
NSA phone surveillance program likely unconstitutional, federal judge rules - ferrellw
http://www.theguardian.com/world/2013/dec/16/nsa-phone-surveillance-likely-unconstitutional-judge
======
bradleyjg
To put it mildly this is the first step in a long, long path.

District courts have the final say in the vast bulk of routine matters that
never get appealed, and they can play an influential role in setting the
presumptive factual record in high profile cases destined for appeal. But in a
high profile case destined for appeal that largely turns on interpreting the
Constitution, this court was mostly a gatekeeper. In other words, if the
district court had ruled the other way, maybe that would have been the end of
the story. Given that it ruled as it did, this will certainly be heard by the
Court of Appeals for the District of Columbia (possibly by one of the judges
appointed by Obama now that the filibuster has been weakened), and then if the
petitioner wins there, either by the full DC Court of Appeals en banc, or the
Supreme Court, or first one then the other. If _Smith v. Maryland_ is to be
overturned, it will be the Supreme Court that does it, not a district court.

Still, I wish the plaintiffs the best of luck.

For further analysis keep on eye on fourth amendment guru Orin Kerr. His first
post describing the opinion is already up:
[http://www.volokh.com/2013/12/16/judge-leon-enjoins-nsa-
tele...](http://www.volokh.com/2013/12/16/judge-leon-enjoins-nsa-telephony-
metadata-program-larry-klayman-lawsuit/) and he says another with analysis
will be coming soon.

~~~
thucydides
> If Smith v. Maryland is to be overturned...

The Supreme Court wouldn't necessarily be deciding whether _Smith v. Maryland_
should be overturned, but whether NSA collection of phone/SMS metadata can be
_distinguished_ from _Smith_. The district judge here presents some excellent
arguments that _Smith_ is fundamentally different, and I was disappointed to
read Professor Kerr's very sloppy analysis, given how excellent his Fourth
Amendment coverage usually is. Perhaps he did not have a chance to read the
case carefully.

Brief background on _Smith v. Maryland_ : In _Smith_ , a robbery victim
complained to police that she was continually receiving threatening and
obscene phone calls. The phone company installed a pen register at police
request, without a warrant or court order, to record metadata for about 2
weeks; this revealed the phone numbers of all subsequent callers to her home.
It also revealed that Smith made another harassing phone call. In short, the
Supreme Court ruled that, in the process of calling, Smith voluntarily
transmitted the phone numbers he dialed to the phone company, information he
and everyone else know are commonly stored as business records, so he had no
reasonable expectation of privacy in the numbers dialed. Therefore, the Fourth
Amendment didn't apply.

Contrary to Professor Kerr's blog post, the real reasons Judge Leon thinks the
NSA's metadata collection is different are quite compelling. Here's my summary
of his reasons from pages 42-56:

1\. _Smith_ surveillance was only for 2 weeks; NSA surveillance is for as long
as terrorism lasts in the United States (forever?)

2\. Previous case law supports a distinction on the basis of time length: In
_US v. Knotts_ (1983), the Court said police use of a tracking beeper on an
automobile does not implicate the Fourth Amendment because we have no
reasonable expectation of privacy in our movement on public streets. But last
year in _US v. Jones_ , the Court distinguished _Knotts_ , which was about
short-term tracking, saying that police installation of a GPS device on
Jones's car for a _month_ was too long and violated Jones's reasonable
expectation of privacy.

3\. In _Smith_ there was no indication the phone records would be kept; NSA
keeps phone records for 5 years

4\. _Smith_ was a one-time, targeted request; the NSA program is a daily, all-
encompassing, indiscriminate dump of phone metadata. Leon: "It's one thing to
say people expect phone companies to occasionally provide information to law
enforcement; it is quite another to suggest that our citizens expect all phone
companies to operate...a joint intelligence-gathering operation with the
Government."

5\. The _Smith_ Court did not foresee in 1979 the "almost-Orwellian
technology" the NSA is using to track and store hundreds of millions of
Americans' phone data.

6\. "Most importantly," the nature of the information in our telephony
metadata is much different.

7\. Phones are ubiquitous and much more frequently used, so metadata reveals
more about our private lives and implicates a bigger privacy interest than in
1979.

8\. SMS metadata reveals who we wrote to, information that would not have been
available in 1979 phone metadata when we had to write letters.

Judge Leon's conclusion, which I think is compelling given the foregoing: "I
cannot navigate these uncharted Fourth Amendment waters using as my North Star
a case that predates the rise of cell phones."

~~~
bradleyjg
I see you are an attorney, so I'll skip the detailed explanation of vertical
_stare decisis_ and simply point out that Sotomayor joined Scalia's opinion in
_Jones_ , which commanded a majority and was the opinion of the Court.
Therefore, the holding of the case has to do with the continuing validity of
traditional trespass as a fourth amendment search, and the mosaic theory in
the concurrence is dicta. I personally find it compelling, but I'm not a
District Court judge bound by the strictures of precedent.

