Personally I think option 2 is the most likely scenario. Facebook (and Google and most of the other named corporations) have done nothing to lose my trust in them. The only party that at this time, I know is to blame is the NSA/government for conducting a cloaked surveillance operation on the entire US population. Until there is proof, or a reasonable argument, showing that these corporations willingly complies with the NSA and were a part of PRISM, I don't think they have lost any substantial part of my trust.
It's true that Facebook is not the US government, so perhaps we should be less hesitant about the claims they make. However, Facebook does have a history in this area that gives me some pause. Their former CSO was Max Kelly, who is ex-FBI, and would give talks about shit like the need for "uniting" military and commercial "cyber defense." So to the extent that we're dependent on Facebook's internal narrative to determine how they respond to the US government, my sense is that at Facebook, much of that narrative was set by someone who is largely sympathetic to government cooperation.
I think you're correct in pointing out that the NSA is ultimately to blame. However, I think we should acknowledge that while companies like Facebook obviously do not have malicious intent, they are still in the surveillance business. What they are building does have some inherent danger, and will continue to attract the interest of the US government, foreign governments, and attackers.
I'm in the camp that Senator Wyden asked the question in such a way because he knew what the answer was going into the thing.
At this point, you need to start looking at everyone as a suspect. It's an uncomfortable notion, we might not like it, but it's a reality pill ya gotta swallow.
Maybe it's the same thing all presidents learn their first couple of months in office. Maybe it's a memo that gets placed on the desk in the Oval Office by some shadowy figure. Whatever the case, the honeymoon is over, folks.
That's the problem with centralization, with representative democracy. A single point of failure is a bad idea. It's time for participatory/direct democracy.
Put another way, DNI lying != FB|Google|Apple|MSFT|Yahoo lying.
And to me, that's an important distinction: millions versus < 20,000. I might be persuaded that there existed a few thousand cases in those six months where law enforcement had legitimate reasons to get data from Facebook, for the types of criminal activity mentioned in this post from Facebook.
Either FB|Microsoft|Google|Yahoo|etc... are all lying, or Snowden didn't understand what he leaked. I'm betting the later.
The only really interesting revelation here is Facebook's confirmation that the FISA court is bundling approval for multiple users into single warrants. And if we assume that the vast majority of requests are for single users, this is a non-trivial admission. With those numbers, there could easily be a handful of warrants used to grab information on thousands of users.
EDIT: I don't think that "innocent until proven guilty" should only apply to crimes. I think the same concept can and should be used in almost all cases of accusing a party of something.
Of course, even if you can't prove anything, it might be prudent to hedge against the possibilities by assuming everything is actually public, but given the sort of things people post publicly (to four thousand of their closest friends and confidants) on Facebook, that might be a pretty low bar.
The rest of us are watching all the signs for info to help us develop our own strategy in this not-so-theoretical game of prisoner's dilemma.
If FB received a FISA Sec. 702 order for the contents of email@example.com's account, and they disclosed that, that would presumably violate a court order and they would find themselves in contempt of court. For good reason: when there is an actual terrorist investigation (remember the terrorist threat is overhyped and you're more likely to get struck by lighting), you don't want to tip off the bad guys.
But aside from that very narrow non-disclosure exception, there is no threat to "put them on trial."
(I was mainly citing your article to establish the the gag order. First hit for https://duckduckgo.com/?q=facebook+gag+nsa )
If you, the recipient, want to challenge the order as invalid, you're free to do so, and there's an appeal process. I was the first to disclose two weeks ago that Google is fighting two national security orders in two different federal courts (SF and NYC). There have been other similar cases. A facial challenge to FISAA 702 (by Amnesty, not the provider) went all the way to the Supreme Court.
You really need to read the applicable laws. My articles link to them. Otherwise it's like talking about the details of mobile app development without knowing how to program.
(Note I'm not pretending to be a journalist here, just wearing my conspiracy hat today)
Sounds kind of tyrannical to me, but what do I know?
So disobeying a court order is contempt of court, but a judge can't throw you in jail without a hearing for it.
Personally, I won't trust any of these companies until the entire Homeland security dept is dismantled and its component agencies restored to their pre-9/11 statuses.
And although the TSA is not directly part of this spying issue, they need to go away as well. It's all part of the same shadowy cabal and its time for a clean slate.
I'm not against the principles of the FBI and NSA. They do a lot of good work. But there's too much dry brush and weeds cluttering up their mandates and it needs to be burned out.
But contrary to your suspicion, there is no law requiring companies to misreport info to the public. Even AT&T, which illegally opened its network to the NSA, never lied about it, as I showed here earlier this week:
The odds of Facebook handing over your data to a government agency are similar to the odds of dying from a shark attack or lightning...
source : http://well.blogs.nytimes.com/2007/10/31/how-scared-should-w...
I still find these numbers fairly high. If cops need a warrant to get into my home why don't they need one to get into my "facebook home"?
Because there is no such thing as your Facebook home.
If you're associating Facebook with "your home", they have you by the balls. Google is trying desperately to grab your balls too, so that your Google profile is the center of your online persona. They make incremental, subtle changes to push users towards Google+ to achieve this. The latest change happened this week, where you can no longer have a profile picture on Youtube unless it comes from Google+. They actually removed my profile picture, and popped a message up saying I have to go to Google+ to set up the profile picture again. They replaced my avatar with a generic blue pattern that looks like crap. Bastards. I don't want a Google+ profile. I don't like being forced to use social media services just to have a profile picture on Youtube, or just to rate an app on the play store.
Your "home", digital or otherwise, should be under your control, not sold out to a company. IMHO there needs to be new laws designed to protect our "digital homes" from the very tech giants who facilitate them and change the rules at their choosing, absent user preference and input.
Imagine not being able to get into your own house without first logging into Facebook? Or not being able to use the internet without first checking in with Google? Far-fetched? Not really, it's slowly heading that way in baby steps. The needs and wishes of companies and government first, citizen freedoms and user-control and true privacy second or third, or not at all.
They make incremental, subtle changes to push users towards Google+ [...]
It's not like someone goes around with a random number generator deciding whether you'll have horrible things happen to you. They depend on your specific circumstance.
How do yo know that? What if I have friends, relatives or clients in the middle east and I'm known to be unhappy about particular political issues but never swim in shark infested waters?
I don't think it matters that there are 1 billion users worldwide. I think it's fair to assume that a majority of local, state, and federal requests affected US users. That number is more like 165 million . Which means the likelihood you are affected assuming a random distribution of requests and you live in the US is closer to one in a thousand.
And that only accounts for Facebook requests. Consider if you regularly visit 10 websites. That might make the odds much closer to one in a hundred.
Anyone else, world wide, could have their data accessed without any need for special secret orders.
Am I mistaken? I honestly thought that was the case.
That still leaves the possible loophole of having those 2000 orders cover a huge number of people in a manner similar to the Verizon metadata order (which is a FISA order, but isn't a FAA 70* order and isn't counted among the 2000 https://news.ycombinator.com/item?id=5879366 ). But this Facebook disclosure along with earlier statements from Google and others allows us to cautiously rule that out (though we probably don't have the same clarity on the situation of all 9 PRISM firms).
Of course, none of this tells us much about what they're doing (or able to do) using "upstream collection" at the telcos. Or indeed through similar "direct collection" from non-US Web companies running non-US servers, which I'm guessing (IANAL) would probably be outside US law altogether.
Entire books have been written about the legal standards required. It's difficult to summarize here. One short answer is that the Fourth Amendment is not viewed as applying to non-U.S. citizens abroad. Check out the NSA director's 2006 testimony on nsa.gov for more on this.
The COPS do - they are required to get warrants for data requests and those warrants can't be overly broad.
