sequences, even though it has virtually
unlimited resources and access—if it
wants it—to the best computer-security experts in the country.
Most of the good security practices
covered here were discussed in the
author’s Real World Linux Security first
published in 2000.29 The most important of these security practices also
were discussed in this author’s article,
“The Seven Deadly Sins of Linux Security,” published in the May/June 2007
issue of ACM Queue.
I am honored there are autographed copies of my book in the
NSA’s headquarters. The vast majority
of NSA employees and contractors are
eminently talented law-abiding dedicated patriots. It is unfortunate that
a tiny percentage no doubt ignored
warnings that these security problems desperately needed fixing to
avoid a serious breach.
Privacy and Security at Risk
Whitfield Diffie and Susan Landau
More Encryption Is Not the Solution
Four Billion Little Brothers?: Privacy, mobile
phones, and ubiquitous data collection
1. Allen, J. NSA to cut system administrators by 90
percent to limit data access. Reuters. Aug. 9, 2013;
2. Block, M. Snowden’s document leaks shocked the
NSA, and more may be on the way. National Public
Radio. Dec. 17, 2013; http://www.npr.org/templates/
3. Brosnahan, J. and West, T. Brief of Amicus Curiae
Mark Klein. May 4, 2006; https://www.eff.org/files/
4. Chimel v. California, 395 U.S. 752, 761 (1969).
5. Cohn, C. and Higgins, P. Rating Obama’s NSA reform
plan: EFF scorecard explained. Electronic Frontier
Foundation, Jan. 17, 2014; https://www.eff.org/
6. Coke’s Reports 91a, 77 Eng. Rep. 194 (K. B. 1604).
7. Davidson, A. Judge Pauley to the N. S.A.: Go Big. The
New Yorker. Dec. 28, 2013; http://www.newyorker.
8. Davidson, J. NSA to cut 90 percent of systems
administrators. Washington Post. Aug. 13, 2013;
9. Defense Logistics Agency. Critical nuclear weapon
design information access certificate; http://www.dla.
10. Department of Defense Trusted Computer System
Evaluation Criteria, a.k.a., Orange Book 1985; http://
11. Dilanian, K. Officials: Edward Snowden took NSA
secrets on thumb drive. Los Angeles Times. June 13,
12. Electronic Frontier Foundation ( eff.org). NSA spying
video, includes comments from many well-known
respected people and reminders of past violations;
13. Esposito, R. Snowden impersonated NSA
officials, sources say. NBC News. Aug. 28,
14. Everett, B. and Min Kim, S. Lawmakers praise, pan
President Obama’s NSA plan. Politico. Jan. 17, 2014;
15. GNU Privacy Guard; http://www.gnupg.org.
16. Howell’s State Trials 1029, 95 Eng. 807 (1705).
17. Klein, M. and Bamford, J. Wiring Up the Big Brother
Machine...and Fighting It. Booksurge Publishing, 2009.
18. Legal Information Institute, Cornell University Law
School. Fourth Amendment: an overview; http://www.
19. Miller, J. CBS News “ 60 Minutes.” Dec. 15, 2013;
20. Lemos, R. Security guru: Let’s secure the Net. ZDnet,
21. Mears, B. and Perez, E. Judge: NSA domestic phone
data-mining unconstitutional. CNN. Dec. 17, 2013;
22. Nakashima, E. A story of surveillance. Washington
Post. Nov 7, 2007; http://www.washingtonpost.
23. Napolitano, A.P. A presidential placebo – Obama’s
massive NSA spying program still alive and well.
Fox News. Jan. 23, 2014; http://www.foxnews.com/
24. Presidential Executive Order 13526 12/29/2009; http://
25. Rosenbach, M. Prism exposed: Data surveillance with
global implications. Spiegel Online International.
June 10, 2013: 2; http://www.spiegel.de/international/
26. Schwartz, M. Thumb drive security: Snowden 1, NSA
0. Information Week. June 14, 2013; http://www.
27. Shiffman, J., Cooke, K. Exclusive: U.S. directs
agents to cover up program used to investigate
Americans. Reuters. Aug. 05, 2013; http://www.
28. Smith, C. BGR. Jan. 23, 2014; http://news.yahoo.com/
29. Toxen, B. Real-world Linux Security: Intrusion
Detection, Prevention, and Recovery. 2nd Edition.
Prentice Hall, 2002.
30. U. S. Courts. What does the Fourth Amendment
mean?; http://www.uscourts.gov/educational-resources/get-involved/constitution-activities/fourth-amendment/ fourth-amendment-mean.aspx.
31. U. S. Government Printing Office. Fourth Amendment;
32. Washington Post. Transcript of President Obama’s
Jan. 17 speech on NSA reforms, 2014; http://www.
33. Wikipedia. Public-key cryptography; http://
34. Wikipedia. Edward Snowden; http://en.wikipedia.org/
Bob Toxen ( bob@VerySecureLinux.com) is chief technical
officer at Horizon Network Security, which specializes in
Linux and network security. He was one of the developers
of Berkeley Unix.
Copyright held by Owner/Author. Publications rights
licensed to ACM. $15.00
like it if the NSA listened to that
conversation and provided the
local police with his daughter’s
location using the phone’s GPS and
a transcript of that private phone
conversation, and the police then
arrested his daughter for underage
drinking? Josh got real unhappy at
this point. Are you trying to keep
your sexual orientation or interests
private? How about your religious
beliefs or even whom you voted for
in the Presidential election? What
about that stock tip or patent idea? Is
it the government’s business to know
whom you are telephoning?
Yes, the NSA really is listening
to your domestic phone calls and
reading your email in addition to
obtaining your private information
on the people you telephone.
3, 12, 17, 22
Reuters reported on August 5,
2013, that the Drug Enforcement
Administration (DEA) admitted to
covering up the use of information
illegally obtained from the NSA and
falsifying the source of evidence. This
included information obtained by
the NSA from intelligence intercepts,
wiretaps, informants, and a massive
database of telephone records, all
without benefit of a proper warrant
or probable cause. The DEA then
gave this information to authorities
across the nation to help them
launch criminal investigations of
27 Clearly this is exactly
what the Fourth Amendment
was intended to prevent. Is it the
government’s place to be doing this?
Judge Andrew P. Napolitano,
the youngest person ever to serve
on the New Jersey Superior Court,
called President Obama’s promised
NSA reforms, announced January
17, 2014, a presidential placebo.
The Electronic Frontier Foundation
(EFF) rated the President’s reforms
3. 5 out of 12.
5 (The EFF is a nonprofit
organization dedicated to fighting
for people’s rights in the electronic
world and is, perhaps, the most active
organization to fight in the courts
and elsewhere against the NSA’s
spying on Americans.) Sen. Rand
Paul (R-KY.) argued that Obama’s
suggested changes will amount to
“the same unconstitutional program
with a new configuration.”
of these actions by the NSA were
started under the second Bush
Administration following 9/11. Is
the NSA’s spying on all Americans
an unconstitutional and illegal
violation of the Constitution’s Fourth
Amendment? Given the 400 years of
history we have examined, this author
can see only one conclusion.