When it comes to damage-reduction, I think the most immediate step going forward that can be done on the side of the private sector is to stop collecting, as much as possible, extensive profiles on people, especially profiles that are, or easily can be, tied to their real identity. For those of us who aren't doing so ourselves, we can pressure companies not to do so, either those we work for, or those we interact with as customers. This can either mean not collecting profiles at all, collecting limited ones only as needed, and/or collecting them tied to pseudonyms rather than making use of real-names mandatory or default.
I realize it can be commercially valuable to have such profiles when it comes to things like targeting ads or financial instruments, but on the whole I think the damage such data can do, if it exists, outweighs that justification. To take a concrete example, the side of the internal Google+ "nymwars" who were against the real-name requirement were right.
Of course, we should also work to keep corporate and government data collection separate. But I fear that will be a longer-term struggle, in which case an avenue to pursue simultaneously is to minimize corporate data-collection.
I think a better approach would be client-side: Something like a browser extension for identity rotation, for one example. I also suspect Tor-for-the-masses has a larger chance of becoming a reality. Presumably, VCs are now wringing their hands over the money to be made in the newfound software industry of identity obfuscation.
I'm sure all of this has the NSA folks whining and moaning, to which I'd have to point out: You made your bed.
It's anyway all a side issue. A tidy personal history and limited data collection provide some flimsy bulwark against petty tyranny. They don't do anything against arbitrary tyranny.
The solution to tyranny is to build robust and open societies and to spread those values. Not open societies in the sense of transparency, open societies in the sense that people are not attacked for who they are or for the choices they make (transparency is often a useful tool, it just isn't in itself any sort of sensible goal).
And I don't mean that simple personal steps are futile, I just think there is a larger picture to consider (and direct energy towards!).
>I think the most immediate step going forward that can be done on the side of the private sector is to stop collecting, as much as possible, extensive profiles on people, especially profiles that are, or easily can be, tied to their real identity.
Google has been making large profits since long before Google+ even existed. There's probably some incremental value in having real-name profiles tied to data, but there's very large incremental harm as well, such that adding such functionality is net-negative for society. A large number of Googlers have made a similar argument, which is why the real-name policy was so controversial; the argument was already pretty strong before the NSA revelations, and is only stronger now.
Facebook is a trickier case. Their business model may simply be incompatible with a non-surveillance society.
If an individual is concerned with privacy they should probably take matters into their own hands and use encryption, cash, bitcoin and other tools to protect their identity and leave as little private information online as possible.
I would be interested to see if Mr. Klein achieved something in his fight against NSA's surveillance program. It was back in 2007 and now we have 2013. Five years gone.
I'd say it's more likely his life is destroyed, I would love to know how he's making a living today.
Either way, he's not the one who was supposed to have "achieved something" in that battle, we were, the people should have reacted. They didn't, and they won't this time either. Sorry but we're just too complacent with all our luxuries and comforts.
The lawsuit he helped inspire is still in the courts, and the EFF is still fighting the governments assertions that such lawsuits cannot be brought because of state secrets
I am still pretty confused about how this community seems to not have known these programs existed. It has been widely reported almost since inception. Not to mention the broad record of previous land line recording programs.
I'm getting tired of seeing comments like this everywhere, which serve little use. Yes, it's been going on for a long time. Yes, many people have been aware of such programs as small bits have been leaked over the years. Yes, many of us have been angry about it for a long time.
The difference this time is not specifically the new information but the fact that it hasn't successfully been buried in the news after a day or two so far and people are in fact getting more upset about it. This is a good thing. If people aren't talking about it, the chance of doing anything about it and expressing mass disapproval is significantly reduced.
Maybe nothing will happen this time either, but a lot of people are angry about it at the same time, and finally talking about it en masse, and I don't see that as anything but a great thing.
Same here. Not only do such comments serve no useful purpose, but they are actually negatively impacting the "cause" to change things, because such comments are basically saying "relax people, this is old news...".
NO! Now is not the time to relax, and it really doesn't matter if it's 1 week old news or 10 year old news. If it's that old, it's much more important to finally have the debate about privacy, which Congress and the nation as a whole mostly skipped over it because of the fear or terrorists.
It's about time that discussion started again, to see if things like the Patriot Act and FISA are first of all, constitutional, and second of all, if all the privacy breaching is worth it to Americans, and only if there is real proof that it works not based on feeling and security theatre.
Having a "public" discussion about security is an almost fruitless endeavor.
It is nearly impossible to have a public discussion about threat assessment and mitigation. If a person has never truly experienced threat, which the vast(99%+) majority of the US public has not, then a persons ability to even identify threat is exponentially reduced. The perceived safety of a persons daily life directly effects the perception of overall threats, which in the context of the US severely jades any discussion towards inherently safe.
I am not an advocate of public surveillance and I am a strongly opinionated in regards to privacy, but my experiences abroad have lead me to resolve this conviction into the reality that is our world, and that world is not the lives we have in the US. The threats to this country are real, are large scale, are extreme, and are discovered every single day.
I know the argument is that we need to talk about this and we need to have review, but this has happened already. It happens all the time. It happens every time a warrant is issued. It was not one person or 5 people or 100 people, but thousands of people that have seen the threat and that have fought the threat with their own hands. These are the people that have time and time again decided that to much information is better than not enough.
I know that people will not agree with this, but I long ago discovered that principles and good intentions do not stop bullets and bombs.
The story has now spanned six days in the news, often as a front page story. New revelations have occurred across that timespan as well, which kept the story alive. And then the leaker revealed himself, giving the story a human face, which the media loves.
Furthermore, the President and Director of National Intelligence have come out and openly admitted to mass dragnet surveillance, while trying to make it seem like not a big deal and simultaneously trying to suggest it's tremendously useful and doesn't do very much. Couple that with some ridiculous statements about a goal of 100% security and people got pretty pissed off by his statement. It has the mark of someone trying to make an embarrassing discovery go away.
There's a huge difference between something considered to be true by a handful of specialized people, and something provably known to be true by the public at large.
I realize it can be commercially valuable to have such profiles when it comes to things like targeting ads or financial instruments, but on the whole I think the damage such data can do, if it exists, outweighs that justification. To take a concrete example, the side of the internal Google+ "nymwars" who were against the real-name requirement were right.
Of course, we should also work to keep corporate and government data collection separate. But I fear that will be a longer-term struggle, in which case an avenue to pursue simultaneously is to minimize corporate data-collection.