
N.S.A Halts Collection of Americans’ Emails About Foreign Targets - sashk
https://www.nytimes.com/2017/04/28/us/politics/nsa-surveillance-terrorism-privacy.html
======
jancsika
We can't sensibly discuss this story here unless we know which definition of
"collect" is being used in the story.

Normal definition: collect. For example: "Even collected all the data going to
and from Bob's house by putting a splitter on the cable."

NSA's definition: not that, as cited in various stories sourced by the Snowden
leaks from the Guardian.

I won't attempt to define exactly how the NSA defines "collect" because I
don't have time to track down and read the relevant article. But the upshot
is-- their definition is idiosyncratic and misleading for a piece that has a
general audience like this one.

~~~
nyolfen
their definition (via secret interpretation of USSID 18, according to Bill
Binney[1]) is roughly that it's only collected if they actually go back and
look at it at some point down the line. your web browsing history (or
whatever) sitting on a hard drive in utah doesn't fall under this definition
until they look at it.

[1] [https://youtu.be/r9-3K3rkPRE](https://youtu.be/r9-3K3rkPRE)

~~~
elevenfist
This isn't really a secret interpretation, I and a lot of people I knew
noticed the same thing over a decade ago by reading the privacy policies of
tech companies. Reading the data requires a warrant. Recording the data
doesn't.

~~~
jwtadvice
The important aspect for the NSA's interpretation is that algorithms can look
at and process the data and create metadata or synopsis information from it.

Having an intelligence system ingest this metadata and synopsis is not
considered "collection".

Essentially, if it can be automated, it isn't collection. If a human gets
pulled into the loop to look at data, that's when it's collected. However, a
human could be shown a synopsis or an inference about an American target and
this could still not be collection, as the summary information being viewed
isn't considered the person's private records.

Basically a loophole in a loophole. I'll be happy to keep databases of, and
run software over, our national security records. I won't collect any of it,
though. I won't even look at it. I'll just get summaries of the information
contained in it from my algorithms - and if I want to look at a specific
document I'll punch a rubber stamp on it first.

~~~
andreyf
And what will you need to show to obtain said rubber stamp? This is not
secret, either:

Search for "how FISA works" here:
[http://www.belfercenter.org/sites/default/files/legacy/files...](http://www.belfercenter.org/sites/default/files/legacy/files/IC-
book-finalasof12JUNE.pdf)

~~~
killjoywashere
Curiously, a fair amount of genetic research is done this way: the genetic
info is PHI, but the covered entity holds the data and the computer capacity.
The researcher just pushes an algorithm to the cluster and gets aggregate
results back.

~~~
TechnicalVault
That's the idea, but in practice GA4GH is still working on the API's and
protocols to make this work in an automated and containerised fashion for
modern genetic data. We do often send the algorithm to the data but mostly by
way of granting an account to collaborators and them sshing into a remote
cluster because copying 120 terabyte datasets is no fun.

------
nostromo
> For technical reasons, the agency ended up collecting messages sent and
> received domestically as a byproduct of such surveillance, the officials
> said.

"Oops didn't mean to."

Keep in mind that the NSA lied to Congress very recently. Thanks to Snowden
they were caught in that lie. I don't believe anything they say.

[http://www.politifact.com/truth-o-
meter/article/2014/mar/11/...](http://www.politifact.com/truth-o-
meter/article/2014/mar/11/james-clappers-testimony-one-year-later/)

~~~
tajen
The only credible way to trust that NSA had stopped wiretapping would be a
drastic enough reduction of its finances (and no transfer to FBI/CIA for that
purpose).

------
Baeocystin
Things that I do not for one second believe: this.

Maybe this one particular program, under one particular name, sure.

But overall? I just don't see it. I am not saying this cynically, I just
don't. Data collection is too easy, database queries too simple.

~~~
CriticalSection
Sure.

