IT IS HEREBY ORDERED that, the Custodian of Records shall produce to the National Security Agency (NSA) upon service of this Order, and continue production on an ongoing daily basis thereafter for the duration of this Order, unless otherwise ordered by the Court, an electronic copy of the following tangible things: all call detail records or "telephony metadata" created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.
It was approved (reapproved?) on April 25, and valid until mid July, and scheduled for declassification in (oops!) 2038. Interesting to note that this order was directed at Verizon, but presumably other carriers have received similar ones?
Now that we know that every call is being slurped up by the surveillance-monster, people can no longer bury their heads in the "but they're only snooping on the 'bad guys'" sand. Maybe — though doubtfully — that will finally raise some broader public ire.
> Now that we know that every call is being slurped up by the surveillance-monster
This order authorizes metadata about every call, explicitly not including names, addresses, financial information, or the actual contents of the call.
From the order:
> Telephony metadata does not include the substantive content of any communication, as defined by 18 U.S. §2510(8), or the name, address, or financial information of a subscriber or customer.
> explicitly not including names, addresses, financial information
Hmm, so what is the point in even collecting if they don't have the names and addresses?
Are you implying that they see 555-444-1234 called 555-444-1235 for 5 minutes and they would have no idea who called who? Why are they bothering. We know government contractor and employment opportunities probably doesn't attract the brightest out there, but you'd think someone would let them know their own data is useless.
It would seem to me they can just do a reverse white pages search and get everything they need. That additional wording "does not include substantive content..." is there as a diversion. "Oh look nothing to worry here..."
> I am copying verbatim or summarizing the FISA order
Why are you doing that? Did you randomly select and copy parts of text or did you pick that particular set of lines for a reason.
You also emphasized the word 'metadata'.
Now you can have a discussion or as soon as people respond to you, you can keep pointing out how they obviously guessed wrong your intentions, maybe finally someone will guess correctly, who knows, until then just reply in short snippets "i didn't say that", "nope not what i meant", "here is an exact quote of what i already wrote".
My goal was not to participate in this discussion at this particular time, but instead to read others' valuable opinions.
My reason for posting was to correct factual errors in the discussion. Factual errors seriously reduce the level of quality of discussions of topics such as this one. Things get much more interesting when people hone in on the nuanced elements of the actual fact pattern.
My replies were to correct people who seemed to think that my curation of quotes from the FISA order implied something about my views on whether the order is good or bad.
And now this is an attempt to make the whole series of responses clear.
I'm glad we have the (remnants of) FISA, to create a audit / "paper" trail that can be used to bring these things to light.
FISA has been sorely abused, but maybe it retained enough coherence to bring us, albeit "inadvertently", one last shred of accountability -- perhaps just in time.
We'll have to see where this goes, now that one document is out.
Its nice to finally see a glenn greenwald article on the front page for once. I have been reading him every day for years and i would highly recommend his entire body of work to anyone who is not familiar with it.
Agreed, he's been the only political writer I've followed for years. His articles makes me depressed a lot of the time, but it's more because nobody seems to pay attention to him...
Someone needs to find a way to make end to end encryption of phone calls a reality.
I can think of technical solutions but it's another matter to get adoption. Also it can't only be an app. The phone can not be trusted. I think you'd need a small device that connects via wifi to your phone and then run some encryption over the top of that. It could be very small with only speaker and mic capabilities. Then you'd have an app on your phone to initial calls and display incoming calls.
They are keeping track of meta-data, so they are amassing a huge database of who every American associates with over the phone. This "meta data" is a huge part of Signals Intelligence and is very useful even if you can't hear the call itself (which is not to say they are not recording those as well).
The only way around it would be a TOR like system (or a system running on TOR) to obfuscate who everyone talks to.
Ha! Funny you mention it, because guess who needs protected and secure phone communication without leaking metadata? ... Yap it is them, the government.
In this spec they define what a mobile device would have to do to be available and good enough to handle government's classified data. How do you know what NSA knows? Usually by looking at what it suggests for government's use. They allegedly know what is already cracked, insecure and exploitable. (For ex. they suggest a specific pattern of erasing hard drives with sensitive data, they might say do it in 3 passes, so maybe assume they can recover data in less than 3 passes, so it gives you a glimpse into what's happening).
So to cut to the chase, how does one hide metadata? Tunneling. You create a device that has some kind of a trusted boot mechanism, loads a trusted OS, and connecst to an exclusive VPN. Nothing enters or leaves the devices via a network that is not _the_ VPN network. Of course in their case the only metadata leaking is that this device is talking to government's central VPN server. Then there are TLS and SRTP channels created that encrypt the voice but metadata is presumably encrypted or hidden by the outer VPN.
