At the very least it produced some dissonance between democratic establishment and their support base. Bill and Hilary continue to tour the country and I attended their road show in Seattle. Crowed cheered at every statement until they got to, and I quote, “Snowden is a traitor”, which produced very confused and subdued cheer. It was very fun to watch.
This is exactly what PRISM was, not taking data from servers, but tapping into the data networks between them and siphoning off whatever the NSA wanted. And it just so happens that to mirror a fiber optic line you use a crystal prism.
It actually changed a lot how some companies handle government requests for data. Apple for example, completely switched their strategy because they wanted to be seen as protective of customer data. They realized that data requests would eventually leak so they avoid storing identifiable data on the servers. They saw privacy as a competitive advantage.
I've seen intranet encryption between internal services become much more commonplace
Here in the UK, nothing had changed, and any debate that wasn't centred around condemning Snowden and justifying the actions of the security services, was very short lived.
And whilst what eg GCHQ actually do hasn't really changed much as far as I can tell, it's been brought onto an "open" legal footing which is progress. The next step will be for the legal safeguards which are currently rather toothless to evolve to have real teeth. I think that will happen eventually but it'll be a slow journey to get there.
The CIA spied on the Senate and nothing happened.
Naive in the extreme. So naive its hard to believe the opinion is genuine and not Astro turf.
That's a fallacy by both choice and externality.
There are cases in which there is no choice but to use specific corporate products, or in which choices are made without an individual's consent or involvement.
Karen Sandler, co-host (with former FSF directory Bradley Kuhn) of the "Free as in Freedom" podcast has an implanted, closed-source proprietary medical device. She can literally chose between non-free software (which includes surveillance), or death.
Emergency medical services, government contracts, third-party contracts by various firms and organisations, third-party use of Gmail either directly or as a hosted email service (see Benjamin Mako Hill's "Google has most of my email because it has all of yours": https://mako.cc/copyrighteous/google-has-most-of-my-email-be...), and the issues of spillover externalities (Amazon Ring doorbell surveillance, third-party tracking of mobile phone SIMs, MACs, and Bluetooth signatures, facial surveillance) mean that, no, actually, you cannot decide not to participate in corporate surveillance.
And, as a final point, both government and corporate surveillance and oppression very often speak to the same underlying dynamic: that of power to defend both itself and its wealth and/or golden geese. Examples are numerous, though the Johnson County War would be a good case history: https://en.wikipedia.org/wiki/Johnson_County_War
Let's please put this canard in its well-deserved grave and bury it.
The overarching point is that it's naive to consider issues of privacy particularly distinct in the public or private sphere. Neither market nor political power are trivial to escape (and they have other things in common). Individual opt-outs will only get you so far from either a Google scale or state scale operation.
"No choice" in the sense that you lose business, lose touch with your high school classmates, or are forced to go out and pick up your own food from the restaurant down the street?
Or "no choice" in the sense that people show up at your door with guns?
What a privilege it is to be able to casually use the same language to describe such disparate outcomes.
Strategems in which individuals are denied the very fundamentals of life, food, shelter, work, engagement in civic, social, commercial, or cultural practices, access to courts, institutions, and the like, without overt threats of violence, are far more effective than guns.
to fight and conquer in all your battles is not supreme excellence; supreme excellence consists in breaking the enemy's resistance without fighting
I would expect that the greater debate on privacy will, over time, hopefully lead to some changes in how we are able to control the data generated by our bodies. Until that happens, I’m going to take the thing that saves my wife’s life with the potential for some shadiness or simple distaste at what may happen to her data, or, I might look at it as her voluntary consent which was fully given with her and my knowledge well ahead of time — helps to save others lives, and some loss of control of that data is actually quite noble.
As you might guess, I started at the abstract, but ended up at the concrete, and my wife really does have such a device, similar to your example. And I also work in big data analytics industry, and get involved in these sorts of discussions pretty often.
Let us agree that I can indeed avoid having a Gmail account. Can I realistically avoid sending email to a Gmail user?
There are just too many users. Maybe I can avoid sending mail to <anything>@gmail.com (though not responding to one will invariably be perceived as incredibly rude), but I cannot avoid having Gmail users send email to me. I cannot realistically notice ahead of time that email@example.com is actually using a Gmail server under the hood, and not send the email. I cannot prevent Gmail users from talking about me.
I can reduce my exposure, but there are limits to what I can reasonably do. Your usage of Gmail is hurting my privacy. Okay, not yours, but definitely half of my friend's. I can't realistically ask them to either stop using Gmail, or stop interacting with me, now can I?
Let us agree that individual choices and individual actions don't work.
While I agree with your larger point, I don't agree with this subjective value judgement and am not sure why it's necessary to lump it in with the rest of your (valid) points. Why do I want to see ads for things I'm not interested in? How is that in any way "better?"
What I definitely don't want is unauthorized humans reading my email. (Even so, I have to assume that is exactly what will happen whenever I type or dictate anything into a computer. I've operated on that basis since before GMail, Google, or even the civilian Internet existed.)
And now they have a mighty powerful pattern matching machine, they can easily ask more than where I could possibly spend money. They could ask for my political affiliations, or my sexual orientation, my social network (who knows, I may be related to the second or third degree to some nefarious terrorist?).
That last one is very worrying. Especially since recently, my country (France) is being eerily harsh with political opponents. I've just read a story about a journalist (whose income happens to come from YouTube & donations), who is being judged for… gang theft (the pun also works in French), risking up to 75.000€ in fines and 5 years of imprisonment, just because he covered the unhooking of a 8€ portrait of our current president in a Town Office (which usually have president's portraits, but this is not mandatory). Unhooking, they reportedly did not even take the portrait.
So yeah, I'm more and more worried about giving our governments the means to apply their increasing insanity. Sure, having an individual reading my private email is unacceptable, but that risk is getting smaller and smaller, in comparison, to the mass surveillance that automation enables.
You'll have to detail this particular implication.
I for one would think the opposite.
* also FWIW, IIRC, they don't read email for ads any more.
Karen's and my 2019 FOSDEM keynote (and accompanying podcasts) discuss her struggles with the medical device industry and how those struggles relate to the larger set of choices related to technology that we make. This isn't an issue that lends itself well to short-form discussion. The issues are quite complex:
But it was far too specific (and frankly too obscure) to serve as a general basis for argument. Pacemakers used to run on plutonium. Should that influence the larger debate over nuclear power versus fossil fuels?
If someone has to use a pacemaker or insulin pump that runs proprietary software, that's unfortunate as far as it goes, but the patient himself/herself is fundamentally fortunate to have that option. It would perhaps be better to focus on developing open-source alternatives than to rail against a particular manufacturer's policy... except the (captive) regulators will have something to say about that, won't they? Specifically, what they will have to say about the idea of an open-source pacemaker is "No."
What you are complaining about in this specific instance isn't corporate policy, but government policy. I'm actually very sympathetic to your argument, personally. I've made the point many times that any sufficiently-dominant corporation is indistinguishable from a government. But you need to be careful to identify the party who is actually forcing or denying choice.
Not specific enough. What they would most likely object to is code you can modify. Code you can inspect on the other hand is a whole 'nother business. And one could easily guarante their pacemaker runs the code the manufacturer says it runs, by having reproducible builds, signing the source & binary, and have the device itself communicate (at least) a version number.
