90.9 WBUR - Boston's NPR news station
Top Stories:
PLEDGE NOW
NSA Chief Speaks At Black Hat

After Bradley Manning and Edward Snowden and Congressional push back, NSA Chief Gen. Keith Alexander speaks to Black Hat, a conference for security professionals.

The gusher of news on the NSA and surveillance keeps coming. This week, one of the keenest audiences is in Las Vegas: hackers and security geeks and execs. Lots of them. At the conferences called Black Hat and DEF CON, where hacker T-shirts say “Hack Naked” and “Stay Anonymous.”

The NSA needs these people. They are the talent, the American cyber pros.

While hearings in Washington banged on the NSA and more news was leaked, the head of the NSA came to Vegas to appeal to the pros.

Up next On Point: NSA surveillance and the hacker perspective.

– Tom Ashbrook

Guests

Kim Zetter, senior reporter for Wired covering cybercrime, civil liberties, privacy and security. (@KimZetter)

Alan Butler, privacy advocate and attorney for the Electronic Privacy Information Center. (@AlanInDC)

Moxie Marlinspike, computer security researcher and co-founder and former chief technology officer for Whisper Systems, which provides mobile apps for security and privacy. (@moxie)

Interview Highlights

Moxie Marlinspike on balancing freedom and privacy:

People tend to try and frame this in terms of a balance between freedom and privacy, to the extent that that’s true. I think the problem is that people like the NSA are not incentivized to be looking for that balance. They are working on things that are built out of careers, billions in revenue, enormous defense contracts. It’s this giant steam roller that is not actually looking for balance.

Alan Butler on the Senate FISA hearing:

What we’re dealing with in the Senate hearing [on July 31, 2013] … is that Congressional leaders are shocked at the extent of this program, specifically the metadata program. And that’s a sign that we don’t have enough push back, that we don’t have enough public knowledge about how these systems work in order to make sure that they’re complying with the law and to make sure we can keep them in check.

Kelly Zetter on company push back and transparency of the courts:

There’s a danger in lumping all companies together. There are companies that are not bothered by this at all and take the view that they need to help the NSA protect the country.

But I think that there are some significant companies (particularly technology companies) that have tried to fight and push back. We don’t know the full extent of these activities.

We had an interesting peek at this recently with some documents that came out regarding Yahoo. Yahoo had attempted to fight a court order back in 2008 seeking collection of data. They cited the Fourth Amendment; they cited a number of issues. And in that case, the judge forced Yahoo to comply … the judge said that the government had assured her that it would not maintain a database of incidentally collected info from non-targeted U.S. persons. In fact, we now know that’s not true. And the XKeystore talks about this database of information that of course is going to include incidentally collected information on Americans.

This goes to speak to the transparency of the courts. We don’t know full extent of what has gone on there. We don’t know how many companies have tried to fight this. We know that they’ve been unsuccessful. I believe that there are companies that are pushing back, but we just don’t know the extent of this because this is all secret.

Marlinspike on the changing way hackers fit into society:

It’s not clear what our cultural norms really are. In some ways, I think we are operating based on a cultural context in the ’90s or whenever the hacker community really coalesced. And that context has changed. I think it’s time for us to re-evaluate. What are the things that we value? What are the things that we want to encourage?

Marlinspike on hackers selling security vulnerabilities:

Hackers and people from this community do a tremendous amount of security research and publish their results, which oftentimes allows those vulnerabilities to be addressed. At the same time, however, there are many people now who have started selling their security research in private. So, for instance, there are people that find vulnerabilities in things like your cell phone or programs that run on your computer or the servers of major web providers. And instead of publicly disclosing them or working with the vendors to fix them, they sell that information to brokers for a lot of money. And, for the most part, those are then turned around and sold to governments … the people selling the vulnerabilities usually don’t have the visibility as to where they go. In all cases, they’re used in the same way, generally offensively by governments in order to gain access to people’s computers, the servers of major providers and things like that.

