The NSA has never done anything remotely close to engineering a truly working lie detector, ever. Also:
In fact, the lie detector example would actually be even easier than putting uncompromised zero days in a particular brand of router, since that would be a very large, diverse, thin-spread system that probably has a ton of Chinese zero-days in the microchips, whereas a lie detector technology can easily be vetted in high-stakes environments as part of the everyday internal operations of the NSA leadership.
I’m not sure what you mean by the Chinese zero day thing. And I said develop a 0-day, not plant one. As far as I am aware, the NSA actually happens to be pretty bad at, and unethusiastic about, what I think you mean by the latter thing. Go figure.
I said oversee, not engineer it themselves. If they have in-house programs developing lie detection technology themselves, I know nothing about that; but assuming that lie prediction technology is being improved upon anywhere, then the NSA is probably aware of it and the first government agency in line to take advantage of the latest generation of that kind of tech (maybe second or third, etc).
Basically everything I know about zero days comes from Chinese zero days. And it seems to me that if a Zero Day was developed in the US, it would be developed with planting in mind, because routers are fabricated and assembled in Asian countries with their own intelligence agencies and their own guiding principles of planting zero days on hardware.
My understanding about what the NSA is and isn’t enthusiastic about might be nearly a decade out of date, if it was ever accurate at all.
So, zero day exploits are generally nonrivalrous; one agency can find one way to run code remotely on a device and another agency in a different country can find a different flaw or even the same flaw, and they’re not conflicting scenarios. “Planting” bugs as the software or hardware product is being developed is an avenue to accomplish that, but it’s unnecessary, especially for items like routers. I have several friends who do this exact type of work developing zero days for a private military contractor instead of the government. They’re handed a piece of equipment, they find bugs, they develop a plug-and-play weaponization for someone else in the military-industial complex, rinse, repeat; there’s no need to bribe anyone or do some sort of infiltration of the vendor themselves. When the NSA does the same thing in-house it’s very similar. Injecting bugs during software development of a product is risky for multiple reasons, and if the vendor is American it could be illegal, even if the NSA is doing it.
Otherwise I’m kind of confused as to what we’re talking about anymore.
The NSA has never done anything remotely close to engineering a truly working lie detector, ever. Also:
I’m not sure what you mean by the Chinese zero day thing. And I said develop a 0-day, not plant one. As far as I am aware, the NSA actually happens to be pretty bad at, and unethusiastic about, what I think you mean by the latter thing. Go figure.
I said oversee, not engineer it themselves. If they have in-house programs developing lie detection technology themselves, I know nothing about that; but assuming that lie prediction technology is being improved upon anywhere, then the NSA is probably aware of it and the first government agency in line to take advantage of the latest generation of that kind of tech (maybe second or third, etc).
Basically everything I know about zero days comes from Chinese zero days. And it seems to me that if a Zero Day was developed in the US, it would be developed with planting in mind, because routers are fabricated and assembled in Asian countries with their own intelligence agencies and their own guiding principles of planting zero days on hardware.
My understanding about what the NSA is and isn’t enthusiastic about might be nearly a decade out of date, if it was ever accurate at all.
So, zero day exploits are generally nonrivalrous; one agency can find one way to run code remotely on a device and another agency in a different country can find a different flaw or even the same flaw, and they’re not conflicting scenarios. “Planting” bugs as the software or hardware product is being developed is an avenue to accomplish that, but it’s unnecessary, especially for items like routers. I have several friends who do this exact type of work developing zero days for a private military contractor instead of the government. They’re handed a piece of equipment, they find bugs, they develop a plug-and-play weaponization for someone else in the military-industial complex, rinse, repeat; there’s no need to bribe anyone or do some sort of infiltration of the vendor themselves. When the NSA does the same thing in-house it’s very similar. Injecting bugs during software development of a product is risky for multiple reasons, and if the vendor is American it could be illegal, even if the NSA is doing it.
Otherwise I’m kind of confused as to what we’re talking about anymore.