
The NSA can store communications of US citizens for up to 5 years, sans warrant - brokenparser
http://thenextweb.com/insider/2013/06/20/the-nsa-can-retain-and-use-data-inadvertently-collected-from-communications-of-us-citizens/
======
natermer
I like how these jerks think they can go around and just make up their own
rules on what is and what is not allowed.

Why don't they just admit that their lying sacks of shit, set fire to the
constition, and admit what they think all the along:

"The only limit on Federal government powers are ones that we decide is valid
and ok. We can do whatever the hell we want and everything we do is secret. If
you try to tell the American public what is going on we will throw you in jail
or otherwise make your life a living hell. We are only obligated to admit what
we do when we feel like it or are caught. The rules we can change any time and
only exist for our own convenience. The only people that are allowed to judge
us are the judges we select and appoint for life and the rest of you peons
just STFU."

~~~
dreamdu5t
It takes different experiences for different people to realize that
government's claim to power is largely arbitrary.

This has been the situation prior to the existence of the NSA. Because
people's actions tend to coincide with government policy, they often don't
ever realize it.

------
driverdan
Blogspam for a Guardian article[1] that was posted here 3 hours before
this[2]. This just has a different title.

[1]: [http://www.guardian.co.uk/world/2013/jun/20/fisa-court-
nsa-w...](http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-
warrant)

[2]:
[https://news.ycombinator.com/item?id=5914021](https://news.ycombinator.com/item?id=5914021)

------
betterunix
This is true _for this specific program_ and only under the current policies.
Let's just stop kidding ourselves and assume that the NSA stores our
communications indefinitely, and design our software accordingly.

~~~
natermer
> This is true for this specific program and only under the current policies.
> Let's just stop kidding ourselves and assume that the NSA stores our
> communications indefinitely, and design our software accordingly.

Really?

And you believe this... because why? Because that is what they said?

I seriously believe that if I was to tell you that Obama had a massive program
to collect and record the phone activities of every American at any time for
any reason two months ago you would of called 'bullshit' so fast that it would
of made my head spin.

I see zero reason to believe anything these guys tell us about anything. The
only way to understand what they are really doing is to get information that
they say is illegal for you to know.

~~~
betterunix
"I seriously believe that if I was to tell you that Obama had a massive
program to collect and record the phone activities of every American at any
time for any reason two months ago you would of called 'bullshit' so fast that
it would of made my head spin."

What makes you think that the latest news has changed my assumptions about the
NSA? There has been evidence of widespread surveillance by the NSA for
_decades_ :

[https://en.wikipedia.org/wiki/ECHELON](https://en.wikipedia.org/wiki/ECHELON)

These sort of programs span multiple administrations. There was never any
reason to believe that the Obama administration would end them.

~~~
dllthomas
Statements by candidate Obama that he'd put an end to warrantless wiretapping
was _some_ reason, if not (apparently) sufficient reason. Of course, he did
put an end to warrantless wiretapping: collection of metadata is no longer
considered wiretapping. Yay!

------
phryk
Why is everyone fretting about US citizens?

a) Thinking the NSA and other intelligence organizations would really make the
distinction between US and non-US citizens, except in the scope that public
opinion doesn't instantly crush them, doesn't seem like something they'd
actually be likely to do.

b) 95% of the earths population are _outside_ of the USA, Facebook alone has a
user count higher than 3 times the total US population.

Really, the distinction is completely meaningless for this discussion. The
only effect it has is alienating non-US citizens because it makes it seem like
US citizens are only concerned about themselves.

I also think the focus on the US surveillance apparatus might not be the way
to go either, things like the upcoming Indian surveillance system belong to
the very same discussion.

~~~
dllthomas
While I think in numerous respects we do pay too little attention to the
rights of people elsewhere, both in a moral and practical sense, there is a
significant sense in which our surveillance capabilities turned inward is a
bigger problem than them turned outward: the American people are fundamentally
the biggest check on the further growth of the power of these individuals, and
giving them further power over us diminishes that.

~~~
boot
Right. It isn't to be disingenuous to everyone else. I think of it similar to
Chinese hacking incidences. "Foreign Power X hacked into the US defense
contractors?" Yeah, I'm okay with that. We need a balance of power in this
world.

Versus if it was this: "The US hacked into it's own civilian's businesses?"
Not acceptable.

------
leoc
Two important things for Americans to note:

1) FAA702 is supposed not to target "US persons" at all. But FAA70 _3_ and 70
_4_ are intended to target US persons outside the United States. They are more
restrictive, and surely less often used, but they're still there.

2) Have you actually read the ruling
[http://www.fas.org/irp/agency/doj/fisa/fiscr082208.pdf](http://www.fas.org/irp/agency/doj/fisa/fiscr082208.pdf)
in the Yahoo! FISA case which was
[http://www.nytimes.com/2013/06/14/technology/secret-court-
ru...](http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-
tech-companies-in-data-bind.html) recently reported? It's all about 703-like
surveillance _on US persons_. And it contains this:

"2 . The Foreign Intelligence Exception . The recurrent theme permeating the
petitioner's arguments is the notion that there is no foreign intelligence
exception to the Fourth Amendment's Warrant Clause. 6 The FISC rejected this
notion, positing that our decision in In re Sealed Case confirmed the
existence of a foreign intelligence exception to the warrant requirement. "

You may want to read that again. IANAL, but as best as I can understand this
is the FISC appeals court (the secret intelligence court's appeals court)
affirming its belief that while _law_ \- the FISA - prevents (some) no-warrant
searches for "foreign intelligence information" on US persons, this is not
actually necessary to comply with the US constitution, because the
_Constitution_ does not prevent such searches at all. As soon as a foreign
intelligence justification exists, open Sesame! the Warrant Clause goes away
and the US government can search US citizens without any warrant. It is
(according to this theory) only out of the goodness of Congress' heart that
this isn't permitted already.

------
codex
They can store inadvertently collected US data without a warrant (with a
written letter from the NSA director outlinig the reaons), but can they
_listen_ or _read_ it without a warrant? That key bit of data is missing from
this article. It appears that the answer is "yes" but it's not clear.

~~~
axus
They can read it until they're sure an American is on the line. If the person
never identifies their nationality, who can say.

~~~
Vivtek
And they can continue to read it as long as they're pretty sure a crime of any
kind has been or may soon be committed.

------
kyboren
If I send a letter with my email address and proof of citizenship to the NSA,
that gives them specific information that my email address belongs to a US
person.

Will they not then be required to delete all communications collected under
FAA702 between my email address and any other email address for which they
have received similar proof of US person-ness?

Can we organize a mass campaign for everyone to send letters to the NSA doing
something like this?

------
ChrisAntaki
That sounds too long, by about 5 years.

------
ck2
NSA Dark Star is capable of holding way more than five years of all voice and
internet traffic.

Something tells me that number is going to be made into decades.

Unless maybe they are planning to store five years of all the drone video
recordings over every major city.

------
johnnyg
I'm punch drunk at this point. What are we going to do? What is being done?

~~~
dlinder
Please call your Senators and Representative, it really does help. Every call
counts for hundreds (or even thousands) of emails.

[http://callday.org/](http://callday.org/) makes it pretty easy. You'll either
get voicemail or an intern who will take notes on what you say. It's very low-
pressure.

~~~
velik_m
Do keep in mind that your call will be recorded and stored for possible future
analysis of trouble elements.

~~~
dllthomas
All the more reason for all of us to call.

------
mtgx
I'm sure they'll only use it to catch terrorists, though.

Or not:

[http://www.huffingtonpost.com/2013/06/20/russ-tice-nsa-
obama...](http://www.huffingtonpost.com/2013/06/20/russ-tice-nsa-
obama_n_3473538.html)

[http://www.washingtonsblog.com/2013/06/nsa-whistleblower-
nsa...](http://www.washingtonsblog.com/2013/06/nsa-whistleblower-nsa-spying-
on-and-blackmailing-high-level-government-officials-and-military-
officers.html)

------
hispeedencrypt
Apple, Google and Facebook can store communications for evermore. And NSA can
easily get a copy anytime, via a rubber stamp by a judge in the secret court.

Now, in light of this, are we all (the good guys) permitted to use strong
encryption to protect our data in storage by these third parties... since we
can't trust them to do so?

Unless we have a HIPAA-like law to cover all data, not just our medical
records, then may we resort to self-help?