Being able to modify the source would be potentially even better, but if we could at least inspect it, then we would know of bugs & vulnerabilities (some of which have affected Karen Sandler in the past), and the manufacturer would have no choice but be shamed and correct the error.
If you require home internet access to do your 30k salary job, you move into an apartment, and they tell you you have one option for internet access, you have literally been restricted to a single corporate product and subject to surveillance.
Example: Doorbell Cams taking video of you walking by, uploading it to a corporate database, identifying you using photo recognition algorithms and your location using the home's address, and using that information to sell you things.
This should not be taken for granted -- in the UK I was twice (very politely) asked to leave because I was taking a picture and apparently a gov't building was in the background (and you need a permission to photograph those!!) and the second time because a school volleyball competition was played in the background. This is stupid because if I did it with a phone instead of a DSLR no one would notice.
Maybe some limits on commercial photography in public spaces makes sense, but I would not go as far as putting strong limits on it altogether. My 2c.
In my opinion, we need to start treating data about users as intellectual property. Generally speaking, you don't have to worry about intellectual property when you're doing something personal. I can say "Just do it" all I want. In the same vein, I can make casual observations about random people on the street without having to worry about violating their privacy (that guy has cool shoes!). But if I start to use "just do it" in my business marketing materials, I'll be in trouble. Similarly, if I start keeping a database of somebody's shoes every time I see them so I can try to sell them something, that should be illegal.
All of our legal precedent about privacy, law enforcement surveillance, commercial data gathering, etc, really dates to the 1800's and early 1900's when things were fundamentally different. There is a qualitative difference when information can be automatically processed in aggregate.
I don't really care about individual corporate -- or LE -- surveillance actors if the data is partitioned over many and requires real subpoena power or active, limited sharing. If there's thousands of cameras owned by homes and businesses in my town, and everyone uses the pictures on their own for their own purposes, and law enforcement occasionally asks for and/or subpoenas the data when it'd be particularly useful and there's at least some suspicion-- that's great.
On the other hand, when we automatically read license plates and form a big database about where everyone goes every day, that's not so great. When individuals are all subject to mass-scale surveillance that we use with data processing and machine learning to manipulate those people-- that's not so great either.
The threat isn't corporations. The threat is when the government goes rogue as governments tend to do unpredictably from time to time. The threat materialises in the government using private corporation data to target arbitrary minorities (although usually the educated, wealthy, foreign and free-spirited).
People seem to think that because it "could never happen here" they can just ignore the possibility. Then it turns out that that sometimes it can.
Privacy isn't just about the world as it stands today. Privacy is an acknowledgement that the present and the future are linked and that the future may be profoundly different from today. People aggressively selling you things is more harassment.
In a thread about surveillance, why are you drawing a dichotomy between different surveillers and basically giving one a pass? They're both prongs of the same threat! On the collection side, every bit vacuumed up commercially is available for use by the government. And on the use side, there is little difference between a government proper and corporations that have achieved enough power to exert de facto governmental control - especially when colluding through a common third party.
> corporations that have achieved enough power to exert de facto governmental control
Might be a failure of the imagination, but I really can't see myself ever getting involuntarily dragged out of my apartment by McDonalds employees. The worst I've ever seen a corporation do is set the police on someone. As long as the government is functioning sensibly a rogue corp can only do so much.
On the large scale, I do not want these entities to have access to weapons-grade behavioural models. On the small scale, I do not want them to have compromising information about individual behaviour. They will use whatever leverage they gain to enrich themselves far beyond their utility.
"want". Do you actually desire them, or were you persuaded/tricked into it? :)
Also do not underestimate the influence of corporations:
It seems to me that if an advertiser can convince me to spend money then I wish they'd done it sooner. I can easily imagine having bought my first smartphone after seeing an ad. It wouldn't be a trick.
Corporations are worth keeping an eye on, but governments are more unreliable, less governable and generally have larger professional military. And if a corporation acts it is usually in concert with a government.
Are you an American? :)
1. Persistent psychological manipulation (advertising), including political manipulation, based on knowing your weaknesses better than you know yourself.
2. Punitive insurance rates based on unreasonable inferences, especially for mandatory insurances. Like say doubling your auto insurance rate for buying more than a few beers per week. Or your health insurance going up due to buying power tools.
3. Blacklisted and prevented from working industry wide. A good concrete example I got from HN just the other day: https://en.wikipedia.org/wiki/Consulting_Association .
4. Prevented from or price-gouged when using vital services. For example - the unbanked (ChexSystems), recent Internet censorship (Visa/MC), Internet service ("six strikes").
The issue isn't the straw man of being "dragged out of your apartment by McDonalds employees", but rather being prohibited from buying food due to being uniformly banned from McDonalds, Burger King, and Walmart - say you've previously shoplifted but have served your sentence, are simply wrongly accused, or perhaps just didn't respect a sign saying to take off your sunglasses.
I know you're likely to respond to these by defining them away as not being problems in your paradigm, but paradigms are only as good as their constructive results. Our current politicatastrophe is basically due to people clinging to their chosen paradigm way past its utility. FWIW our modern society is indistinguishable from a "Libertarian Paradise" where USG is a private corporation that owns everything and who've you've contracted with to be here. An axiomatic approach of morality-by-construction doesn't work - the only way is to judge qualitative situation.
Is it just supposed to be self-evident that those inferences are unreasonable?
I've always thought that this was an interesting argument. If there is some form of correlation with beer consumption and and car accidents, wouldn't it make sense to adjust your estimated risk based on that information?
I do find it self-evident that that would be a bad thing, but I also have a hard time putting my finger on why.
Directing focus at "people who drink a lot of beer" means considering people who who drink a lot of beer at home as guilty by association, ultimately due to the subjective priorities of whomever pushed for that model.
Obviously in the expected value sense, charging on correlations is lucrative for the company (as is any justification for raising prices on a set of customers if your competitors do it too). But in the exact same way as saying certain zip codes are more likely to default on a loan, which we rightfully reject.
Why would we reject that zip codes are more likely to default on a loan? Seems like information I would like to be aware of if I was a home lender.
I certainly look at crime rates of a community before I live there. While a bad crime rate certainly doesn't make potential neighbors "guilty by association", it certainly increases the likelihood that one of my neighbors might be actually guilty.
Nope. Because it's flawed reasoning. If many people who get into accidents were driving drunk and everyone who drives drunk buys beer it might seem logical to increase rates for everyone who buys beer, but people who drive drunk are only a small percentage of the people who are beer buyers. That kind of reasoning seems more likely to be a weak justification to raise rates for a large number of people than a reasonable response to a trend.
If the insurance companies could arbitrarily raise rates due to a trend that doesn't exist, than they would have already done so. These companies know their margin and they don't bid above that if they want to be competitive.
that assumes that all companies involved aren't doing the same thing. Corporations figured out a long time ago that when one of their competitors does something that makes them more money at the expense of their customers they could start doing the same thing to their own customers and profits increase for everyone without risking prices being driven down by a truly competitive market. The insurance industry in particular is has a long history of shady practices from good old fashioned collusion and price fixing to new techniques like data mining to charge customers different rates depending on where they live, what jobs they have, or how often they're willing to change insurance companies.
