May 03, 2011, 3:06 PM — From the It Takes a Thief department:
The most highly skilled, best funded, most capable covert digital-data collection agency in the U.S. has issued a set of best practices on how businesses and consumers can keep their data safe (from agencies other than it).
The National Security Agency has put out a set of recommendations (PDF) with a series of surprisingly doable, surprisingly banal security recommendations.
The National Security Agency (NSA), created to eavesdrop on the radio and telecommunications systems of the USSR, Communist China and other Cold War opponents of the U.S., still leads signal-intelligence gathering for the U.S.
It used to do that primarily through the ECHELON network of satellite- and land-based listening stations.
These days it listens in on cell-phone networks, satellite phones, wired and wireless Internet connections and data mines through records of Internet activity worldwide.
The group once jokingly for its extraordinary level of secrecy, isn't supposed to spy on people within the U.S.
It has apparently done so in the past and may be doing it now, however, under restriction-easing rules such as The Patriot Act, which were designed to make it easier for law enforcement to chase terrorists.
Because of the level of secrecy about a group once jokingly referred to inside the beltway as "No Such Agency" because no one who knew about it was supposed to admit it existed, it's impossible to know exactly what its abilities are and on whom it is listening.
So, when the ultimate black-box agency comes out with a set of security recommendations, you'd think they'd be more sophisticated than "install your patches" and "change the default password."
They are, but not by much: