Yahoo's security boss faces down NSA director over crypto ban


#1

Originally published at: http://boingboing.net/2015/02/24/yahoos-security-boss-faces-d.html


#2

What does this even mean? Is this a Freudian slip where the first part — I think that we’re lying — actually reveals what he’s really thinking while trying to say something about technical feasibility?


#3

MR: I’ve got a lot of world-class cryptographers at the National Security Agency."

[…whose jobs depend on telling me what I want to hear.]


#4

At this stage, how many people do they think give a toss about what the NSA wants? Does the NSA have any credibility left?


#5

Yes!

This is something that the US Government has shamefully fought in another form, years before, with the clipper chip and related fiascos all which aimed to substantially weaken crypto. Thankfully, they failed and we are able to have had relatively safe ecommerce. And a thriving e-economy in general.

The NSA its’ self, much less the US Government has its’ two hands working against each other: on one hand, they want security holes in all major products shipped overseas or which have overseas customers… and on the other hand they are tasked with many aspects of national internet security.

Not so much unlike the FBI who is tasked with many enforcement areas of internet security, and yet onshore wants as many products as they can get to have security holes in them so they can have backdoors on American citizens if they can get them.

The smart path: stop the double dealing and get committed to defense. Offense can be handled creatively. Advertising the fact that you want to compromise all US products is its’ self, on the face of it? Stupid. Stupid from a spy professionalism angle, stupid from a law enforcement angle, and stupid from an angle of speaking as a representative of the nation to the world.

All of this just mentions what people see. What do they not see? Do you seriously think the NSA and FBI do not do all they can to backdoor as many American (and foreign) products as they can? Of course they do. They are hacking crazy, reminds me of Hoover or Stalin’s KGB. It is disgraceful.


#6

Would it bother you, Mike, if told you that I am not letting you leave this room until you can answer the question in some practical detail? It’s easy to laugh when somebody asks an awkward question, but perhaps not so easy when they are willing to force you to answer it. Joke’s on you.


#7

Unfortunately, the NSA has a ton of power. So that is credibility for them. The FBI is also making this call, as they are tasked with onshore listening. They also have credibility and power. One of the main reasons they have so much power however is simply by money: the US Government is a major customer for so many core companies involved in this. For the people involved this can mean work, clients, won deals, prestige, and outright money handed over. Both organizations can be involved in operations which are legitimate in all sorts of US companies and kept secret but to some higher ups. Neither organization is beyond using such activities as cover for compromising the security of those companies.


#8

Sure, but even these companies in question represent a minority when compared against the population at large. Why would the average person credit them with a decision like this and say: “Ok, I’m not going to lock my house anymore.” It doesn’t seem like much of a leap that most people might tell them to get stuffed.


#9

Missed that the first time around.

Its actually a pasive aggressive way of saying that everybody’s lying and by acknowleding the lie he’s positioning himself as the most honest person in the room.

Typical weasel words.


#10

right, so the gist here is the NSA wants to make our privacy illegal.


#11

“Yahoo’s security boss faces down NSA director over crypto ban,” and gets no where.

Political theater.


#12

That is credibility to them. Your agreement may be required by statute, but they have only the power we give them.

So I applaud this guy from Yahoo, for not giving the NSA the power to set the terms of the debate and tell Yahoo or me what my business IS.

Powerful people don’t snoop. Weak frightened people snoop.


#13

Spot on. We are dressed like people who want to be snooped on. We’re basically begging for it with our free will and free speech showing like that. We’re just not responsible enough to manage it without a guiding hand, obviously.


#14

What this really calls for is… a big brother.

Ever wonder how many in the NSA are firstborn males? I do.


#15

The part that kills me is, like with so many other things, the decision-makers are likely to say, “consequences be damned! I need this yesterday!”

One of these days, somebody not-American is going to set loose a really nasty virus that works because of a government-mandated back door. Only when we’re more afraid of those foreigners than of our own criminals, only then will the US realize the importance of security on every computer. It’s kind of like herd immunity, isn’t it?

Now, picture somebody at Fort Dietrich saying, “we can’t vaccinate everybody! What if we need to give one of them polio?”


#16

People doing police investigations need to snoop. Where we’ve gone off track is making snooping an everyday, full time occupation.


#17

Yeah US companies like Yahoo, MS and Google trying to look like the good guys fighting for their customers rights.

Too bad that they’re doing that only since the very first Snowden leaks (PRISM) uncovered that they were silently collaborating with the NSA. Only after the leaks they started ramping up their opposition. Sadly the (US) public has a short-term memory up to 3 days or until Kim Kardashians next booty shots.
It’s still PR crisis management to rescue their international markets.


#18

I would like to think so, though unfortunately, all through this Snowden debacle I have heard one thing from the comp sec community and technical community… and something quite else from the American people. I am hoping that the Snowden documentary might help here. But there needs to be more.

I have tried to understand this, and come to the conclusion that… for one thing, they do not want to believe that their government is possibly working against the best benefit of the country. They probably have little to no information on how secret surveillance has been used by governments in the past against their own people.

One concern in this I have is that Hoover used secret surveillance against the American people for decades, and the American people still have not heard much of that story. He wiretapped, for decades, the House and Senate and extorted Presidents. Until the FBI breakin, there was no leaks. There was even a relatively mainstream movie out on Hoover recently by Eastwood which did not even begin to touch any of this subject.

No (effectively) punishment over those decades of serious crimes at all.

And I doubt the general American public knows much of anything about secret surveillance as used by the Stasi or KGB, and “why it is bad”.

The catch all “it is for the war of terror” as stupidly transparent as it is, seems to work.


#19

I applaud the Yahoo guy, as well, and have been delighted at their moves. He seems sincere, and not merely a liar, as some of these other companies involved with Prism clearly were.

I do not consider the NSA powerful literally, but relatively speaking. In fact, I do not believe they will be able to continue their natural course which they are taking because of much larger “economic” and “social” reasons which will stop their course as a bug is swatted by a flyswatter. But, if that were not the case, then, yes, they would have the power to continue the efforts with the FBI in making sure every American is spied on and that for every manner of purpose including political policing and political and monetary profit.

In context of the American people, they would be likely to be waylaid by the propaganda and be inactive against any measurable threats to their own rights as they were before in so many other cases. Horribly cynical, but probably true, and is true so far.

Secret surveillance started in this country at high levels and against politicians, to control them, and under the auspices of very, very loose and transparent patriotic jargon, like “against Communism”. This was not remembered nor learned. Lessons unlearned tend to be repeated.

I do think public debate matters, and encourage advocacy and education. But there are grim truths about all of this.


#20

This topic was automatically closed after 5 days. New replies are no longer allowed.