
Silicon Valley builds spy tools, is horrified when they’re used for spying - samsolomon
http://pandodaily.com/2013/06/14/silicon-valley-builds-amazing-spy-tools-is-horrified-when-theyre-used-for-spying/
======
johnrob
This whole news story has taught me a lesson about the downside of tracking
users. I now understand why some people opt out of, say, behavioral targeted
ads: it has nothing to do with annoying ads, and everything to do with data
eventually getting into the wrong hands. The only way to prevent the misuse of
data is to not collect it in the first place.

~~~
schwanksta
You really never realized that? It's been the stated reason for people opting
out for a while now. It takes PRISM for it to sink in?

Yeesh.

~~~
mpyne
Apparently up until this point people figured that _everyone but the
government_ would have access to their data, but they were OK with that...
it's free to signup, after all!

~~~
sliverstorm
Yeah, that's all kinds of weird. For starters, what rational person would
expect that in a world where everyone but the government has access to their
data- that the government would not have access to their data?

The statement is of course a strange construct when examined literally, but
have you ever tried keeping a secret from just one person?

------
tptacek
So this is a whole piece built out of guilt-by-association. Decru, for
instance, the In-Q-Tel data storage investment, was a box that transparently
encrypted iSCSI storage networks; in other words, it was the kind of
technology that made surveillance harder, not easier.

Why would anyone believe Pando Daily's take on such a complex topic?

~~~
jessaustin
The original source of this thing seems to be NSFWCorp, which if anything is
nuttier than Pando (although never as lame). Indeed, the explicit
preoccupation with "libertarians" (as if they could be anything but a tiny
slice of SV) reads more like something Mark Ames wrote.

~~~
selimthegrim
Gary Brecher/the war nerd (John Dolan's pseudonym) is occasionally worth the
nuttery.

------
joyeuse6701
Privacy is about choice of who is privy to what information. Facebook can be
used for xyz non-pervasive feature, or it can be used for spying. If I build a
chainsaw and it's used in texas for some massacres, it is acceptable for me to
be outraged without having to defend my position on the usefulness of
chainsaws and benefits it provides to society.

I suppose by the article's line of thinking, we shouldn't have any big data
analysis and just stay in the dumb world of anecdote, after all, a tool can't
be abused if it doesn't exist right?

EDIT: I've been drinking and the original wasn't as coherent as I thought upon
third read through.

~~~
rayiner
The purpose of chainsaws is to cut down trees, not kill people. The purpose of
Facebook is to stalk you, know matter who is using the tool.

------
tzs
> If we’ve learned anything in the past few days it’s that the NSA does
> precious little of its own spying, relying instead on companies like
> Palantir and Booz Allen Hamilton.

Do we actually know, or is the writer just assuming that because they use some
outside contractors, outside contractors do most of the work?

~~~
damoncali
It is common for government agencies to farm out much of the work. At NASA,
for example, the government employees do almost no engineering work. It's all
private contractors. I never worked at NSA, but I would imagine it is similar.

~~~
mpyne
The ideal is for things that are clearly a "common business function" to be
outsourced to contractors where possible. E.g. things like janitorial
services, there's nothing inherently governmental about wiping the commodes
down.

Then you have "inherently governmental functions" such as setting and
determining policy, obligating expenditure of funds from the Treasury,
supervising other civil servants, etc. That has to be done by a Federal
employee.

Then you have stuff in-between, which typically was also done by a government
employee, except perhaps for highly specialized skills where it made sense
simply to pay someone smart to do it for you and then make decisions based on
that. E.g. how the Pentagon paid think tanks to do geopolitical analyses, and
then evaluated and used those inputs in the decision-making process.

Personally I was surprised to hear that contractors were as embedded as they
were in the NSA. Sysadmin is a common-enough function, but has to be
considered inherently governmental in the context of the _NSA_ for crying out
loud. But then we've been on a long slide toward more and more contractor
entrenchment within the halls of government for awhile now, unfortunately.

I'm hoping that if nothing else happens, at least these leaks will arrest or
even reverse that trend.

------
tlrobinson
Maybe Crockford was onto something when he added the "The Software shall be
used for Good, not Evil" clause to JSMin's license.

~~~
DannyBee
Except this clause is completely and utterly meaningless, legally.

I have trouble seeing anyone, anywhere, ever, enforcing it.

~~~
jlgreco
It actually has a great use:

Do the Debian legal people annoy you? Then why not release your software
unlicensed; they won't be 'able' to use it and other users who care less will.
Ah, but that isn't much fun... why not rile them up as well? Enter the "do no
evil" clause! By being 'open source' in such a way that they cannot use their
software, you can apparently cause a decent amount of grief.

