
The NSA: An Inside View - lorendsr
http://lorensr.me/nsa-an-inside-view.html
======
blcknight
"We all know that it's illegal to look at a US citizen's data without a court
order. I use the term "look" deliberately: the Agency makes the distinction
that looking at data is surveillance, while gathering it from locations
outside the US is not. We gathered everything, and only looked at a tiny
percentage of it. I am okay with this..."

This is more perverse NSA interpretations of the law.

 __Collection is the crime. __

It does bother me that the NSA asserts a right to hold copies of my GPG-
encrypted messages indefinitely. It bothers me more that my web traffic,
address book, or phone metadata ends up in a government database even if only
temporarily.

I don't care if Google's computers were abroad or not, but they belonged to an
American company.

The United States government penetrated the network and intercepted the
communications of an American company. That's one of the most egregious
violations of the 4th Amendment that the American government has ever
committed. Don't pretend this is something that is right.

The NSA had no legal right to spy on me, and they did -- even if you say it's
likely no one looked at the data. I don't care. Collection is the crime.

------
Stal3r
I am horrified by this essay. It's overwhelming how much disturbing
information is in here. I am deeply saddened that someone so young has had
their beliefs so strongly influenced.

Some of the most disturbing passages:

> it would seriously impair our ability to spy if we couldn't gather
> everything.

It is saddening to hear someone so young say this.

> I am an American patriot. Patriotism to me simply means that I care about
> the US and its future.

How often is the word "patriot" used internally in the NSA? Who is building up
this false hero, blind to his own oppression? A synonym might be a "justifier"
or "oppressor" or even more simply "someone who has not yet been oppressed."

The rest speak for themselves:

> The NSA copy of my emails will only be viewed if the Agency can convince a
> judge that I might be a foreign agent.

> The vast majority of unauthorized retrievals of US-person data are
> unintentional.

> ...the rare cases of unauthorized data retrieval were ... regular employees
> illicitly viewing communications for personal gain

> XKeyscore ... was an analyst tool that I had access to.

> NSA employees are the law-abiding type.

I am scared to respond to this article. How easily could I be labeled a
"foreign agent"? Does criticizing the system mean I'm working for another
country? Did the NSA try to demonize Snowden as working for the Russians?
Everything you have written has only increased my fears. To hear the blind
loyalty to the system that comes from the NSA's own employees means that
nothing is safe.

I hope that later in your life, as you grow as a person and a citizen, you see
the evil in the system you colluded with, and experience a deep regret about
your actions. The same regret that lay citizens feel when we learn our tax
dollars have built a criminal entity. The regret that we did not try harder to
stop it, to read up on laws like the Patriot Act and protest more. The regret
of our collective ignorance that has built the tool to intrude on everything
we do.

------
mercurial
First off, congratulations for coming forward and giving what sounds like a
honest account of your experience at the NSA. You haven't chosen the easiest
forum to air your views, and that takes courage.

However, I can't disagree more with your views. You _don 't mind if [your]
emails are copied to an Agency database and likely never read and because from
a technical standpoint it would seriously impair our ability to spy if we
couldn't gather everything_. Really? You may be familiar with a certain
Richard Nixon. How would you feel if a similar character came into power
tomorrow? Imagine all the wealth of information at hand. All this... without
independent oversight. The only thing you need is to make sure a second
Snowden comes forward to explain how you're spying on your opponents. And I
can't even begin to imagine how much this juicy information means in terms of
economic intelligence. Of course, you cannot push this angle too much, because
it would mean the end of the cooperation with your partners. This wonderful
agreement you have to keep the free world safe. Thanks, but no thanks. I don't
want security at this price.

History is littered with examples of power without accountability. And we
don't need to go very far... just read any history book about the CIA. I'm
sure their personnel is mostly composed of law-abiding patriots. This ends up
the same way anyway: coups against democratically-elected governments. Drugs.
Assassinations. Torture. And don't tell me that times have changed. The
Guantanamo inmates are laughing at you. The Bagram inmates are laughing at
you. Even John Yoo is laughing at you.

And that's only looking at it with the eyes of an American citizen, which I'm
not. But in the end, what difference does it make? NSA, GHCQ, DGSE... Aren't
you all cut in the same mold? You certainly sound like you believe in what you
are doing. I'm sure STASI agents did as well, but they were never this
successful.

------
leokun
These guys just don't get it. They're always saying the same thing "we don't
want to look at it."

I want to scream "well maybe someday you will, and then you'll have it
collected already."

What a dense mind, and I am not all inclined to insult people in fact I hate
it, but in this case it is well deserved.

~~~
csandreasen
They've also been saying "and we're not allowed to look at it without a court
order, either." The laws and authorities that allow them to conduct their
activities were all written by elected representatives. You can say the NSA
might someday want to look at it, but it's kind of equivalent to asking what
the point of having a constitution and laws is if they might changed sometime
in the future.

------
lispm
Hey, and I'm a German patriot.

If the US citizens like to be spied on by its own agencies, fine for me.

As a German citizen I'm not so happy that German citizens, politicians and
companies are targets of spying of unprecedented scale and depth. As a
consequence we (and others, too) will have to scale back the use of US
hardware, software and services. Privacy, data security, confidentially etc.
are not provided. A German company would be stupid to store data on servers
reachable for US industrial espionage. It's really tough to avoid that - given
that the US surveillance and spying is also done directly in Germany in a
large scale.

Additionally we should also deny the US the capability to plan their targeted
killings from Germany - for example from the US military central command for
Africa - which is located in Germany. From there strikes with armed drones are
planned and controlled. Unfortunately the German government does not seem to
be willing and/or able to prevent that...

~~~
secthrowaway
Are you also similarly upset about the activities of the BND, MAD, BfV and the
LfVs that operate out of your own country?

~~~
lispm
I don't need to. The BND, MAD, BfV and LfVs are not remotely doing anything
like the NSA - not in scale and not in breadth.

------
DigitalSea
Stockholm syndrome?

This guy is essentially validating the actions of the NSA because he calls
himself a patriot and even admits he doesn't care about other countries other
than his own: The United States of America. As an Australian I find this kind
of attitude disgusting and I think it highlights a massive problem within the
agency itself.

While I am somewhat more lucky than others being in a country that is part of
the Five Eyes agreement, what about those not in a country that has signed the
agreement? It doesn't make me feel any safer because it seems the concept of
borders and rules in the intelligence game do not exist.

There is a lot of downplaying, "but your data is in a big database and nobody
will most likely ever look at it", "only the NSA can see this data" — while
this might be the case, if for whatever reason I found myself in a position of
power, this kind of harvested information could be used to blackmail or
destroy me. Just because it's not being used now doesn't mean it won't be used
later.

While this is probably the only validation of the NSA's actions I can find
that is somewhat backed by someone with experience working for the agency, it
honestly sounds a little too safe and doesn't really address any of the
concerns people have.

~~~
sitkack
As an American, I think it sucks that we are spying on everyone. I don't like
being spied. I don't like you being spied on. _My_ interpretation of the
constitution would read that for any information to be collected on anyone
would have to get a court order. The constitution limits the powers of the
government, not the people. And "the people" in the majority of the contexts
is EVERYONE, all of us, all people everywhere. It is only by convention that
the Supreme Court allows this shit to continue. The "ok to spy on foreigners"
thing is farce. It is not ok, and I don't even understand how it continues to
get promulgated.

If it takes a 50k strong Federal Corp of Judges to look at every single case,
so be it. At least we could decide.

------
csandreasen
I see a lot of negativity in this thread, but I think a lot of folks should
stop for just a moment and consider the opportunity that's presenting itself:
a former employee of the NSA is posting online about his experience and is an
active member of HN. He doesn't appear to be in a position where his continued
employment with the government would be an issue (he's apparently got his own
business), so he doesn't have to worry about talking frankly about his
experience, positive or negative (although I'd image that he's still under
obligation not to reveal anything classified).

Just about everything we've seen about the insides of the NSA have come from
only one source. Snowden was only employed there for 3 months, and has
publicly stated that his primary reason for seeking employment there was
specifically to gather information on NSA surveillance systems[1] - in order
words, his opinions on the NSA were solidified before he joined. To top it
off, Snowden is not available for interview.

I'm not even saying you're required to believe him. I do, however, think an
insider's perspective has been sadly lacking from most of the conversation
that's been going on. I don't expect journalists to have a complete
understanding of all of the details regarding these programs and systems that
have been leaked - they've never worked with them.

So, lorendsr, thank you for your contribution. Don't let the flat out negative
comments get to you. I hope your post encourages others with a background in
the NSA to share what parts of their experience that they can. Everyone else,
please take advantage of this opportunity to ask questions, gain any insight
that you can and don't just dismiss him outright.

~~~
ytadesse
Huh? An intelligence officer is _exactly_ the type of person who wouldn't
"appear to be in a position where his continued employment with the government
would be an issue" while actually still being a government employee. Who's to
say that he isn't still working with the NSA?

I'm far from a routine skeptic but c'mon ... This post sounds like a PR
message.

~~~
csandreasen
Well, theoretically he _could_ still be an intelligence officer. Claiming to
be a former NSA employee who got out to start up a mayonnaise company is a
frankly strange and unusually high-profile cover to work under. Maybe someone
can order some mayo from him and tell us if he's legit.

[http://www.kickstarter.com/projects/lorensr/payo-paleo-
mayo?...](http://www.kickstarter.com/projects/lorensr/payo-paleo-
mayo?ref=card)

Alternately, maybe this is some giant conspiracy to get us to buy NSA-
sponsored mayonnaise.

~~~
shitgoose
That's what I was thinking - he is a fake and is using NSA to get you to his
Mayonnaise. Honestly, those declassified numbers at the bottom of his post do
sound made up.

------
a3n
<lie type='omission' subject='parallel construction'>

The NSA copy of my emails won't be viewed by police or FBI investigating me
about marijuana use, for instance. Law enforcement might get a search warrant
and retrieve a copy from Google, but not from the NSA.

</lie>

------
undoware
Sorry lorensr.me. "Trust me, they're good guys" is not an argument, and in the
current context, it can only be read as a small piece of damage-control
astroturf.

Or rather, the NSA's perfidy has left us with no other safe default
assumption, so we have to ignore on sight. The data is tainted. All of it.

------
princeverma
I seriously don't understand if OP has written this article in satirical
sense, because to me there is no logic there.

I am a foreign national, I and my company uses services provided by a US
company (email etc.), and this gives right to you guys to collect and ready my
emails?

tldr; of your article is this: "Oh ! he is a foreigner, fuck him. What he can
do? ? He can't vote to get us out of power. So, it's ok and about the persons
who can vote to get us out, they can't do anything because we know every
little dirty secret of them. Oh ! one more thing, we are so good we promise we
don't look at these dirty secrets. Although cases where a employee uses this
'secure' system for personal use, ya that do happen. Trust Us."

------
javajosh
What fascinates me is how the principle of warranted search and seizure can be
so completely ignored in the presence of an easy, painless way to seize and
search information. It's really that simple: you either believe it's right, or
it's wrong, and the possibility of doing it at a large scale is truly
orthogonal to the question of what is right.

What is not in doubt is that the data from a panopticon used by a benevolent
organization would be a powerful protection. But that same argument could have
been used to subvert the 4th Amendment. Indeed, that argument could be used to
subvert _every_ amendment in the Bill of Rights, since a benevolent actor, by
construction, would only subvert those rights with good reason.

The lack of thoughtfulness about what the Constitution means, and how it
applies in a world where government wishes to piggy back on ubiquitous
corporate surveillance (and extend it), is fascinating. One can imagine the
creation of a new police robot that knows when you are not in your home, and
which lets itself in, reads all your documents and catalogues all of your
belongings, disturbing nothing. Would that be okay?

------
aaaahhhhh
Even if we accept that the NSA is comprised solely of benevolent actors
practicing perfect discretion, and will remain so for the indefinite future,
the mere act of collecting "everything" is an enormous hazard. OP recognizes
as much:

 _CBS reported that in 2007 the US suffered an "espionage Pearl Harbor" in
which entities "broke into all of the high tech agencies, all of the military
agencies, and downloaded terabytes of information."_

What's to stop this from happening again to the NSA? They couldn't even
implement audit trails internally -- there should be huge doubt as to the
agency's competence in securing their data.

Also, OP, did you not hear about parallel construction? How do you rationalize
your statement that the NSA "is not a law enforcement agency" in light of
this?

[https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-
intel...](https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-
laundering)

------
kabdib
"Even if you are not a citizen of the Five Eyes, you shouldn't be worried
about your data being viewed unless you're involved with a group of interest,
such as a foreign government or violent organization."

Huh, so:

\- My best friend's dad was a spy in the CIA

\- During the 70s and 80s my dad worked with Russian scientists (also ones
from Poland and other Communist Bloc countries). Ecology stuff, mostly.

\- I've been in "interesting" circles in the crypto arena, and know people who
are almost certainly under surveillance.

So, how likely is it that my email is read, that my phone records are looked
at, and so on? What are the chances that I'll have trouble the next time I
cross a border or try to board a plane? One percent? Fifty percent?

Am I going to get my Name on a List because I've said that we need to stop
allowing the NSA to build more data centers? That I think that Dianne
Feinstein needs to be removed from office?

I don't do anything that interesting and my life is quite frankly pretty
boring; my personal concern about any damage from someone looking at my emails
to Mom is small. But I'd still like the government to get a lot smaller in
this area because I'm afraid of what things will look like ten years from now,
when data mining the innocuous stuff you did fifteen years earlier gets you
Special Treatment at those DUI stops.

The "developed capacity equals intent" bullshit works both ways.

~~~
md224
> "Even if you are not a citizen of the Five Eyes, you shouldn't be worried
> about your data being viewed unless you're involved with a group of
> interest, such as a foreign government or violent organization."

