
Global Mass Surveillance – The Fourteen Eyes - latexr
https://www.privacytools.io/providers/#ukusa
======
eivarv
The Norwegian parliament recently passed a bill that implements bulk metadata
collection here as well.

I tried debating with ministers, writing op-eds, and even organizing petitions
(over 1000 security, privacy and tech professionals in a couple of days)
before the vote. While every informed person I know thinks it's a bad idea,
and every organization consulted massively criticized it as mass surveillance,
a huge majority of our nation's decision makers apparently disagreed.

Watching video from the proceedings made me realize just how few of them have
any real understanding both of the practical consequences of the technical
implementation, as well as of privacy in and of itself (my jaw was literally
agape from some comments).

How can we do something about this sorry state of things when politicians are
not only ignorant, but ignorant of their ignorance – and unwilling to listen
to experts that are critical?

Besides using privacy-preserving technologies, how can we work against this on
a technical level?

~~~
pdonis
_> how can we work against this on a technical level?_

As the saying goes, you can't use a technical solution to fix a social
problem.

One way to fix the social problem is to vote politicians out of office when
they make bad decisions--not just about surveillance, but in general. People
who don't have to pay a cost for bad decisions have no incentive to make
better decisions.

Another way is to not give powers like this to governments in the first place.
If politicians don't have decision making power at all over something, they
can't harm the rest of us by making a bad decision.

~~~
vkou
> Another way is to not give powers like this to governments in the first
> place. If politicians don't have decision making power at all over
> something, they can't harm the rest of us by making a bad decision.

It is generally impossible for a parliament to pass a law that forbids a
future parliament from repealing it.

~~~
pdonis
_> It is generally impossible for a parliament to pass a law that forbids a
future parliament from repealing it._

Not giving powers to governments in the first place would be something at a
higher level than parliamentary. In the US, it would be something like a
Constitutional amendment.

I agree that no such action, at any level, can ever be completely
irreversible, in the sense that future citizens would never have to worry
about the issue again. Eternal vigilance is the price of liberty.

~~~
vkou
And who adds or repeals constitutional amendments? The government.

~~~
pdonis
_> who adds or repeals constitutional amendments? The government._

Yes, but that doesn't change the fact that Constitutional amendments usually
impose some limitation on the government (Federal, and in many cases State as
well). And once such an amendment is passed, it's much harder to repeal than
an ordinary statute (only one US Constitutional amendment has been repealed,
the one imposing Prohibition, and it's relevant that that amendment was _not_
one that imposed a limitation on the Federal government--it gave the Federal
government _more_ power, and it got repealed).

~~~
vkou
> and it's relevant that that amendment was not one that imposed a limitation
> on the Federal government--it gave the Federal government more power, and it
> got repealed).

This is a bit off-topic, but I would like to point out that if the Federal
government wanted to re-instate prohibition tomorrow, it could trivially do so
without a constitutional amendment. It would do so by tying highway funding to
states enforcing prohibition.

------
bouchard
> In Canada key disclosure is covered under the Canadian Charter of Rights and
> Freedoms section 11(c) which states "any person charged with an offence has
> the right not to be compelled to be a witness in proceedings against that
> person in respect of the offence;"[10] and protects the rights of
> individuals that are both citizens and non-citizens of Canada as long as
> they are physically present in Canada.[11]

>In a 2010 Quebec Court of Appeal case the court stated that a password
compelled from an individual by law enforcement "is inadmissible and that
renders the subsequent seizure of the data unreasonable. In short, even had
the seizure been preceded by judicial authorization, the law will not allow an
order to be joined compelling the respondent to self-incriminate."[12]

>In a 2019 Ontario court case (R v. Shergill), the defendant was initially
ordered to provide the password to unlock his phone. However, the judge
concluded that providing a password would be tantamount to self-incrimination
by testifying against oneself. As a result, the defendant was not compelled to
provide his password.

According to the Wikipedia article cited when "Canada" is clicked, key
disclosure laws don't apply which is the opposite of what the site claims.

