PRISM

[Adak]

And the judge singled out the oft-cited precedent case, always used to justify intrusive measures by the gov't, and said it was obsolete (which it should be, it was written 30 years ago, when our technology was much different than now).

Well done, Federal Judge Richard Leon!!

[Lamplighter]

Snowden is singing a special song:
"Please pass the salt... I've got a lot of rubbing to do"

Quote:

National Security Agency whistleblower Edward Snowden wrote an open letter
to the people of Brazil published in a Brazilian newspaper on Tuesday.

In the letter, he said he would be willing to help the country
investigate NSA spying on its soil in exchange for political asylum.

Brazil, including President Dilma Rousseff, has been a major target of NSA spying
and has complained vehemently in the international community. Snowden has temporary asylum...

Snowden wants to help Brazil fight NSA surveillance

[Griff]

NSA program stopped no terror attacks, says White House panel member

A member of the White House review panel on NSA surveillance said he was “absolutely” surprised when he discovered the agency’s lack of evidence that the bulk collection of telephone call records had thwarted any terrorist attacks.

Color me less surprised.

[Lamplighter]

Good catch, Griff

[Lamplighter]

It’s already in Wikipedia (here), and was reported as an "exclusive" by Reuters on 12/20/13,
but here is a shorter version:

Mother Jones
Kevin Drum
Dec. 21, 2013

NSA Paid Security Company to Adopt Weakened Encryption Standards

Quote:

Undisclosed until now was that RSA received $10 million in a deal that set
the NSA formula as the preferred, or default, method for number generation
in [ RSA Security LLC's ] BSafe software, according to two sources familiar with the contract.

Although that sum might seem paltry, it represented more than a third of the revenue
that the relevant division at RSA had taken in during the entire previous year, securities filings show.

....Most of the dozen current and former RSA employees interviewed said that
the company erred in agreeing to such a contract, and many cited RSA's corporate evolution
away from pure cryptography products as one of the reasons it occurred.

But several said that RSA also was misled by government officials,
who portrayed the formula as a secure technological advance.
"They did not show their true hand," one person briefed on the deal said of the NSA,
asserting that government officials did not let on that they knew how to break the encryption.

However, the Wiki version speaks more along the lines that the "random number generator"
that was preferred by NSA was already well known among cryptologists as being one that could be broken
... and so leaves the impression that the RSA cryptologists knew, or should have known,
what was involved for the $10 million contract.

.

[Lamplighter]

So, who do you believe...

Cruxialcio
Antone Gonsalves
December 23, 2013

RSA Denies Hobbling Encryption Software For NSA

Quote:

RSA has strongly denied a report that it was paid to embed in encryption software-
flawed technology that would have enabled the U.S. National Security Agency to break into computer products.
Reuters reported Dec. 20 that the NSA paid the influential security vendor $10 million
to provide its customers with the agency-developed encryption formula
that would create a backdoor in products.

RSA, a unit of EMC, reportedly used the technology in BSAFE,
which is software embedded in commercial applications to secure data.
On Dec. 22, RSA posted a statement that said,
"We categorically deny this allegation."

While acknowledging it worked with the NSA, RSA said it never
kept the relationship secret and often publicized it.
"Our explicit goal has always been to strengthen commercial and government security," RSA said.

RSA said its decision in 2004 to use Dual EC DRBG in BSAFE was in the context of
an industry-wide effort to build stronger methods of encryption into products.
At the time, the NSA had a trusted role in the security industry.

The flawed algorithm was one of multiple choices customers had in BSAFE toolkits, RSA said.
Approval of the standard made it a valuable tool in meeting
government requirements for information technology products.
RSA continued to offer Dual EC DRBG in its product until NIST recommended in September of this year
that the algorithm no longer be used, because it had been compromised.

Quote: