Sophos Cloud Optix
You’ve almost certainly heard about PRISM, an abbreviation that has come to mean “US surveillance of everything.”
Since Naked Security first wrote about this unfolding drama last week, a raft of new information has come to light.
The whistleblower who leaked the information has come forward; his employer has responded; and the US Department of National Intelligence itself has spoken on the record.
The conspiracy theories probably haven’t been shaken, but they’ve certainly been stirred.
Whistleblower comes forward
A chap by the name of Edward Snowden, who’s 29 years old and works for a defence contractor, has outed himself as the source of the PRISM leak.
According to The Guardian, he slipped out of the US, flew to Hong Kong and holed up in a hotel.
Apparently, he’s been out of his room only three times in the past three weeks.
From Hong Kong, he blew the whistle, purportedly claiming that:
I don't want to live in a society that does these sort of things.
He also seems to have come up with a very quotable quote that will probably end up being seen as selfless by his fans, but as mildly messianic by his detractors:
I understand that I will be made to suffer for my actions, but I will be satisfied if the federation of secret law, unequal pardon and irresistible executive powers that rule the world that I love are revealed even for an instant
Employer responds
His employer, the redolently-named Booz Allen Hamilton, has reacted with undisguised outrage:
Booz Allen can confirm that Edward Snowden, 29, has been an employee of our firm for less than 3 months, assigned to a team in Hawaii. News reports that this individual has claimed to have leaked classified information are shocking, and if accurate, this action represents a grave violation of the code of conduct and core values of our firm. We will work closely with our clients and authorities in their investigation of this matter.
US National Intelligence speaks publicly
The US Office of the Director of National Intelligence has gone public, too.
The Director himself, James R. Clapper, has opened up a list of previously-classified nuggets about the PRISM project.
(You can download the official version from the DNI’s website. [PDF, 3 pages.])
Here’s a very brief summary of the DNI’s brief summary:
- It’s not called PRISM; that’s just the name of the computer system that makes it work.
- It’s really called the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, or Section 702 for short.
- Section 702 doesn’t operate outside the oversight of Congress and the courts.
- It doesn’t collect information without court approval or without informing service providers.
- It isn’t allowed to target anyone inside the US, or any US citizen anywhere.
- It isn’t allowed to target foreigners in order to target people inside the US.
- It’s actually been jolly useful and has mitigated potential computer network attacks.
There you have it.
Department of Justice gets involved
The DNI followed up its declassification by passing the buck to the Department of Justice, pretty much ruling out any further comment from the intelligence community:
Because the matter has been referred to the Department of Justice, we refer you to the Department of Justice for comment on any further specifics of the unauthorized disclosure of classified information by a person with authorized access. The Intelligence Community is currently reviewing the damage that has been done by these recent disclosures. Any person who has a security clearance knows that he or she has an obligation to protect classified information and abide by the law.
And that’s that.
You get to have your say
All I can say is that I can’t see the DNI persuading people to stop using PRISM as a collective noun for the entire schemozzle, and I can’t see the schemozzle abating for quite some time.
What do you think? What will happen next?
Let us know in the comments below!
The ******** from the Obama administration is most disturbing and I can no longer support efforts that bear Obama’s name (although most Republican leaders are just as guilty and I will continue to support most of the Obama administration’s other policies).
The cynical attempts to re-spin the government’s behavior are morally repugnant. They keep saying the things that they are not doing, but fail to directly acknowledge the disgusting activities in which they are heavily engaged. That the Patriot Act is evil is not news, but I hope this will help more people recognize just how evil it is.
I’m glad that Snowden came forward. His openness draws a sharper contrast against the American government’s sneakiness.
all I can say is, "James R. Clapper, hmmm … I don't know, but that name rings a bell?"
Too funny–you just made my day!
As to the statement from Booz Allen — “if accurate, this action represents a grave violation of the code of conduct and core values of our firm” — Norman Solomon, co-founder of RootsAction.org, has commented in the *San Francisco Bay Guardian*:
“What are the ‘code of conduct’ and ‘core values’ of this huge NSA contractor? The conduct of stealthy assistance to the U.S. national security state as it methodically violates civil liberties, and the values of doing just about anything to amass vast corporate profits.”
As for the statement that “Section 702 doesn't operate outside the oversight of Congress and the courts”, Daniel Ellsberg has rightly pointed out in *The Guardian* (UK) this morning that the court involved is “a secret court, shielded from effective oversight, almost totally deferential to executive requests. As Russell Tice, a former National Security Agency analyst, put it: ‘It is a kangaroo court with a rubber stamp.’ ”
And as to the oversight of Congress, the leaks themselves have shown that Congress has been lied to.
This article by Paul Ducklin is disingenuous in the extreme.
Errrr, methinks you haven't read the article very objectively 🙂
Booz Allen Hamilton *did* say what I reported (click the link and see for yourself), and I think it is reasonable to describe their remarks as "undisguised outrage."
Quite how I can be disingenuous – at all, let alone in the extreme – for leaving you to make your own mind up, I'm not sure.
Same for the remarks about the DNI list. (OK, that's my own summary, but I think it's close enough not to be disingenuous, at least not in the extreme.)
The point of this article is not to form your opinions, but merely to inform them…
I agree with Marshall Massey about the courts. These are not the sort of courts we are used to – they are secret (in every way – did anyone even know they existed before?), there are no appeals, no one is there to represent possible injured parties. They conform to the letter of the law saying that a "court" must order such surveillance, but certainly not to the spirit. So the fact that a "court" is "involved" in no way reassures me.
Exactly, Lori, excellent points.
Would you give all of the employees of another company the admin passwords to your network if the CEO of that company promised not to use them without permission? How about the passwords to your personal machine, email account, and so on? The fact that people may not be authorized to access information doesn’t always stop them from accessing it, and it’s best to limit your exposure as much as possible rather than relying solely on other people’s self-restraint. Snowden has demonstrated through his own actions that DoD can’t trust every employee and contractor with access to their information, so how can we trust those same employees and contractors with access to our information?
Section 702 doesn't operate outside the oversight of Congress and the courts. – such oversight being at extremely high level
It doesn't collect information without court approval or without informing service providers. – such permission being granted without any detailed examination of the facts and implications
It isn't allowed to target anyone inside the US, or any US citizen anywhere. – but foreigners are routinely included on a "collateral basis"
It isn't allowed to target foreigners in order to target people inside the US. – but see above. It isn't for nothing that they use the very precise word "target"
– not mentioned is that it customarily issues "gag" orders so that the general public are not told there is any surveillance going on
– nor that the US applies pressure on compliant foreign governments to permit surveillance for US purposes and to enforce the same gag orders
This young man is a patriot and our government under O and his hoards are indeed blowing out the torch on Lady Liberty…it is grievous beyond words…;-(
It's not just about O but if you want to blindly shove your head in the sand be my guest!
The over reaching Patriot Act was concieved and shoved though by Bush, approved by the GOP and then Obama strengthened it with the current GOP's approval.
Then we have the AFTER THE FACT warrants by Bush and Gonzalez for their illegal wiretapping. Convenient when you can simply ignore the law because the courts say so isn't it?
"Hoards?"
I'm much more worried about Google using my searches and browser history to sell me crap than the govt using my phone logs to tell me I order too much pizza 🙂
It's clear they (the government) will do their best to twist this to make Snowden appear a "terrorist" in some capacity, or at least unpatriotic and a threat to American security. The question is whether the world will fall for it. Or wake the hell up and start fighting for our liberty.
First of all, I don't believe much of what the feds say. Second, I do not break any laws so that means I don't care how hard they look. Third, I think it has more to do with terrorism than anything else, thus I have nothing to worry about because I am as patriotic as the next hard working, tax paying, law abiding citizen. Many people don't realize this but, they have been gathering intell on people for as long as there has been a modern telephone, microphone, cameras, video cameras, ect, ect. Soooo, what's new?
How do you KNOW you don't break any laws? There are so many of them and they are written in a style of writing must of us don't understand.