~~~
alwaysinshade
> Apple [...] can store communications for evermore. And NSA can easily get a
> copy anytime, via a rubber stamp by a judge in the secret court.

"There are certain categories of information which we do not provide to law
enforcement or any other group because we choose not to retain it.

For example, conversations which take place over iMessage and FaceTime are
protected by end-to-end encryption so no one but the sender and receiver can
see or read them. Apple cannot decrypt that data."

[https://www.apple.com/apples-commitment-to-customer-
privacy/](https://www.apple.com/apples-commitment-to-customer-privacy/)

------
kevcampb
And non US citizens?

~~~
jsmeaton
Don't count. Being an Australian, I'm pissed.

~~~
alan_cx
Dude, we Brits know you Aussies love your beer, like we do, but hey, don't
openly prove the stereo type!!!!

Although, I am "pissed" too. No, non Americans are subhuman and have no rights
in US law and seemingly to most Americans, even if we are customers of US
businesses making them money, while these US business avoids tax like its
AIDS. The US government also happily sweeps aside international law and
convention when it suits them. Hence drone strikes, gitmo and rendition, or as
the rest of us sub-humans call it, kidnap, murder and false imprisonment. Or
the refusal to submit US citizens to international courts.

That is the problem with the US attitude to the rest of the planet, we are
seen as both customers to be exploited, and the enemy. Real shame the US is so
paranoid, the vast majority of us aren't evil.

I really fail to understand why the US believes it can behave in a way no one
else does, why it thinks it has the right to do what it likes and over ride
every one else. It really does feel like the US only recognizes American
citizens as fully human. America and Americans are some how special and of
more worth than every one else.

Yet, while I disapprove of this, worse is the way US allies lay down and
accept it. So, partly, I think, "sod it, if my government cant be arsed to
challenge them, then why am I bothering?". A bit like thinking the US citizens
clearly want this, they voted for it, so they deserve it.

Its sad because all this stuff, IMHO, tarnishes everything good the US does.
And it really does do some brilliant, awesome stuff. Is this superiority
complex really the price the rest of us have to pay?

It funny, just a the simple addition of equality and humility, and the US
could be the most loved country on the planet.

------
vasundhar
5 days/months/years doesn't really matter, they have it, they will store it.
Data is new Gold, no one wants to get rid of it or can get rid of it for the
complications it might cause in the future. Can the people who decided to
store the data, will ever be ready to destroy it ?

1\. You Can't treat your citizens like suspects 2\. You can't take control
over the world information 3\. If it is done for the security, let us know
upfront about it, there should be no beating around the bush.

------
HugoHobling
Section (3) is particularly interesting.

 _A communication identified as a domestic communication will be promptly
destroyed upon recognition unless the Director of the NSA specifically
determines, in writing, that_

 _(3) the communication is reasonably believed to contain ... information
necessary to assess a communications security vulnerability_

