Thats So Project Raven

this particular story, it's a really shocking one. On January nineteen, Reuter's published a long piece about a secret spy project out of the United Arab Emirates. The project is called Project Raven and how the agency that was overseeing Project Raven had hired away hackers and cybersecurity experts, a lot of them from America, including American citizens who had previously worked for the United States National Security Agency or n s A, which is a pretty big deal. So what

exactly is going on here? Well, in this episode, I'm going to talk about the n s A and what it does first before I get into Project Craven. And I'm doing that for two real important reasons. One is that Project Raven employed lots of former n s A employees or contractors, and Project Craven appears to use many of the same techniques that have been developed and relied upon over at the n s A for many years.

Another is that while much of Project Raven is still a mystery, we haven't seen all of the documents that Reuters has referred to. That Reuters came in possession too of some of these documents rather, but we haven't. I haven't seen them all. But I figure that by understanding what the n s A is and what it does, we can extrapolate quite a bit to understand what Project Raven is all about. So we're gonna start with talking about the n s A and what they do, and

then switch over to Project Raven in more detail. So the n s A formally became an agency back in nineteen fifty two, but the motivation for creating the n s A dates further back. In fact, it dates back to the First World War. A guy named Herbert Osborne Yardley, who was a telegraph operator, served as a cryptographer with American forces in France during World War One. This was

not unusual. A lot of telegraph operators worked in various theaters of war, either as communications officers or cryptographers, and he recognized that the United States really needed to step up its game because he was handling communications from top brass and he found that the American Command was using codes that were outdated and or easy to break. He

even broke a few of them on his own. So he advocated for a much wronger approach to cryptography, and he would eventually become the lead of the so called Cipher Bureau, sometimes also known as the Black Chamber. Pretty ominous sounding name right there. This office would intercept messages from around the world and attempt to decode them to figure out what the heck is really going on out there.

And this practice was not universally accepted in government circles, and the un S Secretary of State Henry L. Stimpson, who served under President Herbert Hoover, famously pulled funding for the office in nineteen nine. He found the very concept of reading messages intended for other people to be abhorrent, or at least that's what he said. He essentially made a comment along the lines of a gentleman does not read another gentleman's letters, so you wouldn't intercept someone's mail

and read what that was written. To them and then pass it back along. That would be illegal, and he says, well, the same thing should be true between nations. Now, there's definitely a healthy debate that we could have about whether or not the methods used by the Black Chamber were justifiable or ethical. According to the Saturday Evening Post, this agency, the Black Chamber was known for making deals with telegraph companies to get access to communications across those companies infrastructures.

So it would be a lot like the news that broke in when Edwards Snowden revealed that the n s A had agreements or had essentially strong armed major internet companies in order to get access to electronic communication companies like Google, Facebook, Yahoo, and Microsoft, among others. Now, we're going to get back to that, but anyway, my point

is something's never changed, right. This was originally back in uh the nineteen twenties with telegraph companies, and then you fast forward to the twenty tens and you find out the same things going on, but now with internet companies. You also realized that Yardley's response to the office getting shut down was to write a tell all book about

the Black Chamber. It essentially said, well, if you're gonna if you're going to close out the Cipher Bureau, then I'm going to write a book about all the stuff we did. And he effectively spilled the secret beans to the world, much like Edward Snowden did in although to be fair, uh, Yardley was doing it kind of out of spite, whereas Snowden apparently was doing it because he had strong feelings that the um the practices of the n s A were We're against freedom, really against a

certainly against an expectation of privacy. So history really does repeat itself in some ways. Well. While the Black Chamber was in the process of getting shut down, in nine, the United States Army opened up its own intelligence gathering office called the Signal Intelligence Service or s i S. The s I S took possession of the files that Yardley's office had generated during its operations, so they got

hold of the Cipher Bureau files. This new office became the core of the n s A when President Truman formally created the agency in nineteen fifty two. According to the n s a's own website, the purpose of the agency is to end i quote, save lives, defend vital networks, advanced US goals, and alliances and protect privacy rights. That last one is kind of interesting to me. The n s A is part of the Department of Defense, so it is no longer a branch of the army or

any specific branch of the military. It's part of the Department of Defense overall. It's meant to gather intelligence, both foreign and domestic, largely through signal processing or intercepting electronic means and radio means of communication. But you might wonder what the heck is the difference between the n s A and the other intelligence agencies, because we talk a lot about different intelligence agencies and it's pretty easy to get them all confused. So you've got the c i

