"TOP-SECRET GCHQ documents reveal that the intelligence agencies accessed the email and Facebook accounts of engineers and other employees of major telecom corporations and SIM card manufacturers in an effort to secretly obtain information that could give them access to millions of encryption keys. They did this by utilizing the NSA’s X-KEYSCORE program, which allowed them access to private emails hosted by the SIM card and mobile companies’ servers, as well as those of major tech corporations, including Yahoo and Google."
First, it came for the terrorists, and I did not speak out, because I was not a terrorist.
Then, it came for the muslims, and I did not speak out, because I was not a muslim.
Then, it came for the Dutch, Belgian, and German engineers, and I did not speak out, because I was not a Dutch, Belgian, or German engineer.
If you're an engineer, developer, sales staff, or pretty much anything else, and you work at a company that has something worth stealing, you should think about how this ends. If they don't come for you first, your personal life is now completely fair game for nation state attackers.
They will stop at nothing, they have limitless budgets, they will attack your private life, they will reflash the firmware in components of your personal devices, and they will stalk you. Even when you did nothing wrong, even when your employer did nothing wrong, even when your social graph is in no way linked to anyone who ever did anything wrong.
Just as important, if you're an engineer, developer, or mathematician who works for the NSA or a similar agency, you need to take a long look in the mirror and ask yourself if this is really what you wanted to do when you grew up.
"Just as important, if you're an engineer, developer, or mathematician who works for the NSA or a similar agency, you need to take a long look in the mirror and ask yourself if this is really what you wanted to do when you grew up."
No, don't look in the mirror, waste of time. Walk away from your job.
What, work with some of the smartest people on the planet with a near-infinite budget solving the biggest big data problems out there whilst defending your country from turrists? Sign me up!
The smartest people on the planet are not working at the NSA. Most of what they're doing is just plain old data aggregation and analysis, with a side helping of large scale but ordinary hacking. The type that lots of teenagers have done.
From a technical perspective, the sort of research going on at Google (deep neural nets, etc) is in a whole other intellectual league.
It has been my assumption that Facebook's and Google's core network and security teams are each a large crowd of embedded spies working for various intelligence agencies.
Think about it: You're a NSA/Mossad/MI5 NetOps operative. You can have access to a lot of information without risking your life, get paid by your agency AND google/facebook. What's not to like?
Wouldn't work well. Way too many of these companies key employees are not US citizens and many aren't in the USA at all.
Google, for example, has a large security team in Switzerland, with quite a few German and British employees. The NSA sees itself as a military organisation, it is bound by military rules.
> The NSA sees itself as a military organisation, it is bound by military rules.
What rules would that be? In the military, actively seeking (and using) information you have no right/classification to see is a serious offence. According to articles I've read, not a single NSA employee was disciplined for e.g. spying on their SOs or Exs.
Also: If the NSA doesn't have Swiss and German citizens working for it, it's not a very good intelligence agency. And we know for a fact that it is, at least as far as reach is concerned.
Why would that matter? Intelligence agencies have turned foreign nationals before. And in the case of a US/British cross-over, those intelligence agencies have intelligence sharing agreements.
They do. In fact, there goal is to find fresh college grads who are just good enough to potentially get hired in these firms then send them into the firms as spies.
> Then, it came for the Dutch, Belgian, and German engineers, and I did not speak out, because I was not a Dutch, Belgian, or German engineer.
You should assume that the Dutch, Belgian and German agencies already came for you though. Perhaps they are less competent than the NSA, and maybe one of those countries actually acts morally - but there are over a hundred countries out there. At least one of them has a competent intelligence service and no morals.
"They did this by utilizing the NSA’s X-KEYSCORE program, which allowed them access to private emails hosted by the SIM card and mobile companies’ servers, as well as those of major tech corporations, including Yahoo and Google."
This is not supported by any of the leaked documents. GCHQ certainly had full access to Gemalto's email servers, and several documents refer to information retrieved from there. There is nothing to show that data was ingested into XKEYSCORE and absolutely nothing to show that the employees' personal emails were in XKEYSCORE.
XKEYSCORE holds metadata, it seems. One document that explicitly stated they knew the Thailand employee was emailing PGP encrypted files because of data they retrieved from XKEYSCORE. He then became a target as a result.
But you might do something wrong. Or something innocent you did today may be illegal tomorrow. And when those days come, the NSA is ready and watching.
As other people have stated here, security is a justified means to an end to those who practice it.
I cringe a little bit whenever someone starts on the "first they came for..." monologue. Not because it isn't true, but because it first was used talking about the Jews in WWII Germany. You're effectively playing the Hitler card in a debate that isn't about Hitler.
The US was built in part by this type of security. Chances are things would be very different here if the security professionals over the years made decisions based on moral qualms.
I am playing the devils advocate, but when you look at the senate, it's hard to actually point a finger at the intelligence agencies. This is the world we have made, fear mongering hardly fits into this argument, and certainly adds nothing of substance.
What kicked off this whole thing was Clapper lying to the elected representative about what the NSA was doing. That was the trigger event that caused Snowden to finally leak his cache. So I don't think you can totally blame Congress or the Senate, even though they surely have deep problems.
The US was not built by this type of security. What the NSA is doing only became possible quite recently. It's just in a whole other world to what was previously imaginable.
I understand why that might make you uncomfortable, and I do hesitate to make such comparisons. But, you know who cringes when they hear about the surveillance apparatus that we are building in the Five Eyes countries? Germans.
Yes, this is a valid and timely point. On a side note, I hope that the companies and corporations that will come out of the startup scene in Germany can help to counterbalance the over reaching. There is certainly demand for progress in the direction of personal privacy, and Germany seems well suited to spearhead that movement.
First, it came for the terrorists, and I did not speak out, because I was not a terrorist.
Then, it came for the muslims, and I did not speak out, because I was not a muslim.
Then, it came for the Dutch, Belgian, and German engineers, and I did not speak out, because I was not a Dutch, Belgian, or German engineer.
If you're an engineer, developer, sales staff, or pretty much anything else, and you work at a company that has something worth stealing, you should think about how this ends. If they don't come for you first, your personal life is now completely fair game for nation state attackers.
They will stop at nothing, they have limitless budgets, they will attack your private life, they will reflash the firmware in components of your personal devices, and they will stalk you. Even when you did nothing wrong, even when your employer did nothing wrong, even when your social graph is in no way linked to anyone who ever did anything wrong.