This really is a key quote. Even if OP's assertions about the NSA are totally
correct, even if all security protocols are followed to the letter, the
problem still remains that they have a tremendous amount of power that can be
used to target anyone deemed an enemy of the state.

I think a lot of contention on this issue revolves around how much you trust
the government to appropriately designate enemies of the state. Many people
believe the government is responsible about this, and that it will only go
after people who a reasonable person would consider "dangerous." The problem,
of course, is that the United States doesn't exactly have the cleanest track
record of appropriately focusing its wrath:

[http://en.wikipedia.org/wiki/COINTELPRO](http://en.wikipedia.org/wiki/COINTELPRO)

(And yes, I know COINTELPRO was FBI, not NSA... I believe it's still an
instructive example of government overreach.)

Anyone who defends the NSA on the grounds that it only targets those who are
worthy of targeting needs to convince me that another COINTELPRO will never
happen. I would actually welcome such an argument, since it would make me feel
a whole lot better about this.

~~~
tjaerv
It doesn't even have to be on the level of COINTELPRO. See here:

> The history of the FBI Lab hasn't been without controversy. Dr. Frederic
> Whitehurst, who joined the FBI in 1982 and served as a Supervisory Special
> Agent at the Lab from 1986 to 1998, blew the whistle on scientific
> misconduct at the Lab. In a subsequent investigation, it was found that
> evidence had been falsified, altered, or suppressed, or that FBI agents had
> testified falsely, in as many as 10,000 cases, resulting in many false
> convictions. More than a decade later, cases were still being overturned
> because of this massive fraud.

[http://en.wikipedia.org/wiki/FBI_Laboratory#Controversy](http://en.wikipedia.org/wiki/FBI_Laboratory#Controversy)

------
javert
> Even if you are not a citizen of the Five Eyes, you shouldn't be worried
> about your data being viewed unless you're involved with a group of
> interest, such as a foreign government or violent organization.

Is the US Tea Party considered a "violent organization"? (It's not, but that's
a separate issue.) If not, can you guarantee that it won't be labeled as such
under some future administration? The IRS is already targeting the Tea Party,
so we have reason to believe that certain US political actors are not
interested in abiding by objective laws.

If not, why do you defend the NSA?

Though I'm a US citizen, I'm sure one of the other Five Eyes countries can be
employed to spy on me.

------
dmfdmf
Translation: Trust us, we are the good guys.

This blog post does nothing to answer the fundamental questions that the
Snowden leaks have raised. This man basically argues that, with few
exceptions, everyone that works for the NSA is a true American and a patriot
who only has your interests at heart and what is a little spying amongst
friends anyway. Follow that with some scary hints about cyber war with nuclear
responses to further raise the stakes (and the fear) to justify their dragnet
surveillance police state. This man is a moron if he can't see that
constitutional protections were not created to protect us from good people but
bad people who can gain control of such a system in the future.

Moreover, if what he says is true that we are facing real dangers then the
government has the obligation, in a free society, to reveal these threats and
explain what they are doing about it. The method of using such secret threats
as a basis for increase police powers and (implicit) suspension of
constitutional rights is not proper for a free society.

If the result of the so called "war on terror" is a gutted and shredded
constitution then I'd say the terrorists have won.

Edit: Apparently Loren is a man, Sorry.

~~~
mythealias
I think that giving _credit_ to the terrorist, and saying that they have won,
is wrong. The kind of paranoia that defense forces have operated under has
always been there since WWII. The only thing different now it that people are
a lot aware of what could be/is happening.

~~~
dmfdmf
If we commit suicide by destroying the constitution and the freedoms it
embodies then the terrorist goal of destroying America is achieved. I see your
point though, they would not deserve credit for our failure to stand up to an
internal threat, so consider it poetic license to dramatize my point.

------
malloreon
"But I digress – the rare cases of unauthorized data retrieval were not
polygraph-trained foreign spies trying to infiltrate the Agency, but rather
regular employees illicitly viewing communications for personal gain."

There are articles suggesting this is happening many thousands of times per
year - shouldn't each of these 'regular employees' be put on trial? They have
committed serious crimes.

~~~
emiliobumachar
Yeah, a little real punishment could go a long way towards preventing future
abuse.

------
SwellJoe
This is why I don't believe the president's assertion about the employees of
the NSA being innocent of wrongdoing or anyone's assertion of them being "good
guys".

This is apologia for crimes against the world and the American people. This is
saying, "If you don't have anything to hide, you have nothing to worry about."
This is demonstrably filled with lies and misrepresentations, whether
intentional or through ignorance of what the rest of the NSA beast has been up
to (but, if he has followed the Snowden leaks with more than passing interest,
he would know he's lying in blatant and obvious ways).

I'm sure this article is meant to quell fears about NSA spying practices, but
it only makes me more angry and more fearful. It confirms something I
suspected but didn't want to believe: The entire organization from low-level
analysts on up to the leadership (who will repeatedly lie to Congress to serve
their ends) is corrupt and will exhibit little or no remorse even when caught
red-handed, and will spread astroturf and refuse to acknowledge that their
behavior crosses lines that should have never been crossed by a US agency.

I'm getting close to believing that starting any online service in the United
States is unethical, because of what it will do to its users.

~~~
secthrowaway
> I'm getting close to believing that starting any online service in the
> United States is unethical, because of what it will do to its users.

Let me know what country you can start an online service in that doesn't also
have a foreign intelligence agency if that's your ethical standard.

------
mcgwiz
TLDR: Don't worry. We have civil liberties orientation. You can trust us.

The author understands their is a misconception at play, but it's not that the
public thinks NSA agents aren't upstanding or law-abiding, it's that NSA
agents think their idea idea of patriotism is broad enough. It's telling that
he dismissed an examination of patriotism, because that's the root of so much
discord over civil liberties and national security.

There are two major currents of patriotism in this country. The first is that
we take pride in our accomplishments, and we must defend our borders, protect
our treasure and lives, and maintain the status quo. The second is more
idealistic, that we take pride in having an open (vulnerable, ever-changing)
society, and we must defend our democratic identity, promote participation,
protect individual freedom, and be skeptical of concentrations of power. The
first is practical, easy to quantify (and therefore appealing to a data-
thirsty culture). The second is strategic, asks more from the average citizen,
and rests on an understanding of alternative forms of society (what is lost
when we prioritize security and order over those "inalienable" rights).

Ideally, the NSA would be staffed by patriots of the second type. They'd
embrace 'public service' as having deep reverence for the public (not just
their physical safety, but their liberties as well), that appreciates the
philosophical underpinning of democracy (including it's necessitation of
vulnerability and cultural evolution), and that prides itself in taking on
their intelligence goals while ardently building checks and balances. They'd
never just ask how they can get the information, but how it can be done in a
way that proudly upholds American values. With bureaucracy you'll always have
some amount of inefficiency and misalignment with top-level goals, but a
pervasive culture can go along way.

------
rahoulb
The key thing that worries me about it is even if no-one reads all those
emails that are stored, what if they are mined for data and used to make
predictions?

Last.fm can guess the type of music I like about 25% of the time, Google can
guess the type of information I'm interested in around 70% of the time (figure
based upon potentially ambiguous web searches I do). Neither of those services
have very much metadata from me about their respective subject areas.

If the NSA/GCHQ/5 eyes are hoovering up all this metadata about pretty much
everything I do online, that's a ton of information to start mining for
patterns - whilst legitimately say that no employees are reading it.

What sort of predictions can they make? What's the accuracy of it? When do
they start acting on the predictions thrown up by the system? And who polices
that?

------
malandrew
One of the most concerning things about the selection process for who gets
into the NSA, is that it all but guarantees a lack of diversity of thought
within the NSA. There are probably very few people with opposing viewpoints so
most projects that would be considered dubious by the diverse population in
the US can go completely unchecked within the agency.

For example, the author mentions the following:

    
    
        They examine your 127-page Standard Form 86, in which you 
        include lists of your illegal activities, foreigners you 
        have worked with or befriended, and where you have lived 
        and traveled in your life and with whom.
    

The fact that someone is capable of truthfully filling out such a form is a
huge flag that the person has had remarkably little exposure to the rest of
the world. They are probably poorly traveled and grew up and lived in places
with few if any immigrants. I don't know how someone who grew up in NYC, San
Francisco, Washington DC or Los Angeles could possibly ever fill out such a
form truthfully or completely. Anyone from such cities would have come in
contact with and befriended so many people from other countries over the
course of 18-22 years of living in such a diverse metropolis that any attempt
to fill out such a form would be incomplete and could contribute to being
rejected.

------
alan_cx
"I am an American patriot."

If anything scares me, its that. I know what he has written straight
afterwards, but it still makes the hairs on the back of my neck stand up. Its
all very well the author trying to define the word to suit their own purpose,
but Im afraid its not that easy to get others to accept it. Try using your own
definition of the word "Nig __r ", and see how that flies.

"Patriotism to me simply means that I care about the US and its future."

Yeah, and that is the problem. What is meant buy the "US"? The land on a map?
The political system? The people who are also "patriots" and claim to care
about this "US", and its future, yet do evil? Do you care about them? Every
one uses the word patriot to justify their actions, good or bad.

That the author misses this, but still insists on still using the word suggest
a dangerous and blinkered ignorance. TBH, it stinks of years of gentle brain
washing. I'll never forget how Bush Jr used the notion of patriotism to garner
support.

Im sure the author think he is well meaning, but this honestly reads like
loyal, patriotic PR.

~~~
middleclick
The author claims to be a patriot but I would like to ask him how can he
justify mass surveillance and/or entrusting a government agency with so much
power while forgetting the Fourth Amendment which was enacted just for this
purpose. There is a reason that such protections exist because it is almost
certain that people in power will exploit them. And yet, he claims to be a
patriot while being oblivious to the basic civil liberties and the Bill of
Rights that the United States was formed on.

~~~
mpyne
What in the Fourth Amendment speaks to electronic communications? The Fourth
Amendment speaks to a person, their home, and their effects.

Even things like postal mail do not technically fall under the Fourth
Amendment. Rather, they fall under separately-passed Congressional law, and
USPS regulations.

For instance, did you know that the _addressee_ of a letter may authorize the
USPS to open the letter in a sorting facility without a warrant, even if the
_sender_ was not asked?

Likewise, did you know that if you send a first-class letter but forget to put
a stamp on it, that it is technically "unsealed mail" and a USPS employee may
open the letter to inspect it for mailability and postage determination, and
also "as expressly permitted by _federal statute or postal regulations_ "?

So certainly the Fourth Amendment was intended to keep the government out of
_your personal stuff_ and _away from your person_ , but everything else that
people attribute to it is done without much evidence. Even in the real world
there's not as much Fourth Amendment protection to communications than most
people realize, once they leave your house.

~~~
Marbux
@"What in the Fourth Amendment speaks to electronic communications? The Fourth
Amendment speaks to a person, their home, and their effects."

The Fourth Amendment also protects people's _papers_ from warrantless search
and the Crown's abuse of the privacy of papers when executing its "general
warrants" were a huge driver in the adoption of that Amendment. Private
electronic communications are "papers" in that context, a "gift" of a paper
from one to another.

But more importantly, the question you ask is phrased too narrowly in context.
The First Amendment protects the right to communicate privately, free from
government scrutiny. And the Fifth Amendment forbids the government from
taking private property without due process and just compensation.

Roll all three of those amendments together and you should begin to comprehend
that Congress, in establishing criminal penalties for interception of the U.S.
mail --- a topic you curiously omitted --- stood on very firm constitutional
ground when it did so.

Your notion that U.S. mail is protected only by federal statute simply blinks
past the fact that our federal government is a government of only limited
powers, allowed only to do what is permitted by the Constitution, with all
other powers and rights reserved to the States and the People; i.e., a "mail"
law can not lawfully exist without Constitutional authorization for Congress
to enact such a law.

Also missing from your U.S. mail analogy is any analysis of a basis for
believing that eMail should have any less protection than the U.S. mail. It is
a criminal act for a government official on their own decision to open a
letter to read the contents except in narrow common sense situations, such as
a letter that is missing or has an invalid address. Why should eMail have any
less protection?

Paul E. Merrell, J.D.

~~~
mpyne
> Private electronic communications are "papers" in that context, a "gift" of
> a paper from one to another.

Except that would tend to imply that the 1s/0s of a digital communication can
in some way represent a physical property of some sort which can warrant legal
protection. Normally that viewpoint is completely abrogated by hacktivists
since it leads inevitably to DRM and other IP-backed shenanigans.

On the contrary, the "paper" is duplicated and transmitted over third-party
infrastructure, and normally to a third-party provider and then from there the
"paper" still sitting in the user's computer RAM is finally forgotten by the
software or saved to disk as a backup. But the copy sent to Google or FB or
the ISP or whoever belongs completely to them, "gifted" or not. While the
"intellectual property" and copyright will belong to the user, the "bits"
belong to Google or FB or the ISP and so lose Fourth Amendment protection.

And it's better this way! The idea that one can exponentially and magically
propagate property on hard disks around the world is almost laughably
impossible. My point instead is that whatever protections are required for our
electronic communications (either stored or in-flight) need to derive from
positive statute law, not by people arguing the nuances of a Constitutional
Amendment written while the "discoverer of electricity" still breathed! This
is especially true since the interpretation of the Fourth Amendment which
somehow corrals the government into getting the intended effect will
necessarily require the invention of legal principles which will go _against
us_ in the future.

> But more importantly, the question you ask is phrased too narrowly in
> context. The First Amendment protects the right to communicate privately,
> free from government scrutiny. And the Fifth Amendment forbids the
> government from taking private property without due process and just
> compensation.

The First Amendment gives no such privacy right. Simply stated, your _speech
itself_ is protected, not your ability to _privately communicate_. There _is_
a privacy right inherent in being able to _associate_ (without the advocacy
group being forced to make public its membership list), just like there's an
privacy right in being able to petition anonymously. But there's no general
right to privacy in the First Amendment and I'm surprised you'd make that
error with a J.D. If anywhere there's a "right to privacy" against searches of
this nature, it _is_ in the Fourth Amendment (consider Katz v. United States,
as modified by Smith v. Maryland).

But I'm even more worried by your reading of the Fifth Amendment. Your talk of
"government taking private property" by copying 1/0s (not even on the wire
necessarily, but even through things like PRISM) is _EXACTLY_ what we've been
fighting _against_ with private companies.

A person may have signed an agreement with Google that gives Google the right
to make copies of their email for delivery, but each ISP along that route
signed no such thing. Are they all liable for transient IP theft then? Should
a hacker copy that email unknowingly while cracking an ISP system, should they
be charged for Copyright Act violations in addition to CFAA violations?

> Roll all three of those amendments together and you should begin to
> comprehend that Congress, in establishing criminal penalties for
> interception of the U.S. mail --- a topic you curiously omitted --- stood on
> very firm constitutional ground when it did so.

I mentioned it elsewhere, but that wasn't the topic anyways. But even _there_
you've messed up the Constitutional principles. The reason Congress has power
to regulate USPS has underpinnings entirely different from any of those 3
Amendments.

For starters, Congress has the power to regulate USPS by 2 specific clauses in
Art. I, Section 8, detailing that Congress has the specific power to: "

\- establish Post Offices and post Roads;, and \- To make _all Laws_ which
shall be _necessary and proper_ for carrying into Execution the foregoing
Powers..."

In other words, Congress was specifically granted the power to setup the
postal system of the U.S., subject to its other Constitutional constraints. So
should Congress _choose to further constraint_ the government as regards the
postal service that is always their right. Congress must be _at least_ as
restrictive on the Government as the Bill of Rights demands, but they can
choose to be more restrictive on their own.

But additionally, even if we weren't talking about the USPS, Congress has the
right to regulate the Government in _any fashion_ it wishes (again assuming it
stays within the boundaries laid out by the Constitution) because of this
clause from the same section:

"... To _make Rules for the Government_ and Regulation of the land and naval
Forces".

In fact it's only because of this _positive_ direction from the Constitution
that Congress is able to regulate, as the Tenth Amendment quite clearly states
that any powers not specifically enumerated as belonging to the federal
government are reserved to the states, and to the people.

> Your notion that U.S. mail is protected only by federal statute simply
> blinks past the fact that our federal government is a government of only
> limited powers, allowed only to do what is permitted by the Constitution,
> with all other powers and rights reserved to the States and the People;
> i.e., a "mail" law can not lawfully exist without Constitutional
> authorization for Congress to enact such a law.

Holy shit, now we agree again, will wonders never cease. But now you're
inconsistent with yourself, which I'll leave you to correct however you
choose.

> Also missing from your U.S. mail analogy is any analysis of a basis for
> believing that eMail should have any less protection than the U.S. mail. It
> is a criminal act for a government official on their own decision to open a
> letter to read the contents except in narrow common sense situations, such
> as a letter that is missing or has an invalid address. Why should eMail have
> any less protection?

I never once claimed that email _should_ have no protection. All I've ever
claimed is that it's not magically inherent in the Fourth Amendment, which
speaks (on the whole) to private property and "a man's home is his castle",
but not to what happens once you tell a third-party (especially a
disinterested/neutral third-party) your little secret. If it were otherwise
Congress would not have _had_ to pass laws making it a crime for a government
agent to open mail, engage in landline wiretaps, intercept electronic
communications unless for foreign surveillance, etc. etc. etc.

> Paul E. Merrell, J.D.

Oh look, an _AUTHORITY_... should I link in all the opinions I find congruent
to my viewpoint from a "real" J.D. or is it possible that your interpretation
of the Constitution and the law is not binding simply because you and your
J.D. say so?

------
drcube
>in 2007 the US suffered an "espionage Pearl Harbor" in which entities "broke
into all of the high tech agencies, all of the military agencies, and
downloaded terabytes of information."

Man, I would _hate_ if an entity downloaded _my_ information! Poor agencies.
But it's probably fine, I mean, those "entities" couldn't _look_ at terabytes
of information. It's probably just sitting in a database somewhere. So,
nothing to worry about.

------
Tarang
Well looking at the end it says that its declassified/published with the NSA's
blessing.

If an employee had a contrarian opinion to the NSA would it be declassified
like this one?

Its hard to read it and feel that it is balanced or even truthful.

~~~
jonknee
Humorously the answer to that is most likely itself classified.

------
muglug
Thanks for sharing your POV. Do you think Snowdon's revelations had any
beneficial impact, or is your view of them entirely negative?

~~~
lorendsr
I think it was important for the citizens to know what powers they have given
the NSA. They did not have an accurate sense of that before Snowden. But he
released a lot more than that, much of which will hurt the NSA's capabilities.

~~~
muglug
Thanks for your response. I'd question whether the American people having
given the NSA those powers - it's more like:

Lawyers working for the NSA have deemed certain methods of data collection as
being in accordance with US law, as voted for by elected officials within the
context of a not great two-party democracy.

------
Zigurd
Is this the best defense of the actions of NSA employees publicly available?

He spends a lot of time denying pervasive surveillance puts us in a panopticon
where the FBI and other LEAs can observe everything we do. And never mentions
parallel construction once.

He tries to justify a Cold War sized, and then some, security state by
invoking North Korea.

This is a big bowl of very weak sauce.

The director's standard of candor is "least untruthful."

I really don't care what a mid ranking employee says about what the NSA will
and won't do. EVERY revelation where people in this forum have given the NSA
benefit of a doubt in the form of "they could, but they wouldn't" has max'ed
out at "would do, did do, and trying hard to do it more" once more revelations
have emerged.

The NSA can't be trusted with what it has.

~~~
lukifer
There's also little analysis (here or elsewhere) of the consequences of
widespread data warehousing. Why pay agents to listen to personal calls, when
you can stockpile intel for the day you might need it, and analyze it via
algorithm?

I foresee a day when every American has a dossier, a smear campaign, and a law
enforcement attack plan on file, in case they decide to "make trouble" for the
powerful. It's highly probable we're there already. Look at the history of
harassment against MLK if you don't believe me. Even if they're not doing it
now, sweeping up all the data in perpetuity guarantees that they'll do it
later.

(I may disagree with this guy fervently about the NSA, but I'm extremely
psyched to try his mayo. Good for him for transitioning into something
useful.)

~~~
leot
It would be great to see a cheerful launch page for a satirical startup that
automatically generated smear campaigns for governments against persons of
interest. "We use of the expanded information capabilities of our client
agencies to maximize the plausibility of our allegations!"

Pricing!

$8,000: General fear, uncertainty, and doubt (duration: 2 months)

$15,000: Complete discrediting (duration: 6 months -- best value!)

$50,000: Overturn their life with "Anonymous"-style harassment (e.g. triggered
by c __ __pornography "revelations" \-- duration: two years)

~~~
phpnode
if your customers are governments, I think your prices are missing one or more
0s

------
viame
Enjoyed the read, edited by NSA.

On the other note. If you want good mayo:
[http://www.eff.ca/featured_products.html](http://www.eff.ca/featured_products.html)
order from these guys. I am sure they can ship to your door, they do
distribute in the USA as well, however, not sure to which cities.

------
gohrt
Note that this blog post has been vetted by the NSA PR office, and so should
be taken with the same grain of salt that one takes with all NSA-approved
communications, recalling that the NSA has admitted they will lie to Congress
and the Supreme Court if it suits their mission.

"This essay was deemed UNCLASSIFIED and approved for public release by the
NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081)."

------
rookonaut
Some trendy buzzwords in the title, no relevant information in the post, just
opinions,... Imho it's just a disguised advertisement for his kickstarter
campaign.

~~~
sitkack
It smells like some Terry Gilliam inspired fascist utopia where a mid level
tech in the security apparatus shills for the state/employer while hocking
their caveman mayonnaise.

It must indeed have all of the electrolytes. Big brother would put THAT on his
bun!

The unexamined life isn't worth living or watching. Those with nothing to hide
offer nothing of interest.

------
glenra
I found the polygraph stuff disturbing. The fact that the NSA takes polygraphs
seriously (despite presumably knowing there's little scientific evidence
supporting their use and knowing that lots of spies have had no trouble
passing them) makes me think the NSA must be full of gullible morons.

Does the NSA weed out polygraph non-believers during their hiring process? So
far as I know, the main "valid" use of polygraphs is (a) to trick/intimidate
people who believe in them into telling you a more thorough story, (b) to
acquire a "scientific" seeming reason to do or believe what you already wanted
to do or believe going in.

I don't feel very reassured.

------
sedev
This reads like it was penned by someone who's never heard of the Stanford
Prison experiment or Milgram's research. When I read "I have a very high
opinion of my former coworkers ... NSA employees are the law-abiding type ...
You take a long automated psych test that flags troubling personality traits,"
I take away "the NSA is full of the kind of person who won't look at the big
picture, who will follow orders without exercising critical thinking, and who
can be counted upon to be a Good German."

The problems that the HN crowd (speaking broadly) has with the NSA and related
entities, are _systemic_ problems. They are not about, "is act X legal or
not," they are not about "was this particular incident harmful or not." They
are about _root_ of the thing: about the high-level agenda, about the
strategies, about the ideas. It does not in the least address these concerns
to say "oh, my coworkers are fine folks, we work hard to obey the law, there
are scary people out there!" This says nothing to the counterarguments of "we
shouldn't _have_ to trust you" (really, you could say that the field of
cryptography is about replacing situations where you have to trust a human
with situations where you only have to trust math), "the law itself is a
problem," and "you haven't proven that you are doing _more_ or _better_
compared to other ways we could push back against scary people."

As with any government agency, the more they insist that they must not be held
accountable, the more accountability we should jam down their collective
throats. The first sign of someone who can't be trusted with power is that
they ask for more of it.

~~~
eliteraspberrie
_I take away "the NSA is full of the kind of person who won't look at the big
picture, who will follow orders without exercising critical thinking, and who
can be counted upon to be a Good German."_

That is exactly right. Employees of intelligence agencies are selected
primarily for loyalty, not critical thinking. Most people find that hard to
believe, especially those inside who tend to have a very high opinion of
themselves. In intelligence, recruiting independent minds is a mistake.

~~~
tmzt
It feels like saying Bletchley Park just needed more diligent and loyal crib
workers and they would have solved the Enigma.

Without Turing and the Bombe where would we all be?

~~~
jessaustin
Yeah well back then we had actual opponents. North Korea are crackpots, and
some fundamentalists prefer living with goats in caves to comfortable air
travel, but never in a million years will those cranks be the threat that the
Axis or even the Soviets were.

~~~
PeterisP
Do you believe that China isn't a worthy enough competitor in electronic
espionage? Or the occasionally conflicting interests with Russia and other
countries?

The main job of NSA isn't to support short-term military operations in
whatever location they're fighting today, they have to ensure that if they
suddenly need to focus on country X, then they already have years/decades
worth of collected intelligence.

~~~
CamperBob2
And of course, what you say about "country X" also applies to "individual Y,"
doesn't it? How convenient.

------
te_chris
Thank you so much, kind American intelligence guy, for having the grace to not
look at USA citizens emails, all the while not even mentioning foreigners, who
should apparently just lie down and take it.

~~~
javert
As a US citizen, I assume foreign countries (esp. China) spy on me. But I
don't go around bitching about that. Why? Because the US will protect me.
China cannot hurt me.

On the other hand, when the US spies on me, I am much more threatened, because
nobody can protect me from the US. If the US turns against me (for instance,
for supporting the Tea Party), declaring me part of a "violent organization",
I'm in real trouble.

tl;dr compain about your own country spying on you, not other countries spying
on you

~~~
jkrems
I think you are missing a point: US (cloud) companies do business with for
example European companies/customers. The leaks suggest that all data a non-US
customer stores with them is fair game for being snooped by NSA etc. without
any judge or due process. This turns "complain about your own country spying
on you!" into "Don't do business with an American company if you care for
legal protection/are not stupid". But please continue to pretend that economy
is confined by national borders.

~~~
javert
> The leaks suggest that all data a non-US customer stores with them is fair
> game for being snooped by NSA etc. without any judge or due process.

I agree.

> turns "complain about your own country spying on you!" into "Don't do
> business with an American company if you care for legal protection/are not
> stupid".

I agree. As a US citizen, I was quite upset when my employer started mandating
Gmail use, and this was _before_ the Snowden leaks.

Foreign companies are _obliged_ not to use US cloud services, just as US
companies are obliged not to use Chinese ones.

That is all water under the bridge now. There is no going back.

So you are not actually rebutting anything I said.

------
doe88
> I use the term "look" deliberately: the Agency makes the distinction that
> looking at data is surveillance, while gathering it from locations outside
> the US is not. We gathered everything, and only looked at a tiny percentage
> of it. I am okay with this distinction both because I don't mind if my
> emails are copied to an Agency database and likely never read and because
> from a technical standpoint it would seriously impair our ability to spy if
> we couldn't gather everything.

I'm not mad at NSA they're just playing their role, they're grabbing
everything they can. But, it should serve as a reminder of the goals we should
all (civilians) strive for: encrypting everything. I think lot of individuals
are working on these problems right now and I'm confident great tools and
protocols will soon be created/improved.

edit: downvoted for proning mass encryption, great.

------
josephlord
It is interesting as a view into the naive and uninformed [1] view of those
inside.

I suspect the screening selects for compliance and maybe against questioning
authority plus the people applying May self select in that way.

