Hacker News new | ask | show | jobs
by nxc18 3213 days ago
While its certainly true that we need to worry about these Russian products, the damage that the NSA has done is enormous.

Can I trust Cisco VPNs? Can I trust Windows? Can I trust my router? The NSA opens boxes in shipment to break their security, and they have the resources to do a lot more.

Unfortunately for us in the U.S., the NSA threat is a real one, not a hypothetical.

And a question for the people who know more than me: is there any IT vendor who hasn't been corrupted by the NSA, the Russians or the Chinese?
1 comments
bayesian_horse 3213 days ago
The reason you "know" the NSA is a threat is because of the increased "transparency" of western democracies.

There is no transparency in Russia. In a system of kleptocracy, bribery and a questionable judicial system, there is no boundary between state actors and any "private" corporation. If the FSB asks Kasperski for help, they can't say no, and they won't tell.

If given the choice, I'd still rather trust American intelligence services. In fact, I do believe American products to be safer in this regard.

link
Shank 3213 days ago
> The reason you "know" the NSA is a threat is because of the increased "transparency" of western democracies.

The reason why we know so much about what the NSA does is because a few NSA contractors have broken the law (for good or for ill) and leaked classified information about operations. Without leaks, there would be no information about what NSA does or doesn't do.

The only difference between NSA and FSB is that FSB hasn't used as many contractors and hasn't had as many leakers in Snowden-like positions.

link
sigmar 3213 days ago
>FSB hasn't used as many contractors and hasn't had as many leakers in Snowden-like positions.

FSB has lots of contractors leak though. They just disappear and are never heard from again. Such as Ruslan Stoyanov.

link
bayesian_horse 3213 days ago
Leakers, and the ensuing discussion and spread of the leaked information, is part of the western culture of transparency.

Of course government agencies don't want to expose their secrets voluntarily. They have to be dragged into the open kicking and screaming. Doesn't mean that they aren't, though.

link
0xbear 3213 days ago
It's so much part of a "culture" that one of the leakers is only safe in Russia, another spent five years in solitary confinement, and yet another is holed up in an embassy to avoid extraordinary rendition. Some "culture" there.
link
bayesian_horse 3208 days ago
Julian Assange is no leaker. He doesn't even have a good reason to pretend he is being persecuted.
link
Voyage_wanderer 3213 days ago
Surge of leakers unable to resolve issues internally points to serious structural problems. I remember times when soviets were prone to leak. I don't believe that there is any global it firm independent of its handlers..
link
int_19h 3213 days ago
Ironically, we actually know more about FSB warrantless wiretapping from official sources, because things like SORM-2 and SORM-3 are actual written law.
link
nxc18 3213 days ago
Whether or not there is transparency (that the NSA works very hard to suppress), that doesn't change the issue. Sure, I absolutely trust the NSA - to break stuff, to snoop, to spy, to eavesdrop. In that regard, I have possibly the most trust in the NSA out of all the organizations I trust.

What I don't trust is the NSA to not break things. Its core to their mission. Is the anyone who is capable of and willing to make products with an assurance of security and privacy? Is there any webcam that I can trust to never spy on me? Any device that isn't leaving my precise location - even when Wi-Fi is off? Is there any firewall I can trust to keep snoops out? Any software that isn't vulnerable to NSA interference? They're ac advanced persistent threat for a reason and we shouldn't forget that.

link
Mikeb85 3213 days ago
> The reason you "know" the NSA is a threat is because of the increased "transparency" of western democracies.

Except it's not. It's because of leakers who were aggressively pursued/prosecuted by the US government...

link
duncan_bayne 3213 days ago
> If the FSB asks Kasperski for help, they can't say no, and they won't tell.

Isn't that _exactly_ how it works in the USA, with National Security Letters?

link
bayesian_horse 3213 days ago
The difference is that there is a process in place with court oversight, and a judicial system which isn't completely beholden to the government.

Even with the most egregious abuses of these National Security Letters, their scope is still limited and they have to have justification for whatever they demand. There is a record of such letters, which can be examined, for example by politicians in congress or the next administration. Companies can even challenge these letters. And they are still leaked all the time.

I doubt it works that way in Russia.

link
UnoriginalGuy 3213 days ago
> The difference is that there is a process in place with court oversight

You mean the FISA Court that Russ Tice once described as a "kangaroo court with a rubber stamp" and that approves over 99% of applications? Is that 1% rejection rate in a closed door court where due process lives?

link
duncan_bayne 3213 days ago
Yeah, I think that's the one he means.

I mean, I'll grant you that it's _worse_ in Russia; they don't even have that 1%, and the scope of abuse is much broader.

But I do wonder if part of the propaganda value of the aforementioned Red Scare is to drive attention away from domestic abuses.

link
bayesian_horse 3208 days ago
1% could also mean that the people trying to get the warrants know the law and don't try to get bad warrants.

Still that is a whole lot more "due process" than in Russia. And FISA only applies in relatively few circumstances.

link