
US intelligence mining data from 9 US Internet companies in broad secret program - donohoe
http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html
======
kevinalexbrown
I've lived under surveillance before, so I feel my perspective might be
somewhat appropriate. I won't comment on the specifics (uninteresting and
irrelevant, had to do with where I was living). I won't even make a statement
about whether it's justified in my case or in general. I'd just ask everyone
here to do one thing:

Watch this, then ask yourself how you feel (if it doesn't go directly to 6:40,
fastforward to it, then watch for 30 seconds):

[https://www.youtube.com/watch?v=QwiUVUJmGjs&feature=yout...](https://www.youtube.com/watch?v=QwiUVUJmGjs&feature=youtu.be&t=6m40s)

I understand about various interpretations of "collect", "intercept",
"analyze", etc. Just watch the video, and ask yourself how you feel. Please
know that I'm not telling you how to feel, just providing a small snippet of a
conversation. Why do you feel that way, and what does _that feeling_ say about
you, or your society?

Originally found in a comment: <https://news.ycombinator.com/item?id=5835025>

~~~
samstave
At a very minimum - this guy needs to be tried for perjury and removed from
his post.

And millions of americans should sign a petition to have this happen.

~~~
ihsw
If you're referring to online petitions then you needn't waste your time,
there are already petitions to make sure this never happens.

It's called US Senate elections[1].

[1]
[http://en.wikipedia.org/wiki/United_States_Senate_elections,...](http://en.wikipedia.org/wiki/United_States_Senate_elections,_2014)

That bullshit called the Presidential elections? It's a dog and pony show.

~~~
cinquemb
There's a famous quote somewhere about where political power really comes
from… I look to history (and present day actions) and it seems like a fitting
solution to meaningful representation. Then again, years later we could be
right back where we started…

Hint: The last bit I left out rhymes with "carol of the sun" ;)

~~~
PavlovsCat
I don't know what quote you are referring to, but here is my favourite one.

 _"You don’t know what order with freedom means! You only know what revolt
against oppression is! You don’t know that the rod, discipline, violence, the
state and government can only be sustained because of you and because of your
lack of socially creative powers that develop order within liberty!"_ \---
Gustav Landauer

It humbles me every time I read it, because to resist or to rebel against
existing things is easy, at least for me.. but to actually put thought and
effort into things "building a better world" in a sustainable and organized
way, to be creative in co-operation and compromising with others, to get out
of all these comfort zones, etc. It's a lifetime effort, and none of us will
see all the fruits of it, or ever be sure the fruit won't be snatched up, so
the default is to not even try, except a little bit here and there. It's like
living hand to mouth, but in a political sense. It's all just reaction, and
that sucks.

~~~
cinquemb
I don't think it is an easy thing to rebel in effective means… We americans
like to cite the revolutionary war but forgetting that less than 1% of the
population did any fighting [0], and even then there was massive outside
nation state influence (ex: France.) Kinda similar to whats going on in syria
now [1]… and other places in the past and present.

But I do agree with the literation of it being like living hand to mouth, but
I think it goes far beyond being a political sense. Mortgages, paychecks, car
loans, insurance, student loans, dead end jobs, that gadget we just have to
have, endless media d̶i̶s̶t̶r̶a̶c̶t̶i̶o̶n̶s̶ entertainment, the food we eat…
when do we, as a society (people from all backgrounds, sadly not all of us are
invited to BBG 2013 and Google Zeitgeist in Watford) really give ourselves the
time to think or push the boundaries outside current constructs to forge
something transcendent?

[0]: <https://www.youtube.com/watch?v=3EiSymRrKI4>

[1]: [http://www.cfr.org/qatar/tiny-qatars-big-plans-may-change-
mi...](http://www.cfr.org/qatar/tiny-qatars-big-plans-may-change-
mideast/p26143)

------
donohoe

      The National Security Agency and the FBI
      are tapping directly into the central servers
    

and then they're

    
    
      extracting audio, video, photographs, e-mails, 
      documents and connection logs
    

from...

    
    
      Microsoft, Yahoo, Google, Facebook, PalTalk,
      AOL, Skype, YouTube, Apple.
    

and it gets better

    
    
      Dropbox, the cloud storage and synchronization
      service, is described as “coming soon.”

~~~
ryguytilidie
How does this stuff work? Would someone at the NSA contact dropbox and ask
them to build in a backdoor or are they just able to access whatever the fuck
they want and simply do?

~~~
runjake
It's described for a couple of the cooperating corporations in the article.

For example, for Facebook, the analyst goes to a special webpage/site at
Facebook, then they simply clicks through a "Yep, this person is a terrorist"
EULA and they have full access to Facebook's database (eg. full access to user
content). I bet they rejoiced when Facebook Graph opened shop.

~~~
wmf
Move fast and break the Constitution.

~~~
gnaritas
How is Facebook sharing _their_ database with the government _breaking_ the
constitution?

~~~
nitrogen
It may be _their_ database, but it's _our_ lives.

~~~
a3_nm
People can put their lives on Facebook's database, it's still Facebook's
database. The problem is not that Facebook is sharing this information, it is
that people are sharing it with Facebook.

~~~
nitrogen
I'm aware of the distinction, but the average person out there doesn't think
of themselves as sharing with Facebook the company, they think they are
sharing with their friends.

~~~
gnaritas
The law doesn't care what the average person thinks nor does reality. It's the
persons responsibility to maintain his own privacy by not posting private
information on a public website. If you post something on the Internet, it's
going to get out there; people should know this by now and if they don't it's
their own damn fault.

~~~
nitrogen
According to this comment by a self-proclaimed lawyer (in training?), the law
_does_ care what the average person thinks:

[https://news.ycombinator.com/item?id=5833747](https://news.ycombinator.com/item?id=5833747)

If people don't know something by now it's equally the fault of the services
they use for not educating them about the real implications of what they do
online.

~~~
gnaritas
> the law does care what the average person thinks

In regards to battery; please do stop now, you've resorted to using nonsense
as argument.

------
stfu
What really saddens me is that this confirms all the conspiracy rumors.

Wasn't it always just a rumor going around that the U.S. Government "made"
Microsoft buy Skype for spying purposes?

Well: "10 May 2011, Microsoft Corporation acquired Skype Communications"

and on 2/6/11 Skype was added to the US spy program [1]

They were so eager to spy on Skype users that they implemented that "feature"
even before the deal was officially done. Considering that Skype had been
around since 2003 the events don't appear very accidental.

Wouldn't surprise to find out one day that the Skype acquisition was
indirectly tax-payer funded.

[1] [http://www.washingtonpost.com/wp-
srv/special/politics/prism-...](http://www.washingtonpost.com/wp-
srv/special/politics/prism-collection-documents/images/prism-slide-5.jpg)

~~~
kps
Not to detract from the concerns surrounding this program, or to defend
Microsoft, but from the dates for Google, YouTube, and AOL one can see that
Skype joined on February 6, not June 2.

~~~
stfu
It seems reasonable to suspect that for matters of urgency the transition
process might have started earlier than the actual acquisition was publicly
announced. Plus I am not quite sure if the dates on the slide indicate the
starting or finishing date of the implementation process.

------
_pius
I'm just going to leave these here:

<https://www.cdt.org/content/donate>

<https://supporters.eff.org/donate>

~~~
ISL
<https://cloud.torproject.org/>

<https://www.torproject.org/>

<https://en.wikipedia.org/wiki/Pretty_Good_Privacy>

etc.

~~~
andre
Haven't used Nitro myself, worth exploring:

Nitro is a library for painlessly writing scalable, fast, and secure message-
passing network applications

<http://gonitro.io/>

------
nostromo
I'm saddened to see Dropbox on the list. Did they choose to participate or is
it mandatory?

In any case, we've moved several projects to BTSync recently from Dropbox (for
no other reason than to free up space on Dropbox for our personal files) and
have been enjoying the service.

As a p2p encrypted protocol, I imagine it's much more difficult to eavesdrop
on your files and would actually require a warrant to obtain.

I presume that's true for AeroFS as well.

~~~
guelo
Is there an open source dropbox-style app that I can install on my own server?

~~~
pavs
Yes, Owncloud. Easy to install:

[http://www.slashgeek.net/2013/05/16/host-your-own-dropbox-
li...](http://www.slashgeek.net/2013/05/16/host-your-own-dropbox-like-cloud-
backup-service-under-5-minutes/)

------
mtgx
This is why've were trying to make it legal lately. They were already doing
it. The same thing happened with the Patriot Act.

It seems FBI/NSA "test-drive" a new _illegal_ spying program first, and then
lobby Congress to pass a law to make it legal (regardless of its
constitutionality, as we've seen so far).

I bet they would've wanted _retroactive immunity_ , too, in these new laws.
Also, let's see how those supporters of FISA, like Dianne Feinstein, try to
spin this one as "they already knew about it" (which makes it that much worse)
and that it's nothing new.

Also let me see them say with a straight face that this is constitutional and
doesn't violate the 4th Amendment. But seeing how cynical these people have
become, I don't think it would be too hard for them to do it.

~~~
samstave
NSA: "Look, I know that this was illegal, and we were not supposed to be doing
this, but you have just got to look at the data. Just look at all the crazy
terrorists out there. They've been organizing over FB, keeping their data on
Dropbox and Drive and talking over skype. Here's our proof! You MUST make this
activity legal... the FREEDOM of the US depends on it!!"

Congress: "ok"

\---

But we are not fooling anyone. There is not a single worthy human being in
congress. Every single last one of them is a corporate shill and they are all
opportunistic criminals.

------
fosap
Yes, this is bad. Yes, you are right to be upset. Yes you (not not really me,
I'm not American and i avoid american hosting and hosting companies like
amazon for exactly this reason) should change that.

But honestly, are you surprised? Are you really?

Government agencies have be building large datacenters, the EU loves data
retention. There was no tin foil head required to see this.

~~~
b6
When people wanted to talk about this kind of massive wiretapping program
years ago, they were called paranoid nutcases. Now that the truth is coming
out, people who want to talk about it are called out for belaboring the
obvious.

I see this "are you so naive as to be surprised?" reaction in almost every
thread about this. It's some kind of defense mechanism.

~~~
fosap
>I see this "are you so naive as to be surprised?" reaction in almost every
thread about this. It's some kind of defense mechanism.

That's why I'm saying you are right to be upset.

I like the saying "being paranoid does not mean they are not after you". And
being paranoid turned out to be realistic.

~~~
bdamm
Well then try this on for size. Getting data through requesting it is only one
way to get data. Another way to get data is to hack into the source. Consider
that a number of governments, including the US, have active hacking teams.
What are they hacking in to, exactly? I leave that up to you for speculation.

------
EthanHeilman
At least we know beyond a shadow of a doubt that Skype has a backdoor now. Not
really surprising although they did have some security people analyze the
protocol and state that it was e2e secure.

FTA: "According to a separate “User’s Guide for PRISM Skype Collection,” that
service can be monitored for audio when one end of the call is a conventional
telephone and for any combination of “audio, video, chat, and file transfers”
when Skype users connect by computer alone. Google’s offerings include Gmail,
voice and video chat, Google Drive files, photo libraries, and live
surveillance of search terms."

~~~
olympus
I'm not sure when the security people you are talking about did their audit,
but when Microsoft bought Skype a few years ago they changed it from P2P
communications to routing everything through a central server. After that it
would be child's play to put in a backdoor.

~~~
dsl
Microsoft now runs the supernodes instead of them being random high bandwidth
Skype users. Your computer uses a supernode to find the address of the user
you want to reach, but you still connect directly to that user to communicate.
People misunderstood this change to mean that call traffic traversed Microsoft
servers.

That said, it has been shown that at the minimum China has keys to decrypt
peer to peer communications, likey the NSA does as well. The NSA doesn't need
Microsoft to route call traffic via their servers, because they already have
taps at all the major exchange points.

~~~
nitrogen
How does Skype's key exchange work? If the supernode hands out an address for
a server that intercepts the call, would the Skype client still accept it and
connect?

~~~
dsl
The protocol itself is highly obfuscated, but from my understanding of what
has been published it works something like this: (lots of disclaimers here
that nobody outside of Microsoft/Skype really knows for sure)

When logging in an RSA public/private key pair is generated and the public key
is sent up to the server. The username to public key mapping is seeded to
supernodes and inserted into the global address book.

A calling party looks up the username on a supernode and receives the public
key of the answerer as well as some magic to help them establish a direct
connection even if both are behind NAT.

The caller generates a single use AES256 key for the session, encrypts it N
times where N is the number of other parties on the call plus a number of
built-in "observer" certificates. These encrypted keys are all sent over the
wire to the other parties, whom are each able to decrypt 1 of the N encrypted
payloads.

Each party encrypts traffic to the others using the session specific AES key.

If you are a government agency with a private key that matches one of the
observer public keys (Russia, China, and India have openly claimed to have
these), and you are able to record the setup for the call, you are effectively
another party in the group chat and have access to the session key.

~~~
EthanHeilman
Can you provide a source for the statement:

>If you are a government agency with a private key that matches one of the
observer public keys (Russia, China, and India have openly claimed to have
these

I am not calling bullshit, I just want to know more.

------
ry0ohki
What sort of threats does the NSA give to these companies so they participated
without any leaks? Just curious what the penalty would be if the NSA
approached me about sucking down my user data and I refused.

~~~
olympus
They hand out these: <http://en.wikipedia.org/wiki/National_security_letter>

You're not even supposed to reveal that you are complying (gag order). Google
has been in the news recently about fighting one in court.

~~~
rsync
We have been fighting this US policy since 2006:

<http://www.rsync.net/resources/notices/canary.txt>

~~~
mratzloff
_"Although signing the declaration makes it impossible for a third party to
produce arbitrary declarations, it does not prevent them from using force to
coerce rsync.net to produce false declarations."_

That's kind of the point. They say, "Keep sending those updates. Otherwise you
will go to federal prison." You say, "OK."

------
Zoepfli
I just emailed Tim Cook that imho iCloud is dead.

He is welcome to add options to use my own cloud storage while using
clientside encryption, and I might reconsider.

You're welcome to send him your opinion as well. It's tcook@youknowntherest.

~~~
MichaelGG
Be serious. This is Apple. How on earth does clientside encryption fit into
easy-to-use? Lost your password? Lost your files. That's entirely against the
scenario Apple wants to sell.

Clientside crypto will only possibly be mass-adopted when there's some easy
system for common folks to store their keys.

~~~
Zoepfli
I'm not asking for exclusive client-side encryption. I'm asking to have it as
an option. Which is a totally legit wish.

If the common forgetful folks like to trade ease-of-use with being spied upon,
I'm fine with that.

But me, I'm not willing to do that trade-off.

------
natrius
Note that this is a separate story from today's furor about the NSA obtaining
American phone call metadata.

~~~
ISL
Publication today may have been stimulated by yesterday's news.

------
stfu
Would be time for a call on VCs and Incubators that a sustainable future for
the web would mean fostering startups that rise the convenience of privacy
tools.

------
danso
This is fucking atrocious. How much money do we allocate to national security
in a year and this is the kind of amateurish PowerPoint slide their analysts
come up with?

[http://www.washingtonpost.com/wp-
srv/special/politics/prism-...](http://www.washingtonpost.com/wp-
srv/special/politics/prism-collection-documents/)

I wonder which cub analyst got the job of putting together a collage of logos
for that final slide?

------
pavs
Time to self host everything. Paranoia just became reality.

<http://www.slashgeek.net/2013/02/17/self-host-everything/>

------
frisco
I think it's interesting to ask why these programs are so widely hated.

These are national security assets: evidence gathered here will never be used
in a drug case, or a tax evasion case. Why not? These tools exist for the
bigger fish: the dozens of Soviet-era nuclear weapons believed to be missing,
or the small amounts of dangerous pathogens that periodically vanish from
research labs. These are what the government is worried about, and they're not
going to risk revealing their methods for something lesser.

Warren Buffet has predicted a major nuclear terrorist attack on an American
city to be a "virtual certainty" given enough time.

Ok, but no one here is going to argue that stopping _terrorism_ is bad: the
problem is in how we define terrorism. What happens when the definition
becomes progressively wider? What counts as "terrorism" is political, after
all.

It's important to remember that we still have a functioning democracy. If you
-- Hacker News reader -- decided to run for congress tomorrow, you might not
win, but you won't be killed, sabotaged, or secretly blocked. While some
individual politicans may be corrupt, the system broadly is not. These
programs are enforcement mechanisms; the laws themselves are still made by the
people, and maybe corporations. While we as a population may argue about
social issues like gay marriage and abortion, our government is not fascist.

Further, I take these programs as a great example that security is much harder
to create than it is to destroy. Extreme efforts such as these may still be
insufficient to prevent New York from being destroyed by terrorists. In that
case, the acts of a few crazy people still overcame a monumental effort by the
entire intelligence apparatus. What does that say about the time Hacker News
is so afraid of, when it's more than only a few crazy people that the
government is "worried about"?

Should these programs exist? I don't know. I'm as worried as anyone about the
scope creep. I'm willing to accept a level of inherent danger with living in a
free society. However, do not forget that we can't see NSA success stories. I
might be willing to accept a risk of periodic car bombs, which while tragic
are not statistically significant; however, if PRISM is actually effective at
tracing and intercepting Soviet nuclear weapons, I can see multiple sides of
this issue.

We have rights to privacy and protection from unreasonable search and seizure.
Those rights were created to prevent unfair loss of life, liberty, and
property. These programs, hidden in the background, don't inconvenience you,
or lead to loss of freedom or property. Is privacy good? Of course. But the
incentives the intelligence apparatus have to not use any data collected here
against anyone for reasons less than "real" terrorism are strong enough, that
I think it's not open-and-shut.

~~~
Afforess
The loss of privacy is massive in comparison to the lives lost to terrorism.
More people die each year due to car accidents than have lost their lives to
all terrorist attacks on US Soil. If the information that is being gathered is
about safety, then why isn't the government isn't creating a massive program
to strictly monitor highway speeds, traffic roadways, and increase traffic
safety then?

Answer: The information gathering has nothing to do with safety. It has
everything to do with power.

 _Beware of he who would deny you access to information, for in his heart he
dreams himself your master._

~~~
md224
Here's a Devil's Advocate position (not necessarily my personal beliefs, so
please don't downvote based on disagreement. Just rip it to shreds instead!):

The fear of losing privacy to the government is based on the fear that this
increased surveillance will be used by the government to smother dissent. This
is a valid fear, but has the government yet used surveillance to smother
dissent? If you can find a solid example of this, I'd like to see one (and for
all I know, there could be many, I'm genuinely interested).

Until the government has been caught using surveillance to stifle dissent, it
seems like increased surveillance only serves to reduce crime. Of course,
there are illegal things that, in my opinion, should be legal, but this is a
reason to petition the government for change, not break the law... perhaps a
reduced ability to break pointless laws would galvanize the population into
large-scale activism?

Fear of government surveillance is entirely fear of smothered dissent. We must
make sure our fears of the latter are logically sound before we fear the
former.

EDIT: Because I love arguing with myself, I'll point out that it's possible
some wrongly illegal activities may be embarrassing for some individuals, and
they would be hesitant to openly campaign for them. It still feels weird to
argue for privacy on the grounds that people have a right to get away with
certain things, hmm...

EDIT 2: 15 minutes and already COINTELPRO negated the argument. Good counter,
thanks.

EDIT 3: Really appreciate that I seem to have gotten at least one upvote. I
get really dismayed when politely-expressed unpopular opinions are downvoted,
because I feel the best way to move the dialogue forward is to engage with
opposing views, not hide them (even if your level of engagement is
comprehensive refutation, that's still useful).

~~~
adventured
By the time they're using these extreme powers to smother dissent, you're
fucked. It's game over and your ability to speak out using the first amendment
is non-existent.

The very reason why these things should never be allowed, is because the
absolute protection of freedom of speech is ultimately the last safeguard
against tyranny (before you get to violence anyway).

Why let the guy into my house with a gun and roll the dice on whether he
intends to at some point do me harm? That's crazy. We've seen enough really
malevolent politicians assume power all over the world and domestically, to
know better than to take such chances. History is littered with endless
examples, it's at best naive to think America can't suffer the same types of
fate.

