[Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

[Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

James Salsman-2
How much would it cost to replace the servers and switches with open
source hardware?

Stephen, when do you expect to have the FEC requirements of organized
advocates for US political candidates researched?


---------- Forwarded message ----------
From: Stephen LaPorte <[hidden email]>
Date: Sat, Jan 20, 2018 at 2:23 AM
Subject: [Publicpolicy] Update on FISA 702 reauthorization
To: Publicpolicy Group for Wikimedia <[hidden email]>


Hello All,

Earlier this month, the Wikimedia Foundation, along with a coalition
of 43 civil liberties, civil rights, and transparency organizations,
signed a letter urging Congress to reform Section 702 of the Foreign
Intelligence Surveillance Act, the law that allegedly authorizes the
mass surveillance challenged in our lawsuit, Wikimedia Foundation v.
National Security Agency. In the letter, we urged Congress to oppose a
straightforward reauthorization of the law and to support meaningful
reforms.

On January 11th, the U.S. House of Representatives quashed the
opportunity for those reforms by voting to reauthorize Section 702
with minimal changes. The bill then went to the U.S. Senate for
further consideration. Despite opposition in the Senate from both
major political parties, on January 16th, a filibuster to block the
bill narrowly failed. Yesterday, the bill cleared the Senate, and it
was signed into law today.

Although we are deeply disappointed in this result, the Wikimedia
Foundation will continue to fight for user privacy, including in
Wikimedia Foundation v. NSA. We will keep you updated on further
developments.

Best,
Stephen

--
Stephen LaPorte
Legal Director
Wikimedia Foundation

NOTICE: As an attorney for the Wikimedia Foundation, for legal and
ethical reasons, I cannot give legal advice to, or serve as a lawyer
for, community members, volunteers, or staff members in their personal
capacity. For more on what this means, please see our legal
disclaimer.

_______________________________________________
Publicpolicy mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/publicpolicy

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

Lodewijk
Hi Jim,

I'm afraid I don't quite follow.
1) I don't quite see how your question about servers and switches relates
to Stephen's statement. Could you explain for us mere mortals how you link
the two?
2) I somehow missed the commitment by the WMF to research "FEC requirements
of organized advocates for US political candidates' or anything that
suggests that the WMF may advocate for specific political candidates (which
seems a change of course that would be hard to sweep under the rug). Could
you quote?

Thanks.

Lodewijk

On Sat, Jan 20, 2018 at 4:01 AM, James Salsman <[hidden email]> wrote:

> How much would it cost to replace the servers and switches with open
> source hardware?
>
> Stephen, when do you expect to have the FEC requirements of organized
> advocates for US political candidates researched?
>
>
> ---------- Forwarded message ----------
> From: Stephen LaPorte <[hidden email]>
> Date: Sat, Jan 20, 2018 at 2:23 AM
> Subject: [Publicpolicy] Update on FISA 702 reauthorization
> To: Publicpolicy Group for Wikimedia <[hidden email]>
>
>
> Hello All,
>
> Earlier this month, the Wikimedia Foundation, along with a coalition
> of 43 civil liberties, civil rights, and transparency organizations,
> signed a letter urging Congress to reform Section 702 of the Foreign
> Intelligence Surveillance Act, the law that allegedly authorizes the
> mass surveillance challenged in our lawsuit, Wikimedia Foundation v.
> National Security Agency. In the letter, we urged Congress to oppose a
> straightforward reauthorization of the law and to support meaningful
> reforms.
>
> On January 11th, the U.S. House of Representatives quashed the
> opportunity for those reforms by voting to reauthorize Section 702
> with minimal changes. The bill then went to the U.S. Senate for
> further consideration. Despite opposition in the Senate from both
> major political parties, on January 16th, a filibuster to block the
> bill narrowly failed. Yesterday, the bill cleared the Senate, and it
> was signed into law today.
>
> Although we are deeply disappointed in this result, the Wikimedia
> Foundation will continue to fight for user privacy, including in
> Wikimedia Foundation v. NSA. We will keep you updated on further
> developments.
>
> Best,
> Stephen
>
> --
> Stephen LaPorte
> Legal Director
> Wikimedia Foundation
>
> NOTICE: As an attorney for the Wikimedia Foundation, for legal and
> ethical reasons, I cannot give legal advice to, or serve as a lawyer
> for, community members, volunteers, or staff members in their personal
> capacity. For more on what this means, please see our legal
> disclaimer.
>
> _______________________________________________
> Publicpolicy mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/publicpolicy
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

James Salsman-2
> 1) I don't quite see how your question about servers and switches relates
> to Stephen's statement. Could you explain for us mere mortals how you link
> the two?