Note that this was approved by the agency and therefore may have been through
a filter process that removes other reports with more critical views before
publication. (I am not suggesting that this author is anything other than
genuine but if it was a critical view could it have been published).

I don't doubt that storing everything helps find threats but the price is far
too high, whatever difference it makes.

[1] he hadn't heard of parallel construction -
[https://news.ycombinator.com/item?id=6910972](https://news.ycombinator.com/item?id=6910972)
(he may have deep particular knowledge in some areas but his understanding of
the overall agency appears poor.

------
joelgrus
Hey, I backed that guy's Kickstarter! And now that I read his post I just
cancelled my pledge.

------
room271
While I do not agree with much of the sentiment, I enjoyed the article.

My question to the OP: even if you believe that at the moment abuses are rare
and that your colleagues are trustworthy and law-abiding, does the capability
and level of information concern you in terms of the potential for future
abuse it enables?

~~~
lorendsr
Potential future abuse, whether due to laws becoming more permissive or a
radical in-agency culture change that led to more people ignoring the law, is
certainly concerning. As are current abuses. I just believe that the
capabilities provided under the powers currently given to the agency are worth
the abuses and potential future abuse. If I thought there was much chance that
in the future, law enforcement and intelligence would not remain separate, my
decision would change. I would prefer to live in a free unsafe state than a
police state.

~~~
EthanHeilman
How do you answer questions of the NSA's known past involvement in targeting
political figures such as Martin Luther King[1], US journalists, and US
antiwar activists? The NSA was known to pass this intelligence to LE.

[http://en.wikipedia.org/wiki/Project_MINARET#Domestic_target...](http://en.wikipedia.org/wiki/Project_MINARET#Domestic_targets)

~~~
lorendsr
MINARET was used in the 60's and 70's. It led to the passing of FISA, which
made it illegal to look at or pass on US citizen data unless a judge suspected
them of being a foreign agent.

~~~
EthanHeilman
The NSA did these things both pre-FISA and post-FISA. For example:

* 1980-present. MAIN CORE, which is shared between CIA, FBI, NSA, Contains data on 8 million Americans and is used by LE. [http://en.wikipedia.org/wiki/Main_Core](http://en.wikipedia.org/wiki/Main_Core)

* ?-Present the DEA SOD program which uses NSA intelligence for drug cases. [http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05...](http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05/the-nsa-is-giving-your-phone-records-to-the-dea-and-the-dea-is-covering-it-up/)

And these are just the cases we know about, they are likely only the tip of
the iceberg.

Lorendsr, given this evidence and your previous statements that, "If I thought
there was much chance that in the future, law enforcement and intelligence
would not remain separate, my decision would change.", are you considering
changing your decision?

~~~
lorendsr
I don't believe the NSA should be giving data (or even just "tips") on
citizens to LE. It's either illegal or done under a law I don't know about. Do
you know what this is talking about?

>FISA surveillance was originally supposed to be used only in certain
specific, authorized national security investigations, but information sharing
rules implemented after 9/11 allows the NSA to hand over information to
traditional domestic law-enforcement agencies, without any connection to
terrorism or national security investigations.

[https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-
intel...](https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-
laundering)

~~~
EthanHeilman
No, and I had not read that article, thank you. I do not know the law, if any
exists, that allows that, although it violates most readings of the 4th
Amendment.

~~~
mpyne
The legal principle is that once the government legitimately comes into
possession of evidence, it doesn't have to "pretend to have not seen it".

What this means is that if a given surveillance transcript is obtained legally
(which is easy to do for foreign communications, even if a U.S. person is a
party to the conversation), that it can be legally passed to LE. Once LE knows
about it, they don't have to "close their eyes" to any U.S. nationals on the
transcript, similar to how the police are not required to ignore evidence in
plain sight (even if it wasn't listed specifically on the warrant).

By this route it is possible to pass incriminating evidence to LE about U.S.
nationals even without a warrant, as long as one of the parties to the
communication in question is actually a foreigner.

------
lucb1e
This is interesting to read, but I have one very important question:

Why is a distinction made between US and non-US people? Why do some systems
automatically ignore all US IP addresses?

What makes me a potential criminal, and Mr. Smith not? Why can he read my
email without a court order, but not from someone from Nebraska? Why does my
physical location, or proxy server for that matter, matter?

I think the only reason is because it's simply in the US law, so it doesn't
really say much. It's just one of those things that are the way they are. But
then...

why does he keep bringing it up as "you shouldn't be worried because we don't
look at data from the US"... if I'm not from the US? Does this mean I should
be worried that he is really reading my email if it has certain keywords? I
could become an intelligence target because of keywords or activism in certain
groups, merely because I'm not using a US-based proxy server?

~~~
PeterisP
This is trivial - the whole purpose of foreign intelligence is to help the
interests of your country while disregarding or actively harming the interests
of everyone else. They have no obligation whatsoever to protect (or even
refrain from murdering) others, but they do have an obligation to protect
their own citizens, so they have restrictions for that.

The only two valid reasons for NSA not to capture all the foreigners email is
if (1) it's too costly (and it probably isn't); and (2) the goverment decides
that the PR harm is greater than whatever they gain from having all the email
(and it probably isn't either).

------
nexttimer
Don't fight it. Just let it take over. Stop struggling. Once you'll have
stopped struggling, it won't hurt anymore. You won't feel any difference
anymore. And it will be like it was never different.

~~~
soulrain
Bend over and shut up we are good peeps and the others that will rape you if
we "pull-out" would be much worse.

Sad to see a programmer be so lost. Kudos for the post but if the NSA was
squashing terrorist attacks daily with evidence of their efficacy they would
be screaming it from the roof tops.

Snowden proved the implicit insecurity of information aggregation on such a
massive scale and if he had access so will nation states... the one that I
fear most is my own county.

I am a patriot too, just sad.

~~~
nexttimer
:-) Sorry, it was sarcasm.

It's what psychopaths usually say to their victims. If you hear it (or think
you're hearing it), the person/organization you have in front of you is of
psychopathic nature (it should be stopped at all costs).

Other translation: If we let them rape us, then we deserve it.

------
cinquemb
Interestingly enough, 60 minutes will have an "Inside View" of the NSA
tonight. This just keeps getting better… I'll be sure to absorb this message
and the probable similar message that will be broadcasted to the masses
tonight.

Yeah, buddy, I'll believe you… just keep telling me over and over and it will
sink in eventually. ;)

------
mtgentry
No offense to OP, but this reads like propaganda to me. It feels like someone
at the Pentagon realized they weren't winning the war of the minds of hackers,
so they encouraged some of their own to blog about their experiences.

I hate to sound like a tin hat wearing conspiracist. I really do. But I
wouldn't be surprised if there was some sort of concerted effort by the NSA to
encourage a dialogue with hackers on platforms like HN.

Sorry for the paranoia OP. Glad you enjoyed your time at the NSA.

~~~
lorendsr
No offense taken. I was not asked to write this, nor guided in its contents by
the government.

~~~
alfiejohn_
Did your post have to go through some sort of internal review before you were
allowed to publish it? I find it weird that you're allowed to blog, let alone
blog about the NSA.

~~~
cypherpunks01
See bottom of post: This essay was deemed UNCLASSIFIED and approved for public
release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP
14-0081).

~~~
jurjenh
Hmmm... where do we find out about all the CLASSIFIED blog posts? NSA internal
forums? Any place where there's a summary of these reviews as metadata, hence
leaving the content "CLASSIFIED" ? Who is watching the watchers?

------
sifarat
Got your point son. I am a Pakistani and I know what it means to me. fuck you
with love.

------
r0s
The gist is that you should not value your privacy if you have nothing to
hide.

This principle is absolutely forbidden to be reversed, the secret workings of
government agencies are protected by the highest secrecy.

What do they have to hide?

------
droithomme
This article is transparent propaganda.

Author is not a patriot. Author is an enemy of the people.

~~~
middleclick
If the author is indeed the patriot he claims he is, would he be so kind to
explain why the Bill of Rights thought it necessary to have this:

"The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated,
and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized."

What makes the NSA different from the police or other law enforcement
agencies? And why should we trust them? There is a reason restrictions exist
on the power they have. This article is nothing more than propaganda.

~~~
mpyne
If the NSA was engaged in hacking people's personal computers then the Fourth
Amendment would definitely apply. Anything else is fair game and has been fair
game (even the postal mail, which is protected by statute law and _not_ the
Fourth Amendment).

------
CamperBob2
_The Agency is an intelligence organization, not a law enforcement agency._

Monstrously disingenuous. The term "parallel construction" apparently means
nothing to him.

 _In 1991 the USSR dissolved and the Cold War ended. The world let out a sigh
of relief, safe in the the knowledge that humanity wasn’t crazy enough to
destroy itself. That security we had is gone. North Korea has nuclear weapons
and is threatening to fire them at the US._

I'm missing the part where collecting _my_ email and phone records will help
with this problem.

------
bane
I'm always surprised about how posts like this bring out the real nutjob part
of HN that sort of sits there and lurks dormant waiting to pull out unprovable
conspiracies any time something like this gets posted. I'm not talking about
the folks who disagree with the OP, or what the NSA does... I'm specifically
talking about the rather uncomfortable level of crazy that squirrels out in
these "discussions".

There are some posts here so outright loony that I actually feel a bit
uncomfortable having an account here.

------
typon
It's quite interesting to me that someone who has worked for the NSA can write
such an article and not have heard of William Binney and Thomas Drake's
experience with the NSA. Ethical, upstanding people my ass.

------
MrQuincle
Nice that you are a patriot and that you are all law abiding types. We need
more people that do not ask questions in those positions...

------
rdl
"People who build security tools" are in the set of people under active
monitoring and exploitation by governments. I'm personally far more concerned
about China and Russia and others than I am about NSA, but if I were Nadim
(who I believe is personally not a target of NSA, but by virtue of Cryptocat
most definitely is), I'd be quite concerned.

I was actually waiting for the big reveal in this ... "x, y are good, but Z is
not, and is why we have the problems we have now." I guess not having that is
why it went through publication review.

~~~
mpyne
Yeah, I suspect that if he named any actual members of Red Team that it would
have been squelched almost instantly.

------
notnsa
> I am an American patriot.

The author may believe he or she’s a patriot. I disagree. I don’t believe
someone who acts to subvert the Bill of Rights which states

“The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated,
and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized.”

is even remotely close to being a patriot.

> Many are concerned about the NSA listening to their phone calls and reading
> their email messages. I believe that most should not be very concerned
> because most are not sending email to intelligence targets.

> Email that isn’t related to intelligence is rarely viewed, and it’s even
> less often viewed if it’s from a US citizen.

“Rarely” is pretty meaningless. The NSA has repeatedly tried to compare the
number looked at with the number of intercepts. Of course they’re only looking
at a tiny percentage. But if I were to only steal one-in-a-billion dollars in
the US or only kill one-in-a-million people, I’d still be doing something
immoral.

> Every Agency employee goes through orientation, in which we are taught about
> the federal laws that govern NSA/US Cyber Command: Title 10 and Title 50.

Yet evidence seems to show that they've willfully found ways to interpret the
laws in ways that the authors of the laws think is illegal.

> We all know that it's illegal to look at a US citizen's data without a court
> order.

But the NSA has a special non-adversarial court that rubber-stamps whatever it
wants. (And it still happened)

> I use the term "look" deliberately: the Agency makes the distinction that
> looking at data is surveillance, while gathering it from locations outside
> the US is not. We gathered everything, and only looked at a tiny percentage
> of it.

The problem is that the 4th Ammendment makes no such distinction. They were
wrong in collecting it in the first place.

> I am okay with this distinction both because I don't mind if my emails are
> copied to an Agency database and likely never read and because from a
> technical standpoint it would seriously impair our ability to spy if we
> couldn't gather everything.*

He may not mind, but many other people do. I respectfully ask that he, Mr.
Clapper, and Gen Alexander give us all their data in case we later do find
what they were doing was illegal.

> The Agency is an intelligence organization, not a law enforcement agency.

> The NSA copy of my emails won't be viewed by police or FBI investigating me
> about marijuana use, for instance.

And yet, per Reuters

[http://www.reuters.com/article/2013/08/05/us-dea-sod-
idUSBRE...](http://www.reuters.com/article/2013/08/05/us-dea-sod-
idUSBRE97409R20130805)

    
    
       “A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.
       “Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges.”
    

> The NSA copy of my emails will only be viewed if the Agency can convince a
> judge that I might be a foreign agent. And the judges aren't pushovers.

[http://en.wikipedia.org/wiki/United_States_Foreign_Intellige...](http://en.wikipedia.org/wiki/United_States_Foreign_Intelligence_Surveillance_Court)

During the 25 years from 1979 to 2004, 18,742 warrants were granted, while
just four were rejected. Fewer than 200 requests had to be modified before
being accepted, almost all of them in 2003 and 2004. The four rejected
requests were all from 2003, and all four were partially granted after being
submitted for reconsideration by the government. Of the requests that had to
be modified, few if any were before the year 2000. During the next eight
years, from 2004 to 2012, there were over 15,100 additional warrants granted,
with an additional seven being rejected. In all, over the entire 33-year
period, the FISA court has granted 33,942 warrants, with only 11 denials – a
rejection rate of 0.03 percent of the total requests.

> They won’t spent time on my private love letters.

[http://news.cnet.com/8301-13578_3-57605051-38/nsa-offers-
det...](http://news.cnet.com/8301-13578_3-57605051-38/nsa-offers-details-on-
loveint-thats-spying-on-lovers-exes/)

> That security we had is gone. North Korea has nuclear weapons and is
> threatening to fire them at the US.

How does spying on Americans help?

> Reality should enter your cost-benefit analyses.

I totally agree.

> This essay was deemed UNCLASSIFIED and approved for public release by the
> NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081).

Somehow, I have a feeling that opposing points of view wouldn’t find much an
easy clearance.

------
w_t_payne
It is really nice to get a coherent, human view from inside the security and
intelligence community. To the best of my knowledge, the article reads as an
honest and true account of security service culture of integrity and
professionalism. Kudos to him, and kudos to his colleagues as well for their
restraint and their service.

I am pleased to see him hint at the exposure and vulnerability of the general
public to surveillance by third parties, when he describes of the ongoing
battle to dominate electronic systems, being waged by various nation-states
and criminal gangs around the world. (I refuse to use that horribly juvenile
construction "cyber-war").

However, we still have some way to go before we fully confront the magnitude
of the problem, and are able to formulate a sensible and coherent response.

Our military forces and security services are rightly part of our response to
this vulnerability, but they cannot be the only tool that we deploy. Societies
that lean to heavily on their armed forces and security services quickly feel
the negative effects of their reliance, no matter how well-intentioned, well-
disciplined and professional the servicemen and servicewomen may be.

Civil society needs to step up to the plate also. The problem is difficult,
and the response needs to be multifaceted and broad. As engineers, we need to
make our systems more secure and more trustworthy - and we need to make tools
for the creation of secure and trustworthy systems ubiquitous.

For example, I am writing software for advanced driver assistance systems &
autonomous vehicles -- I need to think very very carefully about how I can
make my software secure and robust from attack; I need to educate my
colleagues about the risky environment that we will be operating in, and
together, we need to come up with standards and processes to help us ensure
that the software we create minimises the risk posed by malicious actors.

------
anoncowherd
The surveillance's purpose is not to catch criminals or terrorists, as
evidenced by the recent confiscation of some NZ citizen's electronics at the
airport. He had attended a meeting on mass surveillance, and is therefore
considered a troublesome, unharmonious little peasant, and must be kept in
check or made an example of. _That_ is the point here. It's about power, and
_maintaining it_ through whatever means possible.

The US is showing clear and abundant signs of being a police state - there's
simply no denying that anymore. So what does it matter what their rule books
say about spying on people, when even the Constitution has been calmly
disregarded for years?

"Here are the official guidelines for spying on people! Remember that spying
on _US citizens_ is restricted because _that_ would be kind of naughty, but
foreigners are fair game."

It's just ridiculous. But again, it's certainly not about catching terrorists.
This level of surveillance would make Stalin just _shit himself with joy_.

------
andrewcooke
_The NSA is not a law enforcement agency._

I am not one either. But I still have to obey the law.

Maybe that's not what's implied by that statement? But if not, what on earth
is meant (more exactly, what was the author's intent in saying something that
seems obvious and irrelevant if taken at face value; what am I expected to
infer?)?

~~~
lorendsr
I meant that the NSA is only looking at your information if a judge suspects
that you are a foreign agent. It will not look at your information to
determine whether you have done something else illegal, which is what it would
do if it were part of a police state.

~~~
intslack
[http://www.reuters.com/article/2013/08/05/us-dea-sod-
idUSBRE...](http://www.reuters.com/article/2013/08/05/us-dea-sod-
idUSBRE97409R20130805)

>One current federal prosecutor learned how agents were using SOD tips after a
drug agent misled him, the prosecutor told Reuters. In a Florida drug case he
was handling, the prosecutor said, a DEA agent told him the investigation of a
U.S. citizen began with a tip from an informant. When the prosecutor pressed
for more information, he said, a DEA supervisor intervened and revealed that
the tip had actually come through the SOD and from an NSA intercept.

~~~
lorendsr
That sounds illegal. In same article:

>Wiretap tips forwarded by the SOD usually come from foreign governments, U.S.
intelligence agencies or court-authorized domestic phone recordings. Because
warrantless eavesdropping on Americans is illegal, tips from intelligence
agencies are generally not forwarded to the SOD until a caller's citizenship
can be verified, according to one senior law enforcement official and one
former U.S. military intelligence analyst.

"Generally" should be always.

~~~
secthrowaway
It might be waived in the event of an imminent action. Sort it out after the
threat of the action is over.

~~~
CamperBob2
And most important of all, _hold people accountable_ if they're wrong about
the "imminent action."

Same with torture and other unethical activities. Think you can save the city
from nuclear destruction by torturing the brown-skinned guy? Sure, go for it.
But you'd better hope you're right, because (at least in a just world) that's
the only way you're staying out of prison for the rest of your life.

------
junto
This is something that bothers me:

    
    
      Email that isn’t related to intelligence is rarely viewed, 
      and it’s even less often viewed if it’s from a US citizen. 
      Every Agency employee goes through orientation, in which we 
      are taught about the federal laws that govern NSA/US Cyber 
      Command: Title 10 and Title 50. We all know that it's illegal 
      to look at a US citizen's data without a court order.
    

I can rewrite this to:

    
    
      We are indoctrinated to believe that we shouldn't really
      invade the privacy of US citizens, and it is highly unlikely
      that we might mistakenly or otherwise read your private emails,
      however, if you aren't a US citizen then fuck you, you are our 
      enemy, you have no right to privacy because you weren't born 
      in the land of the free. Oh yeah, fuck you twice, cos we can.
    
      Ha ha
    

You know what, fuck you too.

------
are_you_serious
Did this line bother anyone else?

> If you are a citizen of the UK, Canada, New Zealand, or Australia, you may
> also be glad, because everything the NSA collects is by default shared with
> your government

He spends the whole post telling us its okay to trust the US and then
completely throws that out the window by saying 4 other countries have all of
our data too.

------
gohrt
Note that this is either an imposter account, or the author themself is mostly
unaware of the publicly-divulged NSA abuses -- let alone any non-divulged
abuses.

[https://news.ycombinator.com/item?id=6910972](https://news.ycombinator.com/item?id=6910972)

------
Pitarou
TL;DR

1\. The NSA only hires earnest, ethical people

2\. There are real threats we need to protect you from

3\. So everything's OK

Commentary:

I believe the first two of those statements. And if the people at the top were
also ethical and earnest, I'd believe all three. But, as Angela Merkel can
attest, the people at the top do not respect boundaries.

------
are_you_serious
What each section basically says:

1\. We collect all of your data

2\. That's okay because we're the good guys

3\. Btw, there are bad guys hacking us and have in the past downloaded TBs of
data from our systems

What happens when a bad guy gets access to our data? Whether from within or
out?

------
burke
> I do not believe that their information-gathering powers should be
> curtailed. Such restriction would not only hinder the Agency’s ability to
> gather intelligence, but also impede its ability to wage cyberwarfare.

Yes. That is the point.

------
gesman
So, if I'll meet someone who wanted to work more on personal coding projects
and start a company and is making a mayonnaise as his first product - I'll
know the guy must be from NSA!

:)

------
einrealist
He only describes his view from inside the system NSA. But it is the outside
which really worries me. Governments and legal boundaries can change. DHS and
TSA were such changes. And both agencies have a big impact on the lifes of
citizens and visitors.

OP admitted, that NSA already gathers data of US citizens. But the current
legal boundary prevents analysts to just add a "selector", except when it is
allowed by a (secret) court. So the data is already there with the technology
to query or filter it, which is a bad thing in itself. But it is a tiny change
in the law, that would make it legally right to include US citizens' data into
the query.

Looking back at DHS, TSA and the overall militarization of the security
forces, it is not hard to imagine that NSA is an easy pick for a reactive
government responding to the next terrorist threat.

BTW. When have government institutions ever been dissolved? Isn't that a lot
harder than creating new ones or changing the rules in favor of more control?

------
manish_gill
> Analysts don’t care about what’s going on in your life. Only until they do

> the Agency makes the distinction that looking at data is surveillance, while
> gathering it from locations outside the US is not. We gathered everything,
> and only looked at a tiny percentage of it."

"Cheer up, we're just collecting everything about your private life, we're not
_looking at it_...mostly!"

So, besides a lot of fear mongering about Cold War and Nuclear Weapons (yes it
is fear mongering, and mostly irrelevant to the debate, given your average
citizen, whom you're spying on, is not about to go detonate one), what you
have to offer is anecdotal evidence of your own time at NSA, who are all
supposedly highly intelligent and trained individuals who can do no wrong. And
what you're saying is that essentially, we're supposed to feel at ease because
you don't care about our lives.

...and of course, your post is approved for publication by the NSA.

------
freyr
To summarize:

* He doesn't care if the NSA spies on everybody, because he doesn't care if they spy on him. He have nothing to hide.

* In his experience, the people accessing our data can be trusted. We can extrapolate this to the NSA as a whole. The bad apples are rare.

* Cybarwar is real and dangerous, and we should reevaluate our priorities with this in mind.

------
ad80
Important voice in the whole discussion around NSA, but forgive me being
suspicious - it comes around the time his Kickstarter campaign is to end...

~~~
davesque
True enough, but wouldn't you probably do the same? :)

------
atmosx
I stopped reading after the _patriot_ paragraph. I don't like concepts that
divide people and patriotism is inherently bad for the world. It brings only
war and pain.

I love my country but I never met a _patriot_ that could think straight.

~~~
shitlord
> I stopped reading after the patriot paragraph.

So you read two sentences and felt qualified to post a comment about the
article anyway? You're nitpicking.

> I love my country but I never met a patriot that could think straight.

If you bothered to read more, you would realize that you/OP are talking about
the same thing: "I care about the US and its future". You merely disagree on
the means to that end.

------
devy
If he's so "patriotic" and so proud of him being a cyber spy, why didn't he
jump out earlier to defend NSA's position? Why did he only come out and write
an blog a few months late and around the same time as CBS 60 minutes NSA
interview? I say this is a NSA propaganda.

------
Marbux
@ "Every Agency employee goes through orientation, in which we are taught
about the _federal laws that govern NSA /US Cyber Command: Title 10 and Title
50._ We all know that it's illegal to look at a US citizen's data without a
court order. I use the term "look" deliberately: the Agency makes the
distinction that looking at data is surveillance, while gathering it from
locations outside the US is not. We gathered everything, and only looked at a
tiny percentage of it. I am okay with this distinction both because I don't
mind if my emails are copied to an Agency database and likely never read and
because from a technical standpoint it would seriously impair our ability to
spy if we couldn't gather everything."

lorendsr has far too much confidence that what he was taught about the
governing law is correct. The governing law is far broader than the two titles
of the U.S. Code he cites. The 4th Amendment, for example, protects against
not only warrantless searches but also warrantless _seizures._ That line is
first crossed at the gathering point, not at the point that the data is
viewed. Put another way, the Amendment prohibits warrantless gathering of the
haystack that includes private communications, not just the warrantless search
of that haystack for a given needle.
[http://www.law.cornell.edu/constitution/fourth_amendment](http://www.law.cornell.edu/constitution/fourth_amendment)
And that is only one example of his legal naivete.

Paul E. Merrell, J.D.

~~~
dragonwriter
> lorendsr has far too much confidence that what he was taught about the
> governing law is correct.

I'm not sure that's a justified assumption. In the quote you present, he
_explicitly_ notes that what he was taught is a distinction _the Agency_
makes, not one written into the law, when he says (emphasis added): «I use the
term "look" deliberately: _the Agency makes the distinction_ that looking at
data is surveillance, while gathering it from locations outside the US is
not.»

------
agorabinary
I can't help but observe, with a sort of grim humor, that this fellow's resume
now consists of international unwarranted espionage that threatens to upend
the very foundations of our constitutional republic...and organic mayo
entrepreneurship.

------
njtechie
One of the earlier statements by government spokesmen was that they're only
collecting meta-data and no one should be concerned about that. Fine. Then
every top-level NSA employee, and anyone else involved in the data collection
process, should immediately and publicly publish THEIR meta-data. That means
detailed phone bills showing what number they called, when, and for how long.
That means to "to" and "from" plus timestamps on all email sent and received.
That means the recipient name and address of every piece of Postal mail sent.
We don't need to see the content of those communications, just the meta-data.
Because that's harmless and not really private, right?

------
crystaln
> everything the NSA collects is by default shared with your government

So... does that mean that even though the NSA supposedly doesn't analyze
American communications, their colleagues in other countries can?

Also, while it may be reassuring for Americans to know that US IP addresses
are not allowed in searches, how reassuring is it for Canadians, Mexicans,
Germans, Australians, etc? Does this not harm both our reputation and business
interests?

In general, this article assumes agents of the government are, and will
continue to be, law abiding and respecting of citizens rights. Is that likely
to remain the case in 20, 50, 100 years? How about after a major terrorist
attack?

------
dimitar
Data is provided by ISPs and big companies like Google and Facebook.

Now, if you ask someone working for a ISP or Google if they hand over
information to anyone, of course they'll say that they don't and haven't heard
of someone doing it.

But of course they wouldn't have heard of it, one person with access is enough
to rsync or sftp it to the NSA; no need for the others to know about it. They
are needed to their jobs with clear conscience. I assume its the same in the
NSA on the other side of the 'relationship'.

The same phych screening process the author took probably also selected the
guy is doing the abuse.

------
film42
Did anyone else notice the countless screens running windows xp?

There were a few linux desktops, but really most of the screens were turned
off, or on and showing windows xp.

I don't like the idea of the US Govt using an extremely deprecated operating
system.

------
bazillion
I spent four years in (2 years longer than the OP), but worked on a
substantially broader swath of intelligence areas and in much more policy-
oriented positions, and I can tell you that the vitriol that's been displayed
on HackerNews is incredibly tiresome to see, because you are all missing a
very key point about how the NSA conducts business (which I've pointed out in
previous posts).

The key point is this: the NSA does not create policy for its operations.
Those are written into law through executive, legislative, and judicial
processes, and the three should theoretically balance each other out, which
the public currently deems as not doing a sufficient job of balancing. The NSA
acts as an instrument -- the employees (to include the director) are directed
through a system of reporting and feedback, and determine how best to act in
order to obtain more positive feedback from customers of the reports.

This isn't some theoretical system I'm talking about -- it's a database of
reporting with attached feedback. The feedback shows who consumed the report,
whether or not the party found it useful, any enclosed comments about the
report, and how high up the report went. If my report made it into the
president's daily brief and more information about the reporting subject is
desired, that will show up in the feedback, and thus I have my "direction".

How does this translate into real world operations? Here is a theoretical
conversation between Mr. Policy and Mr. NSA:

\-----------------------------------

Mr. NSA: Here is some information I found about country X, which might
indicate that they're conducting operation Y.

Mr. Policy: I would like to learn more about operation Y, and country X's
intentions to expand it.

Mr. NSA: I don't currently have the capability to expound upon operation Y,
unless you grant me the authority to access datastore Z.

Mr. Policy: We took a vote, and you have access to datastore Z on a thirty day
trial basis, but then must shut down operations if nothing of value is found.

Mr. NSA: Here is the information you requested about operation Y and country
X's intentions.

Mr. Policy: This information was not useful in directing policy, therefore
datastore Z is to no longer be accessed.

\-----------------------------------

From this, I think you can extrapolate my point. Do you blame the scalpel for
being too sharp, or the surgeon for handling it incorrectly?

