Posts by Paul Campbell
Last ←Newer Page 1 2 3 4 5 Older→ First
-
surely NOT telling people that the NSA was breaking into computers in NZ would "prejudice the security or defence of New Zealand” in the sense of NZ being all of us rather than just the government
-
Hard News: Snowden and New Zealand, in reply to
Complex answer: it’s not the clearance that compels you to keep a secret. It’s the fact that something has been declared secret. Your clearance allows you to know about the thing even though it is a secret from people who don’t have clearance, which is most of us..
So if something is declared secret, It's illegal for me to reveal it, but if I'm not cleared I'm not allowed to know that it's illegal for me to reveal it ....
Paging Mr Yossarian ......
What if I find a bug in say OpenSSl, one that the NSA and GCSB are exploiting, am I (Heartbleed being a perfect real-world example) can I tell others about it if the GCSB has declared it a secret and I don't know?
It did dawn on me today that probably the best thing we can do for internet security right now is to set up 'NSA honeypots' ... machines that look like they ought to be a target and then carefully packet monitor how people break into them - the NSA has spent a lot of time and money figuring out where all our collective security holes are, they probably know more than anyone, tricking them into telling us would make us all safer and more secure.
-
IS: I don't know - does having a security clearance legally require you to keep secrets? can the existence of a bug that the NSA is actively exploiting be declared a state secret? even one in my own code?
-
Hard News: Snowden and New Zealand, in reply to
Mathew - it's not that simple for tax reasons I'm not a direct employee :-) I'm technically my own boss - none of our equipment other than customer units are in NZ and I don't do network operations, so it's likely not an issue, it's much more likely that the GCSB would find itself trying to force a foreign entity to get a NZ security clearance - if they did that I might lose my job because having employees in NZ is too much trouble.
I do however write network code that's regularly deployed in NZ.
Mostly I guess I'm pissed because some paranoid scary dudes have secretly (to me) gotten a law passed in urgency that potentially allows them to tell me what I can put on my net, and in fact if I do my job well and they can't break the crypto they're likely to tell me I can't deploy my best work.
-
Hard News: Snowden and New Zealand, in reply to
Ok now its a nitpick but an unclassified thing, document or whatever, just means it hasn’t been classified, so you couldn’t tell if it were meant to be secret or not, It is like no-one has looked at it and made that decision yet.they could, I suppose, classify a document as “Public” and refuse to let you see it on the grounds that it is “classified”.Typical lazy spies and their use of language.
it may not be laziness "I know a secret and secret and you don't" is a power game that the human animal plays from about age 5
-
My guess is the real reason for having someone with a security clearance is so that the GCSB has someone in place in every ISP to use when the time comes to start tapping someone aggressively, they also need someone they can tell "don't fix that bug, we're using that"
I hope that any ISP cover their arses by getting all requests in writing rather than just taking the say-so of the person with the clearance
I find myself in an interesting position, I work for an off-shore VOIP provider, while we don't explicitly market our service in NZ people buy them and import them and we'll happily take their money. There are only 2 NZ employees ... do I need to register? need a clearance? can I be forced to get a clearance? is the choice "get a clearance or quit your job"?
(there's a bill of rights violation right there - but then the GCSB doesn't seem to respect "Everyone has the right to be secure against unreasonable search or seizure, whether of the person, property, or correspondence or otherwise.")
-
Hard News: Snowden and New Zealand, in reply to
For the non technical, CentOS is a kind of Linux operating system, VMWare is a technology for making one big grunty server behave like a lot of small servers so you can consolidate services on less hardware – they aren’t nefarious tools for doing bad.
yes - but if the reason you need the experience is so you know what to do once you've broken info one or more of these it's a bit more nefarious.
-
I notice the budget includes $75m for the GCSB, and $40m for the SIS - we spend almost exactly the same amount on economic espionage as we do on actual research (the Ministry of Science and Innovation) .... but oooh scary the terrorists are winning
-
I guess if I really wanted to mess with them I'd import a whole bunch of cheap $20 Huawei access points and flood trademe ....
-
I'm happy to see that the GCSB's list of rules is marked twice on every page "UNCLASSIFIED" ... sadly I guess that means that there are other rules that people all have to adhere to that are classified