
'Everyone in US under virtual surveillance' - NSA whistleblower - nhebb
http://rt.com/usa/news/surveillance-spying-e-mail-citizens-178/
======
melito
It's easy to opine about things like educating the public or engineering
'crypto' for the common man.

In my opinion that would be an exercise in futility.

I think a proper response to this issue is to simply promote social depravity
on a grand scale.

Everybody should just constantly read/watch/listen to media involving things
like methamphetamine manufacturing, nuclear & home made weapons/chemicals,
illegal currencies, human trafficking, hardcore pornography, armed rebellions,
the middle east, famous terrorists, serial killers, bon jovi, etc

All of those are a lot more interesting to the common man than lessons on how
to use PGP....which is theoretically breakable thanks to the advent of quantum
computing.

If everything is being sniffed and stored, there have to be a number of very
specific topics that are being sought after in that data.....in my opinion
it'd be far worse if the government wasn't searching for things like human
trafficking and nuclear weapons (things, hopefully, we can all agree are not
good).

Television series like "Breaking Bad" are already pulling weekly audience
number of around 3 million plus. One could argue that you wouldn't even have
to do much promotion, as these topics already seem to be mainstays in much
present day pop culture

~~~
Karunamon
Business idea: A "chaff box" that can be sold to the public.

Given a list of dodgy search keywords, youtube links, etc etc etc, regularly
updated from a central location (think like a websense blocklist but in
reverse), uses a configurable amount of bandwidth. Hits these sites with a
human-like usage pattern when HTTP traffic from your LAN IP is detected (so it
only works when you're actually browsing the web).

Plug it in and gain plausible deniability from most forms of government
shenaniganery. Given critical mass, makes most forms of government behavioral
analysis (and possibly advertiser behavioral analysis) useless.

Build it on the raspberry pi or similar platform. Materials cost is $35 plus
shipping materials. Main time investment is limited to maintaining the
blocklist and the central servers.

Hmm. Wonder how this could sell to the soccer mom crowd...

Would also raise some interesting and thorny questions for the server side. If
enough people are using the box for the effect to be meaningful, then a lot of
sites are going to have a lot of useless web traffic; yet allowing sites to
"opt out" or having an identifier of some kind of the box's traffic completely
defeats the purpose of the system.

~~~
BjoernKW
There's a story by Cory Doctorow, in which terrorists blow up Bay Bridge and
the US establish a surveillance state in the wake of those events. In
response, the protagonist creates a distributed system using Xboxes that
pretty much works like the way you're suggesting.

~~~
_ikke_
The story is called Little Brother for those who are interested.

------
charonn0
According to Mr. Binney's sworn declaration[1] in support of an EFF suit[2]
against the NSA (stemming from the warrantless wiretapping/AT&T scandal,) he
doesn't actually _know_ that any of this is going on, but bases his
assumptions on decade-old knowledge that it was _possible_.

It certainly might be the case that all net traffic is being stored by the
NSA, but this man's say-so is hardly proof.

[1] <https://publicintelligence.net/binney-nsa-declaration/>

[2] <https://www.eff.org/cases/jewel>

~~~
s_henry_paulson
To me the warrantless wiretapping scandal IS the proof.

I mean if we know that there are Room 614As [1] all over the country, and that
they are diverting nearly ALL communications to their facilities, in addition
to them building new facilities to house data all the time [2].

All of this culminating with their shiny new data center [3], which cost 2
billion dollars to build, covers 900,000 sqft, and has a 40 million dollar
annual utility bill, it becomes less about proving that they're doing this,
but proving that they _aren't_ doing this.

[1] <http://en.wikipedia.org/wiki/Room_641A>

[2] <http://www2.sacurrent.com/news/story.asp?id=69607>

[3]
[http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/al...](http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/)

~~~
indiecore
Next time I can't find an IRC log I'll just call the NSA.

