I expect e.g. the NSA would have this level of “resources” if they started playing now but didn’t grow any further.
I do not expect at all that the NSA would be able to operate at the “improving” stage in capabilities as described. People on Lesswrong have this habit of forgetting everything they know about government bureaucracies when it comes to the Intelligence Agencies, like they could just put on hold their primary function of spying on each other and then do general science and technology as well as Facebook.
The NSA operates “well” now because their worker bees get clear tasks like “develop an 0day for this brand of router”, for which success is highly apparent to even nontechnical, unintelligent people. It’s very obvious and embarrassing when those personnel are not able to tap a phone line, or get network visibility in some Chinese telecom company. On the other hand, I barely know how to use pytorch, but I could probably bullshit my flailing as groundbreaking research to NSA leadership all damn day.
It would be a lot harder to bullshit to NSA leadership all day if, say, they were to oversee the invention of a really good lie detector, and then use their broad authority to hoard technology like that.
Which, in addition to everything previously mentioned, is exactly the kind of thing that the NSA is built to do every day. In fact, the lie detector example would actually be even easier than putting uncompromised zero days in a particular brand of router, since that would be a very large, diverse, thin-spread system that probably has a ton of Chinese zero-days in the microchips, whereas a lie detector technology can easily be vetted (in realistic high-stakes environments that are actually real) as part of the everyday internal operations of the NSA leadership.
The NSA has never done anything remotely close to engineering a truly working lie detector, ever. Also:
In fact, the lie detector example would actually be even easier than putting uncompromised zero days in a particular brand of router, since that would be a very large, diverse, thin-spread system that probably has a ton of Chinese zero-days in the microchips, whereas a lie detector technology can easily be vetted in high-stakes environments as part of the everyday internal operations of the NSA leadership.
I’m not sure what you mean by the Chinese zero day thing. And I said develop a 0-day, not plant one. As far as I am aware, the NSA actually happens to be pretty bad at, and unethusiastic about, what I think you mean by the latter thing. Go figure.
I said oversee, not engineer it themselves. If they have in-house programs developing lie detection technology themselves, I know nothing about that; but assuming that lie prediction technology is being improved upon anywhere, then the NSA is probably aware of it and the first government agency in line to take advantage of the latest generation of that kind of tech (maybe second or third, etc).
Basically everything I know about zero days comes from Chinese zero days. And it seems to me that if a Zero Day was developed in the US, it would be developed with planting in mind, because routers are fabricated and assembled in Asian countries with their own intelligence agencies and their own guiding principles of planting zero days on hardware.
My understanding about what the NSA is and isn’t enthusiastic about might be nearly a decade out of date, if it was ever accurate at all.
So, zero day exploits are generally nonrivalrous; one agency can find one way to run code remotely on a device and another agency in a different country can find a different flaw or even the same flaw, and they’re not conflicting scenarios. “Planting” bugs as the software or hardware product is being developed is an avenue to accomplish that, but it’s unnecessary, especially for items like routers. I have several friends who do this exact type of work developing zero days for a private military contractor instead of the government. They’re handed a piece of equipment, they find bugs, they develop a plug-and-play weaponization for someone else in the military-industial complex, rinse, repeat; there’s no need to bribe anyone or do some sort of infiltration of the vendor themselves. When the NSA does the same thing in-house it’s very similar. Injecting bugs during software development of a product is risky for multiple reasons, and if the vendor is American it could be illegal, even if the NSA is doing it.
Otherwise I’m kind of confused as to what we’re talking about anymore.
I do not expect at all that the NSA would be able to operate at the “improving” stage in capabilities as described. People on Lesswrong have this habit of forgetting everything they know about government bureaucracies when it comes to the Intelligence Agencies, like they could just put on hold their primary function of spying on each other and then do general science and technology as well as Facebook.
The NSA operates “well” now because their worker bees get clear tasks like “develop an 0day for this brand of router”, for which success is highly apparent to even nontechnical, unintelligent people. It’s very obvious and embarrassing when those personnel are not able to tap a phone line, or get network visibility in some Chinese telecom company. On the other hand, I barely know how to use pytorch, but I could probably bullshit my flailing as groundbreaking research to NSA leadership all damn day.
It would be a lot harder to bullshit to NSA leadership all day if, say, they were to oversee the invention of a really good lie detector, and then use their broad authority to hoard technology like that.
Which, in addition to everything previously mentioned, is exactly the kind of thing that the NSA is built to do every day. In fact, the lie detector example would actually be even easier than putting uncompromised zero days in a particular brand of router, since that would be a very large, diverse, thin-spread system that probably has a ton of Chinese zero-days in the microchips, whereas a lie detector technology can easily be vetted (in realistic high-stakes environments that are actually real) as part of the everyday internal operations of the NSA leadership.
These sorts of people were probably bugging their employees offices shortly after the invention of the bug.
The NSA has never done anything remotely close to engineering a truly working lie detector, ever. Also:
I’m not sure what you mean by the Chinese zero day thing. And I said develop a 0-day, not plant one. As far as I am aware, the NSA actually happens to be pretty bad at, and unethusiastic about, what I think you mean by the latter thing. Go figure.
I said oversee, not engineer it themselves. If they have in-house programs developing lie detection technology themselves, I know nothing about that; but assuming that lie prediction technology is being improved upon anywhere, then the NSA is probably aware of it and the first government agency in line to take advantage of the latest generation of that kind of tech (maybe second or third, etc).
Basically everything I know about zero days comes from Chinese zero days. And it seems to me that if a Zero Day was developed in the US, it would be developed with planting in mind, because routers are fabricated and assembled in Asian countries with their own intelligence agencies and their own guiding principles of planting zero days on hardware.
My understanding about what the NSA is and isn’t enthusiastic about might be nearly a decade out of date, if it was ever accurate at all.
So, zero day exploits are generally nonrivalrous; one agency can find one way to run code remotely on a device and another agency in a different country can find a different flaw or even the same flaw, and they’re not conflicting scenarios. “Planting” bugs as the software or hardware product is being developed is an avenue to accomplish that, but it’s unnecessary, especially for items like routers. I have several friends who do this exact type of work developing zero days for a private military contractor instead of the government. They’re handed a piece of equipment, they find bugs, they develop a plug-and-play weaponization for someone else in the military-industial complex, rinse, repeat; there’s no need to bribe anyone or do some sort of infiltration of the vendor themselves. When the NSA does the same thing in-house it’s very similar. Injecting bugs during software development of a product is risky for multiple reasons, and if the vendor is American it could be illegal, even if the NSA is doing it.
Otherwise I’m kind of confused as to what we’re talking about anymore.
If this question becomes important, there are people in our community who are.. domain experts. We can ask