Nothing in _Smith_ itself or it's Supreme Court progeny indicate that the
length of time the government intends to keep information that it found the
people have no reasonable expectation of privacy in is of constitutional
moment. Nor the number of phones, or how frequently they are used. As for SMS
and writing letters, it is the Court's allowing the government to collect mail
metadata (the envelope info) that got this entire line of precedents started.

If this had been an email case, I'd be right there with you. I don't think the
device that the government wanted to install in the Lavabit case is
sufficiently similar to a classic pen register to be covered by _Smith_ , and
I think the third party and his representations matter with respect to
customers' expectations. But here we have telephone records as collected by
telephone companies. _Smith_ is squarely on point. Limiting _Smith_ to 1979 is
tantamount to overruling it, not distinguishing it.

Judge Leon doesn't like _Smith_ , I get that, I don't either. Fortunately or
unfortunately, neither if us is on the Supreme Court. (See also, Reinhardt, J.
any opinion.)

~~~
thucydides
It's possible to distinguish _Smith_ as inapposite without throwing away
_stare decisis_. The term of surveillance (forever), the breadth of
surveillance (almost every American), and the greater privacy intrusion
(because of cell phones' ubiquity and because we use them more frequently) all
make NSA surveillance very different from _Smith_.

And as far as the length of surveillance goes, Kerr's pointed out that 5
justices in _Jones_ (the 2012 GPS case) signed onto the idea that long-term
GPS monitoring of a car counts as a search even if short-term monitoring does
not.

------
tokenadult
Larry Klayman is an interesting plaintiff in this case.[1] He was a career
Justice Department prosecutor during the Reagan administration and worked on
the successful antitrust case against the former ATT telephone monopoly.
Another article[2] agrees with the article kindly submitted here in reporting
that the United States district judge (appointed by President George W. Bush)
has stayed his ruling, pending a very likely appeal by the federal government,
but it is clear that he thinks the current surveillance program is too broad
to be constitutional based on the testimony at trial. That's good legal work.

The link to the full opinion of the district court[3] loads very slowly just
now, presumably because many readers are trying to access it.

AFTER EDIT: A legal blogger has put up a copy of the court opinion on a page
that loads rapidly.[4]

[1]
[http://www.freedomwatchusa.org/klayman](http://www.freedomwatchusa.org/klayman)

[2] [http://www.reuters.com/article/2013/12/16/usa-security-
rulin...](http://www.reuters.com/article/2013/12/16/usa-security-ruling-
idUSL2N0JV1DT20131216)

[3] [https://ecf.dcd.uscourts.gov/cgi-
bin/show_public_doc?2013cv0...](https://ecf.dcd.uscourts.gov/cgi-
bin/show_public_doc?2013cv0851-48)

[4] [http://www.lawfareblog.com/wp-
content/uploads/2013/12/Klayma...](http://www.lawfareblog.com/wp-
content/uploads/2013/12/Klayman.pdf)

~~~
dragonwriter
> Another article[2] agrees with the article kindly submitted here in
> reporting that the United States district judge (appointed by President
> George W. Bush) has stayed his ruling, pending a very likely appeal by the
> federal government

Note that staying a decision pending appeal is the norm, to preserve the
_status quo_ until a final resolution. There _are_ exceptions, but it is
usually not noteworthy (even if it is frustrating to those who support the
decision that is stayed) that that has occurred.

------
wpietri
From the article: "The judge, Richard Leon of U.S. District Court in
Washington, said that the NSA relied on 'almost-Orwellian technology' that
would have been unimaginable a generation ago, at the time of a landmark
Supreme Court decision on phone records."

I disagree strongly! The NSA's technology would more properly be called super-
Orwellian. Two-way TV, hidden microphones, and steaming open your mail is
nothing compared with what the NSA can do.

~~~
salient
I was just thinking today - we're about to start using "smart light-bulbs" in
a few years. Lightbulbs with Internet connections, that can potentially record
everything we say anywhere, even in real world (unless they are doing that
already with idle cellphones).

If we don't stop this now, and don't make it explicitly illegal, and actually
punish the people involved (otherwise they's no downside to continuing it),
then it will get a lot worse in the future.

Also, how can US law be so asymmetrical? It's illegal to look into someone's
mail, which just includes _one single conversation_ , but it's not to look at
someone's real-time conversations for a long time, which can include all sorts
of topics, and then multiply that by millions of people.

If looking into just one mail conversation is illegal, how come mass
surveillance isn't immediately seen as _massively illegal_?

~~~
pyre
The government's position is that collecting the data isn't surveillance until
a government employee actually _looks_ at the data. E.g. the idea is that you
collect a huge pool of data, and then get individual warrants to go spelunking
in it.

~~~
daenz
> and then get individual warrants to go spelunking in it.

And that warrant is obtained whenever, in the future, that that person opposes
the national interests. Then it's like you've been spying on them all along.
Retroactive wiretapping!

~~~
rhizome
McCarthy and Hoover's wildest dreams realized.

~~~
pyre
Don't knock McCarthy. If it wasn't for him then China wouldn't be on the Moon!

~~~
bayesianhorse
How do you know China actually landed on the moon?

(Just kidding...)

------
saosebastiao
Cool. Now just let us know when the criminal trials begin.

~~~
dkokelley
For a criminal trial, a specific law must be broken. We can't retroactively
prosecute violators under a new interpretation of the law.

On the other hand, I would like to see a serious investigation into the NSA's
behavior conducted, possibly with top jobs on the line.

~~~
salient
Ok, how about the law that makes it a felony to lie to Congress. Let's start
with that one!

~~~
bmelton
That law already exists[1]. Also, Clapper could potentially be held in
Contempt of Congress[2].

[1] -
[http://en.wikipedia.org/wiki/Perjury](http://en.wikipedia.org/wiki/Perjury)

[2] -
[http://en.wikipedia.org/wiki/Contempt_of_Congress](http://en.wikipedia.org/wiki/Contempt_of_Congress)

~~~
Myrmornis
Right so is any action being taken against him? This has seemed fairly clear
cut from the time of the first Guardian/Greenwald/Snowden release.

~~~
bmelton
Not really. A bunch of tea partiers sent a letter suggesting that he resign or
be held on perjury charges, which prompted him to apologize. His apology
asserted that he forgot about the existence of the PATRIOT Act, which is why
he accidentally said what he said, on accident.

------
rayiner
I don't think this decision will hold up on appeal. From the article:

Basically, the judge found the on-point Supreme Court precedent to be
inapplicable based on changes in technology in the intervening time:

"Leon wrote that the government was justifying its counterterrorism program
based on a 34-year-old Supreme Court precedent that has been eclipsed by
'technological advances and a cell phone-centric lifestyle heretofore
inconceivable.'"

It's very worthwhile to read the case that is discussed (Smith v. Maryland):
[http://scholar.google.com/scholar_case?case=3033726127475530...](http://scholar.google.com/scholar_case?case=3033726127475530815&q=smith+v+maryland&hl=en&as_sdt=6,39)

Pay specific attention to the discussion starting at the end of page 743
("Second, even if petitioner..."). That reasoning doesn't seem any less valid
to me today than it was 34 years ago. It's an easy, clear rule: "private"
means private, not "private but shared with my hundred closest sysadmin
friends at AT&T or Google."

~~~
guelo
IOW, you don't believe privacy should exist at all in the digital age. Others
disagree.

~~~
rayiner
The issue isn't whether privacy should exist in the digital age. The fact is
that it doesn't, or at least not as we have understood it for all of these
years. Something that dozens of sysadmins at Google can read is simply not
private within traditional definitions. The real issue is whether we can
create a practical pretense of privacy: treating data that isn't private, as a
matter of fact, as private as a matter of law.

------
rdl
It's really interesting reading about the main plaintiff, Larry Klayman
[https://en.wikipedia.org/wiki/Larry_Klayman](https://en.wikipedia.org/wiki/Larry_Klayman)

I'm curious if he's more motivated by NSA-as-a-tool-to-attack-Obama or the
merits of the case itself. Beggars can't be choosers, but still pretty strange
to be in a position to back someone tactically on one issue while probably
opposing most of the rest of his agenda.

~~~
leokun
As a liberal who supports social justice, the social contract, and health care
reform and the like, it feels really weird to find myself cheering
Freedomworks and tea party types on when we agree on something.

~~~
shubb
From the outside, the way American politics divides people is strange. The
psychology of republicans vs democrats, tpartiers vs big staters seems more
like the supporters of a sports team.

When you support a sports team, if your player blatantly breaks the rules, you
curse when he gets penalized. However badly they perform, you say they are
unlucky and will win next season. When you watch a match with other fans, you
feel like you are part of a clan, you feel a sense of belonging. Some people
support terrible teams because they like that feeling, and they enjoy getting
angry at the other team and its supporters. Sometimes they enjoy it so much
they have riots, or at least a punch up.

I'm not saying America is unique, and the... sad cynicism you see in other
countries is it's own evil. It's just a bit scary watching the fate of the
world be decided like a bar room sports argument.

I guess this comment is a dumb generalization, but that debt ceiling thing
really freaked me out.

~~~
Hemospectrum
> From the outside, the way American politics divides people is strange. The
> psychology of republicans vs democrats, tpartiers vs big staters seems more
> like the supporters of a sports team.

That's _exactly_ what it's like, and the worst thing (in my opinion) is how it
has spread to every facet of American life, so that arguments over _factual
information_ are seen the same way. The country as a whole is far more
concerned with winning or losing than with the actual significance of the
"field" on which their "team" is "playing."

Mind you, given how central sports is to American lifestyles[1], it's not like
nobody could have seen this coming. But that doesn't reduce how dangerous it
is.

[1] Walk into any American high school. Chances are, the walls are lined with
football trophies, and the faculty's letterhead is plastered with logos for
the resident teams. The social hierarchy of the students revolves around the
star players. Outcasts are called "losers."

~~~
rprospero
Your experiences with high schools are different than the ones I've
encountered. The social hierarchies aren't oriented around the sports team,
but rather the standard hierarchy with the wealthy at the top and the poor at
the bottom.

Granted, there's some variation, and being athletically talented or
aesthetically pleasing can move you up the hierarchy, but being poor and
having both of those traits will only raise you as high as the ugliest,
clumsiest, wealthy student.

In four years of high school, I could only ever name one basketball player and
that was only because he was my debate partner is speech class. I never knew
who the quarterback on the football team was, despite hearing of some
impressive victories. I was far more aware of the less popular sports (e.g.
track, tennis, gymnastics), precisely because the team members in those sports
came from higher income families and thus had more popular athletes.

~~~
simonholroyd
I'm not disagreeing with your point regarding wealth, but football is the most
popular men's high school sport (by participation) in the country so your
experiences aren't likely the norm. Also track, tennis and gymnastics are
mostly individual sports so they're less likely to be the ones driving the
same level of school-wide support and pride (logos on the masthead, trophies
in the hall, etc).

Also HN readers might be unlikely to have had the average American high school
experience.

------
ics
I don't suppose they'll use the same definition of 'related' while destroying
data as when they actually collected it.

------
mratzloff
> The judge, a conservative, ruled that the NSA must remove from its records
> data related to two Americans who filed suit to stop the program.

Since Groklaw was KIA, can someone with a better understanding of the law
explain if this applies to all Americans, or only those two who brought the
suit?

~~~
direwolf
EDIT: I looked at the opinion a little more closely, though I still haven't
read it in its entirety. The judge's order only "(1) bars the Government from
collecting, as part of the NSA’s Bulk Telephony Metadata Program, any
telephony metadata associated with their personal Verizon accounts and (2)
requires the Government to destroy any such metadata in its possession that
was collected through the bulk collection program."

So by its terms, the judge's order only applies to these plaintiffs. However,
if the opinion is upheld on appeal (see below), it seems unlikely that the NSA
would continue the bulk program against anyone without individualized
suspicion. If the opinion is upheld it would indeed be very easy for anyone
else to sue and get a similar order.

EDIT 2: Footnote 69 of the opinion confirms that it applies only to two
plaintiffs, Larry Klayman and Charles Strange. Other plaintiffs did NOT get
relief, apparently because they didn't prove they were telephone subscribers.

\-------------------------------- ORIGINAL COMMENT

I have a law degree from Stanford, but I have not read the opinion in its
entirety, so this is quite possibly premature. The judge ruled that the
program is unconstitutional. Typically, the remedy for such a ruling would be
for the judge to enjoin the program. That would prohibit the NSA from
continuing surveillance against everyone, not just the two plaintiffs.

However, the judge stayed his own ruling, meaning that he will not issue an
injunction at this time. He did that to let the government appeal, which it
will undoubtedly do. In other words, the ruling will not take effect unless
and until it is upheld on appeal. The case was decided in the District of DC,
so it will go to the DC Circuit, and (potentially) the Supreme Court. So it
could be a long time before it has any effect at all.

Regarding Zikes's comment, unfortunately a district court court opinion has
little precedential value. It is not binding on other federal district courts,
even within the district where it was decided. It may be persuasive, and it
can certainly be cited, but it has no power to bind other federal courts. If
it is upheld by the DC Circuit, it will carry a lot more weight.

------
SimonStahl
Nice, but this only applies to americans. They are still allowed to gather the
data for the whole rest of the world!

------
001sky
_“The government does not cite a single instance in which analysis of the
NSA’s bulk metadata collection actually stopped an imminent attack, or
otherwise aided the Government in achieving any objective that was time-
sensitive in nature.”_

------
BrandonY
Edward Snowden on this ruling: "Today, a secret program authorized by a secret
court was, when exposed to the light of day, found to violate Americans'
rights. It is the first of many."

Well said, sir.

~~~
aagha
Mind me asking where you found this quote?

~~~
bendoernberg
[http://www.nytimes.com/2013/12/17/us/politics/federal-
judge-...](http://www.nytimes.com/2013/12/17/us/politics/federal-judge-rules-
against-nsa-phone-data-program.html?pagewanted=1)

------
a3n
No problem, the NSA and whatever administration happens to occupy the
Whitehouse at the moment will just re-interpret the ruling as if it ruled that
the program _is_ constitutional.

We used to say that whoever wins the war writes the history. But the war on
terror will never be won, by definition and design. The NSA probably cares
fuckall who writes the history books anymore. They want the dictionary.

------
Aloha
I have mixed feelings about this.

Some of the metadata in my opinion is obviously OK to collect - the stuff that
would have been captured by a pen register decades ago - Who you called, who
called you, how long you talked - this stuff, which is otherwise known as call
detail records it available to nearly everyone who works for the telco and is
not really what I would consider private.

Other stuff - like Geolocation data is in my opinion clearly not OK to collect
- it constitutes an unreasonable encroachment on privacy, normally to track
someone historically a warrant must be obtained first, and it required
probable cause, I see no reason why a lesser standard should be applied here.

I don't consider blanket recording of calls to be acceptable, but I don't see
that as something that has been happening, at least on domestic to domestic
endpoints (it's not really technically feasible to do with the way the
telephone network is structured), its a bit easier to record calls going to
international endpoints because of the structure of the PSTN - VoIP is its own
deal, and YMMV on weather you can actually capture those calls or not.

I don't want to see us throw the baby out with the bath water as it were, nor
do I want the unreasonable encroachment on privacy to continue.

~~~
Laremere
I disagree. I interned twice at a telco, and while I had access to a bunch of
information in databases as a developer, I had no access to call records, and
in general you didn't have access to it unless you needed it for work. The
problem is as I understand it, the NSA currently has the view that if a
corporation has access to it, then it's not private and they get free reign.
It's not that I don't expect Google to have my gmail records, or my phone to
have call records and geolocation. Those companies can use that data to
improve their services to me. It's when the NSA decides that they have access
to all of this information from all these companies is when I have a problem.

~~~
Aloha
Different companies, different policy, I worked in customer care, and later in
a quasi-engineering role. In both cases, and two different companies I had
full access to customer CDR's.

~~~
modeless
Which two? I'd appreciate being able to avoid those companies.

~~~
Aloha
It's really all of them - If your doing a job that involves either customer
care, or resolving call based issues, you have the ability to: See call detail
records, sometimes capture voice calls to and from that subscriber, capture
signalling data in realtime, track a mobile user in call thru the system for
the purposes of finding defective network elements.

There is a good reason why we had these abilities, they were essential to
resolve and troubleshoot user reported issues.

For example, if a customer reported troubles or call quality issues calling
202-555-1212, I needed to be able to pull their CDR's so I could determine
which outbound trunk group the call went out on, so I could report it to that
carrier to see if they could resolve.

~~~
modeless
> There is a good reason why we had these abilities

Bullshit. Systems can be designed to allow troubleshooting and problem
resolution without giving broad access to user data. Telecoms are just too
lazy to do it. They have local monopolies, so they just don't need to care.

~~~
MichaelGG
I've written tools for VoIP companies for diagnostics. The most helpful system
is one that logs everything and has it available on-demand. The one I wrote
literally recorded and indexed every call-related packet (except audio) and
records were kept indefinitely. This is network-level traffic. It reduced
time-to-resolution by at least an order of magnitude, since a ticket to the
effect of "this weekend someone at the office called someone in Germany and it
didnt work" could find out exactly what happened.

Apart from that, call detail records (CDRs) are available to many people in a
telecom. And it doesn't matter if you trust your telco, because they probably
hand off traffic to others in many cases. Even large companies like AT&T deal
with very scummy third-parties to get the cheapest prices to place calls. (I
know that first hand, because sometimes people sell call capacity they don't
have. Instead of completing the call, they answer and play a fake recording of
someone saying "wait a sec". Once, when dialing from my AT&T cell, I got the
same exact recording I had PCAP'd from some third-rate provider.)

Unlike email, where you don't need to provide access to email records in most
cases, CDRs are needed for all aspects of billing. While your complete profile
may be relatively safe in a large company with internal controls, depending on
your calling patterns, you may very well be leaking a lot of details to many
third parties you've never heard of.

Edit: You could theoretically add all sorts of controls and access-
limitations. There's really zero benefit to doing so. Plenty of companies
still rely on techs being able to run tcpdump on a mirror port or server in
question.

~~~
modeless
> You could theoretically add all sorts of controls and access-limitations.
> There's really zero benefit to doing so.

Wow. That, right there, is the problem. You don't have to care about other
people's privacy, so you don't. You're not accountable, and neither are the
companies you work for.

