Thank Snowden: Internet Industry Now Considers The Intelligence Community An Adversary, Not A Partner
from the a-useful-level-of-distrust dept
We already wrote about the information sharing efforts coming out of the White House cybersecurity summit at Stanford today. That's supposedly the focus of the event. However, there's a much bigger issue happening as well: and it's the growing distrust between the tech industry and the intelligence community. As Bloomberg notes, the CEOs of Google, Yahoo and Facebook were all invited to join President Obama at the summit and all three declined. Apple's CEO Tim Cook will be there, but he appears to be delivering a message to the intelligence and law enforcement communities, if they think they're going to get him to drop the plan to encrypt iOS devices by default:In an interview last month, Timothy D. Cook, Apple’s chief executive, said the N.S.A. “would have to cart us out in a box” before the company would provide the government a back door to its products. Apple recently began encrypting phones and tablets using a scheme that would force the government to go directly to the user for their information. And intelligence agencies are bracing for another wave of encryption.In fact, it seems noteworthy that this whole issue of increasing encryption by the tech companies to keep everyone out has been left off the official summit schedule. As the NY Times notes (in the link above), Silicon Valley seems to be pretty much completely fed up with the intelligence community after multiple Snowden revelations revealed just how far the NSA had gone in trying to "collect it all" -- including hacking into the foreign data centers of Google and Yahoo. And, on top of that, the NSA's efforts to buy up zero day vulnerabilities before companies can find out and patch them:
“What has struck me is the enormous degree of hostility between Silicon Valley and the government,” said Herb Lin, who spent 20 years working on cyberissues at the National Academy of Sciences before moving to Stanford several months ago. “The relationship has been poisoned, and it’s not going to recover anytime soon.”That Times article quotes White House cybersecurity boss Michael Daniel (the man who is proud of his own lacking of cybersecurity skills) trying to play down the "tensions" between Silicon Valley and Washington, followed by this anonymous quote from a Silicon Valley exec:
“A stupid approach,” is the assessment of one technology executive who will be seeing Mr. Obama on Friday, and who asked to speak anonymously.Further, the article discusses how companies are trying to fight back against the NSA's abuse of zero days (another thing that Daniel has championed) by getting to them before the government does:
And while Silicon Valley executives have made a very public argument over encryption, they have been fuming quietly over the government’s use of zero-day flaws. Intelligence agencies are intent on finding or buying information about those flaws in widely used hardware and software, and information about the flaws often sells for hundreds of thousands of dollars on the black market. N.S.A. keeps a potent stockpile, without revealing the flaws to manufacturers.There's a lot more in the two stories ahead, but the angry feeling is real. In the past year, it's amazing how many conversations I've had with people around Silicon Valley who aren't just upset or disgusted over the intelligence community's actions, they're angry. And while the tech industry was never as buddy buddy with the government as some have tried to imply, things had undoubtedly become complacent in some circles, with little effort being made to make sure that information wasn't being misused or abused. But that's no longer the case. There are, of course, legal limits on what companies can do, but just as the NSA once explained how they play right up to the very edge of the limits that Congress puts around them (some of us believe they go beyond that...), the tech industry is rapidly learning that they, too, need to push back to the line that the law allows them to do so as well.
Companies like Google, Facebook, Microsoft and Twitter are fighting back by paying “bug bounties” to friendly hackers who alert them to serious bugs in their systems so they can be fixed. And last July, Google took the effort to another level. That month, Mr. Grosse began recruiting some of the world’s best bug hunters to track down and neuter the very bugs that intelligence agencies and military contractors have been paying top dollar for to add to their arsenals.
They called the effort “Project Zero,” Mr. Grosse says, because the ultimate goal is to bring the number of bugs down to zero. He said that “Project Zero” would never get the number of bugs down to zero “but we’re going to get close.”
And, of course, none of that would likely have happened without Ed Snowden revealing to journalists the nature of the NSA's overreach.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, cybersecurity summit, ed snowden, government, surveillance, trust, white house, zero days
Companies: apple, facebook, google, yahoo
Reader Comments
Subscribe: RSS
View by: Time | Thread
About freakin' time
And, of course, none of that would likely have happened without Ed Snowden revealing to journalists the nature of the NSA's overreach.
Not so, Snowden may have gotten the ball rolling by exposing the parasitic relationship that the NSA has with tech companies, but ultimately the blame for their increased push towards bug-hunting and encrypting/securing their products lies at the feet of the NSA, police, and others like them who just couldn't restrain themselves and adopted a 'Grab everything' mindset when it came to data.
The NSA and others have shown that they cannot be trusted, and if the tech companies are going to protect their services, profits, and customers, it's up to them to do so.
[ link to this | view in chronology ]
Re: About freakin' time
[ link to this | view in chronology ]
Re: About freakin' time
[ link to this | view in chronology ]
How did they not see this coming?
They really think stepping all over their toes wouldn't have consequences?
