
Pres. Obama Remarks on Intelligence Programs [video] - sinak
http://www.c-span.org/Events/Pres-Obama-Remarks-on-Intelligence-Programs/10737443584-1/
======
MisterWebz
It's obvious he's not really taking this seriously. These are empty promises
with only one goal, and that's restoring the public's trust without hampering
the NSA's abilities too much (if at all).

EDIT: After having very quickly skimmed the PPD, here's something interesting:

 _The collection of foreign private commercial information or trade secrets is
authorized only to protect the national security of the United States or its
partners an d allies. It is not an authorized foreign intelligence or
counterintelligence purpose to collect such information to afford a
competitive advantage to U.S. companies and U.S. business sectors
commercially._

Bascially what they're saying is that, in the name of security, we can do
whatever the fuck we want. Good luck trying to stop an agency operating in
total secrecy from abusing these powers.

~~~
res0nat0r
Not really. He is addressing the concerns of the majority of people, not the
.00001% of America that comprises HN, where the only acceptable speech would
be that the NSA is being shut down tomorrow.

~~~
smokeyj
Do you think Obama is appealing to non subject matter experts because they're
reasonable, or ignorant?

~~~
comex
I'd say the difference in view between subject matter experts and others has a
number of causes. Some are pure ignorance: for example, most people do not
know how tenuous the security of the Internet already is, and thus how harmful
it is to try to actively subvert it. But those can only really be part of the
story; security protocols seemingly haven't been affected all that much in
practice (c.f. Dual EC's brokenness in OpenSSL), and the core question of
whether it is acceptable to spy on private communications doesn't really
depend on technical details (indeed, there was plenty of anger over just
spying on plain-old-telephone-service records, which most of the people here
_don 't_ know those details about). So I would also nominate...

\- More technically inclined people have more (for some, I'd say an order of
magnitude more, however you want to define that) of their life online, so they
(a) have more data online and thus more to lose, and (b) tend to care much
more about anything which affects their activities, since it is more important
to them.

\- Having a connection, direct or broad, with the technologies and the people
responsible for securing things can make their subversion feel more violating;
so can knowing that many things (email, Google's backend) could have been
secured better but weren't, partially due to a false belief that the US
Internet didn't need to be treated as an adversary.

\- Connections in the "tech community" causing a bandwagon effect in topics
that spread well beyond technology itself. In the context of one forum, such
as this one, this is quite clear (the political norm here is very far from the
mainstream in areas that have nothing to do with tech); less so the more
broadly you define the community, but I think there is some group bias to be
found even if you include every programmer in the US.

------
higherpurpose
What upset me most about his speech is him conflating the issues of protection
against terrorists and protection against cyber-attacks, implying that they
are basically the same, and that the NSA is just as useful for both.

I won't discuss the fact that 12 years of surveillance have led to no results
on stopping any terrorist plots, as the NSA has already admitted, but the NSA
has actually made cyberattacks _more_ likely because they are undermining the
security of everything, including US infrastructure.

As Schneier says, it's not a question of whether we allow the NSA to spy on
everyone or not. It's a question of whether we allow _every attacker_ to spy
or attack our networks - or we try to make everything more secure by default.

So when president Obama implies that NSA should keep hoarding their
vulnerabilities into systems, he's choosing the former, rather than the
latter. He's making cyberattacks _more_ likely, not less. The way you defend
against cyberattacks is by increasing security, not by increasing your offense
capabilities.

If they _really_ cared about the security of US infrastructure, they'd divulge
the vulnerabilities they found or bought from the black market that exploit
the security of these systems, so those systems can be _fixed_ , and no one
else can exploit them with these exploits. Instead they keep them for
themselves so _they_ can exploit them. That's not just wrong. It's incredibly
dangerous and reckless, especially from an agency that supposedly wants to
"protect us".

~~~
pekk
He didn't conflate terrorism and cyber-attacks, he only said that we need the
capability to stop these.

He certainly never implied that "NSA should keep hoarding their
vulnerabilities into systems."

Are you arguing that the US should be the only large country without
intelligence or counter-intelligence programs?

~~~
higherpurpose
They should certainly separate the US Cyber Command from the NSA. That caused
a lot of the current problems. It's also what Obama's own NSA review panel
recommended. Putting a big wall between the two should ensure that the powers
aren't abused as much, and that the exploits are used only in most important
cases, and only outside of US (NSA is still not supposed to attack US
citizens, right?!).

~~~
mpyne
I don't know why Obama didn't take the recommendation, but as someone in the
military I can tell you it's probably because the downsides outweigh the
gains.

From the perspective of civil liberties NSA is the threat because of its
extensive capabilities.

But it is _exactly_ that suite of capabilities that makes it useful for
USCYBERCOM. You wouldn't expect to see USSTRATCOM without its collection of
silos, bombers, and SSBNs, would you?

Splitting up CYBERCOM and NSA would leave the capabilities substantially still
in the hands of NSA, so they'd still need to coordinate often (but now it
would be much more difficult, reducing military readiness for CYBERCOM). But
it wouldn't eliminate the threat to civil liberties from NSA (since those come
substantially from the NSA's capabilities).

If you instead give CYBERCOM equivalent capability to NSA (at great expense,
mind you), you'd simply have two large octopi that are civil liberties risks,
instead of one. And only one of those would be substantially overseen by FISC
and Congress, since the President would have direct military control over
CYBERCOM's actions. Does this sound better?

Leaving CYBERCOM dependent on NSA for its ability to conduct overseas
cyberattack actually makes it easier to ensure civil liberties oversight is
implemented _and performed_ , and that NSA can't evade those oversight
controls by pawning off an illegal search on their friendly neighborhood
CYBERCOM with equivalent (or better) cyber capability.

------
netcraft
The President is still speaking so I don't know what he is going to announce,
but as an american, I don't like the concept of citizens and non-citizens
being treated differently when it comes to their rights. The distinction is
difficult to make anyway, but the declaration of independence says "We hold
these truths to be self-evident, that all men are created equal, that they are
endowed by their Creator with certain unalienable Rights..." and does not make
a distinction - I don't think we should be able to spy on someone in another
country without a warrant any more than we can spy on citizen.

~~~
srl
While that's a nice sentiment in principle, it falls apart in fairly obvious
ways. Do we enforce our laws on citizens of other nations? When other
governments act in ways inconsistent with our constitution, do you think we
should use our military to force them to do otherwise (as we have done with
our own states)? Of course not.

Our government's first responsibility is to the security and liberties of its
citizens and (legal[1]) residents. As much as possible, I'd want it to protect
those in ways that also help the security and liberties of those in other
parts of the world, but those are not equal obligations.

In any case, being spied on by a foreign country is considerably less bad than
being spied on by your own. In the wet dreams of conspiracy theorists, our
government spies on its citizens to discover their political views, and then
imprisons those with views it doesn't like. There's no equivalent evil that
France's government could pull off.

[1] In my view, "legal" shouldn't need to be there, but that's not very
realistic.

~~~
dictum
> In any case, being spied on by a foreign country is considerably less bad
> than being spied on by your own. In the wet dreams of conspiracy theorists,
> our government spies on its citizens to discover their political views, and
> then imprisons those with views it doesn't like. There's no equivalent evil
> that France's government could pull off.

Arresting you when you have to enter France for business or personal reasons
is one possibility.

EDIT: If France has some agents in your country there's a lot of evil they
could pull off even without you leaving the country.

~~~
srl
I really don't agree that that's equivalent, but I understand your point.
Certainly if the power balance were different, it might be a legitimate fear.
(If the french government gave me problems, it would be pretty easy for me to
find protection from my own government. Wouldn't be so easy if I was in
Pakistan, looking for protection from the US, I suppose.)

I do agree we should refrain from mass surveillance on non-US citizens, but I
don't think that achieving that is realistic at this juncture. The
intelligence community is in excited-puppy mode about all the cool things they
can do with the internet[1], and it'll be a bit before they and their elected
overlords figure out what's useful, what's not, and how surveillance can be
better performed without playing godzilla to the city of rights.

For now, what I think is reasonable is a more straightforward, open disclosure
of what and how the NSA monitors.

And now I need to stop commenting on this article until I've actually read the
proposed reform in its entirety. (And you all should too. Hah.)

[1] Calling it an "insurance policy", really? "We've never had to use it, but
it's too cool to give up."

------
rjzzleep
so am i getting it right? nothing is going to change. everything stays the
same.

"we'll think about alternatives"

"we have unique capabilities to protect our friends"

"as the nation that developed the internet, the world expects us ...."

"as a nation that has faced totalitarianism the world expects us ... "

"the readiness of certain individuals to expect the worst of our readiness to
protect the world(not fully correct quote) can be frustrating"

haha wtf dude. this is more of a justification than a change notification.
we'll make sure the data we collect is better accepted by you people

~~~
pekk
It's almost as if you only heard the end of the speech - and the parts of the
speech you wanted to hear. Whether you think the proposed reforms are enough
is up to you, but they certainly extend beyond "think about alternatives".

~~~
rjzzleep
yes, let me quote something for you

> The collection of foreign private commercial information or trade secrets is
> authorized only to protect the > national security of the United States or
> its partners and allies. It is not an authorized foreign intelligence > or
> counterintelligence purpose to collect such information to afford a
> competitive advantage

can you tell me where the change is? The document reads more of a "hey trust
me, we're really the good guys"

[http://sina.is/2014sigint.mem_.ppd_.rel_.pdf](http://sina.is/2014sigint.mem_.ppd_.rel_.pdf)

care to explain where the real change is?

EDIT: since i can't reply. it's all about thinking and discussing _if_
dissemination and retention makes sense. and reducing people that have access
to it. and we may put a special person in charge to take care of these things.
but that doesn't mean at&t will suddenly stop feeding data into nsa data
centers.