~~~
nitrogen
An interesting take on your comment: would people be more open to the NSA
snarfing everything if they also acted as a personal Google, giving you access
to all your own "lost" data?

~~~
lsc
I've been thinking about this lately, with regard to my own privacy policy.

I was thinking something to the effect "I will make all data I save that
references your account or IP available to you through the following portal" -
I of course, can't do it yet, as I haven't built the portal or figured out how
to separate the data, but I think it's a neat solution to some of the problems
I have (e.g. I really want to start doing console logging on VPSs 'cause it
gives me a wealth of data when someone says "something was wrong with my VPS
last night" - but so far I haven't (I do log physical consoles, just 'cause
it's impossible to deal with hardware otherwise) due to privacy concerns.)

~~~
indiecore
at /domain/portal just put a contact page and ask them to specify what they
are looking for. You'll have to do it manually until you build the automated
system but maybe the inconvenience would be motivation?

~~~
lsc
>but maybe the inconvenience would be motivation?

I need to limit the number of times I give myself extra work as 'motivation' -
you get to the point where you spend all your time shooting alligators, and
don't have any time at all to drain the swamp.

I mean, sometimes this is better than just not doing it? but not in this case,
if you ask me.

------
smsm42
Right from the start it sounds strange. They cite the case of Petreus as a
proof FBI has access to everybody's email. But it is certainly wrong - FBI
_can obtain access_ to everybody's email if it is hosted by US provider such
as Google, given enough cause to obtain warrants (such as suspicion that CIA
director's email account was compromised). This is not news - hardly anyone in
the US has doubts that given strong enough cause, FBI can solicit and receive
access to specific accounts at US providers. Calling this "everyone under
surveillance" is misleading. And how is it related to NSA? And why does not
Binney point out Petreus' case is not about surveillance?

~~~
rdtsc
The key to this all are these two things (and someone who knows more please
correct me):

1) Constitutionally they (NSA) seemed to have found a loophole that states
that just storing the data on the disk doesn't constitute spying|invasion of
privacy. Only when someone (a human) looks at the results then it triggers all
the Constitutional restrictions. Sounds like a bunch of bullshit to me, but
that's how they are justifying it.

2) A court subpoena or an executive "magic-Patriot-Act-Federal-Injunction
whatever it is called?" when issued can apply to _all_ the data, including
historic data from the beginning of time associated with that individual. So,
if they ever get a subpoena say when you are in your 50's they could legally
pull all the data you generated, created, accessed since the day you were
born.

Basically it is pretty obvious they are just planning on storing all the data
they can. Therefore the big new data center with a 65MW power station next to
it.

My hope is only that someone who is involved in this, just like this whistle-
blower, will realize that this is wrong and will expose it and the public in
general will start caring enough about this to turn this into a major
political issues.

~~~
moxie
This is a story that hasn't shown itself to have legs, I think largely in part
because both political parties are fully complicit, so neither are interested
in driving the narrative.

So the problem is, what does it mean for the public in general to care? Or
rather, what is the value of truth in a world where we have no agency?

~~~
shmerl
_> So the problem is, what does it mean for the public in general to care?_

That's actually simple - public should use strong encryption. That's it. I.e.
those who care about such violation of civil freedoms have no other option
anyway, if attempts to prevent this surveillance will continue to fail (and
with the current power - they most probably will).

~~~
rdtsc
They should. I agree, however effectively using encryption not as simple as it
sounds (both hardware, software and user interfaces need to work together and
well) for this to work. On the other side I predict using encryption is
becoming strange/weird/suspicious. There is an already well designed
propaganda framework to portray those who care about these issues as
associated with all kinds of scary crimes.

I predict in the future after a couple of high profile scape goat cases where
a famous suspected terrorist, illegal movie downloader, or say whistle blower,
cannot be prosecuted because they used encryption, the use of encryption will
become illegal.

~~~
chokma
> the use of encryption will become illegal

The problem with outlawing encryption is: everyone needs it for business
purposes and to protect public / private infrastructure. If SSL encryption
were to be forbidden, e-commerce would become very difficult...

Also interesting: <http://en.wikipedia.org/wiki/Chaffing_and_winnowing>
("Chaffing and winnowing is a cryptographic technique to achieve
confidentiality without using encryption")

------
yk
Wired had some time ago an article about one NSA data center [1]. That article
had some additional numbers on the scale of the surveillance efforts.
Specifically it did note that the specific site will have a 65 MW power
station, which one can compare to some supercomputers. For comparision RIKENs
K Computer demands roughly 12 MW of power. [2] ( One can also try to estimate
similar numbers from the size of the facility and from the building costs. In
all cases one gets a similar factor of a few above modern supercomputers.)

[1] <https://news.ycombinator.com/item?id=3711603>

[2] <http://top500.org/list/2012/11/>

~~~
Uhhrrr
> a 65 MW power station

That seems like a giant blinking point of failure.

~~~
carbocation
Alternatively, the power grid itself is the SPOF, and the 65 MW power station
is essentially a redundancy.

~~~
JakeSc
"Single Point of Failure" is my guess, for those curious.

~~~
carbocation
Oh, yes, exactly right. I apologize for my telegraphic speech.

------
w1ntermute
How is this news? We've known this since Mark Klein[0] leaked the NSA
warrantless wiretapping program to the press in 2006, more than 6 years ago.
If you're doing anything illegal with a method of communication that doesn't
have end-to-end encryption, then you're really stupid. Fortunately for the
authorities, the vast majority of individuals who commit crimes are really
stupid.

0: <http://en.wikipedia.org/wiki/Mark_Klein>

~~~
mtgx
Sigh. I keep seeing comments like these whenever such article is posted. But
there are 2 problems with that mentality:

1) Just because _we_ the HN readers and Reddit readers, and other people who
take an active interest in either being up to date with this sort of stuff,
know about this, doesn't mean that population at large either a) knows about
it, b) believes it (this sort of stuff sounds too much like conspiracy
theories, even if it's real in this case).

2) Just because there were some news about it a few years ago, and there was
like a mini-outrage for like a week, and then nothing really happened, doesn't
mean we should stop talking about it now, and just let them continue doing it.
The point is to keep raising awareness, and incite people to fight for their
rights, and demand answers from NSA and the administration. More than that -
demand change.

~~~
w1ntermute
Re to 1): well, this is HN, so you're just preaching to the choir. Why not
instead spend the time/effort spreading awareness among the general public?
They're the ones that decide elections (and thus policies, or at least I
hope).

Re to 2): again, this isn't going to raise awareness. The vast majority of
people here already know about this.

~~~
cynoclast
When the general public's candidate pool has been narrowed down to two
candidates by the media, is the general public really deciding elections
anymore? It becomes multiple choice where both options are pro-plutocrat and
pro-authoritarian.

------
OzzyOsbourne
"I don’t think they are filtering it. They are just storing it"

How much would it actually cost to store all the emails that American citizens
send and receive? I find it difficult to visualise a system of checks and
balances approving the massive budget required to house all that data. And the
technical challenge of sifting through those emails would be seriously hard. I
understand that this might not be just about national security, but it could
also be a power game on the part of the FBI. One has to consider how much
[national security | power] this really affords [US citizens | the FBI] when
measured against the gargantuan expenditure required to actually pull it off.
This makes me totally skeptical. Additionally, by saying ' _basically_ the
e-mails of _virtually_ everybody in the country' Binney demonstrates his lack
of conviction and uncertainty of his own claims.

So, if his words aren't the giveaway, then two minutes of critical thinking
will make the interview seem alarmist and inaccurate.

~~~
nikcub
> a system of checks and balances approving the massive budget

NSA budgets aren't approved by the entire house, but by secret meetings of the
intelligence sub-committee.

This datacenter is definitely being built. It is so well known that Wired did
a cover story on it:

<http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/>

~~~
OzzyOsbourne
Interestingly, the article explicitly mentions the FBI, not the NSA. But, if
we were to unify them in our respective imaginations (for the purposes of
discussion), they still need to have the budget for their operations supplied
from somewhere. [http://www.fbi.gov/news/testimony/fbi-budget-request-for-
fis...](http://www.fbi.gov/news/testimony/fbi-budget-request-for-fiscal-
year-2013) \- it appears as if the FBI's budget is just as rigidly controlled
as any other governmental organisation. How they internally allocate the
funding they receive is a different matter. To me it seems that if there is
any form of oversight within the FBI, then the funding of a project of this
cost/return ratio would be infeasible and therefore the project could possibly
be shut down. There is the possibility that this is an exercise in propaganda
and scare tactics: "We can read your emails, so don't try anything. Check out
our power". However, because the internal mechanics of the FBI are necessarily
not public knowledge this is all speculation and unsubstantiated opinion. But,
the argument can be made that this very fact enables the FBI to get away with
scare tactics. I _still_ don't see an organisation with the real-world
constraints of money being able to store the sheer volume of data that they
claim to. For arguments sake, let's assume that the year-on-year rate of email
generation remains uniform for the next decade. In one year, they need to have
the ability to store X amount of emails. In a decade, they'll need 10X amount
of storage. How are they going to store all that data?

~~~
paganel
> they still need to have the budget for their operations supplied from
> somewhere. [http://www.fbi.gov/news/testimony/fbi-budget-request-for-
> fis...](http://www.fbi.gov/news/testimony/fbi-budget-request-for-fis..). -
> it appears as if the FBI's budget is just as rigidly controlled as any other
> governmental organisation

I'm not an American, but I guess rules can be mended and solutions found in a
country where 1.1 trillion USD can just "vanish"
(<http://www.freerepublic.com/focus/news/729997/posts>).

Also, I've commented on the NSA probably intercepting on the people in command
immediately after the Petraus affair hit the media
(<http://news.ycombinator.com/item?id=4767644>), but I had hopes that they
would stop at those people. Someone in the comments reprimanded me for viewing
things in a CSI-like manner (CSI the TV show), but it was not that, just the
natural reflexes of a former kid who has grown in Eastern Europe with
Securitate ruling and surveying everything in sight.
(<http://en.wikipedia.org/wiki/Securitate>)

------
jkimmel
I'm curious as to the technical specifications of the supposed Naris device. I
don't doubt that the US government can obtain the email logs of most citizens,
but would it truly occur in this manner? Binney seems to describe a single
unit connected directly into the backbone networks of major ISPs, logging all
data on certain ports I assume (ie, the common POP3, IMAP, SMTP ports)?
Depending on the level of distribution, this device would be tapping into
potentially enormous amounts of data. The processing and storage
infrastructure would have to be incredibly robust.

I'm not very knowledgable as to the feasibility of such a device, and quite
frankly don't know where to begin, but I would love to hear from someone who
might know more.

As a back of the napkin, rougher-than-order-of-magnitude calculation, it seems
more feasible for the government to tap into existing email providers'
databases than to try and administer their own. Would it not simply be easier
to file requests (perhaps in a quasi-legitimate manner) for data from
Google/Yahoo/MS/Apple than to try and catalog the entire email history of the
Internet?

~~~
yajoe
I think the government is sniffing packets directly. It's much easier to feed
through whatever content analysis engines they have today than try to access
remote systems routinely. SSL? When the government has access to most of the
internet's root keys, decrypting 128-bit SSL is 'annoying' and definitely
solved. There was a controversy a few years ago about secret closets with
direct access to raw fiber traffic:

* [http://yro.slashdot.org/story/05/12/25/0029204/nsa-data-mini...](http://yro.slashdot.org/story/05/12/25/0029204/nsa-data-mining-much-larger-than-reported)

* [http://slashdot.org/story/06/04/07/1246259/att-forwarding-al...](http://slashdot.org/story/06/04/07/1246259/att-forwarding-all-internet-traffic-to-nsa)

* [http://yro.slashdot.org/story/07/11/09/2040206/ex-att-tech-s...](http://yro.slashdot.org/story/07/11/09/2040206/ex-att-tech-says-nsa-monitors-all-web-traffic)

Mirroring traffic at the ISP would be much harder to detect, more thorough,
and reduces the number of pesky admins who would come across surprises in
their logs. My vote is on that approach -- it's similar to how spy satellites
are operated now ("record everything and playback like it's a DVR when we need
it").

As an aside, this is the third time in as many days that I've seen 'repeated'
content from old Slashdot on HN. Not sure what I make of that trend.