~~~
irishloop
>By the time they're using these extreme powers to smother dissent, you're
fucked. It's game over and your ability to speak out using the first amendment
is non-existent.

This is how revolutions are started. There's no "game over." A population
always has the option to rise up against their brutal regime. Especially in a
place like the United States, where individual freedoms are highly prized and
there is a rather large contingent of heavily armed and often angry
population.

~~~
akiselev
Revolutions are much easier in homogeneous populations than they are in
ethnically diverse ones.

I fear that if there is a violent revolution in a society as socioeconomically
and ethnically diverse as the United States it would result in a civil war. I
have no idea how that would play out in a country as developed as the United
States but I don't think it would be pretty.

------
shmerl
In addition they simply suck all traffic from major providers. Like this:
<https://en.wikipedia.org/wiki/Room_641A>

------
anon808
Sounds like some one (or many) are blowing whistles. A lot of documents
leaking.

~~~
AJ007
Some people are going to prison for a long time.

~~~
ISL
Fortunately, the government that would put them into prison is _our_
government. If we don't want them to go to jail, it's up to us to ensure that
their rights are upheld.

------
runjake
An important thing to know here is how compartmentalization works.

On one hand, it's to help limit classified information to those with a need-
to-know.

On the other hand, it's used to mislead oversight and limit the visible scope
of an overall goal.

So while it may be technically true that PRISM is only doing x, there may be a
separate compartment (called, say FROGBUTT or whatever) that performs the
sister role of y in support of PRISM.

This is how intelligence agencies hide and mislead the public. They say "Yeah,
we do have a program called FROGBUTT that collects call metadata, but we don't
collect personal information or examine the contents of a call." What they
_don't_ mention is that they have another companion program called LIZARDDICK
that _does_ collect that accompanying personal information, and they have yet
another program called COWBONG that collects the contents of calls.

This is how this work. Plausible deniability, onion layers, confusion. Combine
this with the fact they periodically change compartment program names, and it
gets exponential.

See also: RAGTIME, THINTHREAD, STELLAR WIND, TRAILBLAZER, etc

------
olympus
Edit: Just saw the portion markings (the stuff on the slides that says their
classification level), and I'm going to change my judgement to "this was
pretty classified." And whoever released these slides to the public is going
to jail for violating the NDA they signed. Jail for quite a few years for
knowingly revealing TS information. I'll leave my previous comment below so
you won't think I erased anything.

My problem is how they portray this. Direct from the article:

"The highly classified program, code-named PRISM, "

and also:

"The technology companies, which participate knowingly in PRISM operations,
include most of the dominant global players of Silicon Valley."

If you have numerous (non-government contractor type) companies knowingly
participating in the program, then it isn't "highly classified." And if you
thought that your communications were private then you were fooling yourself.
Even Tor, the darling of the EFF, was initially developed by the Navy. It's
very tough for people to communicate electronically these days without the
government being able to listen in.

~~~
AnthonyMouse
>Even Tor, the darling of the EFF, was initially developed by the Navy.

Tor is open source. Are you suggesting there is some secret backdoor inserted
by the Navy which is not apparent in the public code?

~~~
olympus
No, I was suggesting that the government has touched things that many people
don't realize. There might not be an explicit backdoor in the code, but it's
quite possible there is a vulnerability that the government can exploit. I'm
not saying that there is, but if there was it wouldn't be publicized and
they'd be milking it for all it was worth before someone else discovers the
hole and fixes it.

------
mtgx
> "In 2008, Congress gave the Justice Department authority to for a secret
> order from the Foreign Surveillance Intelligence Court to compel a reluctant
> company “to comply.”"

One more reason FISA is one sick, disgusting piece of legislation, and it was
just extended to 2017, last year - yet too many were dormant when all of it
was going down.

~~~
dragonwriter
> One more reason FISA is one sick, disgusting piece of legislation, and it
> was just extended to 2017, last year.

I think you are confusing the nature of FISA -- a piece of legislation
designed to constrain excessive executive domestic surveillance passed in the
wake of widespread and highly politicized abuses by the Nixon Administration
-- and recent _amendments_ to FISA to expand the scope of allowed surveillance
that were passed under the justification of the necessities of the "War on
Terror".

------
jonknee
The odds are very high that users on HN have helped implement these systems.
The more we know about how it works and what can be done to stay secure would
be of upmost interest...

------
bhauer
Can I cut out the middle-man and just use the NSA as my cloud provider?

~~~
molesy
Don't worry - you already are.

~~~
bhauer
And when I have a customer service complaint, I can reach them at their e-mail
address: _anything_

------
plg
I can't help think that if this were the 1970s and we were talking about the
post office and phone company automatically forwarding copies of all
communications to the us gov't, there would be riots in the streets. Oh how
things have changed.

~~~
Zigurd
When it was the 1970's and physical mail was opened, the Church Committee
revealed illegal and untoward practices and prescribed reforms.

------
andre
Dropbox.... “coming soon.” Time to look at Bittorrent Sync again?

Or other open source alternatives?

