"Cowardly" Groklaw, Lavabit, and Silent Circle

Originally posted by Dreine
As for Snowden, he had VAST amounts of access due to his job responsibilities as a system administrator. He worked across numerous programs at differing levels of security clearance, hence why he was allowed to have a thumbdrive and take it out of the building. As an analyst, I only had access to the databases and systems that was needed for me to perform the mission.

I wonder: are Americans really THIS stupid - or are they just amazingly sloppy? Incompetent?

When I read about Snowden, and now while reading your post, it reminds me of 9/11. When I saw those towers fall, when I saw the 'strike' on the Pentagon - I could not help but wonder: how can this be? I mean: America, for gawds sake - the most powerful country in the world, with billions and billions of dollars to spend on defense, the country with he tightest air defense system. And yet, they manage to demonstrate utter incompetence. Even when they were fully aware of being attacked, they still could not manage to prevent even ONE attack.

Now, the very same feeling strikes again: why on earth did Americans allow a sysadmin like Snowden access to that much classified data? He was a rookie that had already changed his job multiple times during that short period. As a security manager I would not have allowed him to come anywhere near a trusted system, given his track record. And no offence, but how come that you, presumably part of similar (American) intelligence programs find it acceptable and believable that a sysadmin like Snowden should be allowed to take out data on a thumbdrive? I shook my head in amazement when I read that - even on moderately secure sites such behaviour is strictly forbidden.

Any even moderately secure systems are configured such that it is actually impossible for the sysadmin to see data he is not allowed to see. He may have access to some confidential data, necessary to perform his duties, but that does NOT mean he can see ANY confidential data. Less secure systems employ the concept of a 'superuser' and in such cases the sysadmin can pretty much do what he wants. But on secure systems there is no such thing as a 'superuser'. Access to data is strictly limited to only those with clearance, and any tasks that might endanger confidential data will always need to be done by at least two administrators: one that does the task, the other to check and confirm what is done. Invariably a very strict procedure is involved, and all is under very strict change control. In many cases, apart from the sysadmins, the responsible manager is also required to log in and needs to grant permission first to perform the task - even if the sysadmins would conspire, they can't do anything without his permission. Additionally, in secure enviroments it is fairly common to log each an every keystroke and to capture screen images of what is being done and there are internal auditors to check these captures and screen captures.

If the NSA etc. really do use crappy computers and crappy operating systems, allow rookies to work on confidential data and even take it out on thumbdrives for a walk, if they do not follow procedures and never check on each other at all, I don't know why they think they should be allowed to be entitled to see our confidential data.

As a matter of fact, were I an American, I would complain loudly about the inherent incompetence of my Government. I would point out to Court that I have demonstrably taken every possible precaution to keep my data sufficiently secure and confidential, but that due to secret legislation a bunch of nincompoops now can demand access to my data too. They are demonstrably NOT able to take care of it. Hence, chances are that my enemies will have access to my data and hence I demand that you forbid these morons access to our data, your honour

reply to post by whyamIhere

You say they are not bad people...You say they are fighting the good fight.

Yet, on a daily basis they are violating all of our rights and they know it.

For what?...A paycheck? These people are a disgrace. The are willingly compliant.

I hope they will all be looking for a new career soon.

*No offense personally. Thanks for speaking out. This entire matter needs sunshine.

except all the people with principals will leave,
leaving only those without principals running the show.

you can see the same thing with law enforcement, anyone not acting like everyone else,
gets pushed out.

xp

reply to post by ForteanOrg


Believe me, I NEVER liked the idea of letting anyone leave a SCIF with a thumbdrive, regardless of their rank/paygrade/job requirements. Before the Snowden leak, I never would have believed they would let someone get away with it. There are sensors in place to detect that sort of thing, which almost leads me to think that he had an accomplice in security. But that's another matter.

From what I have heard, the NSA is now moving everything to a cloud infrastructure and reducing the amount of systems administrators by something like 90%. This will further consolidate key holders and make the system far more secure.

reply to post by Dreine


Someone still has to manage all of those cloud servers.
And the servers that live in those clouds.
Can't get rid of that many systems admins.

reply to post by grey580


Yeah, I thought that number sounded unusually high. But I'm just an intel/cyber analyst, so as far as system adminstrator's go, I have no clue how many they'll need to take everything to the cloud.

reply to post by ShadellacZumbrum


Oh there on here for sure. Anyone else ever get a private message from someone you don't recognize, about a topic or a post from months or YEARS ago?

As if it's not obvious that the sender was going back through my post history. *stretch & yawn*.

Things to think about.

Originally posted by Dreine
reply to post by ForteanOrg

 

Believe me, I NEVER liked the idea of letting anyone leave a SCIF with a thumbdrive, regardless of their rank/paygrade/job requirements. Before the Snowden leak, I never would have believed they would let someone get away with it. There are sensors in place to detect that sort of thing, which almost leads me to think that he had an accomplice in security. But that's another matter.

Hence, like with 9/11, one is left with the distinct feeling that this is done intentionally. However, I fail to see why.

From what I have heard, the NSA is now moving everything to a cloud infrastructure and reducing the amount of systems administrators by something like 90%. This will further consolidate key holders and make the system far more secure.

And give individual key holders far more access. Conspiring becomes EASIER. Also, cloud computers are simply computers too and though you can automate a lot of administrative tasks, somebody has to manage the management software. So instead of having 1000 "snowdens" with limited access to data, you'd end up with 100 'ubersnowdens' who have access to the software that has access to anything.

I maintain my position: maybe the Americans should take this to Court. It is demonstrable that large parts of the American government are incapable of handling confidential data, yet they insist on access to all of it. This opens up possibilities for any enemy to access American private data far more easy than it used to be before.

Wait a minute.. dare I say this.. has an enemy already taken over the American government and is that enemy now involved in actions that help it to suppress the American public? Think of it: due to 9/11, the actions of Snowden etc. a very small fraction of people will be able to control EVERY piece of data .. in effect control all of us on the Internet! what if that small fraction of people is not human, or at least not American?

Perhaps parts of our government are still on our side and now try to draw our attention to this, but they can't do so directly - hence the set up situations that are clearly too unbelievable to be true: steel buildings collapse into dust, the pentagon is hit, folks that work on highly confidential sites leak information by the Terabyte.. is a fraction of the government trying to convey a message here?

I am guessing the OS they are using is probably Windows. In any Unix variants ( Mac OS X, Linux, BSD, Unix etc) , even a simple user id restricted by default to any other user's data, unless you have root access.

There was a story few years ago about Russia demanding Source code for windows. Putin is smart, and knew this all along, and must be telling his american counter parts, how incompetent they are.

Microsoft turns over all Win7 and server source code to Russia's new KGB

Again, i never believed the official version of 9/11 either. Thats why I think we may have the most advanced technologies in the world, but in real world, Russian's old systems will do a better job. I always wondered if Russia would have allowed something like 911 happen (the way official version explained to us).

Originally posted by XPLodER
reply to post by whyamIhere

 

You say they are not bad people...You say they are fighting the good fight.

Yet, on a daily basis they are violating all of our rights and they know it.

For what?...A paycheck? These people are a disgrace. The are willingly compliant.

I hope they will all be looking for a new career soon.

*No offense personally. Thanks for speaking out. This entire matter needs sunshine.

except all the people with principals will leave,
leaving only those without principals running the show.

you can see the same thing with law enforcement, anyone not acting like everyone else,
gets pushed out.

xp

They can't leave quick enough for me.

I can not distinguish the difference. Just because a nice guy is violating my rights.

