Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
NSA Prism: Inside The Modern Surveillance State
Newest First  |  Oldest First  |  Threaded View
pwndecaf
50%
50%
pwndecaf,
User Rank: Apprentice
7/18/2013 | 7:21:59 PM
re: NSA Prism: Inside The Modern Surveillance State
The US incarcerates its population to a much greater percentage than anywhere else in the world. God forbid you be a person of color.
timallard
50%
50%
timallard,
User Rank: Apprentice
6/13/2013 | 12:57:13 PM
re: NSA Prism: Inside The Modern Surveillance State
While I assume most of this is being done for corporate spying internationally to aid USA companies it's a gross violation of the 4th Amendment, so, they need to get the secret agenda's done some other way, and forced to use warrants on individuals.
The whole concept of warrantless searching without a cause is so bogus based on fishing for "terrorists", give me a break, my take is that the hyenas need to get pulled off the carcass of "democracy" before it's long gone.
gavgavgav
50%
50%
gavgavgav,
User Rank: Apprentice
6/11/2013 | 6:09:26 PM
re: NSA Prism: Inside The Modern Surveillance State
To Andrew's comment, everyone draws the line in a slightly different place in the sand with regards to the balance between privacy and security -- but the issue so many people (both Americans and the international community) are struggling with is how much of their own data needs to be harvested in order for a government to keep its people safer. There are a lot of unanswered questions that go far beyond the initial NSA answer of, "Hey, we can't tell you everything but you're safer because of this."

1) Could the attacks partly or completely detected and thwarted by the PRISM system have been prevented by more targeted surveillance techniques?

2) Even if you believe what is happening now is right and good, how is the data collected by the NSA stored and protected from misuse by future administrations? What is the retention policy on all that?

3) Does the wide sweeping nature of this data-gathering tactic weaken the US's role in the world of being an upholder of democracy, human rights, privacy and those kinds of issues that are so often labelled as violations when seen as absent in other countries?

4) Does the revealed lack of privacy in US-based systems weaken American companies abilities to conduct business and be trusted in the wider world, whether they are choosing to be a part of this surveillance or not?

5) Where do we stand ethically and morally with regards to collecting (even if not necessarily analyzing) so much data about people totally unconnected with "terrorism", crime or other activities that the US government would normally have to identify ahead of time in order to become engaged with said people?

To me, this all boils down to the reason why the US Constitution's 4th Amendment was written the way it was, and also why -- when you read that very amendment -- the current activity of the NSA seems so flagrantly in abuse of it.

This is why people the world over need to be protesting this, even given the US government's assurances of increased safety.

Gavin Landless, CISSP, SSCP, CEH
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
6/11/2013 | 2:54:46 AM
re: NSA Prism: Inside The Modern Surveillance State
Not that I know all of the details here, but I do have to wonder if Mr. Snowden has ever heard of both Echelon and Carnivore. Prism would seem to be the direct evolution of the Carnivore program.

For people coming to this topic without any background on what the NSA really does, of course it's going to be shocking. The sheer amount of data (and more importantly, meta-data), the ability to track people based on their network usage and mobile device information... it's mind-blowing, if you didn't know it was a capability that has existed for nearly two decades, if not longer.

If you want to do a little reading on the subject, take a look at how the Secret Service uses information collected from the PRISM program - see if you can find a copy of Privacy Impact Assessment Update for the PRISM-ID dated 10 November 2010.

As to the tools preventing acts of terrorism - I would believe that and I sincerely appreciate that. Having had the building across the street from my office (which happens to be the Federal Reserve Bank of New York) threatened with a bombing last October, the collection of SIGINT (as those in the community call it) to find someone that was working on doing that and then stopping them is much appreciated. Aside from the possible loss of life and ensured damage to the surrounding buildings, it would have made my commute a living hell.

I think the overall issue with the release of the information surrounding PRISM coming on the heels of the issues with the IRS contributes to a level of delirium. Can you trust a government that is going not going to act in a non-partisan way but instead be used as a tool (or weapon) for the political ends of those in power? I would say not. Can you trust an administration that promises transparency but delivers something about as opaque as a Mason jar full of white paint? I would say not, yet again.

As far as the data security side of this program, big data requires... well, just that... big data. In order to find some patterns, a lot of data and a lot of analysis is required. After all, tracking down the faintest voice in the wilderness may be crucial in preventing the next major incident.

I also think that this sort of "discovery" begs the question, should the employees, contractors and the associates of the NSA be held to a higher moral standard? And my feeling is that yes, indeed they should. But, have you ever looked at something along the lines of an SF-86 or considered the process for getting a level of clearance required to get access to the data collected by PRISM? I could be wrong, but my assumption is that not everyone at the NSA has access to that data...

Andrew Hornback
InformationWeek Contributor
D. Henschen
50%
50%
D. Henschen,
User Rank: Apprentice
6/10/2013 | 8:55:37 PM
re: NSA Prism: Inside The Modern Surveillance State
A government insider we know says "the semantic and visual analytics tools weGve developed have reportedly been successful in preventing multiple acts of terrorism." Does this change your thinking on whether the government should be trusted? Seems to boil down to the desire for some curbs and assurances rather than a blank check to snoop at will.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...