~~~
PavlovsCat
> Do you blame the scalpel for being too sharp, or the surgeon for handling it
> incorrectly?

None of the above, if anything I'd blame people for being mere tools.

------
mrobot
One thing that always bothers me is the assumption that we dislike the NSA
because we're worried about them reading our personal emails and looking at
our photos, and.. "you know.. our Instagramming". We should know it's not
about anyone going through the process of reading our communications, it's
about having automated systems hooked up to them, keeping them, and having the
ability to use them. The human and electronic pieces of this system can act on
you and change your life, even without you ever knowing about it.

Being hooked up to machines like this is losing a large part of our own power
as a check and balance in our own government. We won't do it. If this program
is "necessary" to fight terrorism, will i be considered a terrorist if i
continue to disagree? What if i become very effective at disagreeing?

 _I believe that most should not be very concerned because most are not
sending email to intelligence targets._

It's not just directly to intelligence targets. Can someone remind me what 3
hops from a base group of 117,000 targets is again? We're not talking about a
home handwritten address book, this is linkedin, everyone i sold shit to on
craigslist, everyone i've ever contacted. Heads per hop is like 100, at least.
Anyway, should that group be concerned?

 _The Agency is an intelligence organization, not a law enforcement agency._

So what? Just because there's a boundary between the NSA and everyone else
doesn't mean they aren't exploiting the same broken interpretation of Terry v
Ohio to build systematic unreasonable-unarticulated-suspicion writ-of-
assistance privacy violations. We disagree with the principle, not just the
NSA. AT&T works directly with the CIA, the CIA works with the FBI, sharing on
that side is just a cluster.

[http://www.theguardian.com/world/2013/dec/10/data-sharing-
la...](http://www.theguardian.com/world/2013/dec/10/data-sharing-law-
enforcement-organised-chaos)

[http://www.nytimes.com/2013/11/07/us/cia-is-said-to-pay-
att-...](http://www.nytimes.com/2013/11/07/us/cia-is-said-to-pay-att-for-call-
data.html?_r=1&)

[http://bordc.org/newsletter/2013/12/#data](http://bordc.org/newsletter/2013/12/#data)

 _And I would prefer a world in which spying was unnecessary. But humanity is
not there yet._

No one disagrees that intelligence is necessary. We disagree with being wired
up to management and machines that can (and always will) easily make mistakes.
Privacy is a right, violating it to feed the machine is already diminishing
us.

I refuse to eat your mayo.

~~~
mrobot
More sources on how RAS is being used by these different agencies. Note that
an initial RAS queries are what pulled the data in to the more easily
queryable "corporate stores".

Morning session of civil liberties review, 21:07, 23:04, 37:00

[http://www.c-span.org/Events/Civil-Liberties-Board-
Reviews-S...](http://www.c-span.org/Events/Civil-Liberties-Board-Reviews-
Surveillance-Programs/10737442462/)

26:20 is an insane defense of writs of assistance by Brad Wiegmann. Actually
explaining why the effectiveness of stop and frisk is an excellent example of
why the NSA should follow similar policies.

[http://endthelie.com/2013/11/21/the-nsas-reasonable-
articula...](http://endthelie.com/2013/11/21/the-nsas-reasonable-articulable-
suspicion-legitimizes-surveillance-of-just-about-anyone/#axzz2nbjDTyx4)

------
drharris
> Email that isn’t related to intelligence is rarely viewed, and it’s even
> less often viewed if it’s from a US citizen

I stopped here. The words "rarely" and "less often" should both be "never". If
the answer is not never, congratulations, you just helped ruin the world.
Engineers and developers should be using our powers to help the world, not
help corrupt governments spy on their own citizens. I only wish there were a
way to strip credentials from technical people who aid an enemy so they can
never work in this field again.

------
jonknee
Interesting to get a look at what it's like to be inside the bubble. It's
compartmentalized enough that the individual actors can justify their actions
by the assumed competence and benevolence of the others.

> I didn't test it, but I'm sure there was automated analysis that prevented
> or flagged use of US selectors.

The mental leap here is subtle, but substantial. _Since I have been told I can
't use US selectors , I assume the system enforces this. As such, US citizens
have nothing to worry about._ However, in the immediately previous paragraph,
he noted:

> one employee spied on a spouse

So much for automated analysis, besides not being able to filter out US
citizens' data it can't even filter out an employee's direct family. But
there's no need to worry citizen, the NSA has a very high-quality workforce.

In the NY Times this morning was a piece noting that the government has
concluded they don't know what files Snowden took with him
([http://www.nytimes.com/2013/12/15/us/officials-say-us-may-
ne...](http://www.nytimes.com/2013/12/15/us/officials-say-us-may-never-know-
extent-of-snowdens-leaks.html?_r=0)). The most technologically advanced
intelligence agency in the history of the world and they have no idea what
files were electronically taken by one of their own. One of their own who
passed the background check by the way--I don't know why the OP is so enamored
with the polygraph.

~~~
rst
What's particularly interesting is that some of the recent disclosures don't
seem to be visible inside the bubble. Take this assertion, for instance:

"The NSA copy of my emails won't be viewed by police or FBI investigating me
about marijuana use, for instance. Law enforcement might get a search warrant
and retrieve a copy from Google, but not from the NSA."

In fact, it's been known for months that the DEA receives intercepts from the
NSA in such volume that they have an office devoted to handling them (the
DEA's "Special Operations Division"). And as for search warrants, the manuals
for that office describe a practice of "parallel construction" which involves,
not to put to fine a point on it, lying about the ultimate source of the
information they're using, with the clear intent of evading judicial scrutiny.

Details here: [http://www.reuters.com/article/2013/08/07/us-dea-irs-
idUSBRE...](http://www.reuters.com/article/2013/08/07/us-dea-irs-
idUSBRE9761AZ20130807)

~~~
wcfields
What's the legal term? I think it's "double construction"? Where the
prosecution _knows_ it's you from illegal means (wiretap/NSA spying) but by
that knowledge can go back and construct the legal case in reverse.

It's been rumored that Dread Pirate Of SilkRoad case was figured out that way.

~~~
mattlutze
The story around DPR getting caught started in him making posts that had
personally identifiable information from his anonymous accounts in the very
beginning, not from illegal searches.

That's just a really long scraping / pattern-matching exercise of publicly
available data, and the reminder that even particularly clever people won't be
on point 100% of the time.

~~~
koide
Or they did find him illegally and found later on the public pattern-matching
exercise to justify their findings. Which is exactly the point of parallel
construction.

We cannot know.

------
wmt
> I had to make sure that my searches didn't use US selectors, such as a US
> phone number or IP address.

i.e. "we aggressively spy on all U.S. citizens, but we try really hard not to
look at that data."

------
SchizoDuckie
What bothers me most about the NSA stories is that all the damage control
seems to be revolving around not pissing the US citizens off because their
data is collected.

What about the rest of the world? They just have a carte blanche to tap
everything from everyone 'regular joe' from outside of the US can't do Jack
Shit about it, other than help invent newer and stronger encryption methods,
since all our governments have their arms up the US's ass.

------
focher
The worst thing about such pro-spying articles is that they are policy
arguments, when the real issue is one of Constitutional rights. I don't really
care what policies individuals or groups support. That's the whole point of a
Constitution. It protects liberties from even majority rule taking them away.
What part of the Fourth Amendment is unclear? Don't like it? Then pass a new
goddamn amendment.

------
jgg
Right, Loren, so:

* even though Congress was lied to/mislead about the scope of the NSA's programs, by none other than the Director of National Intelligence _[1]_

* despite the fact that the NSA hastily rushed to justify an invasion of Syria with misleading data _[2]_

* despite the fact that the NSA helped produce evidence to justify the false invasion of Iraq _[3]_

* despite the fact that the NSA helps to subvert crypto software and backdoor services, which makes people and businesses less safe against electronic warfare (despite the fact that al-Qaeda is at least aware of the need for building their own crypto, even if what we've seen so far is possibly crippled by stupidity) _[4]_ _[5]_

* even though the NSA were unable to catch the Boston bombers (even though the ФСБ warned the US multiple times about the brothers, they were tied to Chechnya, had jihadi content on their social media profiles and were already tied by association to a homicide) _[6]_ _[7]_ _[8]_ _[9]_

* despite the testaments from former Intel folks that mass data collection doesn't work and that Gen. Keith Alexander is incompetent _[10]_

* despite Alexander being unable to come up with problems the NSA's mass surveillance has solved without lying _[11]_

* despite the fact that Alexander is a monumental douche who used taxpayer money to have a Hollywood set designer make his office into a re-creation of the Starship Enterprise _[10]_

...we should be "reassured to know how capable and thorough your cyber spy
agency and military command are." We should rest assured that our electronic
communications being scooped up and stored couldn't ever possibly be used for
nefarious purposes against a citizen of the US, that it isn't a gross
violation of a person's right to privacy and dignity and that even the
majority of the NSA are kind-hearted people looking out for America's best
interests in the big, scary world full of North Korea's and Muslim radicals
and that my virgin, uninitiated mind just doesn't understand. This isn't all
just a big, dumb, out-of-control bureaucratic freak-out or an attempt to
instate a Stasi-esque intelligence regime.

Fuck you and your condescension, Loren. You are a coward and a liar, unless
there is some grand plot the NSA has helped unravel, Clancy-style, that you
just can't tell us about (I will apologize and retract my statements when it
comes to light).

sources:

[1] [http://www.huffingtonpost.com/2013/08/13/james-
clapper_n_374...](http://www.huffingtonpost.com/2013/08/13/james-
clapper_n_3748431.html) [2] [http://www.lrb.co.uk/v35/n24/seymour-m-
hersh/whose-sarin](http://www.lrb.co.uk/v35/n24/seymour-m-hersh/whose-sarin)
[3] [http://www.thenation.com/blog/174744/remember-when-nsa-
surve...](http://www.thenation.com/blog/174744/remember-when-nsa-surveillance-
was-used-help-launch-iraq-war) [4] [http://techcrunch.com/2013/09/05/nsa-
subverts-most-encryptio...](http://techcrunch.com/2013/09/05/nsa-subverts-
most-encryption-works-with-tech-companies-for-back-door-access-report-says/)
[5]
[https://www.schneier.com/blog/archives/2008/02/mujahideen_se...](https://www.schneier.com/blog/archives/2008/02/mujahideen_secr_1.html)
[6] [http://www.independent.co.uk/news/world/americas/russian-
off...](http://www.independent.co.uk/news/world/americas/russian-official-us-
ignored-boston-bombers-warning-8644560.html) [7]
[http://www.thenation.com/article/174026/there-chechen-
connec...](http://www.thenation.com/article/174026/there-chechen-connection-
boston-bombings) [8] [http://www.cnn.com/2013/04/20/us/brother-religious-
language/](http://www.cnn.com/2013/04/20/us/brother-religious-language/) [9]
[http://articles.latimes.com/2013/oct/23/nation/la-na-nn-
bost...](http://articles.latimes.com/2013/oct/23/nation/la-na-nn-boston-
triple-homicide-20131023) [10]
[http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_...](http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander)
[11] [http://www.dailykos.com/story/2013/10/15/1247400/-NSA-
Direct...](http://www.dailykos.com/story/2013/10/15/1247400/-NSA-Director-
Admits-He-Lied-About-Surveillance-Thwarting-54-Terror-Plots)

~~~
CamperBob2
_Fuck you and your condescension, Loren. You are a coward and a liar, unless
there is some grand plot the NSA has helped unravel, Clancy-style, that you
just can 't tell us about (I will apologize and retract my statements when it
comes to light)._

I won't even do that. I've read enough history to understand that losing a few
planes and buildings once in a while is no big deal compared to what
eventually happens to a country governed by the ethos exposed in the Snowden
documents.

The ends do not justify the means.

------
kika
> I would also notify the users that their data was accessed, if it was legal
> to do so.

And of course you'd also put up a warrant canary [0] on your website, am I
correct? \-- [0]:
[http://www.rsync.net/resources/notices/canary.txt](http://www.rsync.net/resources/notices/canary.txt)

------
sbierwagen
Interesting that the HN algorithm that automatically flags NSA stories off the
front page didn't penalize this one.

------
bbakkd
If you are not a terrorist or a foreign government official or work for a
large corporation or bank or travel or communicate with people in certain
countries or use certain keywords in your communications you have absolutely
nothing to worry about.