~~~
tlrobinson
Can you clarify the government's SSL decryption capabilities?

I'm aware the US government has CA certs installed in pretty much all
browsers. Obviously being a CA allows you to MITM any SSL connection (though
probably not without someone noticing, if done on the scale people are talking
about, which is probably computationally prohibitive anyway).

But isn't it impossible to decrypt passively sniffed SSL traffic in all cases?

~~~
yajoe
Neither SSL or cryptography are broken. However, it's widely known that the
government has its hands on most root-level private keys. All of cryptography
comes down to how well we manage keys, whose weakest link is humans :)

Having the internet's root keys does two things:

1) The government can impersonate as most sites to perform a MITM, which is
rare and would only happen on specific, targeted people.

2) The private keys reduce the search space for brute force 128-bit decryption
to the point that it can be completed in near real time. If the government
were to have direct access to the fiber backbones, then they could monitor SSL
traffic as easily as plain-text traffic. Hence, "solved problem." Part of the
trick behind this is pre-computing a lot of commercial site's individual
private keys ahead of time. If you do nothing but monitor headers you would
know the top 90% of hosts to pre-compute first.

To be clear -- I don't _know_ what the government does or does not do. But I
know a little bit about crypto and the industry, and I'm inferring what the
government does based on 'innocuous' requests it makes regularly to a popular
crypto products such as the one I worked on.

~~~
tlrobinson
By root level private keys you mean the third-parties like Verisign etc, not
just the ones explicitly belonging to the US government?

------
grecy
In all honesty, is the constitution in America even worth talking about
anymore?

It seems like every day a new article comes to light about how the government
is blatantly violating it with complete disregard.

Worse, nobody seems to be doing anything about it.

~~~
moostapha
In addition to probably millions of pieces of cyberpunk/science fiction, there
was a crack in Gilmore Girls about victims not caring if you take away their
freedom slowly and without them noticing at first.

~~~
Tipzntrix
The old boil a frog slowly metaphor.

I think this myth was debunked, interestingly enough

------
Karunamon
I'd feel a lot better if this article was from almost any other news site. RT
is not known for being fair or balanced when it comes to anything involving
the USA.

~~~
jessaustin
If you find similar coverage elsewhere please link it. In the meantime I'm
glad RT is on this.

And please distinguish between the long-term goals and values of the USA and
the craven personal interests of its present rulers. In pieces I've read and
seen from RT, they've often honored the former while excoriating the latter.
Which is something I wish an American news source could do. I'll know it's
possible as soon as I see a single example.

~~~
saber_taylor
The Defcon video is similar: <http://www.youtube.com/watch?v=sqIz-RNUL1g> (not
sure if this link is bootleg) [https://www.defcon.org/html/links/dc-
archives/dc-20-archive....](https://www.defcon.org/html/links/dc-
archives/dc-20-archive.html) (just the audio)

has the ACLU and the same guy if that makes it more legit.

The 10 zetabyte storage capacity estimate is based on building size. I think
we need more details.

------
nathan_long
Best quote:

>> RT: It seems that the public is divided between those, who think that the
government surveillance program violates their civil liberties, and those who
say, 'I've nothing to hide. So, why should I care?' What do you say to those
who think that it shouldn't concern them.?

>> WB: The problem is if they think they are not doing anything that’s wrong,
they don’t get to define that. The central government does, the central
government defines what is right and wrong and whether or not they target you.
So, it’s not up to the individuals. Even if they think they aren't doing
something wrong, if their position on something is against what the
administration has, then they could easily become a target.

