Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
NSA Prism: Inside The Modern Surveillance State
Newest First  |  Oldest First  |  Threaded View
pwndecaf
50%
50%
pwndecaf,
User Rank: Apprentice
7/18/2013 | 7:21:59 PM
re: NSA Prism: Inside The Modern Surveillance State
The US incarcerates its population to a much greater percentage than anywhere else in the world. God forbid you be a person of color.
timallard
50%
50%
timallard,
User Rank: Apprentice
6/13/2013 | 12:57:13 PM
re: NSA Prism: Inside The Modern Surveillance State
While I assume most of this is being done for corporate spying internationally to aid USA companies it's a gross violation of the 4th Amendment, so, they need to get the secret agenda's done some other way, and forced to use warrants on individuals.
The whole concept of warrantless searching without a cause is so bogus based on fishing for "terrorists", give me a break, my take is that the hyenas need to get pulled off the carcass of "democracy" before it's long gone.
gavgavgav
50%
50%
gavgavgav,
User Rank: Apprentice
6/11/2013 | 6:09:26 PM
re: NSA Prism: Inside The Modern Surveillance State
To Andrew's comment, everyone draws the line in a slightly different place in the sand with regards to the balance between privacy and security -- but the issue so many people (both Americans and the international community) are struggling with is how much of their own data needs to be harvested in order for a government to keep its people safer. There are a lot of unanswered questions that go far beyond the initial NSA answer of, "Hey, we can't tell you everything but you're safer because of this."

1) Could the attacks partly or completely detected and thwarted by the PRISM system have been prevented by more targeted surveillance techniques?

2) Even if you believe what is happening now is right and good, how is the data collected by the NSA stored and protected from misuse by future administrations? What is the retention policy on all that?

3) Does the wide sweeping nature of this data-gathering tactic weaken the US's role in the world of being an upholder of democracy, human rights, privacy and those kinds of issues that are so often labelled as violations when seen as absent in other countries?

4) Does the revealed lack of privacy in US-based systems weaken American companies abilities to conduct business and be trusted in the wider world, whether they are choosing to be a part of this surveillance or not?

5) Where do we stand ethically and morally with regards to collecting (even if not necessarily analyzing) so much data about people totally unconnected with "terrorism", crime or other activities that the US government would normally have to identify ahead of time in order to become engaged with said people?

To me, this all boils down to the reason why the US Constitution's 4th Amendment was written the way it was, and also why -- when you read that very amendment -- the current activity of the NSA seems so flagrantly in abuse of it.

This is why people the world over need to be protesting this, even given the US government's assurances of increased safety.

Gavin Landless, CISSP, SSCP, CEH
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
6/11/2013 | 2:54:46 AM
re: NSA Prism: Inside The Modern Surveillance State
Not that I know all of the details here, but I do have to wonder if Mr. Snowden has ever heard of both Echelon and Carnivore. Prism would seem to be the direct evolution of the Carnivore program.

For people coming to this topic without any background on what the NSA really does, of course it's going to be shocking. The sheer amount of data (and more importantly, meta-data), the ability to track people based on their network usage and mobile device information... it's mind-blowing, if you didn't know it was a capability that has existed for nearly two decades, if not longer.

If you want to do a little reading on the subject, take a look at how the Secret Service uses information collected from the PRISM program - see if you can find a copy of Privacy Impact Assessment Update for the PRISM-ID dated 10 November 2010.

As to the tools preventing acts of terrorism - I would believe that and I sincerely appreciate that. Having had the building across the street from my office (which happens to be the Federal Reserve Bank of New York) threatened with a bombing last October, the collection of SIGINT (as those in the community call it) to find someone that was working on doing that and then stopping them is much appreciated. Aside from the possible loss of life and ensured damage to the surrounding buildings, it would have made my commute a living hell.

I think the overall issue with the release of the information surrounding PRISM coming on the heels of the issues with the IRS contributes to a level of delirium. Can you trust a government that is going not going to act in a non-partisan way but instead be used as a tool (or weapon) for the political ends of those in power? I would say not. Can you trust an administration that promises transparency but delivers something about as opaque as a Mason jar full of white paint? I would say not, yet again.

As far as the data security side of this program, big data requires... well, just that... big data. In order to find some patterns, a lot of data and a lot of analysis is required. After all, tracking down the faintest voice in the wilderness may be crucial in preventing the next major incident.

I also think that this sort of "discovery" begs the question, should the employees, contractors and the associates of the NSA be held to a higher moral standard? And my feeling is that yes, indeed they should. But, have you ever looked at something along the lines of an SF-86 or considered the process for getting a level of clearance required to get access to the data collected by PRISM? I could be wrong, but my assumption is that not everyone at the NSA has access to that data...

Andrew Hornback
InformationWeek Contributor
D. Henschen
50%
50%
D. Henschen,
User Rank: Apprentice
6/10/2013 | 8:55:37 PM
re: NSA Prism: Inside The Modern Surveillance State
A government insider we know says "the semantic and visual analytics tools weGve developed have reportedly been successful in preventing multiple acts of terrorism." Does this change your thinking on whether the government should be trusted? Seems to boil down to the desire for some curbs and assurances rather than a blank check to snoop at will.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.