Prior to World War II, the FBI began keeping a list of people to be rounded up
"in the event of a national emergency" (
[https://en.wikipedia.org/wiki/FBI_Index](https://en.wikipedia.org/wiki/FBI_Index)
). Some people on this index were put in concentration camps during World War
II, notably people of Japanese heritage (and as Cygnus co-founder John Gilmore
notes, some of these people were identified, via a legal fiction, by them
filling out that they were of Japanese heritage on census forms
[http://www.toad.com/gnu/census.html](http://www.toad.com/gnu/census.html))

World War II did not end the list, it grew. Finally, Watergate, the death of
Hoover and exposure of programs like COINTELPRO led to the Church Committee
and the supposed disabling of the list.

Since then, all information has been that the only thing that has changed is
that the list is not officially for the detention of American citizens. Some
of the people involved in Iran-Contra in the 1980s were also maneuvering for a
US military invasion of Nicaragua, which they thought might necessitate
putting anti-war protesters into concentration camps(
[https://en.wikipedia.org/wiki/Rex_84](https://en.wikipedia.org/wiki/Rex_84)
). Of course, that plan was so far out that the plan might be more nutty than
scary, but then again, these are people who secretly broke the US's own arms
embargo against Iran to sell Iran weapons, the money from which they used to
fund a war against Nicaragua which Congress had banned.

It's kind of like that Utah Data Center (
[https://en.wikipedia.org/wiki/Utah_Data_Center](https://en.wikipedia.org/wiki/Utah_Data_Center)
) they're building to store what is probably permanent recordings of our phone
calls, SMS messages, e-mails, web browsing history etc. They didn't spend $1.5
billion on it so far to not use it.

~~~
mtempm
Remember in the 90s when reading your email was seen as a creepy deed done by
greasy, social outcasts? Contrast that with our government, today, spending
unholy amounts of money to do that while Americans go without clean water and
healthcare.

------
a3n
How would we even know? No one can even go down in there. Congressional
oversight is done by them coming up to Congress and saying "Nope, we're not
breaking any laws. Not wittingly."

~~~
sneak
[http://www.hasjamesclapperbeenindictedyet.com](http://www.hasjamesclapperbeenindictedyet.com)

------
pc2g4d
They're trying to get a PR win out of that fact that---for now---they're not
continuing the program. Later, when they've refined their technical
infrastructure in a way that makes it easy to comply with whatever new
requirements the FISA judge(s) came up with, they'll resume the program but
not tell a soul.

That's how I'm interpreting this, anyway. I hope I'm wrong.

~~~
cma
And it may have been the only way to satisfy the court anyway, they had
previously assured the court surrounding communications to these wouldn't be
searched, and then they were searching them too (so even if you didn't mention
a targeted email, if your email was in an internal email provider bundle (like
a backup across data centers), it was getting searched too:

>But last year, officials said, the N.S.A. discovered that analysts were
querying the bundled messages in a way that did not comply with those rules.
The agency brought the matter to the court’s attention, resulting in a delay
in reauthorizing the broader warrantless surveillance program until the agency
proposed ceasing this collection practice.

------
mtgx
> _For technical reasons, the agency ended up collecting messages sent and
> received domestically as a byproduct of such surveillance, the officials
> said._

Yeah, sure. Maybe don't do mass surveillance then?

> _The agency then proposed putting the bundled messages in a special
> repository to which analysts, searching through intercepts to write
> intelligence reports, would generally not have access. The court permitted
> that type of collection to continue with that restriction.

But last year, officials said, the N.S.A. discovered that analysts were
querying the bundled messages in a way that did not comply with those rules._

This seems to happen Every.Single.Time. I wonder what _really_ prompted the
NSA to stop this collection. Maybe they just want to act all "We're good boys
now" to convince Congress that they can be trusted with FISA Amendments'
renewal, later this year?

~~~
__jal
We'll probably have to wait for the next Bamford book to find out what
happened.

Given past performance, I would put money on this being replaced by a
functionally identical program with a legal hack, and of course a new name.
(The new name is vital so that "we no longer collect that data under that
program" remains a technically-true statement.)

