THE NSA IS THE EYE OF SAURON
[Note: Paul Rosenberg, has spent many years trying to protect Internet users from unjustified surveillance by groups like the NSA. Many TTPers subscribe to his Virtual Private Network (VPN) called – for reasons known only to him – Cryptohippie, to avoid tracking by the snoops. I never go online without it. Here Paul discusses the latest revelation of unconstitutional NSA Orwellian fascism. -JW]
On September 5th, Glenn Greenwald, Ed Snowden and others revealed that the NSA was able to break the vast majority of encryption used on the Internet. You can find the story here or here, and commentary by cryptographer Bruce Schneier here.
Here’s What Was Revealed
- The biggest tech companies and Internet providers are cooperating with the NSA (which may be why they’re big) to break encryption everywhere. They are installing "secret vulnerabilities" and "covertly influencing product designs."
- Encryption for Hotmail, Google, Yahoo and Facebook is already broken. Others as well.
- Your data streams are recorded and decrypted, since the NSA (and their British counterpart, GCHQ) already have access to your secret keys.
- These attacks involve something called key exchanges (involved in all encryption) and the subversion of certificate authorities, such as Symantec, Comodo and GoDaddy.
- They have already broken 30 Virtual Private Network systems and are working toward 300.*
- Greenwald and others report that in the NSA documents, ordinary Internet customers are referred to as "adversaries."
- The NSA has capabilities against "HTTPS, voice-over-IP… [which are] used to protect online shopping and banking."
- However, it can be said that encryption is still effective, if used well. As Edward Snowden said, "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."
What This Means to You
If you hadn’t taken this seriously or were content to let others keep you safe, now’s the time to wake up and act. You have to protect yourself. No one is going to step in and do it for you. Magic hackers will NOT ride in to your rescue.
You must either learn to handle your own security, seriously, or pay for a top-notch service. If you go cut-rate, you’re just paying for the NSA to spy on you.
I may be preaching to the choir here, but don’t even try to pretend that the government will fix this – they are the people who are doing it – and they love the power. And don’t pretend that the military will step in either – the NSA is part of the military.
We’re all perps now. If all Internet users are "adversaries," do you really think anyone is safe?
What This Means to Us All
Forget about the US Constitution; it’s a non-factor now. This is just the latest example of people who are drunk on power and don’t care about the principles on which this country was founded.
The NSA and the entire US/UK "security" apparatus is a gigantic drunken beast. The operators are arrogant and untouchable. Their bosses have openly lied to Congress, with no consequences. Do you really think they will remain angels? (Did you ever really think they were?)
The reality is, the system is beyond broken, no matter what kind of happy talk you hear on TV.
Make no mistake, this is the eye of Sauron. It is the empowerment of arrogance and power… and ultimately of death. You might think me dramatic but history doesn’t lie: Surveillance kills.
Once they have your communications, they have your thoughts. They are currently analyzing those thoughts and have already begun to quietly manipulate them. That is, if you choose to let them. Yes, it is your choice.
Be aware of the danger, take it seriously and become the kind of person you want to be… not the one they want to manipulate you into becoming.
* The service I am associated with, Cryptohippie, is unaffected by this. Like other professional services, we operate our own public key infrastructure, without outsourcing trust and control to a third party, like an unaccountable Certificate Authority. We use Perfect Forward Security cipher suites, which prevent communication from being decrypted after the fact, or when keys are lost.