
Facebook, Microsoft, Apple Make Year-End Lobbying Push to Curb NSA Spying - jacquesm
http://www.bloomberg.com/news/2014-11-14/companies-call-on-senate-to-pass-bill-curbing-nsa-powers.html
======
xnull2guest
Since when do these companies get such a big say in _our_ Democracy? Since
when is "Facebook, Microsoft, Apple Make Year-End Lobbying Push to Curb NSA
Spying" a headline and not "American people rally the vote to stop sweeping
surveillance"?

Personally, I think it's mostly a show to bolster consumer confidence (rant
purposefully left out). But let's say it's not. Why should a handful of
private individuals be more important for the direction of legislature than
democratic consensus AND what's written into law _by the Constitution_.

A fluffy feel good piece about how the elite are on your side. Bullshit
through and through.

I'm not upset that (publicly) these corporations are against surveillance, I'm
upset that it matters.

Yes we live in a Representative Democratic Republic. But I don't remember
voting for the board of directors.

~~~
rayiner
The American people just went to the polls to demonstrate that NSA
surveillance is not something they particularly care about. If you're an anti-
surveillance civil liberties type, you might be better served backing the
companies that have dollars at stake in opposing surveillance than wait for
the voting public to come around to caring about the issue.

~~~
guelo
If you want to use that kind of dumb lazy argument you could also say that the
American people voted against NSA spying when they voted against Obama's
administration.

But what people actually voted on was a media hype alternate universe that has
little to do with any real issues.

~~~
csandreasen
I'd argue that you could lump the NSA debacle into that media hype alternate
universe that has little to do with any real issues. For the past year and a
half I've heard a lot about all of the awful things that the NSA could be
doing with the information collected (e.g. arrests, blackmail, theft, etc.)
but I have yet to actually see any evidence of an American citizen actually
being subjected to any of them. My guess is that it's because when the
newspapers don't have the evidence to back it up, they rely on narrative that
brings in the advertising dollars.

~~~
nitrogen
How about the US citizen who was killed by drone?

~~~
xnull2guest
The _two_ (non-violent) US citizens that we know about killed by drones,
knowingly targetted and killed without a trial.

~~~
csandreasen
I'm assuming that two you're referring to Anwar Al-Awlaki and his son,
Abdulrahman Al-Awlaki, since they seem to be the most famous.

Just to get some facts straight, to date there's only been one US citizen
targeted and killed by US drones: Anwar Al-Awlaki. As of last year, three
other Americans are known to have been killed by drone strikes outside the US:
Samir Khan, Abdulrahman Al-Awlaki and Jude Kenan Mohammed. None were
specifically targeted - Samir Khan was killed during the strike against the
elder Al-Awlaki, the younger Al-Awlaki was killed during a strike targeting
Ibrahim al-Banna in Yemen, and Jude Kenan Mohammed was killed during a strike
against a compound in Pakistan. All were killed by CIA drones, not DOD drones
(NSA is part of the DOD; CIA is not). The Attorney General declassified the
reasoning for targeting the elder Al-Awlaki[1], which was ultimately decided
at the Presidential level - not by the NSA.

That said, this is beside the point - when the media is stirring up a frenzy
about the NSA and civil liberties, they're not talking about CIA drone strikes
in Yemen. It's a little disingenuous to lump the two together. It also doesn't
go very far in answering my question regarding evidence of harm to US
citizens. Maybe I'm out of touch with the rest of America, but I don't see the
USA Freedom Act gaining much traction based on public outrage that 3 people
over the last decade were accidentally killed by drones while hanging out with
members of a militant group that had declared war against the US, especially
when the purpose of said bill is to limit FISA warrants and FBI use of
NSLs[2].

