This article keeps saying in many words that the NSA would put Snowden on a boat to gitmo if they found out he hosted a CryptoParty.
I don't see why, given that educating the US public about security best practices perfectly aligns with their mission. Back in 2001 they even released the first version of SELinux:
The history of crypto in the US is actually much more interesting than that and for a time exporting any crypto tools was a felony (exporting munitions).
At the time the NSA was not pleased about the release of DES and was also very concerned about PGP. There were attempts at laws requiring key escrow available to the NSA among other restrictions on foreign key size etc. It wasn't really until the late nineties that this stopped. For a time they would probably have liked to ban all citizen encryption all together, but it became obvious that this couldn't be enforced (and it's necessary for things like e-commerce).
A lot of early crypto based patents and research were retroactively classified - there was a big historical legal battle to get things where they are today.
"This article keeps saying in many words that the NSA would put Snowden on a boat to gitmo if they found out he hosted a CryptoParty."
No, the actual words are just "That was a huge risk for him to teach a crypto party while he was working for the NSA." It was a risk for him, the kind of like organizing "don't drink sugar water" event while working for Coca Cola which has effectively its own police, and that at the time the employee already downloaded the secrets from the Coca Cola's secure network and he even contacted some journalists to give them those.
I'm not claiming that Coca Cola has its own police but suggesting to imagine a hypothetical Coca Cola which has police at their command, and a hypothetical employee working for a such company, who just took secret documents, contacted a journalist, then making a "let's not drink sugar water" event, and then to try to imagine if his behavior could trigger such police to investigate him more and maybe in the process discover what he did. Sorry if it wasn't clear enough.
Snowden organized a "let's use Tor" event after he apparently already downloaded some secret documents and contacted a journalist. And the top commenter disputes the claim "That was a huge risk for him to teach a crypto party while he was working for the NSA" falsely claiming that the article "keeps saying in many words that the NSA would put Snowden on a boat to gitmo if they found out he hosted a CryptoParty." It doesn't. But I also claim that it was a potential risk for him as there was some chance that somebody in charge for security starts to investigate what he does or already did.
And if I understood other sources, at that time Snowden actually worked for a private company (Booz Allen Hamilton Inc.)
The NSA has (at least) two separate missions: keep domestic systems secure, and break into foreign systems.
These systems come into conflict a lot because it has become nearly impossible to secure domestic systems without also securing foreign systems.
For a while, NSA appeared to favor securing domestic systems when the two came into conflict. Thus events like the withdrawal of SHA-0 and its strengthening and re-release as SHA-1.
Now, it appears to have swung back in the other direction, and pretty hard. They're keeping vulnerabilities secret and even deliberately introducing weaknesses in order to make their spying mission easier.
Educating the public about computer security aligns with one of their missions, and not the one they appear to really care about now.
Not even post-9/11; Post-Snowden. Post-9/11 post Snowden, you could still make a solid argument for "these tools are to keep you safe from Evil Chinese Hackers, criminals, etc." It's patriotic to defend US "critical infrastructure" from these threats!
(and, ultimately, those are still the big threats today; NSA is a more interesting threat, and one where policy has some chance of working, but the ambient criminal threat is more commonly encountered.)
I think NSA probably doesn't want their people giving even pro-NSA talks in public without a lot of screening and approval, though. At most they'd have reviewed/pulled his clearance and fired him, not Gitmo'd.
I don't see why, given that educating the US public about security best practices perfectly aligns with their mission.
I suspect how well it aligns depends on which part of the large and complex organisation that is the NSA any given individual works in.
If it is seen as subversive to a few of the many within the NSA I doubt they'd do a straw poll across the organisation as a whole to see how they address such an issue.
It's obvious that Edward Snowden was upset with mass surveillance for quite sometime and did a lot of preparation before taking the final leap to disclose the truth.
He is a hero and has brought out a (long due and) renewed interest in privacy and security. We'll all be the better for it in the coming years.
> A recent Wall Street Journal column argues that Snowden might have been working for the Russians and Chinese at the same time.
This sounds straight out of The Onion. "Controversial figure found to be working for the Chinese, the Russians, Al-Qaeda, the KKK and Nazi Germany at the same time"
Didn't he provide classified documents to the South China Morning Post? Certainly a clever way to create plausible deniability, but anyone with Google would be able to see how closely related that paper is to Beijing[1].
Cynically perhaps I'd imagine that increasing number of tor users for his node would be a great benefit if he wanted to reduce the possibility that his own traffic could be easily tracked. If you're the only user of a Tor node I'd imagine it's far easier to track traffic and potentially deanonymise if not decrypt some communications.
This was my first thought as well. And specifically if anything he was doing got flagged the crypto party would be an excellent cover for why he was using Tor and TrueCrypt to send things to random people
> He was leading a local “Crypto Party,” teaching less than two dozen Hawaii residents how to encrypt their hard drives and use the internet anonymously.
I found this quite interesting. I wonder how many more of these events are happening around the world. They could teach how to use truecrypt, how to turn on two factor authentication for the popular services that use it and what it is, good password policies, and what https means for browsing the internet securely.
Yup, quite a few of them are happening around the world - the overall 'movement' is / can be called the 'cryptoparty movement' (if one could say it was indeed a 'movement'). We did our own event in our local town (http://cryptoparty.lt/) (well, "i participated in one" is more like it), and hopefully we'll pick it up and do it again.
There's always this delicate thing of having a balance between being interesting to local hackers, vs. being understandable by laypeople. We veered towards the former, and it was great fun, but it would be very beneficial to try and be more welcoming towards the general crowd, too. It's not always easy when introducing complex technologies - I try to avoid using leaky metaphors, but sometimes that's not possible.
Does Marcus end up Putin's lapdog against the West? As good as his disclosures are, fleeing to a state with much worse human rights records and pretty much a one-party klepocracy obsessed with annexing territories and controlling its neighbors isn't how most good stories end.
Why isn't he railing against Russia's SORM-1, SORM-2, and SORM-3? My concern here is that his disclosures won't change business as usual and will provide political cover for nations with just as bad, if not worse, human rights violations because the US's critics can just point to Snowden and deflect the conversation, which is EXACTLY what's happening now.
Bullshit. He didn't flee to Russia. He was fleeing through Russia, and we made it plain we'd down any plane we thought he might be on. What is he supposed to do? Leak Russian secrets? At this point, there's no good he can do better than remaining free and remain vocal - and that's what he's doing.
As for why he isn't railing against other policies I suspect he recognizes how lucky he is to not be in the position Bradley Manning is in even after leaking so much. Snowden has done enough good for one lifetime anyway.
depending on what you believed he either ended up there as a result of having his passport revoked en route to ecuador (his story) or that was a ruse and he intended to stay in russia because it was the only state that could and would stand up to US pressure to extradite him (assange's claim); neither of these interpretations lend any credence to the idea that snowden condones the russian regime's policies. he has openly criticized putin's pre-scripted response to his question regarding russian state surveillance.
However, perhaps Snowden's biggest achievement is to bring security to the forefront of everything and create a wave of new half-baked "security" products which want to ride the wave.
The notion of security is relative and the weakest link is always us. A small overlook or an error is all it takes...
This is very true. But all that needs to happen is a non-trivial amount of people making the bastards work for it, in order to make the kind of at-scale mass monitoring the NSA and friends are doing become prohibitively expensive. And oh yeah, as a bonus, it makes you a less attractive target to your everyday script kiddie.
That means truecrypt all the drives, https all the websites, pgp all the emails.
In short, If you have an option between a secure and nonsecure (but slightly more difficult) way of doing something, always pick the secure one.
I just checked through my email to see if I could find the thread on this from the HiCapacity email list and I couldn't find it. I vaguely remember talk about a crypto party, but there's nothing in my email from that time frame.
Except prior to his whistleblowing he was the NSA and helped enable that kind of data collection. It always seemed odd that defectors suddenly get absolved of their crimes. If the NSA, as an organization, is guilty of felonies, then their employees must face time, including Snowden. That's justice right? Or does the "I was just following orders/paycheck" defense suddenly work as well?
Serious question, if we do round-up the NSA, who gets in trouble and who doesn't? Just the leaders? Are we also absolving Congress and POTUS? Please explain.
Make up your mind bro. Is it bad that he sysadminned for the bastards, or is it bad that he stopped? It can't be both.
I'm all for voting out current office-holders, but in their defense: the NSA not only lied to Congress, but spied on Congress so they could see how well their lies were playing.
not everyone is guilty. most people there work on stuff completely unrelated to the unconstitutional crimes they commit. it is also well known that soon after he found out the true extent of the invasions of privacy he did try to change the system from the inside. it was only after it failed that he decided to leak info.
I don't see why, given that educating the US public about security best practices perfectly aligns with their mission. Back in 2001 they even released the first version of SELinux:
http://www.nsa.gov/public_info/press_room/2001/se-linux.shtm...
It is only in the post 9/11 world that we somehow believe a CryptoParty is to the NSA what the tea party was to the british.