Bruce Schneier Discusses the NSA Documents | MIT Technology Review
Jared Sperli stashed this in security
The NSA mission is national security. How is the snooping really affecting the average person?
The NSA’s actions are making us all less safe. They’re not just spying on the bad guys, they’re deliberately weakening Internet security for everyone—including the good guys. It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create. Additionally, by eavesdropping on all Americans, they’re building the technical infrastructure for a police state.
We’re not there yet, but already we’ve learned that both the DEA and the IRS use NSA surveillance data in prosecutions and then lie about it in court. Power without accountability or oversight is dangerous to society at a very fundamental level.
But what sorts of access, to what products, has been requested and given? What crypto is, and isn’t, backdoored or otherwise subverted? What has, and hasn’t, been fixed?
Near as I can tell, the answer on what has been requested is everything: deliberate weakenings of encryption algorithms, deliberate weakenings of random number generations, copies of master keys, encryption of the session key with an NSA-specific key … everything.
NSA surveillance is robust. I have no inside knowledge of which products are subverted, and which are not. That’s probably the most frustrating thing. We have no choice but to mistrust everything. And we have no way of knowing if we’ve fixed anything.
Great. So you’ve recently suggested five tips for how people can make it much harder, if not impossible, to get snooped. These include using various encryption technologies and location-obscuring methods. Is that the solution?
My five tips suck. They are not things the average person can use. One of them is to use PGP [a data-encryption program]. But my mother can’t use PGP. Maybe some people who read your publication will use my tips, but most people won’t.
Basically, the average user is screwed. You can’t say “Don’t use Google”—that’s a useless piece of advice. Or “Don’t use Facebook,” because then you don’t talk to your friends, you don’t get invited to parties, you don’t get laid. It’s like libertarians saying “Don’t use credit cards”; it just doesn’t work in the real world.
The Internet has become essential to our lives, and it has been subverted into a gigantic surveillance platform. The solutions have to be political. The best advice for the average person is to agitate for political change.