I hope there's a disgruntled insider at one of the companies that uses your
tools, and they vacuum up all the data they can find and leak it. Maybe a
public scandal could make you care, if it affected your bottom line.

~~~
MichaelGG
Hah. I don't mean to be condescending, but the security in telecom is
laughable. I've tested nearly a dozen systems and networks, and in every case
never had to spend more than a day getting root. (I'm sure there are decently
designed ones, but that's not the common case.)

I had the CTO of one of the major switch vendors tell me that "buffer
overflows aren't a problem, unless maybe the network is very fast". This is a
company that markets an edge device with security being one of the main bullet
points.

Not to mention, I'm willing to bet in many datacenters, you could literally
just walk in and take disks out of machines. If they've got RAID and no
alarming on RAID (not too uncommon) no one will even notice. Sure, some places
have solid cages or require escorts. But a lot of colo space is relatively
unmonitored and so long you look like you belong there and get past perimeter
security (as easy as renting 1U in the same place, often) you're totally in.

And the sad part? To my knowledge, these attacks aren't that widespread. Why?
Because there's even lower-hanging fruit that's more lucrative to hackers.

Anyways, to your point: How would this access control work? How are you going
to verify a CSR actually got a call from a specific customer? How much effort
are you going to put in verifying that data? This is an industry where tons of
money is charged and moved around based purely on emails received, with zero
verification. Also remember that full wiretap capabilities are a federal
requirement (CALEA). So somewhere, they'll have a system that can turn on
lawful intercept. That avenue is probably ripe for abuse.

You're right in your overall sentiment. The FCC and federal government should
enact privacy laws and force companies to internalize this externality. Until
they do, there's little reason to make it any more difficult for support to do
their job.

~~~
Aloha
Reminds me of a linux based edge router/SIP ALG product we used at a former
employer if you put it on a 20 meg or faster symmetrical pipe, it would fall
over, and eventually hardlock. Bugs in the drivers and a lack of hardware
acceleration for the ethernet cards.

~~~
MichaelGG
A popular ISP in one country shipped default DSL modem/routers with a SIP ALG
on that didn't work. But not just the normal "totally screwing SIP up" but the
alarm light would go on and the modem would be dead until power reset. On any
SIP packet. This was over 6 years ago, but I think it was a ZyXEL.

~~~
Aloha
the ZyXEL Modems were horrible in general. My preference was to use an
Innoband 8012 and let the customer get their own router.

------
undoware
It will be interesting to see what happens to the judge. 'Parallel
construction.'

~~~
adventured
They have a severe momentum problem.

This one judge is the least of their worries. There are a dozen more federal
cases coming over the next few years (the one going on in NY right now for
example, by the EFF or ACLU, forget which).

All the momentum is strongly against the NSA, and the Snowden documents will
continue to apply an endless wall of pressure. They likely won't get a chance
to breathe in terms of making themselves look good (short of maybe a false
flag to save the day).

Obama is about to meet with 'Silicon Valley' to try to deal with that fire.
Whether it's meant to pacify them or to actually act on their marching orders
(money rules), it points to the fact that the NSA & Co. are struggling non-
stop to contain the wild fire.

~~~
aagha
I don't know. I don't think NSA & Co. give a crap! I think they think a lot
along these lines:

Son, we live in a world that has walls, and those walls have to be guarded by
men with guns. Who's gonna do it? You? You, Lt. Weinburg? I have a greater
responsibility than you could possibly fathom. You weep for Santiago, and you
curse the Marines. You have that luxury. You have the luxury of not knowing
what I know. That Santiago's death, while tragic, probably saved lives. And my
existence, while grotesque and incomprehensible to you, saves lives. You don't
want the truth because deep down in places you don't talk about at parties,
you want me on that wall, you need me on that wall. We use words like honor,
code, loyalty. We use these words as the backbone of a life spent defending
something. You use them as a punchline. I have neither the time nor the
inclination to explain myself to a man who rises and sleeps under the blanket
of the very freedom that I provide, and then questions the manner in which I
provide it. I would rather you just said thank you, and went on your way,
Otherwise, I suggest you pick up a weapon, and stand a post. Either way, I
don't give a damn what you think you are entitled to.

\- Col. Jessep from A Few Good Men

------
Fando
What a sorry piece of news! A federal judge thinks that mass surveillance is
LIKELY unconstitutional? The only thing the constitution is good for these
days is wiping you ass. Even if these practices are officially ruled as
illegal, what will change? How will the oversight be conducted to prevent such
practices from continuing. In my opinion, the NSA will simply begin hiding
their operations from oversight. The biggest question is whether it is
possible at all to implement practical and systematic methods that correctly
oversee such government organizations. Is there a solution that guarantees
that it will be impossible for the NSA and the like to hide their actions
considering the almost system-wide corruption of government bodies? The
solution to this problem is difficult to imagine for this reason.

~~~
declan
Um, the judge went as far as he could given the procedural posture of the
case. He was not asked at this stage to go any further; nor could he have.

Yes, many provisions of the Constitution and BoR are widely ignored by
congresscritters, bureaucrats, and judges. But this is not one of those
examples.

------
JeffL
I suppose there is always a small amount of hope that this could actually
stick?

------
mbillie1
Glad to see this ruling, but this must be too-little-too-late by now, right?

~~~
Zikes
Certainly, the NSA is surely dug in like a tick when it comes to domestic
surveillance. Even with this ruling, I'm sure it will be years before they
actually stop the cited unconstitutional behavior, if ever.

My question is, did the process fail in allowing it to happen in the first
place, or is this correction after the fact the way the system is intended to
work?

~~~
fat0wl
"OK, now we'll _really_ stop surveilling. promise!"

they invested so much I'm sure this is how it is for good now, no turning
back. that's the screwed up thing. America seems to have a lot of sunken cost
fallacy. Once they've begun something it's easier to continue illegally than
tear it all down. Same deal with 23andme Genome stuff. Makes more sense to
them to operate illegally & take on the FDA than slow down a lucrative
business.

~~~
Zikes
I can seriously picture some sort of phased process where they stop doing one
thing, and then another, over the course of several years. It would be as a
result of this ruling or one like it, which explicitly calls out the behavior
as invasive and harmful, but they would tread on as long as they could thanks
to sunk costs.

It'd be akin to a bully with a tazer saying "Well I've already spent the past
several years tazing you several times a day and I spent sooo much on this
fancy tazer, so how about we bring that down to just twice a day for the first
year, then daily for the year after that, then every other day, and so on?"

------
tn13
That is it ? What about prosecuting the people responsible ? When are they
going behind the bars ?

------
w_t_payne
This is a significant ruling; but only one small step in a long journey. The
importance attached to our choice of destination is heightened by the ever-
changing technological landscape over which we travel.

The increasingly pervasive and omnipresent nature of public and private sector
surveillance, together with the intimate and revealing nature of the
information collected, presages a new phase in the relationship between
individual and the institutions and organisations to which our social and
economic fealty is directed.

A relationship that is far closer and far more intimate; based on an extensive
knowledge of the individual's drives, weaknesses, foibles, and personality
traits. We can clearly see a worrying potential for forced intimacy and
abusive exploitation of the relationship; just as we currently observe
(thankfully infrequent) incidents of abusive physical violence and coercion.
Perhaps the most troubling aspect of this is the potential that modern
technologies have for scalability; facilitating abuse on an industrial and
global scale, in market contrast to the inherent limitations of abusive
physical interventions.

The key factors here are the fact that the information is intimate; that the
collection is involuntary and coercive; and that the means of collection and
exploitation may be automated and deployed on a large scale.

The presence or absence of mens rea is besides the point.

------
6cxs2hd6
Yikes, what is it with 60 Minutes lately?

Sunday night they carry water for Amazon or NSA. Right before Monday, the big
day.

(My presumption: The NSA knew a ruling was coming today. Getting a puff piece
on 60 Minutes is positive spin regardless of whether the ruling turns out good
or bad for them.)

Edit: Link

[http://www.cbsnews.com/news/nsa-speaks-out-on-snowden-
spying...](http://www.cbsnews.com/news/nsa-speaks-out-on-snowden-spying/)

------
w_t_payne
The pervasive and omnipresent nature of the surveillance, together with the
intimate and revealing nature of the information revealed, presages a new
phase in the relationship between individual and state; one that is far closer
and far more intimate; based on an extensive knowledge of the individual's
drives, weaknesses, foibles, and personality traits. We can clearly see a
worrying potential for forced intimacy and abusive exploitation of the
relationship; just as we currently observe (thankfully infrequent) incidents
of abusive physical violence and coercion. Perhaps the most troubling aspect
of this is the potential that modern technologies have for scalability;
facilitating abuse on an industrial and global scale, in market contrast to
the inherent limitations of abusive physical interventions.

------
mrobot
Is there any way to tackle this at the Terry level? It seems like we can
protect ourselves more if we can explicitly eliminate the ability to
systematically manufacture terry stops based on phone calls, other behavior,
skin color, religion...

~~~
direwolf
I don't think Terry is applicable. Terry has to do with stopping a person
based on some suspicion that that person might be committing a crime. You're
quite right to point out that the suspicion required is minimal, and that it's
easy to manipulate. However, the type of search that can be conducted through
a Terry stop is limited to fairly strict justifications--the officers can
really only conduct searches to protect themselves (i.e. to see if you have a
weapon) or evidence (to prevent you from destroying it).

But what's going on here is massive, indiscriminate collection of information
on people whom the government has no reason whatsoever to suspect of any
crime. Not only that, the officer safety and evidence preservation
justifications don't apply either. NSA surveillance isn't really comparable to
conducting a Terry stop on the entire nation.