And not only that, they can implicate you in any way they want just by who you've called and who has called you. What's new? The scope of how much they are doing this and also that things these days are digital, meaning they are storing everything. I certainly hope that a vast majority of Americans are not as apathetic as you are about this because this is just the tip of the iceberg.
sheesh. you are so naive. what makes you think it matters what you do? if they want to frame you they can make up the call logs, it's easier to do that than to actually monitor you.
so, like, maybe the reason for the monitoring is as stated, and it works just like they say?
Wow – Are you naive!
What did you expect the authorities to say? Yes, Snowden is absolutely right and we admit everything? This is just another sad symptom of the fact that western democracies are becoming ever-more undemocratic. They constantly interfere in the lives of ordinary people using the specious excuse that they are searching out malefactors for the general good. Nothing could be further from the truth. The truth is that it’s all about social control, the same sort of control that McCarthy exploited and the same control that has put thousands of innocent people on ‘blacklists’ simply because they dared to speak out. Of course, it is very easy to escape the attention of the government: you simply have to keep to the rules (whatever they may be), work hard and pay your taxes. And some of the taxes will be used for programs such as the Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act. 1984 has not yet arrived; it is just around the corner.
Privacy has become a marketable commodity sold to the highest bidder instead of a Fourth Amendment right belonging to all US citizens.
25 years ago as a member of the USAF I held a job very similar to Edward Snowden’s. As a MAXI sysadmin I had full access to all system data, more access than many of the intelligence analysts who were my users. Mr. Snowden knows what he is talking about. He needs to be taken very seriously. I know how much conditioning and peer pressure he needed to overcome in order to do this, and I am quite frankly in awe of his courage and sense of honor.
[Comment edited for length]
If we do not take action now on this issue we might as well say “goodbye” to the United States of America. This nation will collapse, having fully rotted from within. We might have a whole five years left, I personally am estimating it will be more like 2 or 3 at the rate we are going.
The sky is falling!
Ignoring anything that any arm of the Fed/State/Local government may be doing, private companies like Google, Facebook, etc. are based on "monetizing" your personal information.
Oh, it's not allowed to target US citizens, and no foreigners in order to target a Us citizen. Well that's a real reassurance to us, the rest of the world.
Glad there are still some Pink Floyd fans.
Glad to hear that someone noticed 🙂
Oh, I certainly noticed! I’ve been missing those clever little image titles of yours lately AND I am a Pink Floyd fan from way back before DSOTM, so it was a bonus to find that surprise treat. As for your lack of a Pink Floyd quote for the DNI logo image, I didn’t think that would be much of a challenge. Heck, the song title “Us and Them” practically jumped up and attacked me! But choosing a particular line from several tasty morsels in that song proved too much for me… pick one that tickles your fancy!
So basically you are saying that because the government says it's okay it's okay.
Ughh.
'Since Naked Security first wrote about this unfolding drama last week, a raft of new information has come to light.'
Kinda makes it sound like Nakedsecurity broke the story right at the beginning, as opposed to the reality which is that they obviously didn't. No to mention that 'last week' was the day before yesterday.
Do you really think so? "Since we first wrote about this, things have changed"…not sure that suggests we *broke* the story. (I didn't say "we wrote this first" 🙂
If we'd broken the story, surely I'd have said so explicitly?
As for it being "last week," each week has to end someonewhere, and – at least on every calendar I've used – weeks are denominated either to start or end on Sundays.
(The UNIX "cal" program even has -S and -M options to denote "week starts Sunday" or "week starts Monday".)
There's a big difference between "first wrote about this" and "wrote about this first."
Keep practising the goodthink and the duckspeak Paul – you're getting pretty good at it.
This takes me back to 1997 and Carnivore. How things have (not) changed.
The most disturbing bit from the Guardian's interview of Edward Snowden:
Q: Is it possible to put security in place to protect against state surveillance?
A: "You are not even aware of what is possible. The extent of their capabilities is horrifying. We can plant bugs in machines. Once you go on the network, I can identify your machine. You will never be safe whatever protections you put in place."
I'd like to know what Sophos, as a protection provider, has to say about that.
I would hope the government is monitoring things like this and would consider them incompetent if they weren't. The war on terror is not a traditional war.
And how to they avoid inadvertently gathering data on US citizens? Give me a break. I'm very disturbed to read some of the comments here. My emails and phone calls are legal and rather mundane too, but I still want my 4th amendment right to privacy. Did you talk to your friends or family about the Boston bombing? The chemical weapons in Syria? Remember that almost anything can be taken out of context and twisted. Next thing you know you're on a no-fly list like Abe Marshal. This surveillance is headed down a slippery slope to Big Brother. Do kids even read 1984 in school any more?
I think we're going to see Congress move fairly quickly to strengthen electronic privacy laws. If nothing else, they have a lot to lose personally because private communications can be "spun" to be very politically damaging. As for Snowden, he is a patriot. Unfortunately, he broke federal laws and will probably spend a while in prison because of it.
Why would Congre$$ suddenly concern itself with Fourth Amendment rights for the little ppl? It can just as easily exempt itself from snooping just as it does for everything else.
I honestly could care less what it's called, or if it isn't as bad as we think it is. Point is, if it's not that bad, it shouldn't have been a secret to begin with… and knowing it's been a secret for so long has made me (and many others) lose all trust in our government. Want to fix that trust? replace them. Then afterwards an investigation can take place to decide whether any of them should be tried for treason, or if their name should be cleared.
So that's supposed to make us feel better? All they're in fact saying is that they can't lawfully "target" (ie sniff on) US citizens. But what about the rest of us, the remaining 6.5 billion inhabitants on this planet who are all using those US services, even professionally (sold to us by the US mother companies)?
That's right, don't worry folks, the cia wont use any info gathered against U.S. citizens. YEAH RIGHT! Because we all know that they never break the rules! And all the law abiding citizens shouldn't worry because authorities have never framed an innocent person before have they?
Was anything he released harmful? For example, did he release names that would enable foreign governments know who our spies there are [= their traitors]? The Patriot Act is very scary, but most Americans accepted it as necessary. Any Congressperson who voted for the Patriot Act but thinks what Snowden released shows wrongdoing on the part of our country is a hypocrite. Is he the Daniel Ellberg of this time in our history?
I'm sorry, but your premise of "it's not as bad as you thought" really disturbs me. You call yourselves a security company, yet you fail to understand one thing about human nature–we have learned by sad experience that it is the nature and disposition of almost all men, as soon as they get a little authority, as they suppose, they will immediately begin to abuse that power. So what, that this process is supposedly "overseen" by the courts and congress? Snowden's point was that ANY one could abuse the system. And if you are as I am, not trusting that every man working for the government has integrity (and there's plenty of scandal going around these days to fully illustrate my point), what's to stop someone from totally ignoring the law you outlined in detail? I say, "So what?!!!" Men who abuse power do not care about the law.
Based on this article, in disguise as trying to calm us down, trying to say "Nothing to see here, folks, move along," and saying that it is to help us formulate our own opinion, does not represent your company very well. I find myself now questioning my trust and respect for Sophos if this is your corporate attitude. This, which has to be taken into context of the many other scandals we are dealing with, is an extremely serious situation for American privacy and liberty.
It is horribly bad, and probably worse than we think.
Sir! I fear you failed to notice the question mark in the headline…
"PRISM – not as bad as you thought?"
I am deliberately *not* taking sides here…as I said above, the article is to *inform* your opinion, not to *form* it.
This article is not "disguised" as anything. It is merely a list of what has happened, largely without expressing any opinion on my part.
If I wanted you to "move along," I'd hardly have actively courted opinion, would I?
Paul, I did notice the question mark–however, it is irrelevant to me. I think the title and the premise would better have served as an article from a security company if it was different. You still could have presented your information under the headline of, say, "PRISM–how serious is it?" As you can read from most of the comments, most believe that this is an egregious invasion of our privacy. The wording of your title suggests–in spite of not offering "opinion"–that the information you present argues for that point.
Yes, you actively courted opinion, and supposedly did not offer any, but the manner in which "just the facts, Ma'am" is framed, and what is included and left out does present a certain point of view, whether intentional or not.
