Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/2/2015
04:00 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

EFF General Counsel Takes On NSA Spying

Kurt Opsahl talks to Dark Reading about government surveillance and privacy in anticipation of his Interop keynote.

Privacy rights and cybersecurity will take center stage at Interop later this month when the Electronic Frontier Foundation's head attorney takes the podium for a keynote titled "How the NSA is Spying on You." Dark Reading spoke with Kurt Opsahl, general counsel for the EFF, to get a preview of his talk and tackle some of the privacy issues that are driving his advocacy.

 

Dark Reading: The subject of government surveillance has been a hot topic in the cybersecurity community for a while now, but do you think that the average American recognizes how much of their life is being digitally tracked?

Opsahl: Well, I think more do in the last year or two than had before, certainly. 

The documents that were released through Edward Snowden and through The Guardian and Washington Post and The Intercept, they’ve been confirming actually a lot of things that had been known before, but they were known before in more broader outlines or based upon interviews with informed people.  But having the documents, having the power points that sort of spell it out in detail, has really helped I think peoples’ understanding of how much they are being spied upon.  But nevertheless, there is still more to be done.  Not everybody has the time to really dive in as deeply. 

And one of the challenges that comes out with any complex news story is that getting it so it is widely understandable for people who don’t have a whole lot of time, that’s a challenge.

And the government actively works to make that more challenging.

 

Dark Reading: In what ways does the government do that?

Opsahl: Well, I’ll give you a couple of examples.  I think that one is "under this program." So they will append that sort of statement "under this program" to a variety of statements.  So they could say something like, “We absolutely do not spy on Americans under this program.”  And they may be doing the thing they were accused of under a different program.  But if somebody is not paying close attention, it sounds like they are denying doing it.

And a similar one is “collect”.  The government says they don’t collect this information or that information. 

And then eventually when some of the documents came out and it seemed to be exposing that that was not true, they said no, no, no, we have a definition of "collect."  There was a metaphor used that (we should) imagine it was a library.  "We don’t think of it as collecting until you take the book off the shelf and you look at it."

And sort of imagines a circumstance that Director Keith Alexander, the former director who gave this quote, is in the library in his house.  And someone says, "Oh, what a nice collection of books you have." Can you imagine him saying, "No, no, it’s not a collection; I haven’t read them all?" 

Documents reveal that they try to use some of these word plays or use non-standard definitions for words to explain how, you know, when you think about it, (a statement) was as truthful as could be.  And if people were misled, well, then so be it.

[Everything you need to know about today’s IT security challenges – but were afraid to ask. Register with Discount Code DRBLOG to save $100 for this special one-day event, Dark Reading's Cyber Security Crash Course at Interop on Wednesday, April 29.]

Dark Reading: Can you explain some of the pet projects you're working on to keep the government honest and bring more transparency to citizens?

Opsahl: I can give you a couple of examples just sort of broadly speaking.  Litigation.  We are engaged in several lawsuits that are using the court system to attempt to rein in the surveillance state.  We have lawsuits against the NSA for the warrantless wiretapping program.  Also, we've been working on a case against the National Security Letter power.

We had a court agree that it was unconstitutional, and now the government has appealed.  And so we’re waiting for the court’s decision on that.  We are also looking at reform proposals that are both coming out of the Executive [Office] and from Congress on how to do reforms and looking at how effective they are.  So that’s part of the advocacy. 

Dark Reading: As you prepare for your keynote, what would you say is the one main point you hope the audience will take away from your talk?

Opsahl: I’m hoping that people will come away with a greater understanding of the NSA surveillance program, government surveillance, and things that they have been hearing about in the news. They've maybe read a few articles about it, but it might be shrouded in a bit of mystery.  I'd like them to get a better understanding of exactly what we know to be happening.

And then of course I am an advocate on this. We want to stop these programs, bring them under the rule of law, apply constitutional principles. I think a good way to help people understand why we are fighting to stop these programs is to give them an understanding of the facts on what these programs are actually doing.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5230
PUBLISHED: 2019-11-13
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform...
CVE-2019-5231
PUBLISHED: 2019-11-13
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
CVE-2019-5233
PUBLISHED: 2019-11-13
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
CVE-2019-5246
PUBLISHED: 2019-11-13
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain par...
CVE-2010-4177
PUBLISHED: 2019-11-12
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.