To supplement and amend what I said: These are the KINDS of things we want the NSA to do; however, the institutional oversight necessary to make sure it's Constitutional, warranted, and kept "in bounds" is woefully lacking (if any exists at all). Even FISA is unsatisfactory. At any rate, I agree that the current disposition of the NSA (or, at least, what's been leaking the last few months) is simply unacceptable and cannot be allowed. I say that last part from the perspective of a US citizen, though I'd imagine most people of other nationalities would agree with me, but probably for different reasons. On Mon, Dec 30, 2013 at 11:08 PM, Jimmy Hess <mysidia@gmail.com> wrote:
On Mon, Dec 30, 2013 at 10:41 PM, Blair Trosper <blair.trosper@gmail.com>wrote:
I'm torn on this. On one hand, it seems sinister. On the other, it's not only what the NSA is tasked with doing, but it's what you'd EXPECT them to be doing in the role as the NSA.
[snip]
The NSA's role is not supposed to include subterfuge and undermining the integrity or security of domestic enterprise infrastructure
With any luck, we'll hopefully find absolutely nothing, or that it was "targetted" backdooring against specific targets only.
And people have a need to know that the security agencies haven't left a trail of artificially inserted bugs and backdoors in common IT equipment providing critical infrastructures services, and that the agencies haven't prepared a collection of instant-root 0days, that are no more protected then the agencies' other poorly guarded "secrets".
There would be a risk that any 'backdoors' are ready to be exploited by other unintended nefarious actors! Because the NSA are apparently great at prepping the flammables and setting fires, but totally incapable of keeping the fires contained, once they (or someone else) lights it.
It is not the least bit necessary for the NSA itself to be a nefarious actor exploiting things or even complicit; for the mere presence of any backdoor or surreptitious code to eventually have the potential for serious damage.
It could well be a rogue ex-employee of the NSA, such as Snowden, or others, that happened to be aware of technical details, hackers, or members of a foreign nation state, who will just happen to have the time and energy to track down open doors waiting for the taking, AND figure out how to abuse them for evil purposes.
There are enough potential 0day risks, without intentional ones, waiting for bad guys to co-opt!
-- -JH