[1]
[https://s3.amazonaws.com/s3.documentcloud.org/documents/7031...](https://s3.amazonaws.com/s3.documentcloud.org/documents/703181/ag-
letter-5-22-13.pdf)

[2] [https://www.congress.gov/bill/113th-congress/senate-
bill/268...](https://www.congress.gov/bill/113th-congress/senate-bill/2685)

~~~
xnull2guest
Yes Al-Awlaki and his son were the civilians I was referring to.

It was my understanding that Abdulrahman Al-Awlaki was a targeted kill; I seem
to be in error.

I was not aware of Samir Khan nor Jude Kenan Mohammed.

Regarding [1]: the justification was 'immediate threat', however it appears
there was no immediate threat in the common sense usage of the term and the
justification is askew with the prior drone strike that attempted but failed
to kill him (he did nothing after the strike worthy of the label 'immediate'
or 'threat').

Furthermore squaring 'immediate threat' with constitutionally garunteed rights
is something that the administration has not done (can not do?). US citizens
are guaranteed a trial. Principles are worth a lot less if the administration
gets to decide when to apply them.

Regarding NSA v. CIA, I admit coming into the conversation without having read
the thread. I merely sought to add information to the leaf. Thank you very
much for the high quality comment and information.

Regarding damage to US citizens, one reason is that we do know that NSA
contractors and employees stalked lovers and rivals and used these
capabilities for personal means. There were also reports of nude photo
sharing.

There were also several prominent Muslim community leaders with no connection
to any terrorists or extreme ideas inside the United States who were targeted
by the surveillance apparatus merely for their religious expression. I don't
think I need to argue why profiling individuals based on their creed or color
causes harm to these classes of people.

Extending this analysis - we do not know how these systems will be used in the
future. In particular Nixon left office for spying on a handful of people.
What would a Hoover or a Nixon do with the NSA capabilities? The broader point
here is that the calculus of damage should _not_ merely be about singular
instances of damage today. It's a bad idea to build a nuclear reactor on a
fault line. Not because it has already done damage. But because of the
magnitude and the likelihood of what it may contrasted with alternatives.

Another example of damage to US citizens is the use of purposefully backdoored
services and infrastructure. It is not theoretical or speculative to suggest
that these weaknesses may be used by maligned actors: there are several
examples today of intercept systems being compromised by interested parties
for geopolitical and economic reasons.

Finally, we adhere to principles of civil liberties not just because they are
good things on individual bases but also because adopting them as policies
gives a net benefit to society (see historical evolutions of Utilitarianism
and arguments against forced organ donation). That is one could argue as
Bentham did, that rights are nonsense on stilts, except that societies that
don't guarantee these rights suffer the pychological consequences of living in
a state where no rights are garunteed. To presuppose that all damage must be
physical in nature is to be ignorant of the history of the organization of
men.

~~~
csandreasen
I'll definitely agree that the drone strikes are controversial and leave it at
that since I think it's separate topic altogether.

On the other topics you brought up: there were a total of 12 cases reported by
the NSA in the LOVEINT scandal, and an additional 3 were said to be under
investigation without further details[1]. The violations varied in severity:
of the 12 for which details were given, 7 resigned or retired, 3 others had
their clearances revoked, 1 was stripped of his promotion and given a 10-day
suspension without pay, and the last was given a written reprimand. 7 of them
had their cases either forwarded to the DoJ or their military command (or
both). Of those 12 cases, only 3 were targeting US citizens - the other 9 were
instances of NSA employees abusing the system to target foreign nationals for
their own purposes. I stress the word abuse - that's exactly what was going
on, but this is also an example of the system working to find bad apples and
kick them out. You see the same thing with cops - you expect there to be bad
ones here and there. It's the police force's responsibility to identify them
and either discipline them or kick them out; it's not indicative of systemic
police corruption.

The only report of nude photo sharing was one that Snowden said himself. He
made the claim a full year after his initial leaks and never substantiated it
with any evidence.

With regards to the Muslim targeting, if you look at the original article[2],
every one of the 5 people listed by Greenwald has "FBI" in the responsible
agency column. According to the article, there are 7485 e-mail addresses in
the list who were under surveillance between 2003-2008 by the NSA, FBI, and
CIA. Based on a survey of 5 of the individuals targeted by the FBI, Greenwald
somehow concludes that there's systemic targeting of Muslim Americans by both
the FBI and NSA solely for their religious views. He gives a half-hearted
guess as to why each of them might have been under investigation, but
ultimately leaves it an open question. I think it's intentional - he wants you
to walk away from the article thinking that because he didn't give a reason,
there must not be one. Ultimately, we may never know - several others, however
have given their own thoughts as to why[3][4].

