
Google Chief Architect: we only respond to specific orders about individuals - msabalau
https://plus.google.com/u/0/103389452828130864950/posts/huwQsphBron
======
andreyf
His comments are actually the most insightful points I've seen about the
discussion regarding PRISM:

 _I have my own suspicions -- which I won 't go into here -- about what PRISM
was actually about. I'll just say that there are ways to intercept people's
Google, Facebook, etc., traffic in bulk without sticking any moles into the
org -- or directly tapping their lines. You may find some interesting hints in
the leaked PRISM slides [1], especially the second and fourth ones shown
there. The subtleties of phrasing are important, I suspect, not because they
were trying to be elliptical but because they reveal what was obvious to the
people who were giving that presentation._

 _And like I said, I have both some reason to believe that there aren 't such
devices inside Google, and that the PRISM slides are actually talking about a
somewhat different kind of data collection -- one that's done from outside the
companies.﻿_

Any ideas what he could be thinking?

1\. [http://www.washingtonpost.com/wp-
srv/special/politics/prism-...](http://www.washingtonpost.com/wp-
srv/special/politics/prism-collection-documents/m)

~~~
JunkDNA
Beam splitters (prisms?) inside the backbone providers. All traffic goes to
its destination unharmed, but the NSA gets all the packets. SSL is harder, but
all you need is the private keys. Those are hard to get but not impossible for
someone with the resources of the government. This is the only scalable way to
do what they are supposed to be doing and not involve lots of outsiders. Note
that the people who have really clammed up the past few days are the telecoms
in all this.

~~~
jcampbell1
This is exactly the conclusion I came to. My guess is they have the SSL/TLS
keys.

That being said, tptacek thinks we are wrong, and he is a subject matter
expert, so I am not sure.

~~~
kalmi10
The linked quora answer (from the co-author of Firesheep) says that even in
that case one can't launch a passive man in the middle attack if perfect
forward secrecy is used. Google.com uses Diffie–Hellman key exchange which
provides perfect forward secrecy.

So... If I understand everything correctly, it should be impossible to decrypt
passively captured HTTPS traffic to/from google.com.

[http://www.quora.com/SSL-Secure-Sockets-Layer/Is-it-ever-
pos...](http://www.quora.com/SSL-Secure-Sockets-Layer/Is-it-ever-possible-to-
decrypt-passively-sniffed-SSL-TLS-traffic/answer/Ian-Gallagher-2)

Could someone more knowledgeable confirm this?

~~~
herf
actually everyone seems to have switched to the "fast" SSL ciphers instead -
only dropbox defaults to DHE:

> openssl s_client -connect google.com:443 RC4-SHA > openssl s_client -connect
> dropbox.com:443 DHE-RSA-AES256-SHA

Again, this is usually done for speed, but all of the companies on the list
are using "fast" SSL/TLS ciphers rather than more secure ones.

~~~
kalmi10
I not really an expert in this at all, but we were not discussing ciphers, but
key exchange methods.

I open google.com in Chrome, click on lockpad icon, go to the second tab, and
it says: Key exchange method: ECDHE_ECDSA

Some googling turns up that: "ECDHE-ECDSA provide perfect forward secrecy"
[http://nmav.gnutls.org/2011/12/price-to-pay-for-perfect-
forw...](http://nmav.gnutls.org/2011/12/price-to-pay-for-perfect-forward.html)

~~~
herf
yes it appears Google has PFS for Chrome/Firefox:
[http://www.imperialviolet.org/2011/11/22/forwardsecret.html](http://www.imperialviolet.org/2011/11/22/forwardsecret.html)

------
lawnchair_larry
It sounds like this employee was not even aware that Google's "Transparency
Report" specifically _does not_ include the number of FISA orders that they
have received:

 _" Update 2013-06-07: at the time that we wrote this post, we asked Google
whether its Transparency Report included data about secret FISA court orders
that would send data to the NSA. The response we received was extremely vague,
but seemed to possibly be "no". In the wake of yesterday's revelations that
the NSA was harvesting data from Microsoft, Yahoo!, Google, Facebook, AOL,
PalTalk, Skype, Youtube and Apple, Google has now clearly confirmed that the
numbers in its Transparency Report do not include the number of orders or
targets for NSA surveillance."_

[https://www.eff.org/deeplinks/2013/03/new-statistics-
about-n...](https://www.eff.org/deeplinks/2013/03/new-statistics-about-
national-security-letters-google-transparency-report)

This is especially interesting, because it means Google has acknowledged the
distinction between NSLs, which include a gag order, and some other even more
secret directive, which services NSA surveillance.