Or am I misunderstanding something here?

~~~
justanotheranon
in the Snowden leaks, there is a document that lists the opinions of NSA's
legal counsel about a list of collection practices.

one of the questions is whether passwords sent across the network are
considered metadata or content.

NSA legal says passwords are metadata. which means NSA can scan all traffic
for passwords and steal them and no FISA warrant is needed, nor a subpoena.

of course NSA already has a dozen programs just for extracting passwords from
UPSTREAM passive collection. and presumably this means everyone in the FVEYS
gets access to everyone's passwords, since they pool their capabilities and
collection.

whatever the Courts rule about local cops and passwords, it doesnt apply at
the level of SIGINT collection, which enjoys its own separate and secret
system of laws.

~~~
justanotherc
What does the NSA have to do with Canadian law? Last I checked we weren't the
51st state...

~~~
bouchard
Canada is part of the Five Eyes and might share what they find if thought
useful.

Anyway, the point is that the website claims canadian courts can lawfully
demand your password/key (key disclosure law) even though the reference cited
(Wikipedia) says the exact opposite.

------
eternalban
“Israel is the 6th - unofficial and undeclared - member of 5 eyes”

[https://www.richardsilverstein.com/2014/02/09/nsa-
maintains-...](https://www.richardsilverstein.com/2014/02/09/nsa-maintains-
satellite-facility-in-israel/)

~~~
jjcon
Germany is also currently in the process of joining the five eyes

------
shirakawasuna
My general sense is that offensive capabilities are much better than defensive
ones when it comes to security / surveillance. e.g., even using a VPN and a
vanilla browser with no history and arbitrary window size is nearly worthless
when it comes to many forms of surveillance.

Are there any guides out there that consider all the means by which you can
attempt to shield yourself from these intrusions, including a description of
the attack vectors?

~~~
acoard
The first thing to do is answer what's your threat vector? What are you trying
to protect against? And the second thing is answer and what are you willing to
give up?

The best way is, of course, to not use technology. But that's not worth it to
most folks.

If your threat vector is general dragnet government surveillance over the
entire populous, you're fighting against a shadows. Basically all we know of
these techniques come from Snowden. Assume all internet data is logged,
whether encrypted or not, and they have direct access to the ISP
infrastructure. Room 641A shows the USA has been at this since 2006[0]. Even
if your messages are encrypted, it's possible the agency has a 0day. For
example, the NSA had decrypted all BBM traffic which was advertised as
encrypted. The lesson here is avoid new and popular tools. Instead, just use
PGP or other arcane yet reliable encryption methods. If everyone used PGP, I
bet the NSA would exploit it too. Don't use a smart phone at all. Using
bootable Linux USB of something like Tails on a public computer is probably
the best bet, but unsustainable. Even Tails and TOR isn't perfect but it's
miles better than Windows, Mac, ChromeOS.

If your threat vector is a specific intelligence agency spying on you, (i.e.
an APT), you have already lost. I don't think it even makes sense to try and
protect against this level of threat. It's like worrying about a tank coming
through your frontdoor.

If your threat vector is private companies spying on you (be it Facebooks or
even private intelligence companies), you have a lot more power here. Besides
ISPs, private companies don't own the infrastructure and are not legally
allowed to use 0days like the NSA is. In general, end to end encryption is
sufficient here.

It's all a sliding scale of compromise between security and convenience.

[0]
[https://en.wikipedia.org/wiki/Room_641A](https://en.wikipedia.org/wiki/Room_641A)

~~~
shirakawasuna
Thanks! This unfortunately comports pretty well with my general understanding,
ha. Can protect from companies / non-governmental actors, governments either
have assymetrical capabilities when they focus on you or have unknown and
likely deep levels of surveillance power. Security becomes more a matter of
just plain not using the internet for information you don't want to have
snooped on, if it's paranoia-level stuff.

------
croes
Is it five eyes or five Is like in Intelligence services? If it is eyes
shouldn't it be 10 eyes? Two eyes per country or is it meant like "in the land
of the blind, the one-eyed man is king"?

~~~
mseepgood
> If it is eyes shouldn't it be 10 eyes?

Rather imagine Sauron eyes.

------
aborsy
Surveillance pertains to asymmetric information, a situation where a few in
the society (those in power) have access to the information of the rest of the
society (those not in power, namely, the public) but not conversely.

The asymmetry of the information gives those in power great advantage over
public. The rich and powerful claim, we monitor you to protect you, and to
better serve you. The scope and the characteristics of the surveillance, the
incentives and the historical evidence don’t support this claim. The harm is
far more than potential benefits. The public should reread David Hume and
stand up against this threat.

~~~
zionic
What I don't see many talk about is how much harm the _belief_ that they
harvest everything is, on top of just the actual deed itself.

If I am an organization that is well known to be spying on everyone and
anything, that means I can very convincingly fabricate evidence against my
enemies. It goes beyond simple spying, they now have the ability to
manufacture whatever truth they'd like.

~~~
eivarv
Though not exactly what you're referring to, my impression is that people
discuss the chilling effect [0] quite a bit.

[0]:
[https://en.wikipedia.org/wiki/Chilling_effect#Chilling_effec...](https://en.wikipedia.org/wiki/Chilling_effect#Chilling_effects_on_Wikipedia_users)

~~~
nicholasjarnold
Yes, and this so-called Chilling Effect can have a potentially very negative
impact on the ability of a democratic society to thrive and possibly to even
survive. Democracies require (open, honest) debate. If we self-censor then we
hold back on fully-expressing views or positions during debate.

This is one of the fundamental issues that I have with this proliferation of
population-scale mass-surveillance (domestically in the US and abroad). It
will not lead us into any sort of light, despite the promises about safety or
less kiddie pr0n or whatever.

~~~
3647e7ee7ru
I'll start caring about chilling effects on speech again when local
governments quit encouraging the police to just let riots wear themselves out,
damage and deaths be damned. Until that happens I don't really care if the
federal government is engaging in these tactics as long as belligerantly
violent groups are actually charged and receive jail time.

~~~
antonvs
> I'll start caring about chilling effects on speech again ...

That's ok, responsible people will take care of it while you're busy
supporting fascism.

------
3jckd
The link is dead atm.

~~~
tjohns
There's something odd going on. I'm getting an NXDOMAIN error. It looks like I
get different results depending on which DNS server I try:

    
    
      $ dig @8.8.8.8 www.privacytools.io
      (No results.)
      
      $ dig @8.8.4.4 www.privacytools.io
      www.privacytools.io. 3158 IN A 135.181.7.217
      
      $ dig @75.75.75.75 www.privacytools.io
      (No result.)
      
      $ dig @1.1.1.1 www.privacytools.io
      www.privacytools.io. 1395 IN A 135.181.7.217

~~~
tambeb
Don't have anything to add except for "ditto" as of right now. Still looking
into it.

~~~
tambeb
I flushed Google's DNS for the domain and it looks normal now.

------
dsbleia
I'm asking this question not to spark a contentious debate or be ridiculed.
But I'm genuinely curious, as someone who has little experience with China and
only lived in the US, is the US just as much of a surveillance state as China?

We often hear a lot of 'information' (bordering propaganda), about China being
an "authoritarian surveillance state". I don't mean to sound absurd, but is
the US that much better in terms of authoritarianism or surveillance? If so,
why?

~~~
craigsmansion
> but is the US that much better in terms of authoritarianism or surveillance?

Who knows? The last guy who touched upon it had to hide in freedom-loving
Russia afterwards.

The PRC has it easy. They don't have to hide their actions behind contortions
of "national security", which makes it difficult to compare the extent and
pervasiveness of US and PRC surveillance.

~~~
mellow2020
> The last guy who touched upon it

On the other hand, people like Chomsky aren't being persecuted. Though all in
all, I would also say they get ignored very efficiently, Chomsky still isn't
exactly _unknown_ either. Is there a Chinese author and speaker with decades
of real harsh criticism of their government under their belt, who is living in
China with their works being translated in all sorts of languages and also
available in China?