A or the Central Intelligence Agency. That agency focuses on foreign intelligence, and it's mostly concerned with the kind of spy stuff we associate with the movies, though in reality it's rarely anywhere near as glamorous or as easy to follow. Things get a lot more messy and a lot less um flashy in real life. But this is the agency that oversees covert ops and counterintelligence efforts in other countries and passes information along to the executive branch of the government.

For those of you not in the United States, the executive branch would include the president and the presidential staff. The FBI, or the Federal Bureau of Investigations, fills a similar role, but for domestic concerns, so stuff that happens inside the United States and usually involving US citizens. It's also the lead law enforcement agency and focuses a lot

on counter terrorism and just investigations in general. So this is the agency that was famously profiled in the X Files, although obviously that was a real work of fiction anyway, the n s A is mostly concerned with making and breaking codes, so it focuses on ways to communicate secretly, and they do this in order to keep us interest safe and also how to break all the other codes that are out there so that we know what the

heck is going on. And they do this both for foreign communications and domestic communications, which leads critics to point at the n s A and say they're spying on you, and the n s A might say, sure, we have all your data, but we don't look at it unless you have given us a reason to look at it. Fun times. We'll touch on that a little more a bit later. There's also one other agency, in the intelligence community.

I feel that I should mention which is the Defense Intelligence Agency or d i A. You don't tend to hear about this a lot in the United States, especially if you're just you know, a citizen, a civilian. This is part of the Department of Defense, just like the n s A is, and this agency focuses specifically on military intelligence and combat support. So, uh, that's why you don't tend to hear it in your day to day

life as a civilian. It's really a military application. Until recently, the general public in the United States had not heard a whole lot about the n s A, with a couple of famous exceptions, and this was something the agency itself took advantage of. The CIA and FBI are far more prominent in the American psyche, there typically romanticized in

popular culture as the stuff of spies and crime investigations. Now, when the n s A was first formed in the nineteen fifties, it was effectively a secret organization that was not publicly disclosed. In fact, there was a little bit of a joke that n s A stood for no

such agency. However, the nature of communications and the widespread use of cipher in cryptography, and the growing ranks of an SSAY employees meant that by the late nineteen sixties, it was pretty much impossible to maintain that the n s A was non existent or even trying to keep

it a shadow organization. It became clear at that point that there was such an agency, although a lot of people still didn't really understand what it was doing, so the n s A activities weren't widely communicated or understood among the general public. There were a few spikes and awareness, as I alluded to earlier in the mid nineteen seventies, in the aftermath of the Watergate scandal, there was a

major one. There was a Senate investigation that revealed that the n s A had been intercepting telegrams leaving or entering the United States, including correspondence between American citizens, and it was a program called Project Shamrock. Another shocking revelation was that the n s A had been monitoring communications between civil rights leaders during the nineteen sixties, including Martin Luther King Jr. And a couple of U. S senators

as well. There were records that the agency was also keeping tabs on people who objected to the United States being involved in the Vietnam War, and all of this led to Congress establishing a new set of guidelines that the n s A would have to follow, and it was meant to restrict how and when they could collect information.

It was called the Foreign Intelligence Surveillance Act or FISA f i s A. To get permission to spy on American citizens, the n s A would first have to get permission from a special court established just for that purpose. It was called a surveillance court or an intelligence court. This wasn't quite the same thing as securing a warrant through a normal court, but it was a check on the NSA's power. They couldn't just wantonly start listening in

on people and and have it be legal. So things pretty much went that way for the next couple of decades until September eleven two one. That's when we had the terrorist attacks here in the United States that were so devastating, and in the wake of that, the President of the United States at that time, George W. Bush, expanded the n s a s powers and authorized the agency to monitor communications, including phone calls and emails, of

American citizens without having to secure a warrant. From this surveillance court first, the idea being that this would speed things up and potentially prevent further catastrophe. But the flip side of that was there was no oversight. There there were no checks on this power. The New York Times broke a story about this warrantless wire tapping program in two thousand five, and then a couple of years later,

under tremendous political pressure, President Bush ended the practice. But then we get to when a former contractor with the n essay someone who had worked with the c i A before that, a guy named Edward Snowden, dumped an enormous amount of information on the world, revealing that the n s A had been gathering data about telephone calls and Internet communication between millions of Americans in widespread operations.

The n s A attempted to mitigate the impact of this revelation, uh in part by saying that while it was in fact gathering all this information, no one was, you know, actually looking at the information unless they needed to, in which case they totally said they were securing permission first from a top secret court that couldn't publish its decisions.

This might sound like a get off of jail free card to you, and a lot of people criticized this approach, the idea that the n s A could go to a secret court and get approval without having to reveal any of this to anybody, and then do a search on all this data that likely would include stuff about you in it, and anything they turned up they could potentially focus on and and use in some way further

down the road. That was pretty disturbing. So they were think the information like crazy, but they said, we aren't going to search it or look for anything specific unless we already have approval. This still was not really comforting to a lot of people. It wasn't something that many

people found justifiable. There were a lot of complaints and criticisms um and it also it involved an increase in resentment toward companies like Google, Facebook, Microsoft, companies that were at least in appearance, cooperating with the n s A. However, I covered a lot of this back in when the news first broke, So rather than go over all that again, we'll just move on. And this was the super fast overview of n s A. Obviously, there's tons of stuff we could talk about. You could do a full mini

series about the n s a no problem. And if I were to do that, I would have to bring Ben Bolan on because if you want to talk about people who know stuff that they don't want anyone else to know, they know, he's the guy to go to. Right now, let's take a quick break and when we come back, we'll cover the story that inspired this particular episode. But first a word from our sponsor. On January nineteen,

as I said earlier, Reuters published a special report. The title of that special report is Inside the U a e S Secret hacking team of US mercenaries. It is an amazing read. I highly recommend you seek it out. Now. I'm going to cover the basics of that piece in this episode, but I wanted to give special mention to journalists Christopher Byng and Joel Schekman who wrote the piece.

Most of the article focuses on Lori Stroud, who is an x n s A employee through who later on worked with the n s A through a security contractor as well, who then landed a position with a United Arab Emirates top secret program Project Raven. Stroud has the distinction of being involved in that massively publicized n s A league from as well so Nut's backtrack a bit. Stroud started as a direct employee of the n s

A back in two thousand three. Then in two thousand nine she officially left as being an n s A employee and came back to work for the n s A as a contractor of a part of a team of cybersecurity and intrusion experts or you could call them hackers if you like, who worked as a consultant to the n s A. H The consulting company she was working with was called Booze. Alan Hamilton's still is called Booze.

Allen Hamilton's still exists. So she was still working for the n s A, but as a contractor rather than as a full time employee. She could actually make a lot more money doing essentially the same work as she

had been doing before. And it was Stroud who actually recommended that Edwards Snowden be brought on her team at the n s A. And I've already explained how that turned out anyway, after Snowden shocked the world by leaking all the information on what the n s A had been up to and then fled the United States, understandably, Stroud's team from Booze Allen Hamilton's was pretty much persona non grata at the n s A. No one was

really keen to work with them. They they ended up bearing a lot of the responsibility because they had recommended Snowdon to be put on the n s A team in the first place, So that doesn't reflect well when your recommendation turns around and purposefully dumps a ton of

top secret information. Stroud received an offer from another former NSA agent named Mark Buyer to work through a different security consulting firm, this one called cyber Point, and Stroud would be able to work on a prestigious cyber security project overseas in Abu Dhabi, and she took the offer. He said it was very attractive, so she leaves Booze

Allen and joins CyberPoint. Stroud is then sent to Abu Dhabi, and upon arriving, she was initially told her job was going to be in counter terrorism, so essentially she would work with other experts to detect intrusion attempts on the ua ES government servers, so if anyone was trying to hack in, she was supposed to be part of the team detecting that sort of stuff. Determining who was doing it and blocking them. She would also be in charge of patching vulnerabilities. This was just meant to be a

defensive project. And she also found out her office was going to be in a converted mansion in Abu Dhabi. The facility is called the Villa, and it all seemed too good to be true, and upon arrival she was brought into two different briefings back to back. The first briefing, which according to Reuters, has been referred to as the Purple briefing, was pretty much the story I just told you that Stroud was told before she came on board that she would be working to protect the ua ES

computer and communications infrastructure. Upon the conclusion of that briefing, however, she was told that whole story was just a cover story, that that wasn't really what she would be doing. And then she was told what her real purpose was and she was received the second briefing, which was dubbed the Black briefing. Now, this is a top secret project that was meant to be denied by anyone working in the

u A government as even existing. The team at Reuters, however, actually got hold of a copy of the materials used in the black briefing. Those materials concerned the U a e S National Electronic Security Authority, or in e s A NISSA. It's essentially the U a e S version of the n s A here in the United States. So according to Reuters, the information in this briefing outline the true purpose of Project Raven and that it was meant to be quote offensive operational division of NISSA end quote.

So that means instead of trying to detect intrusions and plug security vulnerabilities, Strold would actually be working with a team dedicated to spying on other people too, gathering data on them, to intercepting communications and deciphering those communications. But that's pretty much what she was doing at the n s A, so it wasn't like this was a huge change in what she had been doing leading up to this point. In fact, that was the whole reason why

she was hired. NISSA would supply the team of Project Raven with a list of people that it said were enemies of the UAE government. Then the Project Raven team was tasked to gather as much information on those people as they possibly could. They would track their movements using location data. They would build out what amounted to be dossiers on each of those people, electronic dossiers and just amount huge amounts of information that could potentially be used

by other parts of the UAE government. And let's talk about that for a second. The government of the United Arab Emirates is a little complicated if you're looking at it from the perspective of an American like me, you know, compared to the American system of government. Now, for those who aren't that familiar, the name of the nation implies this. The UAE is not just a single unified people. It's

actually a collection of seven monarchies or emirates kingdoms. Two of those are ruled by the same royal family and the others are ruled by different families. So you end up even though you have seven emirates, you have six ruling families. So the six rulers, the six heads of those ruling families are collectively the Federal Supreme Council of the u a E. In addition to that Council, there is a Council of Ministers that's led by the Prime Minister. More on that in a second. And there's also a

group of leaders called the Federal National Council. Uh. Some of the members of this council, they're about forty people in it total. Some of them are appointed and some of them are elected. Uh. And then there's the Federal Supreme Court, which is very similar to the Supreme Court in the United States, at least in theory. The Federal Supreme Council, that group of leaders technically elects a president and a vice president to oversee the entire United Arab Emirates.

Practically speaking, however, the president is the head of the ruling family of Abu Dhabi called Al nah Jan. The vice president and the prime minister. The same person is the head of the ruling family of Al Maktoum, that as the royal family that oversees Dubai. Now, there are no political parties in the u A. In fact, they're illegal in the u A, and ultimately everyone in the government is there on the pledge sure of the ruling families.

There's not really a democratic process here. The elected members, you know, I mentioned that though, that that forty member Federal National Council, some of them are elected. Those elected members are only advisors. The only people who have any legislative authority are appointed. So again, all power ultimately comes from these ruling families. The government of the u a E has drawn criticism regarding how it operates, and the UAE government is eager to get more information on those

who do criticize the government. They are not particularly well looked upon by the u a E. Before a Project Raven, the u a E largely relied on primitive means to spy on these identified enemies to get electronic data on them. So typically in the old days, NISSA that that a agency would send an operative to get physical access to a targets computer or mobile device and install monitoring software on it. So you actually have to get to that

person's computer and then install some malware. That's actually a pretty tricky challenge, even if the target happens to live within the borders of your country. But some of u a es identified enemies are foreigners who live abroad, so getting physical access to their machines wasn't always practical or in some cases wasn't even possible, and that's where we

get to Project Raven. The u a E wanted people who had experience designing malware that could monitor communications and then send reports back to h Q on an ongoing basis,

so the government formed Project Raven in two thousand nine. Initially, the plan was just to hire on American experts to design and lead the program for between five to ten years, and the goal would be to pass on that that knowledge and skill set to to mentor Imarati intelligence officers so that they could then take over the program from

that point and run it themselves. So then they would phase out the American operatives from Project Raven, and the u a E. Wanted people who understood how to infiltrate a machine remotely, which, as it turns out, often depends largely upon social engineering. Now, I've talked about social engineering several times on this show, but just to remind you

what it's all about. It's a term for a broad range of strategies that are all meant to manipulate a person using social interactions, rather than trying to brute force your way into a computer system. It's much much easier to trick someone into voluntarily sharing their login information with you than it is to brute force your way into

the typically secure system. So, for example, you might pose as an I T professional who has been higher on to install updates to a computer and say, I need to install this update, give me your log in so I can put it on there and then I'll be off your way. But in reality, what you're doing is

installing malware to spy on a person's every move. In the case with Project Raven, one of the stories they told was some operatives who posed as human rights activists who were sympathetic to the missions of other activists target activists people the u a A had identified as being enemies of the state, and it was all in an effort to win over their confidence and trick them into

installing malware, and it worked. We've seen this sort of stuff work lots of times and lots of different applications. Project Raven received directives to focus on people who were known to speak out against the UAE government. Project Raven would monitor social media and gather data about people who had said critical things about the UAE and the monarchies. Stroud relayed that it wasn't her team that ever made a decision and to go after anyone or to take

action against someone. They were just there to dig up dirt and occasionally trick people into installing malware. Now that sounds a little bit like a justification to me something that someone might cling to in order not to get too wrapped up and how involved you are in the overall big picture stuff. But it also was away for the u a E to separate the operatives in Project Raven from any actions so that the Raven activities wouldn't

stand out too much. There was a plausible deniability element there. The u a E likely didn't want to draw any attention to these operatives from especially not from the international community, and probably not from the n s A in particular, because anything that would target, say an American citizen, would immediately jump up on the n s AS red flag list of this is unacceptable. You can't use American operatives to help spy on Americans. Defensive measures are one thing,

but actively spying on people as another. Another interesting point in the report is how Stroud seemed able to deal with the realities of her work as long as it didn't involve targeting American citizens. Monitoring the activities of a British journalist, for example, seemed like fair game, but when it came to doing the same to American citizens, she felt that was a betrayal. And I find this particularly interesting that somehow a person's citizenship makes an action against

them either acceptable or not acceptable. That as long as it's not against the people from my own country, this is okay. But once it is people from my own country, it's not okay. Never mind if the other countries are allied with the home country or not. In two thousand fifteen, the UAE told Project Raven employees that if they wanted to continue on with the program, they would need to join a UAE cyber defense company called Dark Matter. So this was the u A saying we're handing over control

of Project Raven to a different consulting firm. This consulting firm is Dark Matter, and if you want to stay on, you need to sign on with them. Over the next couple of years, the American team members were digitally sequestered from some of the Project Raven operations, and by that what I mean is they were not given full access to all of the information that Project Raven was gathering.

The Americans made up a good percentage of the operatives in Project Raven who were intercepting communications and gathering data, but they weren't the only ones. There were a lot of citizens of the Emirates who were there too. Who were also working on this, and there were some information, some files that the American team was specifically told don't

look at this stuff, this isn't for you. There were these Immaradi only collections of data, which led to concern among the American team that maybe some of the targets of Project Raven could be the Americans, which would put them in a pretty tight spot. And as it turns out, they were right to be worried. I'll explain more in a second, but let's take another quick break to thank our sponsor. As it turns out, Stroud's work earned her a promotion to lead analysts, and while doing her job,

she started noticing some troubling trends. She found files dedicated to American targets, including several journalists. She brought that to the attention of her superiors. Because the American operatives had been reassured that the program would not target American citizens, she was reprimanded because she looked into these areas that the Americans were told don't look here, and she had

looked there. She her her job as lead analysts gave her the access um and but she didn't technically have permission to look at that Her manager, who had convinced her to take the job in the first place, had said that any targeting of Americans was only to be handled by non American staff on Project Raven, but that

hardly seems comforting. Stroud was initially put on leave after she brought this stuff to the attention of her superiors, and her passport was confiscated, which had to have been terrifying.

She was stuck in the U a e. For about a couple of months before the government allowed her to leave, and upon her return to the United States, she quickly sought out the FBI to tell them about what was going on, and then, presumably at some point around that same time, approached the journalists from Reuters to start sharing her story with them. And this is where we start to get into a very tough series of questions. And I'm not I'm not being flippant about this. I really

do think these are difficult questions to answer. The very nature of intelligence and counter intelligence is fraught with ethical issues. So on the one hand, they're definitely governments or organizations and people out there who, through their goals and methods, may cause harm to entire populations and even entire countries and knowing what they're up to is absolutely key in making sure that harm doesn't actually happen to prevent it

from happening. On the other hand, it's very easy to get sloppy with this, to over extend this capability and to loop in people who are just living their lives or you know, here in America, we at least in theory, have have a dedication to freedom of the press and freedom of speech. So people who speak up for causes they believe in, if they're not inciting people to violence or are advocating for destruction of any sort, if they're

advocating for change, like human rights activists are. In the American perspective, that's totally within their rights and that should be supported. But that's not the way it is all over the world. Laurie Stroud's line, the line she drew where she said everything before this is pretty much okay. That line stopped at targeting American citizens. Now someone else might have a different line. They might extend their boundaries

to include people from other nations. Uh, but you know, not for terrorists, but maybe for people who are human rights activists or are criticizing a government but not calling for an overthrow or revolution or something. Those people might say, well, no, I'm gonna I'm gonna include those in my line to not just people from my own country, but people who aren't doing any active harm but are advocating for change. A third type of person might say, Nope, everyone's fair game.

I was paid to do a job and I'm just gonna do my job. And that leads to another series of questions. There's this idea of taking on this sort of work on a contract basis for governments other than your own home country. Is that ethical? If you were to renounce your citizenship and you became the citizen as inn of another country, I think you could easily argue that you no longer hold any allegiance to your former homeland,

and now your new home is what you will. You have allied yourself too, But assuming you remain a citizen of Country A, would it then be okay to join an intelligence agency and country B. Even if countries A and B are allies, that still seems a little questionable, particularly if, as your role as an intelligence officer in country BE occasionally requires you to spy on people in Country A. Project Raven was originally intended to be a program in which the experts from America would share those

knowledge and all those skills with Amiradi intelligence agencies. But even that little bit of a gray area what would be problematic in some cases. I mean, if they were to share any any sort of practices that were considered top C secret and therefore not practices the n s A would be terribly keen on other countries getting hold of. That's a problem all in itself. The fact that Reuters used the word mercenary in the headline for their peace

that has a lot of implications. Mercenaries hold no allegiance to any particular authority. They go where the money is, so a mercenary might work for one side in a conflict and then switch sides to the opposition with no thought about it other than the money's right. Related to the story is the revelation that the UAE apparently took advantage of a security vulnerability in iPhones that used to exist.

It has since been patched, So according to c net, the UAE government purchased this app from some unnamed outside country. So someone else developed it, and then the u A government bought it, and the original programmers created a tool called car the mom that exploited the vulnerability in the iPhone by sending a message through the native I message

app on iPhones. So, according to reports, all you had to do was send one of these messages through the I Message app to the target iPhone and that would be enough to compromise the target iPhone. From then on, Karma would gather data including messages, email, location information, and photos from the iPhone and automatically send it back to

the spies. This operation happened from seventeen. It did come to an end, but that's because Apple issued a security patch that fixed some of those vulnerabilities in sen and it limited the usefulness of Karma. While Apple had already fixed this problem, and it's possible that Apple did this

