Thursday, February 04, 2010
US service providers work with National Security Agency; no real privacy problem for ordinary users
Numerous media outlets reported yesterday that a number of major US Internet companies and service providers, most of all Google, are working with the National Security Agency to investigate the recently reported compromises to security that appear to have originated largely in China and be aimed at dissidents. Other possible sources of security problems could include Iran, the Balkans, elements in Russia, and maybe even North Korea, and perhaps radical Islam (but maybe not too likely).
The work with the NSA should not ordinarily affect the privacy of ordinary correspondence and Internet postings, forums, social media, and the like of ordinary users, nor is there any evidence that government is interested in tracking these.
However, webmasters or bloggers who post controversial material could conceivably attract destructive activity, particularly dissidents overseas. In April 2002, a web page of mine (a copy of a chapter of my second book) was hacked at the exact point that I started talking about suitcase nukes (it was a long essay about the response to 9/11, which at the time had happened only six months before). The file turned to jibberish, and the beginning of one other file was overwritten. Some of the jibberish appeared to include the names of remote areas overseas in other languages. A “libertarian” friend investigated and found that the particular ISP had left a Unix SITE command open. The problem never reoccurred. Of course, I recovered quickly by re-ftp since I had clean copies of all my own files. Later in 2002 I received two bizarre emails, including one about Indonesia (shortly before a major bust there) and another with a map showing critical locations in Russia. (I shared these with the FBI.) It seems that bloggers can attract attention and tips, but need to be careful.
Needless to say, I’ve gotten pretty savvy at recognizing “Nigerian scam” (and other phishing) emails from the subject lines (I never got one at all until 2000) and almost never open them (I report them as spam); these particular emails appeared to be trying to convey legitimate information.