> Another example of damage to US citizens is the use of purposefully
> backdoored services and infrastructure.

Could you provide an example of this? I think I know what you're getting at
but I don't want end up assuming wrong, put words in your mouth and waste a
lot of time ripping down a strawman.

> The broader point here is that the calculus of damage should not merely be
> about singular instances of damage today. It's a bad idea to build a nuclear
> reactor on a fault line. Not because it has already done damage. But because
> of the magnitude and the likelihood of what it may contrasted with
> alternatives.

But you don't just avoid building on a fault line because someone says it's a
bad idea - you build elsewhere because there are certain standards for safety
with regards to building nuclear reactors that have been agreed upon by
experts who are intimately familiar with nuclear engineering, and a fault line
doesn't meet the standards.

In my opinion, this is where the NSA issue really gets derailed. Most of the
articles I've read will explain the technical capabilities of specific NSA
programs without going into the policies that limit them. Snowden has stood up
and said that so long as they have the technical ability to do something, you
can't trust them to follow policy, but his disclosures have shown the NSA
auditing their collection, bringing issues up to the FISA court, removing
identifying information about US citizens from collection, etc. When no one
was looking, they were following the law. If there's been a failure, it's been
a failure of insufficient law and oversight.

And this is where I differ from most of the tech community. The solution isn't
to take away technical capability because it could be abused in the future,
it's to craft laws and policies to limit what the NSA can do with its
technical capability and provide effective oversight. I don't think anyone
from even before the Snowden disclosures has argued for less oversight.

As an analogy, the police have the technical capability to walk into every
house on the city and shoot everyone inside. But they don't - it's both
illegal and makes no sense in terms of law enforcement. For some reason,
though, everyone seems to assume that given the fact that the NSA has enormous
technical resources for gathering foreign intelligence that _could_ be abused,
without any further evidence to back up the claim they must also be carrying
out the worst possible abuse and doing so for purposes that have nothing to do
with foreign intelligence.

[1]
[http://www.grassley.senate.gov/sites/default/files/judiciary...](http://www.grassley.senate.gov/sites/default/files/judiciary/upload/NSA-
Surveillance-09-11-13-response-from-IG-to-intentional-misuse-of-NSA-
authority.pdf)

[2] [https://firstlook.org/theintercept/2014/07/09/under-
surveill...](https://firstlook.org/theintercept/2014/07/09/under-
surveillance/)

[3]
[https://www.centerforsecuritypolicy.org/2014/07/09/misleadin...](https://www.centerforsecuritypolicy.org/2014/07/09/misleading-
claims-by-greenwald-and-new-york-times-on-nsafbi-spying-on-american-muslims/)

