| ▲ | yupyupyups a day ago |
| >NSA does not have magic tools to break modern encryption. They don't. But they have other options. For example, Cloudflare is an American company that has plaintext access to the traffic of many sites. Cloudflare can be compelled to secretly share anything the NSA want. |
|
| ▲ | monerozcash a day ago | parent | next [-] |
| >Cloudflare can be compelled to secretly share anything the NSA want. This is true given some possible interpretations, false given other possible interpretations. Cloudflare can be secretly compelled to share specific things, there's no legal mechanism to compel Cloudflare to share everything. |
| |
| ▲ | morkalork a day ago | parent [-] | | Wasn't the whole thing that the secret courts were too liberal in access they were granting? | | |
| ▲ | monerozcash a day ago | parent [-] | | Not in the sense that they were ordering companies to facilitate full take collection of content by the NSA, no. Hence the famous "SSL added and removed here ;-)" slide | | |
| ▲ | doobiedowner a day ago | parent [-] | | Wasn’t room 641A just the NSA strong arming At&T to facilitate full take collection? | | |
| ▲ | monerozcash a day ago | parent [-] | | Getting AT&T to do that is not the same as getting Google to do that. AT&T does not have much to lose by doing that, Google does. | | |
| ▲ | doobiedowner a day ago | parent [-] | | How do they not have much to lose? They are the ones that have their users on a subscription basis. | | |
| ▲ | monerozcash a day ago | parent [-] | | AT&T customers will not (and did not!) leave because of NSA surveillance, and generally don't have that many options anyway. | | |
| ▲ | morkalork a day ago | parent [-] | | Were the alternatives any better? I don't recall any telecom companies committing to warrant canaries or the like. And speaking of, whatever happened to those? | | |
| ▲ | monerozcash a day ago | parent [-] | | > Were the alternatives any better? I don't recall any telecom companies committing to warrant canaries or the like. Well, no. But Google does significant business in foreign countries and doesn't really want to give an excuse for foreign governments to start aggressively pursuing their own alternatives. > And speaking of, whatever happened to those? Cloudflare still has a warrant canary on their transparency report page, Reddit deleted theirs in 2016. They were never very common. |
|
|
|
|
|
|
|
|
|
| ▲ | xboxnolifes a day ago | parent | prev | next [-] |
| Even if they aren't compelled, if that unencrypted traffic ever moves over a wire that the NSA could tap into... |
|
| ▲ | tehjoker a day ago | parent | prev [-] |
| Or if they have a deal or double agent working for them, there is a possibility for "full take" just like at AT&T. Seems pretty likely to me. Allegedly there are tens of thousands of undercover employees stationed throughout the economy in the "signature reduction" program. National security programs don't respect laws when there is something considered "important" if they can get away with it. https://www.newsweek.com/exclusive-inside-militarys-secret-u... |
| |
| ▲ | monerozcash a day ago | parent [-] | | A double agent would not get you "full take", it'd be impossible to hide the traffic. A double agent could maybe feasibly steal keys from Google, but they'd have to do that all the time because the keys are constantly rotated. And even then, stealing keys does not give you passive decryption and active decryption would be incredibly noisy. NSA does not have enough money to spend to be able to incentivize Google to give them full take intercepts either. | | |
| ▲ | tehjoker a day ago | parent [-] | | I think you are not being creative enough with how one might attempt this. For example, splice the cables leading to the datacenter, put an inconspicuous chip in the servers that intercepts the keys and feeds them via wireless signals to a collection point. Perhaps you could even do something clever like put very short range EMF into a metal co-location rack and collect the signals almost totally invisibly using a mesh network of devices built into the metal. There's lots of fun tricks you can think of when you have national resources at your disposal. However, you are forgetting that NSA works for Google. It works to support the promotion of American companies worldwide. They're on the same team, and Google knows that. They even have the same mission: To usefully organize the world's information! Now that Google is openly a military contractor, it's even easier to make this click. Back in the day, you had to read things like this Julian Assuage piece to understand this: https://wikileaks.org/google-is-not-what-it-seems/ | | |
| ▲ | monerozcash a day ago | parent [-] | | If we were to accept that the NSA works for Google, there's even less reason to believe that Google would grant NSA full take access to plaintext content. Google has a lot to lose by doing so, and not all that much to gain. Google has also been a leading force in pushing for broader use of encryption on the internet, making the NSAs work significantly more difficult even in a hypothetical scenario where Google is happy to give them anything they want. |
|
|
|
