I've lived under surveillance before, so I feel my perspective might be somewhat appropriate. I won't comment on the specifics (uninteresting and irrelevant, had to do with where I was living). I won't even make a statement about whether it's justified in my case or in general. I'd just ask everyone here to do one thing:
Watch this, then ask yourself how you feel (if it doesn't go directly to 6:40, fastforward to it, then watch for 30 seconds):
I understand about various interpretations of "collect", "intercept", "analyze", etc. Just watch the video, and ask yourself how you feel. Please know that I'm not telling you how to feel, just providing a small snippet of a conversation. Why do you feel that way, and what does that feeling say about you, or your society?
I would have voted for that guy (except for "FISA works!", but enh). I'd even be ok with ditching the 22nd if we could get that guy as President. I wonder what happened -- was it all a cynical ploy, or was there some secret (real or fake) information about how without wholesale monitoring we'd all instantly be destroyed, or what.
Its easy to say the right things from the outside but when you enter the sausage factory you see how the sausage is made and realize how hard/impossible it is to really change things
There's a famous quote somewhere about where political power really comes from… I look to history (and present day actions) and it seems like a fitting solution to meaningful representation. Then again, years later we could be right back where we started…
Hint: The last bit I left out rhymes with "carol of the sun" ;)
I don't know what quote you are referring to, but here is my favourite one.
"You don’t know what order with freedom means! You only know what revolt against oppression is! You don’t know that the rod, discipline, violence, the state and government can only be sustained because of you and because of your lack of socially creative powers that develop order within liberty!" --- Gustav Landauer
It humbles me every time I read it, because to resist or to rebel against existing things is easy, at least for me.. but to actually put thought and effort into things "building a better world" in a sustainable and organized way, to be creative in co-operation and compromising with others, to get out of all these comfort zones, etc. It's a lifetime effort, and none of us will see all the fruits of it, or ever be sure the fruit won't be snatched up, so the default is to not even try, except a little bit here and there. It's like living hand to mouth, but in a political sense. It's all just reaction, and that sucks.
I don't think it is an easy thing to rebel in effective means… We americans like to cite the revolutionary war but forgetting that less than 1% of the population did any fighting [0], and even then there was massive outside nation state influence (ex: France.) Kinda similar to whats going on in syria now [1]… and other places in the past and present.
But I do agree with the literation of it being like living hand to mouth, but I think it goes far beyond being a political sense. Mortgages, paychecks, car loans, insurance, student loans, dead end jobs, that gadget we just have to have, endless media d̶i̶s̶t̶r̶a̶c̶t̶i̶o̶n̶s̶ entertainment, the food we eat… when do we, as a society (people from all backgrounds, sadly not all of us are invited to BBG 2013 and Google Zeitgeist in Watford) really give ourselves the time to think or push the boundaries outside current constructs to forge something transcendent?
I totally understand that regarding the petitions and everything else - but John Q Public may not and seeing millions sign a petition that is ignored will hopefully cause a further awakening in people.
"Eventually Inspector General I. Charles McCullough III wrote Wyden a letter stating that it would violate the privacy of Americans in NSA data banks to try to estimate their number."
It would violate your privacy to find out if your privacy is violated. This sort of double-think should be in an Orwell novel, not in real life!
Lets make it an online petition, that way we don't even have to do anything than click and type and spread our online outrage instead of actually making this issue a big deal.
Given all the contortions that politicians have to make just to get through the day, it wouldn't surprise me that Obama truly believes what he said back in 2007, but once he got into power he got an education on what the CIA/NSA is doing and he realized that either he can try to live up to these values and likely cause wildly unpredictable outcomes (some positive, some negative), or he can let it continue, given there were enough plausibly compelling reasons, despite the potential for abuse. thus - status quo reigns. truly change we can believe in, and a good example of how power corrupts. the military-industrial complex has a life of its own. thank you eisenhower.
Seriously... You'd think of all the billions of dollars that go into military training they'd be able to put up a few bucks to teach this guy how to lie a little more believably
The guy probably hasn't had to worry about such things for decades. He's an operations bureaucrat, and probably someone above him decided they could afford to burn him if the shit hit the fan (and by this point, they probably already knew some shit was heading toward the fan).
More likely: He, and everyone else involved in this, know that it doesn't matter if everyone knows the answer is a lie - the likelihood of any negative consequences is pretty much zero. First, the odds that anyone will be able to provide sufficient proof to cause any problems is minimal, secondly, if they are: State secrets privilege. Poof goes that problem.
The only real challenge would be a massive public uproar suitably close to an election that someone needs to be sacrificed, and how likely is that really? It's not a surprise that this is happening; the only surprise is that anything resembling proof has leaked. What are the odds that this will suddenly tip the balance and cause sufficient lasting outrage?
There was an interesting analysis at one point correlating what CEOs said when presenting their financial statements with whether those statements later suffered major negative revisions.
It would be interesting to have this automated and available in real time. (Of course people would learn the value of making it trigger level. But you can include whether the person by virtue of their position likely has that level of awareness...)
I've been monitored too, but did you really believe that all of the activities we do online weren't monitored...or do you just believe (like I did before I got convicted), that the gov won't bother with us.
This is just more reason why bills like CISPA need to be revised or blocked. The gov already knows what we do, but it just comes down to what they can prove in court.
I am not defending the program. But doesn't the program only collect data when there is a 51% percent confidence or greater that the source is foreign?
That's a bit slippery, but could be an explanation for his statement.
His body language give him away. That is why we have actors in position of power because they need to perform for the puppetiers in front of the gullible.
How does this stuff work? Would someone at the NSA contact dropbox and ask them to build in a backdoor or are they just able to access whatever the fuck they want and simply do?
It's described for a couple of the cooperating corporations in the article.
For example, for Facebook, the analyst goes to a special webpage/site at Facebook, then they simply clicks through a "Yep, this person is a terrorist" EULA and they have full access to Facebook's database (eg. full access to user content). I bet they rejoiced when Facebook Graph opened shop.
People can put their lives on Facebook's database, it's still Facebook's database. The problem is not that Facebook is sharing this information, it is that people are sharing it with Facebook.
I'm aware of the distinction, but the average person out there doesn't think of themselves as sharing with Facebook the company, they think they are sharing with their friends.
The law doesn't care what the average person thinks nor does reality. It's the persons responsibility to maintain his own privacy by not posting private information on a public website. If you post something on the Internet, it's going to get out there; people should know this by now and if they don't it's their own damn fault.
If people don't know something by now it's equally the fault of the services they use for not educating them about the real implications of what they do online.
The 4th ammendment protects us from unreasonable searches and seizures, so I suppose if they were just searching randomly, which you might draw the conclusion they are doing.
LE requests to FB simply do not work that way. They can make a request online, which is checked for proper authority, etc. The guidelines FB follows can be viewed at https://www.facebook.com/safety/groups/law/guidelines/ and the idea that FB just randomly hands out full read access to user data is either a paranoid delusion or calculated deception. Maybe you can tell us which one you were aiming for.
He's referring to the linked article, so your personal attack is misdirected.
'With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”'
But that's not a personal attack. The comment also mentions speculations about "rejoice" when they opened the Facebook graph, after believing what the article says about FB's methods of data sharing without further questioning.
Again: Questioning the motives behind an attempt of persuasion argument isn't a personal attack.
I don't believe they need backdoors, they probably just ask for the data and it's provided to them by those companies to comply with the current laws (or at least their interpretation of it.)
I'm pretty sure dropbox can reverse any encryption they use for the files they store. Or do they even encrypt the data?
Dropbox has every encryption key used with Dropbox, so they can decrypt any file. Both transport keys and storage keys. Dropbox does at least (allegedly) encrypt stuff for storage, so they can RMA hard drives without having to destroy them first, but that's pretty meaningless.
There are some (flimsy) reasons for Dropbox to have copies of all storage keys (a web UI, which only some users use). Dropbox has done a good job of misrepresenting how their security worked for the past ~4 years to mislead people into trusting it, though.
This is mostly why I don't use Dropbox whenever I have a choice.
I would suggest Spider Oak, however, their support is not timely and there's currently a bug in the Windows 8 client that doesn't let it work. But if they get those issues sorted it could be a decent service.
Could someone please tell me why I can't reply to any comments that are below the third level? The reply link simply disappears!
Edit: Now that I've made this statement there's a reply to gknoy, but not the ones below him or to o0-0o. This is really weird.
Edit 2: Upon refreshing, there's now a reply link to o0-0o but not the other ones below gknoy.
You can just click on the "link" link and then reply from there, instantly.
(I kind of hate the feature, since most of the time "you suck" "no, you do" "no, you do" only goes on a few levels, so the exponential delay isn't an issue, but an actual technical discussion goes deeper. False positives and false negatives. :( )
They were on S3 at one point in time (and pretty widely known as the biggest S3 customer). I'm not sure if they are on S3 today. This may depend on when you interviewed.
From the caliber of engineers I talked to, I can't imagine them bringing storage in house without some major churn. It is a sea of fresh CS grads with no real world operational experience.
Do something for mobile please? You're one of the most trustworthy providers, particularly if you build things on mobile so we don't necessarily need to trust you...
We're genuinely interested in what you mean by this ...
Android devices are unix devices, and (I assume) either have ssh/scp/sftp/rsync in their userland or it can easily be placed there...
If I had a modern phone, which I do not[1], I would probably just load duplicity[2] on it ? But now that I think about it, in the same way that I have zero data on my laptop, I assume I would also have zero data on my phone ?
It's trivial for desktops. I personally like AeroFS the best, but you could use anything and layer crypto on top of it, or use something with a painful UI like tarsnap, or build your own, or really whatever. Wuala/SpiderOak are fine too, but kind of suck for non-security reasons in my limited experience with them, compared to Dropbox or AeroFS. (I personally just use rsync and NFS over VPN, though.)
The problem is mobile. Due to some questionable decisions made by especially Apple but also earlier with Google, you really need every single app to write to your cloud storage provider's API. Dropbox is unquestionably the leader there; iCloud on iOS seems to do ok for newer apps. Neither provides meaningful encryption. Requiring every app developer to figure out encryption and manage keys on his own and then handle that on top of the Dropbox API is also insane.
Arguably Apple has a lot of ways to pwn iOS users already, so I'd consider trusting Apple and iCloud to not be that much worse than just trusting iOS, but it is still bad (and most of the bad things Apple can do to you either involve signing bad things, then requiring an active step by the user or MITM, or doing things like retaining device keys at manufacture time and subsequently seizing the devices, or having some deeply-buried backdoors which probably require physical access or are exceedingly infrequently used.)
There's really no good solution for mobile now. You could probably build something fairly non-shitty in the Android world, although I don't know enough about how applications share files and interoperate to know if it would need to be a per-user-app integration. On non-jailbroken iOS, it's pretty clear you'd need to develop a new API which did client-side crypto, key management, etc., on top of file sharing. It would be a pain, and even more of a pain if you wanted to avoid fully trusting Apple in the process.
The best solution right now is "no data lives on the phone", rather than trying to sync; use some kind of web or app which just uses transport crypto to interact with a server but never stores anything locally. If you trust the OS a lot, you could do something like what Good Technologies does and try to sandbox your data within a specialized app like that.
“Google cares deeply about the security of our users’ data,” a company spokesman said. “We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”
They are legally required, personally and individually, to lie about the existence of these programs, or go to prison instantly. These orders are gag-ordered by default.
I doubt that Steve Jobs or Ballmer would "go to prison instantly" if they had disclosed the existence of these programs. Yes, they might have been prosecuted under statute, but they wouldn't vanish. In fact, the high visibility of Brin, Jobs, Ballmer etc would probably have been a deterrent against prosecution. Can you imagine the outrage if Jobs came out with a statement saying that the NSA was requiring that Apple grant access to all user data, and he was then incarcerated?
Jobs was an elitist, knows-better-than-you prick. AFAICT he was fine with this kind of "trust us" nanny state bullshit. Apple does the same "we'll decide for you" stuff by policy as a matter of course.
We can assume that Cook, who appeared behind Obama during The State of the Union, is probably on the same page. Highly powerful people know they can't fight the tide; and truly, why should they? The normal rules could never apply to them.
If you're going to build something like PRISM because the ends justify the means, is prison really going to be the only thing you threaten people with?
Three letter agencies approach the executive team directly. A decision to participate has to be made at the exec team/board level. If the CEO doesn't know about it, then the company has some serious communication issues.
Or wasn't asked because nearly all of the content is public already. Or is going to cave after some unknown amount of resistance in the future like Apple, Facebook, and Google did. Or dozens of other possibilities.
My guess? These companies setup the data-equivalent of the CIA 'black sites' ... Out of the country duplicate databases that the NSA has access to beyond the laws of this nation.
Watch this video and listen how many times 'in the United States' is mentioned.
What really saddens me is that this confirms all the conspiracy rumors.
Wasn't it always just a rumor going around that the U.S. Government "made" Microsoft buy Skype for spying purposes?
Well:
"10 May 2011, Microsoft Corporation acquired Skype Communications"
and on 2/6/11 Skype was added to the US spy program [1]
They were so eager to spy on Skype users that they implemented that "feature" even before the deal was officially done. Considering that Skype had been around since 2003 the events don't appear very accidental.
Wouldn't surprise to find out one day that the Skype acquisition was indirectly tax-payer funded.
Not to detract from the concerns surrounding this program, or to defend Microsoft, but from the dates for Google, YouTube, and AOL one can see that Skype joined on February 6, not June 2.
It seems reasonable to suspect that for matters of urgency the transition process might have started earlier than the actual acquisition was publicly announced. Plus I am not quite sure if the dates on the slide indicate the starting or finishing date of the implementation process.
I'm saddened to see Dropbox on the list. Did they choose to participate or is it mandatory?
In any case, we've moved several projects to BTSync recently from Dropbox (for no other reason than to free up space on Dropbox for our personal files) and have been enjoying the service.
As a p2p encrypted protocol, I imagine it's much more difficult to eavesdrop on your files and would actually require a warrant to obtain.
The government's theory is that a national security letter is sufficient to get access to your data. No warrant required. And Dropbox is not allowed to tell you that it happened.
The ability to detect duplication in no way proves the files are unencrypted (indeed this should be obvious from the fact that there is only negligible network traffic to confirm a duplicate! The bits can't be compared if they're not transmitted.)
It's the ability to serve deduplicated files that brings the service into question. Yet I wouldn't be surprised if there exists an asymmetric encryption method which permits decryption with one of several private keys – if so, secure deduplication is trivial: confirm the duplicate using a hash or comparing public-key encrypted versions; re-encrypt using both original and duplicate keys.
(And let's not even forget the ability to reset a forgotten password…)
BTSync cannot handle conflicting changes. It will destroy data if a file is modified in both places, and will proceed to overwrite something when it propagates the update.
And, if you're concerned about spying - well, it is closed source.
This is why've were trying to make it legal lately. They were already doing it. The same thing happened with the Patriot Act.
It seems FBI/NSA "test-drive" a new illegal spying program first, and then lobby Congress to pass a law to make it legal (regardless of its constitutionality, as we've seen so far).
I bet they would've wanted retroactive immunity, too, in these new laws. Also, let's see how those supporters of FISA, like Dianne Feinstein, try to spin this one as "they already knew about it" (which makes it that much worse) and that it's nothing new.
Also let me see them say with a straight face that this is constitutional and doesn't violate the 4th Amendment. But seeing how cynical these people have become, I don't think it would be too hard for them to do it.
NSA: "Look, I know that this was illegal, and we were not supposed to be doing this, but you have just got to look at the data. Just look at all the crazy terrorists out there. They've been organizing over FB, keeping their data on Dropbox and Drive and talking over skype. Here's our proof! You MUST make this activity legal... the FREEDOM of the US depends on it!!"
Congress: "ok"
---
But we are not fooling anyone. There is not a single worthy human being in congress. Every single last one of them is a corporate shill and they are all opportunistic criminals.
Yes, this is bad. Yes, you are right to be upset. Yes you (not not really me, I'm not American and i avoid american hosting and hosting companies like amazon for exactly this reason) should change that.
But honestly, are you surprised? Are you really?
Government agencies have be building large datacenters, the EU loves data retention. There was no tin foil head required to see this.
When people wanted to talk about this kind of massive wiretapping program years ago, they were called paranoid nutcases. Now that the truth is coming out, people who want to talk about it are called out for belaboring the obvious.
I see this "are you so naive as to be surprised?" reaction in almost every thread about this. It's some kind of defense mechanism.
Well then try this on for size. Getting data through requesting it is only one way to get data. Another way to get data is to hack into the source. Consider that a number of governments, including the US, have active hacking teams. What are they hacking in to, exactly? I leave that up to you for speculation.
I think it depends on who your talking about. If your a decently educated person who follows political developments at least minimally, and to boot you're a developer - I really agree with the OP, should anyone be surprised here? Haven't you been acting all along like all data that major corps are collecting on you was public anyway? On the other hand, if your talking about an everyday citizen with a "normal" job, I think your criticisms are more in place.
Im not sure being not American saves us. Do you use any of those US services? If so, I assume they have your data.
If you are British, as I am, I assume our government is shovelling off all our data to the US too.
As far as I am concerned, the internet is now pretty much like having our lives bugged. Might as well go the whole hog and have CCTV in all house holds. Heh, for all I know they access out webcams, etc. So, we might already be there.
I'm afraid the US has essentially infected the internet with a cancer what will only spread. Freedom, privacy, liberty, on the internet is officially gone. Sure we all "knew" about the likes of echelon for years, but it was officially dismissed as loony conspiracy talk. Now we know it basically true.
Sad thing is, this is under the watch of a Democrat, started by a Republican. Who is going to dare to reverse this?
> Im not sure being not American saves us. Do you use any of those US services? If so, I assume they have your data.
No, it does not, that is the sick part. But as a non american it's not (or should not) be my business how the usa organizes itself and what kind of politics they make. And yet I'm sure they are infringing my rights.
Point is, I didn't vote for Obama. Nor is it my job to get rid of him.
No, but now there is proof, which should make a difference. How are all of these not cases for impeachment? If Fox News thought Obama should be impeached over Benghazi, they should love this.
This point, more than any other, is what gives me the most concern about all of this. This is an epic level news story. This should be hitting the front page and leading every news cycle on all newspapers and news networks. I mean, the story is concrete and the headlines are a century in the making: "Orwell Arrives: U.S. Government Spys on Every American."
In fact, with all of the "scandals" right now, there's an even greater motivation to run this story.
So what's the motivation that's holding this story back?
That's suggesting that they have even the slightest compulsion to not be hypocritical. I'd expect them to hit him hard on this (and good for them, even if their reasons for doing so might be dishonest).
I hope you're right. FWIW, if they plan to cover this, they are biding their time. I just spent an hour watching Fox News, and saw: A car run into a Taco Bell, a sea-lion get onboard a boat, Holder testifying before congress about leak investigations and prosecuting journalists, and some other random crap... and not one word about PRISM, or even the earlier reveal about the phone call logs.
Oh I dunno. Having watched The Daily Show for years, Fox have no problem with some incredible contradictions and saying the exact opposite of what they one said. If they can label Obama as a Muslim communist traitor, they will forget that Bush ever existed.
I was under the same impression. I tried digging up some old news on the subject, to see where I got the impression from, but Google is only returning results from this latest news cycle.
Wasn't there a number of news stories in the past about the NSA collecting data from telecom companies and such. How is this time different?
At least we know beyond a shadow of a doubt that Skype has a backdoor now. Not really surprising although they did have some security people analyze the protocol and state that it was e2e secure.
FTA: "According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms."
I'm not sure when the security people you are talking about did their audit, but when Microsoft bought Skype a few years ago they changed it from P2P communications to routing everything through a central server. After that it would be child's play to put in a backdoor.
Microsoft now runs the supernodes instead of them being random high bandwidth Skype users. Your computer uses a supernode to find the address of the user you want to reach, but you still connect directly to that user to communicate. People misunderstood this change to mean that call traffic traversed Microsoft servers.
That said, it has been shown that at the minimum China has keys to decrypt peer to peer communications, likey the NSA does as well. The NSA doesn't need Microsoft to route call traffic via their servers, because they already have taps at all the major exchange points.
How does Skype's key exchange work? If the supernode hands out an address for a server that intercepts the call, would the Skype client still accept it and connect?
The protocol itself is highly obfuscated, but from my understanding of what has been published it works something like this: (lots of disclaimers here that nobody outside of Microsoft/Skype really knows for sure)
When logging in an RSA public/private key pair is generated and the public key is sent up to the server. The username to public key mapping is seeded to supernodes and inserted into the global address book.
A calling party looks up the username on a supernode and receives the public key of the answerer as well as some magic to help them establish a direct connection even if both are behind NAT.