~~~
jlmendezbonini
"Is BitTorrent Sync open-source? BitTorrent Sync isn't open source software,
and no announcements have been made to indicate that this will likely
change."[1]

[1][http://forum.bittorrent.com/topic/17782-bittorrent-sync-
faq-...](http://forum.bittorrent.com/topic/17782-bittorrent-sync-faq-
unofficial/)

~~~
andre
I know they are not open source currently, but for now they are not on the
list.

It would be awesome if they did open source it, or at least allow for third
party (EFF?) review of source.

------
gridmaths
How about some kind of non-violent mass protest, it worked for sopa? A million
geeks have quite a lot of power, if its focused at one point in time.

What would be the most effective form of protest?

Examples :

Everyone call random phone number on their mobile phones at exactly the same
time "Hi, Im your friendly geek, just wanted you to know this conversation is
being monitored"

Everyone use TOR for one week.

Everyone tweet "You are being spied on by the US government" at the same time
?

Basically the protest needs to drive home the massive swell of opposition on
the issue - so that both sides of the house see it as a political survival
necessity to reduce state sponsored surveillance.

~~~
Myrmornis
How about creating a website which allows us all to find a pen-friend in Iran,
Gaza, Yemen, Afghanistan or wherever, and we send regular (e.g. weekly)
communications to that person. It would be a good thing to do anyway.

------
brown9-2
Very interesting that the NSA's own material refers to Facebook's
"surveillance" features:

 _With a few clicks and an affirmation that the subject is believed to be
engaged in terrorism, espionage or nuclear proliferation, an analyst obtains
full access to Facebook’s “extensive search and surveillance capabilities
against the variety of online social networking services.”_

------
klon
Any data shared with hosted services really needs to be seen as postcards ie
open for any agency to read.

------
marcamillion
So...I am going to just go on the record and say it.

I was an Obama supporter - both times.

But this crap....is definitely impeachable.

He blatantly made it sound nice, that we wouldn't sacrifice liberty for
security and all this stuff.

But then all of these revelations - are you kidding me.

Someone has to pay - or many have to pay.

This is disgusting man.

------
manish_gill
Question to the more experienced hackers here:

Would such a massive undertaking be possible without the knowledge of the
regular developers working at these companies? Some big names on that list,
like Facebook (and I think Dropbox was 'coming soon'). If developers at these
companies knew about these measures, I'm really skeptical in believing that it
took an intelligence officer to expose this story. Chances would be much
higher of devs at these companies (chances being good that some of them are
the reddit/HN libertarian types) would have exposed this long ago.

Is such an operation feasible without the knowledge of hundreds of
Google/facebook/other engineers?

~~~
andrewmccall
I had the same question and it leads me to believe the companies saying they
had no idea. Someone at Google/MS/Facebook would almost surely notice those
extra servers over there, all that extra network traffic going somewhere, or
those cables that seem to go into a locked closet.

I think it's far more likely this is built off the back of the data they're
already known to be sucking down via major exchanges.

A national security letter for the TLS certs and you can take what you want,
when you want off straight from the stream of packets.

------
ISL
Note link at the bottom to the powerpoint slides in question:

[http://www.washingtonpost.com/wp-
srv/special/politics/prism-...](http://www.washingtonpost.com/wp-
srv/special/politics/prism-collection-documents/)

~~~
o0-0o
That link looks more like a security classification to me.

~~~
cynwoody
Top secret, special intelligence, originator-controlled, no foreigners.

A somewhat redacted, 158-page manual describing how to code these markings:

<http://www.fas.org/sgp/othergov/intel/capco_imp.pdf>

A cheat sheet from 2008, by Julian Assange:

<http://www.fas.org/sgp/othergov/intel/capco_imp.pdf>

------
tn13
It appears that both Democrats and Republicans have got their hands dirty in
widening the police state that America is becoming day by day.

From a higher perspective I assume this is just a symptom of what is wrong
with the country.

------
quackerhacker
I am convicted hacker that got caught through the patriot act (which was to
catch terrorists)[0].

The biggest two lessons I learned from what I did was..1) if I can't tell
someone what I'm doing it's probably wrong (I was 19 when I hacked Google,
Etrade, and Schwab and thought it was ok)...and 2) if I have nothing to hide,
then I shouldn't care to use the internet.

All this is really is confirmation more than a discovery.

[0] <http://www.wired.com/threatlevel/2008/05/man-allegedly-b/>

~~~
greedo
The "I have nothing to hide" meme needs to die with a stake through the heart,
garlic wrapped around it's neck, and with a gallon of holy water poured over
it.

------
caycep
Looking at all the spiffy official "Top Secret" warnings on top of all the
slides, it seems that maybe this ties into previous WaPo stories about the
"top secret" spying mentality in the Mil-Ind-Complex since 9/11. The top
spooks tried to get an account of all the "top secret" programs and clearances
going on in all the intelligence/law enforcement agencies and found that there
were so many that were shielded away from oversight that it was impossible to
get an accounting of everything the government was up to.

------
prasanthabr
Well, what concerns me most here is this: The US Government is in a spot wrt
US citizens and US homeland, blanket surveillance on the rest of the world
seems fair game. Sure, the law would not protect the 'aliens'. Concerned
citizens should look at being aware of alternative tools that would minimize
possibility of the US Gov eavesdropping, inadvertently or otherwise. Perhaps a
system of opensource OSs, TOR logins and specially crafted logins, on pre-
identified low risk networks. thoughts?

