
Submit a Privacy Act Request with the NSA to see what info they have on you - ericdykstra
http://www.nsa.gov/public_info/foia/submit_privacy_act_request/index.shtml
======
tlb
One practical reason to object to the government holding private information
on everybody is that such information might be vulnerable to theft.

This is an example of a channel for information theft. What happens when
someone submits a request for your information with your (forged) signature?
That would be fraud, of course, but that doesn't mean it won't ever happen.
Will they get all your texts and gmail?

Maybe they check requests very thoroughly and this isn't an exploitable
security hole. But it changes the equation of storing data on 3rd party
services: instead of just trusting the cloud provider and his software, you
also have to trust the government to never make a mistake.

~~~
aqme28
And what happens if they do make a mistake? Could you imagine the effects to
society if this Complete Database were leaked -- if _everyone 's_ internet
record were made public? It's mind-boggling.

~~~
guiomie
How does a yottabyte get leaked?

~~~
Zikes
One byte at a time.

~~~
jpreiland
that's a yotta bytes

------
ccarter84
BoingBoing points to Muckrock ([http://boingboing.net/2013/06/11/howto-foia-
the-nsa.html](http://boingboing.net/2013/06/11/howto-foia-the-nsa.html))

But it seems like Muckrock has done this sort of thing before, and the take-
away I am getting is: \----make sure to request fee estimates before
completion of request ----

$1,200 bucks for records of parking complaints @ NSA HQ! - get outta here.
[https://www.muckrock.com/foi/united-states-of-
america-10/nsa...](https://www.muckrock.com/foi/united-states-of-
america-10/nsa-parking-complaints-254/)

~~~
driverdan
FOIA and Privacy Act requests are completely different.

------
lurchpop
AKA, "Start a dossier on me if you haven't already. If you already have one,
please select me for further scrutiny." 1st amendment is so toast.

~~~
ironic_ali
My first thought.

~~~
dromidas
Yeah. I was like okay lets pull my records, it'll be interesting. Then I
thought okay maybe they pull them, it gets sent through some automatic
scanning process, eg "Why does this person want their information pulled? Lets
put it through our automated scan-for-suspicious-behavior machine. Oh what's
this? The subject was in the neighborhood at the time of an unsolved case,
lets bring them in for questioning and generally disrupt their life in a
horrible manner"

------
mindcrime
I think I'm going to do this, just for shits and giggles. But I wish the site
said more about what they consider a valid digital signature. I wonder if the
US government has a general policy on this? TBH, I've never really bothered
with digital signatures on email much, so I'm pretty clueless on the topic.
_shrug_

~~~
adamnemecek
I wonder whether requesting the info puts you on any sort of list.

~~~
mindcrime
I hope so.

------
Alterlife
Looks like it's applicable for non-US citizens as well.

However, for most people this would probably be nothing more than a great way
to put yourself on the proverbial "list".

~~~
woah
Who cares? Do you want to live in a country where this matters?

~~~
jabbernotty
It doesn't really seem to matter where you live, if the government of the USA
decides that it doesn't like you.

~~~
noinsight
Indeed, you can be sitting there eating dinner with your family when a remote
controlled drone operated from half way across the world fires a missile at
you killing you and your family instantly without any forewarning.

Now that's fucked up.

~~~
alan_cx
Or, in the UK, our police will happily accompany US officers to your door step
and let them render you.

I'm sure the "K" in UK is a place holder for an "S". And that "S" is for
"special relationship".

Oh, any actual American people aware of the UK / US "special relationship"? It
a hilarious self delusion on our part.

~~~
btilly
On the American side there is a very special awareness of England. (We are
generally ignorant enough to not understand the difference between the UK and
England.)

That relationship is that you're the goto example of tyranny worth rebelling
against. Among politically active Republicans that I know, you're also a good
source of statistics showing that implementing gun control increases the crime
rate. (Never mind the fact that you changed how you collect statistics to
include more crimes in your statistics, the NRA loves the fact that you
implemented gun control and crime rates went up.)

------
lisper
They require a "digital signature" for email requests, but say nothing about
the format, nor any requirements for the signing key. You'd think that the
NSA, of all organizations, would not put such technological naivete on public
display.

~~~
logn
You can use the Sha-2 hash of the last 1000 URLs in your browser history. The
NSA will then hash the same on its side. If the two match, they know it's you.

~~~
Achshar
lol, it reads like some serious advice until you think about it.

~~~
ddalex
lol, it sounds as a joke until you realize it could work

------
jayferd
"By electronic e-mail" _groan_

------
personlurking
Why would anyone believe the info they offer up? Meaning how can you prove
what you don't know (ie, if they actually have more info than they let up) and
why would any of this stuff about 'we want transparency now' lead to the NSA
actually showing their cards? It's silly to expect an agency based on secrecy
to not be secretive.

So what does one do in the face of all this? I simply don't know, aside from
starting from scratch.

~~~
Fuxy
It would be fun to flood them with requests though. They apparently have a lot
of free time available spying on every woman and child.

~~~
mjolk
Yes, "fun," because it's absolutely hilarious to flood your government with
busy work as a valid protest. Stop being a petty child and realize that the
only effect that this would have is either a stoppage of serving requests or
an uptick in hiring for the department.

~~~
Fuxy
Got any better ideas? I don't see any positive progress in the privacy
department so pretty much whatever we're doing isn't working.

Might as well sit back and make it as difficult as possible for them to do
their job.

Hell maybe the extra workers could stimulate the economy and help pay back the
debt to China :)

~~~
mjolk
Sure, donate to the EFF. Write to your senator. Try to keep it in the medias'
eye.

And I know you were "kidding" about the "debt to China" part, but the economy
doesn't work that way.

------
morisy
The NSA is exempt from disclosing investigative files on individuals, even if
they have information on you. Here is a typical rejection letter if you want
to see:

[https://www.muckrock.com/foi/united-states-of-
america-10/aar...](https://www.muckrock.com/foi/united-states-of-
america-10/aaron-swartz-nsa-2485/#684502-glomar-response)

~~~
artmageddon
It's just anecdotal evidence, but I can personally confirm this. I submitted a
FOIA request to see what various departments had on me. Perhaps I should be
thankful that I'm not interesting enough for them to have compiled any
information on me, because all of them came back with a generic letter stating
that they didn't have anything for me.

The exception in this case was with the NSA, in which case they stated that
they weren't going to divulge anything, much like the letter in the URL above.

------
itsallbs
I like how they ask you to send your SSN via e-mail. I mean, electronic
e-mail.

------
bobcall
How do we know that they would not be collecting even more info on us by
making such a request?

~~~
lucb1e
This will just become another record in the database of course. But is it
worth it to have a record of your signature to (possibly?) obtain (some of)
the data they collected on you? That's what you have to decide.

~~~
amirmc
If you've ever sent the signature to anyone by email then they've arguably got
a copy already.

~~~
freehunter
If you've ever paid taxes, gotten a state ID/drivers license, signed up for
selective service (as a male), or any number of other routine, upstanding
citizen activities, the government already has your signature.

