Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
NSA Prism: Inside The Modern Surveillance State
Newest First  |  Oldest First  |  Threaded View
pwndecaf
50%
50%
pwndecaf,
User Rank: Apprentice
7/18/2013 | 7:21:59 PM
re: NSA Prism: Inside The Modern Surveillance State
The US incarcerates its population to a much greater percentage than anywhere else in the world. God forbid you be a person of color.
timallard
50%
50%
timallard,
User Rank: Apprentice
6/13/2013 | 12:57:13 PM
re: NSA Prism: Inside The Modern Surveillance State
While I assume most of this is being done for corporate spying internationally to aid USA companies it's a gross violation of the 4th Amendment, so, they need to get the secret agenda's done some other way, and forced to use warrants on individuals.
The whole concept of warrantless searching without a cause is so bogus based on fishing for "terrorists", give me a break, my take is that the hyenas need to get pulled off the carcass of "democracy" before it's long gone.
gavgavgav
50%
50%
gavgavgav,
User Rank: Apprentice
6/11/2013 | 6:09:26 PM
re: NSA Prism: Inside The Modern Surveillance State
To Andrew's comment, everyone draws the line in a slightly different place in the sand with regards to the balance between privacy and security -- but the issue so many people (both Americans and the international community) are struggling with is how much of their own data needs to be harvested in order for a government to keep its people safer. There are a lot of unanswered questions that go far beyond the initial NSA answer of, "Hey, we can't tell you everything but you're safer because of this."

1) Could the attacks partly or completely detected and thwarted by the PRISM system have been prevented by more targeted surveillance techniques?

2) Even if you believe what is happening now is right and good, how is the data collected by the NSA stored and protected from misuse by future administrations? What is the retention policy on all that?

3) Does the wide sweeping nature of this data-gathering tactic weaken the US's role in the world of being an upholder of democracy, human rights, privacy and those kinds of issues that are so often labelled as violations when seen as absent in other countries?

4) Does the revealed lack of privacy in US-based systems weaken American companies abilities to conduct business and be trusted in the wider world, whether they are choosing to be a part of this surveillance or not?

5) Where do we stand ethically and morally with regards to collecting (even if not necessarily analyzing) so much data about people totally unconnected with "terrorism", crime or other activities that the US government would normally have to identify ahead of time in order to become engaged with said people?

To me, this all boils down to the reason why the US Constitution's 4th Amendment was written the way it was, and also why -- when you read that very amendment -- the current activity of the NSA seems so flagrantly in abuse of it.

This is why people the world over need to be protesting this, even given the US government's assurances of increased safety.

Gavin Landless, CISSP, SSCP, CEH
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
6/11/2013 | 2:54:46 AM
re: NSA Prism: Inside The Modern Surveillance State
Not that I know all of the details here, but I do have to wonder if Mr. Snowden has ever heard of both Echelon and Carnivore. Prism would seem to be the direct evolution of the Carnivore program.

For people coming to this topic without any background on what the NSA really does, of course it's going to be shocking. The sheer amount of data (and more importantly, meta-data), the ability to track people based on their network usage and mobile device information... it's mind-blowing, if you didn't know it was a capability that has existed for nearly two decades, if not longer.

If you want to do a little reading on the subject, take a look at how the Secret Service uses information collected from the PRISM program - see if you can find a copy of Privacy Impact Assessment Update for the PRISM-ID dated 10 November 2010.

As to the tools preventing acts of terrorism - I would believe that and I sincerely appreciate that. Having had the building across the street from my office (which happens to be the Federal Reserve Bank of New York) threatened with a bombing last October, the collection of SIGINT (as those in the community call it) to find someone that was working on doing that and then stopping them is much appreciated. Aside from the possible loss of life and ensured damage to the surrounding buildings, it would have made my commute a living hell.

I think the overall issue with the release of the information surrounding PRISM coming on the heels of the issues with the IRS contributes to a level of delirium. Can you trust a government that is going not going to act in a non-partisan way but instead be used as a tool (or weapon) for the political ends of those in power? I would say not. Can you trust an administration that promises transparency but delivers something about as opaque as a Mason jar full of white paint? I would say not, yet again.

As far as the data security side of this program, big data requires... well, just that... big data. In order to find some patterns, a lot of data and a lot of analysis is required. After all, tracking down the faintest voice in the wilderness may be crucial in preventing the next major incident.

I also think that this sort of "discovery" begs the question, should the employees, contractors and the associates of the NSA be held to a higher moral standard? And my feeling is that yes, indeed they should. But, have you ever looked at something along the lines of an SF-86 or considered the process for getting a level of clearance required to get access to the data collected by PRISM? I could be wrong, but my assumption is that not everyone at the NSA has access to that data...

Andrew Hornback
InformationWeek Contributor
D. Henschen
50%
50%
D. Henschen,
User Rank: Apprentice
6/10/2013 | 8:55:37 PM
re: NSA Prism: Inside The Modern Surveillance State
A government insider we know says "the semantic and visual analytics tools weGve developed have reportedly been successful in preventing multiple acts of terrorism." Does this change your thinking on whether the government should be trusted? Seems to boil down to the desire for some curbs and assurances rather than a blank check to snoop at will.


Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8813
PUBLISHED: 2020-02-22
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2020-9039
PUBLISHED: 2020-02-22
Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).
CVE-2020-8860
PUBLISHED: 2020-02-22
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. T...
CVE-2020-8861
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue ...
CVE-2020-8862
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the ...