The NSA are not cops, though, and somehow ended up with different rules.
The odds can only be determined by how many requests they rejected. If they approved 100% of the government's requests, then the odds of them handing over data requested by the government are notably higher than lightening or shark bites. All they're waiting for is the request.
Are they false signals? There are non-negligible priors that support his accusation, such as gag orders and a proven and recent history of lies and obfuscation. I personally think the simpler model of Facebook telling the truth holds more weight -- to the point of a conspiracy of this magnitude sounding more than a little silly -- but there will always be a shadow of doubt to some, and not fully without reason.
Or walk the line by conveniently reporting your data for a six month period that doesn't include the NSA request for all user data now and in the future.
>The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand [user data] requests was between 18,000 and 19,000 accounts.
Is a "user data request" a request for data about a specific user? Would the request "give us the names and birthdays of everyone that has searched for 'discontent with government'" constitute a user data request? Or would that be a "search term request"?
I'm not sure I think this is slippery language, but there's definitely room for that interpretation.
The stuff about Snowden doesn't even make any sense. The fact that he's a high school drop-out doesn't matter. Some people who drop out of high school have a lower intelligence, but that doesn't imply the Snowden does. The fact that he worked for the CIA, the NSA, and as a NSA contractor actually implies that he is either intelligent or the CIA/NSA are incompetent. Even if Snowden was of lower intelligence, it would imply that there is less likelihood that the documents are elaborate fakes, and more likely to the be the real deal.
...>this means that a tiny fraction of one percent of our user accounts were the subject of any kind of U.S. state, local, or federal U.S. government request
The only wiggle there is "subject to", and it's not much. So right, they could always be lying, but I don't see much room for interpretation.
More broadly, at some level, we're always going to be dependent on companies to be honest about what they do with our data. Not trusting them is fine, but that's not really a question of transparency or policy; it's just a question of corporate integrity. We should instead focus on what we can concretely hope to control:
- Transparency, which means a) we know exactly what the rules are governing what the government can ask for, b) a detailed accounting of what they actually do ask for, and c) the range of data that can be requested and a precise account of what the standard for requesting the various kinds of data.
- Reform, by which I mean changes to the rules about what can be accessed by whom and under what conditions, with an eye towards individualized requests for specific data, the way wiretaps have been handled (until recently) for a long time. The domestic/foreign distinction should also be removed as part of this point.
- Accountability, by which I mean that companies should never, ever get any form of immunity from law suits. Companies should be liable to their customers about privacy issues, and they should face real consequences if they lie about it. I think this might be the heart of the trust issue.
- Oversight, which is largely colinear with transparency, wherein there is a meaningful adversarial process for balancing the issues of privacy and security, as opposed to the lame, secretive rubber stamping we have now.
- Scale. Last but not least, the relative values of privacy and security are way out of wack, especially given how few people terrorism has really killed and how small of a threat thoughtful analysis reveals it to be (or even the extent to which "terrorism" is a coherent concept). So we just need to raise the bar on what constitutes a reasonable seizure of data.
All of that is stuff you could reasonably pass laws on, so some of the nihilism in this thread is unfortunate. Maybe we'll get all of those reforms, or some of them, or maybe none of them; I don't know. But if those are genuinely our aims as a people, we should see Facebook's release as a real step in the right direction on three of those fronts. If they're lying, of course that sucks, but I'm not sure what we hope to do here besides pushing for more accountability. But in meantime, kudos to Facebook.
That's because everyone has already denied that claim. If you didn't believe them the first thousand times they said they don't do that, why would you believe them if they said it yet again?
The only thing that would work is some kind of widespread ban on the use of gag orders, non-disclosure agreements, and similar legal devices by our government. And for what, so we can trust our own corporations to at least say what is in their own best interest? So then you also have to ban the use of funds to keep them silent. Really, the whole thing is a mess.
Hunted down? In the bay area? As a software engineer? You must be new here.