The caller generates a single use AES256 key for the session, encrypts it N times where N is the number of other parties on the call plus a number of built-in "observer" certificates. These encrypted keys are all sent over the wire to the other parties, whom are each able to decrypt 1 of the N encrypted payloads.
Each party encrypts traffic to the others using the session specific AES key.
If you are a government agency with a private key that matches one of the observer public keys (Russia, China, and India have openly claimed to have these), and you are able to record the setup for the call, you are effectively another party in the group chat and have access to the session key.
>If you are a government agency with a private key that matches one of the observer public keys (Russia, China, and India have openly claimed to have these
I am not calling bullshit, I just want to know more.
>If you are a government agency with a private key that matches one of the observer public keys (Russia, China, and India have openly claimed to have these
>I'm not sure when the security people you are talking about did their audit
The security audit was done in 2005 by Tom Berson of Anagram Laboratories. This was well before Skype was bought by microsoft but Skype links to it off their home page http://www.skype.com/en/security/#review
Not to be too conspiracy theorist but maybe just maybe this was why Skype was bought by Microsoft in the first place? The thought crossed my mind at the time of purchase but I sent it away skuttling because I deemed it too tinfoil hatty. My main regret at the time as a Linux enthusiast was that Skype's Linux offering was sure to suffer, so I had that angle more on my mind than government aiding and abetting.
This is widely misunderstood; it's possible that Skype is end-to-end secure and everything flows through MS servers. It's possible that there were backdoors in the old pre-MS versions. One really has little to do with the other.
What sort of threats does the NSA give to these companies so they participated without any leaks? Just curious what the penalty would be if the NSA approached me about sucking down my user data and I refused.
Many many years ago I worked at an ISP and I remember getting emails of the form:
From: manager@corp.com
To: minimax@corp.com
Subject: When you get a minute
We got a subpoena to provide information about
<identifying information>. When you get a second
can you grep through the logs and provide any
connection details if he was online from <start>
to <end>. Thanks.
I didn't even think about it. Maybe the people in legal did? Once or twice I heard that the guy we helped track down was a legitimate bad guy (like a murderer or something), but in general I just remember it being just like any other day-to-day task. I'm not saying I actually handled any of these NSA requests. I have no idea if I did. I never actually saw any of the subpoenas.
I've been on the receiving end and posted a couple times trying to explain how it happens. In short, the NSA doesn't typically appear directly. Instead they use the courts and subpoenas to induce compliance for what seem like mundane court cases.
I suspect just getting a request from a three letter agency is enough to make most CTOs and CEOs wet themselves and roll over. (Standing up against the government is not usually part of the business plan.)
That's the point of CISPA. They didn't want to fight the government, but they pushed back asking for more legal protections, especially after the AT&T warantless spying scandal broke. So, they've been trying hard to pass CISPA in order to give these CEOs more peace of mind.
"Although signing the declaration makes it impossible for a third party to produce arbitrary declarations, it does not prevent them from using force to coerce rsync.net to produce false declarations."
That's kind of the point. They say, "Keep sending those updates. Otherwise you will go to federal prison." You say, "OK."
How does any government action work? It may start clever and/or subtle, but the fundamental threat is that of violence. You will either be compelled to pay fines, have your equipment confiscated, be thrown in jail, or some combination of the three.
Be serious. This is Apple. How on earth does clientside encryption fit into easy-to-use? Lost your password? Lost your files. That's entirely against the scenario Apple wants to sell.
Clientside crypto will only possibly be mass-adopted when there's some easy system for common folks to store their keys.
They build that feature into their desktop OS (FileVault), I don't see why it couldn't be an option for their sync service. It shouldn't be the default, but it should absolutely be an option.
Would be time for a call on VCs and Incubators that a sustainable future for the web would mean fostering startups that rise the convenience of privacy tools.
This is fucking atrocious. How much money do we allocate to national security in a year and this is the kind of amateurish PowerPoint slide their analysts come up with?
I think it's interesting to ask why these programs are so widely hated.
These are national security assets: evidence gathered here will never be used in a drug case, or a tax evasion case. Why not? These tools exist for the bigger fish: the dozens of Soviet-era nuclear weapons believed to be missing, or the small amounts of dangerous pathogens that periodically vanish from research labs. These are what the government is worried about, and they're not going to risk revealing their methods for something lesser.
Warren Buffet has predicted a major nuclear terrorist attack on an American city to be a "virtual certainty" given enough time.
Ok, but no one here is going to argue that stopping terrorism is bad: the problem is in how we define terrorism. What happens when the definition becomes progressively wider? What counts as "terrorism" is political, after all.
It's important to remember that we still have a functioning democracy. If you -- Hacker News reader -- decided to run for congress tomorrow, you might not win, but you won't be killed, sabotaged, or secretly blocked. While some individual politicans may be corrupt, the system broadly is not. These programs are enforcement mechanisms; the laws themselves are still made by the people, and maybe corporations. While we as a population may argue about social issues like gay marriage and abortion, our government is not fascist.
Further, I take these programs as a great example that security is much harder to create than it is to destroy. Extreme efforts such as these may still be insufficient to prevent New York from being destroyed by terrorists. In that case, the acts of a few crazy people still overcame a monumental effort by the entire intelligence apparatus. What does that say about the time Hacker News is so afraid of, when it's more than only a few crazy people that the government is "worried about"?
Should these programs exist? I don't know. I'm as worried as anyone about the scope creep. I'm willing to accept a level of inherent danger with living in a free society. However, do not forget that we can't see NSA success stories. I might be willing to accept a risk of periodic car bombs, which while tragic are not statistically significant; however, if PRISM is actually effective at tracing and intercepting Soviet nuclear weapons, I can see multiple sides of this issue.
We have rights to privacy and protection from unreasonable search and seizure. Those rights were created to prevent unfair loss of life, liberty, and property. These programs, hidden in the background, don't inconvenience you, or lead to loss of freedom or property. Is privacy good? Of course. But the incentives the intelligence apparatus have to not use any data collected here against anyone for reasons less than "real" terrorism are strong enough, that I think it's not open-and-shut.
The loss of privacy is massive in comparison to the lives lost to terrorism. More people die each year due to car accidents than have lost their lives to all terrorist attacks on US Soil. If the information that is being gathered is about safety, then why isn't the government isn't creating a massive program to strictly monitor highway speeds, traffic roadways, and increase traffic safety then?
Answer: The information gathering has nothing to do with safety. It has everything to do with power.
Beware of he who would deny you access to information, for in his heart he dreams himself your master.
We have such a massive program, according to many; the NTSB is a big bureaucracy and a lot of people consider the whole concept of speed limits and traffic police as a encroachment upon their freedom rather than a reasonable collective decision on how to share transit arteries.
Beware of he who would deny you access to information, for in his heart he dreams himself your master.
This seems a rather inappropriate aphorism, since most people here would very much like to deny the NSA access to information about their phone usage. This is an argument against censorship rather than one in support of privacy.
I don't think you've really thought this argument through. I don't think the government is so much interested in vastly expanding its powers of information gathering (although as I've noted elsewhere, the government has had unlimited access to your phone records, by order of the Supreme court, since 1979), as it is in maximizing its predictive abilities within its existing legal limits - which is also considered by many to be part of its job. It's not so much you vs. the government as you vs. a large number of your fellow citizens that simply don't share your beliefs about privacy, and who choose to elect law-and-order types more often than civil-liberties types.
>This is an argument against censorship rather than one in support of privacy.
Let's not forget that they've been attempting to keep the existence of this program a secret.
>This seems a rather inappropriate aphorism, since most people here would very much like to deny the NSA access to information about their phone usage.
Aren't the people supposed to be the masters of the government?
>It's not so much you vs. the government as you vs. a large number of your fellow citizens that simply don't share your beliefs about privacy, and who choose to elect law-and-order types more often than civil-liberties types.
So our job is to convince those people of their error by espousing evidence in support of our view. Malicious governments kill drastically more innocent people than malicious individuals or small groups; excessive government power is more dangerous than terrorism. The amount of money we spend on anti-terrorism measures is drastically out of proportion to the actual threat and those resources could be better spent on more serious issues, terrorism hype is financially supported in enormous amounts by defense contractors and other parties with a significant pecuniary interest in continued government waste, etc.
If PRISM only really costs $20M/year (per the slide deck), it has to be the greatest bang-for-buck IT project in Federal history. I'd let it go if we can get rid of all those multi-billion satellite projects and 3/4ths of the staff.
Damage to perceived 'rights' is OK, as long as it is done efficiently.
It clearly doesn't only cost $20 million. That would be ignoring the multi-billion dollar Utah data center required to store / analyze everything. The bandwidth / networking capacity alone would cost more than that to setup and operate.
They are getting a discount in this case however, as companies are doing a lot of the work for them.
Yes, the government has "limited" access to your phone records, with a subpoena issued by a judge, after probable cause has been demonstrated. Anything else is a clear violation of the 4th Amendment.
> We have such a massive program, according to many; the NTSB is a big bureaucracy and a lot of people consider the whole concept of speed limits and traffic police as a encroachment upon their freedom rather than a reasonable collective decision on how to share transit arteries.
A similar view is held here (in the Netherlands), where interesting new methods are created to monitor speeding. The thing is, it's not viewed - or even promoted as - something that increases safety and reduces lethal accidents on the roads, but instead as a way for the government to make money.
Similarly, the way this is portrayed and kept secret by the government and the security agencies is not to reduce and prevent terrorist attacks, but to infringe upon the privacy of people using US-based online services. If the NSA and similar organizations were to be more open about what terrorist attacks they prevented, they would create more goodwill and would gain support from the people.
Yet, branding terrorists and openly causing fear of terrorists and their attacks has two side-effects; one, it will make terrorists smarter and more secretive, and two, it happens in all the Orwellian dystopias, instilling fear of 'terrorists' and foreign nations in the populace as a means of control.
>This seems a rather inappropriate aphorism, since most people here would very much like to deny the NSA access to information about their phone usage. This is an argument against censorship rather than one in support of privacy.
I have no idea how you interpreted it that way. The quote is in reference to the government. It's from a video game, which came out in 1999.
I'm perfectly aware of where it comes from, and I interpreted it according to the normal rules of English grammar. Just because it's against the spirit of totalitarian government doesn't alter the meaning of the words. After all, the NSA is not denying you information when it collects records of your phone conversations. It's doing so when it denies engaging inthis practice, but if the NSA (or those delegated to oversee it) were to say 'sure, we totally collect that data!' I doubt you'd be OK with it.
It's impossible to have a meaningful conversation if you intentionally view anyone else's opinions in the worst possible light. You may have a valid interpretation of what I said, but it's clearly not the interpretation I intended to convey.
You cited an irrelevant quote and are invoking the principle of charity to demand that anigbrowl give it a pass. It would be easier if you just admitted that the quote is about censorship and not privacy and move on. You're weakening your rhetorical position by defending something that's obviously wrong, and not central to your point.
It's like you think comments are some sort of game where you can win or lose. I think I'll just let readers read my comments and opt out of this silly game you want to play.
> This seems a rather inappropriate aphorism, since most people here would very much like to deny the NSA access to information about their phone usage.
So, the people would dream themselves masters of the government agency NSA. Wasn't that what government was supposed to do? Serve the people?
Here's a Devil's Advocate position (not necessarily my personal beliefs, so please don't downvote based on disagreement. Just rip it to shreds instead!):
The fear of losing privacy to the government is based on the fear that this increased surveillance will be used by the government to smother dissent. This is a valid fear, but has the government yet used surveillance to smother dissent? If you can find a solid example of this, I'd like to see one (and for all I know, there could be many, I'm genuinely interested).
Until the government has been caught using surveillance to stifle dissent, it seems like increased surveillance only serves to reduce crime. Of course, there are illegal things that, in my opinion, should be legal, but this is a reason to petition the government for change, not break the law... perhaps a reduced ability to break pointless laws would galvanize the population into large-scale activism?
Fear of government surveillance is entirely fear of smothered dissent. We must make sure our fears of the latter are logically sound before we fear the former.
EDIT: Because I love arguing with myself, I'll point out that it's possible some wrongly illegal activities may be embarrassing for some individuals, and they would be hesitant to openly campaign for them. It still feels weird to argue for privacy on the grounds that people have a right to get away with certain things, hmm...
EDIT 2: 15 minutes and already COINTELPRO negated the argument. Good counter, thanks.
EDIT 3: Really appreciate that I seem to have gotten at least one upvote. I get really dismayed when politely-expressed unpopular opinions are downvoted, because I feel the best way to move the dialogue forward is to engage with opposing views, not hide them (even if your level of engagement is comprehensive refutation, that's still useful).
By the time they're using these extreme powers to smother dissent, you're fucked. It's game over and your ability to speak out using the first amendment is non-existent.
The very reason why these things should never be allowed, is because the absolute protection of freedom of speech is ultimately the last safeguard against tyranny (before you get to violence anyway).
Why let the guy into my house with a gun and roll the dice on whether he intends to at some point do me harm? That's crazy. We've seen enough really malevolent politicians assume power all over the world and domestically, to know better than to take such chances. History is littered with endless examples, it's at best naive to think America can't suffer the same types of fate.
>By the time they're using these extreme powers to smother dissent, you're fucked. It's game over and your ability to speak out using the first amendment is non-existent.
This is how revolutions are started. There's no "game over." A population always has the option to rise up against their brutal regime. Especially in a place like the United States, where individual freedoms are highly prized and there is a rather large contingent of heavily armed and often angry population.
Revolutions are much easier in homogeneous populations than they are in ethnically diverse ones.
I fear that if there is a violent revolution in a society as socioeconomically and ethnically diverse as the United States it would result in a civil war. I have no idea how that would play out in a country as developed as the United States but I don't think it would be pretty.
Most my examples would be of the US acting in cases that are technically illegal and only so related directly to this kind of surveillance (like ELF, bradley manning, mccarthyism (not to mention other, foreign policy related or historical atrocities)), I certainly do not think that, even if we pretend the US always has super great intentions, they are not always the best to have stick their hands in things.
And, from the little I know, the actual stifling part is [allegedly?] evident in malcom X and fred hampton cases, as well as others I might be missing.
40 years ago is not that long, some of the same people might even be employed! Also, what if Malcolm X had been an issue 20 years ago? Also, this is one we know about, what about the ones we don't know about? Also, half the equation is the surveillance in this PRISM thing. To enough of a point to be concerned: The other half can be extrapolated from actions during the war on drugs/terror, whistleblowers, iran contra, northwoods, vietnam, grenada, bay of pigs, chile, and generally messy law making. Some of these are dated, but that's partially due to one: my info being out of date/depth, some things not being released or uncovered yet. There is no real assurance that any of these behaviors have stopped. The burden of proof is on them. This news is not reassuring. There is a difference between secrecy and lying.
Disclaimer: I don't actually mind as much as I should. I somewhat OK with a cyberpunk dystopia because the closer to Ghost in the Shell we get, the cooler.
Just because the U.S government has not yet used surveillance to stifle dissent, doesn't mean they will never do it.
Also, if in the meantime civil liberties such as privacy are sacrificed, when the time comes that they DO use surveillance to stifle dissent, it may be much too late to turn the tide, as dissent would then be required to stop their stifling of dissent.
I don't think the issue that people are up-in-arms about isn't just the surveillance thing.
It's also because it seemed as if Obama understood that there should be a delicate line between sacrificing liberty for security.
He also talks about people not wanting a 'big gov't...but a smarter gov't'.
But it is becoming increasingly clear that he was just talking smooth - but doing quite the opposite.
Please note, I am not an Obama hater. I supported him twice - I even have a Shepherd Fairy 'Change' poster.
But this is just disgusting man.
It's like someone that runs a campaign talking about how much they love guns, and how much they are going to protect gun ownership - then when they win, they talk a good talk, but then we find out that the government has been secretly buying up all the guns they can (to dry up supply) and closing down all the gun shops.
What do you call speed cameras, signs, highway maintenance, driver education, highway patrol policing, periodic public information campaigns and aggressive regulation of safety standards in the automobile industry?
Interestly enough, speed cameras and highway patrols have nothing to do with traffic safety either. Highways could easily have camera systems to monitor the exact time when cars get on and off exits to determine how fast on average they were going during their trip. These systems have been tested and work, but the fact is that actually cracking down on speeders is massively unpopular and a political non-starter.
Or you know, that there is such a thing as safe speeding, such as when overtaking or to avoid an accident, and creating a system which would require someone to slow down and become a traffic hazard in order to avoid a fine, is absurd, oddly draconian, and likely to increase accident rates?
This and the cost of deployment. Police, for all their foiles and failings are capable of judging a situation as another human would. Thus they can use their discretion in handing out tickets.
Simple fact is that speeding is not that much of a problem. Certainly people do it and it's dangerous, but most people obey speed limits within acceptable parameters and drive fairly safely. Present levels of speed enforcement are doing their job and greater levels would have a point of diminishing returns.
Such a system would obviously be a huge privacy problem, as it would provide movement profiles of every car using a highway. So, not the best alternative spending compared to phone surveillance.
> These are national security assets: evidence gathered here will never be used in a drug case, or a tax evasion case.
That's a common miss-belief. Its false on so many levels, but people keep believing in it even after it has been found to be false every single time it has been said.
To take an example with wiretaps in US. First they said that any data found about innocent bystanders would be imminently destroyed. A few years later, they change the rules to keep it, but proclaimed that it was just 60 days. Years later, they put out a small press release and changed it to 5 months.
Or take the Swedish wiretap law. Politians and collumnist promised high and low that it would never, EVER, be used for anything but terrorism threats outside the national border. They said that anyone believing otherwise was tinfoil hats, and just misunderstood the issue. Before a year had passed, the secret police (for internal security) was granted an exception. A few months later, government politicians got an exception. At the same time, the police got an exception to target serious crime. A few months further down, and it was talks about using the data for our version of IRS.
Remember that British Antiterrorism laws were used to sieze assets of Icelandic banks after the meltdown of that country. I joked that the British were worried about a new Viking Age when that happened.
How is a democracy functional when a secret and parallel government has access to undisclosed powers which override those of the existing democracy? This isn't just an issue of separation of power between branches of government -- citizens are forced through law to hide the existence of this para-judicial system, as if it is a phantom of our minds.
Yes, yes, yes, yes, a hundred and ten times everyone, yes!
It's one thing to do it legally. It's another to do it without approval from Congress. It's another to do it without approval from Congress or the will of the people.
Although, between FISA and PATRIOT ACT, it more or less is "legal". Either way, you're on the right track. It's a slippery slope and as far as I'm concerned, PRISM is slippery enough to feel like I can say that without feeling silly for using the phrase "slippery slope" seriously (and even worse, three times in one post).
I'm pretty sure Congress approves of this. You'd be surprised how many laws contain clauses exempting the decisions of agencies from judicial review, for example. A lot of lawmakers dislike the idea of an independent judiciary and consider Article III of the Constitution to be a design flaw.
But it can take a very long time for a case to get before the SC, and the scope of article III is not unlimited. The SC often declines to grant certiorari in cases that have to potential to result in a constitutional crisis.
I don't know what Congress's level of approval is. Here are the specific issues that should concern everyone irregardless of what their approval or disapproval of this behavior is:
#1 The existence of the spying is top secret. This isn't surveillance of a suspected serial killer or corrupt Governor. The only reason for this to be secret is fear of political backlash.
#2 The secrecy is protected and enforced by law. However this was leaked, if identified the individual(s) involved will go to prison.
#3 This blanket secrecy is also being applied to elected members of
Congress. How can something be opposed if its existence is secret, as protected by law?
I am coming to grips with the issue that there may be no turning back on the mass surveillance state. While we may be capable of barricading certain activities from surveillance, others have become integrated in to the operation of every day life, likely irreversibly.
However we have a much more chilling problem when this surveillance, by the government, is a one way mirror. If the activity is secret and that secrecy is enforced through the punishment of imprisonment, all accountability is lost.
The NSA is not a branch of government, and yet it is in effect dictating what the other three branches of government must do. Congress, forced in to secrecy through law -- even if some support what is occurring dissenters can not voice their opinion, Executive, who even knows what is going on there, and Judicial, which serves as the secrecy enforcer.
I think the people in the crypto community just assumed the NSA was doing this decades ago. Now it is unquestionably reality. This must serve as a wake up call for us to terminate our relationships with Google, Facebook, and Microsoft and figure out how to provide blacked-out alternative services to our users.
If not, in 5 years, every single waking moment of your life will be available electronically and in perpetuity. No matter what happens most of it will be, which makes it ever more important that the protect-able segments are not.
