Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/2/2015
04:00 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

EFF General Counsel Takes On NSA Spying

Kurt Opsahl talks to Dark Reading about government surveillance and privacy in anticipation of his Interop keynote.

Privacy rights and cybersecurity will take center stage at Interop later this month when the Electronic Frontier Foundation's head attorney takes the podium for a keynote titled "How the NSA is Spying on You." Dark Reading spoke with Kurt Opsahl, general counsel for the EFF, to get a preview of his talk and tackle some of the privacy issues that are driving his advocacy.

 

Dark Reading: The subject of government surveillance has been a hot topic in the cybersecurity community for a while now, but do you think that the average American recognizes how much of their life is being digitally tracked?

Opsahl: Well, I think more do in the last year or two than had before, certainly. 

The documents that were released through Edward Snowden and through The Guardian and Washington Post and The Intercept, they’ve been confirming actually a lot of things that had been known before, but they were known before in more broader outlines or based upon interviews with informed people.  But having the documents, having the power points that sort of spell it out in detail, has really helped I think peoples’ understanding of how much they are being spied upon.  But nevertheless, there is still more to be done.  Not everybody has the time to really dive in as deeply. 

And one of the challenges that comes out with any complex news story is that getting it so it is widely understandable for people who don’t have a whole lot of time, that’s a challenge.

And the government actively works to make that more challenging.

 

Dark Reading: In what ways does the government do that?

Opsahl: Well, I’ll give you a couple of examples.  I think that one is "under this program." So they will append that sort of statement "under this program" to a variety of statements.  So they could say something like, “We absolutely do not spy on Americans under this program.”  And they may be doing the thing they were accused of under a different program.  But if somebody is not paying close attention, it sounds like they are denying doing it.

And a similar one is “collect”.  The government says they don’t collect this information or that information. 

And then eventually when some of the documents came out and it seemed to be exposing that that was not true, they said no, no, no, we have a definition of "collect."  There was a metaphor used that (we should) imagine it was a library.  "We don’t think of it as collecting until you take the book off the shelf and you look at it."

And sort of imagines a circumstance that Director Keith Alexander, the former director who gave this quote, is in the library in his house.  And someone says, "Oh, what a nice collection of books you have." Can you imagine him saying, "No, no, it’s not a collection; I haven’t read them all?" 

Documents reveal that they try to use some of these word plays or use non-standard definitions for words to explain how, you know, when you think about it, (a statement) was as truthful as could be.  And if people were misled, well, then so be it.

[Everything you need to know about today’s IT security challenges – but were afraid to ask. Register with Discount Code DRBLOG to save $100 for this special one-day event, Dark Reading's Cyber Security Crash Course at Interop on Wednesday, April 29.]

Dark Reading: Can you explain some of the pet projects you're working on to keep the government honest and bring more transparency to citizens?

Opsahl: I can give you a couple of examples just sort of broadly speaking.  Litigation.  We are engaged in several lawsuits that are using the court system to attempt to rein in the surveillance state.  We have lawsuits against the NSA for the warrantless wiretapping program.  Also, we've been working on a case against the National Security Letter power.

We had a court agree that it was unconstitutional, and now the government has appealed.  And so we’re waiting for the court’s decision on that.  We are also looking at reform proposals that are both coming out of the Executive [Office] and from Congress on how to do reforms and looking at how effective they are.  So that’s part of the advocacy. 

Dark Reading: As you prepare for your keynote, what would you say is the one main point you hope the audience will take away from your talk?

Opsahl: I’m hoping that people will come away with a greater understanding of the NSA surveillance program, government surveillance, and things that they have been hearing about in the news. They've maybe read a few articles about it, but it might be shrouded in a bit of mystery.  I'd like them to get a better understanding of exactly what we know to be happening.

And then of course I am an advocate on this. We want to stop these programs, bring them under the rule of law, apply constitutional principles. I think a good way to help people understand why we are fighting to stop these programs is to give them an understanding of the facts on what these programs are actually doing.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.