Really? It seems to me like it's key to pro-mass-surveillance people's support for the "collect it all" approach - and for key escrow schemes in particular. And it ties into the VEP discussions as well.
Oh look, here's Nicholas Weaver on Lawfare making a very similar point about vulnerability disclosures:
"How is NSA changing the equities process now that "someone stealing the NSA's tools" has to be explicitly included in the threat model? Previously, equities calculations generally relied on the probability that someone else might independently discover and exploit a vulnerability. How does this calculation change when the NSA's own tools might be stolen, without detection? Is there a policy on what to do when the NSA knows that their tools are compromised?"
I don't know what our beliefs about key escrow have to do with the reality that NSA's "impenetrability" isn't part of the prevailing narrative. Among experts, the gauge on NSA is trending strongly towards "clownshoes".
Most on hacker news or security twitter or slashdot or whatever would agree that the NSA has serious vulnerabilities and have terrible policies/practices, but the narrative being pushed to the average american via the usual channels is most assuredly that the NSA is infallible (or that it's only fallible due to pesky things like privacy).
This article is on Reuters, which means it wasn't meant for people who know what elliptic curves are, it was meant for people who still call Comcast to restart their router. Given that, I think it's safe to say there's a distinct narrative being pushed here where it's heavily implied that leakers are the main threat to the NSA's security.
I didn't say they were mutually exclusive; that is also a rebuttal to an argument nobody is making. I'm saying they're orthogonal to the question of who's responsible for leaking these NSA tools.
I think this subthread is pretty clearly about the predominant narrative concerning the NSA and how this article plays into that (regardless of who actually is "leaking" it), I was responding to the discussion around your statement of:
> "The NSA is impenetrable" is not and was not the prevailing narrative, to say the least.
The ''reality'' is that proponents of key escrow solution (and the "collect it all") approach have consistently made the assumption that intelligence agencies are able to protect the keys and data. The impenetrability is so deeply a part of their narrative that it's not even discussed. The cost/benefit analyses are very different if you assume that adversaries are likely to get access to any information our government collects.
I'm not interested in your reasons for opposing key escrow, if only because I think key escrow is stupid also, as does literally every expert I have ever talked to in my career.
Our opinions about key escrow have nothing to do with whether Russia hacked an NSA staging server, or another leaker inside NSA is behind the leak.
I don't really know how to respond to this. Paraphrasing this conversation so far:
tptacek: "The NSA is impenetrable" is not and was not the prevailing narrative, to say the least."
me: I disagree; it's part of the narrative that pro-surveillance people use to support things like "collect it all" and key escrow
tptacek: I don't understand what our beliefs about key escrow have to do with the narrative
me: explains again what you're missing about how this relates to the pro-key-escrow (and more generally pro-mass-surveillance) narrative
tptacek: everybody agrees key escrow is stupid, and our opinions about key escrow have nothing to do with things that you weren't discussing like where the leak came from
me: hmm ...
It's almost like you're trying not to hear what I'm saying.
OK, one more try.
If all the experts you talk to are against key escrow, why do pro-mass-surveillance folks keep proposing it? They see the tradeoffs differently. And why's that? One reason is that the stories they tell about why it's a net positive have the underlying assumption that there's not a significant risk of they keys being compromised. Conversely and when opponents of key escrow tell stories about the potential downsides if the keys are compromised, proponents downplay this as a risk.
> It's almost like you're trying not to hear what I'm saying.
Perhaps because what you're saying is/sounds off-topic? Basically it amounts to "some (pro-mass-surveillance) folks propose X because Y". Even if that's true, so what? To repeat the GP, this has nothing to do with whether Russia hacked an NSA staging server, or another leaker inside NSA is behind the leak.
Sigh. Try reading the thread again, starting with 'tptacek's comment that ""The NSA is impenetrable" is not and was not the prevailing narrative, to say the least."
Hell, large parts of HN seem to believe this. No amount of shitty PowerPoint, terrible Java Enterprise(TM) desktop apps and outdated open source software with extra functionality hacked in seems to convince people otherwise.
This may be a case where your security industry experience works against you. I'm not sure the average US citizen doesn't believe that the NSA is so well guarded that the only threat with what they do is corruption and inside actors.
Do we have any polls on this? I don't trust people involved in the computer industry to necessarily have views that conform to the average person with regard to this, and the media all have narratives they would like to put forth, but none of them necessarily have to conform to reality.
What they're _planning_ is not relevant. What matters is whether they're competent enough to keep such keys secure. (Such as by not allowing malicious actors to get copies of them.)
What is relevant is that they are demonstrably _not_ competent.
You don't think the relative attack surface of two classes of machine is relevant? Are "they" (the tailored access division) going to be in charge of safeguarding the keys?