Up until now cryptography & privacy have been very poorly marketed. There are polished solutions such as Silent Circle, but for $240+ a year it provides little to offer for mass adaptation. Email, instant messaging, and video conferencing all have a wide array of solutions and plugins, but between manual configuration and out of date code, the marketing is on par with programmer drawn graphics in video games.
Snapchat may offer little more than faux privacy, but its mass adaption proves that there is a huge market for privacy.
There are promising projects, like Crypton.io, which enable the use of cryptography in cloud applications. You, HN readers, have more influence on the direction of these things than anyone else in the entire world. Your start ups will determine what 5 years from now look like.
Make Privacy a Feature and its a win-win for both business and individual rights.
I hate it when people say "but our government is democratic" as an excuse to justify opposing limitations on its power. This is the same argument made by Prop 8 supporters in California, the same argument used by Oliver Wendell Holmes in justifying some of the worst civil rights abuses in early twentieth century. Fortunately, the "activist" courts of latter years have (for the most part) rejected this horrible logic (that majority has a right to put any of its ideas into law, irrespective of the rights of others).
Yes, our government is democratic: it is not, however, an absolute majoritarian government where any action that majority favours can and will be put into decree and acted upon. Democracy means "rule of the people", not "absolute rule by a simple majority/plurality".
Yes, we have elections, but we also have bi-cameral legislature, separation of powers, and a constitutions. We hold elections and let majority (at times a simple majority, in other cases -- like amending the constitution -- a supermajority) of our elected representatives decide which laws will pass. We don't do so because of an a priori commitment to majority, we do so because we haven't found other forms of government that respect civil liberties and other human rights to the same extent that a representative democracy would.
In other words, elected government is the means to an end (a society where the strongest individuals or the biggest gangs cannot violate others' rights to life, liberty, and property without repercussions), not an end in it of itself.
I realize this isn't an invalidation of your points: while I disagree with you (yes, intelligence agencies should be allowed to exist; no, they can not be allowed to snoop -- even accidentally -- on US citizens or permanent residents without due process), your point is salient and doesn't require making such a dangerous argument ("as long as our government is a functional democracy, we shouldn't worry about governments' intrusion on our rights to x" where x in this case is "privacy").
I don't know about Spitzer (though he was Governor of New York), but someone holding blackmail leverage over Petraeus is certainly a matter of national security concern.
I'm not making any justification in my post. I'm just saying that an affair/adultery by someone who holds national security information and a clearance is different than Joe Civilian.
There are security interests in monitoring people who hold clearance. I'm not making any statements about unlimited wiretapping and data collection.
The problem is when things get "tough" certain individuals will use this for political purposes or some other gain. It is like IRS targeting "tea party" - but much more scarier.
But I grow up in Eastern Europe, so I'm unreasonably concerned and paranoid. It will not happen here because we are so special. /sarcasm.
If more people knew their history, they would understand that this is a modern age Star Chamber, tied into a network that would make the Stasi envious.
As many have stated, the problem is with inevitable abuse of power. It may or may not be happening now, but it will. Recent IRS disclosure that they targeted Tea Party-linked organizations for audits is one example. I doubt it was deliberately ordered by the administration, but someone, somewhere thought it was a good idea.
Search queries alone will probably tell you which way a person is leaning in an election. That by itself is not good in a democratic process hinged on secret ballot. What if the information of everyone that voted for a given candidate is collected, passed under the table to another "bad guy" in another agency, such as IRS, and then used to inflict financial harm. Yes, very far fetched, but such power is an enabler.
It seems that having courts grant warrants provides a necessary level of review by a psudo-independent body, as to sufficiently protect against undue invasion of privacy.
Based on the description in the article, I'm not sure if there are a lot of protections against personal use, like spying on a girlfriend. (When I used ChoicePoint for background investigations, it only recorded my "permissible purpose" selection, but no real validation, just an audit log of the search.)
Tea party groups weren't targeted for audits. Groups that applied for tax exempt status on basis of providing social welfare were sent for additional screening to ensure the group was not primarily a political group. There were over 300 applications sent for additional screening. 1/3 were conservative groups. 1/3 were liberal. The whole problem was the selection criteria for being reviewed - based on the name of the group.
Which was a problem because its nearly impossible to review these groups properly anyway - the criteria are so broad that it's practically a subjective decision. Of course, Congress could amend the tax code to provide clear instructions to the IRS on what should and should not trigger review and what should be reviewed, but that all sounds a little bit too much like actually doing their jobs.
Your argument fails when it's noted that famous "Social Welfare" 501(c)(4) organizations include the NRA's lobbying arm, the Institute for Legislative Action, and the new version of Obama's Organizing for America, Organizing for Action. Perhaps ironically, the latter's first major action was to campaign for gun control after Newtown.
In other words, the parameters of 501(c)(4) organizations were already well established, and being primarily "political" (when you think about it, a rather vaguely broad term) is just fine, you're focusing too much on the words of art "social welfare" vs. what they mean in practice.
"What does it mean when half the country—literally half the country—understands that the revenue-gathering arm of its federal government is politically corrupt, sees them as targets, and will shoot at them if they try to raise their heads? That is the kind of thing that can kill a country, letting half its citizens believe that they no longer have full political rights."
Where does your 1/3 liberal come from? I cannot find that anywhere. You are corrected they were not targeted for AUDITS, but they were targeted.
It is not just the problem that they were targeted based on name (I actually think that's pretty reasonable) but the questions that were asked, the time it took to get approved (or denied) and the fact that IRS lied to congress about it.
Think it through! Every politician, not just the conservative ones, was happy when somebody finally noticed this story. IRS agents have done whatever they wanted to private citizens, with no consequences, for decades. Then they questioned (they didn't fine, prosecute, garnish, imprison, or confiscate) political groups that claimed to be educational groups, and as a result the agents got censured, fired, and prosecuted. The media and most people are too lazy to think through the inevitable consequences, but don't dream that the politicians are. Will political groups ever be investigated by the IRS again?
When Germany introduced their ubiquitous wiretap law, they saw the actually cost of introducing such law. The most notable change in peoples behavior was that hot-lines, priests and lawyers started to see fewer phone calls as people reacted to the surveillance. To this then can be concluded that some cases of children being sexually abused, and domestic violence, will continue as a direct result of people being too afraid to use hot-lines or calling the local priest/lawyer for advice.
> It's important to remember that we still have a functioning democracy. If you -- Hacker News reader -- decided to run for congress tomorrow, you might not win, but you won't be killed, sabotaged, or secretly blocked.
To the contrarily, rival political individuals can map, with the help of ubiquitous wiretap, which people are a threat to their power. From that they can redirect police "focus" to either crack down on such threat directly, or any support group they might have. Political figures are commonly the second largest requester for domestic intel, only second to the secret police.
Ah yes, because data gathered by intelligence agencies have never been used for political and personal gain. And everything that goes on in politics is transparent, above board and immaculately honest through and through. Nepotism, cronyism, corruption, and the like only exists in hollywood movies.
And they never get the wrong guy. They always get the right guy.
As long as nobody is inconvenienced it can't possibly be bad. Right?
How do we know that we have a functioning democracy?
If I run for congress against a candidate strongly favored by this or a future administration, how do I know that my telephone call records aren't being leaked to the opposition?
Or worse, how do I know that the people running these programs aren't using a decade of collected data to influence vulnerable politicians? How do I know if someone in the NSA isn't blackmailing the President?
Who is watching the watchers? Some kangaroo secret court, who the intelligence community has had broad authority to ignore?
What really bugs me about this discussion is that all this has been going on for years for foreigners, and nobody denies it. It's apparently ok that these companies and agencies spy on everyone but US citizens.
Don't get me wrong, it's bad that they do this to US citizens, but at least it's your government (doesn't make it better, I know, but still.)
>We have rights to privacy and protection from unreasonable search and seizure.
I want those rights too. I might have them on paper (since it's a democracy here in Europe as well, and there are agreements), but it seems like nobody in charge cares either way.
> If you -- Hacker News reader -- decided to run for congress tomorrow, you might not win, but you won't be killed, sabotaged, or secretly blocked.
I cannot run. I'm not from the US. I can't even vote. I can try to make my government do something about it, but you know how that goes.
"These are national security assets: evidence gathered here will never be used in a drug case, or a tax evasion case. Why not? These tools exist for the bigger fish"
Yes, "national security assets" would never be used for silly things like the war on drugs:
That is the problem with this sort of argument. Things done to catch terrorists usually wind up being used for law enforcement purposes years down the road. Terrorism just is not common enough to justify the expenditure; eventually, after the well-connected companies and contractors have laughed their way to the bank, some politician comes in and says, "This is a waste of money, but it would be less wasteful to use it to help our poor, overburdened cops!"
I appreciate the thoughtfulness of your comment. But even if the scope of this program were somehow limited in perpetuity to large-scale terrorism, the massive, centralized storage of every online citizen's Internet history should be frightening to everyone. In other news today, it was revealed that Chinese hackers targeted the Obama and McCain campaigns in '08. What happens when there is a breach in the NSA surveillance database and your individual Google search history is posted openly alongside your browsing history, emails, and Skype chats?
>" These are what the government is worried about, and they're not going to risk revealing their methods for something lesser."
Well, thats a simplistic view of what the government is worried about.
The government is worried about the safety of THIER POSITION OF POWER - nothing less.
The information gathered will be used 100% to defend their position of power. The power of the system.
The peoples sentiment and the position of society as it pertains to not uprising against the leeching system of power that sits on top of the people is what they are after.
In more direct words; the military-industrial complex that profits from 99.99% of the worlds population will take every measure to make sure that you remain a consuming, productive asset to their vast wealth.
Warren Buffett isn't a valid reference on nuclear terrorism, first of all.
Second, his calculation is bogus, amusingly enough. The odds of the actual event occuring don't improve every year that goes by. That's assumes everything is static and unstoppable to begin with, among other false assumptions embedded into it.
It'd be like saying: given enough time, a nuclear bomb will go off in Greenland. That's not true at all, but if you calculated using Buffett's false premise, then yes, after N years it would have to happen (because his premise is that there's N chance per year, and then he treats the equation like a coin flip, where eventually it is supposed to be 99.99999% likely to land on heads, but that's false because every flip is independent of the last flip in reality; his calculation only works in an artificial reality / vacuum). In actuality, a nuclear attack could just as easily occur tomorrow morning as 80 years from now, and that completely debunks Buffett's point.
Do you think these ultra-high value targets - the ones with these ex-Soviet nukes or weaponized anthrax stored in their basements - are posting on Facebook, using gmail, or using traceable mobile phones?
> It's important to remember that we still have a functioning democracy. If you -- Hacker News reader -- decided to run for congress tomorrow, you might not win, but you won't be killed, sabotaged, or secretly blocked. While some individual politicans may be corrupt, the system broadly is not.
If I, the Hacker News reader, decided to run for Congress tomorrow, I would run against an incumbent whose district has been gerrymandered to statistically guarantee his reelection and whose colleagues in the House can distribute nationally-raised money to in case that's not enough of a guarantee.
If I, the Hacker News reader, voted for a guy who spoke convincingly in favor of civil liberties and against warrantless wiretapping, I would have discovered that once he was elected, he had been lying to me all along.
If I, the Hacker News reader, ever gained enough power and influence to really affect things, who's to say I won't be found dead? For all the public knows, I could have been killed by any lone gunman, just like Martin Luther King, Malcolm X, or John or Bobby Kennedy. Then I just turn into a harmless, martyred caricature rather than as a living, thinking human being--nothing subversive there.
If we still have a functioning democracy, then try and convince the people that there's nothing to fear from these kinds of programs. If the NSA has nothing to hide, it has nothing to fear.
It's important to remember that we still have a functioning democracy. If you -- Hacker News reader -- decided to run for congress tomorrow, you might not win, but you won't be killed, sabotaged, or secretly blocked. Well the IRS may just decide to target you:D
The problem isn't so much the collection of the data, it's that checks and balances that are in place are completely opaque to public scrutiny. Everything is classified
> I think it's interesting to ask why these programs are so widely hated.
Well as someone with a history degree let me explain....
> These are national security assets: evidence gathered here will never be used in a drug case, or a tax evasion case. Why not? These tools exist for the bigger fish: the dozens of Soviet-era nuclear weapons believed to be missing, or the small amounts of dangerous pathogens that periodically vanish from research labs. These are what the government is worried about, and they're not going to risk revealing their methods for something lesser.
I think that misses the historical abuses here. The question is who decides what is a big fish or not and on what criteria. Additionally what happens to the bigger fish when they are just good enough at hiding evidence that they cannot be prosecuted for bigger fish crimes (or more to the point when the NSA thinks this is what is happening)? Don't you think that at that point, those vast archives would not be repurposed to answer the demand to "find me the crime?" And given the vagueness of many federal laws, don't you think that would be an easy task on anyone?
The problem isn't in prosecuting people who unambiguously broke the law. The problem is in making those vast resources available to carry out the fight against the "bigger fish" by any means necessary. This enables an environment where "show me the man and I'll find you the crime" becomes an acceptable way to deal with "bad people" (but "being bad" is unconstitutionally vague as a criminal statute). This sort of thing is entirely common in history, from the Star Chamber to the FISC, and from antiquity to the present.
> These are what the government is worried about, and they're not going to risk revealing their methods for something lesser.
Ok, so suppose a senator starts leaking classified information of this sort. Do you think that such archives might be useful for ensuring that all manner of vague federal felony prosecutions could be used to silence and discredit him? Does he become a big fish at that point?
> Warren Buffet has predicted a major nuclear terrorist attack on an American city to be a "virtual certainty" given enough time.
Sure, it's a virtual certainty given enough time. However, suppose we get incredibly unlucky and one gets through every 100 years or so. The personal risk to an American is insignificant compared to all manner of things we take for granted every day (such as driving home from work). Saying this makes us safer just doesn't cut it.
> What counts as "terrorism" is political, after all.
Bingo. The KKK has been called terrorist before (in fact Justice Thomas said as much in one of his dissents, where he argued that cross burning was unprotected by the first amendment), but if we give up the first amendment regarding terrorism don't we go right back to the McCarthy era before Yates v. United States was decided and terrorism and sedition prosecutions were common for the mere act of distributing writings of Karl Marx?
> It's important to remember that we still have a functioning democracy.
The facade of one at least. We all know who is really in power and it is not the people.
> If you -- Hacker News reader -- decided to run for congress tomorrow, you might not win, but you won't be killed, sabotaged, or secretly blocked. While some individual politicans may be corrupt, the system broadly is not.
Being in Indonesia, in a place obviously corrupt, and seeing how things function, has given me a very different look at corruption in the US. I don't concur with your assessment about corruption. Americans are just a lot more refined about it.
If you are so sure that the system isn't corrupt, then who do you think would get a harsher sentence in court, the poor black man with three grams of crack cocaine or the suburban white man with 20 pot plants or 50 grams of powder cocaine? Defence atty Billy Murphy has sometimes said that drug legalization is working for the upper classes because they just get probation and treatment, and so it is time to bring it to the lower classes. Moreover every attempt to make the system more predictable just pushes the actual decisions to smaller groups of people. Mandatory sentencing for example shifts power from judges to prosecutors. A government of laws is thus nothing more than a convenient fiction we use to avoid holding certain people accountable.
> These programs, hidden in the background, don't inconvenience you, or lead to loss of freedom or property.
That's totally false. As you put it, terrorism is politically defined. Giving the government dragnet surveillance powers in the fight against a politically defined and vague thing essentially restricts political freedom. Would you say that the USAPATRIOT, AEDPA, and friends do not restrict the ability to start up a Hamas USA political party? No you wouldn't and you couldn't after HPL v Holder. But you can't differentiate any of this from what our country went through with the Smith Act before it was castrated (thankfully) by the Supreme Court in Yates v. United States.
In the words of singer-songwriter Jack Warshaw in a song written about another era,
They came for Sacco, Vanzetti, Connoly, and Pearce in their time
They came for Newton and Seale, and the Panthers and some of their friends
In Boston, Chicago, Santiago, Warsaw and Belfast
And places that never make headlines, the list never ends
....
They say that here we are free to live our lives as we please
To march and to write and to sing as long as we do it alone
But do it together with comrades united and strong
And they'll take you away for long rest with walls and barbed wire for a home
The song echos essentially a fear of the use of law enforcement powers generally to be used to crack down on groups deemed politically troublesome (Sacco and Vanzetti were tried for murder but there has been a long tradition of seeing them as innocent targets due to their anarchist affiliations, Connoly and Pearce were involved in the Easter Uprising in Ireland, Newton and Seale were prosecuted for various things related to their involvement with the Black Panthers.
There is a long tradition in this country of seeing certain groups as political prisoners (whether the Panthers or the Molly MacGuires) and a tradition which is founded on actual experience (whether Martin Luther King or the Communist Party USA). You can't sweep all that under the rug and say that 9/11 made all that obsolete. The fears are real and whether in any individual case historicaly there may or may not have been real justice done the fact remains that political prisoners have existed in our country at various times (there are reasons to think that Sacco and Vanzetti may have actually been guilty of murder, but their trial was not fair regardless, and there is no doubt that people were thrown in jail at one point for merely distributing Marxist literature).
This comment really does an excellent job of articulating why this sort of surveillance is a bad thing. I find it really frustrating when people question why we'd want to prevent the government from having unlimited ability to spy on the citizenry - because it's been tried before countless times and it generally doesn't go so well. The fact that we're able to do it even more efficiently than ever should make people more concerned, not less.
> It's important to remember that we still have a functioning democracy
You do not have a functioning democracy when the top military intelligence officers lie to elected representatives about the existence of a massive domestic surveillance apparatus.
Let's see. Besides the scary terrorists they have phone records going back to at least 2006 of reporters talking to sources, government and business whistleblowers, all kinds of business negotiations, powerful people calling prostitutes or drug dealers, political rivals, activists and protesters and on and on. It's every other phone call made. And we are not allowed to know what protections they have on database access or what their data retention is. It's almost guaranteed it will be abused if it hasn't already, which we wouldn't be allowed to know either.
Well, our collective democracies are less than perfect; easily swayed by money and special interests, not least the special interests of government agents and other civil servants. Like many (most?) organizations, government is necessarily self-serving, (or self-perpetuating at the very least) and the power imbalance that is amplified by technological change is directed first and foremost at the preservation and survival of the very institutions that hold the reigns. Normally, we might direct our attention to our systems of checks and balances to redress any imbalance of power, but these systems were designed in an age where modern technological capabilities were simply inconceivable, much less effectively planned for. We are only starting to tentatively explore the potentially monumental implications of this shift in the balance of power. Whilst it pains me to admit this, my advice is to admit defeat, to recognize that our privacy (and with it, our freedom) has been irrevocably compromised, and to do what we can to ensure our own individual survival over the coming decades: to wit, offer our full-throated support for whatever objective the agencies claim to be currently pursuing, and to learn to be more guarded and more circumspect about what we say and think. ("I for one welcome our new silicon overlords" etc... etc...).
But the incentives the intelligence apparatus have to not use any data collected here against anyone for reasons less than "real" terrorism are strong enough
FBI has been using National Security Letters for drug cases. In fact, I believe 80-90% of NSL's were used in drug cases. I remember seeing a leak a while ago.
> I think it's interesting to ask why these programs are so widely hated.
They're not widely hated. I just polled my family: wife, mom, dad, and infant. None of them care. I don't really either, though I guess all else being equal I'd prefer it if they didn't collect this information. Anecdotal, I know, but I'd hazard a guess its representative.
>>Warren Buffet has predicted a major nuclear terrorist attack on an American city to be a "virtual certainty" given enough time.
Everything is a certainty given enough time.
In addition, Mr. Buffet may be a great investor, but what exactly how much would he know about terrorists or nuclear weapons? Probably as much as you and I.
Because the facts of each iteration can completely alter the whole chain.
This is the argument that if you flip a coin enough times, heads MUST come up. But that is in fact not true. Each flip is completely independent of the last flip. Given enough time, there is in fact no law that says heads must occur.
Real life events work much the same way. Any given event can be interrupted. The 'everything is certain' premise doesn't work if a human exists and can stop or alter the process with free will (in any number of a zillion variable ways). For example, Buffett's calculation says that after, say, 100 years a nuclear bomb essentially must have gone off, but that's not true at all, because people can always stop it from happening and interrupt the theoretical math calculation (which only actually exists in a 'vacuum'). In any given year, the odds are N, but that does not in fact compound into following years inherently.
>>This is the argument that if you flip a coin enough times, heads MUST come up
No, it's the argument that given enough time, it is certain that something as unlikely as a direct meteorite strike on Earth will happen. Low probability x infinite timeframe = %100 occurrence
Buffett (via Berkshire Hathaway) has made huge amounts of money selling insurance against catastrophes. This includes natural disasters such as earthquakes, tsunamis, and floods, as well as other catastrophic events including terrorism.
Yes, of course. I was pointing out that Buffett has thought more carefully about terrorism risks than most people, since his business has written very large insurance policies providing (limited) terrorism coverage.
Buffett's insurance business took a $2.4 billion underwriting loss from the 9/11/2001 terrorist attacks. The insurance industry as a whole paid $33 billion in claims (in 2001 dollars).
Right, you probably wouldn't get terrorism coverage as part of your homeowner's policy. However, terrorism insurance is big business! Berkshire Hathaway has extended coverage to airlines, the World Cup, the Sears Tower, etc.
That's because terrorism wasn't specifically defined as an "act of war" for general risk policies under the underwriting standards of the time. (although anything nuke has been excluded for many years) War requires a nation-state actor. Terrorism is a broader concept.
"These are national security assets: evidence gathered
here will never be used in a drug case, or a tax evasion
case."
The evidence gathered doesn't need to be used in a drug case directly in order to provide value. The information being collected is sufficiently broad and inclusive to give law enforcement more than enough leads they would not have already had. The discovery process required to determine if such a system were misappropriated for anything more than these national security concerns would be overly burdensome for any defendant in a court of law, especially when said defendants are spending every penny on just trying to remain free.
Jesus I dont even know where to start. Do you even live in America??
> I think it's interesting to ask why these programs are so widely hated.
Because most people do not like when bunch of geeks are laughing at their pillow talk or sex talk with wife over the phone? Because we have a right to privacy, like most human beings..?
> These are national security assets: evidence gathered here will never be used in a drug case, or a tax evasion case.
And you know this because of what??
> Why not? These tools exist for the bigger fish: the dozens of Soviet-era nuclear weapons believed to be missing, or the small amounts of dangerous pathogens that periodically vanish from research labs.
Just exactly what was the last time you heard government proudly announcing they were able to stop a pathogens spread attack? Or nuclear weapon being recovered? Give me a break! They couldn't even stop two morans with pressure cookers in Boston and you trying to tell me they will track some pathogens that vanished from a lab??
> Ok, but no one here is going to argue that stopping terrorism is bad: the problem is in how we define terrorism.
How about this: terrorism is when you secretly drone a group of people in Afganistan and as a "collateral damage" you kill some 8 year old boy. Then his father happen to build up anger against americans, board a plane and walk to Times Square to detonate his vest. He is a terrorist, right? I mean, you barely heard about some children being droned by accident, and then you have Manning facing possible capital punishment for releasing materials like Apache "mistake" attack on civilians. But sure you will hear about that fanatic detonating on us soil.
You want to stop terrorism? Fine! Immidiately withdraw ALL troops from ALL foreign soils: Iraq, Afganistan, everywhere where americans are sticking their nose where it doesn't belong to! How on earth are they protecting us soil by occupying Iraq, for crying out loud?? Once you stop invading countries, dronning innocent people, you will all of sudden see nobody cares about coming to america and blowing themselves up.
> It's important to remember that we still have a functioning democracy.
No we don't. Money buys power, power buys money. When you big and powerful enough, you are innocent regardless of charges. You are "too big to fail", or other crap. You are given billions of tax payers money to survive while others bankrupt. Democracy ended in 60s.
> If you -- Hacker News reader -- decided to run for congress tomorrow, you might not win, but you won't be killed, sabotaged, or secretly blocked.
Oh okay so for that reason let's stop the human kind progress here and just gave up everything because since we are not following example of some African countries, then everything will always be fine.
> While some individual politicans may be corrupt, the system broadly is not.
How about this: while system broadly is corrupt, some individual politicans are not.
> These programs are enforcement mechanisms; the laws themselves are still made by the people,
No they are not. They are made by entities; government entities. You watch news lately? Bengatzi 9 months later - no answers, no one guilty, no one brought to justice, Rice promoted. Fast and Furious - One US marschall dead -- noone found guilty, noone brought to justice, IRS -- same story plus individual taking 5th. People in government ARE NOT accountable and until this changes up to bringing criminal charges (against people like the one in charge of lavish $50MM spending at IRS), noone will care or be scared!
> While we as a population may argue about social issues like gay marriage and abortion, our government is not fascist.
Read the definition on Wikipedia. We are in fact very close to it.
Sentiments like this bring despots to power and further cultivate erosion of the democratic process.
I can only applaud to secret agencies for this fine job of creating a favorable public opinion on the matter that would had been deemed atrocious only a decade ago.
Was a Republic. I think it could be argued that the US is no longer fully governed by the Constitution. The only debate, in my opinion, is when the Republic died. When Nixon killed the last part of the gold standard, unleashing perpetual war, and nearly unlimited funding for the military industrial complex (including the NSA / CIA / FBI) by printing / Federal Reserve financing? The 1930s when FDR massively expanded the reach of the Federal Government? 2001 under Bush? 1913 with the founding of the Federal Reserve?
Non-democratic republics include 18th-century USA, where only white male landowners could vote. Democratic non-republics include the UK, which is a monarchy. "Republicanism" and "democracy" are orthogonal concepts.
Funny, that's what they said about the PATRIOT act, yet virtually all invocations of said act have had nothing to do with terrorism (e.g. drug arrests). If you give the government these powers you are assuming there will never be someone in charge of this information who is corrupt. But corrupt people are already in charge of it! This will only get worse.
>Warren Buffet has predicted a major nuclear terrorist attack on an American city to be a "virtual certainty" given enough time.
Buffet probably has no idea what would be involved in pulling off a nuclear attack. Hint: "dirty bombs" is just made up nonsense.
If I had the money to make it interesting for him, I'd take a long bet on this one and even leave it open ended. I'm sure we'll all be dead before it happens.
>Ok, but no one here is going to argue that stopping terrorism is bad
I do. Terrorism isn't a legitimate concern for the US. Over the last 30 years, we've had around 100 deaths per year. That about a drop of piss in the ocean. Not worth even thinking about for one second. Us all those resources to do something that would have an effect like fighting cancer, making highways safer, etc.
Fighting terrorism as the US does is like doing extreme chemo therapy for a sniffle.
>It's important to remember that we still have a functioning democracy.
Really? Go look up some executive orders that have come out of the president's office (past as well as present). This paragraph is more a hope about how things should be then proof of how they are. Ask yourself how you can know any of it's true. It's legal to take pictures of cops, yet if you do it you could end in jail anyway. It's illegal for cops to rape and murder, yet it happens and often enough with no real consequence to the cop.
>Extreme efforts such as these may still be insufficient to prevent New York from being destroyed by terrorists.
Then why bother? We're only giving corrupt people unchecked power to lord over us and we're getting back a small chance that we might possible prevent some attack that might possibly happen (but if you look at the actual history of terrorist attacks, they usually fail from their own incompetence).
>However, do not forget that we can't see NSA success stories.
Then why would we assume any exist. The onus is on those who violate us to prove it's providing some value.
>hidden in the background, don't inconvenience you, or lead to loss of freedom or property.
Of course they do. They expose we to the whims of low paid morons on power trips.
> But the incentives the intelligence apparatus have to not use any data collected here against anyone for reasons less than "real" terrorism are strong enough, that I think it's not open-and-shut.
Complete and utter bullshit. Have you actually looked at e.g. what the PATRIOT act has actually been used for? Hint: terrorism is line noise in the application of that act. It's used for almost anything but.
Fortunately, the government that would put them into prison is our government. If we don't want them to go to jail, it's up to us to ensure that their rights are upheld.
An important thing to know here is how compartmentalization works.
On one hand, it's to help limit classified information to those with a need-to-know.
On the other hand, it's used to mislead oversight and limit the visible scope of an overall goal.
So while it may be technically true that PRISM is only doing x, there may be a separate compartment (called, say FROGBUTT or whatever) that performs the sister role of y in support of PRISM.
This is how intelligence agencies hide and mislead the public. They say "Yeah, we do have a program called FROGBUTT that collects call metadata, but we don't collect personal information or examine the contents of a call." What they don't mention is that they have another companion program called LIZARDDICK that does collect that accompanying personal information, and they have yet another program called COWBONG that collects the contents of calls.
This is how this work. Plausible deniability, onion layers, confusion. Combine this with the fact they periodically change compartment program names, and it gets exponential.
See also: RAGTIME, THINTHREAD, STELLAR WIND, TRAILBLAZER, etc
Edit: Just saw the portion markings (the stuff on the slides that says their classification level), and I'm going to change my judgement to "this was pretty classified." And whoever released these slides to the public is going to jail for violating the NDA they signed. Jail for quite a few years for knowingly revealing TS information. I'll leave my previous comment below so you won't think I erased anything.
My problem is how they portray this. Direct from the article:
"The highly classified program, code-named PRISM, "
and also:
"The technology companies, which participate knowingly in PRISM operations, include most of the dominant global players of Silicon Valley."
If you have numerous (non-government contractor type) companies knowingly participating in the program, then it isn't "highly classified." And if you thought that your communications were private then you were fooling yourself. Even Tor, the darling of the EFF, was initially developed by the Navy. It's very tough for people to communicate electronically these days without the government being able to listen in.
No, I was suggesting that the government has touched things that many people don't realize. There might not be an explicit backdoor in the code, but it's quite possible there is a vulnerability that the government can exploit. I'm not saying that there is, but if there was it wouldn't be publicized and they'd be milking it for all it was worth before someone else discovers the hole and fixes it.
Perhaps whomever leaked it regarded it as essential to upholding an oath of office. 'preserve, protect, and defend the Constitution of the United States.... '
That could certainly be the case. The only two plausible reasons for leaking classified information are moral convictions or personal gain (selling it to the news or a foreign country). Edit: Maybe three reasons. Blackmail/extortion is a possibility that doesn't quite fall into the personal gain category.
However noble the intention, it doesn't change the fact that everyone who has access to that information has signed an NDA and been through a security indoctrination (indoc used without the negative connotation in this case). They knew exactly what the punishment is for what they did. The jury that would nullify that would be a rare find in the US. It's basically zero probability if it was a military member subject to the UCMJ.
> "In 2008, Congress gave the Justice Department authority to for a secret order from the Foreign Surveillance Intelligence Court to compel a reluctant company “to comply.”"
One more reason FISA is one sick, disgusting piece of legislation, and it was just extended to 2017, last year - yet too many were dormant when all of it was going down.
> One more reason FISA is one sick, disgusting piece of legislation, and it was just extended to 2017, last year.