------
alandarev
> US citizens have nothing to worry about.

Oh, alright then, there is nothing except the trillions of spies queued up
behind US borders.

There is a shocking news to be revealed: Not all non-US citizens are spies.

------
iribe
What do you think of the NSA tapping datacenter traffic, gaining access to
company source code, passwords, and everything else companies incorrectly
assumed wouldn't be sniffed? Was that justified? How do you know that data
didn't get into the wrong hands, other than assuming every coworker was
trustworthy.

------
danbmil99
> I have a very high opinion of my former coworkers.

Well then, problem solved.

------
hawleyal
> not a law enforcement agency

Naive to think that mass-collection of data is not a tool that will eventually
used by law enforcement.

------
joelrunyon
> The NSA is our best hope in this war

Is this an inconvenient time to point out that we're technically not in a
congressionally approved "war" with anyone?

~~~
mpyne
A Congressional declaration of war would, by law, put an exceptional amount of
wartime powers in the hands of one person, the President of the United States.
For what are hopefully obvious reasons, Congress has not chosen to go through
with that.

On the other hand, they _have_ passed an "Authorization for the Use of
Military Force" which is still current, authorizing military action in
Afghanistan and wherever AQ or other terrorists groups might be found.

------
bayesianhorse
We are the watchers on the (Facebook) wall...

------
aaron695
It reminds me of that sketch of the nazis where they realise they are on the
baddies side, except op isn't there yet.

[http://www.youtube.com/watch?v=JEle_DLDg9Y](http://www.youtube.com/watch?v=JEle_DLDg9Y)

People need to realise it's more "All that is necessary for the triumph of
evil is that good men do nothing."

And less terrorists and other cliches.

------
ekianjo
reading it feels like reading a PR document, just made to shed a positive
light on the NSA.

------
beachstartup
yeah, all that juicy data, just sitting there. trust us. we won't touch it.
neither will the fbi. or the cops. they don't care that you smoke weed.
really.

except they do care. and they want that data. and they will get that data. you
can bet your fucking LIFE on it.

if it's there, it will be used, and very possibly by someone with less than
good intentions. how the hell could anyone convince themselves that this isn't
true? it's mind boggling.

look at mccarthy era politics. THAT CAN HAPPEN. IT DID HAPPEN. IT WILL HAPPEN
AGAIN.

------
tripzilch
... the cognitive dissonance is strong in this one.

> I am an American patriot.

> Patriotism to me simply means that I care about the US and its future.

> We all know that it's illegal to look at a US citizen's data without a court
> order. I use the term "look" deliberately: the Agency makes the distinction
> that looking at data is surveillance, while gathering it from locations
> outside the US is not. We gathered everything, and only looked at a tiny
> percentage of it. I am okay with this distinction both because I don't mind
> if my emails are copied to an Agency database

That very last bit, is that also a symptom of "patriotism", or more like a
justification to tell himself "this was my job, I believe I do right, so my
job was right, because it was my job, which is right".

(then again, his ad for "paleo mayo" does show that this person has a habit of
buying into beliefs as long as they are backed by sufficiently authorative-
sounding sources)

> NSA employees are the law-abiding type. Firstly, the lawbreaking type isn't
> likely to want to work for the government. Secondly, if they did apply, it
> is quite unlikely they would make it through the clearance process.

Yeah, actually, "law-abiding" is not really the word I'd describe for the sort
of people this process attracts ... More something in between "gullible" and
some of the less positive interpretations of "US Patriot".

> While the efficacy of polygraphs has been questioned, and while I'm sure
> given sufficient training and natural psychosomatic control one could beat
> them, I think they're fairly accurate. They may yield some false positives
> (I, for example, initially failed when I said, "No" in response to, "Have
> you ever given classified information to a foreign entity?" – this is before
> I knew any classified information – and had to fly back to DC for a second
> attempt a month later), but I believe false negatives are rare.

Aahahaha, yes, and so do horoscopes! Can you believe this guy?!

They could have had a psychic in a sufficiently impressive suit "evaluate"
him, and he'd still have bought into it.

> Even if you are not a citizen of the Five Eyes, you shouldn't be worried
> about your data being viewed unless you're involved with a group of
> interest, such as a _foreign government_ or violent organization.

Whut? So anyone involved with a foreign government, such as their politicians,
should be worried.

By extension, all citizens relying on that government should be worried.

Doesn't make sense. But then, I can decide what not to worry about by myself.

Finally,

> it would seriously impair our ability to spy if we couldn't gather
> everything.*

> * I am not permitted to say why this is the case, but it is true.

Fine. But the problem is not so much having to take his word for it, it could
very well be true. The problem is, your current situation is wrong, very
wrong. It obviously needs overhaul, and without talking about the "why", you
can't have a discussion about fixing it, either. He himself admits he is
unaware of the "big picture"\--all the while stating that whatever it is, he's
probably okay with the implications.

I'm pretty sure that even if I _did_ know all the things he knows but isn't
telling us, I'd very much disagree with that notion.

> The NSA is our best hope in this war. In my mind, the Agency’s continued
> dominance of the Internet is absolutely worth [whatever]

Remember, patriotism doesn't mean he doesn't care about people outside the US,
just as long as the NSA gets to dominate the entire Internet.

------
wissler
Copy our data without our consent. Lie about it to our representatives. But
just trust us.

The ends do not justify the means; on the contrary, nefarious means imply
nefarious ends.

------
mpyne
Well this comment thread went about as I expected it to go...

~~~
davesque
Lol, right. I thought the article was an interesting read anyway.

------
stefantalpalaru
> Halting use of USB drives is not enough to protect air gapped systems, as
> Ruiu's recent research on badBIOS demonstrates.

False. In the badBIOS case the 2 computers thought to communicate using audio
were already infected.

------
LekkoscPiwa
First 60-minutes, now this. Are we in the middle of a PR campaign now?

------
eli
Thanks for posting what I'm sure you knew would be an unpopular opinion around
these parts. Interesting read.

~~~
mpyne
Braver man than I am, that's for sure. Someone even canceled their Kickstarter
pledge for his mayo over it.

------
jsac
this story smells like PR via the NSA....

------
andyl
I don't know if Loren is sincere, or if he's part of a disinformation
campaign. Either way, I don't believe his reassurances. I think NSA
surveillance is first and foremost a tool to control the American citizenry.
The next Martin Luther King, Ralph Nader, or Daniel Ellsberg isn't gonna stand
a chance.

~~~
Marbux
@"I don't know if Loren is sincere, or if he's part of a disinformation
campaign."

Those two states are not mutually exclusive in their entireties . It depends
on what information he's been fed and believes. What is undeniable is that NSA
has launched a Christmas disinformation campaign via staffers[1] and earlier,
its extended family.[2] (Documents are at the bottom of the pages.)

Paul E. Merrell, J.D.

[1] [http://preview.tinyurl.com/q6jp8gg](http://preview.tinyurl.com/q6jp8gg)

[2] [http://preview.tinyurl.com/n3pxwen](http://preview.tinyurl.com/n3pxwen)

------
jjguy
HN, I'm ashamed of you.

The comments in this thread (and every other Snowden-related revelation in the
last six months) have made it clear you are incapable of appreciating the
magnitude and complexity of this scope of issue. The comment threads have been
dominated by narrow, small minded thinking, bereft of any considered
thoughtfulness. I quit reading your comments on these posts long ago, because
they were a worthless echo chamber of self-righteous arrogance. I thought
maybe, perhaps, this post would elicit better discussion. I should have known
better.

Even after six months, I don't yet have a well-formed opinion on the topic.
It's incredibly complicated and encompasses considerations most of us can
barely comprehend. In an essay on the topic, Mike Hayden (ex USAF General, ex
NSA director, ex CIA director) said: [1]

    
    
        it takes a special kind of arrogance for this
        young man to believe his moral judgment
        on the dilemma suddenly trumps that of two
        (incredibly different) presidents, both houses
        of the U.S. Congress, both political parties,
        the U.S. court system and more than 30,000 of
        his co-workers.
    

The HN collective deserves the same chastisement.

I expect more of HN than I do a typical forum. I dismiss the "not like the old
days" cynics. Please don't prove them right.

1 - [http://www.cnn.com/2013/07/19/opinion/hayden-snowden-
impact/](http://www.cnn.com/2013/07/19/opinion/hayden-snowden-impact/)

~~~
tfigueroa
Really? An appeal to authority?

Besides, even a child can point out when an emperor has no clothes.

~~~
jjguy
you consider that an appeal to authority? how about your complete disregard
for his point.

thanks for re-enforcing my point.

------
secthrowaway
I can confirm much of this article. (A couple years ago I provided some
comments here
[https://news.ycombinator.com/item?id=3296691](https://news.ycombinator.com/item?id=3296691))

There's lots of condemnation of the poster, and the NSA practices and some of
the murkier parts of this article. I thought I'd tip in with some explanations
as possible while staying outside of anything classified or naughty.

jonknee:
[https://news.ycombinator.com/item?id=6910978](https://news.ycombinator.com/item?id=6910978)

\- "It's compartmentalized enough that the individual actors can justify their
actions by the assumed competence and benevolence of the others."

It's compartmentalized a bit more than the OP lets on for mostly
security/separation of concerns/need-to-know reasons. For example, a Air Force
analyst who is cleared to view TS//SI material won't have access to the NSA
systems directly. Some of the NSA systems have external (Intelligence
Community (IC)) facing equivalents that omit quite a bit of the information
that less scrutinized IC analysts shouldn't have access to. w/r to the
information the NSA collects, NSA employees and contractors are held to
stricter standards about how that material is used and treated. An analogy, a
minor commits a crime and his record is sealed. The local court employees who
handle the record, the judge etc. have really nothing that prevents them from
leaking that information to an overzealous cop or lawyer or some such other
than the standard to which their held for their job. It's more or less the
same thing with the NSA.

> The mental leap here is subtle, but substantial. Since I have been told I
> can't use US selectors , I assume the system enforces this.

Actually, one of the higher standards the NSA employees are held to, and I
believe they sign something to effect is that it's outright illegal for them
to do so and even one misuse could result in loss of employment, clearance (a
death sentence in IC heavy employment areas) and possibly time in prison as a
felon. This is taken _very_ seriously and I've never known an NSA employee to
_not_ treat this rule and US citizen data as radioactive to them.

[https://news.ycombinator.com/item?id=6911054](https://news.ycombinator.com/item?id=6911054)

> Definitely a bizarre mix, I thought it was a parody a couple of times. To
> combat the threat of nuclear war with the completely isolated totalitarian
> state of North Korea we must create and store copies of all global
> communication...

It's easy to generalize, and if the world worked as simply as the model you
propose here, then things would be much better for everybody, but it simply
doesn't. For example, to uphold various sanctions regimes, by law, the U.S.
_must_ know if a business has connections two hops out that are linked to any
bad activity. For example, how did Kim Jong Il buy all his whiskey? It's
outright illegal for a U.S. company to sell to the North Korean government.
Okay, so they sell to an overseas distributor who then sells to the North
Korean government. Turns out that's illegal as well and the government must
take action to not allow the U.S. whiskey maker or the distributor to operate
in the U.S. any longer. Okay, so the whiskey make checks out their
distributors finds one who doesn't sell to NK, but one of their customers
_does_. Same deal, it's illegal for anybody in that chain to operate in the
U.S. After that, the chain becomes so long it's not worth looking into and Kim
Jong Il was eventually able to get his whiskey.

Just talking whiskey and North Korea here, but you can guess it goes for all
kinds of goods and countries under various sanction regimes. So how do you
propose things _should_ be collected? Collecting only on North Korea gets you
nowhere, it's everybody else who may or may not be supplying whiskey to the
Norks that makes things much harder and requires a much larger collection
apparatus.

[https://news.ycombinator.com/item?id=6911216](https://news.ycombinator.com/item?id=6911216)

> It's helping diplomats illegally snoop on our allies.

Good! Our allies are most definitely snooping on us! Spying and espionage is
sometimes called the second oldest profession for a reason. There's been no
time in history that two countries aren't doing a bit of spying on each other,
most _especially_ at the diplomatic level.

rst:
[https://news.ycombinator.com/item?id=6911150](https://news.ycombinator.com/item?id=6911150)

> In fact, it's been known for months that the DEA receives intercepts from
> the NSA in such volume that they have an office devoted to handling them
> (the DEA's "Special Operations Division").

This _is_ a problem. In general, the work the IC does in collection does not
hold up to LE scrutiny. Having worked on both sides of the fence, LE is both
more difficult in some cases and easier in others to work in. For example, you
need a warrant to gather phone records in LE, but you can share those records
more freely once you have them. In the IC the opposite is true, you can pretty
much get whatever you need, but it's virtually useless if a criminal approach
is taken. That's why it's often simpler to blow up the target then to arrest
and try them. Parallel Construction is an investigative focusing approach that
saves LE from getting collection warrants that go nowhere. The IC approach is
to find the connections or whatever, then help LE figure out where to focus
their warrant-based approach in doing the same collection from their side.
Scrubbing U.S. Persons IC data and reusing it directly for LE is highly
illegal for all of the participants involved.

revelation:
[https://news.ycombinator.com/item?id=6911022](https://news.ycombinator.com/item?id=6911022)

> Well, following his explanations, you can fail the polygraph and just do it
> again. The cost of failure is zero, so really just keep trying.

Actually the penalty after enough tries is no clearance which means no job and
a permanent record that you were denied a clearance...which pretty much deep
sixes any attempt in the future to get one. In some parts of the country, like
the Washington D.C. area, that's virtually a career death sentence.

kabdib:
[https://news.ycombinator.com/item?id=6910969](https://news.ycombinator.com/item?id=6910969)

> My best friend's dad was a spy in the CIA

> During the 70s and 80s my dad worked with Russian scientists

> So, how likely is it that my email is read, that my phone records are looked
> at, and so on? What are the chances that I'll have trouble the next time I
> cross a border or try to board a plane? One percent? Fifty percent?