The NSA surveillance which was reauthorized by Congress can not depend
on eavesdropping alone with new HTTPS cyphers. It needs compromised
hardware to work, such as has been included in Dell servers since the
Foundation started purchasing them, and the design of which was
overseen by the Foundation's CTO, who worked then at Intel. This
provides us with the know-how, a teachable moment, and an excellent
opportunity to specify and acquire replacement open source hardware
which doesn't have the DIETYBOUNCE / System Management Mode OOB / iAMT
and related backdoors.

https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html

> 2) I somehow missed the commitment by the WMF to research "FEC requirements
> of organized advocates for US political candidates' or anything that
> suggests that the WMF may advocate for specific political candidates (which
> seems a change of course that would be hard to sweep under the rug). Could
> you quote?

https://en.wikipedia.org/w/index.php?title=Wikipedia_talk:Conflict_of_interest&diff=prev&oldid=815460492#Note_from_Wikimedia_Legal

https://en.wikipedia.org/wiki/User_talk:Slaporte_(WMF)#Research_topic_request

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

geni
On 20 January 2018 at 22:43, James Salsman <[hidden email]> wrote:
> The NSA surveillance which was reauthorized by Congress can not depend
> on eavesdropping alone with new HTTPS cyphers. It needs compromised
> hardware to work,


Meltdown suggests otherwise. In any case EternalBlue and Stuxnet made
it clear that the hardware is irrelevant.

The reality is that the WMF doesn't have the resources to prevent a
state level actor from gaining access to its servers. Switching to
little used, little supported and more expensive hardware simply
weakens the WMF position even further since attackers no longer have
to factor in the risk of burning a valuable exploit. So not much
changed since 2013.


--
geni

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

Lodewijk
In reply to this post by James Salsman-2
1) still don't see the relevance. If better technology is needed, it's
needed - that should be independent of any lobbying preferences. It looks
like you're just pushing tangents again.

2) You do realize that the FTC and the FEC are very different
organizations? But again, it seems you just used this statement as an
opportunity to push a tangent.

Please don't do that.

Thanks,
Lodewijk

On Sat, Jan 20, 2018 at 2:43 PM, James Salsman <[hidden email]> wrote:

> > 1) I don't quite see how your question about servers and switches relates
> > to Stephen's statement. Could you explain for us mere mortals how you
> link
> > the two?
>
> The NSA surveillance which was reauthorized by Congress can not depend
> on eavesdropping alone with new HTTPS cyphers. It needs compromised
> hardware to work, such as has been included in Dell servers since the
> Foundation started purchasing them, and the design of which was
> overseen by the Foundation's CTO, who worked then at Intel. This
> provides us with the know-how, a teachable moment, and an excellent
> opportunity to specify and acquire replacement open source hardware
> which doesn't have the DIETYBOUNCE / System Management Mode OOB / iAMT
> and related backdoors.
>
> https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html
>
> > 2) I somehow missed the commitment by the WMF to research "FEC
> requirements
> > of organized advocates for US political candidates' or anything that
> > suggests that the WMF may advocate for specific political candidates
> (which
> > seems a change of course that would be hard to sweep under the rug).
> Could
> > you quote?
>
> https://en.wikipedia.org/w/index.php?title=Wikipedia_
> talk:Conflict_of_interest&diff=prev&oldid=815460492#
> Note_from_Wikimedia_Legal
>
> https://en.wikipedia.org/wiki/User_talk:Slaporte_(WMF)#
> Research_topic_request
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

Yaroslav Blanter
What about moving to another country? Still not an option?

Cheers
Yaroslav

On Sun, Jan 21, 2018 at 8:38 AM, Lodewijk <[hidden email]>
wrote:

> 1) still don't see the relevance. If better technology is needed, it's
> needed - that should be independent of any lobbying preferences. It looks
> like you're just pushing tangents again.
>
> 2) You do realize that the FTC and the FEC are very different
> organizations? But again, it seems you just used this statement as an
> opportunity to push a tangent.
>
> Please don't do that.
>
> Thanks,
> Lodewijk
>
> On Sat, Jan 20, 2018 at 2:43 PM, James Salsman <[hidden email]> wrote:
>
> > > 1) I don't quite see how your question about servers and switches
> relates
> > > to Stephen's statement. Could you explain for us mere mortals how you
> > link
> > > the two?
> >
> > The NSA surveillance which was reauthorized by Congress can not depend
> > on eavesdropping alone with new HTTPS cyphers. It needs compromised
> > hardware to work, such as has been included in Dell servers since the
> > Foundation started purchasing them, and the design of which was
> > overseen by the Foundation's CTO, who worked then at Intel. This
> > provides us with the know-how, a teachable moment, and an excellent
> > opportunity to specify and acquire replacement open source hardware
> > which doesn't have the DIETYBOUNCE / System Management Mode OOB / iAMT
> > and related backdoors.
> >
> > https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html
> >
> > > 2) I somehow missed the commitment by the WMF to research "FEC
> > requirements
> > > of organized advocates for US political candidates' or anything that
> > > suggests that the WMF may advocate for specific political candidates
> > (which
> > > seems a change of course that would be hard to sweep under the rug).
> > Could
> > > you quote?
> >
> > https://en.wikipedia.org/w/index.php?title=Wikipedia_
> > talk:Conflict_of_interest&diff=prev&oldid=815460492#
> > Note_from_Wikimedia_Legal
> >
> > https://en.wikipedia.org/wiki/User_talk:Slaporte_(WMF)#
> > Research_topic_request
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > wiki/Wikimedia-l
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

James Salsman-2
In reply to this post by geni
> the WMF doesn't have the resources to prevent a
> state level actor from gaining access to its servers.

Do you think merely avoiding the most mass-produced and arguably
widest backdoor is a step in the right direction?

> Switching to little used, little supported and more expensive
> hardware simply weakens the WMF position even further
> since attackers no longer have to factor in the risk of burning
> a valuable exploit.

That they need not risk losing their prized exploit capabilities
because they can't use them against open source hardware
makes us safer or less safe than if they could use them but
we spent less money?

> What about moving to another country? Still not an option?

https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales/Archive_225#Wikimedia_can_become_fully_independent_of_any_legal_jurisdiction

> the FTC and the FEC are very different organizations?

They both impose speech and behavior restrictions on paid advocates
trying to push their products, services, or candidates. Those
restrictions govern what is legal in the US on Wikipedia pertaining to
COI issues.

Best regards,
Jim

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

geni
On 21 January 2018 at 12:56, James Salsman <[hidden email]> wrote:
> Do you think merely avoiding the most mass-produced and arguably
> widest backdoor is a step in the right direction?

Security though obscurity against state level actors? That is not
going to work. And yes I know you seem to think that exploits are
deliberate back-doors but that position requires an alarming degree of
faith in the competence of the average programmer.


> That they need not risk losing their prized exploit capabilities
> because they can't use them against open source hardware
> makes us safer or less safe than if they could use them but
> we spent less money?

Open source hardware is going to have exploits. From the POV of a
state level actor burning those exploits is cheap since pretty much no
one uses open source hardware. Thus the risk associated with
compromising someone using open source hardware is pretty low. For
someone using something more mainstream the risk is rather higher.
--
geni

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

Craig Franklin
In reply to this post by Yaroslav Blanter
I think, as Geni says, that even that isn't going to provide any effective
barrier.  If the NSA or other US Government spooks want to get into the
servers, they will, regardless of what hardware it's running on, what
software it uses, or what jurisdiction it is located in.  Anything that the
Foundation does to "protect" itself is just going to be security theatre.
Anyone doing anything that the current or future American administrations
might object to should keep that in mind.  I assume that every place I go
on the Internet is already compromised and act accordingly.

Cheers,
Craig

On 21 January 2018 at 19:13, Yaroslav Blanter <[hidden email]> wrote:

> What about moving to another country? Still not an option?
>
> Cheers
> Yaroslav
>
> On Sun, Jan 21, 2018 at 8:38 AM, Lodewijk <[hidden email]>
> wrote:
>
> > 1) still don't see the relevance. If better technology is needed, it's
> > needed - that should be independent of any lobbying preferences. It looks
> > like you're just pushing tangents again.
> >
> > 2) You do realize that the FTC and the FEC are very different
> > organizations? But again, it seems you just used this statement as an
> > opportunity to push a tangent.
> >
> > Please don't do that.
> >
> > Thanks,
> > Lodewijk
> >
> > On Sat, Jan 20, 2018 at 2:43 PM, James Salsman <[hidden email]>
> wrote:
> >
> > > > 1) I don't quite see how your question about servers and switches
> > relates
> > > > to Stephen's statement. Could you explain for us mere mortals how you
> > > link
> > > > the two?
> > >
> > > The NSA surveillance which was reauthorized by Congress can not depend
> > > on eavesdropping alone with new HTTPS cyphers. It needs compromised
> > > hardware to work, such as has been included in Dell servers since the
> > > Foundation started purchasing them, and the design of which was
> > > overseen by the Foundation's CTO, who worked then at Intel. This
> > > provides us with the know-how, a teachable moment, and an excellent
> > > opportunity to specify and acquire replacement open source hardware
> > > which doesn't have the DIETYBOUNCE / System Management Mode OOB / iAMT
> > > and related backdoors.
> > >
> > > https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html
> > >
> > > > 2) I somehow missed the commitment by the WMF to research "FEC
> > > requirements
> > > > of organized advocates for US political candidates' or anything that
> > > > suggests that the WMF may advocate for specific political candidates
> > > (which
> > > > seems a change of course that would be hard to sweep under the rug).
> > > Could
> > > > you quote?
> > >
> > > https://en.wikipedia.org/w/index.php?title=Wikipedia_
> > > talk:Conflict_of_interest&diff=prev&oldid=815460492#
> > > Note_from_Wikimedia_Legal
> > >
> > > https://en.wikipedia.org/wiki/User_talk:Slaporte_(WMF)#
> > > Research_topic_request
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > > wiki/Wikimedia-l
> > > New messages to: [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > wiki/Wikimedia-l
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

