[WNYLUG-Users] internet security & stuff
josephj at main.nc.us
Sat Jul 8 11:53:21 2017
Lovely. Apparently, things are never bad enough!
As is typical, that article has links to a couple of others. One says
that particular intelligence agencies were gathering a bunch of stuff
illegally for 10 years. Another covers the details of the British
Investigatory Powers Act that recently became law. Aside from the broad
brush permissions this grants to the intelligence agencies, the most
telling thing was the very long list of agencies which could engage in
these actions. This would appear to open up advanced surveillance
options for thousands of employees at these agencies. What could
possibly go wrong?
If you have anything you care about, encrypt it and store it in a
shielded box buried off site. Otherwise, assume that anybody of
sufficient means or skill can access it.
I'm not a math person, but I assume that using a 256- or 512-bit
encryption key would significantly slow down access to your information,
but with things like the bash bug being undiscovered (at least publicly)
for decades, only top security experts would probably be able to be even
relatively confident that their information is protected.
Information is only useful when you access it and if you can access it,
someone else can probably watch you as you do - and probably get your
authentication factors as well.
It is clear that intelligence services, both public and private will do
what they want to do regardless of the law - the same as any
unscrupulous cracker will.
Good laws (if we had any) would raise the risk for bad actors, but that
would just raise the price of the information.
TL;DR: The horse is out of the barn and barring some magic like quantum
encryption with telepathic keys, it's not coming back.
On the bright side, if North Korea sets off an EMP over the US, then
(almost) nobody will have access to all this stuff and nobody will care.
On 07/07/2017 11:09 AM, SilverBear wrote:
> Yo, all!
> Unless I've been surrepticuisally, em, surruptishisly, em, *secretly* unsubscribed, the WNYLUG list has been pretty quiet for a couple months. So this is not directly Linux-related, but may be of interest to some:
> I just read this story, which caught my attention because, in researching VPN services, I found that many people evaluate the merits of a provider based on whether or not that company is based in a Five Eyes country, or in one of the extended Nine Eyes countries.
> As I understand it --and I'm only just barely acquainted with the topic-- The Five Eyes can circumvent domestic laws against spying on their citizens by sharing intel. For example, it may be illegal for the UK government to read a person's email without a warrant. But it's not illegal under US law for the US gov't to read a Brit's email. And so they do, and then pass on info to the UK gov't. And vice-versa.
> If stopping Terrorism, etc. were the only uses of this intel "partnership" it might be difficult to argue against its validity. But arguments have been made that it is regularly used in enforcing copyright laws in favour of corporate media conglomerates who then don't have to pay to do their own copyright policing. And other stuff. General privacy concerns vary.
> I dunno. But I think this lawsuit is about uncovering precisely what this intel-sharing arrangement has been and continues to be used for, as S.O.P.
> IOW, just how paranoid should a person be?
> Anyway, if y'all haven't burnt off your keyboarding fingers shooting off fireworks like all my neighbors (rural setting) have been doing for a week, read it and tell us if you think the lawsuit has merit, or is one of those "nothingburgers" we hear so much about in the news today.
> Users mailing list
> Users at wnylug.org
More information about the Users