Last week I was struck by the absurdly hypocritical statement by James Clapper, the Director of National Intelligence:

“The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”

I suppose that if you live at the top of the intelligence food chain long enough, statements like this eventually start sounding perfectly normal to you. For releasing classified information about the NSA’s clandestine spying programs, Clapper is quick to label Edward Snowden as a traitor. But who betrayed the American more, Snowden or the NSA?

The US Constitution defines treason against the United States as “levying War against them, or in adhering to their Enemies, giving them Aid and Comfort.” The question here is what is the United States, is it the governmental or the citizens? Is the United States some .gov organization or is it the people who inhabit our political geography? Is the United States a secret spying program or a representative democracy that is “of the people, by the people, for the people?”

While Snowden may have violated the terms of his security clearance, he did not betray America. It is absurd to claim that revealing the NSA’s overreaching is in any way an aid to any enemy. Certainly no one buys the claim that terrorists will now communicate any differently than they did last month. On the contrary, I would argue that Snowden’s actions are in fact a powerful demonstration of true loyalty that he was willing to sacrifice himself for the American people. He betrayed his employer, but not the American people.

Ask yourself, do you feel more betrayed that Snowden revealed this secret program or do you feel more betrayed by the program itself?

Do you feel more betrayed that Snowden told the truth to journalists or that Clapper recently deceived a Congressional committee when asked a direct yes or no question about information gathering?

Do you feel more betrayed that Snowden produced actual evidence of spying on Americans or that the NSA does not want you to know what a FISC court ruled about the constitutionality of their spying programs and that the NSA spying has violated the constitution at least once before?

How about Bradley Manning, do you feel more betrayed that he exposed a number documents revealing questionable and possibly criminal acts or would you feel more betrayed if you knew exactly what the NSA plans to store in their unfathomably massive Utah data storage facility? (Hint: you don’t need exabytes of storage unless you have exabytes of information to store).

Would you feel betrayed if you knew that the NSA and other government agencies buy up and sit on 0-day exploits so that they can use them in their cyberwarfare efforts, knowingly leaving millions of our own systems vulnerable in the process?

Last year it was reported that the Flame malware, allegedly an NSA effort, included a digital certificate that appeared to be legitimately signed by Microsoft. Do you feel betrayed knowing that the NSA has this ability? Would you feel betrayed if we knew the full extent of their capabilities in faking certificates?

And how about crypto algorithms? Would you feel betrayed finding out the NSA has broken some of these yet still knowingly lets us use them?

If it were up to the American people to decide, I think we would have a very different opinion of who should be called the traitors.

Nevertheless, chances are that if allowed to, the US government will be able to successfully prosecute Snowden. US laws on sedition and subversive behavior are broad, especially during times of war. I imagine that it would take an act of Congress to grant this individual, and others like him, immunity for exposing wrongdoings of the government. George Bush was able to persuade Congress to grant retroactive immunity to telcos when the NSA spying program first came to light, why can’t they grant this same privilege to this material witness who exposed this overreaching and possibly unconstitutional spying program?

To Congress I say, considering how little you have done for the American people lately, you guys really owe us this one.

More than 15 years ago I started working on a unique password generator that eventually evolved into a small program I now call Pafwert.

Pafwert is an unique tool to help you to select strong passwords that are easy to remember. Using strong entropy, tens of thousands of seed words, [...] Continue Reading…

I still remember so clearly the frustration I felt back in the 90′s when starting in the security industry and trying to sell my services. It was so difficult trying to emphasize just how much at risk potential clients were and then get them to pay me to fix [...] Continue Reading…

I wrote a couple months ago about the many attempts to patent various methods of checking passwords. Now eBay wants in on the game with United States Patent Application 20120284783. Here’s their summary:
A proposed password is decomposed into basic components to determine and score transitions between the basic components [...] Continue Reading…

You’d think the US Government has been embarrassed enough with their abuse of power and disregard for procedure in the Megaupload case that they would just let it all quietly die. No, as evidenced by a recent filing in the Kyle Goodwin case, they are going to fight this [...] Continue Reading…

RSA recently announced their new Distributed Credential Protection (DCP) product which they proudly tout as a “revolutionary” way to secure user credentials. But looking closer (especially at that $160,000 per license price tag), I’m not so sure this product will do much to protect anyone’s credentials.

But let me say [...] Continue Reading…

Last week, Mozilla announced the first beta release of Persona. Persona, formerly called BrowserID, is a personal authentication system that aims to eliminate passwords to log in to web sites. Of course, you still need one master password to log in to Persona, but it takes care of every [...] Continue Reading…

I always enjoy browsing through password-related patents to see all the flawed, silly, or outright dumb ideas that people come up with in an attempt to improve how we authenticate ourselves in the digital realm. What amazes me though is how many patents I encounter that have been granted [...] Continue Reading…

Considering the increasing attention passwords have been getting lately, I thought it was about time we sit down and establish some new rules to define exactly what is a password. After all, so much of our personal lives, finances, and identities rely on these obscure jumbling of letters, numbers, [...] Continue Reading…

For years I have advocated using long, memorable passwords using a variety of different memorization techniques. Humor, repetition, common suffixes, memorable phrases, and other methods are great for creating long passwords that are easy to remember.

But now my philosophy has changed: now I say just go ahead and use [...] Continue Reading…