------
Jerry2
If they don't collect it under this program, they'll collect it under some
other program. Or they'll just let one of the FIVE EYES partners spy on
Americans. That's how they operate.

~~~
lern_too_spel
One of the main points of the Five Eyes agreement (originally BRUSA) is that
the member states have a "no-spy agreement" with each other. That's why you
see French leaders in the leaks but not heads of state of Canada or the UK.
[http://www.pbs.org/newshour/rundown/an-exclusive-club-the-
fi...](http://www.pbs.org/newshour/rundown/an-exclusive-club-the-five-
countries-that-dont-spy-on-each-other/)

The rumor that they spy on each other and share that data is not substantiated
in any leaks and specifically goes against one of the main planks, making it
an especially strange rumor.

~~~
Jerry2
> _The rumor that they spy on each other and share that data is not
> substantiated in any leaks and specifically goes against one of the main
> planks, making it an especially strange rumor._

Huh? GCHQ has been spying on Americans for a long time. Here's the latest
example: [0]

[0] [https://www.theguardian.com/uk-news/2017/apr/13/british-
spie...](https://www.theguardian.com/uk-news/2017/apr/13/british-spies-first-
to-spot-trump-team-links-russia)

~~~
lern_too_spel
They were spying on Russians.

"The alleged conversations were picked up by chance as part of routine
surveillance of Russian intelligence assets."

------
dmix
I don't like how this article implies that they aren't saving and storing all
of your emails unless you are communicating with a surveillance target. In
reality they are sucking up all data in transit and only _looking_ at it when
it involves a foreign target.

But technically they are storing it regardless if you do or not, and we are
basically trusting them to not look at it.

This seems to be the biggest issue that is never addressed in these articles.

Not to mention the FISA court process being oddly rubber-stampy. Despite
claims that they try really-really hard to get each one right, as an
explanation why every single one gets approved.

~~~
andreyf
> Not to mention the FISA court process being oddly rubber-stampy. Despite
> claims that they try really-really hard to get each one right, as an
> explanation why every single one gets approved.

What's wrong with those claims? If the guidelines are clear and their lawyers
are competent, they can turn down a request without bothering the court.
Surely you'll agree DoJ lawyers can tell whether a request meets the criteria
for a legal intercept the vast majority of the time? "Probable cause" isn't
exactly novel case law.

------
hackuser
A fundamental conflict keeps coming up:

1) Security agencies are much more effective if they collect data before they
know it's important. If they wait until Jane Doe blows up a building to start
collecting intelligence on her, much of the evidence and other valuable
information will be long gone.

2) Spying on innocent people violates their privacy, their legal rights, and
is a tool for oppression. Warrants are required for a good reason.

One somewhat obvious solution is to store the data in escrow, available only
with a warrant. Nobody would trust a private company with all that data (I
hope, though I some countries require ISPs and other service providers to
maintain some history), so who can we trust? I wonder if the courts are an
answer. On one hand, it is not their role to provide investigative tools to
the prosecution and could even violate their independence and neutrality. On
the other, there would be little question about whether law enforcement had a
valid warrant or whether the courts would respect by their own authority to
issue warrants (and on the third hand, rather than the courts cleaning up the
corruption, the corruption could spread to the courts too).

Does anyone know if there's a precedent?

~~~
Jach
As another comment mentioned the NSA definition of collect seems to be (or
was) only when they "look" at it, whatever that means exactly.

An interesting thing that I like to imagine happens with 1 (though I have no
evidence) is that often Jane Doe does blow up a building, but then you see in
the news over the next few weeks reports of rounding up terrorist cells
related to Jane Doe. If they had to start fresh every time I don't think they
could do that, they must have prior information, so I like to think it's the
powers involved paying the Palantir tax. It's very reactive, which sucks for
the people killed by Jane, but perhaps it's indicative that things haven't yet
gone full Minority Report.

------
theprop
It looks like this is likely a temporary cease & desist in order to get court
authorization for their "broader warrantless surveillance program" while they
figure out how to get those "bundled messages" into a separate repository.

I'd guess the NSA will eventually resume this massive email collection program
once they can get it such that it's in compliance with the Court rules (which
they seem to have been unable to do quickly right now hence ceasing it).

The good news, however slight it may be, is that the NSA may be at least
obeying court orders somewhat rigorously.

------
seibelj
Don't ever rely on email to be secure. It is an insecure medium despite all
the bandaids on it. It's useful for sure, but assume it's being read by the
government before you send a message.

------
exabrial
This program likely started under Bush but was KEPT by Obama. It really upsets
me that people give him a free pass for such an egregious violation of the
Constitution.

~~~
IIAOPSW
And has yet to stop under Trump.

Let's hold all presidents to the same standard.

------
sandworm101
Imho this has nothing to do with privacy or law. This is an operational
decision. The bad guys aren't using email these days. I don't agree with much
of the "going dark" narrative, but it is clear that bad guys are using IM
services and other not-email means of communicating. So to hear NSA talk about
not collecting email is like them saying they are going to stop monitoring
library records: It sounds like a win for privacy but only on paper and we
know that they will simply redeploy resources to the interception of other
communication.

------
dbg31415
If you believe this, I have a bridge to sell you.

We'd need to understand what their definition of NSA, or collection, or emails
are.

I think it's most likely they are saying that the entire NSA as a whole isn't
doing collection, only some subset of the NSA is... and maybe they define
collection as capturing and retaining information for 10 years, and now they
are only doing it for 9 years 11 months... and emails mean everything you ever
do online and SnapChat and Signal and Texts too.

Do not trust these people.

~~~
1001101
You forgot about World of Warcraft [1]

[1] [http://www.cnn.com/2013/12/09/tech/web/nsa-spying-video-
game...](http://www.cnn.com/2013/12/09/tech/web/nsa-spying-video-games/)

~~~
dbg31415
This is hilarious. That someone in the government was paid to watch Barrens
Chat full of Chuck Norris jokes, debates about if STR or AGI was better for
Enhancements Shaman, and links to in-game items that would make funny dildos
really amuses me.

/1 Anal [Thunderfury, Blessed Blade of the Windseeker]!

------
jey
> The problem stemmed from certain bundled messages that internet companies
> sometimes packaged together and transmitted as a unit.

Wat?

~~~
badosu
If you intercept traffic from gmail as a whole you would get messages from US
citizens, not only from foreign people, not counting replies, fws, etc. That's
my take from this excuse.

------
djschnei
These criminals are sorry they broke the law, promise not to do it again. I'm
all warm and fuzzy.

------
19eightyfour
I don't know why Snowden is so quick to tweet that this is a victory. To me,
it's a multivariate equation, and all they've done is made one of the
variables smaller. They can sustain collection at the same amounts, by making
another variable proportionally larger. For instance, what's changed is that
they no longer collect signals that mention a target, only signals to or from
a target. So all you need to do to keep collecting the same amount, is to make
a lot more targets.

------
jimsmart
Err, the same emails that only a few years back they claimed they weren't
'collecting' anyway?[0] Totally believable. Yeah, totally — and I'm the King
of England.

[0] [https://www.wired.com/2013/06/phew-it-was-just-metadata-
not-...](https://www.wired.com/2013/06/phew-it-was-just-metadata-not-think-
again/)

------
encryptThrow32
The filter on XKS that prevents US hits on selectors has been enhanced to
satisfy ruling of the court.

Its still collected in perpetuity, but under the Schrödinger approach to
surveillance it no longer exists.

Maybe nothing can truly change, just as one cannot uninvent a technology --
telephony, broadcasting or social media are with us forever. Maybe true to for
global passive surveillance.

------
kevwil
Can we get an inside contractor to leak proof of such? Because, you know,
trust or the lack thereof.

------
SapphireSun
The NYT story was way too friendly in my opinion. It almost took the claims at
face value that the agency did this voluntarily. I liked this version better:
[https://theintercept.com/2017/04/28/nsa-backs-down-on-
major-...](https://theintercept.com/2017/04/28/nsa-backs-down-on-major-
surveillance-program-that-captured-americans-communications-without-a-
warrant/)

------
chinathrow
Even then - the data of rest of the world is still sucked up wherever
possible.

Signed, A non-US citizen of this world

------
meowschwitz
5 Eyes is collecting AND STORING EVERYTHING that enters or leaves their
respective country.

