NSA and GCHQ have had access to SIM card encryption keys for years, latest Snowden documents reveal

cliffordcooley said:
Rippleman, I'm only going to say this once. We have laws to prevent people from doing thing, regardless of whether they would have done those things to begin with. I can't say whether anyone "is or is not" outside my window and want laws to help prevent the occurrence. Please stop asking that stupid question, that's right it is stupid because you know it is.

Your question is asking whether a Peeping Tom is in violation, if the person being watched never knew they were. You know the answer to this question and choose not to think about it. There are regulations allowing the activity, under specific guidelines. And under these guidelines the person being watched, knows they are most likely being watched because they likely did something stupid and violated their own right to privacy.
Click to expand...

Here is my position: I support the right to violate privacy if the situation requires it to be done. I don't care about YOUR privacy if YOUR actions have made you lose that privilege, yes I said privilege. Sometimes though, bad things happen to good people and mistakes can be made. No system can be perfect and you must take the benefits along with the faults. There is a balance between effectiveness and intrusiveness and it can/does swing back and forth to much from time to time but over all is a necessity of the times. If you have a better system, create it. If you have a better idea, share it. If you have a better way, demonstrate it. Just remember, what ever you implement, look at the negatives it will create from the other side.
 
  • Like
Reactions: Santosh Vijayan
Rippleman said:
How have you been affected by the NSA? be honest.
Click to expand...
Web security. Do you know how secure eliptic curve cryptography is? Well guess what? On Win7 TLS 1.2 IIS, you can't use RSA and AES GCM. AES CBC was confirmed to have a vulnerability in TLS 1.0 and earlier. Many encryption experts recommend using AES-GCM instead. RSA is bulky and slow but one thing we know about it is it is currently hard to crack for big RSA keys.

ECC crucially hinges on the a key pair. There are several pairs used and (at least) a very common pair was "picked" by the NSA and while unconfirmed as yet, is strongly believed to be chosen by them for a weakness they know about. Why do I mention that? Because it wouldn't be the first time they weakened security. They also (confirmed) weakened the random number generator Dual_EC_DRBG. That was a critical vulnerability as it allowed anyone to eavesdrop and compromise communications. If the NSA knows a weakness in the algorithm, and everyone is implementing it (banks, email etc etc), have a guess who else will be looking for the weakness?

Eavesdropping a banking website ... very nasty stuff. They don't have to reveal they have broken the encryption for years and save up a lot of very sensitive information.
 
Last edited:
Rippleman said:
This was my point. If the NSA DID show their existence to your "window" then you can be concerned. Why fear/worry about something that is a nonexistent threat to you? Why have a big fuss over something that will never happen to you? I mean this in a nicest way possible but you really aren't important enough to be looked at and to think the NSA would be looking at you is very vain.
Click to expand...
The point is not that the NSA could be spying on us (we already know they are spying on us - Skype, Google, Apple, Yahoo etc all have info harvested by the NSA either now or in the past). The point is what did they have to do to security to allow this? And do you trust them to protect whatever vulnerability they put in from malicious 3rd parties?

The answer to these is: often they put in a poorly protected backdoor, and secondly they now have a system collecting sensitive information on millions of people. Have a guess what an awesome hacking target would be if you wanted info on millions of people? So have another guess at what is absolutely mission critical that it, or it's backdoor access methods are never compromised?

If they want the info for "national security", the least they can do is not have a backdoor to do it - because anyone can break in the backdoor. That still does not protect your information from the second point however.

And if you think "Who can hack the NSA?" well there are nationally sponsored hackers out there who are not american too...
 
Darth Shiv said:
The point is not that the NSA could be spying on us (we already know they are spying on us - Skype, Google, Apple, Yahoo etc all have info harvested by the NSA either now or in the past). The point is what did they have to do to security to allow this? And do you trust them to protect whatever vulnerability they put in from malicious 3rd parties?

The answer to these is: often they put in a poorly protected backdoor, and secondly they now have a system collecting sensitive information on millions of people. Have a guess what an awesome hacking target would be if you wanted info on millions of people? So have another guess at what is absolutely mission critical that it, or it's backdoor access methods are never compromised?

