It was such a long time ago, but one thing that clearly differentiates our efforts in those days vs. what's been reported in the news in the past few days is the issue of transparency.
The day we shipped the "differential workfactor" implementation in Notes, I keynoted the RSA Conference and gave a speech laying out what we did and why. Charlie Kaufman, a great cryptographer who worked for me, also distributed a paper he wrote with the technical details. You can find my speech and his paper buried in here if you're interested. (search for "lotus.notes")
And if you're really motivated to understand what it was like during the Crypto Wars, go read Steven Levy's book "Crypto".
Back to the present - it pains me to see such a lack of transparency in how our elected officials are running our government. Of course, the common man knows it's common sense that there's an inherent need for secrecy in conducting small scale covert operations. We do get it.
However, it's also common sense that it's inevitable that any complex large-scale long-term operation will ultimately come to light. And so it's just common sense that any such broad-based operations that might be perceived as impacting our constitutional rights should be the subject of broad public debate. No, not when they're being prototyped or tested or used in small scale settings - but definitely somewhere on the path from "tactical use" to "broad strategic dependence".
These are not small issues, nor need they be at all partisan. Wyden, Paul, and others are trying. Theses issues are fundamental to defining the relationship between us citizens and our government in the decades ahead.
In particular, in this world where "SaaS" and "software eats everything" and "cloud computing" and "big data" are inevitable and already pervasive, it pains me to see how 3rd Party Doctrine may now already be being leveraged to effectively gut the intent of U.S. citizens' Fourth Amendment rights. Don't we need a common-sense refresh to the wording of our laws and potentially our constitution as it pertains to how we now rely upon 3rd parties? It makes zero sense in a "services age" where granting third parties limited rights to our private information is so basic and fundamental to how we think, work, conduct and enjoy life.
For example, did you really intend to yield your 4th amendment rights when you granted a 3rd party access to your files as a part of Mac Software Update, Windows Update, Virus Scanners, etc., or when you started using a service-tethered smartphone?
Anyway, unlike 'web tracking' issues which seem to be broadly ignored because of our love for ad-supported services, I hope we all (especially the young readers of reddit, hackernews, etc) wake up to the fact that these privacy and transparency issues are REAL, and that they truly will impact you and the country you live in, and that even if you don't consider yourself an activist you really should get informed and form an opinion. Again, this is a non-partisan issue, and let's all work to ensure that it stays this way.
Two great organizations where you can learn are EPIC and EFF. (Disclosure: I am on the board of EPIC.) Take it in, and think. Your contributions are needed and would of course be quite welcome.
I'm probably on the hairy edge of the "young readers" you've mentioned. I'm 27. My present view on the recent NSA leaks is a distinct lack of outrage, but watching this huge response I can't help but feel the whoosh as something big flies straight over my head.
I've agreed to use technology which by its very nature monitors my activity in all kinds of ways. As a software engineer who does a lot of web work and dabbles in cell-enabled embedded systems, I understand and I'm fully aware of most of the ways I'm being monitored. Maybe I'm naïve to think of the recent data sharing between corporations and government as a non-issue, but if this is such a big deal wasn't I just as naïve by allowing these corporations to collect this information in the first place?
This isn't the Clipper Chip or key escrow. This isn't the government grappling for an ear into conversations which nobody except Alice and Bob are intended to transceive. You could argue that were I Bob, Alice is the phone company, but I have no freaking clue who "the phone company" really is. To me it's just a faceless entity who I've allowed to collect data about me. I'm finding it hard to become angry over one faceless entity sharing said data with another faceless entity. And frankly, I have no clue if I've already agreed for this to happen because I don't really care. I expect them to share a ridiculous amount of information about me without abandon. I'd be far more upset if they were sharing content of actual conversations, but metadata feels firmly within the realm of what I expect to be slung around willy-nilly.
I agree that this reasoning is wholly a "death by a thousand cuts" brought on by more and more invasive technologies. As an anecdote, many Facebook early adopters will remember the outrage over the news feed when it was first launched. Now can you imagine the outrage that would ensue if Facebook were to take it away? We're pretty much begging for invasive technology in our lives. How do you propose to correct that? How do we get millions of people to "vote with their feet" against useful-but-invasive technologies?
A non-authoritarian government is an historical anomaly. It's a ball balanced on top of a hill, pushed there by the deaths of millions, and kept there by the vigilance of those who care.
Please start caring.
I care. If I didn't, I wouldn't have posted what I did.
But let me clarify. What I meant by the above is that by the recent leaks I feel like I've been photographed in a public place rather than in my bathroom. Further, I feel like I've given some degree of implied consent, or if I haven't, I would in order to keep using the technology that we all so enjoy. I offer these feelings as an anecdote to say that I think most people in my generation feel the same way.