Does not make me feel any better...They are modern day cowards.

reply to post by whyamIhere


And if they were to quit because they disagreed with what may be going on, then who would remain? Would you prefer to have individuals still within the agency with a decent moral compass or would you prefer them all to exit stage right and leave it to those who may not care what they are asked to do? If I were in the same position, I'd be loathe to budge from the position because there would be no guarantee as to what my replacement would do. Sometimes, all one can do is to hold out for hope that things will change and that the system rights itself.

Originally posted by SkepticOverlord
WE MUST toss aside the petty partisan wars that are merely a tactic in the grand Con Job being perpetuated on the American people and the world. There are no more liberals, there are no more conservatives, there are no more libertarians, and there are no more socialists. There are only those who are classified as potential enemies by the U.S. Government -- all of us.

I could not agree more with your entire post, but particularly the above quoted portion. It is very unfortunate that such a large number of threads on ATS are devoted to this mindless endeavor.

In all honestly, America - when the # are you finally going to do something? Not occupy, not Tea Party - BUT REALLY DO SOMETHING. Your government is no longer of the people, it is run in the shadows by corporations....and they are trying to grind the entire world under their feet.

This goes way beyond Republican this and Democrat that.....do you realize how little time is left before you will be sitting there going WTF just happened.

I've seen comments back and forth about this issue and how should we deal with it.

There are only 3 ways you can deal with this overall encompassing issue;
1. ) Stand up and fight back - March to your capital and demand the resignation of your president and his cabinet, along with all those believe to be corrupt and in power.
- Install then via democracy vote, those you want in power. Install vote verification systems to ensure those you vote for get the votes. Install a form of protection in your Governing documents that allow for Performance Reviews of your elected officials on a basis that suits (6 months, 12 months) et c. With the end result being if the elect don't do as promised, then they are booted - pure and simple.

2. ) Peacefully resist by making it as hard as possible for them to spy on you.
- Support Project Meshnet. Install and Run your own SSL, Encrypted Email and File servers.
- Stop paying taxes.

3. ) Roll over and die?

When the government is up to something they don't want us to know about, the mainstream media won't touch disclosures about it with a 10-foot pole. On the other hand, when the government wants to make a point the MSM is broadcasting the government's point 24/7.

Which is the MSM doing with the Snowden disclosures? Right. Covering it 24/7. The government, through the MSM, wants us to know exactly what it is doing. Or, at least, make us think we know what it's doing.

The Snowden business is a huge psyop. The goal is self-censorship. It's working.

reply to post by Detergent


That was like some video I watched a while back explaining why Wikileak's is a Psyop run by the US Government.
And gave good credible reasons to suspect Snowden as the same.

Basically it came down to how Wikileak's setup to oust all the US wrong doing and those are what the cables first showed. But then the leaked cables started being about other countries to garner US citizen support for attack on those counties.
In ending, the video says to watch closely, because Snowden's leaks will become less about US issues, and more about other countries issues and misdoings.

I would like to personally thank you, Skepticoverlord. As a site owner, I appreciate the fact that you use your own venue to bring to light the misdeeds of our current government in the country you operate from. It takes balls to do that and when you have a site like ATS and government like we do, it is almost duty and one that you are obviously up too. I appreciate your service, to the members, and the United States.

Originally posted by WhiteAlice
reply to post by whyamIhere

 

And if they were to quit because they disagreed with what may be going on, then who would remain? Would you prefer to have individuals still within the agency with a decent moral compass or would you prefer them all to exit stage right and leave it to those who may not care what they are asked to do? If I were in the same position, I'd be loathe to budge from the position because there would be no guarantee as to what my replacement would do. Sometimes, all one can do is to hold out for hope that things will change and that the system rights itself.

I want the program ended.

I want the agency de-funded.

I want the traitors that lied to Congress brought up on charges.

I want my 4th Amendment right back.

I want my government to respect the principles it was founded on.

I want my relatives who gave the ultimate sacrifice for this nation, to be respected.

I could go on but you get my drift...

actually especially in the case of lavabit they did the absolute best thing they could have done in their situation. They knew the wolves were at their door so they did the one thing they could LEGALLY do to GUARANTEE their clients' data security.