------
SoftwareMaven
_the Buffdale facility_

It's _Bluffdale_ , not Buffdale. And it creeps me out every time I look across
the valley at it.

I really wish the investors in the company I was working on building to
encrypted email for the "common man" would have been willing to invest what it
would really take to make it work. We were on the right track. :(

~~~
gojomo
And also _Narus_ not Naris. Seems like this is a rough transcript, perhaps
from live closed-captioning.

~~~
rdl
And of course the "18-T" facility and "AST&T" were all AT&T.

------
salman89
Thought my connection to Google was almost always under the HTTPS protocol...
can someone explain to me how the NSA has broken SSL encryption to possibly
THE largest internet company in the world?

~~~
batgaijin
ever heard of _NSAKEY or 'stellar wind'?

~~~
lostlogin
Thanks. For those like me who had not.
<http://en.m.wikipedia.org/wiki/NSAKEY#section_2>

~~~
meaty
I'll probably get shot for this but in the shared source license there are a
number of huge holes around the signing key code. NSAKEY doesn't exist any
more but its more suspicious when there is just no code there.

I wouldn't trust Microsoft - the world's largest Trojan.

------
tokenadult
How does this compare to the current practices in other countries? Are there
whistleblowers elsewhere whose revelations are reported on in reliable press
sources?

(I used to live in a country that was then ruled by a dictatorship, and I am
aware of how people behave under such rule. That country now has a free press
and free, contested elections for the national leadership.)

------
shmerl
[https://en.wikipedia.org/wiki/NSA_warrantless_surveillance_c...](https://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy)

------
rooshdi
Yes, this is old news, but we need a reminder every now and then about how
intrusive our government has become.

------
contingencies
The initial, public report describing this sort of thing was prepared by for
the European Parliament in 2001... PDF at:
[http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//...](http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A5-2001-0264+0+DOC+PDF+V0//EN&language=EN)

I would invite HN readers to consider that report, then consider over a decade
of technology improvements have since occurred, then consider how little of
the public's interest has been engaged in such matters. Having done so,
consider supporting the efforts of a small number of parties like the EFF and
Assange to raise awareness of these issues and fight for the public interest
and individual rights.

------
mtgx
Is it possible to write an OTR plugin/extension for Google Talk that can
encrypt the text locally before it's sent to the other person, who would also
use this plugin? From what I'm reading Cryptocat already works in a similar
way.

I know there's already Jitsi or Pidgini with OTR that can do this for Google
Talk and FB chat, but those are just other apps that you need to install, and
I think a Chrome plugin/"app" would see much wider adoption. Or should we just
wait for web crypto before this can be possible (2014)? Or just wait until
Google themselves to do it? (if ever)

~~~
shmerl
Those who care anyway already use clients which support OTR with the same
Google Talk or any other XMPP server like Pidgin, Adium, Jitsi and etc. Those
who don't care won't use anything even within the Google Talk web application.

Standalone XMPP clients anyway are way better than Google Talk web
application, since they are more flexible and allow using several accounts at
once.

------
jessaustin
Someone should buy a Naris and let hackers start hammering on it. The delivery
vector for any malware developed would be trivial. Just send it in an email to
someone in the USA.

Hi NSA!

~~~
IheartApplesDix
1.) Citizens can't afford a Narus device, let alone what they're offering now
(more service oriented, less local hardware)

2.) Narus doesn't sell to citizens. Citizens aren't allowed to have
information on what kind of monitoring Narus does because it's national
security classified.

>The exact use of this data is not fully documented, as the public is not
authorized to see what types of activities and ideas are being monitored.

<http://en.wikipedia.org/wiki/Narus_%28company%29>

~~~
jessaustin
Yeah it probably isn't cheap. If motivated enough, however, somebody like EFF
or WikiLeaks could co-opt enough officials in a third-party nation (Ecuador,
perhaps?) to purchase the service. "National security classified" has never
stopped Boeing from selling cut-rate, not-latest-generation tech to other
nations before. After all, their pals who want to work for them upon
"retirement" from the military decide what's classified. Probably the service
wouldn't come with a complete ruleset, but it would come with consulting, from
the same people who helped develop the initial USA ruleset. Also, the system
is probably optimized for the use of its largest customer.

