
Shadowy tech brokers that deliver your data to the NSA - morisy
http://www.zdnet.com/article/meet-the-shadowy-tech-brokers-that-deliver-your-data-to-the-nsa/
======
mtgx
I wish we pushed for a law that said you can only serve a warrant for a data
request to the person whose data you want. I think from a human rights
principle it makes the most sense. The only reason the government can take it
from _third parties that store our data for us_ is because it's "easier" for
them to do that, and because there hasn't been enough pushback against it.

Imagine if the government said "hey, that money in your bank account, we can
just automatically take our taxes from it, because we're not really taking it
from _you_ , we're just taking it from the _bank_." Probably not the most
accurate analogy, but I think you see where I'm going with this.

Since the ruling that invalidated Safe Harbor, Microsoft has been pushing for
laws and agreements between nations that say law enforcement shouldn't be
coming to Microsoft (as a cloud service provider) with a warrant for data
requests, but to their _corporate customers_. So for instance, if FastMail
uses the Azure cloud service, they're saying that if the government wants
access to a user's data, they shouldn't be going to Microsoft but to FastMail
with the warrant.

It's a small improvement, but Microsoft and all of the other companies should
be pushing so this works for _all_ of their customers, not just the corporate
ones. It's exactly the same principle, but Microsoft just takes the easier way
out here, because that still gets them off the hook, and it's really what they
care most about. The corporations (even if they are "people") shouldn't be
having _more rights_ than _actual people_.

~~~
Terr_
Unfortunately there is a flip-side to that: How do you investigate or
prosecute a _company_ (for, say, fraudulent billing) when they insist that you
need a million individual warrants to prove your case?

~~~
secondtimeuse
Thanks, most privacy activists conveniently forget this argument. In most
cases, the absolute approach taken by most privacy activists ends up hurting
Students/Patients/Customers etc. since Universities/Hospitals &
Insurers/Companies cite privacy laws to escape from the burden of
accountability. At the same time the entities are free to mine their own data
under guise of "Performance enhancement".

Essentially stringent privacy laws often have adverse effect where activities
that might be of public benefit Research on Rare diseases/Teacher
Accountability/Class action lawsuits are curtailed.

------
joesmo
It's an amazing racket, the art of making criminals out of ordinary citizens,
a racket the US government has got down pat. I have to really hand it to them.
When the country and the world no longer requires their existence, they keep
coming up with faux reasons for continuing to exist, faux reasons for
arresting, torturing, and murdering innocent people, faux reasons to continue
to get funding and hurt more innocent people.

You'd almost think that this country no longer has problems (at least none it
_wants_ to solve so poverty, justice, racism, education, healthcare, etc. are
out), that government's new role is to create problems simply so it can solve
them all while making money in the process and justifying its unconstitutional
existence. Then you'd be right.

~~~
laotzu
>"The mere existence of the "police state" anywhere is the sure sign of old
arrangements being propped up by newer forms that have already rendered the
older forms irrelevant."

-Take Today: The Executive as Dropout, Marshall McLuhan

------
welder
Are there any examples of companies refusing to provide the requested data to
the NSA other than lavabit?

~~~
tptacek
Lavabit didn't refuse requests --- he had apparently been responsive to others
--- until the Snowden incident, where his refusal cost all its users their
privacy in a futile effort to preserve one user's privacy.

~~~
forgetsusername
If they can come in at any time and say "we only want this _one_ guy" then the
rest of the users privacy is already in trouble.

~~~
Kalium
In a sense, yes. One of Lavabit's failings is that they didn't design for
scope-limited disclosure. When the FBI demanded their certs, it exposed all
their users.

~~~
tptacek
Don't overthink it. The failure of Lavabit was designing a system that enabled
disclosure _at all_. It wasn't end-to-end encrypted; its users had to trust
its operators, which, because operators can always be coerced, is never safe.

------
awongh
They reference this article, which was also interesting:
[http://www.buzzfeed.com/reyhan/the-most-important-tech-
compa...](http://www.buzzfeed.com/reyhan/the-most-important-tech-company-
youve-never-heard)

------
peter303
I've always presumed that ALL of my online activities are visible to the
government or other nosy parties. I do stupid things sometimes, but not really
stupid.

~~~
JustSomeNobody
This sounds like a form of "I don't have anything to hide so I don't care if
they spy on me."

~~~
hitekker
It is.

I've always countered with "So, you'd be okay if a government agent was
watching you have sex with your wife? Every time it happened? For the next 10
years?"

You're doing nothing wrong, nothing bad will come of it, but that question
always brings that awkward pause: that realization that "wait a second,
privacy IS important even if I'm not doing anything wrong."

As a side note, people hide things from other people all the time. That's what
people do. None of us would like it if all of our insecurities, resentments,
any negative thought were exposed to others. In my opinion, those who say they
have nothing to hide, are either profoundly ignorant of their selves, or
simply lying to themselves and others, i.e. my job depends on me believing and
extolling this untruth.

~~~
csandreasen
To which I would ask "Under what circumstances would the government pay a
federal agent to watch me have sex for the next 10 years?" This and the
similar comparisons that I often see raised in response to the "I have nothing
to hide" argument are ridiculous hypotheticals that are raised without taking
into account who is violating the subject's privacy and why. When someone says
"I have nothing to hide" it's generally short for "I have committed no crimes
and I trust law enforcement officials to a) only invade someone's privacy when
they have reasonable grounds (implying that they got a warrant); and b) use
any data collected only in pursuit of actual criminal investigations (e.g.
they're not going to steal my credit cards and broadcast naked pictures all
over the internet).

If you're going to change people's minds with that argument, you need to be
able to demonstrate that people's data is being routinely searched without
just cause and/or police are routinely abusing the fruits of those searches.

~~~
hitekker
> "Under what circumstances would the government pay a federal agent to watch
> me have sex for the next 10 years?"

When the federal agent is abusing her or his authority, of course. This point
can then serve to to bring up deeper research which illustrate that this
"ridiculous" hypothetical is a stone's throw away from what has already
happened, and what may be happening now. Such as:

[http://www.reuters.com/article/us-usa-surveillance-
watchdog-...](http://www.reuters.com/article/us-usa-surveillance-watchdog-
idUSBRE98Q14G20130927)

Or,

[http://www.slate.com/blogs/future_tense/2013/08/23/bloomberg...](http://www.slate.com/blogs/future_tense/2013/08/23/bloomberg_report_nsa_employees_have_deliberately_abused_their_power.html)

The first step of persuasion is describing how the problem for the many is a
problem for the individual, i.e. the other party. People are less inclined to
read more into things ( or listen to a longer explanation) if they don't see
an immediate personal stake. "God, this guy keeps on talking. The NSA is
listening in to ten million people's phone calls? Their email too? Well,
that's their problem! I haven't done anything wrong!"

> "I have nothing to hide" it's generally short for...

The statement I intended to castigate was "I don't have anything to hide, so I
don't care if they spy on me". I did not clearly elucidate that in my original
response and instead shortened the statement to "I have nothing to hide",
which was a mistake.

"I have nothing to hide" by itself is indeed shorthand that can be said in
some contexts without reflecting badly on its speaker. But in discussions
about government abuses/ovverreach in which there is ample evidence that law
enforcement officials have been untrustworthy, the "so I don't care if they
spy on me" indicates some self-delusion.

~~~
csandreasen
There's a huge difference between those links and showing systemic abuse. When
I actually go and read the stories behind your links, what you state is that
13 people in 10 years abusing their position at the NSA to spy on their
significant others (and subsequently being fired, resigning or being relieved
of their positions[1]) is a stone's throw away from having a federal agent
being assigned to watch me personally have intercourse. This says to me that
the average American should be about as worried about being spied on by the
NSA as they are worried about being struck by lightning on a clear day. The
odds might go up slightly if they had a jealous ex working at the NSA.

I have better odds of getting shot by a government agent than being spied on,
and I generally manage to get through my day without worrying that I'll die at
the hands of the US government. I think that's probably the biggest reason
that so few people outside of HN/Reddit/etc. care about Snowden leaks. I can
find plenty of people that are upset about police brutality, and there's lots
of discussion about implementing body cameras, discrimination in law
enforcement, etc. because I can find new, documented evidence of someone
getting shot by a cop every other week. It's still not at the level where I
worry that I'm going to get shot by a cop. Snowden showed potential for abuse,
not actual abuse. That's why "I have nothing to hide" persists.

[1] The source document for the LOVEINT stories (not linked from either of
those articles) is
[https://www.nsa.gov/public_info/press_room/2013/grassley_let...](https://www.nsa.gov/public_info/press_room/2013/grassley_letter.pdf)

------
purpled_haze
Two things:

(1) The NSA is there to protect us, in theory.

(2) There will never, ever be guaranteed privacy or security as long as you
continue to use other people's equipment and network. Using the internet
expecting privacy is like continually saying, "I'm going to have sex with
everyone and going to complain about the people that have STD's."

You could try:
[https://en.wikipedia.org/wiki/Wireless_mesh_network](https://en.wikipedia.org/wiki/Wireless_mesh_network)

Or:
[https://en.wikipedia.org/wiki/Sneakernet](https://en.wikipedia.org/wiki/Sneakernet)

Those are a _little_ safer.

~~~
EasyTiger_
> (1) The NSA is there to protect us, in theory.

Do people actually believe this?

~~~
manigandham
What else do you think they are around for?

They have bureaucracy and misguided projects and overreaching power but they
do protect our national security. They aren't some evil corporation headed by
a supervillain, they're full of people just like you and me.

~~~
ionised
They exist to maintain a status quo.

~~~
manigandham
What exactly is that status quo? Things are constantly changing and the NSA
has itself greatly evolved from where it originally started.

