

What happens when the Secret Service uses a NSL on you - squeed
https://www.noisebridge.net/pipermail/noisebridge-discuss/2013-March/035200.html

======
bsimpson
First Amendment to the US Constitution:

    
    
        Congress shall make no law respecting an establishment of religion, or
        prohibiting the free exercise thereof; or abridging the freedom of speech, 
        or of the press; or the right of the people peaceably to assemble, and to 
        petition the Government for a redress of grievances.
    

Can someone please show me the asterisk that says "unless done to protect
national security"?

~~~
DanielBMarkham
I upvoted and completely agree with you, now let me play devil's advocate a
bit. :)

The constitution is not a suicide pact. That is, the system cannot interpret
the various provisions of the constitution in such a way that would destroy
the country. The Declaration of Independence is a statement of philosophy. The
constitution is a rather vague and self-contradictory description of
structure. Different thing entirely.

Having said that, what has happened is that 240 years has given all the
players in government a chance to find edge cases where they can have their
way at the expense of others.

What we're seeing now is a state of perpetual war. This was never envisioned
when the country was founded. So we're way off the script.

~~~
moron4hire
Counter: The Constitution _is_ a suicide pact. The notion that individual
rights are more important than Government is a pretty clear thread though out
the document, and that one should not conflate the Government of the
particular day with The Nation as a whole. I think it's pretty clear with even
a cursory reading of such documents as the Declaration of Independence and the
Preamble to the Constitution that the standing belief was that Government
should be destroyed and rebuilt if it ever stopped serving the people.

Such as when it falls into a perpetual state of war. Like they complained
about England doing. I think it was well envisioned and it's well on script.
However, the Founders believed the separation of powers between branches would
create adequate checks and balances to prevent it from happening. I think they
failed to envision the case where said branches would collude and ignore the
rules to protect each other's power quid pro quo, and most people would not
notice and not be bothered.

~~~
anvandare
Perhaps a government should be thought of as an AI? In that case, the Founders
intent could be re-written to the simple:

> 1\. A government may not injure a human being or, through inaction, allow a
> human being to come to harm. > 2\. A government must obey the laws given to
> it by human beings (through their representatives), except where such laws
> would conflict with the First Law. > 3\. A government must protect its own
> existence as long as such protection does not conflict with the First or
> Second Laws.

If so, they forgot an important addendum. -- but they can be forgiven, AI
research was in its infancy back then, after all. :^)

>A government that keeps growing[1] more complex will inevitably reach
Rampancy[2]. It is recommended you implement more than a few kill-switches for
when (not if) this happens... Relying on a system to regulate/moderate itself
is asking for disappointment.

And of course:

> 0\. A government may not harm humanity, or, by inaction, allow humanity to
> come to harm.

[1] <https://en.wikipedia.org/wiki/Parkinson%27s_law> [2]
<http://tvtropes.org/pmwiki/pmwiki.php/Main/AIIsACrapshoot>

~~~
jetable
The 2nd amendment _is_ the kill switch. And I say that as someone
uncomfortable with guns used for anything other than hunting.

------
exhilaration
Worth reading for this:

Around January, upon logging into the Google account, Google showed a strange
NOTICE message asking me to accept the terms of usage of my account. This was
odd, because in a decade of being a Google user, I had never seen this. I am
told that this is Google's way of "telling you without telling you" that you
have been served an NSL. Google, by law, is not allowed to tell you about the
NSL, but they definitely are within their right to ask you to accept their TOS
upon login. This is the "tell" that everyone here should be aware of. If you
see this, you are likely being monitored.

~~~
rachelbythebay
Google is weird about that kind of stuff, inside and out.

Google asked all of us who had been around longer than a certain amount of
time to re-sign our NDAs because "they lost them" or they "didn't get signed
your first day of work" or something like that. I asked to see a copy of the
old version so I could diff it (visually, ugh) to see what I was supposedly
agreeing to in the new one.

They provided the old version all right... not _AN_ old version, _THE_ old
version. As in, the actual (scanned) copy I signed my first day of work... and
it had my signature on it, right next to the date, just as I remembered it.

I found out much later they pulled this on a whole bunch of people.

~~~
iooi
What was the diff if you don't mind me asking?

~~~
rachelbythebay
I think part of it was something like "if you access corp from a device, you
have just tainted it and we can dig around on it at any time, including when
you quit", which I mechanically translated to "never read my mail, Buzz, or
anything else from home unless I'm on the company laptop or the Nexus One
which they gave me and is fundamentally tainted anyway".

This could have affected my personal iPhone, Linux box(es) at home, and
anything else which might have accessed google.com/a/google.com/... resources.
So, I basically stopped checking mail unless I was at work.

I also think they tried to make it retroactive to the day I started work, but
I'd like to see that fly in a court of law. Retroactively tainting my
machines? Good luck with that.

------
PaulHoule
That's how the feds do business.

I was amused by the entrapment bit. They always try that. I think of this poor
black guy who got recruited into a fake islamic jihad gang and how they gave
him a fake bomb and rented a synagogue for him to leave it in and he got
jumped by 50 cops on the way out the door, yelling "Allah Akbar"

On some level I feel bad for him, but you've got to be a dope to fall for
that.

