

What It's Like to Get a National-Security Letter - vinhnx
http://www.newyorker.com/online/blogs/elements/2013/06/what-its-like-to-get-a-national-security-letter.html

======
coldcode
Tell them to send me one. I'll print it in my blog. If everyone did that
there'd be no more NSLs.

~~~
DougN7
I've had similar thoughts. But then you think about how would your family get
by, and then you (I) chicken out. But if _everyone_ really did...?

~~~
rsync
[http://www.rsync.net/resources/notices/canary.txt](http://www.rsync.net/resources/notices/canary.txt)

We all have families here.

~~~
amirmc
That's very interesting but in the OP he couldn't tell _anyone_ , which makes
me wonder how many people would need access to stop the canary message being
sent.

I can imagine NSL-like letters being sent directly to individuals to
coerce/threaten them into handing over data, without the management/legal team
ever knowing.

Of course, having such a canary message is likely better than not having it.

------
fiatmoney
"Six months before, we got a notice from the San Francisco F.B.I., saying they
were going to give us a national-security letter [...] And we couldn’t figure
out why they would say they were going to give us this letter! Kind of an odd
thing to do [...] And they didn’t give us one, not at that time. It was later
that they did."

This is a fascinating glimpse into the logistical aspects. Either the FBI was
trolling to see if they'd roll over easily, or they were baiting them into
some kind of reaction. I wonder what would have happened had they gone super
public with their "we plan on NSLing you" notification?

------
lukejduncan
FTA:

Do you encrypt all your own e-mail, as a result of this stuff?

No, that’s really hard.

~~~
mtgx
TWiT had a decent show on how to encrypt your e-mail with Mailvelope
(Chrome/FF extension) and also with Thunderbird/Enigmail:

[http://twit.tv/show/know-how/50](http://twit.tv/show/know-how/50)

~~~
ownagefool
The hard part isn't the encryption, it's making sure everyone has everyone
elses public key and nobdy loses their private key, otherwise the average
person will see it as too much bother and just won't do it.

~~~
mtgx
It would help if we had popular services create databases with people's public
keys. Like let's say Gmail would allow you to search for your friend's public
key, or you could find it in their profile, and you'd be able to easily import
it in whatever PGP app you're using.

Of course that implies these services to actually care about security for
their users this much. There are a _ton_ of things major companies could to do
make end-to-end encryption mainstream and popular. The problem is they have no
interest in doing it, and not enough people are asking them to do it.

But I'd like to think that in a Post-PRISM world where nothing changes at the
government level, there would be more services popping up and offering these
"features". It's what competition is supposed to do.

~~~
ownagefool
The searching is part of the problem, it's just too much effort.

Build checking whether a public key is available via the STMP servers, do it
transparently with designated trusted pub key repos much like browsers have
trusted CAs or something along the lines of dns.

Problem still stands, lose your pub key, all mail signed with it is lost to
you and people will complain. You could offer a service that allows folks to
store and retrive the pub key, but that kinda misses the point because anyone
who stores that info can hand it over to the NSA et all.

Other problem with this is the .GOV could MITM this service, give you a fake
pub key, read the mail, then resign with read pub key and send it on. You need
your mail client to actually register the pub key on first send and hope you
weren't always being intercepted from the start, and give you a warning when
the key changes.

------
ajb
I wonder how many black hats are using fake NSLs.

~~~
gnosis
In case you haven't noticed, many US govt employees _are_ the blackhats.

Torture, disappearances, indefinite secret imprisonment without trial or
access to lawyers or medical care, inflitration and mass arrests of people
participating in nonviolent protest, agent provacateurs, lying to the
congress, spying on virtually everyone, giving retroactive immunity to and
pardoning criminal lackeys, and mass murder on a scale the Taliban couldn't
achieve in their wildest dreams.

These are not the actions of "whitehats" or "good guys", no matter what the
lapdog media and corrupt, self-serving politicians may tell you.

------
Qantourisc
Another piece of advise would be to never collect data you don't want to give
out later.

~~~
lostlogin
Marco has talked about this (on a podcast I think, 5by5 build and analyze)
although his reasoning was to do with feeling dirty collecting personal data
and (I think) removing the possibility of it coming out via a bug or hack or
such like. Different reasons but the end effect is the same.

------
acqq
The article is low on content. More useful info is here:

[http://www.wired.com/threatlevel/2008/05/internet-
archiv/](http://www.wired.com/threatlevel/2008/05/internet-archiv/)

------
kin3tic
God damn I so tired of this all.

 _“I did go home that night and over dinner with my family, I said, “Ask me
what it was I did today, and remember my answer.” So my son, who was, I don’t
know, nine, or something like that, asked me, “Daddy, what did you do today?”
And I said, “I can’t tell you.” That was the only thing I said, and then
months and months and months went by._

Just so utterly defeatingly unacceptable. This is not my America.