In my view, the insurance industry looks competitive, which means that even though these shady practices happen they can't effectively dictate the entire market.
One of the tendencies of the neo-puritanism that has become prominent in the last decade is a real willingness to abandon any boundaries that have kept corporations from using certain kinds of information against individuals -- boundaries that were in large part legislated during the civil rights era.
It's the job of the insurance company to accurately assess risk and charge me that plus their margin. If the companies can more accurately assess risk, than that makes insurance a less volatile and therefore cheaper market.
Insurance companies don't have access to the actual root causes of accidents. They have no measure of my driving skill or risk tolerance or attention span. They just estimate based on some really primitive data they have about me. What's the harm in including more data?
For example, EU corporations are required by GDPR to comply with deletion requests, unless they are asked to retain the data by a government.
Especially in modern society government and corporate interests are increasingly interweaving. And I'm no more comforted by governments having access to dystopic levels of personal information than I am by corporations having that access. It just so happens that, in practice, there's no difference anyhow.
 - https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
It was a f---ing web-form for sending targeted, narrowly-scoped, legal notices. Nothing more, nothing less. It was not some magical all-seeing Eye of Sauron that gave the NSA a backdoor into every word you ever said online, your blood type, and the number of nose hairs that you plucked this morning.
The really illegal backdoor, unscoped intercepts, including the cable taps, were done without the consent of most (all?) of the companies in question, and were not done through PRISM, but rather through physical access to, say, cross-datacenter cables, straight up hacking, and similar means.
 See: SSL added and removed here :v) https://blog.encrypt.me/2013/11/05/ssl-added-and-removed-her...
To start with "IS, not WAS". PRISM hasn't gone anywhere and the most reasonable path here is to expect it's only substantially grown - as it already was doing at the time of its initial reveal. This  is a snippet of the PRISM collection overview. Data is sent straight from the partners to a DITU - data intercept technology unit which then processes the data in various ways before being sent on for further processing to appropriate nodes and ultimately becoming searchable through PRISM.
An example of a DITU is here . Microsoft provides unencrypted access to the NSA to user emails. One slightly tricky thing here was Microsoft deciding to roll out a new 'alias' feature enabling users to send emails under an alias. The DITU for outlook there ensured that NSA tracking would remain consistent regardless of the identity chosen by the user. Finally this  is a snip of the slide revealing the scope of data available from various partners. 
And yes, there is supposed to be a formal request where an analyst requests our secret court system approve a search before they carry it out. That process is unsurprisingly a rubber stamp - the court approves 99.97% of all requests. But more importantly this is something with no meaningful oversight. As Snowden emphasized, "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."
So, yes it would be much closer to calling PRISM the all-seeing-eye than it would be to a system for sending out warrants. These systems are the reason that the Utah data center was built with storage estimated on the order of exabytes. One exabyte being a million terabytes.
 - https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%...
 - https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-...
 - https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%...
 - https://en.wikipedia.org/wiki/Utah_Data_Center
The data that is sent into the PRISM system is data that is sent by cloud providers, in response to a targeted warrant. The data is not collected whole-sale - it is targeted to a particular individual. That's the whole bloody point of warrants.
Once it's been sent by the cloud providers to the NSA, it ends up in a searchable database. I don't understand what is remotely controversial about that. The source of the data was not whole-sale collection - it was targeted warrants. That it becomes searchable afterwards is not relevant to anything. There is nothing illegal about police retaining data, and maybe even putting it in a searchable database, as long as that data was legally obtained - at least, in the United States.
> And yes, there is supposed to be a formal request where an analyst requests our secret court system approve a search before they carry it out. That process is unsurprisingly a rubber stamp - the court approves 99.97% of all requests. But more importantly this is something with no meaningful oversight.
I'm not sure you understand what the purpose of search warrants is.
Search warrants are overwhelmingly rubber-stamped by courts, regardless of whether it's a secret FISA court, or a local judge who works two days a week in Small Town, AK. The point of having to get a search warrant is not to obstruct the work of police. The courts don't interpret that to be their job.
The point of having to get a search warrant is to prevent fishing expeditions, and to make sure that police are conducting a narrow, targeted search. Most judges will rubber-stamp a search warrant for Bob Joe, based on incredibly flimsy testimony. Most judges will tell a police department to go pound sand if they wanted a search warrant for an entire town.
As long as those FISA courts were dealing with search warrants of the first kind (And all evidence points to this), rubber-stamping them would not have been any different from how regular courts rubber-stamp targeted search warrants.
> "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."
You are conflating two separate parts of PRISM, in a misleading manner.
The first part is how it requests data from cloud providers. It does so by targeted warrant. This is incredibly similar to how regular police operate. They get a targeted warrant, a judge rubber-stamps it, and they serve it. It is incredibly likely that this is not illegal.
The second part is that after it has retrieved the data, that data goes in a database, where every Tom, Dick, and Harry that works for a TLA can search for it (And go on fishing expeditions, in the already-retrieved set of data). This is also not illegal. If you think it is, please point me to legislature, or court precedent that implies that information obtained by the police in a warrant cannot be put into a searchable database.
You are conflating the two, by making it sound like every Tom, Dick, and Harry that works for a TLA can go on an untargeted, whole-sale, unwarranted fishing expedition on Hotmail.com. The simple fact is, they can't. Not via PRISM, at least. This is why the NSA was conducting criminal tapping of cross-datacenter links - because PRISM only let them serve targeted warrants, and they wanted raw, whole-sale, untargeted, backdoor access to your data. That, for some reason, most of the firms implicated in the leaked NSA files were not granting them, hmm...
 - https://www.washingtonpost.com/investigations/us-intelligenc...
If you don't feel comfortable with the government having that data, I wouldn't suggest giving it to private corporations. Even if they are standing up to gov, it means things can change. I think Snowden uses the phrase "turn key tyranny".
On one hand, I hear ya and agree.
But the reality is, the deck has been reshuffled such that while we're focused on that front door about rights are being sucked out the back by the likes of Big Tech, social norms, etc.
Yeah, the means differ. But in the end, the ends are the same.
I wonder how much that was any given person, or just that the availability of such surveillance has increased dramatically.
Since then, combined with the ability to use AI patterns against video streams and even deep fake capability. My trust in most things is pretty much broken at this point.
Are you me?
The UK introduced (public) mass surveillance long before Snowden was on the scene.
Edit: I wonder if this includes the petition site?? Can't say that I'd be too keen on the Dark Lord Cummings getting the details of my personal petition history!
Edit2: Yes, I know that's not his official job title, at least not yet.
It's the only part of that site I can see BJ actually giving enough of a shit about to go out of his way and double down on at this point. The rest of the gov.uk stuff is already very well managed and instrumented (and a great public service).
The Executive Summary provides a good overview.
In contrast to the Amazon book page that claims he helped "build" the system, it appears he was primarily a system administrator responsible for tasks such as patching and file transfers.
Also, Congressional report prepared by whom? Can't take a report by the fox guarding the hen house seriously.
