https://community.isc2.org/t5/Industry-News/NSA-wants-to-stop-drinking-from-the-fire-hose/m-p/21633#M2665 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1324864413">@rslade</a>&nbsp;wrote:<BR /><P>...</P><P>And ever since, the NSA has been collecting huge amounts of data, most of which doesn't indicate much of anything.&nbsp; Remember cost/benefit analysis?&nbsp; Well, now the NSA wants to stop doing it.&nbsp; Or, at least, stop doing most of it.&nbsp; Because <A href="https://nakedsecurity.sophos.com/2019/04/26/nsa-asks-to-end-mass-phone-surveillance/" target="_blank" rel="noopener">it's just not worth it</A>.</P><P>...</P><P>(Oh, and remember: if you're not doing anything wrong, you have nothing to fear from the gigantic surveillance apparatus that the government is hiding from you ...)</P><HR /></BLOCKQUOTE><P>We must all stay on top of developments in this arena. The NSA has not had a change of heart on mass surveillance; they just made a financial cost/benefit analysis because capturing telephone metadata (which allows comprehensive networking analysis) no longer pays off. The bad guys are no longer relying on telephones; they have shifted to a variety of encrypted internet-based communication tools. Expect national intelligence organizations to push us into a NEW Crypto-Wars discussion. Last year the current FBI director promoted going back to mandatory government monitoring technology in all encrypted systems. That was precisely what the Crypto wars were about.</P><P>&nbsp;</P><P>For supporting watchdogs, I rely on <EM><A href="https://www.eff.org" target="_blank" rel="noopener">EFF</A></EM>, <EM><A href="https://www.eff.org" target="_blank" rel="noopener">EPIC</A></EM>, and occasionally <A href="https://www.aclu.org" target="_blank" rel="noopener">ACLU</A>. I recommend all infosec specialists do the same. I'd be interested in learning what organizations are good for keeping an eye on the EU.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 26 Apr 2019 19:51:59 GMT CraginS 2019-04-26T19:51:59Z https://community.isc2.org/t5/Industry-News/NSA-wants-to-stop-drinking-from-the-fire-hose/m-p/21626#M2664 <P>In the beginning was the 9/11.&nbsp; (Well, actually, in the beginning was the first crypto war, back in the 90s, but ...)&nbsp; And the government said, let there be the P.A.T.R.I.O.T. Act (Providing Appropriate Tools Required to Intercept and Obstruct Terrorism).&nbsp; And there was all kinds of warrantless activity.&nbsp; And the government said, let there be warrantless collection of data about international (and some local) emails and phone calls.&nbsp; And there was bulk metadata collection, and metadata became a new "thing."</P><P>&nbsp;</P><P>And ever since, the NSA has been collecting huge amounts of data, most of which doesn't indicate much of anything.&nbsp; Remember cost/benefit analysis?&nbsp; Well, now the NSA wants to stop doing it.&nbsp; Or, at least, stop doing most of it.&nbsp; Because <A href="https://nakedsecurity.sophos.com/2019/04/26/nsa-asks-to-end-mass-phone-surveillance/" target="_blank" rel="noopener">it's just not worth it</A>.</P><P>&nbsp;</P><P>Lots of things in security sound like maybe a good idea--until you try them.&nbsp; I well remember the trouble Fred Cohen got into when he started teaching his security students how to write viruses, as an exercise in trying to improve security.&nbsp; He doesn't do that any more.&nbsp; His students just didn't learn that much from it.&nbsp; It's not worth it.</P><P>&nbsp;</P><P>&nbsp;</P><P>(Oh, and remember: if you're not doing anything wrong, you have nothing to fear from the gigantic surveillance apparatus that the government is hiding from you ...)</P> Mon, 09 Oct 2023 09:11:29 GMT https://community.isc2.org/t5/Industry-News/NSA-wants-to-stop-drinking-from-the-fire-hose/m-p/21626#M2664 rslade 2023-10-09T09:11:29Z https://community.isc2.org/t5/Industry-News/NSA-wants-to-stop-drinking-from-the-fire-hose/m-p/21633#M2665 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1324864413">@rslade</a>&nbsp;wrote:<BR /><P>...</P><P>And ever since, the NSA has been collecting huge amounts of data, most of which doesn't indicate much of anything.&nbsp; Remember cost/benefit analysis?&nbsp; Well, now the NSA wants to stop doing it.&nbsp; Or, at least, stop doing most of it.&nbsp; Because <A href="https://nakedsecurity.sophos.com/2019/04/26/nsa-asks-to-end-mass-phone-surveillance/" target="_blank" rel="noopener">it's just not worth it</A>.</P><P>...</P><P>(Oh, and remember: if you're not doing anything wrong, you have nothing to fear from the gigantic surveillance apparatus that the government is hiding from you ...)</P><HR /></BLOCKQUOTE><P>We must all stay on top of developments in this arena. The NSA has not had a change of heart on mass surveillance; they just made a financial cost/benefit analysis because capturing telephone metadata (which allows comprehensive networking analysis) no longer pays off. The bad guys are no longer relying on telephones; they have shifted to a variety of encrypted internet-based communication tools. Expect national intelligence organizations to push us into a NEW Crypto-Wars discussion. Last year the current FBI director promoted going back to mandatory government monitoring technology in all encrypted systems. That was precisely what the Crypto wars were about.</P><P>&nbsp;</P><P>For supporting watchdogs, I rely on <EM><A href="https://www.eff.org" target="_blank" rel="noopener">EFF</A></EM>, <EM><A href="https://www.eff.org" target="_blank" rel="noopener">EPIC</A></EM>, and occasionally <A href="https://www.aclu.org" target="_blank" rel="noopener">ACLU</A>. I recommend all infosec specialists do the same. I'd be interested in learning what organizations are good for keeping an eye on the EU.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 26 Apr 2019 19:51:59 GMT https://community.isc2.org/t5/Industry-News/NSA-wants-to-stop-drinking-from-the-fire-hose/m-p/21633#M2665 CraginS 2019-04-26T19:51:59Z