[jorgeortiz85]

My takeaway from today's articles: they've backdoored the software, they've backdoored the hardware, they have a database of stolen private keys, they've tapped all the cables, they have zero-days for pretty much everything.

[MichaelGG]

Yes, that's the speculation, that they've been doing this, and that's not a new speculation either. At least on the keys, cables, and 0-days (and some folks believe Windows has been backdoored for a very long time). Backdooring, as noted, is a tricky problem for all parties if found. Even with Windows, I'd expect various people inside Microsoft could verify with independent builds. (If they compile the bootloader or crypto.dll and use a disassembly tool and the output is functionally different from what's on the ISO...)

But if there's solid evidence, why don't they publish it? If they really have broken into Google, then publish the details. I'm sure Google would like to know, too. If they've backdoored Windows, Office, VLC, whatever - same thing. Or are we talking more stuff like "we knew Debian couldn't generate keys properly"?

If it's just stating that the NSA possesses heavy offensive capabilities, well, yeah, you'd expect that. Actual evidence of an NSA-backdoored common software or hardware would be a major story. (Not saying it's not possible, just speculating gets us no where.) If Schneier and Greenwald want to be taken seriously, then step up and speak out. Generic "the NSA is powerful" isn't much help.

[jorgeortiz85]

I don't believe this is the end of the disclosures. The gradual, step-wise release of information about the NSA's surveillance capabilities has been quite effective in two different ways.

First, it has kept the NSA in the headlines for almost three months now (quite a feat when you consider our cultural attention span is usually measured in fractions of days).

Second, it has let officials make denials and give reassurances come back to haunt them and tarnish then credibility when further disclosures are made (consider that Senator Feinstein, chair of the Intelligence Committee supposedly providing Congressional oversight of these surveillance programs, who spent weeks claiming said oversight was quite robust, admitted to not knowing about the internal NSA audit finding thousands of privacy violations).

I'm pretty confident there will be more disclosures. But given the realities of the news cycle and the political process, they are much more effective if they happen gradually.

[bradleyjg]

They talk in the Times article about the government asking them not to publish at all, and them refusing but agreeing to omit some details in response to concerns that officials raised.

I don't know much about The Guardian, but The Times, for better or for worse, has always self censored based on its own perceptions of the trade offs. It considers itself a responsible part of the establishment -- the loyal opposition if you will. You aren't going to see a wikileaks-esque dump from them.

[trevelyan]

Enough with the anti-Wikeaks crap. They reviewed and redacted and if you don't know that you just come across as ignorant at this point.

And if you DO know it, then suggesting which specific document was unethical to release would be a good start.

[bradleyjg]

They redacted for a year and then released everything. Allegedly inadvertently, if that makes you feel better.

In any event, you misunderstand my intended tone. I'm not saying the New York Times' establishmentarian leanings are great, just they have them.

[conradev]

This paragraph from the ProPublica article:

> Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.

[harshaw]

Agreed - and there isn't proof (yet) of any breakthrough in cryptanalysis.

[nileshtrivedi]

And they have agents working at important positions at big tech companies.

[MichaelGG]

As we'd expect other other governments and possibly corporations to have. Find someone with access to whatever, perhaps with foreign relatives, offer them a world of money, problem solved. Or groom and plant someone. Corporate espionage exists, doesn't it?