It feels like we are collectively missing the point.
The problem isn't so much that governments are spying on their citizens so intrusively: It is that they are able to spy so intrusively.
Another thing: Anything the NSA can do the mafia can do also, albeit on a smaller scale. Regulating the NSA will do nothing to stop other actors, including some decidedly unpleasant ones.
This is a far bigger problem for technology than it is for government.
Why are we making technology with so many gaping vulnerabilities?
Surely there is something wrong with the way we develop software and hardware if it is so easy for us to ship vulnerable systems and so hard for us to secure the systems that we have already shipped.
This is a hard problem to solve, but until we put our man-pants on and face up to it, then we remain stuck.
Everything else solves only a tiny fraction of the problem, and mostly serves only as a distraction from the central issue: The technical challenge of making systems and software that we can trust.
While it would be nice to have utterly fireproof houses, it still makes sense to disband the government agency of mentally ill firebugs who run around lighting everything aflame they can find while chasing shadows.
Being smart about security is all good and well, but it doesn't mean bad actors should be tolerated. It's like saying the real problem in a war-zone is not the aggressors, but the lack of bullet proof vests, helmets, and gas masks, and the civilians caught up in it should put their "man-pants" on.
I take your point, but the phrase 'being smart about security' trivializes a task of monumental proportions.
We need to rethink how we design software / hardware systems.
We need to rethink what we mean when we talk about software engineering professionalism.
We need to rethink how we approach quality and liability issues.
All of these things go so much further than just 'being smart about security': They go to the very core of our profession and how we organize ourselves.
True, we need to contain bad actors, starting with the ones who are actually criminal and hostile, but that comes a distant second to the imperative need to get our own house in order.
The security services are literally the least of our worries, and (almost) the last thing we need to worry about.
The government is able to do an unimaginably large number of things against the public: foremost, in this case, is their ability (so far unused) to ban unbackdoored systems outright. Unfortunately for us techies, the proper approach is to get the people who are doing this to stop trying.
Thank goodness the Brookings Institute had the foresight to hire a lawyer who could tell this reporter that NSA is great and this law is terrible and also this law won't affect NSA at all.
One of the two of us could stand to make our irony a bit more obvious.
Brookings Institute poses as a "centrist non-partisan think tank", but as we see here is really just a sock puppet for the military-industrial complex, among other evil plutocratic interests. Like lots of "centrist non-partisan" organizations.
Sorry for the pedantry, but ... this isn't a lie per se, rather usage of deceptively-meaningless terminology. Specifically, "centrism" of the American Left-Right dichotomy, is poorly defined.
There are multiple ways to arrive at a balanced compromise between:
* the Left's platform (use government to ensure everyone is fed, entertained, coddled and unoffended); and
* the Right's platform (use government to exert Christian theocracy, and to earn bribes by exerting the largest pocketbooks' wills, even if that means building an empire).
Two notable extremes of such compromise are:
* use government to do everything under the sun, from wealth redistribution to world conquest (cf Horseshoe Theory); and
* don't use government for anything for which it isn't absolutely necessary (cf libertarianism aka classical liberalism).
IMHO classical liberalism is better than nationalist-socialism, and it seems you agree; but both positions could be described as "centrism" since they lie between the Left and the Right.
That seems to be a misrepresentation (not a lie per se?) of Horseshoe Theory? Those of us at the heel don't support world conquest. That is very much a toe thing. I would countenance a great deal of redistribution in exchange for a great deal less conquest.
> the new Michigan law is broader, banning “material support or resources to a federal agency to enable it to collect or to facilitate in the collection or use of a person's electronic data or metadata,” except if the collection is done with informed consent, a warrant, or a legal warrant exception, such as instances in which there’s no expectation of privacy.
I wonder about the practical effectiveness of it:
It only covers state and local government agencies (if I understand correctly). How much surveillance do they perform? Business performs far more AFAIK. Can they continue to hand over data to the federal government? What about federal contractors such as Palantir? What about state and local data sold on the market, such as drivers license and voting information (at least in many/most states; I don't know about Michigan).
The law makes an exception for a legal warrant exception, such as instances in which there's no expectation of privacy. 'No expectation of privacy' is, I understand, how every business gives data to the government and seems to allow government and business access to everything but a lead-sealed, windowless, Faraday cage in your house (but the smart power meters can identify a lot of your activity anyway).
Also, other factors make it seem symbolic:
> The Michigan law doesn't make cooperation with the NSA a crime or outline an enforcement mechanism.
and
> passing with a single "no" vote in the legislature
I don't think this is actually true. A single no vote just means that it wasn't unanimous (but almost so).
As for not defining a crime, much of law (e.g. the constitution) does not define crimes, but regulations of government which may be enforced by courts. E.g. the government must not station troops in your house in peacetime (Third Amendment) or the government must appoint you legal counsel in a trial (Sixth Amendment).
> The law makes an exception for a legal warrant exception
I also wonder about this, particularly as a lot of the NSA's activities do have "legal" warrants issued by the secretive FISA court.
> I don't think this is actually true. A single no vote just means that it wasn't unanimous (but almost so).
The implication I drew from it was that the bill was uncontroversial. If security agencies thought it was a threat then I'd expect much more of a fight, though that would not necessarily happen.
> "a lead-sealed, windowless, Faraday cage in your house (but the smart power meters can identify a lot of your activity anyway)"
To get as close as possible to perfection isolation, also ground the cage to make it produce much less emissions and use some filtering device on any cords connecting it to power/communication grids (ungrounded Faraday cage only stops incoming communication, not outgoing one).
Thank you. The omission of the state’s name is a deliberate clickbait ploy.
[Edit for context: the title of this post and the accompanying article have both been updated to "Michigan" instead of simply saying that a state had done so.]
Nice to see that even with all the, uh, distractions the Trump Administration is providing us with, there are still people concerned about the government spying on its citizens.
I don't know that this law will have more than symbolic effect, but I'm glad to see it anyway.
The problem isn't so much that governments are spying on their citizens so intrusively: It is that they are able to spy so intrusively.
Another thing: Anything the NSA can do the mafia can do also, albeit on a smaller scale. Regulating the NSA will do nothing to stop other actors, including some decidedly unpleasant ones.
This is a far bigger problem for technology than it is for government.
Why are we making technology with so many gaping vulnerabilities?
Surely there is something wrong with the way we develop software and hardware if it is so easy for us to ship vulnerable systems and so hard for us to secure the systems that we have already shipped.
This is a hard problem to solve, but until we put our man-pants on and face up to it, then we remain stuck.
Everything else solves only a tiny fraction of the problem, and mostly serves only as a distraction from the central issue: The technical challenge of making systems and software that we can trust.