>Stupid? Effectively intercepting telecommunications from not only within and with the consent of the 'big players' networks, but also assuring they achieve total surveillance through compromising undersea cables is quite the feat. Storing data until they have the machine power to break encryption strikes me as clever and prudent, not stupid.
the 'stupid' part is that any random contract sysadmin could pull huge amounts of data without setting off any alarms. I mean, this isn't some tiny VPS provider, where you might expect all the admins to have root. This is the fucking NSA. they should have tight control and logging over who accesses what, and if they have a master key, the folks with access to that master key ought to be fully vetted employees, and there ought to be few of those people.
Sure, it's hard to design a system where your sysadmins don't have full access, but not nearly as hard as everything else they've done.
This is what I find so shocking about the leak. We all knew that the government was spying on us. The shocking part is that they don't have any better security than I have when it comes to storing that data.
I mean, this is the leak we know of... how much do you want to bet that someone else has already used this data for personal gain, without the public or even the NSA finding out?
It's one thing to keep all my internet history, and use it for investigations... it's quite another to keep all that data where any random contractor can come in and fish through it without setting off alarms.
No matter what you think about the rightness or wrongness of the spying itself, I think we can all agree that if they must collect data, they must also secure that data, and this leak proves that they have not done so.
the 'stupid' part is that any random contract sysadmin could pull huge amounts of data without setting off any alarms. I mean, this isn't some tiny VPS provider, where you might expect all the admins to have root. This is the fucking NSA. they should have tight control and logging over who accesses what, and if they have a master key, the folks with access to that master key ought to be fully vetted employees, and there ought to be few of those people.
Sure, it's hard to design a system where your sysadmins don't have full access, but not nearly as hard as everything else they've done.
This is what I find so shocking about the leak. We all knew that the government was spying on us. The shocking part is that they don't have any better security than I have when it comes to storing that data.
I mean, this is the leak we know of... how much do you want to bet that someone else has already used this data for personal gain, without the public or even the NSA finding out?
It's one thing to keep all my internet history, and use it for investigations... it's quite another to keep all that data where any random contractor can come in and fish through it without setting off alarms.
No matter what you think about the rightness or wrongness of the spying itself, I think we can all agree that if they must collect data, they must also secure that data, and this leak proves that they have not done so.