They also seem to be good for getting amusing quips like _" IBM requested an
exception so that they can do evil with my software"_.

Do no evil clauses are great for trolling. An anti-corporate and anti-'takes-
themselves-seriously' license.

~~~
DannyBee
Sure, trolling. There is a great use of the legal system. Oh wait ....

~~~
jlgreco
Hardly even a use of the legal system, the clause would not stand up for one
second. What is _really_ being used is the victims attitudes toward the legal
system.

It sort of seems like this license may bother you. It really is good at this.

------
meepmorp
It's not just Silicon Valley. Basically all work on big data, NLP, computer
vision, etc. is making spy tools.

If you think that's not true, consider that major funders of academic research
into these areas are orgs like DARPA, IARPA, the NSA, and others. Consider,
too, that even if this research isn't funded or done by groups like these, the
fruits of that labor will be exploited by said organizations.

~~~
anigbrowl
_Basically all work on big data, NLP, computer vision, etc. is making spy
tools._

I think it would be more accurate to say that such work can be used for spy
tools. It can be used for plenty of other purposes besides, just as satellite
imaging can be used for spying but also for weather prediction, environmental
assessment, and so on.

~~~
meepmorp
> I think it would be more accurate to say that such work can be used for spy
> tools.

I think that's a distinction which lacks a practical difference. Of course
they have applications that don't involve enabling surveillance by three
letter agencies. But you're kidding yourself if you don't think that every
major advance in any remotely useful discipline isn't reviewed and employed by
these agencies.

These groups don't just hire sys admins and suits and engineers to monitor
signals, etc. They hire PhDs and researchers, both to help assess technologies
and to develop them internally.

I guess the point is, the advance of technology must inevitably advance tha
capabilities of the surveillance state.

~~~
anigbrowl
_But you 're kidding yourself if you don't think_

Oh, but I do. Further, I think it's natural and inevitable. It's ridiculous to
expect governments to artificially hobble themselves in terms of potential
just because they're governments. It's what they do with that potential that
concerns me. As an analogy, the fact that the government controls vast
arsenals of weaponry does not necessarily mean it's planning to kill everyone
else.

There's a popular meme on HN that government inevitably tends towards tyranny.
I think this is total bullshit; tyrranical government is far from unusual, but
it isn't the norm either, and the assumption that it is, is a false premise.
Or put another way, there's no good priding yourself on your skills at
Bayesian analysis if you have a habit of selecting inaccurate priors.

Edit: while I was making dinner it popped into my head that while nowadays
there's a high probability that any given terrorist is Islamic, the
probability that any given Muslim is a terrorist is, of course, quite low.
Likewise, while tyrannies are often perpetuated by governments (that is,
bureaucratic organizations as opposed to warlords or roving tribes), the
probability of a given government turning tyrannical is far lower.

------
jack-r-abbit
I'm confused. I thought Palantir's product Prism is not the same thing that
NSA calls PRISM. Has this been confirmed either way?

~~~
nashequilibrium
My advice, is wait at least 2 weeks, then start reading the news on this saga.
That is what i am doing, all i hear is snippets on tv, now i hear that the
Guardian is walking back many of their statements, Mark Andreessen just said
that he was holding judgement as well until everything becomes clearer.
Everybody else on HN are having emotional and knee jerk reactions, when we get
a solid longform peace of journalism in a few weeks, then we will get a
clearer picture. Until then i just ignore all the links here on the topic and
focus on tech.

~~~
wavefunction
The Guardian is not "walking back their claims:" the NSA slide claimed
"direct" access. Now, does it really matter if the NSA has root on the server
or if it's just some sort of mirroring/splitting scheme?

You seem all too happy to adopt the loaded language of the naysayers for
someone claiming rational forbearance.

~~~
mquander
That obviously matters a tremendous amount, both in terms of how much we
should continue to trust the companies involved and also what countermeasures
we can take.

------
kevingadd
This is a general trend you can see at work in lots of venture-connected
industries, and it's not just about surveillance.

Lots of people take gigs working on 'cool', 'interesting', terrifyingly
profitable projects at well-funded, fast-growing startups that the press and
investors both love. It looks great on their resume, they get to tell their
friends about the cool work they're doing, and they learn lots of new stuff.
Great, right?