Gerard Meijssen-3
Hoi,
First, what the Foundation does is not in order to protect itself but to
protect its readers, its authors.

Second, when you consider security theatre, consider the other countries
and then consider the countries where security has a better chance than the
USA. Be advised that in many, most countries citizens of other countries
are fair game and that the USA is often an active participant in odious
regimes in many countries.

Third, when we give up on security we are complicit. We have to consider
what companies like Facebook do to create their own hardware and when we
can strengthen the move to a state where Cisco hardware is no longer used
(Cisco has a bad reputation for open backdoors).

Fourth, what was the use of HTTPS about if all we do is theatre? NO; it is
relevant and lets make it more so.
Thanks,
     GerrdM



On 22 January 2018 at 01:45, Craig Franklin <[hidden email]>
wrote:

> I think, as Geni says, that even that isn't going to provide any effective
> barrier.  If the NSA or other US Government spooks want to get into the
> servers, they will, regardless of what hardware it's running on, what
> software it uses, or what jurisdiction it is located in.  Anything that the
> Foundation does to "protect" itself is just going to be security theatre.
> Anyone doing anything that the current or future American administrations
> might object to should keep that in mind.  I assume that every place I go
> on the Internet is already compromised and act accordingly.
>
> Cheers,
> Craig
>
> On 21 January 2018 at 19:13, Yaroslav Blanter <[hidden email]> wrote:
>
> > What about moving to another country? Still not an option?
> >
> > Cheers
> > Yaroslav
> >
> > On Sun, Jan 21, 2018 at 8:38 AM, Lodewijk <[hidden email]>
> > wrote:
> >
> > > 1) still don't see the relevance. If better technology is needed, it's
> > > needed - that should be independent of any lobbying preferences. It
> looks
> > > like you're just pushing tangents again.
> > >
> > > 2) You do realize that the FTC and the FEC are very different
> > > organizations? But again, it seems you just used this statement as an
> > > opportunity to push a tangent.
> > >
> > > Please don't do that.
> > >
> > > Thanks,
> > > Lodewijk
> > >
> > > On Sat, Jan 20, 2018 at 2:43 PM, James Salsman <[hidden email]>
> > wrote:
> > >
> > > > > 1) I don't quite see how your question about servers and switches
> > > relates
> > > > > to Stephen's statement. Could you explain for us mere mortals how
> you
> > > > link
> > > > > the two?
> > > >
> > > > The NSA surveillance which was reauthorized by Congress can not
> depend
> > > > on eavesdropping alone with new HTTPS cyphers. It needs compromised
> > > > hardware to work, such as has been included in Dell servers since the
> > > > Foundation started purchasing them, and the design of which was
> > > > overseen by the Foundation's CTO, who worked then at Intel. This
> > > > provides us with the know-how, a teachable moment, and an excellent
> > > > opportunity to specify and acquire replacement open source hardware
> > > > which doesn't have the DIETYBOUNCE / System Management Mode OOB /
> iAMT
> > > > and related backdoors.
> > > >
> > > > https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html
> > > >
> > > > > 2) I somehow missed the commitment by the WMF to research "FEC
> > > > requirements
> > > > > of organized advocates for US political candidates' or anything
> that
> > > > > suggests that the WMF may advocate for specific political
> candidates
> > > > (which
> > > > > seems a change of course that would be hard to sweep under the
> rug).
> > > > Could
> > > > > you quote?
> > > >
> > > > https://en.wikipedia.org/w/index.php?title=Wikipedia_
> > > > talk:Conflict_of_interest&diff=prev&oldid=815460492#
> > > > Note_from_Wikimedia_Legal
> > > >
> > > > https://en.wikipedia.org/wiki/User_talk:Slaporte_(WMF)#
> > > > Research_topic_request
> > > >
> > > > _______________________________________________
> > > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > > > wiki/Wikimedia-l
> > > > New messages to: [hidden email]
> > > > Unsubscribe: https://lists.wikimedia.org/
> mailman/listinfo/wikimedia-l,
> > > > <mailto:[hidden email]?subject=unsubscribe>
> > > >
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > > wiki/Wikimedia-l
> > > New messages to: [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > wiki/Wikimedia-l
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Fwd: [Publicpolicy] Update on FISA 702 reauthorization