They shuttered the business and hopefully ran at least a ten times overwrite on every single platter in every single hard drive in every single server they have.

As of right now there is NOT YET legislation requiring email providers to maintain copies of all client data for X period of time. So they quite literally shuttered a successful business in the pursuit of providing the service they set about to provide!

Quite frankly the level of integrity it takes to do that is so far beyond what it takes to keep running until the wheels fall off and the feds are at the data center with signed and sealed warrants. At which point you have the choice of failing at least some of your clients and destroying what data you can on the fly. Or you go to prison in one last act of "defiance" making sure your PR team has the media out front for a perp walk and your legal team has a well written and properly tear jerking yet fight the poweresque statement ready to go. At which point you do your 5 to 15 in a federal lockup and collect a 15 million dollar advance on your book deal the day you get paroled. I mean your clients get screwed but THINK ABOUT IT.... YOU are set for LIFE!!

At this point refusing to participate in the farce sends a much stronger message than any amount of grand gestures, ineffectual rants, Epetitions, or "grassroots movements"!

If we want to stop this juggernaut we have only ONE effective tool left in our toolbox.

We MUST STOP!

We've got to stop writing code that they can exploit!

We've got to stop buying the products that generate the tax revenues!

We've got to stop directly and indirectly doing ANYTHING to enable these psychotic abusive freaks who have inveigled their way into the highest seats of power, and even worse, into the bureaucracies that now underpin and to a certain extent really RUN western nations at this point.

So NO they're not cowards... not in the slightest... They're just not naive enough, avaricious enough, or duplicitous enough to keep on pretending like they can keep going on with business as usual. They've realized that until enough people make a conscious choice and say NO we won't let you do this, we won't let you shut down the final open and free vista in every day life! There really is just plain no point in continuing to go on.

reply to post by roguetechie


While I like your overall sentiment... Your final sentence betrays you.

You did exactly what they wanted you to do... Remove your slightly annoying free secure service that they can't crack yet from proceeding forth.

You fell right into their playbook by trying to be defiant.

It was a win win situation for them.

The best thing he can do now is go and spread the information on how people can setup their own secure email servers.
Decentralize the whole thing and make it P2P. That is the only way you will get passed the Government tendrils.

Originally posted by Sovaka
I've seen comments back and forth about this issue and how should we deal with it.

There are only 3 ways you can deal with this overall encompassing issue;
1. ) Stand up and fight back - March to your capital and demand the resignation of your president and his cabinet, along with all those believe to be corrupt and in power.
- Install then via democracy vote, those you want in power. Install vote verification systems to ensure those you vote for get the votes. Install a form of protection in your Governing documents that allow for Performance Reviews of your elected officials on a basis that suits (6 months, 12 months) et c. With the end result being if the elect don't do as promised, then they are booted - pure and simple.

2. ) Peacefully resist by making it as hard as possible for them to spy on you.
- Support Project Meshnet. Install and Run your own SSL, Encrypted Email and File servers.
- Stop paying taxes.

3. ) Roll over and die?

Our government is more corrupt than you recognize. We cannot have vote verification systems, infact we have absolute proof our voting machines can be hacked in elections (without those at a local level ever knowing about it), and there's strong evidence they were hacked in 2004. The only way we can change this is an act of congress, but the very people peddling the insecure voting machines are paying members of congress to vote to continue using them.

Performance reviews again won't happen and infact would never have a positive outcome. In a two (one) party system that has the media in it's pocket there's a very strong push to always make everyone unhappy with government. It's quite a mainstream idea to "throw the bums out", and is parroted in almost every media outlet. No politician would ever accept performance reviews. They can win with 2% approval, but a review that actually kicks them out for low approval? They would never pass it. Again, you have to recognize that those in charge of writing the rules for congress are congress itself. They'll never write something that makes life harder for them or results in them getting less money.