[RationPhantoms]

If you're not under the threat cone of nation state surveillance (like trying to exfiltrate the radar-asborbing paint formula on the F35) then I wouldn't be too concerned.

"That's not the point! It's about privacy!"

Sure. I'll choose it ignore the fact that our civilization is somehow still functioning in a post-nuclear world.

[tinco]

It's not about privacy, it's about security. If there's a backdoor in a HSM or network interface, that backdoor can be used by others as well. That might start with foreign nation states, but might eventually leak to regular private persons or entities as well.

A backdoor is an extra attack vector with often very unfavorable properties that you as a user are unaware of.

[sschueller]

A Mann is being executed in Saudia Arabia for tweeting a negative tweet about the government to his tiny following. Not exactly someone who thinks they are a target of a nation state.

[1] https://www.hrw.org/news/2023/08/29/saudi-arabia-man-sentenc...

[RationPhantoms]

Not sure if this a joke but SA is the exact country I would expect to utilize spyware against its citizens.

[MSFT_Edging]

With how good of friends SA is with the US, its likely all they need to do is ask nicely for some dirt on an alleged dissident.

[isykt]

100% agreed. If you’re concerned about privacy, being tracked online by corporations is a bigger concern than the the NSA. If you’re the target of an NSA investigation, you’re already fucked. Changing your network equipment is not going to help.

[Minor49er]

On the contrary, changing equipment may actually help quite a bit when dealing with the NSA. The 2016 documentary "Zero Days" which was centered around the creation of Stuxnet showed that the NSA targeted specific hardware models to look for security holes. They had to buy matching hardware themselves and rigorously try to break it which took time and wasn't trivial to do

[isykt]

So you’re saying that no matter what hardware you have, the NSA will buy that specific hardware and take the time to break it.

[Minor49er]

That's right. And I'm also saying that switching hardware will make the break attempts take longer

[isykt]

And in the mean time, all my browsing, payment, and location data collected by corporate ad brokers got handed over to the NSA for just the cost of a letter.

I don’t see the point in constantly changing hardware that I don’t even know is safe, just to prevent what will already happen.

[Minor49er]

You don't see the point in constantly changing hardware, but you have no problem with changing subject, I see. I would encourage you to give Zero Days a watch sometime

[awesomeMilou]

> If you're not under the threat cone of nation state surveillance

The average reader may be surprised by how far this cone can extend in some circumstances.

It has been established that the NSA conducts industrial espionage [0], under the cover of national security [1]. To what degree the term "national security" narrows down the scope of any surveillance measures is likely unfamiliar to the laymen, but an NSA representative gave a short description on the agencies views to that regard in 2013:

"The intelligence community's efforts to understand economic systems and policies, and monitor anomalous economic activities, are critical to providing policy makers with the information they need to make informed decisions that are in the best interest of our national security." [1]

While it affirms that it does not steal trade secrets, the NSA reserves the right to pass on critical information about economic developments towards policy makers, who then can use this knowledge in their decision making.

Notable examples of industrial espionage conducted by the NSA consisted of spying on EU antitrust regulators investigating Google for antitrust violations [1], alleged espionage of business conducted by brazilian oil giant Petrobas [2], international credit card transactions [3], SWIFT [4], and the infamous allegations of espionage against european defense company EADS [5].

It's noteworthy that this short list only comprises cases that got attention of the media, the actual list of targets in europe was much higher, about 2000 companies in europe, many of them defense contractors.[5]

So, to summarize, it may be much easier to fall into this cone, than one would assume. The agency is also at odds with it's own claims as this this excerpt from a Guardian article [2] clearly shows:

"The department does not engage in economic espionage in any domain, including cyber," the agency said in an emailed response to a Washington Post story on the subject last month. [...] "We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries' economic policy or behavior which could affect global markets."

But he again denied this amounted to industrial espionage. "What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – US companies to enhance their international competitiveness or increase their bottom line." [2]

To me these statements are mutually exclusive: How is providing policy makers with insights from foreign politics and possible industrial espionage (i.e. not necessarily actual technologies, but research objectives of foreign companies) not giving an advantage to domestic companies, if those policy makers act appropriately?

[0]https://theintercept.com/2014/09/05/us-governments-plans-use... [1]https://www.cnet.com/tech/tech-industry/nsa-spied-on-eu-anti... [2]https://www.theguardian.com/world/2013/sep/09/nsa-spying-bra... [3]https://www.spiegel.de/international/world/spiegel-exclusive... [4] https://www.spiegel.de/international/europe/nsa-spying-europ... [5] https://www.theregister.com/2015/04/30/airbus_us_german_inte...

[irreticent]

The NSA has been caught lying before (see: the Snowden leaks) so I wouldn't trust them to be forthcoming about their industrial espionage, if they are engaging in it. Of course they'd deny it.