As an aside, my feelings are similar but ultimately different from the "you don't have to worry if you have nothing to hide" argument. It's more "you don't have to worry about it if you've decided not to" with absolutely zero connotation as to what you as an individual should choose to do.
I do agree that this won't work for everybody. My grandmother probably doesn't know that cell base stations can, and do, log connections and RSSIs, making it easy for a cell phone company to know where you are whenever your phone's radio is reaching out in the most basic way. I don't think she has the information to make the kind of implied consent that I have. That definitely angers me.
You mention history. I don't think it's too much of a stretch to argue that government's ability to collect these data about us is actually preventing the kind of paranoia that brought about McCarthyism or Japanese internment. I'd imagine people in government today view these as horrible, crude, blunt instruments which mitigated tiny amounts of threat at huge irreparable cost. If we're going to have the paranoia, I'd rather they use surgeons tools and look before they leap.
That segues into my real concern. Paranoia. All of the activity discussed in these recent leaks stem from the same kind of paranoia that brought about the incredibly dark periods in our history which I mentioned above. How did we stop it those times? I think the answer is that we didn't. So how do we stop it now?
I care. I want to do something, but I love my country and I don't think paranoia can be battled with further paranoia or outrage. Sadly, I don't know the tools with which to fight.
In other words, don't be so harsh on someone who doesn't think their individual vigilance is going to change the world. It is sufficient, morally speaking, to support a group who does your "caring" for you. Representative caring, you might call it.
If you want to suggest someone towards an activity, suggest the help a group that they believe in. But that draws the question, "What if there aren't any groups I believe in?" What do those truly in the minority do? Nothing is the answer to that question, because individuals mean nothing, and it leads to the following statement:
If you don't believe the same things a sufficiently large group of other people do, then your voice and your opinions don't effectively matter. How can you blame such a person for "not caring"?
I disagree very strongly that my position is apathetic. I'm conscious and alert to what's going on around me and my opinions are well-formed. Choosing not to be outraged isn't the same as apathy.
Question that. The key to Andy Groves success.
"I try to have well-formed opinions and to be conscious and alert to what's going on around me."
I doubt that having twitter would have helped. The public knew and there was significant support for it.
Interesting related aspect of that dark point in history: "The United States Census Bureau assisted the internment efforts by providing confidential neighborhood information on Japanese Americans. The Bureau's role was denied for decades, but was finally proven in 2007."
"Nothing to hide" indeed...
Tell that to those 3 women in Cleveland who were kept against their will for years & years...
This wasn't some uncommon special event either. It was part and parcel of doing an international flight as a kid.
Granted this plane wasn't bound for the US, but still I was very happy about that; the kid was happy.
People who don't read extensively are much more susceptible to accepting their current reality, no matter how bad it may have become in even a single generation, because they have no frame of reference that extends beyond their own limited observations.
A similar analogy is Paul Graham's "Blub Paradox"  - programmers who program with "Blub", at low end of the language power scale, can't recognize more powerful languages up the scale b/c they have no frame of reference for identifying and understanding the features that make them better.
In both cases, it's all about realizing how limited and narrow your default frame of reference is, and expanding it by broad learning - spanning long time periods, or spanning the programming language scale, as the case may be.
If you need to make it a "real issue", well, honestly, you lack a sufficiently cruel and malicious imagination--it should be self-evident that any sort of monitoring and data-mining (.gov or not) is very dangerous, and something which you should think very carefully about opting into.
We need to make this an issue for everyone, not merely millenials. Unfortunately, that doesn't seem like it's going to happen until there are more casualties in the privacy wars.
| young people seem not to think twice about
| yielding up their personal information
Most of us will skate through our entire lives and never need to care about this. The problem is, some small minority of us will need to care, indeed, it will be of life and death importance. Through your innocent lack of caring, you are enabling the persecution of the small subset of people who this will actually impact. Many of those people will be innocent, incidental bystanders who just happen to get caught up by the system. But some those people will be crucially important figures - the Assanges, the Nelson Mandela's, and so on. People who actually change history.
So my question to you is, how do we convince you, as a prototypical "young person", to care about something that has no immediate impact on you but might be crucially important to you or someone other than you many years from now? Do you have the capacity to do that at all? How do we invoke it?
So an email suggesting something illegal with a reply agreeing can get you prosecuted and jailed. We all know how hard it is to understand tone from emails so even if you were joking you would have a hard time proving that in court. And if you weren't joking in the email but just imagining what might happen that can still be a prosecutable crime.