It's up to all of us to take this report, and news reports and autobiographies, as seriously as you think they deserve. This provides background information not commonly known and is a valuable counter balance to Mr. Snowden's account. How seriously should we take an autobiography written by the person who perpetrated such (in)famous actions?
There is "selective reporting" on all sides, it's up to us to take it all in and form our own opinions. For example: read the report, note Mr. Snowden's length of service at each job, his age and experience, and consider how likely it was that he was a "senior advisor" or a more junior system administrator.
I understand this may be a lost cause, but I'm simply advocating for balance on this issue.
Both groups would have been necessary to build the a long term system.
Beyond that, I don't see how his status while working for the intelligence sector is very important, and I've never gotten the impression Snowden was trying to boast about how achievements there.
Even during the initial revelations, people who wanted to downplay the topic regularly pointed out that Snowden was "just a system administrator, not an intelligence agent" and attempted to debate whether he worked directly for the government or only for a contractor. It baffled me, because that doesn't even seem relevant to his claims.
The "government employee" issue would only matter if the authenticity of the leaks was disputed; the various PRISM and XKEYSCORE slideshows were never even challenged, so who cares? And "only a system administrator" sounds backwards to anyone who actually knows what sysadmins do. Dismissing him as a maintainer instead of an architect is a weird sideshow, since his role was mostly important as an answer to the question "how did he get undetected access to so many different files?"
It coming up again of again when Snowden is discussed is part of either controlled or natural occurring propaganda, a talking point of the regime. The one bringing it into this thread is a new throwaway account, go figure. One way or another, directly or indirectly, you are seeing the "controlling public discussions" part of what intelligence agencies do in action here :)
My main takeaway form the report is that Mr. Snowden was misleading/dishonest about elements of his past and motivations. Read the report for other examples of his misrepresentations, mainly that he never reported his suspected abuse of government programs via established internal process and he took and shared material on much more than the programs he was concerned about.
The discussion of the programs themselves is certainly much bigger. I view these programs as the nuclear weapons of our age. It was inevitable that they would be created (with similar capabilities in the hands of other governments and corporations), and there is always the risk of misuse. While the US Government is not the ideal owner of these tools, I generally trust the USG more than other countries and corporations.
The problem with intelligence agencies is that you rarely hear of their successes, and almost always hear of their failures.
His claim was that testimony was the "breaking point" on the decision to leak, not download files, and soon after he agreed to publicly be named the source.
>mainly that he never reported his suspected abuse of government programs via established internal process and he took and shared material on much more than the programs he was concerned about.
It's his word vs theirs on whether he raised the issue before deciding to leak. And he knew there was a ton of unrelated data in what he leaked, that was why he privately gave it to reporters and didn't publicly post it.
- ALFA AWUS036NEH Long Range WIRELESS 802.11b/g/n Wi-Fi USBAdapter
- Yubico - YubiKey 5 NFC - Two Factor Authentication USB and NFC Security Key, Fits USB-A Ports and Works with Supported NFC Mobile Devices
I understand the Yubikey is popular but I do not understand the why the Wi-Fi dongle is popular. Any ideas?
Opsec should be based on reality and threat modeling, not endless rounds of whatabout.
Edit: if you (the rhetorical you, not parent specifically) actually know something here, chime in!
Edit: make that over 2 billion
Edit: also, "proven secure" is impossible.
Good security practice is considering all devices as insecure until proven otherwise. Also, mitigating known unknowns where a general problem happens a lot. Devices snooping on you, misleading you, interdiction, hacks on firmwate, etc. Then, you mitigate it in situations where you're unsure of what's going on just in case. So, long as mitigation isn't too costly.
I used to buy and get rid of WiFi devices and throwaway computers for that reason. Also, buy them in person at random places with cash. You can even turn it into charity by using FDE, wiping them afterwards, and reselling cheap or donating to others that cant afford full price. Put Ubuntu and Firefox on them to spread some other good things.
Well that's impossible (see also the halting problem) so that's pretty clearly not good security practice.
Nothing in that says anything about what your threat model is. What risk are you mitigating by doing this? This sounds like the type of "ignore the words and listen to the sound of my voice" security espoused by management and vendor sales people.
It sounds like you have a diverting past time, and I wish you the best with that, but this isn't what security is about. Security is about identifying and mitigating specific risks. This goes doubly for operational security. All else is security theater.
The main drawback is potential errors in the implementations of the analyzers or solvers that invalidate what they prove. Designs for certifying solvers exist which essentially are verified or produce something verifiable as they go. There's examples like verSAT and Verasco. The tech is there to assure the solvers. Personally, I'm guessing it hasn't been done to industrial solvers due to academic incentives. Their funding authorities push them to focus on quantity of papers published over quality or software improvements with new stuff over re-using good old stuff. Like infrastructure code, everyone is probably just hoping someone else does the tedious, boring work of improving the non-novel code everyone depends on.
Also, given my background in high-assurance research, I'm for each of these tools and methods, mathematical or not, to be proven over many benchmarks of synthetic and real-world examples to assess effectiveness. LAVA is one example. I want them proven in theory and practice. The techniques preventing or catching the most bugs get the most trust.
No it's not. It's been done many times. The halting problem applies to a more general issue than the constrained proofs you need for specific, computer programs. If you were right, tools like RV-Match and Astree Analyzer wouldn't be finding piles of vulnerabilities with mathematical analyses. SPARK Ada code would be as buggy as similar C. Clearly, the analyses are working as intended despite not being perfect.
"Security is about identifying and mitigating specific risks. "
Computer security, when it was invented in the 1970's, was about proving that a system followed a specific, security policy (the security goals) in all circumstances or failed safe. The policy was usually isolation. There's others, such as guaranteed ordering or forms of type safety. High-assurance security's basic approach was turned into certification criteria applied to production systems as early as 1985 with SCOMP being first certified. NSA spent five years analyzing and trying to hack that thing. Most get about two years with minimal problems. I describe some of the prescribed activities here in my own framework from way back when:
I eventually made a summary of all the assurance techniques I learned from studying these commercial/government products and academic projects:
Note that projects in the 1960's were hitting lower defect rates than projects achieve today. For higher cost-benefit, I identified the combination of Design-by-Contract, Cleanroom (optional), multiple rounds of static analysis by tools with lower false positives, test generators (esp considering the contracts), and fuzzing w/ contracts in as runtime checks (think asserts). That with a memory-safe language should knock out most major problems with minimal effort on developers' part (some annotations). Most of it would run in background or on build servers.
Meanwhile, the state of development for a major OS leads to about 10,000 bugs that even a fuzzer can find:
Modern OS's, routers, basic apps, etc aren't as secure as software designed in 1960's-1980's. People are defining secure as mitigates some specific things hackers are doing (they'll do something else) instead of properties the systems must maintain in all executions on all inputs. We have tools and development methods to do this but they're just not applied in general. Some still do, like INTEGRITY-178B and Muen Separation Kernel. Heck, even IRONSIDES DNS and TrustDNS done in SPARK Ada and Rust respectively. Many tools to achieve higher quality/security are free. Don't pretend like it's just genius mathematicians or Fortune 25 companies that can, say, run a fuzzer after developing in a disciplined way with Ada or Rust.
(And the idea of accidentally exfiltrating data through a reused wifi adapter is ludicrous)
Things probably haven't changed..
What weaknesses in WPA2 remain?
Of course, the CA could also issue a fake certificate with attacker-controlled keys, but if they tried to do so, they would get caught by Certificate Transparency.
The first one being a targeted attack. Then any ordering of Yubikeys can leave to vulnerable as the supply chain can be intercepted (because they see it's you and switch out the key to a counterfeit one). This can be solved by going to a in-person store and buying it there. Then there is no risk of you being personally targeted as you can go to any store.
The second one, is where all keys sold being counterfeit, which you cannot solve by going to a in-person store or ordering online. Not sure how you could avoid this vector.
While this is a theoretical problem anywhere, it's a practical problem when ordering from Amazon far more often than anywhere else. Going to a reputable physical store likely shields you from the second scenario nearly as well as the first. Also, in the case of Yubico at least, you can order directly from their website, which presumably minimizes the number of hands the product has to go through, thus minimizing opportunities for a counterfeit to be swapped in.
The person spoke of these things happening in ways we "couldn't imagine". People were guessing at what he meant and his responses were mostly "it's much worse". One redditor posted some highly technical speculations to which the author responded "you're getting close".
Reddit's search isn't good enough to retrieve this but I would LOVE to find that post again.
Which I assume is not what you meant but it's pretty early in the timeline of Snowden's revelations.
Setting the timeline to 2012-01-01 - 2013-07-03 is just before Greenwald broke Snowden's story and those results are very different.
Interspersed are results that were likely updated in Google's index after july 3rd so there are some false positives so to speak.
You'd have to browse more of those results. I've only got 3 pages in.
Edit: Actually this IAmA from Cory Doctorow could be it. He's definitely in the know about what the government is capable of and speaking from that experience. Which pretty much predicts Snowden's revelations.
Of course I remember when AT&T was implicated in mass surveillance by a former employee back around 2004, that story just got lost in the ether.
This was in 2012, 2013 was when Snowden did what he did.
I always wondered if he saw this talk and was motivated by it.
I was annoyed that someone called Ed Snowden a 'Traitor'. Hopefully it gets a bit more recognition in this thread
For me he made the Great Game of Privacy a lot fairer. You should read the excellent entry on Wikipedia about the aftermath of the leaks. If the leaks meant that privacy-loving folk went 'dark' in light of the leaks, then this is a net plus. Snowden's actions possibly hindered NSA in catching undesirables, but it's a small price to pay for a bolstered Internet and privacy-respecting comms. And who's to say that the apparatus even worked that well in foiling the efforts of plotters? Bill Binney consistently drives his message home that the NSA's surveillance apparatus is very inefficient at foiling plots, and I agree with him.
Even if it stopped one plot in all the time of its existence, it's still an enormous effort and an enormous amount of money spent just to foil one plot. Old fashioned police work is better at foiling plots because it doesn't have to rely on big data algorithms sifting through the noise of Internet traffic (most of which is innocuous). Old fashioned methods work because they employ simple detective work - it doesn't need the NSA at every choke point and decrypting countless crypto.
A) Privacy is a liability, so that by curtailing privacy we strengthen the country (and conversely, by having more privacy the country is weakened)
B) The government must allow us only what measure of privacy it deems appropriate, and even has the authority to balance based on factors it need not disclose.
Both of those ideas should be repugnant in a free society.
The most basic tool of law enforcement investigation is the average citizen calling the police when they see someone doing something wrong. Unethical laws are more difficult to enforce, because the average citizen doesn't call the police when they see someone breaking an unethical law. Most people don't call the police when they see someone smoking marijuana, for example, because the average person has a moral compass which tells them that putting someone in jail for smoking marijuana is reprehensible. Historically, whenever the law has been wrong, many people have been saved by people refusing to report them: the underground railroad, hiding of Jews in Nazi Germany, gays under anti-sodomy laws, etc.
In contrast, I believe that when someone is actually doing something wrong, people call the police on them. If I witness a murder, rape, child abuse, etc., I would absolutely call the police. And while there are certainly high profile cases of people standing by and letting bad things happen, I trust people to do the right thing most of the time.
Pervasive surveillance bypasses witnesses as the basic tool of law enforcement, which takes the power out of the hands of the average person. This might allow law enforcement to catch more bad guys, and if that were the only concern, violating our privacy might make sense. But the flipside is that it allows law enforcement to put more people in jail who aren't bad guys--people who smoke weed, teenagers who sext, etc. As long as there are unethical laws, privacy is the fundamental tool which allows average people to trust their own moral compasses and not call the police on people who are breaking unethical laws.
When we're carving out areas of society where we accept less trust, then we can only lose trust, and that area becomes dangerous to us and a safe haven for corruption.
> “Without the 702 tool, we would not have identified Najibullah Zazi,” Joyce said later in the hearing.
Okay, sounds pretty legit. His plea bargain was partly informed by threatening his parents, but it does sound like there was a lot of other evidence collected through traditional police methods.
> The second instance described was a thwarted plot to bomb the New York Stock Exchange. Under Section 702's authority, the NSA monitored a known extremist in Yemen who was communicating with a man in Kansas City, Mo. This information led the FBI to Khalid Ouazzani, his co-conspirators and ultimately the plot to bomb the NYSE. Ouazzani ultimately confessed to sending money to al-Qaeda and was never convicted for the stock exchange plot.
Okay, so we... removed a small funding source of Al Queda? Maybe it's just me, but if I were trying to attack Al Queda's funding, I'd start with not having the CIA give them millions of dollars before going the "surveil all Americans" route. For comparison, the CIA gave them $2 million in one payment, while Ouazzani gave them $23K. The NSA yearly budget is ~$10 billion. The NYC police budget was $5.6 billion in 2018 and they handled 295 homicide cases in 2018.
> The third instance cited by Joyce was the case of David Headley, an American in Chicago who aided the 2008 Mumbai terrorist attacks. The FBI had received a tip about his involvement in the attacks when the NSA’s 702 surveillance also identified Headley as involved in a plot to bomb a Danish newspaper office that had published cartoons of the Prophet Mohamed that were considered offensive by some Muslims. “Headley later confessed to personally conducting surveillance of the Danish newspaper office,” Joyce said.
So basically, this guy was already going to be arrested for the 2008 Mumbai Terrorist Attacks, but due to surveillance they were able to also charge him for... surveiling. The irony is staggering.
> Regarding the final case, Joyce testified that data collection under Section 215 helped uncover terrorist activity that the FBI had been unable to detect previously. In 2007, the FBI closed an investigation it had launched shortly after Sept. 11, when it could not connect the subject of the investigation to terrorist activity. Years later, under its Section 215-sanctioned metadata collection program, the NSA identified a phone number in San Diego that was in contact with a known terrorist overseas. The NSA’s discovery allowed the FBI to reopen the investigation and disrupt the terrorist activity. Joyce later confirmed that the activity involved providing financial support to a designated terrorist group overseas.
This could not possibly be more vague.
Ostensibly, since the source is the NSA's PR team, these were the best cases the NSA could come up with? This sounds like a strong argument that the money should be better spent on traditional law enforcement.
 [Excel File Warning] https://www1.nyc.gov/assets/nypd/downloads/excel/analysis_an...
It's common knowledge that NSA dragnet surveillance recorded the phone calls and captured the metadata of almost every American for a few years, and probably still is. This, I would argue, we can agree upon without having to present evidence.
If you're going to argue that this violation of human rights was necessary, the burden of proof is on you to prove this extraordinary claim.
Simply trotting out old tired Russophobia doesn't prove that pervasive surveillance has been good for the American people, it just shows your own bias. You're turning a blind eye to the wrongs done by the US government, some of them much worse than pervasive surveillance.
What harm do you claim the NSA did to Americans in that time? Their mandate is foreign surveillance, and while citizens do get caught in their net (especially with foreign contacts), it's not their focus.
I can think of a couple, but they seem relatively limited?
a) Surveillance revealing domestic crimes that were prosecuted through parallel construction.
b) American businesses benefiting from NSA intelligence gathering, through politicians passing along information.
The GP did not say "NSA", but "US government". See for example:
I haven't mentioned my qualms about the NSA up to this point, but since you asked: I object to spending $10.8 billion in 2013. I object to the fact that they have so little oversight, the public had to find out what their funding is from a leak. I object to the fact that this spending resulted in only 4 arrests they will tell us about over a period of years which are all fairly questionable. I object to their continued violation of the constitutional right to privacy of almost every American. I object to them undermining encryption standards which weakens the security of people and companies everywhere.
is a big backtrack from
> There's a strong argument to be made that the US government did more harm to US citizens during the Cold War than the Soviets ever did
Do you have an actual evidence-based opinion, or are you just trying to catch me in weird gotchas? I'm sure I've said something slightly incorrect you can track down, but that doesn't really negate the evidence I've linked.
I wouldn't say nothing. At the very least, they made sure that Russia wasn't planning to fire any nukes at us.
Many of the mkultra experiments are a good example: the US government drove a bunch of US citizens insane for projects which ultimately resulted in no useable weaponry.
My point being: simply waving your hands and saying "the cold war!" isn't a valid defense of US government organizations.
Oh, were you also with the NSA? For how long, and what did you do there? Or is that (let's put it charitably) an "Internet agree"?
Don't tell me it's boring, this should be a sideshow for the media like OJ. Rape trial? Russian meddling? Little guy vs the government? International intrigue?
A truly independent media would be tracking his case to make sure due process is followed, but we all know what media is in the age of corporate conglomeration and oligarchy.
There are people who spew up conspiracy theories on the spot when they have not heard anything, from pure ignorance, yet they speak ill of mainstream media.
It's much easier than knowing what you're talking about.
Though please keep in mind that smile.amazon.com is a marketing stunt. Firstly, it makes people less reluctant to buy increasing Amazon's revenue and secondly, Amazon is donating the money, so they get to pay less tax.
At it's best, it definitely doesn't represent _every_ library copy.
It requires libraries to register their copies with the central database. All of these libraries are different organizations with different software, at varying stages of 'legacy', trying to interoperate with each other, usually without very well-resourced IT teams. Then WorldCat has got to figure out when copies at different libraries are copies of the "same" thing, and what "same" means.
The worldcat database is very useful, but it certainly has data quality problems.
Amazon also says "4 formats and editions": hardcover, paperback, kindle, audiobook. Technically I'd say these are "formats" not "editions" -- the text is the same in each, although you might consider the audiobook a separate "edition" maybe, as it's not text at all, it's a whole different sort of thing. (And the Amazon UI hides it behind a 'more' link, although still just referring to the whole list as "4 formats and editions").
I'd guess Worldcat knows 3 of those 4 -- maybe all except kindle. Worldcat, like Amazon, is not really capable of distinguishing "editions" from "formats".
I'm not sure I'd consider the "3 editions" a "data quality" error exactly, in this case. It does point to some of the complexities of figuring out what's out there in the bibliographic universe, and how to model it in a consistent way that makes sense to users. (What _is_ an edition vs a format anyway?). Amazon gets data and corrections from people trying to sell books there providing some data entry/correction labor for free. And Amazon's website and data are _core_ to their business. As well as from other DBs like ISBN. Worldcat has to try to piece things together from a bunch of disorganized under-funded non-IT-expert nonprofits, who may consider "getting good data to WorldCat" not the highest among competing priorities, along with other DBs like ISBN.
Neither WorldCat nor Amazon are _great_ at determining "what separate editions/formats exist of this thing, and how do they relate to each other" in the general case. Cause it's a hard problem. Amazon does well enough to sell books apparently. They each have strengths and weaknesses. For things published decades before Amazon existed and/or no longer in print, WorldCat will do better in some ways.
(The fact that the API isn't publicly accessible without registration and payment is a major annoyance.)
LibraryThing was sort of another attempt, that sort of still exists.
It's just a really hard thing to do, that takes a lot of resources to do well, and nobody's managed to figure out a funding model.
I don't think "Just create an open access database anyone can edit, like wikipedia but data, and books" will work (and actually, [that's](https://www.wikidata.org/wiki/Wikidata:WikiProject_Books) been tried too), but you can try to start another project if you want.
There are a handful of projects with various business models and degrees of openness of data that have tried or are still trying to do this. For whatever reasons (and we can debate em), they haven't really taken off or been succesful. shrug.
Also there are more than seven copies on order in the Brooklyn library system alone: https://borrow.bklynlibrary.org/r1s/iii/encore/record/C__Rb1...
1. The book is announced, but not yet released (17 Sept).
2. Worldcat tends to lag acquisitions, and whilst extensive, is not fully comprehensive. There are nonlisted collections, and lagged reports.
3. Further acquisitions will be added.
And most importantly: Libraries are highly responsive to patron requests. Ask for the book to be added, and in all likelihood it will be, and you'll be notified when it's in and/or added to the waitlist.
There is a bit of judgment, and that's okay.
Same with the clipper chip. Same with TPM/DRM/ME. Same with Internet centralization.
It's worth asking why the general public keeps trusting authorities and distrusts techies, even those among us with a career in security.
It's funny the tech/security/sysadmin guys complain that their work is appreciated only when things go wrong, but fail to give the same benefit of the doubt for US law and order.
Myron W. Orfield, Jr., Deterrence, Perjury, and the Heater Factor, supra note 13, at 83:
> Respondents, including prosecutors, estimate that police commit perjury between 20% and 50% of the time they testify on Fourth Amendment issues.
It should also be noted that many of these respondents did not consider lying at a suppression hearing perjury, infra text accompanying note 47, which would have the effect of deflating these percentages.
I would also guess that even if he sold enough books to earn out the advance, his take on each incremental book is really small as the publisher took most of the financial risk with the advance itself.
Confirming, it is a Macmillan title. Metropolitan Books is a Macmillan imprint.
In that case, from what I have learned from speaking to a few NYT Best selling authors, he's getting peanuts per sale, though it's very likely he got an advance in the range of $50k.
He won't actually get a cent from sales until his share goes above whatever his advance was.
That... would not be very much for a book that can be expected to generate hundreds of thousands of sales.
One of the NYT best selling authors I spoke to over beers told me at most he can hope to get in the range of $200k in his lifetime for his book that was top of the charts for a significant amount of time, and continues to be very, very famous in it's niche.
i.e. Writing for a publisher sucks.
The publisher generally calculates the advance based on projected sales, and that's often all the money an author will see, though if an advance is "earned out" (sales exceed the projection), the author can earn additional royalty payments based on a percentage of the per-volume sales price. The usually cited figure is 10%, though this may vary.
TL;DR: Snowden is guaranteed the advance, but may earn more.
To my knowledge, no and probably no. I'll inquire.
I'm aware that it's available at Kobo in EPUB format but that includes Adobe DRM.
Sad to hear that it's only available with drm. It's going to show up on torrent sites within days no matter what, so as always honest consumers are the ones that lose.
Assuming Print on Demand w/ amazon. He's not doing that but we'll just assume to keep it easy. And list price of $24
Amazon takes $5 to print
Amazon takes $9.60 royalty
That leaves $9.40 or 40% available.
Of that Macmillan takes their cut to cover editing, covers, advertising, etc.
And what is left is probably $2.40 for each sale.
For Self published folks (going eBooks this time). Assuming you list for $10 and get a 70% royalty from amazon.
You'll earn $7 for each sale.
But, then once you factor in advertising (on amazon which goes to amazon), your earnings for each book drop to maybe a 5-30% royalty range. And that assumes you can sell your book for $10, which most self published cannot.
I have friends who sell $10k worth of eBooks/mo who make $2k/mo. So 80% goes to amazon and 20% goes to them.
There's a reason we have laws around a free speech and a free press-- they make the country stronger, even if they make it harder to govern.
Correct. Snowden is a Whistle-blower. Assange is a journalist, though perhaps not the kind Snowden would have trusted his stolen data with.
He spent 7 years locked in an embassy (to great detriment to his health and was arguably worse then jail), is now in jail, and is facing at least life in prison, if not the death penalty. You really think he did all that just to promote himself and for some attention?
To avoid criminal charges for things unrelated to his political/journalistic exploits. Plenty of people run when faced with possible jail time, e.g., Roman Polanski.
Finding reliable sources with all relevant details is a hassle, so take it with a grain of salt. Nevertheless, I believe at this point that this unrelated affair is more an attempt at character assassination than a real thing. (I do recall that he reportedly didn't used protection, which would qualify him as a major jerk. Legislations seem to disagree on whether this was a crime or not, though.)
He was in the UK, who has an extradition treaty with the US. He was facing charges in Sweden, who also have an extradition treaty with the US.
Why was he afraid of being extradited from Sweden but not the UK? If the US wanted him they could have gone after him while he was still live in the UK.
Why fear going to Sweden? I never understood this argument: am I missing some nuance in international law?
He is being extradited to the US on the charge that he helped Manning break into classified computers. These alleged actions are no longer journalism.
Greenwald and Poitras never faced charges for publishing the documents Snowden leaked / provided. The NY Times did not face charges for leaking the Pentagon Papers that Ellsberg gave them. Assange would not have been charged with leaking documents that others provided—but he is alleged to have taken a step too far.
Valerie Plame would like to have a word with you.
If we keep going down this road we'd end up with No True Scotsman. The reality is "traditional" journalists have done this - Assange is not an outlier in this regard. If we tolerate the "worst" of the traditional (which US society clearly does), then we can't use this as an argument against Assange.
I probably shouldn't have used the word "never", but the fact that the Valieria Plame reveal was such a big deal is basically the exception that proves the rule that it is highly unusual for a journalist to reveal this information.
Assange is certainly an outlier in the number of people who he exposed and the reason for exposing them. He reportedly said on the issue that "they're informants. So, if they get killed, they've got it coming to them. They deserve it."  Maybe you think that is a No True Scotsman argument, but I really can't imagine a well respected journalist showing such a complete lack of concern for human life. A traditional journalist would generally required some reason of tremendous value to justify putting those people's lives at risk. Assange's reasoning instead appears to be "They deserve it."
 - https://en.wikipedia.org/wiki/Afghan_War_documents_leak#Info...
It was a big deal because people wanted to score political points, not because of a breach in standards. The more relevant point is the standing the journalist still had in society - he did not lose his job for it, let alone be prosecuted for it.
The quote you provide is taken out of context - at least from the Wiki page it is not clear if he is referring to the names that were leaked, as opposed to the ones that they ultimately decided to redact. I suspect the latter because it says "initially refused".
> but I really can't imagine a well respected journalist showing such a complete lack of concern for human life.
When you add the "well respected journalist", we really are in No True Scotsman territory. If all you mean to say is "He is a lousy journalist," then we have no disagreements. Without that qualifier, have you thought about extreme views held by existing, famous journalists? How much of an outlier is Assange compared to other "extreme" but established journalists?
- They conducted illegal, and most likely ineffective surveillance. I mean, if they have as huge watchlists as it is claimed, they can't reasonably watch very closely.
- A subcontractor named Snowden, managed to leak a lot of secret stuff. And while it is the most memorable instance, it is not the first serious leak.
- They failed at damage control. The couldn't cover up, discredit, etc... While there is a debate on whether Snowden is a hero or a traitor, no one seem to question the truth of the leaks themselves.
- They couldn't catch Snowden, or found a way to get him to come back home. He is now with the Russians.
Being a believer in the Hanlon's razor, my hypothesis is that the NSA has become a bloated administration. Focused more on their budget and jobs than national security. Massive surveillance is just a way to keep them busy. Snowden's leaks and their aftermath actually tell two things: the extent of surveillance, and incompetence.
This is a key bit. Snowden was able to basically walk immensely sensitive data out the front door, and we may only know about that because he told us.
How much stuff makes the same journey into the hands of intelligence agencies instead of journalists?
1. Removing plausible deniability. "Well we might be deeply involved in domestic surveillance but we certainly don't do it outside the US!". The laws that enabled the NSA to do the surveillance were attributed to accessing data that traveled outside the US.
2. Demonstrating the power and reach for legitimacy/plausibility.
I'm sure I can come up with more than the first 2 minutes it
took to assemble this post.
2. No one was really questioning the plausibility or legitimacy of the documents Snowden released (there was some challenges on the interpretation of those documents) and revealing unconfirmed and unrelated intelligence operations does nothing to confirm the information about the domestic operations that he released.
Your assurances that you know what the NSA (or proxy) would reason is laughable, for example. You have a view that he's a bad actor and it doesn't matter to me, other than it's a trivial thought experiment to justify his actions. GL
Which side of an imaginary line you were born on should not determine your rights. If he leaked documents about operations against Americans, and then also about operations against foreigners, in my mind he did the same thing twice.
If there was another difference, like spilling the location or identity of a person likely to be at risk, please spell that out. I have yet to see an example.
That is what I am talking about as a "perfectly acceptable political opinion", but it is not an opinion that is based off any laws. Almost no mainstream political figure would share that opinion and therefore if that is the basis of Snowden's arguments, it isn't a wonder why he was treated harshly by the mainstream political system. Foreign spying is an accepted aspect of modern life. I totally understand if you think that spying in unethical. But Snowden would have been received much more favorable if he simply focused on the domestic spying operations which are largely unpopular rather than also revealing the foreign operations which are mostly accepted as necessary by the general population.