~~~
mrobot
Then what do they mean here, in this hearing, when they make such a big deal
out of how Terry applies?

21:07, 23:04, 37:00 of first session link (morning session)

[http://www.c-span.org/Events/Civil-Liberties-Board-
Reviews-S...](http://www.c-span.org/Events/Civil-Liberties-Board-Reviews-
Surveillance-Programs/10737442462/)

My interpretation was that this was the justification for three-hop data
imports based on phone selectors. Which, to me, is interpreting RAS as
allowing for stopping and frisking an entire network of people to discover
previously unknown operatives, based on suspicion of just one. If you try to
imagine how that would look in real life, it's a bit scary. Actually, racial
terry stops lean toward doing just that.

------
zmanian
We need to generate tangible evidence to the political system that the
defenders of the NSA have no credibility. Restore the Fourth SF and others
have created a mechanism for Californians to do so.
[https://shameonfeinstein.org/](https://shameonfeinstein.org/)

------
qq66
Whether one supports the NSA program or not, it's fairly clear that it's not
compatible with the 4th Amendment as understood today. The Constitution has
been amended before, if this is important it needs to be taken under the
umbrella of a Constitutional amendment.

------
jrockway
My next fantasy is to see Snowden come back to the US, be tried, and be
acquitted.

~~~
redblacktree
If the law doesn't allow it, I hope the jury nullifies.

~~~
neltnerb
Ah, but the lawyer for the government will know the personal beliefs of each
member of the jury in advance!

(hopefully kidding)

~~~
wavefunction
I know you're kidding but given what we've seen so far, I wouldn't put it past
the NSA to pack the court with stooges.

------
forgottenpass
Opinion here: [http://www.scribd.com/doc/191876642/Klayman-v-
Obama](http://www.scribd.com/doc/191876642/Klayman-v-Obama)

~~~
gaius
Got a PDF?

~~~
forgottenpass
Should be here [https://ecf.dcd.uscourts.gov/cgi-
bin/show_public_doc?2013cv0...](https://ecf.dcd.uscourts.gov/cgi-
bin/show_public_doc?2013cv0851-48) but the website has been chugging as this
is a unusually popular district court decision,
[http://legaltimes.typepad.com/files/obamansa.pdf](http://legaltimes.typepad.com/files/obamansa.pdf)
has it too.

------
bradleysmith
Here's the ruling:

[http://legaltimes.typepad.com/files/obamansa.pdf](http://legaltimes.typepad.com/files/obamansa.pdf)

------
theandrewbailey
In a rare showing, common sense has triumphed this day.

------
leokun
It's weird how the URL for this link keeps changing.

------
bayesianhorse
The government has a secret system, a machine ...

------
greyfox
"...likely unconstitutional" ya think?

------
socialist_coder
Does it even matter what the courts say? The NSA seems like it has no problems
operating outside of the law and lying when asked what it's actually doing.

------
nexttimer
No shit, sherlock.

------
amerika_blog
I support the NSA monitoring.

No, not a troll.

At this point, the USA has a ton of enemies. Filtering through emails, phone,
etc. is a good way to catch these. We need to give law enforcement the tools
it needs.

Seeing how this access was abused to hunt down Tea Party groups convinces me
that the NSA needs to be de-politicized, not shut down.

I think we'll find that this monitoring is inevitable because the technology
is there and also, since the technology is there, if it is not used and a
terrorist incident occurs, people will be held responsible for NOT using it.

~~~
GVIrish
For one, the United States has a ton of enemies because of dirty and mean
things we have done to other countries. Maybe if we fixed our foreign policy
and stopped dropping bombs on poor people there'd be less people that hate us.
That would be a lot simpler than making people hate us more by spying on them,
installing backdoors in encryption standards, spending billions of dollars on
said spying, not having proper auditing of said spying, and putting our
democracy at risk due to said spying.

As for the monitoring preventing a terrorist attack:

A. As of yet they have not been able to demonstrate that they have
successfully prevented an attack based on information they gained through the
NSA. The best they could show was that they arrested some taxi cab driver in
California who sent $8500 to some militants.

B. Even if the massive spying prevented some attacks, you have to ask, "at
what cost?" This type of unaccountable intelligence apparatus has the very
real potential to undermine our democracy and turn the United States into a
police state. In some ways that is already happening. And if you get too far
down the road towards an authoritarian government, some humanities worst
atrocities await.

Terrorists may have killed thousands in the last century, but murderous
governments have killed 10's of millions, potentially over 100 million. And
I'm not talking about war, I'm talking about state-sanctioned murder. I'd
rather take my chances with the occassional nutjob with a pressure cooker than
an oppressive government .

~~~
GVIrish
I'm not saying we need to get rid of the NSA completely, but it should be
dramatically curbed and it should have a lot more independent and transparent
oversight. From the get-go dragnet spying on Americans should be ended.

