The fact that this guy openly brags about selling out his customers to a three letter agency just because they said pretty please is reason enough to never buy anything he is selling, ever.
The fact that this guy openly brags about selling out his customers to a three letter agency just because they said pretty please is reason enough to never buy anything he is selling, ever.
If he didn't get paid to write this he's a sucker.
I’ve never been to the NSA, and for all I know, they sell those cups in the gift shop. But to me it doesn’t matter. This cup is a reminder of something bad that never happened, and I played a small role in that.
If he didn't get paid to write this he's a sucker.
I'm trying to craft a scenario in my mind where it's totally reasonable for him to distribute the source at no detriment to the existing userbase, and I can't find one. Maybe Dave was able to say...
I'm trying to craft a scenario in my mind where it's totally reasonable for him to distribute the source at no detriment to the existing userbase, and I can't find one. Maybe Dave was able to say all the right things in this call that convinced this dude, but what about every situation thereafter? They're now equipped to use their knowledge for whatever they want, no matter the gravity of the scenario.
Yesteryears: NSA calls you on the phone about which you can talk about and you get a nice Thank You card and mug Today: NSA serves you a National Security Letter/Order and you cannot talk about...
Yesteryears: NSA calls you on the phone about which you can talk about and you get a nice Thank You card and mug
Today: NSA serves you a National Security Letter/Order and you cannot talk about the missive or about any conversation with the NSA, even to your own attorney, under penalty of being sequestered into secret detention of unspecified duraction without effective judicial review. Oh, and if you do not cooperate, I guess it's anyone's guess what will happen to you.
What happened in between these two time period? 9/11 and forfeiture of much of our liberty.
Egad. Clearly, Averich didn't disclose to his customers at the time that the NSA suddenly had the full source code to his program - do you think other encryption vendors have fallen for the same...
Egad. Clearly, Averich didn't disclose to his customers at the time that the NSA suddenly had the full source code to his program - do you think other encryption vendors have fallen for the same nonsense?
Totally correct, but human error is always a factor. There have been serious issues that have gone undiscovered for years even in very well reviewed software, and I have no doubt that the NSA is...
Totally correct, but human error is always a factor. There have been serious issues that have gone undiscovered for years even in very well reviewed software, and I have no doubt that the NSA is skilled at spotting these errors.
It's the exact argument for why encryption software should be open source - allowing the community to catch the bugs before they are exploited. The fewer people with access to the code, the more likely that an unnoticed vulnerability remains.
I'm not disputing the math - the more likely outcome is the provision of maliciously edited code redistributed as legitimate. Back in 2000, at least, it wasn't necessarily widespread good practice...
I'm not disputing the math - the more likely outcome is the provision of maliciously edited code redistributed as legitimate. Back in 2000, at least, it wasn't necessarily widespread good practice to provide hashes for verification.
probably most of them - this is probably a common ploy by the agency to gather resources for their work - I wouldn't doubt there's a special team set up to fish people out of their IP when it...
probably most of them - this is probably a common ploy by the agency to gather resources for their work - I wouldn't doubt there's a special team set up to fish people out of their IP when it come's to security - and they don't have to leave any trail through the courts
Well, you probably took a flight, first of all. Guaranteed they can access flight records easily. Then there are probably traffic cameras, or even just the fact that your family lives in Bristol,...
how the hell did Dave track me down 3,000 miles away from home after midnight on that hot summer’s eve in Bristol, Connecticut?
Well, you probably took a flight, first of all. Guaranteed they can access flight records easily. Then there are probably traffic cameras, or even just the fact that your family lives in Bristol, to help narrow things down further. If your family picked you up at the airport, then a camera will likely pick that up, and if you took a cab or a rental car, a transaction or call record will show up reflecting it for that area. Even though this was 18 years ago, none of this would have been difficult for the NSA.
Seriously, how the fuck would they not be able to track you down?
I think the biggest problem is that he's conflating two very different scenarios: trying to track down someone's identity and trying to track down someone with a specific identity. The former can...