[ link to this | view in chronology ]
Re: How did they not see this coming?
There are two ways to solve a given problem: Application of intelligence or application of force. Force is easier, so if you have power, you apply force and neglect intelligence. If you have no power, all you have is your intelligence, so you use that.
As weak people use their intelligence, they acquire power and the ability to use force, which is so much easier to use. This explains why dictators seem so smart on their rise to power, but so stupid once at the top.
In a very real sense, power seems to destroy brain cells. Those in the so-called "intelligence" coummunity are at the top of their game and have stopped using intelligence a while ago. Of course, they THINK (are CERTAIN) that they are the SmartestGuysInTheRoom, so they are blind to the self-destructive consequences of their policies.
[ link to this | view in chronology ]
Re: How did they not see this coming?
[ link to this | view in chronology ]
Re: Re: How did they not see this coming?
This. 1000x this.
Nobody every thinks of themselves as a bad guy. Every nefarious thing the NSA (and CIA, etc) have done was done under the belief they were doing the 'right thing.'
It is just too easy to do bad things because you think are righteously fighting the good fight. And that is why good-quality oversight is so incredibly necessary.
[ link to this | view in chronology ]
Re: Re: Re: How did they not see this coming?
This can't be overstated. For potent examples, look at nearly every evil tyrant in history. Almost every single one of them thought they were the "good guy".
[ link to this | view in chronology ]
Re: Re: Re: Re: How did they not see this coming?
Pol Pot: Determined to create a socialist Utopia. The slaughter of millions of Cambodians was a sacrifice he was willing to make for the greater good.
NSA/CIA/FBI: Willing to shred the Constitution and their oaths in order to preserve the safety of Americans. Convinced that they will never use the blackmail possibilities they have gathered for anything other than "noble" means as they see it. They are the good guys.
This is why it never matters what you THINK of yourself, it only matters what you DO. This is why we have rules; because the good intentions of men can never be trusted.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: How did they not see this coming?
[ link to this | view in chronology ]
Re: Re: Re: Re: How did they not see this coming?
[ link to this | view in chronology ]
Re: Re: Re: How did they not see this coming?
When they no longer understand what qualifies as a "Good Guy" in our nation they no longer are a part of the "good guys".
[ link to this | view in chronology ]
Re: How did they not see this coming?
[ link to this | view in chronology ]
Re: Re: How did they not see this coming?
[ link to this | view in chronology ]
Re: Re: Re: How did they not see this coming?
[ link to this | view in chronology ]
Re: How did they not see this coming?
[ link to this | view in chronology ]
Re: How did they not see this coming?
[ link to this | view in chronology ]
Re: How did they not see this coming?
[ link to this | view in chronology ]
Now let's just sit back and watch if Google, Yahoo and Facebook soon start getting some lucrative government contracts in order to change their attitude about "big brother."
[ link to this | view in chronology ]
Re:
But for Yahoo and Facebook....what exactly would the government "hire" them to do?
[ link to this | view in chronology ]
1. Decide not to give tax breaks to those corporations not willing to play ball...
2. Use any and all anti-trust laws to bury them in legal bullshit forever...
3. Just use eminent domain laws to yank the businesses out from under them...
[ link to this | view in chronology ]
Re: (I'm waiting for the government to:)
(Not counting labor laws, which do need to be stronger. But that's another story.)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
THIS!!!
Is the kinda of thing i EXPECT to see in a cybersecurity bill..........
[ link to this | view in chronology ]
An attempt
Recognition
Forsight
This (the quote) is all we ask
Not nothing
To those that try thankyou for giving a damn
[ link to this | view in chronology ]
NSA put an asteRISK next to every US IT product.
Who needs TPP/TTIP/... when NSA singlehandedly kills our IT exports?
[ link to this | view in chronology ]
Fair enough, i wouldnt want an idividual put their neck on the line unless they chose to.....but to put things simply, legal limits doesnt seem to stop a listfull of governments.........they need to get their act together, before to many people realise this and still expect an expectation of people to follow the laws, at least the laws that can be argued NOT to benefit humanity, and hopefully more investigatory scrutiny in how such laws came about
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Yet, they are under the executive branch which is forbidden to write laws, regulations, etc by the word "All" by the supreme LAW of our nation that all must be in Pursuance thereof to be lawful here within the USA. US Constitution, Article 1, Section 1:
"All legislative Powers herein granted shall be vested in a Congress of the United States, which shall consist of a Senate and House of Representatives."
Yes, that does mean that "executive orders" are NOT lawful and it matters not over how many decades they have been used, time does NOT make them lawful, just that those who all served within our governments and allowed them to be used on the people and not just those who are in Washington DC criminals.
[ link to this | view in chronology ]
Made in the US for electronic products and software no longer stands for quality. It stands instead for built in security flaws guaranteed. Having the corporate headquarters in the US stands for "we can't trust you nor what you can or can not say".
No one wants to pay for that deal when buying products and services.