Now that is for the government. Now you'd need to set up a a few trusted VPN servers around the world make sure your phone connect to them and all the calls are routed through them as well. That way you could hide the metadata... and probably eventually land on some black list of sorts... ;-) I kid...only slightly
[On a side note there is a known vulnerability in how compressed & encrypted voice data is transmitted that makes it reveal the contents, and that is by analyzing the statistical distribution of data (even encrypted) from that it is possible to deduce the message content -- http://www.cs.jhu.edu/~cwright/oakland08.pdf so, make sure to play relatively loud music in the background , well shit by now I am sure I am on some list somewhere...]
>On a side note there is a known vulnerability in how compressed & encrypted voice data is transmitted that makes it reveal the contents, and that is by analyzing the statistical distribution of data (even encrypted) from that it is possible to deduce the message content -- http://www.cs.jhu.edu/~cwright/oakland08.pdf so, make sure to play relatively loud music in the background
It seems like the better solution would be to just use fixed bitrate compression.
Well, technical solutions aren't the answer in cases like this. What we need is political buy-in. We need people to feel as we feel. If enough people felt that way, then this wouldn't be happening. And since not enough people feel that way, then no technical solution will matter, unfortunately.
I don't have a reference on hand to cite, but I recall more than one bit of reportage of studies of traffic analysis of this sort; the upshot was that researchers found in practice that it revealed a surprising amount about the network and nodes being studied -- more than they'd anticipated.
Encrypted content provides you no protection against this sort of analysis.
As others have said, end-to-end encryption this not solve the problem of calculating a persons social networks and the strength of those connections by correlating calling frequency and duration (as the information in the leaked court order could be used to do). For that you would need a Tor-like network. The Guardian Project have attempted to do some work in this area, sending VOIP over Tor, but the latency is quite high at the moment: so it requires using some of the old radio protocols when there was a possibility of interference and to make it clear when you had stopped talking "over and out", "roger" etc.
I know technical solutions to problems like this are the first ones that leap to mind to HNers, but IMHO they are exactly the wrong response.
Citizens of democratic societies should not have to hide their communications from their government. If their government violates this trust, the thing to do is to organize and turn those governments out of office. Encrypting phone calls doesn't solve the problem; the problem isn't the surveillance, it's the contempt for the law and the rights of citizens that the surveillance is just one manifestation of.
They're in the entertainment-as-news business, not news. I'm surprised this hasn't become apparent to everybody yet. I haven't bothered to check them for for news in years now. It like expecting the Food Channel to cover hurricanes.
The reason I check them is I figure they are a good 'average' of the news that the average american receives. I definitely know it is neither comprehensive, nor good reporting. But I'm sad for the fact that most Americans will hear more about honey-boo-boo (or whatever stupid entertainment stuff) on CNN than they will about NSA collecting their phone records.
"HLN, formerly known as CNN Headline News (often abbreviated as HN) and CNN2, is a cable television news channel...Since 2005, however, its format has increasingly shifted to long-form tabloid-, opinion-, crime-, and entertainment news-related programming."
I hope that anyone in the US who is outraged realizes that the only real chance for change on this topic is in electing like-minded representatives to Congress, and getting everyone you know to vote the same way. Your current senator or representative likely supports this sort of action already, and it's not a violation of current law.
It's not a party issue but rather a power issue, institutions that have it won't give it up on their own.
Imagine you just took office as President, you could technically order this to stop. Would you really?
If you do it, you'll piss off everyone in charge of homeland security. The second something bad happens, you know these people will do everything to undermine your authority. US elections are already about who's tough enough to protect the USA, imagine after that! Damn if you do, damn if you don't.
Reality is the people's desire for safety and security is the reason surveillance like this exists. Unless the USA stops doing things that make other people want to kill innocent americans, homeland spying, as unacceptable as it may be, is probably the only way to provide that security.
Not sure what the solution to shit like this is but I doubt it's like-minded representatives in Congress.
Unless the USA stops doing things that make other people want to kill innocent americans
Evil people, or people with evil intentions, exist. Period. Full stop. There will always be people who want to kill innocent Americans. Period. Full stop. Just as there will always be people who want to kill innocent $CITIZENS_OF_COUNTRY_NAME.
Blaming an entire country for the evil actions and intentions of people who kill innocents is a copout of fantastic proportions. The existence of evil (killing innocents) does not excuse more evil (the government of the United States committing unmitigated mass-scale Orwellian spying on the citizens of the United States).
Very true that evil exists and there will always be people with bad intentions. But you just can't dismiss that hatred saying it will always be at the scale it is no matter what you do.
No blame is put on an entire country but on the actions of its military and whoever/whatever drives those actions.
I also agree the existence of evil should not excuse more evil. Unfortunately, it seems it does in many people's mind.
I would expect people on this site to have a slightly more sophisticated understanding than that. There are these things called numbers. It's not a binary question of whether or not the actions of the USA are to blame for reactions against the USA, it's a question of whether the USA's actions cause more frequent aggressive reactions.
That logic is flawed. Some subset of instances of correlation reflect causation. A huge portion of scientific enquiry is based around establishing correlation because prior mechanistic, theoretic and empirical study deems a causative link plausible. Would you wish to do away with the collection of data on correlation? My comment was made in a context in which a causative link is clearly plausible (that American foreign policy makes people angry). Therefore quantitative study of American foreign policy actions and instances of angry foreigners would be a perfectly valid exercise. "Correlation is not causation" is a gentle reminder not to make facile inferences found in undergraduate textbooks -- you appear to be under the impression that it's some sort of death blow to scientific epistemology.
So, as with so many other things, start working to change the cultural narrative that it may inculcate commitments in the People to
(A) update their expectations of security to be in line with reality--namely that bad things happen and will happen, are unpredictable, and often unavoidable;
(2) increase their valuation of basic rights and liberties as provided in the Constitution and its amendments, as well as an expectation of vociferous resistance to any encroachments and weakening of said rights and liberties in light of (A) by any person;
(D) regularly invoke a zero-tolerance policy when elected or appointed political leaders trespass against (2).
That's why I think the outrage over these things unfortunately doesn't last - a majority of Americans want the government to have this power to fight terrorism even if they won't admit it.
The problem with a President who chooses to set aside enforcement or use of a law is that it's temporary and the next President is not bound by that decision. This isn't true of legislation.
Is it really a problem? There is no Constitutional violation and it's within the scope of a law duly passed by Congress. The people know it's happening (when the wiretapping thing came out under Bush), and have decided they don't care. Finally, the government isn't getting any information about you that you're not sharing with AT&T already.
Please don't write comments like this. Knowing your writing here, I can imagine you found the ideas in the parent comment offensive. But your comment contains literally nothing but an attack on the commenter himself.
But you're not hiding anything--you're exposing that information to AT&T.
I probably have a more "original intent" view of privacy than most people. I think privacy is about government intrusion on the sanctity of your home and your person. I struggle to understand how privacy comes into play for things that you don't even attempt to keep private (by virtue of sharing it with a "big evil corporation" like AT&T or Verizon).
You don't even have to change the laws. Just because a law authorizes the collection of this information doesn't mean that the executive branch has to do it. All we'd need to do is elect a president who would order the NSA to stop doing this.
And then when the next President comes along and supports these type of laws, he or she will use them again.
I think American voters blame too much on the President and let Congress off the hook constantly. If we want to change the laws we should motivate the people who wrote laws, not the person who executes them for 4 years at a time.
This is why I believe we need simple, widespread encryption that is enabled by default. There are many applications which offer strong guarantees, such as Silent Circle (for whom I work), RedPhone, and even iMessage is pretty secure, from what I gather.
Many chat clients have OTR support, SIP has ZRTP, etc. There are alternatives, unfortunately the really popular methods don't make security a priority.
Encryption wouldn't do you any good in this case. They're looking for who you are contacting, not what you're saying. You'd need to move all telephony onto something like Tor to get around this (and your ISP could still tell what end points you were connecting to, when you were connecting to them, etc).
Real-time synchronous communication ( like phone calls ) is pretty hard to hide, it uses bandwidth and takes up space on switches and needs low latency to work at all ( make a voip call to someplace that only has satellite internet to see how bad it can get ). If you're serious about hiding your communications; either build physical networks that you control and limit the amount of traffic visible to the public network ( i.e. trunking calls ) or send messages steganographically encrypted in pictures of your cat you post on Facebook.
Because they see no real market effect for 'real personal security'. People do care about privacy & security, but they don't physically understand how something like OTR works. Things like banking & tax apps putting in fake progress bars to make the app feel like it's 'more secure'. Or apps like snapchat that remove access for the standard user, but still leaves them on the phone after they are seen. Or your standard home lock.
It's not just link, it's also integrate and not effect performance and UX. Many of these apps are mobile & cross platform and have things like message sending to clients you've never connected to. Messages getting restored by the server if you re-install the client. Push notifications by another server, saved history and so on. Could it be done in a hackathon night?
Since everyone is pointing out that he actually resides in Brazil most of the time: that is not by choice, but because the U.S. won't permit his significant other to enter the country. His reporting focus is always the US. He was a US constitutional lawyer before becoming a journalist.
hahaha you're such a PRO! Leaving aside the fact he's "based" in Brazil, I predict he'll sign on at a USA paper or broadcaster the very moment such become willing to give him the same editorial freedom to report on USA legal issues he now enjoys at The Guardian: i.e., that will never happen.
The power cited is "50 USC § 1861 - Access to certain business records for foreign intelligence and international terrorism investigations" so the claim is just the metadata isn't a wiretap because it's a business record used for billing customers etc.
I assume that the cost and complexity of doing analysis on the millions (billions?) of phone calls daily limits even the government to metadata analysis, from which they likely issue orders for the contents of specific conversations based on statistical anomalies that may indicate whatever they're looking for.
Recording all US telephone calls costs only 2 million dollars for hard drives per year. Of course plus bandwidth costs, electricity and so on, but it is far less than at least I would have expect. Analyzing all the calls is of course a whole different story but I am not convinced it is not feasible or will become feasible in a not to distant future.
Thats hardly surprising, it is widely known or at least suspected that the NSA collects and stores all telephone communications, and not just metadata but the actual content as well. The capabilities of known and unknown US intelligence agencies are a state secret and the public will never know anything for sure.
Seriously. When the first executive to say 'no' to the government has his entire life put under a microscope and ends up going to prison for something 'unrelated' that they managed to dredge up -- yeah, people are going to draw the obvious conclusions.
Everyone should realize one thing that makes this news slightly less scary, but still scary nonetheless: the order only applies to "Verizon Business Network Services", which is not the entirety of Verizon Communications.
While this still means that the metadata from millions of phone calls by random people, possibly from phones not even on Verizon who were simply calling VBNS phones, have been vacuumed up by the government, it also means that not "all" Verizon phones are meta-tapped as the article seems to insinuate (tagline, picture caption).
Glenn has done incredible commentary and reporting for many, many years; I hope this story will be only the beginning of his contributions and shake-ups to the discourse and activism against the U.S. surveillance oligarchy. Anyone who hasn't been reading his pieces whenever they come out are missing a phenomenon in human history.
Although this only means that the order for VBNS was released - for all we know every telco could be under a similar order that just hasn't been leaked.
I mean, the only phone calls ever made are between individuals; but yes, this order only applies to calls involving VBNS phones, not all Verizon phones in general as this article implies and many MSM outlets are saying.
That makes it no less scary; VBNS has hundreds of thousands of customers and people who make calls to VBNS phones from unrelated also probably had their metadata sent to the government.
Wouldn't an enterprise's call records be by definition "business records" and not subject to the same protection as the communications of the people? I'd imagine a lot of VBNS customers are already subject to Sarbanes-Oxley and other regulations that require holding onto and turning over business records to interested parties.
Sure. It's called voting. But you don't get to pretend that you have no say in what the government is allowed to do just because the majority of voters don't care about your pet issues.
My mom doesn't care about electronic surveillance. Neither does my dad, or my wife. The vast majority of my friends (mostly non-techies), don't care. Just look at the success of Facebook and Google. People don't care about electronic privacy in general, and most don't try to draw strained distinctions between data they freely share with big corporations and data they think is okay for the government to have. A lot of them do care about preventing terrorism, however. So how can you sit there and pretend the will of the people isn't being served?
Demand personal privacy protection legislation from your Congressional representatives. The only things preventing them from siphoning everything are some guideline-quality laws and PR kerfuffles.
Glenn Greenwald also commented on the article in a reply to a comment requesting "the other side" view :
GlennGreenwald:
@strangemartin > Can't help feeling I'm only getting one side of the story here.
There's probably another court order that I've decided to hide from you that reads: "About that last order: just kidding. The government is only entitled to get the phone records of people about whom it has presented evidence of wrongdoing".
Good news everyone, an entire generation or more of people don't make phone calls regularly. We use text based form of communication that are ideally encrypted. Also this data is just metadata, I see no reason they are tracking little jimmy and his four phone calls a week to mom.
In a flash it's occurred to me that the sharper would-be perpetrators of antisocial acts might now decide not to use the telephone to communicate their dastardly plans. However all is not lost because the information collected will no doubt be put to good use.
To what extent do we know whether the same thing is happening in other countries? Do modern democracies tend to have laws that protect the public from this sort of indiscriminate surveillance?
> To what extent do we know whether the same thing is happening in other countries?
In many countries there is a single national telco which is by law or in practice a branch of the government.
> Do modern democracies tend to have laws that protect the public from this sort of indiscriminate surveillance?
Yes, to me this is a defining characteristic of a modern democracy. But they all have a process by which governmental authorities can bypass those protections in specific circumstances such as criminal investigations. This takes the form a court order or a subpoena.
This document appears to be a blanket grant, by a court, of a near-real-time data pipe with no specificity whatsoever.
I'm saying that "largely construed" is weasel words that waste my time and is likely to create more heat than light. If there's something relevant to be learned from a similar scandalous AMDOCS/Mossad connection then by all means, link us to some reliable information.
There has been no shortage of folks on net forums such as this one repeating "The US telcos are largely construed to be supplying data on domestic telephone calls to the NSA". But that just hasn't proven useful without specifics of the sort we saw revealed today.
Essentially complete metadata is required for outsourced billing. AMDOCS openly acknowledges that they provide outsourced billing to a slew of major telcos across the world. Many of us have experience that this even occurs outside of the physical premises of the telco ("hosted billing"). That much I know to be true, but you are welcome to draw your own conclusions or remain skeptical.
The NSA interception thing is an additional concern, but given the European Parliament report in to Echelon from 2001, William Binney's recent reports from within the upper management of the NSA, the magnitude of their (black) budget, recent confirmatory comments by other LE parties, and the sheer magnitude of independently verifiable NSA construction projects in progress, it must be difficult to maintain much skepticism there.
I love how the @Verizon and @VerizonWireless Twitter accounts are happily tweeting along promotions like nothing has happened. Also, the early termination fees are going to be laughed right into a class action suit after this little mishap.
Everyone should see this relevant NYT short about William Binney, a 30 year veteran crypto-mathematician for the NSA who designed the program that is now being used by the NSA to spy on us all:
His story was corroborated by Mark Klein, a former ATT employee who amassed evidence that the NSA was, with ATT's complicity, running a data-gathering node in room 641A of ATT's San Francisco building:
I remember my father saying he updated some win16 code to win32 bit code which did this while working for AT&T. (Copy meta data for every call) At the time he said nobody would say what the code was supposed to do just that that they needed it to be updated. As such I suspect this type of "Passive spying" has probably been going on for a long time.
As a side note there are plenty of legitimate reasons to have this metadata for some phone numbers over the past X days. I suspect the original choice was simptly to give them everything vs trying to support these types of lookups after the fact.
PS: AT&T was for a while providing a lot of government services for free simply because they could not get billing correct and it was nobody's job to fix it. Which is why I think this could have easily stared as a hack to solve a technical problem vs. the sort of big brother spying that pops up.
I'm a little skeptical. Not because of the spying--that I fully believe. But I have a hard time believing that AT&T, the inventors of UNIX, would write large-scale software on pre-NT Windows. Maybe something got crossed in the retelling.
AT&T didn't invent Unix. A bunch of smart guys in a department owned AT&T invented the earliest versions of Unix. Unix of those days by any measure won't be much useful to do anything.
Unix is a ecosystem developed over decades.
Coming to using Windows NT, its likely some 'real manager' is running the show there. Whose only criteria for using a technology is having the ability to hire the cheapest resource on the market. If you were to go ask the person, he won't be able to list 5 differences between Windows and Unix.
According to the EU parliament ECHELON was going on for a while. Monitoring of citizen phone calls was happening since at least the '90s. And that was the content of the calls, not just the addressing data.
> This is not some conspiracy theory. It's happening, and no one seems to care.
It's true that no-one seems to care. And what's more, if you do care others will look at you funny, like you're paranoid. "Why do you care so much about anonymity? You don't have anything to hide!"
Literally the only argument that I've ever had luck with is to ask them whether they are okay with the police searching their house whenever they want. After all, you don't have anything to hide, right? This takes them aback. I ask them, so why do you think we need search warrants? And most people agree that we need them, but clearly they've not thought a lot about why we need them, or what life would be like without them.
The odd thing about the situation is that we have a population which has it's head on pretty straight when it comes to search and seizure in the physical domain, and totally uncaring about whether these rules are applied to the digital domain. It's as if information on paper is some sacred thing, but information on disk platters is free for the taking. Very, very strange.
My hope is that, like with pot legalization and gay marriage in many states, public awareness will crystalize and coalesce on the rational position. This is actually a very simple situation where there is unequal application of the 4th amendment depending on media of all things, and this is totally, completely insane.
The difference between search and seizure of things in your house and your digital information is that the things in your house are on your property. Your digital information is on someone else's property.
I don't think you can accuse the public of not taking the "rational position" here. Indeed, I think technologists often take a romanticized position here, ignoring the mechanical nature of the systems in question. People rationally perceive that there is nothing private about who you call or what websites you visit (I mean, how well can Facebook track where you go?) This is quite different from say a conversation one might have in one's home, on one's own property, with the only parties to the conversation being those within one's circle of trust.
The implication of your position is that we either have an electronically connected society, or we have an expectation of privacy, but not both. The nature of technology in general, and the internet in particular, involves the co-mingling of property on the site of some 3rd party for the benefit of all.
Let us just talk about the content that I write, such as anything that I've written and left in Gmail drafts. The fact that Google hosts that data does not give them ownership of that data, nor does it confer the right to access that data for any reason. The data in my drafts folder is exactly the same as data in a paper journal that I have in my house, and is protected by exactly the same law, the 4th amendment. The details of it's representation, even it's physical location, are unimportant.
Extending the 4th Amendment in this way is the only rational thing to do. The only reason why this is not the default is that the public is generally ignorant of both a) how these systems work and b) how they are systematically exploited by government. The reason the government wants access is because it is a convenient and cheap way to achieve some aspects of security. In the post-Bush era, exercising restraint on one's own power is no longer the "done" thing - just ask Cameron Ortiz.
>The implication of your position is that we either have an electronically connected society, or we have an expectation of privacy, but not both. The nature of technology in general, and the internet in particular, involves the co-mingling of property on the site of some 3rd party for the benefit of all.
Agreed. It's a strange position to take that because it's technically possible for the government to access the information (owed to the location of the data), then they should be allowed to do so. This could be used to rationalize virtually unlimited access to otherwise private communications in today's hyper-connected world.
But, capabilities that we have had in the past (e.g. wiretapping) have always been checked in order to preserve privacy (or, put more Constitutionally, protect us from unreasonable search and seizure). Phone calls have always involved third-party transmission by the telcos. Why is that different from data sitting on a third-party server?
In general, however, it becomes silly to argue what should be permissible based on the ancillary nuances of technical architecture. It's a bit of a red-herring. The real question is "what is the intent of the protections afforded by the Constitution and are we upholding that intent". To argue that "the government should have a particular right because there's a client-server architecture involved vs. P2P" is spurious in this context.
It's patently ridiculous to call these "ancillary nuances of technical architecture." These are stark distinctions: is the information under your personal control or did you voluntarily give access to and possession of that information to someone else? In this particular case with the NSA, it's even starker: who generated the information? The NSA is collecting information generated by AT&T about activity on AT&T's private network. It strains the imagination to try to define that as an individual's personal information.
> The real question is "what is the intent of the protections afforded by the Constitution and are we upholding that intent"
The intent of the protections was to guard against the invasive physical searches of homes and persons that had occurred under the British. A broader conception of "privacy" is absent from the document. A conception of privacy that is broad enough to encompass information generated by a third party and stored by that third party is purely wishful thinking.
>is the information under your personal control or did you voluntarily give access to and possession of that information to someone else?
You are saying that by making a phone call, you are voluntarily giving information to someone else (the carrier), and so the government should able to access that data at will. And, I'm being ridiculous?
>who generated the information? The NSA is collecting information generated by AT&T about activity on AT&T's private network
The caller generated the data. AT&T simply collected and indexed it. There would be no data or metadata without the caller. You acknowledged this yourself in the first paragraph when you asked, "is the information under your control or did you voluntarily give possession of that information to someone else?" How could I give AT&T information that it supposedly generated? Once again, you're all over the place.
And, your ridiculous argument that because AT&T offers the pipes, they should be able to do what they please with the data that is generated is tripe. You could just as well extend that to make warrantless wiretapping on all calls legal. It is all merely data on AT&T's private network, right?
>The intent of the protections was to guard against the invasive physical searches of homes and persons that had occurred under the British
Funny how you're so willing to update government powers based upon evolving technology, however, when it comes to the rights conferred by the Constitution to the people, you want to limit those to the technology of that day. In this case, you are literally limiting those protections to redcoats (or similar) showing up at your door and rifling through your papers. I can't believe you expect to be taken seriously.
> The fact that Google hosts that data does not give them ownership of that data, nor does it confer the right to access that data for any reason. The data in my drafts folder is exactly the same as data in a paper journal that I have in my house, and is protected by exactly the same law, the 4th amendment.
This is what I refer to as the "romanticized view" of technology. Your gmail draft is not like the paper journal you have in your house. It's Google's data on its hardware that its engineers have access to (in clear text!). You want to construct this metaphor, where the "physical location doesn't matter", but that's not the underlying nature of the system.
You say that "representation" shouldn't matter, but you're making the opposite argument. You want different rules for digital representations versus physical ones. The rule right now is that once the information, represented as molecules of ink on fibers of paper, is in someone else's possession, it's not your information anymore. Well at the physical level, your gmail drafts are little flipped magnetic domains on a hard drive platter in a Google data center. If you tried to enter that data center, you'd be thrown out for trespassing. But you think that in this case, the law should construct a metaphor: those bits are "private" even though you don't have possession of them or ownership of the medium on which they reside.
Thought experiment: if I chisel my diary into a rock slab and mail it to Google, do you agree that it's their data now? What if I write it to a magnetic hard drive and mail it to them? No difference, right? So why should it suddenly be different if I send the bits over the internet for Google to write to its own hard drive instead of mailing them a hard drive myself?
My expectation of privacy covers anything that I protect with a password. Or, to put it another way, anything that is not public is private.
It's really that simple, and that is not a romanticized view of technology. Indeed, I'd argue that this is the (reasonable) assumption that most naive internet users make about their data.
The idea that location and possession does not matter is romanticized. The idea that your gmail drafts are private even though they are easily visible in plain text to Google is perhaps not romantic, but at the very least technologically confused. By that reasoning, your Facebook profile is "private." More to the point, the 4th amendment is not a blanket protection on "anything that you think is private." It's a protection against police invading the sanctity of your home and physical person. "Privacy" as some people think of it today, the idea that information might be considered private despite its being shared with numerous people, was not a developed concept at the time the 4th amendment was written.
I personally think the easier battle is to protect access to strong encryption tools, but I wonder, do you think it would be incoherent for a 28th amendment to try to spell out some legal protection for personal thoughts that were stored remotely?
Saying it a different way, if javajosh were to concede that your definition of privacy is more useful and concede that you are making a clearer case for how such things developed historically, how does he gain some legal breathing room for his remotely stored documents?
It wouldn't be incoherent at all for a 28th amendment to address various strands of privacy concerns that have arisen over the years. But there needs to be some thought into the design of such an amendment, because it wouldn't be an easy set of analogies from existing protections.
We are having a normative discussion, not an informative one. We can differ on what should be the case; this is not a discussion about what is the case. Clearly the courts side with you on this matter - the physical location of the data is given preeminence in legal debate over privacy.
And my normative claim is that this position is totally, completely, batshit insane.
We're having an informative one, because you said:
> The data in my drafts folder is exactly the same as data in a paper journal that I have in my house, and is protected by exactly the same law, the 4th amendment.
The use of "is protected" versus "should be protected" seems to me to be inviting an informative discussion, not a normative one.
As an aside, I'm always surprised by how often people on HN talk about "should" versus "is." That's very weird for the engineer in me. You can never make progress in a normative discussion, at best you can boil the disagreement down to a disagreement in principle and leave it at that. E.g. I don't trust the government less than I do Google, Facebook, etc. If I'm willing to write something in my gmail, where a Googler can see it, I'm okay with the government seeing it. You almost certainly have a different perception of privacy and trust. A normative discussion on the subject is thus futile--who is "right" about what who and how much to trust private companies versus the government?
> I'm always surprised by how often people on HN talk about "should" versus "is."
Perhaps we make this distinction because it's an important one. It always surprises me when an engineer confuses the two. "But the courts say that the gov't can access your data if it's not on your property," is NOT a counter argument to the statement "The 4th amendment should extend to data." The conversation cannot move forward unless both sides understand the difference between "should" and "is".
> "This is not some conspiracy theory. It's happening, and no one seems to care."
Do you ever feel like a frog recognizing the water is boiling and you don't know what to do?
Or like you're looking at what Jefferson, Adams, Washington, and the other founders fought and wrote the Declaration and Constitution over, but everybody is acting like it's easier just to pay the stamp tax?
Unlike the Founders, we have tools at our disposal to change things. We elect our own representatives. We are free to organize an opposition. We have a free press -- and in the age of easy and cheap online publishing, that's a power that anyone can exercise, not just media barons.
We have lots of levers short of revolution that we can push on to move policy in directions more respectful of the rule of law.
The only question is whether anyone cares enough to use them.
Would it work if people tried? I bet it would. Will people try? No, because they don't care about this issue.
The refrain of democracy being broken in America is getting old. It's not broken--you just don't like that the majority has a long list of issues it cares more about than privacy. We are getting the things people care about: legalized gay marriage, continued access to abortion, welfare spending, social services for the elderly. We're fighting the good fight on issues that aren't quite there yet: universal healthcare, etc. Democracy is alive and kicking in America.