Of course, it comes as no surprise that when the sensationalized Greenwald claims were walked back we'd hear that it was all a cover-up and the NSA is threatening to throw Zuckerberg in jail and drone strike Snowden, etc. There is literally nothing that could possibly happen that would convince some people that Greenwald was full of shit.
The economics of surveillance have now changed because it comes with reputation effects on US based companies.
Most people don't give a shit about surveillance and half the people that do care think it's great.
This blog post is damage control to avoid getting banned across the world since it's become painfully clear that Facebook is inseparable from the US Government.
Just curios, that's all.
Why aren't people getting fired and prosecuted for lying to the American public?
As a Brit this is the attitude the US is currently projecting.
Of course as a brit I suspect our programs are far more invasive than anything the NSA has cooked up (so far).
..by their own account this is ~50 "intercepts" per day, on facebook alone... that's more than 2 per hour, every hour, for 6 months.
Now throw in all the other ordinary crime local police deal with every day, and I'm completely astonished that Facebook only deals with 50 requests a day.
1. Let's accept that Facebook, Google, Yahoo et al are rapacious profit-oriented corporations who could give a crap about anything but their own self interest. Fine.
2. At this point, given the statements made, in order for there to still be some kind of "back door" direct access to all of their DBs by the NSA, it would involve direct, bald-faced, massive lies to the public about its existence by top management.
3. What would the cost be to these companies be if these were revealed to be massive lies? I'm not talking about the government granting immunity from prosecution, which most commentary seems to focus on. I'm asking, how would customers react?
Answer: Their business would blow up. Revelations of lying at this scale, completely destroying their credibility, would literally threaten the entire existence of their companies. It would be a stupendous business risk to take on.
4. What is the probability that such a massive lie would be revealed? Consider that to facilitate broad access to company datasets there would need to be a bunch of technical staff in on the conspiracy -- and not just at one company. This allegedly involves most of the major Internet companies. A whistleblower at any one of them would blow it for everyone.
So, in order for any one company to participate in the conspiracy, they would need to take a bet-your-company risk that all the other companies would keep a lid on it.
5. Finally, now that we've reviewed the downsides, what's the upside? What would the benefit to these companies be of lying? Some commentary has suggested they obtained privileged information about competitors or foreign attackers (e.g. Google & China). Ok. How does that benefit compare to the risk of nuking billions of dollars in value overnight if your company's credibility with customers is utterly destroyed?
I am all for more public oversight of the secret courts governing these requests for data. The Verizon order is extraordinarily broad, and we can't have much confidence that even the relatively small number of monitored Facebook accounts aren't abuses. But this idea that Facebook, Google etc. are lying to the public about their role just doesn't stand up to scrutiny.
The idea that a company composed if hackers could have not a single whistleblower, no single person that objects so strongly that they must speak up regardless of their personal situation is betting against human nature. Nay, hacker nature.
Freedom ain't looking good nowadays, but this is not the vast conspiracy it may seem.
Also problematic is your theory about motivation. That Mark Zuckerberg and his chief legal officer are compelled to take bet-the-company risks and lie to their shareholders under threat of prison. There is no such law. They are only restricted in how much they can reveal about the requests for info.
2. There certainly are laws that govern classified information and the gathering of it. Leaking US government secrets is against the law, period. Are you arguing that's not the case? Verizon was required to assist the government by law. What makes FB and Google+ exempt from the same rules?
You can dig further and find out I'm not just making stuff up. This really is how they work, frankly.
Facebook gives some good examples of requests that aren't NSA or FISA based, e.g. "a federal marshal tracking a fugitive". Given the appropriate legal paperwork, should it be scary for a federal marshal to request access to a fugitive's facebook data to check things like last login time and IP address, or private messages?
To really decide how "scary" it is, we need to know what proportion of the requests are related to what kind of thing, and of what scope are the requests. Unfortunately, Facebook has still not been permitted to release any of this data.
2.2 million people in prison in the US at the moment.
That's probably about 1.5 million that are "wrongly" incarcerated (extrapolating based on the number of people in prison before the war on drugs began, and what it should be today based on population growth). They're political prisoners.
This graphic nicely sums up the obviousness of that:
Until we're sure that intelligence agencies can't lie at senate hearings, secret courts and laws don't exist, and we're sure the government can't force CEOs to lie, we just can't be sure
And until foreigners get the same right to at least a judge overseeing a warrant we're going to see a move away from US companies no matter where in the world they are.
The government has already shown us how they are fully capable of lying, and even worse - forcing companies under their control to lie.
The sucking sound we're hearing is trust in anything related to five eyes related corporate infrastructure having any integrity at all.
It was very obvious that the companies were told exactly what to say. They might not be lying in a grammatical legal sense if you parse their words, but they were clearly told by someone how to deny everything.
The government can, and does, lie.
The government can NOT force other companies to lie. Nor is the claim that Facebook & others are under the governments control remotely supported by anything resembling evidence.
Would it be legally contrary to shareholder value? I think this is a terrific idea for all of them to do. Zuck and the others appear genuinely upset from Snowden disclosure blowback and are frustrated at reclaiming their user's trust. These may be their best cred ROI. Perhaps someone experienced could organize this. EFF ...itself?(?!)
To decrease the mistrust.
Facebook hasn't been fully trustworthy for a long time, if ever. That's normal - I don't think any company really is.
Why is this surprising to anyone? I mean, bloody hell, anyone who's watched Law & Order should know that there are lawful procedures for these things.
Of course the public didn't find out what was going on in Auschwitz until the end of the war.
Go have a look at your friends list, see how many accounts are inactive but still listed. Most people I've done this come in around the 10-15% of contacts in that inactive state.
Mine has been growing slowly with most people not reactivating accounts. It started out around 5% a year or so ago, and was headed upto towards 15% before I just deleted a bunch of them and screwed my metrics.
Doing that should give you a metric you can start to track yourself without taking anyone else's word for it.
An interesting this I've noticed is with married couples, the less socially motivated of the pair will usually close there account and get there partner to do all the leg work for them. Generally its the husband that closes the account, but sometimes, in the case of my mother, its sometimes the wife that closes.
My mother did something novel I thought for handling family photos. She has started uploading them into a shared drop box account. I literally get notifications while I'm sitting at work that new photos have been sync'ed. I'm quite enjoying that form of photo sharing ATM.
Do you think there is a link between people "trusting" Facebook (whatever that would mean) and people not closing their accounts?
Nice try, Facebook. Key words, in the past six months. The NSA could've requested a continuously updated copy of all user data more than six months ago.
If I were more trusting, I suppose I would see this as a nice evolution toward a more transparent state of affairs. But it's uncharacteristic of these agencies and the state of affairs that has been going on.
I find it hard to believe they would move so quickly to pull back some of the secrecy they've imposed if they weren't expecting a great deal of scrutiny for what we've yet to learn.
You can also look at it as they would like a chance to correct bad impressions given by inaccurate or incorrect reporting (we can't really judge this yet).
>The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.
Is global? As in, 19,000 accounts in total across the globe over the past six months? The description of the requests is "all U.S. national security-related requests (including FISA as well as National Security Letters)." Or is this just the number of persons 51% likely to be a US citizen?
International government agency requests, which I assume they also comply with in certain situations, would be not included.
"From January 2003 to January 2005, Ullyot worked in the White House as associate counsel and as a deputy assistant to President George W. Bush. He then served as chief of staff to U.S. Attorney General Alberto R. Gonzales."
Strap these organizations down and cut them the fuck open with no regard for their wellbeing. If the procedure kills them, then so be it.
There is a threshold past which live dissection (https://en.wikipedia.org/wiki/Stasi#Recovery_of_the_Stasi_fi...) is the only way that trust can be restored. I assert we have run across that threshold. And before anyone whines about it; no, we are not as bad as the Stasi yet. The Stasi do not represent the position of the threshold, they were miles past it.