It's also worth noting that if Google was willingly supplying anything PRISM-
like, this employee would not be _allowed_ to know without a Top Secret
clearance. Any Google employees who do have such clearance face the threat of
prison if they tell him or anyone else.

~~~
danso
> _It sounds like this employee was not even aware that Google 's
> "Transparency Report" specifically does not include the number of FISA
> orders that they have received_

Are you concluding that from this statement?

> _" I'm not sure what the details of this PRISM program are, but I can tell
> you that the only way in which Google reveals information about users are
> when we receive lawful, specific orders about individuals -- things like
> search warrants. And we continue to stand firm against any attempts to do so
> broadly or without genuine, individualized suspicion, and publicize the
> results as much as possible in our Transparency Report."_

He may be ignorant of that fact...however, that last statement, " _as much as
possible_ ", would cover that. However, his assertion that _" the only way in
which Google reveals information about users are when we receive lawful,
specific orders about individuals"_ would still cover FISA, because FISA, as
far as we know, is specifically for the targeted surveillance of individuals.

Moreover, FISA, as it applies to Americans, _requires a court-approved
warrant_ for that surveillance. So again, what the OP is claiming is non-
contradictory, because FISA requests are both legal actions that target
individuals that go through an approval process.

This is entirely different than what PRISM is alleged to be, which, well, we
don't know exactly what it is, but involves the warrantless surveillance of
Internet usage with the collaboration of Internet companies...currently,
Google is outright denying being a part of that.

Some relevant links:
[http://en.wikipedia.org/wiki/United_States_Foreign_Intellige...](http://en.wikipedia.org/wiki/United_States_Foreign_Intelligence_Surveillance_Court)

[http://www.huffingtonpost.com/2012/12/30/obama-fisa-
warrantl...](http://www.huffingtonpost.com/2012/12/30/obama-fisa-warrantless-
wiretapping_n_2385690.html)

Also worth noting, national security letters, which Google _does_ oppose, are
controversial because, among other things, they do not require a warrant. This
is not the case with FISA and American citizens.

~~~
lawnchair_larry
Ah, you are right on the PRISM distinction, I mixed up details with the
"metadata" thing, which I'm sure is not accidental. A lot of the responses
from government officials are to the effect of "these aren't a concern,
because to get the metadata we need to go through FISA courts for every
individual", which is just a red herring now.

So, there are:

1\. NSLs, published on the transparency report

2\. FISA orders, which are "through a court", but is by all accounts just
rubber stamping, _not_ on the transparency report

3\. PRISM, which is intended to bypass FISA entirely, according to the
Guardian article. Either Google is lying, the NSA is doing it without Google's
knowledge, or there is subtle wordplay involved (so, lying). Or, that it's
been grossly misreported.

------
tptacek
Two things that cannot be true at the same time: this Google+ post, and the
idea that Google coughed up their TLS keys to the government.

~~~
JunkDNA
You're one of the few whose opinion I would trust on this: how much data would
the NSA need to derive TLS encryption keys from encrypted data? I feel like I
read once that you could possibly use statistical methods to derive the key if
you had enough encrypted source data.

~~~
tptacek
The technique they'd be using to do that would be new to science.

Here it is worth pointing out that Google did something awhile ago to make
NSA's job much harder (if their goal is to read everyone's mail): they became
aggressive advocates for TLS forward secrecy.

[http://googleonlinesecurity.blogspot.com/2011/11/protecting-...](http://googleonlinesecurity.blogspot.com/2011/11/protecting-
data-for-long-term-with.html)

TLS forward secrecy involves the ephemeral Diffie Hellman ciphersuites (which
your browser supports). Instead of deriving a session key and using the
server's RSA key to convey it, the DHE ciphersuites run the DH protocol to
derive a session key between the client and the server, and then use the RSA
key to sign the exchange ("breaking the tie" if there was a MITM). The RSA key
is never used to convey a session key; if you got all of Google's TLS keys,
you would not be able to go back in time and decrypt old sessions that used a
DHE ciphersuite.