Snowden’s leaks clearly benefitted adversaries of the NSA:
* domestic global powers such as goog and fb were able to lock down their customer data, which has the downside of shifting unchecked power to those entities
* foreign powers of the us now had confirmed intel on usa’s global intelligence gathering playbook and adjusted accordingly
Additionally, we can perhaps gain insight to any potential upsides or downsides of the proliferation of civil libertarianism that is directly attributable to the actions of Ed Snowden. I do believe personally that the first global superpower (whether the CIA and Google, China, etc) that obtains a way to break all current encryption (and has all of the pcaps) will have a huge upper hand in understanding social effects of this movement of the late 2010’s.
They said the same thing about Chelsea Manning, then in her trial the prosecution finally admitted that they couldn't actually point to any casualties.
Because many of the spying actions were against Americans. Did you not read the leaks?
 - https://www.theguardian.com/world/2014/aug/13/snowden-nsa-sy...
Ok, but many were. Therefore it is a problem.
And spying on Americans is something that many people have a problem with.
people should know about the kind of insane stupidity that they get up to overseas that make the country less safe. or what, do you really think that that kind of stuff is what's keeping the terrorists from doing another 9/11?
It's pretty clear he never wanted to end up there. The US definitely screwed up by leaving him few other options. He's not an agent of Moscow, but he's not a free man either.
Yes, but by design. Other than passing lip service towards transparency. The fact is Obama admin actively sought to silence them. I know this isn’t popular because HN won’t want to hear anything bad about Obama, but it’s a fact.
In the seven years of Obama's presidency, the administration launched a record number of cases against those who revealed what the government wanted kept secret. Under Obama, eight whistleblowers have been prosecuted under the World War I-era Espionage Act, more than under all other presidents combined.
Sources abound; pick your favorite.
Also, people cite the "more than any other administration" argument frequently, especially in media, but rarely think to mention the small sample size. nice work!
However, those 8 people also the qualifier of “combined” where the sum of people charged with espionage until Obama was less than 8 people total, and then he comes in and exceeds that. No one should believe that from 2008-2016 we had some resurgence of traitors to the country. Just people charged as such in most cases for doing the right thing overall.
That said, I think it's amusing when people need to call out "Under president <whomever>'s administration..." as if it makes a point by itself and implies something directly about the president that was named. Let's not pretend here, that's exactly what you were doing. Using this same logic, I hope you blame George W. Bush's administration entirely for the 2008 recession. I want to be clear, I'm not pretending that the sitting president's policy decisions and other influences don't have an effect. But inherited legacy, context, and the surrounding details play a huge role in how these things play out.
First, the people you are talking about (Thomas Drake, Shamai Leibowitz, Chelsea Manning, Donald Sachtleben, Stephen Kim, Jeffrey Sterling, John Kiriakou, Edward Snowden) all have different circumstances surrounding their cases.
Second, they all stepped forward roughly around 2009 and later. Most gathered the information they leaked between 2000 and 2008 working on programs for the CIA and NSA. They all leaked information that wasn't supposed to be leaked. The default in our government is to handle that with punitive measures. If they had stepped forward during any other presidency would the outcome have been the same? Yes.
Third, alluding to some sort of hypocrisy with regards to transparency when talking about intelligence programs initiated by the CIA, FBI, NSA, etc is ironic. Just because an administration wanted to embrace transparency doesn't mean it's fine to free-for-all leak information from those agencies.
What did Thomas Drake leak that wasn't supposed to be leaked?
> If they had stepped forward during any other presidency would the outcome have been the same? Yes.
Kiriakou in fact stepped forward in December 2007. The Justice Department under Bush did not pursue him, and it was explicitly the Justice Department under the Obama administration that did so.
Similarly, Jeffrey Alexander Sterling was in contact with a journalist during the period 2002--2004 (for a book published in January 2006), but his prosecution was also led by the Obama administration.
He leaked information classified as "secret". Additionally he leaked unclassified information of which some of it was classified as "Unclassified—For Official Use Only" which means it is not supposed to be given to the public and is intended for internal or law enforcement use only.
> Kiriakou in fact stepped forward in December 2007. The Justice Department under Bush did not pursue him, and it was explicitly the Justice Department under the Obama administration that did so.
I'm not going to disagree here. For whatever reason, the CIA brought this case back in 2012 and asked for it to be pursued.
>Similarly, Jeffrey Alexander Sterling was in contact with a journalist during the period 2002--2004 (for a book published in January 2006), but his prosecution was also led by the Obama administration.
The Bush administration sent (the journalist) James Risen a subpoena on January 24, 2008. The leak investigation surrounding Sterling didn't come to a culmination until 2010. The investigation started in 2003, under Bush.
Yet all were charged by the Obama Admin, for something people largely agree with and in most scenarios exposed government breaking the laws they themselves set.
As to your argument it doesn’t count because Obama didn’t put the cuffs on them himself - no, it was only Holder and Lynch who did the actual work, who directly reported to and were appointed by Obama himself.
I wonder if you would apply the same “AG autonomy” to decisions Sessions or Barr have made where those don’t reflect or implicate direction from Trump?
The point being, there are often things initiated by past presidents that come to a head within the time the sitting president is in office. How the situations that arise are handled absolutely reflects on the sitting administration. But people who ignore the history and legacy surrounding those situations because it feels good to take a shot at an administration that has a letter after it (be it R or D) that a person doesn't identify with is overly simplistic.
There were a lot of things the Obama administration did that I do not agree with. Specifically, the use of drone strikes, how the ACA was handled (albeit a lot of players were involved), continuing revolving door policies, and more.
Disagreement isn't persecution.
Real talk: we haven't even begun unpacking the ironies here, dude.
EDIT: No, that's not an invitation. This conversation isn't going anywhere useful to anyone, and I have both a meeting, and deadlines. Have a good day.
I point out that truth.
I point out how that further proves the point I and the parent were making.
You get all bias'ed and upset (read: subjective) and try to paint me and the facts as the bad guy.
Don't you recognize the downward spiral of your "logic"?
Thx for taking the time to vindicate the original theory (on NH "inconsistencies").
Let's start there, and we'll our way 'round to logical "downward spirals"...
I wish had a reply for that but I can't even get my head wrapped around the irony and the absurdity.
To be clear, then: I did not downvote your experience. (I'm not even sure what that means. Can you explain?) I downvoted the counterfactual conclusion that you've drawn from your experience, and then crowed condemningly at the community.
After all, the enemy of my enemy is my friend.
I feel you underestimate people's intelligence — assuming that everyone can be played with a simple overture of friendliness.
Oh please, you're the one being ridiculous. I think we all know there's a line between farming for the good of civilization and actively working to push an agenda. C'mon.
It's so disappointing how few people seem to have complex thoughts about our political system/politicians, and it shows in the ever-decreasing quality of those things as time advances. Bandwagons are dangerous, and it seems we only have bandwagons left.
People thought everything else (e.g. the substance of the job) would be on the level of his oratory skills, but it turned out he was just some guy that knew how to get votes.
If he was an agent the Muller investigation would have revealed it. It doesn't say so in the paper that is public, I actually read the whole thing.
You're an agent if you get orders from Kremlin, people's interests align often with different people, hence the world and politics is complicated.