snowden-manning-heros

Snowden-Manning Heros?

DISCLAIMER: I have no first hand knowledge of the NSA PRISM program.  This is just my personal opinion of Edward Swowden’s release of classified information and the impacts.

What is PRISM:

PRISM is the code name for the data collection program which was born out of the Protect America Act.

Recently Mr. Edward Snowden released classified information to the international media and fled the U.S.  He was working on the PRISM program and felt that the right thing to do was to tell U.S. citizens about their loss of privacy.

 snowden-manning-heros

snowden-manning-heros

SHH!! Don’t tell anybody this.. but privacy has BEEN gone if you are on Facebook, Google or any other social network.  These organization are storing our private data.  But what do these organizations do with that data?

  • Do they try to protect your data?
  • Do they sometime release it to third parties?
  • Can certain data you store on their system be used against you in a court of law?
  • All of the Above 🙂

Encrypt your data.  That is the only real way to have privacy to a trusted party.   Don’t use FB or Google for stuff you want hidden.

The Need for Some Sort of PRISM:

Spies get a very very bad rap lately.  Analysts are unsung heros.   It that world nothing is what it seems.  The media presents one side of everything.  You have to dig and cross reference to get facts.  Intelligence provides a proactive answer to security.  I am speaking from the perspective of someone who has done security defensively.  There is a need for gathering data within the U.S. infrastructure.  Once data is gathered, it can be correlated to detect patterns of potential threats.

So I think we MUST have something like PRISM (especially in the US) due to the exposure of our assets and the subsequent likelihood of attack. We have a high risk.  And the greatest risk is from INSIDERS (ironically enough PRISM cannot protect itself).

There are three main issues with the programs current setup:

1.  Lack of Oversight & Transparency: There seems to be very little transparency and  oversight that represents US citizens regarding privacy and controlling how far the government can go.  US Senators are led away from what is really going on.

2.  Total Information Awareness:  This system may be too DAMN powerful as far as what it is capable of.  In fact, it seems to be like using GOD Mode 24/7 to gather information.  Snowden mentioned that it can track ANY email.. is this on a whim?  does there need to be some sort of probable cause or “reason to believe” or is this left to the discretion of the guy with his finger on the button.. this leads to the next issue..

3. The Patriot Act II + Protect America Act =  Its too DAMN politically powerful.  This program has the legal backing to do anything with NO checks and balances.

Is SNOWDEN A HERO?

Would I call Snowden/Manning heros/martyrs?  I would not group Snowden with Manning.  The information that Snowden released (so far) is showing a the capability of NSA spying (something that was done by whistle blower William Binney in 2002).  PVT First Class Bradley Manning leaked a lot of war material that risked a lot of people’s lives:

videos of the July 12, 2007 Baghdad airstrike and the 2009 Granai airstrike in Afghanistan; 250,000 United States diplomatic cables; and 500,000 army reports that came to be known as the Iraq War logs and Afghan War logs. It was the largest set of restricted documents ever leaked to the public. — http://en.wikipedia.org/wiki/Bradley_Manning

The problem with this is that it actually endangered the lives of informants, and some people that were on the ground in Afghan/Iraq.  Manning fucked up big time.  Snowden is a hacktivist who will have to spend sometime in prison or in Iceland evading the US government unless the American public rallies to sway the politicians.

Whistleblower Protection:

My hope is that there is due care taken on this issue.  Because there is a real concern regarding the Constitution, Privacy and uncheck powers of the government.  If not, perhaps the next administration will take up the call of the people.  SarbanesOxley Act of 2002 has a Whistleblower Protection Act that would be helpful if such a law could apply to Snowden.  I am not so sure about that.

Transparency & Accountability

I know their needs to be transparency and accountability. But I think its naive to think that we should release all information on all classified data to the world as the Wikileaks crowd believes.  

Why?

Organizations & States have an obligation to maintain Confidentiality of critical data.

That means databases with witness protection programs must be kept Confidential, bank transactions must be protected..

Nations have some serious enemies (ESPECIALLY the US).  The US governments duty is to protect its people from those enemies (foreign or domestic).

Consider this:  Certain information on the physical/logical locations of weapons systems, pattens on lethal biochemicals, information on the capabilities of a nation are very effective tools in the hands of really bad people.

Its naive to think that opening up all classified data is going to set the world free.  I wish humanity was in a kinder, gentler situation.. but the reality is some crazy people want to kill as many people as possible.

Yes!  I agree that governments with unrestricted power can be MUCH more dangerous.  Some transparency with check and balances are necessary.

 

WAR OF INFORMATION

The post modern war conflict is a fight over ideology. Its less about my nation versus your nation and more and more about belief systems.  

RIGHT NOW there is someone with the intent to kill as many people as possible.  With the capability and opportunity they would strike.  There IS an enemy and they are anywhere and everywhere.  You can no longer point at a map and say “All these people are my enemy.”

Now there is an enemy willing to kill you over what you believe, what you represent and what they think you are.  And more than likely, THEY are living in your city.   Who are “THEY”?

Figuring out who THEY are.. is where data mining and correlation comes in.

The threat-source can be from ANY country, race, creed, or religious faction. They are more and more likely to have a citizenship in your country for the sake of having free reign to make the most damage on the most people that represent what they seek to destroy.

Its sounds crazy until a bomb goes off in the middle of a Boston Marathon with the attackers on their way to Time Square.  Luckily, there was surveillance to help deter further killings.

How do we fight against these threats?
Threats can be detected via patterns within information.

Solution:  The government should allow the program manager of the system to explain why its necessary, provide proof of its usefulness.  Limit the use and extent of PRISMs power.

I hope the president will listen to the Internet community on this.  I hope that some political party will hear the cries of thousands of potential constituents then take an intelligent look at the public’s concerns.  Realistically, the American public voted on the reps that backed the laws that created this system.  They accepted it by proxy.  But the shock is from the alleged reach of this program.  Its too bad it took Snowden is risking years away from home and possibly prison for the US to wake up and start talking about something that was leaked years ago.

MS in Information Assurance or BS in Computer Science

I feel compelled to contribute something to humanity.

As a 15 year old street preacher, I was trying to help elevate humanity. When I look back at that kid now, I see the capacity for so much more but a lack of guidance that made my worldview grow wild. As a 20 year old airman, my world view was shaped and molded by discipline and the harsh, unrelenting realities of war and poverty.

The inescapable gravity of a child dying of an incurable disease in Africa is what prevents me from believing that this post-modern world can fit into a literal translation of ANY religious text. I don’t want to get into theology or philosophy too much on this blog, but I think it is relevant to this post.

Here I am now in my 30’s looking back at my life and at humanity as a whole and feeling (knowing) we can do so much better. I want to some how prove it to myself and humanity, but I’m a mere cubicle cog. What can I do? I’ve decided to go back to school, but I don’t want to knock out a 1 1/2 long MS Information Assurance degree. I want to get into science & math because they seem to be the two systems of study most like to limit human suffering and give us answers about who and what life it.

I don’t want (or really need) another industry type degree. If I go for a computer science or computer engineering, it won’t be for more money, or corporate movement to a better cubicle, it will be to have the privilege of understanding and perhaps even to create something that will help us evolve to our greatest potential and limit (if not end) human suffering.

I still want to dabble in security. I’m simply expanding the reach of my capacity to contribute to our movement upward.

The ABCs of securing your wireless network

Introduction

Ars Technica’s original Wireless Security Blackpaper was first published back in 2002, and in the intervening years, it has been a great reference for getting the technical lowdown on different wireless security protocols. As a sequel to the original blackpaper, we wanted to do something a little more basic and practical, because the number of devices with 802.11x support has greatly expanded since 2002. Wireless security is no longer the domain of geeks and system administrators, but is now an issue in the lives of everyday users, from the worker with a home office who wants to keep sensitive files secure to the homemaker who wants to avoid an RIAA lawsuit because the teen next door is a wireless-leeching P2P addict.

read more | digg story

Cisco to be under scrutiny again at Black Hat

“Cisco Systems Inc.’s products will again come under scrutiny at this year’s Black Hat USA 2006 conference, which kicks off later this month in Las Vegas. Conference organizers say that 15 new exploits will be discussed at this year’s event and that two of them target NAC (Network Admission Control).”

Now if Cisco had any understanding of the importants of transparency with the technical community in this age of free information, they would break this news themselves and have solutions and mitigations to fix it. Instead they are too worried about the bottom line (the shareholders) which will take a hit anyway once the media gets a hold of it.

Mr. John Chambers, despite the security issues you’ve got great products, but get a clue about how to deal with these problems.

read more | digg story

Digg will take over the world

When I was in high school, I read this book called Ender's Game, by a man named Orson Scott Card.  The book is about a strategic prodigy named Ender who is the only hope for saving humanity from an alien invasion.  It was a great book. 

In the bookd Ender's brother and sister, Peter and Valentine, are just as bright
as he. Peter convinces Valentine to collaborate in his grand scheme
of controlling the planet Earth.  They start by creating a huge following on the Internet.

I think that the comment system created by Kevin Rose and the Revision 3 team is going to be copied enough to make it an unofficial standard.  The one thing that is very powerful about digg is that it harnesses the power of the collective masses participating.  Some topics that are supercharged with emotion moving hundreds  of commenters on digg into action.  The site becomes like a loaded gun.

Perhaps it won't be digg that starts catapults the current online revolution but it will almost definitely be something very similar.

Colorado Passes Bills on Computer Security, Hardware and Software Standards

Colorado Gov. Bill Owens today signed legislation to provide greater security for the state's computer systems and increase the oversight on large computer systems developed by state agencies.

House Bill 1157 officially creates the position of chief information security officer. Under the legislation, this officer will have control over the state's cyber security policies and procedures to protect computer systems in state agencies and the citizen information on those computers. The governor had made cyber security one of his priorities in the State of the State.

I saw the Chief Information Security Officer at an ISSA meeting in Colorado Springs.  He was a very down to earth guy not really a political type.  I think this is a good more for Colorado.   

read more | digg story

A funny musical animation on N.S.A. wiretapping in United States…

Found this via the very popular and relevant Schneier security blog.  

It is a funny Flash musical animation, titled “NSA Wiretapping” (will resize your Web browser's window and requires Flash), on United States' wiretapping.

Tried to put it on digg but somebody beat me too it.

read more | digg story

China preparing information warfare army

The Chinese People's Liberation Army (PLA) is developing information warfare reserve and militia units. Also, China is developing the ability to launch pre-emptive attacks against enemy computer networks in a crisis, according to the document, “Annual Report to Congress: Military Power of the People's Republic of China 2006.”

I wonder if this is a response to the US release of information about that Elite Hacker Unit last year.  I guess the threats are turning Cyber.

read more | digg story

Digg 2.0 Beta (coming soon)

Calling all beta testers! Digg 2.0 is nearing release, and we need your
help. The scheduled open public beta is set for June 26th. We have a
new design, tons of new features, and most importantly multiple servers
to help share the load. Check back on the 26th for the beta site link!

read more | digg story

1 2