~~~
spodek
"I was amused by the entrapment bit... you've got to be a dope to fall for
that."

Or you can be poor or indebted or having some weakness they know how to
exploit.

Everyone has buttons someone can push, especially if they have access to your
online data.

~~~
MichaelGG
If someone emails you on an identifiable account, asking you to commit a
felony, you should always say no, regardless of financial state. If you're
going to do illegal stuff for a living, you should, at a minimum, have another
identity.

It is funny how many people will email you though. I wrote a tiny, babycakes
cracking tutorial, just to demonstrate how reversing most "protection" that
average devs do is pretty easy. Even years later, I get emails from people
begging me to crack stuff for them. I always tell them off. But sometimes
they're persistent and come up with stories as to why they really need help
and here's the DLL.

~~~
adolph
_Even the most intelligent and informed citizen (including lawyers and judges,
for that matter) cannot predict with any reasonable assurance whether a wide
range of seemingly ordinary activities might be regarded by federal
prosecutors as felonies._

[http://www.harveysilverglate.com/Books/ThreeFeloniesaDay.asp...](http://www.harveysilverglate.com/Books/ThreeFeloniesaDay.aspx)

------
anonfunction
A national security letter (NSL) is a demand letter, which differs from a
subpoena. It can be used by US government agencies, mainly the FBI, when
investigating matters related to national security.

~~~
rdtsc
What if you don't comply though and let the user know?

~~~
shawn-butler
Compliance with the gag order of NSL was originally voluntary. It became
compulsory in the mid 1980s as I recall.

"[A court] may impose a civil penalty of up to $10,000 per day for each day in
violation after the issuance of the order or after such future date as the
court may specify."

------
reginaldo
I'm not an american, but I'm a spare-time security researcher, hoping to make
a career out of this in the future. The last few cases reported here on HN
give me the impression that if you stumble upon a vulnerability (which, by the
looks of it, seems similar to the one involved in the AT&T case), it's best to
keep it to yourself. You have nothing to win by reporting it, and possibly a
lot to lose if you do.

~~~
saym
I think a good solution would be a generally accepted security flaw reward
contract. If most corporations with an online presence adopted some uniform
agreement, we'd have a standardized method of report and reward.

~~~
reginaldo
It would be nice if they did so, but I don't think companies should be
obligated to pay for bug reports from researchers that have no association
whatsoever with them. Those that pay seem to get more reports, both in numbers
and in quality, at least that's what Google says. Also, I think that a
consumer should have the right to speak up when personal data is at risk, but
that's a whole other story.

In this case, I'm more worried about the "lots to lose" part than about the
"nothing to win" one. For some reason I'm even fine with doing charity work
for the benefit of billion-dollar corporations from time to time [1]. But not
if there's the risk of them coming after me in the future...

[1] <http://technet.microsoft.com/en-us/security/cc308589.aspx>

------
AJ007
The same agency that raided a role playing game publisher because they thought
a fictional game was some elaborate criminal conspiracy..

I think there are going to be a lot of sadly amusing and moronic stories to
come.

~~~
clinth
The company is Steve Jackson Games, their telling of it is here:
<http://www.sjgames.com/SS/>

~~~
ds206
They also made a card game based on the raid:

"Hacker is the Computer Crime Card Game. It was inspired by the 1990 Secret
Service raid on SJ Games."

<http://www.sjgames.com/ourgames/card.html> (very last game)

I have a friend that has this, although I haven't played it.

------
Fizzadar
I'm glad I live in the UK/Europe where privacy (certainly of physical post and
my local network, plus the various services I use around Europe). Shame my
Gmail is firmly under the US authorities.

It makes me sad to see the authorities of countries like the US using
entrapment and other dodgy tactics to catch criminals. The US is soon to
become like 1984 with drones monitoring people in cities, huge cloud computers
monitoring all internet traffic, and feds running lawless tapping everyone's
phones.

~~~
melvinmt
I'm sorry but you live in the UK (aka the CCTV country) you say and think your
privacy is protected more than in the States? Think again.

~~~
StavrosK
It says something about the US that that's true, doesn't it...

------
verelo
So for the dumb people like me, what is a NSL? A quick google define doesn't
really help much (<https://www.google.com/search?q=define%3A+NSL>)

National Soccer League?

~~~
tomjen3
A dirty, dirty attempt to route around due process, freedom of speech and the
fourth amendment.

They were one of the (many) things bush used the 9/11 as an excuse to push
through congress.

~~~
MichaelGG
Please keep the politics off HN. NSLs were around before 9/11. And there's
nothing to suggest that any other US President would have a different
response. (I agree with your underlying sentiment, but it isn't constructive.)

------
donniezazen

        no digital information is protected from
        snooping unless it is stored in your home
        and encrypted.
    