Some future event causes a dramatically change in your email `float meta_traffic_index' to trip a conditional threshold branching onto to why236(). If why236() conditionals returns indices within patterns statistically outlying, upgrades the colored code, larger font size label, and bar code, on your now growing hardcopy docket. Utah 24/7, dwells on your next expectation and every other why236() ORANGE profiles.
I'm slightly older and a little paranoid - to the point I'm scared of even activating something like a Windows account on Windows 8 - because I'm not even aware what data will be exported from my computer.
So to a lot of people they trade privacy for convenience. Everybody else is doing it, so why not me?
I truly believe that our population were always under surveillance (either covertly or overtly), it just that in todays' technological landscape, the folks doing the surveying are easier to be caught out.
I'd like to think people maintained their vitriol through a distracting spate of new shiny toy releases, but unfortunately I've seen this happen over and over again.
By Monday people will probably be claiming that HN isn't the place for political discussion and we should all just click-off back to Reddit.
What needs to be effected is not the abolishing of government agencies. What needs to be effected is an administration that is clear and transparent with its actions, not necessarily the implementation of said actions.
And yes, education is a must. The EFF and EPIC are both organizations working to change the apathy perpetuated by the mass media.
Is it, though? Is it unlikely that some projects that a government undertakes could remain hidden indefinitely, or at least until after the collapse of said government?
Back in the day you had to somehow take pictures of documents you wanted copied, do it in a way that didn't draw suspicion, you were limited to what you could physically examine (and carry), and pretty much everything was huge compared to miniturized technology of today.
And after all, think back to who provided the intel to Greenwald and the WaPo again? The vast majority of government employees, even in agencies like NSA and FBI, feel that they are acting in the public interest (or at least, not against the public interest).
It's not as if there's a University of Illuminati and Zionists for the government to hire conspirators out of.
So I think Ray Ozzie is right on point, with that part among his other points.
I guess we can imagine a new world where up is down and white is black, but in the current world, the government is just a bureaucracy filled with bureaucrats trying to get promoted for coming up with crazy ideas. Disappearing random people is not high on anyone's agenda, I don't think.
An example of coverage, very similar to what we read now:
It seems reasonable that NSAKEY wasn't an NSA backdoor meant allow them to secretly install compromised crypto libraries on your machine.
It is not in Russian. It's in Belarussian.
This is, at best, an odd machine translation.
- reduces the prominence of low quality content
- encourages posters to avoid posting low quality content
And if you are working with online business, as i guess for you being here, i highly recommend you read at least some introduction on PGP.
>but nobody uses the bad guys' name for themselves on purpose.
Why not, I've heard of software teams naming themselves Cobra from GI Joe.
More like the guy charged with implementing it had a sense of hunour / clear perspective.
Getting the private key is as easy as having a smart person inside the company that works for both the company and the gov.
Then you just have to sit on a router and read the traffic. Relatively simple for a gov agency.
There are 2 ways to be safe:
1) You do not use any technology.
2) You are honest in everything you do.
The second one is probably the easiest.
Like, based on the events of the past week, I think we can all agree that whatever you're paranoid about right now, they've already far exceeded and overstepped your pedestrian low-ball estimates for what might be excessive, and in reality it already happened a decade ago, so you're just worrying about spilled milk.
I mean Jesus, you kids act like the government has been slowly and monotonically eroding privacy rights since 1789. :)
Go read about the Church Committee
Go read about HUAC.
Go read about when we locked up the Nisei.
And I'm not saying any of this to justify anything that's happening today. What I am saying is that IT'S BEEN MUCH WORSE BEFORE, and we STILL FIXED IT ANYWAYS.
This isn't a ratchet-and-pawl fixture. Don't like something in the government? Go fix it! But stop acting like it's already been set in stone, or that everyone in government is the enemy of the people advancing some Illuminati conspiracy. By and large they're trying to do the right thing for the nation, who have interests far beyond what Greenwald or Michael Moore or Glenn Beck or Rush Limbaugh feels is important on any given day.
Even Ray Ozzie mentioned in the other thread that there are actual reasons a small-scale covert project would need to be secret to be effective, try getting some of the other hacktivists here on HN to admit even that. They can't, because they are blinded by their rage. My thought is that having some modicum of historical background on actual oppression can help with controlling emotion and enabling logical thinking.
Most secrets are tactical secrets like the plan to attack pearl harbor. They require short term secrecy and the utility of that secrecy declines quickly with time. The period of time is short enough that even if it is leaked the window of risk is small (US learned about Pearl Harbor but by the time Pearl Harbor got the news it was too late).
Tactical secrecy has a high utility and a low social cost because the secrets aren't keep long. Strategic secrecy has a low utility since most plans that require it are bad plans and it has a high social cost in terms of stifling debates about policy.
Almost no one complains about tactical secrecy, all these complaints are about strategic secrecy.