*My* premise is that one of the important facts not brought out in your article is Snowden's point that anyone can abuse the system, regardless of law or policy. And it really wasn't necessary for Snowden to really point that out, was it? His revelation was to expose the scope to which an individual or individuals can abuse it and how easy it is to abuse the system. I think you left those very important points out.
I think what most are feeling is that who cares about DNI, Congress, the White House, the courts? That is all moot when they cannot be trusted with their authority and power.
Paul, I am not meaning to be disrespectful to what you tried to do, thanks for eliciting discussion. I just disagree with your approach.
I think it's a trifle unfair to ignore the question mark 🙂 Sure, that makes your argument against me stronger, but so would changing some of the words I used.
The headline is supposed to be ironic. I know that irony is risky, since many people don't get it and a few even consider it unpalatable, but you seem to have got it. Indeed, you even admit above that my title seems to agree with the many commenters who think this whole thing is bad.
Incidentally, I was perplexed by your accusation above that the article was somehow in "disguise"…it seems you have seen in what I wrote a hidden agenda so well hidden that even I didn't know it was there.
(As for not listing Snowden's arguments – I did link [three times, once directly to the video, including giving info on its size and length] to the Guardian article in which Snowden makes an extensive series of statements.)
If I were starting over I'd headline it "PRISM – DNI says it's not that bad after all (and don't call it PRISM)." But I wanted to avoid saying DNI in the headline because it was about new revelations from three sources, not just DNI…
Mr. Snowden is a self righteous and if he thinks that he has done a great service he is wrong. Being he is in Hong Cong, he is liable to end up with a visit from the MSS, they will throw a bag over his head, get what they want from him and probably dispose of him very quietly, the U.S will take the blame.
What troubles me is that it was so easy for him to get that much access in 3 months.
"What troubles me is that it was so easy for him to get that much access in 3 months."
And that is exactly his point!
The only surprise about this story is that people are surprised by it.
I'm amazed how many people are surprised that this has been going on and only slightly less surprised about the number of people who say, "well, I don't break the rules so it doesn't affect me." Fine as long as your name isn't the same as a rule-breaker and no-one makes a mistake. Someone I know was regularly held up at Immigration for 30 minutes or more for years before they realised his retina scans had been stored the wrong way around and that's just a trivial example.
Schemozzle?
Didn't know yo spoke Yiddish, Paul (-:
My understanding is that PRISM is mainly collecting data on when you placed a call and where that call went. How is this philosophically different than all of the surveillance cameras out there?
But given that it's wrong–and most of the US and international community seem to believe that–what can be done? How do you undo this harm? Sadly I don't think there's any putting the Genie back into the Bottle. Is anyone seriously calling for the actual infrastructure of the NSA to be removed and would that ever happen? The Utah Data Center is to be completed in September and they're breaking ground on another new facility in Fort Meade, MD.
As Information Security and IT Professionals (as many readers here are) I think we are ethically obligated to stand up and speak out about this overreach of the US Government, but as technologists we also need to start recalibrating our activities for this world that we now understand just a little bit more clearly.
Gavin Landless, CISSP, SSCP, CEH
William Saffire in the NY Times from 2002 regarding "Total Information Awareness":
"If the Homeland Security Act is not amended before passage, here is what will happen to you:
Every purchase you make with a credit card, every magazine subscription you buy and medical prescription you fill, every Web site you visit and e-mail you send or receive, every academic grade you receive, every bank deposit you make, every trip you book and every event you attend — all these transactions and communications will go into what the Defense Department describes as 'a virtual, centralized grand database.' "
Good thing that didn't happen…
I guess there is a bright side, my hard drive crashed and I can contact the NSA to see if I can get the data restored. Perhaps the goverment can put a friendly spin on this. They can send you birthday e-mails, congratulations on your new relationship, or recommendations on other movies or books you might like.
I well understand folks regarding their privacy very highly; I do too. But are you prepared to trade that expectation for a few hundred/thousand fatalities and billions of dollars lost each year because the authorities don't have any suitable tools to combat terrorism and organised crime? We don't like people behaving badly in their cars/autos and we are very happy to have traffic police. So don't we think there should be some policing of communications? I guess your answer is apparently not. So instead of ranting on about the government and its agencies perhaps you would care to come up with some ideas to assist the gathering of evidence of wrongdoing that could affect us all big time, but would at the same time satisfy your privacy requirements.