What does this say for vulnerability researchers who happen to be American?

~~~
krek
I interpret it to mean that if NSA's filter catches words related to
communications security then it is flagged and possibly read by an analyst. It
does say the Director of the NSA has to specifically request that the
communication be kept, but someone has to read it first to determine its
value. So it's read and stored without a warrant. Seems like a pretty clear
violation of the 4th amendment to me.

------
fnordfnordfnord
Is it just me or has the gov't clammed up and stopped making incredible &
dishonest denials?

------
grey-area
I have been thinking about steps Google and other big providers could take to
make their services more trustworthy again for those outside the US who
apparently have no protection from this dragnet under US law. Given the
dominance of their services in email and search, Google could actually
initiate a step-change in the privacy of their customers, without much effort.

They could anonymise their search data before storing, so that they don't
store individual actions, just something like group preferences to tailor
searches and target advertising. This wouldn't be easy while keeping their
advertisers happy, but it's an interesting problem - how do you tailor search
and advertising while not keeping track of every URL the user searches or
clicks on. It would be interesting to know if turning off google web history
actually turns anything off apart from the UI to display this tracking to the
user - they have a disclaimer saying they still log for other purposes even
with web history turned off. They could allow users to turn off this tracking
completely.

They could make gmail delete old mails after 1 year or so by default, as a
security measure. Keeping everything forever on a server is not a great idea
if various governments are then given access to that data at some point in the
future, and people should keep their archives of mail locally, not on Google's
server - Google should encourage that.

They could offer easy to set up encryption on gmail, in fact they could set it
up by default for each user. If the user chose to this could kick in
automatically when emailing any account on their own service, giving a lot of
people encrypted email all of a sudden without any effort on their part. That
would make a vast number of email communications encrypted, and coupled with
deleting older emails, this would make it far harder for the NSA to snoop on
email communications, at least for those who don't use webmail and delete
their old messages from the server. If Google did this and used an open
standard, other providers like Apple, Hotmail etc would follow, and mail
readers like Apple mail would be changed to read the messages.

Finally, they could do far more to explain what they are gathering on each
individual, and in what circumstances they will pass the material on to the
NSA - they claim that they robustly defend the rights of their users, but
without actual proof, this is not very convincing. I read their lawyer's Q&A
with the guardian last week, and nothing of substance was said, though lots of
vague denials were included again:

 _" We review each of those requests and push back when the request is overly
broad or doesn't follow the correct process. There is no free-for-all, no
direct access, no indirect access, no back door, no drop box."_

Which tells us nothing about what actually does happen, and whether Google has
enough information to effectively oversee these requests. If they don't feel
they can legally tell their customers what they are doing, they should be
campaigning far more robustly and openly for the right to divulge that
information, and fighting it in the open courts with ACLU now that the details
have emerged. They could start by simply refusing to cooperate with FISA
requests going forward, until a more transparent system is put in place -
Twitter hasn't been cooperating, so why should Google?

This scandal is damaging their standing in other countries, and the best way
to counter that would be to be open and honest (in spite of the secret laws
they are asked to operate under) and stand up for their users' privacy with
concrete actions rather than denials. If they continue to give information to
the NSA, US users should be very concerned about what Google will say when all
the other governments of the world require data on US persons from Google
subsidiaries, following the NSA's example.

~~~
Tyrannosaurs
The issue here is that Google's business, or a large part of it, is all about
amassing data in a useful and usable way. Most of what you propose would
undermine Google as much as it would undermine security organisations.

~~~
grey-area
_The issue here is that Google 's business, or a large part of it, is all
about amassing data in a useful and usable way._

I see it as a social contract between Google and their customers - customers
give up a certain amount of anonymity and allow some activities to be tracked
so that they are provided with services, sometimes paid (e.g. google apps),
sometimes free (e.g. search or gmail). If the relationship becomes one where
Google takes whatever they want and provides that data to third parties, why
should we as customers put up with it? It's particularly galling if you're
paying them for the privilege.

Plenty of alternatives are ready to replace them if they don't pay more than
lip-service to their users' privacy.

------
dsaber
But how can they accurately identify a request as being by an actual US
citizen?

~~~
eitally
For that matter, how can they identify any individual as a US citizen when the
commercial systems they're monitoring (phone, email, etc) often don't know?
What about foreign workers on visas, or US expats abroad, or simple business
travelers.

~~~
Vivtek
We expats abroad are not protected. I guess we're just not loyal enough.

------
epo
Off topic, but explain to me the gratuitous use of a French word in the
headline. Is this some kind of slur on the French, e.g. the NSA are being so
duplicitous they are almost French?

~~~
LoganCale
Do you mean "sans"? That word is commonly used in U.S. English to mean
"without".

------
kaa2102
I feel safer already. /sarcasm How can citizens reverse these sort of
intrusive policies?

------
mayneack
Well, at least my embarrassing things that I wrote in high school are gone
now...

------
throwaway10001
_Sometimes_ all I think we can do by writing to our "tough on terrorists"
lawmakers is save some money. Avoid the FISA court entirely, just give the the
rubber stamp to the f#^&%($ NSA, it's not like any request is denied anyway.

Look at hosting services and the storage GB and traffic they offer now
compared to a few years ago. Storage and bandwidth costs are going lower and
lower so NSA can easily store everything "forever." If Google can do it, why
can't NSA with a comparatively unlimited budget ? Just the US intel spending
is something like $80 Billion a year and that's one area that is not going to
be left unfunded or "you Senator will have blood on your hands next time Al
Qaeda..."