I think you are confusing the nature of FISA -- a piece of legislation designed to constrain excessive executive domestic surveillance passed in the wake of widespread and highly politicized abuses by the Nixon Administration -- and recent amendments to FISA to expand the scope of allowed surveillance that were passed under the justification of the necessities of the "War on Terror".
The odds are very high that users on HN have helped implement these systems. The more we know about how it works and what can be done to stay secure would be of upmost interest...
I can't help think that if this were the 1970s and we were talking about the post office and phone company automatically forwarding copies of all communications to the us gov't, there would be riots in the streets. Oh how things have changed.
"Is BitTorrent Sync open-source?
BitTorrent Sync isn't open source software, and no announcements have been made to indicate that this will likely change."[1]
My thoughts exactly. I'm certainly going to be looking at other options, including BitTorrent Sync. As useful as Dropbox may be, it's something I'd be willing to do without if this is true.
How about some kind of non-violent mass protest, it worked for sopa? A million geeks have quite a lot of power, if its focused at one point in time.
What would be the most effective form of protest?
Examples :
Everyone call random phone number on their mobile phones at exactly the same time "Hi, Im your friendly geek, just wanted you to know this conversation is being monitored"
Everyone use TOR for one week.
Everyone tweet "You are being spied on by the US government" at the same time ?
Basically the protest needs to drive home the massive swell of opposition on the issue - so that both sides of the house see it as a political survival necessity to reduce state sponsored surveillance.
How about creating a website which allows us all to find a pen-friend in Iran, Gaza, Yemen, Afghanistan or wherever, and we send regular (e.g. weekly) communications to that person. It would be a good thing to do anyway.
Very interesting that the NSA's own material refers to Facebook's "surveillance" features:
With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”
Would such a massive undertaking be possible without the knowledge of the regular developers working at these companies? Some big names on that list, like Facebook (and I think Dropbox was 'coming soon'). If developers at these companies knew about these measures, I'm really skeptical in believing that it took an intelligence officer to expose this story. Chances would be much higher of devs at these companies (chances being good that some of them are the reddit/HN libertarian types) would have exposed this long ago.
Is such an operation feasible without the knowledge of hundreds of Google/facebook/other engineers?
I had the same question and it leads me to believe the companies saying they had no idea. Someone at Google/MS/Facebook would almost surely notice those extra servers over there, all that extra network traffic going somewhere, or those cables that seem to go into a locked closet.
I think it's far more likely this is built off the back of the data they're already known to be sucking down via major exchanges.
A national security letter for the TLS certs and you can take what you want, when you want off straight from the stream of packets.
I am convicted hacker that got caught through the patriot act (which was to catch terrorists)[0].
The biggest two lessons I learned from what I did was..1) if I can't tell someone what I'm doing it's probably wrong (I was 19 when I hacked Google, Etrade, and Schwab and thought it was ok)...and 2) if I have nothing to hide, then I shouldn't care to use the internet.
All this is really is confirmation more than a discovery.
The "I have nothing to hide" meme needs to die with a stake through the heart, garlic wrapped around it's neck, and with a gallon of holy water poured over it.
Looking at all the spiffy official "Top Secret" warnings on top of all the slides, it seems that maybe this ties into previous WaPo stories about the "top secret" spying mentality in the Mil-Ind-Complex since 9/11. The top spooks tried to get an account of all the "top secret" programs and clearances going on in all the intelligence/law enforcement agencies and found that there were so many that were shielded away from oversight that it was impossible to get an accounting of everything the government was up to.
Well, what concerns me most here is this: The US Government is in a spot wrt US citizens and US homeland, blanket surveillance on the rest of the world seems fair game.
Sure, the law would not protect the 'aliens'. Concerned citizens should look at being aware of alternative tools that would minimize possibility of the US Gov eavesdropping, inadvertently or otherwise. Perhaps a system of opensource OSs, TOR logins and specially crafted logins, on pre-identified low risk networks. thoughts?
As a Kiwi it saddens me that the US and (and to some extent) NZ are descending into the style of government they proclaim to defend the world from.
If they are going to spy on their own citizens, why not protest by giving them something to spy on and hopefully increase their work load to something unmanageable.
I propose peppering every phone call, email comment etc with some choice trigger words of the day Al Queda.
Perhaps some hacker could come up with a plugin to do it automatically for us?
Good idea. A similar plan would be that everyone starts a pen pal relationship with someone in Iran, Afganistan, Yemen, Gaza or somewhere similarly likely to attract attention and we send weekly emails and texts to them. If enough people do that it could be an annoyance for the spies. It would also be a good thing to do.
A depressing historical fact: The FISA Court that for the past decade has been warped into a protective shield for these sorts of operations was established in 1978 to prevent this from happening again. See: Project SHAMROCK, http://en.wikipedia.org/wiki/Project_SHAMROCK.
There was a time when those in the Intelligence Community had this lesson burned into their brains.
If you are interested in looking into this more, I highly recommend the documentary which is coming out called terms and conditions may apply. It explores how companies are giving this information to the govt willingly + it is stated in their terms and conditions.
I have two questions for which I couldn't find the answer:
1 - Will these companies provide data from all users or only US citizens?
2 - Who has access to the data? Only people working on this program at US intelligence or a wider set of people? For instance, can they look up my emails, photos and so on if I am about to be interview for high profile government job?
Does anyone know how much the Gov't agencies pay for this data?
I'm guessing here, but it seems logical. There must be some kind of economic benefit for Facebook, Google, AT&T, Verizon, etc. to save and provide this data. Perhaps they even help organize it for the "requesting entities".
US or else, I wouldn't trust other governments either, even if you trust governments, your cloud provider could still get hacked and even if it doesn't get hacked you still have to trust a third party: your cloud provider. If you're storing stuff on the cloud, encrypting it on the client first is probably the only way to get (pretty good) privacy.
Probably slightly safer using a US hosting company. At least some civil rights apply but I don't think there are any rules against the NSA spying on people outside the US.
The story that the CIA sold cocaine is pretty much outside of the realm of conspiracy theories. The idea that spying agencies care about laws is ridiculous. Why should they? If they are doing their job right no one will ever know.
It would be so dead simple to do it right - just ask the people if they are willing to accept a certain amount of surveillance for more safety or if they are willing to take the additional risk but keep their privacy. And everybody could live happily.
Suddenly a phone conversation is looking like the most private way to communicate (short of self-hosting, encrypting, and being an all-around crypto-anarchist). At least then it's apparently just the “metadata”.
It's funny how people in the US hate government so much that they seem more outraged by a national agency collecting meta-data for antiterrorism purpose, than private company collecting content for ad targeting.
In the previous century governments killed upwards of a quarter billion of their own people; I'm unaware of any even vaguely comparable mass murders by corporations.
Well, don't know how many people the tobacco industry killed those recent years, but that's got to be pretty big for someone who's not part of a war.
One may also argue that a dictatorship pretty much makes a state work like a corporation : you don't have anything to say about the way the thing is run.
Dropbox better come out ASAP with a formal response to this. But honestly, it might not even matter because if the NSA has targeted Dropbox, any betting man would say that it is already part of the problem.
If Dropbox is handed a National Security Letter (NSL), unless they want to go to Federal prison their people have no choice but to lie about it.
Look at some of the discussions where these companies' carefully worded denials are parsed, they aren't really denying it. E.g. "back doors" aren't an issue when a NSL is used to come through the front door.
It's not very fair to call this "mining." Mining has a specific meaning, and implies you have general read access, which is not true in this case. They actually have very narrow, operational read access.
Well, I can confidently assume that the NSA has spied on me in the past, and I know exactly what dirt they have on me. I am just waiting to see if / when / how they use it.
What bothers me is that Apple and Microsoft have both been cooperative. It's not much of a leap to think that the NSA has a backdoor into Windows, MacOS, and iOS now either.
Are the Guardian and Washington Post going to explain why their "PRISM" slides are different? (Guardian has no arrow head, and red rectangle behind logo in upper right)
Apple was pretty late (Oct 2012) and I wonder if Jobs was a hold up, it's a full year after his death (Oct 2011). Google, sadly, came on board very early (2009).
you guys all knew about the surveillance sinse the eary 90´s, and i dont mean all the non tech guys, i mean you.It was all about the foreigners, so you dont care. Echelon was all about the non-american, so nobody cares at all. My sympathy now for you is so close to zero, like same sympathy you have shown in the past
It's really hard not to leak information. This is just a guess, but if they see you doing something they don't like but can't decrypt, they can check their huge PRISM database for your ip. Even if you do a good job at hiding who you are, communication outside of the encrypted channel you are using might reveal yourself.
Also they have their hooks in Microsoft and Apple. It stands to reason that means a backdoor in each of the operating systems, as well.
You'd have to really be paranoid to avoid this. Using an opensource OS find an open access point, with no surveillance cameras anywhere, use it only for your encrypted communication and nothing else, and then leave and never come back. And obviously, don't bring a cellphone with you.
Considering this was top secret, I would bet that a lot of persons of interest didn't know about PRISM either, making it a lot harder to realize that they fucked up.
Why so much cries? As long as operators has all kind of logs anyway (location, calls, IP sessions) it is only matter of time that authorities will use it with this or that pretext.
In countries like Russia where police and intelligence services have unlimited power, every provider is obliged to collect and keep such logs for use of authorities.
The first thing that authorities around the globe are copying from each other is any kind of scam that gives them even an illusion of more "control" over the people. Why should it be different in US?)
And of course, such programs are great opportunities to allocate and "utilize" (read: steal) millions of government money.
Devil's advocate, here: As long as it's restricted to terrorism investigations I don't care. If it stops bombs from going off go ahead and snoop through Facebook's database, big deal.
If it ever trickles down to DEA or local police then it's a problem. If secret courts and SQL dumps become standard procedure then everything falls apart. If this is considered constitutional I don't know how you're going to tell Officer Shitforbrains he can't look at your phone records and Google search history to find out where you bought that joint.
Watch this, then ask yourself how you feel (if it doesn't go directly to 6:40, fastforward to it, then watch for 30 seconds):
https://www.youtube.com/watch?v=QwiUVUJmGjs&feature=yout...
I understand about various interpretations of "collect", "intercept", "analyze", etc. Just watch the video, and ask yourself how you feel. Please know that I'm not telling you how to feel, just providing a small snippet of a conversation. Why do you feel that way, and what does that feeling say about you, or your society?
Originally found in a comment: https://news.ycombinator.com/item?id=5835025