Hacker News new | past | comments | ask | show | jobs | submit login
FBI misused surveillance data, spied on its own, FISA ruling finds (arstechnica.com)
231 points by headalgorithm 12 days ago | hide | past | web | favorite | 33 comments





I feel like the real problem is the technology not the law. The technology is kept by the intelligence agencies who then ask the courts to give them permission to use their own systems.

Here's my fix: put the systems under the control of the Judicial branch. This way, Intelligence is not asking for permission, they are asking for access. The tech who does the search is going to answer to the branch of government that cares about the law rather than the branch of government that has the conflicts which create the rush to misuse the systems.


> I feel like the real problem is the technology not the law.

In the end you don't propose changing the tech at all only the procedure for getting the data (the law). It's not a bad idea to be honest.

In my opinion the problem is the mass surveillance of Americans in the first place. End that, and suddenly they can't look into their co-worker's lives or stalk women. They'd only have foreign intelligence information available. You'd also get the benefit of government upholding the people's constitutional rights for a change.


>I feel like the real problem is the technology not the law.

I feel like the real problem is the technology, the law, and the (lack of) enforcement of the law. Every one of these violations should have resulted in a criminal prosecution for a variety of criminal offenses against the government agents who illegally used these databases. Every American who was the subject of one of these illegal searches had their Constitutional rights violated. Neglecting to prosecute government agents who clearly and deliberately violate the law and the Constitution makes a mockery of our entire system of "justice".


That only solves part of the problem -- there's still the issue of agents with access to the system using it to look up ex lovers and such.

That part can be solved with technology by requiring multiple approvals for access to data so no one agent can't look up his girlfriend (or be bribed to look up information by a private investigator) unless he can convince his supervisor (or an audit department) that person is related to some active investigation.


I actually like this idea a lot. So the application to get information gets a reply in the form of "no" or the information that was requested, and the requesters can't unilaterally get the info even if they want to.

It's not a perfect solution, but it's the right kind of bureaucratic quagmire to actually make a difference.


This on it's face seems great, but worth extrapolating the unintended consequences of this and how it would end up changing the judicial branch once politicians and 3 letter agencies decide to game it however they can.

I like this idea.

The snowden leaks revealed this years ago. He said the NSA/CIA and anyone else with access to the tools was routinely using them to spy on people they knew (lovers, family, friends etc.) and some of them would use the tools to look for sexting images or nude images in email. Then they would show them to other staff as a sort of game.

The reality is if you want to keep your privacy you need to use end-to-end encryption on your devices and make sure your devices don't have malware on it. All big tech or major corporation will just comply with requests for data from any alphabet agency which is why you need to use end-to-end encryption on everything.


Why do you think Google renamed itself "Alphabet"?

Truth may be stranger than fiction in this regard ...

Just ten thousands violations, you know just regular old mistakes on a massive scale. No mention of anyone getting fired.

The people at the top didn't do anything, they just wrote up a process.

The people at the bottom aren't responsible for anything, they were just following their process


To be fair, with this type of technology you could rack up ten thousand violations in a matter of hours.

Surprising absolutely nobody.

They look at full email bodies. For many years, they treated email older than 180 days as "Abandonded". They could collect and read these full emails (not just metadata) because they weren't private data but "abandoned". Every sends emails and they stay in their Sent Items for 180+ days, so that means every email everyone sent.

This was true for many years, until recently that was disallowed.

There are a ton of exceptions where they can see your full data. They just use an exception, like the abandonded email exception.


I doubt they've changed that much from their days in Room 641A copying literally every bit that passed over AT&T's network. They could take the contents of everything that isn't encrypted going over the wire in real time then and I don't expect they've backed off since.

I'm surprised the FISA court objected, given their rubber-stamp nature.

The conspiracist in me thinks it is a PR move to tell the public, don't worry about your privacy, we can/will/do police ourselves.

One can also gain credibility by admitting to a lesser crime, then one is viewed as compliant and honest, when the lesser charge masks large wrong doing. Classic Sun Tzu.

The intelligence community calls this a "limited hangout".

https://en.wikipedia.org/wiki/Limited_hangout


These are coming out now because the DOJ OIG was asked to look into FISA abuse back in late 2017 or early 2018. There's now a report circulating for comment in the FBI and other agencies.

Rumour is that it will be released next week.


> given their rubber-stamp nature.

How do you know this? My understanding is that the agencies will try not to submit anything to the FISA court that they know will be rejected as it would be a wasteful use of time and money.


If it was public I highly doubt there would be such efficiency.

If I was a judge on the panel and I knew there will be little to no public scrutiny, and even when there is scrutiny like the article it zero details are given and no punishments, I wouldn't try nearly as hard to protect people's rights above everything.

Especially if the only people arguing for it is the government, there's no one defending the people except the judges themselves. All day long they live in a security bubble listening the most paranoid people in the country.

It's just too convenient of an excuse to say that they are simply getting it right every time so nothing to see here.

Secret courts are never an adequate solution IMO.


https://en.wikipedia.org/wiki/United_States_Foreign_Intellig...

> Over the entire 33-year period, the FISA court granted 33,942 warrants, with only 12 denials – a rejection rate of 0.03 percent of the total requests.

I really tend to doubt the agencies are that good at threading the needle.

(It's also a unique court, in that there's no opposing side. Just the government asking. I'd be much more comfortable with a setup where a group like the ACLU is permitted to object, while still being subject to security clearance and non-disclosure requirements.)


The rate is misleading since there's a back and forth with the judge before final submission.

eg the judge will look it over and says that there's no specific crime listed like the law requires, two weeks later there are money laundering allegations also listed, the judge approves it without asking where the new allegations came from.


The same article states:

> Fewer than 200 requests had to be modified before being accepted, almost all of them in 2003 and 2004.


> In June 2013, a copy of a top-secret warrant, issued by the court on April 25, 2013, was leaked to London's The Guardian newspaper by NSA contractor Edward Snowden. That warrant orders Verizon Business Network Services to provide a daily feed to the NSA containing "telephony metadata" – comprehensive call detail records, including location data – about all calls in its system, including those that occur "wholly within the United States, including local telephone calls".

This doesn’t answer my question. The question pertains to the FISA court’s rubber stamp nature.

This answers your question because it's a request that should have been rejected by the explicit rules upon which the FISA court ostensibly operates. The FISA court approved it even though any fair minded person could tell that dragnet surveillance wholly within the United States is not within what the courts are only supposed to approve: specific communications between specific individuals of which at least one is outside of the United States.

EO12333 effectively suspends the fourth amendment for people subject to background investigations. FBI is just following this guidance.

https://www.cia.gov/about-cia/eo12333.html


The thought police will be indefinitely detaining its own citizens soon, it they're not already.

They won't detain you unless they have a reason to go after you. If you try to work for NSA/CIA or similar agency then they will probably ask what you meant by x statement on your facebook etc.

>They won't detain you unless they have a reason to go after you.

Anyone can give a reason for anything.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: