Snowden Comsec Is Stupefying

[from the cryptography mailing list]

John Young jya at pipeline.com
Sat Oct 19 08:37:41 EDT 2013

It is not either dribble / or “dump” as favored outlets are
pontificating, seemingly by ostentatious agreement to
limit harm to governments by harming the public.

Both: provide the documents in a publicly accessible
depository as well as narrate their significance for those
who prefer readers digest and authoritative guidance.

Right now, DocumntCloud provides this depository, holds
over 400,000 documents provided by “authenticated”
journalists to substantiate their reports and to share with
others. Nearly all of the Snowden documents are on file there.

http://www.documentcloud.org/public/search/

Researchers and other journalists want to see original
material for their own edification, interpretations and
uses. And to balance the inevitable bias and lack of
understanding common to all of us. Bear in mind that
readers digests, narratives and editorials are entertaining
fiction like “news.”

Similarly, WikiLeaks initially provided copious documents as
back-up to its commentary. And still does despite an uptick
in exhortatory narratives. So does Federation of American
Scientists, National Security Archive, Public Intelligence,
Crytpocomb, and dozens more, some very old, other new:

http://cryptome.org/0002/siss.htm

This dribbling of documents is a moneymaking scam which
may increase in harm by concealing information that puts
people in harm’s way, not the spies and their agents. Or
worse, choking the flow is required by a confidential
negotiated agreement or policy to test the market, test
the USG response, vet with governments as most major
newpapers do “to limit harm” a code word of complicity.

At one point early on Greenwald says he considered setting a
web site for the documents to be called NSADocuments.
It is not clear what led him to go a conventional monetized
route with the Guardian. Nor the conditions under which
WaPo, O Globo, Der Spiegel, New York Times and ProPublica
were brought into the stream.

What is annoying for the special purpose of this honorable
list of understatement is the braying about encryption as if
that is now mandatory PR to show comsec responsibility.

Nothing about the well-known weaknesses of encryption, its frequent
failures, its backdoors, its extremely misleading marketing,
its long history of many failures and few successes, its
use for entrapment and tracking, its customary snake
oil claims, its recantment by original authors, its cover-up
by original authors, its hopelessly fuck-up state at the
present time and crazed efforts to patchwork temporary
solutions to prop up damaged markets and tattered
reputations amply demonstrated here and other crypto
fora, especially the chickenshit one which bans political and
embarassing topics, therefore most likely populated with
those deeply and long complicit in commercial and
governmental exploitation of the public.

No need to beat the dead horses of Tor, anonymizers,
OTR, OTP, sekret chats, sneaker nets, black nets,
key signing parties, key revocations, forgeries,
impersonations, giant corps and NGOs, use of
trusted cryptoids to front dubious surefire protection,
use of bold names to mislead corrective efforts for
damage they themselves caused, in particular
misleading Manning, Snowden, Anonymous, LulzSec
and many others about comsec.

At 11:43 PM 10/18/2013, you wrote:
>You’ve shot down the approaches of Snowden and Assange before. I
>feel like I mostly understand your argument, but I’m not sure I know
>what you would have them do differently.
>
>Is there anything in particular you think they should have done
>differently to accomplish their goals? Or do you think their goals
>were misguided? If so, what should their goal been, and what should
>they have done to accomplish it?
>
>I know this seems I’m just trying to encourage counter factual
>arguments against history. But there will be more leaks, and more
>folks who are in a position to distribute them. What should they do?
>
>–
>http://josephholsten.com
>
> > On Oct 18, 2013, at 13:37, John Young wrote:
> >
> > We still don’t know, and likely will never know, what is in the
> > Snowden collection. Admirable as his courage may be, he
> > erred in handing it over to media incapable of assessing the
> > whole wad, which has led to the teasing and hyperbolized
> > accounts valorizing crypto to armor info-warriors.
> >
> > Perhaps more capable assessment is being done and will
> > be made public in a credible fashion instead of the goofy
> > call for debate before much is known beyond rhetoric and
> > hype. The heavy-handed redactions suggest official advice
> > threats and culling, and do not augur well for seeing the rest.
> >
> > Stupid claims of hiding the collection, insurance as stupid as
> > that of WikiLeaks, stupidly sending some or all of it to other
> > parties, come across as patent dissimulation of the comsec
> > advertising type.
> >
> > Comsec is now a fat mark-up of junk, espoused by stupid
> > comsec advisers to journalists as if a saintly medallion to
> > stop a bullet.
> >
> >

——————–
25.10.2013, JD

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: