The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials.
By tapping those links, the agency has positioned itself to collect at will from hundreds of millions of user accounts, many of them belonging to Americans. The NSA does not keep everything it collects, but it keeps a lot.
Remember, they said they didn't do that and only collected data under "valid" FISA court warrants.
They cheated by tapping links outside the US. And since Google and Yahoo, along with others, are firms with international data centers but mirror data all over the place (for both performance and redundancy reasons) voila -- they got it all.
These people need to be shut down -- completely.
Not so much because they spy on other nations and people in other countries but because they repeatedly lie about their operations to the US Congress and the American people, and their "craft" extends to Americans in America and data owned by Americans -- and that, without a valid warrant, is flatly illegal.
Never mind the immediate (and possibly terminal) harm done to American vendors of such services in the International marketplace.
U.S. debt jumped a record $328 billion on Thursday, the first day the federal government was able to borrow money under the deal President Obama and Congress sealed this week.
In other words Treasury stole $328 billion from May through October, most of it from Federal worker retirement accounts (TSP holdings) and Social Security/Medicare transfers that should have happened to "make good" while the US stood at the debt ceiling.
I note that when you have a 401k or other retirement plan the holder of those funds is a fiduciary. Now I'm sure there is some fine-point legalese that allows Treasury to do this, but the fact remains that if you or I did it in the private sector we'd go to prison.
Further, the fact remains that the Federal Government was factually out of money in May, not October, and Congress did exactly nothing about your money being stolen, nor did anyone get indicted for it.
Treasury's name for this is "extraordinary measures." The common man's name for it is theft.
If I steal your car but later bring it back, it is still grand theft -- and a felony.
This sort of crap is outrageous and should be absolutely barred. Nobody holding funds for someone else should be able to steal them, even temporarily, under this sort of guise and then claim that they did nothing wrong.
The latest indication of the haphazard way in which Healthcare.gov was developed is the uncredited use of a copyrighted web script for a data function used by the site, a violation of the licensing agreement for the software.
That's called stealing and in addition it is the very same government that passes (and the enforces!) anti-piracy laws itself.
But the government? Oh they just steal.
Right out in the open, where everyone can see it.
Now why is it that you shouldn't steal once again, especially from the government, when the people who claim such is "illegal" (said government) do it themselves?
A two-year investigation by the Senate Permanent Subcommittee on Investigations has found widespread fraud in the Social Security Administration's Disability Program.
The fraud is so rampant, and disability cases have so proliferated in recent years, that the Social Security's Disability Trust Fund may run out of money in only 18 months, says Sen. Tom Coburn, R-Okla., whose office undertook the investigation.
It took an investigation to figure this out?
Disability numbers have skyrocketed since 2007. You want to somehow sell someone on the idea that there was some sort of magical change that happened when the recession hit to cause this? People suddenly became disabled that formerly were not?
Oh do come on. Coburn's so-called "investigation" may be valid (it is) but the real outrage is that it took anything other than a quick look at the numbers to determine that this has become the latest way for people to loot others -- specifically, the taxpayers.
The real problem is that looting has become such a sport in this country that I am no longer surprised by any of it. We have had banksters, the entire medical system and colleges ripping people off for decades and the lack of prosecutions along with the passage of "special privileges" under the law to prevent future prosecution has led people to conclude that if they're gonna do it, so am I if I can find a way to get away with it.
Well, they found a way, at least so far.
I don't believe for one second that the people who have scammed the system (and that would be, I suspect, the majority of them who were "added" since 2007) will be shut down and prosecuted for their false claims.
After all, it's a nice way to "goose" the economy to hand them money to spend when they are otherwise unwilling -- but not unable -- to get off their ass and go to work.
Here you go folks -- and again, I get to use this sign:
By July 9, Lavabit still hadn’t defeated its security for the government, and prosecutors asked for a summons to be served for Lavabit, and founder Ladar Levison, to be held in contempt “for its disobedience and resistance to these lawful orders.”
A week later, prosecutors upped the ante and obtained the search warrant demanding “all information necessary to decrypt communications sent to or from the Lavabit email account [redacted] including encryption keys and SSL keys.”
There it is.
They wanted the SSL private key. Without it they can't decrypt ****. With it, for many (non-modern) browsers, they not only can decrypt messages in real time (by intercepting the setup "in the middle") they can retrospectively decrypt anything they stored previously as many browsers and other connecting devices do not use perfect forward secrecy.
What is that? It's a rather obscure bit of cryptographic tech-speak and has to do with how session keys are negotiated. Without it the secret key of the server can be used to retrospectively decrypt any traffic that was previously sent. This is much like how PGP operates -- if you get my Secret Key you can decrypt any message sent to me using the public key half no matter when it was sent.
Perfect Forward Secrecy uses the private key to negotiate a session key that is deliberately stored only in volatile memory and erased when the session's transmission ends. Since the actual secret key is not used other than in this negotiation and the details of that negotiation are intentionally destroyed when the session has ended compromise of the secret key does not help you decode previous transmissions.
It does, of course, allow you to intercept (by going "in the middle") any future transmissions.
Here's the rub -- many browsers and most commercial services, including most banks and other financial institutions, do not implement PFS. Without it if "someone" (say, the NSA) has a copy of an encrypted transmission and later gets ahold of the secret key they can decrypt the transmission retrospectively.
So what did we learn from Lavabit?
Security? What's that? Oh by the way, if you're in a sensitive commercial environment (think securities, compliance in the financial realm, HIPPA, etc) this means that if (when) that secret key leaks from the government (Snowden anyone?) you're ****ed as that compromise extends to anyone who has that key and if PFS was not in use it is retrospective all the way back to first use if the traffic was logged.
The key point in all of this when it comes to "capability", however, remains as I have asserted:
Once again we have hard evidence that these NSA guys are not smarter than everyone else. They do not have the smartest guys in the room, and thus do not have a "braintrust" advantage sufficient to get what they want.
They're just plain old-fashioned jackbooted thugs who shove guns up people's noses to get what they're after, including spying on Americans, and we the people allow that crap to go on since we enable this **** through our Congress and payment of taxes.
Where We Are, Where We're Heading (2013) - The annual 2013 Ticker
The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.
NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.
The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.
Looking for "The Best of Market Ticker"? Check out Ticker Classics.
Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.
The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.
Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.