~~~
l332mn
You can't really draw a direct comparison between PRC and the US, and ask how
China would react to a 'Chinese Chomsky'. Their respective conditions and
rational incentives for population control are not very similar. The US (after
the fall of the USSR) is a country who's stability has not truly been
threatened by criticism and dissident voices, while China is a state which has
been and currently is extremely vulnerable and threatened by instability,
unrest and separatism, and is consequentially on high alert.

Reaction to criticism and dissidence not really a principled stand in the eyes
of a state. The way the US clamped down hard on leftist political groups and
organizations during the Cold War is rather the actions of a country believing
itself to be threatened by instability and unrest. Political figures who
fronted harsh criticisms against the government have routinely been
assassinated or framed and arrested. COINTELPRO is a program which shows how
political repression works the US when it feels politically vulnerable.

~~~
stjohnswarts
I don't think any of what you say is true. The people in China would like to
be free just like in the USA (although our freedoms are fading with time).
People have the right to speak freely. What the CCP is doing is a
dictatorship, plain and simple. They're afraid of free thought and criticism.

~~~
l332mn
That's just not true. The Chinese don't consider themselves unfree, the CCP is
very popular, and its approval rate has only increased in recent decades.
Moreover, the US does not have a very good reputation around the world. Who
envies their predatory health care system? Their high-cost system of
education? Their oppressive police force? The world recognizes the failure of
the US in providing for their citizens, "freedom" is ultimately just the
excuse for society being the way it is.

------
mindslight
This is treason, plain and simple.

 _Treason against the United States, shall consist only in levying War against
them, or in adhering to their Enemies, giving them Aid and Comfort_

Foreign spy agencies, even of friendly countries, are our enemies due to their
continual mission of attacking us with surveillance. But rather than working
to defend the people against these attacks, NSA has chosen to conspire with
the attackers!

~~~
swader999
How else will we get around laws against domestic spying?

~~~
autisticcurio
Firstly you were born on a patch of land that imposes its own laws on you. Did
you sign a contract to say you would adhere to those laws? This is all about
power and control over less powerful innocent people being treated like sleepy
idiots. So to answer your question, out smart them to win, and then you will
find they play dirty and illegally, against the spirit of the law they claim
to uphold. 5 Eyes best demonstrates this by circumventing domestic laws, they
dont have the intelligence to win the argument in their own courts. This also
tells you that you can out smart them so get thinking, this is an intelligence
game.

------
justanotheranon
there is no techinical solution to mass surveillance. Pandora's Box can never
be closed and the average person will never throw away their cell phone and
stop giving their Patterns of Life data to various Internet megacorps.
Likewise, there is no political solution. Given the Patriot Act was so well
designed to deceive is about mass surveillance, which we never would have
voted for if we the governed were asked for our consent, it is therefore
cosmically improbably that any politicians will be strong enough to cast the
Deep State's One Ring into Mt Doom.

that leaves only one option.

acceleration.

i have slowly become convinced that the only solution to mass surveillance is
to expand it as fast and as large as possible, in order to trigger a "Sum of
All Fears" scale event, a spying scandal that eclipses all prior scandals, and
which outrages hundreds of millions of people like never before. faith in govt
and Democracy itself will be shaken and may not survive. that is merely the
cost of restoring equillibrium and justice.

~~~
RonanTheGrey
> to trigger a "Sum of All Fears" scale event, a spying scandal that eclipses
> all prior scandals, and which outrages hundreds of millions of people like
> never before

Yep. I've spent most of my life searching for solutions that don't require
that level of excess, but the problem is, it is a feature of human cognition
that we don't learn until we are forced to (more precisely, we do not fix
social, economic and political problems until something so extreme comes along
that we can't ignore them anymore, usually due to some version of a threat to
survival). E.g. - consequences.

The alternative is the boiled frog, and yet another feature of human cognition
is the ability to normalize our conditions. If something goes on long enough,
it'll simply become "the way things are" and go unchallenged. You avoid this
by flashing quickly to the worst outcome so people realize that it exists.

This is a long way of saying "Humans perceive consequences on short
timescales, not long ones" and it really, really sucks.

------
PeterStuer
Clicking on the link for Belgium leads to a site with an unbypassble cookie
acceptance popup

~~~
freddyym
Odd. As a team member, I can confirm that we (obviuosly) take privacy very
seriously. This shouldn't have happened. Do you have a screenshot?

~~~
hundchenkatze
I think you misread (I did too at first) it to mean the cookie consent was on
privacytools.io. However, I think they're referring to the Belgium link under
the "Key disclosure laws may apply" which links to
[https://tweakers.net/nieuws/163116/belgische-rechter-
verdach...](https://tweakers.net/nieuws/163116/belgische-rechter-verdachte-
mag-verplicht-worden-code-smartphone-af-te-staan.html)

~~~
PeterStuer
Yes, this is exactly what I meant, the cookie consent on tweakers.net where
you are directed following the 'Belgium' link. I'm sorry for what I can now
see as potentially confusing language in my original post.

------
jjcon
I think it is important that we all take a second to realize that surveillance
can be a reasonable apparatus of a well maintained democracy. We should strive
to have proper checks and balances on those powers rather than pretend they
are not useful or do not exist. With proper checks surveillance can greatly
improve national security but it should be kept to that domain and we should
seek to prevent abuses.

I think us in the EU are due for a Snowden moment at some point here - the
public is pretty in the dark on the level of surveillance pervading EU
countries. I think it would be better if it was more transparent because we
could actually have these discussions and work to prevent abuses.

~~~
ColanR
> important that we all take a second to realize that surveillance can be a
> reasonable apparatus of a well maintained democracy

No, I don't think we should just "realize" that. By all means, let's have a
discussion; but to accept _a priori_ that some form of surveillance is
acceptable reeks of an outlook that has already given up. We should not be
fearful and dependent, but rather willing to accept danger as the price of no
one looking over our shoulders.

~~~
jjcon
I said ‘can be a reasonable apparatus‘ not ‘is an acceptable apparatus’ and I
would argue there is a pretty big difference

~~~
ColanR
That's a semantic difference that doesn't bear any relevance to what I'm
saying. To "realize" that it _can_ be reasonable is to accept the underlying
premise - that surveillance is not _necessarily_ (logic term there)
unacceptable.

I am specifically arguing that we do not (should not) accept _a priori_ the
premise that surveillance is not necessarily bad.

To do so is to capitulate the entire argument against surveillance, and reduce
our fight for privacy to nothing more than weighing lesser evils.

~~~
jjcon
I’m not sure moral puritanism is really that useful here. Surveillance isn’t
going anywhere and it is demonstrably useful for national security. We are
best off working to allow it to operate with ample checks and balances rather
than closing our eyes and pretending it is superfluous.

~~~
Zak
> _it is demonstrably useful for national security_

Is it? Please demonstrate it by listing terrorist incidents prevented or
active terrorists caught due to surveillance other than narrowly-targeted
police investigation, or military action in an active combat zone.

To qualify, the use of broad surveillance should be a necessary component of
the investigation, i.e. the investigation would not have started or reached
the conclusion it did without it. If some of these exist but they're all
classified, that's problematic from the perspective of democracy because it
prevents the public from making an informed decision about their merit.

~~~
ColanR
I don't think that's quite fair. I greatly doubt that successful preventions
would be willingly associated with questionably legal surveillance. In the US,
"parallel construction" is used specifically to hide how information was
obtained and I'm sure similar motivations exist here.

~~~
pdonis
_> I don't think that's quite fair._

It is if you're not going to accept _a priori_ the claim that surveillance can
be justified. If you need to have it demonstrated that surveillance can be
justified, the only possible grounds for such a demonstration is to show the
people the benefits--the actual harms that surveillance has prevented. If we
the people can't see those benefits, how can we possibly judge whether or not
surveillance can be justified?

In other words, the government of any free society is in a kind of Catch-22
position with regard to surveillance: it can't be justified to the people
without revealing that it's happening and what it's discovering, but revealing
those things destroys the usefulness of the surveillance. The only choices are
to not permit the surveillance at all, or to accept an unavoidable loss of
freedom--as a citizen, you will never be able to know whether the surveillance
your government is conducting is justified. You just have to accept it.

