[tlb]

Unlike Snowden's disclosures of mass surveillance, this is not whistleblowing.

Mass surveillance, such as recording and correlating cell phone location data or searching all emails, is immoral and unconstitutional, and it's good that the extent of it was revealed.

Doctored USB cables do not enable mass surveillance since they have to be physically delivered to specific subjects. Assuming they're delivered based on some sort of probable cause, they are a legitimate law enforcement technique.

Revealing details of legitimate practices does no good. To the extent that revealing them encourages the NSA to resort to less legitimate practices, it's harmful.

[ds9]

"Revealing details of legitimate practices does no good"

Seriously? Excuse me for being harsh, but that statement is preposterous and shows a contempt for civil liberties, freedom of speech in particular, and ignorance of security principles.

There is no such thing as technical practices being intrinsically "legitimate" or not without reference to who's doing them and for what reason. If by some fluke a government someday used a technique to pursue a person suspected of a crime, did so legally, and with moral justification (not a victimless crime), then it is legitimate on that occasion - but how would you propose to assure us that the same tehcnique can never be used by anyone else or in any other situation? There is no basis for any such assumption; the same knowledge, skills, devices and so on will also be used by illegal, immoral and other actors at any opportunity (notably including NSA and LEAs). Therefore it is legitimate to expose, and discuss how to defeat these and anything else that might compromise anyone's security.

Saying "shut up about it because someone might have a legitimate use for it" is like saying that science should stop because there are bombs, or that lock picking techniques should still be kept from the public. Such fallacies have been debunked at least since the 19th century.

"To the extent that revealing them encourages the NSA to resort to less legitimate practices, it's harmful"

Another fallacy. If we stop would-be terrorists from bringing guns into a building, are we then responsible for their resorting to mortars? How about, the NSA and other state actors should restrain their conduct to respect people's rights, regardless of their tricks being revealed.

[mpyne]

Yes, this "list of techniques" revealed by the German newspaper Der Spiegel is another thing that will be someday used against Snowden in a U.S. court...

Reason I say that is because as long as we're operating under the assumption that the U.S. will have a branch of the government somewhere that is able to engage in cyber-conflict activities (offensive or defensive), those cyber conflicts will be dependent upon weapons with which to fight them.

Even those who are mistrustful of NSA ever looking at domestic data seem to at least be aware that U.S. networks are constantly under attack (e.g. the Aurora attack on Google, countless attacks on U.S. defense contractors), and that it might be good for the U.S. to have similar capability.

And now the list of secret (cyber-)weapons is out for the whole world to see.

Contrast what would happen if this was a top-secret military weapons program (like, say, a stealth helicopter). How would the spy who leaked it have been treated?

[intslack]

That's assuming that these documents were given to Appelbaum by Snowden or Poitras:

https://twitter.com/ggreenwald/status/417325532980580353

Reading between the lines of the 30C3 talk, and the fact that none of this is credited to Snowden by Der Spiegel, I'd say there is a chance that another "whistleblower" is out there.

[SamReidHughes]

It's not reasonable to "punish" an organization that went too far? If you don't do that then they don't have much incentive to stay within the lines.

[mpyne]

You're not punishing the organization though, they'll exist regardless. You're punishing anyone who relies (knowingly or not) on the services provided by that organization.

Or put differently, would you force an electric company to shut down operations for 3 days if they were discovered to be overcharging their customers?

[SamReidHughes]

That would be one way to get an electric company to stop overcharging their customers. That would not be an optimal choice. What you shouldn't do is just make the electric company pay back the customers what they overcharged, and have that be the end of it.

The electric company overcharging all its customers is also not an apt analogy. Some people are harmed by pervasive surveillance more than others. Also, most people are hardly even customers. The NSA's main benefit to me, for example, a person living in California, is probably in the tips they give to the DEA. I'm certainly not worried about being invaded by Russia or bombed by terrorists.