You seem to be confusing proven specific instances with a general situation. The need for precautions is contingent upon the latter, not the former (though the former does enhance the urgency of the need).
Example: You learn that one Nerdlinger Z. Kraker has been caught using the servers at your bank to store his porn collection, downloading the employee database and putting ID-badge pics of all the females on various “Hawt or Nawt” sites, and changing the bank’s home page banner to a picture of an Occupy Wall Street banner. These feats were made possible thanks in part to the bank’s chief information officer, one Doofus U. Dimwit, who keeps all the bank’s records on a set of networked Windows boxes (all with the password “admin”), one of which he routinely uses to surf porn sites and answer Nigerian scam emails.
Note that there has been no mention of credit cards in the above – though the credit card database is indeed stored (in plaintext) on one of the abovementioned boxes.
Is it appropriate to conclude that:
Nerdlinger Z. Kraker is guilty of credit card fraud (“specific instance”)
If you have a credit card account with this bank, you should immediately cancel it or at least demand a new number (“general situation”)
Obviously, the correct answers are “no” (there being no evidence to that effect) and “yes” (since, given the deplorable practices described, one must prudently assume that the credit card database has been compromised whether or not specific instances thereof have come to light).
I’m not trying to be dense, but could you try explaining your example with less frivolity? I’ve read it three times and I find it so tortured that it is not only hard to read, I also can’t figure out what point you’re trying to make with respect to assuming that organized crime uses the same intelligence methods as the NSA.
Speaking as someone who has worked in intelligence (under the NSA) and had a TS/SCI clearance, I’m firm in the belief that dude is a traitor. There is no question about it. He should be captured and incarcerated at the very least.
Politically, I lean waaaaaaay to the left.
As an aside, I often wonder what people think intelligence agencies actually do, because there seems to be a lot of surprise involved when things come to light.
You’re unclear on the concept that “We must assume that X has been compromised” is an appropriate conclusion if 1)compromising X would be Really Bad and 2)security around X is found to be slipshod, whether or not there is direct evidence that X has in fact been compromised?
Congratulations, your lack of trying proved not to be an obstacle.
Precisely my point – if Snowden was able to access all this stuff for the purpose of whistle-blowing, we must assume* that others have done likewise for purposes of espionage and/or personal gain.
*Don’t make me come up with another parable to explain why “we must assume that X has happened” does not necessarily require evidence that X has, in fact, happened.
It also decapitates, heart-stakes, and buries at a crossroads any and all credibility for the 1990s-zombie “Son of Clipper” schemes being floated (apparently 90s-vintage low-flow toilers were unequal to the task of disposing of floaters.)
I know you have an axe to grind and it’s very easy to say anything you want in order to defend someone you see as a hero, but this still doesn’t follow.
If I learn the locks on my door can be foiled with a simple lockpick, it is reasonable to assume that many people COULD open the door. It is not reasonable to assume that many people HAVE opened the door.
So to say Snowden revealed many secrets and they need to be protected better against spies or whatnot, I have no quarrel with that. To imply that Snowden’s thefts didn’t really matter because one “has to assume” that those secrets had already been stolen by other countries is Snowden apologist nonsense.
No, one has to assume that. That’s how intelligence works. That’s how security works. Once you have a leak like that, you immediately shut down, not because you are aware of the implications of this leak, but because of all the other leaks that you don’t know about.
So you’re saying that the United States intelligence community assumes that other countries stole everything that Snowden did before he did it? Total nonsense.
Not exactly, but close enough, yes. Better to say that by the time you find out a vector has been exploited, you assume a similar vector has been being used for a long time.
Then, let’s have a cite-off. I’ll cite intelligence officials on the damage that is attributed to Snowden himself, and you cite officials who state or imply that they think someone did the damage before Snowden. Sound fair?
I didn’t say “the damage was done”. I said the vector isn’t safe. You’ve tried to pin my down to saying that other countries have everything Snowden stole. I have not said that. They probably have a great deal of it (a lot of it wasn’t exactly a surprise), but neither I nor you have any idea who has what (the fact that a vulnerability exists tends to be kept secret).
As someone else has pointed out, the NSA et al have a lot of incentive to blame everything on Snowden, at least publicly. So I’ll pass on a game that tries to get me to prove something I didn’t say.
You seem to desperately need to believe that, had Snowden not stolen these secrets, they would have remained safe. shrug Go ahead and believe that. Believe that they weren’t stolen, and that everyone merely has to not be horrified by the actions of the US government and all its secrets will be safe.
Well, I guess this is the correct forum for throwing out unsubstantiated opinions. I ought to keep in mind that asking people to cite what they assert in this thread is a waste of time.
ETA: for all the recent talk about how insecure the “vectors” are, and how other may have exploited those “vectors” as well, why do Snowden’s defenders get all upset when someone hypothesizes that he may have been working for Russia or China? Shouldn’t we just “assume” that Snowden was working for them since he used that “vector?”
Well, you didn’t ask me to assert what I said. You asked me to assert that “the damage” was done. I said we have to assume damage has been done by sloppy NSA practices. Do you see the difference?
The analogies thrown around in this thread have been careless and dangerous, but here is one that is close: when an atm is compromised, all the cards that have used that machine for a while before and after are flagged for suspicious activity, and the owners contacted. Even though there is no suspicious activity shown. Do you see the analogy there?
I have no idea why Snowden defenders get all upset about that (I certainly don’t). That said, I don’t see how it follows. Would he not have been better served by selling the information only to them? I mean, Occam’s razor and all?
This is an informative article illuminating more of the details about how General Petraeus wrongly got a sweetheart plea deal while others including a guy that leaked twenty year old information to journalists got prison time.