~~~
srl
Section 4 has the real changes.

------
harshreality
"As nightfall does not come all at once, neither does oppression. In both
instances, there is a twilight when everything remains seemingly unchanged.
And it is in such twilight that we all must be most aware of change in the air
– however slight – lest we become unwitting victims of the darkness."

William O. Douglas, Supreme Court Justice 1939-1975

------
sneak
"Only an alert and knowledgeable citizenry can compel the proper meshing of
the huge industrial and military machinery of defense with our peaceful
methods and goals, so that security and liberty may prosper together."

Eisenhower, today in 1961.

It was nice while it lasted, guys.

------
sinak
Read the Presidential Policy Directive PPD-28 on Signals Intelligence
activities with details on the reforms here:
[http://sina.is/2014sigint.mem_.ppd_.rel_.pdf](http://sina.is/2014sigint.mem_.ppd_.rel_.pdf)

------
nostromo
Did you know the Patriot Act sunsets next year, 2015?

Let's hope that Snowden has drummed up enough opposition to prevent it from
being extended again.

~~~
RALaBarge
If only the will of the people was a deciding factor in the vote...

~~~
rayiner
[http://www.pewresearch.org/2011/02/15/public-remains-
divided...](http://www.pewresearch.org/2011/02/15/public-remains-divided-over-
the-patriot-act) ("Among those who heard at least a lot or some about the
Patriot Act, 49% see it as a necessary tool while 41% say it goes too far.").

~~~
nostromo
That was pre-Snowden though. The polls have moved a fair amount since then.
Actually, even before Snowden things were moving. For example:
[http://i2.cdn.turner.com/cnn/2013/images/05/01/top5.pdf](http://i2.cdn.turner.com/cnn/2013/images/05/01/top5.pdf)

(Do you support) expanded government monitoring of cell phones and email, to
intercept communications?

2001: 54 favor, 41 oppose

2006: 52 favor, 46 oppose

2013: 38 favor, 59 oppose

~~~
rayiner
The person I was referring to was talking about the PATRIOT Act getting
renewed.

------
wavesounds
"Regardless of how we got there though the task before us now is greater then
simply repariing the damage done to our operations or preventing more
disclosures from taking place in the future. Instead we have to make some
important decisions about how to protect ourselves and sustain our leadership
in the world while upholding our civil liberties and privacy protections our
constitution requires."

Regardless of how we got here?

It’s Martin Luther King day on Monday. A day named after the person that got
us as a country to make ‘important decisions’ about how to ‘sustain our
leadership in the world’ and ‘uphold our civil liberties’.

Mr. President we don’t disregard the individuals that make us examine our
weaknesses in order to make our country better, we embrace them as heroes,
even if that self reflection is uncomfortable and difficult at the time.

------
andeh89
Like most of you here I'm skeptical and disappointed, but what I'm most sick
of is their campaign to paint Snowden as a traitor and enemy of the people. An
enemy of the government (especially one this corrupt and over-reaching) is not
always an enemy of the people, and I hope history remembers Snowden as the
brave individual who shone a light on this travesty and forced them into this
discussion.

~~~
mpyne
He may not be the "enemy of the people", but is his the enemy of the
government. Being for the people doesn't always make you right either,
Robespierre believed strong in the Revolution but he and his fellow Jacobins
of The Mountain were responsible for the "Reign of Terror" intended to root
out counter-revolutionary sentiment "for the good of the people". As only one
example, a woman was guillotined for exclaiming "a fig to the nation!".

So let's not pretend that being for the people automatically makes all of your
subsequent actions right or moral.

On the other hand, the USG _is_ the one entity chartered by "We the People of
the United States", which makes me always at least initially suspicious of
people whose plan is to hurt the government (which must almost invariably hurt
the people, as long as the government stands).

But independent of whether Snowden is fighting the people or the government,
the bigger question is whether his _actions_ have hurt the people. In many
cases they have.

Leaking details of NSA attacks on Chinese networks doesn't help the American
people. Nor does leaking details about "targeted access operations" (which,
since they must be _targeted_ , cannot be used for mass surveillance
essentially by definition).

I could go on and on, but the point is simply that Snowden has indeed thrown a
few bones with civil liberty implications. But that's _not all_ that he has
leaked, and given that he claimed from the beginning that he was very careful
in what he selected, it is proper to hold him accountable for his actions,
insofar as they _do_ end up being against the American people.

~~~
dictum
> Leaking details of NSA attacks on Chinese networks doesn't help the American
> people.

