
Yahoo says U.S. sought data on 40,332 user accounts in 2013 - tareqak
http://www.washingtonpost.com/business/technology/yahoo-says-us-sought-data-on-40332-user-accounts-in-2013/2013/09/06/be304008-1718-11e3-804b-d3a1a3a18f2c_story.html
======
david_shaw
I try not to make assumptions about things I don't know, but these numbers beg
a fairly major question for me. The government has stated several times that
NSA surveillance and National Security Letters are only being applied to
monitor suspected terrorist action; that this broad digital observation is
only to protect our nation. Since I don't know that the government is lying
about this, I try to take their word.

However, if the U.S. government requested data on over forty thousand users
_last year alone,_ how many terrorists do they think are out there? Tens of
thousands? Hundreds? Over a million?

Now, I'm aware that only some of these requests are National Security Letters
and FISA requests--many, if not the majority, are just law enforcement
requests. Still, though, even if only ten percent of these are related to
national security, that's _four thousand_ threats to our security last year--
from Yahoo!'s user base alone.

That seems hard to believe.

~~~
sockPuppetry
Ah, come on. Consider what it takes to create a Yahoo! user account. Almost
nothing.

    
    
      Yes, I was born on January 1, 1901
      Yes, the CAPTCHA is HU3FR43O
    

When you're engaging in elaborate sock puppetry, ostensibly for evil deeds,
you're going to create and dump accounts like water.

Let's say there's some evil super villain plotting to derail a train, and he
needs to communicate with his henchmen. If he knows that the law will stop
attempting to trace his secret e-mails to his henchmen, after reaching some
magic number of say... 100,000 user accounts, then his evil plan needs to
incorporate operations to create maybe 500,000 sock puppet accounts, to give
his communiques a 1 in 5 chance of being intercepted.

Now, let's say you have special evil dedicated servers, capable of queuing and
automating requests in real time, and funneling off the CAPTCHAs to warehouse
filled with data entry sweatshop slaves, so that your henchmen have all of
their dummy accounts prepped for use, once the plan is set to unfold. Because
a lot of human intervention and human interaction can be removed from the
creation of a yahoo! account, and thus automated, if our evil super villain
were able to engineer a custom yahoo! account creation apparatus, it would be
a mistake to assume that 40,000 accounts represents 40,000 people, much less
40,000 terr'ists, or even 40,000 'muricans.

So it's not like one can make any assumptions based on these kinds of numbers,
when it comes to anything on the internet. But regardless, the reverse aspect
to this unreality of "user accounts" on the internet is the worry. There's no
way to know when government officials are being honest, and not taking
advantage of their powers, to abuse them for personal gain, either to spy on a
cheating spouse, or to accept bribes and do it for someone else.

If user accounts, as a rule are nebulous and pseudonymous, and there's no real
limit on creating them, and thus only a fuzzy integrity to them, then how can
there be a predefined limit on eavesdropping?

The only real limit on sock puppet accounts is a theoretical one, tied to the
bandwidth consumed by the circuits crossing all international boundries. In
theory, if it takes "X" amount of time for human intervention to create a user
account, and we can estimate "T" amount of terr'ists worldwide, then, given
"N" amount of time lapsed since TERR'ISM A.D., there might potentially be:

    
    
      ((N/X)*T) = terr'ist user accounts in the world
    

...then that's pretty much what 'murican law enforcement will entitle
themselves to commandeer to fight "evil".

But even more absurd is the idea that a dragnet of all internet traffic will
reveal any kind of terrorist communications at all. I would have imagined that
human couriers and satellite phones were still the primary drugs of choice
when it came to super villainy.

------
chatman
That is for the official record. Even Yahoo won't know how many users' data
was compromised via NSA backdoors. A regular user should never trust Yahoo and
other such services.

~~~
raldi
By "other such services", do you mean something more specific than "anyone"?

~~~
harrytuttle
I agree with "anyone" these days.

I'm responsible for a huge amount of private financial data and it has started
to scare the shit out of me.

------
tn13
I am not sure what US government is gaining by all this. But is certainly
losing faith of almost all people at very alarming rate. I am an Indian and so
far I have always been sympathetic with US an it's alleged war on terrorism
now I find myself questioning if US war on terror is any different from terror
they claim to fight.

This is like a bully government trying to force itself on everyone.

~~~
001sky
_I find myself questioning if US war on terror is any different from terror
they claim to fight._

Odd that. The NSA are frankly getting more scary than any known threat.
Whatever else is out there, sunlight is the best disinfectant. Subverting
privacy free-speech and the open-exchange of information is not the road
forward.

------
cmyr
Interesting to look at the other numbers. The UK requested 2k~, roughly the
same as India (the country with both the largest population and the most
serious/active threat of terrorism.) Germany is in the 5k range. Canada is at
47, New Zealand at 9.

------
jimparkins
When I see this all I think is that these are the requests from lower level
agents who have to fill in paperwork to get their data. I just cannot now
believe that upper levels of the intelligence agencies do not have complete
and total access.

~~~
mpyne
For a system like PRISM, they wouldn't have total access, as that system still
requires Yahoo to voluntarily hand over the data.

For "upstream" collection Yahoo would simply have never known anyways so
there's nothing for Yahoo to report on.

------
frank_boyd
It's pretty obvious why they release these numbers right now. More or less for
the same reason why Google says _now_ that they speed up encryption between
data centers:

Cheap and ridiculous PR, designed to move your attention away from the real
question (their collaboration with the NSA) to questions that have become
almost insignificant (comparatively speaking).

------
fatjokes
I'm guessing no senator called them "moral pygmies" for giving in to those
requests.

------
Nobody4342312
40,332?

"Yahoo says U.S. sought data on every active user account in 2013"

~~~
post_break
That's about how many people still use Yahoo.

~~~
mortehu
I think he was trying to make that joke. The quote is not in the article.

