PLEDGE NOW
NSA Chief Speaks At Black Hat

After Bradley Manning and Edward Snowden and Congressional push back, NSA Chief Gen. Keith Alexander speaks to Black Hat, a conference for security professionals.

The gusher of news on the NSA and surveillance keeps coming. This week, one of the keenest audiences is in Las Vegas: hackers and security geeks and execs. Lots of them. At the conferences called Black Hat and DEF CON, where hacker T-shirts say “Hack Naked” and “Stay Anonymous.”

The NSA needs these people. They are the talent, the American cyber pros.

While hearings in Washington banged on the NSA and more news was leaked, the head of the NSA came to Vegas to appeal to the pros.

Up next On Point: NSA surveillance and the hacker perspective.

– Tom Ashbrook

Guests

Kim Zetter, senior reporter for Wired covering cybercrime, civil liberties, privacy and security. (@KimZetter)

Alan Butler, privacy advocate and attorney for the Electronic Privacy Information Center. (@AlanInDC)

Moxie Marlinspike, computer security researcher and co-founder and former chief technology officer for Whisper Systems, which provides mobile apps for security and privacy. (@moxie)

Interview Highlights

Moxie Marlinspike on balancing freedom and privacy:

People tend to try and frame this in terms of a balance between freedom and privacy, to the extent that that’s true. I think the problem is that people like the NSA are not incentivized to be looking for that balance. They are working on things that are built out of careers, billions in revenue, enormous defense contracts. It’s this giant steam roller that is not actually looking for balance.

Alan Butler on the Senate FISA hearing:

What we’re dealing with in the Senate hearing [on July 31, 2013] … is that Congressional leaders are shocked at the extent of this program, specifically the metadata program. And that’s a sign that we don’t have enough push back, that we don’t have enough public knowledge about how these systems work in order to make sure that they’re complying with the law and to make sure we can keep them in check.

Kelly Zetter on company push back and transparency of the courts:

There’s a danger in lumping all companies together. There are companies that are not bothered by this at all and take the view that they need to help the NSA protect the country.

But I think that there are some significant companies (particularly technology companies) that have tried to fight and push back. We don’t know the full extent of these activities.

We had an interesting peek at this recently with some documents that came out regarding Yahoo. Yahoo had attempted to fight a court order back in 2008 seeking collection of data. They cited the Fourth Amendment; they cited a number of issues. And in that case, the judge forced Yahoo to comply … the judge said that the government had assured her that it would not maintain a database of incidentally collected info from non-targeted U.S. persons. In fact, we now know that’s not true. And the XKeystore talks about this database of information that of course is going to include incidentally collected information on Americans.

This goes to speak to the transparency of the courts. We don’t know full extent of what has gone on there. We don’t know how many companies have tried to fight this. We know that they’ve been unsuccessful. I believe that there are companies that are pushing back, but we just don’t know the extent of this because this is all secret.

Marlinspike on the changing way hackers fit into society:

It’s not clear what our cultural norms really are. In some ways, I think we are operating based on a cultural context in the ’90s or whenever the hacker community really coalesced. And that context has changed. I think it’s time for us to re-evaluate. What are the things that we value? What are the things that we want to encourage?

Marlinspike on hackers selling security vulnerabilities:

Hackers and people from this community do a tremendous amount of security research and publish their results, which oftentimes allows those vulnerabilities to be addressed. At the same time, however, there are many people now who have started selling their security research in private. So, for instance, there are people that find vulnerabilities in things like your cell phone or programs that run on your computer or the servers of major web providers. And instead of publicly disclosing them or working with the vendors to fix them, they sell that information to brokers for a lot of money. And, for the most part, those are then turned around and sold to governments … the people selling the vulnerabilities usually don’t have the visibility as to where they go. In all cases, they’re used in the same way, generally offensively by governments in order to gain access to people’s computers, the servers of major providers and things like that.

Video

“Top federal security chiefs from the NSA, FBI, Office of National Intelligence and the Justice Department go before the Senate Judiciary Committee to discuss the FISA surveillance program. A legal panel also testifies on constitutional protections.”

From Tom’s Reading List

Wired: Buffeted By New Disclosures, NSA Chief Defends Surveillance Programs At Black Hat: “Facing occasional hecklers from the audience, Alexander asserted that the surveillance programs have been mischaracterized by the media and others and that as a result the reputation of NSA workers has been tarnished. Extensive oversight from Congress and the courts, as well as technical protections in place — including internal auditing — prevent NSA workers from abusing their surveillance capabilities.”

PC Magazine: Black Hat 2013: NSA Chief Reveals Details About PRISM As Hecklers Call Him a Liar: “The Section 215 Authority, the business records program, collects only telephone metadata and is used only for counterterrorism purposes, Alexander said. The NSA collects the data and time of the call, the phone number initiating the call and the number of the recipient, the duration of the call, and the source and site of the call—such as carrier name. The NSA does “not collect the content of the communications,” such as recording the calls or intercepting the SMS messages. Identifying information such as names, addresses, or credit card information, are not collected. Location data is also not used.”

Slate: One Major Hacker Conference Bans The Feds. Another Welcomes Them: “Two of the largest, most well-known information security conventions, DEF CON and Black Hat, have decided to take very different approaches to how they will interact with representatives of federal agencies (who, in the past, have regularly attended and spoken at these events) … The difference in opinions about socializing with feds can, in large part, be tallied up to economics.”

Please follow our community rules when engaging in comment discussion on this site.
ONPOINT
TODAY
May 25, 2015
New York Times columnist David Brooks explores a history of American moral character in his new book, "The Road to Character." Former US Labor Secretary Frances Perkins (R), is one of the subjects he profiles in his books. (David Burnett / AP)

New York Times columnist David Brooks on finding moral character in a self-preoccupied society.

May 25, 2015
Violinist Regina Carter warms up in the On Point studio on Friday, October 17. (Robin Lubbock / WBUR)

Regina Carter turns her jazz violin down home with her new album “Southern Comfort.”

RECENT
SHOWS
May 22, 2015
The Barden Bellas, the all-female a cappella group at the center of Pitch Perfect 2. (Richard Cartwright/Universal Pictures via AP)

Pitch Perfect 2 is the number one movie in the country, and it’s over the top on a capella.

 
May 22, 2015
Crashed cars with airbags deployed are shown to visitors as part of the display of Toyota Motor Corp.'s safety performance standards at the automaker's exhibition hall in Toyota, central Japan. (Shuji Kajiyama/AP)

ISIS rolls on. A TPP vote. Biggest recall ever – airbags. And Letterman’s last bow. Our weekly news roundtable goes behind the headlines.

On Point Blog
On Point Blog
A Former Bike Gang Member Explains "The Life"
Tuesday, May 19, 2015

Larry called in from Lawrenceburg, KY and told us he was once a member of the Pagan’s Motorcycle Club, a mid-Atlantic biker gang. He didn’t sugar coat the facts as he explained the draw of the brotherhood and what makes the outlaw motorcycle corner the underworld go round.

More »
Comment
 
Our Week In The Web: May 15, 2015
Friday, May 15, 2015

We cancel a few hours and suddenly all of you get convinced of a global radio conspiracy! Plus, dragon zoos.

More »
1 Comment
 
Caller: ‘It Doesn’t Always Turn Out Okay’
Wednesday, May 13, 2015

One caller shares her own story of an extremely premature birth. Her daughter, born at 22 1/2 weeks in 2012, was taken off life support after seven days.

More »
Comment