I think the biggest problem is that he's conflating two very different scenarios: trying to track down someone's identity and trying to track down someone with a specific identity. The former can be fairly difficult if the person knows how to cover their tracks and isn't sloppy about it, but the latter is trivial for a three-letter agency that has widespread access to records for everything from flights to phone calls.
I think your severely over estimating the level of technology possible 18 years ago. If they even had video surveillance it would be to cassette tape, and who the hell is going to watch...
I think your severely over estimating the level of technology possible 18 years ago. If they even had video surveillance it would be to cassette tape, and who the hell is going to watch potentially thousands of hours of footage for the off chance they might recognise some guy who can maybe help them in the 30 pixels on the screen, the best computers then don't even hold a candle to a smart phone, forget facial recognition.
Flight record, maybe but again the infrastructure to enable that kind fast of communication would be really limited both by law and technology. It isn't till after 9/11 that that stuff got developed.
My guess is they put out a few calls to people in his life, enough to just call his home phone, no one picks up, so you try a family member, brother is a pretty reasonable assumption.
No one. After all, flight records and all that. Just find out when the person you want to find was scheduled to land and check the footage from that window of time. The year was 2000. Camera...
. . .who the hell is going to watch potentially thousands of hours of footage. . .
No one. After all, flight records and all that. Just find out when the person you want to find was scheduled to land and check the footage from that window of time.
. . .the off chance they might recognise some guy who can maybe help them in the 30 pixels on the screen. . .
The year was 2000. Camera weren't that terrible. If you could at least pick out the guy getting off the plane, then tracking him throughout the rest of the airport isn't particularly difficult. There's not a terrible amount of effort involved in looking through a known set of maybe 400 people or so, and that number drops when you account for a passenger's sex and whether they're an adult or a child.
. . .the best computers then don't even hold a candle to a smart phone, forget facial recognition.
You don't really need facial recognition for this if you're only trying to track down the one guy. Facial recognition software has only made the task easier than ever.
. . .the infrastructure to enable that kind fast of communication would be really limited both by law and technology. It isn't till after 9/11 that that stuff got developed.
The law hasn't stopped a three-letter agency in the past. As far as technology, a network of people on the ground, security cameras in airports, and a few phones are all it really takes if you want to remain fairly low tech, and that's not accounting for the very real possibility of our government having tech that wasn't available to your average person. Some of the infrastructure could very well have been in place and simply expanded upon during the post-9/11 hysteria.
My guess is they put out a few calls to people in his life, enough to just call his home phone, no one picks up, so you try a family member, brother is a pretty reasonable assumption.
That's a very real possibility as well, I'll give you that.
With all of the above being said, I'm not trying to suggest that any particular technologies were being used. I just wanted to illustrate that a government agency of the level of the NSA will generally have the resources to track you down if they know who they're looking for, their specific methods being irrelevant to the matter, particularly if you're not actively trying to hide your whereabouts. They could just throw money at sending a bunch of people out with cell phones to do the leg work of collecting data and reporting back and that would very likely suffice for finding your average person.
The gist of what I'm getting at is this: resources and authority will tend to go a long, long way, technology notwithstanding.
I though this was hilarious, and what a story. Frankly I really don't see anyone refusing a request like that, especially 18 years ago before all this distrust.
I though this was hilarious, and what a story. Frankly I really don't see anyone refusing a request like that, especially 18 years ago before all this distrust.
The fact that this guy openly brags about selling out his customers to a three letter agency just because they said pretty please is reason enough to never buy anything he is selling, ever.
If he didn't get paid to write this he's a sucker.
Seriously. Why did he think writing this article was a good idea? Confirmed bootlicker.
I'm trying to craft a scenario in my mind where it's totally reasonable for him to distribute the source at no detriment to the existing userbase, and I can't find one. Maybe Dave was able to say all the right things in this call that convinced this dude, but what about every situation thereafter? They're now equipped to use their knowledge for whatever they want, no matter the gravity of the scenario.