Going after Facebook would probably be unnecessary after we were through with the accused government organizations. At that point Facebook's innocence would either be clear, or it would be clear that Facebook was a victim in this. If we found reason to believe both of these were not true, then we could pursue them as well.
Honestly though - I don't know. It's why I asked.
Possibly they can't, because how do you prove you're not lying other than saying you're not lying? It's not like there's some sort of an unshakable, absolute truth hardware log that details every single data access.
There is something called "evidence" used exctly at those circunstances.
Of course, I have no idea what kind of evidence those companies or the US government have, they are not telling anybody. And that is evidence that they are lying.
There is,however, a readily confirmable and some what plausible alternative: Facebook's numbers are low because no one the NSA is interested in (e.g. AQ, China, Wikileaks, maybe even Occupy) uses Facebook heavily.
If Google and Microsoft aren't allowed to release numbers, than we should actually be concerned about this possibility.
As worthy as these cases might be... this is not a national security issue. This kind of case should never use any law regarding national security. This is a regular police investigation, and as such, should require a regular old subpoena or warrant.
God Damnit! When did we start using the total number of violations of the fourth amendment as the yardstick by which we measure it's importance or relevance to a reasonable expectation of privacy? "Hey, hey, hey... we ONLY violated 'x' number of people's rights. Not the 'x' times 'y' you are accusing us of doing, therefore..."
Putting that aside for just a moment, their response lumps in and equivocates the well-intentioned, and IMHO well-justified, search for a missing child with fourth amendment violations of millions of American's under the guise of national security and terrorism.
They still don't get it. The government still doesn't get it. Feigning outrage is not a good transparency policy.
I've never once considered myself a Libertarian. It's never so much as crossed my mind. I'm not even an excitable or rash person. But the recent exposure of the breadth and scope of the shielded activities of the NSA has caused me to give a long, hard, well-reasoned review of how I vote.
Apparently, it was an agreement based on negotiating between the companies in question and the US Government. It makes me sick to my stomach that in spite of the relative uselessness of the exact count of requests, that the Government is just as interested in presenting a positive spin as they are claiming that the acknowledging the mere existence of the requests presents a risk to national security.
It's common for 3 letter agencies to set up a corporation to handle their dirty work. I wonder if a front organization would be considered a government entity?
The thing that worries me most about all this collection is that the NSA probably never deletes any of its data (as evidenced by their massive storage facilities being built), so eventually they can build up quite a large store of complete data on people if they just keep collecting from various sources gradually over time.
None of this is relevant though. These are legal requests. The issue that people should remain focused on is whether or not the NSA has illegal, ongoing, unfettered access to wholesale data under PRISM or other programmes.
>we can now include in a transparency report all U.S. national security-related requests (including FISA as well as National Security Letters) – which until now no company has been permitted to do.
So, this is a change, albeit still a limited one.
19k over 6 months is still quite a large number, I think.
Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask
Zuck: I have over 4,000 emails, pictures, addresses, SNS
Friend: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb fucks
This doesn't mean I support him or Facebook; I certainly don't.
He's 29 now. Think about that for a second.
Even if the program has been used "judiciously" by the government to this point (if such a case can be made), it is ripe for abuse. Our protection should come by the law itself, not by the judgment and whim of the Executive (i.e. those executing the law).
Otherwise, we are not much different than a monarchy, hoping for a just king or queen.
"PRISM: Here's how the NSA wiretapped the Internet"
It's a very convoluted and speculative article, but I wonder how much of it is realistic.
It's nice that Facebook is pushing for a little more transparency, but they could be telling the absolute truth here and the NSA could still be getting all the data.
> I want to respond personally to the outrageous press reports about
> PRISM. ...
So ... why do they need to hide a request for something as 'innocent' as this?