You're describing wedge issues that politicians use to get people to fight red vs blue. Anyone that has ever brought up the subject of privacy and domestic spying has been lambasted as a conspiracy nut.
They are wedge issues because people care. You don't see teenagers standing on the sidewalks getting people to sign petitions to address domestic spying after all.
No, they are wedge issues because politicians are able to divide voters through manipulation, dogma and money from lobbying power. Once a politician tells voters (or teenagers) that domestic spying is an 'issue' then they'll care. That's how the game works.
Twenty years ago gay marriage was a radioactive issue. I know because I was an intern in a Democratic Senator's office back then, and when the Defense of Marriage Act came up I got to watch my boss and a bunch of other normally progressive people rush to vote for it to avoid any possibility of being painted as pro-gay. It was a deeply depressing spectacle.
Now gay marriage is not only thinkable, it's on the verge of becoming the new normal.
Why? How did that happen?
It happened because gay people organized. They spent two decades doing the hard work required to change peoples' minds. And now that work is paying off.
A democracy is not an immovable object. Moving it is hard, but it can be done. You just have to be willing to put your back into it.
I feel there is a huge difference between political organization around issues of civil rights, and organizing against the military-intelligence-industrial complex.
I've studied the history of civil rights considerably. This issue strikes me as a far different beast.
The American Revolution would not have been successfully fought without tons of gunpowder, a couple dozen ships of the line, tens of thousands of muskets, hundreds (thousands?) of cannon, and over $1 billion livres from the French. It was a proxy war.
The other problem with this revolution idea is that no one wants to be the first to die for their beliefs.
For those reasons, I suggest reading online the Anatomy of Slavespeak. While longwinded, it questions the use of words we all know and use without second thought. The constitution is one of those words.
That's exactly what I feel like, but I've been feeling like that for a long time. I used to go out of my way to tell people about these things, but after a while, I figured out that most people just don't care enough to really do anything about it. Sure, they'll pay lip service to the notion that the NSA shouldn't be doing things like this, but there seems to be some sort of implicit trust factor within people that compels them to just shut up and accept that what their leaders are doing is for their own good, which puts a damper on any action they might think about taking. I do think that if the media really got on board with lambasting the government and pointing out the obvious reasons that things like this shouldn't happen, the public at large would eventually start caring, and our society would be better for it - but I don't expect that to happen any time soon, if ever. So instead of hoping that people will eventually catch on to what's going on, I've simply started making plans to get myself out of the pot before the water gets too hot and I'm too cooked to leave.
"This is not some conspiracy theory. It's happening, and no one seems to care."
Maybe people are afraid. If you accuse the NSA of committing crimes that are only slightly unethical (wiretapping US citizens), then you're instantly on "the list" of arguably the most powerful organization in the world.
Not only would the story just end up being, "oh well, greater good", but the NSA would just slightly back off of the monitoring, then make sure that future leaks such as this do not happen again.
They are not an evil nor dark organization, just one with a very important mission, and when you have the real big picture on the table sometimes the unethical option is required to maintain dominance and security.
Imagine having the responsibility of protecting a country that is the #1 target in the world, that has 300+ million people within its borders that have the potential to cause major harm to the country, its citizens, and its allies. The NSA doesn't have a choice but to do everything in its power to maintain information dominance over the world.
The NSAs mission statement requires it to protect the US and provide foreign sigint. They're technically not allowed to spy on US citizens but what if it was absolutely required to protect the country? How many people are really qualified to make that decision?
My ethical concerns about what the NSA's doing aside, this is still a democracy, and there are established channels which the NSA is, by law, required to go through in order to do things like this. They're called FISC courts, and FISA warrants are what they're supposed to acquire before spying on American citizens. We have that requirement for very good reasons, and it should neither be treated lightly nor circumvented at will by the Administration or any of its agencies.
We're a democracy dammit, or have you forgotten what that actually means?
Thats the same building that Twitter HQ was in for years... and with the library of congress archiving all tweets - you think all this BS is unrelated?
IT IS HEREBY ORDERED that, the Custodian of Records shall produce to the National Security Agency (NSA) upon service of this Order, and continue production on an ongoing daily basis thereafter for the duration of this Order, unless otherwise ordered by the Court, an electronic copy of the following tangible things: all call detail records or "telephony metadata" created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.
-http://www.guardian.co.uk/world/interactive/2013/jun/06/veri...
It was approved (reapproved?) on April 25, and valid until mid July, and scheduled for declassification in (oops!) 2038. Interesting to note that this order was directed at Verizon, but presumably other carriers have received similar ones?