------
juliancox
bomb fertilizer 9/11

As a Kiwi it saddens me that the US and (and to some extent) NZ are descending
into the style of government they proclaim to defend the world from.

If they are going to spy on their own citizens, why not protest by giving them
something to spy on and hopefully increase their work load to something
unmanageable.

I propose peppering every phone call, email comment etc with some choice
trigger words of the day Al Queda.

Perhaps some hacker could come up with a plugin to do it automatically for us?

C4 semtex

~~~
Myrmornis
Good idea. A similar plan would be that everyone starts a pen pal relationship
with someone in Iran, Afganistan, Yemen, Gaza or somewhere similarly likely to
attract attention and we send weekly emails and texts to them. If enough
people do that it could be an annoyance for the spies. It would also be a good
thing to do.

------
ANH
A depressing historical fact: The FISA Court that for the past decade has been
warped into a protective shield for these sorts of operations was established
in 1978 to _prevent_ this from happening again. See: Project SHAMROCK,
<http://en.wikipedia.org/wiki/Project_SHAMROCK>.

There was a time when those in the Intelligence Community had this lesson
burned into their brains.

------
surferbayarea
will be exciting to see how soon these servers become compromised and massive
amounts of private information leaked. I would give it a year tops!

~~~
syncerr
There's no upside to this happening. Governments will still collect data. Your
personal details, however, will be publicly available.

------
wslh
Is someone implementing an NSA honeypot? like talking about bombings and
terrorist attacks? I think is a good exercise to uncover this iniatives.

------
randall
Is there a way to run AeroFS on AWS or something? So it's possible to store
files encrypted, but with as simple syncing as Dropbox?

~~~
yurisagalov
Yes :-) <http://blog.aerofs.com/479/s3-for-team-server>

~~~
randall
I was going to ask you on FB, but then thought more people would probably care
here. :P

------
volandovengo
If you are interested in looking into this more, I highly recommend the
documentary which is coming out called terms and conditions may apply. It
explores how companies are giving this information to the govt willingly + it
is stated in their terms and conditions.

This is the trailer: <https://vimeo.com/57182041>

------
ziko
I have two questions for which I couldn't find the answer:

1 - Will these companies provide data from all users or only US citizens?

2 - Who has access to the data? Only people working on this program at US
intelligence or a wider set of people? For instance, can they look up my
emails, photos and so on if I am about to be interview for high profile
government job?

------
marcamillion
> _Dropbox, the cloud storage and synchronization service, is described as
> “coming soon.”_

WTF....I don't know why I am surprised by this - but if they get access to
Dropbox....wow.

I had let my guard down, but this is just crazy - that there would be nothing
I could do to stop it....save for not using Dropbox.

That's an annoying choice to make - but it's a relatively easy one.

------
jmh42
Does anyone know how much the Gov't agencies _pay_ for this data?

I'm guessing here, but it seems logical. There must be some kind of economic
benefit for Facebook, Google, AT&T, Verizon, etc. to save and provide this
data. Perhaps they even help organize it for the "requesting entities".

------
eightyone
I'm especially appalled to see Dropbox on this list. I'm in the process of
migrating to BitTorrent Sync.

------
_k
So if I'm using a US based hosting provider for my customers websites, their
data will be extracted ?

~~~
msrpotus
Probably slightly safer using a US hosting company. At least some civil rights
apply but I don't think there are any rules against the NSA spying on people
outside the US.

~~~
fosap
The story that the CIA sold cocaine is pretty much outside of the realm of
conspiracy theories. The idea that spying agencies care about laws is
ridiculous. Why should they? If they are doing their job right no one will
ever know.

------
danbruc
It would be so dead simple to do it right - just ask the people if they are
willing to accept a certain amount of surveillance for more safety or if they
are willing to take the additional risk but keep their privacy. And everybody
could live happily.

------
sneak
<https://news.ycombinator.com/item?id=4070671>

The short answer: You should have already presumed this was happening. Did you
really think they'd allow this opportunity to pass them up?

~~~
chris_mahan
I already presumed this was happening.

------
charlieok
Suddenly a phone conversation is looking like the _most_ private way to
communicate (short of self-hosting, encrypting, and being an all-around
crypto-anarchist). At least then it's apparently just the “metadata”.

------
bsaul
It's funny how people in the US hate government so much that they seem more
outraged by a national agency collecting meta-data for antiterrorism purpose,
than private company collecting content for ad targeting.

~~~
hga
In the previous century governments killed upwards of a quarter billion of
their own people; I'm unaware of any even vaguely comparable mass murders by
corporations.

~~~
bsaul
Well, don't know how many people the tobacco industry killed those recent
years, but that's got to be pretty big for someone who's not part of a war.

One may also argue that a dictatorship pretty much makes a state work like a
corporation : you don't have anything to say about the way the thing is run.

------
monkmartinez
Chilling: William Binney in Dec 2012
<http://www.youtube.com/watch?v=TuET0kpHoyM> … 20 to 30 trillion
communications "stored" #Prism #NSA

------
blantonl
_Dropbox coming soon?_

Dropbox better come out ASAP with a formal response to this. But honestly, it
might not even matter because if the NSA has targeted Dropbox, any betting man
would say that it is already part of the problem.

Ugh...

~~~
hga
If Dropbox is handed a National Security Letter (NSL), unless they want to go
to Federal prison their people have no choice but to lie about it.

Look at some of the discussions where these companies' carefully worded
denials are parsed, they aren't really denying it. E.g. "back doors" aren't an
issue when a NSL is used to come through the front door.

------
tantalor
It's not very fair to call this "mining." Mining has a specific meaning, and
implies you have general read access, which is not true in this case. They
actually have very narrow, operational read access.

------
w_t_payne
Well, I can confidently assume that the NSA has spied on me in the past, and I
know exactly what dirt they have on me. I am just waiting to see if / when /
how they use it.

------
conroe64
What bothers me is that Apple and Microsoft have both been cooperative. It's
not much of a leap to think that the NSA has a backdoor into Windows, MacOS,
and iOS now either.

------
Myrmornis
Are the Guardian and Washington Post going to explain why their "PRISM" slides
are different? (Guardian has no arrow head, and red rectangle behind logo in
upper right)

~~~
dragonwriter
Probably not; it suggests that they were separate leaks of different versions
of the same presentation.

------
joshe
Apple was pretty late (Oct 2012) and I wonder if Jobs was a hold up, it's a
full year after his death (Oct 2011). Google, sadly, came on board very early
(2009).

------
numbers
I'll leave this here: <https://news.ycombinator.com/item?id=3597347>

------
neilkelty
Hasn't this NSA stuff been pretty much public knowledge for years? Why are
people acting like they've been had all of a sudden?

------
joewee
People fail to understand PRISM, companies don't have to GIVE data, they can
give security keys which allow data to be intercepted.

------
mgpetkov
"They who can give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety." Benjamin Franklin

------
ywang0414
What's the big deal about this? If you have nothing to hide, then why worry
about the government looking into your data?

------
sweedy
you guys all knew about the surveillance sinse the eary 90´s, and i dont mean
all the non tech guys, i mean you.It was all about the foreigners, so you dont
care. Echelon was all about the non-american, so nobody cares at all. My
sympathy now for you is so close to zero, like same sympathy you have shown in
the past

------
chrismarlow9
Next obvious step here is precrime or a massive attack on the US (civilians or
troops) due to a leak of the data.

------
ANH
According to the timeline in the presentation, Apple was the last to cave. It
happened after Steve Jobs' died.

------
ANH
Interesting to note that Apple held out until after Steve Jobs' death.

------
cwhittle
I think we all hoped it wouldn't happen but knew it would.

------
runn1ng
....I don't want to buy Google Glass anymore.

------
cpursley
This is no surprise to us libertarians.

------
caycep
think of all the bitcoins you could mine in that Utah facility. Satoshi
Nakamoto - are you in there?

------
drivebyacct2
I have a simple question:

If you're a terrorist, why would you use any of these pre-built services?
There are so many ways to do point-to-point, encrypted at both ends...

I guess when I hear "Dragnet"... the only people I see getting swept into it
is innocent people and really, really, really stupid terrorists.

~~~
conroe64
It's really hard not to leak information. This is just a guess, but if they
see you doing something they don't like but can't decrypt, they can check
their huge PRISM database for your ip. Even if you do a good job at hiding who
you are, communication outside of the encrypted channel you are using might
reveal yourself.

Also they have their hooks in Microsoft and Apple. It stands to reason that
means a backdoor in each of the operating systems, as well.

You'd have to really be paranoid to avoid this. Using an opensource OS find an
open access point, with no surveillance cameras anywhere, use it only for your
encrypted communication and nothing else, and then leave and never come back.
And obviously, don't bring a cellphone with you.

Considering this was top secret, I would bet that a lot of persons of interest
didn't know about PRISM either, making it a lot harder to realize that they
fucked up.

------
dschiptsov
Why so much cries? As long as operators has all kind of logs anyway (location,
calls, IP sessions) it is only matter of time that authorities will use it
with this or that pretext.

In countries like Russia where police and intelligence services have unlimited
power, every provider is obliged to collect and keep such logs for use of
authorities.

The first thing that authorities around the globe are copying from each other
is any kind of scam that gives them even an illusion of more "control" over
the people. Why should it be different in US?)

And of course, such programs are great opportunities to allocate and "utilize"
(read: steal) millions of government money.

------
o0-0o
Jesus Christ. Shit just got real.

------
edwardunknown
Devil's advocate, here: As long as it's restricted to terrorism investigations
I don't care. If it stops bombs from going off go ahead and snoop through
Facebook's database, big deal.

If it ever trickles down to DEA or local police then it's a problem. If secret
courts and SQL dumps become standard procedure then everything falls apart. If
this is considered constitutional I don't know how you're going to tell
Officer Shitforbrains he can't look at your phone records and Google search
history to find out where you bought that joint.

~~~
jlgreco
Are you _really_ playing Devil's Advocate when you argue a position because
you actually believe in it?

~~~
edwardunknown
It's more of a job title.

~~~
jlgreco
You being paid to post here?

Wish I could say that I was surprised.

~~~
edwardunknown
No, geez. I just like to argue.