Failing that, you might be able to enlist the help of some of the APT folks
who've been downloading all the F-35 plans. Why would we expect Boeing's
network to be more secure than Lockheed's?

If one were really patient and as immoral as the NSA, one could start moving
around a lot of fabricated-but-plausible evidence against USA citizens for
national security-type crimes, and then paying special attention to federal
prosecution notices. If you noticed which manufactured "evidence" turned up
most often, you'd be able to run a kind of oracle attack by fine-tuning for
what got prosecuted the most. In addition, many of these framed citizens would
be so obviously innocent that even our debased court system would acquit. This
would undermine the perceived accuracy of this fancy expensive system. After
federal prosecutors look foolish a couple of times when relying on super-
secret we-can't-tell-you-where-we-got-this surveillance data, word will get
around.

However it's done, if someone figured out how to characterize which packets
get saved (I still refuse to believe they're saving every packet sent in the
USA), one could generate many such packets, which could be obviously bogus
upon inspection but enough to fool the initial analyzer. That's a DOS right
there.

Just throwing out some ideas. I'm sure you smart guys have already thought of
all this.

~~~
IheartApplesDix
The problem with all your proposed solutions is it doesn't allow the market to
escape from the ever more technologically advanced supply of data because the
development time is constrained by how fast you can fail. By the time you've
found a vulnerability in their monitoring system, they've already written
exception handlers for it and set up team dedicated to finding solutions for
exceptions to those exceptions.

------
makhanko
Being Russian myself I always thought that nobody took anything that RT
publishes seriously. I guess I was wrong.

~~~
rdtsc
I am from those "parts" of the world but also monitor US media. I found from
experience that RT actually does a great job covering issues related to US
(and other countries) but it is complete bullshit when it comes to Russia
itself.

American and other news agencies (say Al Jazeera) also seem to follow the same
pattern more or less.

So it helps to monitor and compare various news outlets and you can sort of
see who they cover the same story and how they spin and then, well, decide for
yourself if you can't independently verify the facts. If you can then you can
benchmark and compare the performance/quality of each of the news sources.

------
hamoid
'Everyone in US', but not limited to the US, right? Services provided by
servers in the States are used by people all around the world. Many
communications started in other countries have their recipients in the US.

So isn't it more like 'A large part of the worlds population under virtual
surveillance'?

~~~
propercoil
in short, yes.

------
JabavuAdams
Does this lead to a functional definition of freedom that's actually more
useful for more people than what we're used to?

What is freedom? A functional definition might be -- you're not prevented from
doing things when you try to do them.

Interested in electronics? Want to build an igniter for your home-brew rocket
engine? Fine ... if we know enough about you to conclude that it's for fun,
not for killin'

Want to build a rocket? Great ... if you're not likely to endanger others or
sell your knowledge to those who might.

In a perverse way, more detailed profiles could lead to better discrimination
between those who have esoteric interests but are unthreatening vs. those
whose who are threats.

Of course, if you build it, it will be abused ... but it's an interesting
thought experiment.

------
MattiasC
Google 'Room 641A', that's all you need to know...

~~~
Wingman4l7
Or you could just click this: <http://en.wikipedia.org/wiki/Room_641A>

( _In a nutshell:_ "Room 641A is a telecommunication interception facility
operated by AT&T for the U.S. National Security Agency, beginning in 2003, and
exposed in 2006. [...] It is fed by fiber optic lines from beam splitters
installed in fiber optic trunks carrying Internet backbone traffic [...]
contains several racks of equipment, including a Narus STA 6400, a device
designed to intercept and analyze Internet communications at very high
speeds.")

~~~
timdiggerm
But then he wouldn't look so mysterious!

------
tvirot
Some of you might be interested in his recent talk:

MIT TechTV – The Government is Profiling You
[http://techtv.mit.edu/videos/21783-the-government-is-
profili...](http://techtv.mit.edu/videos/21783-the-government-is-profiling-
you)

~~~
hamoid
From that clip:

"Where do you see this going in 5 or 10 years? I see it becoming a
totalitarian state. An imperial president (a dictator). Unless we do
something."