withhout even knowing that Karma existed. The news that it was in widespread use in the UAE was another blow against the company, which is also reeling from the revelation that a security flaw in the FaceTime video calling app on iPhones can allow someone to listen in on a person's iPhone just by making a video call, even if

the other person didn't accept the incoming call. So let's say you use FaceTime to call somebody they haven't taken the call, it would activate the microphone, so you could listen in on the target iPhone microphone, which is pretty scary stuff. I'm gonna do a full episode about that in the future. I have a guest I want to

bring on to have a discussion about this. In the wake of this Reuter's report, the Committee to Protect Journalists, which is a nonprofit headquartered in America and it promotes freedom of the press around the world, issued a statement criticizing Project Raven and the targeting of journalists in particular. A coordinator at the organization said, quote, what we've learned about Project Raven raises significant concerns over the links to which the UAE will go in targeting journalists, and the

involvement of former US intelligent officials is also disturbing. Immaradi officials must stop targeting the press at home and abroad, and the US must make it clear to their allies that hacking journalists phones is not a legitimate counter terror strategy. End quote. Now, I wish I had an answer to how it would be best to conduct intelligence and counterintelligence

operations because the stakes can be very, very high. They're certainly high for the people who are under surveillance, and it's potentially high for millions of people depending upon the specific situation. My main takeaway from this story is that it's important to guard your own security as best you can. Is best to practice smart secure behaviors, use stuff like

VPNs and encryption whenever possible. Don't trust that services that depend upon your data for business will be ethical and how they handle that data or careful in how they handle it, and someone else might get hold of it. And remember that even if an agency or organization is not actively doing bad things against people, in general, agencies and organizations are made up of people, and individual people may behave in ways that are outside the perhaps the

parameters of the respective organizations. I'll give you a specific example back in One of the many stories that came out in the wake of this data dump about the n s A was that there were some n s A employees who had been misusing the tools developed for the widespread wire tapping project for their own personal benefit. So n s A was saying, yes, we're gathering all

this data, but we're not looking at it. We're only interested in specific information at any given time, and when we are, we go through the proper procedures to make sure all the teas acrossed, all the eyes are dotted, and then we will conduct our investigation. So sure we've got the evidence already, but we won't get it until

we've got the proper authority to do so. But that did not stop some members of the n s A staff from using those very same tools to spy on specific people they knew personally, like ex lovers or a spouse. So while the agency could have been as good as its word and said, yes, we aren't doing anything unethical with this, we're following all the rules that have been

set down. Nothing outside of that as being done. Even if they're telling the truth about that people in the agency, we're overstepping their bounds and abusing this tool because they were people and because the tool let them do that. So even if you trust in governments, let's say that you know you, you're like I, I believe ultimately that the people in the government are good people. I'm going

to trust them. Remember, not everyone working in those governments happens to be trustworthy, and they may take advantage of tools even if the overall government is on the up

and up about it, so be careful out there. I wanted to cover this because it reminds us of how important information is, how it can be used as a weapon against us, even if we haven't done anything wrong, and that we should keep that in mind and not be too cavalier about how we, you know, store data, how we access data, the kinds of technologies we use, the kind of services we use. It's good to keep this in mind because you never know when it's going to come back to hunt you in some way, even

if again, you haven't done anything wrong. You don't have to have done anything wrong for you to end up on a list somewhere. It's possible this podcast has put me on a list somewhere. It's possible this podcast has put me on multiple lists. But the only list I really care about is that wonderful list that lives in your heart. Favorite Podcasts hosted by Jonathan Strickland. I hope this one's in the top three. That wraps up this

episode of tech Stuff. If you have any comments or questions, maybe you've got a suggestion for a future episode, send me an email the addresses Text Stuff at how stuff works dot com, drop on by our website that's over at tech Stuff podcast dot com. You'll find the archive of episodes there, as well as other ways to contact us. Don't forget the head over to the merchandise store that's t public dot com slash tech stuff. Every purchase you make goes to help the show, and we greatly appreciate it.

And I'll talk to you again on the q T really soon for more on this and thousands of other topics. Is it how stuff works dot com