120 likes | 211 Views
Highlights from Making Sense of Snowden, Part II: What’s Significant in the NSA Revelations. Susan Landau IEEE Security & Privacy January/February 2014. IS 376 October 2, 2014. Snowden’s Arsenal: USB Flash Drive. Mass Storage Controller
E N D
Highlights from Making Sense of Snowden, Part II: What’s Significant in the NSA Revelations Susan Landau IEEE Security & Privacy January/February 2014 IS 376 October 2, 2014
Snowden’s Arsenal: USB Flash Drive Mass Storage Controller Communicates with host computer and retrieves data from memory USB Connector Universal Serial Bus plug with two wires for power and two for data Flash Memory Chip 1-256GB of data storage Light Emitting Diode Solid when on; flickering when accessing files Crystal Oscillator Generates 12MHz clock signal IS 376 October 2, 2014 Page 2 Making Sense From Snowden II
National “Security?” Agency The NSA used Microsoft SharePoint to share information with other agencies, document management software that is famous for its ease-of-use as well as its lack of verification and security enforcement. Part of Snowden’s job was to transfer large amounts of classified data between NSA computer systems, which he easily copied onto a USB memory stick and smuggled out of the NSA, with no passing through a metal detector at the exit. As a system administrator, Snowden had passwords that allowed him to get around what security measures the NSA had in place. • “If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.” • Richard Clarke • White House Cybersecurity Adviser IS 376 October 2, 2014 Page 3 Making Sense From Snowden II
Barack Obama On Edward Snowden January 17, 2014 “Our nation’s defense depends in part on the fidelity of those entrusted with our nation’s secrets. If any individual who objects to government policy can take it in their own hands to publicly disclose classified information, then we will not be able to keep our people safe, or conduct foreign policy.” “The task before us now is greater than simply repairing the damage done to our operations; or preventing more disclosures from taking place in the future. Instead, we have to make some important decisions about how to protect ourselves and sustain our leadership in the world, while upholding the civil liberties and privacy protections that our ideals -- and our Constitution -- require.” “Intelligence agencies cannot function without secrecy, which makes their work less subject to public debate. Yet there is an inevitable bias not only within the intelligence community, but among all who are responsible for national security, to collect more information about the world, not less. So in the absence of institutional requirements for regular debate -- and oversight that is public, as well as private -- the danger of government overreach becomes more acute.” IS 376 October 2, 2014 Page 4 Making Sense From Snowden II
Hillary Clinton’s Take July 4, 2014 “If he wishes to return knowing he would be held accountable and also able to present a defense, that is his decision to make.” “In any case that I'm aware of as a former lawyer, he has a right to mount a defense. And he certainly has a right to launch both a legal defense and a public defense, which can of course affect the legal defense.” “Whether he chooses to return or not is up to him. He certainly can stay in Russia, apparently under Putin's protection, for the rest of his life if that's what he chooses. But if he is serious about engaging in the debate then he could take the opportunity to come back and have that debate. But that's his decision.” April 25, 2014 “When he emerged and when he absconded with all that material, I was puzzled, because we have all these protections for whistleblowers. If he were concerned and wanted to be part of the American debate, he could have been. But it struck me as—I just have to be honest with you—as sort of odd that he would flee to China, because Hong Kong is controlled by China, and that he would then go to Russia, two countries with which we have very difficult cyber-relationships, to put it mildly.” "I think turning over a lot of that material—intentionally or unintentionally, because of the way it can be drained—gave all kinds of information, not only to big countries, but to networks and terrorist groups and the like.” “I have a hard time thinking that somebody who is a champion of privacy and liberty has taken refuge in Russia under Putin's authority.” August 29, 2014 “We need to make it clear to other countries that our technology companies are not part of our government.” IS 376 October 2, 2014 Page 5 Making Sense From Snowden II
Bill Clinton Weighs In April 9, 2014 “Mr. Snowden has been sort of an imperfect messenger from my point of view for what we need to be talking about here, but the Snowden case has raised all of these questions about whether we can use technology to protect the national security without destroying the liberty, which includes the right to privacy, of basically innocent bystanders.” “We cannot change the character of our country or compromise the future of our people by creating a national security state which takes away the liberty and privacy we propose to advance.” “If what we need to know is patterns of communication between known terrorists in other parts of world with people in otherwise peaceful parts of the world including the United States, there has to be the way to design these systems and pay a little more money to do it so that we don't kill the goose that laid the golden egg.” November 18, 2013 “The question is when, if ever, is the government justified in going beyond the patterns to listen to telephone calls, read emails, read text messages, and who’s supposed to decide that? Mr. Snowden obviously thought that it was excessive.” “I think the US and China and everybody else, we’re going to have to be more upfront with each other and probably with our own people about what it is we’re looking for and listening to.” IS 376 October 2, 2014 Page 6 Making Sense From Snowden II
Vladimir Putin’s Perspective April 9, 2014 “Well, you know, with regards to Mr. Snowden I said many times we do not have any direct relations to this problem. He turned up on our territory because of non-professional actions of the Americans themselves who tried to catch him.” “You know I used to work in special services why should… why did they scare the entire world? They… downed the planes with Presidents onboard and the plane with Snowden onboard. They could down anywhere. So he arrives in our transit zone and then it turned out that nobody is going to accept him. That's the problem. If they didn't scare anyone, I mean the American special services, he would fly to some other country, he would be downed in some other countries. And he would be sitting in jail some place. But they scared everyone.” “He stayed in our transit zone and what are we to do in that situation? Russia is not a country that is… ready to extradite fighters for human rights… Mr. Snowden considers that he is a champion of human rights. He built his life around it. He is a young man. I don't know how he is going to live further. I am not trying to joke. How is he going to live further? He is sitting in Russia now. But he has chosen his fate himself.” “We given… we gave him a refugee. He is not our agent. He didn't give us any secrets. We gave him a refuge, but he didn't tell us anything. He tells us something when he wants to publish something – as far as … is concerned, this is of vital importance for us.” IS 376 October 2, 2014 Page 7 Making Sense From Snowden II
Public Opinion Polls: Partisanship IS 376 October 2, 2014 Page 8 Making Sense From Snowden II
Public Opinion Polls: Privacy IS 376 October 2, 2014 Page 9 Making Sense From Snowden II
Public Opinion Polls: Civil Liberties IS 376 October 2, 2014 Page 10 Making Sense From Snowden II
USA FREEDOM Act Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-Collection, and Online Monitoring Act End Bulk Metadata Collection Tighten the Patriot Act to place greater burden on intelligence agencies to show a FISA court judge that their target is thought to be an agent of a foreign power, is engaged in activity that is the subject of an investigation, or is in contact with an agent of a foreign power. Greater Transparency Allow Internet and telephone companies that received FISA court orders to report the number of FISA orders and national security letters complied with, and the number of users on whom information was demanded. Foreign Loopholes Amend the Foreign Intelligence Surveillance Act to prevent intelligence agencies from “reverse targeting” that may allow them to intercept email and Internet communications of Americans. Disclosure Require the Attorney General to publicly disclose decisions by FISA courts that contain a significant interpretation of law in order to end “secret laws” being made behind closed doors by the FISA courts and the intelligence community. Privacy Advocate Create an office of special advocate within the FISA court with standing to appear to represent the public and privacy concerns, with the power to appeal FISA court decisions. Other Loopholes Amend FISA provisions to make sure the government does not just rebuild its metadata dragnet using different authorities. The House of Representatives passed a watered-down version in May 2014. IS 376 October 2, 2014 Page 11 Making Sense From Snowden II