[WNYLUG-Users] internet security & stuff

Joe josephj at main.nc.us
Sat Jul 8 11:53:21 2017

Lovely. Apparently, things are never bad enough!

As is typical, that article has links to a couple of others. One says 
that particular intelligence agencies were gathering a bunch of stuff 
illegally for 10 years. Another covers the details of the British 
Investigatory Powers Act that recently became law. Aside from the broad 
brush permissions this grants to the intelligence agencies, the most 
telling thing was the very long list of agencies which could engage in 
these actions.  This would appear to open up advanced surveillance 
options for thousands of employees at these agencies. What could 
possibly go wrong?

If you have anything you care about, encrypt it and store it in a 
shielded box buried off site. Otherwise, assume that anybody of 
sufficient means or skill can access it.

I'm not a math person, but I assume that using a 256- or 512-bit 
encryption key would significantly slow down access to your information, 
but with things like the bash bug being undiscovered (at least publicly) 
for decades, only top security experts would probably be able to be even 
relatively confident that their information is protected.

Information is only useful when you access it and if you can access it, 
someone else can probably watch you as you do - and probably get your 
authentication factors as well.

It is clear that intelligence services, both public and private will do 
what they want to do regardless of the law - the same as any 
unscrupulous cracker will.

Good laws (if we had any) would raise the risk for bad actors, but that 
would just raise the price of the information.

TL;DR: The horse is out of the barn and barring some magic like quantum 
encryption with telepathic keys, it's not coming back.

On the bright side, if North Korea sets off an EMP over the US, then 
(almost) nobody will have access to all this stuff and nobody will care.

On 07/07/2017 11:09 AM, SilverBear wrote:
> Yo, all!
> Unless I've been surrepticuisally, em, surruptishisly, em, *secretly* unsubscribed, the WNYLUG list has been pretty quiet for a couple months. So this is not directly Linux-related, but may be of interest to some:
> http://www.wired.co.uk/article/five-eyes-sue-us-government-privacy-international
> I just read this story, which caught my attention because, in researching VPN services, I found that many people evaluate the merits of a provider based on whether or not that company is based in a Five Eyes country, or in one of the extended Nine Eyes countries.
> As I understand it --and I'm only just barely acquainted with the topic-- The Five Eyes can circumvent domestic laws against spying on their citizens by sharing intel.  For example, it may be illegal for the UK government to read a person's email without a warrant. But it's not illegal under US law for the US gov't to read a Brit's email. And so they do, and then pass on info to the UK gov't.  And vice-versa.
> If stopping Terrorism, etc. were the only uses of this intel "partnership" it might be difficult to argue against its validity. But arguments have been made that it is regularly used in enforcing copyright laws in favour of corporate media conglomerates who then don't have to pay to do their own copyright policing. And other stuff. General privacy concerns vary.
> I dunno.  But I think this lawsuit is about uncovering precisely what this intel-sharing arrangement has been and continues to be used for, as S.O.P.
> IOW, just how paranoid should a person be?
> Anyway, if y'all haven't burnt off your keyboarding fingers shooting off fireworks like all my neighbors (rural setting) have been doing for a week, read it and tell us if you think the lawsuit has merit, or is one of those "nothingburgers" we hear so much about in the news today.
> _______________________________________________
> Users mailing list
> Users at wnylug.org
> http://wnylug.org/mailman/listinfo/users_wnylug.org

More information about the Users mailing list