The not so shocking NSA revelations

I don’t work for the government.
I am a UK citizen.
I work in IT security.

 
Edward Snowden stole 1.2 million documents and has started leaking them in small batches. News agency Spiegel has found some interesting stuff in there :

http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html

It appears that the NSA in 2007 (7 years ago) had a catalog of tools that could be used to allow varying degrees access to devices. This confidential document is now public for all to see and we can now browse through this catalog ourselves – http://t.co/Ra19VNCwEJ
 
Although it is revealing as to what was available back in 2007, we need to remember that we are judging 2007 technology through 2014 eyes. Our perception as to how we view privacy etc has changed in the last 7 years. If we could rewind to 2007, how many people would have supported this technology at that time ?

So let us put ourselves back in the frame of mind of 2007 :

  • the first iPhone was launched (June 29th)which means …
  • Steve Jobs is still alive (in fact he hasn’t got ill yet)
  • We launch the Core 2 duo this year
  • Dropbox … 1st lines of code are written
  • Vista and Office 2007 were January 30th
  • Tumblr is launched
  • There is no Anonymous
  • Android was released November 2007

In 1 year Chrome will be launched

In 2 years Minecraft is to be launched

In 3 years we get Stuxnet discovery

In 4 years Aarown Swartz gets arrested

In 5 years SOPA protests get commercial backing

In 6 years Hotmail brand gets shut down
 
 
Since 2007 we have had a hell of a ride and we are now all so much more paranoid about our security and our privacy. We loved the lack of privacy in 2007 – I mean, 7 years ago, how much were you posting on Facebook/MySpace/Bebo before you realised what was going on ?

And so we need to think about the NSA again. In 2007, they were snooping – isn’t that their job? Now I don’t know about you but I’m not surprised. I mean, the UK has had Goonhilly since 1962. Why are we all so shocked?

And so to get to the point…

If you are a good citizen who is behaving responsibly then what fear have you if the NSA/GCHQ/FSB or whoever the hell is in authority reads what you are doing. If you are so concerned about your privacy then why are you on the internet exposing all your data to all the parties involved in getting you online ?

When I connect to the internet, I connect via a router I do not own over a telecoms company’s cable through ISP equipment onto undersea cables owned by someone else to a data-centre owned by a hosting company to a web developers server to a website of a person who I hope knows how to write secure code and give them my credit card number and delivery address which is then passed on to my bank and his bank to complete the transaction. Privacy ? Where ?

If the NSA want to read all emails and therefore build up a profile of how a typical user in the US / UK / France or wherever should operate, then it is easier for those who do not behave like the norm to be spotted. If we find in the UK that no-one uses the word bomb and fertiliser together but ‘da bomb’ is popularised, then we can discount 90% of noise from the holistic view and focus on only those who appear to be creating an unusual profile.

So

Reading that catalog from the eyes of the NSA : We have got a massive set of interfaces that we need to be aware of and somehow access .. how can we make it easy to monitor ?

If we have access to the machine use the USB, if the target uses common routers then have an accessible backdoor in that router etc. Now build this up to a nation of billions of people – the targets can then be targeted and if an innocent is picked up – so long as they fit the population normal model then they’ll be fine. There is no way the NSA could monitor the whole of the US – the traffic would be so massive it could not be analysed realtime and the storage would be prohibitively massive – so it cannot be a whole population monitor. That NSA shopping list is designed for specific targets not for whole populations.

Am I concerned ?

Well no actually. I know my privacy is shot – I gave it up well before 2007 when we had that thing called the internet and I first naively connected to that BBS using my real name!
 
 
So I guess the real question is ..
 
If that was the 2007 catalog .. I wonder what the 2014 catalog looks like ?
 
 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s