
Patriot Act amendment needing a warrant for browsing history fails - thinkingemote
https://www.theregister.co.uk/2020/05/13/us_spying_laws/
======
dang
[https://news.ycombinator.com/item?id=23172870](https://news.ycombinator.com/item?id=23172870)

------
badrabbit
Actual terrorists(like 9/11 type, well funded) know better than to even touch
anything digital for comms. They literally get a drone strike for having
called a known terrorist or for going to a wedding other terrorists with cell
phones go to.

For home grown terrorism, how many school shootings happen when the people who
know the shooter literally tell police/fbi beforehand about the state of the
shooter. Are school shooters not terrorists? They have a social/political
gripe and the terror is their way to get their voice out, avenge (like jihad)
or inflict change. So why are they failing so bad even after almost 20 years
of patriot act?

Politicians don't want to be blamed because they know the next terrorist
attack will happen soon and it can't be prevented,except the politicians that
gut the patriot act will be blamed for it. On the flip side,information on
voters,tracking them like this helps politicians

~~~
JoeSmithson
> Actual terrorists(like 9/11 type, well funded) know better than to even
> touch anything digital for comms

Shit like this is said all the time on HN with absolutely nothing to
substantiate it.

~~~
baron_harkonnen
I do stats for a living, and while I think it's good to back up claims with
data when possible, inductive reasoning is still a validate tool for
understanding the world.

The logic is that active, dedicated terrorist groups already know: "They
literally get a drone strike for having called a known terrorist or for going
to a wedding other terrorists with cell phones go to."

The reasoning that knowing this information you would be very careful about
what you communicate over the internet is very sound to me. To convince me
that this reasoning is incorrect would require an abundance of data to the
contrary.

~~~
kube-system
If terrorists know not to touch digital comms, then how would they get caught
by being at a wedding with other terrorists with cell phones? Do terrorists
use cell phones or not?

The claim directly conflicts with the supporting anecdote.

~~~
badrabbit
Both, they adopt. This isn't a video game you get to beat after figuring out
the enemy, unlike games real life enemies adopt to your tactics.

------
notthemessiah
When we look at the kinds of things these surveillance powers are used for,
it's a glimpse of how it's abused. Thanks to FOIA requests, we found that the
Boston Regional Intelligence Center was using their surveillance capabilities
to spy on Occupy Boston during the Boston Marathon that was bombed, despite
the ostensible aim of the center being to coordinate local and federal
intelligence capabilities and despite the FBI receiving a tip from Russia that
the Tsarnaevs were up to something. If we want to make the world safer, we
should focus on making responsible and strategic use of the intelligence we
have than to grant new powers.

[http://www.justiceonline.org/unaware_of_tsarnaev_warnings](http://www.justiceonline.org/unaware_of_tsarnaev_warnings)

~~~
nelaboras
There is probably also an issue of too much information. All these massive
efforts generate data that is barely ever used as the time and resources just
aren't there.

~~~
komali2
Reminds me of how back in 2003 we were cracking jokes about how the FBI was
still making their way through the 2000's 4chan posts.

------
foob4r
I would be surprised if many of the common public believed that warrantless
searches of anyone are reasonable, while exempting federal elected officials
from the same law.

Now's a good time to call you senator (if they voted against this) and tell
them that they fucked up by weakening your rights and freedoms.

Then, get a VPN or better use Tor as much as you can.

~~~
hansthehorse
But political candidates are not exempted. That leaves a huge area for abuse.

~~~
hedora
They’re voting on an amendment to exempt candidates for federal office from
warrantless surveillance. It is expected to pass.

That way, the executive branch can tamper with state and local elections with
impunity.

The supreme court just heard oral arguments in a case where Trump’s lawyers
argued he was allowed to shoot people for no reason in public. (Really. This
is not hyperbole.)

Presumably the next step is to (perhaps selectively) cancel elections (or some
ballots) because “emergency”, and then refusing to step down if the resulting
impeachment somehow succeeds (which it won’t).

~~~
streb-lo
I think your last point is a bit of a leap, but I agree we have seen constant
undermining of the institutions built to make the United States a free country
during this administration.

What I find most interesting is the complete hijacking of a large portion of
the conspiracy crowd such that this is all permissible to them, as long as it
keeps the Other out of the power structure.

~~~
hedora
I’m not sure it’s that big of a leap. Gore won the vote in Florida, but the
courts installed Bush. The ballots were illegally transported from Ohio to
Indiana and back, and then favored Bush in 2004 in a way that was a
statistical anomaly. Both those elections were the first I can remember where
the exit polls didn’t match the outcome of the election (and the bias was only
in crucial districts in swing states).

2016 was a total catastrophe of an election. The courts intervened in one
primary earlier this year, in bid to get a conservative judge elected. That
backfired, fortunately.

The Senate is intentionally blocking funding for election security, and now,
with COVID, they’re refusing to provide funding to allow mail in ballots in
many states.

Some of the leaders responsible for underfunding the election have publicly
said they are withholding the funding because the republicans will lose if
there is high turnout this fall.

------
btilly
A point from _Enlightenment Now_ that I wish was better understood.

Groups that use terrorism to get their way almost always fail. This should not
surprise us. Terrorism is the last available option for a weak interest group
that has no better way to make their will felt. Therefore as scary as it is to
face, the fact that they are resorting to it is evidence that they are
underdogs and we should not be surprised that they later fail.

Given that fact, the extreme efforts that we take to drive the nail even
farther into terrorism is overkill.

~~~
linuxftw
> Groups that use terrorism to get their way almost always fail.

Totally untrue. When the US used atomic bombs to level cities in Japan, that
was terrorism. The goal was to strike fear into the regime and the people for
an unconditional surrender. It was not an attack against the military or
government, it was an act of terrorism.

When the US uses drone strikes to blow up weddings, that's terrorism. They are
not actively engaged in a military conflict, even if there is allegedly some
'terrorist' they are trying to kill.

The communist revolutions in various places heavily employed terrorism.

~~~
salawat
I actually think there may be a legitimate criticism here if you define
demonstrating nuclear weapon/asymmetric warfare capability as employing terror
toward political ends and stop there. I'd tread carefully there though. That's
a lot of sensitive history you're coloring with a rather unattractive brush.
There is a lot that prevents that particular viewpoint from being convincing
without dragging down a lot of the framework of Western political discourse,
however, to the point you may find astonishingly few people willing to
entertain it. In the West, it is generally accepted that application of
violence is justifiable. Those examples you called up fit within that
justifiable envelope, in the first case, near unanumously, and in the latter
case, it fit enough for majority buy in, but with significant controversy as
well.

Point being, the label of terrorism in the eyes of Western political discourse
necessarily connotes violence of an unjustifiable or unsanctioned by the
majority nature. I'm curious on your view of the Civil War. Would the
secession and war waged by the Southern States (or by the Union retaking them)
also qualify as terrorism?

~~~
streb-lo
> Those examples you called up fit within that justifiable envelope, in the
> first case, near unanumously

I don't think this is true at all. Maybe if we define the West as America, but
even then I think that's a stretch. I can say anecdotally in my circles that
the trading of unwitting Japanese civilian lives en masse in exchange for
American military lives is looked on with disgust.

~~~
Floegipoky
I also think it's important to be aware that much of the available
intelligence at that time and reasoning behind it was classified, allowing the
perpetrators to establish a narrative that went unchallenged for decades. For
instance most Americans are completely unaware that the Japanese were actively
trying to negotiate a surrender before Hiroshima was bombed. Most Americans
are unaware that a ground invasion of the Japanese mainland was not being
seriously considered, this ignorance let the government establish the false
narrative you allude to. And most Americans aren't aware that American
leadership intercepted communications indicating that the Japanese intended to
surrender unconditionally if the Soviets entered the war, which happened on
the day that Nagasaki was bombed.

~~~
linuxftw
We had to murder them is still what's being taught in schools today. In the
USA, the ends always justify the means. CIA Black Sites? Indefinite detention?
Extrajudicial assassination of citizens? Torture?

It's okay, these people are terrorists and don't deserve any rights.

~~~
salawat
I'm sympathetic toward your reasoning; and Floegipoky also makes a good point
as well.

I've become increasingly uncomfortable with the power that classification
confers to the executive branch to shape the national discourse; but I don't
know as that will realistically change without an unprecedented shift in
Congressional _and_ Executive sentiment.

As to the narrative still being taught in schools; I certainly don't have a
great answer for that one either.

We have to teach them something, and you certainly don't have the most room
within a child's worldview for being able to address the type of nuance the
historically correct narrative creates without difficulty. At least that is
the assumption I'm led to by assuming that there is a compelling reason the
"System" has converged on the solution it has (locking the knowledge outside
of normal curricula, and requiring extra independent digging to get at the
truth of it, notionally done on the student's own initiative once they get
older).

You run into the indoctrination outcome more often than not; but you should
have an eventual consistency effect over the timescale of generations. That
doesn't seem fundamentally unreasonable to me. Pain in the ass? Yes. Fraught
with hazard to the stability of the national identity? Assuredly. However, if
we respect that we the Citizenry represent the standard bearers of national
truth, then we must be the ones to change the history books; just as those who
came before us did.

Keeping society moving along is a lot of work.

~~~
linuxftw
> I certainly don't have a great answer for that one either.

Would you be okay sending your children to an education establishment that was
pro-Nazi? Probably not.

Start treating the system for what it is: evil. Quit letting meaningless
current affairs dominate the political dialogue. Speak out against the war
criminals.

------
dontbenebby
As a practical matter who do they get this "browsing history" from? I see a
lot of people suggesting folks use a VPN.

But if they're getting the history via companies like Google, they'd link
together your records just as easily.

I see VPNs often being touted as anonymity tools, when it's my understand not
all VPNS have multiple users sharing one IP.

(Ex: it's my understanding that an Algo VPN might obscure your geographic
location, it's an IP unique to you. Not clear on how a commercial service like
Tunnelbear works - many services tout no logging but seem to stay mum on if
IPs are shared)

If any of the above is incorrect, please feel free to jump in and reply but it
looks to me like moving as much browsing over to Tor as possible is the best
move if you're worried about _anonymity_ and not simply someone owning the
wifi you are connected to.

~~~
ipnon
Pseudo-anonymity is sufficient for those whose life is not in danger (like a
journalist or dissenter). Personally identifying yourself to websites is an
optional use of the Internet, as is participation in ad networks such as
Google and Facebook. You are correct that ad networks have more information
than your ISP does. The VPN will protect you from your ISP. Pseudo-anonymity
is what protects you from ad networks.

An easy implementation is to provide no personally identifiable information
while using the web, and siloing the personally identifiable information when
necessary. 1 email for your bank accounts and unemployment registration that
uses your real name. A variety of differing emails and logins for all other
websites.

~~~
dontbenebby
>You are correct that ad networks have more information than your ISP does.
The VPN will protect you from your ISP.

So to be clear, they'd get the data from the ISP? I'm not surprised DNS
queries get saved but whole URLs is another thing.

I guess I shouldn't be surprised, but I am a little bit, that they'd expend
the $$$ to store that info longer than necessary for core business functions.

>An easy implementation is to provide no personally identifiable information
while using the web, and siloing the personally identifiable information when
necessary. 1 email for your bank accounts and unemployment registration that
uses your real name. A variety of differing emails and logins for all other
websites.

I do this + throw the banking and personal email into Firefox containers.

Guerillamail is really useful for creating stuff like a HN account though it's
sadly abused often enough many sites won't let you register using it anymore:

[https://www.guerrillamail.com/](https://www.guerrillamail.com/)

(The other issue being requiring SMS auth after an initial signup)

~~~
ipnon
It became legal for ISPs to sell their logs during the beginning of the Trump
administration. I began using a VPN consistently at that time.

------
tehjoker
No one should accept the state's justifications on the basis of terrorism for
expanding its surveillance powers. Terrorism from the middle east comes from
US imperial intervention there, if they wanted to stop "terrorism" they would
stop terrorizing the middle east. Instead, expansions of the police agency
powers are probably aimed at surveiling political targets that have become
disfavored.

The bait and switch the USG loves to use, and in fact all governments love to
use, is to point to a (possibly nonexistent) external enemy and use that to
scare the population into accepting ever increasing authoritarian measures
domestically.

------
woofcat
I'm curious at how the article implies that DoH is going do anything. I'd
imagine CloudFlare, etc. would comply with FBI requests just as much as your
local ISP.

Factor in co-operation from CDN's and really that covers a vast array of data
that the US Government could access.

~~~
quit32
For one cloudflare is a lot more reputable than most US ISPs. Cloudflare
explicitly says "We committed to never writing the querying IP addresses to
disk and wiping all logs within 24 hours."
[https://blog.cloudflare.com/announcing-1111/](https://blog.cloudflare.com/announcing-1111/)

If gov tried to force CF to change that they would likely put up a huge public
legal fight to prevent it whereas ATT / Verizon and Comcast would bend over
backwards to secretly comply while also simultaneously seeing if they could
inject some ads into the pages you visited.

~~~
lonelappde
Does CloudFlare have multiple external auditors verifying their claims?

~~~
quit32
Literally the next para in that blog - "we committed to retaining KPMG, the
well-respected auditing firm, to audit our practices annually and publish a
public report confirming we're doing what we said we would."

In addition Mozilla put them through a rigorous process when selecting them as
their default DoH provider which included them contractually agreeing to
adhere to their stated policy. [https://wiki.mozilla.org/Security/DOH-
resolver-policy](https://wiki.mozilla.org/Security/DOH-resolver-policy)

------
r3trohack3r
I don’t understand. Isn’t the surveillance program illegal? Wouldn’t this be
passing a law that would require the government follow the law?

Serious question, I was under the impression this was equivalent to
warrantless wire tapping, which was already illegal.

~~~
hedora
The executive branch (under GWB, Obama and Trump) has argued the law is
ambiguous. Since congress just considered this amendment and rejected it, it
will be harder for the Supreme Court to rule that the executive branch
misinterpreted the law when it concluded that 100% digital surveillance is OK.

We already have secret courts and indefinite pre-trial detention in the US.
This is another small step in the creation of a police state.

The precedent this vote created only took 37 votes in a chamber that is skewed
much further right than the electorate. It would take about 55% of the vote to
get the senate to be 50% democrat. That would give them enough procedural
control to stop this sort of thing (if they bothered; they didn’t under
Obama...)

This is not democracy in action. This is democracy in its death throes.

------
d0ne
Committing the initial capital to form a FEC recognized national political
party "The Privacy Party" to begin direct opposition to this and related
activities.

If you are interested in collaborating or learning more:

[https://theprivacyparty.org/](https://theprivacyparty.org/)

~~~
bgorman
What is the purpose of this party given the Libertarian party already exists
and has ballot access in all states?

~~~
brandmeyer
The libertarian party also considers taxation to be unethical confiscation of
private property, and advocates for the privatization of most-to-all
government-provided services. If either of those are anathema to you, its hard
to vote Libertarian.

------
diablo1
Define 'your' browsing history. Where I live you can buy a SIM card with cash,
load it with credit and surf on a 3G/4G network, without having to register
the SIM or attach your legal name to it in any way.

I can also encrypt my phone, turn on permanent incognito mode, disable
Javascript, and have uBlock Origin running to stop trackers. Good luck trying
to pin my legal name to a particular website visit. Then there's the fact that
3G/4G uses vague carrier-grade-NAT IPV4 addresses so countless others all
share the same IP address enabling you to 'hide among the crowd' (providing
the useragent is something common that many people use like Safari on an
iPhone5)

~~~
dgellow
> Where I live you can buy a SIM card with cash, load it with credit and surf
> on a 3G/4G network, without having to register the SIM or attach your legal
> name to it in any way.

Where is that? My experience in Europe and Thailand is that I have to sign
documents and show a proof of identity.

~~~
ryanlol
In Europe “I’m sorry, I didn’t take my passport with me, but I remember my
passport number” has had a 100% success rate for me.

~~~
mindslight
So then you're committing fraud or whatever. Once again, law abiding people
bear the burden while bogeyman-with-beard just gives a false number.

One of the general difficulties with the government threat actor is that law
abiding people have to thread the needle of both technical protection and
legal requirements.

~~~
socks
Quoting your own true passport number is not fraud. Fraud would be supplying a
fake passport number / fake passport / doctored photocopy.

~~~
mindslight
I was responding to the implication that you could just give a fake number.

------
giffarage
Between Https and VPNs, this seems ineffectual for people who actually want to
stay hidden. Am I missing something?

~~~
lenlorijn
Metadata such as what domains/ip's are contacted can still be harvested.

~~~
nickbauman
And remember: metadata is everything. It makes the actual content of the
communication discoverable and indexable. The information of what you're
saying and doing is not actionable without being able to find it / categorize
it at scale.

------
glitchc
That's unfortunate. What's Bernie's excuse?

------
duxup
I'm a bit impressed how close it was to passing.

~~~
jellicle
Don't take that for actual closeness. In many votes including this one,
Senators may want to vote against leadership but will only do so if permitted.
So if, say, 5 more Democrats had insisted on voting yes to make the amendment
pass, McConnell would have told 5 more Republicans that they were disallowed
from voting against it, and the amendment would have failed by... one vote.

The dynamic here is that Republican politicians often want to present
themselves to constituents as being against the police state or big
government, but the party/party leadership wants to pass measures such as
this. So the individual politicians are accommodated to the extent that they
don't interfere with the party passing what it wants.

You see a similar dynamic in quite a lot of votes.

TL;DR: McConnell knows how to count.

~~~
duxup
I don't doubt the premise can happen, I am not inclined to assume it is the
case automatically.

------
cryptonector
FYI, no warrant is needed to set up a pen register on a person of interest.
That's where LEOs request that the Post Office record the envelope metadata of
all your correspondence.

ISTM that pen registers not requiring warrants is reasonable -- I'm not sure
it's good for society, but it is reasonable.

ISTM that keeping track of cleartext metadata emitted by personal devices on
the public Internet is exactly like a pen register.

DNS w/ QName minimization, DoH/DoE, and preferably DNSCurve, are techniques
that can reduce the visibility of various metadata involved in gathering
browsing history.

------
malloryerik
So, this amendment lost by one vote, and Bernie Sanders didn't vote. Does
anyone know what happened? I've understood him as having been against most of
the Patriot Act since its inception.

~~~
brendoelfrendo
Perhaps it's because Section 215 is already expired and Sanders doesn't plan
to vote for its renewal, so he doesn't see a point in voting for an amendment
that makes said renewal more likely to pass?

------
gentleman11
It only needed a single additional vote to pass and Bernie abstained

------
xwowsersx
There is a typo in the title. Should be "amendment".

~~~
dang
Fixed now. Thanks!

------
bhauer
I am _absolutely_ no fan of Bernie Sanders. I disagree with him on a majority
of policy matters.

However, this popular media framing, which blames the failure of this
amendment on Bernie Sanders, is unhinged. It's not just this Register article;
you'll see the same sniping at Sanders specifically in most articles that
carry a negative opinion on the PATRIOT Act.

Being absent for the vote is shameful, sure. But how about laying the blame
somewhere more meaningful? For example, on us Californians who re-elected
Feinstein despite knowing she is absolutely abysmal on privacy. Californians
like myself _should_ carry this shame, not Sanders and Vermont voters. We
Californians are sorry for voting so blindly and continuously re-electing
terrible senators.

~~~
varjag
It failed by one vote. If he did his damn job and showed up it could turn out
different.

~~~
Floegipoky
As somebody else explained, if he had showed up to vote against it the
amendment almost certainly would have still failed by 1 vote. The party whips
would have just required one of the other "no"s to switch. The reality is that
party leadership controls exactly what gets voted on and when, and to a large
extent predetermines who is allowed to vote yes and no. The rest is just
theater.

~~~
varjag
I must be obtuse, but if it's all a theatre what's the point of him being a
senator then?

------
brenden2
I do most of my browsing in private mode anyway. I'm usually pretty careful to
never put things onto websites that I don't want people to find publicly as
well. The US has no strong privacy protections, so you should just assume that
nobody has your best interest in mind. This includes HN, Reddit, and the FAANG
giants. Although Apple is probably the only one that isn't strongly
incentivized to violate your privacy.

~~~
teddyh
> _I do most of my browsing in private mode anyway._

What do you think “private mode” is, exactly?

I’ll tell you what it is: It’s a mode where _your local web browser_ doesn’t
save its history, which only means that people who has physical access to your
device cannot see this saved history. Your ISP can still see everything of
consequence, and your DoH provider can see most of it.

~~~
brenden2
I think you may be overestimating the technical proficiency of the government.
When they talk about browsing history, they're probably quite literally
referring to looking at your web browser history. Yes, they might also
subpoena your ISP for data, but if the ISP isn't collecting it in a way that
is 100% correlated with your computer and browser (which is pretty hard with a
NAT), then they only have a weak case at best. It probably wouldn't hold up in
court.

~~~
gnulinux
I don't think you understand what's going on. Private browser has no visible
difference to server or the party listening to your communication in the
middle. The only effect it has is that it doesn't _persist_ your browser
history upon closing it.

~~~
brenden2
There's a big difference between what's possible in theory and the reality of
current practices. I think many people in this thread are missing that point.

~~~
iNate2000
Missing the point that this is already going on? Or missing the point that the
amendment to the patriot act didn't pass and that this will _keep_ going on?