Of course, on the other hand, lots of these startups are directly preying on
the uninformed, the mentally ill, and groups that simply can't make good
decisions, like the young. Over time eventually controls and safeguards get
added to reduce the damage done, stop those 'top customers' from paying TOO
MUCH, and staunch the blood loss from horrible churn and counteract the
consequences of short-term focused designs. Ideally, by the time these fixes
start happening and consequences start destroying revenue, these startups have
IPOd or exited and the founders and investors all exit happy and wealthy to
move onto the next gig.

Here's the thing - that whole last paragraph was describing games startups,
not the obvious evil of surveillance companies. It's almost like we gleefully
allow ourselves to be blinded to the consequences, both short-term and long-
term, of our actions, and pretend that whatever we're working on is innocent
and harmless, just because it isn't directly selling rifles to terrorists.
It's easier not to think through the consequences; to think about where our
money is coming from, to think about who's buying our products, to think about
what _using_ our products does to people's lives, and to their relationships.
To think about what those viral acquisition pathways do in the long term, to
think about what those retention and churn metrics really mean, to think about
WHY those metrics are going up or down. Most people don't think about what the
unanticipated consequences could be from storing users' address books, or
their call histories, or leaving a camera/microphone on all time, or
automatically logging conversations. It's easy not to do those things.

Because at the end of the day, the person with the clean conscience doesn't
have 50 million dollars, and if you somehow come face-to-face with the
consequences of your actions, well... lawyers don't cost that much, do they?

It's easy to look at the whole venture-funded startup industry and find the
big picture kind of exhausting when viewed with this perspective. Most of the
people starting these companies, and working at these companies - they're not
objectively bad people! Their actions, in a short-term context, are wholly
defensible - there's no reason to question them. But somehow we keep ending up
in this situation, and we're looking back, and saying, jeez, that sure hurt a
lot of people, didn't it? Or wow, how did they do something that stupid? Why
did anyone invest in them? Why was anyone stupid enough to go work at that
company that did those awful things?

~~~
lesedilino
Aaron Swartz looked back at reddit. He realized the company that made him rich
was now nothing but a mechanism to create addictions to meme-bytes, waste
time, destroy relationships, normalize sexism and racism, and literally
rekindle the Neo-Nazi movement (reddit now has the biggest concentration of
Neo-Nazis on the internet--the fanatical kind that even Stormfront won't
tolerate on their website).

If this is even the fate for something as benign as reddit, how much worse
will it turn out for people working in Big Data or directly on technologies
like facial recognition?

How many Silicon Valley technologists will look back at their work in 50 years
and have the same kind of feeling that Nazi scientists had, that Manhatten
Project physicists had, that the inventors of mustard gas had?

Whether technology will be used as a weapon in the hands of a selfish elite,
or as a tool for liberation for the impoverished and underprivileged, is being
decided now by how these technologists use their time.

~~~
CamperBob2
Yes, when you create a venue for free speech, it will -- _gasp_ \-- be used to
express various opinions and ideas you will not agree with. So?

The Nazis had no trouble doing their dirty work the last time without
Facebook, Reddit, or Twitter. These days, they have more to lose from exposure
than they would ever have to gain. The antidote to bad speech is more speech,
and that's precisely what Reddit is good for.

~~~
lesedilino
In sane countries hate speech is criminalized.

History does not support your naive view that allowing criminals to freely
congregate, organize, and recruit stops their ideology.

The Neo-Nazis on reddit have publicized the tactics they're using to normalize
racism across the internet. According to watchdog groups the Neo-Nazi movement
has grown tremendously since it was able to start recruiting and spreading
that hate ideology online.

~~~
CamperBob2
(Shrug) Who cares? Talk is cheap, even for Nazis.

