Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
A Year Later, Most Americans Think Snowden Did The Right Thing
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
screwbird
50%
50%
screwbird,
 User Rank: Strategist
6/10/2014 | 12:20:54 AM
Re: Definitely the right thing!
how does the ole saw go? if you can't argue the facts argue the law?

you are trying to argue that the outcome of Snowden's actions...which you happen to approve...mitigate the transgressions. not going to fly. he signed an oath. he violated that oath and a multitude of security commitments with KNOWN penalties he agreed to IN ADVANCE of receiving access.

- his actions were pre-meditated

- the "weighting" seems to conveniently miss the fact that he exploited not only his employer/customer....but his teammates as well. the notion that he, in this instance, acted as a beacon of virtue is patently false. 

- what NSA, any other organization or person has done is irrelevant to Snowden's culpability.

we can save for another time discussing the laughable circumstances of where he fled to and ensuing actions. yup...pure as a new-born baby's bottom!!

in the end...what you're really arguing is an ancient meme: the ends justify the means. I'd be careful with that one...it is, perhaps, too flexible a rule to live by.

 

 

 

 

 
PacoCW3
0%
100%
PacoCW3,
 User Rank: Guru
5/30/2014 | 10:48:23 PM
Re: Definitely the right thing!
First and last, alpha and omega, he knowingly and willingly broke laws.  We citizens elect officials to write laws.  If you don't like the laws written, change the politicians.  I simply suggested people take responsibility for our government, by entering public service.  Change from the inside is generally more permanent than that caused by outside forces.  This is how our country has always worked best, individuals working to better their society, legally.

Attempting to equate government monitoring of communications with the Nazi murder of Jews shows an illogical mind.  Or even impugning I support the Nazi methods, illogical.

Based on this, I doubt your mental clarity and capability, and so your ability to be an effective security professional.  Unfounded knee-jerk statements by anyone working in IA is a liability.  As a IA professional, my primary responsibility to my employer is to minimize their risk exposure, legally.  Interesting, our Constitution allows for all Americans to voice their opinions, you are exercising your voice.  I do not agree with you, Snowden broke the law, he knew what he was doing.  He did commit a crime. 

I think your comment for me to grow a pair, is obnoxious, and ego-centric.  Sir, I grew a pair a while ago.  I've been in uniform for 30+ years, and have put my life on the line in more unpleasant corners of this earth than you've dreamed.  I have walked the walk, and talked the talk.

The United States government is a vast compilation of different organizations deployed across one of the most beautiful countries on our globe, not a single entity with a single point of success or failure.  The bottom line is we do not engage in systematically executing people based on their religion, color, country of origin or sexual preferences.  That was done by the Nazi.  Is still being done by other countries, and you likely buy their products at your local department store.  In effect you are likely supporting their continued pogrom.  Truthfully, as a nation we do try to help the down trodden, and liberate the oppressed.  It is because of this truth, that many, many good men and women, stand guard every night.  So that others like you and me can sleep peacefully.
Lorna Garey
67%
33%
Lorna Garey,
 User Rank: Ninja
5/30/2014 | 10:04:39 AM
Re: Definitely the right thing! --- ?
With the caveat that I held a TS clearance for many years, a fact that likely colors my opinion, I consider Edward Snowden a traitor. He seems to have some delusional thinking going on as well ("a real spy"? Seriously?)

We can debate the legal minutia of PRISM all day. We can debate metadata and what level of intrusion happened to US citizens as opposed to foreign nationals. We can debate what amount of privacy we're willing to give up to avoid another 9/11. And certainly that's a conversation worth having. But let's also ackowledge that plenty of people are going to automatically assume that anything the NSA says it its defense, or about what damage Snowden did, is a lie. That's no more realistic than declaring the man a hero. 

To me, the fundamental facts are that he unilaterally decided to steal huge amounts of sensitive data, flee, and then trickle out data in a way that seems mostly concerned with keeping his name in the media spotlight.  
RetiredUser
0%
100%
RetiredUser,
 User Rank: Ninja
5/30/2014 | 9:47:04 AM
Re: Definitely the right thing!
@DarkReadingTim I'm pretty much aligned with your assessment, although I'm cautious about discussing matters like this in the context of polls, as many others also seem to be.

I believe in right and wrong, in our laws, in defending your country, and doing what is the honorable thing to do. It's tough when that honorable thing may be having to do something that is illegal to defend your country in a way that may not have been perceived once as necessary.

This one is going to take time, and introspection. It's not poll material, for that reason.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
 User Rank: Strategist
5/30/2014 | 8:03:29 AM
Re: Definitely the right thing! --- ?
After watching the Snowden interview last night and some of the follow up reports on what he did (or did not do) to qualify as a whistleblower, I'm on the fence. Yes, the public is better off knowing the extent of heretofore secret and questionable NSA surveillance programs. But the jury (literally) is still out on whether Snowden's tactics were the best way to force the disclosure. He should come home and offer a full-throated defense that is his right within our legal system.
DarkReadingTim
100%
0%
DarkReadingTim,
 User Rank: Strategist
5/30/2014 | 7:29:45 AM
Re: Definitely the right thing!
I think that as security professionals, we look at Snowden from two angles: one is our right to privacy as individuals; the other is as stewards of secure data that we know is unique and critical for our organizations.

As an individual, I'm not thrilled about the notion of government agencies monitoring my online activity -- or for that matter, corporations tracking my online habits to present me with more personalized advertising. I should have ways to protect myself from that sort of analysis, and there are some tools for encrypting and/or anonymizing my activity to make it harder for my personal activity to be analyzed.

As someone who has been part of the security professional community for some years, however, I think what worries me most about Snowden is the precedent he sets. He decided, all by himself as a contractor, that certain confidential data about his client should be exposed to the world. His motives may have been noble or moral, but if I'm a security professional, the idea that my organization's most sensitive data might be randomly published by a contractor scares the heck out of me.
JonNLakeland
100%
0%
JonNLakeland,
 User Rank: Strategist
5/29/2014 | 10:11:29 PM
Re: Definitely the right thing!
@Robert, your arguments are far more compelling than most. Are you a lawyer in fact or merely well versed in this topic?

To all: I tend towards a belief that it was useful, and bordering on necessary, for Snowden to make PRISM known. I always simply assumed that the gov't could spy on anything we did digitally, especially post-Patriot Act, but having it confirmed moved it definitively out of the realm of conspiracy nuts and into the public eye.

Certainly there have been negative consequences - international faith in our tech companies has plummeted. I can wish that particular circumstance was different, but have to suppose that were the situation *not* this bad, we may well have never ended up having this conversation.
Robert McDougal
100%
0%
Robert McDougal,
 User Rank: Ninja
5/29/2014 | 5:35:55 PM
Re: Definitely the right thing!
Actually, you and everyone in the United States do have the legal standing to challenge a carrier handing your data over to the government.  The ECPA (Electronic Communications Privacy Act) sections 2702 and 2703 prohibit prohibit telephone companies from sharing customer records with the government except in response to specific enumerated circumstances.

Additionally, the PCLOB (Privacy and Civil Liberties Oversight Board) found the NSA bulk data collection program in direct violation of federal law.  I have broken out their conclusion below.
First, the telephone records acquired under the program have no connection to any specific FBI investigation at the time of their collection. Second, because the records are collected in bulk — potentially encompassing all telephone calling records across the nation — they cannot be regarded as "relevant" to any FBI investigation as required by the statute without redefining the word relevant in a manner that is circular, unlimited in scope, and out of step with the case law from analogous legal contexts involving the production of records. Third, the program operates by putting telephone companies under an obligation to furnish new calling records on a daily basis as they are generated (instead of turning over records already in their possession) — an approach lacking foundation in the statute and one that is inconsistent with FISA as a whole. Fourth, the statute permits only the FBI to obtain items for use in its investigations; it does not authorize the NSA to collect anything.

I concede that this information gives the enemies of the United States useful information.  However, when our government treats the average citizen as the enemy as well, the playing field has changed.
Lorna Garey
33%
67%
Lorna Garey,
 User Rank: Ninja
5/29/2014 | 5:00:47 PM
Re: Definitely the right thing!
I'm not a constitutional law expert. However, the gist is that I have standing to challenge a physical search of my person, property, or papers under the Fourth Amendment. I do NOT have standing to challenge a carrier turning over to the government data that I willingly gave the carrier.

When I send a text or make a phone call on my cell, I voluntarily give AT&T metadata -- on when and what number I dialed, from what number, where the devices were located, etc. What the carrier is allowed to do with that data is a matter for Congress, maybe the FCC. I don't get to scream about my constitutional rights if the company does something I don't like with that data. I can stop using my cell phone and switch to a landline, get a burner, or lobby congress to change the law.  

It's common sense that Snowden has helped our enemies. Saying we don't "know for a fact" is either disingenuous or just looking for an argument.
Robert McDougal
100%
0%
Robert McDougal,
 User Rank: Ninja
5/29/2014 | 4:36:11 PM
Re: Definitely the right thing!
Since you do not provide an references yourself I am assuming you are making reference to Smith v. Maryland in regards to the data you willfully hand over to third parties.  This case focused on the phone numbers an individual dialed with the argument being that an individual has no expectation of privacy because they knowingly hand over the phone numbers they dial to the phone company.  I would like to point out that this was a case against an individual who was suspected of a crime, not the public at large.  Therefore, this is not a blank check to view everyone's call records at all times but rather if you are the subject of a crime investigation.

Secondly, other than the phone number I dialed, there are no SCOTUS decisions pertaining to the categorization of other meta data.  For example, I do not willfully hand over my GPS information to my carrier, that information is sent without my interaction and I cannot disable it in many cases.  So I ask you, if I don't willfully hand that data over how is it legal for the NSA to collect it?  What about emails and private chat?  What about encrypted communications?  If I encrypted it wouldn't you think I would expect privacy?

If you have other case law you are referencing in your response I would appreciate links so that I can better understand your side of the debate.

In case you are interested, this article outlines in detail why the NSA data collection program is illegal.
Page 1 / 3   >   >>


Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9351
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the a...
CVE-2020-9352
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.
CVE-2020-9353
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML ...
CVE-2020-9354
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. pat...
CVE-2020-9355
PUBLISHED: 2020-02-23
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.