So, you shouldn't be using online backups like Crashplan?

~~~
RexRollman
Online backups can be risky if you are not encrypting them, at least for
sensitive information.

~~~
donniezazen
They are encrypted but I remember reading somewhere that you lose your rights
after data has been stored (not accessed) on a server for over 180 days.

~~~
RexRollman
If I understand things correctly, what changes is that only a subpoena is all
that is required after 18 months, where before that a search warrant is
needed. But there have been some efforts to change this:

[http://arstechnica.com/tech-policy/2013/03/finally-feds-
say-...](http://arstechnica.com/tech-policy/2013/03/finally-feds-say-cops-
access-to-your-e-mail-shouldnt-be-time-dependant/)

Of course, if your files are encrypted, they probably won't be able to access
them regardless.

------
danso

        SS confirmed over the phone that they monitored my Google account,
        after I told them I knew they were. At first, they would not tell me
        they did and denied it. The agent actually said "Google should not
        have told you that"
    
    

Getting followed by a federal agency is no fun, but it's funny how they manage
to muck things up once in awhile. Kind of like how the FBI, when tracking
Aaron Swartz, tried in vain to locate him in Chicago:
<http://www.aaronsw.com/weblog/fbifile>

~~~
jerf
We're All Just Folk. There's no force making them any more competent than
anybody else.

~~~
pc86
Some of us just have seemingly unlimited manpower, budget and the auspices of
the federal government.

~~~
scarmig
And guns. You're leaving out guns.

Of course, since it's just regular ole folks doing things, sometimes mistakes
happen. What, are you complaining? Do you hate the police/military/people who
keep us safe? Socialist!

------
loudin
NSLs remind me of the "deny and imply" clause in Super Sad True Love Story. It
goes something like...

"By reading this, you have denied its [some type of government surveillance]
existence and implied consent."

Very troubling news.

------
mariuolo
Right or wrong, law or no law, do something that remotely disturbs the powers
that be and you will be harassed.

I'm sure OP knew what he was getting into, unless he actually thought he lived
in Wonderland.

------
phormat
Anyone else get their fb account hacked after opening this article?

~~~
aeon10
No.. should I be worried? What exactly happened to your account and are you
certain it had something to do with the article? (that website)

~~~
phormat
I dont have any evidence it was from opening this site. But three hours after
I opened it, my fb account was comprimised. Login was from an ip in montana I
believe. Cant figure out why I'd be targeted or who was doing that. Changed my
privacy settings anyways to use two-factor Auth. Also happy that fb knew to
block access after the rogue login.

------
mouseroot
that email sounds like die hard 4.

------
unclebucknasty
The big question is if our government is supposed to be "of, by, and for the
people", then how did it manage to become this separate entity--with a life
and agenda of its own--that has now turned against "the people"?

We all (myself included) talk about the government in the third person. Yet,
it is supposed to be our representative and our voice. It is supposed to be
"us".

So, why are we so powerless to stop things like this, the Aaron Swartz
tragedy, PATRIOT Act, etc?

~~~
dreamdu5t
> So, why are we so powerless to stop things like this, the Aaron Swartz
> tragedy, PATRIOT Act, etc?

Personally, I think it's because we buy into the idea that an individual
should be given the authority to "rule" people by fiat in the first place.

~~~
unclebucknasty
Do we?

~~~
dreamdu5t
In the US, yes. Most people believe that the authority to rule over others
based on a vote is legitimate, ethical, and desirable.

Personally, I don't think it's legitimate or ethical that some guy I've never
met asserts the right to rule over my property because another group of people
I've never met got together and voted on it.

~~~
unclebucknasty
Not sure we're talking about the same thing. In the case you mention, isn't
the problem you have with the people who voted?

And isn't the issue you take, in general, not with an individual "ruling over
you", but with the very notion of majority rule (i.e. that "a group of people
you've never met" can vote in ways that affect you/your property/etc.)?

Edit: Because I would say that the problem is the opposite: that our
government is no longer an expression of the will of "the people". And my
question is why isn't it?

~~~
dreamdu5t
My point was that the electoral process is what is meant by "will of the
people." In that regard, the government IS acting in accordance with the will
of people.

But you asked why we are powerless to stop things like the Aaron Swartz
tragedy, PATRIOT Act, etc. My answer to that is because we've all decided to
cede that power to a vote.

~~~
unclebucknasty
Ok, now I think what you're talking about boils down to representative
democracy vs direct democracy. I do think that's where the breakdown occurs,
especially given the money in our representative democracy and our two-party
system.

Because voting in a direct democracy would _not_ be ceding power, it would be
directly expressing it. Now whether we would "do the right thing" remains to
be seen, particularly given the massive degree to which many are misinformed
or misled.

Of course, once our will is expressed, thereafter comes the execution. That
may involve similar apparatus to what we have now (DOJ, FBI, etc.). Not sure
that wouldn't lead us right back to where we are now, with abuses, etc.

Maybe it's just a function of human nature.

------
septerr
an NSL

Apologize for irrelevancy of the comment. Someone needed to let squeed know.