Let me ask a facetious question: does spying on Petrobras help prevent
terrorism in the US?

~~~
mpyne
Let me give a facetious answer: Is terrorism the _only_ thing that can harm
the American people in the international world?

NSA has a much wider remit than counter-terrorism, and for good reason.

It was not that long ago when European companies were routinely using bribery
to land contracts at the expense of American companies, bribes which were
sometimes detected and revealed to the world thanks to NSA. When the contract
was re-competed without the bribe the American company often won, funny
that...

------
ck2
Am I mistaken or did he completely discard all the recommendations by the
security panel he appointed to give him recommendations?

------
kartikkumar
That really was single-handedly THE most boring, uninspiring speech in his
entire time in office. There was nothing of substance to it and a real sense
that he's not willing to fully accept the mistakes that have been made. His
general nonchalance towards issues of privacy is astounding and will go a long
way towards shaping how his second term in office is recounted in history
books: not good!

------
higherpurpose
A summary of his proposals for those who didn't see it:

[http://www.techdirt.com/articles/20140117/09011025919/presid...](http://www.techdirt.com/articles/20140117/09011025919/president-
obama-surpasses-exceptionally-low-expectations-nsa-reforms-leaves-much-
place.shtml)

------
ch4s3
I'm not sure I get what he's proposing to change. It sounds like he intends to
limit the length of time that data is held, stop spying on friendly foreign
leaders, and appoint a few people to new oversight positions. It just sounds a
bit empty.

~~~
jljljl
I'm not sure exactly how its going to play out, but the move to limit bulk
collection of phone data, keeping the data in the hands of the phone companies
or an independent third party, and requiring a justification and approval from
a court _before_ the NSA can access the data sounds like a non trivial reform.
This limits the NSA's ability to just suck up everyone's data and then
determine a justification after the fact.

------
eric_cc
Call me crazy but I think we'll see the end of war, famine, and disease before
we see the end of spying and surveillance.

~~~
srl
Asking for it to end is unrealistic. Asking for reasonable limits, and for
public knowledge of the general outlines of what is being collected and how it
is used, and for proper oversight by the intelligence committees, is much more
achievable.

------
kyleblarson
"If you like your privacy, you can keep it."

------
dj-wonk
To comment on just one part: "Obama said he's ordered a plan to be drafted
that would shift that data to some other entity." (From
[http://www.npr.org/blogs/thetwo-
way/2014/01/17/263357572/com...](http://www.npr.org/blogs/thetwo-
way/2014/01/17/263357572/coming-up-obama-outlines-nsa-changes))

In some sense, who collects, stores, and accesses the data is important. But
it seems more important to look at the culture, rules, and oversight in place.
Asking anyone to design such a system is daunting.

Let's say, for the point of argument, that specific, limited, legal,
accountable collection is the primary goal and we could design a new system to
accomplish that. What are some of the best designs of security protocols and
entity structures to protect this information? How far can you get with
correct system administration policy? I suspect you need quite a bit beyond
currently available tools.

------
001sky
Live commentary also here

[http://thecaucus.blogs.nytimes.com/2014/01/17/live-
coverage-...](http://thecaucus.blogs.nytimes.com/2014/01/17/live-coverage-of-
obamas-n-s-a-speech/#proposals-do-not-address-criticism-of-cyber-programs)

~~~
dictum
> Mr. Obama started off by saying the government could not protect against
> terrorists and cyber threats without penetrating foreign networks — and
> protecting against them.

By the logic that arrives to this conclusion, the government can not protect
against terrorists and cyber threats without penetrating domestic networks
either.

~~~
mpyne
To an approximate degree, yes, except that _penetration_ of domestic networks
would not be necessary, merely the normal legal processes from CALEA, MOUs
with telecom companies, etc.

The government already does this kind of stuff, only through the FBI instead
of the NSA.

You would "penetrate" a foreign network when there is no ability to expect
cooperation and no ability to compel.

------
aeonsky
Sham. Nothing is going to change.

~~~
pekk
Here is the response that HN was going to have regardless of the contents of
the speech (or any realistic proposal which might have occurred).

It's about wanting to be angry and see punishments more than achieving
anything specific

~~~
AmVess
Perhaps is it reasonable cynicism informed by experience.

------
iconjack
I know he has America's best interest at heart because of all the flags. Had
he just had one or two flags, I would have been skeptical. But five! And they
are large ones too. Plus a lapel pin for good measure.

------
bicknergseng
I wonder if we will ever have a historical perspective capable of comparing
the current NSA/CIA/FBI with the likes of the Dulles brothers and J Edgar
Hoover.

------
tomelders
Without a pardon for Snowden, there is no discussion.

~~~
angersock
That would be a pointless and empty gesture, likely wouldn't help Snowden, and
would only serve to make the bastards look less slimy.

