Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/2/2015
04:00 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

EFF General Counsel Takes On NSA Spying

Kurt Opsahl talks to Dark Reading about government surveillance and privacy in anticipation of his Interop keynote.

Privacy rights and cybersecurity will take center stage at Interop later this month when the Electronic Frontier Foundation's head attorney takes the podium for a keynote titled "How the NSA is Spying on You." Dark Reading spoke with Kurt Opsahl, general counsel for the EFF, to get a preview of his talk and tackle some of the privacy issues that are driving his advocacy.

 

Dark Reading: The subject of government surveillance has been a hot topic in the cybersecurity community for a while now, but do you think that the average American recognizes how much of their life is being digitally tracked?

Opsahl: Well, I think more do in the last year or two than had before, certainly. 

The documents that were released through Edward Snowden and through The Guardian and Washington Post and The Intercept, they’ve been confirming actually a lot of things that had been known before, but they were known before in more broader outlines or based upon interviews with informed people.  But having the documents, having the power points that sort of spell it out in detail, has really helped I think peoples’ understanding of how much they are being spied upon.  But nevertheless, there is still more to be done.  Not everybody has the time to really dive in as deeply. 

And one of the challenges that comes out with any complex news story is that getting it so it is widely understandable for people who don’t have a whole lot of time, that’s a challenge.

And the government actively works to make that more challenging.

 

Dark Reading: In what ways does the government do that?

Opsahl: Well, I’ll give you a couple of examples.  I think that one is "under this program." So they will append that sort of statement "under this program" to a variety of statements.  So they could say something like, “We absolutely do not spy on Americans under this program.”  And they may be doing the thing they were accused of under a different program.  But if somebody is not paying close attention, it sounds like they are denying doing it.

And a similar one is “collect”.  The government says they don’t collect this information or that information. 

And then eventually when some of the documents came out and it seemed to be exposing that that was not true, they said no, no, no, we have a definition of "collect."  There was a metaphor used that (we should) imagine it was a library.  "We don’t think of it as collecting until you take the book off the shelf and you look at it."

And sort of imagines a circumstance that Director Keith Alexander, the former director who gave this quote, is in the library in his house.  And someone says, "Oh, what a nice collection of books you have." Can you imagine him saying, "No, no, it’s not a collection; I haven’t read them all?" 

Documents reveal that they try to use some of these word plays or use non-standard definitions for words to explain how, you know, when you think about it, (a statement) was as truthful as could be.  And if people were misled, well, then so be it.

[Everything you need to know about today’s IT security challenges – but were afraid to ask. Register with Discount Code DRBLOG to save $100 for this special one-day event, Dark Reading's Cyber Security Crash Course at Interop on Wednesday, April 29.]

Dark Reading: Can you explain some of the pet projects you're working on to keep the government honest and bring more transparency to citizens?

Opsahl: I can give you a couple of examples just sort of broadly speaking.  Litigation.  We are engaged in several lawsuits that are using the court system to attempt to rein in the surveillance state.  We have lawsuits against the NSA for the warrantless wiretapping program.  Also, we've been working on a case against the National Security Letter power.

We had a court agree that it was unconstitutional, and now the government has appealed.  And so we’re waiting for the court’s decision on that.  We are also looking at reform proposals that are both coming out of the Executive [Office] and from Congress on how to do reforms and looking at how effective they are.  So that’s part of the advocacy. 

Dark Reading: As you prepare for your keynote, what would you say is the one main point you hope the audience will take away from your talk?

Opsahl: I’m hoping that people will come away with a greater understanding of the NSA surveillance program, government surveillance, and things that they have been hearing about in the news. They've maybe read a few articles about it, but it might be shrouded in a bit of mystery.  I'd like them to get a better understanding of exactly what we know to be happening.

And then of course I am an advocate on this. We want to stop these programs, bring them under the rule of law, apply constitutional principles. I think a good way to help people understand why we are fighting to stop these programs is to give them an understanding of the facts on what these programs are actually doing.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.