Yesteryears: NSA calls you on the phone about which you can talk about and you get a nice Thank You card and mug
Today: NSA serves you a National Security Letter/Order and you cannot talk about the missive or about any conversation with the NSA, even to your own attorney, under penalty of being sequestered into secret detention of unspecified duraction without effective judicial review. Oh, and if you do not cooperate, I guess it's anyone's guess what will happen to you.
What happened in between these two time period? 9/11 and forfeiture of much of our liberty.
Egad. Clearly, Averich didn't disclose to his customers at the time that the NSA suddenly had the full source code to his program - do you think other encryption vendors have fallen for the same nonsense?
Totally correct, but human error is always a factor. There have been serious issues that have gone undiscovered for years even in very well reviewed software, and I have no doubt that the NSA is skilled at spotting these errors.
It's the exact argument for why encryption software should be open source - allowing the community to catch the bugs before they are exploited. The fewer people with access to the code, the more likely that an unnoticed vulnerability remains.
I'm not disputing the math - the more likely outcome is the provision of maliciously edited code redistributed as legitimate. Back in 2000, at least, it wasn't necessarily widespread good practice to provide hashes for verification.
probably most of them - this is probably a common ploy by the agency to gather resources for their work - I wouldn't doubt there's a special team set up to fish people out of their IP when it come's to security - and they don't have to leave any trail through the courts
Well, you probably took a flight, first of all. Guaranteed they can access flight records easily. Then there are probably traffic cameras, or even just the fact that your family lives in Bristol, to help narrow things down further. If your family picked you up at the airport, then a camera will likely pick that up, and if you took a cab or a rental car, a transaction or call record will show up reflecting it for that area. Even though this was 18 years ago, none of this would have been difficult for the NSA.
Seriously, how the fuck would they not be able to track you down?
I think the biggest problem is that he's conflating two very different scenarios: trying to track down someone's identity and trying to track down someone with a specific identity. The former can be fairly difficult if the person knows how to cover their tracks and isn't sloppy about it, but the latter is trivial for a three-letter agency that has widespread access to records for everything from flights to phone calls.
I think your severely over estimating the level of technology possible 18 years ago. If they even had video surveillance it would be to cassette tape, and who the hell is going to watch potentially thousands of hours of footage for the off chance they might recognise some guy who can maybe help them in the 30 pixels on the screen, the best computers then don't even hold a candle to a smart phone, forget facial recognition.
Flight record, maybe but again the infrastructure to enable that kind fast of communication would be really limited both by law and technology. It isn't till after 9/11 that that stuff got developed.
My guess is they put out a few calls to people in his life, enough to just call his home phone, no one picks up, so you try a family member, brother is a pretty reasonable assumption.
No one. After all, flight records and all that. Just find out when the person you want to find was scheduled to land and check the footage from that window of time.
The year was 2000. Camera weren't that terrible. If you could at least pick out the guy getting off the plane, then tracking him throughout the rest of the airport isn't particularly difficult. There's not a terrible amount of effort involved in looking through a known set of maybe 400 people or so, and that number drops when you account for a passenger's sex and whether they're an adult or a child.
You don't really need facial recognition for this if you're only trying to track down the one guy. Facial recognition software has only made the task easier than ever.
The law hasn't stopped a three-letter agency in the past. As far as technology, a network of people on the ground, security cameras in airports, and a few phones are all it really takes if you want to remain fairly low tech, and that's not accounting for the very real possibility of our government having tech that wasn't available to your average person. Some of the infrastructure could very well have been in place and simply expanded upon during the post-9/11 hysteria.
That's a very real possibility as well, I'll give you that.
With all of the above being said, I'm not trying to suggest that any particular technologies were being used. I just wanted to illustrate that a government agency of the level of the NSA will generally have the resources to track you down if they know who they're looking for, their specific methods being irrelevant to the matter, particularly if you're not actively trying to hide your whereabouts. They could just throw money at sending a bunch of people out with cell phones to do the leg work of collecting data and reporting back and that would very likely suffice for finding your average person.
The gist of what I'm getting at is this: resources and authority will tend to go a long, long way, technology notwithstanding.
I though this was hilarious, and what a story. Frankly I really don't see anyone refusing a request like that, especially 18 years ago before all this distrust.