University have been asking: What’s in your metadata?

Specifically, the study encouraged volunteers who also used Facebook to install an app called MetaPhone on their Android phones. The app was designed to act as a sort of slimmed-down version of the National Security Agency by attempting to gather the same metadata collected by telecom firms, and in turn, intelligence agencies. Volunteers who chose to participate allowed the researchers access to their calling and texting data, the date and time, and the duration of the call.

Since late last year, the team has been releasing interim results from the 546 people that chose to participate. On Wednesday, the team released its latest and most complete findings and was startled by what it found.

“At the outset of this study, we shared the same hypothesis as our computer science colleagues—we thought phone metadata could be very sensitive,” Jonathan Mayer, a graduate student leading the project, wrote on Wednesday.

“We did not anticipate finding much evidence one way or the other, however, since the MetaPhone participant population is small, and participants only provide a few months of phone activity on average. We were wrong. We found that phone metadata is unambiguously sensitive, even in a small population and over a short time window. We were able to infer medical conditions, firearm ownership, and more, using solely phone metadata.”

Mayer explained to Ars by phone that given the small sample size and the study duration of only a few months, the team had originally hypothesized that the information gathered would not be as revealing.

“I think it's very certainly strongly suggestive that a larger pool that spans more time would have remarkably more sensitive information in it,” he added.

The new results provide a strong, research-based analytical counterweight to the government assertion that metadata is somehow less revelatory than capturing actual call data.

A likely abortion?

So what was revealed, precisely? Mayer and his team showed that participants called public numbers of “Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more.”

The researchers were even surprised that they had real-world results to support a classic nightmare scenario feared by many civil libertarians and privacy activists.

Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.

Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.

Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.

In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.

Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.

And the most surprising second step was the fact that these privacy researchers decided not to follow up with some of these willing voluntary participants.

“We were able to corroborate Participant B’s medical condition and Participant C’s firearm ownership using public information sources,” the team added. “Owing to the sensitivity of these matters, we elected to not contact Participants A, D, or E for confirmation.”

“Metadata surveillance endangers privacy”

Privacy activists and lawyers immediately lauded the Stanford findings.

Jennifer Granick, the director of civil liberties at the Stanford Center for Internet and Society where Mayer is affiliated, concluded that this study “adds important empirical evidence to support what is now a growing consensus. Metadata surveillance endangers privacy.”

Meanwhile, Brian Pascal, who is a non-resident fellow at the Stanford Center for Internet and Society, told Ars that it’s surprising that even those who knew they were being monitored appeared to not “skew calling habits towards the bland.”

“However, this does not appear to be the case,” he added. “For example, 2 percent of participants called ‘adult establishments,’ knowing that their calling metadata was being recorded. It’s not difficult to imagine that some users, knowing that MetaPhone gathers this information, might change their calling habits. Without a control group, though, it’s impossible to know just how much MetaPhone (or surveillance in general) changes behavior. Admittedly, MetaPhone focuses more on illustrating just how powerful metadata can be, rather than on the impact of surveillance on personal choice, but it’s an interesting implication nonetheless.”

Others drew a clear line between this work and the NSA’s rationale for collect-it-all.

“This just confirms what everyone's intuition suggested—phone metadata is incredibly revealing. It's great to have some empirical evidence to back up that intuition, and it only reinforces the intrusiveness of the NSA's mass collection of Americans' call records.”

“This is striking,” Fred Cate, a law professor at Indiana University, told Ars by e-mail.

“It highlights three key points. First, that the key part of the NSA’s argument—we weren’t collecting sensitive information so what is the bother?—is factually wrong. Second, that the NSA and the [Foreign Intelligence Surveillance Act] Court failed to think this through; after all, it only takes a little common sense to realize that sweeping up all numbers called will inevitably reveal sensitive information. Of course the record of every call made and received is going to implicate privacy. And third, it lays bare the fallacy of the Supreme Court’s mind-numbingly broad wording of the third-party doctrine in an age of big data: just because I reveal data for one purpose—to make a phone call—does not mean that I have no legitimate interest in that information, especially when combined with other data points about me.”

 

[a_majoor]

One good thing about the entire affair is more and more people are thinking about security and devising active means to increase it. Here is one example, and while the article suggests that many business may choose not to deploy such a system because they want to crunch the user's data, I suspect there may be a market niche for people who are concerned about security and would be willing to pay a monthly fee to protect their data. Government websites and banks should be required to have this system deployed:

http://www.technologyreview.com/news/525651/new-approach-could-stop-websites-from-leaking-or-stealing-your-data/

New Approach Could Stop Websites from Leaking or Stealing Your Data
A system called Mylar makes it possible to build online services that can never decrypt or leak your data.

By Tom Simonite on March 25, 2014
WHY IT MATTERS

Online services frequently have user data stolen, or are required to hand it over to authorities.

Reminders that data entrusted to online services can easily be leaked or stolen aren’t hard to find. Major companies commonly have passwords and other data taken by attackers, while governments have their own ways to get hold of user data.

Researcher Raluca Popa of MIT thinks many online services should and could be redesigned to guard against that. “Really, there’s no trusting a server,” she says. Popa has led the development of a system called Mylar for building Web services that puts that philosophy into practice. Services built using it keep data on their servers encrypted at all times and only ever decrypt it on a person’s computer.


“You don’t notice any difference, but your data gets encrypted using your password inside your browser before it goes to the server,” Popa says. “If the government asks the company for your data, the server doesn’t have the ability to give unencrypted data.” Popa developed the software with colleagues from MIT and a Web development software company, Meteor Development Group. A paper on Mylar will be presented at the Usenix Symposium on Networks Systems Design and Implementation next month.

The idea of designing Web services that always keep data encrypted while it resides on their servers has been around for years, and researchers have developed tools to demonstrate how it might be done. But Popa says Mylar is more practical than previous efforts and could even be used to build services today.

The software is designed to work with a popular Web service building tool called Meteor, to make it easy for Web developers to use. Mylar’s design has code running inside a person’s browser take on most of the processing and presenting of information—work that a conventional service would do on its servers. But Mylar also includes some new cryptographic tricks that allow a server to do useful things with user data without having to descramble it. It is possible for a service built with Mylar to search across encrypted data stored on its servers, for example, so a person could search documents they had uploaded to a file storage service.

Mylar also lets individuals share data with other users, thanks to a system that can distribute the necessary encryption key in a way that protects it from ever being disclosed either to the server or to someone monitoring communications. An optional browser extension can be used to protect against the server stealing the key needed to decrypt a person’s data, in the event it has been taken over by an attacker or malicious insider.

A small group of patients at Newton-Wellesley hospital in Boston are already using a website built using Mylar to collect medical history information. The information a patient enters is only decrypted when viewed by the patient or his doctor. If that small trial is successful, it will be rolled out more widely, says Popa. She says using Mylar for a real use case shows it can be practical. “All they had to change is 28 lines of code out of 3,659 to secure their application,” she says. Popa and colleagues have also built chat, photo sharing, and calendar Web services to test their idea.

Ariel Feldman, a researcher at the University of Pennsylvania, says that Mylar manages to combine several useful features for an encrypted Web service not packaged together before. However, he notes that the chance of many Web companies opting to embrace encryption so thoroughly look slim.

“It would be a watershed moment if any of these types of systems actually got deployed to millions of users,” he says. “The real obstacles to adoption are usability and the business case for deploying them.”

A big usability challenge is that if anyone loses their password, they can permanently lose access to their information if the server can’t decrypt it, says Feldman. Although Popa says that the design of Mylar allows for the addition of a secure system for password recovery. Business challenges range from the added expense of building a more secure system, to the fact that many online companies rely on being able to crunch user data to make money from ads, says Feldman. He says Mylar may catch on in places where protecting data is seen as critical. “Enterprises or governments may be willing to pay for extra security,” he says.

Popa remains optimistic that the Wellesley trial will be only the first real-world use case of Mylar. She points to how she previously led development of a system called CryptDB, software that allows databases to be fully encrypted, which has since been adopted by Google and the business software giant SAP. “I think Mylar will be at least as useful, if not more,” she says.

 

[a_majoor]

More reaction to the NSA spying revelations, people moving to their own "cloud" networks. Millions of small networks will be much more cellular and granular than the internet dominated by giant ISP's like Google and Amazon, and I think it might be much "harder" as well, more able to withstand outages and attacks, so this is a good thing overall:

http://www.wired.com/2014/02/2203thompson/

t’s Time for You to Take the Cloud Back From Corporations
BY ARUN SUNDARARAJAN  02.28.14  |  6:30 AM  |  PERMALINK

It was a typical day in the cloud. I was at my desk, streaming music onto my phone, collaborating with colleagues on synced files hosted online; I then killed a little time by horsing around on a discussion board with some friends.

The difference was, this cloud wasn’t part of Google or Dropbox. It was … mine, hosted out of an old computer parked under my kitchen table. It streams, syncs files across computers, and does basic social networking. I can access it online from any computer or my mobile phone.

But it’s a “personal cloud”: I own and run the hardware. The simple act of building and running it has given me a glimpse of a possible alternate future for the Internet. It’s an increasingly popular one too.

THAT’S THE EDWARD SNOWDEN EFFECT: PEOPLE NOW KNOW THAT THE CLOUD ISN’T INTANGIBLE. IT’S HARDWARE RUN BY LARGE COMPANIES, SNOOPABLE BY SPY AGENCIES.

The software I used, Tonido, has been around a few years, but its user base doubled to more than 1 million people in 2012—mostly in the second half of the year. Last summer BitTorrent released personal-cloud software called Sync, and by December it had already amassed 2 million users. That’s partly the Edward Snowden effect: People now know that the cloud isn’t intangible. It’s hardware run by large companies, snoopable by spy agencies. “2013 was the year that everyone became aware of what a server was,” BitTorrent CEO Eric Klinker says. “With Sync, if anybody wants to know what you’re doing, they can’t go and ask one of the big servers. They have to hand the warrant to you.”