Video

“Top federal security chiefs from the NSA, FBI, Office of National Intelligence and the Justice Department go before the Senate Judiciary Committee to discuss the FISA surveillance program. A legal panel also testifies on constitutional protections.”

From Tom’s Reading List

Wired: Buffeted By New Disclosures, NSA Chief Defends Surveillance Programs At Black Hat: “Facing occasional hecklers from the audience, Alexander asserted that the surveillance programs have been mischaracterized by the media and others and that as a result the reputation of NSA workers has been tarnished. Extensive oversight from Congress and the courts, as well as technical protections in place — including internal auditing — prevent NSA workers from abusing their surveillance capabilities.”

PC Magazine: Black Hat 2013: NSA Chief Reveals Details About PRISM As Hecklers Call Him a Liar: “The Section 215 Authority, the business records program, collects only telephone metadata and is used only for counterterrorism purposes, Alexander said. The NSA collects the data and time of the call, the phone number initiating the call and the number of the recipient, the duration of the call, and the source and site of the call—such as carrier name. The NSA does “not collect the content of the communications,” such as recording the calls or intercepting the SMS messages. Identifying information such as names, addresses, or credit card information, are not collected. Location data is also not used.”

Slate: One Major Hacker Conference Bans The Feds. Another Welcomes Them: “Two of the largest, most well-known information security conventions, DEF CON and Black Hat, have decided to take very different approaches to how they will interact with representatives of federal agencies (who, in the past, have regularly attended and spoken at these events) … The difference in opinions about socializing with feds can, in large part, be tallied up to economics.”

Please follow our community rules when engaging in comment discussion on this site.
ONPOINT
TODAY
Oct 31, 2014
Nurse Kaci Hickox, right, and her boyfriend, Ted Wilbur are followed by a Maine State Trooper as they ride bikes on a trail near her home in Fort Kent, Maine, Thursday, Oct. 30, 2014.  (AP)

Quarantines and Ebola. An exploding rocket. Apple’s CEO comes out. Hawaiian lava flows. Midterms in the home stretch. Our weekly news roundtable goes behind the headlines.

Oct 31, 2014
Doc Sportello (Joaquin Phoenix) and Sauncho Smilax (Beninico del Toro) share a drink in a scene from the upcoming Paul Thomas Anderson film, "Inherent Vice," an adaptation of the Thomas Pynchon novel of the same name. (Courtesy Warner Bros. Entertainment)

from “Interstellar” to “Into the Woods.” The biggest and best movies of the fall and holiday seasons. What to see, what to skip.

RECENT
SHOWS
Oct 30, 2014
Soylent is a new meal-replacement substance meant to offer a complete nutritional alternative to traditional food. (Courtesy Soylent)

Soylent is a grey smoothie the consistency of pancake batter that claims it can replace all your food. On a crowded planet, is this the future of food? Plus: what does the Antares rocket crash mean for private space travel?

 
Oct 30, 2014
Realtor Helen Hertz stands in front of one of her listings in Cleveland Heights, Ohio Friday, Oct. 24, 2014. Hertz, a real estate agent for more than three decades, has seen firsthand what has happened to the market in the wake of the recession and foreclosure crisis. (AP)

Home ownership rates are at a 20-year low. Millennials and more aren’t buying. We’ll look at what American’s think now about owning a home.

On Point Blog
On Point Blog
A Bit More On The History Of Quarantine
Thursday, Oct 30, 2014

So this whole quarantine thing — why to do it, when to do it, and when to just say no.

More »
Comment
 
The Explicast, Episode Two: Why Is Election Day On A Tuesday?
Friday, Oct 24, 2014

The Explicast is back for another round. This time, we’re looking at Election Day, and why we all keep voting on a random Tuesday in early November.

More »
2 Comments
 
Our Week In The Web: October 24, 2014
Friday, Oct 24, 2014

On comments, comment sections, and ROY G BIV.

More »
Comment