"It doesn't matter if you say 'bomb' or not. Everything is stored now."

------
DanBC
ECHELON is ancient; the only differences between that and this is are i) the
lack of other nations and ii) the US directly spying on its citizens.

While it's not acceptable it surely can't be surprising? Especially seeing the
other attacks on liberties happening every day.

Having said that, other people mention a bunch of problems with the article.
Warrants provide easy legal access; connections are encrypted (and it'd be
scary if that encryption was broken); the reliability of Russia Today; etc.

------
rayiner
Google is already monitoring everything I do on the internet, why should I be
more worried about the NSA doing the same?

~~~
Ygg2
Because one of those has the ability to arrest you and the other doesn't?

~~~
rayiner
Sure, but we've got a pretty spiffy legal system that protects you from that,
and in any case the NSA has no incentive to arrest me. I have no real
protection from Google or its employees selling my information, using it
against me, etc, and as a practical matter they have a lot more incentive to
do that than the government does to arrest me.

------
seanlinmt
This reminds me of the presentation "DEFCON 18: Your ISP and the Government:
Best Friends Forever" <http://www.youtube.com/watch?v=t0aQojDGSD4>. I wonder
if the "don't get involve in drugs and you'll be fine" advice still holds.

------
theklub
Privacy aside... I simply don't trust the government or any of the people who
might have access to this data. Assuming you somehow have information about
everyone whats to stop you from eventually controlling everything.

------
m1x1t
It is implied that the NSA surveilled Petreus' gmail using naris by capturing
backbone data which implies that the NSA has cracked 128-bit SSL. Or maybe
they just got it from google...

~~~
forensic
Wouldn't it make sense that the NSA owns a few Certificate Authorities and
gets access that way? They try to have backdoors installed for them everywhere
according to that whistleblower.

------
ussid18
If you really want to keep NSA busy just add "USSID 18 Violation" to every
email you send :P

<http://cryptome.org/nsa-ussid18.htm>

------
morroccomole
What are you going to DO about it?

------
rglover
This can't possibly be a surprise.

~~~
joelrunyon
Certainly that can't make it acceptable.

~~~
alan_cx
Oh yes it it. US voters happily allow it. You allow it.

The problem is your government, whether Rep or Dem, sees you, the people, as
the enemy. There for, the government is your enemy, an enemy with in. It must
be logically. How else can that work? Now, why does your constitution allow
guns? Why do so many US citizens insist on their right to gun ownership? Is it
not to oppose such an enemy? Yet all Americans do is sit on their big old
butts and type stuff on the internet. So, what are all those guns for?
Polishing and comparing to penises? Are women attracted by them?

What makes me laugh (or is it cry) as a Brit is that mention universal health
care and its commie time, people on the streets claiming health care will kill
granny. Yet here is a Democrat government continuing and expanding the removal
of your freedoms and privacy started with a Republican hawk government, and
your all cool with it. All you do is bleat on the web, and that's that. As
some one pointed out, you knew this in 2006. Yet here you are 6 years on, and
its worse. You do nothing.

Don't get me wrong, its the same every where. People just accept this stuff.
Which is why this disgusting spying on your own people lark, KGB style, is in
fact absolutely acceptable. Your inaction says so.

Until the people say no, the government, either party, UK or US, does what the
hell it likes. Its up to us.

~~~
bpatrianakos
You made a great point and I hate to see you get downvoted to hell just
because some people don't want to accept some of the truthful things you said.

------
janlukacs
it's a question of time until this will turn against the people. My family has
lived in eastern europe and was under survailance during comunist times in the
80's. very sad to see this happen to the US - land of the free.

------
guscost
The Kremlin can't afford this scale.

USA! USA!