It is also worth pointing out that some of the hardest people working in
security show business, including Adam Langley and Michal Zalewski and Justin
Schuh, people with unimpeachable reputations in my field, work for Google on
these problems.

------
runn1ng
What I don't get is:

from US government, we got confirmations - half-ass confirmations, but still
confirmations - that PRISM is real, we maybe have some information wrong and
we should stop asking and talking about it, but it's real.

While the companies and its architects all oppose the claims in a way that's
very convincing.

I don't know what to believe anymore.

~~~
danso
I can't tell you want to believe, but maybe a place to start is: the world is
a confusing place, full of miscommunication and gray areas. Why should we
expect the world to be as it is in the movies, in which bad guys are obviously
bad and that there is an "ending" in which things are clear?

For starters, I just re-skimmed the Washington Post report and noticed that it
has since been amended:

> _It is possible that the conflict between the PRISM slides and the company
> spokesmen is the result of imprecision on the part of the NSA author. In
> another classified report obtained by The Post, the arrangement is described
> as allowing “collection managers [to send] content tasking instructions
> directly to equipment installed at company-controlled locations,” rather
> than directly to company servers._

 _edit: Here 's the link:_ [http://www.washingtonpost.com/investigations/us-
intelligence...](http://www.washingtonpost.com/investigations/us-intelligence-
mining-data-from-nine-us-internet-companies-in-broad-secret-
program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story_1.html)

 _I think I 'm wrong that that was one of the actual changes since
yesterday...either way, the Post is allowing for the possibility of a
miscommunication/misinterpretation by its source. Business Insider also
alleges of other hedging by the WaPo here:_
[http://www.businessinsider.com/washington-post-updates-
spyin...](http://www.businessinsider.com/washington-post-updates-spying-
story-2013-6)

At this moment in time, we still do not know two things: who the leaker is,
beyond a "career intelligence officer" and the contents of this 41-slide
presentation other than the 3 or 4 slides that the Post and the Guardian have
published. The identity or motives of the leaker isn't necessary to know, but
it's kind of problematic when we are missing context to the so-far published
slides that explain the PRISM program. For example, it kind of changes things
if the first two slides say "PROPOSAL" or the last slide says "APRIL FOOLS"

~~~
runn1ng
Well it's pretty clear now

[https://news.ycombinator.com/item?id=5843352](https://news.ycombinator.com/item?id=5843352)

They don't have direct backdoor, but they have a system in place for a fast
and effortless data sharing.

~~~
danso
Maybe they do, but I don't think you can assert that from what the NYT is
reporting in that link. The article is talking about FISA requests:

> _The companies said they do, however, comply with individual court orders,
> including under FISA. The negotiations, and the technical systems for
> sharing data with the government, fit in that category because they involve
> access to data under individual FISA requests. And in some cases, the data
> is transmitted to the government electronically, using a company’s servers._

The _data sharing_ is effortless. But the process to get it is still _the
bottleneck_ , because in the NYT article, the companies still assert that they
conduct a lawyer review of the requests. And, moreover, FISA mandates that
when the request involves an American citizen, that a court-approved is
required.

If you're arguing that FISA is wrong and that companies should be doing
everything they can, including sending the requested data in dot-matrix
printouts, to hinder the process -- no argument from me there. But the
question at hand is whether they are part of PRISM, which, according to the
reports so far, is a program that is different in implementation and legality
than FISA.

(And if you want to argue that sending _any_ data upon a legal review is not
at all different than direct, near-real-time access to a company's
servers...I'm sure some infrastructure engineers would disagree with you,
among other kinds of people required to make such a pipeline happen)

------
jcrites
I'd really like to know whether Google shared its SSL/TLS certificates with
government agencies. I asked the author (Yonatan Zunger) a short question and
he replied to say he doesn't know anything. I followed up with:

> It seems you care very much about user privacy:

>> I would no longer be working at Google [but for] the fact that we do stand
up for individual users' privacy

> Will you be willing to find out whether Google has shared its SSL/TLS keys
> for public sites with government agencies? As a person interested in user
> privacy, I imagine this will be as of much interest as whether they have
> direct access to the data.

> As you mentioned, direct access would require Google to build something.
> Intercepting SSL/TLS traffic would not.

> If Google shared its SSL keys, then the NSA can intercept all inbound and
> outbound traffic, and would be able to capture virtually all Google user
> data. They can store the data and search it. They wouldn't particularly even
> benefit from direct access to Google's data, if they're planning to store it
> themselves anyway.

> I would be great to hear an affirmation from Google that it has not shared
> its encryption keys with governments.

I can't figure out how to link to my comment, but it appears in the comments
on Yonatan Zunger's post. (See original post)

------
packetslave
For clarity, he's currently chief architect for Social/Google+ not Google as a
whole, but he's still a very senior, longtime engineer.

~~~
msabalau
Good clarification. Only so many words that would fit into the headline...

~~~
saraid216
One more character would have been sufficient...

------
uotnr
What might have happened is this: 1\. NSA bribed someone to obtain Google's
SSL certificate private keys 2\. NSA installed wiretaps outside of all Google
datacenters 3\. NSA hired someone to write software that would reconstruct
Gmail inboxes, login activity, etc. based on the decrypted traffic

If Facebook, Google, etc. are indeed innocent they should change SSL
certificates immediately, store the new ones in secure cryptographic hardware,
stop offering non-HTTPS access, and start inspecting network equipment for the
wiretaps.

------
fchollet
> _" the only way in which Google reveals information about users are when we
> receive lawful, specific orders about individuals -- things like search
> warrants."_

Things _like_ search warrants? What has been described in the PRISM slides is
an interface in which a NSA agent can access a subject's data at will, in a
few clicks and an affirmation that "yes, this person is a terrorist".

Also the US government has confirmed that systematic collection of user data
was indeed happening for non-US citizens. What of that? Are they users of
lesser rights in the eyes of Google, etc?

~~~
danso
> _Things like search warrants? What has been described in the PRISM slides is
> a interface in which a NSA agent can access a subject 's data at will, in a
> few clicks and an affirmation that "yes, this person is a terrorist"._

Google has officially denied being a part of PRISM. The way you phrased this
statement makes it sound like the OP is sneakily leaving out the PRISM
implementation, which would be sneaky if Google _were_ a part of PRISM.

(this doesn't mean that Google's _isn 't_ flat-out lying about
everything...but you seem to be alleging a contradiction where there is none,
at least in the OP)

> _" Also the US government has confirmed that systematic collection of user
> data was indeed happening for non-US citizens. What of that? Are they users
> of lesser rights in the eyes of Google, etc?"_

NSA's mandate since its inception is to conduct surveillance of foreign
communications suspected to be a threat to America...So while it's still worth
arguing whether the surveillance they conduct is unethical or unproductive,
it's not going to be worthwhile arguing whether they _do it at all_.

edit: removed sarcasting phrasing that was too assholish for a Friday after
work.

~~~
cpleppert
>> Things like search warrants? What has been described in the PRISM slides is
a interface in which a NSA agent can access a subject's data at will, in a few
clicks and an affirmation that "yes, this person is a terrorist".

I'm not sure where you getting that from the slides. They don't explain how an
analyst uses the system.

>>Google has officially denied being a part of PRISM. The way you phrased this
statement makes it sound like the OP is sneakily leaving out the PRISM
implementation, which would be sneaky if Google were a part of PRISM.

Other media reports from insiders (not information on the leaked slides) make
it sound like PRISM is more of an NSA internal thing that aggregates data and
presents it to analysts. Based on the description of the slides it sounds like
the NSA has some integration with the on site premises of the target company.

So it could be as simple as PRISM is just a way of automating the whole
process of getting data from a valid warrant which would be consistent with
the denials made tech companies. They don't have any contact with 'PRISM' per
se; they have just set up their systems to spit out data when they get a valid
warrant.

~~~
danso
I was quoting and disagreeing with the grandparent comment...which I
interpreted as implying that Google is a part of PRISM (which may actually be
true, but that would be begging the question in this argument)...

