
Wikimedia v. NSA: Wikimedia Foundation files suit against NSA - davidgerard
https://blog.wikimedia.org/2015/03/10/wikimedia-v-nsa/
======
chippy
I have some sympathy for our fellow hackers who work as contractors or in big
companies, many of them with security clearance. Database engineers, software
developers, data experts - the five eyes intelligence agencies directly and
indirectly fund many of you readers of HN.

They might be becoming increasingly disillusioned with their chosen life
and/or unable to change course. Perhaps the money is too good, perhaps their
contracts too restrictive. They might have inside knowledge and believe that
the NSA is in the right, but they would not be able to voice that belief to
us, their friends and colleagues. Unable or unwilling to change course if they
believe their country is in the wrong and unable or unwilling to speak up in
defence if they think it is in the right. I'd certainly like to talk (in
private) to those I knew who at the start of the Snowden affair openly said
that he was a traitor and hear what they now think.

~~~
karmacondon
I have no problem voicing my beliefs publicly. I'm always more than willing to
explain the policies of the NSA, and happy to denounce the actions of Edward
Snowden. I don't think he was a traitor, by definition, but what he did was
wrong. It isn't necessary to divulge confidential information, the situation
is pretty clear. I don't see any point in re-litigating the whole thing on
this particular thread though, it would be off topic.

I just wanted to say that people who support the NSA aren't hiding in fear.
Only a small minority of people who work for the government, directly or as
contractors, are ashamed of their employer or having a crisis of conscience.
In general, nothing polarizes people and brings them together like an external
threat. If everyone is shouting that you're bad, the most basic human instinct
is to shout back even louder.

This whole thing has been a delight for management in the intelligence
services. Some employees and contractors are much more motivated now. And many
of those who support Snowden are still indifferent about the issues that he
raised. It's either "go team!" or "eh, a job's a job." Only a minority are
racked with self-doubt because of what's being posted about their employer on
hackernews and reddit. Most will gladly tell you what they think, openly or in
private, with no fear of criticism or backlash.

~~~
diafygi
> I just wanted to say that people who support the NSA aren't hiding in fear.

Unfortunately, that doesn't appear to be backed by evidence. Every single
lawsuit challenging mass surveillance has been resisted by the Executive on
the basis of state secrets and lack of standing. The Executive is using a
judicial tactic to avoid having to answer the question of whether these
programs are constitutional. When that question is asked, it usually ends in
the programs being illegal[1][2][3].

So if you're not afraid, would you mind answering some questions? One of the
biggest problems I have right now is that your side simply stonewalls or
deflects core questions thrown by my side. I would love to be convinced that
what you're doing is right.

1) How are broad secret court[4] and non-court[5] orders constitutional? The
4th Amendment appears to only allow targeted warrants, so from where does the
government draw this broad surveillance power? So far, the only legal defense
been invoking the state secrets privilege[6], which prevents the core question
from being addressed.

2) How is the DEA's parallel construction program[7] constitutional? This
seems as if the DEA is not allowing a fair trail by withholding evidence from
the defendant.

3) If you think the above are unconstitutional, why should they be allowed to
exist? How can the rule of law persist with unclear or secret exceptions? Are
there things that are more important than the rule of law? What possible
impacts does this prioritization have?

I thought we should strive to live under a rule-of-law, and I feel like the
Executive and their workers (including you) don't mind having a rule-of-man
system. Please convince me otherwise.

[1]: [http://arstechnica.com/tech-policy/2014/12/cops-illegally-
na...](http://arstechnica.com/tech-policy/2014/12/cops-illegally-nailed-
webcam-to-utility-pole-for-6-weeks-to-spy-on-house/)

[2]:
[https://en.wikipedia.org/wiki/Kyllo_v._United_States](https://en.wikipedia.org/wiki/Kyllo_v._United_States)

[3]: [http://www.nytimes.com/2015/02/07/world/europe/electronic-
su...](http://www.nytimes.com/2015/02/07/world/europe/electronic-surveillance-
by-spy-agencies-was-illegal-british-court-says.html)

[4]: [https://www.eff.org/deeplinks/2013/06/what-we-need-to-
know-a...](https://www.eff.org/deeplinks/2013/06/what-we-need-to-know-about-
prism)

[5]: [https://www.eff.org/issues/national-security-
letters](https://www.eff.org/issues/national-security-letters)

[6]: [https://www.eff.org/nsa-spying/state-secrets-
privilege](https://www.eff.org/nsa-spying/state-secrets-privilege)

[7]: [https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-
intel...](https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-
laundering)

~~~
bhayden
I think you're focusing on the wrong thing. It doesn't really matter if it's
legal or constitutional, because if it's not then they'll change the laws or
reinterpret them in a new way or write a new Patriot Act.

What we should focus on is whether a government should be allowed to operate
in secrecy, without any public oversight or knowledge, and whether the
government can be morally justified in surveilling citizens without probable
cause.

~~~
judemelancon
It matters to me, at least, that the law be followed as written. Rule by whim
and secret dictate does not seem like a good system of government.

~~~
EGreg
What if the law says that secret courts can decide using secret proceedings?

~~~
ethbro
_> What if the law says that secret courts can decide using secret
proceedings?_

Then at least it's on the books as a choice our society has made. OP's issue
is there's currently no clear legal chain of certain programs back to a
democratic decision.

~~~
EGreg
The FISA courts have been authorized by an Act of Congress. That's what the
checks and balances are for, though, and the courts can overturn it.

I wonder if the system will stand uo though. The addiction to bigbdata is
strong once tasted, and spy agencies actually enjoy getting away with stuff.

------
fragmede
The EFF is surprisingly absent from this coalition. The other organizations
listed as participating are:

The National Association of Criminal Defense Lawyers, Human Rights Watch,
Amnesty International USA, Pen American Center, Global Fund for Women, The
Nation Magazine, The Rutherford Institute, and Washington Office on Latin
America.

From: [https://blog.wikimedia.org/2015/03/10/wikimedia-v-
nsa/#cite_...](https://blog.wikimedia.org/2015/03/10/wikimedia-v-
nsa/#cite_note-2)

~~~
daddykotex
I wonder why they are not part of it? Maybe they are prepping to do something
on their own.

I'd like to see the NSA under fire from many opponents rather than just one.

~~~
chimeracoder
> Maybe they are prepping to do something on their own.

As listed above, it's probably because they're already in the middle of their
own[0] (assuming that they will appeal, which I'd imagine is almost certain
assuming they can fund it).

The EFF has been fighting this battle long before the Snowden revelations, so
it's certainly not for lack of interest that they're not a claimant in the
Wikimedia case.

[0] [https://www.eff.org/deeplinks/2015/02/jewel-v-nsa-making-
sen...](https://www.eff.org/deeplinks/2015/02/jewel-v-nsa-making-sense-
disappointing-decision-over-mass-surveillance)

------
tokenadult
I am a Wikipedian, a contributor of free content to Wikipedia. (I contribute
in Chinese, in German, and in some other languages too.) I read the Wikimedia
Foundation blog kindly submitted here by an early Wikipedian and read all the
comments here posted before mine before writing this reply. In the last two
weeks, I've renewed acquaintance with quite a few local Wikipedians at two
Wikipedia Edit-a-Thons that occurred in my town.

I see the Wikimedia Foundation has a rationale for its suit based partly on
United States law. It writes, "Our aim in filing this suit is to end this mass
surveillance program in order to protect the rights of our users around the
world." Because I edit Wikipedia in languages other than English, crucially
including Chinese, I am painfully aware that there are a lot of restrictions
of the rights of users of Wikipedia all over the world, evidently some of them
not within the reach of the United States legal system. There seems to be no
prospect, for example, of the Wikimedia Foundation suing the Russian or
Chinese central governments (not even to mention north Korea's regime or the
ISIS self-styled regime) to protect the rights of users of Wikipedia. That's
too bad. If the NSA surveillance programs ceased later today, there would
still be a lot of places around the world where Wikipedia would be
inaccessible or Wikipedia users would be harassed by agents of other
governments.

~~~
joelhaus
Well put. Another comment ITT[0] also pointed out the global surveillance arms
race and the futility of pressuring the US to unilaterally disarm. This is
particularly true in light of the many legitimate global threats to freedom
mentioned in your comment.

Knowing how unpopular this opinion is here, I still feel the need to share...
Lawsuits like these strike me as either incredibly naive or a cynical public
relations stunt. I don't enjoy my donations supporting either kind of effort
and unfortunately, will likely cease future contributions.

The NSA does not surveil domestic communications without a court ordered
warrant and I have heard no arguments to convince me that this is not a
legitimate use of authority. If there was a single change to the NSA that I
could advocate, it would be stronger and harsher mandatory minimums for anyone
found in violation of the existing prohibitions on domestic surveillance.

[0]
[https://news.ycombinator.com/item?id=9177073](https://news.ycombinator.com/item?id=9177073)

~~~
alextgordon
> The NSA does not surveil domestic communications without a court ordered
> warrant and I have heard no arguments to convince me that this is not a
> legitimate use of authority.

Oh what faith you have...

    
    
        <snowden> How are things over there?
        <poitras> I'm at the Guardian. They’re publishing TEMPORA today.
                  They are very nervous about an injunction.
        <snowden> The NSA love that program.
        <poitras> Why?
        <snowden> Because they aren't allowed to do it in the US.
                  The UK lets us query it all day long.

------
Dorian-Marie
The solution should be technical: You don't want to NSA to read your
communications: encrypt them (eg: HTTPS everywhere, encryption built-in
everywhere). And that's us, builders of technologies, that need to make that
happen.

Basically securing against the NSA is the same as securing against hackers, it
should be treated as a security threat like any other.

~~~
a3n
It's not one or the other, and the NSA has demonstrated that it will use all
the resources at its disposal to circumvent any technical protection.

The NSA also holds a trump card: the law and the US government. I assume at
some point that Congress will pass laws, or the secret court will authorize,
compelling every American company to essentially open itself to unfettered
access and surveillance. US companies already are subject to NSLs, and the Law
of Boiling Frogs suggests that it's only a matter of time until surveillance
is openly and explicitly compulsory.

The only long term effective way to cut this off is to cut off the NSA's
budget and scale back their efforts. But I also believe that will not happen
until the first ski resort opens in hell.

We're burning our own village to save it.

~~~
arca_vorago
This is why I am increasingly convinced that GPL(v3) is going to become a
bastion of hope for privacy. The major problem is that companies want to make
money off the software, close it up and proprietize it, and then the gov comes
along with a NSL or blackbox or other comprimise and backdoors/weakens the
system, and all of a sudden all the customers of the company are vulnerable.
FOSS and in particular GPL, is the way around this. Software companies should
be selling support, not the software (IMHO).

~~~
nly
Software can always be disassembled. I'm much more concerned about proprietary
firmware and hardware backdoors. You should be too. Another thing also, is
that the NSA have been shown to be weakening crypto standards like RNGs and,
possibly, ECC. The problem with this is other standards like TLS and such
ultimately use this infrastructure and that affects all software, FOSS
included.

~~~
arca_vorago
I agree with you about firmware, but you will notice a very important overlap
between the firmware and the software sectors here, in that it tends to be
true that you end up with closed software to match the closed hardware
(cellphone radio modems having DMA to the same address space as the CPU all
under proprietary firmware and software blobs is a good example). I very much
agree that we need open hardware, but it doesn't seem to be much of a priority
for any of the big players that I am aware of.

Regarding the weakening of crypto standards, this is why I think everyone is
wrong when they tell you not to roll your own. Even William Binney (NSA
whistleblower) has been saying so recently.

------
kerkeslager
This is an important lawsuit which will cost a lot of money. I urge you to
donate:

Wikimedia:
[http://m.wikimediafoundation.org/wiki/Ways_to_Give](http://m.wikimediafoundation.org/wiki/Ways_to_Give)

ACLU: [https://www.aclu.org/donate/join-renew-
give](https://www.aclu.org/donate/join-renew-give)

------
devnonymous
I miss groklaw. I wish PJ comes back online. That'll help us, the non-lawyers,
especially outside the US, make sense of this lawsuit (besides others).

~~~
davidgerard
PJ stopped doing Groklaw out of disgust that the law was so deeply
disrespected by the government. Perhaps when Snowden is elected President.

~~~
spacemanmatt
I miss Groklaw dearly but also understood there was a little more than disgust
in play.

------
motbob
Despite what they say in the article, I really don't think they have standing.
But I would love to hear why they do from someone familiar with the legal
argument.

~~~
unreal37
I thought that too at first. But the NYT op-ed does a better job of
explaining.[1]

Basically, they think that the NSA has the ability to index anonymous readers
with pages visited, and anonymous editors with pages changed. Then if the NSA
is sending that data to a bunch of governments around the word (Egypt, Israel,
the Five Eyes, whoever else), dissidents around the world are at risk of being
caught for browsing/editing Wikipedia for the crime of being opposed to the
government in power.

[1] [http://www.nytimes.com/2015/03/10/opinion/stop-spying-on-
wik...](http://www.nytimes.com/2015/03/10/opinion/stop-spying-on-wikipedia-
users.html)

~~~
flyryan
"Then if the NSA"

That's a big IF and one that will be almost impossible to prove. I don't see
how the case holds any merit if they can't prove this happens.

~~~
unreal37
Seems like a hard battle for sure.

------
scrrr
I've been thinking about surveillance lately and have come to the conclusion
that it's simply here to stay.

I really doubt any legal action will change anything what the NSA does. The
future is digital, they cannot and will not step down while other countries,
basically everyone that is capable to do it, will do it. It's such a big power
factor that it cannot be ignored.

The arms race in cyberspace has begun long ago, and there's just no way it
will simply stop.

All we can do is decide how we handle it personally and whom we trust to keep
our data safe. And if we really need to create certain kinds of data in the
first place (with many kinds we have no choice).

~~~
cryptoz
On NSA stories, the top HN comment is always "too bad. whatever. let the NSA
do its thing." _NO._

This is not about you. This is not about your data. This is about our
society's collective ability to think and act for itself. Blanket acceptance
of surveillance is a dangerous attitude and shockingly common.

Political efforts, technological efforts, societal changes are all required to
keep democracy alive. And that's what's at stake here, not your personal
files. Nobody cares if you can keep those safe - I want my _democracy_ to be
safe, please.

~~~
spot
well if you love democracy so much you need to recognize that the majority is
against you on this point.

~~~
bhayden
Well as you're seeing with gay marriage bans being overturned, just because
the majority want to strip the minority of their rights, they shouldn't be
allowed to.

~~~
nickik
Then what you want is a republic or some system of anarchy, not a democracy.

~~~
xj9
The US _is_ a republic.

~~~
nickik
I know that. It was a general point. In a pure democracy, 51% has complet
power.

Also while the US is a formal republic, it does often emulate a democracy.
Based on common belives the constitution is reinterpreted, or simply ignored.
This has been well documented by legal scholars such as Richard Epstein.

------
SloopJon
As people become increasingly inured to the trickle of revelations, I do think
that lawsuits are important. If Wikimedia doesn't have anything more than a
logo on a slide, however, this will be tossed for lack of standing, like
several cases before it.

~~~
sitkack
I have a new idea for government lawyers, if anyone _does_ show lack of
standing, claim that the evidence of harm is a state secret, try and jail them
for spying before hearing the case, claim they must serve the first sentence
before it will hear the original case.

My argument has many parallels with existing statements by the Supreme Court
that lawyers representing terror suspects could they themselves be tried under
the 'material support' law for simply filing paperwork with the state to clear
their client.

------
htor
This is great news. We need more powerful voices like these to really be
heard.

Remember Wikipedia's blackout against SOPA!

------
newman8r
wish I had more time to search for it right now, but is there a link where
people can donate specifically for this cause? (if not a general donation will
have to suffice)

please post if so

~~~
davidgerard
Not that I know of. But I do know that charities find tied donations a goddamn
PITA - if you trust someone to do good work, just giving them the money for
the general pool is the right thing in almost all cases.

But they _do_ love to know what inspired a particular donation. So I would
suggest dropping a few bucks to the ACLU and WMF's general contribution
addresses, but including a note that this is why :-)

~~~
newman8r
that does seem like a hassle - general fund makes sense

------
snowwrestler
I'll be interested to see how the rulings on standing go. That seems like the
crux of the matter to me, because the issue is not just "was your name
mentioned," but also "were you harmed?"

4th Amendment cases are usually litigated in the context of a criminal appeal;
obviously a defendant is facing real jeopardy in a prosecution, and therefore
has standing.

Civil lawsuits exist to make plaintiffs whole after suffering a harm. But the
court might find that being surveilled, alone and by itself, is not harm. The
court could say that nothing has been removed, destroyed, prevented, or
altered in Wikimedia's servers, so they have no harm to make whole.

The court could say that merely copying data does no harm to the original data
creator or holder. (This argument might sound familiar here on HN, as it is
sometimes used to argue that file sharing does no legal harm to publishers.)

------
higherpurpose
Is no one targeting the 12333 Executive Order? Isn't that the one that causes
the most mass spying abuses. It's great to see the FISA "warrants" targeted as
well, as most just seem to look at the Patrio Act's 215 section, but I think
they should look at the 12333 EO, too.

------
lgp171188
Almost all of our communication protocols and technologies are built on trust
on those who run various services. So as long as that is the case, imho there
is no way to stop surveillance.

It would be great to start from scratch and build things without the
expectation of any trustability from anyone, but I don't see that happening
ever!

Sad to see that the people elected by other people like us to do good for all
the people tend to do everything other than that.

~~~
htor
It is a fact that the internet - designed to be de-centralised - is becoming
more and more centralised, evolving around service providers.

> Almost all of our communication protocols and technologies are built on
> trust on those who run various services.

That is why we need to build and use de-centralized systems like Bitcoin, Tor
and physical mesh networks to share and communicate. These evolve around
people, not service providers. Of course, there's a huge difference between
trusting people and trusting corporations.

> It would be great to start from scratch and build things without the
> expectation of any trustability from anyone, but I don't see that happening
> ever!

Too bad that you're not too bright about the future. A lot of people are
working on fixing it. Maybe these links will inspire you to think about it
differently?

[https://bitcoin.org/en/](https://bitcoin.org/en/)

[http://en.wikipedia.org/wiki/Mesh_networking](http://en.wikipedia.org/wiki/Mesh_networking)

[https://ssd.eff.org](https://ssd.eff.org)

~~~
lgp171188
> Too bad that you're not too bright about the future. A lot of people are
> working on fixing it. Maybe these links will inspire you to think about it
> differently?

I have come across these things that you have pointed out and yes they are
steps in the right direction. But if you ask me if any of those will become
the mainstream de-facto thing that everyone will use some time in the future?
Based on the evidence available at the moment, I would still stick to what I
said and maintain that it is highly unlikely given the current state of
affairs. Yes, I would be very glad to be proven wrong but not enough atm to
feel optimism. :)

------
brohoolio
The NSA is here to stay because who can remove their power without being
removed from office? They have all communication.

------
AdmiralAsshat
Wikimedia's evidence that it was targeted was due to a leaked slide. What's
going to stop the court from dismissing that key piece of evidence due to it
being a "state secret"/"matter of national security" that was not meant to be
publicly disclosed?

------
cryoshon
Bravo. They've earned my donation this year.

I hope that more organizations come forward with similar suits so that we can
get back on the right path.

------
nullc
“If you don’t like people looking why not try putting on some pants?”, my
response on the Wikimedia Blog:
[http://www.reddit.com/r/wikipedia/comments/2yjda6/wikimedia_...](http://www.reddit.com/r/wikipedia/comments/2yjda6/wikimedia_v_nsa_wikimedia_foundation_files_suit/cpa4627)

(cross-posted to reddit because I could provide links there)

~~~
davidgerard
SSL in the casual case relies on all CAs being uncompromised. I understand
this is not the case.

In any case, both technical _and_ legal approaches are appropriate. And you
know as well as I do that everyone at WMF desperately wants SSL for
everything, and that this is a thing they are specifically working toward (but
it turns out to be a bit more complicated than just switching everyone to SSL)
- there is no way in which the legal approach precludes the technical
approach.

I mean, you're right, this has been a problem for ages and you personally
yelled really loudly and quite appropriately at them for it, and I really wish
WMF had moved forward sooner. But if yesterday was the best day to act, then
today is the next-best day.

~~~
copsarebastards
CAs aren't the only possible point of failure.

Simply by obtaining private keys for Google/Facebook/YouTube/Yahoo/Baidu, the
NSA can passively decrypt a HUGE percentage of the world's traffic. Any server
encrypting for Google will need to have these keys so it's quite difficult to
keep all these servers secure, and given the keys' values, the NSA would have
no trouble budgeting infiltrating companies to get them.

~~~
davidgerard
Absolutely, I was just giving one example.

~~~
Sremobeekik
It's' simple love. .m