Take your Orwellian worldview and peddle it somewhere else. Our history books
evidently say very different things.

~~~
CamperBob2
(FYI, lesedilino, it looks like you were hellbanned for your comment below.
This wasn't done at my request, or with my approval.)

------
strlen
The article rubs me the wrong way. I agree on principle: I wouldn't want to
willingly build technologically that I know will be used solely or principally
to circumvent the constitution and reduce individual liberty in a non-
transparent manner. Problem is, I don't see any evidence that this is what's
happening en-masse in Silicon Valley.

There is a big difference between unconstitutional spying and surveillance per
recent new stories (which is abhorrent) and the principle of intelligence work
(which is a legitimate government role of even the most minimal libertarian
government).

Accepting In-Q-Tel/CIA funding does not imply knowledge and approval of
everything that agency does. In-Q-Tel publicly and openly funding a mobile
cryptography startup has three potential implications:

1) They want to make money: they have people on staff who are capable of doing
the technical due diligence and they think they have a fairly good chance of a
return on their investment.

2) They want good cryptography software to be available to their own spies,
foreign dissidents (including foreign whistleblowers), and US
citizens/corporations that are being targeted by criminals or foreign
governments.

3) They hold a master key to this software and want to be able to backdoor all
of its users.

Problem is that if claim #3 is true and is uncovered, they risk a great deal:
loss of their investment, huge news story, and mistrust of any other software
projects that NSA has invested in (including SELinux -- which ships with many
popular Linux distributions)[1]. Note that this is security software:
extensive third-party testing is required by law for certain applications (and
is implicitly invited in most any case); even if source code is closed, the
binary is readily available and can be disassembled (revealing which open
source libraries and algorithms are used for actual encryption). "Security by
obscurity" is not a claim anyone is willing to trust, so pretty much with any
kind of security software, intense scrutiny is expected.

So given three of these potential reasons, #1 and #2 seem to be a lot more
plausible than #3.

To sum it up, this "guilt by association" article reads much like the hyper-
partisan hit-pieces I've read recently in defense of the NSA surveillance
programes ("Greenwald once wrote something for Cato Institute, Snowden donated
money to Ron Paul, both of which imply that this is clearly part of Koch
Brothers/Tea Party/Michelle Bachman/whatever conspiracy.").

[1] For a demonstration, see the scandal around Checkpoint firewall software,
which didn't even involve three letter agencies, but merely corporate
espionage...

------
bane
Palantir's PR firm must be working overtime figuring out how to deal with
this. I don't think their prism is the same as NSA's PRISM, that's too much of
a clever coinkidink, but they do make a big deal about selling their software
to, working with, and being sponsored by the Intelligence Community and all
the good and bad that comes with it.

No amount of cool looking track suit jackets or young upstart moxy can take
away from the fundamental nature of who their customers are. This is the
moment when they're going to have to grow up as a company and come to terms
with what exactly it is that they're doing, and it's not just selling nifty
software to good guy spies on our side.

If they got their panties in a bunch over a little dirty work from the US
Chamber of Commerce, then to be consistent, they'd pretty much just have to
give up their work for this.

------
tn13
Say a company builds a drone. US government buys it and then uses it to kill
the employees of that company. Can we shift the blame to the company ?

There is nothing wrong in building surveillance software. We would all love to
see the boundaries of that technology pushed.

Government's use of this software is questionable.

~~~
auctiontheory
_There is nothing wrong in building surveillance software. We would all love
to see the boundaries of that technology pushed._

We would?

~~~
meowface
(Not the person you're replying to.)

"We" is highly presumptive, but I'm sure a lot of people would. I think legal,
constitutional surveillance does have its uses and is a vital component of law
enforcement and security in many occasions. Improving that technology means
that when it is used, it'll be more effective at what it's actually trying to
do: find violent criminals and prevent violent crimes.

Of course, when you look at how China uses surveillance or how the NSA
purportedly uses surveillance, things get much more murky.

~~~
auctiontheory
My point, and I don't think I'm alone in this, is that powerful tools/weapons
will always be used for "evil" as well as good.

It is naive to say "well, let's build the perfect surveillance tool and then
trust that some government will never abuse it (against its own citizens,
political opponents, other countries, or whoever)." Such a pure government has
never existed, and will never exist, not while humans are running the show.

More succinctly: "absolute power corrupts absolutely."

------
pointillistic
There is more to this headline. The way the internet unfortunately evolved is
the devil's bargain of gathering intel on people in exchange for the targeted,
corporate ads. It's only natural to use the giant spy tools like Facebook or
Google beyond the pinpoint product placement.

~~~
drivebyacct2
The data that Facebook and Google have... have nothing to do with them trying
to get me to install gay dating apps in their sidebars. It's my pictures, my
texts, my messages, my friendships.

The important part of "the way the internet unfortunately evolved" has more to
do with the fact that we didn't have the forethought to use encryption by
default, or design the network in a truly "Free" way like other networks have
been designed since then (but of course without any fraction of the size of
the Internet)

------
jeena
It reminds me of "Michel and Webb - Dr. Death"

[https://www.youtube.com/watch?v=Skl71urqKu0](https://www.youtube.com/watch?v=Skl71urqKu0)

"The Giant Death Ray was meant to help mankind not to destroy it!"

------
CurtMonash
Nobody understands the potential of this technology except the community that
builds/markets/etc. it, plus some highly secretive government types. I.e., the
tech community needs to take a leadership role in reining in the risks.