But as I discovered, running a cloud brings with it deeper and weirder pleasures. When you’re master of your own domain, you subtly change your relationship to being online. In a thread with friends on my Tonido service, I discovered that I was far more willing to be jokey or nuts or to curse like a sailor. I was no longer worried about my postings suddenly becoming public without my knowledge, as when Facebook “revises” its privacy settings in the middle of the night.

Another outcome: You realize that, holy Moses, putting stuff online is not rocket science anymore. The “convenience” argument—we give up privacy to big cloud firms because they make things easy—begins to erode. Running a home server used to require nerd judo, but with Tonido it took me about 15 minutes to set up and a few minutes more to invite friends in. It’ll work on whatever decrepit laptop you’ve got lying around.

THE ‘CONVENIENCE’ ARGUMENT — WE GIVE UP PRIVACY TO BIG CLOUD FIRMS BECAUSE THEY MAKE THINGS EASY — BEGINS TO ERODE.

In fact, these tools can perform even better than corporate stuff: Since BitTorrent Sync has no data limits, users move 40 times more data over it than people sync on Dropbox.

Granted, personal clouds create new problems. A blizzard knocked out my DSL for a day, taking my cloud with it. A house fire destroys not just your laptop but your cloud backup as well. I don’t have a Google-size phalanx of programmers to keep hackers at bay. Tonido’s social software is functional but super-ugly, and, frankly, part of the point of huge public social networks like Facebook is that they are huge. And public.

So personal clouds will be used selectively—by people bringing the truly private parts of their lives (sensitive documents, personal discussions) back under their control. Imagine today’s teenagers realizing they can run a free, invitation-only social network on their computer or smartphone. The mind reels.

The cloud just might come back to earth.

 

[Nemo888]

I upgraded to a home cloud when I bought a new router. Cheap at only 150$ and 10$ a month for increased upload bandwidth.  I put an  external HDD on the router and an app on the families tablets/cell phones and done. You can even run a Bittorrent client on the router to save on your electric bill. Perhaps the cloud will go the way of big iron as prices drop.
http://www.canadacomputers.com/product_info.php?cPath=27_1046_1047&item_id=044938

 

[cupper]

Snowden may well get a late night knock at his door reminding him that he is a guest of the Russian Federation, and may want to think that through before his next attempt to put Putin in a corner.

Nobody puts Pooty-poot in a corner.

Edward Snowden asks Vladi­mir Putin if Russia spies on its citizens

http://www.washingtonpost.com/world/europe/edward-snowden-asks-vladimir-putin-about-russian-spying-on-its-citizens/2014/04/17/bdbdcbdc-c62b-11e3-9f37-7ce307c56815_story.html?hpid=z4

MOSCOW — American fugitive Edward Snowden made a surprise appearance during Russian President Vladi­mir Putin’s annual call-in meeting with the nation on Thursday, submitting what critics considered a softball question about domestic surveillance in the country where Snowden has taken refuge.

The Russian leader took full advantage — denying that his government engages in large-scale monitoring and deflating Snowden’s effort to cast himself as a spokesman for civil liberties.

“Mr. Snowden, you are a former agent, a spy,” Putin said in greeting him. “I used to work for an intelligence service. We can talk one professional language.”

Snowden, posing his question in English, asked whether Russia collected the communications of millions of its citizens in a manner similar to the U.S. surveillance. Putin responded by saying that such surveillance is conducted under the law. “You have to get court permission to stalk a particular person,” he said.

“Thank God, our special services are strictly controlled by the state and society, and their activity is regulated by law,” Putin said. Besides, he added, “We don’t have as much money as they have in the States, and we don’t have the technical devices that they have.”

The response was quickly dismissed by Russia experts, who noted that Russian security services collect data from domestic telecommunications companies and Internet providers as a matter of course.

In a tweet in Russian, the U.S. Embassy in Moscow offered the former National Security Agency contractor its own answer: “Snowden would probably be interested to know that Russian laws allow the control, storage and study of all data in the communication networks of the Russian Federation.”

Snowden’s question, submitted to Putin by video link, seemed to be aimed at putting Putin in the same rhetorical corner that caught U.S. Director of National Intelligence James R. Clapper Jr. before the avalanche of National Security Agency leaks began.

When Sen. Ron Wyden (D-Ore.) asked Clapper during a congressional hearing whether the United States gathered data on millions of Americans, Clapper denied that it did so, an answer that was proved false by documents Snowden supplied to news organizations including The Washington Post.

Snowden has faced allegations that he was working on Russia’s behalf when he absconded with a massive trove of classified documents — a charge that he has consistently denied. He has also been painted by some as a hypocrite for fleeing to a country known for all-encompassing surveillance of its citizens.

After the exchange with Putin, Snowden’s critics scoffed at the episode.

“Snowden celebrates Pulitzer by turning into Putin’s propaganda tool,” former NSA general counsel Stewart Baker said in a comment posted on Twitter, referring to the Pulitzer Prizes awarded to The Post and the Guardian US this week for their Snowden coverage.

It would be interesting to see where he would end up if he pushed Putin too hard.

 

[a_majoor]

It would be interesting to see where he would end up if he pushed Putin too hard.

Siberia, if not buried under the basement floor of the Lubyanka Building...