James Salsman-2
In reply to this post by Craig Franklin
Let me just suggest, again, that we should find out how much it would
cost to avoid the most widely "baked in" vulnerabilities which are
known to state and non-state actor. I can't imagine why that wouldn't
be worth it. If the NSA wants private Foundation data, they could send
a National Security Letter, ordinary subpoena, or bribe Zimbabwean
police to send a subpoena from their Interpol FAX.


On Mon, Jan 22, 2018 at 12:45 AM, Craig Franklin
<[hidden email]> wrote:

> I think, as Geni says, that even that isn't going to provide any effective
> barrier.  If the NSA or other US Government spooks want to get into the
> servers, they will, regardless of what hardware it's running on, what
> software it uses, or what jurisdiction it is located in.  Anything that the
> Foundation does to "protect" itself is just going to be security theatre.
> Anyone doing anything that the current or future American administrations
> might object to should keep that in mind.  I assume that every place I go
> on the Internet is already compromised and act accordingly.
>
> Cheers,
> Craig
>
> On 21 January 2018 at 19:13, Yaroslav Blanter <[hidden email]> wrote:
>
>> What about moving to another country? Still not an option?
>>
>> Cheers
>> Yaroslav
>>
>> On Sun, Jan 21, 2018 at 8:38 AM, Lodewijk <[hidden email]>
>> wrote:
>>
>> > 1) still don't see the relevance. If better technology is needed, it's
>> > needed - that should be independent of any lobbying preferences. It looks
>> > like you're just pushing tangents again.
>> >
>> > 2) You do realize that the FTC and the FEC are very different
>> > organizations? But again, it seems you just used this statement as an
>> > opportunity to push a tangent.
>> >
>> > Please don't do that.
>> >
>> > Thanks,
>> > Lodewijk
>> >
>> > On Sat, Jan 20, 2018 at 2:43 PM, James Salsman <[hidden email]>
>> wrote:
>> >
>> > > > 1) I don't quite see how your question about servers and switches
>> > relates
>> > > > to Stephen's statement. Could you explain for us mere mortals how you
>> > > link
>> > > > the two?
>> > >
>> > > The NSA surveillance which was reauthorized by Congress can not depend
>> > > on eavesdropping alone with new HTTPS cyphers. It needs compromised
>> > > hardware to work, such as has been included in Dell servers since the
>> > > Foundation started purchasing them, and the design of which was
>> > > overseen by the Foundation's CTO, who worked then at Intel. This
>> > > provides us with the know-how, a teachable moment, and an excellent
>> > > opportunity to specify and acquire replacement open source hardware
>> > > which doesn't have the DIETYBOUNCE / System Management Mode OOB / iAMT
>> > > and related backdoors.
>> > >
>> > > https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html
>> > >
>> > > > 2) I somehow missed the commitment by the WMF to research "FEC
>> > > requirements
>> > > > of organized advocates for US political candidates' or anything that
>> > > > suggests that the WMF may advocate for specific political candidates
>> > > (which
>> > > > seems a change of course that would be hard to sweep under the rug).
>> > > Could
>> > > > you quote?
>> > >
>> > > https://en.wikipedia.org/w/index.php?title=Wikipedia_
>> > > talk:Conflict_of_interest&diff=prev&oldid=815460492#
>> > > Note_from_Wikimedia_Legal
>> > >
>> > > https://en.wikipedia.org/wiki/User_talk:Slaporte_(WMF)#
>> > > Research_topic_request
>> > >
>> > > _______________________________________________
>> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> > > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
>> > > wiki/Wikimedia-l
>> > > New messages to: [hidden email]
>> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > > <mailto:[hidden email]?subject=unsubscribe>
>> > >
>> > _______________________________________________
>> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
>> > wiki/Wikimedia-l
>> > New messages to: [hidden email]
>> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> > <mailto:[hidden email]?subject=unsubscribe>
>> >
>> _______________________________________________
>> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
>> wiki/Wikimedia-l
>> New messages to: [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>
>>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>