I strongly accept, of course, that there needs to be effective oversight of any such information gathering and a competent process for identifying and correcting mistakes.
If anyone in this technological world thinks that governments don't clandestinely snoop on individuals and companies then you have your heads in the sand. Over the years since the invention of electronic communication methods (yes, that includes radio) governments have been keen to 'see' what the populace are saying to each other world wide. It has happened for years and years and whether it has the backing of a law or not doesn't stop the snooping. Intelligence gathering has been a key element of defence planning across the world and some dubious countries do it more aggressively than more democratic ones – but they all do it. Even the UK's RIPA has elements of such activities and surveillance is endemic in all countries. It's just that some in 'the free world' gets uptight about it when they discover it happens.
(I do not and have never worked for any organisation that conducts these activities.)
All of this is for the war on Oceania. We should remember that keeping us safe from them is the government's number one priority. Let's all be "good" citizens and "behave" in a manner that helps promote our safety and helps the government protect us from the evil Oceanians. Pay attention to what's around you and report anything that seems suspicious. You don't have a thing to worry about.
First of all, private entities may be ultimately judged under the law but the government (the law-makers) are ultimately judged under the US constitution, therefore any arguments of legality are completely irrelevant when it comes to a debate over whether government actions are allowable or not. The 4th amendment to the US Constitution states:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Sometimes the definition of the word "search" is called into question, but there is plenty of precedent for that. The so-called Katz Standard defines a search in this context as occurring when:
1) a person expects privacy in the thing being searched [as I do in my phone, email and other non-public data exchanges]
2) society believes that expectation is reasonable [which is evident by the public outcry].
So how can PRISM and the Verizon record surveillance programs be constitutional?
-continued-
Relax everybody – just relax!
We are here to help and assist you…….
We are from the government …….
There are a whole lot of private companies that are tracking our every move on the internet for marketing purposes, but I don’t hear the same kind and level of angst over that as I am hearing over the Gov’t surveillance. I am not a fan of how either of our political parties are heading these days, but I distrust Microsoft, Google, and Facebook a lot less. At least I still (perhaps naively) believe that the Gov’t intelligence activities are motivated by the right intentions. I have no such delusions about some of our corporations’ goals.
I agree, have you ever heard of RF fingerprinting? Have you ever gotten a unsolicited text message from Walmart, McDonalds or some large retailer in the U.S as you pass by one of their locations?
How many of the folks here who are decrying this "horrible" government surveillance were asking how the Government was so inept that it let 911 happen?
While I don't like the idea that the Gov't is capturing this kind of data, I also realize that this country has a very real threat from some very nasty people who openly want us to come to great harm. The very first duty of the Federal Government is to protect the citizens and to ensure the survivability of the nation. Given the nature of the threat, and the widespread use of modern digital communication to recruit, organize, and coordinate terrorist activities and ideas, the Gov't has to go to these kinds of extremes to try to stay a step ahead of the terrorists and terrorist want-a-be's.
This sort of surveillance would never stop 9/11. They had the leads through existing channels and allies that something was brewing and did not follow them up.
Also the terrorism risk to you or me is minimal. The odds show you are more likely to die by being struck by lightning than in a terrorist attack, with much more of a more risk of dying in your car as well. The threat is blown out of all proportions.
In Britain we endured years of IRA attacks without the need of this sort of intrusive government police state “protection”.
Police states are not built overnight, its a slow methodical march in that direction. Usually starting with a crisis emergency powers being temporarily granted to the leader. Then said powers are never given up, and gradually more power gets transferred to the leader to “protect us” from a constant perceived threat. (it worked in the 1930’s in Germany)
I don’t want that level of government protection thanks.
By printing this feel-good, doublespeak, completely full of shit, Duckworth article, SOPHOS has just lost all credibility with me. It can't possibly endorse Obama's wholesale spying across the board in one breath, and, then turn around and talk about encryption and privacy. LMAO …
This article isn't "endorsing" anything.
And please keep a civil tongue in your mouth next time you have something to say.
It's too soon the make conclusions on this. A dem, I voted twice for Obama but now don't trust his people to tell the truth.
The more sunshine pisses off the government, the more it is needed. IMNSHO, there are many more secrets than we need.
Someone very accurately described the current digital environment as the modern ‘Rush for Africa’. Instead of gold, diamonds and land, the prize being hegemony over digital data.
The very tricky problem is finding the right balance between personal privacy and national geostrategic interests. i.e. what’s good for our collective economy and security.
Do I want China, a U.S. corporate or my own government to track my every move and profile my behaviour? Clearly, no. Just as I wouldn’t wish for my personal old fashioned letters dropped in the postbox to be intercepted and read as a matter of course by Google or government.
But…some level of rebalancing, of adjustment in our notion of ‘digital privacy’, may be necessary to pivot and leverage against greater personal and national digital threats. Just keeping on top of the vast quantities of digital data now being produced may require a higher degree of openness to government for the sake of our own personal interest.
Unfortunately there appears to be very little discussion or effort in promoting constructive discussion (not emotive diatribe). Soundbites like, “If you are obeying the law you’ve got nothing to worry about.” is clearly poor rhetoric Mr. Haig. And you know so too! Get the issues out there and let’s have some constructive debate. I’d certainly rather we were successful digital colonialists than the alternatives.
In response to Daniel Weisinger (above):
Your proposed remedy ("replace them") is like putting a Band-Aid™ on a grenade wound. It's not any particular "them". This has been going on for a long time, and it spans multiple political administrations. Pointing the finger at Obama and his gang of goons or Bush and his band of brigands is EXACTLY what is going to derail this scandalous trouncing of the 4th amendment into yet another unresolvable political bickerfest.
This is not a political squabble. You're not going to resolve it with politics. It doesn't matter who is in power; the power will corrupt them. The problem is that there is a system that enables anyone to have that much power in the first place. What we have here is a runaway state mechanism. Unless you do something that dismantles that mechanism, replacing the cogs in such a giant juggernaut will accomplish nothing.
The number of assumptions inherent in the comments (and indeed, in the U.S. electorate) on the PRISM scandal is as flabbergasting as the scandal itself. At the core of those assumptions is the nearly universal belief that the only way for individuals to be secure against terrorism or any other threat to life and property is to have some immensely powerful centralized entity they call "government"…which also happens to have the ability to do away with the very freedoms it is supposed to protect.
Doesn't anyone else see the elephant in the living room?
Mr Ducklin,
What might be more useful to us is to discuss what, if anything, Sophos can do for the spied-on people. I doubt it's much.
Your statement
The conspiracy theories probably haven't been shaken, but they've certainly been stirred.
may win points for cleverness, but appears to put you in the position of ridiculing people who think seriously about real conspiracies and their political equivalents. You must know that spy agencies work together to commit crimes, and that secrecy leads to lack of accountability. You must have heard of Operation Northwoods. Please show that you and Sophos understand the real world.
Thanks for your compliment. I think.
The idea that the "conspiracy theories haven't been shaken" (i.e. shaken off) was actually meant to suggest that the DNI denials didn't really amount to that much, and would probably serve only to stir up the hornet's nest than to settle it down.
Judging by the comments here, I think it's fair to say I was spot on 🙂
As for "what can Sophos do to help people"…I'm sort-of damned if I do, and damned if I don't, give advice on what Sophos can offer. Some people like our articles to present and promote Sophos products; many people do not. In this case, I thought that leaving any commercial angle out of it was the best approach.
Having said that…if you want some ideas, you might consider looking at these articles, which offer some closer-to-home reasons for you to consider a policy of "encrypt everything":
http://nakedsecurity.sophos.com/2012/06/17/lost-u…
http://nakedsecurity.sophos.com/2011/12/07/lost-u…
Hmm… seems that NSA allows external contactors to copy data to portable storage, as one senator worried in CNN interview … wow now ther are really in deep if this is true. Who knows where else this information could have been stored?
Is this the "Dark Side of the Moon" version?