[ link to this | view in chronology ]
Damn straight
[ link to this | view in chronology ]
[ link to this | view in chronology ]
It is to laugh.
If companies like this had not spent most of the last 20 years attacking and criminalizing those who pointed out their security flaws and churning out piss-poor code and hardware, completely ignoring actual security for much of that time, they would not so much have that problem now, would they? It is merely trendy or convenient for them to be at odds with the insane overreach of the national security apparatus these days. They certainly don't mind the same behaviors when they are doing it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Apple playing shady?
http://www.aljazeera.com/indepth/features/2015/02/china-code-war-attacks-internet-titans-15021 1084717111.html
"Apple, like other Western internet titans that aim to ride China's rise as an economic superpower, is likely under tremendous pressure to tolerate these "organized network attacks" as part of the price of remaining in the Chinese market, he added... The only American internet giant to publicly renounce cooperating with China's censors so far has been Google, which also identified "the Chinese government or its agents" as being the masterminds of a sophisticated attack on Google's central servers."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Stop the whining and get off your...
You all have choices, build better network appliances, build better software, and build better security. Snowden was unethical, unlawful, had no integrity, an sought fame over solutions. He stole as much data as you claim the NSA is doing and Google is taking more from you everyday.
Get in the game, cheer for what is right, but stop whining.
[ link to this | view in chronology ]
Re: Stop the whining and get off your...
[ link to this | view in chronology ]
Re: Stop the whining and get off your...
Clearly you haven't been looking then, I've seen plenty of people on TD alone noting that Google scoops up more data than they are comfortable with. However, even if Google did grab more data than the NSA(unlikely), there's two big differences between the two:
1. You can opt out of Google collecting info for you. It may not be easy, but it is possible. The same cannot be said of the NSA unless you cut yourself off completely from all things electronic.
1.5 As an addendum to #1, if you try and hide your communications from Google, they'll just move on to someone else. If you try and do the same with the NSA, by say encrypting your communications, then they just use that against you and claim that you're trying to hide something nefarious/illegal, and the regular 'rules'(as much as those actually apply to the NSA) with regards to how long they are supposed to be able to hold on to communications are thrown out the window.
2. Last I checked, Google doesn't use the data they gather to drop bombs on people, the NSA does.
You all have choices, build better network appliances, build better software, and build better security.
... and then watch as the NSA does it's best to undermine and weaken all of the above. Security making the NSA's job harder? Throw in a back-door! Encryption annoying the NSA? Intentionally push encryption that you know is weak and has a glaring weakness!
Snowden was unethical, unlawful, had no integrity, an sought fame over solutions.
He saw something that was wrong, and did the best he could to fix it. I don't know where you're getting your definition of 'ethical', but that seems to match it pretty well.
Unlawful... yeah, probably, but just because something may be illegal, doesn't automatically make it wrong.
As for integrity, again, he saw a problem, knew that going the 'authorized' routes to solve it would do absolutely nothing, and did what he could to see it fixed, at great personal risk, and despite the fact that he could have just ignored it and continued on, business as usual.
And finally, 'fame over solutions'. If the USG hadn't gone completely ape-shit over Snowden, to the point that they were willing to pull strings to have a presidential plane grounded because he might have been on board, if they had just owned up to what they had been doing for years instead of lying time and time again(and being caught out on their lies pretty much every single time), if they hadn't flipped out and made him out to be this monster in human form out to destroy all that is good in this world, Snowden would have been a footnote in the history books.
His actions in bringing massive government abuse of power to light would have been noted, the changes caused by this would have been noted, but that would have been about it. You want to blame someone for Snowden's 'fame', look no farther than the USG.
As for the second half, '... over solutions', history made it abundantly clear to him and everyone else, if he took the 'legal' path, and reported what he'd found to the 'proper' authorities, odds are he'd have lost his job, potentially faced jail time over some drummed up charges, and absolutely nothing would have been done regarding the problems and issues he was trying to solve.
[ link to this | view in chronology ]
Re: Re: Stop the whining and get off your...That one guy
[ link to this | view in chronology ]
"Snowden took what did not belong to him"
Lying to the gestapo to protect the Jews in your attic?
Dealing drugs on the street because legitimate jobs that pay a living wage are not available to people of your color?
I'm pretty sure the real world is no place for deontological ethics.
[ link to this | view in chronology ]
What we want
In biology, everything foreign is considered hostile until proven otherwise (e.g. scanned, filtered and digested). The Internet has a lot of similarities to an ecosystem, and those who survive this era of surveillance and data leaks will emerge immune in the next era in which these kinds of attacks are regarded as trivial and quaint.
[ link to this | view in chronology ]
transparency as promised
[ link to this | view in chronology ]
Treasonous dickheads
The US is now a torture state and a surveillance state and a corporate police state. Treason towards such a state is, as Jefferson's seal suggests, obedience to God.
[ link to this | view in chronology ]