But I do agree with the grandparent that PRISM, as described in the original
Washington Post report and in the excerpted slides, do seem to allude to "an
interface in which a NSA agent can access a subject's data at will"

Here's the Washington Post:

> _There has been “continued exponential growth in tasking to Facebook and
> Skype,” according to the PRISM slides. With a few clicks and an affirmation
> that the subject is believed to be engaged in terrorism, espionage or
> nuclear proliferation, an analyst obtains full access to Facebook’s
> “extensive search and surveillance capabilities against the variety of
> online social networking services.”_

[http://www.washingtonpost.com/investigations/us-
intelligence...](http://www.washingtonpost.com/investigations/us-intelligence-
mining-data-from-nine-us-internet-companies-in-broad-secret-
program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story_3.html)

------
andyl
Since the Chief Architect is so supportive of privacy rights - I'd like to
participate in G+ using a pseudonym. How about it Google??

~~~
mayanksinghal
Something like this?
[https://plus.google.com/+BradleyHorowitz/posts/SM5RjubbMmV](https://plus.google.com/+BradleyHorowitz/posts/SM5RjubbMmV)

~~~
BCM43
No, that says you can't use a pseudonym without proving to Google that it is
one a lot of people know you by.

~~~
huggah
Nothing in the names policy prohibits pseudonyms. If your given name is "Jason
Ramirez", you're welcome to have a separate Google+ account with the name
"Nancy Young".

You only have to prove people know you by a name if you want to go by "#RS",
"Albert Einstein", or "GreenLife Rx"; all three of those are likely name
violations for reasons that have absolutely nothing to do with knowing who you
are.

------
waterphone
To be clear, this is the chief architect of Google+, not Google as a whole.
Would he necessarily know?

~~~
packetslave
He actually responded to just this question in the comments (and he's a very
senior 10-year engineer, so it's plausible).

"I have various reasons to believe that the odds that I would have known about
it are higher than those for most employees -- but it still wouldn't be a
certainty. That said, the odds are good enough that I would be fairly
surprised, and rather furious, to find out that such a thing had been
happening without my knowledge.﻿"

------
eightyone
We pretty much already have confirmation that PRISM exists. [1] It's a little
funny all of these companies expect us to believe that none of them are
involved.

[1] [http://gizmodo.com/the-government-responds-to-the-prism-
spyi...](http://gizmodo.com/the-government-responds-to-the-prism-spying-
program-511822476)

------
icambron
This denial is a lot stronger than Page's, which was full of weasel words.
Unless Zunger is just lying, which somehow seems unlikely (forgive my
naiveté), it'll be interesting to know how PRISM actually works. But I will
say that his faith in his company sounds misplaced, since Google's more
official denials are so weak.

edit: clarity

~~~
saalweachter
He hints at a couple of reasons for his confidence in his post.

One of his assumptions was that people would notice surreptitiously installed
hardware or software doing the monitoring. I don't think this is unreasonable.
Hoovering up all the private data in Google is bound to be a big job,
regardless of whether you are sieving it on site or transferring it off site.
Even if it would only take a few people to install and manage, everyone else
would probably be tripping over it constantly. Accessing all of Google's data
means you'd be tied into nearly every system.

It's possible to keep projects secret inside a large company like Google, but
only if an exceedingly few number of people know about it, and have good
reasons to not tell anyone else. A system with as much surface area as you'd
probably need to hoover off all of Google's data would be vulnerable to almost
every engineer and datacenter worker accidentally running across while
debugging other problems. Even -- especially? -- if they didn't realize the
significance of it immediately, they'd probably ask their coworkers about this
weird extra code/jobs/hardware, and pretty soon everyone would have heard
about it. Once everyone inside of Google had heard of it, I think you'd have a
very hard time keeping the secret from leaking into the outside world.

~~~
icambron
Right, that mostly paraphrases his arguments. But it doesn't convincingly
eliminate a few possibilities for how this works.

One possibility: Google obviously has some capacity to honor search warrants
and NSLs. And presumably that involves some technical artifacts somewhere:
admin-level API access to data and some sort of external endpoint through
which the government can actually make those requests. So that's all stuff we
can confidently say is already there humming along happily, whether used for
nefarious purposes or not.

OK, so given that those exist, how much volume do they support? How hard would
it be to modify them to bypass the scrutiny process? Or give the NSA access to
those endpoints instead of just domestic law enforcement? In other words,
these are just changes to the _process_ , totally invisible to anyone without
explicit access to it. It might not involve any weird hardware at all, and
could operate with very few people in the know.

Another possibility: Google handed over its TLS keys and just let the taps
happen upstream.

That's why the confidence of a senior person that there isn't fishy hardware
running around makes the question of how PRISM works more interesting. But it
certainly doesn't make the project impossible.