[4] [http://news.investors.com/ibd-
editorials/071514-708936-snowd...](http://news.investors.com/ibd-
editorials/071514-708936-snowden-mouthpiece-shills-for-islamist-terror-
targets-of-fbi.htm)

~~~
xnull2guest
Thank you again for taking the time to write an well formed response.

Regarding LOVEINT and nude pictures. I think it's difficult to evaluate
whether the punishments are actually worthy of the abuses and it's hard to
know what the culture inside the NSA is, and it is also hard to know how
widespread these abuses are and what affect they may have. They are examples
of citizens being hurt by the programs, but agree that they are not (AFAWK)
examples of systemic abuse.

I agree that the trading of nude pictures was asserted without evidence. I
don't know what internal documents they would keep on that, and Snowden has
thus far been a very well-spoken and trustworthy source of information. I
won't claim it as a fact, but this sort of thing feeds into my last point from
the last thread.

> every one of the 5 people listed by Greenwald has "FBI" in the responsible
> agency column

Left hand, right hand. The FBI, NSA, CIA, DOD, CSS, etc work with one another.
Did the targeting utilize information or capabilities from the NSA?

I would be very interested if the Muslim leaders turned out to be connected to
terrorism. They have not been arrested if they are associated with terrorism -
I'm not sure what to make of that besides they are just being watched for
their prominent role as community leaders.

Overall point regarding Greenwald. He is an advocate for adversarial
journalism. He will accuse the government of more than is certain in an
attempt to provoke more information/clarification or force them to contradict
themselves (as happened frequently at the start of the Snowden disclosures).
People feel differently about this. I feel that it is necessary to combat the
_other_ side of journalism which trades media spin and coverage for access and
sources and shows its belly to USG on the regular.

> Could you provide an example of this?

Yes. I'm going to copy a list from a Bruce Schneier post
([https://www.schneier.com/blog/archives/2014/10/iphone_encryp...](https://www.schneier.com/blog/archives/2014/10/iphone_encrypti_1.html)).

* The Greek cellphone intercept system was attacked by an unattributed group.

* The Italian cellphone intercept system was attacked similarly.

* China hacked into the Google's US Government request system.

* The Syrian Electronic Army hacked into Microsoft's FBI data request group.

* The US cellphone intercept system has been hacked by unattributed groups.

> And this is where I differ from most of the tech community. The solution
> isn't to take away technical capability because it could be abused in the
> future, it's to craft laws and policies to limit what the NSA can do with
> its technical capability and provide effective oversight. I don't think
> anyone from even before the Snowden disclosures has argued for less
> oversight.

I think we'd agree here, but we'd likely disagree on what is reasonable. As
things currently stand all data is sucked up and kept for longer than 5 years
for later inspection. I think it's reasonable for the intelligence community
and law enforcement to track individual users, but I do not think it is a good
idea to track everyone all the time and limit only by policy and paper what
can be inspected.

I find that surveillance, be it by law enforcement, management at my company,
my parents, or by a stalker to impede on my right to be secure in my person. I
find that legal compulsion for some private individuals to keep files on other
individuals is a circumvention of the spirit of the law - and in fact one
applied by the Stasi.

The difference between in-house operations, hiring of private surveillance
contractors and legal compulsion on private citizens is a blurry one to me.
"No means no."

I also find it 'dirty' that the FISA court ( _Foreign_ Intelligence
Surveillance Court) should have any say in domestic issues at all. They do not
represent the Constitution nor are they are not subject to a system of checks
and balances outside of self-policing (I am aware of the review panel
suggestions regarding this).

> For some reason, though, everyone seems to assume that given the fact that
> the NSA has enormous technical resources for gathering foreign intelligence
> that could be abused

Provided fairly recent systemic abuses of intelligence power (COINTELPRO, etc)
I don't think these reactions are particularly absurd. Similar to how
journalism may have to be partially adversarial, so does the relationship of
men to their governments. Men need to ask what is being done, how it is being
done and why it is being done. They need to demand honestly from their
governments.

I would also ask that you reply to my last point regarding principles (the
'organ donation' one).

Finally, there are some other examples of individuals who have been harmed.

The founder of Lavabit certainly was harmed for providing an email service -
his business is now forever underwater and he was served to go to a jury-less
court (with all the stress and financial requirements therein).

The CEO of Qwest (Nacchio) claims that (both personal and business-scale)
leverage was used to force the direction of his company and resulted in his
indictment and arrest.

------
cowpig
I find this article interesting in that it describes a direct clash of motives
between two major systematic problems in American government at present:
corporate capture of politics, and the runaway NSA.

What needs to happen is for both of these forces to be curbed, before they
find a compromise that I don't expect to be in the best interest of the
people.

~~~
declan
> corporate capture of politics

If you look at which companies can actually make things happen in DC[1], it's
the ones that are regulated (the reasons for this should be obvious with some
thought). Those are not Silicon Valley companies, by and large, but
telecommunications firms like AT&T and VZ.

And it's those telecommunications firms that have long-standing surveillance
"partnerships" with the NSA, according to leaked Snowden docs, which I wrote
about last year here: [http://www.cnet.com/news/surveillance-partnership-
between-ns...](http://www.cnet.com/news/surveillance-partnership-between-nsa-
and-telcos-points-to-at-t-verizon/)

Here's one reason those regulated telecom companies may not be eager to see
reform happen:

"ATT, Verizon, Sprint Are Paid Cash By NSA For Your Private Communications"
[http://www.forbes.com/sites/robertlenzner/2013/09/23/attveri...](http://www.forbes.com/sites/robertlenzner/2013/09/23/attverizonsprint-
are-paid-cash-by-nsa-for-your-private-communications/)

[1] AT&T/VZ/Comcast rolled Google/eBay/etc. on Net neutrality in Congress.
Twice. Silicon Valley-backed NN bills were defeated in both the House and the
Senate. And heck, Silicon Valley can't even get a permanent R&D tax credit
passed. They've been trying forever to get a ECPA reform passed (this has
failed). DMCA reform? Over a decade, nothing. They should be heavyweights or
superheavyweights but they're bantamweights instead.

~~~
throwawaykf05
Given that the NSA was going to get data from the telcos in any case, you'd
rather they got it _for free_? If there is some sort of behavior you want to
discourage somebody from engaging in, the simplest way of doing so is to make
them pay for it. Even nominal fees can be a significant deterrent (this is why
ads and eyeballs are the currency of the web). Without this monetary friction,
there would doubtless have been even more rampant data collection.

Additionally, the link you provided itself says that the money the telcos got
from that is a small fraction of their total revenues, so I am not sure how
compelling a reason that would be to oppose reform.

~~~
declan
That's why I said "one reason."

------
themartorana
Money. Not altruism or moral compass or even customer demands.

But lost foreign dollars is the wrong argument, right? Restricting the NSA
from bulk collecting US citizen data has nothing to do with their legal rights
to do the same to non-citizens.

I'd venture to guess that the NSA cares very little how Brazil builds a trans-
Atlantic line, they'll still secretly tap it.

And a big HA! for Verizon being sad about the NSA collection while they're
unabashedly MITM-ing 100% of its wireless customers.

~~~
fpgeek
Of course money. You make the argument that your audience is most likely to
hear. And between lobbying and campaign contributions, jobs for their
constituents, lost tax revenue and so on... money is the argument Congress is
most likely to hear.

~~~
PavlovsCat
If Microsoft cares about privacy, when will they change Skype back to the
encrypted peer-to-peer architecture it had before they bought it? If Facebook
cares about privacy, why is their signup page not just a redirect to diaspora,
friendica etc.? And why can't google split stuff up into subdomains, even if
that'd mean no precious _.google cookies? Okay, the last two are a bit silly,
but I just don 't feel like looking up and rattling down all those laundry
lists of the ways of how they shit all over privacy again and again, just to
eek half a percentage point out of something somewhere, in the name of
functionality and convenience as if there aren't lots of more promising and
unexplored avenues to improve those.

Of course, none of these companies are monoliths, and I don't doubt that there
are people in them that genuinely care. But on the whole, you are _really*
saying that the companies care about privacy, but just _pretend_ it's about
money because Congress is more interested in money than they are? I doubt
that, mildly put.

~~~
throwawaykf05
_> If Microsoft cares about privacy, when will they change Skype back to the
encrypted peer-to-peer architecture it had before they bought it?_

A bit off-topic, but Skype's actual voice traffic is still primarily P2P. You
can verify this yourself using basic network analyzer tools (I used nettop on
OSX) to check the destination address of packets. Multiple times over the last
couple of years (after they allegedly moved away from P2P) I verified that a
voice call between Skype instances on Mac and on Windows was direct between my
network and my peer's IP address.

I did _not_ check if IM traffic is P2P. And it certainly connects to a lot of
other remote addresses by default, which I'm guessing is for call-setup via
their servers.

~~~
PavlovsCat
I may have been wrong about it, but I disagree it's off-topic. Lip service is
one thing, pressuring other parties to give up _their_ snooping is one thing,
actually being committed and simply deleting or encrypting as much as they can
so the question doesn't even arise, or even considering and talking about the
trade-offs required to do so, that would be quite another. So it's all mostly
window dressing to me. I believe that they care about their profits, but
that's about it.

These corporations actually _could_ afford to find out stuff about their
markets by asking people who volunteer, by super traditional means that have
been used for decades before the internet. They don't _really_ need your
complete life history, they just need a good rough idea, and then be honest
engineers and programmers that make the best products they can make.

This "we need to internally probe you to improve customer service" stuff to a
large degree is marketing run amok, not really something that is impossible to
do without unless you don't subscribe to "the best product wins", which
everybody loves to pay lip service to but then tries their best to circumvent.

------
lylebarrere
I'd be interested to see if the tech companies could push out something to
their users to help educate them. Something similar to the news feed
notification Facebook pushed out asking for donations to fight Ebola.

The real resource these companies have to use is the attention of their users,
not money.

~~~
applesand
> push out something to their users to help educate them

That is not going to happen b/c it would draw the users' attention to the
problem of mass surveillance being conducted (be that explicitly or
implicitly) by tech giants for the gov't.

------
CyberDildonics
So with all these companies' support what I don't understand is why an IP
standard is not being worked on that demands asymmetric encryption. I envision
an ideal future where the IP layer is encrypted, possibly with multiple
algorithms, the http layer is encrypted separately, and the javascript message
passing layer is encrypted still separately from that.

We already know that encryption works mathematically, but human factors get in
the way. No one should ever be able to snoop on someone's traffic content in
this day and age.

~~~
final
Because the "support" is just a PR move.

------
DanielBMarkham
"Senator Saxby Chambliss of Georgia, the top Republican on the Senate’s
intelligence committee, has said there’s no urgent need to pass the bill. The
law authorizing the NSA to collect bulk phone records expires on June 1,
meaning the new Congress can wait until then to pass legislation, Chambliss
told the U.S. Chamber of Commerce in October."

So this is a public discussion and debate that the country is going to have
any way between now and next Fall.

The question then becomes "Why this news article right now?"

Looks a bit like political posturing. If your party is on the way out, you can
pretty much propose anything you'd like. Nobody is going to vote it trough, so
you get credit for taking a position that you'll never have to live through or
defend. It's a win.

Don't get me wrong: I'm all for limiting NSA. I'd just like it to really
happen, instead of reading 100 articles like this over the next ten years
while nothing ever changes, which is the way this seems to be playing out.

For whatever reason, the establishment, that is, both parties, seem to have
secretly decided that it's perfectly okay to have the government sifting
through all of our personal lives. I like seeing this lobby group make an
economic argument to the Republicans: this is killing our tech sector. I like
seeing folks in both parties make a freedom argument: this is the not values
our country was constructed on. I even like my personal argument from
pragmatism: our country cannot keep operating in such a manner. But all of
these arguments seem to just bounce off a stone wall. I hear all kinds of
people talking, I see speeches made and bills sponsored that will never see
the light of day. I see bills that have a chance of passage that look like
they hamstring the government but in fact just allow it to keep doing what
it's doing. The only thing I'm not seeing is any real movement here. I'm
hoping that will change.

------
lwh
Maybe Facebook should stop trying to bug the entire web if they care about
spying so much.

------
trvz
The only people winning here are the ones who studied law, and now are
lawyers, lobbyists and politicians…

------
001sky
This article has an an absurd premise.

A Democrat controls the NSA (POTUS).

They don't need to lobby anyone in congress.

~~~
EdSharkey
I don't understand. President Obama seems to be a great friend to the NSA, and
I understand the NSA has greatly expanded powers under his administration.
President Obama threatened openly in a press conference to punish
whistleblowers after the Snowden fiasco blew up.

Why should we put any faith in President Obama and lobby him to do the right
thing now? The opacity, doublespeak and contempt shown to the people by this
administration ranks it at the bottom in my book.

~~~
001sky
Nothing congress is going to pass will become law without POTUS signature.

The premise of this article is>>> that OBAMA will sign {#INSERT_LAW_HERE}.

So why not just sign an (new) executive order? eg.

 _NSA 's mission, as set forth in Executive Order 12333, is to collect
information that constitutes "foreign intelligence or counterintelligence"
while not "acquiring information concerning the domestic activities of United
States persons". NSA has declared that it relies on the FBI to collect
information on foreign intelligence activities within the borders of the
United States, while confining its own activities within the United States to
the embassies and missions of foreign nations_

[http://www.washingtonpost.com/opinions/meet-executive-
order-...](http://www.washingtonpost.com/opinions/meet-executive-
order-12333-the-reagan-rule-that-lets-the-nsa-spy-on-
americans/2014/07/18/93d2ac22-0b93-11e4-b8e5-d0de80767fc2_story.html)

~~~
tptacek
You should probably re-read the US Constitution. It's not really very long.

And, once again: the problem with Executive Orders as a solution to
overreaching surveillance is that _they are not binding_. This administration,
and every other one, can revoke them on a whim. The same thing is not true of
an actual law.

