[cowkingdeluxe]

Why did he not give even a small technical overview on what they are capable of? He should've been able to given he has a lot of technical expertise and it would've helped his evidence a lot.

Did they figure out how to tap complicated SSL? Is it hardware based? He gave no hints but could have easily.

Instead it's this blanket statement that's supposed to imply that all encryption is pointless.

[ryanmolden]

This is not my area, so excuse the ignorance, but this statement:

A: "The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting. If I wanted to see your emails or your wife's phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards."

Specifically the part about 'all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards'. Does that not imply they have found a weakness in TLS/SSL? Once the information is transmitted (say my Facebook password) to an https endpoint it is already encrypted, no? So them 'sniffing'/intercepting the packets would do no good, unless they could decrypt them.

[jessedhillon]

He was a sysadmin and he didn't finish high school, let alone receive an actual technical education -- he's said a lot of very difficult to believe technical things. I don't mean to imply that only educated people know anything important, but unless he just had an amazing aptitude for learning this stuff on his own, I find it plausible that he had only a slight idea of how consumer encryption works and he actually didn't know what he was looking at when he saw whatever made him leak. Who knows without his documents -- I could be all wrong.

At some point I think he claimed that he could've copied the list of all US intelligence assets, even those undercover. Well, given that the NSA developed selinux to compartmentalize filesystem access in such a way as to make such a breach difficult, I am not sure how to reconcile his statements. I also find it beyond belief that a contractor could actually access what he claims he could've.

[gkop]

Intercept could also mean man-in-the-middle.

[XorNot]

Which would be trivial if they had agreements with the various mostly US providers to quickly get man-in-the-middle signed keys from their CA's.

Although this seems like it would be quick to spot since if you were watching certificate fingerprints change then you'd see the switchover and switchback.

[Amadou]

I use the Cert Patrol plugin ( http://patrol.psyced.org/ ) and I've noticed periods of a few days to a week where SSL certs on major sites like google have changed rapidly. Usually they were all from the same authority so I didn't think much of it. But now I am even more paranoid. Thanks man.

[toyg]

Me too, I stopped using that plugin because Facebook and Google would constantly change their certificates, so I'd end up just clicking OKOKOKOK, never looking at the certificate, defeating the whole point.

At the time, I assumed it was just a snag with the umpteen layers of caching and content-distribution networks that they must be using. Now it looks quite a bit more sinister.

[sitkack]

Could you make a showhn or maybe just reply with a pastebin of security/privacy tools you would recommend?

[ryanmolden]

Yeah, I know nothing about this area (so this is just speculation, ignore it as such if you wish), but it seems getting a firehose feed of all traffic would be easier and less exposure prone, than getting every ISP to allow a MITM and having absolutely no one in the computer security industry notice. Don't get me wrong, I would prefer a MITM, at least then you know they haven't broken crypto that is widely believed secure, the alternative is a bit scarier :)

[antihero]

"Does that not imply they have found a weakness in TLS/SSL?"

Would it not be simpler to get access to a root CA?

[shardling]

Perhaps he thinks that revealing technical details would actually hurt national security? (And I could easily see that.)

His goal wasn't to tear down the NSA, but to reveal what they've been up to domestically.

[steveklabnik]

Glenn Greenwald said on Twitter that he was given the technical details and isn't releasing them.

[gnaritas]

Glenn Greenwald is a partisan hack, his opinion is worth basically nothing.

[waterphone]

In what way is he a partisan? He has condemned as equally bad both the Bush and Obama administrations. When Bush was President, Democrats loved him because he regularly wrote scathing criticisms of Bush's overreaching actions, and now that Obama has carried on Bush's programs (and made them worse, apparently) and Greenwald's criticized him with the same level of intensity, Obama's supporters now seem to loathe him. Reading the things people send him on Twitter, it's disturbing how many people have an absolute hatred of him. It's such a coordinated attack against him, all repeating the same talking points, it brings this to mind:

http://www.guardian.co.uk/technology/2011/mar/17/us-spy-oper...

[gnaritas]

Partisan means predjiduce in favor of a cause, one can criticize Bush and Obama and still be partisan.

[icelancer]

Partisan towards... what? He is a very strong civil libertarian.

[patrickaljord]

Here's Glenn either being intellectually dishonest or intellectually incompetent.

http://www.samharris.org/blog/item/dear-fellow-liberal2

[Amadou]

When I read that I see Sam Harris attributing things like "honor killings" to the doctrine of Islam as if Islam is a monolithic entity. He's equating the extremists with the mainstream and that is exactly what the islamaphobes do - insist that the crazies are the ones who have the true interpretation of islam and that the vast majority of regular muslims don't count because they aren't crazy. It is kind of like saying that all christians should be judged by the actions of the Westboro Baptists. The crazies get the headlines but they only define the fringe, not the mainstream.

FWIW, the one thing I can agree with Sam Harris on is that European integration of muslims (and other minorities) is slow compared to the US because they have less of a commitment to freedom of speech. For all of our racial problems, the US does a better job of integrating immigrant communities because we have a culture of airing our dirty laundry, of hashing out our feelings - bigotry and all - and thus working through the differences rather than sheltering people from possibly being offended. Its ugly and frequently unpleasant but in the long run I think we reach a level of accommodation a lot sooner.

FWIW, I'm an atheist who married a woman from an immigrant muslim family although I've probably been in more mosques than she has.

[floody-berry]

http://www.pewforum.org/Muslim/the-worlds-muslims-religion-p...

The _low_ end is 15-20% who think honor killing is rarely/sometimes/often justified. The high end is 60-70%. How is this "fringe"?

[jongraehl]

I think it's fair to say "religion X causes honor killings" if and only if X's teachings encourage them (by explicitly saying there's no spiritual punishment for them, for example). It's also fair to say that "religion X doesn't cause honor killings" if there's no correlation between religion X and honor killings. I agree that correlation on its own is never enough.

So: do the teachings of those with a mantle of religion-X authority, on average, encourage or discourage honor killings? This is not a question we should avoid asking just because we want to be nice.

I don't see any evidence that Sam Harris has got this wrong.

Good point about being nice vs. reaching a permanent accommodation.

[Myrmornis]

Greenwald has written many things, most extremely valuable. I also am critical of his exchange with Sam Harris but that's one discussion in hundreds or thousands.

[jongraehl]

Thanks for bringing that up. I'd have to agree that Glenn Greenwald is an intellectual rotten apple. You don't accuse intelligent atheists of "racist islamophobia" if you're a good actor.

That said, he might just have an irrational us vs. them "liberals vs. racists" complex and be able to speak sensibly on other matters.

[gnaritas]

Which makes him a partisan. Perhaps you should lookup the word, it doesn't mean what you seem to think it means.

[grey-area]

I took that to mean that they have exploits they can run once they which will let them take over your machine and install keyloggers etc. to report back any further activity. It wouldn't take much for them to purchase or develop a suite of vulnerabilities for all the major operating systems/browsers which they keep current, and once they have that any encryption is pointless as they can see what you see/type/hear. He mentioned it right after talking about seeing your machine on the network and mentioned hardware bugs separately.

[rdtsc]

Some major military contractors (Raytheon I think is one, BAH another maybe) were looking to hire security experts to find vulnerabilities. There is a robust black market for 0days and I can't imagine the govt. isn't interested in playing. Especially after the cyber-terror war drum has been beating for a while and Chinese hackers scaring everyone's grandmas (most likely articles seeded by PR agencies in preparation for a major contract award to a military industrial contractor).

[asdftmp]

I thought it was common knowledge that governments actively buy and use 0days? They certainly do, just look at Stuxnet's astounding and ham handed usage of 4 0days (in the first version) for an easy example all the way back in 2010.

[drzaiusapelord]

Interesting that he used the word "machines." I wonder if we're talking firmware hacks or even code in firmware that very few people are aware of. Could Intel say no to a NSL without breaking the law?

[jiggy2011]

He says "plant bugs in machines" , so that would seem to imply malware of some variety.

[_bfhp]

The FBI already plants or at least attempts to plant malware on targets (recently: http://www.slate.com/blogs/future_tense/2013/04/25/texas_jud... and regularly: http://www.wired.com/threatlevel/2009/04/fbi-spyware-pro/ )

Also, judges can now order people to decrypt whatever ( http://www.wired.com/threatlevel/2013/05/decryption-order/ )

[wavesounds]

Technical details are in the remaining 37 slides he gave to reporters which they are refusing to release