If they want the info for "national security", the least they can do is not have a backdoor to do it - because anyone can break in the backdoor. That still does not protect your information from the second point however.

And if you think "Who can hack the NSA?" well there are nationally sponsored hackers out there who are not american too...
Click to expand...

What I am saying is NOT that its ok. What I am saying is YOU are not being spied on. No one cares about you or me or anyone on this board. You are not important. This is not some James Bond movie and you are not in the cast. If circumstances were such that you were buying materials from a known explosives seller on the list from the middle east, then YES you will start to be of interest. Under those circumstances I don't care about your privacy rights just the same as you shouldn't care about MINE if roles were reversed. Like I said above: "I support the right to violate privacy if the situation requires it to be done. I don't care about YOUR privacy if YOUR actions have made you lose that privilege".

Also, do you feel that If the NSA didn't exists, the "nationally sponsored hackers" would be spying on you? Paranoia is strong with some.
 
Rippleman said:
What I am saying is NOT that its ok. What I am saying is YOU are not being spied on. No one cares about you or me or anyone on this board. You are not important.
Click to expand...
The question of whether we are or not is irrelevant. Not everyone is being cased for robbery either, but everyone has laws to help minimize chances of that happening. Especially from a government official. You keep suggesting we are not targets and there for shouldn't ask for protecting laws. That is such a BS stance. Our kids are not targets for rape either, so lets throw out the laws that were put in place to protect them.
 
cliffordcooley said:
The question of whether we are or not is irrelevant. Not everyone is being cased for robbery either, but everyone has laws to help minimize chances of that happening. Especially from a government official. You keep suggesting we are not targets and there for shouldn't ask for protecting laws. That is such a BS stance. Our kids are not targets for rape either, so lets throw out the laws that were put in place to protect them.
Click to expand...
Everything you are saying does not change anything. Even with more laws, you are still able to be spied upon but relax, you are not. Your kids are targets for those that hold them valuable. You, no matter how much you think you are, are simply not valuable. Sorry.
 
Rippleman said:
You, no matter how much you think you are, are simply not valuable. Sorry.
Click to expand...
The government is not spying on us for our value. That is what taxes and fines are for. What you can't conceive of is the fact that target or not, there are doors open that need to be closed. And yes we are all targets whether you want to admit it or not. If we leave these doors open without regulation, it will not be long local law enforcement (if they are not already) will be walking through it. Don't even suggest no one needs protection from local law enforcement. After all the man/woman behind the badge is just another person like everyone else. If you trust any of them, you are making a big mistake.
 
cliffordcooley said:
The government is not spying on us for our value. That is what taxes and fines are for. What you can't conceive of is the fact that target or not, there are doors open that need to be closed. And yes we are all targets whether you want to admit it or not. If we leave these doors open without regulation, it will not be long local law enforcement (if they are not already) will be walking through it. Don't even suggest no one needs protection from local law enforcement. After all the man/woman behind the badge is just another person like everyone else. If you trust any of them, you are making a big mistake.
Click to expand...
Sorry, I disagree with your position. Like I have said, this is the position I hold based on what I know at this point in time. I support the right to violate privacy if the situation requires it to be done. I don't care about YOUR privacy if YOUR actions have made you lose that privilege.
 
cliffordcooley said:
Technically you are being selfish, I care about everyone's privacy.
Click to expand...
I also support the opposite, I support the right to violate privacy if the situation requires it to be done. I don't care about MY privacy if MY actions have made ME lose that privilege.
 
Rippleman said:
What I am saying is NOT that its ok. What I am saying is YOU are not being spied on. No one cares about you or me or anyone on this board. You are not important. This is not some James Bond movie and you are not in the cast. If circumstances were such that you were buying materials from a known explosives seller on the list from the middle east, then YES you will start to be of interest. Under those circumstances I don't care about your privacy rights just the same as you shouldn't care about MINE if roles were reversed. Like I said above: "I support the right to violate privacy if the situation requires it to be done. I don't care about YOUR privacy if YOUR actions have made you lose that privilege".

Also, do you feel that If the NSA didn't exists, the "nationally sponsored hackers" would be spying on you? Paranoia is strong with some.
Click to expand...
Actually everyone is being spied on.

Rippleman said:
I also support the opposite, I support the right to violate privacy if the situation requires it to be done. I don't care about MY privacy if MY actions have made ME lose that privilege.
Click to expand...
Well innocent until proven guilty. Mass surveillance - everyone is spied on by default. I have no problem if they suspect me of wrong doing but they currently do not so why are they surveilling everyone? We know they are doing it (suspected for years but confirmed via Snowden etc).

This sort of surveillance will only catch dumb crooks. The smart ones will look to services that have good security practices as well as ones being out of US jurisdiction.
 
Last edited:
Rippleman said:
By whom are you personally being spied on?
Click to expand...
At the very least PRISM https://en.wikipedia.org/wiki/PRISM_(surveillance_program.

XKeyScore - and I quote:
You could read anyone's email in the world, anybody you've got an email address for. Any website: You can watch traffic to and from it. Any computer that an individual sits at: You can watch it. Any laptop that you're tracking: you can follow it as it moves from place to place throughout the world. It's a one-stop-shop for access to the NSA's information.

https://en.wikipedia.org/wiki/XKeyscore

Another thing to note. He has approximately 58,000 documents to verify his claims. They have been released slowly to date. None of the information released so far has been disputed as inaccurate. The information is credible. That is why I'd believe Snowden's claim - he can back it up.
 
Last edited:
Darth Shiv said:
Actually everyone is being spied on.


Well innocent until proven guilty.
Click to expand...

Innocent until proven guilty is a myth. If so, why being under arrest exist, or incarceration, or bail?

Darth Shiv said:
At the very least PRISM https://en.wikipedia.org/wiki/PRISM_(surveillance_program.
Click to expand...

This COULD apply to SOME people under SOME conditions employed with SOME companies from SOME countries making SOME products or SOME services. And that's a BIG "could".
 
Rippleman said:
This COULD apply to SOME people under SOME conditions employed with SOME companies from SOME countries making SOME products or SOME services. And that's a BIG "could".
Click to expand...
Or it could apply to all people and some people could be in denial?
 
Darth Shiv said:
Or it could apply to all people and some people could be in denial?
Click to expand...
This is a logical fallacy. If it applied to all, then all would know it since the people responsible for it would themselves also be under it. Do you have any proof of your claim that you personally are being spied upon other then the obvious things?
 
http://www.thefreedictionary.com/spy

One criteria to being a spy is never getting caught. That severely reducing the chances of anyone ever collecting proof. The day we get proof, will likely be the day we (or at least our data) disappear. Luckily for Snowden he had an exit strategy. You are asking for proof and the only way to do that is to walk the same road Snowden walked. I don't believe any of us are in a position to do that regardless of whether we want to or not. The fact that you would even ask that question is appalling, as if we can walk through doors regardless of the closed door policies congress has.

It doesn't matter whether they are or are not snooping in my ****. We need regulations in place that will hold them accountable, if they have no reasons to snoop in the first place.
 
Rippleman said:
This is a logical fallacy. If it applied to all, then all would know it since the people responsible for it would themselves also be under it. Do you have any proof of your claim that you personally are being spied upon other then the obvious things?
Click to expand...
My proof is the NSA documentation that is saying the services I am using for my day to day life are being monitored. That's enough.
 
You must log in or register to reply here.

Similar threads

midian182
New "Downfall" vulnerability can steal passwords and encryption keys, discovered in Intel...
Replies
6
Views
490
Bobbydpue
Bobbydpue
midian182
Pornhub parent company blocks access to its sites in Montana and North Carolina over age...
Replies
15
Views
565
ZedRM
ZedRM
A
Qualcomm's Snapdragon 8 Gen 2 SoC features iSIM silicon to replace SIM cards and eSIM...
Replies
6
Views
752
Knot Schure
Knot Schure

Latest posts

Back