[p337]

> How is providing policy makers with insights from foreign politics and possible industrial espionage not giving an advantage to domestic companies, if those policy makers act appropriately?

Let's imagine OpenAI was a Russian company operating mostly in secret. This RU OpenAI secretly discover and use GPT-4-like technology, and show promise that they are not done innovating. While these LLMs are often overhyped, these recent innovations no doubt present a policy issue, right? I'd say there are legitimate national security reasons to know about that technology, not just about making money or making a better product for cheap.

The distinction being made is that the NSA may steal data related to this, but they aren't just giving it to Google to make Bard better. They are getting intel and giving lawmakers the tools to fund research, write policy, or whatever else our elected representatives deem beneficial. Any side action or under the table dealings would make this distinction meaningless of course. So, for the example above, if we started funding departments to research the threat of LLMs/AI, inform the public of the issue, and inform companies that their data is being pillaged to train AI... that is all very different from just stealing a cool new widget design and getting it to market first.

I think there's no debating that this is morally gray, but I think it's a few steps off of what other nation states are doing by stealing tech and implementing it in "private" companies. It's certainly worthy of criticism, but I think it's unhelpful to bucket it with the other type.

If the LLM example isn't your thing, it also makes a lot of sense for the NSA to steal information related to weapon/defense tech, even if developed by a private company, and even if we use what we stole to implement countermeasures. I can't honestly be morally outraged about invading the privacy of someone developing tools of war against you. Fwiw, I wouldn't blame Russia or China for trying this against the US gov or defense contractors either, but it's not like I'd be happy about it. My point is that that is not so much economic espionage or corporate espionage as much as it is just plain old espionage. It saves lives and protects American hegemony - which I recognize may be counter to many people's ideal situation.

It's a nuanced thing. When you take two morally questionable things and reduce them down to both just being bad, the ones doing the worse things benefit. E.g. "all politicians lie" is a handy phrase for truly corrupt politicians because the ones who make small mistakes or half-truths are in the same bucket as them, and the outcome is apathy for the issue rather than being upset at all of it. Kinda the classic whataboutism trope - not to imply you are doing that, but just to say that's where it often leads.

[awesomeMilou]

So we're evaluating the US policy on international espionage on constructed examples now?

> Let's imagine OpenAI was a Russian company

Nevermind that they're not and that Russia can't currently develop these models, due to lack of silicon. All targets I mentioned, with the exception of the brazillian oil company we're in european states, at the time (and still!) closely allied with the US.

> The distinction being made is that the NSA may steal data related to this, but they aren't just giving it to Google to make Bard better.

How would you even know at this point? Who controls the NSA? There haven't been any leaks since the Snowden revelations and there likely won't ever be any again, since Snowden could only make his move due to some misconfigured/outdated network quota control software.

Hell you can't even FOIA information about these policies, and agencies will go so far to withhold evidence in court when it concerns espionage! And soon as a court case involves this information, the court recedes from the public and is held in secret.

My hostility against US policy is by no means anywhere above the european average, but when it comes to public statements about surveillance, I have no reason to trust the US Government. The Bush administration has proven that it is possible to flout the US constitution on a massive scale with just 10-12 people. At this point I can't blame people putting forward some crazy conspiracy theories about the deep state or qanon, because the US gov has given no indication to be believably concerned about compliance with their own laws.

[runeofdoom]

And if you are in a position where nation-states are a likely adversary, you'd best assume that all commerically available hardware is compromised.

[slackfan]

Sure. See you in the gulag, comerade

[MSFT_Edging]

Gulag is just Russian for prison.

The US currently has about 1.2M people in their gulags, comrade*

[slackfan]

Гулаг (gulag) is the acronym for "Гла́вное управле́ние исправи́тельно-трудовы́х лагере́й" which translates to "Head management office of correctional work camps". And if you're going to go for all incarcerated, the number is actually somewhere in the 2.1mil range in the US, because hey, jails are a thing.

Sorry that you're wrong on all three points.

[MSFT_Edging]

Damn, you got me.

[RationPhantoms]

Oh please, the United States is so incredibly armed, my death will likely come at the hands of some misplaced right-wing militarized fascist group performing mass murders under the guise of "Freedom" and "A return to the constitutional purity of the US".

[digging]

I mean, that more or less describes most police departments in the country. And they are spying on you.

[slackfan]

I've been promised that that was going to happen any day now since the wrong person got elected back in 2000. Nearly a quarter century on I am beginning to suspect that somebody was overstating something, I can't quite put my finger on what though...

[salawat]

You... could defend yourself you know.

Cuts both ways.

[cpursley]

Comrade is of Latin origin. In Russian, tovarisch is the correct term. At least get it right if you're trying to be edgy.

[slackfan]

Sounds like I hit a nerve?