Edit: removing distracting aside

~~~
saalweachter
I don't think I can guess about how well whatever the search warrant APIs are
scale to "look at everyone" without speculating overly much about the design
of the system. I would argue that, regardless of the access method, if someone
is looking at the terabytes or petabytes or yottabytes or however many bytes
of emails there are, you're once again back to a huge amount of network or CPU
or whatever utilization. Eg, even if the database access is allowed and off
the record, the database admin should still be wondering why the load is so
high, as if everyone in the world were reading all of their email
simultaneously. And then you're back to gossip and everyone internally knowing
about it.

The TLS keys are an interesting angle. Are TLS keys typically one (small set)
per site, or would each server typically generate its own unique keys? Even
with the latter the surface area might be small enough within Google that no
one would accidentally stumble upon it.

------
cupcake-unicorn
With all of the conspiracy theories floating around, what about something fun,
like the government proved P=NP and is just able to secretly crack the
encryption keys, passwords, etc., like that silly movie "The Traveling
Salesman Problem" where they turn algorithms into an action packed movie.

Seriously though, it seems like the general consensus is that no one on either
side is actually lying, but the companies involved are using weasely language
that can be interpreted to exclude any kind of indirect access, SSL keys, etc?
I'm surprised at the tone of the statements the companies are giving, because
were it to come out that the companies are giving _indirect_ access, their
adamance would just make them look terrible...It's as if the companies in
their statements, at least FB and Google, sound shocked, hurt, etc. to find
out people would assume that of them.

~~~
mortehu
It's widely known and admitted that they have indirect access, by issuing
warrants and being provided with slices of the data. You must be talking about
some specific form of indirect access?

------
msabalau
Also worth reading is the comment thread. " We don't sell our users'
information to anybody.... we do use user information to target ads: this
approach has made us what's technically known as "large stacks of cash:" "

------
lifeguard
"might have also denied knowledge of the full scope of cooperation with
national security officials because employees whose job it is to comply with
FISA requests are not allowed to discuss the details even with others at the
company" [http://www.nytimes.com/2013/06/08/technology/tech-
companies-...](http://www.nytimes.com/2013/06/08/technology/tech-companies-
bristling-concede-to-government-surveillance-efforts.html?_r=0)

Welcome to evil google team. It was nice knowing you. You will not miss me,
but good bye.

------
jonknee
I wonder what the NSA thinks about Google's plan to change their SSL
certificates?

[http://googleonlinesecurity.blogspot.com/2013/05/changes-
to-...](http://googleonlinesecurity.blogspot.com/2013/05/changes-to-our-ssl-
certificates.html)

Seems like that could put a crimp on any beam split obtained data. At least
for a short while.

------
lvs
>"Google had no involvement in the PRISM program and the first we heard of it
was when Greenwald's article hit the press."

Greenwald broke the story about the Verizon FISA warrant, not the PRISM story.
These are (ostensibly) different things.

~~~
signed0
I think he broke both stories.

From [http://www.guardian.co.uk/world/2013/jun/06/us-tech-
giants-n...](http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-
data)

> The Guardian has verified the authenticity of the document, a 41-slide
> PowerPoint presentation

------
ISL
This is the sort of response that I find convincing. Thank you, Dr. Zunger.

------
bsaul
one thing crossed my mind : could the fact that this things blows up right
when china's president is coming to the US to talk about cyber espionage and
individual liberties be a coincidence ?

~~~
DenisM
That's a good point. It does seem like the slides are fake and someone is
trying to play the public against Internet companies, or alternatively, that
someone is playing public against US governement.

------
Glyptodon
Somebody probably puts the census in their inbox, then.

------
onecommentonly
>> _the fact that we do stand up for individual users ' privacy and
protection, for their right to have a personal life which is not ever shared
with other people without their consent, even when governments come knocking
at our door with guns, is one of the two most important reasons that I am at
this company_

The indisputable fact is that your company gathers a lot of private info
online about its users for profit, make that for extra, extra profit. Best
case scenario, it makes NSA's job super easy, all they have to do is ask for
it. Worst case scenario, the government knows all our thoughts as we type on
Google search and everything else we do on Google. I do not trust that such
info will stay private. Not anymore.

>> _the national security apparatus has convinced itself and the rest of the
government that the only way it can do its job is to know everything about
everyone. That 's not how you protect a country. We didn't fight the Cold War
just so we could rebuild the Stasi ourselves._

Yeah, WTF do they think they are, Google or Facebook?????