Assume it is collected but probably not read, but not for the reasons you gave
above. There's just simply not enough manpower to read everybody's email, and
it's a useless thing to try to accomplish. Now suppose one of the guys you
email also emails somebody who's "nefarious" in some way. Then yeah, maybe
your email is read. And if all you talk about in your emails are things that
don't involve an armed insurrection against the United States you'll probably
be filed into the "don't give a shit" bucket and the analyst will move on.

A common thread here is that everybody who's worried about their email being
read seems to assume that whatever they're doing is important enough for it to
get read. Trust me, it isn't.

(continued next comment)

~~~
secthrowaway
md224:
[https://news.ycombinator.com/item?id=6911261](https://news.ycombinator.com/item?id=6911261)

> Anyone who defends the NSA on the grounds that it only targets those who are
> worthy of targeting needs to convince me that another COINTELPRO will never
> happen. I would actually welcome such an argument, since it would make me
> feel a whole lot better about this.

You raise a very good point. I don't think there are many in the IC who would
have a problem with more (and better) oversight...it helps them feel more
legitimacy in what they're doing. All that being said, assume that there will
be another COINTELPRO or similar. It sucks, but to be perfectly honest with
you, you aren't important enough to convince one way or the other about it or
about approving of the various collection programs the NSA is running. If half
of the comments here are to be taken at face value, almost nobody on HN knows
enough about the issues involved to be consulted or for their opinion to be
considered. I'll draw a parallel here to the outcry over technology centered
court cases or software patents, an opinion often given here is that engineers
or software experts should be involved in deciding those cases because the
layman doesn't know enough about it to have an informed opinion. It's just as
true with IC issues. What's troubling is that oversight is via Congress, who
until the last election were likely laypeople themselves. So the expertise to
properly evaluate, oversee and monitor what's going on simply isn't there.

sedev:
[https://news.ycombinator.com/item?id=6911078](https://news.ycombinator.com/item?id=6911078)

> This reads like it was penned by someone who's never heard of the Stanford
> Prison experiment or Milgram's research...

You bring up good points. One of the issues with the IC is one of internal
monitoring (as we're all now seeing). Who watches the watchers? There's
notionally a number of very serious laws, or committees and counter-X
professionals who are supposed to be doing this, but to be honest. Once you're
cleared and stuck on a project, there's really very little day-to-day
oversight of any kind. I personally would welcome a higher level of scrutiny,
but I think the equation of "spend manpower watching watchers" vs. "spend
manpower looking for bad guys out in the world" has, and will continue to,
balance on the later.

[https://news.ycombinator.com/item?id=6911091](https://news.ycombinator.com/item?id=6911091)

> If you'd never heard of parallel construction before today, that seems to
> powerfully undermine your credibility.

He only worked there for two years on a single program. I challenge anybody
here who works for any organization larger than 3 people to have perfect
knowledge of every single thing their organization is doing. Unless you work
on the bits that interface with the LE community you'd probably never have had
opportunity to know anything about it. I bet he also doesn't know the details
of companies the NSA contracts to do their plumbing or handle their trash.

EthanHeilman:
[https://news.ycombinator.com/item?id=6910896](https://news.ycombinator.com/item?id=6910896)

> The NSA has a history of sharing intelligence with LE, to state that the NSA
> is not a LE agency is extremely misleading, if not an outright lie.

I don't think you understand what a LE entity is, the powers and limitations
that LE organizations operate under or how they differ from IC organizations.
Saying the NSA is LE because they cooperate with LE is like saying the
Department of Agriculture or Labor is an LE agency because they sometimes have
to cooperate with LE.

jjoonathan:
[https://news.ycombinator.com/item?id=6910922](https://news.ycombinator.com/item?id=6910922)

> It's good to hear that many NSA employees take the police/military
> distinction seriously, but we know for a fact that some higher-ups don't...

This is true, and it's particularly vexing to work in the IC and have senior
officials asking you to participate in outright illegal activities. It doesn't
happen often, but I've seen both people ruin their careers saying no and those
that want to keep their job and say yes. It's usually under the auspices of
"helping out to stop bad things", and it's very hard to say no when activities
are couched that way...despite very many of the people on here talking
publicly about their very righteous and moral high ground, placed in the same
position, the vast majority of HN users _would_ want to stop bad things from
happening even if it meant crossing the line a bit here or there. Because,
honestly, if you choice is help stop innocents from getting killed vs. sit on
your hands because of some futzy law someplace that ties your hands, most of
us would feel like we'd rather take the immediate action to stop the bad guys.
"Mission Expediency" is the word of the day when it comes to these matters.

mtgentry:
[https://news.ycombinator.com/item?id=6910911](https://news.ycombinator.com/item?id=6910911)

> No offense to OP, but this reads like propaganda to me.

I can confirm that this represents the mindset of most of the people I've
worked with in the IC. It does take a certain kind of personality to sign-up
and go through all the hassles involved with getting employed in the IC and
that self-selection seems to attract a certain kind of personality type.

> But I wouldn't be surprised if there was some sort of concerted effort by
> the NSA to encourage a dialogue with hackers on platforms like HN.

There really isn't, other than to not discuss classified information. Keeping
track of what's classified and not when you spend near a third of your life
and half of your waking hours dealing with only classified things is complex
enough that most people just don't engage with the "unclean" public.

jurjenh:
[https://news.ycombinator.com/item?id=6911235](https://news.ycombinator.com/item?id=6911235)

> What I'd be more interested in is how much this issue is being discussed
> internally. If these discussions are allowed, or even surreptitiously
> encouraged, then I'd take that as a possible internal propaganda push,
> subtle as it may be.

Discussions about these issues, in the way that they're being discussed here,
are not terribly common. The milieu of working in the IC just doesn't lend
itself to these kinds of topics, in these kinds of ways, as focuses of
conversation. Mostly what's discussed is the lines you aren't supposed to
cross and the penalties for crossing them. But more often then not, casual
conversation is about _anything_ other than IC topics. After a hard day of
spying, you really want to just engage in something else.

Bizarrely, discussing Snowden might be tricky inside of the IC because you
might discuss something that was leaked that you technically don't have a
need-to-know for. So specific cases like this are not often serious topics of
conversation.

(continued next comment)

~~~
secthrowaway
pera:
[https://news.ycombinator.com/item?id=6911100](https://news.ycombinator.com/item?id=6911100)

> Really? why should anyone trust in anything coming from the NSA when you are
> systematically lying again and again? why should we listen to anything you
> say when historically, part of your strategy is to try to influence the PoV
> of society || specifics groups?

OP is not the NSA. OP was an employee for a couple years and can only comment
about what he specifically knows about, just like anybody. Take what he says
with that context.

alfiejohn_:
[https://news.ycombinator.com/item?id=6911106](https://news.ycombinator.com/item?id=6911106)

(ex-)Employees can write about anything, but if it involves IC related topics,
they have to submit to a review before publication. All those various books
about life in the Spy world or Special Forces etc. all went through similar
reviews.

malloreon:
[https://news.ycombinator.com/item?id=6911226](https://news.ycombinator.com/item?id=6911226)

> There are articles suggesting this is happening many thousands of times per
> year - shouldn't each of these 'regular employees' be put on trial? They
> have committed serious crimes.

Quite often they are. The minimum penalty is loss of clearance and job (which
is a career death sentence in the IC), and depending on what they did and if
the agency feels like it's a good expenditure of resources, some kind of
criminal prosecution may be involved.

e.g.

\- Employee sees if his own cell phone number has been collected (violates
rules regarding looking up U.S. persons): probably a firing, but not worth
criminal prosecution

\- Employee starts a side business and starts monitoring communications of his
competitors to get a leg up, probably a firing + prison time.

te_chris:
[https://news.ycombinator.com/item?id=6910858](https://news.ycombinator.com/item?id=6910858)

> Thank you so much, kind American intelligence guy, for having the grace to
> not look at USA citizens emails, all the while not even mentioning
> foreigners, who should apparently just lie down and take it.

Foreigners don't just "take it", they have their own nation's intelligence
apparatus collecting against _their_ foreigners. Let me know when there are
mass protests against foreign collection in the rest of the world and maybe
then your complaint will make some kind of sense. Until then it's just bitter
complaining about something you knew all along anyway. It's kind of the point
of Intelligence.

lucb1e:
[https://news.ycombinator.com/item?id=6911262](https://news.ycombinator.com/item?id=6911262)

> Why is a distinction made between US and non-US people?

Because, at least in the U.S., there's a distinction between IC and LE
entities -- this is not a distinction shared by most countries. LE deals with
domestic events and U.S. people, while IC deals with non-domestic actors and
locations. There's a bit of overlap, for example, a U.S. citizen doing bad
things in a foreign country gets a bit of both, or a foreign national in the
U.S. But that's generally where the line is drawn. U.S. law doesn't apply
outside of the U.S. and it shouldn't. Can you imagine the world if the U.S.
suddenly decided that France had to apply by all U.S. laws including the U.S.
Constitution? If people think New Zealand cooperating on

> What makes me a potential criminal, and Mr. Smith not?

The reverse is true of U.S. citizens w/r to other country's intelligence
apparatus as well.

IC agencies _generally_ aren't looking for criminals...meaning they aren't
looking for people who broke U.S. law. They're basically looking for threats
to U.S. soil, citizens and concerns. LE agencies look for law breakers. That's
one of the reasons why the trials at GTMO are such a mess, guys were wrapped
up and sent off to Cuba for interrogation based on "Intelligence" but not
using information collected as part of a criminal prosecution. IC and LE
really do operate under very different methods (at least in the U.S.).

princeverma:
[https://news.ycombinator.com/item?id=6911007](https://news.ycombinator.com/item?id=6911007)

> I am a foreign national, I and my company uses services provided by a US
> company (email etc.), and this gives right to you guys to collect and ready
> my emails?

Yes. Look at your question from a different angle, under what legal regime is
the U.S. not allowed to do so? Or the contrapositive, what are you doing to
prevent _your_ country from spying on U.S. Citizens?

Tarang:
[https://news.ycombinator.com/item?id=6910916](https://news.ycombinator.com/item?id=6910916)

> If an employee had a contrarian opinion to the NSA would it be declassified
> like this one?

Yes. You can check Amazon yourself for books by former NSA employees who don't
side with the Agency. Their books were all reviewed by the NSA for classified
information, but not for dissenting opinions.

muglug:
[https://news.ycombinator.com/item?id=6910838](https://news.ycombinator.com/item?id=6910838)

> Do you think Snowdon's revelations had any beneficial impact, or is your
> view of them entirely negative?

Disappointingly no. At least in my circles, Snowden is not mentioned in polite
terms. The likely outcome will be no change in NSA collections or
capabilities, but automation in system administration, better collection of
auditable information on IC employees and more compartmentalizing of the
activities even further.

room271:
[https://news.ycombinator.com/item?id=6910827](https://news.ycombinator.com/item?id=6910827)

> My question to the OP: even if you believe that at the moment abuses are
> rare and that your colleagues are trustworthy and law-abiding, does the
> capability and level of information concern you in terms of the potential
> for future abuse it enables?

I'll toss in my answer too. I think it is serious cause for concern. But the
kind of work the IC does is _hard_ and I'd say impossible to get right.
Anybody who thinks the kinds of work that most of us do in our day-to-day
businesses is hard have no idea how really difficult the industry is. In a
normal business, if you get things wrong you might get sued or shut down. In
the Spy industry? countries might fall, nukes might loose and people might
die. Doing that kind of work in balance with people's rights, or at least not
negatively impacting truly innocent people is among the hardest things to do
in the world.

aaron695:
[https://news.ycombinator.com/item?id=6911046](https://news.ycombinator.com/item?id=6911046)

> "All that is necessary for the triumph of evil is that good men do nothing."

Doing nothing would be for the U.S. to not spy at all, which is a sentiment
shared by many in this forum. And then bad things would certainly happen for
the U.S. because no other country would do the same. Sometimes doing the right
thing really involves doing hard things that don't feel good. I won't make any
apologies for it and nor should the OP. The kind of work that the IC and the
military does, make no mistake about it, is ugly ugly work. It _is_ very
important though that this public debate be held often, and constantly. The
IC/Military construct is like a huge guard dog. You want it a bit mean and
angry, but you don't want it to bite you, the mailman or the neighborhood
kids...it's not so bad if it goes after the occasional solicitor or burgler.
So it's very important that you keep a constant eye on it and keep it in
check. Because it _will_ dig up your yard, chew up the sofa and otherwise
misbehave.

~~~
shitgoose
Another NSA muppet to the rescue. First one was a geek - easy to beat up. It
was pretty quickly escalated to someone from PR dept - a fact twisting
arrogant smooth talker. You guys are pathetic and frightening. Better stay
quiet if you don't want people to hate you even more.

~~~
mpyne
Did this PR drone hack HN to plant his comment [1] from "745 days ago" too?

[1]
[https://news.ycombinator.com/item?id=3296691](https://news.ycombinator.com/item?id=3296691)

~~~
joshstrange
Yes, because the government would NEVER plant agents in various online forums
to further their own agenda..... /s

While I would guess this is probably not the case here I would caution against
making it seem so ludacris....

~~~
mpyne
Did the government somehow manage to predict 746 days ago that they would need
to have a PR flackey describing the workday of an NSA analyst to clean up for
Snowden? I mean, that's some pretty special prognostication, right there.

~~~
joshstrange
Well anyone worth their salt should have known something like Snowden would
happen eventually. Even if they didn't it would be smart to start infiltrating
communities that they thought they might want "cred" in later.