~~~
HappyTypist
They're also collecting everything inside and outside their country.

------
Mendenhall
Easy, now they just get it from the rest of 5 eyes then store it :)

------
throwfast1
so, the infrastructure equipment used to do this is up for sale right? anyone
know where? I'm in the market for cheap network/server/security gear.

------
wheelerwj
MFW trump making it harder to prove links to foreign government happens to
coincide with my 4th Amendment rights...

------
LeeHwang
Wow can't say I expected this under President Trump, It's something I thought
Obama would do.

------
fallingfrog
Sorry, but the NSA has zero credibility at this point. I don't believe a word
of it.

------
sneak
Only 4% of humans live in America. The other 96% deserve human rights, too.

~~~
chronic940
If they're not residing in America nor are a threat to the US, the 96% should
be ignored.

------
godmodus
I doubt that, esp with all the russian tenssions recently.

------
benevol
Right. And Trump starts caring about the environment.

That's just adding one more insult to a stack of insults that's already higher
than the Trump tower.

------
yuhong
[https://news.ycombinator.com/item?id=14181195](https://news.ycombinator.com/item?id=14181195)

------
DesiLurker
sure, collecting emails has no benefit unless people believe that they are not
being watched!

------
tripzilch
> give the N.S.A. copies of internet messages _that cross the international
> border_ and contain a search term that identifies foreigners

That's a pretty misleading way to state the criteria. A reader that doesn't
know any better would assume that a message that is sent from within the USA
to somewhere else within the USA, would already have been exempt from this
program.

But everybody with a little bit of background knowledge, including the author,
knows that internet packets are routed, cached and stored all over the planet
without regard to international borders. Even a packet or message that has
both endpoints on US soil is very likely to cross international borders at
some point in its route, because that's how the internet works and these
services' infrastructure.

Just like calling this a "major development". I mean really, is this defeat?
Sunk the bar that low? Call it "highly unlikely", "unprecedented" or something
like that if you want to highlight the fact how _unusual_ it is that the NSA
gives up a tiny crumb of its capabilities. Call it "promising" maybe if you
want to be really optimistic about it (hah).

But in what universe is this a "major development", instead of a tiny
insignifant drop in the ocean of the NSAs vast and total surveillance
capabilities? Does _anybody_ believe that they are now in any way subject to
less surveillance than before? It's like lowering the speed limit by 0.1mph
and calling it a "major development" for the safety of kids playing on the
streets.

Here's another nice one:

> The inquiries were conducted for legitimate intelligence purposes, the
> official said, but under rules imposed by the intelligence court, analysts
> were not supposed to search for Americans’ information within that data set

So ... the inquiries were conducted for legitimate purposes, it's just that
they were against the rules, is all. I'm not sure I'm familiar with this new
interpretation of the word "legitimate".

No but seriously can anyone explain this line? If I'm being as favourable as I
can possibly manage, I suppose they mean this: The _purpose_ of the inquiries
was legitimate, it's just _performing_ them is not. So what does it mean if
merely the purpose is legitimate? Did this official just try to let off these
NSA-analysts because "the ends justified the means" ??

Not that it matters that much to me any way, because I am one of those filthy
foreigners that doesn't have any right to any privacy whatsoever in the eyes
of the NSA and a worryingly large percentage of US citizens cheering them on
for that, because it is not them--ehm I mean because it is their job (if you
don't think too hard about it). There's so many people arguing, many people
who are otherwise very reasonable, that it's somehow okay to utterly violate
people's privacy (on an unprecedented global scale) for _no other reason_ than
they are foreigners. No other reason. Being foreign is enough that you decided
my private life is somehow not my own. And of course that my government is
doing it too! Except that they don't have the budget or the _unique_ position
in internet infrastructure to violate privacy on such a global scale. But they
do still try. And I won't let that slide or cheer them on for it either, just
because they're doing it to "other" people.

------
c3534l
Sure they did.

------
systematical
Right....

------
whatnotests
Sure they did.

